CLIP-ings: December 14, 2018

Internet Governance

White House Requires Agencies To Strengthen Cybersecurity: A memo issued by the Office of Management and Budget expands the criteria of what constitutes a “high-value asset” and instructs all federal agencies to work with the Department of Homeland Security to ensure those assets are adequately protected.

FCC Allows Carriers To Block Texts: The Federal Communications Commission voted to classify SMS text messages as a Title I “information service” under the Telecommunications Act in an effort to enable phone companies to block spam; critics argue that the decision gives wireless carriers the ability to censor messages and hike rates.

Privacy

Study Shows Apps Track Every Move: A New York Times investigative report explains how thousands of apps aggregate users’ precise location data – sometimes to within a few yards and updated 14,000 times a day – and sell it to advertisers, retailers, and hedge funds seeking consumer insights; while companies that use location data note that phone users who enable location services consent to their information being collected, critics argue that privacy policies do not adequately explain the extent of tracking.

Senators Introduce Privacy Bill: The proposed Data Care Act would assign online service providers fiduciary-like duties and would require the Federal Trade Commission to draft rules for fining companies that misuse private data; the draft is designed to complement rather than replace other bills recently introduced in Congress to protect consumer privacy.

Information Security and Cyberthreats

Another Google+ Bug: Following an October revelation that a vulnerability exposed profile data from 500,000 Google+ accounts, Google discovered a second bug that affected 52.5 million profiles; as a result, Google announced it will shut down the social media service four months earlier than planned.

Audit Shows Border Officers’ Improper Data Processing: The Department of Homeland Security’s Office of the Inspector General released an audit revealing that U.S. Customs and Border Protection officers recklessly handle the personal data of travelers entering the country; one finding exhibits the agency’s failure to delete data on USB drives after traveler information is uploaded to CBP servers.

Intellectual Property

First Sale Doctrine Doesn’t Protect Digital Music Resale: In Capitol Records LLC v. ReDigi Inc., the Second Circuit ruled that ReDigi, an online marketplace for reselling legally-purchased digital music files, infringed copyright holders’ reproduction rights because ReDigi’s technology created unauthorized new copies of digital files instead of merely transferring existing files to a new user.

Free Expression and Censorship

Google Faces Russian Fine: Russia fined the tech giant 500,000 rubles ($7,530) for failing to comply with a legal requirement that it censor its search results by removing certain entries; the fine comes a month after Moscow opened a civil case against the company for its failure to join a registry showing that it lists Kremlin-banned websites.

Practice Note

Health Tracking Lawsuit Dismissal Affirmed: The Ninth Circuit affirmed dismissal of a suit alleging that Facebook illegally gathered data about user-plaintiffs’ visits to medical websites; the Court found that the users had consented to the tracking and collection by agreeing to Facebook’s privacy policy, and that their browsing history on the medical websites was not so “sensitive” or “qualitatively different” that it fell outside the scope of Facebook’s terms of service.

On The Lighter Side

Bee Backpacks Keep Wearable Tech Buzzing: Researchers at the University of Washington have developed a 102-milligram sensor system that rides on the backs of bumblebees and collects data about temperature, humidity, and light intensity.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: December 7, 2018

Internet Governance

Australia’s New Anti-Encryption Law: Australia passed a bill that will require technology companies to provide law enforcement and security agencies with access to encrypted data, despite criticism that doing so could undermine national security and privacy; Australia is the first nation in the Five Eyes intelligence network—which is comprised of the United States, Canada, Britain, and New Zealand—to force broad access requirements, with fines of up to A$10 million ($7.3 million) for institutions and prison terms for individuals who fail to provide data on suspected illegal activities.

Facebook Cherry-Picked Special Access To Data: Facebook gave favored partners such as Netflix and Airbnb special access to user data, while restricting competitors’ access to its platform, according to internal Facebook documents released by a British parliamentary committee investigating online disinformation; the documents also reveal how Facebook considered restricting app developers’ access to user data unless those developers bought advertising—a policy the company now claims it never enacted.

Privacy

NYPD Unveils New Drone System: The New York Police Department unveiled plans to deploy 14 drones and train 29 officers to operate them, raising concerns about the department’s possible misuse of the devices and growing surveillance capacity; according to police officials, while the drones will be used to monitor large crowds, investigate hazardous waste spills, handle hostage situations, and reach remote areas in crime scenes, they will not be used for routine police patrols or traffic enforcement, will not be weaponized, and will not conduct warrantless surveillance.

