Post on 04-Jan-2016
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS
Regulatory Law
Michael I. Shamos, Ph.D., J.D.Institute for Software Research
School of Computer ScienceCarnegie Mellon University
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS
Regulation
• Most law is not made by legislatures, but by adminstrative agencies (ministries)
• Reason:– Governing involves many details. Legislatures spend their
time on high-level policies, leaving the details to career professionals
– Administration requires special expertise. Example: the Federal Aviation Administration (FAA) knows much more about flying than Congress does
• Solution: Allow administrative agencies to makes laws (which are called regulations)!
• But: the regulations must not violate statutes
Regulation• Administrative agencies of the government have “rulemaking”
(regulatory) power• Examples:
– Securities and Exchange Commission regulates securities offerings and markets
– Dept. of Agriculture inspects meat– Federal Communications Commission (FCC) regulates the radio
frequency spectrum– Comptroller of the Currency regulates certain banks– Patent & Trademark Office issues patents
• Where do these powers fit into the legislative scheme?• Rules properly made have the force of law (unless they are
inconsistent with statute)
Overlapping Powers(Example: Financial Regulation)
SOURCE: FINANCIAL TIMES
Some Technology Agencies
• Federal Communications Commission• Environmental Protection Agency• Department of Transportation• Department of Agriculture• Federal Aviation Administration• U.S. Election Assistance Commission• U.S. International Trade Commission• U.S. Patent and Trademark Office• Federal Trade Commission
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS
Agency Actions
• Issue rules or regulations (which mean the same thing), having the effect as statutes
• Licenses, which include permits, certificates, other types of permission
• Advisory opinions, authoritative interpretations of statutes and regulation but not binding on courts
• Orders, final disposition of any agency action, other than rulemaking
• Decisions, which resolve disputes over interpretation of statutes or regulations
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS
Federal Rulemaking• In general, government agencies may prescribe rules
and regulations “not inconsistent with law” in furtherance of their mission
• Example: setting time limits, fees, fines, procedures• The process is complex
– Agency must publish the proposed rule in the Federal Register– The public has 60 days to send comments– The agency MUST consider the comments– Agency submits a “final rule” to Congress and published is in
the Federal Register– The rule becomes a “regulation having the effect of law” without
further approval
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS
Notice of Proposed Rulemaking
Code of Federal Regulations• Final rules are published in the Code of Federal
Regulations (CFR). View Electronic CFR• Courts treat the CFR as law
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS
Software Lending Notice Regulation37 C.F.R. §201.24
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS
Limits of Rulemaking• Each agency is created by Congress and is given
certain powers• Later statutes may expand or reduce those powers• Agencies may not exceed their powers• If they do, a Court can vacate (remove) an illegal rule
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS
Example: Privacy and the FTC• The Federal Trade Commission was created by the
Federal Trade Commission Act in 1914• It gives the FTC power to stop unfair or deceptive
trade practices at 15 U.S.C. §45:
FTC Rulemaking• The FTC is given rulemaking power at 15 U.S.C.
§57a:
NOV. 29, 2011
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS
Appeals From Agency Decisions
• Agencies are bound by their own rules• Must appeal within agency before going to court• Administrative Procedure Act, 5 U.S.C. §500ff:• Court shall “hold unlawful and set aside” actions that are:
arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law;
contrary to constitutional right, power, privilege, or immunity;
in excess of statutory jurisdiction or authority; without observance of procedure required by law; unsupported by substantial evidence; or unwarranted by the facts
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS
Major Ideas
• Most law is regulatory, not statutory• Reason: expertise, level of detail• Agencies receive power from legislatures• Courts ensure that agencies do not exceed their
authority
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS
QA&
Children’s Online Privacy Protection Act
• SEC. 1302. DEFINITIONS. • In this title:• (1) CHILD.—The term "child" means an individual under the age of
13.• (2) OPERATOR.—The term "operator"— • (A) means any person who operates a website located on the
Internet or an online service and who collects or maintains personal information from or about the users of or visitors to such website or online service, or on whose behalf such information is collected or maintained, where such website or online service is operated for commercial purposes, including any person offering products or services for sale through that website or online service
• (3) COMMISSION.—The term "Commission" means the Federal Trade Commission.
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS
Children’s Online Privacy Protection Act
• SEC. 1303. REGULATION OF UNFAIR AND DECEPTIVE ACTS AND PRACTICES (a) ACTS PROHIBITED.—
• (1) IN GENERAL.—It is unlawful for an operator of a website or online service directed to children, or any operator that has actual knowledge that it is collecting personal information from a child, to collect personal information from a child in a manner that violates the regulations prescribed under subsection (b).
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS
Children’s Online Privacy Protection Act
• (b) REGULATIONS.—
• (1) IN GENERAL.—Not later than 1 year after the date of the enactment of this Act, the Commission shall promulgate under section 553 of title 5, United States Code, regulations that—
• (A) require the operator of any website or online service directed to children that collects personal information from children or the operator of a website or online service that has actual knowledge that it is collecting personal information from a child—
• (i) to provide notice on the website of what information is collected from children by the operator, how the operator uses such information, and the operator's disclosure practices for such information; and
• (ii) to obtain verifiable parental consent for the collection, use, or disclosure of personal information from children;
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS