Google Scholarh-index 28, i10-index 38

Active research projects

Law & Policy for the Quantum Age

The Quantum Age

Hoofnagle & Garfinkel, Law and Policy for the Quantum Age (CUP 2021)

Quantum technologies use quantum effects to provide some utility. These capabilities are so different from our conventional intuition that quantum technologies seem to ride the fine border between science fiction and fantasy—yet many quantum technologies can be commercially purchased today, and more are just around the corner.

With Simson Garfinkel, I recently completed Law and Technology for the Quantum Age (Cambridge University Press 2022). This book decomposes quantum technologies into quantum sensing, computing, and communications. It critically evaluates the trajectories of each of these technologies and predicts, using scenario analysis, the strategic effects of each. We come to some surprising conclusions: that quantum sensing is the “killer app” in the field; that quantum computing is not only overhyped, it is more likely than not that we are entering a “quantum computing winter;” and that a more promising (and more dangerous) technology exists in the shadows of quantum computer: quantum simulation.

Representative publications:

Cybersecurity in Context

Every one now has a stake in the healthy functioning of communications and control networks, in the devices and services dependent on network, and by implication, in all the complicated infrastructure required to keep networks, devices, and services operating. As we have become more affluent and as the economy has become more interconnected, we are interdependent in ways never thought possible.

The proper functioning of communications networks, which carry everything from banal social updates to the second-by-second valuations of companies to the intelligence that shapes governments’ posture in conflicts, is now a central problem. But it is also an insoluble problem. Cybersecurity is a wicked problem. Cybersecurity is an unbounded problem that cannot be cleanly extricated from an array of social problems and interests. In managing cybersecurity there are few unqualified good approaches, but rather a series of contests and choices among important values. Cybersecurity will also never be solved definitively; instead concerns about whether we can trust devices, networks, and the information present in them will persist and need to be managed.

My project with Jennifer Urban intends to explain how cybersecurity has come to encompass these complex interests, how cybersecurity is conceptualized, and how cybersecurity concerns and rules are diffusing through the public and private sectors. We have developed a course reader to introduce students to the political dynamics, theory, and legal practice of cybersecurity. Here is the reader’s ToC, chapter 1, and conclusion chapter.

Representative publications:

Still Simmering

Digital Consumer Protection

As products and services merge, we need new kinds of marketplace signals and rules to ensure that consumers understand the exchange, and so that competition is fair and vigorous. In a series of works with Case Western University Professor Aaron Perzanowski and Berkeley JSD/Yale JD candidate Aniket Kesari, we have used legal/empirical analyses to elucidate consumers’ understanding of digital marketplaces.

Our most ambitious work in this field is The Tethered Economy, which explores how sellers are exercising post-transaction control over consumers using both legal and technical mechanisms. We describe tethering as a deliberate strategy, one that reflects a reconceptualization of the modern consumer from owner to renter. Tethers make a product dependent on the seller for its ordinary operation, and in doing so, sculpt consumers’ decision space. We explain the pathologies that arise from tethering mechanisms, on both the individual consumer and market level. We conclude by suggesting ways to change incentive alignments to reduce transaction costs, reduce opportunities for guile, and to promote competition. Our most radical intervention surrounds network effects. We think network effects are more powerful than regulators understand, and that to counter them, consumers need not just the right to switch providers, but structured help to do so. We articulate this as a “micro-services switch over” principle.

With Eduard Meleshinsky, I wrote an article detailing the history of “advertorials” and the reasons why such advertising might be mistaken for organic news content. In Native Advertising and Endorsement: Schema, Source-Based Misleadingness, and Omission of Material Facts, we use a consumer panel to show how merely coloring the background of an image leads a substantial number of readers to conclude that the advertorial was written by a medical professional instead of a marketing company.

Representative publications:

Internet Tracking & Cybercrime

We have performed terabyte-scale studies of internet tracking and of cybercrime networks, using a series of tools including Palantir Gotham, Palantir Contour, mitmproxy, STATA (Here is my STATA Cheat Sheet), Python, and a custom-built crawler.

This has led to several insights, including new forms of consumer tracking in the wild (flash cookies, cache cookies), the demonstration of how fragile cybercrime networks are to deterrence by denial approaches, and how online advertisers use rhetoric of individual choice in political theaters, while using clever coding to remove all forms of actual consumer choice in the technology domain.

