Online

20/20 Hindsight and Looking Ahead: The Vision of the Five Eyes and What’s Next in the “Going Dark” Debate

The so-called “encryption debate” made national headlines in 2016 after Apple Inc. (“Apple”) declined to enable the Federal Bureau of Investigation (“FBI” or “the Bureau”) to unlock an iPhone recovered from one of the shooters involved in a terrorist attack in San Bernardino, California. The debate concerned whether the government should have the authority to compel technology manufacturers to create an “access key” for encrypted messages and share that key with law enforcement. Apple argued that allowing such access would undermine the security features of its products, while the U.S. Department of Justice (“DOJ”) insisted access was necessary to prevent future attacks. An existing dilemma came to the forefront: Should technology companies be able to use forms of encryption so secure that even they lack the keys? Or is such security not worth the possibility of allowing criminals to “go dark” from law enforcement?

While public attention on this issue has waned in recent years, the problem is not going away; instead, answers are needed now more than ever. As recently as December 2023, a leading technology company announced it would use end-to-end encryption (“E2EE”) as a default for calls and messages across some of its platforms. Analyzing the strengths and weaknesses of laws passed in other countries in The Five Eyes provides guidance for how the U.S. may best proceed with future legislation to promote privacy and security on a global scale.

Introduction

In 2015, then-FBI Director James Comey testified before the Senate Judiciary Committee, saying, “There’s no doubt that [the] use of encryption is part of terrorist tradecraft now.”1.Adam Nagourney, Ian Lovett & Richard Pérez-Peña, San Bernardino Shooting Kills at Least 14; Two Suspects Are Dead, N.Y. Times (Dec. 2, 2015), https://www.nytimes.com/‌2015/12/03/us/san-bernardino-shooting.html [https://perma.cc/4UJN-B78T].Show More Months earlier, a heavily armed couple had killed fourteen people and seriously injured seventeen others in San Bernardino, California.2.Daniel Kahn Gillmor, One of the FBI’s Major Claims in the iPhone Case is Fraudulent, ACLU (Mar. 7, 2016), https://www.aclu.org/news/privacy-technology/one-fbis-major-claims‌-iphone-case-fraudulent [https://perma.cc/YYF5-8UMQ].Show More As part of its investigation, the Bureau obtained a warrant to search an iPhone owned by one of the shooters, but the phone was programmed to automatically delete all data after ten failed password attempts.3.Government’s Ex Parte Application for Order Compelling Apple Inc. to Assist Agents in Search 1–2; Memorandum of Points and Authorities at 1­–2, 4, In re Search of an Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, California License Plate 35KGD203, No. 15-mj-00451 (C.D. Cal. Feb. 16, 2016).Show More Unable to unlock the phone due, in part, to encrypted user data, the FBI requested that Apple rewrite its software to disable security features and install it for investigators to gain access.4.See Letter from Tim Cook, CEO of Apple, to Apple Customers (Feb. 16, 2016), https://www.apple.com/customer-letter/ [https://perma.cc/P5G9-5A7N]; Apple’s Tim Cook: Complying with FBI Demand “Bad for America,” CBS News (Feb. 24, 2016, 9:02 PM), https://www.cbsnews.com/news/apples-tim-cook-complying-with-fbi-demand-bad-for-amer‌ica/ [https://perma.cc/59FU-YKXR]; Shara Tibken, Countdown to Doomsday: Apple, FBI Face Off in Court Tuesday, CNET (Mar. 19, 2016, 5:00 AM), https://www.cnet.com/news/‌privacy/apple-fbi-case-encryption-iphone-backdoor-hack-terrorism-privacy-surveillance/ [https://perma.cc/5AFT-H2LW].Show More Apple refused, arguing that deliberately weakening encryption on its devices by creating a “backdoor” through the encryption for law enforcement would make its products more susceptible to hacking by bad actors and foreign governments.5.See Reema Shah, Comment, Law Enforcement and Data Privacy: A Forward-Looking Approach, 125 Yale L.J. 543, 543 (2015).Show More

The dispute between Apple and the DOJ is the most prominent example of an ongoing and contentious debate about government regulation of E2EE.6.Mallory Knodel, Fred Baker, Olaf Kolkman, Sofía Celi & Gurshabad Grover, Definition of End-to-End Encryption, Internet Eng’g Task Force (June 13, 2022), https://www.ietf.org/‌archive/id/draft-knodel-e2ee-definition-04.html [https://perma.cc/8W7P-FG5L].Show More E2EE describes a secure communication method that prevents third-party access to data transferred from one device to another.7.Steven Song, Keeping Private Messages Private: End-to-End Encryption on Social Media, B.C. Intell. Prop. & Tech. F., 2020, at 1, 2.Show More Many forms of encryption can be accessed by anyone with the appropriate decryption key, but E2EE goes beyond other forms of encryption by limiting access to messages and data to only the communicating parties.8.How End-to-End Encryption in Google Messages Provides More Security, Google Messages, https://support.google.com/messages/answer/10262381?hl=en [https://perma.cc/‌2H7S-R3GX] (last visited Feb. 25, 2024).Show More E2EE scrambles data so only the sender and intended recipient may read E2EE messages; not even the manufacturer of the communication devices can access such data.9.Lucian Armasu, End-to-End Encryption Could’ve Protected Yahoo Mail Users from 2014 Data Breach and NSA Spying, Tom’s Hardware (Oct. 14, 2016), https://www.tomshardware.‌com/news/e2ee-yahoo-mail-hack-spying,32857.html [https://perma.cc/YGQ7-K5G2].Show More E2EE also ensures that data is encrypted before it is sent over a network, avoiding exposure of such communications to bad actors (such as hackers) in the event of a data breach.footnote_id_11_10 In this way, E2EE is considered the gold standard for ensuring consumer privacy. However, E2EE’s airtight seal means law enforcement may not be able to effectively investigate dangerous criminal activity unless the encryption is weakened. The modern encryption debate centers around a challenging dilemma: Should the government be able to compel technology companies to build systems in such a way that permits law enforcement access? Or should considerations about safeguarding privacy be paramount, even at the expense of governmental investigation and oversight?

Over the years, the two sides of the conversation have become increasingly polarized, with law enforcement groups on one side and privacy and civil liberties advocates on the other. Much has been written about the constitutionality of potential solutions to the cryptology debate. This Essay adds a new, unique perspective to the existing literature by discussing it within the context of rapidly evolving technology making E2EE policies instrumental to the lives of most Americans. Part I provides an overview of the debate within the technology and law enforcement communities and describes the failures of Congress to address the issue. Part II evaluates the strength of Australia’s and the United Kingdom’s approaches for addressing the problem. Finally, Part III provides recommendations for what Congress should do to address the encryption debate.

