Google Scholarh-index 30, i10-index 42

Active research projects

The TechCons: Revisiting Arthur Leff's Swindling and Selling

Yale Law Professor Arthur Leff wrote a powerful, market-structure analysis of consumer fraud in his 1976 Swindling and Selling. That work is more or less lost to history. Leff explained that con artists attempted to impose a false economy on marks. In a perfect congame, such as the Spanish Prisoner, this false economy was a bilateral monopoly. But in other, less perfect congames, the con artist moved the mark into some otherwise undesirable market relationship, such as an oligopoly.

An analysis of Arthur Leff’s Swindling and Selling

Regular selling is sometimes difficult to distinguish from swindling, because selling often incorporates minor deceptions. But the difference is that those deceptions occur in ordinary, competitive consumer marketplaces, where consumers have more choice among sellers, and in turn sellers are making offers to all consumers rather than to a targeted individual.

This article contributes to Leff’s work by placing modern, internet-based congames in his market structure framework. It argues that most congames have been refactored into advanced fee email schemes, and that these are much more powerful because con artists can easily target people worldwide, because they can lead marks into a long con without ever encountering the mark in person.

How the internet alters age-old swindles.

Ponzi schemes still exist on the internet, despite the availability of information that might help marks see them as such. Bubble logic and the claques of early investors who win in Ponzi schemes still make these cons profitable. As an example, cryptocurrencies share the character traits of earlier Ponzi schemes, right down to Leff’s claim that they must offer a “grey box” business model to swindle people. The blockchain is a perfect grey box—technically transparent but actually inscrutable to the retail investor.

Finally, online behavioral advertising has been critiqued for many reasons. This article adds a new way of thinking about OBA: if we want to realize the promises of OBA, we have to place consumers into a monitoring environment characterized by monopoly, a complete one where nothing is secret to the advertising platform. That is, OBA requires a bilateral monopoly market structure.

Recognizing that OBA has the same fundamental dynamics as the Spanish Prisoner or the bait and switch might cause use to decide to reject OBA, or to subject OBA to rules similar to those imposed on other monopoly actors.

Cybersecurity in Context

Every one now has a stake in the healthy functioning of communications and control networks, in the devices and services dependent on network, and by implication, in all the complicated infrastructure required to keep networks, devices, and services operating. As we have become more affluent and as the economy has become more interconnected, we are interdependent in ways never thought possible.

The proper functioning of communications networks, which carry everything from banal social updates to the second-by-second valuations of companies to the intelligence that shapes governments’ posture in conflicts, is now a central problem. But it is also an insoluble problem. Cybersecurity is a wicked problem. Cybersecurity is an unbounded problem that cannot be cleanly extricated from an array of social problems and interests. In managing cybersecurity there are few unqualified good approaches, but rather a series of contests and choices among important values. Cybersecurity will also never be solved definitively; instead concerns about whether we can trust devices, networks, and the information present in them will persist and need to be managed.

This is a textbook project with LSU Computer Science Professor Golden Richard III. We explain how cybersecurity has come to encompass these complex interests, how cybersecurity is conceptualized, and how cybersecurity concerns and rules are diffusing through the public and private sectors. Our textbook will introduce students to the technology, political dynamics, theory, and legal practice of cybersecurity.

Representative publications:

What is Consumer Privacy?

How privacy is a one-way ratchet.

In this essay for a lecture at Stanford University, I attempt to explain consumer privacy as a deterrence theory strategy.

I argue that privacy does have methods of analysis, based in fair information practices, while popular use of the term “privacy” is loose, a shibboleth representing uncertain values.

This wide-ranging essay then goes on to explain how privacy is a rational strategy based in deterrence theory concepts. This is because giving companies data and attention transfers power to companies. The consumer becomes vulnerable to a class of adversaries with mixed, changing, and even unknowable motives. Data and attention enables companies to shape our interests, tastes, and activities. In some cases, this shaping is cooperative but in others, companies are in competition with consumers’ interests (most obviously when that shaping stokes insecurities, addiction, or encourages other irrational behavior). I tie this interest in shaping to the creation of audiences, and show how platforms’ incentives are to create user groups comprised of miserable people—the kind of people who scroll and click all day.

Platforms have high power incentives to recognize [people vulnerable to extremism] and then to turn them into engaged platform users. Understood this way, our struggles with disinformation, both left- and right- wing, can be seen as a symptom of business competition for attention.

The Web really is just television.

