Apple Tells the Government to “Think Different” on Encryption

By Matt Weber*

Introduction

On December 2, 2015, a San Bernardino County Department of Health employee and his wife perpetrated the deadliest mass shooting since Newtown, killing 14 of his co-workers and injuring 21.[1]  Following the shooting, police investigated and pursued the suspects, eventually engaging in a firefight, killing both shooters.[2]  In the days and weeks following the shooting, law enforcement investigated the shooting, both to find the motive behind the shooting and to find any possible coconspirators.

On December 3, 2015, U.S. Magistrate Judge David Bristow issued a search warrant, giving law enforcement the power to search the shooters’ home and car. In the ensuing search, law enforcement officers found, among other things, an Apple iPhone 5c, which they later found to have been issued to one of the shooters by his San Bernardino County employer.[3]  Like they had done many times before, the FBI approached Apple with the iPhone it found in the suspect’s car, requesting that Apple extract the data from the seized iPhone—except this time, Apple could not comply with the request.[4]  Apple was unable to comply with the FBI’s request due to changes it had made to the iPhone Operating System (iOS) a year before, positioning Apple and the Federal Government for a clash that both had been preparing for since 2014.[5]

Background

Following Edward Snowden’s release of National Security Agency (NSA) files related to the U.S. Government’s mass surveillance of American citizens, American tech companies increased security on consumer devices.[6]  In September 2014, Apple unveiled iOS 8 (an upgrade to the iPhone and iPad operating system), which for the first time offered default encryption to its users.[7] Apple’s encryption allows a user to set a passcode that, once set, is entangled with the iPhone’s Unique ID (UID),”[8]  which together, form the phone’s encryption key.[9] Because the encryption key is based on both the user’s passcode and the iPhone’s UID, it is unknown to Apple, and virtually impossible to crack.[10]  Understanding the relative impossibility of cracking encryption on consumer devices, the U.S. Government began to attempt to convince tech companies to provide law enforcement with assistance in unlocking encrypted phones (subject to a court order), something that most tech companies have thus far been unwilling to do.[11]  Because Apple’s method of encryption includes the user selected passcode in the key, Apple cannot decrypt a suspect’s phone.[12]

The iPhone

On February 16, 2016, the United States Attorney requested an order (that was later granted[13]) compelling Apple to assist in the unlocking of the San Bernardino shooter’s phone.[14]  Instead of obtaining an order for Apple to break its encryption (an order the FBI understands that Apple would be technically incapable of complying with), the FBI requested an order requiring Apple to assist in the unlocking of the phone.[15]  The court order compels Apple to write software that bypasses two of the iPhone’s security features, (1) a delay introduced when an incorrect passcode is entered,[16] and (2) a self-destruct feature by which an iPhone destroys its data after 10 incorrect passcode attempts.[17]

This order—if complied with—would allow the FBI to connect the shooter’s updated[18] iPhone to a computer, which has a program capable of guessing all the possible passcode combinations[19], without the delay or possibility of wiping.[20]  Apple has decided to fight the order, though it should be noted that Apple has assisted the FBI’s investigation, providing the Bureau with all the data the shooter backed-up to the iCloud[21] prior to turning off the iPhone’s auto-backup to the cloud.[22]

The order compelling Apple to write the above referenced software is based primarily on the 1789 All Writs Act (“the Act”), which allows courts to “issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”[23]  In this case, the government requests that the court compel Apple to assist in the satisfying of a lawful search warrant, by which the court gave the government the power to search the suspect’s iPhone 5c.[24]  This order—which Apple CEO Tim Cook has argued to be unprecedented in a statement released on the company’s website[25]—set the government and Apple on a collision course, in a battle that both the tech industry and law enforcement community had been expecting since tech companies began offering relatively unbreakable encryption on consumer devices.[26]

Issue: Using the All Writs Act

Historically, the Act has been used by courts to effectuate their lawful orders when there has been no statutory framework to follow.[27] The government’s motion cites cases in which the Act was used by courts to compel parties to assist in the effecting of court orders—suggesting that Apple be similarly required to assist technically in the search of the phone, pursuant to the court’s order.[28] Unlike the cases cited by the government, Apple in this case is being required to create a new operating system, pursuant to the government’s unique specifications.[29] The government argues that because Apple’s devices cannot be updated without a unique “digital signature,”[30] it has ensured that it cannot be seen as “far removed”[31] from the matter. The government notes in the memorandum of points and authorities to its motion to compel, that Apple’s assistance is necessary based on its unique ability to “cryptographically sign code,”[32] leading the government to request that Apple write the specific code, and upload it onto the iPhone in question.

Analysis

Government Arguments

In its application for an order compelling Apple’s assistance in unlocking the seized iPhone, the Government argued that the Act gave the court the power to mandate Apple’s assistance[33]  The Government argued that the Act can require “a third party to provide nonburdensome technical assistance,” citing the Supreme Court in United States v. New York Telephone Co.[34]  The Court in that case created a three factor test for determining whether it could compel action by a third party using the Act, (1) whether a party is far removed from the controversy, (2) whether requiring action would impose an undue burden on the part, and (3) whether the assistance from the party was necessary for the successful fulfilling of the underlying court order (in this case a search warrant for the iPhone).[35]

The government argued that it met the three step test imposed by the Court in New York Telephone Co., first arguing that Apple was not far removed from the unlocking of the iPhone.[36]  The government argued that because Apple “designed, manufactured and sold the [iPhone] and wrote and owns the [operating system],” it cannot be seen as far removed from the controversy.[37]  The government further argues that Apple cannot be far removed because it is the only party able to update the software[38]  in a way that would comply with the court’s order.[39] The government’s argument is supported by the Supreme Court’s decision in New York Telephone Co., which held that a non-governmental third party can be compelled to act when its “facilities were being employed to facilitate a criminal enterprise.”[40]

The government next argues that the order is not unduly burdensome for Apple. The government points to Apple’s regular business of writing software code to suggest that it cannot now claim that writing a specific code would impose an undue burden.[41]

Lastly, the Government argues that it meets the necessity requirement because Apple has created a situation whereby it is the only entity that can write software to update its iOS.[42]  Because iPhones require Apple’s crypto-signature, Apple’s assistance is required to effectuate the search warrant. The government notes that it is not requesting that Apple provide the unencrypted contents of the phone, but instead that it simply assist in the Government’s testing of passcodes to unlock the phone.[43]

Apple Arguments

Apple responded to the Government’s motion to compel by arguing that it should not be required to further comply with the governments request.[44]  Because it (1) relies on a misapplication of the Act, (2) violates the First Amendment by compelling speech by Apple, and (3) violates the Fifth Amendment’s due process clause.[45]

Apple’s argument is generally centered on the Government’s improper application of the Act. When deciding whether to apply the Act, the Supreme Court held that when a statute addresses an underlying issue specifically, that statute, and not the Act is “controlling.”[46]  Apple first argues that the Act cannot require the action requested by the Government, suggesting that the Act allows for courts to “fill in gaps in the law” to exercise the power they already have, but not the “free-wheeling” ability to change existing law.[47] Apple argues that the court lacks the authority to compel it to comply with the order because Congress contemplated (when passing the Communications Assistance for Law Enforcement Act) bestowing upon courts the power to require such a compulsion, but ultimately chose to exempt manufacturers of telecommunications equipment[48] from implementing “any specific design of equipment . . . features, or system configurations.”[49]

Facing new challenges to law enforcement’s ability to fight crime, Congress, in 1994, passed the Communications Assistance for Law Enforcement Act (“CALEA”).[50]  CALEA grants law enforcement investigative powers, but also limits what can be required from manufacturers and service providers.[51] When passing CALEA, Congress had the chance address whether it would require companies to assist law enforcement in the in the manner being requested by the FBI—but ultimately chose not to make any such requirement. In fact, CALEA provides that telecommunications carriers (which Apple points out that it is not) are not required to decrypt or “ensur[e] the government’s ability to decrypt” unless the communication was encrypted by the carrier (and even then the carrier must “possesses the information necessary to decrypt”—which Apple does not).[52]  Congress’ inclusion of some language related to encryption but omission of requirements to compel assistance in decryption implies that it considered such a compulsion but ultimately rejected it.

Apple argues that CALEA specifically addresses whether to require manufacturers and service providers to aid decryption.[53]  Because CALEA speaks on the specific matter, the Act should not be the statute to rule, but instead should be trumped by CALEA’s provisions. The Supreme Court held in Pennsylvania Bureau of Corrections v. U.S. Marshall Service that the Act does not allow courts to issue writs when compliance with existing statutes would be simply “inconvenient or less appropriate,”[54] as CALEA would be in this situation.

Apple next addresses the Government’s use of United States v. New York Telephone Co., ultimately drawing distinctions between the government’s requests here and those of the Telephone Company in New York Telephone Co.[55]  Apple argues that the government does not show that it satisfies the three-part test provided by the Court in New York Telephone.

