CLIP-ings: December 7, 2018

Internet Governance

Australia’s New Anti-Encryption Law: Australia passed a bill that will require technology companies to provide law enforcement and security agencies with access to encrypted data, despite criticism that doing so could undermine national security and privacy; Australia is the first nation in the Five Eyes intelligence network—which is comprised of the United States, Canada, Britain, and New Zealand—to force broad access requirements, with fines of up to A$10 million ($7.3 million) for institutions and prison terms for individuals who fail to provide data on suspected illegal activities.

Facebook Cherry-Picked Special Access To Data: Facebook gave favored partners such as Netflix and Airbnb special access to user data, while restricting competitors’ access to its platform, according to internal Facebook documents released by a British parliamentary committee investigating online disinformation; the documents also reveal how Facebook considered restricting app developers’ access to user data unless those developers bought advertising—a policy the company now claims it never enacted.

Privacy

NYPD Unveils New Drone System: The New York Police Department unveiled plans to deploy 14 drones and train 29 officers to operate them, raising concerns about the department’s possible misuse of the devices and growing surveillance capacity; according to police officials, while the drones will be used to monitor large crowds, investigate hazardous waste spills, handle hostage situations, and reach remote areas in crime scenes, they will not be used for routine police patrols or traffic enforcement, will not be weaponized, and will not conduct warrantless surveillance.

Secret Service Tests Facial Recognition At White House: The Secret Service is testing a pilot facial recognition system that matches images of individuals outside the White House with “subjects of interest,” according to a Department of Homeland Security report revealed by the American Civil Liberties Union; while the program is currently limited to trying to match the faces of volunteer staff members, the report acknowledges a privacy risk for members of the public who are inadvertently recorded.

Information Security and Cyberthreats

500 Million Affected In Marriott Data Breach: Hackers breached Marriott’s Starwood hotels reservation system and stole the personal data of up to 500 million guests in an attack that began four years ago; the attack has prompted Senators to call for stronger data security laws and data breach penalties, and Marriott plans to provide customers with free identity theft monitoring and reimburse hack victims for new passports.

NRCC Emails Hacked In 2018 Midterms: The National Republican Congressional Committee (“NRCC”) was hacked during the 2018 midterm election campaigns, exposing thousands of emails from four senior NRCC aides to an unknown entity; neither Senior House Republicans nor rank-and-file members were told of the breach until this week, as the committee opted to withhold information to shield an investigation of the hack and not tip off the culprit.

Intellectual Property

Google Seeks Review Of Spreadsheet Patent Decision: Google petitioned the Federal Circuit for en banc review of an October panel decision finding that an invention for navigating through complex electronic spreadsheets is a patent-eligible improvement; in its petition, Google argued that the technology, which enables electronic tabbing akin to paper tabbing, is directed to an abstract idea and is therefore un-patentable under Alice.

Free Expression and Censorship

Tumblr Bans Porn: Just weeks after it was removed from the iOS App Store over an incident involving child pornography, Tumblr announced that it will permanently ban adult content on its platform starting December 17, 2018; the machine learning technology Tumblr will use to filter prohibited images has been the target of skepticism due to, among other things, its inaccuracy and inability to contextualize images.

On The Lighter Side

New Home of the Whopper? Burger King’s new app uses geofencing technology to offer customers a Whopper for a penny if they order on the app within 600 feet of a McDonald’s.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: November 30, 2018

Internet Governance

DOJ Dismantles Digital Ad Scams: With the help of the FBI, the Department of Homeland Security, and private companies, the Department of Justice indicted eight individuals who are alleged to have created fake internet advertising companies to scam legitimate companies out of a collective $36 million; while three defendants were arrested, five remain at large.

FTC Discusses Holding Tech Companies Accountable: Sitting before the Senate Commerce Consumer Protection Subcommittee, FTC Commissioners would not comment on the agency’s investigation into whether Facebook’s Cambridge Analytica scandal showed that the social network violated a 2011 consent decree; the FTC did state that it lacks sufficient resources to combat data abuse, and as a result often opts for settlement over costly trial.

Ohio Will Accept Bitcoin For Taxes: Despite regulatory concerns around cryptocurrency, Ohio became the first state to accept bitcoin for paying business taxes; the State wants to compete for new businesses and establish itself as the “national and international leader in blockchain technology.”

Privacy

Six Flags Lawsuit Tests Biometric Privacy Law: Illinois’ highest court will determine whether a “person aggrieved” under the State’s Biometric Information Privacy Act must suffer actual harm from the collection of biometric information in violation of the statute, or whether a technical violation alone confers standing to sue.

UK Police Use AI To Predict Crime: A law enforcement software known as the National Data Analytics Solution leverages 1,400 indicators from pooled police data sets across the U.K. and uses machine learning to identify individuals who are on a trajectory toward committing serious violent crimes so they can be offered assistance such as counselling; privacy critics raise concerns about bias reinforcement and the intrusiveness of pre-emptive intervention.

Information Security and Cyberthreats

U.S. Indicts Hackers Behind Nationwide Extortion: The U.S. Treasury Department for the first time added two cryptocurrency wallets to its sanctions list after indicting two Iranian hackers for extorting $6 million from more than 200 victims — including 43 U.S. states — through ransomware software that ordered victims to send money to the bitcoin accounts; one high-profile incident involved an attack on Atlanta that affected major basic municipal functions.

