Month: July 2016

Internet Governance

Blocking Out Dissent: The Turkish government blocked access to WikiLeaks after the site released approximately 300,000 emails of the ruling party; WikiLeaks stated that it released the data in response to the government suspending and arresting 50,000 people in the last week.

Plans for Cross-Border Data Searches: After last week’s federal appeals court ruling against the use of federal warrants to search Microsoft’s data held overseas, the Obama administration has initiated agreements that would allow foreign governments to serve US tech companies with warrants to search their email or intercept their messages, as well as authorize US investigators to search data in other nations.

Privacy

Privacy Interest in Mug Shots: The Sixth Circuit ruled that federal agencies are not required to release a federal suspect’s mug shot to the media under the FOIA; agencies may refuse to comply with requests for law enforcement information if such a release could “reasonably be expected to constitute an unwarranted invasion of personal privacy.”

Microsoft to Comply with French Data Rules: In response to findings that Windows 10 collects excessive user data and has caused serious breaches, France’s national data protection authority (CNIL) ordered Microsoft to comply with the French Data Protection Act within three months and stop its tracking and data-gathering activities that compromise user privacy and security.

Restraints on Data Retention: In a preliminary ruling over a challenge to UK data retention under the Data Retention and Investigation Powers Act, the Court of Justice of the European Union found that governments may impose general metadata retention obligations and maintain compatibility with EU law, but the obligation must be “necessary to the fight against serious crime[s]” and balanced against privacy risks; the decision is highly influential, albeit not yet legally binding.

Information Security and Cyberthreats

Arrested Overseas: Ars Vaulin, alleged founder of the world’s largest BitTorrent distributor, was arrested in Poland; the DOJ charged him with running the website that unlawfully distributed over $1 billion in copyrighted materials.

Intellectual Property

Fitbit Patents Invalidated: A US International Trade Commission judge invalidated three Fitbit patents in a case against Jawbone, finding that the technology in question embodied abstract ideas not subject to patent protection.

Free Expression and Censorship

Making Amends: Twitter permanently banned controversial blogger Milo Yiannopoulos in response to criticism of the social network for failing to prevent anonymous trolls from sending abusive comments to users; Yiannopoulos targeted Leslie Jones, star of the newly-released Ghostbusters movie, with racist and sexist attacks that caused her to leave Twitter.

What Constitutes a Threat? In the wake of the Dallas shooting, the police have arrested several people in four different states for their “threatening” posts on social media, including those naming the shooter a “hero;” the arrests raise concerns as it is unclear whether the speech amounts to a “true threat,” under Supreme Court precedent.

Practice Note

Hijacking Legitimate Websites: A recent cybersecurity report finds that hackers seek to not only harm their target directly, but are increasingly hijacking legitimate websites through an inconspicuous “piggybacking” technique that enables long-term use of websites’ resources and reputation to facilitate the hacker’s own illicit businesses.

On the Lighter Side

Real-Life Filter: Warby Parker is offering its Snapchat followers a chance to bring the app’s features to real life by selling Snapchat-exclusive sunglasses to its followers.

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law and Founding Academic Director, CLIP

N. Cameron Russell
Executive Director, Fordham CLIP

Editorial Fellows, CLIP
Victoria J.A. Loeb
Vlad A. Herta

Internet Governance

Access Without Consent: The Ninth Circuit found that a web service that accessed Facebook to obtain users’ contact information and send messages on their behalf “intentionally access[ed] a computer without authorization” in violation of the CFAA, when it connected to the social network after Facebook expressly revoked permission via a cease-and-desist letter and blocked the service’s IP addresses.

Privacy Framework Finalized: This week, the EU Commission approved the EU-US Privacy Shield Framework that redefines US surveillance practices and recourse for EU citizens, allows US companies to “self-certify” their adherence to the framework’s privacy guidelines, and establishes a position for an “ombudsperson” in the US State Department who will address European privacy questions and complaints.

Hunger Activists Turn to Tech: The UN and the World Food Programme are implementing technology initiatives to remedy world hunger; one of their developments is a low bandwidth app for small Guatemalan farmers that provides information on weather, farming and market prices in their location, and another uses a network of government-operated internet cafes to provide an online interactive medium aimed at increasing nutritional education in rural Columbia.

Privacy

Warrant Required for Stingray Use: A federal court ruling in New York suppressed evidence obtained by the government’s warrantless use of a stingray to locate a suspect and held that the Fourth Amendment requires police to obtain a warrant to use a cell-reception simulator.

