Chris Jay Hoofnagle

I have focused my career upon the special problems facing consumers in the information economy. Consumers are expected to protect themselves in a complex and dynamic marketplace. Information-intensive companies are organized, sophisticated, even inscrutable, and are actively attempting to shape consumers’ expectations and attitudes, and these entities increase their power to sort consumers as more information is collected about individuals.

I hold a dual appointment as full adjunct professor in the School of Information and in the School of Law at the University of California, Berkeley, which I teach full time. I also serve on boards to two companies, 4iQ (cybersecurity intelligence) and Palantir Technologies. On my “consulting day,” I am of counsel to Gunderson Dettmer LLC.

Research

Quantum Information Science

Quantum technologies use the special properties of small particles to provide capabilities not otherwise possible. These capabilities are so different from our conventional intuition that quantum technologies seem to ride the fine border between science fiction and fantasy—yet many quantum technologies can be commercially purchased today, and more are just around the corner.

With Simson Garfinkel, I am developing work that details the state of the art in three related, but different areas of quantum technology: quantum sensing, quantum communications, and quantum computing. Quantum sensing, the most mature, makes it possible to literally see through walls and sense otherwise invisible objects—even stealth aircraft and submarines. Quantum communications, which is just now transitioning from the lab to the marketplace, allows communication that resists jamming and eavesdropping. Finally, quantum computation holds promise for artificial intelligence and presents challenges to the codes and ciphers used to protect modern communications.

Since the dawn of the atomic age, quantum technology has always provided capabilities that seem strange, powerful, and at times frightening. Just as the atomic bomb (the first quantum weapon) changed our understanding of war, the democratization of QIS-based innovations will have disruptive effects. Our goal is to anticipate these effects and to present their implications from the strategic (in an international relations sense) to the new realities for the ordinary citizen/consumer. What actors should be involved in QIS policy? What institutional structures will be necessary? How should industrial policy be used to promote (or control) QIS? Are there kinds of quantum technologies or certain misuses of it that are tractable by regulation? What are the most important issues to resolve now?

Cybersecurity in Context

Every one now has a stake in the healthy functioning of communications and control networks, in the devices and services dependent on network, and by implication, in all the complicated infrastructure required to keep networks, devices, and services operating. As we have become more affluent and as the economy has become more interconnected, we are interdependent in ways never thought possible.

The proper functioning of communications networks, which carry everything from banal social updates to the second-by-second valuations of companies to the intelligence that shapes governments’ posture in conflicts, is now a central problem. But it is also an insoluble problem. Cybersecurity is a wicked problem. Cybersecurity is an unbounded problem that cannot be cleanly extricated from an array of social problems and interests. In managing cybersecurity there are few unqualified good approaches, but rather a series of contests and choices among important values. Cybersecurity will also never be solved definitively; instead concerns about whether we can trust devices, networks, and the information present in them will persist and need to be managed.

My project with Jennifer Urban intends to explain how cybersecurity has come to encompass these complex interests, how cybersecurity is conceptualized, and how cybersecurity concerns and rules are diffusing through the public and private sectors.

Representative publications:

FTC Regulation of Cybersecurity and Surveillance, in The Cambridge Handbook of Surveillance Law (David Gray and Stephen Henderson, eds)(Cambridge University Press 2017)
An Economic Map of Cybercrime (with Alvaro A. Cárdenas, Svetlana Radosavac, Jens Grossklags, & John Chuang), TPRC 2009.

Internet Tracking & Cybercrime

My team has performed terabyte-scale studies of internet tracking and of cybercrime networks, using a series of tools including Palantir, mitmproxy, STATA (Here is my STATA Cheat Sheet), Python, and a custom-built crawler.

My team has made several contributions. First, we have discovered new forms of consumer tracking in the wild (flash cookies, cache cookies). These discoveries led to policy development in the U.S. and in the EU. Second, we helped foster the field of “web privacy measurement,” holding an inaugural workshop on the topic in 2012. Third, building on the work of co-author Professor Damon McCoy, we showed just how fragile cybercrime networks are to deterrence by denial approaches. That is, online sellers of illegal pharmacies are vulnerable to law enforcement (or even civil enforcement) efforts to disrupt their operations, by denying them access to vendors providing payment and other services. Finally, we have shown that online advertisers use rhetoric of individual choice in political theaters, while using clever coding to remove all forms of actual consumer choice in the technology domain.

Representative publications:

Deterring Cybercrime: Focus on the Intermediaries, 32(3) Berkeley Technology Law Journal 1093 (2017)(with Damon McCoy, Amanda Maya and Aniket Kesari).
Privacy and Adult Websites, Workshop on Technology and Consumer Protection (ConPro ’17), May 2017, San Jose, CA, with Ibrahim Altaweel and Maximilian Hils.
Online Pharmacies and Technology Crime, in The Handbook of Technology, Crime and Justice (Michael McGuire and Thomas J. Holt, eds.) (Routledge Press 2017)(invited contribution)
Web Privacy Census, Technology Science (2015) (with Ibrahim Altaweel and Nathaniel Good)(peer reviewed)
Behavioral Advertising: The Offer You Cannot Refuse, 6 Harvard L. & Policy R. 273 (2012)(with Ashkan Soltani & Nathaniel Good). Received the 2014 CPDP Multidisciplinary Privacy Award.

