Neil Gorsuch has been nominated as the new president’s choice for the Supreme Court. He still has to go through Senate confirmation hearings before officially becoming the ninth Justice on the highest court, but some are already discussing his potential impact on cybersecurity and privacy law.
Data security expert Richard Stiennon, chief strategy officer at Blancco Technology Group, said that Gorsuch’s record indicates a preference for accountability in breaches and the like.
“SCOTUS pick Neil Gorsuch is a staunch conservative and is better known for ruling on cases related to religious liberty, criminal law, reproductive/contraception and administrative law,” he told us via email. “But in the few cases that involved technology and digital rights, he hasn’t been very lenient on businesses and held them to a higher standard of accountability.”
One such example is his ruling to uphold a Colorado law requiring retailers who don’t have a physical presence in the state to notify their customers what they owe in taxes. This seems to indicate that he holds businesses to a higher standard of accountability and places the burden of proof on them to demonstrate how they collect, store and manage customer data—and ensure customers’ data privacy isn’t unnecessarily compromised.
“If you look at this ruling, it would suggest that Gorsuch puts customers’ rights first ahead of businesses,” Stiennon said. “In future cases related to violations of the EU GDPR’s ‘right to be forgotten,’ it will be interesting to see whether he brings down a heavy gavel of accountability on businesses.”
Gorsuch, if confirmed, will have a part to play in ongoing privacy and cybersecurity issues. That includes the case of Microsoft v. United States of America, which began in 2013 when a federal judge in New York ordered Microsoft to produce emails associated with a user’s account. The context of the case is that the emails were stored on servers in Dublin, and Microsoft argued that the US courts don't have authority over servers in other countries.
“If Microsoft loses and the case is sent up to the Supreme Court, it’ll be interesting to see how Gorsuch weighs in on if, when and how government should step in and demand tech companies to prove data is managed and erased properly,” Stiennon said.
Another issue may be net neutrality. Ajit Pai, the senior Republican on the Federal Communications Commission, was recently named chair of the regulators. He’s best-known for his opposition to net neutrality regulation, support for mega-mergers and opposition to data-privacy regulation for ISPs.
Working with his fellow Republican FCC commissioner Mike O'Rielly, Pai has indicated plans to revisit internet regulation.
In March 2015, the FCC voted in a 3-2 vote along party lines to reclassify broadband as a public utility—the result of a rocky year at the US’s top regulator. In January 2014, Verizon won its challenge of the Open Internet Order in the US Court of Appeals for the District of Columbia Circuit. Verizon argued that the FCC lacked the authority to enforce net neutrality because, it claimed, Congress did not grant the agency the ability to do so. And that's because broadband is not classified as a public utility, the way telecoms are.
After a series of legal challenges, the US Court of Appeals for the DC Circuit in June 2016 broadly upheld the FCC’s reclassification of broadband as a Title II service. Justices Tatel and Srinivasan, writing for the majority, affirmed the FCC’s broad discretion to reclassify wired broadband service as a telecommunications service, and found that none of the challenges raised to FCC authority had merit.
With Pai at the top however, there are likely to be changes in policy and new legal challenges.
“With a new head of the FCC who does not support net neutrality this may be an issue in coming years. Judge Gorsuch, being the strict Consitutionalist that he is, may rule to strike down net neutrality regulations,” Stiennon added.