Search Warrant Quashed: The Second Circuit overruled a decision requiring Microsoft to hand over MSN e-mails stored on a server in Ireland to the U.S. government, finding that courts cannot issue and enforce warrants against U.S.-based service providers to seize client e-mail content stored solely on foreign servers.

Body Camera Info No Longer Public: The Governor of North Carolina signed a bill into law that allows access to police dashboard and body camera footage for persons recorded and their representatives only once they file a request; the law was passed to protect police officers’ privacy and requires petitioners to go to court when law enforcement denies their inquiry.

Information Security and Cyberthreats

Messaging Apps Increase Privacy:  Facebook has announced a beta Messenger app version open to certain users, called “secret conversations,” that offers end-to-end encryption (E2EE); an increasing number of messaging apps already use E2EE.

Intellectual Property

New Patent Improves Anti-Piracy Efforts: The United States Patent and Trademark Office granted a patent to NBC Universal that seeks to deter piracy of its copyrighted content by enabling early detection of high volume swarms in peer-to-peer networks; the analytics mechanism processes a data feed of peer-to-peer swarm movement and identifies the high volume swarms whose parameters surpass a threshold.

Free Expression and Censorship

Live Video Protocol: After last week’s live stream of a police shooting was removed  from and then returned to Facebook, the company clarified that its live video policies  will only remove a video of someone’s death if the purpose of the post is to mock the victim or celebrate the incident, and stated that its live video service team is continuously on call to respond to reports of inappropriate content and either remove the content, leave it up, or post a warning disclaimer of graphic content.

Hate Speech Triggers Investigation: German federal police raided the houses of sixty people accused of posting “extremist messages” on a Facebook group; the action represents increasing efforts to contain online hate speech.

Practice Note

Risks Associated with Collecting Metadata: Information security practices like peer-to-peer encryption do increase online communication and content security, however, metadata remains largely outside user control and continues to be widely accumulated; metadata that is not disposed of or limited poses privacy and security risks as it may provide the same information about people as the content of their communication.

On the Lighter Side

Addictive App or Government Puppet? Conspiracy theorists have drawn on the Orwellian nature of Pokémon Go’s privacy policy and its potential links to the intelligence community to suggest that it may serve as a government-spying tool.

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law and Founding Academic Director, CLIP

N. Cameron Russell
Executive Director, Fordham CLIP

Editorial Fellows, CLIP
Victoria J.A. Loeb
Vlad A. Herta

Internet Governance

Questions for Automated Driving: U.S. regulators are investigating Tesla’s autopilot driving feature after a fatal crash in May, a reminder that the software may contain flaws and is not designed to act as humans do in all driving situations.

“Nationwide IoT Network:” Inside of one week, Dutch and South Korean telecom operators implemented nationwide IoT networks via mobile transmission towers used for cell reception, allowing users to connect devices to the network via a technology called Long Range (LoRa); examples of usage include rail switch monitoring at the Utrecht Central station and depth measuring devices at the port of Rotterdam.

Protecting Human Rights Online: The United Nations Human Rights Council condemned the practice of shutting down the internet through a resolution stating that rights enjoyed offline “must also be protected online.”

Privacy

Monitoring Google’s Data Collection: A new tool called My Activity allows Google users to see, in chronological order, all their online activity data that Google collects and saves, and features both a delete option to clear the information as well as one to “pause” the data collection.

It’s Still an Agency Record: The D.C. Circuit ruled that agencies must comply with  Freedom of Information Act requests for emails and records stored on non-government  servers, signaling a step forward for transparency but posing questions as to how  agencies will search for government information not stored on their own servers.

Information Security and Cyberthreats

Password Sharing Liability: The Ninth Circuit upheld a Computer Fraud and Abuse Act conviction of a former consulting employee who used his coworker’s password to obtain information from the company’s servers and start a competing business; a dissenting judge stated in objection that the ruling could cover everyone who engages in the “ubiquitous, useful, and generally harmless” practice of sharing passwords.

Cybersecurity Investment: The EU Commission announced a public-private partnership to fund cybersecurity research and development of software products and services in key infrastructure sectors; the EU will disburse a maximum of $500 million and expects three times as much investment from the private sector to address cybersecurity concerns and boost European competitiveness.

Intellectual Property

ICANN’s Role in IP: ICANN stated that it will not decide copyright disputes or police content, but will ensure that those involved in the domain registration process are complying with contractual obligations and preventing illegal behavior.

Free Expression and Censorship

Censoring Graphic Live-Stream: A woman present at Wednesday’s Minnesota traffic stop shooting live-streamed the aftermath of the incident to Facebook; the video had 1 million views before Facebook removed it and subsequently re-released it with a graphic warning.