  1.  Sen. Charles E. Grassley Holds a Hearing on Oversight of the Federal Bureau of Investigation, S. Comm. on Judiciary (Dec. 9, 2015), https://congressional.proquest.com/‌cong‌ressional/docview/t65.d40.12090003.s98?accountid=14678 [https://perma.cc/DR82-DB‌N3].
  2.  Adam Nagourney, Ian Lovett & Richard Pérez-Peña, San Bernardino Shooting Kills at Least 14; Two Suspects Are Dead, N.Y. Times (Dec. 2, 2015), https://www.nytimes.com/‌2015/12/03/us/san-bernardino-shooting.html [https://perma.cc/4UJN-B78T].
  3.  Daniel Kahn Gillmor, One of the FBI’s Major Claims in the iPhone Case is Fraudulent, ACLU (Mar. 7, 2016), https://www.aclu.org/news/privacy-technology/one-fbis-major-claims‌-iphone-case-fraudulent [https://perma.cc/YYF5-8UMQ].
  4.  Government’s Ex Parte Application for Order Compelling Apple Inc. to Assist Agents in Search 1–2; Memorandum of Points and Authorities at 1­–2, 4, In re Search of an Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, California License Plate 35KGD203, No. 15-mj-00451 (C.D. Cal. Feb. 16, 2016).
  5.  See Letter from Tim Cook, CEO of Apple, to Apple Customers (Feb. 16, 2016), https://www.apple.com/customer-letter/ [https://perma.cc/P5G9-5A7N]; Apple’s Tim Cook: Complying with FBI Demand “Bad for America,” CBS News (Feb. 24, 2016, 9:02 PM), https://www.cbsnews.com/news/apples-tim-cook-complying-with-fbi-demand-bad-for-amer‌ica/ [https://perma.cc/59FU-YKXR]; Shara Tibken, Countdown to Doomsday: Apple, FBI Face Off in Court Tuesday, CNET (Mar. 19, 2016, 5:00 AM), https://www.cnet.com/news/‌privacy/apple-fbi-case-encryption-iphone-backdoor-hack-terrorism-privacy-surveillance/ [https://perma.cc/5AFT-H2LW].
  6.  See Reema Shah, Comment, Law Enforcement and Data Privacy: A Forward-Looking Approach, 125 Yale L.J. 543, 543 (2015).
  7.  Mallory Knodel, Fred Baker, Olaf Kolkman, Sofía Celi & Gurshabad Grover, Definition of End-to-End Encryption, Internet Eng’g Task Force (June 13, 2022), https://www.ietf.org/‌archive/id/draft-knodel-e2ee-definition-04.html [https://perma.cc/8W7P-FG5L].
  8.  Steven Song, Keeping Private Messages Private: End-to-End Encryption on Social Media, B.C. Intell. Prop. & Tech. F., 2020, at 1, 2.
  9.  How End-to-End Encryption in Google Messages Provides More Security, Google Messages, https://support.google.com/messages/answer/10262381?hl=en [https://perma.cc/‌2H7S-R3GX] (last visited Feb. 25, 2024).

  10.  Lucian Armasu, End-to-End Encryption Could’ve Protected Yahoo Mail Users from 2014 Data Breach and NSA Spying, Tom’s Hardware (Oct. 14, 2016), https://www.tomshardware.‌com/news/e2ee-yahoo-mail-hack-spying,32857.html [https://perma.cc/YGQ7-K5G2].

Cyber Vulnerabilities as Trade Secrets

Can a cybersecurity vulnerability—like a bug in code or a backdoor into a system—be a trade secret? Claiming a flaw as a trade secret may sound strange. Usually, talk of trade secrets conjures up images of scientists in laboratories or complex computer algorithms. But nothing in the definition of a trade secret excludes vulnerabilities. As the electronic theft of company secrets increases, recognizing cyber vulnerabilities as trade secrets could play an important role in safeguarding business information. For companies that depend on trade secret protections, increased digitalization means that their trade secrets may be exposed. And this exposure could result not only in diminished legal protections but also in a devastating loss of company profits, strategic advantage, or cutting-edge research. This Essay proposes that recognizing cyber vulnerabilities as trade secrets can limit those harms and protect important company information.

Introduction

Every year, trade secret theft costs American businesses between $225 billion and $600 billion.1.Fed. Bureau of Investigation, Executive Summary—China: The Risk to Corporate America (2019), https://www.fbi.gov/file-repository/china-exec-summary-risk-to-corporate-america-2019.pdf/view [https://perma.cc/93BF-FGZR].Show More Some of the thefts are perpetrated from the inside, like by a disgruntled employee who takes confidential files with him to his next job. But a significant portion of this figure comes from cyber espionage—digitally stealing confidential information or trade secrets from a commercial entity.2.See, e.g., Nicole Sganga, Chinese Hackers Took Trillions in Intellectual Property from About 30 Multinational Companies, CBS News (May 4, 2022, 12:01 AM), https://www.cbs‌news.com/news/chinese-hackers-took-trillions-in-intellectual-property-‌from-about-30-multi‌national-companies/ [https://perma.cc/WT93-T5HL] (noting that “[t]he CCP continues to increase its theft of U.S. technology and intellectual property” via hacking operations).Show More The digitalization of business records and data assist this form of cyber theft.3.Tim Maurer & Arthur Nelson, The Global Cyber Threat, Fin. & Dev. 24, 25 (Mar. 2021), https://www.imf.org/en/Publications/fandd/issues/2021/03/global-cyber-threat-to-financial-systems-maurer [https://perma.cc/6DN4-3YQR].Show More No longer do thieves need to break into a company’s offices and sneak out with physical files. Now, the crime can happen from anywhere, including the other side of the world.4.See, e.g., Phil Mercer, China Accused of Economic Espionage on an Unprecedented Scale, VOA News: East Asia (Oct. 18, 2023, 2:39 AM), https://www.voanews.com/a/china-accused-of-economic-espionage-on-an-unprecedented-scale/7315625.html [https://perma.cc/5ZPY-K‌4EV].Show More And as companies increase the amount of information they store digitally, “they have more bits and bytes worth stealing.”5.Corporate Espionage Is Entering a New Era, Economist (May 30, 2022), https://www.‌economist.com/business/2022/05/30/corporate-espionage-is-entering-a-new-era [https://perm‌a.cc/8NJ3-S4T8].Show More

