CLIP-ings: January 24, 2020

Internet Governance

France Offers To Suspend Its Digital Tax In Response To Proposed U.S. Tariffs: A new French tax that is seen by some to unfairly target U.S. tech companies spurred threats of retaliatory tariffs on certain French products; an unnamed source within the French Finance Ministry confirmed France would suspend down payments of the tax until December as a gesture of goodwill and to enable further negotiation.

Privacy

Newly Revealed Facial Recognition App Threatens To Erode Anonymity: The app, created by Clearview AI, relies on a database of three billion images ostensibly scraped from social media profiles and other online sources to identify individuals based on their photograph by revealing other photos of the person as well as links to the sources where those photos appear; the app has been licensed to over 600 law enforcement and security companies in the past year.

Information Security and Cyberthreats

UN Seeks Investigation After Evidence Ties Saudi Crown Prince To Hack Of Jeff Bezos’ Phone: UN investigators have discovered a report from a private security consultant detailing the hack of Bezos’ phone last May and tracing the breach to spyware sent by the Crown Prince’s WhatsApp account; the same investigators suggest the hack may have been part of an effort to influence coverage of the muder of Jamal Khashoggi, a journalist for the Bezos-owned Washington Post. 

Microsoft “Misconfiguration” Leaves More Than 250 Million Customer Service Records Vulnerable: Microsoft disclosed and corrected a database error that left exposed customer service chat logs dating as far back as 2005; in response, Microsoft will begin contacting affected users and also plans to audit its internal security system.

Intellectual Property

Court Overturns Patent Ruling In Favor Of Nintendo, Ending Seven Year Litigation: The action filed by iLife Technology in 2013 alleged that the Nintendo Wii’s motion-sensing controller infringed six of its patents and resulted in an award of $10.1 million in damages to iLife. 

Free Expression and Censorship

Journalist Glen Greenwald Charged With Cybercrimes In Brazil: The charges come after Greenwald published stories that included “leaked” messages containing content embarassing to public officials as part of an effor to expose public corruption; Greenwald states the Brazilian Federal Police cleared him of any wrongdoing just two months ago, and that prosecutors’ allegations that he “encouraged” the hacking of officials’ phones is retaliatory.

Practice Note

Appeals Court Refuses To Reopen 3D-Printed Gun Publishing Suit: The Texas-based nonprofit Defense Distributed sought to reopen its 2018 suit against the State Department, the Secretary of State, and other officials, seeking government approval to publish online plans for its 3D-printed gun; Defense Distributed is still facing ongoing litigation after 20 states and the District of Columbia filed suit to block publication of the plans.

On the Lighter Side

Seattle County To Host The First U.S. Election Offering Smartphone Voting: In an effort to boost voter turnout, King County, Washington, will allow electronic voting from its blockchain-based smartphone app for the upcoming board of supervisors election; the county hopes to overcome numerous challenges and security risks that have hindered online voting for years.

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton
Executive Director, Fordham CLIP

Lawrence Keating
Editorial Fellow

CLIP-ings: December 6, 2019

Internet Governance

EU Antitrust Regulator Commences Preliminary Investigations Into Google, Facebook: The regulator is investigating how the two companies gather, process, use, and monetize data; numerous antitrust investigations into big tech are currently underway, including a separate EU investigation launched last month into Facebook’s marketplace service and its impact on the classified ads market.

Privacy

China Requires Facial Scan With Phone Registration Or SIM Card Purchase: A new policy enacted by the Ministry of Industry and Information Technology requires customers to submit a facial scan for the ostensible purpose of tying consumer identities to devices to thwart SIM card switching; the policy follows a trend of Chinese government measures to strengthen state surveillance through the use of facial recognition technology.

Proposed Class Action Alleges TikTok Secretly Sending User Info To China: The lawsuit alleges that TikTok has been sharing personal data stored in the app, including unpublished videos stored on the app, contact lists, and location information in violation of federal computer fraud law and California’s constitutional right to privacy; the suit follows recent reports that the U.S. government is investigating whether the app poses a national security threat. 

