CLIP-ings: January 11, 2019

Internet Governance

Deciding The Scope Of The “Right To Be Forgotten”: An advocate general for the European Court of Justice argued that Google and other search engines should not be forced to apply the “right to be forgotten” outside the European Union due to the risk that “other jurisdictions could use their laws to block information from being accessible within the EU”; a final ruling is expected to be reached in the coming months from the court, which typically follows the advocate general’s opinion.

LA Sues Weather Channel App Owner: The Los Angeles City Attorney filed a lawsuit against the Weather Company, the company behind the popular Weather Channel app, claiming the app deceptively collected, shared, and profited from selling millions of users’ location information; the lawsuit claims the app unfairly manipulated users by failing to disclose that their data would be shared for commercial purposes, such as targeting marketing and analysis by hedge funds.

Privacy

Senators Call On FCC To Investigate Telecoms: Senators are calling on the FCC to investigate telecommunications companies like T-Mobile, AT&T, and Sprint after a Motherboard story revealed that the major mobile carriers are selling customer location data to third parties, which then offer the sensitive information to bounty hunters and others not authorized to handle the data; some senators are also demanding regulation that would prevent unauthorized use and sale of phone location data and ensure that customers are properly informed about how their data is sold.

Information Security and Cyberthreats

Student Confesses To German Data Leak: A 20-year old German student reportedly confessed to exposing the personal details of Chancellor Angela Merkel and hundreds of Germany’s politicians, journalists, and entertainers last month; the student published the individuals’ contact information and personal details —including bank account statements, photos, and chat records — on his Twitter account because he was “angry with the public statements” made by his targets.

Intellectual Property

Potential Rise In Copyright Infringement Suit Costs: Filing a copyright infringement suit could become more expensive for creators if the Supreme Court, after hearing arguments in Fourth Estate Public Benefit Corp. v. Wall-Street.com this week, finds that creators must first obtain approval of their copyright registration.

Free Expression and Censorship

Politicians’ Page Ruled A Public Forum: The U.S. Court of Appeals for the Fourth Circuit upheld a 2017 district court decision finding that the Loudoun County, Virginia, Board of Supervisors chair violated the First Amendment rights of a Facebook user who criticized board members and their relatives by banning him for 12 hours from her Facebook page.

On The Lighter Side

Older Users More Likely To Share Hoaxes: A study conducted by researchers at New York University and Princeton University reveals that Facebook users over the age of 65 were more likely to have shared fake news stories during the 2016 presidential campaign than users in any other age group.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: January 4, 2019

Internet Governance

Arizona Residents Resist Waymo: A New York Times report details how members of the Chandler community—a testing site for Waymo’s autonomous vehicles—displayed hostility towards the company in at least 21 incidents since 2017, including by slashing tires and threatening backup drivers with weapons; Waymo has chosen not to prosecute the assailants.

NYPD Planned To Use Drones On New Year’s Eve: Although thwarted at the last minute by rain, the New York Police Department intended to use drones during the New Year’s Eve celebration in Times Square as part of a larger drone program unveiled last month.

Privacy

Court Dismisses Biometric Lawsuit Against Google: After finding that the plaintiff did not suffer “concrete injuries,” a federal court dismissed a lawsuit alleging that Google’s extraction of “face templates” from images uploaded to its cloud-based photo service violated the Illinois Biometric Information Privacy Act; the plaintiff argued that she did not upload the images of herself and thus did not consent to Google’s collection, storage, or use of her biometric data.

Tracking Devices Installed In Chinese Student Uniforms: Students in certain Chinese schools are required to wear uniforms that track their whereabouts; while a state-run Chinese newspaper describes the rule as an effort to promote attendance, critics raise concern that the uniforms allow authorities to track the students’ locations outside of school.

Information Security and Cyberthreats

Terrorists Control Idle Twitter Accounts: Due to a decade-old security flaw, hackers from terrorist groups have been able to hack and post propaganda from dormant accounts by resetting the accounts’ passwords using new email addresses created based on the now-expired or otherwise nonexistent addresses used to initially set up the Twitter handles; Twitter partially directs the blame at email providers that recycle deactivated email addresses.

Unknown Hackers Delay Newspaper Delivery: A strain of malware infected several U.S. newspapers owned by Tribune Publishing—including the LA Times and west coast versions of the New York Times and Wall Street Journal—and delayed their publication and delivery; the motive and source have not been determined.

Intellectual Property

Williams-Sonoma v. Amazon: Williams-Sonoma filed a trademark and design patent infringement lawsuit against Amazon for selling unauthorized Williams-Sonoma merchandise on its website and misrepresenting itself as an authorized seller of the company’s products; the home goods retailer also argued Amazon “unfairly and deceptively engaged in a widespread campaign of copying” designs of its West Elm furniture for Amazon’s own furniture line, Rivet.

