Privacy and Security on the Internet

By Thomas Guzman*

I. Introduction

The Internet has changed how people get information, purchase goods, and interact with one another.  The Internet has been labeled a human right by the United Nations,[1] and Hilary Clinton has identified Internet freedom as a core value in line with freedoms of expression.[2]  Governments have struggled with questions about how to regulate the Internet.  Lately, the Internet regulatory debate has centered around privacy on the web and security on the web.  The two debates are more inextricably intertwined than may appear at first glance.  Can there be complete privacy on the Internet while maintaining enough cyber awareness to ward off potential threats?

II. Background

In a recent New York Times article, Howard E. Shrobe, a computer science professor at the Massachusetts Institute of Technology, is quoted as saying, “[t]he software we run [on the internet], the programming language we use, and the architecture of the chips we use haven’t changed much in over 30 years….[e]verything [on the internet] was built with performance, not security, in mind.”[3]

Since Edward Snowden released troves of information shedding light on the National Security Agency (NSA) data collection methods, privacy on the internet has been a much discussed topic.  Concerns center on governmental activity monitoring their own citizens’ data in the United States.

Prior to Edward Snowden’s disclosures, the Obama administration had already begun examining policy solutions to use data gathered from government entities to protect U.S. critical infrastructure for national security purposes.[4]

A. Snowden Sparks a Debate on Privacy

In 2013, a former contractor for the NSA, Edward Snowden, released thousands of documents to the media, giving the public a look into the secretive practices of the NSA.[5]  Snowden’s leaks showed the breadth and depth of NSA data collecting practices on both foreign nationals and U.S. citizens located domestically.  Snowden cited civil liberties as his primary motive for disclosing classified information.[6]  If Snowden wanted to spark a public debate on the merits of government data collection practices, he was certainly successful.

Following Snowden’s leaks, James R. Clapper, Director of National Intelligence, apologized for previously lying to Congress.  When asked if the NSA collected any type of data on millions of Americans, Clapper replied “no, sir.”[7]  U.S. District Court Judge Richard Leon said that the agency’s controversial program appears to violate the Constitution’s Fourth Amendment, which protects Americans against unreasonable searches and seizures.[8]  The program collects records of the time and phone numbers involved in every phone call made in the U.S., and allows that database to be queried for connections to suspected terrorists.  “I cannot imagine a more ‘indiscriminate’ and ‘arbitrary invasion’ than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying it and analyzing it without judicial approval,” wrote Leon, a George W. Bush appointee, in the ruling.[9]  The Supreme Court denied a writ of certiorari to hear the case.[10]

A White House-appointed review panel recommended that the government cease storing call data on hundreds of millions of Americans.[11]  President Obama acknowledged the dialogue surrounding NSA data collection and civil liberties arose at least in part due to Snowden’s disclosures.[12]

Snowden’s disclosures also raised the issue of privacy on the Internet abroad.  Brazilian President Dilma Rousseff championed legislation in her home country that has been touted as an internet bill of rights which limits the metadata that can be collected on Brazilians and promotes access to the Web.[13]

Whether or not the effects of Snowden’s disclosures are positive or negative may be one of opinion.  What cannot be undermined, however, is the rise in awareness of the scant privacy available on the Internet.  While Snowden’s actions led to a whiplash reaction to denounce the NSA’s overreach, which was compounded by the NSA falsely attributing averted terrorist attacks to the data collected, there are more considerations and factors weighing into the merits of monitoring web traffic.

B. Critical Infrastructure Concerns

In a 2013 report to Congress, the Department of Defense accused China of accessing and collecting data on U.S. diplomatic, economic and defense industries.[14]  U.S. accusations were corroborated by a report by Mandiant, a cyber-security firm, which came to similar conclusions.[15]  The accusations from Mandiant and the Defense Department demonstrated the vulnerability to U.S. national security interests against cyber-attacks.

Attempts to pass legislation to address cyber security concerns of private industry critical to national interests have stalled, especially after Snowden’s disclosures.[16]  As a result, President Obama signed an Executive Order in February 2013 that directed the Department of Homeland Security to create a national framework that reflects the increasing role of cyber security in securing physical assets.[17]  “Much of our critical infrastructure – our financial systems, power grids, pipelines, health care systems – run on networks connected to the internet, so this is a matter of public safety and of public health,” President Obama stated in January 2015 while introducing a renewed efforts to pass cyber security reform.[18]

C. Sony

In November 2014, Sony Pictures Entertainment suffered a massive cyber-attack that exposed terabytes of information including personally identifiable information (PII) of Sony employees, emails, and unreleased movies.[19]  On November 24, 2014, Sony became aware of the breach when an ominous red skull with a warning that Sony’s secrets were about to be released appeared on computers at Sony. It is unclear when Sony’s systems became compromised.[20]  A group calling itself “Guardians of Peace” took credit for the attack.  On December 19, 2014, the U.S. Federal Bureau of Investigations (FBI) concluded that North Korea was behind the attack on Sony.[21]

On December 16, 2014, Guardians of Peace, the group claiming responsibility for the hack, posted terrorist threats online directed at movie theaters if they played Sony’s motion picture “The Interview.”[22] The movie is a comedy, which includes a scene depicting the North Korean dictator Kim Jong Un being killed.  In June 2014, North Korea wrote to the Secretary General of the U.N. stating that the distribution of the movie should be regarded as an act of war.[23]

It should be noted however, that Norse, a private cyber security firm, also investigated the Sony hack and found no evidence of North Korea being responsible.[24]

Regardless of who is ultimately responsible, the cost of Sony’s hack is estimated to be upwards of $300 million.[25]

III. Analysis

“You have zero privacy anyway. Get over it,” the co-founder and chief executive of Sun Microsystems, Scott McNealy, said in response to growing concerns of consumer privacy in 1999.[26]  As abrasive as he was, McNealy’s inelegant comment seems eerily prescient sixteen years after the fact.  Every website a user visits is logged, and every post and online purchase leaves a trace of a user’s online presence.[27]  Every email sent via Google’s ubiquitous Gmail service is scanned for data for potential advertisers.[28]  With a $395 billion dollar company built on a principle of data mining and advertising, what chance does online privacy really stand?