Accompanying this increase in corporate espionage is an increase in the kinds of businesses targeted. The world of corporate spying is “no longer cent[e]red on a few ‘sensitive’ industries, such as defen[s]e and pharmaceuticals.”6.Id.Show More Any business is at risk of having its proprietary information electronically stolen. Instead of a rarity, corporate espionage has “become a general business risk.”7.Id.Show More

On top of the direct economic costs of corporate spying, this increase in cyber espionage greatly reduces companies’ incentives for innovation and investment.8.Steve Morgan, Global Cybercrime Damages Predicted to Reach $6 Trillion Annually by 2021, Cybercrime Mag. (Oct. 26, 2020), https://cybersecurityventures.com/annual-cyber‌crime-report-2020/ [https://perma.cc/JG3C-Q8WL].Show More And understandably so. There is less incentive to devote resources to research and development if that research, or any related proprietary information, could be compromised in a cyberattack. A competitor hiring a hacker to break into your system and steal your cutting-edge research is the modern-day version of a competitor hiring a photographer to take aerial photographs of your company’s new factory from an airplane. (Yes, that actually happened.)9.See E. I. duPont deNemours & Co. v. Christopher, 431 F.2d 1012, 1013 (5th Cir. 1970).Show More A foreign government may target American companies’ data to help their own businesses “catch up with advanced U.S. technology.”10 10.Eamon Javers, Inside China’s Spy War on American Corporations, CNBC (June 21, 2023, 9:10 PM), https://www.cnbc.com/2023/06/21/inside-chinas-spy-war-on-american-corporatio‌ns.html [https://perma.cc/LXB2-3MCU].Show More Or a cybercriminal may target your data in the hopes of selling it to a third party for a profit.11 11.See, e.g., United States v. Genovese, 409 F. Supp. 2d 253, 255 (S.D.N.Y. 2005) (describing defendant’s charges for attempting to resell Microsoft source code on his personal website).Show More Given the range of threats, keeping trade secrets “safely locked in the digital vault can be devilishly difficult.”12 12.Corporate Espionage Is Entering a New Era, supra note 5.Show More

Fortunately for companies, trade secret law has developed rapidly over the last few decades to provide robust protection against these thefts. The Economic Espionage Act was passed in 1996 to “protect the trade secrets of all businesses operating in the United States, foreign and domestic alike, from economic espionage and trade secret theft and deter and punish those who would intrude into, damage, or steal from computer networks.”13 13.President William J. Clinton, Statement on Signing the Economic Espionage Act of 1996, 32 Weekly Comp. Pres. Doc. 2040 (Oct. 11, 1996), reprinted in 1996 U.S.C.C.A.N. 4034.Show More The Computer Fraud and Abuse Act, most recently amended in 2008, allows for both criminal charges and civil suits against anyone who breaks into a computer “without authorization or exceeding authorized access.”14 14.18 U.S.C. § 1030(a)(1).Show More Nearly all fifty states have adopted the Uniform Trade Secrets Act (“UTSA”),15 15.Trade Secrets Act Enactment Map, Unif. L. Comm’n, https://www.uniformlaws.org/‌committees/community-home?CommunityKey=3a2538fb-e030-4e2d-a9e2-90373dc05792 [https://perma.cc/ML7V-BSCT] (last visited Feb. 26, 2024).Show More and Congress passed a federal version of the UTSA—the Defend Trade Secrets Act—in 2016.16 16.Defend Trade Secrets Act, Pub. L. No. 114-153, 130 Stat. 376 (2016).Show More So if a company’s top-secret formula is stolen, the legal system affords the company a variety of ways to remedy the issue.

But the problem of corporate espionage is not limited to stealing data or research outright. Though companies spent $219 billion globally on cybersecurity defenses in 2022,17 17.Matt Kapko, Global Cybersecurity Spending to Top $219B This Year: IDC, Cybersecurity Dive (Mar. 17, 2023), https://www.cybersecuritydive.com/news/cybersecurity-spending-increase-idc/645338/ [https://perma.cc/6TV9-D7QT].Show More there is no such thing as perfect cybersecurity, meaning that vulnerabilities—weaknesses in a system that can be exploited by an attacker—exist in any system.18 18.Jay Pil Choi, Chaim Fershtman & Neil Gandal, Network Security: Vulnerabilities and Disclosure Policy, 58 J. Indus. Econ. 868, 869 (2010).Show More Rather than hacking into a system and selling the data or information located within, some cybercriminals try to monetize these flaws by selling hacking tools, hidden exploits, or discovered system vulnerabilities on the black market.19 19.See, e.g., Kate O’Flaherty, Notorious Hacking Forum and Black Market Darkode is Back Online, Forbes (Apr. 10, 2019, 12:06 PM), https://www.forbes.com/sites/kateoflahertyuk/20‌19/04/10/notorious-hacking-forum-darkode-is-back-online/ [https://perma.cc/‌LX4Y-HY8J] (discussing a site on the black market which “serves as a venue for the sale & trade of hacking services, botnets, malware, and illicit goods and services”).Show More This market for previously undiscovered software flaws (otherwise known as zero-day vulnerabilities) is of particular concern because, unlike data theft, it is unregulated.20 20.Tom Gjelten, In Cyberwar, Software Flaws are a Hot Commodity, NPR (Feb. 12, 2013, 3:25 AM), https://www.npr.org/2013/02/12/171737191/in-cyberwar-software-flaws-are-a-ho‌t-commodity#:~:text=In%20the%20context%20of%20escalating,inside%20his%20‌ene‌my%‌27s%20computer%20network [https://perma.cc/JT9J-NZSL].Show More

Currently, there is a private market for weeding cybersecurity vulnerabilities out of companies’ systems. Some cyber specialists, often dubbed “white hat hackers,” search company systems and equipment for vulnerabilities and report their findings to the company, sometimes for a small reward.21 21.Chris Teague, White Hat Hacker Cracked Toyota’s Supplier Portal, Autoblog (Feb. 8, 2023, 9:35 AM), https://www.autoblog.com/2023/02/08/white-hat-hacker-toyota-supplier-po‌rtal/ [https://perma.cc/B8V2-7NPE].Show More More proactive companies hire hacking specialists to find weak spots in their systems so they can address these issues before they are exploited.22 22.David Rudin, Safety Net: Hackers for Hire Help Companies Find Their Weak Spots, Fin. Post (Mar. 3, 2023), https://financialpost.com/cybersecurity/hackers-help-companies-find-we‌ak-spots [https://perma.cc/HPV2-H3D9].Show More

