Month: September 2018

Internet Governance

Major Companies Talk Privacy with Senate: Leading technology and communications companies, including AT&T, Apple, Charter and Google, provided testimony to the U.S. Senate Committee in support of a federal privacy law that would preempt state statutes, which demonstrates the industry’s acceptance of forthcoming legislation; while governing at the federal level would avoid a “patchwork of laws” that are difficult to navigate, the companies failed to provide a meaningful response when asked why Congress should not implement legislation similar to GDPR and California’s privacy law.

California Passes IoT Bill: The California bill that requires “reasonable security” for IoT devices, including a mandate that products must arrive with unique rather than default passwords that consumers can change after installation, is awaiting the governor’s signature; while some believe the legislation would be a step in the right direction, critics such as Ruth Artzi, Senior Product Marketing Manager at VDOO, argue, “the law should be defined in a more specific manner, as the requirement for an ‘appropriate’ security procedure, depending on the device nature and function, is too ambiguous with no real mechanism to verify that the vendor took the appropriate steps.”

Privacy

Facebook Collects Contacts’ Information: Researchers at Northeastern and Princeton University discovered that Facebook associates the information uploaded by other users’ contact lists when “finding friends” with their profiles and sells it to advertisers, and because the user did not provide the information, he or she is unable to see it or disassociate it with their account; although Facebook does not dispute the collection method, researchers believe that the social network should make its platform more transparent by telling users all the contact information it has gathered from various sources.

Delta’s Biometric Check-In: Delta announced plans to allow travelers to check-in, pass through security, and board with facial recognition in Atlanta’s international airport, which is the first service of its kind in the U.S.; Customs and Border Protection’s “biometric exit” program, which utilizes airlines’ data to verify travelers’ identities, continues to face backlash from critics who assert privacy concerns and the illegality of collection absent Congressional authority.

Information Security and Cyberthreats

Uber Settles 2016 Data Breach: Marking the largest multi-state penalty for a privacy violation, Uber paid $148 million for its failure to promptly notify users after its 2016 data breach which exposed data from 57 million accounts, including 600,000 driving records; the settlement also requires data security incident reports on a quarterly basis for two years and a comprehensive information security program overseen by an executive officer.

Absentee Voting through Blockchain: In an effort to promote enfranchisement among military deployed abroad, West Virginia is allowing overseas residents to vote in its midterm election using Voatz, a blockchain voting app; critics in an election climate fraught with security concerns argue that a virus could alter a person’s vote, but Voatz states that the app can detect malware and will only run on smartphones with the latest security updates.

Intellectual Property

Pay Up, Tech Firms: UK’s News Media Association proposed to the government that Google, Facebook, and other sites that host news content on their platforms should pay an annual tax to fund journalism, give “reasonable notice” when they make changes to their terms of business or algorithms that affect news publishers, and share its revenue with newspapers when their stories appear in users’ feeds; the organization’s proposal suggest support of the EU’s Article 11 copyright strategy (set to pass next year), which requires tech firms to pay a “link tax” to publishers to share their content.

Qualcomm v. Apple:  Qualcomm accused Apple of stealing confidential information and trade secrets related to its chip software and funneling it to Intel Corporation; according to an amended complaint Qualcomm filed in Superior Court in San Diego County, Apple gave Intel engineers confidential information for “at least several years,” including Qualcomm’s source code and log files, to develop modem chips for iPhones.

Free Expression and Censorship

No More ‘Dehumanizing’ Speech: Twitter changed its hateful conduct policies to prohibit “dehumanizing speech” and asked users to give feedback on whether the new rules are clear; Twitter’s scope of “dehumanizing speech” will “include content that dehumanizes others based on their membership in an identifiable group, even when the material does not include a direct target.”

Google’s Project Dragonfly: Former Google scientist Jack Poulson wrote a letter to the Senate Committee on Commerce, Science, and Transportation asking senators to press Google on “Project Dragonfly,” a controversial search engine plan that complies with China’s strict censorship apparatus; Poulson writes that the project contradicts Google’s principles for the use of AI, has a “prototype interface” that ties users to their phone numbers, and blacklists words like “human rights.”

Practice Note

Free TM Search Tool: TrademarkNow states it is the first major vendor to launch a free preliminary trademark searching tool which offers users an unlimited volume of screening searches of the U.S. Patent and Trademark Office and the EU Intellectual Property Office; the search tool also allows users to filter their results by registry or Nice classification.

On The Lighter Side

Robotic Rubik’s Cube: Do you find yourself struggling to solve the rubik’s cube? While it may not set any world records, this robotic rubik’s cube can solve itself without any assistance.

