1 / 11

Finding the Best of the Imperfect Alternatives for Privacy, Health IT, and Cybersecurity

Finding the Best of the Imperfect Alternatives for Privacy, Health IT, and Cybersecurity Peter Swire Moritz College of Law Wisconsin Symposium in Honor of Neil Komesar October 20, 2012. To Begin. 2003 Law of Cybersecurity Course Theory and practice. Overview.

johngonzales
Download Presentation

Finding the Best of the Imperfect Alternatives for Privacy, Health IT, and Cybersecurity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Finding the Best of the Imperfect Alternatives for Privacy, Health IT, and Cybersecurity Peter Swire Moritz College of Law Wisconsin Symposium in Honor of Neil Komesar October 20, 2012

  2. To Begin • 2003 Law of Cybersecurity Course • Theory and practice

  3. Overview • Market and government failures • Examples • HIPAA medical privacy • Health IT and 2009 funding • Internet privacy • Cybersecurity • Role of courts • Conclusion

  4. The Test of a First-Rate Intelligence • Market failures and welfare economics • Government failures and public choice • Coase and Williamson • The test of a first-rate intelligence • These two ideas all-too-often incompatible, at least in D.C. • “My ultimate goal is to aid the reformation of society” • So, I suggest the following description …

  5. “ A Raging Moderate” • Passionate commitment to reform society • Acute awareness of market failures • Acute awareness of government failures • I find this congenial • OIRA does as well

  6. HIPAA Privacy Rule • 1999-2000 HHS reg • Clearly had flaws • But Congress couldn’t do it • And electronic payments compelled action, so • “Tasks that strain the abilities of an institution may wisely be assigned to it anyway if the alternatives are worse”

  7. Health IT in ARRA • Bipartisan support for EHRs, not manila folders • Need standards for interoperability • The market didn’t do it, even with jawboning • Recovery Act • $19 billion • “Meaningful use” • Tipping point for adoption, so • “The analysis converges with Ronald Coase’s famous transaction cost approach”

  8. Internet Privacy • Market failure – hard for consumer to monitor data flows • Government failure – hard to dictate acceptable technology, quickly and accurately • 1997 paper on “Markets, Self-Regulation, and Government Enforcement in the Protection of Personal Information” • But, self-regulation only works here when have a credible threat of government action, so … • Speaking prose

  9. Cybersecurity • 2003 course • Market failures – externalities • Government failures – like privacy only worse • “First, do no harm” – don’t create backdoors to help surveillance • Large bank CISO, so • “Quite commonly … institutions move together”

  10. The Courts • Some information policy issues have specific factual triggers and/or harms • Defamation • Data breach • Violate a promise – Section 5 FTCA • IP and infringement • Many, though, concern design of complex, fast-changing IT systems • Judicial management through “structural reform” suits? • I’m skeptical • .

  11. Conclusion • Imperfect Alternatives and 2003 course • An analytic approach for a wide range of issues • And, a call for something too rare in a divided political world, the passion and humility of “raging moderation”

More Related