Representative publications:

  • Deterring Cybercrime: Focus on the Intermediaries, 32(3) Berkeley Technology Law Journal 1093 (2017)(with Damon McCoy, Amanda Maya and Aniket Kesari).
  • Privacy and Adult Websites, Workshop on Technology and Consumer Protection (ConPro ’17), May 2017, San Jose, CA, with Ibrahim Altaweel and Maximilian Hils. (The security and privacy of adult websites is understudied and this is a problem given the amount of web use focused on such websites. In this paper, we show how sensitive preference data entered by users of pornographic websites are leaked in clear text to Google and to Russia-based Yandex, and how a specialized adtech network services adult entertainment sites.)
  • Online Pharmacies and Technology Crime, in The Handbook of Technology, Crime and Justice (Michael McGuire and Thomas J. Holt, eds.) (Routledge Press 2017)(invited contribution)
  • Web Privacy Census, Technology Science (2015) (with Ibrahim Altaweel and Nathaniel Good)(peer reviewed)
  • Behavioral Advertising: The Offer You Cannot Refuse, 6 Harvard L. & Policy R. 273 (2012)(with Ashkan Soltani & Nathaniel Good). Received the 2014 CPDP Multidisciplinary Privacy Award.
The term lynchrim is leaked to Google and Yandex on adult websites
Using Palantir, we demonstrate the interconnectedness and service vulnerabilities of pharma crime networks

Inactive Projects

The problems of bilateral monopoly in personal information transactions
transaction costs in personal information exchanges

"Zero Price" != Free

In articles with University of Washington Professor Jan Whittington (Ph.D., UC Berkeley 2008), we explore consumer-oriented internet services through the lens of transaction cost economics.  As implied by its name, transaction cost economics takes the transaction as the unit of analysis.  We contribute to the competition and privacy law landscapes by identifying the special attributes of exchanges with internet services, focusing upon those that lead to inefficiency. We argue that personal information has asset specificity, meaning that as consumers pay with data, they become bilaterally dependent on services. This upsets the notion that personal information transactions—often categorized as occurring in a zero-price market—are “free.”

This contribution explains why the exchange between consumers and online services is not simple and discrete, but rather a continuous transaction with atypical attributes. These exchanges are difficult for consumers to understand and come with costs that are significant and unanticipated by consumers.  For instance, personal information transactions’ continuous nature means that consumers are engaged in something more akin to a services-level-agreement with sellers, one with lock-in and sellers that change policies and have security incidents, rather than a discrete transaction with few long-term implications.  Many of transaction costs come in the form of privacy risks, but they go far beyond privacy because “free” enables quick growth and beneficial network effects for the seller. Free must be part of modern competition law/antitrust understanding of platform power.

It’s helpful to think about something that is truly free from the perspective of the consumer to understand this work. One example could be a morsel of food given by restaurants to consumers as they walk in the shopping mall. That exchange is discrete, with a low risk of long-term implications. Now reimagine that exchange where the consumer gets a taste of food in exchange for leaving their business card. This transaction is “zero price,” but comes with long-term privacy risks. The restaurant could start using the contact information for marketing, it could sell the information (to trustworthy or other companies), employees could use the information to contact customers they find comely, the restaurant could lose the information and it could end up on a cybercrime market. Now imagine that the restaurant is part of a network of food providers, and by accepting the free food, all of the customer’s future food is structured through the relationship with the original restaurant. The restaurant “knows” everything the consumer eats, can influence what the consumer sees as options, can control the terms under which the consumer eats, and can influence the consumer’s exit strategies.

Federal Trade Commission Privacy Law and Policy

This book is a historical account, an institutional study, and a discussion of policy choices made by the U.S. FTC.

The FTC’s creation in 1914 represented a turning point in American history where skepticism of expertise and central regulatory authority was overcome by the need to address contemporary market conditions. My book connects today’s tussles over privacy regulation to the institutional structures created by America’s nascent administrative state.

A central theme in the book surrounds public choice theory and its fit to the FTC over the past century.

