Will federal legislation make consumers’ private information safer?

leave a comment

After JP Morgan’s computers were penetrated in the early summer of 2014 by hackers, exposing the personal information of the firm’s customers, the firm did not disclose the breach until late in the summer.[1] Over 76 million customers' contact information—phone numbers and email addresses—were stolen.[2] The Connecticut and Illinois Attorney Generals started scrutinizing JP Morgan’s delayed notification to their customers that their contact information was obtained by hackers, taking issue with the fact that JP Morgan “only revealed…limited details” about the extent of the breach.[3] Both attorneys general are assessing whether JP Morgan complied with their state privacy laws—mainly their state’s data breach notification laws. With the size of JP Morgan and with 76 million customer information breached, it is safe to assume that residents of Connecticut and Illinois were not the only ones whose personal information was compromised. Data breach has become a big issue not only for JP Morgan, but for many other companies. The same hackers who breached JP Morgan’s security wall attempted to get customer data from Deutsche Bank, Bank of America, Fidelity and other financial institutions.[4] Hackers breached Target and Home Depot’s customer credit information, taking 40 million of Targets’ customer credit card information and 56 million of Home Depot’s customer credit card information.[5] Data breach and data lost seem to be inevitable, whether it is through someone working internally for an organization—à la Edward Snowden—or through hackers— like in the case of JP Morgan, Home Depot and Target. Regardless of how data is lost, there is a need to evaluate the best approach in notify a consumer when someone else obtain a consumer’s personal information.[6] The matter is made worse since states have varying definitions of what personal information is, and vary in their definitions of the circumstance that might trigger notification and the method in which a breach must be notified.[7] Some states don’t have a timeline in which a company must notify its customers.[8] And when they do have a timeline, it tends to be vague.[9] It took Target three weeks to notify its customers that their customer’s personal data was breached.[10] The matter is made worse since there is no commonplace federal data breach notification law.[11] Big companies like JP Morgan, who are more likely to be targets of hackers, operate in almost all 50 state, and when their customer’s personal data is breached, they have to deal with each state’s data breach laws state-by-state.[12] As a result, some advocate for the need of a federal data breach law.[13] There’s an assumption that a federal response to data notification would be better than a state by state response. California’s attorney general is currently suing the Kaiser Foundation Health Plan because it took the health plan 5 months to notify its customers about a breach.[14] It may not take long until other attorneys general start scrutinizing Kaiser. Some of Target’s customers in various states are suing Target for its data breach notification as well.[15] However, a federal response to data breach notification may not be panacea that some advocate. Legislating is a murky process—even murkier when there’s not much precedent to work with. Data breach, at least the digital kind, is relatively new phenomenon. While various states have their own laws on data breach notification, it is not clear which state(s) have the best process. If a federal notification law is enacted, the standards may be less than what some states currently have. A federal response may serve as a way for companies to absolve themselves from data breach notification. Though the state-by-state approach may be cumbersome, a state-by-state approach in the end will provide a better result as issues are litigated out in public and judges learn about best practices in each state. As cases are litigated in court, states will naturally learn from each other. This organic process is may be more likely to produce a better result than a top-down federal process. [16] [1] Michael Corkery, Jessica Silver-Greenberg and David E. Sanger, Obama Had Security Fears on JPMorgan Data Breach, N.Y. Times (Oct. 8, 2014), http://dealbook.nytimes.com/2014/10/08/cyberattack-on-jpmorgan-raises-alarms-at-white-house-and-on-wall-street/. [2] Id. [3] Emily Glazer and AnnaMaria Andriotis, J.P. Morgan Data Breach Draws Scrutiny From State Attorneys General, Wall St. J. (Oct. 4, 2014), http://online.wsj.com/articles/j-p-morgan-data-breach-draws-scrutiny-from-state-attorneys-general-1412376500. [4] See Corkery, supra note 1. [5] Robin Sidel, Home Depot's 56 Million Card Breach Bigger Than Target's, Wall St. J. (Sept. 18, 2014), http://online.wsj.com/articles/home-depot-breach-bigger-than-targets-1411073571. [6]Delays revealing data breaches costly: Like JPMorgan, industry practice is hide evidence, JOURNALGAZETTE.COM (Sept. 1, 2014), http://www.journalgazette.net/article/20140901/BIZ/309019956 [7] Reid J. Schar & Kathleen W. Gibbons, Complicated Compliance: State Data Breach Notification Laws, Privacy & Security Law Report, BLOOMBERG (Aug. 9, 2013), http://www.bna.com/complicated-compliance-state-data-breach-notification-laws/. [8] Kelli B. Grant, Why did Target take so long to report the breach?, CNBC (Dec. 20, 2013), http://www.cnbc.com/id/101287567# [9] See Luis J. Diaz and Caroline E. Oks, When Fast Is Too Slow: Notification Compliance Following Target’s Data Breach, The Metropolitan Corp. Couns. (Jan. 16, 2014), http://www.metrocorpcounsel.com/articles/27002/when-fast-too-slow-notification-compliance-following-target%E2%80%99s-data-breach#_ftn2 [10] Grant, supra note 8; See Gregg Steinhafel, a message from CEO Gregg Steinhafel about Target’s payment card issues, Target.com, (Dec. 20, 2013), available at https://corporate.target.com/discover/article/Important-Notice-Unauthorized-access-to-payment-ca. [11] See Judy Greenwald, Federal data breach notification law could simplify process, BUSINESS INSURANCE (Oct 24, 2014), http://www.businessinsurance.com/article/99999999/NEWS070101/399999850 [12] With the exception of Alabama, Kentucky, New Mexico and South Dakota, every state as well as the District of Columbia, Puerto Rico and the U.S. Virgin Islands has enacted legislation requiring notification of security breaches involving personal information. See Schar, supra note 7. [13] See Jill Joerling, Data Breach Notification Laws: An Argument for A Comprehensive Federal Law to Protect Consumer Data, 32 Wash. U. J.L. & Pol'y 467, 468 (2010); see also Jacqueline May Tom, A Simple Compromise: The Need for A Federal Data Breach Notification Law, 84 St. John's L. Rev. 1569 (2010). [14] David Navetta, California Attorney General Files Lawsuit Based on Late Breach Notification, INFORMATION LAWGROUP (Jan. 30, 2014), http://www.infolawgroup.com/2014/01/articles/breach-notice/california-attorney-general-files-lawsuit-based-on-late-breach-notification/. [15] See Diaz, supra note 9. [16] See Flora J. Garcia, Data Protection, Breach Notification, and the Interplay Between State and Federal Law: The Experiments Need More Time, 17 Fordham Intell. Prop. Media & Ent. L.J. 693, 697 (2007); see also Brandon Faulkner, Hacking into Data Breach Notification Laws, 59 Fla. L. Rev. 1097 (2007).