But the private market goes both ways: just as some hackers choose to sell their findings back to the company whose system is at risk, others choose to sell the information to competitor companies, foreign governments, or other interested parties.23 23.Andi Wilson, Ross Schulman, Kevin Bankston & Trey Herr, New Am., Cybersecurity Initiative, Open Tech. Inst., Bugs in the System: A Primer on the Software Vulnerability Ecosystem and Its Policy Implications 15–18 (2016), https://www.newamerica.org/oti/policy-papers/bugs-system/ [https://perma.cc/53AM-DYRN].Show More And for good reason—the price on the black market for vulnerabilities is often ten to one hundred times higher than on the white market.24 24.Lillian Ablon, Martin C. Libicki & Andrea A. Golay, Markets for Cybercrime Tools and Stolen Data: Hacker’s Bazaar 26 (2014).Show More As the black market for vulnerabilities grows, companies’ proprietary information is put increasingly at risk.

Unfortunately, due to the lack of regulation of this market, there has been little stopping the growth in corporate espionage. Existing suggestions in academic literature for tackling the global trade in zero-day vulnerabilities include criminalization,25 25.Mailyn Fidler, Regulating the Zero-Day Vulnerability Trade: A Preliminary Analysis, 11 I/S: J.L. & Pol’y for Info. Soc’y 405, 424 (2015).Show More regulation through export controls,26 26.Id. at 432.Show More and “increasing the payouts offered on the white market through a combination of liability protections, tax benefits, and subsidies.”27 27.Nathan Alexander Sales, Privatizing Cybersecurity, 65 UCLA L. Rev. 620, 620 (2018).Show More This Essay offers a simple alternative—or supplement—to these options: protecting cyber vulnerabilities through trade secret law.

By correctly applying trade secret law to zero-day vulnerabilities, companies will be afforded many options to protect their cybersecurity weaknesses from falling into the hands of their competitors or the public. A company whose system has been poked and prodded for vulnerabilities could bring trade secret claims under the applicable law, which could award them not only damages but also an injunction to prevent disclosure or use of the weakness. Federal trade secret law also allows for courts to issue warrants for property seizure, which could prevent the offending individual or organization not only from disseminating the vulnerability but also from conducting further operations.28 28.18 U.S.C. § 1836(b)(2)(A)(i).Show More Under the Economic Espionage Act or Computer Fraud and Abuse Act, an offending hacker—or competitor who knowingly uses stolen information—could be held criminally liable.29 29.Id. §§ 1832, 1030(a), (c).Show More Trade secret law provides companies with many powerful tools for combatting the growing vulnerability black market. By treating vulnerabilities as trade secrets, the legal system will provide companies with far more protections for their systems’ weaknesses than currently exist. This, in turn, will help protect their underlying research and data.

One case has contemplated the application of cybercrime law to system vulnerabilities. In 2008, three undergraduate students at the Massachusetts Institute of Technology (“MIT”) planned to present research at a cybersecurity conference that exposed “weaknesses in common subway fare collection systems,” particularly the Massachusetts Bay Transportation Authority (“MBTA”).30 30.Complaint at 1, 7, Mass. Bay Transp. Auth. v. Anderson, No. 08-cv-11364 (D. Mass. Aug. 8, 2008).Show More Their demonstration promised to “present several attacks to completely break the CharlieCard” (the MBTA’s subway card), “release several open source tools [they] wrote to perform these attacks,” and reveal “how [they] broke these systems.”31 31.Id. at 7.Show More

Ironically, the students’ presentation included a slide with the text: “What this talk is not: evidence in court (hopefully).”32 32.Complaint, Exhibit 7 at 3, Mass. Bay Transp. Auth., No. 08-cv-11364 (emphasis added).Show More But before they could give their presentation, the MBTA sued, alleging the students’ research violated the Computer Fraud and Abuse Act (“CFAA”).33 33.Complaint, supra note 30, at 12.Show More Though the MBTA was initially granted a temporary restraining order, the U.S. District Court for the District of Massachusetts later denied the MBTA’s request for a preliminary injunction and dissolved the restraining order, finding that discussing the system’s vulnerabilities was likely not the sort of “transmission” covered by the CFAA.34 34.Transcript of Motion Hearing at 60, 65, Mass. Bay Transp. Auth., No. 08-cv-11364(D. Mass. Aug. 19, 2008).Show More

But the District of Massachusetts’s ruling is not the end-all-be-all for legal protection of vulnerabilities. The MBTA brought suit under the Computer Fraud and Abuse Act, not the Uniform Trade Secrets Act, as Massachusetts had yet to adopt the UTSA.35 35.Complaint, supra note 30, at 12.Show More Nearly a decade later, the Massachusetts legislature passed the Massachusetts Uniform Trade Secrets Act, bringing it up to speed with forty-eight other states.36 36.Aaron Nicodemus, Massachusetts Adopts Uniform Trade Secret Law, Bloomberg L. (Aug. 16, 2018, 5:29 PM), https://news.bloomberglaw.com/ip-law/massachusetts-adopts-unif‌orm-trade-secrets-law [https://perma.cc/FYS3-QAG4]. New York has not adopted the Uniform Trade Secrets Act and instead still relies on common law tort claims. Though North Carolina has not adopted the UTSA, it is counted as one of the forty-nine because its state trade secrets law is very similar to the UTSA. See Christopher T. Zirpoli, Cong. Rsch. Serv., IF12315, An Introduction to Trade Secrets Law in the United States (2023).Show More

Under the UTSA, the court’s decision to dissolve the temporary restraining order and deny preliminary injunctive relief could have come out very differently. A vulnerability or weakness in a company’s cybersecurity could qualify as a trade secret under the UTSA. Not only will recognizing vulnerabilities as trade secrets protect against innocent disclosures of proprietary information, as in the MBTA case, but it will also help reduce the growing threat of cyber espionage and weaken the market for vulnerabilities.

Part I of this Essay explains why vulnerabilities ought to qualify for trade secret protections under the definition of a trade secret in the Uniform Trade Secrets Act. Part II makes a normative argument for including vulnerabilities in trade secret protection. The Essay concludes by briefly revisiting the MBTA case to show how affording vulnerabilities protection under the UTSA would prevent future harms to the MBTA.

