25 February 2012

TRC Interim Report

Canada's national Truth & Reconciliation Commission (TRC) has released an Interim Report [PDF] regarding Indigenous residential schools - characterised by some observers as analogous to the 'Stolen Generations' inquiry in Australia and more broadly to inquiries in Ireland that revealed government indifference regarding abuses in homes run by religious organisations. The document is of interest to human rights scholars, historians, archivists and people concerned with legal procedure (including issues of evidence, confidentiality and copyright).

The Interim Report states that -
Up until the 1990s, the Canadian government, in partnership with a number of Christian churches, operated a residential school system for Aboriginal children. These government-funded, usually church-run schools and residences were set up to assimilate Aboriginal people forcibly into the Canadian mainstream by eliminating parental and community involvement in the intellectual, cultural, and spiritual development of Aboriginal children.

More than 150,000 First Nations, Inuit, and Métis children were placed in what were known as Indian residential schools. As a matter of policy, the children commonly were forbidden to speak their own language or engage in their own cultural and spiritual practices. Generations of children were traumatized by the experience. The lack of parental and family involvement in the upbringing of their own children also denied those same children the ability to develop parenting skills. There are an estimated 80,000 former students still living today. Because residential schools operated for well more than a century, their impact has been transmitted from grandparents to parents to children. This legacy from one generation to the next has contributed to social problems, poor health, and low educational success rates in Aboriginal communities today.

The 1996 Canadian Royal Commission on Aboriginal Peoples and various other reports and inquiries have documented the emotional, physical, and sexual abuse that many children experienced during their school years. Beginning in the mid-1990s, thousands of former students took legal action against the churches that ran the schools and the federal government that funded them. These civil lawsuits sought compensation for the injuries that individuals had sustained, and for loss of language and culture. They were the basis of several large class-action suits that were resolved in 2007 with the implementation of the Indian Residential Schools Settlement Agreement, the largest class-action settlement in Canadian history. The Agreement, which is being implemented under court supervision, is intended to begin repairing the harm caused by the residential school system.
The Commission was established to
• reveal to Canadians the complex truth about the history and the ongoing legacy of the church-run residential schools, in a manner that fully documents the individual and collective harms perpetrated against Aboriginal peoples, and honours the resiliency and courage of former students, their families, and communities; and
• guide and inspire a process of truth and healing, leading toward reconciliation within Aboriginal families, and between Aboriginal peoples and non-Aboriginal communities, churches, governments, and Canadians generally. The process will work to renew relationships on a basis of inclusion, mutual understanding, and respect.
The Commission's Interim Report concludes that -
1) Residential schools constituted an assault on Aboriginal children.

2) Residential schools constituted an assault on Aboriginal families.

3) Residential schools constituted an assault on Aboriginal culture.

4) Residential schools constituted an assault on selfgoverning and self-sustaining Aboriginal nations.

5) The impacts of the residential school system were immediate, and have been ongoing since the earliest years of the schools.

6) Canadians have been denied a full and proper education as to the nature of Aboriginal societies, and the history of the relationship between Aboriginal and non-Aboriginal peoples.
In discussing procedural aspects the TRC comments that -
The federal government has been aware of its need to provide all relevant documents since the signing of the 2005 agreement-in-principle that preceded the final Settlement Agreement. Despite this, the federal government has
• provided the Commission with only a very limited portion of the relevant documents in its possession
• taken the position that it has no obligation to identify and provide relevant historical documents held by Library and Archives Canada to the Commission. Under this approach, departments would have to search and produce records only from active and recent files. This is inappropriate in dealing with matters dating back over a century.
• informed the Commission that, despite the Commission’s request, it has not agreed to provide the Commission with the Settlement Agreement & Dispute Resolution (SADRE) database, which contains all the residential school research files of Aboriginal Affairs and Northern Development Canada.
• yet to provide the Commission with appropriate levels of access to federal archives — an issue that compromises both document collection and report preparation.
In addition, the federal government has taken the position that it cannot disclose records in its possession if those records were provided to it by the churches in response to specific residential schools court cases. It maintains this position even for records created by the federal government but that contain information first obtained from church records.

The federal government asserts that since it obtained the church records and information through the litigation process, it is subject to an implied undertaking to use or disclose those records only in relation to the specific court decisions to which the records relate. The federal government asserts that the fact that the government and the churches settled such court cases through the Settlement Agreement, which includes an express obligation that Canada and the churches would disclose all relevant records in their possession, does not constitute a waiver of those implied undertakings. In the case of a conflict between the implied undertakings and the express obligation in the Settlement Agreement to produce all records in its possession to the Commission, the government maintains it must give preference to the implied undertakings. The Commission finds this position unacceptable.

In addition, while the Commission has received helpful cooperation from most of the churches and archivists it has dealt with, individual church archivists have sought to impose conditions before they will produce records to the Commission.

Such conditions include:
• instructions as to how the Commission should caption photographs in its reports
• limitations on the Commission’s use of photographs to a “one-time only” use
• distinctions between their “internal” and “external” and “restricted” and “unrestricted” records
• restrictions as to how the Commission can use records in different categories.
Some archivists insist that the Commission acknowledge that the churches own copyright in the records located in their archives. With respect to such claims, the churches make no copyright distinctions based on who created the records or when, and do not explain what copyright interests they are seeking to protect.

All these issues have caused and continue to cause considerable delay for the Commission in its attempt to meet its mandated obligation and enforce compliance of the parties’ obligations to produce relevant records. It is unlikely that the document-collection process will be completed without a significant shift in attitude on the part of Canada and those parties who have been reluctant to cooperate.
The Commission makes several recommendations -
1) the Government of Canada issue the necessary orders-in-council and funding authorities to ensure that the end date of the Commission and Commissioners’ appointments coincide, including the necessary wind-down period after the Commission’s last public event.

2) the Government of Canada work with the Commission to ensure the Commission has adequate funds to complete its mandate on time.

3) the Government of Canada ensure that Health Canada, in conjunction with appropriate provincial, territorial, and traditional health care partners, has the resources needed to provide for the safe completion of the Truth & Reconciliation Commission’s full mandate, and to provide for continuous, high-quality mental health and cultural support services for all those involved in Truth & Reconciliation and other Indian Residential Schools Settlement Agreement activities, through to completion of these activities.

4) each provincial and territorial government undertake a review of the curriculum materials currently in use in public schools to assess what, if anything, they teach about residential schools.

5) provincial and territorial departments of education work in concert with the Commission to develop age-appropriate educational materials about residential schools for use in public schools.

6) each provincial and territorial government work with the Commission to develop public-education campaigns to inform the general public about the history and impact of residential schools in their respective jurisdiction.

7) the Government of Canada and churches establish an ongoing cultural revival fund designed to fund projects that promote the traditional spiritual, cultural, and linguistic heritages of the Aboriginal peoples of Canada.

8) all levels of government develop culturally appropriate early childhood and parenting programs to assist young parents and families affected by the impact of residential schools and historic policies of cultural oppression in the development of parental understanding and skills.

9) the Government of Canada, and the federal Minister of Health, in consultation with northern leadership in Nunavut and the Northwest Territories, take urgent action to develop plans and allocate priority resources for a sustainable, northern, mental health and wellness healing centre, with specialization in childhood trauma and long-term grief, as critically needed by residential school survivors and their families and communities.

10) the Government of Canada, through Health Canada, immediately begin work with provincial and territorial government health and/or education agencies to establish means to formally recognize and accredit the knowledge, skills, and on-the-job training of Health Canada’s community cultural and traditional knowledge healing team members, as demonstrated through their intensive practical work in support of the Truth & Reconciliation Commission and other Settlement Agreement provisions.

11) the Government of Canada develop a program to establish health and wellness centres specializing in trauma and grief counselling and treatment appropriate to the cultures and experiences of multi-generational residential school survivors.

