Jeremy Lin’s battles have been well documented.  He led his high school to a state title his senior year, and yet he received no athletic scholarship offers out of high school.  After going undrafted from Harvard, Lin bounced around a few NBA teams before finding himself a spot in the starting lineup of the ailing Knicks.  And from there, a sensation was born, the birth of “Linsanity”!

Jeremy Lin’s recent successes on the basketball court may ultimately lead him into a battle in another court.  On February 13, 2012, Lin filed a trademark application for the term “Linsanity” with the U.S. Patent and Trademark Office.  The problem is that Lin’s filing came six days after Yenchin Chang, a 35-year-old California resident with no ties to Lin,  became the first to apply for a “Linsanity” trademark.  Chang said that he filed his application because, like many others, he “wanted to be part of the excitement.”  A second filing was also made on February 9 by Andrew Slayton, who coached at Lin’s high school.  Both applications for “Linsanity” have proceeded  quickly through the trademark examination process, as the Trademark Office’s database shows that both applications have already been assigned to an examining attorney.

The fight for the “Linsanity” trademark is fierce, as many attempt to jump on the bandwagon to capitalize on Lin’s remarkable story.  In fact, Lin’s emergence has translated into huge sales thus far.  ESPN is reporting that Lin’s No. 17 Jersey has been the number one selling jersey since February 4th, according to the NBA.  In addition, Yahoo! Sports recently announced that Jeremy Lin is the world’s fastest-growing athlete brand worth approximately $14 million.  So far, only Slayton’s application  is based on use of the “Linsanity” trademark in commerce, as Mr. Slayton, who owns the domain names Linsanity.com and thejeremylinshow.com, has already begun selling Lin merchandise.  The remaining applications, including both Chang’s and Lin’s, are only based on a bona fide intent-to-use the mark in commerce.

Lin’s predicament is reminiscent of the rush to trademark catchphrases coined by Charlie Sheen last year, including by Sheen himself.  The law firm of Mintz Levin recently did a comparison of Lin’s situation with that of Sheen’s from last year.  The firm noted that when faced with trademark applications from Sheen and others for phrases such as “WINNING”, the Trademark Office refused registration based on Section 2(a) of the Lanham Act.  Under Section 2(a), registration of a mark may be barred if the mark is the same as, or a close approximation of, the name or identity of another person (that is not the applicant) and points uniquely and unmistakably to that person.  In Sheen’s case, the Trademark Office refused registration on the grounds that the applied-for mark “consists or includes matter which may falsely suggest a connection with the actor Charlie Sheen.”  In Lin’s case, Mintz Levin noted that given Lin’s recent explosion, his fame is such that consumers may presume that Chang’s and Slayton’s “Linsanity”  mark and associated goods are connected with Lin.  Similarly, the Trademark Office may refuse registration under Section 2(c), which is a bar to registration of a designation that identifies a particular living individual absent written consent.  Section 1052(c) of Article 15 the U.S. Code, which protects individuals’ privacy and publicity rights, also specifically prohibits the registration of a trademark that “[c]onsists of or comprises a name, portrait, or signature identifying a particular living individual except by his written consent.”  Given the fact that Lin is unlikely to provide the required consent, the pending applications may ultimately be doomed.

Checking on the  status of Sheen’s trademark applications,  more than half of them have subsequently been abandoned.  As for Lin’s case, it remains to be seen whether trademark applications for “Linsanity” will suffer the same fate, or whether the “Linsanity” phenomenon truly has staying power.  What is clear, for the reasons articulated above, is that Lin appears well positioned to protect his trademark rights.

On Wednesday February 15th, 2011 JotForm.com had its domain name removed from the Internet by its hosting company, GoDaddy. It appears that site came down at the request of the U.S. Secret Service, possibly due to a form on the site being used in connection with a phishing scam that one of its users was using the form for. Instead of contacting JotForm and asking for the offending form to be removed, the Secret Service had the whole site removed from DNS, and in the process also blocked millions of non-offending forms.

This is the type of behavior that caused millions of people to protest the proposed SOPA and PIPA bills. While those bills dealt with intellectual property protection, and not fraud, the remedies would have been the same. In the wake of the MegaUpload shutdown, it appears that the U.S. government is more than capable of using current laws to deal with Internet based crimes. However, just because the government has the power it does not mean that they should be pulling whole sites from the Internet over alleged illegal actions by their users.

