Month: December 2019

Internet Governance

U.K. To Establish New Tech Regulator: The agency will reportedly enforce a new code of conduct aimed at large technology firms and will oversee consumers’ access to data; the country’s competition regulator has also recommended the introduction of new rules to address digital advertising.

Privacy

Genealogy Website To Share Customers’ Genetic Data With GlaxoSmithKline: DNA testing service 23andMe will provide the genetic information of its 5 million customers to the pharmaceutical company as part of a $300 million deal; by agreeing to 23andMe’s terms and conditions, consumers consent to their DNA being used for medical research.

Federal Court Dismisses Challenge To NSA’s Upstream Surveillance Program: The Wikimedia Foundation, owner of Wikipedia, alleged that the NSA was illegally conducting bulk surveillance; the district court held that while Wikimedia could show its content was probably traveling through NSA-monitored connection points, Wikimedia could not prove that the content was being surveilled because the issue could not be litigated without jeopardizing the confidentiality of NSA technology.

Information Security and Cyberthreats

New Jersey’s Largest Hospital System Paid Hackers To End Ransomware Attack: The attack on Hackensack Meridian Health, which took place in early December, crippled the provider’s scheduling, billing, labs, and radiology systems for nearly five days and forced hospitals to reschedule non-emergency appointments and surgeries.

New Orleans Declares State Of Emergency In Response To Cyberattack: The city shut down most of its computers after detecting ransomware and phishing emails on its network; officials have not indicated whether any data was stolen, and a forensic investigation into the incident is ongoing.

Free Expression and Censorship

Instagram Expands Fact-Checking Feature, But Politicians’ Posts Will Be Exempt: The social media company will engage third-party organizations to assess the truthfulness of photo and video content on its app; material that is determined to be false will be covered by a warning blocking the content, which users must tap through to view the post.

Italian Court Orders Facebook To Reinstate Neo-Fascist Political Party’s Account: Facebook removed CasaPound’s account because it violated the social media company’s policy against spreading hate speech; the court held that the removal “prevented political pluralism” and ordered that the page be restored in Italy, although it may remain inaccessible from overseas.

Practice Note

Standard Data Transfer Clauses Deemed Legal In EU: An advisory opinion by the Advocate General of the Court of Justice of the European Union determined that the standard contract clauses used by Facebook and other firms to transfer personal data to data processors in third countries are valid; such transfers could still be blocked, however, if EU data protection standards are not met in those countries.

On the Lighter Side

College Takes “Old School” Approach, Issues New Passwords For 38,000 Email Accounts By Hand: A German university was forced to provide new passwords for all student and staff email accounts after it was targeted in a malware attack.

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton
Executive Director, Fordham CLIP

Alison Gordon
Editorial Fellow

Internet Governance

Senators Raise Possibility Of New Encryption Legislation: At a judiciary committee hearing on Tuesday attended by representatives from Facebook and Apple, senators indicated they will pass legislation to regulate encryption unless tech companies can agree with law enforcement over weakening existing encryption protections; Facebook and Apple have expressed concerns about the impact that such a move would have on privacy and data security.

Privacy

FTC Finds Cambridge Analytica Deceived Facebook Users: The regulator also found that the now-defunct company engaged in deceptive practices under the EU-U.S. Privacy Shield, and issued an order prohibiting Cambridge Analytica from misrepresenting its privacy practices or participating in the Privacy Shield framework.

Genealogy Website GEDmatch Acquired By Verogen: The free genealogy website used by 1.3 million consumers was bought by Verogen, a forensic genomics firm that specializes in DNA testing services for law enforcement; earlier this month, it was reported that a Florida detective had obtained a warrant to search the entire GEDmatch database—including data from individuals who opted out of cooperating with law enforcement.

Information Security and Cyberthreats

44 Million Microsoft Accounts Vulnerable To Hacking Due To Use Of Compromised Passwords: Microsoft’s identity threat research team uncovered the vulnerability in early 2019 after checking credentials that were compromised in breaches of Microsoft consumer and enterprise accounts; Microsoft announced that it has forced password resets for affected consumer accounts, that no further action is required by consumers, and that it will alert enterprise account administrators so that credential resets can be implemented.

Intellectual Property

German Court Bans WhatsApp, Instagram, And Facebook Apps For Violating Patents: In a “provisionally enforceable” judgment, a Munich court ruled that existing versions of the apps violate patents held by Blackberry; Facebook has prepared updates to the apps to remove the offending features and will introduce the updates if Blackberry seeks to enforce the ban.