Edward Snowden confirmed the notion that “big brother” is watching that existed long before 2012.  As early as 2004, when Facebook was a small website for college students to interact, there was an implicit understanding of the importance of protecting your online image.  There is no doubt that some information posted on the internet should be private, particularly in the case of credit card numbers used for online purchasers.  There is also clearly some information that is not private at all, such as public tweets, which are now being collected by the Library of Congress.[29]  Legal scholars will need to develop theories about all the information that falls between these two examples to determine what online information should be openly accessible and attributable and the information which should require a warrant to be admissible against a citizen.

Do the ends of protecting critical infrastructure from potentially massive disruptions, or preventing potential terrorist attacks through the means of meta-data collection justify NSA practices?  This must be considered while weighing the merits of online data privacy.

Despite the difficulties, online anonymity may be a winning bargain for privacy advocates and policy makers.  Protecting the U.S. economy and national security are goals too large to completely cease metadata collection, but with clear guidelines in place anonymity can be maintained until there is an established need to identify a person of interest.

As Dr. Shrobe stated, the Internet was built with performance in mind not security, so when the need to identify potential persons of interests arises there should be clear guidelines in place to authorize removing the veil of anonymity.[30]  The guidelines should serve as the basis for a preemptive warrant to protect against violations of citizen’s Due Process rights.  As the White House-appointed panel recommended, the government should cease storing call data on hundreds of millions of Americans – or at least cease storing data indefinitely.[31]

Sony is a private example of larger security concerns that come with an open Internet.  The costs Sony has incurred and the publicity of the attack may serve to raise awareness around cyber security.  A federal policy solution to protect industries not critical to national security interests may be a bridge too far, but private companies should begin to factor in cyber security as a cost of doing business in the Internet age, or risk being the next victim of a $300 million cyber-attack.

IV. Conclusion

The Internet has performed exceedingly well in connecting the world and delivering information quickly.  If the Internet was built with performance in mind, as Dr. Shrobe stated, it may be time to consider what the Internet should evolve into.  The Internet as a security-less means of accessing data may prove to be an economic costly proposition that is potentially detrimental to national security.  Private companies can hire cyber security firms to manage their networks and protect against potential cyber intrusions, but the threat of cyber-attacks will not be completely eliminated.  In order for the Internet to meet the challenges of the intricately connected world that it helped to create, it must evolve to become a safer medium through which businesses and governments operate.  Until then, we can remember McNealy’s words every time we log onto an Internet connection and “get over” our lack of privacy.  At least we can cross our fingers for anonymity on the web.


*J.D. Candidate, University of Illinois College of Law, expected 2017. B.A. Political Science, University of Illinois at Chicago, 2011.  I would like to thank the entire team at the Journal of Law Technology and Policy for their help on this piece.

[1] David Kravets, U.N Report Declares Internet Access a Human Right, Wired (June 3, 2011),

[2] Harichandan Arakali, Hillary Clinton Calls Internet Freedom ‘Core Value’ at Dreamforce Conference, Int’l Bus. Times (Oct. 15, 2014),

[3] Nicole Perlroth, Reinventing the Internet to Make it Safer, N.Y. Times (Dec. 2, 2014, 9:25 PM),

[4] President Barack Obama, Op-Ed., Taking the Cyberattack Threat Seriously, Wall St. J. (Jul. 19, 2012, 7:15 PM),

[5] Glenn Greenwald, Edward Snowden: The Whistleblower Behind the NSA Surveillance Revelations, Guardian (Jun. 11, 2013, 9:00 AM),

[6] U.S. Domestic Surveillance, Council on Foreign Rel. (Dec. 18, 2013),

[7] Aaron Blake, Sen. Wyden: Clapper Didn’t Give ‘Straight Answer’ on NSA Programs, Wash. Post (Jun. 11, 2013),

[8] Klayman v. Obama, 957 F. Supp. 2d 1, 42 (D.D.C. 2013).

[9] Id.

[10] Klayman v. Obama, 134 S. Ct. 1975 (2014).

[11] Richard A. Clarke, et al., Liberty and Security in a Changing World, White House 161 (Dec. 12, 2013),

[12] Office of Press Secretary,  Remarks by the President on the Review of Signals Intelligence, White House (Jan. 17, 2014, 11:15 AM),

[13] Stan Lehman, Brazil Passes an Internet “Bill of Rights”, San Jose Mercury News (Apr. 23, 2014, 10:04 AM),

[14] Office of the Secretary of Defense, Military and Security Developments Involving the People’s Republic of China 2013, Defense 36 (2013),

[15] David Sanger, David Barboza, Nicole Perlroth, Chinese Army Unit Is Seen as Tied to Hacking Against U.S., N.Y. Times (Feb. 18, 2013),

[16] Ryan Tracy, Cybersecurity Legislation Gets Renewed Push From Financial Firms, Wall St. J. (Nov. 13, 2013, 6:22 PM),

[17] Strengthening Security and Resilience of the Nation’s Critical Infrastructure, Department Homeland Security (Aug. 6, 2013),’s-critical-infrastructure.

[18] Obama Pushes Cybersecurity Legislation, N.Y. Times (Jan. 13, 2015),

[19] Todd Vanderwerff, The 2014 Sony Hacks, Explained, Vox (Jan. 20, 2015),; Andrew Wallenstein & Brent Lang, Sony’s New Movies Leak Online Following Hack Attack, Variety (Nov. 29, 2014, 6:37 PM),; Letter from Sony Pictures, toSony Pictures Entertainment Employees (Dec. 8, 2014), available at

[20] Kim Zetter, Sony Got Hacked Hard: What We Know and Don’t Know So Far, Wired (Dec. 3, 2014, 4:02 PM),

[21] FBI Statement: ‘We conclude that North Korean Government is Responsible’, Guardian (Dec. 19, 2014),

[22] Ben Child, Hackers Demand Sony Cancel Release of Kim Jong-Un-Baiting Comedy, Guardian (Dec. 9, 2014, 6:43 AM),