Prediction is the other risk that drives privacy concern. We might want others to predict our greatest needs and wants. But upon inspection, that’s only the case when others care for you. As Zuboff points out, platforms don’t care for one’s welfare. They are indifferent to our situation, so long as it involves eyeballs on their site. This is why YouTube is a cesspool—YouTube lacks incentives to clean up its platform because there is an audience for any kind of terrible content. Platforms can monetize disinformation about vaccines or videos that challenge your children to see how long they choke themselves or terrorist recruitment material. They make money based on how much you watch rather than what you watch.

Another theme surrounds the normative values of technology executives. I recount how Scott McNealy’s “you have no privacy” statement was descriptive—he was recounting what he believed to be the state of play given the rise of a Database Nation. But by the time Google becomes dominant, the statement became  platforms’ normative commitment about privacy. My proof of this comes from the wealth of research that shows that technology executives know that consumers want less tracking, and so they lie or dissemble to distract the consumer from technological realities—even degrading the security of systems in order to keep up user surveillance. What Zuboff calls the “hiding strategy” comes from executives who think consumers do not deserve privacy, so it is okay to lie to consumers.

Technology executives see nothing wrong with the the logic of complete surveillance and the need to hide it from consumers. Why? Because technology executives do not see privacy as a legitimate interest. Remember Scott McNealy’s point was descriptive and now it is normative. Companies do not think you deserve privacy.

How executive strategy on privacy has changed to a “collect it all” mentality—and why it is okay to lie to consumers about it.

Still Simmering

Law & Policy for the Quantum Age

Chris Hoofnagle

The Quantum Age. Photograph by Brittany Hosea-Small

Quantum technologies use quantum effects to provide some utility. These capabilities are so different from our conventional intuition that quantum technologies seem to ride the fine border between science fiction and fantasy—yet many quantum technologies can be commercially purchased today, and more are just around the corner.

With Simson Garfinkel, I recently completed Law and Technology for the Quantum Age (Cambridge University Press 2022). This book decomposes quantum technologies into quantum sensing, computing, and communications. It critically evaluates the trajectories of each of these technologies and predicts, using scenario analysis, the strategic effects of each. We come to some surprising conclusions: that quantum sensing is the “killer app” in the field; that quantum computing is not only overhyped, it is more likely than not that we are entering a “quantum computing winter;” and that a more promising (and more dangerous) technology exists in the shadows of quantum computer: quantum simulation.

Representative publications:

Digital Consumer Protection

As products and services merge, we need new kinds of marketplace signals and rules to ensure that consumers understand the exchange, and so that competition is fair and vigorous. In a series of works with Case Western University Professor Aaron Perzanowski and Berkeley JSD/Yale JD candidate Aniket Kesari, we have used legal/empirical analyses to elucidate consumers’ understanding of digital marketplaces.

Our most ambitious work in this field is The Tethered Economy, which explores how sellers are exercising post-transaction control over consumers using both legal and technical mechanisms. We describe tethering as a deliberate strategy, one that reflects a reconceptualization of the modern consumer from owner to renter. Tethers make a product dependent on the seller for its ordinary operation, and in doing so, sculpt consumers’ decision space. We explain the pathologies that arise from tethering mechanisms, on both the individual consumer and market level. We conclude by suggesting ways to change incentive alignments to reduce transaction costs, reduce opportunities for guile, and to promote competition. Our most radical intervention surrounds network effects. We think network effects are more powerful than regulators understand, and that to counter them, consumers need not just the right to switch providers, but structured help to do so. We articulate this as a “micro-services switch over” principle.

With Eduard Meleshinsky, I wrote an article detailing the history of “advertorials” and the reasons why such advertising might be mistaken for organic news content. In Native Advertising and Endorsement: Schema, Source-Based Misleadingness, and Omission of Material Facts, we use a consumer panel to show how merely coloring the background of an image leads a substantial number of readers to conclude that the advertorial was written by a medical professional instead of a marketing company.

Representative publications:

Internet Tracking & Cybercrime

We have performed terabyte-scale studies of internet tracking and of cybercrime networks, using a series of tools including Palantir Gotham, Palantir Contour, mitmproxy, STATA (Here is my STATA Cheat Sheet), Python, and a custom-built crawler.

This has led to several insights, including new forms of consumer tracking in the wild (flash cookies, cache cookies), the demonstration of how fragile cybercrime networks are to deterrence by denial approaches, and how online advertisers use rhetoric of individual choice in political theaters, while using clever coding to remove all forms of actual consumer choice in the technology domain.