Free Expression and Censorship

Netflix Removed Comedy Episode After Saudi Demand: Netflix removed an episode of its show “Patriot Act With Hasan Minhaj” from streaming in Saudi Arabia after the country claimed that the episode violated its anti-cyber crime law barring content that threatens “public order, religious values, public morals, and privacy”; the episode is critical of the United States’ relationship with the Saudi government due to the country’s involvement in the murder of journalist Jamal Khashoggi and the war in Yemen.

Tech Companies Not Responsible For San Bernardino Shooting: A federal judge in San Francisco dismissed a lawsuit seeking to hold Facebook, Google, and Twitter liable to victims of the 2015 mass shooting in San Bernardino, California, on the basis that the attack was not a direct result of the tech companies’ permitting terrorist groups to use their platforms; the judge also found the companies not liable for aiding and abetting terrorism under the 2016 Justice Against Sponsors of Terrorism Act because they were only “generally aware” that terrorists groups have used their services.

On The Lighter Side

AI Stops Wildlife Poachers: Non-profit group Resolve created a pencil-sized, AI-equipped camera to detect animals, humans, and vehicles in real-time, allowing park rangers to detect and stop poachers in Africa before it’s too late.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: December 7, 2018

Internet Governance

Australia’s New Anti-Encryption Law: Australia passed a bill that will require technology companies to provide law enforcement and security agencies with access to encrypted data, despite criticism that doing so could undermine national security and privacy; Australia is the first nation in the Five Eyes intelligence network—which is comprised of the United States, Canada, Britain, and New Zealand—to force broad access requirements, with fines of up to A$10 million ($7.3 million) for institutions and prison terms for individuals who fail to provide data on suspected illegal activities.

Facebook Cherry-Picked Special Access To Data: Facebook gave favored partners such as Netflix and Airbnb special access to user data, while restricting competitors’ access to its platform, according to internal Facebook documents released by a British parliamentary committee investigating online disinformation; the documents also reveal how Facebook considered restricting app developers’ access to user data unless those developers bought advertising—a policy the company now claims it never enacted.

Privacy

NYPD Unveils New Drone System: The New York Police Department unveiled plans to deploy 14 drones and train 29 officers to operate them, raising concerns about the department’s possible misuse of the devices and growing surveillance capacity; according to police officials, while the drones will be used to monitor large crowds, investigate hazardous waste spills, handle hostage situations, and reach remote areas in crime scenes, they will not be used for routine police patrols or traffic enforcement, will not be weaponized, and will not conduct warrantless surveillance.

Secret Service Tests Facial Recognition At White House: The Secret Service is testing a pilot facial recognition system that matches images of individuals outside the White House with “subjects of interest,” according to a Department of Homeland Security report revealed by the American Civil Liberties Union; while the program is currently limited to trying to match the faces of volunteer staff members, the report acknowledges a privacy risk for members of the public who are inadvertently recorded.

Information Security and Cyberthreats

500 Million Affected In Marriott Data Breach: Hackers breached Marriott’s Starwood hotels reservation system and stole the personal data of up to 500 million guests in an attack that began four years ago; the attack has prompted Senators to call for stronger data security laws and data breach penalties, and Marriott plans to provide customers with free identity theft monitoring and reimburse hack victims for new passports.

NRCC Emails Hacked In 2018 Midterms: The National Republican Congressional Committee (“NRCC”) was hacked during the 2018 midterm election campaigns, exposing thousands of emails from four senior NRCC aides to an unknown entity; neither Senior House Republicans nor rank-and-file members were told of the breach until this week, as the committee opted to withhold information to shield an investigation of the hack and not tip off the culprit.

Intellectual Property

Google Seeks Review Of Spreadsheet Patent Decision: Google petitioned the Federal Circuit for en banc review of an October panel decision finding that an invention for navigating through complex electronic spreadsheets is a patent-eligible improvement; in its petition, Google argued that the technology, which enables electronic tabbing akin to paper tabbing, is directed to an abstract idea and is therefore un-patentable under Alice.

Free Expression and Censorship

Tumblr Bans Porn: Just weeks after it was removed from the iOS App Store over an incident involving child pornography, Tumblr announced that it will permanently ban adult content on its platform starting December 17, 2018; the machine learning technology Tumblr will use to filter prohibited images has been the target of skepticism due to, among other things, its inaccuracy and inability to contextualize images.

On The Lighter Side

New Home of the Whopper? Burger King’s new app uses geofencing technology to offer customers a Whopper for a penny if they order on the app within 600 feet of a McDonald’s.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: November 30, 2018

Internet Governance

DOJ Dismantles Digital Ad Scams: With the help of the FBI, the Department of Homeland Security, and private companies, the Department of Justice indicted eight individuals who are alleged to have created fake internet advertising companies to scam legitimate companies out of a collective $36 million; while three defendants were arrested, five remain at large.