---

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Subrina Chowdhury
Tommine McCarthy
Editorial Fellows, Fordham CLIP

Internet Governance

Stopping Fintechs: The New York Department of Financial Services filed a suit against the U.S. Office of the Comptroller of the Currency to repeal its decision permitting payment services like Venmo and online lenders to apply for national bank charters, stating the move violated the Constitution’s Tenth Amendment and put vulnerable consumers at risk of exploitation.

Hunting Pirates: The Supreme Court of Canada unanimously held media makers and other copyright holders must pay internet service providers “reasonable” compensation to link pirates’ IP addresses to customers’ personal data; the Supreme Court asked a lower court to determine the “reasonable” amount that internet service providers should be reimbursed for identifying subscribers accused of infringing on copyrights.

Privacy

Protecting Children’s Privacy: New Mexico Attorney General Hector Balderas filed a federal lawsuit against Tiny Lab Productions and its contracted advertisers, including Google and Twitter, for allegedly sending children’s location, demographic, and other personal information to advertisers without parental consent; the Attorney General also claims Google gave its customers the false impression that the apps adhere to child privacy policies by marketing the apps in the family section of its online store.

Amazon Under Preliminary Antitrust Probe: The European Commission launched a preliminary antitrust investigation into Amazon’s use of data on third-party merchants to determine whether retailers are being placed at a disadvantage; Competition Commissioner Margrethe Vestager stated her office received complaints and sent questionnaires to retailers who do business with Amazon to gather more information.

Information Security and Cyberthreats

Newegg Data Breach: Hardware retailer Newegg suffered a data breach that exposed customers’ credit card information for a month to Magecart, the same group behind the British Airways and Ticketmaster UK breaches earlier this year; the hackers injected a 15-line credit card-skimming code into Newegg’s payments webpage and sent the data to a server with a similar domain name and an HTTPS certificate controlled by the hackers.

UK Fines Equifax: The UK Information Commissioner’s Office (“ICO”) fined Equifax’s UK arm for 500,000 pounds for failing to protect up to 15 million citizens’ personal data; ICO found significant problems with Equifax’s data retention, IT system patching, and audit procedures and discovered the company failed take appropriate steps to fix a critical vulnerability identified by the U.S. Department of Homeland Security.

Intellectual Property

Modernizing Music: The Senate unanimously passed a bill that revamps Section 115 of the U.S. Copyright Act by making music licensing easier and more rewarding for rights holders, compensating songwriters and artists for pre-1972 creations, and improving payouts for producers and engineers when their recordings are used on satellite and online radio; reflecting on the bill’s likelihood of becoming law, Mitch Glazier, the president of the Recording Industry Association of America, said that the Music Modernization Act, “moves us toward a modern music licensing landscape better founded on fair market rates and fair pay for all.”

USPTO Seeks Artificial Intelligence: In hopes of moving quicker without compromising integrity, the United States Patent and Trademark Office (“USTPO”)  issued a request for information about an artificial intelligence solution that would aid the agency’s internal search function as it reviews patent applications; one challenge the USTPO hopes to address is the ever-changing nature of language as applicants and innovation cultivate new terms, which makes keyword searches difficult.

Free Expression and Censorship

China Collaborates on Artificial Intelligence: Facing rigid content restrictions, U.S. tech giants, such as Google, Microsoft, and Amazon, are finding an opportunity to make headway into the Chinese economy and data through artificial intelligence; for example, Google has introduced a new line of AI-backed products, which marks its first new consumer product in China since its search engine was largely blocked in 2010.

Registering Domains with “Seven Dirty Words”: The National Telecommunications and Information Administration rescinded its rule prohibiting the “seven dirty words” in domain names; after back-and-forth views between a registrant, the Electronic Frontier Foundation, and Harvard Law School,  the government found that Federal Communications Commission v. Pacifica Foundation only restricts the language on over-the-air broadcasts and thus the First Amendment protects the “seven dirty words” in domain name registrations.

Practice Note

Free Access to Public Judiciary Records? Republican Congressman Doug Collins introduced legislation that gives free access to documents on the federal judiciary’s website PACER, instead of charging 10 cents per page; in addition to cutting costs for the legal community, the legislation would allow readers to readily access external site links to the electronic records and enable the use of modern software to analyze legal files and evaluate biases and other trends in the judicial system.

On The Lighter Side

New Robo-Dog Litter: For those interested in experiencing evolving AI at home, Sony’s latest Aibo robot puppy is now on sale in the U.S.; the adorable mechanical pet recognizes up to 100 faces, develops a personality that changes (and becomes more obedient with training) over time, and even plugs itself in by walking to its charging station.