Information Security and Cyberthreats

Russian Law Requires Pre-Installed Software On Devices Sold Within The Country:The Russian government will release a list of applications that must be installed on all cell phones, computers, and smart TVs prior to sale; the law has been presented as a means of helping Russian IT firms compete with international companies, and also cites convenience for consumers. 

Intellectual Property

Facebook Removes UK Election Ad For Violating Intellectual Property Policy: The social network determined that the Conservative Party’s ad, which contained video footage of BBC journalists making statements about Brexit without making clear that the statements were quoting politicians’ remarks, violated its intellectual property policy by using the BBC’s footage without permission. 

Free Expression and Censorship

Facebook Issues First Corrective Notice Under Singapore’s Fake News Law: The Singaporean government directed Facebook to publish under a user’s post a notice indicating that the government had determined that the post, which alleged election rigging and noted the arrest of a supposed whistleblower, contained false information; in publishing the notice, Facebook called for a “measured and transparent approach” to the implementation of the law and referred to the government’s assurances that the law would not impact free expression.

Practice Note

District Court Rejects Tortious Interference Claim Resulting From Twitter Ban: The court dismissed a Twitter user’s claim that the defendant’s reporting of her posts amounted to tortious interference, holding that the user’s relationship with her followers was not a protected business relationship with identifiable customers, but rather a relationship with the community at large; the court also rejected a claim that the ban interfered with the user’s contract with Twitter, holding that section 230 of the Communications Decency Act protected Twitter’s ability to “exercise traditional editorial functions, such as moderating content on its platform.”

On the Lighter Side

“I’m Walkin’ Here!” FedEx’s New AI-Powered Robots Hit Streets Of NYC For Special Event: Bystander videos show FedEx’s “SameDay Bots,” also known as “Roxos,” as they make their way around New York City using artificial intelligence, motion sensors, and stair-climbing wheels; the impromptu display incited backlash on social media expressing concern for sidewalk congestion and pedestrian safety.

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton
Executive Director, Fordham CLIP

Alison Gordon
Lawrence Keating
Editorial Fellows

CLIP-ings: November 15, 2019

Internet Governance

Government Demands For Facebook User Data Reach A New High: The number of demands rose 16% during the first half of this year compared to the previous six months—the highest recorded amount since Facebook began reporting the figure in 2013; more than two-thirds of U.S. government requests came with gag orders preventing Facebook from notifying users their data had been sought.

Privacy

Whistleblower Reveals Secret Transfer Of Medical Data To Google From Healthcare Provider: Leaked documents show that the U.S.’s second largest healthcare provider, Ascension, is planning to transfer the medical records of up to 50 million Americans to Google under Project Nightingale; more than 10 million records, which have not been de-identified, have already passed to Google with no effort to notify patients or doctors.

Suspicionless Border Searches Held Unlawful: The District of Massachusetts decided that customs agents’ longstanding practice of searching travelers’ electronic devices without a warrant or reasonable suspicion of a crime violates the Fourth Amendment; the number of searches, which can require travelers to disclose any social media accounts, has been steadily increasing in recent years.

Information Security and Cyberthreats

WhatsApp Makes Novel Legal Argument In Anti-Hacking Lawsuit: The complaint alleges that Israeli cyber-surveillance firm NSO Group Technologies bypassed WhatsApp’s end-to-end encryption by hacking the phones of WhatsApp users to obtain already-decrypted messages; WhatsApp contends that NSO falsely agreed to WhatsApp’s terms of service and breached the Computer Fraud and Abuse Act by using its servers to stage the attack, even though the users’ phones—not WhatsApp’s servers—were the target of the attacks. 

Intellectual Property

Supreme Court Will Consider “Booking.com” Trademark Case: The USPTO, which is appealing a Fourth Circuit decision allowing the trademark, argues that the mere addition of “.com” to the generic word “booking” does not make the name distinctive.

