Gray Advice

By: Keith Porcaro Debates over economic protectionism or the technology flavor-of-the-month obscure a simple, urgent truth: people are going online to find help that they cannot get from legal and health professionals. They are being let down, by products with festering trust and quality issues, by regulators slow to apply consumer protection standards to harmful offerings, and by professionals loath to acknowledge changes to how help is delivered. The status quo cannot continue. Waves of capital and code are empowering ever more organizations to build digital products that blur the line between self-help and professional advice. For good or ill, “gray advice” is changing how ordinary people get help with legal issues and healthcare issues, and even how they perceive professionals. This Article begins the work of articulating what makes a high-quality digital advice product, and how regulators and professionals can engage with the reality of how people seek and find help today. Download Full Article (PDF) Cite: 25 Duke L. & Tech. Rev. 48

The Lack of Responsibility of Higher Education Institutions in Addressing Phishing Emails and Data Breaches

By: Muxuan (Muriel) Wang Higher education institutions (HEIs) are highly susceptible to cyberattacks, particularly those facilitated through phishing, due to the substantial volume of confidential student and staff data and valuable research information they hold. Despite federal legislations focusing on bolstering cybersecurity for critical institutions handling medical and financial data, HEIs have not received similar attention. This Note examines the minimal obligations imposed on HEIs by existing federal and state statutes concerning data breaches, the absence of requirements for HEIs to educate employees and students about phishing attacks, and potential strategies to improve student protection against data breaches. Download Full Article (PDF) Cite: 23 Duke L. & Tech. Rev. 35

Next-Generation Data Governance

By: Kimberly A. Houser & John W. Bagby The proliferation of sensors, electronic payments, click-stream data, location-tracking, biometric feeds, and smart home devices, creates an incredibly profitable market for both personal and non-personal data. It is also leading to an amplification of harm to those from or about whom the data is collected. Because federal law provides inadequate protection for data subjects, there are growing calls for organizations to implement data governance solutions. Unfortunately, in the U.S., the concept of data governance has not progressed beyond the management and monetization of data. Many organizations operate under an outdated paradigm which fails to consider the impact of data use on data subjects due to the proliferation of third-party service providers hawking their “check-the-box” data governance systems. As a result, American companies suffer from a lack of trust and are hindered in their international operations due to the higher data protection requirements of foreign regulators. After discussing the pitfalls of the traditional view of data governance and the limitations of suggested models, we propose a set of ten principles based on the Medical Code of Ethics. This framework, first encompassed in the Hippocratic Oath, has been evolving for over one thousand years

Professor Brandon Garrett on Exposing the Flaws in Forensics

By Brendan Clemente This past March, Duke Law’s Professor Brandon Garrett released his newest book, Autopsy of a Crime Lab: Exposing the Flaws in Forensics. Professor Garrett founded the Wilson Center for Science and Justice and studies the use of forensic evidence in criminal cases. Brendan Clemente, Duke Law & Technology Review’s (DLTR) Managing Editor, sat down with Professor Garrett to discuss the book. Thank you for joining DLTR to discuss your new book, Autopsy of a Crime Lab: Exposing the Flaws in Forensics. What made you want to delve into this topic in this book? My introduction to forensics came after law school. I took evidence in law school, for which I am glad now that I am now teaching it. We did not cover expert evidence. I did not take law and science classes, and I went to law school having turned away from math and science, like most of us lawyers do. When I was in practice, I worked at a civil rights firm where there were two types of cases one could gravitate toward: police brutality cases and wrongful conviction cases. I told the partners I wanted to work on the police brutality cases. The wrongful

Regulating Data as Property: A New Construct for Moving Forward

By: Jeffrey Ritter and Anna Mayer The global community urgently needs precise, clear rules that define ownership of data and express the attendant rights to license, transfer, use, modify, and destroy digital information assets. In response, this article proposes a new approach for regulating data as an entirely new class of property. Recently, European and Asian public officials and industries have called for data ownership principles to be developed, above and beyond current privacy and data protection laws. In addition, official policy guidances and legal proposals have been published that offer to accelerate realization of a property rights structure for digital information. But how can ownership of digital information be achieved? How can those rights be transferred and enforced? Those calls for data ownership emphasize the impact of ownership on the automotive industry and the vast quantities of operational data which smart automobiles and self-driving vehicles will produce. We looked at how, if at all, the issue was being considered in consumer-facing statements addressing the data being collected by their vehicles. To formulate our proposal, we also considered continued advances in scientific research, quantum mechanics, and quantum computing which confirm that information in any digital or electronic medium is, and