[23] Michelle Nichols, Bernadette Baum, North Korea Complains to U.N. About Film Starring Rogen, Franco, Reuters (Jul. 9, 2014, 1:38 PM),

[24] Tal Kopan, U.S.: No Alternate Leads in Sony Hack, Politico (Dec. 29, 2014, 7:41 PM),

[25] Annie Lowery, Sony’s Very, Very Expensive Hack, N.Y. Mag. (Dec. 16, 2014, 5:47 PM),

[26] Polly Sprenger, Sun on Privacy: ‘Get Over It’, Wired (Jan. 26, 1999),

[27] Mary Madden, et al., Digital Footprints: Online Identity Management and Search in the Age of Transparency,  Pew Internet & American Life Project, (Dec. 16, 2007, 4:00 PM),

[28] Samuel Gibbs, Gmail Does Scan All Emails, New Google Terms Clarify, Guardian (Apr. 15, 2014),

[29] Library of Congress is Archiving All Of America’s Tweets, Bus. Insider (Jan. 22, 2013),

[30] Perlroth, supra note 3.

[31] Richard A. Clarke, et al., supra note 11.

Improving Legal Scholarship with Network-Based Search Tools

By Andrew Higgins*

I. Introduction

In recent decades, network-driven data analysis has been a source of major developments and insights in neuroscience,[1] sociology,[2] and information science,[3] just to name a few of the academic fields; these tools have also been used to develop precise product marketing initiatives, more appropriate recommendations on sites such as Pandora[4] and Amazon,[5] and efficient search algorithms such as Google’s PageRank.[6] Curiously, legal research is typically not especially network-based, despite the fact that network tools such as PageRank were inspired by tools in legal analysis (especially Lexis’ Shepard Citations).[7] It is a truism among legal scholars that statutes, enforcement, precedent and interpretation are all deeply interconnected.[8] The significant role of stare decisis in contemporary legal practice makes it all the more puzzling why legal scholarship tends to be conducted in a linear or modular form. The aim of this article is to encourage a more network-theoretic approach to the identification and interpretation of legal precedent that more appropriately fits the non-modular, network structure of law.

I begin by briefly reviewing the basic concepts and tools of network analysis. Following this introduction, I highlight an important shortcoming in the most common tools for legal scholarship, and some concrete steps that could be taken to improve the methods used by lawyers and legal scholars to represent and interpret legal precedent. In particular, I argue that services such as WestlawNext and Lexis Advance could be improved if users were given more resources for going beyond simple Boolean searches. If properly implemented into the user interfaces of these services, network representations of legal precedent could make the process of searching and drawing from legal precedent more efficient, both in terms of the time taken to conduct searches and the accuracy of the results. I conclude by noting some directions for future research.

II. Background

Networks have two components: objects and relations.[9] The objects are called nodes and the relations between those objects are edges or vertices.[10] In the network represented in Figure 1, the nodes are the numbered entities (1–10) and the edges are the lines connecting those entities. Not all edges are equal. If, for example, we represented a friendship network, it would be useful to distinguish between close friends and acquaintances. To track the strength of friendship ties, we could give distinct edge weights to each (e.g., two for close friends and one for acquaintances). In Figure 1, edge weight is represented by the color of the edge, with black edges representing strong ties and gray edges weak ties. If our representation of the network were sensitive to edge weight, 9 would be spatially closer to 8 than 10.

Figure 1. An example network with ten nodes and seventeen edges.

The creation of network representations usually involves attraction and repulsion between nodes.[11] Edges between nodes act as attracting forces, with the edge weight determining the strength of the attraction.[12] In order to preserve spatial distance between nodes, this attraction is countered by a general repulsive force between all nodes. To avoid unlimited repulsion between disconnected nodes, a gravitational force pulls all nodes to the center.

The most significant properties of nodes, for present purposes, are their relational properties. Degree, a basic relational property, is equal to the number of the node’s edges.[13] In Figure 1, node 2 has a degree of four because it is related to four other nodes. Degree is a limited measure because it only considers nodes in relation to their nearest neighbors and is insensitive to the significance of the connection.[14] In a trade network, for example, it would be important to know not just which countries trade with which, but also the quantity of goods traded. To track this information, we should consider weighted degree, which assigns distinct values to each edge based on the significance of that relation, but this information is still highly limited. In analyzing a criminal or terrorist network, for example, we can learn something from the fact that A communicated with B, but we learn far more about A if we also know that B worked with C, D, and E, where these are high level figures in the illicit organization.

To track such indirect connections, we also need a measure of network centrality. Various centrality algorithms are used for different purposes, but they share an important common feature: sensitivity to a node’s position in the network as a whole.[15] Here I mention just three. The first, betweenness centrality, is a measure of how often a node occurs in the shortest path between two other nodes.[16] Nodes with higher betweenness centrality are more likely to play an essential bridge role in connecting two otherwise separate groups of nodes. In Figure 1, node 8 has the highest betweenness centrality because 9 and 10 are only related to other nodes through 8. In a network of U.S. senators, with edges defined by voting records, centrist senators would have the highest betweenness centrality because they alone bridge the divide between Republican and Democrat voting blocks. Eigenvector centrality is a measure of the importance of a node in the network as measured by its connectedness to other nodes with high Eigenvector centrality.[17] This metric is similar to the third measure of centrality, Google’s PageRank metric for determining the relevance of websites in a search, which in turn is inspired by Shepardizing.[18] The PageRank for website W is determined by considering the number of other websites with links to W, with greater weight given to linking websites that are themselves frequently linked.[19] Above, node 7 has the highest Eigenvector centrality and PageRank because it has several connections with nodes that themselves have several connections. In a citations-based network, Eigenvector centrality is a measure for the relative centrality of an author to the discussion in their area of specialty.

For present purposes, we can think of individual court opinions as nodes in the network. The most significant edges in the network are citations to previous court opinions, but one could also conceptualize the legal precedent framework with edges indicating similarity of content, geographical regions, or time periods. Whatever data are chosen as the basic structure of the network, legal scholars could, as I argue below, benefit from a network-theoretic reconceptualization of the legal terrain.