Secret Service Tests Facial Recognition At White House: The Secret Service is testing a pilot facial recognition system that matches images of individuals outside the White House with “subjects of interest,” according to a Department of Homeland Security report revealed by the American Civil Liberties Union; while the program is currently limited to trying to match the faces of volunteer staff members, the report acknowledges a privacy risk for members of the public who are inadvertently recorded.

Information Security and Cyberthreats

500 Million Affected In Marriott Data Breach: Hackers breached Marriott’s Starwood hotels reservation system and stole the personal data of up to 500 million guests in an attack that began four years ago; the attack has prompted Senators to call for stronger data security laws and data breach penalties, and Marriott plans to provide customers with free identity theft monitoring and reimburse hack victims for new passports.

NRCC Emails Hacked In 2018 Midterms: The National Republican Congressional Committee (“NRCC”) was hacked during the 2018 midterm election campaigns, exposing thousands of emails from four senior NRCC aides to an unknown entity; neither Senior House Republicans nor rank-and-file members were told of the breach until this week, as the committee opted to withhold information to shield an investigation of the hack and not tip off the culprit.

Intellectual Property

Google Seeks Review Of Spreadsheet Patent Decision: Google petitioned the Federal Circuit for en banc review of an October panel decision finding that an invention for navigating through complex electronic spreadsheets is a patent-eligible improvement; in its petition, Google argued that the technology, which enables electronic tabbing akin to paper tabbing, is directed to an abstract idea and is therefore un-patentable under Alice.

Free Expression and Censorship

Tumblr Bans Porn: Just weeks after it was removed from the iOS App Store over an incident involving child pornography, Tumblr announced that it will permanently ban adult content on its platform starting December 17, 2018; the machine learning technology Tumblr will use to filter prohibited images has been the target of skepticism due to, among other things, its inaccuracy and inability to contextualize images.

On The Lighter Side

New Home of the Whopper? Burger King’s new app uses geofencing technology to offer customers a Whopper for a penny if they order on the app within 600 feet of a McDonald’s.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: November 30, 2018

Internet Governance

DOJ Dismantles Digital Ad Scams: With the help of the FBI, the Department of Homeland Security, and private companies, the Department of Justice indicted eight individuals who are alleged to have created fake internet advertising companies to scam legitimate companies out of a collective $36 million; while three defendants were arrested, five remain at large.

FTC Discusses Holding Tech Companies Accountable: Sitting before the Senate Commerce Consumer Protection Subcommittee, FTC Commissioners would not comment on the agency’s investigation into whether Facebook’s Cambridge Analytica scandal showed that the social network violated a 2011 consent decree; the FTC did state that it lacks sufficient resources to combat data abuse, and as a result often opts for settlement over costly trial.

Ohio Will Accept Bitcoin For Taxes: Despite regulatory concerns around cryptocurrency, Ohio became the first state to accept bitcoin for paying business taxes; the State wants to compete for new businesses and establish itself as the “national and international leader in blockchain technology.”

Privacy

Six Flags Lawsuit Tests Biometric Privacy Law: Illinois’ highest court will determine whether a “person aggrieved” under the State’s Biometric Information Privacy Act must suffer actual harm from the collection of biometric information in violation of the statute, or whether a technical violation alone confers standing to sue.

UK Police Use AI To Predict Crime: A law enforcement software known as the National Data Analytics Solution leverages 1,400 indicators from pooled police data sets across the U.K. and uses machine learning to identify individuals who are on a trajectory toward committing serious violent crimes so they can be offered assistance such as counselling; privacy critics raise concerns about bias reinforcement and the intrusiveness of pre-emptive intervention.

Information Security and Cyberthreats

U.S. Indicts Hackers Behind Nationwide Extortion: The U.S. Treasury Department for the first time added two cryptocurrency wallets to its sanctions list after indicting two Iranian hackers for extorting $6 million from more than 200 victims — including 43 U.S. states — through ransomware software that ordered victims to send money to the bitcoin accounts; one high-profile incident involved an attack on Atlanta that affected major basic municipal functions.

Facebook Faces Vitriol From International Community: At a rare joint hearing with policymakers from nine countries, Facebook was harshly criticized for its inability to stop the spread of fake news; U.K. House of Commons member Damian Collins pointed to documents that allegedly show Facebook was aware of Russia’s malicious involvement with the platform as early as 2014, and suggested that the recently obtained documents will be published “within a week.”

