Solipsistic Europocrisy meets judicial imperialism

It's Schrems II in episode 325 of the Cyberlaw Podcast


The big news of the week was the breathtakingly arrogant decision of the European Court of Justice, announcing that it would set the  rules for how governments could use personal data in fighting crime and terrorism.

Even more gobsmacking, the court decided to impose those rules on every government on the planet – except the members of the European Union, which are beyond its reach. Oh, and along the way the court blew up the Privacy Shield, exposing every transatlantic business to massive liability, and put the EU on a collision course with China over China's most sensitive domestic security operations. This won't end well.  It's the CJEU's version of our Court's Dred Scott ruling. Paul Hughes helps me make sense of the decision.

In the interview, I talk to Darrell West, co-author of Turning Point—Policymaking in the Era of Artificial Intelligence. We mostly agree on where AI is already making a difference, where it's still hype, and how it will transform war. Where we disagree is over the policy prescriptions for avoiding the worst outcomes. I disagree with the relentless focus of the book (and every other book in recent years) on the questionable claim of AI bias, and Darrell and I have a spirited disagreement over my claim that his prescription will hide numerical racial and gender quotas in every aspect of life that AI touches.

Iranian cyberspies make pretty good training videos, Sultan Meghji tells us, but they're not taking any bows after leaving the videos exposed online.

If you thought Twitter's content resembled middle school, wait until you see their security measures in action. Nate Jones has the details, but my takeaway is that middle school science projects are usually handled a lot more responsibly than Twitter's "god mode" dashboard.

BIPA, the Illinois biometric privacy act, has inspired lawsuits against users of a database assembled to reduce AI bias. Mark MacCarthy explains that the law prohibits use of biometrics (like  pictures of your face) without consent. I observe that this makes BIPA the COVID-19 of privacy law.  Anyone who touches this database will be infected with liability, at least if the plaintiff's surprisingly plausible theory holds up.

Sultan reminds us that the PRC has now been caught twice requiring companies in China to use tax software with built-in malware. You know what they say: "Once is happenstance. Twice is coincidence. Three times is enemy action."  I don't think we'll need to wait long to see number three.

Nate gives us a former government lawyer's take on the CIA's new authority to conduct cyber covert action. (Yahoo, Lawfare) Ordinarily he'd be skeptical of keeping those decisions away from the White House, but in this case, he'll make an exception. My take: If unshackling the CIA has produced the APT34 and FSB hacks and data dumps, what's not to like?

In short hits, I mock the Justice Department spokesperson who claimed that Ghislaine Maxwell was engaged in "a misguided effort to evade detection" when she wrapped her cellphone in tin foil. And Mark and I cross swords over Reddit's capture by the Intolerant Left. You make the call: When Reddit declares that exposing fake hate crimes as hoaxes is a form of hate speech, is that anecdotal evidence of left-wing bias or stone-cold proof of epistemic closure?

Download the 325th Episode (mp3).

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug!

The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

NEXT: Why does the Supreme Court use different language for remands to state court and federal court?

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. So a privacy ruling is the equivalent of Dred Scott? Seriously?

    Prof. Baker is nuts.

    1. The rhetoric may seem a bit over the top but:
      – both are (were) decisions that followed almost inevitably from the wording of the relevant texts
      – nevertheless, both established legal precedents that will (did) reach far, far beyond the narrow circumstances of the immediate case
      – in both cases, that reach will go (went) far beyond what the original authors of the text ever foresaw or apparently intended
      – and in both cases, the unintended consequences tend strongly to the unfavorable
      – most importantly, both are (were) decisions of the highest court in the land which means there is no clear path for appeal or reversal. Dred Scott did and Schrems II will do a lot of damage before the courts finally figure a way out of the box they’ve painted themselves into.

      Dred Scott became the chief counter-example in US law for those arguing against blind application of stare decisis and against deference to the courts as an absolute authority. I think Prof Baker might be right that Schrems II could become the same counter-example to the EU Court’s assertion of authority.

      1. You really think that the reason people think Dred Scott was such a terrible decision had nothing to do with the fact that it was a defense of slavery and specifically said that Black people had no rights that whites were required to accept?