Facebook Faces Vitriol From International Community: At a rare joint hearing with policymakers from nine countries, Facebook was harshly criticized for its inability to stop the spread of fake news; U.K. House of Commons member Damian Collins pointed to documents that allegedly show Facebook was aware of Russia’s malicious involvement with the platform as early as 2014, and suggested that the recently obtained documents will be published “within a week.”

Intellectual Property

Australia Tightens Online Piracy Laws: The Australian parliament passed the Copyright Amendment (Online Infringement) Bill 2018, which, among other things, entitles copyright owners to apply for injunctions that force ISPs to prevent customers from accessing pirate sites and allows ISPs to block mirror and proxy sites without returning to court; the Australian Digital Alliance and other organizations warn that the legislation “removes public interest protections and puts legitimate sites and activities of the public at risk.”

Free Expression and Censorship

Gmail Avoids Gender-Based Pronouns: Gmail stopped its “Smart Compose” text prediction feature, which autosuggests text for Gmail users composing emails, from suggesting gender-based pronouns due to concerns that the technology might perpetuate real-world gender bias.

Practice Note

Ethical Rules Regarding Crowdfunding: The District of Columbia Bar’s Legal Ethics Committee issued an opinion analyzing lawyers’ ethical obligations when clients use crowdfunding to pay for representation, which the opinion concludes vary according to the extent of a lawyer’s involvement in fundraising efforts.

On The Lighter Side

How The Senate Stopped Grinch Bots From Stealing Christmas: Just before the holiday season, Congress members proposed the “Stopping Grinch Bots Act of 2018” to outlaw the use of online shopping bots and the resale of items they purchase.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: November 9, 2018

Internet Governance

Supreme Court Won’t Hear Net Neutrality: The highest court denied certiorari to telecom companies’ challenge to a lower court decision that upheld federal net neutrality rules set during the Obama administration on the basis that the FCC’s repeal of net neutrality made the challenge moot.

Uber Races To Put Autonomous Cars On The Road: More than seven months after a fatal crash involving one of its autonomous vehicles, the ride-hailing company released a voluntary safety report under U.S. Department of Transportation guidelines and has sought permission to resume self-driving car tests in Pennsylvania; safety improvements purportedly include automatic braking that detects objects more quickly and stricter monitoring of safety drivers.

Privacy

Dutch Police Access Encrypted Messages: Law enforcement in the Netherlands stated that a “breakthrough in the interception and decryption of encrypted communication” enabled police to read over 258,000 live messages exchanged between criminals on BlackBox Security’s IronChat, an app “billed as providing end-to-end encryption” that runs on a device costing thousands of dollars; Dutch media reported that a version of IronChat had potentially serious vulnerabilities that allowed the police to break the encryption.

Information Security and Cyberthreats

Facebook Blocks Russian Trolls Ahead Of Midterms: After receiving a tip from the F.B.I., the social network removed more than 100 Facebook and Instagram accounts “due to concerns that they were linked to the Russia-based Internet Research Agency”—the same organization accused of interfering with the 2016 presidential election; the collaboration marks the first time that Facebook publicly acknowledged acting on an influence campaign as a result of intelligence received from a government agency.

Intellectual Property

Google’s Anti-Piracy Measures Pay Off: A new report highlighting the company’s anti-piracy products reveals that YouTube paid $3 billion to copyright owners through Content ID, a system that scans uploads against a database of content owners’ files, detects when an upload uses another person’s intellectual property, and then allows the owner to earn from the upload; Google also reported that it removed 3 billion URLs from Search after releasing a tool that allows copyright owners to report illicit websites, and that it disapproved of 10 million advertisements suspected of linking to infringing websites in 2017.

Free Expression and Censorship

Gab Is Back Online: Social network Gab found a new domain registrar after its prior domain host, GoDaddy, dropped the site following revelations that Pittsburgh synagogue shooter Robert Bowers maintained an anti-Semitic profile on the network; Rob Monster, founder and CEO of Gab’s new domain host Epik.com, wrote that he “did not take the decision lightly,” but believes “de-platforming is digital censorship.”

Chrome 71 To Block Ads: The new browser, due for release in December, will block all website ads that Google classifies as “abusive,” including those that cause the browser to misbehave by generating fake system messages, automatically redirecting users, or attempting to steal personal information; Google will give site owners a thirty-day period to remove the advertisement, and failure to do so will cause Chrome to block every ad on the website. 

Practice Note

Licensing SEPs To Chipmaker Competitors: A California federal judge ruled that Qualcomm must license its standard-essential patents (SEPs) to competing modem-chip sellers, siding with the Federal Trade Commission in its argument that Qualcomm violated its fair, reasonable, and non-discriminatory (FRAND) licensing commitments; the court observed that Qualcomm itself received such licenses to supply components and emphasized in prior litigation that an SEP holder may not discriminate in licensing its SEPs.

On The Lighter Side

AI News Anchors: China’s state-run press agency used footage from humans to generate AI anchors that read the news using synthesized voices.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: October 26, 2018

Internet Governance

E-Scooter Companies Sued For Negligence: California residents filed a proposed class action lawsuit alleging that electric scooter companies are liable for personal injury and property damage caused by e-scooters; the plaintiffs’ lawyer argues that the companies’ user agreements, which preclude riders from bringing class action lawsuits and suing for negligence, are “draconian.”

White House Seeks Tech Support:  The Trump Administration met with tech companies to discuss ways to enable workers to take leaves to work on government projects, including modernizing state and federal agencies; the conversation took place amid worker protests against tech industry involvement with government initiatives in areas such as artificial-intelligence-powered drone attacks and facial recognition technology.

