Notre Dame Law School
William J. and Dorothy K. O'Neill Professor of Law
In December 2013, a judge in a narcotics case issued a warrant for the content in emails stored on Microsoft servers. The company complied when it came to data stored on servers in the U.S., but moved to withhold information stored on a server in Ireland, believing the warrant did not apply outside U.S. borders. The motion was initially denied, a decision later reversed by the U.S. Court of Appeals for the Second Circuit.
In an increasingly connected world with rapidly changing technology, cases like Microsoft v. United States underscore the complex questions that abound in the field of cyber law. These are questions that change seemingly by the month, as our interactions with the government, businesses and each other are placed in new contexts as the landscape of communications and geopolitics shifts.
Keeping pace with these shifts and providing the intellectual and legal understanding to deal with them are scholars like Patricia Bellia, the William J. and Dorothy K. O’Neill Professor of Law. While it may seem like the questions raised by these cases are fundamentally new, Bellia notes that in some cyber law cases — Microsoft may be one such example — the legal underpinnings are not unique, even while the circumstances may be.
“Even though the law changes very rapidly, you’re always asking the same question,” Bellia said. “The relationship between geography and sovereignty — that legal question is always going to exist, no matter how big the scale of (technological) change.”
That scale of change and cases like Microsoft are challenging the existing legal paradigm. The law presumes the U.S. can regulate anything that comes in and out of the country, but the internet — which features untold amounts of data rapidly crisscrossing the globe regardless of geographical and political borders — tests that framework.
“I would say it is qualitatively and quantitatively different,” Bellia reasons. “The scale, in terms of the number of communications that will cross the border, or the fact that sometimes a server is located somewhere else because it’s cheap or effective, means that the ties to geography are severed in more ways here than in other contexts.”
Yet as the Microsoft case shows, the question is far from settled. Bellia is a leading scholar in developing a framework from which regulators and judges can work through cyber law cases of various themes, whether they involve issues of borders and sovereignty or the tension between privacy and security. She teaches a cyber law course at the Notre Dame Law School, is a co-author of a cyber law casebook that is now in its fifth edition, and co-authors a treatise on electronic surveillance law.
Bellia’s intellectual curiosity in cyber law is traced to clerking at the U.S. Court of Appeals and the Supreme Court, and then her work in the Office of Legal Counsel at the U.S. Department of Justice, when her work would occasionally intersect with the DOJ’s computer crime unit. Along the way, it became clear these issues were becoming more prevalent — and more complex — with each passing year.
Much of the public consciousness around cyber law likely deals with the line between privacy and security — how much privacy we are willing to sacrifice for a perceived gain in security. As technology progresses, the location of that line may be moved. As one example, Bellia points to the capability of today’s smartphones which can identify a user’s location.
“Previously, you couldn’t get a person’s location unless you tracked somebody in the physical world,” she said. “Now, you could have the government get information from a cell phone provider that pinpoints location with a fair degree of accuracy. So do we stop at saying we couldn’t have had that capability previously without being in pursuit, or do we accept that new technology has opened a door for law enforcement, and that has moved the privacy-security balance in that direction?”
While much attention is paid to the government’s involvement in privacy and security, Bellia points out there are equally complex cyber law questions in the private sector. She notes that as a society, there tends to be a collective emphasis on what the government knows and what it can do, but there are very few restrictions on how private parties can aggregate, use or sell personal data — data many people give up voluntarily. It’s a different example of technology pushing the line: a few short decades ago, a person browsing a clothing rack at a department store would not expect to find that same rack in their home later that evening. But a person browsing clothes online has cookies subject them to those same items as they navigate to different pages on the internet.
While shopping may seem like a benign example for now, the growing trend of anonymity of content posted online can be anything but. A piece of content that is posted anonymously online, but is false and defamatory, can be indexed by the likes of Google and spread rapidly before the record is corrected. And according to Bellia, a search engine like Google currently has no legal impetus to remove the content. Technology’s impact in this area is twofold: Not only is it more difficult to trace who produced the content than in a more analog generation, but the scale at which this content can be shared is truly unprecedented.
All of which provides new challenges for the legal community at large.
“One of the great things about working in this area is that so many questions come up, you’re actually able to offer a theoretical framework for thinking about them that really could help judges,” she said.
“I would always hope that I’ve made students, regulators, judges think a little bit harder about those questions. That’s always what we aspire to as professors, that we can influence not just our students but the broader scholarly and legal community as well.”