Representative publications:

  • Deterring Cybercrime: Focus on the Intermediaries, 32(3) Berkeley Technology Law Journal 1093 (2017)(with Damon McCoy, Amanda Maya and Aniket Kesari).
  • Privacy and Adult Websites, Workshop on Technology and Consumer Protection (ConPro ’17), May 2017, San Jose, CA, with Ibrahim Altaweel and Maximilian Hils. (The security and privacy of adult websites is understudied and this is a problem given the amount of web use focused on such websites. In this paper, we show how sensitive preference data entered by users of pornographic websites are leaked in clear text to Google and to Russia-based Yandex, and how a specialized adtech network services adult entertainment sites.)
  • Online Pharmacies and Technology Crime, in The Handbook of Technology, Crime and Justice (Michael McGuire and Thomas J. Holt, eds.) (Routledge Press 2017)(invited contribution)
  • Web Privacy Census, Technology Science (2015) (with Ibrahim Altaweel and Nathaniel Good)(peer reviewed)
  • Behavioral Advertising: The Offer You Cannot Refuse, 6 Harvard L. & Policy R. 273 (2012)(with Ashkan Soltani & Nathaniel Good). Received the 2014 CPDP Multidisciplinary Privacy Award.
The term lynchrim is leaked to Google and Yandex on adult websites
Using Palantir, we demonstrate the interconnectedness and service vulnerabilities of pharma crime networks

Inactive Projects

The problems of bilateral monopoly in personal information transactions
transaction costs in personal information exchanges

"Zero Price" != Free: How "Free" Can be Anti-Competitive

In articles with University of Washington Professor Jan Whittington (Ph.D., UC Berkeley 2008), we explore consumer-oriented internet services through the lens of transaction cost economics. This work shows how personal information transactions—“free” exchanges—can be uneconomical: consumers cannot exit these arrangements; they create lock-in; and ultimately this is a deep moat against competition. Free transactions enable companies to bait consumers with what appears to be a good deal, but then substitute a switch—degrading privacy quality. As a motivating example, we show how Facebook and other companies baited consumers with free transactions but then extracted a “price” in the form of reduced quality.

Our work has important antitrust law implications: the scaling and lock-in made possible by zero price inducements makes it next to impossible for competitors to swoop in with better products. Not even Google could displace Facebook’s monopoly on social media, despite creating a nicely-designed social network with nuanced consumer options.

As implied by its name, transaction cost economics takes the transaction as the unit of analysis.  We contribute to the competition and privacy law landscapes by identifying the special attributes of exchanges with internet services, focusing upon those that lead to inefficiency. We argue that personal information has asset specificity, meaning that as consumers pay with data, they become bilaterally dependent on services. This upsets the notion that personal information transactions—often categorized as occurring in a zero-price market—are “free.”

This contribution explains why the exchange between consumers and online services is not simple and discrete, but rather a continuous transaction with atypical attributes. These exchanges are difficult for consumers to understand and come with costs that are significant and unanticipated by consumers.  For instance, personal information transactions’ continuous nature means that consumers are engaged in something more akin to a services-level-agreement with sellers, one with lock-in and sellers that change policies and have security incidents, rather than a discrete transaction with few long-term implications.  Many of transaction costs come in the form of privacy risks, but they go far beyond privacy because “free” enables quick growth and beneficial network effects for the seller. Free must be part of modern competition law/antitrust understanding of platform power.

It’s helpful to think about something that is truly free from the perspective of the consumer to understand this work. One example could be a morsel of food given by restaurants to consumers as they walk in the shopping mall. That exchange is discrete, with a low risk of long-term implications. Now reimagine that exchange where the consumer gets a taste of food in exchange for leaving their business card. This transaction is “zero price,” but comes with long-term privacy risks. The restaurant could start using the contact information for marketing, it could sell the information (to trustworthy or other companies), employees could use the information to contact customers they find comely, the restaurant could lose the information and it could end up on a cybercrime market. Now imagine that the restaurant is part of a network of food providers, and by accepting the free food, all of the customer’s future food is structured through the relationship with the original restaurant. The restaurant “knows” everything the consumer eats, can influence what the consumer sees as options, can control the terms under which the consumer eats, and can influence the consumer’s exit strategies.

Federal Trade Commission Privacy Law and Policy

This book is a historical account, an institutional study, and a discussion of policy choices made by the U.S. FTC.

The FTC’s creation in 1914 represented a turning point in American history where skepticism of expertise and central regulatory authority was overcome by the need to address contemporary market conditions. My book connects today’s tussles over privacy regulation to the institutional structures created by America’s nascent administrative state.