12) the parties to the Indian Residential Schools Settlement Agreement, with the involvement of other provincial or territorial governments as necessary, identify and implement the earliest possible means to address legitimate concerns of former students who feel unfairly left out of the Settlement Agreement, in order to diminish obstacles to healing within Aboriginal communities and reconciliation within Canadian society.

13) to ensure that survivors and their families receive as much healing benefit as the apology may bring them, the Government of Canada distribute individual copies of the “Statement of Apology to Former Students of Indian Residential Schools” to all known residential school survivors.

14) the Government of Canada distribute to every secondary school in Canada a framed copy of the “Statement of Apology to Former Students of Indian Residential Schools” for prominent public display and ongoing educational purposes.

15) federal, provincial, and territorial governments, and all parties to the Settlement Agreement, undertake to meet and explore the United Nations Declaration on the Rights of Indigenous Peoples, as a framework for working towards ongoing reconciliation between Aboriginal and non-Aboriginal Canadians.

16) the Government of Canada meet immediately with the Aboriginal Healing Foundation to develop a plan to restore funding for healing initiatives to the Foundation within the next fiscal year.

17) the Government of Canada and the churches produce all their relevant records to the Commission as quickly as possible.

18) Canada and the churches make a dramatic change in the way they address the funding and timeliness of document production and digitization.

19) all agencies and organizations that are not parties to the Settlement Agreement, but have holdings relevant to the history and legacy of residential schools (such as provincial and university archives, libraries, museums, galleries, and Aboriginal organizations), contact the Commission and assist the Commission in receiving copies of all such relevant documents.

20) governments, educational institutions, and churches consult, design, announce, and publicly unveil residential school commemorations before the completion of the Commission’s mandate.

US Workplace privacy

'Privatizing Workplace Privacy' (Marquette Law School Legal Studies Paper No. 11-27) by Paul Secunda comments that -
Perhaps “the” question in this age of workplace technological innovation concerns the amount of privacy employees should have in electronic locations in the workplace. An important related question is whether public sector and private sector employees, who have different legal status under the state action doctrine, should enjoy the same level of workplace privacy. Recently, in the Fourth Amendment workplace privacy case of City of Ontario v. Quon, the United States Supreme Court considered both of these questions. Quon involved alleged privacy violations by a city police department when it audited an officer’s text messages from his city-issued pager.

In a cryptic decision, Justice Kennedy held for a unanimous court that assuming the officer had a reasonable expectation of privacy in the pager, the city's search of the pager was reasonable under two possible legal tests. First, under the plurality test enunciated by the Supreme Court in O’Connor v. Ortega, it was reasonable because it was motivated by a legitimate work-related purpose and was not excessive in scope. Second, under the test outlined by Justice Scalia in his concurring opinion in O’Connor, it was reasonable because it would be considered “reasonable and normal” in the private sector workplace. To varying degrees, both of these legal tests suggest that questions of workplace privacy in the public and private sectors should be treated the same.

Rather than elevating private-sector privacy rights to the public-sector level, however, Quon suggests that public employee workplace privacy rights should be reduced to the level of employees in the private sector. Maintaining that public sector workers are entitled to greater levels of privacy protections based on the text of the constitution, the power of the government as employer, and the critical oversight role public employees play in American democracy, this article argues for a new, two-step workplace privacy analysis which first focuses on the purpose of the search and then applies presumptively the Fourth Amendment’s warrant and probable cause requirements to those searches undertaken for investigatory purposes.
Secunda argues that -
even if public employee records are required to be disclosed in some circumstances to their employer or to the public, there is still substantial room to protect many type of personal documents and materials which may exist in that employee’s personal office space. To the extent that such materials are not subject to disclosure under the public records law, they should be protected from targeted, investigatory searches by government employers by the warrant and probable cause requirements of the Fourth Amendment for the reasons discussed in detail above.

A majority of the Supreme Court in O’Connor appear to sanction this approach. Justice Scalia in his concurrence, joined by the four members of the plurality, observed that, “[c]onstitutional protection against unreasonable searches by the government does not disappear merely because the government has the right to make reasonable intrusions in its capacity as employer.” While one may not have a privacy interest in one’s workplace communications as to the public because of the operation of the public records law, one can still have a privacy interest against the government employer if previous employer actions suggested to the employee that they had a reasonable expectation of privacy in a physical or electronic location in the workplace. For instance, and as Justice Kennedy pointed out in the majority opinion in Quon, “many employers expect or at least tolerate personal use of [employer-owned communication devices] by employees because it often increases worker efficiency.” Under this scenario, employees may still have a reasonable expectation of privacy in their employer-owned communication devices vis-à-vis their government employers.

The important point here is that through contextualization of the public workplace search -- with a focus on both the reason for the search and the identity of the party seeking to undertake the search -- a more privacy-protective legal standard may be fashioned for investigatory workplace searches in the public sector undertaken to discover employee wrongdoing. Indeed, reestablishment of the warrant and probable cause requirements for investigatory searches will strengthen public employee workplace privacy rights and restore such rights to an appropriate higher level of constitutional protection under the Fourth Amendment than similar common law privacy protections in the private-sector workplace.

All employees, whether public or private, should retain some reasonable expectation of privacy in their physical and electronic locations at work. Such privacy rights promote productivity, positively impact employee morale, and support the recruiting and retention of highly competent employees. The proper level of privacy protection, this article maintains, should be based on whether the search involves a public sector or private sector workplace. Public sector workers are entitled to greater levels of privacy protections than their private sector counterparts based on the text of the constitution, the immense power of the government as employer, and the critical oversight role public employees play in a representative democracy.

To ensure this higher level of workplace privacy protection for public employees, and to reverse the equalization of public and private workplace privacy rights post-Quon, this article argues that public employer searches of employee physical and electronic locations in the workplace should be bifurcated based on the nature of the search. If the search is undertaken for routine, noninvestigatory purposes, the special needs exception to the warrant requirement should apply and such searches should be considered reasonable without a warrant if related to legitimate work reasons and reasonable in scope. On the other hand, investigatory workplace searches to uncover employee misconduct or wrongdoing should be treated like other targeted government searches where a sanction or penalty is possible. Such searches should require the employer to obtain a warrant based on probable cause in front of a neutral magistrate unless the employer can prove that special needs exist to conduct the investigatory search without a warrant.

EU Privacy

The European Commission has released its proposals for a major reform of the EU data protection regime. The proposals take the form of a 54 page Directive on the protection of individuals with regard to the processing of personal data by competent authorities for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and the free movement of such data and a complementary 118 page Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), aimed at strengthening online privacy rights and enhancing the digital economy.

The proposed changes, which have been handed to the European Parliament and EU member states for discussion, centre on updating the 1995 Data Protection Directive. The new regime would address criticism, highlighted elsewhere in this blog, that the EU Directives have failed to keep pace with developments such as the emergence of large-scale social network services, and that administration of the 1995 Directive by the 27 member states has been idiosyncratic. The proposals aspire to consistency across the EU at the level of principle and practice.

What would the new regime cover? The proposals encompass changes regarding extraterritorial reach, data protection agencies, consent, a right to be forgotten and portability.

In relation to extraterritorial reach EU rules would address developments in offshoring. They would apply to any processing of personal data related to EU citizens and people resident in the EU, even where the data controller is located in a state outside of the EU. Binding Corporate Rules (hitherto used to legitimise data transfers among members of a specific corporate group) would be explicitly addressed, with the Commission encouraging their use as a mechanism for transfer of personal data and as a simplification of regulatory approval.

Data controllers and data processors would be regulated by the data protection regulator in the EU state where those entities have their “main establishment,” encouraging a simplified 'one-stop-shop' approach. The powers of national data protection authorities would be strengthened, with the expectation that would assist more effective enforcement of the EU rules. The agencies would be empowered to punish commercial entities that violate specific EU data protection rules with penalties of up to €1 million or up to 2% of the entity's global annual turnover.