Privacy

Location, Location, Location: Facebook and Google users who opted out of location tracking filed separate proposed class-action lawsuits against the two companies, alleging that each deceptively collected and sold the users’ location information despite their opt-out; the allegations arise in the wake of a recent University of Oxford study placing Google and Facebook atop the list of third-party data trackers.

Apple Calls For Stronger Privacy: In his keynote speech at the 40th International Conference of Data Protection and Privacy Commissioners, Apple CEO Tim Cook criticized business models that unethically profit from privacy invasion, applauded international reforms such as the GDPR, and voiced support for a comprehensive federal U.S. privacy law that would prioritize data minimization, transparency, a right to access, and a right to security; the speech followed Apple’s recent policy adjustments designed to give consumers more control over their privacy.

Information Security and Cyberthreats

U.S. Charges Russian Troll: The Department of Justice formally charged a Russian woman who is a part of the Internet Research Agency — the same group that Special Counsel Robert Mueller indicted earlier this year for its involvement in the 2016 presidential election — for overseeing a social media effort to influence the upcoming U.S. midterm elections; the U.S. Cyber Command, the military wing tasked with overseeing offensive cyber operations, subsequently announced its plan to warn known Russian operatives spreading fake news that they are being watched.

Intellectual Property

Georgia Can’t Copyright Code Annotations: The Eleventh Circuit ruled that the State of Georgia cannot claim copyright ownership over its annotated code—the only official version of the state’s laws—and thus found against Georgia’s Code Revision Commission in its copyright infringement suit against an organization that purchased the code and made it publicly available online; the Court reasoned that while annotations do not carry the weight of the law, the legislature chose “to make them an integral part of the official codification of Georgia’s laws,” resulting in work that is “intrinsically public domain material, belonging to the People, and, as such, [ ] free for publication by all.”

Free Expression and Censorship

Crackdown On Brazil Spam Network: Facebook removed 68 pages and 43 accounts associated with Raposo Fernandes Associados, a marketing group supporting far-right presidential candidate Jair Bolsonaro, for violating the social network’s misrepresentation and spam policies by using fake or duplicative accounts and by posting clickbait intended to direct users to third-party websites; Facebook-owned WhatsApp also banned more than 100,000 accounts used by Bolsonaro’s supporters to send bulk messaging during the campaign.

China Drafts Blockchain Regulation: The Cyberspace Administration, China’s top-level internet censorship agency, published and is seeking public feedback on a draft policy for regulating blockchain-related service providers; blockchain technology has been used in the past to bypass China’s internet censorship, but the proposed rules would require blockchain service providers to enforce know-your-customer measures by collecting certain user information and sharing it with law enforcement as requested.

Practice Note

Foreign Trademark Filers May Need U.S. Lawyer: The Patent and Trademark Office (“PTO”) is working on a new rule that would require foreign trademark applicants to be represented by U.S. attorneys; the rule could take effect by July 2019, as the PTO plans to issue a proposal in November and seek comment until February 2019.

On The Lighter Side

Virtual Reality Makes Food Taste Better: A study by Cornell University food scientists found that cheese eaten in pleasant VR settings was perceived to taste better than the same cheese eaten in a bleak sensory booth.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Tommine McCarthy 
Subrina Chowdhury 
Editorial Fellows, Fordham CLIP

CLIP-ings: October 12, 2018

Internet Governance

Google Won’t Bid on Pentagon Contract: Google will not submit a proposal for the Joint Enterprise Defense Infrastructure (“JEDI”), an estimated $10 billion contract designed to accelerate the Defense Department’s cloud computing capabilities, because JEDI does not align with the tech giant’s AI principles prohibiting the use of AI in weaponry; additionally, Google disagrees with the government’s decision to choose one vendor instead of adopting “a multi-cloud approach.”

Introducing the “Internet Bill of Rights”:  Democratic representative Ro Khanna of California has worked with think tanks, big tech companies, and government IT pros to devise ten consumer data privacy principles that he hopes will be passed into law; the list includes protecting net neutrality, ensuring consumer choice for ISPs, offering greater transparency on how data is collected, and notifying consumers in a timely manner when personal data has been hacked.

Privacy

UK Court Blocks Privacy Suit Against Google: The UK High Court dismissed an estimated £3 billion class action lawsuit against Google alleging that the tech giant harvested personal data from Safari users without their permission through tracking cookies; although the Court deemed Google’s behavior “wrongful, and a breach of duty,” it nevertheless found that the claimants “had not suffered damage” and did not share the “same interest,” as required by UK law.

Amazon Fires Employee for Selling Emails: Weeks after confirming that marketplace sellers bribed Amazon employees to delete negative reviews or share users’ proprietary information, the company fired an employee who sold customer email addresses to a third-party seller; with customer email addresses, marketplace sellers can gain a competitive edge by directly asking customers to change or remove negative reviews, which is a violation of Amazon’s policy.

Information Security and Cyberthreats

U.S. Telecom Discovers Manipulated Hardware: Following an earlier report that China infiltrated a Supermicro factory to install chips on motherboards used in Apple and Amazon servers, Bloomberg issued a second report claiming that an unnamed U.S. telecom discovered that hardware used in its datacenter had been “manipulated” by an implant designed to “conduct covert surveillance and exfiltrate corporate or government secrets.”