Drone Regulation is Up in the Air

leave a comment

Drones, those unmanned aerial systems that have long been a source of international controversy, have also created interest in the commercial market. Transportation, security, agriculture, and oil and gas exploration are just a few of the sectors that could benefit from drone use. Yet there are valid objections that have stalled the legal use of drones. These worries normally center on the threat of collisions with manned airplanes, and the potential invasion of privacy. Recently the U.S. National Transportation Safety Board has ruled that drones are “aircraft” under the regulatory scheme of the Federal Aviation Administration (FAA). The FAA has published policy statements banning the commercial use of drones. Officials have approved commercial drone flights on a case-by-case basis, which has led to only a small handful of legal drone operators. The rest of the industry has disregarded the policy statements, treating them as simple recommendations and not legally enforceable regulations. The FAA has issued cease-and-desist letters and in one peculiar circumstance, a $10,000 fine, to these drone operators. Yet such actions have been struck down numerous times by the courts. This fight between regulator and industry is a common one but particularly potent in the case of drones. Delays by the FAA have led to its demonization by the drone industry, the Association for Unmanned Vehicle Systems International. The president of the association has stated each day lost to delays in integration will lead to $27 million “in lost economic impact.” However, as alarming as this is, it is important to make sure that when sweeping regulation is enacted it puts a premium on safety, while not destroying the industry. A preliminary article on agency plans show that the FAA plans to group all drones weighing less than 55 pounds under the same rules, with it likely that pilot certifications are to be required. Proposed rules will be issued, followed by a public comment period. Final rules will likely take a year or two to be settled. The FAA is consulting the Pentagon and law-enforcement, and in addition the White House Office of Management and Budget is reviewing the proposal. This whole process has the chance to end up unsatisfactorily and provoke backlash among drone proponents who can point to other countries’ more lenient laws. Canada plans to issue a blanket approval of all drones weighing less than 4.4 pounds as long as they adhere to specific safety standards including altitude limits and no-fly zones near airports. Yet some congressmen want stricter legislation citing airlines’ and pilots’ concerns. Senator Dianne Feinstein (D-Calif.), angry at the overall lack of regulation and investigation of incidences of drone activity by the FAA, announced plans in the beginning of December to introduce stronger legislation. The senator points to numerous crashes, violations of restricted airspace and close aerial calls with manned airplanes as reasons for harsher rules. It is uncertain how Senator Feinstein's suggestions would mesh with the FAA suggestions. Currently there is a mix of legislation and regulation occurring that will have a major impact on the drone industry. This illicit market has the chance to become an integral part of the American economy if regulators in the FAA and Congress allow it. Yet there are valid concerns about safety and privacy and likely no panacea that will satisfy all parties. Hopefully, by implementing regulation soon the FAA can begin to test out these laws and work towards an appropriate resolution.  