Free Expression and Censorship

Facebook Fires Contractor Who Received Bribes To Reactivate Banned Ad Accounts: The contractor was paid to reactivate accounts connected to Ads Inc., a marketing firm that placed ads making false claims about celebrities to trick customers into signing up for monthly subscriptions to products that were initially advertised as free trials.

Practice Note

Supreme Court Rules USPTO Cannot Claim Employees’ Salaries As Costs In Defending Civil Actions: The Court held that Patent Code section 145’s provision that a patent applicant pay “all expenses of the proceedings” does not encompass the salaries of attorneys and paralegals employed by the USPTO to defend the Office in federal trials over patent grants.

On the Lighter Side

Walmart Will Trial Driverless Grocery Deliveries In Houston: A pilot program will begin in the next few weeks, but it may be some time before the service becomes widely available, as challenges such as the vehicles’ slow speed and their ability to navigate through inclement weather still must be addressed.

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton
Executive Director, Fordham CLIP

Alison Gordon
Editorial Fellow

Internet Governance

EU Antitrust Regulator Commences Preliminary Investigations Into Google, Facebook: The regulator is investigating how the two companies gather, process, use, and monetize data; numerous antitrust investigations into big tech are currently underway, including a separate EU investigation launched last month into Facebook’s marketplace service and its impact on the classified ads market.

Privacy

China Requires Facial Scan With Phone Registration Or SIM Card Purchase: A new policy enacted by the Ministry of Industry and Information Technology requires customers to submit a facial scan for the ostensible purpose of tying consumer identities to devices to thwart SIM card switching; the policy follows a trend of Chinese government measures to strengthen state surveillance through the use of facial recognition technology.

Proposed Class Action Alleges TikTok Secretly Sending User Info To China: The lawsuit alleges that TikTok has been sharing personal data stored in the app, including unpublished videos stored on the app, contact lists, and location information in violation of federal computer fraud law and California’s constitutional right to privacy; the suit follows recent reports that the U.S. government is investigating whether the app poses a national security threat. 

Information Security and Cyberthreats

Russian Law Requires Pre-Installed Software On Devices Sold Within The Country:The Russian government will release a list of applications that must be installed on all cell phones, computers, and smart TVs prior to sale; the law has been presented as a means of helping Russian IT firms compete with international companies, and also cites convenience for consumers. 

Intellectual Property

Facebook Removes UK Election Ad For Violating Intellectual Property Policy: The social network determined that the Conservative Party’s ad, which contained video footage of BBC journalists making statements about Brexit without making clear that the statements were quoting politicians’ remarks, violated its intellectual property policy by using the BBC’s footage without permission. 

Free Expression and Censorship

Facebook Issues First Corrective Notice Under Singapore’s Fake News Law: The Singaporean government directed Facebook to publish under a user’s post a notice indicating that the government had determined that the post, which alleged election rigging and noted the arrest of a supposed whistleblower, contained false information; in publishing the notice, Facebook called for a “measured and transparent approach” to the implementation of the law and referred to the government’s assurances that the law would not impact free expression.

Practice Note

District Court Rejects Tortious Interference Claim Resulting From Twitter Ban: The court dismissed a Twitter user’s claim that the defendant’s reporting of her posts amounted to tortious interference, holding that the user’s relationship with her followers was not a protected business relationship with identifiable customers, but rather a relationship with the community at large; the court also rejected a claim that the ban interfered with the user’s contract with Twitter, holding that section 230 of the Communications Decency Act protected Twitter’s ability to “exercise traditional editorial functions, such as moderating content on its platform.”

On the Lighter Side

“I’m Walkin’ Here!” FedEx’s New AI-Powered Robots Hit Streets Of NYC For Special Event: Bystander videos show FedEx’s “SameDay Bots,” also known as “Roxos,” as they make their way around New York City using artificial intelligence, motion sensors, and stair-climbing wheels; the impromptu display incited backlash on social media expressing concern for sidewalk congestion and pedestrian safety.

Joel R. Reidenberg
Stanley D. and Nikki Waxberg Chair and Professor of Law
Founding Academic Director, Fordham CLIP

Tom Norton
Executive Director, Fordham CLIP

Alison Gordon
Lawrence Keating
Editorial Fellows