  1.  Fed. Bureau of Investigation, Executive Summary—China: The Risk to Corporate America (2019), https://www.fbi.gov/file-repository/china-exec-summary-risk-to-corporate-america-2019.pdf/view [https://perma.cc/93BF-FGZR].

  2.  See, e.g., Nicole Sganga, Chinese Hackers Took Trillions in Intellectual Property from About 30 Multinational Companies, CBS News (May 4, 2022, 12:01 AM), https://www.cbs‌news.com/news/chinese-hackers-took-trillions-in-intellectual-property-‌from-about-30-multi‌national-companies/ [https://perma.cc/WT93-T5HL] (noting that “[t]he CCP continues to increase its theft of U.S. technology and intellectual property” via hacking operations).

  3.  Tim Maurer & Arthur Nelson, The Global Cyber Threat, Fin. & Dev. 24, 25 (Mar. 2021), https://www.imf.org/en/Publications/fandd/issues/2021/03/global-cyber-threat-to-financial-systems-maurer [https://perma.cc/6DN4-3YQR].
  4.  See, e.g., Phil Mercer, China Accused of Economic Espionage on an Unprecedented Scale, VOA News: East Asia (Oct. 18, 2023, 2:39 AM), https://www.voanews.com/a/china-accused-of-economic-espionage-on-an-unprecedented-scale/7315625.html [https://perma.cc/5ZPY-K‌4EV].
  5.  Corporate Espionage Is Entering a New Era, Economist (May 30, 2022), https://www.‌economist.com/business/2022/05/30/corporate-espionage-is-entering-a-new-era [https://perm‌a.cc/8NJ3-S4T8].
  6.  Id.
  7.  Id.
  8.  Steve Morgan, Global Cybercrime Damages Predicted to Reach $6 Trillion Annually by 2021, Cybercrime Mag. (Oct. 26, 2020), https://cybersecurityventures.com/annual-cyber‌crime-report-2020/ [https://perma.cc/JG3C-Q8WL].
  9.  See E. I. duPont deNemours & Co. v. Christopher, 431 F.2d 1012, 1013 (5th Cir. 1970).
  10.  Eamon Javers, Inside China’s Spy War on American Corporations, CNBC (June 21, 2023, 9:10 PM), https://www.cnbc.com/2023/06/21/inside-chinas-spy-war-on-american-corporatio‌ns.html [https://perma.cc/LXB2-3MCU].
  11.  See, e.g., United States v. Genovese, 409 F. Supp. 2d 253, 255 (S.D.N.Y. 2005) (describing defendant’s charges for attempting to resell Microsoft source code on his personal website).
  12.  Corporate Espionage Is Entering a New Era, supra note 5.
  13.  President William J. Clinton, Statement on Signing the Economic Espionage Act of 1996, 32 Weekly Comp. Pres. Doc. 2040 (Oct. 11, 1996), reprinted in 1996 U.S.C.C.A.N. 4034.
  14.  18 U.S.C. § 1030(a)(1).
  15.  Trade Secrets Act Enactment Map, Unif. L. Comm’n, https://www.uniformlaws.org/‌committees/community-home?CommunityKey=3a2538fb-e030-4e2d-a9e2-90373dc05792 [https://perma.cc/ML7V-BSCT] (last visited Feb. 26, 2024).
  16.  Defend Trade Secrets Act, Pub. L. No. 114-153, 130 Stat. 376 (2016).
  17.  Matt Kapko, Global Cybersecurity Spending to Top $219B This Year: IDC, Cybersecurity Dive (Mar. 17, 2023), https://www.cybersecuritydive.com/news/cybersecurity-spending-increase-idc/645338/ [https://perma.cc/6TV9-D7QT].
  18.  Jay Pil Choi, Chaim Fershtman & Neil Gandal, Network Security: Vulnerabilities and Disclosure Policy, 58 J. Indus. Econ. 868, 869 (2010).
  19.  See, e.g., Kate O’Flaherty, Notorious Hacking Forum and Black Market Darkode is Back Online, Forbes (Apr. 10, 2019, 12:06 PM), https://www.forbes.com/sites/kateoflahertyuk/20‌19/04/10/notorious-hacking-forum-darkode-is-back-online/ [https://perma.cc/‌LX4Y-HY8J] (discussing a site on the black market which “serves as a venue for the sale & trade of hacking services, botnets, malware, and illicit goods and services”).
  20.  Tom Gjelten, In Cyberwar, Software Flaws are a Hot Commodity, NPR (Feb. 12, 2013, 3:25 AM), https://www.npr.org/2013/02/12/171737191/in-cyberwar-software-flaws-are-a-ho‌t-commodity#:~:text=In%20the%20context%20of%20escalating,inside%20his%20‌ene‌my%‌27s%20computer%20network [https://perma.cc/JT9J-NZSL].
  21.  Chris Teague, White Hat Hacker Cracked Toyota’s Supplier Portal, Autoblog (Feb. 8, 2023, 9:35 AM), https://www.autoblog.com/2023/02/08/white-hat-hacker-toyota-supplier-po‌rtal/ [https://perma.cc/B8V2-7NPE].
  22.  David Rudin, Safety Net: Hackers for Hire Help Companies Find Their Weak Spots, Fin. Post (Mar. 3, 2023), https://financialpost.com/cybersecurity/hackers-help-companies-find-we‌ak-spots [https://perma.cc/HPV2-H3D9].
  23.  Andi Wilson, Ross Schulman, Kevin Bankston & Trey Herr, New Am., Cybersecurity Initiative, Open Tech. Inst., Bugs in the System: A Primer on the Software Vulnerability Ecosystem and Its Policy Implications 15–18 (2016), https://www.newamerica.org/oti/policy-papers/bugs-system/ [https://perma.cc/53AM-DYRN].
  24.  Lillian Ablon, Martin C. Libicki & Andrea A. Golay, Markets for Cybercrime Tools and Stolen Data: Hacker’s Bazaar 26 (2014).
  25.  Mailyn Fidler, Regulating the Zero-Day Vulnerability Trade: A Preliminary Analysis, 11 I/S: J.L. & Pol’y for Info. Soc’y 405, 424 (2015).
  26.  Id. at 432.
  27.  Nathan Alexander Sales, Privatizing Cybersecurity, 65 UCLA L. Rev. 620, 620 (2018).
  28.  18 U.S.C. § 1836(b)(2)(A)(i).
  29.  Id. §§ 1832, 1030(a), (c).
  30.  Complaint at 1, 7, Mass. Bay Transp. Auth. v. Anderson, No. 08-cv-11364 (D. Mass. Aug. 8, 2008).
  31.  Id. at 7.
  32.  Complaint, Exhibit 7 at 3, Mass. Bay Transp. Auth., No. 08-cv-11364 (emphasis added).
  33.  Complaint, supra note 30, at 12.
  34.  Transcript of Motion Hearing at 60, 65, Mass. Bay Transp. Auth., No. 08-cv-11364 (D. Mass. Aug. 19, 2008).
  35.  Complaint, supra note 30, at 12.