FTC Discusses Holding Tech Companies Accountable: Sitting before the Senate Commerce Consumer Protection Subcommittee, FTC Commissioners would not comment on the agency’s investigation into whether Facebook’s Cambridge Analytica scandal showed that the social network violated a 2011 consent decree; the FTC did state that it lacks sufficient resources to combat data abuse, and as a result often opts for settlement over costly trial.

Ohio Will Accept Bitcoin For Taxes: Despite regulatory concerns around cryptocurrency, Ohio became the first state to accept bitcoin for paying business taxes; the State wants to compete for new businesses and establish itself as the “national and international leader in blockchain technology.”

Privacy

Six Flags Lawsuit Tests Biometric Privacy Law: Illinois’ highest court will determine whether a “person aggrieved” under the State’s Biometric Information Privacy Act must suffer actual harm from the collection of biometric information in violation of the statute, or whether a technical violation alone confers standing to sue.

UK Police Use AI To Predict Crime: A law enforcement software known as the National Data Analytics Solution leverages 1,400 indicators from pooled police data sets across the U.K. and uses machine learning to identify individuals who are on a trajectory toward committing serious violent crimes so they can be offered assistance such as counselling; privacy critics raise concerns about bias reinforcement and the intrusiveness of pre-emptive intervention.

Information Security and Cyberthreats

U.S. Indicts Hackers Behind Nationwide Extortion: The U.S. Treasury Department for the first time added two cryptocurrency wallets to its sanctions list after indicting two Iranian hackers for extorting $6 million from more than 200 victims — including 43 U.S. states — through ransomware software that ordered victims to send money to the bitcoin accounts; one high-profile incident involved an attack on Atlanta that affected major basic municipal functions.

Facebook Faces Vitriol From International Community: At a rare joint hearing with policymakers from nine countries, Facebook was harshly criticized for its inability to stop the spread of fake news; U.K. House of Commons member Damian Collins pointed to documents that allegedly show Facebook was aware of Russia’s malicious involvement with the platform as early as 2014, and suggested that the recently obtained documents will be published “within a week.”

Intellectual Property

Australia Tightens Online Piracy Laws: The Australian parliament passed the Copyright Amendment (Online Infringement) Bill 2018, which, among other things, entitles copyright owners to apply for injunctions that force ISPs to prevent customers from accessing pirate sites and allows ISPs to block mirror and proxy sites without returning to court; the Australian Digital Alliance and other organizations warn that the legislation “removes public interest protections and puts legitimate sites and activities of the public at risk.”

Free Expression and Censorship

Gmail Avoids Gender-Based Pronouns: Gmail stopped its “Smart Compose” text prediction feature, which autosuggests text for Gmail users composing emails, from suggesting gender-based pronouns due to concerns that the technology might perpetuate real-world gender bias.

Practice Note

Ethical Rules Regarding Crowdfunding: The District of Columbia Bar’s Legal Ethics Committee issued an opinion analyzing lawyers’ ethical obligations when clients use crowdfunding to pay for representation, which the opinion concludes vary according to the extent of a lawyer’s involvement in fundraising efforts.

On The Lighter Side

How The Senate Stopped Grinch Bots From Stealing Christmas: Just before the holiday season, Congress members proposed the “Stopping Grinch Bots Act of 2018” to outlaw the use of online shopping bots and the resale of items they purchase.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: November 9, 2018

Internet Governance

Supreme Court Won’t Hear Net Neutrality: The highest court denied certiorari to telecom companies’ challenge to a lower court decision that upheld federal net neutrality rules set during the Obama administration on the basis that the FCC’s repeal of net neutrality made the challenge moot.

Uber Races To Put Autonomous Cars On The Road: More than seven months after a fatal crash involving one of its autonomous vehicles, the ride-hailing company released a voluntary safety report under U.S. Department of Transportation guidelines and has sought permission to resume self-driving car tests in Pennsylvania; safety improvements purportedly include automatic braking that detects objects more quickly and stricter monitoring of safety drivers.

Privacy

Dutch Police Access Encrypted Messages: Law enforcement in the Netherlands stated that a “breakthrough in the interception and decryption of encrypted communication” enabled police to read over 258,000 live messages exchanged between criminals on BlackBox Security’s IronChat, an app “billed as providing end-to-end encryption” that runs on a device costing thousands of dollars; Dutch media reported that a version of IronChat had potentially serious vulnerabilities that allowed the police to break the encryption.

Information Security and Cyberthreats

Facebook Blocks Russian Trolls Ahead Of Midterms: After receiving a tip from the F.B.I., the social network removed more than 100 Facebook and Instagram accounts “due to concerns that they were linked to the Russia-based Internet Research Agency”—the same organization accused of interfering with the 2016 presidential election; the collaboration marks the first time that Facebook publicly acknowledged acting on an influence campaign as a result of intelligence received from a government agency.