First, Apple is too far removed from the underlying case. Unlike the the telephone company, which owned the lines being allegedly used to “facilitate a criminal enterprise on a continuing basis,”[56] Apple contends that it is a private company that does not own the phones or have any connection to the data on the phone. Second, the government’s request would impose an “unprecedented and oppressive burden” on Apple. While the telephone company was required assist the government in their installing of pen registers[57]–a device that telephone companies used frequently in conducting their normal business[58]–  in the instant case, the government is asking Apple to create an entirely new operating system in an effort to assist the government’s attempts to unlock the phone. Apple asserts that such an undertaking violated the Act’s prohibition against adversely affecting the third party or imposing an under burden. Third, Apple contends that its assistance is only necessary because of the actions of the FBI earlier in its investigation.[59] While the court suggested in New York Telephone that there was “no conceivable way” for the FBI to successfully carry out its court-ordered investigation, Apple argues that here, the FBI did not face such a situation, but instead, through its own actions created a need to turn to the Act.

Conclusion

It seems that both Apple and the government foresaw this potential clash coming since Apple (and other tech companies) began encrypting devices sold to consumers. Many in the media have questioned if this was the right test case for either side.[60]  For the government, it seems to be a good test case because the crime is question is terrorism related, and the underlying crime was well reported and remains in the minds of the American public.[61]  Unfortunately, for the government, there is no time issue—while the phone might help in the investigation of a crime, there does not seem to be a pressing need for the phone to be unlocked immediately.[62] For Apple, the case does not seem to the best test case for whether it should be required to assist in the unlocking of one of its devices because the suspect is widely assumed to be guilty of the heinous murder of 14 co-workers.[63] It has also been noted that this particular iPhone model is not one which Apple should be fighting over as it is not the most up-to-date phone or software, and the government-requested solution would not work on future iPhone models.[64]

At least in public opinion, Apple may benefit from standing by its customers, claiming that writing the software requested by the government would unnecessarily put all iOS users at risk,[65] Tim Cook noted in his open letter to customers that “They have asked us to build a backdoor to the iPhone.”[66]

On March 21, 2016 (the day before the hearing on the order), the Government submitted an ex parte application for a continuance, requesting that the court continue the hearing to April 5, 2016.[67] The Government requested the continuance because, since initially requesting the hearing, a third party approached the FBI suggesting that the party had a different method to unlock the phone.[68]  This new method, if successful, would not only make Apple’s assistance unnecessary, but destroy the Government’s argument under the Act. The Government requested additional time to test the new method before deciding whether it has eliminated the need for Apple’s assistance.

While this might appear to be an opportunity for both sides to take a step back and devise a procedure moving forward, it is likely only pushing this issue down the road. Apple’s newest phones are not as easy to break into (at least not using this type of method),[69]which might lead the government to move towards mandating backdoors. While it is unclear where either party goes moving forward, it is clear that this fight is far from over, it is all but certain that the Government will come back with another request for Apple to build, as Tim Cook described it, “something . . . too dangerous to create.”[70]

 


*Matt Weber. University of Illinois College of Law, J.D. candidate, Class of 2017. Many thanks to my parents, my sister Ashley and her husband Leigh. Thanks to JLTP Editors Iman Naim and Winston Zishu for their help and guidance. Gracias también a los Xeneizes and Albiceleste.

[1] Erik Ortiz, San Bernardino Shooting: Timeline of How the Rampage Unfolded, NBCNews (Dec. 3, 2015, 11:28 PM), http://www.nbcnews.com/storyline/san-bernardino-shooting/san-bernardino-shooting-timeline-how-rampage-unfolded-n473501.

[2] Id.

[3] Elliot Hannon, Judge Orders Apple to Help FBI Hack San Bernardino Shooter’s Phone, Slate (FEB. 16, 2016, 8:43 PM), http://www.slate.com/blogs/the_slatest/2016/02/16/judge_orders_apple_to_help_fbi_unlock_san_bernardino_shooter_s_phone.html; Fred Kaplan, How Apple’s Stand Against the FBI Could Backfire, Slate (Feb. 19, 2016, 6:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/how_apple_ceo_tim_cook_s_stand_against_the_fbi_could_backfire.html.

[4] Will Oremus, Apple vs. The FBI, Slate (Feb. 17, 2016, 7:44 PM), http://www.slate.com/articles/technology/future_tense/2016/02/apple_s_stand_against_the_fbi_is_courageous_it_s_also_good_for_apple.html; Ben Thompson, Apple Versus the FBI, Understanding iPhone Encryption, the Risks for Apple and Encryption, stratechery (Feb. 17, 2016), https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption.

[5] Apple Statement; Marcy Wheeler, Why This iPhone?, Slate (Feb. 19, 2016, 1:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/the_apple_fbi_encryption_battle_is_over_an_iphone_unlikely_to_yield_critical.html.

[6] Danny Yadron, Spencer Ackerman and Sam Thielman, Inside the FBI’s Encryption Battle with Apple, The Guardian (Feb. 18, 2016), http://www.theguardian.com/technology/2016/feb/17/inside-the-fbis-encryption-battle-with-apple.

[7] Cyrus Farivar, Apple Expands Data Encryption Under iOS 8, Making Handover to Cops Moot, arstechnica (Sep. 17, 2014, 9:57 PM), http://arstechnica.com/apple/2014/09/apple-expands-data-encryption-under-ios-8-making-handover-to-cops-moot/.

[8] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://assets.documentcloud.org/documents/1302613/ios-security-guide-sept-2014.pdf (describing the UID as a number, set during the manufacturing process that Apple itself does not record); Ben Thompson, Apple Versus the FBI, Understanding iPhone Encryption, the Risks for Apple and Encryption, stratechery (Feb. 17, 2016), https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption.

[9] Ben Thompson, Apple Versus the FBI, Understanding iPhone Encryption, the Risks for Apple and Encryption, stratechery (Feb. 17, 2016), https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption.

[10] See, Mohit Arora, How Secure is AES Against Brute Force Attacks?, EETimes (May, 7, 2012, 5:29 PM), http://www.eetimes.com/document.asp?doc_id=1279619. (Explaining that using AES 256, an encryption key used by the iPhone would be 256 characters long, meaning there are 2256 combinations. Assuming a computer powerful enough to guess 33.86 X 1012/second (using the world’s fastest super computer, the Tianhe-2), it would take about 1.03 X 1055 years on average to crack an AES 256 key. For perspective, the Earth is 4.5 X 109 years old.).

[11] Andrew Crocker, Judge to DOJ: Not All Writs, Electronic Frontier Foundation (Oct. 12, 2015), https://www.eff.org/deeplinks/2015/10/judge-doj-not-all-writs.

[12] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://assets.documentcloud.org/documents/1302613/ios-security-guide-sept-2014.pdf (explaining that the user-selected passcode is entangled with the UID to create an encryption key, that Apple does not have access to); Dan Guido, Apple Can Comply with the FBI Court Order, Trail of Bits Blog (Feb. 17, 2016), http://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order; Ben Thompson, Apple Versus the FBI, Understanding iPhone Encryption, the Risks for Apple and Encryption, stratechery (Feb. 17, 2016), https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption.

[13] Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[14] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[15] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[16] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://www.apple.com/business/docs/iOS_Security_Guide.pdf, 12 (explaining key security features, the delay, triggered after 4 incorrect passcode attempts imposes a 1-minute delay after the 5th incorrect attempt, a 5-minute delay after the 6th incorrect attempt, a 15-minute delay after the 7th and 8th incorrect attempts, and a 1-hour delay after the 9th incorrect attempt.).

[17] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://www.apple.com/business/docs/iOS_Security_Guide.pdf, 12 (explaining key security features, the iPhone can be set to wipe all its data after the 10th incorrect passcode attempt. This wipe is achieved by discarding the encryption key from accessible memory, making the entire hard-disk unintelligible.).

[18] Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016) (Apple would upload a custom operating system to the shooter’s phone modifying security settings—though not specifically decrypting.).

[19] 10,000 possible combinations for a 4-digit numeric passcode, or 1 Million possible combinations for a 6-digit numeric passcode.

[20] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://www.apple.com/business/docs/iOS_Security_Guide.pdf, 12 (explaining that even without the delay, the iteration counter imposes an 80 millisecond delay, therefore, all the possible combinations could theoretically be guessed in under 5 hours.).

[21] Apple Inc’s Motion to Vacate Order Compelling Apple Inc. To Assist Agents in Search at 11, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016); Amy Davidson, The Dangerous All Writs Act Precedent in the Apple Encryption Case, The New Yorker (Feb. 19, 2016), http://www.newyorker.com/news/amy-davidson/a-dangerous-all-writ-precedent-in-the-apple-case.