Google Plus Shuts Down After Breach: Google announced its plan to shut down Google Plus after discovering a bug that made available to third-party developers information from over 500,000 accounts, including users’ occupation, gender, and email address; Google defended its decision not to announce the discovery in March—the same month that the Facebook Cambridge Analytica scandal came to light—on the basis that there was no evidence of data misuse. 

Intellectual Property

Microsoft Adds 60,000 Patents to OIN: After joining the anti-patent-trolling group LOT Network last week, Microsoft announced it is also joining the Open Invention Network (“OIN”), an open-source patent group designed to protect Linux and other open-source software from patent-related suits; while 60,000 of Microsoft’s patents will be open-source and available to OIN members, Windows desktop and desktop application code will not be available.

Free Expression and Censorship

Wikipedia Bans Breitbart: Wikipedia editors voted to ban use of the far-right media outlet as a source of fact in articles “due to its unreliability;” Wikipedia editors similarly decided that the “use of InfoWars as a reference should be generally prohibited.

Practice Note

European Union IP Customs Plan: Concerned by the influx of counterfeit and pirated goods into Europe, the Council of Ministers endorsed a proposed new European Union Customs Action Plan to combat intellectual property rights infringement; the plan outlines “an exchange of best practices on the customs follow-up of internet trade” between the European Commission and EU member states and claims that blockchain could be used to effectuate that purpose.

On The Lighter Side

Sue Anyone at the Touch of a Button: The AI-powered “robot lawyer” chatbot DoNotPay has a new iOS app that could help you “sue anyone” simply by pressing a button.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton 
Executive Director, Fordham CLIP

Subrina Chowdhury
Tommine McCarthy
Editorial Fellows, Fordham CLIP

CLIP-ings: September 28, 2018

Internet Governance

Major Companies Talk Privacy with Senate: Leading technology and communications companies, including AT&T, Apple, Charter and Google, provided testimony to the U.S. Senate Committee in support of a federal privacy law that would preempt state statutes, which demonstrates the industry’s acceptance of forthcoming legislation; while governing at the federal level would avoid a “patchwork of laws” that are difficult to navigate, the companies failed to provide a meaningful response when asked why Congress should not implement legislation similar to GDPR and California’s privacy law.

California Passes IoT Bill: The California bill that requires “reasonable security” for IoT devices, including a mandate that products must arrive with unique rather than default passwords that consumers can change after installation, is awaiting the governor’s signature; while some believe the legislation would be a step in the right direction, critics such as Ruth Artzi, Senior Product Marketing Manager at VDOO, argue, “the law should be defined in a more specific manner, as the requirement for an ‘appropriate’ security procedure, depending on the device nature and function, is too ambiguous with no real mechanism to verify that the vendor took the appropriate steps.”

Privacy

Facebook Collects Contacts’ Information: Researchers at Northeastern and Princeton University discovered that Facebook associates the information uploaded by other users’ contact lists when “finding friends” with their profiles and sells it to advertisers, and because the user did not provide the information, he or she is unable to see it or disassociate it with their account; although Facebook does not dispute the collection method, researchers believe that the social network should make its platform more transparent by telling users all the contact information it has gathered from various sources.

Delta’s Biometric Check-In: Delta announced plans to allow travelers to check-in, pass through security, and board with facial recognition in Atlanta’s international airport, which is the first service of its kind in the U.S.; Customs and Border Protection’s “biometric exit” program, which utilizes airlines’ data to verify travelers’ identities, continues to face backlash from critics who assert privacy concerns and the illegality of collection absent Congressional authority.

Information Security and Cyberthreats

Uber Settles 2016 Data Breach: Marking the largest multi-state penalty for a privacy violation, Uber paid $148 million for its failure to promptly notify users after its 2016 data breach which exposed data from 57 million accounts, including 600,000 driving records; the settlement also requires data security incident reports on a quarterly basis for two years and a comprehensive information security program overseen by an executive officer.

Absentee Voting through Blockchain: In an effort to promote enfranchisement among military deployed abroad, West Virginia is allowing overseas residents to vote in its midterm election using Voatz, a blockchain voting app; critics in an election climate fraught with security concerns argue that a virus could alter a person’s vote, but Voatz states that the app can detect malware and will only run on smartphones with the latest security updates.

Intellectual Property

Pay Up, Tech Firms: UK’s News Media Association proposed to the government that Google, Facebook, and other sites that host news content on their platforms should pay an annual tax to fund journalism, give “reasonable notice” when they make changes to their terms of business or algorithms that affect news publishers, and share its revenue with newspapers when their stories appear in users’ feeds; the organization’s proposal suggest support of the EU’s Article 11 copyright strategy (set to pass next year), which requires tech firms to pay a “link tax” to publishers to share their content.

Qualcomm v. Apple:  Qualcomm accused Apple of stealing confidential information and trade secrets related to its chip software and funneling it to Intel Corporation; according to an amended complaint Qualcomm filed in Superior Court in San Diego County, Apple gave Intel engineers confidential information for “at least several years,” including Qualcomm’s source code and log files, to develop modem chips for iPhones.

Free Expression and Censorship

No More ‘Dehumanizing’ Speech: Twitter changed its hateful conduct policies to prohibit “dehumanizing speech” and asked users to give feedback on whether the new rules are clear; Twitter’s scope of “dehumanizing speech” will “include content that dehumanizes others based on their membership in an identifiable group, even when the material does not include a direct target.”