III. Analysis

Online research tools such as WestlawNext[20] and Lexis Advance[21] already have limited network-based approaches, but these services could be substantially improved by extending the user’s ability to visualize and digest the interconnected network of cases constituting current legal precedent. In this section I present several ways that these services could be enhanced. Each of the suggested changes would be relatively easy to implement and could significantly improve scholars’ and lawyers’ ability to identify the most relevant precedents. These suggestions apply to Westlaw, LexisNexis, and other similar services, but I will focus on the current user interface of WestlawNext and leave it to the reader to see how the suggestions would apply to other services.

For WestlawNext, generalized inquiry usually begins with the user providing a citation, party names, keywords, or other information into a Boolean search algorithm.[22] While this process is fairly straightforward and efficient, it has a notable shortcoming. If, for example, your aim is to find cases involving pre-verbal infants causing harm, a search for “baby” will return just those cases where “baby” appears as a keyword or within the text; but, of course, cases mentioning “infant,” “toddler,” “small child,” or “newborn” could also prove relevant. Thus, these search engines could be improved by implementing semantic network databases such that nearby terms are given some weight.

Once the user has found a relevant case, WestlawNext provides excellent network-based information in the form of KeyCite.[23] This tool allows users to immediately see a summary evaluation of how the case fits into the network of legal precedent, whether the case has been superseded, affirmed, distinguished, or received other treatments, and the significance of each related case. This information is analogous to knowing node degree, types of edges, nearest neighbors, and edge weight, but is limited in the same way as these measures of node significance. A major shortcoming of the initial search results is that users are given a list of cases, C1–Cn, each related to the queried case, C0, where C1–Cn are each provided with specific information linking it to C0, but without any further information putting these cases in a broader legal context or showing how they might directly relate to one another. This is partially remedied by the diagrammatic representation of the case history on WestlawNext, wherein users see a small set of prior cases that have been granted rehearing, had their judgment reversed, etc., but there is a great missed opportunity at this stage of the search. Along with learning how the case directly relates to prior cases, it would be valuable to have network-based representations of a greater diversity of relations and a ranking system more sensitive to a case’s position within the network of legal precedents. Researchers could benefit from visual representations of several clusters of cases relevant to their specific topics, where the edges would indicate important relations between these cases beyond the relation of explicit undermining or supporting relations. For example, one could selectively add or remove edges indicating similarity in semantic content, relevant statutes, or topics. This would be beneficial for allowing scholars to freely navigate the metaphorical legal space in a literal physical space that intuitively maps onto the conceptual distances between the various cases. When starting the research process, this would provide users with an easily digestible, unified picture of the topic highlighting the most important judgments to consider in more detail, and, for the users already familiar with the legal landscape, this service would help them identify the most important gaps in their knowledge. For most of the relevant criteria, both Westlaw and LexisNexis already possess the data, so these services could be improved simply by adding functionality to the user interface.

It would also be beneficial to use network-based measures of centrality as an indicator of the significance of cases rather than raw citation counts or merely relying on a vague sense of importance that one has inherited from peers and educators. If one wished to know the most significant landmark cases on a specific issue, one could do far worse than seeking experts’ opinions, but a quantitative measure of citation counts may be a more reliable indicator of significance than even the intuitive judgments of experts. WestlawNext provides these citation numbers, but raw citation counts can be highly misleading as a method for ranking the significance of cases because this data is not sensitive to the relative importance of the court decisions citing the case in question, and some cases have received more citations simply in virtue of the fact that they were decided earlier. By analogy, in an academic citation network, being cited by the top scholar in the field is more important than being cited by ten small players. In the same way, court decisions cited in landmark cases are more significant than those cited by several less significant cases.

To gain a more accurate representation of the most significant cases, it would be better to have a system that mirrors academic rankings like H-index[24] or Google’s algorithms for ranking websites. This could be implemented by WestlawNext and similar services by providing users with a significance score for case C that is simultaneously sensitive to all of these factors: (1) the number of cases citing and cited by C, (2) the significance of the cited cases to C and the significance of C in the court decisions citing it, and (3) the relative importance of the citing and cited cases. This sort of method has been tested by James Fowler et al., who found inward relevance (one of many measures of network centrality) was a strong predictor of future citations.[25] Given the relative success of this and similar models for accurately identifying and predicting case significance, online archives such as Westlaw could improve the relevance of their search results by using network centrality for sorting and filtering results, and they could provide more meaningful information to users by including cases’ centrality scores in the listed search results.

IV. Recommendation

The advice offered above is specifically aimed at improving the efficiency of searches for cases with legal precedent, but these tools could be used in a greater variety of contexts. I conclude by briefly suggesting a few further possibilities. Closely related to the discussion above, the method of collecting and analyzing case precedent from a network perspective could be used by legal scholars to develop highly accurate pictures of the history and future of law. For example, Fowler et al. observed that, in the cases they reviewed, the Commerce Clause was the most significant legal issue in 1955, whereas First Amendment issues had become dominant in more recent years.[26]

By identifying and tracking the trends in law over the years, researchers could develop fine-grained, data-driven overviews of the history of the law while also developing accurate models for predicting future trends. Second, scholars could use network analysis to test for possible sources of bias in judicial decisions over the years by creating and analyzing social networks showing social or communication links between judges and lawyers that correlate, in a problematic way, with judges’ rulings. Finally, similar methods could be used to compare the structures of scientific and legal citation networks to see if the legal community’s structure is relevantly similar to the structure of the sciences.


*Ph.D., Philosophy, University of Illinois.  Special thanks go to Laura Peet and Alexis Dyschkant for invaluable discussions regarding the nature and practice of law.  I also wish to thank Jonathan Waskan and Jana Diesner for providing the empirical and theoretical tools needed to approach this topic.

[1] Simon Haykin, Neural Networks: A Comprehensive Foundation (1st ed. 1994).

[2] The SAGE Handbook of Social Network Analysis (John Scott & Peter Carrington eds., 2011).

[3] Ravinda Ahuja, Thomas Magnanti, & James Orlin, Network Flows: Theory, Algorithms, and Application (1993).

[4] Pandora, (last visited Feb. 4, 2015).

[5] Amazon, (last visited Feb. 4, 2015).