        1. You’re missing the point, Dilan. The evil of Dred Scott wasn’t (merely) that it was a terrible decision in isolation. The real evil was that it locked in a framework that led to many more bad outcomes for a very long time.

          Schrems II may not be as evil in isolation but it also has the potential to do a lot of long-term damage – which was the point of the comment.

          1. Honestly, Dred Scott was actually a one-off. I mean, compared to Plessy v. Ferguson, which led to legalized segregation in 50 different types of public accomodations and facilities, Dred Scott really didn’t have that much doctrinal impact. It wasn’t like courts were citing Dred Scott all the time as persuasive authority.

            What made Dred Scott bad was that it said Black people had no rights. And this case is NOTHING like that.

      2. Scot v. Sanderson provides a historical example of how the Supreme Court can be overruled. Their power comes from the authority to interpret what the Constitution says. The way to overrule them when they reach a “wrong” answer is to go to the text and change it directly. Scot v. Sanderson became moot with the passage of the 14th amendment. The same technique was used to overrule the Court on the matter of federal income taxation.

        1. And the only cost of this is that it transforms the requirement for a difficult super majority to change the Constitution, into a requirement for a difficult super majority to stop it from being ‘changed’.

          1. It doesn’t take a supermajority to stop the Constitution from being changed. A small group of states can do it, unless they’ve recently risen in open armed rebellion.

  2. I was wondering how long this would take.

    For a more neutral version, the British Panopticon blog is the best blog I know of about data protection and freedom of information issues. They already have several posts up discussing the Schrems II judgment:

  3. “and put the EU on a collision course with China over China’s most sensitive domestic security operations. ”

    I’m having a bit of trouble seeing the problem with making life hard for China’s secret police. Unless I’m misunderstanding this, shouldn’t we all be steering a collision course with China’s most sensitive domestic security operations?

    1. First you have to come up with a legal justification for caring what China’s domestic policies are. Then you can decide if you are pro- or anti- Chinese domestic policy. Otherwise, Chinese domestic policy is Chinese, and I am not Chinese, thus not my problem. This is also why I do not reside in, or conduct business in China. This gives the Chinese no jurisdiction over me, and I don’t have to fight their domestic policies because their choices have no power over me.

      1. I’ve got plenty of moral justification for caring what the internal policies of a totalitarian state that practices genocide and slavery are.

        But you’re wrong about their choices having no power over you, because they’ve gotten very good at exporting their choices. What is cancel culture and deplatforming, after all, but the gradual imposition of a “social credit” system here in the US?

        1. “I’ve got plenty of moral justification for caring what the internal policies of a totalitarian state that practices genocide and slavery are.”

          Good for you. Take your moral opinions to God and maybe he’ll help you with them. But this is a legal question, not a moral one, hence the specification that you’ll need a LEGAL reason to take note of how China regulates China.

          ” What is cancel culture and deplatforming, after all, but the gradual imposition of a “social credit” system here in the US?”

          “Cancel culture” comes to us from Right-leaning forces in the US, going back to burning Beatles records because John Lennon said the Beatles were more popular than Jesus, and still popular with them a decade-and-a-half later when Natalie Maines said mean things about President W. You’re only against it now because it’s being used by people you don’t agree with.

          1. We don’t need a legal reason, we are a sovereign country.

            We can impose a $10,000 entry fee on anyone entering the country with a Chinese passport if we wish — that’s why the EU is so worried about Britexit.

            1. that’s why the EU is so worried about Britexit.

              It really isn’t.

            2. “We don’t need a legal reason, we are a sovereign country.”

              The fact that they’re a sovereign country doesn’t matter because YOU are a sovereign? Good luck with that.

            3. “We can impose a $10,000 entry fee on anyone entering the country with a Chinese passport if we wish — that’s why the EU is so worried about Britexit.”

              If you don’t mind losing the votes of the soybean farmers, you can do that.

          2. ” But this is a legal question, not a moral one, hence the specification that you’ll need a LEGAL reason to take note of how China regulates China.”

            And the statute being ruled upon by this court explicitly made that a legal reason. If you didn’t notice.