A central theme in the book surrounds public choice theory and its fit to the FTC over the past century.

The book has been reviewed five times and has been translated into Japanese. A Chinese version is forthcoming. Over 1,000 copies have sold in English. Here’s my blog with book updates and commentary on the FTC.

Cover of Federal Trade Commission Privacy Law and Policy
WSJ Data

The Wall Street Journal reprinted some of our poll findings in Julia Angwin, How Much Should People Worry About the Loss of Online Privacy, The Wall Street Journal, Nov. 15, 2011. Why is this important? Reputable newspapers vet public opinion polls; Alan Westin’s–and many industry funded survey research efforts–could never pass that vetting.

Consumer Knowledge & Attitudes

Alan Westin’s well-known and often-used privacy segmentation fails to describe privacy markets or consumer choices accurately. It describes the average consumer as a “privacy pragmatist” who influences market offerings by weighing the costs and benefits of services and making choices consistent with his or her privacy preferences. Yet, Westin’s segmentation methods cannot establish that users are pragmatic in theory or in practice. Textual analysis reveals that the segmentation fails theoretically. Original survey data suggests that, in practice, most consumers are not aware of privacy rules and practices, and make decisions in the marketplace with a flawed, yet optimistic, perception of protections. Instead of acting as “privacy pragmatists,” consumers experience a marketplace myopia that causes them to believe that they need not engage in privacy analysis of products and services.

Westin’s work has been used to justify a regulatory system where the burden of taking action to protect privacy rests on the very individuals who think it is already protected strongly by law. Based on knowledge-testing and attitudinal survey work, we suggest that Westin’s approach actually segments two recognizable privacy groups: the “privacy resilient” and the “privacy vulnerable.”

The most syncretic version of our work is Alan Westin’s Privacy Homo Economicus. Other works can be found here: Berkeley Consumer Privacy Survey Archive. We have also studied consumer attitudes towards mobile payments and payments more generally.

WSJ Data

Identity Theft Causes, Incentives, and Deterrence

In a trio of articles (for NSF-TRUST), I showed how identity theft is an externality of credit granting, where costs of fraud are spread among victims, merchants, and society generally. For instance, the image below is summary data on an identity theft victim who I interviewed–the impostor in the case made numerous errors in pretending to be the victim. Yet mortgage lenders were willing to grant huge loans in the victim’s name, despite mismatches in personal information and the presence of fraud alerts.  This incident of identity theft, and many others, are crimes committed by bad actors, but they are also incidents where credit grantors’ pursuit of profit causes them to overlook evidence of fraud.

In this work, I explain the economic incentives that lead grantors to overlook fraud. Understood as a problem of incentives, different public policy options could be sought. Instead of prescriptive rules proposed by privacy advocates, I argued that credit grantors should be liable for identity theft victims’ lost time and financial costs.  These costs should be allocated to credit grantors, because they are least cost avoiders in the identity theft context, and because consumers cannot control the credit granting process nor insure against identity theft losses efficiently.

My analysis shows that consumer education cannot be effective at stemming identity theft, because the most forms of the crime cannot be prevented through consumer action or inaction.  Further, criminalization largely failed to address the problem, because of law enforcement priorities, a lack of training, and reluctance among businesses to participate in investigations.


Before coming to Berkeley, I worked in Washington, DC as a privacy advocate. I was struck by the character of policy debates there. Industries lobbied using a blend of libertarian and one-eyed public choice argument, repeating it so often that to me it sounded like simple cliché. In fact, it wasn’t debate, it was intransigence.

My brother Mark and I spent a lot of time talking about rhetorical technique and developed what we saw into the concept of “denialism.” In What is Denialism?, we explained denialism as rhetoric that gave the appearance of a debate but was actually a charade. I also, awkwardly, tried to illustrate denialism as a Deck of Cards. At the time, we were not aware that Albert Hirschman had modeled much of the problem. Nowadays, denialism would be recognized as a technique of disinformation.

Mark and I are broadly credited with developing the fundamental contours of denialism. 

The five characteristics of science denialism, from How to respond to vocal vaccine
deniers in public (World Health Organization 2016)

The techniques of denialism–conspiracy theories, cherry-picking data, fake experts, moving goalposts, and logical fallacies–work. The key is not to engage them, but to teach others how to recognize misleading forms of argumentation. This approach, sometimes called “technique rebuttal,” has been tested in the literature.

Denialist Cards