March 2014 Archives
March 10, 2014
When I refer to the Constitution's "Double Jeopardy Clause," people know what I mean. You can't be tried twice for the same crime. Many have seen the Ashley Judd movie, where her character is wrongly convicted of a murder and therefore free to kill with impunity when she is released form prison. But there is a counterpoint to the Double Jeopardy Clause, and it kind of works the other way. You can't relitigate an issue you've already brought to court. That concept is called res judicata, and it creates an interesting problem when applied to consumer class action lawsuits, like the recent Facebook privacy suit.
Res judicata is a much-discussed topic of conversation among class action lawyers. The idea behind class action litigation is that, when there are too many people who have been injured in the same way, it is more efficient for the defendants, plaintiffs, and courts to resolve the case all at once. So a couple of plaintiffs put a case together and ask the court to allow them to represent all similar plaintiffs. Class certification - the process by which the court makes sure that the class action lawsuit fairly represents the rights of all the people it claims to represent - tests whether class action is the appropriate form for the lawsuit. Next, everyone who qualifies as a member of the class must be informed that the lawsuit is taking place. If a person qualifies as a class member, he or she is automatically added. Qualifying people who do not want to be in a class have to opt out.
And here is the gamble for a potential class member: the outcome of the case binds the class members permanently. If you are a member of a class and the case is litigated, you win or lose right along with everyone else in the class. That means that, if you don't like the outcome of the case, and you think your own lawyer could have done a better job, you can't go back to court unless you can show that the lawyer representing your class truly did not represent your interests. You have already had your day. It also means, of course, that if you can't afford a lawyer, you didn't understand that you could be compensated for an injury that you suffered, or you don't know how to get litigation started, the class action lawsuit takes care of it for you. You don't have to do anything - just elect not to opt out of the class. This principle - that you are precluded from litigating the same case twice - is res judicata.
But it's unclear whether that principle applies to settlement agreements at the end of class action lawsuits as well. That is to say: what if you are a member of a class that wins a case, but your lawyer works out a settlement agreement with the losing defendant that doesn't allow you to recover anything? Can a settlement agreement be so unfair that it reaches back in time and makes the original class certification and opt-out notice invalid?
In a 2003 case called Dow Chemical v. Stephenson, the Supreme Court decided that a settlement agreement could be so unfair that it retroactively excused otherwise qualifying class members from opting out. Stephenson and Isaacson, the two plaintiffs, had been injured by exposure to Agent Orange during the Vietnam War. When they sued the chemical manufacturer, the lower court threw out their case on the grounds that a previous class action settlement barred their claims. However, the settlement agreement only provided money to pay class members for 10 years following the lawsuit. By the time Stephenson and Isaacson discovered that they had been injured, the settlement fund had already expired. The chemical manufacturer had been punished in the form of having to establish a ten-year settlement fund. But Stephenson and Isaacson had not been compensated. This, the Supreme Court decided, meant that the two veterans had not been adequately represented in the class action. Their inability to recover settlement funds reached back in time and "opted them out" of class membership.
I wondered about the role of res judicata in the context of Fraley v. Facebook, a class action lawsuit in which EPIC recently submitted an amicus brief. In Fraley, the defendant Facebook had used the images of Facebook users (including minor children) to advertise products. A group of parents filed a class action lawsuit against Facebook to vindicate the rights of children who had been subject to this advertising scheme. As a result of the lawsuit, Facebook and the parents agreed to a settlement, wherein Facebook would pay money to organizations that advocate for children's privacy. But the settlement agreement did not prevent Facebook from continuing to use children's images in advertisements, and the organizations selected to receive funds were not the groups that have objected to Facebook's use of images in advertising since the scheme began. The settlement agreement was so bad that one of the groups who had been selected to receive funds chose to turn the money down. The settlement agreement, said the group, left the class members worse off than they would have been without any settlement at all.
If the settlement agreement was that bad (and, personally, I think it was), is it possible that none of the plaintiffs' rights were vindicated as a result of the lawsuit? Is there an argument to be made that the settlement agreement both allowed Facebook to continue its injurious behavior and also prevented the plaintiffs from ever challenging that behavior again? Are the organizations whose interests actually do align with those of the class members (for example, the group who refused the funds) barred from litigating the same issue? Or did the deficient settlement agreement reach back in time and opt everyone out of a class that would not reap the benefits of a settlement agreement?
Maybe a class member will speak up, and then we'll find out.