  36.  Aaron Nicodemus, Massachusetts Adopts Uniform Trade Secret Law, Bloomberg L. (Aug. 16, 2018, 5:29 PM), https://news.bloomberglaw.com/ip-law/massachusetts-adopts-unif‌orm-trade-secrets-law [https://perma.cc/FYS3-QAG4]. New York has not adopted the Uniform Trade Secrets Act and instead still relies on common law tort claims. Though North Carolina has not adopted the UTSA, it is counted as one of the forty-nine because its state trade secrets law is very similar to the UTSA. See Christopher T. Zirpoli, Cong. Rsch. Serv., IF12315, An Introduction to Trade Secrets Law in the United States (2023).

One Year Post-Bruen: An Empirical Assessment

In the year after New York State Rifle & Pistol Association v. Bruen, a steady stream of highly publicized opinions struck down a wide range of previously upheld gun restrictions. Courts declared unconstitutional policies ranging from assault weapon bans to domestic abuser prohibitions to various limits on publicly carrying handguns. Those opinions can frequently be paired with others reaching the opposite conclusion. The extent to which Bruen shook up the Second Amendment landscape and has caused widespread confusion in the courts is starting to come into focus.

This Essay measures Bruen’s aftereffects by statistically analyzing a year’s worth of Second Amendment opinions. We coded more than 450 challenges for dozens of variables including both case and judge characteristics, resulting in a comprehensive post-Bruen Second Amendment dataset. The findings of our analysis provide an objective basis for assessing the upheaval wrought by Bruen and highlight both unanswered questions and immense challenges for Second Amendment doctrine in the coming years.

Introduction

In District of Columbia v. Heller, the Supreme Court announced that the Second Amendment protects an individual right to keep and bear arms for private purposes like self-defense, while emphasizing that the right—like all constitutional rights—is subject to various forms of regulation.1.554 U.S. 570 (2008).Show More The Court did not announce any overarching test for evaluating the constitutionality of gun laws but invited such doctrinal development in the lower courts. Thereafter, in well over 1,000 opinions, doctrine took shape and seemed to solidify, with judges achieving near-uniformity regarding both methodology2.See N.Y. State Rifle & Pistol Ass’n v. Bruen, 142 S. Ct. 2111, 2125 (2022) (“[T]he Courts of Appeals have coalesced around a ‘two-step’ framework for analyzing Second Amendment challenges that combines history with means-end scrutiny.”); id. at 2174 (Breyer, J., dissenting) (“[E]very Court of Appeals to have addressed the question has agreed on a two-step framework for evaluating whether a firearm regulation is consistent with the Second Amendment.”).Show More and outcomes.3.Eric Ruben & Joseph Blocher, From Theory to Doctrine: An Empirical Analysis of the Right to Keep and Bear Arms After Heller, 67 Duke L.J. 1433 (2018) [hereinafter Ruben & Blocher, From Theory to Doctrine] (empirically analyzing post-Heller Second Amendment case law).Show More But in New York State Rifle & Pistol Association v. Bruen, the Supreme Court declared that the consensus doctrine was wrongheaded,4.Bruen, 142 S. Ct. at 2127 (“Despite the popularity of this two-step approach, it is one step too many.”).Show More announcing a novel and heavily originalist approach to evaluating modern gun laws. Bruen gave the Second Amendment a second wind, and thus set up a remarkable “natural experiment”: How does a dramatic methodological overhaul affect constitutional litigation and success rates?

Legal scholarship after Bruen has focused primarily on analyzing the Supreme Court’s historical-analogical test. Bruen cast aside a conventional methodological approach that combined textual and historical analysis with consideration of contemporary costs and benefits, instead announcing that Second Amendment decisions should be based solely on textual and historical analyses.5.Id. (“[H]ellerand McDonald do not support applying means-end scrutiny in the Second Amendment context. Instead, the government must affirmatively prove that its firearms regulation is part of the historical tradition that delimits the outer bounds of the right to keep and bear arms.”).Show More Particularly, the Supreme Court indicated that the government must point to analogous regulations from the era of the Second Amendment’s enactment in 1791, or from the era of the Fourteenth Amendment’s enactment in 1868, to justify the constitutionality of modern-day gun regulations.6.Id. at 2131–34. Justice Amy Coney Barrett wrote a concurring opinion to emphasize that the majority did not resolve the proper temporal focus for Bruen’s historical-analogical test. Id. at 2162–63 (Barrett, J., concurring). Lower court judges have diverged on this point. CompareNat’l Rifle Ass’n v. Bondi, 61 F.4th 1317, 1322 (11th Cir.), reh’g en banc granted, opinion vacated, 72 F.4th 1346 (11th Cir. 2023) (“[H]istorical sources from the Reconstruction Era are more probative of the Second Amendment’s scope than those from the Founding Era.”), with United States v. Price, 635 F. Supp. 3d 455, 460 (S.D.W. Va. 2022) (“[The Second Amendment] analysis is constrained by the Supreme Court’s definition of ‘historical tradition’ as the time of the founding and ratification of the Second Amendment in 1791.”).Show More Scholarship has compared Bruen’s “originalism-by-analogy” with existing originalist approaches,7.See, e.g., Joseph Blocher & Eric Ruben, Originalism-by-Analogy and Second Amendment Adjudication, 133 Yale L.J. 99, 102–03 (2023) [hereinafter Blocher & Ruben, Originalism-by-Analogy] (describing debate).Show More assessed Bruen’s departure from other constitutional rights doctrines,8.See, e.g., Timothy Zick, Second Amendment Exceptionalism: Public Expression and Public Carry, 102 Tex. L. Rev. 65, 67 (2023) (rejecting Supreme Court’s claim that Bruen’s approach comports with First Amendment free-speech doctrine).Show More critiqued Bruen’s test as underspecified,9.See, e.g., Jacob D. Charles, The Dead Hand of a Silent Past: Bruen, Gun Rights, and the Shackles of History, 73 Duke L.J. 67, 76 (2023).Show More and taken issue with Bruen’s reading of the historical record.10 10.See, e.g., Andrew Willinger, The Territories Under Text, History, and Tradition, 101 Wash. U. L. Rev. 1, 20 (2023); Patrick J. Charles, The Fugazi Second Amendment: Bruen’s Text, History, and Tradition Problem and How to Fix It, 71 Clev. St. L. Rev. 623, 692 (2023); Saul Cornell, Cherry-Picked History and Ideology-Driven Outcomes: Bruen’s Originalist Distortions, SCOTUSblog (Jun. 27, 2022, 5:05 PM), https://www.scotusblog.com/‌2022/‌06/cherry-picked-history-and-ideology-driven-outcomes-bruens-originalist-distortions [https://perma.cc/HN2Q-H64F].Show More