            1. There’s a statute out there somewhere that makes your moral objections legally cognizant? Doubtful.

  4. I’m having a bit of trouble how the EU decision will control any government, they will just ignore it.

    The EU does have substantial economic leverage over multi-nation companies they routinely punish in favor of EU companies.

    1. This is all about exchange of personal data. Countries that can’t work within the limits established by the GDPR and enforced by the ECJ can’t have the data they want to fight the Terrorsts…

      1. … assuming they follow the laws of the foreign countries they choose to operate in.

      2. Fine. We ban ANYONE from said countries from entering this country until we have the data we need to fight terrorism.

        1. Yes, you could do that. Sovereign country and all. Why not go all-in and just ban anyone from anywhere entering the US? That seems to be where you lot are headed anyway. (“You lot” meaning Trumpists, to be clear.)

          1. And also, your mineral resources are ours.

      3. Unless individual governments cooperate and fail to tell the EU.

        1. Just for you, the aforementioned Panopticon blog has the “damages” tag, so that you can filter for all the judgments and other cases where people seek damages for GDPR breaches. Needless to say, that can get quite expensive. (Although as you will see sometimes people get a little over-enthusiastic in their claims.)

  5. Only on a blog full of entitled white males like Mr. Baker can we see holdings having nothing to do with race compared with Dred Scott. A black person whose parents were denied the right to vote, whose grandparent was lynched, or whose great-grandparents were slaves, would never degrade his conversation in such a way. But to Mr. Baker it’s an abstraction, next door to a joke.

    1. I don’t see the issue, as a member of a minority group. Dred Scott is routinely cited to give an example of a decision that goes far beyond intent and does significant damage, without the possibility of appeal. Yeah it’s a bit excessive, but it’s not an uncommon citation. Roe vs Wade is the next Dred Scott. Heck, liberals routinely cite Lochner vs New York as being Dred Scott esque. That has nothing to do with race. And you can make a similar argument, how is it fair to compare a decision denying liberty to one radically expanding it? Yet that’s not the point.

      In the opinion the liberal justices outright said Trump vs. Hawaii is the next Korematsu. Clarence Thomas routinely cites Dred Scott in codes that are completely unrelated. He’s black. It’s not uncommon to engage in this sort of thing. The comparison isn’t about race. It is about judicial arrogance and legislating by the bench, made worse in that case by pro-slavery justices mandating it.

      1. ” how is it fair to compare a decision denying liberty to one radically expanding it?”

        For one person’s liberty to expand (radically or not), at least one other person’s liberty must contract.

  6. I normally ignore Baker’s increasingly shrill and fact free rantings about the GDPR, but comparing the decision to Dred Scott shows an absence of basic moral compass that is astonishing even for him. Scott perpetuated racist denial of freedom to individuals against the powerful state and entrenched economic interests of (0ften international) businesses. The Schremm decision does the opposite, protecting individuals against overpowering global businesses and abusive state power.

    I get it in Baker’s ideal world, we’d all sit around the table, palms up on the table so that the police officers lining the room (and operating the drones) can see if we are “up to no good” (which in the US seems now also to include all sorts of public protest) , but mercifully this is not (any longer) the European way.

    The ECJ is much less politicised than Scotus, if you look at the appointment process, and what he mistakenly considers “arrogant” we call simply “applying the law without fear or favour” – the decision to give the GDPR extraterritorial reach is not a judicial invention but enshrined in the text – and in any case does not go beyond what the US does with the CLOUD Act e.g., just that that oen again favours polie, not citizens.

    1. “(which in the US seems now also to include all sorts of public protest)”

      Only the sorts of public “protest” that involve vandalism, arson, assault and battery. IOW, the sort of public protest that the word “rioting” describes.

      But I agree with your point. It is a data protection ruling, it seems to accurately apply the law, and Baker just happens to object to data protection, because it can get in the way of governments that want the data.

      Even the Chinese government, a notoriously vicious totalitarian state! Complaining of THAT was a new low for Baker.

  7. How (and why) does such reliably right-wing authoritarianism regularly appear at a self-described “often libertarian” blog at a self-proclaimed “libertarian” website?

    Faux libertarians are among my favorite culture war casualties.

Please to post comments