[22] Amy Davidson, The Dangerous All Writs Act Precedent in the Apple Encryption Case, The New Yorker (Feb. 19, 2016), http://www.newyorker.com/news/amy-davidson/a-dangerous-all-writ-precedent-in-the-apple-case.

[23] 28 U.S.C. § 1651 (2012).

[24] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[25] Tim Cook, Customer Letter, Apple Inc. (Feb. 16, 2016) http://www.apple.com/customer-letter/ (“The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.”).

[26] Danny Yadron, Spencer Ackerman and Sam Thielman, Inside the FBI’s Encryption Battle with Apple, The Guardian (Feb. 18, 2016), http://www.theguardian.com/technology/2016/feb/17/inside-the-fbis-encryption-battle-with-apple.

[27] Andrew Crocker, Judge to DOJ: Not All Writs, Electronic Frontier Foundation (Oct. 12, 2015), https://www.eff.org/deeplinks/2015/10/judge-doj-not-all-writs.

[28] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[29] Id.

[30] Apple’s unique encryption key—without which, a phone cannot be updated.

[31] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016) (pointing to United States v. New York Tel. Co., 434 U.S. 159, 174 (1977).).

[32] Government’s Motion to Compel Apple Inc. To Comply with this Court’s February 16, 2016 Order Compelling Assistance in Search, at 17, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[33] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 17, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[34] Government’s Motion to Compel Apple Inc. To Comply with this Court’s February 16, 2016 Order Compelling Assistance in Search, at 11-12, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[35] United States v. New York Tel. Co., 434 U.S. 159, 175-75 (1977).

[36] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 13, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[37] Id.

[38] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 13, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016) (“The same software Apple is uniquely able to modify . . . Especially but not only because iPhones will only run software cryptographically signed by Apple . . .”).

[39] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 13, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[40] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 13-14, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016) (quoting New York Telephone Co., 434 U.S. at 174); Government’s Motion to Compel Apple Inc. To Comply with this Court’s February 16, 2016 Order Compelling Assistance in Search, at 8, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[41] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 14-16, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[42] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, at 16, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[43] Government’s Ex Parte Application for Order Compelling Apple Inc. To Assist Agents in Search, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[44] Apple notes that it has already assisted the government in their investigation; Mikey Campbell, FBI Contacted Apple, Received Data Related to San Bernardino Case 3 days After Shooting, appleinsider (Feb. 27, 2016, 12:39 AM), http://appleinsider.com/articles/16/02/27/fbi-contacted-apple-received-data-related-to-san-bernardino-case-3-days-after-shooting-.

[45] Apple Inc’s Motion to Vacate Oder Compelling Apple Inc to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[46] Pa. Bureau of Corr. v. United States Marshals Serv., 474 U.S. 34, 43 (1985) (“The All Writs Act is a residual source of authority to issue writs that are not otherwise covered by statute. Where a statute specifically addresses the particular issue at hand, it is that authority, and not the All Writs Act, that is controlling. Although that Act empowers federal courts to fashion extraordinary remedies when the need arises, it does not authorize them to issue ad hoc writs whenever compliance with statutory procedures appears inconvenient or less appropriate.”).

[47] Apple Inc’s Motion to Vacate Oder Compelling Apple Inc to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance, at 14, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[48] Apple Inc’s Motion to Vacate Oder Compelling Apple Inc to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance, at 16, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[49] 47 U.S.C. § 1002(b)(1) (2012). (“This subchapter does not authorize any law enforcement agency or officer—

(A) to require any specific design of equipment, facilities, services, features, or system configurations to be adopted by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services; or

(B) to prohibit the adoption of any equipment, facility, service, or feature by any provider of a wire or electronic communication service, any manufacturer of telecommunications equipment, or any provider of telecommunications support services.”) [emphasis added].

[50] Id.

[51] 47 U.S.C. § 1002(b) (2012).

[52] 47 U.S.C. § 1002(b)(3) (2012).

[53] Apple Inc’s Motion to Vacate Oder Compelling Apple Inc to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance, at 6-8, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[54] Pa. Bureau of Corr. v. United States Marshals Serv., 474 U.S. 34, 43 (1985).

[55] New York Telephone Co., 434 U.S. at 159.

[56] Id. at 174.

[57] A device used to record phone numbers dialed on specific phone lines.

[58] New York Telephone Co., 434 U.S. at 174-75 (Court notes that the phone company regularly used pen registers in normal operations).

[59] Apple Inc’s Motion to Vacate Oder Compelling Apple Inc to Assist Agents in Search, and Opposition to Government’s Motion to Compel Assistance, at 11, fn. 21, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).(The FBI has acknowledged that it worked with the phone’s owner (San Bernardino County) to reset the the iCloud password in an effort to unlock the iCloud backup. Apple argues that had the county and the FBI not reset the password, “this litigation may not have been necessary,” as it could have initiated a remote backup of the phone and subsequently produced an updated backup to investigators.).

[60] Fred Kaplan, How Apple’s Stand Against the FBI Could Backfire, Slate (Feb. 19, 2016, 6:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/how_apple_ceo_tim_cook_s_stand_against_the_fbi_could_backfire.html; Marcy Wheeler, Why This iPhone?, Slate (Feb. 19, 2016, 1:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/the_apple_fbi_encryption_battle_is_over_an_iphone_unlikely_to_yield_critical.html.

[61] Id.

[62] Tim Cook, Customer Letter, Apple Inc. (Feb. 16, 2016) http://www.apple.com/customer-letter/; Marcy Wheeler, Why This iPhone?, Slate (Feb. 19, 2016, 1:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/the_apple_fbi_encryption_battle_is_over_an_iphone_unlikely_to_yield_critical.html.

[63] Fred Kaplan, How Apple’s Stand Against the FBI Could Backfire, Slate (Feb. 19, 2016, 6:26 PM), http://www.slate.com/articles/technology/future_tense/2016/02/how_apple_ceo_tim_cook_s_stand_against_the_fbi_could_backfire.html; Will Oremus, Irate DOJ Dismisses Apple’s Fight with the FBI as a “Brand Marketing Strategy”, Slate (Feb. 19, 2016, 6:02 PM), http://www.slate.com/blogs/future_tense/2016/02/19/department_of_justice_motion_mocks_apple_s_fbi_fight_as_a_brand_marketing.html; Kaveh Waddell, The Optics of Apple’s Encryption Fight, The Atlantic (Feb. 17, 2016), http://www.theatlantic.com/technology/archive/2016/02/why-apple-is-fighting-the-fbi/463260.

[64] Dan Guido, Apple Can Comply with the FBI Court Order, Trail of Bits Blog (Feb. 17, 2016), http://blog.trailofbits.com/2016/02/17/apple-can-comply-with-the-fbi-court-order; Ben Thompson, Apple Versus the FBI, Understanding iPhone Encryption, the Risks for Apple and Encryption, stratechery (Feb. 17, 2016), https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption.

[65] Tim Cook, Customer Letter, Apple Inc. (Feb. 16, 2016) http://www.apple.com/customer-letter/; Will Oremus, Apple vs. The FBI, Slate (Feb. 17, 2016, 7:44 PM), http://www.slate.com/articles/technology/future_tense/2016/02/apple_s_stand_against_the_fbi_is_courageous_it_s_also_good_for_apple.html.

[66] Tim Cook, Customer Letter, Apple Inc. (Feb. 16, 2016) http://www.apple.com/customer-letter/.

[67] Government’s Ex Parte Application for a Continuance, In the Matter of the Search of an Apple IPhone Seized During the Execution of a Search Warrant on a Black Lexis IS300, California License Plate 35KG203, No. 15-0451M (C.D. Cal. 2016).

[68] Id.

[69] See, Apple Inc., iOS Security, Apple Inc. (Sep. 2014), https://www.apple.com/business/docs/iOS_Security_Guide.pdf, 4-7 (describing the “Secure Enclave” on newer iOS devices).

[70] Tim Cook, Customer Letter, Apple Inc. (Feb. 16, 2016) http://www.apple.com/customer-letter/.