JotForm is a startup company competing against companies like Google in a battle for users. For a company like this, being taken offline for any period of time, let alone for a whole day, could mean the loss of a competitive edge. Looking beyond the harm caused to JotForm, any startup company that bases its product around user created content may think twice about hosting or working within the United States. Going forward the government should move very carefully when they ask a hosting service to remove a domain from DNS. Most companies would work with the government to remove offending content and find individuals running schemes using the service. If the government wants to promote innovation, taking websites offline is not the best way to do so.

It will be interesting to see how law enforcement reacts to user created content as the business community continues to rely on their users for content, and Congress continues to graple with these new realities.

The USPTO recently announced a new awards competition called Patents for Humanity. The competition is a pilot program meant to encourage the development of technology to meet humanitarian rather than strictly business means. The prize? Accelerated processing of the winners’ patent applications, though the real value is that the winner may use the prize certificate toward any one patent application in his portfolio, not just the prize-winning technology.

This new program is just one of a series of  initiatives enacted in response to President Obama’s push to accelerate global development through use of technology. In theory, such initiatives will not only aid developing countries but lead to a stronger and more stable global economy, which will help the United States. The USPTO will assign prizes to up to  fifty winners in four different categories: medical technology, food and nutrition, clean technology, and information technology, and has expressed a desire to find solutions to problems such as drought and famine through new technologies. The contest entries will be judged regardless of the field of technology, the location of the targeted population, and the cost of implementing such technology.

This new program is especially intriguing because the White House has rarely used the USPTO to implement policy goals in the past. As a result, investors generally focus on developments in areas with great potential market value rather than those with great humanitarian efforts. While the value of awards certificate is small monetarily, it helps resolve a common complaint among inventors regarding the length of time it takes to process a patent application. With the certificate, winners can ensure a final decision on their applications within a twelve-month period as opposed to the typical two-year process. Since a patentee cannot enforce his patent rights against others until the application is granted, and patent applications are published eighteen months after filing, the accelerated application process could prove a powerful incentive to companies looking to stop infringement of their most potentially valuable products.

Everyone already knows that Tom Brady wields tremendous power in the sports world. Add to that a Brazilian super model wife and the guy has some serious social capital as well. But who knew the former Michigan quarterback’s casual comment to a group of reporters could trigger a federal investigation that resulted in the shutdown of sixteen illegal sports streaming websites and the indictment of nine of the sites’ operator? This is exactly what happened last Thursday when Tom Brady expressed his awe that he had in one year gone from “watching the game on an illegal Super Bowl website” as he rehabbed his foot in Costa Rica to playing in the big game. Within hours prosecutors had launched an investigation of similar websites. With that kind of political capital and a face that I’m pretty sure could single handedly accomplish world peace: Tom Brady for president?

The crackdown is perhaps not surprising considering that the commercials set to air during the Super Bowl generated $250 million in revenue for NBC. That all falls apart if fans are tuning into illegal live streams rather than the NBC broadcast. Yonjo Quiroa, the 28-year-old man arrested in Michigan on charges of copyright infringement for operating nine live streaming sports websites, earned more than $13,000 from merchants purchasing advertising space on his sites. While that revenue was made on other sporting events besides the Super Bowl, as one ad executive explained, the Super Bowl is “essentially our prom night.” The stakes are higher and those with deep pockets care more.

U.S. Attorney Preet Bharara said in a statement on Thursday that although using such illegal websites may be tempting to sports fans, “These websites and their operators deprive sports leagues and networks of legitimate revenue, forcing spectators and viewers to bear the cost of this piracy.” Thanks, Tom Brady for passing on the cost of your Costa-Rica-viewing of Super Bowl XLV to the people.

Although for most viewers the Super Bowl is arguably the one broadcast event of the year where they don’t mind seeing the ads, the debate surrounding web streaming of events or shows that others have paid to air or have invested money in developing is a hot-button issue as of late (see previous MTTLR blog post, for example, here). It hardly needs to be mentioned that there is a bit of a fight in Congress over how things should and shouldn’t be shared over the Internet. It bears remembering that as that battle is waged with the pen in the legislature, enforcement is carried out in a manner federal prosecutors feel fit on the ground. The consequences of that policy are very real to Mr. Quiroa who faces up to 5 years in federal prison for the operation of the sports streaming websites. As the debate continues in Congress and as we sit back and watch the game and commercials that we will all be talking about for the next week and beyond, it is worth thinking about what we want the Internet to look like and whose interests we think are most important to protect.