[6] Ian Rogers, The Google Pagerank Algorithm and How it Works, Ian Rogers, (last visited Feb. 4, 2015).

[7] Eugene Garfield, Discovering Shepard’s Citations, WebOfStories, play/eugene.garfield/25;jsessionid=C829679D889485A4E6AF76C0C3286EF1 (last visited Feb. 4, 2015).

[8] Ronald Dworkin, Law’s Empire (1986).

[9] David Easley & Jon Kleinberg, Networks, Crowds, and Markets: Reasoning About a Highly Connected World 2 (2010).

[10] Id.

[11] Id. at 47.

[12] Id. at 53.

[13] Reinhard Diestel, Graph Theory 5 (3d ed. 2005).

[14] Easley & Kleinberg, supra note 10, at 434.

[15] Id. at 342.

[16] Id.

[17] See id. at 417. This may seem paradoxical, as Eigenvector centrality for any given node can only be determined in reference to the Eigenvector centrality of other nodes. The paradox is removed because this metric is calculated on the basis of several iterations of the algorithm.

[18] The Page Rank Algorithm, eFactory, (last visited Feb. 4, 2015).

[19] Id.

[20] WestlawNext, (last visited Feb. 4, 2015).

[21] LexisNexis, (last visited Feb. 4, 2015).

[22] WestlawNext, (last visited Feb. 4, 2015).

[23] Lexis Advance offers a similar service with Shepard’s, and its Map option mirrors WestlawNext’s case mapping function described later in the paragraph.

[24] Publish or Perish,Harzing, (last visited Feb. 4, 2015). H-index is a measure of academics’ productivity. A scholar is given a score of h where she has h papers with h publications and the remaining papers have less than or equal to h citations.

[25] James Fowler et al., Network Analysis and the Law: Measuring the Legal Importance of Precedents at the U.S. Supreme Court, 15 Pol. Analysis 324–46 (2007).

[26] Id.

The StarLink Scandal and Biofuels: Recommendations for Amendments to the EPA’s Giant Reed and Napier Grass Ruling

By Kaitlin C. Straker, A. Bryan Endres, Elise C. Scott, & Alison Gomer

I. Introduction

The risks and benefits of emerging biology-based technology have engendered significant debate, particularly regarding the scope of the Environmental Protection Agency’s (EPA) biotechnology-related regulations.[1] Critics charge that federal regulation of biotechnology has been minimal and influenced by industry at the expense of precautionary environmental and health protection.[2] They warn that previous negative experiences with pesticides concerning harmful effects on human safety and the environment should caution regulators against allowing unfettered development and marketing of novel technologies.[3]

Moreover, the EPA’s patchwork and ad hoc regulatory approach[4] lacks clarity and consistency which fuels the debate and can have costly consequences.[5] For example, the EPA’s regulatory oversight of biotechnology, specifically pesticides incorporated through genetic engineering of seeds, relied on a novel interpretation of the Federal Insecticide, Fungicide, Rodenticide Act (FIFRA)[6]—an act passed a decade[7] before the invention of genetic engineering[8] and intended to regulate application of pesticides. The EPA’s regulation of feedstocks intended for biofuels involves a similar twisting of regulatory authority under the Clean Air Act.[9] The EPA’s new regulations under the Clean Air Act require the agency to carry out Weed Risk Assessments (WRAs), an area normally left to the USDA and its Animal and Plant Health Inspection Service (APHIS)[10] under the Plant Protection Act.[11]

This Article examines the EPA’s role in bioenergy regulation, and the agency’s past attempts to control genetically engineered plants. Part II of this Article discusses the Clean Air Act’s authority over plants intended for bioenergy. Part III of this Article reviews the history of the EPA’s regulation of genetically engineered corn, and Part IV of this Article recommends a regulatory innovation based on the lessons learned.

II. Bioenergy Feedstock Regulation

The Renewable Fuel Standard (RFS),[12] part of the Energy Independence and Security Act,[13] directed the EPA to develop and implement regulations to increase biofuel use through a series of escalating mandates.[14] From a compliance perspective, fuel retailers must blend in certain percentages of biofuels to achieve the overall RFS mandate.[15] Renewable Identification Numbers (RINs) associated with biofuel production ensure a reduction in life-cycle greenhouse gas (GHG) emissions associated with the feedstock’s production and processing.[16] The EPA evaluates each potential bioenergy feedstock as part of this GHG calculation.[17] Feedstock pathways meeting the required GHG reduction will qualify for RINs and thus blending to meet the RFS mandates.[18]

In 2012, Chemtex Group and BP Biofuels North America petitioned the EPA[19] to approve Arundo donax (giant reed)[20] and Pennisetum purpureum (napier grass),[21] and though initially approved,[22] the EPA later rescinded its decision[23] based, in part, on public concern related to the potential for these crops to escape cultivation and become invasive.[24] In July 2013, the EPA finalized a revised rule that approved the biofuel pathways for napier grass and giant reed.[25] This revised ruling imposes a unique requirement on fuel producers to ensure the feedstocks used to generate biofuels do not become invasive outside of cultivation.[26] The rationale behind this Clean Air Act requirement is that additional GHG emissions would result from eradication activities in the event of an invasion.[27] The EPA’s ruling also poses a regulatory challenge to fuel producers, who are responsible for feedstock production practices instead of the feedstock grower—the party actually implementing those practices.