Texting While Driving in a New Age of Automobile Advancements: Legal Implications to Be Determined

By Anna Gotfryd and Jacob Vannette

Introduction

We live in a world with “new age automobiles”—where technological advancements increasingly permeate every aspect of vehicles, from those that affect comfort to those that enhance safety. [1]  No longer are such features found solely in high-end models; they are offered in those purchased by the average consumer.[2]  To some, cutting-edge technology in vehicles is seen as a necessity: recent studies show that “connectivity”—such as dashboard features that provide owners with email access—is now a part of consumer expectations.[3]  From 2014 to 2015, 37% of consumers said that they would be willing to switch car brands simply to achieve improved connectivity.[4]  The push for connectivity while driving is not surprising.[5]  Last year, American commuters spent an average of 42 hours stuck in traffic.[6]  While other reports note that up to 20% of drivers have not used many of the technology features in their vehicles,[7] consumers continue to desire automotive technologies “that enhance the driving experience and safety.”[8]  This means that more advancements in car technology, not fewer, are to be expected.[9]

Many technologies that consumers most desire are “built-in,” and serve a range of purposes.[10]  Some are created with an eye toward luxury enjoyment of the vehicle, and even with a nod toward creativity or pure fun.[11]  Other advancements are aimed at practicality and cost efficiency.[12]  Finally, technological developments that are designed to improve safety are wide-ranging.”[13]  Consider “Forward Emergency Braking”—a technology that will sense and stop for pedestrians located in front of a car.[14]  Some car manufacturers have created “camera and sensor systems” that warn drivers when cars are “in the[ir] mirror’s blind spot.”[15]  Autoliv, for example, has developed a technology for thermal imaging of the area surrounding a vehicle.[16]  This system, like its military forebears, allows drivers to see further than their headlights to avoid tragic collisions with pedestrians or wildlife, which they may not otherwise be able to detect.[17]

This article discusses one type of technological advancement purportedly directed at improving safety—integrated hands-free texting.[18]  Perhaps unsurprisingly, integrated hands-free technology elicits tricky issues, explored below.  First, we investigate the problems associated with texting while driving, and how legislators and car manufacturers have responded.  Second, we discuss what integrated hands-free technology is and how it works.  Third, we examine whether it has any impact on safe driving.  Finally, we analyze how legislators have viewed hands-free texting, and how future considerations could affect this area.

The Pervasive Problem of Distracted Driving and Proposed Solutions

Texting and driving, one of the main causes of what is referred to as “distracted driving,” has been labeled an “American epidemic.”[19]  As many as 98% of drivers believe that “[t]exting while driving is dangerous.”[20]  Most, however, do not practice what they preach:”[21] 74% of drivers admit to having texted while driving.[22]  This has resulted in tragic outcomes: every day, distracted driving kills more than 8 people and injures about 1,161.[23]  Some studies go so far as to suggest that distracted driving is worse than drunk driving.[24]  The American public has reacted—in 2009, 80% of American adults favored banning texting while driving”[25]—and legislators have responded.[26]  “46 states, D.C., Puerto Rico, Guam and the U.S. Virgin Islands ban text messaging for all drivers,” and “[o]f the 4 states without an all driver texting ban[,] 2 prohibit text messaging by novice drivers[, and] 1 restricts school bus drivers from texting.””[27]

With consumers demanding greater connectivity in vehicles,[28] and the concurrent public and legislative outcry to the distracted driving craze,[29] car manufacturers are “racing to make driving less distracting.”[30]  One way they have done this is by offering integrated hands-free technology,[31] which allows drivers to stay connected without taking their eyes off of the road or their hands off of the wheel.[32]  We turn now to a discussion of how automotive companies have sought to meet this demand, and how exactly integrated hands-free technology works.

Integrated Hands-Free Technology Explained

This part explains what integrated hands-free technology in cars is. It then discusses different types of hands-free technology systems that consumers may encounter and how the average consumer uses them.

Generally, integrated hands-free technology is a system that is installed directly into a car.[33]  It works by connecting with a driver’s phone using Bluetooth.[34]  It can then tell whether the driver has an incoming call or message.[35]  Through integrated hands-free technology, the driver could choose to answer a phone call or listen to a message.[36]  Additionally, through the use of speech recognition technology, the driver could dictate a reply or choose another course of action.[37]  The specifics of these types of systems, of course, may vary by car make and model.[38]  We examine briefly the systems produced by some of the largest car manufacturers in the world.[39]

“SYNC” is Ford’s version of integrated hands-free technology.[40]  By connecting her phone with the car’s infotainment system[41] via Bluetooth, a driver can use the software’s voice recognition system to make calls, dictate text messages, and search for music on her phone.[42]  The software is compatible with both Apple CarPlay and Android Auto, allowing a driver to engage Siri or Google to make calls, send messages, navigate, and much more—all without reaching for her phone.[43]

Chevrolet’s “MyLink” similarly allows drivers to connect their phones to their car’s infotainment system through Bluetooth.[44]  Hands-free calling is available in multiple models, allowing a driver to simply press a button on the steering wheel and state aloud the callee’s name.[45]  Text Message Alerts notify a driver when he or she has received a new message, too.[46]  Through this feature, a driver can listen to the message, view it when her car is stopped, and reply to it with stock messages.[47]

As a final example, “NissanConnect” also employs Bluetooth to link the driver’s phone to the car’s infotainment system, “keep[ing] [the driver] in touch while [she] stays focused on the road.”[48]  Nissan likewise uses voice recognition technology, through which drivers can “make and answer calls and send pre-loaded text messages—hands free.”[49]  Drivers may input into the system custom messages, increasing the finite list of stock messages at their disposal while driving.[50]  Through the driver’s phone, the system can also access social media networks, including popular sites like Facebook and Twitter, and read aloud posts from those platforms.[51]

Nearly all of the major players in the automotive industry have developed a way for drivers to access and utilize their phones without actually touching them—by calling, texting, and even keeping up with Facebook posts.[52]  The question remains whether integrated hands-free technology actually makes driving safer. We survey current research in the next part.

Hands-Free Texting and Driving As a Safer Alternative

Integrated hands-free technology is still relatively new, and more research on its safety implications may be warranted.[53]  Current studies have found that texting hands-free is just as unsafe as doing so hands-on.[54]  Some studies even show that the use of hands-free technology is more distracting than hands-on use.[55]

According to the Center for Disease Control and Prevention, there are three types of distraction that concern a driver: (1) visual distraction, which involves what a driver can see; (2) manual distraction, which is implicated when a driver takes her hands off of the wheel; and (3) cognitive distraction, which occurs when a driver is not completely focused on the task of driving.[56]

A driver that is looking at the road while on the phone may “fail to see up to 50 percent of the information in their driving environment” due to cognitive distraction.[57]  A study conducted by the American Automobile Association’s Foundation for Traffic Safety investigated the use of hands-free technology while driving and determined “that potentially unsafe levels of mental distraction can last for as long as 27 seconds after completing a distracting task.”[58]  A different study, conducted by the Texas A&M Transportation Institute,[59] compared the effects of both methods of texting—manually and hands-free—on driving.[60]  The researchers concluded that there was no significant difference between the two methods: “Driver response times were significantly delayed no matter which texting method was used.”[61]  The study also determined that drivers spent less time with their eyes on the road regardless of the method through which they composed text messages.[62]

Critics emphasize that this investigation focuses only on cognitive distraction, which is believed to be less dangerous than manual and visual distraction.[63]  Nonetheless, an amplified cognitive load increases the risk of a crash due to slower reaction times and inattention blindness.[64]  Additionally, research conducted by the Virginia Tech Transportation Institute[65] found that the use of hands-free devices “involved visual-manual tasks at least half of the time.”[66]  Significantly, no research has been able to show that integrated hands-free devices improve safety.[67]

When the safety benefits of integrated hands-free technology were completely unknown, experts believed that it “w[ould] become standard within a few years.”[68]  This prediction held true—hands-free communication technology has become “a central competitive focus of the automotive industry”[69]—despite a lack of demonstrated safety benefits.[70]  Meanwhile, researchers have accumulated considerable evidence indicating that this technology poses significant risks.[71]  The next section examines the cognitive dissonance between the existing research on hands-free texting and the law’s treatment of it.

A Mismatch Between Research and How Laws Treat Hands-Free Technology

All over the country, state legislators have noticed the distracted driving epidemic and have racked their brains to find ways that they believe will address the issue.[72]  As discussed above, the vast majority of states have banned texting while driving.[73]  Fourteen states have gone even further, banning any use of hand-held devices for all drivers.[74]  The problem, however, lies in the fact that none of these laws address the concern with hands-free devices,[75] seeming to incorrectly presume that they are a safer alternative.[76]  California, for example, explicitly condoned the use of hands-free devices for texting less than a year after issuing a text messaging ban.[77]  While there have been calls for states to issue bans on the use of hands-free devices, no state has actually done so.[78]

The lack of a legislative response to research demonstrating the dangers of hands-free texting does not, however, mean that states are not seeking novel ways to continue the fight against distracted driving and its dire consequences.[79]  New York legislators, for example, recently introduced a bill (“Evan’s Law”) that arms police officers with a field testing device called a “textalyzer.”[80]  A textalyzer, which is still in development,[81] could check a driver’s phone for recent, unlawful activity.[82]

Setting aside privacy concerns, Evan’s Law and the use of a textalyzer raise additional important, yet unanswered, questions.[83]  Among those is whether the device will have the ability to distinguish between a message sent manually and one sent using hands-free technology.[84]  Hands-free devices are specifically exempted from New York’s texting ban; using them is not a violation of the law.[85]  Some doubt that the textalyzer will be able to differentiate whether a message was sent hands-on or hands-free.[86]  This may complicate the solution by adding, rather than subtracting, steps.[87]  The National Highway Traffic Safety Administration desires a technological solution to the distracted driving problem.[88]  The textalyzer, however, diverges from their vision—one including a device or a vehicle feature that recognizes when a driver is using a phone and deactivates it[89] —and adds procedural requirements.[90]

New York is currently the only state to consider using a device like the textalyzer to combat the distracted driving problem.[91]  If Evan’s Law passes, however, other states may join New York’s lead.[92]  Using technology to combat technology without explicitly considering the new age of automobile advancements and current research assessing their efficacy may prove to further complicate an already difficult area.