---

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Subrina Chowdhury
Tommine McCarthy
Editorial Fellows, Fordham CLIP

Internet Governance

China Opens Up Second “Internet Court”: China selected Beijing to establish its second dedicated internet court which resolves issues involving online shopping, service contracts, lending, copyrights and domains, and a third court is set to open within the month in Guangzhou; compared to the first eight months of 2017, online-related disputes were 24.4% higher during the same period this year in Beijing courts.

FTC Shuts Down Fake Military Recruitment Sites: The FTC shut down fake military recruitment websites that sold users’ information to post-secondary schools without their consent since 2010; finding the companies in breach of the FTC Act and the FTC’s Telemarketing Sales Rule, the FTC settlement requires that the Alabama-based companies, Sunkey Publishing Inc. and Fanmail.com LLC, relinquish their domains and pay at least $1,000,000 each in fines.

Privacy

Apps Quietly Selling Location Information:  Security researchers at the GuardianApp project found that millions of iPhone users have had their location data covertly sold by at least 24 popular iPhone apps to data monetization firms that use the information to deliver targeted ads; Will Strafach, founder of GuardianApp, argues that the firms should disclose the data collection through notifications sent directly to the user instead of burying it in a hidden privacy policy.

Tech Trade Groups Introduce Federal Privacy Legislation The Internet Association and BSA|The Software Alliance, two technology trade groups, introduced federal privacy legislation proposals that recommend enabling consumers to correct or delete information under certain circumstances, take personal information to another company that provides similar services, and learn what data companies collect and use; while the groups also support preemption of state laws, some critics argue, “states are much better prepared to be nimble in the face of future threats to American consumers.”

Information Security and Cyberthreats

British Airways Hackers Behind Wave of Data Breaches: After credit card skimming malware compromised nearly 380,000 British Airways customers’ information over a three-week period, security firm RiskIQ revealed that the responsible criminal group, Magecart, was behind a bigger wave of attacks; the collective has aggregated a larger reach “than any other credit card breach to date, and isn’t stopping any day soon,” according to Yonathan Klijnsma, a threat researcher at RiskIQ

Deep Fakes Become More Advanced: Researchers at Carnegie Mellon University have enhanced deep fakes by developing technology that transfers the mannerisms of one person to another, such as “John Oliver’s dimple while smiling, the shape of mouth characteristic of Donald Trump, and the facial mouth lines and smile of Stephen Colbert;” the advancement increases the potential for bad actors to leverage deep fake technology as a tool to circulate nefarious political propaganda

Intellectual Property

EU’s Copyright Reform:  The European Parliament voted in favor of the Copyright Directive, which reforms online copyright with controversial initiatives, including requiring online platforms to pay media companies to link to their content (Article 11) and making the platforms verify content uploaded on their sites and remove copyrighted material (Article 13); while critics believe the law could lead to censorship and limit what people can post and share online, supporters say the provisions will give creators the opportunity to reclaim the value of their work.

TickBox Settles: Streaming TV device manufacturer TickBox agreed to pay $25 million to settle a California federal court suit brought by Universal Studios, Netflix, and other content-creating companies who claim TickBox is assisting customers in infringing their copyrighted material; TickBox also consented to a permanent injunction under which TickBox may continue as a business, but can no longer provide software that allows users to stream unlicensed movies or TV shows.

Free Expression and Censorship

Political Censorship by YouTube?  Google removed a YouTube advertisement by Russian opposition politician Alexei Navalny ahead of Sunday elections for regional governors after the Central Election Commission sent a letter of complaint that the videos violate a law prohibiting political campaigning within 24 hours of an election; a Navalny aide condemned Google’s act as a “case of political censorship,” claiming the advertisements were unrelated to the elections as they encouraged citizens to protest President Vladimir Putin’s plans to raise the retirement age for state pensions.

Crackdown on Extremist Content:  The EU proposed new laws ordering social media companies to remove content promoting extremist groups or instructions on how to commit extremist offenses within one hour to avoid fines as high as 4 percent of annual turnover; the President explained the one hour deadline was proposed because “terrorist content is most harmful in the first hours after it appears online because of the speed at which it spreads.”

On The Lighter Side

Sarcastic AI:  Frustrated that your Alexa misunderstands your sarcasm? Fortunately, researchers at Oregon State University are working on developing an AI system capable of interpreting our sense of humor.