Another Cyberstalking Law Found Invalid: The Illinois Appeals Court found a cyberstalking law invalid because it lacked a malicious intent requirement for the harassment in question; prior courts have also found that absent this mens rea requirement, these cyberstalking laws create new First Amendment restrictions, hindering free speech.

Practice Note

IoT Liability Under TCPA: Smart home applications that allow consumers to remotely control automated home appliances with their smart phones may make service providers liable under the Telephone Consumer Protection Act (TCPA), because the statute requires vendors to communicate “only in a manner consistent with the consumer’s consent;” some text messages alerting users that, for example, a door or a window is open may exceed that scope of consent.

On the Lighter Side

Selfie Epidemic: “Today” show co-anchor was told by her doctor that selfie-taking, placing the arm in an abnormal position, may be a cause of arm pain and stiffness.

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law and Founding Academic Director, CLIP

N. Cameron Russell
Executive Director, Fordham CLIP

Editorial Fellows, CLIP
Victoria J.A. Loeb
Vlad A. Herta

Internet Governance

Preparing for IANA Transition: ICANN signed an agreement with the regional internet registries that grants it the coordination and administration role currently served by the US government; in exchange, ICANN is committed to meet new operational benchmarks, fulfill additional obligations such as periodic reviews, and establish an arbitration process to solve future disputes.

Stronger Data Transfer Standards: The EU and the US revised the Privacy Shield data transfer agreement, in response to EU concerns about mass US spying, to include heightened regulations for companies that keep profitable cross-border data on Europeans and transparency in US surveillance.

More Proprietary Undersea Cables: Weeks after Facebook and Microsoft announced they will lay an unprecedentedly capacious trans-Atlantic cable, Google, in cooperation with five Asian telecommunication companies, launched the highest capacity trans-Pacific cable, intended to carry Google’s data between overseas data centers; the move marks a shift in bandwidth capacity from telecommunication companies to tech giants.

Privacy

Security Concerns Lead to Intrusive Proposal: A Department of Homeland Security proposal published in the Federal Register would add a field on the I94W form that asks travelers coming to the US without a visa under the Visa Waiver Program to provide their social media accounts to help screen for links to terrorist activity.

Information Security and Cyberthreats

Database Leaked: A “white-hat hacker” obtained a leaked copy of a Thomson Reuters-owned database containing names of over 2.2 million individuals and organizations labeled “heightened risks” and used to screen people for links to crime and terrorism; the hacker’s concern about the database’s inclusion of innocent people has led him to consider leaking it to the public, a risky decision that would alert the true criminals on the list.

Changes to Electronic Tax Filing:  The IRS decided to discontinue the Electronic Filing PINs web tool, which allowed taxpayers to obtain a PIN to file tax returns online, due to security concerns after repeated bot attacks targeted the application, including a successful breach in February where the bot obtained more than 100,000 PINs.

Intellectual Property

Global Literacy Access: Twenty countries have now ratified the Marrakesh Treaty, aimed at increasing literacy and information access for the visually impaired and print disabled through a copyright exception and facilitation of cross-border trade of copyrighted books in special literacy format; the Treaty will take force this coming September.

Free Expression and Censorship

E-Campaigning? Facebook, attempting to maintain an impartial approach to the national  election and refute assertions of political bias by skewing news, still plays a role in  encouraging voting and aiding candidates in managing their platforms on the site;  concerns remain about the role of social networks in influencing user ideology and  beliefs to the detriment of larger societal awareness of differing ideas.

A Step Further for Private Sector Anti-Terror Efforts: Stepping up efforts to combat terrorist propaganda online, Facebook, Google and other tech companies may deploy automated copyright removal methods instead of relying on user reporting, raising concerns about the companies’ cooperation with the government and the possibility that the tools might be abused to suppress free speech.

Practice Note

Security Opportunities Ahead: Items that have long been everyday fixtures in their  respective sectors but are newly automated, such as home appliances, equipment monitoring, and transportation and healthcare devices, are manufactured with minimal security expertise and are vulnerable to hackers, but present significant opportunities for security companies to develop risk models and increase global security.

On the Lighter Side

You Know Nothing, Siri! Siri is giving out all sorts of sassy replies to Game of Thrones finale inquiries, but her failure to answer follow up questions reveals she did not watch closely enough.

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law and Founding Academic Director, CLIP

N. Cameron Russell
Executive Director, Fordham CLIP

Editorial Fellows, CLIP
Victoria J.A. Loeb
Vlad A. Herta