Written by

January 10th, 2015 at 6:33 pm

Posted in Commentary

Gas, Electric, Water, and…Internet?

leave a comment

In the midst of the battle for the future of the Internet, President Barack Obama has made his allegiance clear. Obama released a statement on November 10th urging the FCC to adopt new regulations that would treat the Internet like a utility in order to preserve a “free and open internet.” The President’s plan endorses an idea that has become popularly known as “net neutrality.” Proponents of net neutrality claim that it would prevent Internet service providers (ISPs) from picking winners and losers online, which they claim would effectively destroy the open Internet. In his recent statement, Obama outlined several bright line rules which would prevent ISPs from blocking content from customer access, prohibit throttling, increase transparency, and forbid paid prioritization. In order for the FCC to accomplish these goals, President Obama advised that the Commission must adopt the strictest rules possible, which would require broadband service to be treated as a public utility. Opponents of President Obama’s plan argue that treating the Internet like a utility would slow innovation and raise costs, equating the potential FCC regulations to “micromanagement.” Many who oppose the plan argue that the move would increase bureaucracy and cause inefficiency; rather than add it to the list of government-controlled infrastructure, they believe that the open market is the best method of meeting consumer needs. Classifying the Internet as a utility would entail treating ISPs as common carriers, which are governed by Title II of the 1934 Telecommunications Act. Currently, ISPs are classified as information services. Section 706 of the 1996 Telecommunications Act, which governs the FCC’s oversight of broadband services provided by ISPs, grants the Commission only limited power when compared to FCC control over common carriers under Title II. According to George Foote, a lawyer who works closely with the FCC, this reclassification would be a major shift in FCC policy, and would run counter to the “decades-long efforts to deregulate.” Net neutrality has become a hot-button issue as of late, and the debates have intensified since the U.S. Court of Appeals for the D.C. Circuit struck down previous FCC rules relating to equal treatment of Internet content. Judge David Tatel wrote for the court, stating that because “the Commission has chosen to classify broadband providers in a manner that exempts them from treatment as common carriers, the Communications Act expressly prohibits the Commission from nonetheless regulating them as such. Because the Commission has failed to establish that the anti-discrimination and anti-blocking rules do not impose per se common carrier obligations, we vacate those portions of the Open Internet Order.” The reclassification of Internet as a utility under Title II, however, would do away with the exemption, and afford greater control to the FCC over ISPs, which would now be “common carriers.” President Obama’s stance on classifying the Internet as a utility puts him in somewhat unfamiliar company, as Supreme Court Justice Antonin Scalia advocated this same approach in National Cable & Telecommunications Association v. Brand X Internet Services in his dissenting opinion. 545 U.S. 967, 968 (2005). It also puts side by side with former FCC chairman Reed Hundt and former FCC commissioner Michael Copps. Meanwhile, many of those across the aisle, including Republican Senator Ted Cruz and Republican House Speaker John Boehner oppose the President’s plan. In the end, President Obama’s statements are only persuasive. The FCC is an independent agency and, as such, Obama recognized that this decision is “theirs alone.” As the war for the future of the Internet continues to rage on, however, net neutrality has gained a powerful ally.