Google’s Project Dragonfly: Former Google scientist Jack Poulson wrote a letter to the Senate Committee on Commerce, Science, and Transportation asking senators to press Google on “Project Dragonfly,” a controversial search engine plan that complies with China’s strict censorship apparatus; Poulson writes that the project contradicts Google’s principles for the use of AI, has a “prototype interface” that ties users to their phone numbers, and blacklists words like “human rights.”

Practice Note

Free TM Search Tool: TrademarkNow states it is the first major vendor to launch a free preliminary trademark searching tool which offers users an unlimited volume of screening searches of the U.S. Patent and Trademark Office and the EU Intellectual Property Office; the search tool also allows users to filter their results by registry or Nice classification.

On The Lighter Side

Robotic Rubik’s Cube: Do you find yourself struggling to solve the rubik’s cube? While it may not set any world records, this robotic rubik’s cube can solve itself without any assistance.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Subrina Chowdhury
Tommine McCarthy
Editorial Fellows, Fordham CLIP

CLIP-ings: September 14, 2018

Internet Governance

China Opens Up Second “Internet Court”: China selected Beijing to establish its second dedicated internet court which resolves issues involving online shopping, service contracts, lending, copyrights and domains, and a third court is set to open within the month in Guangzhou; compared to the first eight months of 2017, online-related disputes were 24.4% higher during the same period this year in Beijing courts.

FTC Shuts Down Fake Military Recruitment Sites: The FTC shut down fake military recruitment websites that sold users’ information to post-secondary schools without their consent since 2010; finding the companies in breach of the FTC Act and the FTC’s Telemarketing Sales Rule, the FTC settlement requires that the Alabama-based companies, Sunkey Publishing Inc. and Fanmail.com LLC, relinquish their domains and pay at least $1,000,000 each in fines.

Privacy

Apps Quietly Selling Location Information:  Security researchers at the GuardianApp project found that millions of iPhone users have had their location data covertly sold by at least 24 popular iPhone apps to data monetization firms that use the information to deliver targeted ads; Will Strafach, founder of GuardianApp, argues that the firms should disclose the data collection through notifications sent directly to the user instead of burying it in a hidden privacy policy.

Tech Trade Groups Introduce Federal Privacy Legislation The Internet Association and BSA|The Software Alliance, two technology trade groups, introduced federal privacy legislation proposals that recommend enabling consumers to correct or delete information under certain circumstances, take personal information to another company that provides similar services, and learn what data companies collect and use; while the groups also support preemption of state laws, some critics argue, “states are much better prepared to be nimble in the face of future threats to American consumers.”

Information Security and Cyberthreats

British Airways Hackers Behind Wave of Data Breaches: After credit card skimming malware compromised nearly 380,000 British Airways customers’ information over a three-week period, security firm RiskIQ revealed that the responsible criminal group, Magecart, was behind a bigger wave of attacks; the collective has aggregated a larger reach “than any other credit card breach to date, and isn’t stopping any day soon,” according to Yonathan Klijnsma, a threat researcher at RiskIQ

Deep Fakes Become More Advanced: Researchers at Carnegie Mellon University have enhanced deep fakes by developing technology that transfers the mannerisms of one person to another, such as “John Oliver’s dimple while smiling, the shape of mouth characteristic of Donald Trump, and the facial mouth lines and smile of Stephen Colbert;” the advancement increases the potential for bad actors to leverage deep fake technology as a tool to circulate nefarious political propaganda

Intellectual Property

EU’s Copyright Reform:  The European Parliament voted in favor of the Copyright Directive, which reforms online copyright with controversial initiatives, including requiring online platforms to pay media companies to link to their content (Article 11) and making the platforms verify content uploaded on their sites and remove copyrighted material (Article 13); while critics believe the law could lead to censorship and limit what people can post and share online, supporters say the provisions will give creators the opportunity to reclaim the value of their work.

TickBox Settles: Streaming TV device manufacturer TickBox agreed to pay $25 million to settle a California federal court suit brought by Universal Studios, Netflix, and other content-creating companies who claim TickBox is assisting customers in infringing their copyrighted material; TickBox also consented to a permanent injunction under which TickBox may continue as a business, but can no longer provide software that allows users to stream unlicensed movies or TV shows.

Free Expression and Censorship

Political Censorship by YouTube?  Google removed a YouTube advertisement by Russian opposition politician Alexei Navalny ahead of Sunday elections for regional governors after the Central Election Commission sent a letter of complaint that the videos violate a law prohibiting political campaigning within 24 hours of an election; a Navalny aide condemned Google’s act as a “case of political censorship,” claiming the advertisements were unrelated to the elections as they encouraged citizens to protest President Vladimir Putin’s plans to raise the retirement age for state pensions.

Crackdown on Extremist Content:  The EU proposed new laws ordering social media companies to remove content promoting extremist groups or instructions on how to commit extremist offenses within one hour to avoid fines as high as 4 percent of annual turnover; the President explained the one hour deadline was proposed because “terrorist content is most harmful in the first hours after it appears online because of the speed at which it spreads.”

On The Lighter Side

Sarcastic AI:  Frustrated that your Alexa misunderstands your sarcasm? Fortunately, researchers at Oregon State University are working on developing an AI system capable of interpreting our sense of humor.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Subrina Chowdhury
Tommine McCarthy
Editorial Fellows, Fordham CLIP

CLIP-ings: April 26, 2018

Internet Governance

Huawei Investigation Continues: The Justice Department is reportedly investigating whether Huawei Technologies Co. violated U.S. sanctions against Iran, which could lead to criminal penalties for the company; the investigation comes after Congress proposed to block Huawei from government contracts and advised carriers, internet service providers, and private citizens against purchasing Huawei’s products.

