Does the FISA court perform a recognizably judicial function when it reviews 702 minimization procedures for compliance with the Fourth amendment? Our guest for episode 115 is Orin Kerr, GWU professor and all-round computer crime guru. Orin and I spend a good part of the interview puzzling over Congress’s mandate that the FISA court review what amounts to a regulation for compliance with an amendment that is usually invoked only in individual cases. Maybe, I suggest, the recent court ruling on 702 minimization and the Fourth amendment doesn’t make sense from an Article III point of view because the FISA judges long ago graduated from deciding cases and controversies to acting as special masters to oversee the intelligence community. We also explore an upcoming Orin Kerr law review piece on how judicial construction of the Fourth amendment should be influenced by statutes that play in the same sandbox. 

In the news roundup, Maury Shenk provides an overview of the data protection logjam now building up in Brussels, including EU Parliament approval of the new US-EU law enforcement agreement. In FTC news, Katilin Cassel explains why Amazon is liable for kids’ in-app purchases; I seize on recent UK government advice not to change passwords too often to mock the FTC for its outmoded advice on the topic and its inability to shed its old guidance gracefully; and Maury and I examine how and why the FTC is enforcing quasi-voluntary privacy regimes like the Privacy Shield/Safe Harbor.

Katie explains HHS’s remarkable new enforcement policy – imposing large fines on health providers who voluntarily disclose a paperwork omission that caused no actual privacy harm. I flag the First Circuit’s decision to create a circuit conflict on the meaning of the Video Privacy Protection Act.

I express astonishment that the tech press continues to think there’s a constitutional problem with forcing someone to use his fingerprint to unlock a phone. The Onion and Operation Vowel Lift also make an appearance.