Intellectual Property

Google’s Anti-Piracy Measures Pay Off: A new report highlighting the company’s anti-piracy products reveals that YouTube paid $3 billion to copyright owners through Content ID, a system that scans uploads against a database of content owners’ files, detects when an upload uses another person’s intellectual property, and then allows the owner to earn from the upload; Google also reported that it removed 3 billion URLs from Search after releasing a tool that allows copyright owners to report illicit websites, and that it disapproved of 10 million advertisements suspected of linking to infringing websites in 2017.

Free Expression and Censorship

Gab Is Back Online: Social network Gab found a new domain registrar after its prior domain host, GoDaddy, dropped the site following revelations that Pittsburgh synagogue shooter Robert Bowers maintained an anti-Semitic profile on the network; Rob Monster, founder and CEO of Gab’s new domain host Epik.com, wrote that he “did not take the decision lightly,” but believes “de-platforming is digital censorship.”

Chrome 71 To Block Ads: The new browser, due for release in December, will block all website ads that Google classifies as “abusive,” including those that cause the browser to misbehave by generating fake system messages, automatically redirecting users, or attempting to steal personal information; Google will give site owners a thirty-day period to remove the advertisement, and failure to do so will cause Chrome to block every ad on the website. 

Practice Note

Licensing SEPs To Chipmaker Competitors: A California federal judge ruled that Qualcomm must license its standard-essential patents (SEPs) to competing modem-chip sellers, siding with the Federal Trade Commission in its argument that Qualcomm violated its fair, reasonable, and non-discriminatory (FRAND) licensing commitments; the court observed that Qualcomm itself received such licenses to supply components and emphasized in prior litigation that an SEP holder may not discriminate in licensing its SEPs.

On The Lighter Side

AI News Anchors: China’s state-run press agency used footage from humans to generate AI anchors that read the news using synthesized voices.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: October 26, 2018

Internet Governance

E-Scooter Companies Sued For Negligence: California residents filed a proposed class action lawsuit alleging that electric scooter companies are liable for personal injury and property damage caused by e-scooters; the plaintiffs’ lawyer argues that the companies’ user agreements, which preclude riders from bringing class action lawsuits and suing for negligence, are “draconian.”

White House Seeks Tech Support:  The Trump Administration met with tech companies to discuss ways to enable workers to take leaves to work on government projects, including modernizing state and federal agencies; the conversation took place amid worker protests against tech industry involvement with government initiatives in areas such as artificial-intelligence-powered drone attacks and facial recognition technology.

Privacy

Location, Location, Location: Facebook and Google users who opted out of location tracking filed separate proposed class-action lawsuits against the two companies, alleging that each deceptively collected and sold the users’ location information despite their opt-out; the allegations arise in the wake of a recent University of Oxford study placing Google and Facebook atop the list of third-party data trackers.

Apple Calls For Stronger Privacy: In his keynote speech at the 40th International Conference of Data Protection and Privacy Commissioners, Apple CEO Tim Cook criticized business models that unethically profit from privacy invasion, applauded international reforms such as the GDPR, and voiced support for a comprehensive federal U.S. privacy law that would prioritize data minimization, transparency, a right to access, and a right to security; the speech followed Apple’s recent policy adjustments designed to give consumers more control over their privacy.

Information Security and Cyberthreats

U.S. Charges Russian Troll: The Department of Justice formally charged a Russian woman who is a part of the Internet Research Agency — the same group that Special Counsel Robert Mueller indicted earlier this year for its involvement in the 2016 presidential election — for overseeing a social media effort to influence the upcoming U.S. midterm elections; the U.S. Cyber Command, the military wing tasked with overseeing offensive cyber operations, subsequently announced its plan to warn known Russian operatives spreading fake news that they are being watched.

Intellectual Property

Georgia Can’t Copyright Code Annotations: The Eleventh Circuit ruled that the State of Georgia cannot claim copyright ownership over its annotated code—the only official version of the state’s laws—and thus found against Georgia’s Code Revision Commission in its copyright infringement suit against an organization that purchased the code and made it publicly available online; the Court reasoned that while annotations do not carry the weight of the law, the legislature chose “to make them an integral part of the official codification of Georgia’s laws,” resulting in work that is “intrinsically public domain material, belonging to the People, and, as such, [ ] free for publication by all.”

Free Expression and Censorship

Crackdown On Brazil Spam Network: Facebook removed 68 pages and 43 accounts associated with Raposo Fernandes Associados, a marketing group supporting far-right presidential candidate Jair Bolsonaro, for violating the social network’s misrepresentation and spam policies by using fake or duplicative accounts and by posting clickbait intended to direct users to third-party websites; Facebook-owned WhatsApp also banned more than 100,000 accounts used by Bolsonaro’s supporters to send bulk messaging during the campaign.