Intellectual Property

Australia Tightens Online Piracy Laws: The Australian parliament passed the Copyright Amendment (Online Infringement) Bill 2018, which, among other things, entitles copyright owners to apply for injunctions that force ISPs to prevent customers from accessing pirate sites and allows ISPs to block mirror and proxy sites without returning to court; the Australian Digital Alliance and other organizations warn that the legislation “removes public interest protections and puts legitimate sites and activities of the public at risk.”

Free Expression and Censorship

Gmail Avoids Gender-Based Pronouns: Gmail stopped its “Smart Compose” text prediction feature, which autosuggests text for Gmail users composing emails, from suggesting gender-based pronouns due to concerns that the technology might perpetuate real-world gender bias.

Practice Note

Ethical Rules Regarding Crowdfunding: The District of Columbia Bar’s Legal Ethics Committee issued an opinion analyzing lawyers’ ethical obligations when clients use crowdfunding to pay for representation, which the opinion concludes vary according to the extent of a lawyer’s involvement in fundraising efforts.

On The Lighter Side

How The Senate Stopped Grinch Bots From Stealing Christmas: Just before the holiday season, Congress members proposed the “Stopping Grinch Bots Act of 2018” to outlaw the use of online shopping bots and the resale of items they purchase.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: November 16, 2018

Internet Governance

DOJ And SEC Subpoena Snap: The DOJ and SEC subpoenaed Snap for information regarding its March 2017 IPO; the subpoena comes in the wake of an ongoing shareholder lawsuit alleging that Snap misled investors by, among other things, failing to disclose a pre-IPO lawsuit claiming that the company had misrepresented user metrics and failing to reveal the effects of competition from Instagram.

Privacy

UK Data Watchdog Monitors DeepMind: The Information Commissioner’s Office will monitor artificial intelligence lab DeepMind’s handoff of its Health unit to Google Health; the reshuffling, which comes as part of an effort to scale DeepMind’s Streams app into an “AI-powered assistant for nurses and doctors everywhere” stokes concerns that Google will now have direct access to National Health Service patients’ records, which ICO determined DeepMind illegally accessed while developing the Streams app last year.

Information Security and Cyberthreats

Bill Cements Cybersecurity Agency In DHS: bill establishing the new Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security heads to President Trump’s desk to be signed into law; the bill also rebrands DHS’s main cybersecurity unit — the National Protection and Programs Directorate — as the Cybersecurity and Infrastructure Protection Agency, solidifying the DHS’s role as the main federal agency overseeing civilian cybersecurity.

Beware Of Fake Bitcoin Giveaways: A number of high-profile, verified Twitter accounts, including Target and Google’s G-Suite, were hacked as part of a fraudulent Bitcoin giveaway that scammed users out of their cryptocurrencies; it is unclear how the scammers gained access to the brands’ accounts, and Twitter is working on counter security measures to prevent further breaches following earlier criticism of its failure to devise a clear defense against this type of incident.

Intellectual Property

YouTube Decries Article 13: CEO Susan Wojcicki argued that the EU’s proposed copyright directive, which would make internet companies responsible for infringement on their platforms, is “unrealistic” because of the technical and financial capabilities required for compliance; the EU will conduct its final vote on the controversial directive in January.

Free Expression and Censorship

France Joins Facebook To Combat Hate Speech: For the first time, the social media giant is allowing a small team of French regulators to monitor its systems for combatting hate speech; the six-month partnership will start in early 2019 and is designed to result in “joint, precise, and concrete” regulatory proposals.

China Deletes Accounts Tied To Independent Media: The Cyberspace Administration of China removed 9,800 social media accounts, including those belonging to independent sources that are not state-registered and produce original content ranging from investigative journalism to celebrity gossip, on the basis that they posted “sensational, vulgar or politically harmful content.”

Practice Note

Patent Assignor Can Challenge Validity In IPR: In Arista Networks, Inc. v. Cisco Sys., Inc., the Federal Circuit recently held that assignor estoppel did not apply to bar a patent assignor from later challenging the assigned patent in an inter partes review proceeding.

On The Lighter Side

Pumping The Breaks On “Teslaquila” Trademark: After Tesla filed a trademark application for “Teslaquila,” Mexico’s Tequila Regulatory Council warned that the name evokes the protected term “Tequila,” and thus the company would have to “associate itself with an authorized tequila producer, comply with certain standards and request authorization from Mexico’s Industrial Property Institute.”


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: November 9, 2018

Internet Governance

Supreme Court Won’t Hear Net Neutrality: The highest court denied certiorari to telecom companies’ challenge to a lower court decision that upheld federal net neutrality rules set during the Obama administration on the basis that the FCC’s repeal of net neutrality made the challenge moot.