Over the past month, Google has announced two policy changes it will be implementing in the near future. Free speech advocates and government officials charged with protecting individuals’ privacy on the Internet have voiced concerns over the forthcoming changes.

I. A Switch to Country Code Top Level Domains

One of the two policy changes will affect Google’s website Blogger—a free weblog publishing tool. Over the next few months, Google will begin to use country code Top Level Domains (ccTLDs) in order to control the site on a per-country basis, according to the country from which it is being accessed. As Google explains on its Q&A page, rather than seeing [blogname].blogspot.com, users accessing the blog from Australia, for example, will see [blogname].blogspot.com.au.

By using ccTLDs, rather than one general Top Level Domain (such as “.com”), Google will be able to comply with different laws of each country, without affecting users accessing the site from countries without such laws. For example, because pro-Nazi speech is prohibited in France, a French user may be blocked from viewing pro-Nazi content on a blog from Australia. A user in the United States, however, would not be blocked from accessing such content, since the Constitution protects pro-Nazi speech under the First Amendment.

The concern over this policy change is as follows: making it easier to comply with local speech-prohibiting rules will encourage a proliferation of new laws further oppressing speech. Twitter announced a similar policy change prior to Google’s announcement, and received a much more publicized backlash. Critics of Twitter’s move towards localized domains argued that the website was enabling oppressive regimes to continue to silence their citizens through mass censorship.  Users of the website even organized a protest in response to this change, joining a #TwitterBlackout, in which participants refrained from using the site for 24 hours on Saturday, January 28, 2012.

Google responds to the criticism by arguing that the policy change will actually “promote free expression and responsible publishing while providing greater flexibility in complying with valid removal requests pursuant to local law.” Google explains further, “By utilizing ccTLDs, content removals can be managed on a per country basis, which will limit their impact to the smallest number of readers. Content removed due to a specific country’s laws will only be removed from the relevant ccTLD.”

Lastly, Google advises concerned users that there will be a way to avoid being redirected to a country-specific domain. “Blog readers may request a specific country version of the blogspot content by entering a specially formatted ‘NCR’ URL. NCR stands for ‘No Country Redirect’ and will always display buzz.blogger.com in English, whether you’re in India, Brazil, Honduras, Germany, or anywhere.”

II. Condensing Multiple Privacy Policies into One

The second change that Google recently announced is its decision to combine about 60 privacy policies into one that, according to Google, is “a lot shorter and easier to read.” Google argues that it is doing this in order to “create a simple product experience” and its goal is “to provide you with as much transparency and choice as possible.” Although Google insists its privacy policies have not changed, the policy reiterates its ability to collect information from users and compile it for more targeted ads and search results. The policy change is set to go into effect on March 1, 2012. As such, organizations and government officials concerned with privacy rights of individuals have requested both more information, and a delay in implementation of this policy.

In the United States, as reported by CNN, a bipartisan group of Congressional members wrote a letter to the CEO of Google, Larry Page, asking for clarification about the changes. Further, authorities from the European Union have also written a letter to Page, requesting that the March 1st date be pushed back, so that it may conduct an investigation to ensure that the new policy does not infringe the rights of their users and EU citizens. According to reports, a French data protection agency has begun the investigation on behalf of 26 other E.U. governments in order to assess the implications of the new privacy policy. Google has not indicated a willingness to pause the new policy from going into effect; in fact, it responded, “delaying the new policy would cause significant confusion.”

Google clarifies, in a post on its public policy blog, that users do not have to log in to use most Google products, and no data is collected when a user is not logged in. Further, when logged in, users can edit or turn off their search histories. Google insists it is not collecting any more information than it has before, but rather, now it is simply being more upfront and transparent about it. Google contends that the information is assembled to enhance user experience by enabling better-targeted advertisements and search results. Lastly, Google reminds users, “[W]e’ll never sell your personal information or share it without your permission (other than rare circumstances like valid legal requests).”

Although Google insists its privacy controls have not changed, Microsoft is taking advantage of the attention Google has received regarding this privacy policy. Microsoft owns Hotmail, Bing and Internet Explorer – all of which compete with various Google programs. In a new print campaign, Microsoft pounces on Google, attacking its methods of gleaning information from its users in order to profit from advertisers, and encouraging users concerned with their privacy rights to make the switch to Microsoft products. Time will tell whether Google users choose to stay with the company, in spite of these policy changes.