USPTO Seeks Comments On AI’s Effect On Copyright Law: Questions posed by the USPTO in the Federal Register seek to address difficult issues related to content created by AI without human contribution, including authorship, ownership, and how to treat potential copyright infringement by AI.

Free Expression and Censorship

Facebook, YouTube Remove Content Naming Alleged Trump Impeachment Whistleblower: Following a recent decision to remove political ads featuring the whistleblower’s name, Facebook is now removing other content purporting to name the whistleblower on the basis that the content violates the platform’s rules against coordinating harm; Twitter, in contrast, has stated that tweeting the name does not violate the platform’s rules.

On the Lighter Side

20 Hacks Of IT Provider Discovered Only After Hacker Maxes Out Provider’s Storage: The FTC is suing Utah-based InfoTrax Systems for failing to detect the 20 attacks which took place over a 22-month period and allowed the hacker to access the data of 1 million customers.

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton
Executive Director, Fordham CLIP

Alison Gordon
Lawrence Keating
Editorial Fellows

CLIP-ings: November 1, 2019


Internet Governance

FCC Proposes Rule Requiring Telecoms To Remove Huawei And ZTE Equipment: The proposal, which cites national security concerns, would prohibit telecommunications giants from using money received from the FCC’s Universal Service Fund to purchase equipment from the Chinese companies, and would also require removal of any banned products that have already been installed.

Privacy

Australian Government Considers Face Verification For Pornography Viewers: While conducting an inquiry into age controls for restricting access to online porn and gambling, the Department of Home Affairs has proposed using the country’s Face Verification Service—which “matches a person’s photo against images used on one of their evidence of identity documents”—to assist in age verification; a similar proposal was dropped in the United Kingdom earlier this month.

Information Security and Cyberthreats

Senators Ask Intelligence Community To Investigate TikTok Over National Security Concerns: In a recent letter to the Acting Director of National Intelligence, Senators Tom Cotton and Chuck Schumer requested an assessment of the national security risks posed by the video app popular with young people; the letter notes that TikTok’s parent company is required to adhere to Chinese law and may be required to support and cooperate with intelligence work directed by the Chinese Communist Party.

Officials Confirm India Nuclear Power Plant Hack: Following initial denials of any breach, officials from the Nuclear Power Corporation of India Limited now confirm that its Kudankulam Plant was exposed to malware; while it is unclear if any data was actually stolen, the attack has been attributed to North Korean state actors.

Intellectual Property

U.K. Supreme Court Hears Arguments Over English Courts’ Jurisdiction To Set Global Licensing Rates For Multinational Patent Portfolios: Unwired Planet International, a U.S. firm that licenses patents related to wireless technology, won a ruling in the English courts that Huawei infringed various of its patents; the U.K.’s Supreme Court will now decide whether it is appropriate for the country’s courts to set global licensing rates in a case that will have international impact as to whether national courts can set the terms for global patent licenses. 

Free Expression and Censorship

Twitter Announces Ban On All Political Advertising: The ban, which takes effect on November 22, was announced amidst ongoing criticism of Facebook’s position on political advertising; Twitter’s ban will affect candidate ads and issue ads, but will not apply to ads encouraging voter registration.

Instagram Imposes Ban On Fictional Depictions Of Self-Harm: In response to public pressure, Instagram has expanded its ban on content depicting self-harm and suicide to include fictional portrayals, such as comics or memes; under the policy update, accounts that share self-harm-related content will not be featured on the platform’s search or explore functions. 

On the Lighter Side

California Man Enters Gubernatorial Race So He Can Run False Ads On Facebook: To protest Facebook’s policy of allowing politicians to run factually inaccurate ads, a San Francisco political activist is now running for Governor so he run his own false ads about Donald Trump, Mark Zuckerberg, and other Facebook executives.