Public sector entities and private sector companies with over 250 employees would be required to have a data protection officer to ensure data protection compliance. Companies would be required to adopt measures to document and demonstrate compliance with the new rules.

An entity would be required to notify its national data protection regulator of a personal data breach without undue delay (where feasible, not later than 24 hours of initial awareness). Requirements regarding routine reporting to regulators of data protection activities would be simplified.

The proposals aim to assist 'data portability, with Individuals having easier access to data about themselves and being able to more easily transfer personal data from one service provider to another. That measure seeks to encourage competition.

Importantly, the proposals include the controversial 'right to be forgotten' (discussed for example here). Data controllers would be required to delete an individual’s personal data if that person explicitly requests deletion or when there is no legitimate reason to retain the data.

As noted in discussion regarding the notion of consent, explicit consent to process data would be required, with a requirement for parental consent when processing personal information from children who are under 13 years old. Consent would not be assumed.

24 February 2012

Appsolutely disgraceful

The US Federal Trade Commissioner has released a 23 page report [PDF] on privacy in applications directed at children - Mobile Apps for Kids: Current Privacy Disclosures are Disappointing.

The report notes that -
When Apple’s iTunes App Store and Google’s Android Market first launched in 2008, smartphone users could choose from about 600 apps. Today, there are more than 500,000 apps in the Apple App store and 380,000 apps in the Android Market, which consumers can access from a variety of mobile devices, including smartphones and tablets. Consumers have downloaded these apps more than 28 billion times, and young children and teens are increasingly embracing smartphone technology for entertainment and educational purposes. As consumers increasingly rely on their mobile devices for multiple activities, the quantity and diversity of mobile apps continue to expand.

This rapidly growing market provides enormous opportunities and benefits for app users of all ages, but raises questions about users’ privacy, especially when the users are children and teens. Mobile apps can capture a broad range of user information from the device automatically – including the user’s precise geolocation, phone number, list of contacts, call logs, unique device identifiers, and other information stored on the mobile device – and can share this data with a large number of possible recipients. These capabilities can provide beneficial services to consumers – for example, access to maps and directions, and the ability to play interactive games with other users – but they also can be used by apps to collect detailed personal information in a manner parents cannot detect.
It goes on to explain that -
In order to better understand and evaluate the emerging app market and the products and services it offers to children, Federal Trade Commission staff designed and conducted a survey of the apps offered for children in the two largest U.S. app stores, the Android Market and the Apple App store. Staff focused in particular on the types of apps offered to children; the age range of the intended audience; the disclosures provided to users about the apps’ data collection and sharing practices; the availability of interactive features, such as connecting with social media; and the app store ratings and parental controls offered for these systems. This report highlights the lack of information available to parents prior to downloading mobile apps for their children, and calls on industry to provide greater transparency about their data practices.
The FTC notes that -
While staff encountered a diverse pool of apps for kids created by hundreds of different developers, staff found little, if any, information in the app marketplaces about the data collection and sharing practices of these apps. Staff found almost no relevant language regarding app data collection or sharing on the Apple app promotion pages, and minimal information (beyond the general “permission” statements required on the Android operating system) on just three of the Android promotion pages. In most instances, staff was unable to determine from the promotion pages whether the apps collected any data at all, let alone the type of data collected, the purpose of the collection, and who collected or obtained access to the data. ...

Most of the apps in the study appear to be intended for children’s use, and many may, in fact, be “directed to children” within the meaning of COPPA. This survey focused on the disclosures provided to users regarding their data practices; it did not test whether the selected apps actually collected, used, or disclosed personal information from children. Over the next six months, staff will conduct an additional review to determine whether there are COPPA violations and whether enforcement is appropriate. Staff also will evaluate whether the industry is moving forward to address the disclosure issues raised in this report.
The report offers several conclusions -
FTC staff believes that all members of the kids app ecosystem – the app stores, developers, and third parties providing services within the apps – should play an active role in providing key information to parents who download apps. The mobile app marketplace is growing at a tremendous speed, and many consumer protections, including privacy and privacy disclosures, have not kept pace with this development. Parents need easy access to basic information so they can make informed decisions about the apps they allow their children to use.
App developers should provide this information through simple and short disclosures or icons that are easy to find and understand on the small screen of a mobile device. Parents should be able to learn what information an app collects, how the information will be used, and with whom the information will be shared. App developers also should alert parents if the app connects with any social media, or allows targeted advertising to occur through the app. Third parties that collect user information through apps also should disclose their privacy practices, whether through a link on the app promotion page, the developers’ disclosures, or another easily accessible method.

The app stores also should do more to help parents and kids. The two major app stores provide the basic architecture for communicating information about the kids apps they offer, such as pricing and category information. However, the app stores should provide a more consistent way for developers to display information regarding their app’s data collection practices and interactive features. For example, app stores could provide a designated space for developers to disclose this information. The app stores also could provide standardized icons to signal features, such as a connection with social media services. Although the app store developer agreements require developers to disclose the information their apps collect, the app stores do not appear to enforce these requirements. This lack of enforcement provides little incentive to app developers to provide such disclosures and leaves parents without the information they need. As gatekeepers of the app marketplace, the app stores should do more. This recommendation applies not just to Apple and Google, but also to other companies that provide a marketplace for kids mobile apps.

Additional work is needed to identify the best means and place for conveying data practices in plain language and in easily accessible ways on the small screens of mobile devices. Staff encourages industry members, privacy groups, academics, and others to develop and test new ways to provide information to parents – for example, by standardizing language, creating icons, or using a layered approach.

23 February 2012

Maturity

'Maturity' by Jonathan Todres in 48 Houston Law Review (2012) 1105-1163 comments that -
Across numerous areas of the law — including family law, criminal law, labor law, health law, and other fields — when children are involved, maturity determinations are pivotal to outcomes. Upon reaching maturity, an individual has access to a range of rights not previously available and is expected to fulfill certain duties. Despite the central importance of maturity, the law’s approach to it has been to consider the concept in a piecemeal and issue-specific fashion. The result is a legal construct of maturity that is anything but consistent or coherent. For example, every state has a minimum age below which a child is considered not mature enough to consent to sex. However, if money is involved, more than forty states deem that child mature enough to have consented to sex for money and be charged with the crime of prostitution (even if the money is paid to a pimp and the child never sees it). This Article seeks to undertake a holistic assessment of the law’s approach to maturity.

Markers of maturity in the law frequently occur at different points in time. An examination of key indicators of maturity under the law reveals that the law is inconsistent, not only across issues but also within the same issues. Children are deemed mature enough to participate in the polity (e.g., vote) at a different age from when they are deemed mature enough to exercise independent economic power (e.g., work), control their own bodies (e.g., engage in consensual sex), or assume adult social responsibilities (e.g., drink alcohol in public places).

In short, the law provides little clear guidance on how maturity should be understood and treated. Recent research on brain development and the work of cognitive psychologists provide some answers. To date, however, a significant consideration has been largely overlooked: cultural conceptions of maturity. Thus, this Article seeks to incorporate cultural perspectives on maturity into the dialogue. More broadly, this Article aims to bring some clarity to the issue of maturity and examine whether cultural practices can inform the legal, policy, and moral questions in the law’s approach to maturity.
Todres argues that -
There are many lessons to be drawn from the experiences of cultural approaches to maturity. Societies rely heavily on coming-of-age ceremonies and rituals to mark a young personís transition to maturity. This public component of coming of age serves important signaling functions to both the adolescent and the community. In many cultures, maturity is achieved significantly earlier than under law, suggesting that with proper guidance and structure, adolescents can and do exercise rights responsibly and take on adult-like responsibilities. On this latter point, cultural approaches conflict with what recent brain research suggestsóthat is, that full development occurs only later. A possible explanation for the disconnect is that maturity is a cultural concept and thus, in certain communities, youth are groomed to take on rights and responsibilities associated with maturity even though their brains might still be developing. This brings to the forefront one theme in particular from cultural conceptions of maturity that might offer a potential starting point for developing a better approach to maturity under the law. In cultural practices related to maturity, the community is tasked with significant responsibilities to ensure that when a child reaches the right age or the threshold of his or her coming-of-age ceremony, the family and community have prepared and equipped that child with all that is needed to evidence maturity, realize his or her rights, and contribute in a meaningful way to his or her community.