Written by

January 8th, 2015 at 4:03 pm

Apple Pay and MCX: Antitrust Minefield or Misfire?

leave a comment

On October 20, Apple implemented an NFC payment method called Apple Pay. In a nutshell, this service allows customers to store credit card, debit card, and brand loyalty card information in their iPhones and complete transactions without using the physical card or giving any third-party access to the card number. Within 72 hours, the service already had more than one million card activations. One of the benefits of using NFC for this service is that many merchants (as many as 220,000 nationwide) already have the hardware in place to enable Apple Pay with no active support required from the merchants. This led to Apple Pay being accepted and used at various merchants who had not anticipated supporting it. Within one week of Apple Pay's implementation, however, CVS and Rite-Aid turned off the hardware that enabled Apple Pay and similar services, like Google Wallet. The reason? Those merchants are members of a group called MCX, which has been planning to release a similar payment solution called CurrentC early in 2015. Members could face steep fines for failing to boycott a competing mobile payment method. Aside from customer backlash, this has raised concerns of anti-competitive behavior in the form of a private antitrust investigation against MCX. Although CVS and Rite-Aid's actions "raise an antitrust smell", it remains unlikely that an antitrust suit will bring about change. Proponents of the claims state that what MCX has done is create a 'horizontal boycott' which is illegal. At first glance, this seems to be a slam dunk, but in order to prove a boycott, the potential plaintiffs would need to produce hard evidence of the anti-competitive conduct, such as emails or letters between the participants. Further, even with such evidence, MCX will still have an opportunity to give a 'pro-competitive reason' for not allowing members to accept competing payment solutions. One possible reason that a court could accept is that it was necessary to protect the market for MCX's own system. If that reasoning is found valid, the actions of MCX would be analyzed under a much more relaxed standard, called the rule of reason. Under this analysis, the court would examine projected market share, define a relevant market, as well as a host of other economic tools of analysis. This process is a long one, imposing high costs for all of the parties involved. However, even under this more relaxed standard, MCX might still be in trouble. They have actively excluded potential competitors from entering a market and reduced the choices available to consumers. Regardless of the outcome  or existence of any potential suit, the CEO of the MCX consortium has stated that the exclusivity provisions of the MCX agreement will not remain in force forever, in fact, it would be "months, not years" before they were lifted. Were this truly the case, the suit may be over before it even begins.

Written by

January 7th, 2015 at 2:59 pm

Posted in Commentary

Killer Robots on the Horizon for Weapons Technology

leave a comment

With advances in technology and artificial intelligence, the development of fully autonomous weapons has become closer to reality. Lethal Autonomous Weapons Systems (LAWS), more commonly known as “killer robots,” are different from the drones utilized by the military today in that they will be capable of selecting and engaging targets independently. The concern over the potential ramifications of LAWS has led to an international discussion which is riddled with moral undertones; the prospect of giving a robot the “choice” and power to kill seems wrong to humanitarian rights groups. The effect LAWS could have on military operations is astounding: with autonomous robots in play there is a reasonable possibility of completely removed and emotionless combat. The fear is that these killer robots will be able to make the ultimate decision regarding who lives and dies. The use of LAWS will undoubtedly affect international relations and pose a serious challenge for international law. There is a debate about whether killer robots will even be permitted in warfare, due to possible compliance issues with the international obligations set forth in the UN Charter and the Geneva Convention. As of now, LAWS are not being utilized in the field since they are not yet completely operational, but the United Nations is seeking to anticipate the potential issues and address the problem before the situation spirals and a race to the bottom ensues. The United Nations met in May to consider the potential social and legal implications of killer robots, and one major legal issue is liability. There is some ambiguity regarding who will be held liable if a robot “commits” a war crime or human rights violation. Should the manufacturer be held liable? The military commander? The programmer? The robot itself? Would an autonomous robot even qualify for personhood in a liability context? International humanitarian and human rights law demands that responsibility be determined should research continue and LAWS come to fruition. This is a complicated question given that while the seemingly obvious answer would be the military commander (absent some sort of product defect, in which case the manufacturer or programmer would be liable), the commander does not have complete control over the robot. LAWS will theoretically be able to identify and engage targets based on an algorithm that was created by a programmer. So if the robot screws up and kills a civilian, is it the programmer’s fault due to a glitch in the code or the commander’s fault for not carefully monitoring the robot’s activities and catching the mistake? 117 States are parties to the Convention on Certain Conventional Weapons, which was created to restrict the use of certain types of weapons that may affect civilians indiscriminately, an umbrella that killer robots certainly fit beneath. The addition of LAWS to the banned weapons covered by the Convention may prove to be critical in preventing a race to the bottom among countries with the technological capability of producing killer robots. The outcome of the UN’s Geneva discussions will be reviewed at the formal conference of the Convention on Certain Conventional Weapons later this month, where states will discuss possible next steps on autonomous weapons.