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton
Executive Director, Fordham CLIP

Alison Gordon
Lawrence Keating
Editorial Fellows

CLIP-ings: October 18, 2019

Internet Governance

Libra Association Loses A Quarter Of Its Membership As More Companies Abandon The Project: Seven companies have now withdrawn from the association formed to spearhead Facebook’s cryptocurrency project, which has been the subject of intense legislative and regulatory scrutiny; the 21 remaining members will meet in Switzerland next week to finalize the association’s governing charter and initial membership.

Privacy

California Publishes Draft Regulations That Address How Businesses Must Comply With New Consumer Privacy Law: The proposals include requiring companies to display a “Do Not Sell My Info” link on homepages and mobile apps, providing paper notices on data collection (for businesses with physical stores), and providing consumers with at least two ways to find or delete data that has been collected about them; the deadline for comments on the draft regulations is December 6.

Apple “Safe Browsing” Mode Stokes Privacy Concerns Over Data Sharing With Chinese Tech Giant: The default browsing mode, which is designed to protect users from malicious websites, allows Safari to send browser history information to Tencent, which has close ties with the Chinese government. 

Information Security and Cyberthreats

Online Trust Audit Finds 70% Of Presidential Campaign Websites Fail To Adequately Protect User Data: Of the 23 candidate websites surveyed, only seven were found to provide sufficient privacy and security protections; notably, a survey of each website’s privacy statement showed that all websites either engage in “free sharing” of user data or have no privacy statement at all. 

Intellectual Property

Facebook And Libra Subsidiary Face Trademark Infringement Lawsuit Over Logo: A startup bank is suing Facebook, Calibra (the Facebook subsidiary formed to manage Facebook’s Libra cryptocurrency), and the design agency that made the Calibra logo in federal court in New York; curiously, the design agency is also responsible for creating the plaintiff-bank’s logo three years ago.

Twitter Temporarily Suspends Notorious Pro-Trump Meme Creator Over Copyright Violation: Known as “Carpe Dunktum,” the Twitter user has since re-uploaded much of his older content, which has been featured on the President’s Twitter feed on numerous occasions; although it is unknown which post was specifically flagged, it is believed the violation occurred in connection with his posting of a recent fictional video depicting Trump killing off critical journalists.

Free Expression and Censorship

House Energy and Commerce Committee Considers Use Of Section 230 Language In Trade Agreements: In a hearing this week, the committee considered the implications of inserting language from section 230 of the Communications Decency Act, which gives online platforms legal immunity for content posted by third parties, into a recent trade pact with Japan and the U.S.-Mexico-Canada trade agreement.

On the Lighter Side

Google Chief Recommends Warning Visitors Who Enter Your Home About Active Smart Speakers: The statement by the senior VP of hardware was made during a BBC interview regarding the lineup of Google’s new devices; the executive noted that he has already adopted the practice in his own home.

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton
Executive Director, Fordham CLIP

Alison Gordon
Lawrence Keating
Editorial Fellows

CLIP-ings: September 27, 2019

Internet Governance

CJEU Rules The Right To Be Forgotten Limited To The European Union: The Court of Justice of the European Union ruled that the EU’s Right to Be Forgotten does not require Google and other search engines to remove links to inadequate or irrelevant personal information from its search results globally, but instead that search engines are only obligated to remove such results within EU member states.

Privacy

Google Assistant To Receive Update After Backlash Over Recorded Audio: Google will “vastly reduce” the amount of recorded audio it collects from is voice-activated assistant and will no longer store recordings by default following July reports that a contractor leaked private audio recordings; Google, which had purportedly been using the recordings to improve its translation service, will now give consumers the choice of whether to share recordings or not.

Australia To Catch Distracted Drivers With New Mobile Phone Detection Cameras: Photos taken by the new cameras will be subject to AI review, then human verification, to confirm which drivers will be fined for driving while using their phones; the government of New South Wales plans to roll out as many as 45 cameras by December 2019.