Much of that preparation comes naturally through parenting, schooling, and other aspects of cultural life. However, this different approach raises the issue whether the law could foster better-prepared young adults through a graduated, supportive approach to maturity. Such an approach would be consistent with research on adolescence and scholarsí understanding that maturity occurs on a continuum. As identified in prior sections of this Article, the law adopts a variant on this approach, for example, with driverís license requirements and employment. GDL requirements, however, emerge more out of an effort to limit the driving rights of young persons. Employment law in nonagricultural settings might offer a better model, as it allows children to enter the workforce for limited periods, while preserving their educational opportunities and long-term prospects.

Other models need to be explored. Some scholars might suggest that a parallel exists with recently adopted laws that impose criminal liability on parents for the actions of children. Such an approach does not address the experience of minors with the law, but only imposes additional criminal sanctions on other members of the family. Rather than seeking to use the law only as a stick with youth (e.g., criminal liability at young ages, or for parents), better models need to be developed that offer youth and their families a carrot, incentivizing more responsible behaviors by children and creating opportunities for youth to engage in meaningful activities that develop their capacities.

"[L]essons in accountability benefit young offenders ..." The concern is that the law governing childrenís rights and responsibilities today focuses primarily on teaching accountability through criminal sanctions and restricting rights, while offering few, if any, positive incentives for responsible behaviors. Instead, youth might respond better in certain circumstances if the legal framework also provided an opportunity for them to earn expanded rights by achieving certain benchmarks or acting in a responsible manner with respect to particular issues. If an adolescent demonstrates she can exercise economic power responsibly, why not gradually introduce limited rights so she can further develop the ability to exert independent economic power in a responsible manner? Some years ago, the National Basketball Association started mandating a life-skills course for rookies because they realized that top rookies were signing multi-million dollar contracts and yet had received little guidance on even the most basic aspects of financial management and other essential life skills. They are not the only ones. If adults want youth to achieve maturity, adults need to ensure that they do what is needed to foster that successfully, and legal frameworks are part of that equation.

States could develop a graduated scale for participation in the polity. One could envision creating positive incentives for early voting rights in local elections (including perhaps a graduated approach that would eventually grant responsible youth the right to vote in all elections). Following the cultural coming-of-age preparation approach, the general voting age could remain eighteen, but a young person could vote earlier if he or she had demonstrated readiness, or maturity, to do so, perhaps by completing particular coursework and meeting other relevant criteria. In fact, a member of parliament in New Zealand proffered such an approach in 2007. The proposed bill sought to allow youth sixteen years of age or older to vote while introducing a mandatory civics education into the school curriculum. As the member of parliament who proposed the bill explained, 'Lowering the voting age and teaching them civics can help young New Zealanders get on track to being better informed, more engaged citizens'. Citing adverse reaction to her idea (from adults), she abandoned the bill about a month later.

Drawing on the approach used in cultural coming-of-age practices, law could be developed to positively foster an adolescentís capacity to exercise independent political, civil, economic, social, and cultural rights. Such efforts would restore equilibrium in the balance between rights and duties of adolescents and other children and in the positive and negative incentives and messages adults give to them. Moreover, as adolescence is a period marked by instability, providing more positive structures might help youth in finding more meaning in their lives during this challenging transitional phase of life. Ultimately, improvements in this area would have benefits for the broader community. Effectively incentivizing positive youth behavior could reduce the incidence of youth crime, drunk-driving accidents, and other negative outcomes that we currently seek to control largely, if not exclusively, through criminal sanction.
Todres concludes that -
Maturity determinations are central to the lives of children. The lawís current approach to maturity is inconsistent both within and across issues affecting children, ranging from political and economic participation, to criminal justice, to family rights and bodily integrity. Moreover, legal conceptions of maturity fit awkwardly, and sometimes conflict, with cultural norms related to maturity. Today, the piecemeal approach to maturity has created a framework for young people whereby they are deemed immature persons with respect to most rights while simultaneously often being held to account for wrongdoing often as adults. That should be reexamined.

"[T]he long term interests of adolescents converge with the interests of society." These convergent interests of adolescents and society suggest the need for a more holistic approach to maturity under the law. In developing a more cohesive construction of maturity, lawmakers should also look to cultural conceptions of maturity and include them in the discourse on maturity. Doing so might help foster the development of law that better prepares youth for adulthood, by allowing them to find meaningful ways to exercise their rights, assume responsibilities, and contribute to their communities. It might also help create a more sensible legal framework on maturity, one of the defining milestones in the life of every individual.

Robocalls

The US Federal Communications Commission, counterpart of ACMA, has promulgated new rules under the national Telephone Consumer Protection Act of 1991 to substantially restrict robocalling, ie automated telephone calls with pre-recorded messages ... used by commercial marketers, politicians, advocacy groups and charities. Robocalling has been a feature of debate about strengthening of Australia's Do Not Call (DNC) regime

The FCC's 48 page Report and Order [PDF] requires that prior to initiating a 'robo call' the telemarketer must obtain the consumer's express written consent. That requirement supersedes previous federal robocall regulation, where an "existing business relationship" (equivalent to the very broad prior relationship identified in the Australian regime) with the consumer was sufficient to create an exemption from the national restriction on robocalling.

The calls must offer the consumer an 'opt-out' mechanism that both enables the consumer to quickly end the call (ie not have to wait till the end of the spiel) and facilitates entry on the telemarketer's 'do not call' database.

As with Australia, the rules feature substantial exceptions. Political groups, emergency service bodies, charities, educational entities and other groups initiating "informational calls" (eg notification of an emergency) are still able to legally initiate robocalls to a consumer's landline without express permission. The shift from a landline to mobile phones is reflected in restriction on robocalling to mobiles.

The new US regime is being phased in over the coming year.

22 February 2012

Fantasyland

When I'm in need of amusement I turn to the deliciously zany US Socialist Worker, a tract that's as persuasive as Watchtower or other sectarian publications beloved by those whose hearts are pure and minds are wholly unsullied by doubt or respect for differing opinions.

One gem appears in a recent issue -
The Russian revolutionary Lenin is perhaps the most misunderstood, maligned and lied-about figure in history. If you learn about him at all, you’re likely to hear that Lenin was a violent conspirator and a fanatical dictator.
Apparently it seems that's wrong! (Believers in the benevolence of Mr Lenin perhaps also believe that there is a tooth fairy and that Santa - unless he's kidnapped by the aliens - will leave a lovely present under your pillow in a few months). The SW true believer explains that -
According to this version of history, Lenin was no better than the man who succeeded him in power in Russia – Joseph Stalin, the dictator of the ex-USSR who built his career on the bones of revolutionaries in Russia.

Yet at the end of his life in 1924, Lenin wrote a testament demanding Stalin’s removal from power. It was a desperate attempt to stop the growing state bureaucracy that Lenin saw springing up around him.

The truth is that Lenin dedicated his life to one thing and one thing only – the establishment of a society free from all forms of oppression. And to achieve this, he focused his attention on building an organization of revolutionaries – primarily of workers –capable of achieving that goal.
I do wonder whether the devot has actually read much Lenin or considered the numerous well-documented studies about his ruthlessness in ordering the deaths of those who disagreed with him or who simply committed the crime of belonging to the wrong class.

The article goes on ...
Lenin’s conception of revolutionary organization has been distorted beyond all recognition. In part, these distortions are the work of people who continued to look upon Russia as socialist after Stalin came to power. This required accepting the idea that a Leninist “vanguard” party demanded blind obedience.