But Bruen also offers a unique opportunity for empirical legal analysis. Within days of Bruen, on Westlaw, red flags accompanied nearly every post-Heller Second Amendment case, a warning that those decisions were no longer good law.11 11.See Blocher & Ruben, Originalism-by-Analogy, supra note 7, at 114 n.80.Show More And litigants ranging from individual gun owners to criminal defendants to gun rights advocacy groups heeded that signal, bringing challenge after challenge, leading to 326 Second Amendment opinions ruling on 464 claims in the span of one year. Bruen effectively restarted the Second Amendment litigation clock, and the resulting opinions make up a discrete data source.

This Essay analyzes that data to take an initial measurement of the post-Bruen world.12 12.We join one other published empirical analysis conducted after Bruen. See Charles, supra note 9. Our results corroborate Charles’s excellent qualitative analysis and build on it by including state opinions, additional variables including attitudinal variables, and more advanced statistical analysis. As with any comparison of empirical studies, it is important to keep in mind methodological differences. One worth mentioning because it affects our overall claim count is that we separated claims more granularly, for example, by separately counting each challenge to different sensitive places within a single opinion. Cf. id. at 124 n.346 (grouping claims by topic rather than separating out each individual provision).Show More Doing so at this early stage has a key benefit of capturing judicial work from first principles. Many empirical legal analyses focus solely on appellate cases.13 13.See, e.g., Adam M. Samaha & Roy Germano, Is the Second Amendment a Second-Class Right?, 68 Duke L.J. Online 57, 59 (2018).Show More But we see value in providing a snapshot of the first judicial attempts to implement Bruen, before appellate precedent builds up and stare decisis crowds out the sort of historical-analogical reasoning Bruen mandates.14 14.As Justice Benjamin Cardozo put it, precedent “fix[es] the point of departure from which the labor of the judge begins.” Benjamin N. Cardozo, The Nature of the Judicial Process 20 (1921); see also Amy Coney Barrett & John Copeland Nagle, Congressional Originalism, 19 U. Pa. J. Const. L. 1, 1 (2016) (“Precedent poses a notoriously difficult problem for originalists.”).Show More Bruen places novel and, in many ways, extraordinary demands on trial courts, including the evaluation of centuries of historical evidence. Now is a good time to take stock of the consequences of announcing such a new Second Amendment test by assessing the relationship between case characteristics, judge characteristics, and success rates, and then comparing our findings with pre-Bruen statistics.

Of course, empirical legal analysis has well-known limitations and cannot answer all questions about evolving Second Amendment doctrine. Setting outcomes as the dependent variable and omitting deeper consideration of the reasoning judges provide for those outcomes omits a key aspect of the judicial process.15 15.See H. Jefferson Powell, A Response to Professor Knight, Are Empiricists Asking the Right Questions About Judicial Decisionmaking?, 58 Duke L.J. 1725, 1727 (2009) (observing the importance of considering “[t]he form and content of the judicial opinion” in addition to outcomes).Show More Moreover, codable proxies for multitudinous concepts such as using the party of nominating president for ideology16 16.See generally Adam Bonica & Maya Sen, Estimating Judicial Ideology, 35 J. Econ. Persps. 97 (2021) (assessing strengths and drawbacks of different measures of judicial ideology).Show More or using a binary “relief granted at least in part” for “success” overlook finer distinctions. And, of course, stopping our data collection at the one-year mark after Bruen necessarily omits developments after that cut-off point. Similar drawbacks inhere in all legal empirical projects, and ours should be qualified accordingly.

We nonetheless believe empirical legal studies are valuable for raising questions about constitutional litigation, and Second Amendment litigation in particular, even if they do not always point to obvious answers. They can “help[] inform litigants, policymakers, and society as a whole about how the legal system works.”17 17.Theodore Eisenberg, Why Do Empirical Legal Scholarship?, 41 San Diego L. Rev. 1741, 1741 (2004).Show More And this is especially so in the Second Amendment context in light of Bruen’s extraordinary doctrinal upheaval and the pending Second Amendment case before the Supreme Court, United States v. Rahimi.18 18.United States v. Rahimi, 61 F.4th 443 (5th Cir. 2023), cert. granted, 143 S. Ct. 2688 (2023) (No. 22-915).Show More An express rationale in Bruen for prescribing a new test of historical analogy was to make the doctrine “more administrable” than conventional means-ends scrutiny.19 19.N.Y. State Rifle & Pistol Ass’n v. Bruen, 142 S. Ct. 2111, 2130 (2022).Show More The majority dismissed as “unpersua[sive]” the dissent’s complaint that historical analogy would be difficult to apply by lower court judges, who would, at worst, rely on their policy preferences to make decisions.20 20.Id. at 2130 n.6; id. at 2179–80 (Breyer, J., dissenting).Show More Analyzing post-Bruen outcomes in similar cases is one way to test whether the early returns support the Bruen majority’s rejection of the dissent’s concerns.

And, indeed, our analysis demonstrates Bruen’s seismic impact. The pace of litigation after the opinion has far surpassed the tremendous pace of litigation after Heller.21 21.See infra Section II.A.Show More And litigants have good reason for alacrity: the success rate of Second Amendment claims also far surpasses the post-Heller success rate.22 22.See infra Section II.B.Show More But readily apparent fault lines, and widespread inconsistencies, have also emerged.23 23.See infra Section II.C.Show More Judicial ideology is one explanation for discrepancies, as a statistically significant gap exists between the rate that Republican- and Democratic-nominated judges grant Second Amendment relief.24 24.See infra Section II.D.Show More Other factors, such as the type of law being challenged, also matter, with challenges to sensitive place restrictions having a particularly high likelihood of success.25 25.See infra Part III.Show More Still, our findings suggest that Bruen has not meaningfully constrained judges—indeed, judicial ideology is predictive of outcomes after Bruen, even when taking into account other case characteristics.