Digital Consumer Protection

As products and services merge, we need new kinds of marketplace signals and rules to ensure that consumers understand the exchange, and so that competition is fair and vigorous. In a series of works with Case Western University Professor Aaron Perzanowski and Berkeley JSD candidate Aniket Kesari, we have used legal/empirical analyses to elucidate consumers’ understanding of digital marketplaces.

Our most ambitious work in this field is The Tethered Economy, which explores how sellers are exercising post-transaction control over consumers using both legal and technical mechanisms. We describe tethering as a deliberate strategy, one that reflects a reconceptualization of the modern consumer from owner to renter. Tethers make a product dependent on the seller for its ordinary operation, and in doing so, sculpt consumers’ decision space. We explain the pathologies that arise from tethering mechanisms, on both the individual consumer and market level. We conclude by suggesting ways to change incentive alignments to reduce transaction costs, reduce opportunities for guile, and to promote competition. Our most radical intervention surrounds network effects. We think network effects are more powerful than regulators understand, and that to counter them, consumers need not just the right to switch providers, but structured help to do so. We articulate this as a “micro-services switch over” principle.

Representative publications:

The Tethered Economy (with Aaron Perzanowski and Aniket Kesari), 87(4) Geo. Wash. L. Rev. 783 (2019)
Designing for Consent, 4/2018 Journal of European Consumer and Market Law 162–171 (2018)
What We Buy When We “Buy Now,” 165 University of Pennsylvania L. Rev. 315 (2017)(with Aaron Perzanowski)
Native Advertising and Endorsement: Schema, Source-Based Misleadingness, and Omission of Material Facts, Technology Science 2015121503 (2015)(with Eduard Meleshinsky)

102 South Hall
Berkeley, CA 94720
510-643-0213
GPG | Keybase | C.V.

Spring 2020 Teaching

Fall 2019 Teaching

Cybersecurity in Context

Spring 2019 Teaching

2020 Events

Jan–May Simons Institute Quantum Wave
Feb. 3–4 Privacy Law Salon, Miami
Feb. 3 Keynote Q&A Interview: EC data protection head Bruno Gencarelli
Feb. 10 Q&A Interview: UK Information Commissioner Elizabeth Denham
Feb. 18 LIR series Technology, Law, and Society: The Quantum Age
Mar. 5 Harvard Kennedy School: The Quantum Age
Mar. 20 Privacy Law Forum
Mar. 20 Q&A Interview: Alastair MacTaggart
~~Apr. 9 PLSC Europe~~
Apr. 15 Case Western: The Quantum Age
Apr. 16 Ohio State: The Quantum Age
May 21–22 Cybersecurity Law Scholars Conference
Jun. 4–5 PLSC
Summer 2020: London
Summer 2020: Amsterdam Summer School
Sept. 10–11 Privacy Law Salon Policymakers

2019 Events

Jan–May Simons Data Privacy: Foundations and Applications
Jan. 10 NSA Science of Security: FTC cyber regulation
Feb. 3–5 Privacy Law Salon
Feb. 3 Keynote Q&A with Ashkan Soltani
Feb. 21–22 Consumer Law Scholars Conference
~~Mar. 2 SCU Internet WIP: Law and Policy for the Second Quantum Revolution~~
Mar. 14 Shoshana Zuboff
Mar. 22 BCLT PLF SV
Mar. 25 Harvard Cyber Workshop: FTC cyber & surveillance regulation
Apr. 4–5 BCLT Symposium: Seeing Like a Platform
Apr. 6–7 Yale (Im)Perfect Enforcement Symposium: The Tethered Economy
Apr. 16 Yale Law & Tech Workshop: Political Economy of the Quantum Information Age (slides)
May 6-9 Simons Institute Beyond Differential Privacy
May 30–31 Privacy Law Scholars Conference
Jun. 22–27 Cyber week
Jun. 24 Cyber week: From GDPR to the CCPA
Aug. 8–10 DEFCON
Aug. 14 USENIX, Security Research and Public Policy
Sept. 12–13 Privacy Law Salon Policymakers
Sept. 12 Keynote Q&A interview with Commissioner Rebecca Kelly Slaughter
Oct. 4–5 AALS
Oct. 7 Apple: The Quantum Age
Oct. 24 PLSC Europe
Nov. 14 Georgia Tech: The Tethered Economy
Dec. 5 NUSL: The Tethered Economy
Dec. 13 Palantir: The Quantum Age