Information Security & Cyberthreats

Russian Nationalist Hacker Pleads Guilty To Largest Bank Hack In U.S. History: Between 2012 and 2015, Andrei Tyurin stole more than 100 million consumer records as part of a conspiracy to commit a variety of criminal schemes including wire and securities fraud; in 2014, Tyurin hacked JPMorgan to access the data of over 80 million victims, making it the biggest theft of consumer data from a single financial institution in the U.S.

Recent Malware Campaign Against Uyghur Muslims Revealed To Have Targeted Tibetan Officials: Users posing as representatives from Amnesty International and The New York Times sent malicious links over WhatsApp capable of installing spyware to access sensitive information; although the attacks were thought to be confined to Apple iOS devices, research shows Tibetan officials were attacked on Android devices as well.

Intellectual Property

Sprint Argues To SCOTUS That $140 Million Patent Infringement Award Is Reasonable: In response to Time Warner Cable’s petition to review the judgment resulting from its infringement of Sprint’s internet calling patents, Sprint argued that the Federal Circuit correctly determined that the judgment was backed by sufficient evidence and that the award did not “contravene the principles of apportionment.”

Free Expression & Censorship

Facebook Will Not Remove Lies Or Hate Speech Posted By Politicians: As part of an effort to avoid election interference, Facebook will not fact check or censor newsworthy posts by politicians, even if the content constitutes hate speech or violates other of the social network’s policies; the company’s head of global policy and communications said that it will be up to users to “judge what politicians say themselves.”

On The Lighter Side

Match.com Sued For Leading On Its Non-Paying Users : The FTC alleges that the dating site allowed non-paying users, who are unable to read or respond to messages, to subscribe in response to messages received from accounts that Match knew to be fraudulent but which it had not yet deleted.

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton
Executive Director, Fordham CLIP

Alison Gordon
Lawrence Keating
Editorial Fellow

CLIP-ings: September 20, 2019

Internet Governance

France, Germany, Announce Opposition To Facebook’s Proposed Cryptocurrency: Following a meeting of G7 Finance Ministers and the European Central Bank’s governors in July, France and Germany have determined that Facebook’s Libra proposal fails to address issues such as financial security, investor protection, money laundering, and terrorist financing; the countries also urge the European Central Bank to accelerate its own digital currency project.

Privacy

Amazon Targets Third Party Apps For Privacy Policy Violations: Amazon has begun to crack down on third-party app developers who rely on its Marketplace Web Service API to create apps that assist Amazon sellers in ways that violate Amazon’s privacy policy, such as by using API data to create targeted advertisements.

Private Surveillance Company Captures More Than Nine Billion License Plate Scans: A Motherboard investigation reveals that Digital Recognition Network, which manufacturers license plate-reading tools, has built a database of over nine billion license plate scans through which private or government investigators can potentially track the movements and locations of vehicles over a long period of time; the company crowdsources its data from repo men, who affix scanners to their cars and passively capture and upload data about license plates they drive by.

Information Security & Cyberthreats

Database Vulnerability Exposes Records About Most Of Ecuador’s Citizens: A misconfigured database provided access to 20.8 million records sourced from both the government and the private sector; the records included those related to notable figures such as Ecuador’s president, as well as those related to children, family trees, and car ownership.

Russia Breached Encrypted FBI Communication in 2010: a Yahoo News exclusive reveals that in 2010, Russian counterintelligence engaged in a “very broad effort to try and penetrate” FBI technologies and communications that had far-reaching effects on U.S. intelligence efforts; the breach may have served as an additional incentive for the Obama administration to banish almost three dozen Russian officials from the U.S. in 2016.

Intellectual Property

Amazon’s Audible Claims “Fair Use”: In a lawsuit filed by seven major publishers alleging Audible’s new service displaying text captions along with audiobook playback violates their copyrights, Audible has argued that the practice constitutes fair use; Audible cites to a 2015 Second Circuit ruling allowing Google to display snippets of scanned books, and the dispute is expected to ignite another animated debate about the nature of “transformative use.”

