What legal regimes or market initiatives would best prevent the unauthorized disclosure of private information while also promoting business innovation? As individuals do more - shopping, talking, working - on-line, they leave private information behind in databases stored on Internet-connected . . .
What legal regimes or market initiatives would best prevent the unauthorized disclosure of private information while also promoting business innovation? As individuals do more - shopping, talking, working - on-line, they leave private information behind in databases stored on Internet-connected servers. Companies store proprietary data on networked servers connected to the Internet. Computer security experts struggle to develop technology and best practices to protect this information from unauthorized intruders or inadvertent leaks. Are private initiatives sufficient to protect private and confidential information, or should the law allocate the responsibility of keeping the server secure, and if so, on whom? And will the imposition of this legal and economic burden impede further exponential advances like those the computer industry has made in the past decade?

The Law, Science and Technology Program (LST) and the Center for Internet and Society (CIS) at Stanford Law School announce an open call for papers addressing the ways in which application of various legal doctrines could induce software vendors, hardware companies and system administrators to adopt security-enhancing practices, report unauthorized disclosures of private information, properly value and remedy harm flowing from privacy breaches, while promoting vigorous competition and innovation.

Suggested topics include, but are not limited to:

  • What incentives should there be for reporting and accounting for privacy breaches?
  • What are the best methods for valuing confidential and private information for both civil and criminal purposes?
  • How does the imposition of legal liability or the lack thereof affect market competition and innovation?
  • What party - the vendor, the implementor of customizable technology, the customer, the intruder or data leaker - is best suited to bear the costs of securing data stored on the Internet?
  • What role, if any, can technological self-help play in protecting privacy and what are the risks?
  • What is the role of contract in information privacy and risk management?
  • Is there a standard of care or set of best practices to which the law can hold actors? If not, how could one develop? Does a legal standard impede innovation?
  • Should software vendors be held liable for security flaws in their products? To whom, and under what legal regimes?
  • Should the government consent to be sued if private data leaks from a government or government agent's server? How would this imposition of legal liability interact with current regulations of government data collection, storage and disclosure?
  • What role could private organizations - such as insurers, trade organizations or other non-governmental actors - play in securing confidential data?
  • Why have there been so few lawsuits for privacy invasions or other economic harm stemming from computer security breaches?
  • Should liability for security breaches turn on the technology (e.g., web-surfing, RFIDs, smart-cards, digital cameras) used to gather private information?
  • Can a legal regime to protect security coexist with the need to transfer data across countries for processing?

In the selection process, papers offering new perspectives, novel analysis, or innovative prescriptions will be given preference. Proposals from legal and other academics, economists, lawyers, scientists and technologists, as well as new voices are encouraged.

The event is funded by a generous grant from the cy pres fund established in the Supnick et al. v. Amazon.com, Inc. and Alexa Internet, Inc. litigation. We are able to offer free admission to the symposium and anticipate a large audience of academics, executives, students, and U.S. and foreign policy makers. Those selected to present papers will be reimbursed for two- week advance purchased coach airfare to California and for two nights stay at the Westin, Palo Alto hotel.

Interested parties should submit a 200 word abstract describing the proposed paper here. The deadline for submissions is October 13 and the selected presenters will be notified by mail by November 3. The website also allows visitors to register to be notified when we finalize the symposium schedule.

Papers will be due May 3, 2004. The Symposium Editors will select the papers which will be published in a scholarly volume under a Creative Commons license that will allow authors to submit their papers to other publications, including law journals.

The Symposium Editors are:

  • Anupam Chander, Professor, UC Davis School of Law, Visiting Professor Stanford Law School, Spring 2004
  • Lauren Gelman, Assistant Director, Center for Internet and Society, Stanford Law School
  • Margaret Jane Radin, Wm. Benjamin Scott and Luna M. Scott Professor of Law, Director, Stanford Program in Law, Science and Technology

If you have questions, you are welcome to contact Lauren Gelman, at gelman@stanford.edu. The conference is organized by the Center for Internet and Society, part of the Program on Law Science and Technology at Stanford Law School.

The link for this article located at Stanford is no longer available.