“The special feature of the Communist Party,” wrote one Stalinist hack in the 1930s, “is its strictest discipline, i.e., the unconditional and exact observance by all members of the party of all directives coming from their party organizations.”

Compare this to what Lenin said about the Bolsheviks: “The Russian Social Democratic Labor Party is organized on democratic lines. This means that all the affairs of the party are conducted, either directly, or through representatives, by all the members of the party.”

Lenin wanted all issues of theory and tactics to be debated “as openly, widely and freely as possible.” “Freedom of discussion,” he said. “Unity in action.”
Dissidents across Russia are presumably rolling in their graves at that one. Freedom to discuss and then be "exterminated", as St Vladimir put it.

Lappies

Should we ban use of laptops, tablets, mobile phones and other devices in law lecture theatres and seminar rooms?

The 47 page 'Law Student Laptop Use During Class for Non-Class Purposes: Temptation v. Incentives' ( St. John's Legal Studies Research Paper No. 11-004) by Jeff Sovern considers law student use of laptops.

Sovern comments that -
This article reports on how law students use laptops, based on observations of 1072 laptop users (though there was considerable overlap among those users from one class to another) during 60 sessions of six law school courses. Some findings:
• More than half the upper-year students seen using laptops employed them for non-class purposes more than half the time, raising serious questions about how much they learned from class. By contrast, first-semester Civil Procedure students used laptops for non-class purposes far less: only 4% used laptops for non-class purposes more than half the time while 44% were never distracted by laptops.
• Students in exam courses were more likely to tune out when classmates asked and professors responded to questions and less likely to tune out when a rule was discussed or textual material read in class.
• For first-semester students, policy discussions generated the highest level of distraction while displaying a PowerPoint slide which was not later posted on the web elicited the lowest level.
• With some exceptions, what was happening in the class did not affect whether upper-year students tuned out or paid attention.
• The format used to convey information - lecture, calling on students, or class discussion - seemed to make little difference to the level of attention.
• Student attentiveness to the facts of cases is comparable to their overall attention levels.
The article speculates that student decisions on whether to pay attention are responses to the tension between incentives and temptation. While the temptation to tune out probably remains constant, ebbs and flows in incentives may cause students to resist or yield to that temptation. Because first-semester grades have more of an impact on job prospects, first-semester students have a greater incentive than upper-year students to attend to classes. Similarly, because students probably anticipate that rules are more likely to be tested on exams, students perceive that they have more of an incentive to pay attention when rules are discussed. Conversely, students may suspect that matters asked about by classmates are less likely to be tested on and so their grades are unlikely to be affected if they miss the question and answer, reducing the incentive to pay attention.

Because of methodological limits to the study, the article notes that its conclusions cannot be considered definitive, and so it urges others to conduct similar studies.

21 February 2012

CyberFloss

Yet another recitation of superficial conventional wisdom about 'cybersecurity', this time in 'Cyber-security: the vexed question of global rules: An independent report on cyber-preparedness around the world' [PDF] by Brigid Grauman at Security Defence Agenda [sic] under the auspices of McAfee.

The 104 page report claims to present "the risks and threats associated with the rising use of the internet to access personal and professional information". The author, a journalist whose work has appeared in the FT and other publications (eg articles on art fairs, tourism, film directors, and molecular gastronomy), indicates that it is
made up of a survey of some 250 leading authorities worldwide and of interviews carried out in late 2011 and early 2012 with over 80 cyber-security experts in government, companies, international organisations and academia. It offers a global snapshot of current thinking about the cyber-threat and the measures that should be taken to defend against it, and assesses the way ahead.

It is aimed at the influential layperson, and deliberately avoids specialised language. For the moment, the “bad guys” have the upper hand – whether they are attacking systems for industrial or political espionage reasons, or simply to steal money - because the lack of international agreements allows them to operate swiftly and mostly with impunity. Protecting data and systems against cyber-attack has so far been about dousing the flames, although recently the focus has been shifting towards more assertive self-protection.
No great revelations there and the "influential layperson" might be better off looking at OECD studies, Australian parliamentary committee cyber-security reports or some of the writing by figures such as Bruce Schneier, not least because Schneier emphasises both the ICT and 'wetware' aspects of security and moves beyond a simplistic awarding of gold stars.

The report's recommendations are anodyne -
1. Build trust between industry and government stakeholders by setting up bodies to share information and best practices, like the Common Assurance Maturity Model (CAMM) and the Cloud Security Alliance (CSA).
2. Increase public awareness of how individuals can protect their own internet data, and promote cyber-security education and training.
3. New problems and opportunities created by smart phones and cloud computing must be examined. Cloud computing needs an appropriate architecture to achieve optimum security levels.
4. Prioritise information protection, knowing that no one size fits all. The three key goals that need to be achieved are confidentiality, integration and availability in different doses according to the situation.
5. Consider establishing cyber-confidence building measures as an alternative to a global treaty, or at least as a stopgap measure, knowing that many countries view a treaty as unverifiable, unenforceable and impractical.
6. Improve communication between the various communities, from policy-makers to technological experts to business leaders both at national and international levels.
7. Enhance attribution capabilities by investing in new technologies, and establishing rules and standards.
8. Follow the Dutch model of a third party cyber-exchange for improved private-public partnership on internet security.
9. Despite the many practical hurdles in the way of transparency, both for private companies and for governments, find ways of establishing assurance – or trust – through the use of security mechanisms and processes.
10. Move the ball forward and encourage integration of cyber into existing processes and structures. Make sure cyber considerations and investment are present at every level.
One of my more acerbic ICT contacts added three further recommendations -
11. Take a cut lunch and a spare set of socks
12. Wear clean underwear
13. Be nice to your dad, mum and - of course - the PA who knows where the cybersecurity skeletons are buried
Some sense of the report is provided by the snapshot on Australia -
Until late 2011 Australia's Attorney General was in charge of cyber-security policy and of streamlining work between government departments and setting up information groups to discuss problems like critical infrastructure protection. However since December the responsibility is in the hands of Prime Minister Julia Gillard in a move to consolidate whole-of-government responsibilities, according to a spokesperson for her department.

Interviewed before the reshuffle Ed Dawson of Queensland University of Technology said cyber-security policy involved most big companies but that on the downsuide the private sector is loath to take responsibility and spend money. A Cyber White Paper, issued in late 2011, focused on how to bring together the various stakeholders.

"With electricity for instance", Dawson continued, "we'll have the distributor saying that cyber-security is the responsibility of the power generators. It's like they're waiting for an accident to happen." The government has proposed to partly fund projects in the area of critical infrastructure.

Australia's funding policy on the whole gets good marks. Queensland University of Technology is currently engaged in two large projects. The first, co-funded by India (to the tune of A$4.4 million) is researching denial-of-service attacks. "We're trying to see what sort of attacks are feasible and we're developing mechanisms like cryptography to guard against them", says Dawson. The other is a five year project on airport security worth A$5 million.

The Australian Department of Defence's Cyber-Security Operations Centre (CSOC) provides threat detection and mitigation for government departments and agencies, and the Department is recruiting an extra 130 cyber-security experts to work there.

The country is also promoting a voluntary code of conduct for ISPs to educate customers, offer better online protection, and quarantine infected users. "The problem with voluntary codes is their uneven application," says Tim Scully, CEO of stratsec and Head of Cyber-Security at BAE Systems Australia. The Australian Communications and Media Authority has a list of blacklisted sites, and requires Australian ISPs to filter them.