Uber Races To Put Autonomous Cars On The Road: More than seven months after a fatal crash involving one of its autonomous vehicles, the ride-hailing company released a voluntary safety report under U.S. Department of Transportation guidelines and has sought permission to resume self-driving car tests in Pennsylvania; safety improvements purportedly include automatic braking that detects objects more quickly and stricter monitoring of safety drivers.

Privacy

Dutch Police Access Encrypted Messages: Law enforcement in the Netherlands stated that a “breakthrough in the interception and decryption of encrypted communication” enabled police to read over 258,000 live messages exchanged between criminals on BlackBox Security’s IronChat, an app “billed as providing end-to-end encryption” that runs on a device costing thousands of dollars; Dutch media reported that a version of IronChat had potentially serious vulnerabilities that allowed the police to break the encryption.

Information Security and Cyberthreats

Facebook Blocks Russian Trolls Ahead Of Midterms: After receiving a tip from the F.B.I., the social network removed more than 100 Facebook and Instagram accounts “due to concerns that they were linked to the Russia-based Internet Research Agency”—the same organization accused of interfering with the 2016 presidential election; the collaboration marks the first time that Facebook publicly acknowledged acting on an influence campaign as a result of intelligence received from a government agency.

Intellectual Property

Google’s Anti-Piracy Measures Pay Off: A new report highlighting the company’s anti-piracy products reveals that YouTube paid $3 billion to copyright owners through Content ID, a system that scans uploads against a database of content owners’ files, detects when an upload uses another person’s intellectual property, and then allows the owner to earn from the upload; Google also reported that it removed 3 billion URLs from Search after releasing a tool that allows copyright owners to report illicit websites, and that it disapproved of 10 million advertisements suspected of linking to infringing websites in 2017.

Free Expression and Censorship

Gab Is Back Online: Social network Gab found a new domain registrar after its prior domain host, GoDaddy, dropped the site following revelations that Pittsburgh synagogue shooter Robert Bowers maintained an anti-Semitic profile on the network; Rob Monster, founder and CEO of Gab’s new domain host Epik.com, wrote that he “did not take the decision lightly,” but believes “de-platforming is digital censorship.”

Chrome 71 To Block Ads: The new browser, due for release in December, will block all website ads that Google classifies as “abusive,” including those that cause the browser to misbehave by generating fake system messages, automatically redirecting users, or attempting to steal personal information; Google will give site owners a thirty-day period to remove the advertisement, and failure to do so will cause Chrome to block every ad on the website. 

Practice Note

Licensing SEPs To Chipmaker Competitors: A California federal judge ruled that Qualcomm must license its standard-essential patents (SEPs) to competing modem-chip sellers, siding with the Federal Trade Commission in its argument that Qualcomm violated its fair, reasonable, and non-discriminatory (FRAND) licensing commitments; the court observed that Qualcomm itself received such licenses to supply components and emphasized in prior litigation that an SEP holder may not discriminate in licensing its SEPs.

On The Lighter Side

AI News Anchors: China’s state-run press agency used footage from humans to generate AI anchors that read the news using synthesized voices.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: November 2, 2018

Internet Governance

UK Proposes Big Tech Tax: Chancellor Philip Hammond proposed a 2% digital services tax on the UK-generated revenues of search engines, social media platforms, and online marketplaces that are profitable and achieve global revenue above £500m per year; U.S. political leaders and business groups expressed concern that the tax proposal may violate tax agreements by targeting U.S. firms, spark U.S. retaliation, and hurt prospects for a U.S.-UK trade deal.

Waymo Takes The Wheel: California granted Waymo, the self-driving car startup of Google parent Alphabet, a first-of-its-kind permit to test fully driverless cars on public roads in the state; while the vehicles may not travel faster than 65 miles per hour, they are allowed to drive in fog and light rain and operate in parts of Mountain View, Sunnyvale, Los Altos, Los Altos Hills, and Palo Alto in Northern California.

Privacy

AI Lie Detector To Question EU Travelers: In an EU-funded six-month pilot program, travelers at border crossing points in Hungary, Latvia, and Greece will be administered an automated lie-detection test by animated AI border agent “iBorderCtrl”; which will ask travelers questions, record the travelers’ faces to analyze micro-gestures, and score each response before either providing a QR code that permits the traveler to pass through the border or directing the traveler to a human agent for further assessment.

Information Security and Cyberthreats

Aerospace Companies Hacked By Chinese Spies: The Justice Department charged two Chinese Ministry of State Security officers, six hackers, and two aerospace company insiders for allegedly leading a five-year operation to steal the technology behind a turbofan engine used in commercial airliners by hacking U.S. and French aerospace companies using malware and spear fishing techniques.