EU Regulates Tech Commercial Relations: The European Union proposed rules that will for the first time govern commercial relations between tech giants and smaller businesses; the proposal requires target app stores, search engines, e-commerce sites, and hotel booking websites to be clear about how they rank search results and why they delist some services and empowers companies to collectively sue the online platforms for violation of these rules. 

Blockchain Verifies Jewelry: IBM and several jewelry companies, including Richline Group and Helzberg Diamonds, established a joint initiative called TrustChain to develop blockchain technology to trace the provenance of finished pieces of jewelry and ensure they are ethically sourced; the initiative tracks and authenticates diamonds and precious metals through every stage in the process of becoming finished jewelry and includes third-party oversight. 

Privacy

Identity Theft Of Children: A study released by Javelin Strategy and Research claims that more than one million children in the United States were affected by identity theft last year, causing $2.6 billion in losses and $540 million in out-of-pocket costs for families; the study states 60 percent of identity fraud victims who are children know the identity thief, while only seven percent of adult victims personally know the perpetrator.

Information Security and Cyberthreats

Hack On Hotel Master Keys: Security researchers uncovered a design flaw in the software of hotel master keys produced by VingCard, a global provider of hotel locking systems used in more than 42,000 properties in 166 countries; the researchers are helping hotels patch the problem, which allows hackers to create a master key to the building, within minutes using a regular hotel key, even if it is expired.

Bad Gamble: British teenager Kane Gamble was sentenced to two years at a youth detention center after pleading guilty to 10 hacking charges for hacking a number of high profile United States government employees, including former CIA director John Brennan and former director of intelligence, James Clapper; Gamble and others stole 40 attachments from Brennan’s email, broke into Clapper’s and his wife’s emails, and stole and leaked the contact info of 20,000 FBI personnel.

Intellectual Property

SCOTUS Upholds Patent Review Process: The Supreme Court upheld the Patent Office’s power to review and cancel issued patents through the inter partes review procedure of the Patent Trial and Appeal Board (PTAB); the case, Oil States Energy Services, LLC v. Greene’s Energy Group, LLC turned on whether PTAB’s administrative patent judges are constitutionally permitted to revoke patents or if this can only be done by Article III courts.

Monkey See, Monkey Selfie: The Ninth Circuit Court of Appeals ruled that an Indonesian crested macaque does not hold the copyright to selfies he took on a nature photographer’s camera in 2011, dismissing an appeal brought by PETA; the dispute over who owns the photo–monkey or man–arose when Wikipedia posted the image to its free to use website and the nature photographer asked to have it removed.

Free Expression and Censorship

Facebook Updates Community Standards: Facebook unveiled changes to its content review policy, adding an appeals process for removed content and releasing its moderation guidelines; the move–part of Facebook’s commitment to be more transparent about its content decisions–now allows posters of removed photos, videos, or posts to contest determinations they believe were wrongly made.

Texas’ ‘Revenge Porn’ Law Struck Down: A Texas appeals court struck down the state’s “Relationship Privacy Act,” holding that the statute is overbroad and infringes on free speech protections; the law, which passed the Texas Legislature unanimously in 2015, contains provisions that the state court worried could punish individuals who share intimate, private photos without knowing that they were, in fact, private. 

Practice Note

Yahoo! Fined $35M by SEC: The SEC announced that Altaba, the owner of the remnants of Yahoo!, agreed to pay a $35 million fine for failing until September 2016 to disclose a 2014 data breach in which hackers stole information from 500 million users; the SEC–which released guidance on disclosure of data breaches earlier this year–said in a statement that “public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors.”

On The Lighter Side

Going Green: Ever wonder how it feels to be the Hulk? Now you can find out. A new force feedback jacket developed by Disney Research, MIT Media Lab, and Carnegie Mellon University uses inflatable airbags to simulate the experience of turning into the superhero.


Information Law News From CLIP-ings International Correspondents Around the Globe

This academic year, former CLIP-ings Editorial Fellows studying abroad are reporting from time-to-time on current local news and developments in the field of information law!

From Meghna Prasad – Rome, Italy:

“We Gucci”:  After a nine-year intellectual property dispute between Gucci and Guess, the two brands reached a confidential settlement in longstanding a trademark infringement case that saw Gucci file suit in not only the U.S., but also in Italy, France, Australia, and China; the suit alleged that Guess was guilty of counterfeiting, unfair competition, and trademark infringement for its interlocking “G” logo on a line of Guess shoes.

Give Me a Break:  In advance of a final decision from the Court of Justice about whether the four-fingered shape of the KitKat bar is enough to justify the 2006 EU trademark KitKat holds, the advocate general recommended to the Court that there is not enough evidence to show that the chocolate is sufficiently known in the EU.

From Victoria Loeb – Paris, France:

EU Debates Cyber System: The European Commission proposed legislation to create an EU-wide cybersecurity certification system for technology products by funding, staffing and giving oversight authority to Athens-based EU agency ENISA; France’s cybersecurity agency ANSSI, one of Europe’s largest authorities for preventing breaches and responding to threats, is a proponent of EU-wide certification, but argues that member states must keep a level of control over the process.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

N. Cameron Russell
Executive Director, Fordham CLIP

Erin Shahinfar
Subrina Chowdhury
Editorial Fellows, Fordham CLIP

CLIP-ings: April 13, 2018

Internet Governance

Trump Signs ‘FOSTA’ Into Law: President Trump signed a bill called “FOSTA” or “Allow States and Victims to Fight Online Sex Trafficking Act” that gives prosecutors and victims greater power to pursue websites that host sex-trafficking advertisements; the signing comes days after Backpage.com and its affiliated websites were seized by the Department of Justice and seven of Backpage.com’s executives were indicted for facilitating prostitution and money laundering.