Communications Minister Stephen Conroy says that the blacklist targets only illegal sites, but some feel that the scope of the censored content is too broad. "Selling cyber security regulations is a brave thing for a government to do," says Scully, citing the public outcry at the government’s attempts to introduce internet censorship to protect children from porn. In a country where most people are hostile to the idea of carrying ID papers, privacy is high on the agenda.
No evaluation of whether consolidation of whole-of-government responsibilities was needed and is working. No critique of the Cyber White Paper. No indication that Dawson is representative of the 'cyber-security community' or offers a uniquely authoritative insight into Australian public/private sector practice. No reference to law, whether domestic or in relation to Australian adherence to global cyber-security agreements such as the Council of Europe Cybercrime Convention. No data on the incidence and severity of cyber-security problems in Australia. No indication of whether the government's proposal to "partly fund projects" is meaningful. No indication of whether there is any cyber-security research outside QUT.

All in all - in my opinion - a report on which the conscientious "informed layperson" need not waste her time. It's not much better than the piece of brightly-coloured and not-nutritious cyberfloss known as the Norton Cybercrime Report noted here last year.

Wikifriendz

In a conference paper last year I argued that Julian Assange is the bestest bestest friend of  'the forces of darkness', as Wikileaks would legitimate government efforts to tighten up access - authorised or otherwise - to public/private sector information.

Bill Keller in a NY Times piece today comments that
The Army private accused of divulging three-quarters of a million secret documents to WikiLeaks, Bradley Manning — who was at first kept in such inhumane custody that the State Department spokesman quit in protest — is scheduled to be arraigned Thursday on charges that could mean life in prison. You don’t have to excuse his alleged crime to think the original sin in the whole drama is that this tormented soul had access to so many secrets in the first place.

What we cannot know for sure is the fate of the many informants, dissidents, activists and bystanders quoted in the American cables. Assange published source names over the strong objections of the journalists who had access to the data (we expunged the names from our reports) and to the horror of human rights groups and some of his WikiLeaks colleagues. I’ve been told that a few exposed sources fled their countries with American help, a few others were detained by authorities, and none are known to have been killed. But would we even know? When I read stories like the Reuters account last week of the three men beheaded in Yemen for giving information to Americans, I worry anew about the many innocent witnesses named in the WikiLeaks cables.

The publication of so many confidences and indiscretions did not bring U.S. foreign policy to a halt. But it did, at least temporarily, complicate the lives of U.S. diplomats. American officials say that foreign counterparts are sometimes more squeamish about speaking candidly, and that it is harder to recruit and retain informants around the world.

As raw material for journalists, the cache of secrets has had a phenomenal afterlife. It’s been 10 months since The Times, The Guardian, Der Spiegel and the other partners in this project filed their last major extracts from the files. And still, literally every day, stories based on the trove appear somewhere in the world, either because local news organizations are catching up with morsels of scandal that did not attract major newsrooms, or because new events cast the cables in a more interesting light. Notably, State Department dispatches reporting on the dissolute lifestyles of Mideast autocrats provided a little extra kindling for the bonfires of the Arab Spring.

But the idea that this was the opening of a floodgate has proved exactly wrong. In the immediate aftermath of the breach, several news organizations (including this one) considered creating secure online drop-boxes for would-be leakers, imagining that new digital Deep Throats would arise. But it now seems clear that the WikiLeaks breach was one of a kind — and that even lesser leaks are harder than ever to come by.

Steven Aftergood, who monitors secrecy issues for the Federation of American Scientists, said that since WikiLeaks the government has elevated the “insider threat” as a priority, and tightened access to classified material. Nudged by an irate Congress, the intelligence agencies are at work on an electronic auditing program that would make illicit transfer of secrets much more difficult and make tracking the leaker much easier.

“A lot of attention has been focused on WikiLeaks and its colorful proprietors,” Aftergood told me. “But the real action, it turns out, is not at the publisher level; it’s at the source level. And there aren’t a lot of sources as prolific or as reckless as Bradley Manning allegedly was.”

For good reason. The Obama administration has been much more aggressive than its predecessors in pursuing and punishing leakers. The latest case, the arrest last month of John Kiriakou, a former C.I.A. terrorist-hunter accused of telling journalists the names of colleagues who participated in the waterboarding of Qaeda suspects, is symptomatic of the crackdown. It is this administration’s sixth criminal case against an official for confiding to the media, more than all previous presidents combined. The message is chilling for those entrusted with keeping legitimate secrets and for whistleblowers or officials who want the public to understand how our national security is or is not protected.

Here’s the paradox the documentaries have overlooked so far: The most palpable legacy of the WikiLeaks campaign for transparency is that the U.S. government is more secretive than ever.

Immunity

'The Legal Status of the Holy See' [PDF] by Cedric Ryngaert in 3(3) Goettingen Journal of International Law (2011) comments that -
The Holy See enjoys rights under international law that few, if any, non-State actors (excluding intergovernmental organizations) enjoy: it has joined various intergovernmental organizations, it is a party to a substantial number of bilateral and multilateral treaties, it sends and receives diplomatic representatives, is said to enjoy immunity from jurisdiction, and has been granted permanent observer status at the United Nations. However, unlike the Vatican City State, the Holy See is not to be characterized as a State, given that it has a global spiritual remit and that it can act internationally without a territorial base. Instead, it is a sui generis non-State international legal person which borrows its personality from its ‘spiritual sovereignty' as the center of the Catholic Church.
The article is of most interest for its discussion of immunity issues. Ryngaert comments that -
the diminishing autonomy of the Holy See vis-à-vis States is also exemplified by domestic courts’ reluctance to grant the Holy See immunity from jurisdiction.

Immunity cases do not only arise in Italy, where the Holy See has its seat. In various States, and in particular the United States, sex abuse scandals in the Church have recently given rise to legal proceedings against the Holy See on the basis of the latter’s vicarious liability for the Catholic clergy or its negligence in the face of the abuses.

The immunity of the Holy See in Italy is purportedly regulated by Article 11 of the Lateran Conciliation Treaty (1929), which provides that “[a]ll central bodies of the Catholic Church shall be exempt from any interference on the part of the Italian State (except as provided by Italian law with regard to acquisition of property made by recognized public bodies (corpi morali), and with regard to the conversion of real estate)”. Italian courts have traditionally given this provision a broad interpretation. In a 1987 case, for instance, the Italian Court of Cassation granted immunity from criminal jurisdiction to three high officials of the Vatican Bank accused of complicity in the fraudulent bankruptcy of the Banco Ambrosiano, on the basis of Article 11 of the Conciliation Treaty. Along similarly liberal lines, the Court of Cassation held in 1982 that the Vatican Radio enjoyed immunity from jurisdiction as it was a central body of the Catholic Church.

The liberal interpretation of Article 11 of the Conciliation Treaty was rejected in 2003, however. In the Tucci case, the Court of Cassation, drawing on Article 31 of the VCLT (which lays down the rules of treaty interpretation), held that the Holy See’s immunity from jurisdiction could not be inferred from the obligation of non-interference enshrined in the Lateran Treaty:
The obligation set out in Article 11 of the Lateran Treaty not to interfere with activities of the central bodies of the Catholic Church could not be considered in any way as equivalent to immunity from jurisdiction. Indeed, while the latter would have required the Italian State to waive its jurisdictional authority, no such limitation was implied when abiding by the obligation of non-interference. The obligation in question was not tantamount to a general waiver by Italy of its sovereignty and, in particular, to the exercise of jurisdiction. It only aimed at protecting the independent performance of the activities connected with the Magisterium of the Catholic Church.

The right to invoke immunity from jurisdiction must be stated expressly and could not be inferred from a provision dealing with non- interference. As the immunity imposed heavy limitations on state sovereignty, it had to be provided for by special rules not subject to an extensive interpretation. The fact that immunity from jurisdiction could not be inferred from the obligation of non-interference, was confirmed by Article 31(1) of the Vienna Convention on the Law of Treaties (23 May 1969) 1155 UNTS 331; 8 ILM 679 (1969); 63 AJIL 875 (1969), entered into force 27 January 1980, which considered the textual criterion to be the general rule of interpretation of treaty provisions.

