CLIP-ings: June 24, 2016

Internet Governance

Broadband in Space? NASA pioneers a new internet protocol called Disruption Tolerant Networking (DTN), which, unlike traditional protocols, does not require all communication nodes to be online simultaneously but stores the data within the network until it can be retransmitted; DTN is now available on the International Space Station, creating more efficient communication with earth and deep space satellites.

Privacy

No Increased FBI Access Yet: A proposal to broaden warrantless FBI access to telephone and internet records from tech companies by using National Security Letters failed to pass in the Senate by two votes; however, a Senate Republican leader may reintroduce the measure due to a last minute decision to switch his vote to “no.”

“The Password Is Dying:” Major American banks are increasingly relying on biometric identification for account security and transaction approval, allowing millions of people to access their bank account online or on their mobile device using fingerprints, facial scanning, or voice identification.

Student Privacy Reform: Colorado, Connecticut, and North Carolina have joined ten other states that have enacted student privacy laws imposing stringent requirements on collectors of student data and their contractual relationships with school districts.

Information Security and Cyberthreats

Another Mount Gox? On June 18, a hacker stole $50 million worth of Ether, a bitcoin-like digital currency, from the Decentralized Autonomous Organization (DAO), echoing earlier cryptocurrency security and reliability concerns; the DAO, a crowdfunding investment fund that used Ether, had successfully raised $160 million.

Cyber Cooperation: Israel and the U.S. have signed the Cyber Defense Cooperation Agreement, aimed at increasing their bilateral cooperation in the field by developing joint cyber defense infrastructure and private sector alliances, supporting research and new technologies, and improving current information sharing mechanisms between the DHS and Israel’s National Cyber Security Authority.

Intellectual Property

PTAB Decision Upheld: A unanimous Supreme Court upheld a Patent Trial and Appeal Board (PTAB) process called inter partes review, which allows re-examination of previously issued patents under third party requests, and authorized the U.S. Patent and Trademark Office to apply a “broadest reasonable construction” standard to patent claims.

Free Expression and Censorship

Governing Through Social Media: When the Republican majority recessed the House and C-SPAN’s live feed ended, Democrats live-streamed their sit-in over gun legislation through Facebook Live and Twitter’s Periscope.

Censorship Technology: New technology supported by the White House allows internet companies to instantly detect terrorist images and videos and remove them from their platforms; however, social media companies say that lack of clarity as to what constitutes a “terrorist image” may lead them to delete information posted by non-threatening sources.

Practice Note

IoT Challenges: The increasing capability of inter-communication within the “internet of things” that threatens to flood existing channels raises issues with authentication and authorization of devices, and infiltration opportunities require better policing, potential FCC bandwidth allocation, and new regulatory needs to manage increased traffic.

On the Lighter Side

1984 or 2016? The annual theatrical mock trial composed of two Supreme Court justices and three appellate judges spoofed “1984” including exaggerated and comical surveillance claims.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law and Founding Academic Director, CLIP

N. Cameron Russell
Executive Director, Fordham CLIP

Editorial Fellows, CLIP
Victoria J.A. Loeb
Vlad A. Herta

CLIP-ings: June 17, 2016

Internet Governance

Net Neutrality Win: The D.C. Circuit in a 2-to-1 decision upheld FCC regulations declaring broadband internet a public utility and internet service providers common carriers, opening the way for stricter consumer protection measures and industry oversight, such as bans on selective blocking or slowing delivery of content to internet users.

Tech Enablement:  A man whose daughter died in November’s terrorist attacks in Paris is suing Facebook, Twitter and Google, claiming that the companies “knowingly” permitted ISIS to use their networks to raise money, spread propaganda, and recruit; the tech companies may not enjoy their usual immunity under the Communications Decency Act because the lawsuit targets the “enablement” of ISIS, rather than the explicit content.

New Measures for Cybersecurity Strategy: Senators from both sides of the aisle announced the establishment of the Senate Cybersecurity Caucus enabling lawmaker education on cyber and the study of “cyberspace’s effects on national security and the economy.”

Privacy

Circuit Court Finds Credit Card Seizure Legal:  The Eighth Circuit recently found that where all of the information in a credit card’s magnetic strip is identical to the information visible on the front of the card, law enforcement’s swiping or scanning of a seized, counterfeit card does not constitute a physical search in violation of the Fourth Amendment because the defendant has no reasonable privacy interest in the card.

