Current Issues

June 2017

Sales Tax & Cookies

[Massachusets] is adopting a hyperliteral definition of physical presence — one that relies on any downloaded apps as well as "cookies," the little bits of data that websites store on users' computers or phones to track their visits. Massachusetts is now considering them a physical in-state operation for a company.

In the fight to collect sales tax from online retailers (not Amazon, though - the eCommerce giant started collecting sales tax nationwide this past April), the state of Massachusets is adopting a controversial and seemingly indefensible position on what cookies are.

It seems that this approach would mean that online retailers have a physical presence in every state.

July 2016

Emails in Ireland

I have argued that control over data is more important than where data resides. If a company does not have the technical capability to comply with an order, it is easier for them to defend their case, and so protects both the company’s customers and staff.

Microsoft won an important federal appeals court case in which the federal government subpoenaed emails and other records related to a narcotics investigation. But the records for the MSN email address in question were stored in a datacenter in Ireland.

Cue the 4th Amendment controversy.

If the subpoenaed records had been printed on paper and stored in Ireland, it's likely that this case wouldn't exist, demonstrating the many contrasting ideas we have about data ownership and data as property.

May 2016

Jurors & Algorithms

Consider the following question, which is central to an ongoing copyright case between two tech giants - Oracle and Google.

Do “declarations of the API [application programming interface] elements in the Android class library source code and object code that implements the 37 [Java] API packages” violate a copyright held by Oracle?

As journalist and developer Keith Collins aptly points out, this question can be extremely difficult to understand in any meaningful way, even for the tech-saavy.

Thankfully, Judge William Aslup learned Java to better understand the APIs at the heart of the dispute.

These legal battles are only going to become more complex, reminding us of the increasing need to reconigze technology and programming as a core competency (but of course, not the only competency).

February 2015

Don't Arrest Me

I think this is completely absurd that I have to write an entire article justifying the release of this data out of fear of prosecution or legal harassment. I had wanted to write an article about the data itself but I will have to do that later because I had to write this lame thing trying to convince the FBI not to raid me.

After going through great pains to remove identifying information, the security researcher Mark Burnett released a trove of 10 million usernames and passwords that he collected over the years.

Burnett's ambivalence (and what can even be described as fear) reflects the stark disconnect between technologists and lawyers/law enforcement when it comes to "good and bad" data.

And it doesn't help that what's legally defined as personally identifiable information (PII) is different in every state.