China Drafts Blockchain Regulation: The Cyberspace Administration, China’s top-level internet censorship agency, published and is seeking public feedback on a draft policy for regulating blockchain-related service providers; blockchain technology has been used in the past to bypass China’s internet censorship, but the proposed rules would require blockchain service providers to enforce know-your-customer measures by collecting certain user information and sharing it with law enforcement as requested.

Practice Note

Foreign Trademark Filers May Need U.S. Lawyer: The Patent and Trademark Office (“PTO”) is working on a new rule that would require foreign trademark applicants to be represented by U.S. attorneys; the rule could take effect by July 2019, as the PTO plans to issue a proposal in November and seek comment until February 2019.

On The Lighter Side

Virtual Reality Makes Food Taste Better: A study by Cornell University food scientists found that cheese eaten in pleasant VR settings was perceived to taste better than the same cheese eaten in a bleak sensory booth.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: October 12, 2018

Internet Governance

Google Won’t Bid on Pentagon Contract: Google will not submit a proposal for the Joint Enterprise Defense Infrastructure (“JEDI”), an estimated $10 billion contract designed to accelerate the Defense Department’s cloud computing capabilities, because JEDI does not align with the tech giant’s AI principles prohibiting the use of AI in weaponry; additionally, Google disagrees with the government’s decision to choose one vendor instead of adopting “a multi-cloud approach.”

Introducing the “Internet Bill of Rights”:  Democratic representative Ro Khanna of California has worked with think tanks, big tech companies, and government IT pros to devise ten consumer data privacy principles that he hopes will be passed into law; the list includes protecting net neutrality, ensuring consumer choice for ISPs, offering greater transparency on how data is collected, and notifying consumers in a timely manner when personal data has been hacked.

Privacy

UK Court Blocks Privacy Suit Against Google: The UK High Court dismissed an estimated £3 billion class action lawsuit against Google alleging that the tech giant harvested personal data from Safari users without their permission through tracking cookies; although the Court deemed Google’s behavior “wrongful, and a breach of duty,” it nevertheless found that the claimants “had not suffered damage” and did not share the “same interest,” as required by UK law.

Amazon Fires Employee for Selling Emails: Weeks after confirming that marketplace sellers bribed Amazon employees to delete negative reviews or share users’ proprietary information, the company fired an employee who sold customer email addresses to a third-party seller; with customer email addresses, marketplace sellers can gain a competitive edge by directly asking customers to change or remove negative reviews, which is a violation of Amazon’s policy.

Information Security and Cyberthreats

U.S. Telecom Discovers Manipulated Hardware: Following an earlier report that China infiltrated a Supermicro factory to install chips on motherboards used in Apple and Amazon servers, Bloomberg issued a second report claiming that an unnamed U.S. telecom discovered that hardware used in its datacenter had been “manipulated” by an implant designed to “conduct covert surveillance and exfiltrate corporate or government secrets.”

Google Plus Shuts Down After Breach: Google announced its plan to shut down Google Plus after discovering a bug that made available to third-party developers information from over 500,000 accounts, including users’ occupation, gender, and email address; Google defended its decision not to announce the discovery in March—the same month that the Facebook Cambridge Analytica scandal came to light—on the basis that there was no evidence of data misuse. 

Intellectual Property

Microsoft Adds 60,000 Patents to OIN: After joining the anti-patent-trolling group LOT Network last week, Microsoft announced it is also joining the Open Invention Network (“OIN”), an open-source patent group designed to protect Linux and other open-source software from patent-related suits; while 60,000 of Microsoft’s patents will be open-source and available to OIN members, Windows desktop and desktop application code will not be available.

Free Expression and Censorship

Wikipedia Bans Breitbart: Wikipedia editors voted to ban use of the far-right media outlet as a source of fact in articles “due to its unreliability;” Wikipedia editors similarly decided that the “use of InfoWars as a reference should be generally prohibited.

Practice Note

European Union IP Customs Plan: Concerned by the influx of counterfeit and pirated goods into Europe, the Council of Ministers endorsed a proposed new European Union Customs Action Plan to combat intellectual property rights infringement; the plan outlines “an exchange of best practices on the customs follow-up of internet trade” between the European Commission and EU member states and claims that blockchain could be used to effectuate that purpose.

On The Lighter Side

Sue Anyone at the Touch of a Button: The AI-powered “robot lawyer” chatbot DoNotPay has a new iOS app that could help you “sue anyone” simply by pressing a button.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Subrina Chowdhury
Tommine McCarthy
Editorial Fellows, Fordham CLIP

CLIP-ings: September 28, 2018

Internet Governance

Major Companies Talk Privacy with Senate: Leading technology and communications companies, including AT&T, Apple, Charter and Google, provided testimony to the U.S. Senate Committee in support of a federal privacy law that would preempt state statutes, which demonstrates the industry’s acceptance of forthcoming legislation; while governing at the federal level would avoid a “patchwork of laws” that are difficult to navigate, the companies failed to provide a meaningful response when asked why Congress should not implement legislation similar to GDPR and California’s privacy law.