Apple Vows to Protect Privacy by Collecting Even More User Data:  Revealing new security and privacy features on its devices such as user fingerprint ID login on laptops, Apple maintained that it would ensure data security through differential privacy, a complex technique that adds statistical noise from aggregate user databases to hide individual contributions, thereby preventing individual identification from usage data.

Potential Privacy Reform: A widely supported bipartisan group of House members will propose amendments to the current House Defense Appropriations bill to heighten privacy and security measures, by cutting funding for warrantless agency backdoor searches and protecting encryption devices and standards from NSA and CIA interference; however passage will depend on whether the House Rules Committee maintains the current rule preventing debate on privacy and security amendments.

Information Security and Cyberthreats

Campaign Infiltration: Two sophisticated Russian hacking groups breached the Democratic National Committee’s network and have accessed data as far back as one year, looking for foreign policy, strategy, and campaign information; each group conducted its attack at different times and did not appear to be collaborating.

Intellectual Property

Flexible Test for Treble Damages in Patent Infringement: The Supreme Court unanimously ruled that the Seagate two-step test for awarding treble damages in patent infringement cases is “unduly rigid,” granting district court judges discretion to “award enhanced damages to egregious cases of misconduct beyond typical infringement.”

Free Expression and Censorship

Europe May ‘Delete Your Account’:  The EU’s new code of conduct targeting illegal online hate speech, and backed by Facebook, Twitter, YouTube and Microsoft, raises questions about Donald Trump’s controversial Twitter account in Europe, as the EU’s framework may prohibit much of his account’s content.

Practice Note

IT Admins Liable under the CFAA: A Texas jury found an IT administrator guilty of violating the CFAA for deleting files from his employer’s database before he left his job; his charge of “unauthorized damages” for “intentionally causing damage to a computer system” reveals the ease with which IT professionals may face criminal charges.

On the Lighter Side

No Papers Left Behind: Morocco will ban cafés from offering free newspapers, including those left behind by patrons, as part of a plan to protect the shrinking newspaper industry.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law and Founding Academic Director, CLIP

N. Cameron Russell
Executive Director, Fordham CLIP

Editorial Fellows, CLIP
Victoria J.A. Loeb
Vlad A. Herta

CLIP-ings: June 10, 2016

Internet Governance

Ask Before You Give? Senator Ted Cruz has moved for the passage of a new bill that would require Congressional approval for IANA transition of control of domain names and IP numbers and would require the Obama administration to secure “sole ownership” of top-level domain names dot-gov and dot-mil.

App Sparks “Traffic War”: Google’s traffic navigation app Waze, that updates its map with real time driver information on optimal routes and blockages, has created an influx of traffic in some residential neighborhoods, leading inhabitants to post false accident and blockage information to detour this traffic from insider resident shortcuts; however, Waze has mechanisms to recognize and boot out ‘impostors’.

Internet Access Cut for Singapore Government Workers: In an attempt to improve government cybersecurity, Singapore is cutting all public workers’ internet access from office computers by May 2017; questions remain as to how workers will be able to collaborate without internet.

Privacy

Identifiable Ink:  The National Institution of Standards and Technology (NIST) and the FBI, studying the effectiveness of tattoo-recognition systems, used prisoner tattoo images to form a database that can identify and match visual aspects of tattoos; however, NIST has halted future plans to use third-party algorithms to further analyze the 100,000 tattoo images in response to concerns that the system may misidentify people, or lead to religious, political, social, or other types of profiling.

Data Protection Agreement: The U.S. and the E.U. have signed an agreement regarding the protection of personal information and data exchanged during law enforcement agency investigations; however this “umbrella” agreement requires U.S. Senate and European Parliament approval to become law.

Information Security and Cyberthreats

A Call for Fed Transparency: The House Science, Space and Technology Committee’s oversight panel, investigating the Federal Reserve’s protection of sensitive financial information, has requested that the Fed’s cybersecurity uniformity team deliver all cyber breach reports, local incident reports, and documents and communications relating to “higher impact cases” from January 2009 to now, in response to a Reuters report revealing over fifty U.S. central bank cyber breaches between 2011 and 2015.

Repeat Attacks: According to a recent study, many European organizations face repeat  attacks within months of the initial hack as outdated methods prevent identification of  network threats; minimal external agency breach alerts and high “dwell times” for  breaches in Europe, the Middle East and Africa means that local governments may not  adequately spot and notify businesses about a breach.