White House Monitors Foreign Election Interference: The FBI, the Justice Department, and the Department of Homeland Security are working with the National Security Council to monitor possible foreign interference in next week’s congressional elections, and will sanction any company or individual found to interfere through hacking or disinformation efforts; the Justice Department will also launch an “election interference command post” to help the FBI rapidly communicate with its different field offices around the country on election day.

Intellectual Property

The Right to Repair: The U.S. Copyright Office carved out new exemptions to the Digital Millennium Copyright Act that allow for the lawful circumvention of digital locks on voice assistants, tablets, smartphones, and vehicles so that consumers and third-parties acting on their behalf may repair such devices without violating copyright law.

Free Expression and Censorship

Twitter Reverses On Pipe Bomber’s Tweets: The social media platform apologized for denying a user’s request to address Cesar Sayoc Jr.’s threatening tweets weeks before he was charged with sending explosive devices to prominent critics of President Trump; other platforms continue to face backlash for not adequately monitoring hate speech, including Instagram for its initial refusal to remove content about Sayoc before reversing course due to public outcry.

Practice Note

Major Case Law Project Unveiled: In an effort to make a complete, searchable database of state and federal cases free on the Internet, Harvard Law launched the Caselaw Access Project with nearly 6.5 million decisions; while the primary documents have always been in the public domain, the project makes them accessible to anyone with Internet connection.

On The Lighter Side

Art Is In The AI Of The Beholder: An AI-generated painting recently fetched $432,500 at a Christie’s auction.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: October 26, 2018

Internet Governance

E-Scooter Companies Sued For Negligence: California residents filed a proposed class action lawsuit alleging that electric scooter companies are liable for personal injury and property damage caused by e-scooters; the plaintiffs’ lawyer argues that the companies’ user agreements, which preclude riders from bringing class action lawsuits and suing for negligence, are “draconian.”

White House Seeks Tech Support:  The Trump Administration met with tech companies to discuss ways to enable workers to take leaves to work on government projects, including modernizing state and federal agencies; the conversation took place amid worker protests against tech industry involvement with government initiatives in areas such as artificial-intelligence-powered drone attacks and facial recognition technology.

Privacy

Location, Location, Location: Facebook and Google users who opted out of location tracking filed separate proposed class-action lawsuits against the two companies, alleging that each deceptively collected and sold the users’ location information despite their opt-out; the allegations arise in the wake of a recent University of Oxford study placing Google and Facebook atop the list of third-party data trackers.

Apple Calls For Stronger Privacy: In his keynote speech at the 40th International Conference of Data Protection and Privacy Commissioners, Apple CEO Tim Cook criticized business models that unethically profit from privacy invasion, applauded international reforms such as the GDPR, and voiced support for a comprehensive federal U.S. privacy law that would prioritize data minimization, transparency, a right to access, and a right to security; the speech followed Apple’s recent policy adjustments designed to give consumers more control over their privacy.

Information Security and Cyberthreats

U.S. Charges Russian Troll: The Department of Justice formally charged a Russian woman who is a part of the Internet Research Agency — the same group that Special Counsel Robert Mueller indicted earlier this year for its involvement in the 2016 presidential election — for overseeing a social media effort to influence the upcoming U.S. midterm elections; the U.S. Cyber Command, the military wing tasked with overseeing offensive cyber operations, subsequently announced its plan to warn known Russian operatives spreading fake news that they are being watched.

Intellectual Property

Georgia Can’t Copyright Code Annotations: The Eleventh Circuit ruled that the State of Georgia cannot claim copyright ownership over its annotated code—the only official version of the state’s laws—and thus found against Georgia’s Code Revision Commission in its copyright infringement suit against an organization that purchased the code and made it publicly available online; the Court reasoned that while annotations do not carry the weight of the law, the legislature chose “to make them an integral part of the official codification of Georgia’s laws,” resulting in work that is “intrinsically public domain material, belonging to the People, and, as such, [ ] free for publication by all.”

Free Expression and Censorship

Crackdown On Brazil Spam Network: Facebook removed 68 pages and 43 accounts associated with Raposo Fernandes Associados, a marketing group supporting far-right presidential candidate Jair Bolsonaro, for violating the social network’s misrepresentation and spam policies by using fake or duplicative accounts and by posting clickbait intended to direct users to third-party websites; Facebook-owned WhatsApp also banned more than 100,000 accounts used by Bolsonaro’s supporters to send bulk messaging during the campaign.