---

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Subrina Chowdhury
Tommine McCarthy
Editorial Fellows, Fordham CLIP

Internet Governance

Tech Meeting on Capitol Hill: While Google declined to make a C-suite executive available for the hearing, Facebook COO Sheryl Sandberg and Twitter CEO Jack Dorsey testified to the Senate Intelligence Committee about their efforts to curb foreign interference in U.S. elections and whether Twitter is biased in how it monitors online accounts; directly after the hearing ended, the Department of Justice stated that Attorney General Jeff Sessions “has convened a meeting with a number of state attorneys general this month to discuss a growing concern that these companies may be hurting competition and intentionally stifling the free exchange of ideas on their platforms.”

‘Stop BEZOS Act’: Senator Bernie Sanders introduced a bill entitled “Stop Bad Employers by Zeroing Out Subsidies Act” that would require companies with at least 500 employees to pay a one-hundred percent tax on government benefits received by workers, following similar legislation introduced in Congress last summer by Representative Ro Khanna; while Sanders claimed Amazon’s employees are paid inadequate wages and rely on federal benefits to cover their families’ basic needs, Amazon argued Sanders’ figures are “inaccurate and misleading” because they include temporary and part time workers.

Privacy

‘Five Eyes’ on Encrypted Data:  Homeland Security Secretary Kirstjen Nielsen and her counterparts from Britain, Canada, Australia, and New Zealand, the so-called Five Eyes nations, issued a joint memo calling on technology firms to create workarounds to their encrypted products and services so the governments may lawfully access encrypted e-mails, text messages and voice communications; while technology firms have not yet commented on the memo, Facebook’s global public policy lead on security Gail Kent wrote in May that “cybersecurity experts have repeatedly proven that it’s impossible to create any back door that couldn’t be discovered — and exploited — by bad actors. It’s why weakening any part of encryption weakens the whole security ecosystem.”

LinkedIn Recruits Spies? U.S. counter-intelligence chief William Evanina claims that Chinese espionage agencies are using fake LinkedIn accounts to recruit spies in America with access to government and commercial secrets and asked Microsoft, the owner of LinkedIn, to shut down the alleged fake accounts; while German and British authorities previously cautioned their citizens that China is using LinkedIn to recruit spies, this is the first time a U.S official publicly discussed the issue.

Information Security and Cyberthreats

Spy Gets Spied Upon: mSpy, an app that allows people to track their children, loved ones, or anyone else, leaked more than two million sensitive records, including personal passwords, text messages, contacts, notes, and even location data for mSpy users; the leak emerged when security researcher Nitish Shah found mSpy’s online database did not require authentication and allowed anyone to find up-to-the-minute records for customer transactions and mobile phone data.

Intellectual Property

Facebook v. Blackberry: Facebook filed a complaint against Blackberry in the U.S. District Court of the Northern District of California claiming six patent infringements, including “Voice Instant Messaging”; the allegation comes only months after Blackberry filed a lawsuit against Facebook and its subsidiaries, WhatsApp and Instagram, in March which also involved messaging patents.

EU Copyright Reform Warning: The Wikimedia Foundation issued a blog post that warns against the EU copyright reform that will be voted on next week, which proposes a copyright for snippets of journalistic content online and shifting liability for platform users’ copyright infringements onto the platforms themselves; supporters argue the legislation will help fairly recompense European creatives for their work.

Free Expression and Censorship

Saudi Arabia Punishes Satire: Saudi Arabia’s Public Prosecution tweeted on Monday that posting satire online that “mocks, provokes, or disrupts public order, religious values and public morals” could result in an $800,000 fine and up to 5 years in jail; the restriction was announced amidst the apparent crackdown over the past year on critics of the government.

Apple Pride Watch Face Removed in Russia: iOS developer Guilherme Rambo discovered that the pride Apple watch face is “hardcoded to not show up if the paired iPhone is using the Russian locale”; Apple’s removal is an apparent attempt to abide by a Russian “gay propaganda” law passed in 2013 which makes actions such as supporting LGBTQ rights punishable by jail time.

Practice Note

Development of Domain Name Jurisprudence: Panels appointed to adjudicate nearly 50,000 domain name disputes under the Uniform Domain Name Dispute Resolution Policy have developed a complex jurisprudence of domain names, including certain evidentiary hurdles for complainants and respondents; as a result, there has been an emergence of counsel who have expertise in domain names.

On The Lighter Side

AP Computer Science Female, Minority Students on the Rise: Thanks to an introductory course in tech skills, a record number of female, black, and Latino students took the Advanced Placement computer science course this year according to the College Board; the program is designed to expose high school students, especially those belonging to groups currently underrepresented in the tech industry, to computer science training and hopefully provide access to high-paying tech jobs in the future.

---

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

N. Cameron Russell
Executive Director, Fordham CLIP

Subrina Chowdhury
Tommine McCarthy
Editorial Fellows, Fordham CLIP