March 5, 2014
The New York Times recently revealed a secret debate that has been taking place behind the scenes within the Obama Administration regarding whether or not to undertake cyber-attacks against the Assad regime in Syria. The Pentagon and the National Security Agency developed a plan in 2011 to "essentially turn the lights out for Assad," but President Obama rejected the cyber-strikes, as well as regular kinetic approaches, to the conflict. The Times speculates that some of the reasons for not attacking Syria include the doubtful utility of the strikes, the possibility of retaliation, and the larger debate about the use of cyber-weapons in general.
Another possible reason, which the NYT does not discuss, may be a lack of legal authority. Over at Lawfare, Jack Goldsmith provides a cogent analysis of the potential domestic legal basis for the strikes. Goldmsith first notes the relatively sparse legal authority for the President to undertake overt action without the support of Congress against an adversary that is unconnected to the war on terror (so the AUMF would not apply.) He also believes it is unlikely to fall within the Article II self-defense powers that may have justified action against Iran (as with Stuxnet), while concluding there might be statutory authority under § 954 of the National Defense Authorization Act for Fiscal Year 2012.
However, it is the larger debate over the use of cyber-weapons in general that is most fascinating. The Washington Post disclosed last August that America mounted 231 offensive cyber-operations in 2011 alone, noting that "the scope and scale of offensive operations represent an evolution in policy, which in the past sought to preserve an international norm against acts of aggression in cyberspace, in part because U.S. economic and military power depend so heavily on computers." A major question is why has this policy changed? Why is the American military so determined to engage in offensive cyber-warfare when America may be one of the most vulnerable countries in the world to cyber attack?
There should be a serious, public debate about the value of offensive cyber operations for American security versus the costs. There are indications that this debate has occurred behind the scenes, but if we have learned anything from the NSA surveillance scandal, it is that the American people should be involved in the debate. It is the American people who should be setting the terms of whether we should even engage in this war and, if we choose to do so, to what extent we should prosecute the war. This debate, quite frankly, should be far more public than it has been. It is high time that Americans are aware of what is being done in our name in the realm of national security, when the potential blowback and costs are so high.
The costs are manifold: they include giving increased prominence to cyber-warfare (thus increasing the likelihood that cyber-attacks will become a more broadly accepted military option), militarizing cyberspace and the internet, the publicity costs and reputational harm to American interests when these secret operations are inevitably revealed, and the threat of counter-attacks which can cause substantial economic damage when they occur. Finally, in a time of budget austerity, the increased cyber-arms race represents misdirected tax dollars that could be developing America rather than tearing down other countries.
In 1800, the submarine was first introduced to the Royal Navy, impressing Prime Minister William Pitt, but not the First Sea Lord at the time, Earl Vincent. Vincent exclaimed, "Pitt was the greatest fool that ever existed to encourage a mode of warfare, which those who command the sea did not want, and which, if successful, would deprive them of it." Obviously, the answer to the submarine problem was not simply to ignore submarines. From the Royal Navy's perspective, the answer was to focus on devising effective responses to them in order to maintain control of the ocean.
Yet, there is wisdom in Vincent's words. Why encourage and lead the way in developing an asymmetric technology that can dangerously harm your position, which you have expended great blood and treasure to build up? Even if this technology were developed, why would you do so while your existing defenses were woefully inadequate?
This, in short, is the dilemma the American military is facing with regards to cyber-warfare. According to security experts, "Cyberwar is the greatest threat facing the United States--outstripping even terrorism." Former Secretary of Defense Leon Pannetta publicly proclaimed, "such a destructive cyber attack could virtually paralyze the nation." Yet currently, the "most kinetic cyberattack to date was probably the Stuxnet worm that attacked Iran's Natanz nuclear enrichment facility in 2010," which the U.S. is widely believed to be responsible for. Previously, the Pentagon seemed to understand these shortcomings, believing that cyber-deterrence would be exceptionally difficult.
However, the current strategic thinking seems to be that engaging in offensive cyber operations will have a deterrent effect on other countries, making them less likely to engage in cyber-conflict with us if they see how strong they are. It is difficult to be sure this is the exact strategic thinking because the relevant documents are highly classified, despite EPIC's attempt to secure public access to them through the Freedom of Information Act. However, this idea is flawed, because cyber-warfare seems an ideal asymmetric tool for terrorists, non-attributable state actors, or attributable state actors who are too powerful for us to directly confront (China and Russia spring to mind). It seems a clear error of grand strategy to escalate a cyber arms race that could leave American infrastructure in shambles, with stunned Americans cast into sudden darkness, if we are attacked
The risk of a "cyber Pearl Harbor" to our critical infrastructure that we are frequently warned about is only exacerbated when we are constantly striking at the infrastructure of other countries. The politics of secret destruction in the name of national security are always easy--it is the politics of informed debate and creation in the name of democracy that are truly challenging.