California Passes IoT Bill: The California bill that requires “reasonable security” for IoT devices, including a mandate that products must arrive with unique rather than default passwords that consumers can change after installation, is awaiting the governor’s signature; while some believe the legislation would be a step in the right direction, critics such as Ruth Artzi, Senior Product Marketing Manager at VDOO, argue, “the law should be defined in a more specific manner, as the requirement for an ‘appropriate’ security procedure, depending on the device nature and function, is too ambiguous with no real mechanism to verify that the vendor took the appropriate steps.”

Privacy

Facebook Collects Contacts’ Information: Researchers at Northeastern and Princeton University discovered that Facebook associates the information uploaded by other users’ contact lists when “finding friends” with their profiles and sells it to advertisers, and because the user did not provide the information, he or she is unable to see it or disassociate it with their account; although Facebook does not dispute the collection method, researchers believe that the social network should make its platform more transparent by telling users all the contact information it has gathered from various sources.

Delta’s Biometric Check-In: Delta announced plans to allow travelers to check-in, pass through security, and board with facial recognition in Atlanta’s international airport, which is the first service of its kind in the U.S.; Customs and Border Protection’s “biometric exit” program, which utilizes airlines’ data to verify travelers’ identities, continues to face backlash from critics who assert privacy concerns and the illegality of collection absent Congressional authority.

Information Security and Cyberthreats

Uber Settles 2016 Data Breach: Marking the largest multi-state penalty for a privacy violation, Uber paid $148 million for its failure to promptly notify users after its 2016 data breach which exposed data from 57 million accounts, including 600,000 driving records; the settlement also requires data security incident reports on a quarterly basis for two years and a comprehensive information security program overseen by an executive officer.

Absentee Voting through Blockchain: In an effort to promote enfranchisement among military deployed abroad, West Virginia is allowing overseas residents to vote in its midterm election using Voatz, a blockchain voting app; critics in an election climate fraught with security concerns argue that a virus could alter a person’s vote, but Voatz states that the app can detect malware and will only run on smartphones with the latest security updates.

Intellectual Property

Pay Up, Tech Firms: UK’s News Media Association proposed to the government that Google, Facebook, and other sites that host news content on their platforms should pay an annual tax to fund journalism, give “reasonable notice” when they make changes to their terms of business or algorithms that affect news publishers, and share its revenue with newspapers when their stories appear in users’ feeds; the organization’s proposal suggest support of the EU’s Article 11 copyright strategy (set to pass next year), which requires tech firms to pay a “link tax” to publishers to share their content.

Qualcomm v. Apple:  Qualcomm accused Apple of stealing confidential information and trade secrets related to its chip software and funneling it to Intel Corporation; according to an amended complaint Qualcomm filed in Superior Court in San Diego County, Apple gave Intel engineers confidential information for “at least several years,” including Qualcomm’s source code and log files, to develop modem chips for iPhones.

Free Expression and Censorship

No More ‘Dehumanizing’ Speech: Twitter changed its hateful conduct policies to prohibit “dehumanizing speech” and asked users to give feedback on whether the new rules are clear; Twitter’s scope of “dehumanizing speech” will “include content that dehumanizes others based on their membership in an identifiable group, even when the material does not include a direct target.”

Google’s Project Dragonfly: Former Google scientist Jack Poulson wrote a letter to the Senate Committee on Commerce, Science, and Transportation asking senators to press Google on “Project Dragonfly,” a controversial search engine plan that complies with China’s strict censorship apparatus; Poulson writes that the project contradicts Google’s principles for the use of AI, has a “prototype interface” that ties users to their phone numbers, and blacklists words like “human rights.”

Practice Note

Free TM Search Tool: TrademarkNow states it is the first major vendor to launch a free preliminary trademark searching tool which offers users an unlimited volume of screening searches of the U.S. Patent and Trademark Office and the EU Intellectual Property Office; the search tool also allows users to filter their results by registry or Nice classification.

On The Lighter Side

Robotic Rubik’s Cube: Do you find yourself struggling to solve the rubik’s cube? While it may not set any world records, this robotic rubik’s cube can solve itself without any assistance.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Subrina Chowdhury
Tommine McCarthy
Editorial Fellows, Fordham CLIP

CLIP-ings: September 14, 2018

Internet Governance

China Opens Up Second “Internet Court”: China selected Beijing to establish its second dedicated internet court which resolves issues involving online shopping, service contracts, lending, copyrights and domains, and a third court is set to open within the month in Guangzhou; compared to the first eight months of 2017, online-related disputes were 24.4% higher during the same period this year in Beijing courts.

