Professor Hartzog is a Professor of Law and Computer Science at Northeastern University, where he teaches privacy and data protection law, policy, and ethics. He holds a joint appointment with the School of Law and the College of Computer and Information Science. His recent work focuses on the complex problems that arise when personal information is collected by powerful new technologies, stored, and disclosed online.
Professor Hartzog’s work has been published in numerous scholarly publications such as the Yale Law Journal, Columbia Law Review, California Law Review, and Michigan Law Review and popular national publications such as The Guardian, Wired, BBC, CNN, Bloomberg, New Scientist, Slate, The Atlantic, and The Nation. His book, Privacy’s Blueprint: The Battle to Control the Design of New Technologies, is under contract with Harvard University Press. He has testified twice before Congress on data protection issues.
Professor Hartzog has served as a Visiting Professor at Notre Dame Law School and the University of Maine School of Law. He previously worked as an attorney in private practice and as a trademark attorney for the United States Patent and Trademark Office. He also served as a clerk for the Electronic Privacy Information Center. He holds a PhD in mass communication from the University of North Carolina at Chapel Hill, an LLM in intellectual property from the George Washington University Law School, and a JD from Samford University.
I have just uploaded a new essay about online privacy to SSRN that will appear in Volume 46 of the Georgia Law Review. The essay, titled "Chain-Link Confidentiality," asserts that personal information that is shared online can be better protected if we require our confidants to make sure that their confidants are watching out for us. This strategy could help us retain control over our personal information as it moves downstream. Your comments are warmly welcome.
Last week, the Supreme Court issued its opinion in United States v. Jones, in which the Justices held that the government's installation of a GPS device on a target's vehicle, and its use of that device to monitor the vehicle's movements, constituted a Fourth Amendment search. The decision was surprisingly unanimous on this point, though concurring opinions by Justices Sotomayor and Alito potentially amplify the significance of the opinion by proposing alternate approaches to the larger problem of ubiquitous surveillance technologies and privacy in public. Given the majority opinion's narrow focus on the attachment of the device to the car, the larger issue of privacy in public remains unsettled.
Others have done an exemplary job of commenting on the decision. The dominant themes arising from the decision and analysis of the decision seem to be the (re?)injection of the concept of trespass into Fourth Amendment doctrine, signs of potential withering of the third party doctrine, and recognition that Fourth Amendment and privacy doctrine will soon enough be useless if they do not adequately protect against ever-evolving surveillance methods and technologies.
I'd like to focus on an aspect of the decision that has not shown up much in the analysis of the case, likely because it was never explicitly mentioned in the text. Although the word obscurity does not appear anywhere in United States v. Jones, I think the decision, particularly Justice Sotomayor's concurring opinion, supports the idea that the obscurity of our personal information is worth protecting.
Co-authored with Evan Selinger.
Until recently, concerns over facial recognition technologies were largely theoretical. Only a few companies could create databases of names and faces large enough to identify significant portions of the population by sight. These companies had little motivation to widely exploit this technology in invasive ways.
Co-authored with Evan Selinger.
Some people argue that the Digital Age has eviscerated obscurity. They say shifts in the technological and economic landscapes have forever changed society.
Their argument is that a tipping point has occurred; it’s now too late to stop others from collecting, aggregating, and analyzing nearly every aspect of our data trail, and profiting from a steady stream of intrusive privacy invasions.
Social Media is always updating to give people more. More features like video and picture sharing. More freedom to use third-party apps. More capacity to store more data and make more connections. More platforms so we can use one service while loading another.
Paradoxically, the future of social media is also about providing less. Sometimes the best social media design will constrain invasive and harmful practices. If we want online social interaction to be safe and sustainable, we should embrace the limitations.
Co-authored by Danielle Citron and Woodrow Hartzog.
Revenge-pornography websites are a reminder that preying on the vulnerable has long been big business. And while various laws protect people against scam artists, extortionists, manipulators, and other unscrupulous enterprises, the law has not been able to keep up with all malicious businesses.
""The FTC was never created as a pure data protection authority, but it's stepped in to fill the void," said Woodrow Hartzog, a law and computer science professor at Northeastern University. "Even after all the FTC has done, it's still very limited in substantive authority and in terms of resources.""