On February 10, 2012, the U.S. Copyright Office will stop accepting public comment on proposed administrative exemptions to the Digital Millennium Copyright Act’s “access control” provisions. Fresh from their SOPA and PIPA victories, organizations such as the Electronic Frontier Foundation are pushing activists to flood the U.S. Copyright Office with comments supporting the renewal and expansion of current exemptions. Regardless of the outcome of this campaign, it is clear that the exemptions currently in place will change.

First, some background. According to Section 1201(a)(1)(A) of the Digital Millennium Copyright Act, individuals may not “circumvent a technological measure that effectively controls access to a work protected under [the Copyright Act].” This was one of the key provisions of the DMCA (along with the Safe Harbor provisions of 17 U.S.C. § 512) and essentially makes it a crime to hack software or hardware designed to protect copyrighted material. Concerned that the law would weaken the fair use doctrine by criminalizing circumvention even when the individual plans to engage in non-infringing uses, Congress required the Librarian of Congress to issue specific exemptions for certain classes of works every three years. Such exemption rules were issued in 2000, 2003, 2006, and 2010. Although the rules scheduled to be issued in 2009 were delayed for a year, the Copyright Office plans to get back on schedule by issuing new rules early — in October of this year.

Of the six classes of works exempted in 2010, only four have been proposed for renewal this year. This virtually ensures that two prior exempted classes will expire. The first expiring class consists of “[c]omputer programs protected by dongles that prevent access due to malfunction or damage and which are obsolete.” This exemption has been in place since the first set of rules in 2000, which makes its absence from the current proposed list rather surprising. The reason for its absence is unclear, but it may simply be the case that there are so few individuals and companies using outdated dongle-reliant software that the exemption is no longer needed.

The other expiring class of works concerns “[v]ideo games accessible on personal computers and protected by technological protection measures that control access to lawfully obtained works, when circumvention is accomplished solely for the purpose of good faith testing for, investigating, or correcting security flaws or vulnerabilities.” According to Nimmer on Copyright § 12A.03, this exemption was first implemented in 2010 as a response to vulnerabilities caused by Macrovision’s SafeDisc technology. Since this exemption was probably unnecessary given the DMCA’s safe harbor exemption for encryption research (§ 1201(g)), it is unsurprising that it has not been proposed again.

Of the four classes proposed for renewal, only one will likely remain unchanged. This class covers literary works distributed in ebook format, where access control technology prevents the use of read-aloud functionality or the use of specialized screen readers. This exemption has been proposed by the American Council for the Blind and the American Foundation for the Blind, and will likely be renewed without much controversy.

For the other three classes, EFF and others are proposing that they be renewed, but with changes to reflect advances in technology and consumer use. For example, current rules exempt the use of DeCSS and other software to bypass the Content Scrambling System on DVDs. This exemption only applies when the circumvention is conducted for educational purposes, for documentary filmmaking, and for noncommercial videos. EFF and the University of Michigan Library would like to renew this exemption, but EFF has proposed expanding it by including audiovisual works acquired via online distribution systems (such as Netflix streaming or Amazon Instant Video). This expansion would likely be opposed by the film industry, which resisted the exemption for DVDs.

EFF has proposed expanding the remaining two classes to reflect the rise of tablet computers, but they will undoubtedly face some resistance. The exemptions for unlocking (whereby computer applications circumvent technology limiting a device to one particular wireless telecommunications network) and jailbreaking (which allows an individual to install third-party software on a device) currently apply only to mobile phones. Every proposed renewal of these rules would extend the exemption to other wireless devices such as tablets. It is hard to argue than an iPhone is really all that different from an iPad, so it will be interesting to see whether the Librarian of Congress agrees to widen the class of devices subject to the exemption.

Although there initially appear to be few practical arguments for distinguishing phones from tablets in this context, it would create problems for the Copyright Office if it treated them the same. If computer programs designed to jailbreak the iPad and other tablet computers are allowed, then why not allow–as EFF has proposed–the jailbreaking of video game consoles such as the Xbox 360 and the Playstation 3? They are all essentially limited-purpose computers that allow individuals to play games, watch movies and access the internet–albeit tablets have their screen built-in while gaming consoles attach to a television. Furthermore, if gaming consoles can be jailbroken, then why not DVRs such as the TiVo? There is no doubt that Sony, Microsoft, and cable companies would oppose subjecting their devices to such exemptions, just as Apple Computer opposed the current exemptions. Yet the same fair use rationale that justified the current exemptions relating to mobile phones would seem to apply to other devices. Ultimately the Librarian of Congress–with the input of the public–will have to decide where to draw the line.