China Drafts Blockchain Regulation: The Cyberspace Administration, China’s top-level internet censorship agency, published and is seeking public feedback on a draft policy for regulating blockchain-related service providers; blockchain technology has been used in the past to bypass China’s internet censorship, but the proposed rules would require blockchain service providers to enforce know-your-customer measures by collecting certain user information and sharing it with law enforcement as requested.

Practice Note

Foreign Trademark Filers May Need U.S. Lawyer: The Patent and Trademark Office (“PTO”) is working on a new rule that would require foreign trademark applicants to be represented by U.S. attorneys; the rule could take effect by July 2019, as the PTO plans to issue a proposal in November and seek comment until February 2019.

On The Lighter Side

Virtual Reality Makes Food Taste Better: A study by Cornell University food scientists found that cheese eaten in pleasant VR settings was perceived to taste better than the same cheese eaten in a bleak sensory booth.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: October 19, 2018

Internet Governance

FCC Makes Case For Net Neutrality Repeal: The Federal Communications Commission filed a brief with the U.S. Court of Appeals for the D.C. Circuit to defend its recent repeal of the 2015 net neutrality rules, marking its first move to defend a challenge by 22 states, consumer advocates, and technology companies that contend the repeal was arbitrary and capricious; the brief argues that the agency acted within its discretion in rolling back the rules and presents evidence that the rules stifled investment in broadband networks.

SEC Warning:  The Securities and Exchange Commission issued an investigative report warning that public companies’ failure to consider cyber threats in their internal accounting controls may violate federal law; the report stems from the SEC’s investigation of nine companies victimized by “business email compromise” frauds, in which cyber criminals pose as company executives to deceive employees into sending company funds to bank accounts controlled by the hackers.

Privacy

TSA Unveils Biometrics Roadmap: The Transportation Security Administration published a roadmap for expanding the use of biometrics in airports across the country to strengthen security and improve the travel experience; while the roadmap only hints at addressing privacy issues in later studies, the Administration plans to begin working with U.S. Customs and Border Protection on biometric security for international travel, put biometric technology into use for TSA PreCheck  travelers, and eventually use biometric data for screening at airport security checkpoints.

Anthem Pays Record $16 Million Settlement: Anthem agreed to pay a record $16 million to the Department of Health and Human Services and Office for Civil Rights to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules after a series of cyberattacks led to the largest health data breach in history and exposed the electronic health information — including names, birth dates, Social Security numbers, and medical IDs — of nearly 79 million people in 2015; Anthem also agreed to take corrective steps to comply with HIPAA, including assessing its electronic security risks, taking appropriate countermeasures, and maintaining surveillance.

Information Security and Cyberthreats

Penta-gone! 30,000 Personal Records Swiped: The Pentagon announced that a cyber breach at an unnamed contractor that maintains the Defense Department’s travel records compromised the personal information and credit card data of nearly 30,000 U.S. military and civilian staffers; the Department is unsure about when the initial breach occurred, and a Pentagon spokesperson stated that the Department will “continue to assess the risk of harm and will ensure notifications are made to impacted personnel whose PII may have been compromised.”

Intellectual Property

Facebook Demotes Inauthentic Content: Facebook is displaying articles that are stolen and republished with little or no modification less prominently; the new Publisher Guidelines will hopefully curtail copyright infringement by reducing the illicit websites’ referral traffic and ad revenue, and thus discourage content misappropriation.

Free Expression and Censorship

Google Confirms Censored Search Engine For China: CEO Sundar Pichai confirmed that Google will launch a search engine that automatically removes websites banned by the Chinese government from search results; in response to backlash from constituents such as Google employees and the U.S government, Pichai defended the project by arguing it could provide “information better than what’s available” to people in China presently.

Wikimedia Warns Of Stifled Criticism: TVEyes, a service that records television content and compiles it into a searchable database of 10-minute clips, filed a petition for Supreme Court review after the Second Circuit rejected TVEyes’s fair use argument and upheld Fox News’s copyright infringement claims; an amicus brief filed by the Wikimedia Foundation argues that the ruling permits copyright owners to “stifle criticism and undermines established fair use principles that are vital for media commentary.”

Practice Note

ABA Issues Opinion On Lawyers’ Obligation After Data Breach: The ABA issued a formal opinion that addresses a lawyer’s duty in the event of a data breach that destroys or discloses client confidences; the opinion only provides guidance for the breach of client data, not other data breaches that may also require action on the part of an attorney or firm.