Written by

December 18th, 2014 at 5:20 pm

Posted in Commentary

Regulate High Frequency Trading?

leave a comment

The recent financial crisis has led to heightened scrutiny across the financial markets.  After the markets collapsed in 2008 there were calls for increased regulation of the financial markets, which led to the passage of the Dodd Frank Act.  Despite the increased scrutiny and regulation, not every aspect of the financial markets is sufficiently covered and grey areas exist where it is unclear how the law will affect certain practices. One such practice is that of high-frequency trading. High-frequency trading is the use of sophisticated technological tools and computer algorithms to rapidly trade securities.  High-frequency trading uses proprietary trading strategies carried out by computers to move in and out of positions in seconds or fractions of a second.  It is said that this form of trading benefits the markets by moving supply and demand among long-term investors quickly and efficiently thereby reducing volatility and increasing liquidity. However, opponents of high-frequency trading have identified numerous perceived problems associated with the practice.  One such problem is that securities exchanges have been selling access to market data to high-frequency traders in such a way that they have access to the information a very short period of time before other investors.  Opponents claim that high-frequency traders then use this information to improperly influence the financial markets – at the expense of other investors that lack this “earlier” access to the market data provided by the exchanges. The trouble in attempting to root out any potential violations associated with these problems lies in the current regulatory scheme governing the financial markets.  For example, the SEC has the power under §11A(c) of the Securities and Exchange Act of 1934 to adopt rules relating to “distribution or publication” of financial information applicable to exchanges.  However, in order to prove fraud on the part of the high-frequency traders the government must prove intent to artificially affect stock prices or to defraud others.  Further, exchanges enjoy special regulatory status that shields them from certain legal challenges – they are self-regulators, which means they are protected from liability for damages that clients suffer as a result of their actions. Thus, the current regulatory state governing high-frequency trading poses potential difficulties in rooting out “real” violations of the law in this domain, but too much regulation will likely serve to deter investors from partaking in high-frequency trading, and thus destroy the value added by this practice.  It will be interesting to see how the law is shaped and/or adapts to these challenges in the future.

Written by

December 8th, 2014 at 7:10 pm

Posted in MTTLR Journal

CVSG Filed in Commil: Is This Yet Another “Fundamental Misunderstanding” of Patent Law by the Federal Circuit?