Previous events – Fall 2018

Jul. 2–6 U. Amsterdam Summer Course
Aug. 9 DEFCON
Sept. 6–7 BCLT AI Workshop
Sept. 13–14 Privacy Law Salon Roundtable
Sept. 13 Keynote Q&A with Commissioner Rohit Chopra
Oct. 5 Amsterdam Privacy Conference Keynote on The Tethered Economy
Oct. 27 ECAI Keynote on The Tethered Economy
Nov. 21 U. Amsterdam Research Agenda in AI/ML
Dec. 3 GULC Data & Political Economy Workshop
Dec. 6 SF City Lunch & Learn: Technology Regulation Approaches & Strategies

Biography

Chris Jay Hoofnagle

I hold appointments as adjunct full professor at the University of California, Berkeley, School of Information (where I am resident) and the School of Law. For the past 14 years, I have taught a range of technology regulation courses (cybersecurity, computer crime law, privacy law, privacy forensics, internet law, and seminars on machine learning, consumer law, and the Federal Trade Commission).

I wrote a book about the FTC, Federal Trade Commission Privacy Law and Policy (Cambridge University Press 2016). It is as much an institutional history of the FTC as an exploration of privacy.

I am a faculty director of the Berkeley Center for Law & Technology and an elected member of the American Law Institute. I helped launch Berkeley’s Cybersecurity degree program.

Much of my work is done in collaboration with George Washington University Law School Professor Daniel J. Solove. We edit the SSRN Information Privacy Law eJournal; run the Privacy Law Scholars Conference, an academic paper workshop for privacy professors and practitioners; and an event for the private sector called the Privacy Law Salon.

I am a practicing lawyer with a focus on emerging technology companies and venture firms as of counsel to Gunderson Dettmer LLP. I participate in several computer crime working groups, such as the San Francisco Electronic Crimes Task Force, Europol’s Data Protection Experts Network, and National Academies of Sciences, Engineering, and Medicine’s new Intelligence Science and Technology Experts Group. I serve on boards for Palantir Technologies and cyber intelligence company 4iQ. My work is directly or indirectly supported by many technology companies, including Apple, Google, Microsoft, Palantir, and Nokia.

I love music (favorites are Schumann, Schubert, and currently obsessed with Car Seat Headrest’s Twin Fantasy), running, bicycles (cargo bikes, currently have a Surly Big Dummy and a Supermarche), and reading.

My Surly Big Dummy has a Bafang mid drive installed by Island City Bikes. This thing is so much better than my previous long tail cargo bike, which had a Bosch drive. The Bafang is way more powerful and because it takes standard batteries, you can get a huge pack and never have to charge.

My Yuba Supermarche is 8′ long and can haul 3 kiddos. The front motor is an Aotema and the rear a Bionx D-350. The Supermarche is difficult to mod but Scott of Pacific EBike was able to add the Aotema by modifying the front fork. The Supermarche seems to have been designed such that it will not take a mid-drive, perhaps to protect the market for the Bosch version (which is underpowered and you should not buy it).

Federal Trade Commission Privacy Law and Policy

My book is a historical account, an institutional study, and a discussion of policy choices made by the U.S. FTC. To write it, I studied every book on the FTC, consulted many original sources, interviewed dozens of FTC employees, and used the FOIA to obtain documents. The bibliography is 24 pages long.

The FTC’s creation in 1914 represented a turning point in American history where skepticism of expertise and central regulatory authority was overcome by the need to address contemporary market conditions. My book connects today’s tussles over privacy regulation to the institutional structures created by America’s nascent administrative state. A central theme in the book surrounds public choice theory and its fit to the FTC over the past century.

The book has been reviewed five times and has been translated into Japanese. A Chinese version is forthcoming. Over 1,000 copies have sold in English. Here’s my blog with book updates and commentary on the FTC.

Denialism

In 2007, my brother Mark and I started a website which we used to define and explain a phenomenon we called “Denialism.” This grew in reaction to what we were seeing on the political scene–a systematic use of public relations tactics to manipulate scientific and regulatory debates by unprincipled, dangerous political movements, such as the anti-vaccine and 9/11 Truther crowds.

Also in 2007, I detailed the free market policy cliché of denialists in a paper titled The Denialists’ Deck of Cards.

Denialism is now described in the academic literature; in 2009, Michael Specter wrote a book on Denialism; in 2015, Maastricht University held a conference on denialism and human rights.

The rhetorical techniques of denialism–conspiracy theories, cherry-picking data, fake experts, moving goalposts, and logical fallacies–work. The key is not to engage them, but to teach others how to recognize misleading forms of argumentation. Remember Pushkin’s advice–never argue with fools.

CV

You can find my current curriculum vitae here (local copy).

Chris Jay Hoofnagle

Research

Quantum Information Science

Cybersecurity in Context

Internet Tracking & Cybercrime

Digital Consumer Protection

Previous events – Fall 2018

Biography

Chris Jay Hoofnagle

Federal Trade Commission Privacy Law and Policy

Denialism

CV

By visiting this digital property, you consent to any indignity that increases my utility.

By visiting this digital property,
you consent to any indignity that
increases my utility.