Suggestions and Conclusion

Technological advancements in cars are rapid and largely a result of consumer desires.[93]  As car manufacturers and legislators work to find solutions to the distracted driving epidemic,[94] the latter must take a hard look at the adequacy of current measures, while the former should consider its competitive emphasis on integrated hands-free technology.  Importantly, researchers and legislators will need to stop talking past one another, and start comparing notes.

 


[1] New Age Automobiles, Dreams About Car Life of the Future, MURATA, http://www.murata.com/en-us/about/newsroom/techmag/metamorphosis17/special/life (last visited June 7, 2016).

[2] See, e.g., Brian Cooley, Tech Watch: Top 5 Inexpensive High-Tech Cars, CBS SFBayArea (Oct. 2, 2012, 8:58 AM), http://sanfrancisco.cbslocal.com/2012/10/02/tech-watch-top-5-inexpensive-high-tech-cars/; Doug DeMuro, 7 Great High-Tech Cars Under $35,000, AUTOTRADER (Aug. 2014), http://www.autotrader.com/best-cars/7-great-high-tech-cars-under-35000-229215.

[3] Hans-Werner Kaas, Andreas Tschiesner, Dominik Wee & Matthias Kässer, How Carmakers Can Compete for the Connected Consumer, MCKINSEY & COMPANY (Sept. 2015), http://www.mckinsey.com/industries/automotive-and-assembly/our-insights/how-carmakers-can-compete-for-the-connected-consumer.

[4] Id.

[5] Reuters, U.S. Commuters Spend About 42 Hours a Year Stuck in Traffic Jams, NEWSWEEK (Aug. 26, 2015, 12:31 PM), http://www.newsweek.com/us-commuters-spend-about-42-hours-year-stuck-traffic-jams-365970; see also Ashley Halsey III, Automakers Embrace Hands-Free Text-Messaging Technology, WASH. POST (Oct. 24, 2011), https://www.washingtonpost.com/local/automakers-embrace-hands-free-text-messaging-technology/2011/10/19/gIQAg0fjDM_story.html (“The demand for all this comes, in part, because the amount of time Americans spend stuck in traffic has more than doubled since 1982 . . . .”); The Editorial Board, Editorial, Hands-Free Distractions, N.Y. TIMES (June 23, 2013), http://www.nytimes.com/2013/06/24/opinion/hands-free-distractions.html (“A spokeswoman for the auto industry told The Times that ‘people want to be connected in their car just as they are in their home or wherever they may be.’”).

[6] Reuters, supra note 5.

[7] Built-in Connectivity Among Least Used Technologies, Creating Lost Value, J.D. POWER (Aug. 25, 2015), http://www.jdpower.com/press-releases/2015-driver-interactive-vehicle-experience-drive-report (“[A]ccording to the J.D. Power 2015 Driver Interactive Vehicle Experience (DrIVE) Report,” which “measures driver experiences with in-vehicle technology features during the first 90 days of ownership . . . at least 20 percent of new-vehicle owners have never used 16 of the 33 technology features measured.”).

[8] Paul Murrell, The Technology People Want in Their Cars, and What They Don’t . . ., PRACTICAL MOTORING, https://practicalmotoring.com.au/car-news/what-car-tech-people-want-and-what-they-dont/ (last visited June 7, 2016).

[9] John Brandon, 10 Major Tech Advancements in Cars for 2016, COMPUTERWORLD (Jan. 12, 2016, 10:38 AM), http://www.computerworld.com/article/3021856/personal-technology/10-major-tech-advancements-in-cars-for-2016.html.

[10] Id.

[11] See, e.g., id.

[12] Id. Back-up cameras in cars, for example, are a practical advancement that will be mandated by law in any new car produced or sold in the United States after 2018. Wayne Cunningham, U.S. Requiring Back-Up Cameras in Cars by 2018, ROADSHOW BY CNET (Mar. 31, 2014, 11:04 AM), http://www.cnet.com/roadshow/news/u-s-requiring-back-up-cameras-in-cars-by-2018/ (“The rule applies to all road-legal vehicles under 10,000 pounds” and “requires a back-up camera to show a field of vision at least 10 feet wide directly behind the vehicle, going back a minimum of 20 feet.”).

[13] Id.

[14] Id.

[15] Rick Newman, Forget Self-Driving Cars—This Technology Is Way Cooler, YAHOO FINANCE (Apr. 22, 2016, 1:42 PM), http://finance.yahoo.com/news/forget-self-driving-cars-night-vision-technology-is-cooler-162552501.html.

[16] Id. Autoliv is a safety technology company and automotive supplier. AUTOLIV, About Us, https://www.autoliv.com/AboutUs/Pages/default.aspx (last visited June 7, 2016).

[17] Newman, supra note 15.

[18] See, e.g., Halsey III, supra note 5.

[19] Dr. Nina Radcliff, Distracted Driving Is an American Epidemic, WASH. TIMES (Apr. 26, 2015), http://www.washingtontimes.com/news/2015/apr/26/nina-radcliff-distracted-driving-american-epidemic/?page=all.

[20] CTR. FOR INTERNET & TECH. ADDICTION, IT CAN WAIT COMPULSION SURVEY 3, http://about.att.com/content/dam/snrdocs/It%20Can%20Wait%20Compulsion%20Survey%20Key%20Findings_9%207%2014.pdf (last visited June 7, 2016) (using a national telephone survey consisting of 1,004 respondents who meet the following criteria: are between 16-65, own a cell phone, text at least once a day, and drive, at a minimum, almost every day).

[21] Justin Worland, Why People Text and Drive Even When They Know It’s Dangerous, TIME (Nov. 6, 2014), http://time.com/3561413/texting-driving-dangerous/.

[22] CTR. FOR INTERNET & TECH. ADDICTION, supra note 20.

[23] Distracted Driving, CDC, http://www.cdc.gov/motorvehiclesafety/distracted_driving/ (last visited June 7, 2016) (noting that there are three types of distraction: visual, manual, and cognitive).

[24] Radcliff, supra note 19.

[25] Andrew Lavallee, Consumers Favor Texting-While-Driving Ban, WALL ST. J. (Sept. 1, 2009, 8:04 AM), http://blogs.wsj.com/digits/2009/09/01/consumers-favor-texting-while-driving-ban/.

[26] Radcliff, supra note 19.

[27] Distracted Driving Laws, GHSA (Apr. 2016), http://www.ghsa.org/html/stateinfo/laws/cellphone_laws.html.

[28] Kaas et al., supra note 3; Halsey III, supra note 5.

[29] See supra notes 18–26.

[30] Jayne O’Donnell, Some Cars Will Read Texts and E-mails or Take Dictation, USA TODAY (Mar. 28, 2013, 12:06 AM), http://www.usatoday.com/story/news/nation/2013/03/27/some-cars-will-read-texts-and-emails-or-take-dictation/2026823/.

[31] Halsey III, supra note 5.

[32] See, e.g., Ford SYNC Technology, FORD, http://www.ford.com/technology/sync/ (last visited June 7, 2016).

[33] Peter DeMarco, Top 7 Hands-Free Driving Devices, BOSTON.COM, http://www.boston.com/cars/gallery/top_handsfree_driving_apps/ (last visited June 7, 2016).

[34] Id.

[35] Id.

[36] Id.

[37] Id.

[38] See, e.g., Tara Baukus Mello, Rating Hands-Free Calling in Today’s Cars, BANKRATE, http://www.bankrate.com/finance/auto/rating-hands-free-calling-in-todays-cars-1.aspx (last visited June 7, 2016).

[39] Of the 10 largest car manufactures in the world, General Motors is #2, Nissan-Renault #3, and Ford Motor Company #6. See John LeBlanc, The Top 10 Largest Automakers in the World, DRIVING (Apr. 25, 2014), http://driving.ca/toyota/corolla/auto-news/news/the-top-10-largest-automakers-in-the-world.

[40] Ford SYNC Technology, supra note 32 (discussing “SYNC 3 plus Apple CarPlay Support,” which lets owners “use [their] voice to make a call, listen to music, voice-control, select apps with SYNC AppLink and much more,” while “keep[ing] [their] eyes on the road and [their] hands on the wheel”).