These were the words written in an email by Mathias Ortmann to Bram Van Der Kolk.  Who, you might ask?  Ortmann and Van Der Kolk are two of the recently indicted parties to the Megaupload conspiracy, and this email was publicized in the indictment.  You know, that thing that happened on January 19^th, the day after the tech world celebrated the shelving of SOPA and PIPA.  Megaupload was what is known as a “cyberlocker,” a file hosting service, to which individuals can upload files, and through sharing the URLs of the given files, can allow others to access them.  In theory and in practice, many of these sites, including Megaupload itself, are used by people who need to share such large files for their own legal purposes.  (No really, trust them, they even made sure to reconfirm this legitimate purpose for the world a few months ago through a catchy YouTube video. Featuring celebrities!)  However, as the Mega indictment papers make clear, the gentlemen running Mega were very aware, if not brazenly encouraging, the use of their site and its petabytes’ worth of storage space to share copyrighted material.  They at times exchanged emails discussing how to make their customers’ viewing experiences of television shows such as “Dexter” more seamless.  Part of the indictment even mentions the founders themselves sharing such American film classics as “Meet Dave.”  In fact, as the indictment shows, the Mega conspirators apparently reposted YouTube videos to their sites just to increase their percentage of copyright-free material.

When it was shut down, Megaupload was the 70^th most trafficked site on the internet, according to Alexa.  The Alexa list is populated at its top by sites the likes of which must of the world depends on for daily internet use, for better or for worse; Google, Facebook, Youtube, and Yahoo! are the top four sites on its list.  However, further down the list, peppered amid the countless other manifestations of Google, are cyberlockers, Bittorrent trackers, and free pornography websites.  Does this mass use suggest a serious absence of morality in modern society?  Or is it more a reflection of just how easy it is to break the law these days?

Back in the good ole days of piracy, pirates were adventurous individuals, sailing the high seas for adventure, debauchery, and a bit of terror (or at least this is what Disney movies that I definitely watched legally taught me).  They knew where the line between good and evil lay drawn, and they very consciously crossed that line.  Nowadays, people can commit a felonious act of piracy without even knowing it from the comforts of their living rooms.  Most people who download copyrighted material are aware of having done so.  They just don’t think much of it.  So how is it that we have come to a point where felonies have become passive acts?  Is the law not meant to keep up with morality?  At a point in history when the Supreme Court rules that Congress can remove works from the public domain so big media companies can copyright old foreign works, including those of Stravinsky and H.G. Wells (see the recently-decided Golan v. Holder decision), what is left for the average American citizen?  As Justice Breyer asks in his dissent in Golan, if the original purposes of copyright laws suggested furthering the arts, why does it only seem that copyright law prevents their distribution?

As the Mega indictment papers indicate, in the end it seems that nobody would ever get indicted over copyright infringement in this country if they do not make money through it.  The Mega conspirators brazenly flaunted the law, made a few hundreds of millions of dollars, and then the law took offense.  The case against Megaupload appears very sound, given how sloppy the conspirators were in violating black letter law.  But their mistake wasn’t taking copyrighted intellectual property.  It was in making money through doing so.  After all, when providing shipping to pirates is more lucrative than piracy itself, it’s going to catch someone’s attention.

The Mega conspirators will get to have their days in court.  Perhaps then, founder Kim Dotcom (no, not his given name) can finally have his day to expose the criminal activity of his former competitors, and bring them to justice, as he once told PayPal he intended to do.  (See Mega Indictment, Count II ¶ uuuu.)  Can a man who makes such a gesture to bring down the criminal activity of others really be such a bad guy?

Netflix may now be able to use Facebook to further alienate its consumers while pursuing a lucrative revenue stream. The House amended the Video Privacy Protection Act (VPPA) to relax written consent requirements for sharing information on movie rentals. This opens the door to Netflix having a Spotify-like presence on Facebook feeds and finally lets me see how many of my Facebook friends truly appreciate “The Room.”

The House’s vote, which was surprisingly more contentious than anticipated and attracted a bit of money, is an important step in changing our strict consent requirement (written consent required for every disclosure) for the sharing of video rental information. The amendment allows for continuous consent obtained on the Internet, while still asking for it to be “informed, written consent.” It requires such consent to be distinct and separate from other legal or financial obligations. This means consent need only be established once on the Internet, though it can be revoked. The full text is here, and will take longer to load than to read, and does not tell us how consent on the Internet is actually achieved.