On The Lighter Side

MIT Will Open College Of Computing: As pressure mounts on the U.S. to stay competitive in the global AI race, MIT is opening a college of computing that will focus on educating a new generation of artificial intelligence experts; the training will also bridge the talent gap in the AI hiring pipeline for human-powered industries such as customer service and trucking.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Subrina Chowdhury
Tommine McCarthy
Editorial Fellows, Fordham CLIP

CLIP-ings: October 12, 2018

Internet Governance

Google Won’t Bid on Pentagon Contract: Google will not submit a proposal for the Joint Enterprise Defense Infrastructure (“JEDI”), an estimated $10 billion contract designed to accelerate the Defense Department’s cloud computing capabilities, because JEDI does not align with the tech giant’s AI principles prohibiting the use of AI in weaponry; additionally, Google disagrees with the government’s decision to choose one vendor instead of adopting “a multi-cloud approach.”

Introducing the “Internet Bill of Rights”:  Democratic representative Ro Khanna of California has worked with think tanks, big tech companies, and government IT pros to devise ten consumer data privacy principles that he hopes will be passed into law; the list includes protecting net neutrality, ensuring consumer choice for ISPs, offering greater transparency on how data is collected, and notifying consumers in a timely manner when personal data has been hacked.

Privacy

UK Court Blocks Privacy Suit Against Google: The UK High Court dismissed an estimated £3 billion class action lawsuit against Google alleging that the tech giant harvested personal data from Safari users without their permission through tracking cookies; although the Court deemed Google’s behavior “wrongful, and a breach of duty,” it nevertheless found that the claimants “had not suffered damage” and did not share the “same interest,” as required by UK law.

Amazon Fires Employee for Selling Emails: Weeks after confirming that marketplace sellers bribed Amazon employees to delete negative reviews or share users’ proprietary information, the company fired an employee who sold customer email addresses to a third-party seller; with customer email addresses, marketplace sellers can gain a competitive edge by directly asking customers to change or remove negative reviews, which is a violation of Amazon’s policy.

Information Security and Cyberthreats

U.S. Telecom Discovers Manipulated Hardware: Following an earlier report that China infiltrated a Supermicro factory to install chips on motherboards used in Apple and Amazon servers, Bloomberg issued a second report claiming that an unnamed U.S. telecom discovered that hardware used in its datacenter had been “manipulated” by an implant designed to “conduct covert surveillance and exfiltrate corporate or government secrets.”

Google Plus Shuts Down After Breach: Google announced its plan to shut down Google Plus after discovering a bug that made available to third-party developers information from over 500,000 accounts, including users’ occupation, gender, and email address; Google defended its decision not to announce the discovery in March—the same month that the Facebook Cambridge Analytica scandal came to light—on the basis that there was no evidence of data misuse. 

Intellectual Property

Microsoft Adds 60,000 Patents to OIN: After joining the anti-patent-trolling group LOT Network last week, Microsoft announced it is also joining the Open Invention Network (“OIN”), an open-source patent group designed to protect Linux and other open-source software from patent-related suits; while 60,000 of Microsoft’s patents will be open-source and available to OIN members, Windows desktop and desktop application code will not be available.

Free Expression and Censorship

Wikipedia Bans Breitbart: Wikipedia editors voted to ban use of the far-right media outlet as a source of fact in articles “due to its unreliability;” Wikipedia editors similarly decided that the “use of InfoWars as a reference should be generally prohibited.

Practice Note

European Union IP Customs Plan: Concerned by the influx of counterfeit and pirated goods into Europe, the Council of Ministers endorsed a proposed new European Union Customs Action Plan to combat intellectual property rights infringement; the plan outlines “an exchange of best practices on the customs follow-up of internet trade” between the European Commission and EU member states and claims that blockchain could be used to effectuate that purpose.

On The Lighter Side

Sue Anyone at the Touch of a Button: The AI-powered “robot lawyer” chatbot DoNotPay has a new iOS app that could help you “sue anyone” simply by pressing a button.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Subrina Chowdhury
Tommine McCarthy
Editorial Fellows, Fordham CLIP

CLIP-ings: October 5, 2018

Internet Governance

California Sued Over Net Neutrality: Internet, cable, and wireless providers filed a federal lawsuit seeking to block California’s new statute mandating net neutrality rules, following a separate lawsuit filed by the Department of Justice; the lawsuit alleges California’s law is a “classic example of unconstitutional state regulation” and urges the court to block the legislation before it takes effect on January 1.

Amazon Raises Minimum Wage: Following months of public criticism about its labor practices, Amazon announced it will begin paying all U.S. employees, including part-time, seasonal, and temporary workers, at least $15 an hour and all U.K. employees at least £9.50; Amazon also revealed that it will begin lobbying Congress to raise the federal minimum wage, which has been set at $7.25 for almost a decade.