FTC Shuts Down Fake Military Recruitment Sites: The FTC shut down fake military recruitment websites that sold users’ information to post-secondary schools without their consent since 2010; finding the companies in breach of the FTC Act and the FTC’s Telemarketing Sales Rule, the FTC settlement requires that the Alabama-based companies, Sunkey Publishing Inc. and Fanmail.com LLC, relinquish their domains and pay at least $1,000,000 each in fines.

Privacy

Apps Quietly Selling Location Information:  Security researchers at the GuardianApp project found that millions of iPhone users have had their location data covertly sold by at least 24 popular iPhone apps to data monetization firms that use the information to deliver targeted ads; Will Strafach, founder of GuardianApp, argues that the firms should disclose the data collection through notifications sent directly to the user instead of burying it in a hidden privacy policy.

Tech Trade Groups Introduce Federal Privacy Legislation The Internet Association and BSA|The Software Alliance, two technology trade groups, introduced federal privacy legislation proposals that recommend enabling consumers to correct or delete information under certain circumstances, take personal information to another company that provides similar services, and learn what data companies collect and use; while the groups also support preemption of state laws, some critics argue, “states are much better prepared to be nimble in the face of future threats to American consumers.”

Information Security and Cyberthreats

British Airways Hackers Behind Wave of Data Breaches: After credit card skimming malware compromised nearly 380,000 British Airways customers’ information over a three-week period, security firm RiskIQ revealed that the responsible criminal group, Magecart, was behind a bigger wave of attacks; the collective has aggregated a larger reach “than any other credit card breach to date, and isn’t stopping any day soon,” according to Yonathan Klijnsma, a threat researcher at RiskIQ

Deep Fakes Become More Advanced: Researchers at Carnegie Mellon University have enhanced deep fakes by developing technology that transfers the mannerisms of one person to another, such as “John Oliver’s dimple while smiling, the shape of mouth characteristic of Donald Trump, and the facial mouth lines and smile of Stephen Colbert;” the advancement increases the potential for bad actors to leverage deep fake technology as a tool to circulate nefarious political propaganda

Intellectual Property

EU’s Copyright Reform:  The European Parliament voted in favor of the Copyright Directive, which reforms online copyright with controversial initiatives, including requiring online platforms to pay media companies to link to their content (Article 11) and making the platforms verify content uploaded on their sites and remove copyrighted material (Article 13); while critics believe the law could lead to censorship and limit what people can post and share online, supporters say the provisions will give creators the opportunity to reclaim the value of their work.

TickBox Settles: Streaming TV device manufacturer TickBox agreed to pay $25 million to settle a California federal court suit brought by Universal Studios, Netflix, and other content-creating companies who claim TickBox is assisting customers in infringing their copyrighted material; TickBox also consented to a permanent injunction under which TickBox may continue as a business, but can no longer provide software that allows users to stream unlicensed movies or TV shows.

Free Expression and Censorship

Political Censorship by YouTube?  Google removed a YouTube advertisement by Russian opposition politician Alexei Navalny ahead of Sunday elections for regional governors after the Central Election Commission sent a letter of complaint that the videos violate a law prohibiting political campaigning within 24 hours of an election; a Navalny aide condemned Google’s act as a “case of political censorship,” claiming the advertisements were unrelated to the elections as they encouraged citizens to protest President Vladimir Putin’s plans to raise the retirement age for state pensions.

Crackdown on Extremist Content:  The EU proposed new laws ordering social media companies to remove content promoting extremist groups or instructions on how to commit extremist offenses within one hour to avoid fines as high as 4 percent of annual turnover; the President explained the one hour deadline was proposed because “terrorist content is most harmful in the first hours after it appears online because of the speed at which it spreads.”

On The Lighter Side

Sarcastic AI:  Frustrated that your Alexa misunderstands your sarcasm? Fortunately, researchers at Oregon State University are working on developing an AI system capable of interpreting our sense of humor.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Subrina Chowdhury
Tommine McCarthy
Editorial Fellows, Fordham CLIP

CLIP-ings: April 26, 2018

Internet Governance

Huawei Investigation Continues: The Justice Department is reportedly investigating whether Huawei Technologies Co. violated U.S. sanctions against Iran, which could lead to criminal penalties for the company; the investigation comes after Congress proposed to block Huawei from government contracts and advised carriers, internet service providers, and private citizens against purchasing Huawei’s products.

EU Regulates Tech Commercial Relations: The European Union proposed rules that will for the first time govern commercial relations between tech giants and smaller businesses; the proposal requires target app stores, search engines, e-commerce sites, and hotel booking websites to be clear about how they rank search results and why they delist some services and empowers companies to collectively sue the online platforms for violation of these rules. 