Specifically, the agency requires fuel producers, not growers, utilizing napier grass or giant reed to submit a Risk Mitigation Plan (RMP) that specifies invasion prevention procedures and record-keeping.[28] Essential documents in a RMP include the agreements with the feedstock growers and other intermediaries involved in harvest, transport, or storage of the biomass.[29] Incorporated within these agreements should be the assignment of rights, duties, and liability associated with the RMP or potential spread of the feedstock.[30] In addition to submitting copies to the EPA, the agency requires a third party auditor to monitor compliance.[31]

Researchers note that because this rule requires a close, communicative relationship between the biomass grower and fuel producer prior to the sale of biomass for conversion to biofuel, the EPA is oversimplifying the agricultural supply chain.[32] The agency assumes a direct relationship between the feedstock grower and ultimate fuel producer. It is difficult, however, even in this initial stage of industry development to trace feedstocks on a producer-by-producer basis, and as this industry expands into a commodity-based supply chain, traceability will be increasingly difficult. Moreover, the rule, as written, could eventually keep farmers without a pre-existing relationship with a fuel producer out of the bioeconomy.[33]

III. Previous Biotechnology Regulation: Bt Corn Example

Under FIFRA,[34] the Federal Food, Drug, and Cosmetic Act (FFDCA),[35] and the Toxic Substance Control Act (TSCA),[36] the EPA obtained authority to regulate pesticides and ensure a given pesticide would not produce negative consequences for the environment, human safety, or non-target species.[37] With the invention of genetically engineered plants containing pesticide activity, the Presidential-level working group charged with determining the regulatory policy for biotechnology concluded the existing laws were adequate to meet the needs of new biotechnology inventions.[38] Accordingly, the EPA’s responsibility for regulating pesticides expanded to include regulating genetically modified crops containing pesticide activity through a reinterpretation of its FIFRA authority.[39]

Starting in the mid-1990s, the EPA began approving genetically engineered Bt corn[40] as a plant pesticide[41] (now referred to as plant incorporated protectants).[42] In 1998, the EPA registered a particular variety of Bt corn, StarLink,[43] for industrial uses and animal feed.[44] The EPA amended StarLink’s registration several times, and in 2000, the EPA added conditions, which imposed unique requirements on seed manufacturers to help prevent commingling with other corn varieties intended for human consumption.[45] Specifically, seed manufacturers were tasked with ensuring that corn grown within 660 feet of StarLink could not be used for human consumption and required the creation of grower agreements negotiated between the seed manufacturer and the farmer, which mandated a twenty percent refuge[46] of non-Bt corn be planted to prevent insect resistance.[47]

During this time, concern regarding under-regulation of novel genetically engineered crops led the organization Genetically Engineered Food Alert[48] to test foods for the presence of foreign DNA, and in September 2000, the group discovered taco shells that contained StarLink corn.[49] The discovery led to a flurry of negative media coverage, and Aventis, StarLink’s manufacturer, voluntarily requested a revocation of its pesticide registration for StarLink to prevent further sales and scandal.[50] As an additional mitigation strategy, Aventis developed the StarLink Enhanced Stewardship (SES) Program to prevent further contamination; the program provided a twenty-five cent per bushel incentive for growers to allow StarLink and corn grown within the 660 foot buffer to be handled through the program, a separate five to ten cent per bushel payment for non-StarLink corn accidently mixed with StarLink, and free DNA testing kits to growers and grain elevators.[51] Aventis paid out a reported $130 million through the SES program by 2004.[52] Despite the SES program, Aventis faced litigation.[53] Non-StarLink corn farmers brought a class action suit against Aventis for the consumer backlash against the corn market, which the company eventually settled for $110 million plus interest.[54] Consumers of the commingled corn who claimed they suffered an allergic reaction from the consumption of StarLink also brought a suit against Aventis that settled for a reported $9 million.[55]

Following the StarLink incident, when the EPA extended registrations for non-StarLink variety Bt corn in October 2001, they included additional requirements for the Bt corn seed manufacturers.[56] The revised registration rules require seed manufacturers to:

  • prepare and induce seed users to sign grower agreements which contractually bind growers to plant the proper refuge;
  • create and execute educational programs for growers about refuges and insect resistance;
  • create a remedial action plan to implement if resistance is discovered;
  • hire an independent third party to survey and measure the degree of compliance by growers;[57] and
  • submit annual reports to the EPA on grower agreements, sales, compliance, and education.[58]

Although the EPA’s prior requirements included grower agreements,[59] after the StarLink incident, the public and the EPA realized additional post-approval monitoring and requirements were required to ensure comprehensive information was given to and carried out by growers.[60]

Although some critics may see the current EPA rule as overbroad stating that the risk of the species becoming invasive is minimal, the overall industry response to the approval of giant reed and napier grass was positive as Chemtex in particular was pleased to move forward with their plan to build a refinery for giant reed in North Carolina.[61] In the interest of avoiding a similar economic and reputation scandal as StarLink, the biotech industry’s response to the increased requirements following StarLink was neutral, and instead the focus was on farmer compliance.[62] Likewise, the suggested amendments define the scope of the RMP more fully and thus help to limit industry liability.

IV. Recommendations

Although the StarLink episode created an opportunity for government agencies to gain more control over biotechnology, an area formerly controlled largely by industry,[63] the EPA’s rule approving napier grass and giant reed fuel pathways does not employ such strict regulation. Similar to the initial Bt corn requirements,[64] the EPA’s rule approving napier grass and giant reed does not include adequate post-approval monitoring for compliance and education.[65] The EPA explicitly states that the fuel producer is expected to exercise a “level of responsibility for and oversight of the feedstock production, harvest, transport and storage that may not normally exist in a buy-sell contract for agricultural products[,]”[66] yet it fails to require educational programs to ensure growers understand their responsibilities, much like the pre-StarLink scandal regulations. Further, comparable to the initial Bt corn regulations, although the EPA requires a copy of the agreement between the fuel producer and grower regarding the RMP and invasion liability,[67] this does not ensure that the grower understands his or her responsibilities or how to implement best management practices.

An economic and reputational incident comparable to StarLink would be damaging to this nascent bioenergy industry. Amending the EPA’s Arundo ruling provides the agency and biofuel industry an opportunity to avoid a possible scandal. The EPA should issue an amended rule that is modeled after post-StarLink Biopesticide Registration Action Documents.[68] Specifically, the rule could require fuel producers to:

  • prepare and obtain feedstock growers’ signatures to contractually bind growers to implement specific best management practices;
  • create and execute educational programs for growers regarding invasive species and preventing invasion;
  • create an explicit remedial action plan to implement if invasion is detected;
  • hire an independent third party auditor to assess compliance by growers, via both surveys and on-farm assessments (in addition to the auditor the EPA already requires to examine the fuel producers compliance); and
  • submit annual reports to the EPA on agreements, compliance, and education.