‘CONSENT’ Bill: A new bill–the “Customer Online Notification for Stopping Edge-provider Network Transgressions (“CONSENT”) Act”–proposed by Senators Edward J. Markey and Richard Blumenthal would require edge providers to notify and obtain consent from users before using, sharing, or selling their personal data; the bill, which would rely on the FTC for enforcement, follows Sen. Blumenthal’s confrontation of Mark Zuckerberg over Facebook’s apparent violation of the FTC’s 2011 consent decree during the CEO’s testimony before the Senate Judiciary and Commerce committees.

Privacy

YouTube Collects Children’s Data: Twenty-three privacy and children’s advocacy groups filed a Federal Trade Commission complaint against YouTube, alleging the platform is violating the Children’s Online Privacy Protection Act (“COPPA”) by collecting personal data from children under 13 to tailor advertisements and services to them without first gaining parental consent; the coalition is calling for YouTube to shift all the videos aimed at children to the YouTube Kids app and wants YouTube to pay a fine worth billions of dollars for profiting off children’s viewing habits.

“Voice-Sniffing” Patent? Amazon filed a patent for a “voice-sniffing” algorithm that would allow Amazon’s Echo speakers to listen to conversations for trigger words, such as “love” and “hate,” build a profile on the customers, and then offer them “targeted advertising and product recommendations”; Amazon denied that it currently uses voice recordings for advertising as Echo products only listen to users when they say the “Alexa” wake word.  

Information Security and Cyberthreats

Lord & Taylor Breach: A New York consumer filed a federal class-action lawsuit against Lord & Taylor in Delaware over allegations that her private information was stolen by hackers as a result of the retailer’s failure to implement adequate security systems to protect customers’ private information; the lawsuit follows Lord & Taylor and Saks Fifth Avenue’s announcement last week that 5 million customer credit card numbers were stolen by “a well-known ring of cybercriminals” using software implanted in its cash register systems.

“Don’t Mess With Our Elections”: A group of hackers targeted networks in a number of countries including data centers in Iran where they left the image of a U.S. flag on screens along with a warning: “Don’t mess with our elections”; the attack, which hit internet service providers and cut off web access for subscribers, exploited a vulnerability in routers from Cisco and affected 200,000 router switches across the world.            

Intellectual Property

Alibaba and the Trademark Thieves? Chinese mega retailer Alibaba Group Holding filed a trademark infringement suit against a Dubai-based cryptocurrency company called Alibabacoin Foundation; the cryptocurrency company claims that Alibaba’s demand for it to shut down and restart with a new name is neither “reasonable [n]or proportionate” because the name is “inherently generic” and does not originate in China.

Apple to Pay Patent Troll Toll: VirnetX, a patent assertion entity, won a $502.6 million judgment against Apple Inc. after a federal jury in East Texas found that Apple’s FaceTime, VPN on Demand, and iMessage features infringe four patents related to secure communications; VirnetX’s stock rose 44% on news of the federal ruling, while Apple’s remained relatively unchanged.

Free Expression and Censorship

Russia Blocks Telegram App: Russia’s communications watchdog, Roskomnadzor, filed a lawsuit to limit access to the Telegram messaging app after the company refused to give Russian security services access to its users’ encrypted messages; Russia claims that it needs access to the private messages in order to prevent terrorist attacks.

Homeland Security to Create Media Database: The U.S. Department of Homeland Security (“DHS”) is seeking a third party contractor to help it build a database capable of tracking 290,000 global news sources and identifying “media influencers” like journalists, editors, and foreign correspondents; the database will provide “media comparison tools, design and rebranding tools, and communication tools,” in order to help DHS agencies “better reach federal, state, local, tribal, and private partners.”

On The Lighter Side

Where’s the Beef? Environmentally-conscious carnivores rejoice! White Castle is set to test an uncannily meat-like meatless patty called the Impossible Burger that sizzles, smells, tastes, and even bleeds like beef.


Information Law News From CLIP-ings International Correspondents Around the Globe

This academic year, former CLIP-ings Editorial Fellows studying abroad are reporting from time-to-time on current local news and developments in the field of information law!

From Meghna Prasad – Rome, Italy:

Cannabis and Cryptocurrency? Evolution BNK, an Italian company that grows medical cannabis, has filed a patent for a system that combines cryptocurrency mining with cannabis growing; the company plans to build a 20,000 square meter solar powered greenhouse in Sanremo, which will have a basement where computers mining cryptocurrency will provide heat to a greenhouse during the winter.