[41] See In-Vehicle Infotainment (IVI), WEBOPEDIA, http://www.webopedia.com/TERM/I/in-vehicle-infotainment-ivi.html (last visited June 7, 2016) (“[T]ypical tasks that can be performed with an in-vehicle infotainment system include managing and playing audio content, utilizing navigation for driving, delivering rear-seat entertainment such as movies, games, social networking, etc., listening to incoming and sending outgoing SMS text messages, making phone calls, and accessing Internet-enabled or smartphone-enabled content such as traffic conditions, sports scores and weather forecasts.”).

[42] Ford SYNC Technology, supra note 32.

[43] Id.

[44] Chevrolet MyLink, CHEVROLET, http://www.chevrolet.com/mylink-radio.html (last visited June 7, 2016).

[45] Id.

[46] Id. (noting Text Message Alerts are “available on 2015 Impala models”).

[47] Id.

[48] NissanConnect Features, NISSAN, http://www.nissanusa.com/connect/features-app.html#_features-communication (last visited June 7, 2016).

[49] Id.

[50] Id.

[51] Id.

[52] See supra notes 37–49. Buick, Toyota, Volkswagen, Chrysler, Hyundai, and Mazda all have similar systems. See also New Hands-Free Technologies Pose Hidden Dangers for Drivers, AAA NEWSROOM (Oct. 22, 2015) [hereinafter Hidden Dangers], http://newsroom.aaa.com/2015/10/new-hands-free-technologies-pose-hidden-dangers-for-drivers/.

[53] Peter Bigelow, Feds Recommend Ban of Hands-Free Phone Use to Curb Epidemic of Distracted Driving, AUTOBLOG (Mar. 28, 2012, 10:49 AM), http://www.autoblog.com/2012/03/28/feds-recommend-ban-of-hands-free-phone-use-to-curb-epidemic-of-d/ (“[Department of Transportation Secretary Ray] Lahood has said the issue with hands-free devices needs more research.”).

[54] David Pogue, Hands-Free Texting Is No Safer to Use While Driving, SCIENTIFIC AMERICAN (Nov. 1, 2013), http://www.scientificamerican.com/article/hands-free-texting-is-no-safer-to-use-while-driving/ (discussing a study conducted by the Texas A&M Transportation Institute that examined “people driving a closed course under three conditions: while texting by hand, while texting by voice . . ., and without texting at all,” and finding that there is “no difference whether [one] text[s] hands-free or by voice”). Notably, this study only used 43 subjects. Id.

[55] Hands-Free Is Not Risk-Free, Nat’l Safety Council, http://www.nsc.org/learn/NSC-Initiatives/Pages/distracted-driving-hands-free-is-not-risk-free-infographic.aspx (last visited June 7, 2016) (discussing a study conducted by the AAA Foundation for Traffic Safety).

[56] Distracted Driving, supra note 23.

[57] NAT’L SAFETY COUNCIL, UNDERSTANDING THE DISTRACTED BRAIN: WHY DRIVING WHILE USING HANDS-FREE CELL PHONES IS RISKY BEHAVIOR 2 (2012), http://www.nsc.org/DistractedDrivingDocuments/Cognitive-Distraction-White-Paper.pdf.

[58] Hidden Dangers, supra note 52 (summarizing a study in which 257 drivers between the ages of 21 and 70 tested 2015 model-year vehicles, and 65 other drivers between the ages of 21 and 68 “tested the three phone systems”). The study represented a third phase of the Foundation’s investigation into the effects of hands-free technology use in vehicles on a driver’s cognitive distraction. Id.

[59] The Texas A&M Transportation Institute (TTI) is “one of the premier higher education-affiliated transportation research agencies in the nation,” which “conducts over 600 research projects annually with over 200 sponsors at all levels of government and the private sector.” About TTI, Tex. A&M Transp. Inst., http://tti.tamu.edu/about/ (last visited June 7, 2016). This particular study was sponsored by the Southwest Region University Transportation Center. Voice-to-Text Driver Distraction Study, Tex. A&M Transp. Inst. [hereinafter Distraction Study], https://tti.tamu.edu/enhanced-project/voice-to-text-driver-distraction-study/ (last visited June 7, 2016).

[60] Distraction Study, supra note 59 (summarizing a study in which 43 drivers first drove through a closed course without using any cell phones, then did so “three more times performing a series of texting exercises—once using each of two voice-to-text applications (Siri® for the iPhone and Vlingo® for Android), and once texting manually”).

[61] Id.

[62] Id.

[63] See, e.g., Mitch Bainwol, Letter to the Editor, Using Hands-Free Devices to Chat and Drive, N.Y. Times (July 4, 2013), http://www.nytimes.com/2013/07/05/opinion/using-hands-free-devices-to-chat-and-drive.html.

[64] See RICHARD HARKNESS, SUMMARY OF RESEARCH FINDINGS INDICATE SIGNIFICANT CRASH RISKS ASSOCIATED WITH HANDS-FREE TEXTING WHILE DRIVING 1 (2013), https://www.adeptdriver.com/assets/resources/Hands_free_texting_while_driving_poses_great_crash_risk_4-25-13.pdf.

[65] The Virginia Tech Transportation Institute (VTTI) is “the second largest university-level transportation institute in the U.S. with more than 475 employees.” About VTTI, VA. TECH TRANSP. INST., www.vtti.vt.edu/about/about-vtti.html (last visited June 7, 2016). The institute “has more than $36 million in annual sponsored program research expenditures and is conducting more than 270 active projects.” Id. The study in question was sponsored by the National Highway Traffic Safety Administration. New VTTI Study Results Continue to Highlight the Dangers of Distracted Driving,VA. TECH TRANSP. INST. (May 29, 2013) [hereinafter VTTI Study], http://www.vtti.vt.edu/featured/?p=193.

[66] VTTI Study, supra note 65 (summarizing a study in which cameras and other equipment were used to observe participants in their personal vehicles for a combined total of six million miles driven).

[67] See HARKNESS, supra note 64.

[68] Jenny Che, How Car Companies Are Combatting Texting While Driving, Huffpost Business (June 9, 2015, 6:14 PM), http://www.huffingtonpost.com/entry/how-car-companies-are-combatting-texting-while-driving_us_55771263e4b0317a2afd3fdc.

[69] Robert Rosenberger, The False Sense of Safety Created by Hands-Free Devices in Cars, Slate (March 5, 2012, 3:15 PM), www.slate.com/blogs/future_tense/2012/03/05/hands_free_devices_don_t_make_it_safe_to_talk_text_and_drive_.html.

[70] See HARKNESS, supra note 64.

[71] See id.

[72] Distracted Driving Laws, supra note 27.

[73] Id.

[74] Id. Those states are California, Connecticut, Delaware, Hawaii, Illinois, Maryland, Nevada, New Hampshire, New Jersey, New York, Oregon, Vermont, Washington, and West Virginia. Id. The District of Columbia, Puerto Rico, Guam, and the Virgin Islands also ban hand-held devices while driving. Id.

[75] See generally id.

[76] See, e.g., Halsey III, supra note 5.

[77] Dante D’Orazio, California Passes Bill Legalizing Voice-Activated Hands-Free Texting While Driving, THE VERGE (July 17, 2012, 9:06 PM), http://www.theverge.com/2012/7/17/3165461/california-legalizes-voice-activated-hands-free-texting.

[78] Bigelow, supra note 53.

[79] See Matt Richtel, Texting and Driving? Watch Out for the Textalyzer, N.Y. Times (Apr. 27, 2016), http://www.nytimes.com/2016/04/28/science/driving-texting-safety-textalyzer.html.

[80] Id.

[81] David Kravets, First Came the Breathalyzer, Now Meet the Roadside Police “Textalyzer”, arstechnica (Apr. 11, 2016, 3:00 PM), http://arstechnica.com/tech-policy/2016/04/first-came-the-breathalyzer-now-meet-the-roadside-police-textalyzer/.

[82] Richtel, supra note 79.

[83] See, e.g., Bryan Chaffin, On Being Skeptical of ‘Textalyzer’ Technology to Detect Smartphone Use Before Accidents, MAC OBSERVER (Apr. 12, 2016, 8:25 PM), http://www.macobserver.com/tmo/article/on-being-skeptical-of-textalyzer-technology-to-detect-smartphone-use-before.

[84] The current iteration of Evan’s Law does not provide an answer. See S.B. S6325A 2015–2016 Leg. Sess. (N.Y. 2016).

[85] N.Y. VEH. & TRAF. LAW § 1225-c(3)(c) (Consol. 2016).

[86] Kravets, supra note 81 (stating that further testing will be required to determine whether integrated hands-free technology was the method of phone usage).

[87] Id. (stating that further testing will be required to determine whether integrated hands-free technology was the method of phone usage).

[88] Damon Lavrinc, The Feds’ ‘Ultimate Solution’ to Curb Distracted Driving, WIRED (June 6, 2013, 7:00 PM), http://www.wired.com/2013/06/feds-ultimate-solution/.

[89] Id.

[90] Kravets, supra note 81 (stating that the additional testing “may require a warrant”).