Blockchain Verifies Jewelry: IBM and several jewelry companies, including Richline Group and Helzberg Diamonds, established a joint initiative called TrustChain to develop blockchain technology to trace the provenance of finished pieces of jewelry and ensure they are ethically sourced; the initiative tracks and authenticates diamonds and precious metals through every stage in the process of becoming finished jewelry and includes third-party oversight. 

Privacy

Identity Theft Of Children: A study released by Javelin Strategy and Research claims that more than one million children in the United States were affected by identity theft last year, causing $2.6 billion in losses and $540 million in out-of-pocket costs for families; the study states 60 percent of identity fraud victims who are children know the identity thief, while only seven percent of adult victims personally know the perpetrator.

Information Security and Cyberthreats

Hack On Hotel Master Keys: Security researchers uncovered a design flaw in the software of hotel master keys produced by VingCard, a global provider of hotel locking systems used in more than 42,000 properties in 166 countries; the researchers are helping hotels patch the problem, which allows hackers to create a master key to the building, within minutes using a regular hotel key, even if it is expired.

Bad Gamble: British teenager Kane Gamble was sentenced to two years at a youth detention center after pleading guilty to 10 hacking charges for hacking a number of high profile United States government employees, including former CIA director John Brennan and former director of intelligence, James Clapper; Gamble and others stole 40 attachments from Brennan’s email, broke into Clapper’s and his wife’s emails, and stole and leaked the contact info of 20,000 FBI personnel.

Intellectual Property

SCOTUS Upholds Patent Review Process: The Supreme Court upheld the Patent Office’s power to review and cancel issued patents through the inter partes review procedure of the Patent Trial and Appeal Board (PTAB); the case, Oil States Energy Services, LLC v. Greene’s Energy Group, LLC turned on whether PTAB’s administrative patent judges are constitutionally permitted to revoke patents or if this can only be done by Article III courts.

Monkey See, Monkey Selfie: The Ninth Circuit Court of Appeals ruled that an Indonesian crested macaque does not hold the copyright to selfies he took on a nature photographer’s camera in 2011, dismissing an appeal brought by PETA; the dispute over who owns the photo–monkey or man–arose when Wikipedia posted the image to its free to use website and the nature photographer asked to have it removed.

Free Expression and Censorship

Facebook Updates Community Standards: Facebook unveiled changes to its content review policy, adding an appeals process for removed content and releasing its moderation guidelines; the move–part of Facebook’s commitment to be more transparent about its content decisions–now allows posters of removed photos, videos, or posts to contest determinations they believe were wrongly made.

Texas’ ‘Revenge Porn’ Law Struck Down: A Texas appeals court struck down the state’s “Relationship Privacy Act,” holding that the statute is overbroad and infringes on free speech protections; the law, which passed the Texas Legislature unanimously in 2015, contains provisions that the state court worried could punish individuals who share intimate, private photos without knowing that they were, in fact, private. 

Practice Note

Yahoo! Fined $35M by SEC: The SEC announced that Altaba, the owner of the remnants of Yahoo!, agreed to pay a $35 million fine for failing until September 2016 to disclose a 2014 data breach in which hackers stole information from 500 million users; the SEC–which released guidance on disclosure of data breaches earlier this year–said in a statement that “public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors.”

On The Lighter Side

Going Green: Ever wonder how it feels to be the Hulk? Now you can find out. A new force feedback jacket developed by Disney Research, MIT Media Lab, and Carnegie Mellon University uses inflatable airbags to simulate the experience of turning into the superhero.


Information Law News From CLIP-ings International Correspondents Around the Globe

This academic year, former CLIP-ings Editorial Fellows studying abroad are reporting from time-to-time on current local news and developments in the field of information law!

From Meghna Prasad – Rome, Italy:

“We Gucci”:  After a nine-year intellectual property dispute between Gucci and Guess, the two brands reached a confidential settlement in longstanding a trademark infringement case that saw Gucci file suit in not only the U.S., but also in Italy, France, Australia, and China; the suit alleged that Guess was guilty of counterfeiting, unfair competition, and trademark infringement for its interlocking “G” logo on a line of Guess shoes.

Give Me a Break:  In advance of a final decision from the Court of Justice about whether the four-fingered shape of the KitKat bar is enough to justify the 2006 EU trademark KitKat holds, the advocate general recommended to the Court that there is not enough evidence to show that the chocolate is sufficiently known in the EU.

From Victoria Loeb – Paris, France:

EU Debates Cyber System: The European Commission proposed legislation to create an EU-wide cybersecurity certification system for technology products by funding, staffing and giving oversight authority to Athens-based EU agency ENISA; France’s cybersecurity agency ANSSI, one of Europe’s largest authorities for preventing breaches and responding to threats, is a proponent of EU-wide certification, but argues that member states must keep a level of control over the process.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

N. Cameron Russell
Executive Director, Fordham CLIP

Erin Shahinfar
Subrina Chowdhury
Editorial Fellows, Fordham CLIP