The book has been reviewed five times and has been translated into Japanese. A Chinese version is forthcoming. Over 1,000 copies have sold in English. Here’s my blog with book updates and commentary on the FTC.

Cover of Federal Trade Commission Privacy Law and Policy
WSJ Data

The Wall Street Journal reprinted some of our poll findings in Julia Angwin, How Much Should People Worry About the Loss of Online Privacy, The Wall Street Journal, Nov. 15, 2011. Why is this important? Reputable newspapers vet public opinion polls; Alan Westin’s–and many industry funded survey research efforts–could never pass that vetting.

Consumer Knowledge & Attitudes

Alan Westin’s well-known and often-used privacy segmentation fails to describe privacy markets or consumer choices accurately. It describes the average consumer as a “privacy pragmatist” who influences market offerings by weighing the costs and benefits of services and making choices consistent with his or her privacy preferences. Yet, Westin’s segmentation methods cannot establish that users are pragmatic in theory or in practice. Textual analysis reveals that the segmentation fails theoretically. Original survey data suggests that, in practice, most consumers are not aware of privacy rules and practices, and make decisions in the marketplace with a flawed, yet optimistic, perception of protections. Instead of acting as “privacy pragmatists,” consumers experience a marketplace myopia that causes them to believe that they need not engage in privacy analysis of products and services.

Westin’s work has been used to justify a regulatory system where the burden of taking action to protect privacy rests on the very individuals who think it is already protected strongly by law. Based on knowledge-testing and attitudinal survey work, we suggest that Westin’s approach actually segments two recognizable privacy groups: the “privacy resilient” and the “privacy vulnerable.”

The most syncretic version of our work is Alan Westin’s Privacy Homo Economicus. Other works can be found here: Berkeley Consumer Privacy Survey Archive

WSJ Data

Identity Theft Causes, Incentives, and Deterrence

In a trio of articles (for NSF-TRUST), I showed how identity theft is an externality of credit granting, where costs of fraud are spread among victims, merchants, and society generally. For instance, the image below is summary data on an identity theft victim who I interviewed–the impostor in the case made numerous errors in pretending to be the victim. Yet mortgage lenders were willing to grant huge loans in the victim’s name, despite mismatches in personal information and the presence of fraud alerts.  This incident of identity theft, and many others, are crimes committed by bad actors, but they are also incidents where credit grantors’ pursuit of profit causes them to overlook evidence of fraud.

In this work, I explain the economic incentives that lead grantors to overlook fraud. Understood as a problem of incentives, different public policy options could be sought. Instead of prescriptive rules proposed by privacy advocates, I argued that credit grantors should be liable for identity theft victims’ lost time and financial costs.  These costs should be allocated to credit grantors, because they are least cost avoiders in the identity theft context, and because consumers cannot control the credit granting process nor insure against identity theft losses efficiently.

My analysis shows that consumer education cannot be effective at stemming identity theft, because the most forms of the crime cannot be prevented through consumer action or inaction.  Further, criminalization largely failed to address the problem, because of law enforcement priorities, a lack of training, and reluctance among businesses to participate in investigations.


Before coming to Berkeley, I worked in Washington, DC as a privacy advocate. I was struck by the character of policy debates there. Industries lobbied using a blend of libertarian and one-eyed public choice argument, repeating it so often that to me it sounded like simple cliché. In fact, it wasn’t debate, it was intransigence.

My brother Mark and I spent a lot of time talking about rhetorical technique and developed what we saw into the concept of “denialism.” In What is Denialism?, we explained denialism as rhetoric that gave the appearance of a debate but was actually a charade. I also, awkwardly, tried to illustrate denialism as a Deck of Cards. At the time, we were not aware that Albert Hirschman had modeled much of the problem. Nowadays, denialism would be recognized as a technique of disinformation.

Mark and I are broadly credited with developing the fundamental contours of denialism. 

The five characteristics of science denialism, from How to respond to vocal vaccine
deniers in public (World Health Organization 2016)

The techniques of denialism–conspiracy theories, cherry-picking data, fake experts, moving goalposts, and logical fallacies–work. The key is not to engage them, but to teach others how to recognize misleading forms of argumentation. This approach, sometimes called “technique rebuttal,” has been tested in the literature.

Denialist Cards