[91] Richtel, supra note 79.

[92] Id.

[93] See, e.g., James Liu, Aluminum in Automotive: This Is Just the Beginning, Novelis, http://novelis.com/aluminium-in-automotive-this-is-just-the-beginning/ (last visited June 7, 2016).

[94] Radcliff, supra note 19.

Search Engines under Attack: Examining the European Union’s Right to be Forgotten (Parts II & III)

By Tisunge (Sunga) Mkwezalamba*

Part II: Interpreting the Right to be Forgotten

This section provides a case summary of Google Spain v. González. In its holding, the Court of Justice of the European Union determined that search engines are responsible for the removal of personal data upon request, regardless of how the data was obtained, so long as processing of the personal data would not be in compliance with the principles of Directive 95/46/EC.

(a). Google Spain v. González[1]

In 2010, Mario Costeja González, a Spanish citizen, filed a complaint against a local Spanish newspaper with the Spanish Data Protection Authority (AEPD).[2] González sought to have the newspaper remove a disfavoring news article published in 1998 regarding an auction of his home in connection with the recovery of his debts. González argued that the matter concerning his debts had been fully resolved for a number of years, and therefore, the contents of the article, which were his personal data under the definition of Article 2(a) of Directive 95/46/EC, were now irrelevant and should be erased and blocked pursuant to Article 12(b) of the same directive.[3] González named Google Spain and Google as co-defendants in his complaint. González argued that Google should remove all links to the article pursuant to the same provisions of the directive.[4]

The AEPD rejected the complaint as it related to the newspaper, reasoning that the newspaper was legally justified in publishing information regarding the auction because it took place under the order of a government authority and was intended to achieve maximum publicity in order to secure as many bidders as possible.[5] Astonishingly, the AEPD did not extend the same coverage that it afforded the newspaper to Google Spain and Google, and in fact ruled against them.

Google Spain and Google appealed the decision before Spain’s National High Court (Audiencia Nacional).[6] Google argued that Directive 95/46/EC did not apply to Google Spain because Google Spain’s activities in the EU were advertising, which Google contended was not processing of personal data pursuant to the directive.[7] Further, Google argued that even if the court found Google Spain to have engaged in the processing of personal data, the company was established outside of the directive’s jurisdiction.[8]

Spain’s National High Court decided to stay the proceedings and referred questions to the Court of Justice of the European Union (CJEU) for a preliminary ruling regarding Directive 95/46/EC.[9] The questions submitted to the CJEU were: (1) whether Google Spain was established in Spain within the meaning of Article 4(1)(a), and therefore subject to the directive; (2) whether Google’s activities in Spain fell under the Article 2(b) definition of processing of personal data; and (3) if the aforementioned questions were in the affirmative, whether Article 12(b) obligated Google to erase or block the processing of personal data lawfully published by a third party.[10]

On May 13, 2014, the CJEU reached a decision against Google. The decision opened the floodgates for similar claims against large search engines.

Regarding whether Google Spain was established in Spain within the meaning of Article 4(1)(a), the court found that Google was subject to its jurisdiction because it was established in Spain through the activities of its subsidiary in a member state. The court reasoned that application of the directive did not require that Google Spain, the entity established in the EU, carry out processing. The court held that processing by the established entity was not a requirement so long as the established entity’s activities were closely linked to the processing activities.[11]

Next, concerning whether Google’s activities fell under the Article 2(b) definition of processing of personal data, the court concluded that a search engine’s activity of finding information published or placed on the internet by third parties, indexing it automatically, storing it temporarily, and making it available to internet users according to a particular order of preference must be classified as “processing of personal data” within the meaning of Article 2(b), and the operator of the search engine must be regarded as the “controller” with respect to that processing, within the meaning of Article 2(d).[12]

As a result, the court held that a search engine is obligated to remove personal data pursuant to Article 12(b) to comply with the rights in the directive regardless of whether the data was obtained lawfully. In its holding, the court expanded the scope of personal data that is to be erased or blocked outside of personal data that is particularly inaccurate or incomplete in nature. The court, through its decision that the right to be forgotten exists where the personal data is not in compliance with the rights of the directive, provided circumstances that it believed were in accordance with the principles of the directive. The court held that the right to be forgotten should be afforded when the personal data is “irrelevant or no longer relevant, or is excessive in relation to the purposes of the processing at issue carried out by the search engine, even if the information is not erased beforehand or simultaneously from those web pages, and even when its publication in itself on those pages is lawful.”[13] Interestingly, the court found that its list of circumstances included disfavoring personal data such as the auction, which it found fell under relevance.

(b). Aftermath of González

Though the right to be forgotten previously did not explicitly exist in EU law, the CJEU interpreted it in Article 2(b) of Directive 95/46/EC.[14] In its holding, the court expanded the definition of processing to include closely related activities such as advertising, and held that the activities of a search engine in providing links to websites with personal data constituted the processing of the personal data available through those links. Further, the court provided a list of circumstances where the right to be forgotten could be exercised, which included disfavoring information that was no longer relevant.

Most troublesome in the court’s interpretation of when the right could be exercised was its determination that search engines are to remove personal information that is lawfully obtained and privileged to the original publisher. Thus, if an individual wanted to remove his or her personal data online, he or she could simply apply to search engines, which are then to remove the link. Considering the number of individuals who use search engines to locate personal data, it only makes sense that individuals will be inclined to appeal to search engines directly.

As it relates to the GDPR, this is problematic because the language about the right to be forgotten is similar to the broad definition provided in González. Thus, search engines remain the misguided targets of the right to be forgotten.

Part III: Why the Right to be Forgotten is Bad Policy and Bad Law

In this section, I argue that the EU’s creation of a right to be forgotten is bad policy and bad law. First, the EU’s interpretation of the right to be forgotten is bad policy and bad law because its application does not remove access to the personal data that has been requested for removal. Second, it is likely to lead to instability in capital markets where investments and extensions of credit rely on personal data of an individual’s market participation. Third, as currently interpreted, the right compels large search engines to enforce the international right at their burden. This is significant because search engines then have to create a judiciary to judge EU law where only one precedent stands for a broad interpretation of a newly created privacy right. Lastly, the CJEU’s interpretation of the law disregards guaranteed freedoms, mainly the freedom of expression, in favor of the right to be forgotten.

1.The EU’s interpretation of the right to be forgotten does not remove access to the personal data that has been requested for removal.

The EU’s creation of a right to be forgotten is bad policy and bad law because it does nothing to actually restrict access to personal data. In a globalized society, search engines with the capabilities of Google provide regional services. However, access to the search engines’ services across regions remains possible. For instance, following the decision in González, no links to the newspaper article containing the auction of González’s home should have been available by searching González’s name in Google’s Spanish search domain URL (google.es). Despite the article’s removal from Google’s Spanish domain, the newspaper article remained available through Google’s US search domain URL (google.com). Essentially, once a search engine is required to remove the link, it is only the link that is removed, and the content remains. Further, other search engines will still provide links to the personal data that has been requested for removal. Thus, following González, a search through Yahoo! would have provided access to the article detailing the auction. Consequently, by the CJEU providing protections to the publisher and not search engines as it had done in González, the right to be forgotten is left for search engines to deal with.

There are also other concerns with the impracticality of the rule. These days, embarrassing information is shared on many mediums. At any moment, embarrassing content can be rapidly disseminated throughout the internet, reaching far and wide in a small amount of time. When content is disseminated rapidly throughout the internet, it is said to “go viral” or be “trending”. Locating personal data to de-link it becomes a long, painstaking process, particularly when the data can become undetectable or irretrievable due to the rate at which that information is shared. For instance, a trending photo that identifies an individual could be traced easily when those sharing the information share it with identifiers such as the name of the individual who the photo belongs to. However, once it is shared numerous times, that name may be misspelled or omitted, making it more difficult for search engines to locate it. This is the case in an age when embedding content rather than linking or sharing is gaining ground in digital information sharing. Further, it is unclear from the ruling in González and the text of GDPR as to what mediums controllers are supposed to remove content from and to what extent. Assume a video from a news channel discussing González’s auction was spliced into a video that is uploaded onto YouTube.com. Would Google, an owner of YouTube, be required to take down the entire video? These answers are still left unanswered, and are likely to lead to a slippery slope for search engines.

2. Removal of lawfully published personal data linking individuals to market decisions affects markets and democratic decision-making.

We live in a world where markets make decisions based on personal data. Thus, the availability of personal data, whether or not it is disfavoring, has significant value in the market. For example, decisions in the labor market are becoming increasingly influenced by personal data published willfully on social media sites. CareerBuilder, a US-based employment website, reported that more than 40 percent of employers research job candidates’ personal data on social media sites.[15] Employers use the personal information available on social media accounts to evaluate candidates. Some may argue that employers only look for information that reveals a candidate’s moral character. However, CareerBuilder’s report found that employers are more concerned with information that supports a candidate’s qualifications for the job to ensure they are able to recruit the best available candidates.[16] In a competitive job market, this is a good thing. If individuals are able to remove personal data when it is disfavoring or does not attest to their qualifications, such as personal data indicating that an individual did not work in the capacity his or her résumé attests, then employers may risk making costly employment decisions.

