Enlightened Regulatory Capture
| Publication year | 2021 |
INTRODUCTION ................................................................................ 331
I. TRADITIONAL CONCEPTIONS OF REGULATORY CAPTURE .................................................................................... 333
A. Classic Unfavorable Views of Regulatory Capture ............ 335
1. What is the "Public Interest?" ....................................... 336
2. The Rise of Regulatory Capture and Adversarial Rulemaking ................................................................... 336
3. Responses to Regulatory Capture ................................. 339
B. Negotiated Rulemaking ...................................................... 340
1. The "Choice" to Use Negotiated Rulemaking .............. 341
2. Negotiated Rulemaking "Successes" ............................ 342
a. National Park Service-Cape Cod National Seashore Off-Road Vehicle Use ............................ 343
b. Implementation of the "No Child Left Behind Act" for Bureau of Indian Affairs-Funded Schools ................................................................... 345
c. Federal Aviation Administration Flight and Duty Time Rules .................................................... 347
3. Negotiated Rulemaking "Failures" ............................... 348
a. Implementation of Other Provisions of the "No Child Left Behind Act" .......................................... 349
II. CYBERSECURITY REGULATION: A CURIOUS COUNTER-EXAMPLE ............................................................... 351
A. HIPAA: An Experiment in Negotiated Rulemaking Alternatives ........................................................................ 353
1. Statutory Framework .................................................... 353
2. The National Committee on Vital and Health Statistics ........................................................................ 357
3. Creation of the HIPAA Security Rule .......................... 360
4. Management-Based Regulatory Delegation and Security Rule Compliance ............................................ 362
B. The Security Rule: Regulatory Capture Used for the Public Interest ..................................................................... 363
1. Literal Accounts "On the Ground"-HIPAA Security Rulemaking in Action .................................... 364
2. Structural Explanations: Statutory, Regulatory, and Incentives Analysis ....................................................... 366
3. Technological Explanations ......................................... 368
C. Is Cybersecurity Different? ................................................ 369
III. THE GENERAL CASE: HARNESSING PRIVATE EXPERTISE FOR PUBLIC INTEREST GOALS ....................... 370
A. Enlightened Regulatory Capture: Characteristics When Regulatory Capture Can Be Used to Engage Private Expertise for Public Goals .................................................. 371
B. An Empirical Research Agenda: Industries Potentially Suitable to Enlightened Regulatory Capture ...................... 374
C. Enlightened Regulatory Capture: A Hypothetical Example .............................................................................. 376
CONCLUSION .................................................................................... 377
INTRODUCTION
Traditional academic scholarship and political discourse generally view the concept of regulatory capture in a negative light. Indeed, empirical results demonstrate many examples of regulatory capture generating results contrary to the public interest, or at least servicing a small subset of private interests at the expense of goals articulated to serve broader segments of the polity.
Despite this generally negative view, some recent scholarship speculates that regulatory capture may be used to advance more "public" goals.(fn1) This Article takes a similar position, advancing the work of Dorit Rubinstein Reiss and Lawrence Baxter by providing a concrete empirical example of regulatory capture used to advance public goals.
Cybersecurity(fn2) presents a curious case where traditional concepts of capture-in which entities with power in a regulatory process use that power to advance their private interests(fn3)-do not seem to hold. Rather than advancing their private interests at the expense of articulated public goals,(fn4) the entities used that power to ensure the production of strong and effective security regulations even at a higher cost to themselves. Stated differently, structural characteristics of the regulatory process in the cybersecurity context arguably forced alignment of these regulated entities' interests with the "public interests" articulated by the legislature.
This Article explores the possibility of engaging private expertisethrough certain forms of regulatory capture to increase the legitimacy and efficacy of the regulatory process. Previous work on consensual rulemaking received mixed reviews in administrative law literature.(fn5) The seminal body of work on this type of hybrid rulemaking, conducted by Professor Philip Harter, led to the Negotiated Rulemaking Act (NRA) amendments to the Administrative Procedure Act (APA). While the results have been mixed, the balance of academic scholarship and agency choice suggests that current approaches to engaging private expertise have not achieved their full promise.
Building on Reiss' and Baxter's speculation and the groundwork laid by Harter, this Article presents cybersecurity as a successful case of engaging private expertise through legislatively encoded regulatory capture that aligned private with public interests. It contrasts this example with cases of negotiated rulemaking, a process also designed to engage private expertise but criticized for being too easily subjugated by private interests.(fn6) Based on these examinations and a thorough empirical treatment of the cybersecurity example,(fn7) I posit a set of general characteristics describing the regulatory environment/subject matter suggestive of when capture-like engagement of private expertise may succeed in aligning public and private interests. I describe this process, designed to leverage regulatory capture to harness private expertise for public goals, as Enlightened Regulatory Capture.
This Article proceeds in three Parts. Part I traces the development of consensual rulemaking and contextualizes this work within the existing debate on the NRA and regulatory capture more broadly. It examines case studies of negotiated rulemaking in action and discusses the efficacy of this process in the context of engaging private expertise to increase efficiency and legitimacy in administrative action. Part II examines the curious case of cybersecurity rulemaking under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in which representatives of private entities used their expertise to advance public interests. To the best of my knowledge, this is a unique circumstance, created possibly by Congressional accident.(fn8) This Part describes how the members of the pre-rulemaking committee, all of whom were representatives of interested parties, utilized their substantive expertise to develop the best regulations without prioritizing their entities' private interests. Finally, Part III explores the particular characteristics of the cybersecurity example that make capture an effective means to engage private expertise for public goals. Building on the work of Professor Harter, it generalizes a set of characteristics indicative of when such an approach may be successful and uses the analysis from Part I to hypothesize what other industrial sectors are suitable to regulation of this form. Finally, this Article concludes by recommending further Congressional and agency experimentation with this process and providing some suggestions for such experimentation.
In sum, this Article demonstrates two critical points. First, the concept of engaging private expertise through regulatory capture has not been a unilateral failure and deserves further consideration. Second...
To continue reading
Request your trial