Robots in Hotels: Guests at a hotel in Italy’s Lake Garda will be greeted by Robby Pepper, a robot that can answer basic questions about the hotel, so that staff don’t have to repeat themselves; robots of this type are becoming increasingly popular in the tourism industry, but their use is limited because the technology is not advanced enough to handle many questions beyond the time and weather.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

N. Cameron Russell
Executive Director, Fordham CLIP

Erin Shahinfar
Subrina Chowdhury
Editorial Fellows, Fordham CLIP

CLIP-ings: March 23, 2018

Internet Governance

Ban on Venezuela Petro: President Donald Trump signed an executive order banning U.S. purchases of Venezuela’s new oil-backed cryptocurrency called Petro and authorized Treasury Secretary Steven Mnuchin to issue necessary regulations to enforce his order; the order is in response to attempts by Venezuelan President Nicolas Maduro to circumvent U.S. sanctions by issuing a digital currency, complicating the Maduro government’s efforts to boost its foreign reserves.

Anti-Robocall: The U.S. Court of Appeals for the District of Columbia Circuit overturned portions of a Federal Communications Commission (“FCC”) regulation aimed at limiting the use of automated dialers to make uninvited calls, holding its language was too broad and could be construed to prohibit calls from any smartphone; Republican FCC Chairman Ajit Pai praised the court’s decision, noting that he had opposed the regulation two years ago. 

Privacy

Facebook Pledges Better Privacy: Mark Zuckerberg apologized for the misuse of data belonging to 50 million Facebook users and promised to take steps to restrict developers’ access to such information, following allegations by a whistleblower that British data analytics firm Cambridge Analytica improperly accessed users’ information to target American voters with personalized political advertisements to help elect President Donald Trump in 2016; the scandal knocked off nearly $46 billion from Facebook’s market value and led to growing government scrutiny of Facebook in Europe and the United States

High-Tech Surveillance of Students: Schools across the country are spending millions to equip their campuses with advanced surveillance technology, including face recognition to deter predators, object recognition to detect weapons, and license plate tracking to detect criminals, raising privacy concerns regarding the usefulness of these tools.  

Information Security and Cyberthreats

Orbitz Hack: Popular travel site Orbitz revealed that hackers may have accessed 880,000 payment cards in a security breach discovered during an investigation of a legacy Orbitz platform; the information “likely accessed” includes names, payment card information, dates of birth, phone numbers, billing addresses, and gender.

Nuclear Cyber Protection: The Union of Concerned Scientists, a nonprofit science advisory group, urged the U.S. Nuclear Regulatory Commission to reject the Nuclear Energy Institute’s longstanding request to limit cyber attack protections at nuclear plants; the request follows reports from the Department of Homeland Security and FBI stating that in March 2016 or earlier, a “multi-stage intrusion campaign by Russian government cyber actors” sought to penetrate multiple U.S. critical infrastructure sectors by targeting the networks of small commercial facilities “where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.”

Intellectual Property

Blurred Lines Fines: The Ninth Circuit Court of Appeals declined to order a new trial and affirmed a jury’s 2015 verdict punishing Robin Thicke and Pharrell Williams to the tune of $5.3 million for infringing Marvin Gaye’s “Got to Give It Up” when they created their 2013 hit song “Blurred Lines”; the decision, a win for the Gaye family, prompted a sharp dissent from Judge Jacqueline Nguyen who wrote that “[t]he majority allows the Gayes to accomplish what no one has before: copyright a musical style.”

Graffiti Is Art After All: H&M has withdrawn a copyright lawsuit against LA-based street artist Jason Williams, stating “[i]t was never our intention to set a precedent concerning public art or to influence the debate on the legality of street art”; the disagreement stemmed from a cease-and-desist letter Williams sent the Swedish retailer after it used his outdoor Brooklyn mural as the backdrop for photos it circulated online without compensating him.

Free Expression and Censorship

YouTube Bans Firearm Demos: Just ahead of this weekend’s March for Our Lives rally for gun control, YouTube announced new guidelines set to go into effect this April that will ban videos with instructions on how to assemble firearms and videos that promote or link to websites selling firearms and accessories; the platform has been gradually tightening its rules for gun-related content since a mass shooting in Las Vegas last year.

Far-Right Leader Denied UK Entry: Lutz Bachmann, the founder of a German extreme far-right group called Pegida, was denied entry to the UK and deported; Bachmann reportedly intended to appear at Speakers’ Corner in place of Martin Sellner, a white supremacist who was similarly denied entry to the UK earlier this month.

On The Lighter Side

Talk Klingon to Me: Learning a new language can be hard. In fact, it can make you “bItlhIb; toppa’ Darur” or “as incompetent as a topah.” Fortunately, language-learning app Duolingo is now making it easier for Star Trek nerds to learn common Klingon vocabulary, sentence structure, and phrases.


Information Law News From CLIP-ings International Correspondents Around the Globe

This academic year, former CLIP-ings Editorial Fellows studying abroad are reporting from time-to-time on current local news and developments in the field of information law!

From Meghna Prasad – Rome, Italy:

Be Careful What You Post: Italian police arrested a man suspected of making pipe bombs and possibly planning an attack after the FBI alerted them that the man had been using social media to applaud Sayfullo Saipov, a man charged with killing eight people in New York City last year with a speeding truck.

Mafia Trademark Rejected: After the Italian government brought a lawsuit against a Spanish catering company called La Mafia se Sienta a la Mesa (The Mafia Sits at the Table), contesting the validity of the company’s trademark for public policy and general morality reasons, the European General Court in Luxembourg ruled the trademark invalid as the name “plays a part in trivializing the illicit activities of that criminal organization.”


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

N. Cameron Russell
Executive Director, Fordham CLIP

Idalys Núñez
Dean’s Fellow, Fordham CLIP

Erin Shahinfar
Subrina Chowdhury
Editorial Fellows, Fordham CLIP