The most important reason why we need markets to have access to personal data relates to capital investments and extension of capital. Buyers need confidence in personal data available in the market to make purchasing decisions. Personal information is needed in order to ascertain the fair market value of an item,[17] such as a vehicle’s history. The history of the vehicle is personal data because it identifies the vehicle’s conditions under its prior owners. Thus, buyers should be able to retrieve all information necessary regarding their purchase before making a decision. If the right to be forgotten is exercised to detach a seller’s identity from a market decision because it is disfavoring, such as González’s home auction from bad debts, then the buyer will not be able to make a well-informed decision.

Alexa, a company that provides web traffic and data analytics, publishes a list of the most frequently used websites. Of the top ten, three are search engines.[18] This is significant because it indicates how much individuals trust the information available on search engines. In 2011, more than 75 percent of individuals used search engines to find local business information.[19] Thus, proponents of enforcing or creating the right to be forgotten seem to overlook how reliant individuals are on the information available on search engines. As it relates to making decisions in the market, this is of particular concern where individuals are likely to perform their own market research to save costs. For instance, if a homeowner is interested in purchasing the services of a lawn care business owner they may be interested in conducting market research on previous works of the lawn care provider before contracting for her services. Researching all potential lawn care providers in her area will be time consuming. Thus, the homeowner is likely to visit websites that offer reviews of lawn care providers. If the lawn care owner has received unsavory reviews on her work and exercises her right to be forgotten arguing that the reviews are disfavoring and excessive, the information will be removed and the buyer will be unable to make an informed decision.

Further, by extending the right to be forgotten to personal data such as debt history, creditors could be less willing to extend credit. Creditors extend credit based on personal data regarding an individual’s ability to repay them with interest. A history of bad debts is a type of personal information that creditors rely on. By allowing individuals to remove personal data relating to bad debts that have already cleared, as was the case in González, creditors may suffer if they extend credit to individuals who are unable to repay them.

In addition to the necessity of personal data in the market, personal data is needed to make decisions in matters where an individual’s moral character is significant. In a democratic society, we rely on a person’s past to make judgments as to whether it is supportive of a high position in society. For instance, individuals who run for public office must provide access to some of their public records. In addition, lawyers have to complete a character and fitness report where they disclose their personal data, whether or not it is disfavoring. If the public no longer has access to or cannot rely on the information made available, we will be unable to make informed decisions and distrust the democratic process.

3. The EU’s interpretation of the right to be forgotten asks search engines to enforce EU privacy law and risk liability for content published by third parties.

A quick overview of the resources Google has added in response to González helps demonstrate the burdensome consequences of the decision. In response to González, Google has had to employ a full-time staff to review applications to de-link content sources.[20] Google has also established an advisory council which includes legal, data protection, and human rights experts. The advisory board assists the staff responsible for effecting the right to be forgotten. Google has essentially been forced to serve as the judge and jury of what are still unclear privacy terms with not much case precedent. This is alarming considering Article 8 of the Charter of Fundamental Rights of the European Union (which affords the right to protection of personal data) states that compliance with the protection of personal data is subject to control by an independent authority.[21] In Directive 95/46/EC, the regulation provides for data protection authorities who are to determine data privacy matters on multiple levels. Nonetheless, the language of GDPR and the González court’s opinion interpreting the right to be forgotten never considered that member states’ privacy authorities should act as the judiciary to determine whether applicants for the right to be forgotten should be afforded that right, which unfairly places the burden on search engines like Google.

The EU’s neglect of the text of the law will undoubtedly lead to an insurmountable case load appearing before Google’s newly appointed judiciary. Since the González ruling, Google has received nearly half a million requests to have personal data removed.[22] Google’s costs go up if it fails to comply adequately with the brazen regulation. If Google does not de-link all content it can reasonably de-link, the GDPR could fine it an amount equivalent to two percent of Google’s annual worldwide turnover for noncompliance with the rule.[23]

4. The right to be forgotten disregards other guaranteed freedoms, mainly freedom of the press.

Article 11 of the Charter of Fundamental Rights of the European Union provides for a right to freedom of expression.[24] Free speech, alongside freedom of assembly, facilitates open discussion, which is seen as a necessity for a functioning democracy such as the US. However, as was the case in González, the right to privacy appears to trump the right to free speech in the EU.

Most search engines are based in the US, where the right to free speech is strong.[25] A fundamental right, free speech is closely protected in the US, with few exceptions such as the famous “clear and present danger” rule. This is problematic to search engines acting as a judiciary because they would be required to exercise censorship that they do not support in the name of privacy rights granted in the EU. There is a danger that search engines, when faced with a country’s demand to comply with privacy regulations they do not agree with, may choose to say “no thanks” instead of continuing operations in that country. This occurred in 2010, when Google decided to abandon its operations in China because it fundamentally disagreed with China’s level of censorship.[26] If in the future search engines decide not to do business in countries enforcing the right to be forgotten, citizens will be the ultimate losers.

 


*Tisunge (Sunga) Mkwezalamba. University of Illinois College of Law, J.D. candidate, Class of 2016. Data privacy focus. Many thanks to Maxwell and Hilda Mkwezalamba.

[1] Directive 95/46 was transposed into Spanish Law by Organic Law No 15/1999 of 13 December 1999 on the protection of personal data (BOE No. 298 of 14 December 1999, p. 43088).

[2] “Agencia Española de Protección de Datos”

[3] Case C-131/12, Google Spain v. González, 2014 EUR-Lex CELEX-LEXIS 317, ¶ 15 (May 13, 2014).

[4] Id. at ¶ 14-15.

[5] Id. at ¶ 16.

[6] Id.

[7] Id. at ¶ 51.

[8] Id.

[9] Id. at ¶ 20.

[10] Id. at ¶ 21.

[11] Id. ¶ 52.

[12] Id. ¶ 41.

[13] Id. at ¶ 94, 62; Council Directive 95/46, art. 12(b), 14(a) 1995 (L 281) 31 (EC) [hereinafter “Directive 95/46/EC”], available at http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:31995L0046&from=en.

[14] Case C-131/12, Google Spain v. González, at ¶ 20.

[15] Press Release, CareerBuilder, 35 Percent of Employers Less Likely to Interview Applicants They Can’t Find Online, According to Annual CareerBuilder Social Media Recruitment Survey (May 14, 2015), available at http://www.careerbuilder.com/share/aboutus/pressreleasesdetail.aspx?sd=5%2F14%2F2015&id=pr893&ed=12%2F31%2F2015.

[16] Id.

[17] John A. Enahoro and Jumoke Jayeoba, Value Measurement and Disclosures in Fair Value Accounting, 3(9) ASIAN ECON. & FIN. REV. 1170 (2013), available at http://www.aessweb.com/pdf-files/3(9)%201170-1179.pdf.

[18] The Top 500 Sites on the Web, ALEXA, http://www.alexa.com/topsites (last visited Mar. 22, 2015).

[19] As Media Habits Evolve, Yellow Pages and Search Engines Firmly Established As Go-To Sources for Consumers Shopping Locally, PR NEWSWIRE (June 13, 2011, 9:10 AM), http://www.prnewswire.com/news-releases/as-media-habits-evolve-yellow-pages-and-search-engines-firmly-established-as-go-to-sources-for-consumers-shopping-locally-123740559.html.

[20] The Advisory Council to Google on the Right to Be Forgotten, GOOGLE, https://www.google.com/advisorycouncil (last visited Mar. 22, 2016).

[21] 2000 O.J. (C 364) 1, available at http://www.europarl.europa.eu/charter/pdf/text_en.pdf.

[22] European Privacy Requests for Search Removals, GOOGLE, https://www.google.com/transparencyreport/removals/europeprivacy/?hl=en (last updated Mar. 22, 2016). Since last visited on March 22, 2016, Google has evaluated 1,420,812 URLs for removal based on 406,329 requests. Google has removed 42.6 percent of those URLs.

[23] Press Release, European Commission, Stronger Data Protection Rules for Europe (June 15, 2015), available at http://europa.eu/rapid/press-release_MEMO-15-5170_en.htm.

[24] Charter of Fundamental Rights of the European Union supra note 21, at art. 11.

[25] See, e.g., The Florida Star v. B.J.F., 491 U.S. 524 (1989) (holding that imposing damages on a newspaper for publishing the name of a rape victim violates the First Amendment).

[26] Henry Blodget, China Surprisingly Rattled by Google’s Clever Pullout, HUFFINGTON POST, http://www.huffingtonpost.com/henry-blodget/china-surprisingly-rattle_b_509428.html (last updated May. 25, 2011).