Privacy

EU Enforcement Can Access Telecom Data: The European Court of Justice ruled that national law enforcement authorities may access individuals’ basic information, such as addresses and phone numbers, held by telecommunication companies when investigating minor criminal offenses so long as the data-gathering does not seriously infringe their privacy rights; the decision arises as the court is dealing with several privacy disputes, including efforts to extend the “Right to be Forgotten” worldwide and upcoming hearings related to the legality of the EU-U.S. Privacy Shield.

Suspect Unlocks iPhone With Face: In what may be a world first, the FBI forced a suspect to unlock his iPhone X using Apple’s Face ID feature and searched photos and chats on the iPhone, allegedly finding material and conversations associated with child pornography; while courts ruled that there is a difference between a facial or fingerprint recognition system and a passcode typed into a phone, the case raises an interesting legal question of whether a person can be compelled to unlock his or her phone by looking at it.

Information Security and Cyberthreats

Sentenced for ATM “Jackpotting”: A federal judge sentenced a man from Springfield, Massachusetts to twelve months and one day of imprisonment for his role in an ATM “jackpotting” scheme, marking the first time someone in the U.S. is imprisoned for this form of ATM hacking; according to the Department of Justice, the hackers dressed as legitimate repair technicians to install malware on an ATM while others used the malware to extract the cash.

Irish Regulator Opens Facebook Investigation: The Irish Data Protection Commissioner commenced an investigation into a massive cyberattack that allowed hackers access to more than 50 million accounts, potentially costing Facebook more than $1.63 billion in fines; the investigation will examine “Facebook’s compliance with its obligation under the GDPR to implement appropriate technical and organizational measures to ensure the security and safeguarding of the personal data it processes.”

Intellectual Property

Vigilante Prevents Waymo Patent: Eric Swildens, an engineer with no connection to the self-driving industry, spent $6,000 of his own funds to successfully argue that the lidar circuit in Waymo’s patent already existed, causing the US Patent and Trademark Office to deny 53 of out Waymo’s 56 claims; the same patent was at issue in Waymo’s lawsuit against Uber in December 2016, which resulted in Uber agreeing to redesign its lidar instrument and give Waymo $254 million worth of equity, a resolution that now seems unnecessary.

Groupon Settles IBM Patent Infringement Claim:  Having previously argued in court that some of IBM’s patents involving pre-internet technology from the 1980s are outdated, Groupon agreed to pay $57 million to settle IBM’s infringement claims and entered into a long-term cross-licensing deal; IBM, which maintains over 45,000 technology patents, previously litigated patent infringement suits against titans such as Twitter, Amazon, and Expedia.

Free Expression and Censorship

Alphabet Takes on DNS Manipulation: Jigsaw, an Alphabet incubator tasked with addressing global security challenges, developed a tool called Intra that defends Android users against attacks on free speech by encrypting connection to the DNS server and pointing to Google’s own DNS servers, which prevents authoritarian governments from denying access to information deemed off-limits;  DNS manipulation is widespread with more than 60 countries, including Iran, China, and Turkey censoring parts of the Internet.

Infowars Publisher Sues PayPal: After PayPal banned his account for violating its policy against promoting hate and discriminatory intolerance in September, Alex Jones, publisher of Infowars, sued the digital payment platform, complaining of “viewpoint discrimination” against political conservatives that permeates technology companies; PayPal spokesperson, Kim Eichorn, responded, “PayPal believes the claims in the complaint are without merit.”

Practice Note

California Overhauls Ethics Rules: California’s ethics rules will be in-line with the ABA Model Rules of Professional Conduct starting November 1, which means all U.S. states will track the Model Rules; Dennis Rendleman, lead senior counsel for ethics for the ABA’s Center for Professional Responsibility, in reflecting on lawyers’ increasingly multi-jurisdictional practice, stated, “It’s better for the rules to be consistent from state to state … [s]o the development in California, which of course is one of the largest economies in the country, is a positive development.”

On The Lighter Side

9 Million Wikipedia Links Rescued: Internet Archive, a nonprofit digital library, reinstated 9 million previously broken Wikipedia links and intends on continuing its efforts with Wikipedia as well as other media such as e-books and academic papers; replacing broken links with their archived versions boosts the credibility of Wikipedia, preserves internet history, and expands access to original sources.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Subrina Chowdhury
Tommine McCarthy
Editorial Fellows, Fordham CLIP