While undertaking the obligation not to interfere, and recognizing the absolute sovereignty and independence of the Catholic Church, the Italian State had, at the same time, maintained its own sovereignty in the temporal order.
Importantly, the Court of Cassation considered the Lateran Treaty as a self-contained régime concerning the relationship between the Italy and the Holy See; only in passing did it note that the Holy See did not enjoy immunity from jurisdiction under customary international law.

As regards the particular facts of the Tucci case, in which private citizens and environmental organizations sought redress from three managers of the Vatican Radio for alleged damage sustained as a consequence of electro-magnetic radiation emanating from plants situated on the territory of the Holy See, the Court’s rejection of the Holy See’s immunity reinstated the full sovereignty of Italy over (environmental) crimes of which the effects were felt in Italian territory:
Italy could fully exercise its competence to punish criminal offences that, although committed on the territory of the Holy See, caused harmful effects within the national territory. The exercise of Italian jurisdiction was subject to the sole condition of a causal link between those harmful effects and the illicit act committed on the territory of the Holy See
It is of note that, in the Court’s view, human rights, constitutional protections, and the individual’s right to an (effective) remedy corroborated the restrictive interpretation of Article 11 of the Lateran Treaty, and the resulting rejection of immunity. It was precisely the Court’s failure to consider such protection in its 1980s case law that led to fierce criticism of the Court’s interpretation of Article 11 at the time.

Regardless of the restrictive interpretation of Article 11 of the Lateran Treaty and the Court’s unwillingness to equate the principle of non- interference with the notion of immunity, also after the Tucci case immunity continues to flow de facto from Article 11 to the extent that harmful acts emanate from a ‘central body’ of the Catholic Church, i.e., a body of the Roman Curia (which the Vatican Radio was not according to the Court). It would indeed be difficult to fathom how a jurisdictional assertion over the Roman Curia on the part of Italian courts could not amount to interference with the (spiritual) activities of the Holy See.

In States that have not entered into a bilateral agreement with the Holy See – indeed the great majority of States – any immunity that could accrue to the Holy See is to be derived from domestic law, international law, or a combination of both. In practice, while States have enacted legislation regulating the affairs of the Catholic Church, they have not enacted legislation addressing the legal status of the Holy See within their territory or before their courts. Nor may there be a clear principle that the Holy See, as a sui generis international legal person that differs from States, is entitled to immunity under general international law in ways similar to the immunity of States.

Still, U.S. courts have treated the Holy See as a sovereign for purposes of applying the U.S. Foreign Sovereign Immunities Act (FSIA), although, technically speaking, the act only applies to foreign States and their political subdivisions, agents, and instrumentalities. This may be explained by the fact that the U.S. and U.S. courts consider the Holy See and the Vatican City State as interchangeable, or the Holy See as representing the Vatican City State.

Plaintiffs suing the Holy See have made the most forceful argument against the characterization of the Holy See as a State for purposes of FSIA application in the case of O’Bryan v. Holy See (2009), which concerned the Holy See’s liability for sex abuses committed by U.S. Catholic clergy in Kentucky. They asked a Kentucky District Court, and on appeal the Court of Appeals for the 6th Circuit, to conceive of the Holy See as two separate entities: one being identifiable with the Vatican as a foreign sovereign recognized as such by the U.S. Government, and another being the ‘unincorporated head of an international religious organization’, namely the Roman Catholic Church, which “has no defined territory and no permanent population, and thus does not satisfy the definition of ‘foreign state’ under the Restatement’s [Third, of U.S. Foreign Relations Law 1987] standard”, and that is “wholly distinct and separate from its role and activities as a sovereign”.

The plaintiffs’ argument in O’Bryan was rejected by the courts, however. The District Court held that the plaintiffs “cite no authority for the proposition that the Holy See may be sued in a separate, non-sovereign function as an unincorporated association and as head of an international religious organization”. The Court of Appeals affirmed, citing other U.S. courts’ case law, and held that the status of the Holy See as a “parallel non-sovereign entity” was “conjured up by the plaintiffs”. This determination did not come as a surprise, as the U.S. Government had intervened as an amicus curiae in the case supporting the position of the Holy See regarding its status as a foreign sovereign for purposes of the FSIA. In our view, however, plaintiffs’ argument was convincing, since, as argued above, the Holy See should not always be considered as representing its territorial base, the Vatican State. When supervising priests, it acts in its capacity as a non-State religious organization rather than as a State.

In any event, since U.S. courts have considered the Holy See as a State for purposes of the FSIA, immunity disputes involving the Holy See have not revolved around the question of whether the FSIA is applicable in the first place, but around the question of whether exceptions to the FSIA were triggered in specific cases pending before the U.S. courts. For instance, in the case of Dale v. Colagiovanni, the latter being an agent of the Holy See who was sued for having participated in an international insurance fraud scheme, the Court ruled that the commercial activity exception did not apply, on the ground that the agent had only acted with ‘apparent’ and not the ‘actual’ authority of the Holy See. In the recent sexual abuse cases of O’Bryan and Doe v. Holy See, the question was whether the tortious and commercial activity exceptions to the FSIA applied. Various courts came to divergent conclusions on the application of these exceptions, and the exceptions to the exceptions, but the U.S. Supreme Court refused to grant certiorari on 28 June 2010. U.S. case law regarding the exceptions to the application of the FSIA is not further discussed here, as it has no particular relevance for the subject of our study (the legal status of the Holy See under international law).

In the author’s view, consistent State practice in favor of granting immunity to the Holy See may be lacking (it may be observed that U.S. courts have conferred immunity on the Holy See under the FSIA, a domestic law instrument, rather than under international law). Furthermore, in light of the increasing importance of individuals’ right to access to a court, immunities ought to be interpreted restrictively, all the more so if the beneficiary of the immunity is not a State but a non-State actor. It is recalled in this respect that international organizations, another category of non-State actors, do not enjoy immunity under general international law, but only on the basis of particular treaties. Even if treaties confer immunity on international organizations, domestic courts, at least in the ECHR area, will only uphold such immunity if it is compatible with the right to access to a court (Article 6(1) ECHR). Finally, as far as the immunity from jurisdiction of functionaries of the Holy See (possibly including every Catholic cleric) is concerned, the immunity ratione personae of the Pope and possibly the Cardinal Secretary of State, representatives of the Vatican City State, appears as self-evident, at least if one accepts the statehood of the Vatican. A more difficult question, however, is whether functionaries of the Catholic Church (or possibly every bishop or Cardinal) enjoy immunity ratione materiae for acts that were committed in sufficient proximity to the culprit’s office, i.e. ‘under color of authority’ or by use of official resources. All charges of abuse, or of covering up cases of abuse, would then be covered by immunity ratione materiae. Against this it may be argued that offences committed in the forum State may not attract immunity. But more importantly, if the view is taken that the Holy See (unlike the Vatican City State) does not enjoy immunity under general international law, then logically its functionaries cannot enjoy immunity either, as in international law, the immunity of officials is derived from the immunity of the entity which they serve.

20 February 2012

Driverless

The Victorian Privacy Commissioner, one of the most positive Australian privacy agencies, last month released its 39 page report [PDF] on the 2011 Portable Storage Devices Privacy Survey.

The Commissioner comments that "Portable Storage Devices continue to pose privacy risks for the public sector", with the survey revealing that "a disappointing number of organisations have showed no improvement as compared with the 2008 results".

The 2011 survey sought to gauge the degree to which the Victorian public sector entities surveyed in 2008 had improved their management of portable storage devices (PSDs) such as USB drives and to explore the management of new devices such as tablets. The Commissioner notes that -
Seven organisations, including three local councils, still had no documented policies and procedures to control the use of PSDs, despite the fact that I recommended in the first survey report that, at a minimum, organisations require them.