Although the EPA’s current mechanism for regulating feedstock production requires a relationship between the fuel producer and grower that predates the sale of biomass,[69] a more specific and robust rule could inform growers’ actions before they enter into a relationship with a fuel producer and provide better instruction on avoiding an invasion. Additionally, it would allow tenant farmers to include the specific terms required by the EPA in their leases to demonstrate compliance and facilitate later sales of napier grass or giant reed to a fuel producer.[70] There is also a need to consider improved regulatory regimes based on existing noxious weed/plant pest authorities and common law tort theories to protect the environment in the absence of a relationship with fuel producers seeking RFS certification.[71] For example, growers of giant reed or napier grass that fail to satisfy the precautionary measures required for the RFS could re-direct their feedstocks to the electric power industry that needs substantial quantities of biomass to satisfy state renewable portfolio standards.

V. Conclusion

Biotechnology, including bioenergy, as an emerging medium and market, requires improved, comprehensive regulation to maintain a place in the U.S. and world economies. Bt corn regulation and the StarLink scandal demonstrate the importance of well-defined requirements and provide a potential framework for amending the current EPA approval of napier grass and giant reed. Such amendments will assist the EPA in avoiding a similar scandal due to a patchwork regulatory scheme and instead promote more comprehensive and effective regulations.


[1] A. Bryan Endres, “GMO:” Genetically Modified Organism or Gigantic Monetary Obligation? The Liability Schemes for GMO Damage in the United States and European Union, 22 Loy. L.A. Int’l & Comp. L. Rev. 453, 480 (2000).

[2] A. Bryan Endres, An Evolutionary Approach to Agricultural Biotechnology: Litigation Challenges to the Regulatory and Common Law Regimes for Genetically Engineered Plants, 4 Ne. U. L.J. 59, 70 (2012); Aseem Prakash & Kelly L. Kollman, Biopolitics in the EU and US: Race to the Bottom or Convergence to the Top?, 47 Int’l Stud. Q. 617, 624 (2003).

[3] Endres, supra note 1 at 453.

[4] A. Bryan Endres, Coexistence Strategies in a Biotech World: Exploring Statutory Grower Protections, 13 Mo. Envtl. L. & Pol’y Rev. 206, 207 (2006); Lauren D. Quinn et al., Resolving Regulatory Uncertainty: Legislative Language for Potentially Invasive Bioenergy Feedstocks, GCB Bioenergy, available at (forthcoming).

[5] See, e.g., D.L. Uchtmann, Starlink—A Case Study of Agricultural Biotechnology Regulation, 7 Drake J. Agric. L. 159, 195 (2002) (discussing the costs of the commingling of StarLink corn not approved for food-use with the food supply); see also Quinn et al., supra note 4 (discussing how the EPA’s eighteen month delay in approval of two species of feedstocks for bioenergy cost the petitioners millions of dollars).

[6] 7 U.S.C. §§ 136–136y (2012).

[7] FIFRA was first passed as P.L. 80-104 in 1947.  However, it was rewritten in 1972 with the Federal Environmental Pesticide Control Act (FEPCA).  Federal Insecticide, Fungicide, and Rodenticide Act (FIFRA), U.S. Envtl. Prot. Agency, (last visited Nov. 9, 2014); see also 7 U.S.C. §§ 136–136y (2012).

[8] Coordinated Framework for Regulation of Products of Biotechnology, 51 Fed. Reg. 23,303 (June 26, 1986).

[9] 42 U.S.C. § 7401 et seq. (2012).

[10] About APHIS, U.S. Dep’t Agric. Animal & Plant Health Inspection Service (Sept. 2, 2014),

[11] Plant Protection Act, Pub. L. No. 106-224, 114 Stat. 438 (2000).

[12] Regulation of Fuels and Fuel Additives: Renewable Fuel Standard Program, 83 Fed. Reg. 23,900 (May 1, 2007).

[13] Energy Independence and Security Act of 2007, Pub. L. No. 110-140, 121 Stat. 1492.

[14] 40 C.F.R. §§ 80.1100–80.1167 (2013).

[15] Regulation of Fuels and Fuel Additives: Renewable Fuel Standard Program, 83 Fed. Reg. 23,900 (May 1, 2007).

[16] 40 C.F.R § 80.1426 (2013).

[17] Id.

[18] Id.

[19] Fuels and Fuel Additives: Approved Pathways, U.S. Envtl. Prot. Agency, (last visited Nov. 9, 2014).

[20] Arundo donax is a tall perennial reed-like grass and is among the largest of the grasses, growing to a height of 8 meters.  This species is believed to be native to freshwaters of eastern Asia, but has been cultivated throughout Asia, southern Europe, northern Africa, and the Middle East for thousands of years and has been planted widely in North and South America and Australasia in the past century.  It was intentionally introduced to California from the Mediterranean in the 1820s in the Los Angeles area as an erosion control agent in drainage canals, and was also used as thatching for roofs of barns, sheds, and other buildings.  Gary Bell, Plant Invasions: Studies from North America and Europe 103–113 (J.H. Brock ed., 1997).

[21] Napier or elephant grass, is a tropic bunchgrass with high growth and biomass production rates.  Xin-Ming Xie et al., Dynamic Changes of Lignin Contents of MT-1 Elephant Grass and its Closely Related Cultivars, 35 Biomass & Bioenergy 1732 (2011).

[22] Regulation of Fuels and Fuel Additives: Identification of Additional Qualifying Renewable Fuel Pathways Under the Renewable Fuel Standard Program, 77 Fed. Reg. 699 (Jan. 5, 2012); see also Quinn et al., supra note 4.

[23] Regulation of Fuels and Fuel Additives: Identification of Additional Qualifying Renewable Fuel Pathways Under the Renewable Fuel Standard Program, 77 Fed. Reg. 13,009 (Mar. 5, 2012); see also Quinn et al., supra note 4.

[24] Quinn et al., supra note 4.

[25] Regulation of Fuels and Fuel Additives: Additional Qualifying Renewable Fuel Pathways Under the Renewable Fuel Standard Program; Final Rule Approving Renewable Fuel Pathways for Giant Reed (Arundo donax) and Napier Grass (Pennisetum purpureum), 78 Fed. Reg. 41,703 (July 11, 2013) (to be codified at 40 C.F.R. pt. 80) [hereinafter Final Rule]; see also Quinn et al., supra note 4.