"This may be the first true large-scale reckoning for the information age, a 21st-century problem screaming for an immediate answer. Woodrow Hartzog, a professor of law and computer science at Northeastern and an affiliate scholar at The Center for Internet and Society at Stanford Law School, has a suggestion.
"“There hasn’t been a real vivid example of how information is extracted on a massive scale and then weaponized against you,” said Woodrow Hartzog, a professor of law and computer science at Northeastern University. “To rob people of agency in a really important, core area of identity, which is political expression, ideology—the idea that we’ve lost control of so much, to lose this as well is just difficult to swallow.”"
"“You have to proceed on the assumption that this information has been extracted from you,” Woodrow Hartzog, author of Privacy’s Blueprint: The Battle to Control the Design of New Technologies, told me on the phone. “Cambridge Analytica used an information extraction technique that was well-known to technologists for years. The implications of this debacle is about crystallizing the threat about how dangerous the information ecosystem is.”"
Part of the Cyber Insecurity series.
Probe the difficult questions that we will need to address as human-robot relationships evolve in the coming decades. Explore the nuances of our future and prepare for the complex problems that will rise as our lives become more A.I. dependent.
Adults 18+ Only.
This program is free thanks to the generosity of the Lowell Institute.
Ranging across consumer protection, data aggregation, digital networks, high-tech devices and surveillance, this panel brings together top privacy and surveillance experts to discuss how the Trump administration has and will continue to shape our privacy in these and other areas.
- ELIZABETH JOH Professor of Law, UC Davis School of Law
- AHMED GHAPPOUR Associate Professor of Law, Boston University School of Law
- ANDREA MATWYSHYN Professor of Law, Northeastern University School of Law
The Tech/Law Colloquium speaker for September 19, 2017 will be Woodrow Hartzog, a professor of law and computer science at Northeastern University, where he teaches privacy and data protection law, policy, and ethics. His recent work focuses on the complex problems that arise when personal information is collected by powerful new technologies, stored, and disclosed online.
Talk: Privacy’s Blueprint: The Battle to Control the Design of New Technologies
Robots are starting to look suspiciously familiar. Increasingly sophisticated robots designed to resemble us are striking up more and more symbiotic relationships with humans, at home as our companions and at our workplaces as colleagues.
Human-robot interactions will continue to evolve as robotic technology transforms the way we see our creations and the way they react to us. But as machines cease acting like machines and become more integrated into our lives, how will we feel about them? And, dare we ask, how will they feel about us?
‘Read Me’ Or Just Tap ‘I Agree’
There’s a huge group of people at work behind our screens. They’re called behaviour architects, persuasive designers or user-experience specialists and the power they have is massive.
That urge to keep swiping through your twitter feed? That’s design. The way we all click ‘I Agree’ to the terms and conditions? That’s design. Swiping right or left on Tinder? Well, that’s design too.
We live in an online world of someone else’s making and most of us never even give it a second thought. And actually, that’s design as well.
Speaking before the audience at the recent IAPP Data Protection Congress in Brussels, keynoter Woody Hartzog made a challenging assertion: "Control is the wrong goal for privacy by design, perhaps the wrong goal for data protection in general." But isn't control a central tenet of good privacy? It sure is. But it shouldn't be, the author of "Privacy’s Blueprint: The Battle to Control the Design of New Technologies" argued. While everyone emphasizes "control" of personal data as core to privacy, too much zeal for control dilutes efforts to design information tech correctly.
Design is one of the most important but overlooked factors that determines people’s privacy. Social media apps, surveillance technologies, and the Internet of Things are all built in ways that make it hard to guard personal information. And the law says this is okay because it is up to users to protect themselves ― even when the odds are deliberately stacked against them.
Our modern privacy frameworks, with their emphasis on gaining informed consent from consumers in order to use their data, are broken models. That's according to Woodrow Hartzog, a law professor at Northeastern University in Boston. In this episode of The Privacy Advisor Podcast, Hartzog discusses the ways that, given such models, technologies are designed at the engineering level to undermine user privacy.
Recently 50 million Facebook users had their personal information extracted and used for political and commercial purposes. In the wake of this scandal, we’ve all become much more aware of how our use of social media clashes with our desire for privacy. Are technical fixes and awareness enough, or is it time for Facebook and other online services to be regulated? Our guest Woodrow Hartzog is a professor of law and computer science at Northeastern University and discusses the battle and future of our personal information.