The fact that 12 organisations still do not restrict the use of PSDs in the face of risks such as those posed by portable external hard drives is unacceptable and that 16 organisations failed to provide any encryption at all on PSDs raises serious doubts as to whether these organisations are taking reasonable steps to secure personal information in compliance with IPP 4 (Data Security). The reality is that these devices now have the capacity to store an organisation’s entire data holdings.

It is difficult to see how organisations that have obligations to manage personal information properly can ignore this significant data security risk. They do so at their peril.
The report covers 31 of the 55 entities surveyed in 2008. The Commissioner notes that
Smartphones, tablets and portable external hard drives represent significant technological advances since 2008. While these technologies can provide great benefits to the workplace they also create additional privacy risks. Portable Storage Device policies should be substantially expanded to cater for the full range of issues raised by the use of these technologies.
The report features several recommendations, most of which are directly applicable to public/private sector bodies across Australia -
1. Storage Device Developments

1(a) Organisations should ensure that the use of portable external hard drives is strictly controlled. They pose a major risk to data stores.

1(b) All active ports in a computer fleet should be controlled: not just USB ports.

1(c) Organisations should purchase hardware-encrypted USB keys. They are widely available, reasonably priced and more effective than those which come with encryption software.

2. Smartphones and Tablets

2(a) Organisations should ensure that information and document integrity is not compromised by the use of tablets.

2(b) If cloud services are to be utilised for tablets and smartphones, ensure that personal information is protected as per the Information Privacy Act.

2(c) Portable Storage Device policies should be substantially expanded to cater for the full range of issues raised by the use of tablets and smartphones.

2(d) Organisations should ensure that systems administrators are given full authority to uphold policies and controls regardless of the source of network access requests.

3. Endpoint Security Products

3(a) Endpoint security solutions should incorporate the following features:
• the ability to whitelist or blacklist PSDs;
• to provide detailed logs of PSD access;
• the ability to control the type of access permitted to specific users or PSDs;
• and to enforce encryption on device connection.
3(b) Endpoint security solutions should handle all types of PSD.

3(c) When considering an endpoint security solution, organisations should ensure that data loss protection features are included. If not, they should augment with a specific data loss protection product.

4. ‘Thin Client’ Solution

4(a) The following features should be examined where ‘thin client’ solutions are being considered:
• access to the clipboard should be disabled;
• local drive mapping should be disabled;
• local port mapping should be disabled; and
• there should be restrictions on locally attached printing.
4(b) Endpoint security should be considered in parallel with ‘thin client’ solutions to provide full protection

5. Cloud Based Storage

5(a) Where organisations are proposing to use cloud based services, PSDs such as tablets should be included in Privacy Impact Assessments and other forms of risk assessment.

6. CenITex

6(a) CenITex and its clients should work together to implement PSD controls as a matter of priority.

6(b)CenITex should work with its clients to proactively raise standards at the earliest opportunity.

19 February 2012

Experimentation?

Michael Brooks modestly characterises cosmetic surgery as "nothing more than an industrial-scale scientific experiment, carried out on vulnerable women". I'm unconvinced by the claim, not least because some cosmetic surgery involves men rather than women - vulnerable or otherwise - and because some cannot be dismissed as attributable to vanity.

His 'Why breast implants don't work' in the New Statesman - increasingly a home for the cranky - argues that -
Viewing cosmetic surgery as an experiment means we should also submit it to ethical consideration. The Nuremberg Code governing experimentation on human subjects states that the individual "should have sufficient knowledge and comprehension of the elements of the subject matter involved"; that the experiment "should be such as to yield fruitful results for the good of society, unprocurable by other methods"; and: "Proper preparations should be made and adequate facilities provided to protect the experimental subject against even remote possibilities of injury, disability, or death." The great breast augmentation experiment does not meet these standards.

Cosmetic breast implantation is a flawed and ethically corrupt psychological experiment, carried out for commercial profit on vulnerable women. And it should now be halted.
Much contemporary medicine is susceptible to Brooks' problematical characterisation as "an experiment". So of course is the mumbo-jumbo known as 'alternative' or 'complementary' medicine ... 'magic touch', homeopathy and so forth. It's possible to be critical of the TGA's incapacity regarding breast implants without waving around the 'Nuremberg Code' or damning medical practice as an 'industrial-scale experiment'.

Ventilation

The Medical Ethics Committee of the British Medical Association (BMA) has released an 80 page report [PDF] titled Building on Progress: what next for organ donation policy in the UK.

The report coincides with NSW government consideration of public responses to the NSW Health Department's discussion paper on organ donation in NSW [including a detailed response by myself and colleague Dr Bonython]. The UK report proposes several controversial measures, arguably so controversial that they will not be adopted in the UK and Australia.

They include -
• a shame campaign to draw attention to the "moral disparity" of people who decline to donate, but are happy to accept an organ
• elective ventilation (ie keeping "brain dead" patients alive solely so they can become organ donors, a practice restricted after Health Dept advice in 1994)
• "retrieving" hearts from newborn disabled babies (there are currently no standard UK tests for diagnosing brain stem death in neonates, so that neonatal hearts are not donated in the UK, with neonatal hearts instead being imported)
• using body parts from high-risk donors including the elderly, people with cancer, drug users and people with high-risk sexual behaviour.
• making donation after cardiac death "a normal source" for organs
• a presumed consent system for organ donation
• payment of funeral expenses for donors
In discussing elective ventilation the report comments that -
Once a patient has been diagnosed as dead using brain stem tests, artificial ventilation is usually continued for a period of time to allow the family time to say goodbye or, if organ donation has been authorised, for arrangements to be made for the organs to be retrieved. Elective ventilation is different in that it involves starting ventilation, once it is recognised that the patient is close to death, with the specific intention of facilitating organ donation. This system was introduced, with strict controls, in Exeter in 1988 and led to a 50% increase in the number of organs suitable for transplantation. It was stopped abruptly in 1994, however, when the Department of Health advised that the practice was unlawful.

The law requires that, when patients lack the capacity to consent, procedures or interventions must be in their best interests. The use of elective ventilation is not intended to be for the clinical benefit of the individual but to facilitate donation. The Mental Capacity Act 2005, however, takes a broad approach to ‘best interests’ (and a similar broad approach to ‘benefit’ is likely under the Adults with Incapacity (Scotland) Act 2000) and there has recently been a formal recognition that taking some steps before death to facilitate donation could be in an individual’s best interests (see section 4). The BMA has long argued that where an individual had expressed a wish to donate organs after death, some steps to facilitate that wish may be seen as in that person’s best interests or benefit (or at least not contrary to his or her interests). Individuals who are sufficiently informed may also wish to give specific, advance consent, to permit elective ventilation to take place. The UK Donation Ethics Committee has called for further debate on this issue, to more clearly define the appropriate balance between benefits and harms and the types of interventions that could reasonably be undertaken. The BMA would also welcome further clarification on this issue. From an ethical perspective one of the major concerns with elective ventilation is the level of the risk to which the incapacitated adult may be exposed. Fears have been expressed that, in theory at least, elective ventilation could induce a persistent vegetative state (pvs). Although the chance of harm occurring is considered to be very low, inducing pvs would be a very significant harm and, if elective ventilation were to be permitted, very careful safeguards would be needed to minimise this risk. This might include, for example, restricting elective ventilation to those patients dying of spontaneous intracranial haemorrhage (since these patients rarely, if ever, develop pvs) and stating that artificial ventilation must not be started until natural respiratory arrest has occurred. There are also practical difficulties associated with the lack of ICU beds and competing demands for limited resources. In the BMA’s view, priority would always need to be given to the use of intensive care facilities for those who have a chance of recovery rather than for those who are being ventilated to facilitate donation.

Elective ventilation is not an easy option but it has been shown to increase donation rates, and to facilitate the wishes of a group of patients who want to donate and would otherwise be unable to do so. The BMA is not calling for the law to be changed to permit elective ventilation but believes this may be an issue that would benefit from debate both to assess the clinical, legal and ethical issues raised and to assess public opinion about its use.