Free Expression & Censorship

Draft House Bill Proposes Task Force And Commission To Study How Social Media Companies Police Online Content: The bill, which will be introduced next week, would establish a national commission to review how tech companies protect users from harmful content and to propose appropriate legislation; the bill’s introduction follows a Senate hearing on Wednesday at which representatives from Facebook, Google, and Twitter were questioned about whether their platforms have become conduits for violent speech.

On The Lighter Side

Stay And Watch The Game: The University Of Alabama has rolled out a location-tracking app designed to entice students to stay in the stands for the duration of football games by offering improved access to playoff tickets for those who remain.

Announcements

Fellowship Opportunity: The Fletcher School and Tuft’s Department of Computer Science are seeking a postdoctoral or JD candidate with a background in privacy law for a research fellowship studying privacy implications of communications metadata usage.

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton
Executive Director, Fordham CLIP

Alison Gordon
Lawrence Keating
Editorial Fellow

CLIP-ings: September 6, 2019

Internet Governance

Tech Companies Lobby For Last Minute Changes To California Data Privacy Law: Lobbyists are seeking to amend the California Consumer Privacy Act, which passed in August 2018 and takes effect next year, to protect digital advertising revenue by allowing the collection of user data for targeted advertising even if users opt out and broadening the types of “business purpose” for which user data can be sold or distributed.

Google Is The Subject Of Upcoming Antitrust Probe: Following a recent uptick in regulatory scrutiny, Google may now be the subject of an antitrust probe prepared by more than half the nation’s state attorneys general; more information is expected to be announced officially this Monday.

Privacy

FTC, New York Attorney General, And YouTube Settle Investigation Into Alleged COPPA Violations: YouTube will pay a record $170 million fine—$136 million to the FTC and $34 million to New York—for allegedly collecting personal information from viewers of child-oriented channels without first notifying parents and obtaining their consent in violation of the Children’s Online Privacy Protection Act Rule.

Information Security & Cyberthreats

Google’s Security Team Uncovers Extensive iPhone Hacking Operation: Hackers infected a small collection of websites with malware that collected iPhone users’ location history, passwords, chat history, address books, and Gmail databases; the hack is believed to have affected thousands of users for over more than two years, and was rectified by Apple in an operating system update in February this year.

Manager Wires $243,000 To Fraudsters Imitating CEO’s Voice Using Deepfake Technology: Fraudsters successfully convinced an executive of a UK-based energy firm to send the funds by imitating the voice of his boss using commercially available deepfake software.

Intellectual Property

USPTO Seeks Comment On AI’s Impact On Intellectual Property: To address some of the mounting questions posed by AI, the USPTO has published a call for comments in the Federal Register to solicit feedback from experts and the general public about, among other things, the nature of AI and how intellectual property protections should extend to it.

Free Expression & Censorship

Anti-Nazi Documentary Removed From YouTube For Violating Hate Speech Policy: The 1938 newsreel film “Inside Nazi Germany” was removed despite an exception to YouTube’s policy for educational content and documentaries, although YouTube has since restored the video.

On The Lighter Side

Patent Granted For Heated Keyboard To Divert Cats Away From The Real Thing: The invention details designs for a decoy keyboard so computer users won’t be interrupted by their cats laying on the keys.

Job And Fellowship Opportunities

From time to time, CLIP-ings highlights career opportunities in the information law field. Please note the following opportunities at the Future of Privacy Forum:

Opportunities for Former Students/Graduates:

Opportunities for Current Students:

  • Remote student contractors working on education privacy ($20/hour for 10-20 hours a week).
  • Blogging opportunities for students interested in writing about student privacy issues on FERPA|Sherpa, paid at $150 per blog. Interested students should email avance@fpf.org to apply with their resume and an attached writing sample (ideally non-legal).

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton
Executive Director, Fordham CLIP

Alison Gordon
Editorial Fellow