leave a comment

On June 2nd, the Supreme Court unanimously reversed the Federal Circuit’s decision in Limelight Networks, Inc. v. Akamai Technologies, Inc. The Court found a defendant could not be held liable for induced infringement of a patent under 35 U.S.C. §271(b) where there has been no infringement under §271(a). In the opinion, the Court had some harsh words for the Federal Circuit. The Court was uncertain why, despite the “simple truth” that liability for inducement must be predicated on direct infringement (to which all parties and the Federal Circuit agreed), the Federal Circuit nonetheless continued its analysis. Ultimately, the Court felt that “the Federal Circuit’s analysis fundamentally misunderstands” method patent infringement.  The amicus brief filed by the Government on October 16th in Cisco Systems, Inc. v. Commil USA, LLC suggests that if and when the Court considers the case, it might reject the Federal Circuit’s decision with comparable vigor. Commil alleged that Cisco both directly infringed and induced infringement of its method patent for hand-offs of mobile devices between base stations in a wireless network system. During the district court trial (the second, the first being reversed after an attempt to unfairly prejudice the jury by counsel for Cisco), the jury found for Commil on both issues and awarded $63.7 million in damages (with an additional $10.3 million awarded by the court for prejudgment interest and costs). On appeal, Cisco argued that the jury instruction on the claim of induced infringement used the language of negligence as opposed to instructing the jury on the higher scienter requirement the Court has adopted for induced infringement cases. Of greater importance, the Federal Circuit held that Cisco should have been able to admit evidence of its good-faith belief that the patent was invalid which bears upon the “willful knowledge” scienter requirement. As it is “axiomatic that one cannot infringe an invalid patent,” the court reasoned that a “good-faith belief of invalidity” could negate the requisite “specific” intent for induced infringement. The Federal Circuit’s support for this new defense was hardly unanimous. Judge Newman, in dissent, argued that the majority’s holding was “contrary to the principles of tort liability, codified in [§271(b)].” A subsequent petition to grant rehearing en banc was denied by a 6-5 vote in the face of two additional dissents. All five dissenting judges, led by Judge Reyna, argued that the defense is “without foundation in law and precedent.” The Government’s brief in support of granting certiorari on the issue of the good-faith defense asserted a similar position. As with the dissenting judges, the Government took issue with the good-faith defense as being “inconsistent with the text, structure, and the purposes of the relevant Patent Act provisions.” Firstly, the Government argued that patent invalidity and non-infringement of the patent are separate defenses under the Patent Act. “The validity of the patent is not an element of direct infringement” so they argued that any belief that the patent is invalid is “irrelevant” to direct infringement. Direct infringement is a strict-liability tort, so the only defense is simply that no direct infringement occurred (i.e. non-infringement). The brief was particularly concerned with the “axiomatic” proposition that one cannot infringe an invalid patent: it noted that one of the authors of the original Patent Act described the very assertion as a “nonsense statement.” An actual finding of invalidity would preclude liability for infringement, direct or induced, and not “negate the fact of infringement.” Furthermore, infringement is understood as practicing the actions which the granted patent allegedly protects, whether or not that grant should have been made by the PTO. Even if the inducer subjectively believes that the patent is invalid, inducing the conduct amounts to inducing infringement. Finally, the Government affirmed the belief held by the Federal Circuit dissenting judges that this defense would “fundamentally change” inducement suits, and not necessarily in a manner favorable to patent holders attempting to enforce their rights. Recognizing that some amount of direct patent infringement (perhaps 20 or 30 percent) cannot be enforced in a practical manner, Congress made the policy decision to allow for an induced infringement cause of action in order to provide some recourse in these situations. Recognizing that all defendants may now “quickly obtain an ‘opinion of counsel’ to support a claim of good-faith belief in invalidity,” the Government sees the potential that this defense may “substantially undermine” a primary purpose of §271(b). Amidst a clear opposition by almost half of the Federal Circuit and the US government, on top of the existing and explicit lack of trust the Supreme Court has in the Federal Circuit’s understanding of method patents (the type allegedly infringed in Commil), it would be surprising if the Court denied cert. on this issue. If the misunderstanding here is as fundamental as in Limelight (as those in opposition present it to be), the Court may soon be forcefully overruling another Federal Circuit inducement decision.

Written by

December 3rd, 2014 at 7:01 pm

Posted in Cases,Technology

“We Don’t Care”? Maybe Kanye should…

leave a comment

140 characters may not seem like enough room to really say something of value. But if Kanye West is saying something, it can be worth a lot more than one may expect. Etsy seller “supervelma” has hand-stitched popular tweets from the rapper Kanye West onto fabric, framed them, and is currently selling them for $45 each on the online craft retailer Etsy. Understandably, West may be upset that someone else is profiting off of his hard-earned Twitter notoriety, but does he have a remedy? Copyright is the traditional form of protection for works of art. Having a registered copyright can prevent others from reproducing the work, making a derivative piece of art based on your original work, or further diluting the value of your work by displaying it. West could argue a claim of copyright infringement, however he may encounter difficulty proving that a tweet can actually receive copyright protection. Many tweets simply state facts—which cannot be protected by copyrights—or link to news articles, whose headlines are generally found to be insufficiently creative to warrant copyright protection. It is also debatable whether a tweet like, “Fur pillows are hard to actually sleep on” meets the de minimis requirement of creativity that a copyrighted work must have. Most copyright experts agree that there is not a bright line rule about whether tweets can gain copyright protection; a copyrightable tweet would certainly be the exception rather than the norm because of the observational nature of Twitter. West—a professional wordsmith—might be able to make a stronger argument than most that his tweets go beyond mere observations, and are artistic expressions that might even make it into future albums. Viewing his tweets as strings of song lyrics may convince a judge that his entire Twitter history, or at least some of his more introspective and personal tweets, would warrant the protective shield of a copyright. Even without a copyright, West would likely prevail because of the use of his name and “likeness”—in the form of a hand-stitched avatar on the cloth. Most states have held that people are entitled to a “right of publicity,” which recognizes a property right in the commercial value of a person’s identity. The commercial value of the name Kanye West, and the public image he has developed, is clearly what is driving the market for these embroideries. While “supervelma” does offer customers the chance to custom order whatever tweets they would like, West’s tweets are what gained the recognition of popular website Buzzfeed and undoubtedly drove up business. West certainly has grounds to seek an injunction to stop “supervelma” from continuing to produce these items, and depending on the state statute regarding remedies he could also sue to recover for any damages and may even be able to get exemplary damages if a jury felt they were appropriate. Public figures should be aware that the same media making them more available to fans can also provide more material for appropriation, and it may be worthwhile to increase their monitoring of retail websites like Etsy, Amazon, and eBay for unauthorized products.