The amendment has a startling lack of the words “opt-in” or “opt-out” along with any requirement of notification due to change in company policy. The bill looks like an opt-in regime (it still asks for “informed written consent”) that will require notification of change of significant policy, but it does not address the political divide around these words. Of course, given our propensity for opt-out schemes, I could be reading this completely reasonably but incorrectly. One representative (Hanna, R-NY) explains his reasoning that the amendment “clarifies” current consent law, requiring an “opt-in” but allowing an “opt-out” at any time.

Privacy advocates are skeptical of this change, bringing serious concerns over the loss of meaningful information privacy control. Mark Rotenberg of EPIC (the main opposition to this amendment) claims this destroys the right to meaningful consent. He reads the amendment as diminishing user’s control over their own personal information. The Center for Democracy and Technology was less condemning in its responses, suggesting this to be considerably less important than other privacy issues Congress should be tackling. The CDT also points out that the original VPPA is a high-water mark for privacy legislation, and any degradation of it will be taken as a general attack on privacy. Members of Congress were more concerned about their own personal problems rather than their constituents’ problems.

One concern that lurks in the background is that the amendment allows “consent” to be defined as “check/uncheck this box to continue on to your normal Netflix experience, and by the way we are sharing your information with all your Facebook friends and/or anyone that asks.” The actual concern might not be that ridiculous, but there is definitely a knee-jerk reaction here to the thought that this purportedly “opt-in” amendment will still allow an automatic enrollment in the service until you opt-out. Without thinking about the history of opt-in/opt-out, the statutory language potentially precludes that by requiring consent to be given in a context free of other legal and financial obligations. Still, it’s easy to remember Spotify’s rather unchallenged entrance into Facebook as feeling like this, considering how we were all mystified when people started asking about our seemingly endless love for Kate Bush (YouTube). This is not a minor concern, but it is also not something we give companies complete freedom to do.

The FTC sent clear signals to social media sites and advertisers that dramatic changes to privacy policies concerning personal information will not be acceptable without some sort of new consent. Facebook just got in a whole heap of trouble for this sort of thing, and is subject to privacy audits and requirements of privacy “opt-ins” from users for substantial changes to policy. It also just closed comments on another privacy enforcement action with a behavioral advertising company, ScanScout, that used “flash cookies” in a rather deceptive way. The proposed ScanScout consent order requires strict notification and meaningful opt-out requirements, resembling to some degree the FTC’s proposal for Do Not Track legislation or regulation. Netflix, Hulu, Amazon Instant, iTunes, and other “rental” services should be well aware of the problems they can run into and the broad power of enforcement the FTC is exercising, which will surprise no one if they start investigating abuses in an area of newly reduced privacy.

The FTC involvement in major industry problems is forcing the industry to take more accountability in hopes of avoiding run-ins with the FTC and reducing the need for regulatory action. Much of the principles centers on either notice before a practice starts (looking more like an opt-in) or a pervasive reminder of a service (looking like the elusive “meaningful opt-out”). While the FTC might only be able to go after the big fish, industry standards reflective of the FTC’s position seem to be taking hold.

In the end, I think this bill is “ok” and will not have the negative and destructive effects that Rotenberg implies. An individual’s consent can still be revoked, and it’s difficult to see this practice taking everyone by surprise. If it did, the FTC might have some further words with Mr. Zuckerberg about their prior agreement. While I’d like to see our politicians more directly confront what we expect from our privacy regime, I’m more comfortable letting the FTC experts, industry players, and privacy advocates come to a consensus on what “works” before Congress tells us what aspect of privacy is most important or opens the floodgates of private litigation.

On October 20th Senator Kay Hagen (D-NC) introduced the Computer Professionals Update Act (CPU Act) for consideration in the Senate. The bill seeks to amend the Fair Labor Standards Act to expand the overtime exception for hourly workers to cover a wide swath of IT workers, including security specialists, software programers, and database administrators. Many of these workers are salaried employees, and thus already exempt from overtime requirements. However, there are still many IT workers that are paid on an hourly basis, as this admittedly unscientific survey shows.