[26] Final Rule, supra note 25 at 41,705; see also Quinn et al., supra note 4.

[27] Id.

[28] Final Rule, supra note 25 at 41,709.

[29] Id. at 41,711.

[30] Id.

[31] Id.

[32] Elise C. Scott et al., The Bioenergy Farm Lease, Part 4: Incorporation of Evolving Standards, FarmDocDaily (Nov. 22, 2013),

[33] Id.

[34] 7 U.S.C. §§ 136–136y (2012).

[35] 21 U.S.C. §§ 301–399 (2012).

[36] 15 U.S.C. §§ 2601–2629 (2012).

[37] See Uchtmann, supra note 5, at 184.

[38] Coordinated Framework for the Regulation of Products of Biotechnology, 51 Fed. Reg. 23,303 (June 26, 1986); see Uchtmann, supra note 5, at 169.

[39] See Uchtmann, supra note 5, at 184; see also Endres, supra note 1, at 480.

[40] Bt corn refers to genetically engineered corn that produces toxins derived from the Bacillus thuringiensis bacterium as a means of protection from insect pests.  Richard L. Hellmich & Kristian Allyse Hellmich, Use and Impact of Bt Maize, 3 Nature Educ. Knowledge 4 (2012).

[41] See Plant Incorporated Protectants, U.S. Envtl. Prot. Agency, (last updated Jan. 2013).

[42] See 40 C.F.R. § 174.3 (2013).

[43] StarLink was a variety of corn engineered to produce the Cry9C protein as a pesticide.  At the time of its registration with the EPA, there was not sufficient data to show if the protein was a human allergen, and StarLink was approved only for animal feed or industry use.  StarLink Corn Regulatory Information, U.S. Envtl. Prot.Agency, (last updated Apr. 2008).

[44] Certain Companies; Approval of Pesticide Product Registrations, 63 Fed. Reg. 43,936 (Aug. 17, 1998); see Uchtmann, supra note 5, at 198 (citations omitted).

[45] Uchtmann, supra note 5, at 185–86 (citing U.S. Env’t Prot. Agency, EPA/730/F-00/005, Biopesticide Fact Sheet: Bacillus thuringiensis Subspecies tolworthi Cry9C Protein and the Genetic Material Necessary for Its Production in Corn (Apr. 2000)).

[46] A refuge is an area planted nearby without a certain pesticide (in this case, planted without Bt corn) to conserve alleles in the population that are susceptible to that pesticide and prevent resistance.  A.M. Shelton et al., Economic, Ecological, Food Safety, and Social Consequences of the Deployment of Bt Transgenic Plants, 47 Ann. Rev. Entomology 845, 862 (2002).

[47] Uchtmann, supra note 5, at 185–86 (citing U.S. Env’t Prot. Agency, EPA/730/F-00/005, Biopesticide Fact Sheet: Bacillus thuringiensis Subspecies tolworthi Cry9C Protein and the Genetic Material Necessary for Its Production in Corn (Apr. 2000)).

[48] Id. at 182.

[49] Id.

[50] Id. at 187, 192.

[51] Id. at 193–94 (citations omitted).

[52] Kevin O’Hanlon, StarLink Corn Settlement Also to Include Interest, USA Today (Aug. 23, 2004, 5:55 PM),

[53] See, e.g., In re StarLink Corn Products Liab. Litig., 212 F. Supp. 2d 828 (N.D. Ill. 2002).

[54] O’Hanlon, supra note 52; see D.L. Uchtmann, Filing Deadline Extended to July 31: How to File Claims for Compensation from the Non-StarLink Farmer’s Class Action Settlement, Farm Doc (June 4, 2003),

[55] O’Hanlon, supra note 52.

[56] Uchtmann, supra note 5, at 206 (citations omitted); see U.S. Envtl. Prot. Agency, Biopesticide Registration Action Document—Bacillus thuringiensis Plant-Incorporated Protectants (2001), available at [hereinafter BRAD].

[57] Due to concerns over compliance, in 2010, when the EPA re-registered several brands of Bt corn, they included additional compliance requirements including continued annual surveys as well as on farm assessments.  See U.S. Envtl. Prot. Agency, Biopesticide Registration Action Document—Cry1Ab and Cry1F Bacillis thuringiensis (Bt) Corn Plant-Incorporated Protectants (2010), available at

[58] BRAD, supra note 56.

[59] Uchtmann, supra note 5, at 184–85 (citations omitted).

[60] Id. at 206.

[61] See John Murawski, EPA Approves Arundo Reed for Use in Proposed Sampson County Ethanol Refinery, News & Observer (July 3, 2013) (discussing Chemtex’s plan to build a refinery for giant reed); NC Biofuels Pleased with EPA Approval of Arundo donax, SFN Today (July 11, 2013), (noting Chemtex’s positive response to giant reed approval).

[62] See Jessica Goldberger, Jeanne Merrill & Terrance Hurley, Bt Corn Farmer Compliance with Insect Resistance Management Requirements in Minnesota and Wisconsin, 8 J. Agrobiotechnology Mgmt. Econ. 151, 152 (2005), available at (comparing their compliance results with several other studies on farmer compliance).

[63] Prakash & Kollman, supra note 2, at 633.

[64] Uchtmann, supra note 5, at 184–84 (citations omitted).

[65] See Final Rule, supra note 25.

[66] Id. at 41,711.

[67] Id.

[68] See BRAD, supra note 56.

[69] See Scott et al., supra note 32.

[70] See id. (discussing how incorporation of the EPA’s regulations into a bioenergy farm lease could facilitate tenant farmers’ entry into the bioeconomy).

[71] See generally James McCubbins et al., Frayed Seams in the “Patchwork Quilt” of American Federalism: An Empirical Analysis of Invasive Plant Species Regulation, 43 Envtl. L. 35 (2013) (discussing shortcomings of regulatory frameworks and proposing a negligence-based liability regime for controlling the introduction and spread of invasive plant species).