This Essay proceeds in three Parts. Part I describes our methodology. Part II presents our data and offers a descriptive analysis. Part III reports the results of our regression analysis.

  1.  554 U.S. 570 (2008).
  2.  See N.Y. State Rifle & Pistol Ass’n v. Bruen, 142 S. Ct. 2111, 2125 (2022) (“[T]he Courts of Appeals have coalesced around a ‘two-step’ framework for analyzing Second Amendment challenges that combines history with means-end scrutiny.”); id. at 2174 (Breyer, J., dissenting) (“[E]very Court of Appeals to have addressed the question has agreed on a two-step framework for evaluating whether a firearm regulation is consistent with the Second Amendment.”).
  3.  Eric Ruben & Joseph Blocher, From Theory to Doctrine: An Empirical Analysis of the Right to Keep and Bear Arms After Heller, 67 Duke L.J. 1433 (2018) [hereinafter Ruben & Blocher, From Theory to Doctrine] (empirically analyzing post-Heller Second Amendment case law).
  4.  Bruen, 142 S. Ct. at 2127 (“Despite the popularity of this two-step approach, it is one step too many.”).
  5.  Id. (“[H]eller and McDonald do not support applying means-end scrutiny in the Second Amendment context. Instead, the government must affirmatively prove that its firearms regulation is part of the historical tradition that delimits the outer bounds of the right to keep and bear arms.”).
  6.  Id. at 2131–34. Justice Amy Coney Barrett wrote a concurring opinion to emphasize that the majority did not resolve the proper temporal focus for Bruen’s historical-analogical test. Id. at 2162–63 (Barrett, J., concurring). Lower court judges have diverged on this point. Compare Nat’l Rifle Ass’n v. Bondi, 61 F.4th 1317, 1322 (11th Cir.), reh’g en banc granted, opinion vacated, 72 F.4th 1346 (11th Cir. 2023) (“[H]istorical sources from the Reconstruction Era are more probative of the Second Amendment’s scope than those from the Founding Era.”), with United States v. Price, 635 F. Supp. 3d 455, 460 (S.D.W. Va. 2022) (“[The Second Amendment] analysis is constrained by the Supreme Court’s definition of ‘historical tradition’ as the time of the founding and ratification of the Second Amendment in 1791.”).
  7.  See, e.g., Joseph Blocher & Eric Ruben, Originalism-by-Analogy and Second Amendment Adjudication, 133 Yale L.J. 99, 102–03 (2023) [hereinafter Blocher & Ruben, Originalism-by-Analogy] (describing debate).
  8.  See, e.g., Timothy Zick, Second Amendment Exceptionalism: Public Expression and Public Carry, 102 Tex. L. Rev. 65, 67 (2023) (rejecting Supreme Court’s claim that Bruen’s approach comports with First Amendment free-speech doctrine).
  9.  See, e.g., Jacob D. Charles, The Dead Hand of a Silent Past: Bruen, Gun Rights, and the Shackles of History, 73 Duke L.J. 67, 76 (2023).
  10.  See, e.g., Andrew Willinger, The Territories Under Text, History, and Tradition, 101 Wash. U. L. Rev. 1, 20 (2023); Patrick J. Charles, The Fugazi Second Amendment: Bruen’s Text, History, and Tradition Problem and How to Fix It, 71 Clev. St. L. Rev. 623, 692 (2023); Saul Cornell, Cherry-Picked History and Ideology-Driven Outcomes: Bruen’s Originalist Distortions, SCOTUSblog (Jun. 27, 2022, 5:05 PM), https://www.scotusblog.com/‌2022/‌06/cherry-picked-history-and-ideology-driven-outcomes-bruens-originalist-distortions [https://perma.cc/HN2Q-H64F].
  11.  See Blocher & Ruben, Originalism-by-Analogy, supra note 7, at 114 n.80.
  12.  We join one other published empirical analysis conducted after Bruen. See Charles, supra note 9. Our results corroborate Charles’s excellent qualitative analysis and build on it by including state opinions, additional variables including attitudinal variables, and more advanced statistical analysis. As with any comparison of empirical studies, it is important to keep in mind methodological differences. One worth mentioning because it affects our overall claim count is that we separated claims more granularly, for example, by separately counting each challenge to different sensitive places within a single opinion. Cf. id. at 124 n.346 (grouping claims by topic rather than separating out each individual provision).
  13.  See, e.g., Adam M. Samaha & Roy Germano, Is the Second Amendment a Second-Class Right?, 68 Duke L.J. Online 57, 59 (2018).
  14.  As Justice Benjamin Cardozo put it, precedent “fix[es] the point of departure from which the labor of the judge begins.” Benjamin N. Cardozo, The Nature of the Judicial Process 20 (1921); see also Amy Coney Barrett & John Copeland Nagle, Congressional Originalism, 19 U. Pa. J. Const. L. 1, 1 (2016) (“Precedent poses a notoriously difficult problem for originalists.”).
  15.  See H. Jefferson Powell, A Response to Professor Knight, Are Empiricists Asking the Right Questions About Judicial Decisionmaking?, 58 Duke L.J. 1725, 1727 (2009) (observing the importance of considering “[t]he form and content of the judicial opinion” in addition to outcomes).
  16.  See generally Adam Bonica & Maya Sen, Estimating Judicial Ideology, 35 J. Econ. Persps. 97 (2021) (assessing strengths and drawbacks of different measures of judicial ideology).
  17.  Theodore Eisenberg, Why Do Empirical Legal Scholarship?, 41 San Diego L. Rev. 1741, 1741 (2004).
  18.  United States v. Rahimi, 61 F.4th 443 (5th Cir. 2023), cert. granted, 143 S. Ct. 2688 (2023) (No. 22-915).
  19.  N.Y. State Rifle & Pistol Ass’n v. Bruen, 142 S. Ct. 2111, 2130 (2022).
  20.  Id. at 2130 n.6; id. at 2179–80 (Breyer, J., dissenting).
  21.  See infra Section II.A.
  22.  See infra Section II.B.
  23.  See infra Section II.C.
  24.  See infra Section II.D.

  25.  See infra Part III.

©Virginia Law Review Association. All rights reserved.