The bill is co-sponsored by three Republican senators and one other Democratic senator, and has been assigned to the Senate Committee on Health, Education, Labor, and Pensions. While the passage of this bill is far from certain–most bills die in committee–the question of why this bill was introduced still looms. I suggest that Sen. Hagen is motivated by something beyond the typical IT worker: the growing video game industry in her home state of North Carolina.

North Carolina has at least fourteen game developers and publishers within its boarders, including the amazingly successful Gears of War developer Epic Games. As evidence of North Carolina’s push for part of the video game pie, the state recently enacted a fifteen percent tax credit for game developers. Should the Federal overtime exemption pass, the State would be able to further aid one of its major growth industries.

The question of overtime hours has been a hot button issue in the game design industry for the last few years, starting when a game developer’s spouse spoke out about the working conditions at Electronic Arts. As recently as July of this year game developers have been complaining of unfair wage practices during grueling production schedules. In an industry where twelve hour workdays are common, having a Federal law that exempts all your key employees from overtime pay may help the bottom line. Many people may dream of working in the video game and technology industry, but should this bill pass some entry level workers may lose out on some important legal protections.

As a final point, it is interesting that none of the co-sponsors are from the technology hot beds of California and Washington. North Carolina’s Technology Triangle may be growing, but without the support of the giants of the technology world it is doubtful that this bill completes its journey into law. This is definitely a bill for any budding tech workers to keep an eye on.

In a small town outside Springfield, Illinois, a controversy emerged this past month as to whether or not the U.S. had fallen victim to its first known industrial cyber attack.  In a public water district, a water pump malfunctioned causing it to turn on and off until the piece of equipment eventually burned itself out.  Cyber-security expert and blogger Joe Weiss notified the media that the Illinois Statewide Terrorism & Intelligence Center had identified the event as a cyber attack launched from somewhere in Russia.  Subsequently, the Department of Homeland Security and FBI pursued investigations and concluded that there was no actual evidence of hacking of the controls to the facility.  No malicious intrusion appears to have occurred.  According to a source with DHS, the Russian IP address found in the computer log was present because the contractor, who had remote access to the computer system, was there on personal business.

As implausible as this and similar scenarios might seem, where hackers could gain control of industrial equipment anywhere in America—outside action movies—the U.S. has already been implicated in committing this exact activity.  Last year, the Stuxnet worm was discovered and linked to U.S. and Israeli governments as an attempt to derail Iran’s nuclear program.  The worm spread to hundreds of thousands of computers but was designed, ostensibly, so specifically as to execute a process only to destroy a network of the centrifuges in Iran’s nuclear facility.  While Stuxnet originally mystified security companies and programmers, it now exists as (1) a well-studied “playbook” for those wishing to design a similar computer worm and (2) part of an acknowledgement that the U.S. is innovating beyond cyber espionage and into industrial cyber warfare.  Realizing that the cyber arms race favors the innovation of hackers, which is often unpredictable for those working cyber defense, many are asking if there is any possible legal regime applicable to this type of attack.

Those trying to determine international rules of law are grappling with almost boundless uncertainty.  Questions of interpretation deal with whether a cyber attack might trigger the collective self-defense provision in Article V of the NATO Charter or qualify as the use of force according to Article 2(4) of the U.N. Charter.  However, a practical issue any lawmaker faces is that it may be next to impossible to know with certainty where an attack is coming from.

The U.S. has endeavored to establish a legal framework for cyber warfare within its own government regarding policies and rules of engagement, but even there deliberations are “ongoing.”  This year, instead of waiting for answers from international bodies, the Pentagon clarified the U.S. view that these attacks may constitute acts of war.  Just recently, the U.S. joined efforts at the NATO cyber defense research center in Estonia, whose government was temporarily crippled by a cyber attack years ago that is presumed to have come from Russia.  Likewise, in the past week the U.K. announced its own Cyber Security Strategy that voiced intentions to pursue an aggressive cyber defense policy.

Still, one important consideration should emerge while we’re worrying about cyber warfare: there is still no evidence of any significant physical harm befalling anyone due to cyber warfare.  These worries can be overblown.  There are few, if any, successful cases of cyber industrial sabotage—even Stuxnet probably only worked to destroy a tenth of its target centrifuges.  On the other hand, many people, even experts, may have vested interests in with raising cyber security fears.  As engaging and serious as this discussion sounds, we should take cyber security threats with a grain of salt.  Before considering retaliation, we especially need to make sure that the problem is not simply a glitch within our own equipment controls.