Celebrity Account Vulnerability? Mark Zuckerberg’s Twitter, Pinterest and LinkedIn accounts were temporarily compromised, possibly after hackers obtained his password from last month’s LinkedIn email and password dump from the 2012 hack; the incident is part of a series of recent celebrity account hacks, reflecting questionable security in high-profile account management.

Free Expression and Censorship

“Hate Speech” Manipulated: Days after tech companies such as Facebook and Google backed the E.U.’s appeal to start censoring online “hate speech,” reports emerged about Russia’s use of hate speech laws to imprison ordinary social media users expressing views in opposition to government policies.

Practice Note

Metadata Needs Privacy Too:  New research highlights the need for privacy laws to respond to the difficulty of differentiating between the actual content of private communications and the metadata records that derive from those communications and contain personal information.

On the Lighter Side

Not Now Siri, We’re in Public! Study reveals people are too embarrassed to talk to digital assistants in front of other people.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law and Founding Academic Director, CLIP

N. Cameron Russell
Executive Director, Fordham CLIP

Editorial Fellows, CLIP
Victoria J.A. Loeb
Vlad A. Herta

CLIP-ings: June 3, 2016

Internet Governance

Toothless Open Access Initiative?  E.U. research ministers forming the Competitiveness Council pledged to achieve free and open access to scientific publications by 2020, seeking to eliminate or reduce the six to twelve month post-publication online exclusion period, and inviting member states to implement policies in accordance with their unique research and development structures; however, there is no legal enforcement mechanism at present. 

Under the Sea: Tech companies’ need for bandwidth has led them to invest in laying undersea cables, rather than relying on telecomm companies; Microsoft and Facebook announced plans to build a 160 terabits-per-second-capacity cable (the highest capacity cable ever built) stretching from the coast of Virginia to Bilbao, Spain.

Privacy

FBI Information Requests Made Public: Yahoo was able to publish three national security letters from the FBI requesting user information after the FBI lightened its nondisclosure provisions in compliance with changes to the USA Freedom Act; the tech company pledged to update its Transparency Reports to acknowledge the number of NSLs received and the accounts listed in those letters – a departure from the standard, discrete reporting of national security demands.

Biometric Law Likely Safe: The Illinois Biometric Information Privacy Act, one of the few U.S. laws restricting the collection and retention of facial images and a source of Facebook’s facial recognition technology litigation, was threatened by a proposed amendment that would have excluded digital photo “tagging” from the Illinois law’s scope; the amendment, proposed to a bill unrelated to biometrics, was blocked at the judicial committee hearing.

Anti-security Bill Dead: A bipartisan Senate bill, proposed after Apple’s noncompliance with the FBI’s request to hack the San Bernardino shooter’s iPhone, would have required tech companies to leave an “encryption backdoor” in their products to ensure compliance with government requests for the decryption of consumer data; but, security concerns and pro-encryption privacy efforts led to minimal support for the bill.

Information Security and Cyberthreats

Beneficial Overreaction: Over-hyped reports on allegedly significant data breaches that urge users to change their passwords, even though actual security threats remain minimal or unchanged, serve to increase user awareness of security risks and implementation of effortless and straightforward security protections.

Intellectual Property

The Verdict Is Out: A jury verdict finding that Google’s implementation of Java APIs in developing Android constituted fair use and saving Google $9 billion in damages brought relief to the software development community; however, since the APIs are protected by copyright, questions remain about whether other Java implementations infringe.

Free Expression and Censorship

Tech Giants’ Efforts Against Hate Speech:  Responding to the E.U.’s appeals for support, Facebook, Twitter, Google, YouTube and Microsoft will review notice and takedown requests and disable access to hateful content and will collaborate with civil society organizations to back “counter-narratives” to online hate speech.

Information War Defenses: Pro-Russian internet and social media campaigns are perceived as a developing risk to Europe’s security, democracy and domestic exchange of information; NATO and the E.U. have created “special units” to handle the threat; and E.U. member Finland, a vigorous participant in these “information wars,” has broadened its collaboration with NATO in consideration of full alliance.

On the Lighter Side

Facebook Crimebuster? UK police were able to find and convict a thief after one of his victims noticed the crook on the Facebook’s “People You May know” feature.


Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law and Founding Academic Director, CLIP

N. Cameron Russell
Executive Director, Fordham CLIP

Editorial Fellows, CLIP
Victoria J.A. Loeb
Vlad A. Herta