Written by

December 1st, 2014 at 1:44 pm

Posted in Commentary,Technology

Tagged with , ,

The Broader Benefit of Benefit Corporations

leave a comment

Ello, an ad-free social network, recently closed another round of venture funding, raising $5.5M. Exciting right? Another social media start-up getting some Series A funding. While $5.5M is surely nothing to sneeze at, perhaps the more interesting feature of this next stage of Ello's life is that it's registered itself as a public benefit corporation, enshrining in its corporate charter as a "public benefit" that it will never show ads or sell user data. To date, 27 states have enacted legislation recognizing "Benefit corporations," entities that give directors legal protection to pursue social and environmental goals over maximizing investor returns. According to benefitcorp.net, a defining characteristic of benefit corporations is that "they are required to create a material positive impact on society and the environment." One of the largest early adopters of the benefit corporation form was outdoor clothing and gear company Patagonia. In doing so, Patagonia sought a structure that would prevent shareholders from suing it in the pursuit of costly environment initiatives, such as donations to environmental organizations and support of renewable energy sources, that allowed it to serve the welfare of the global community. Warby Parker, with its initiatives ranging from staying carbon neutral, to providing lost cost eyewear to those in need, and even sponsoring a local Little League team, similarly sought the insulation of its directors through the benefit corporation structure. In both examples, the benefit corporation produces a direct, measurable and concrete positive impact on their communities and the environment. Ello's election to benefit corporation status brings with it a tweak to what we've seen so far. Even though Ello has registered as a public benefit corporation, their mission is in many ways fundamentally different from more well-known predecessors. Whereas Patagonia and Warby Parker have employed the benefit corporation as a way to protect their support of immediate and material benefits to the public good outside of the scope of their direct relationship with their consumers, Ello seems to have stretched the breadth of the defining characteristic of benefit corporations to protect what it believes to be the intrinsic value of its product. Is protecting users from ads a public benefit in kind with what we've seen from Patagonia and Warby Parker? In allowing Ello to register as a benefit corporation, Delaware state law seems not to see a distinction. Whatever the limits of the definition of public benefits, one thing Ello has shown about benefit corporations is how useful they can be in insulating directors from investor interference. Whether or not Ello's mission can truly be said to be in pursuit of the public good, they have succeeded in securing the pursuit of their vision. In effect then, perhaps it makes more sense to refer to Ello as a "mission" corporation, protecting the discretionary judgment of it leadership beyond its fiduciary duties to investors, than a benefit corporation. To all of the entrepreneurs of the world, be aware of this broader benefit.

Written by

November 25th, 2014 at 10:37 pm

SOPIPA: A first step towards national standards for student data protection

leave a comment

In recent years, school districts have begun incorporating computers and tablets in the classroom to instantly deliver personalized content and interactive technologies to enhance student learning.  However, the increasing use of technology in classrooms coupled with the expanding market for targeted advertising has sparked major concerns over third-party collection and use of student data. Children are particularly vulnerable because, unlike adults who generally understand the implications of consumer privacy policies, children are unable to give any sort of meaningful consent to the type of collection scheme utilized by education technology companies.  While the federal law does offer some protection to the online privacy of children, these laws were written before the information era of smartphones and cloud storage. On Sept. 29, California became the first state to pass a sweeping law that protects the use of student educational data by third-party vendors.  The Student Online Personal Information Protection Act (SOPIPA) prohibits online education service companies from selling and/or using student data for purposes of targeted advertising.  Specifically, it prohibits the use of "information, including persistent unique identifiers, created or gathered by the operator's site, service, or application, to amass a profile about a K-12 student, except in furtherance of K-12 school purposes."  The law also requires online service providers to implement security procedures to protect student data and requires that these providers delete data at the request of a school. In response to SOPIPA, certain key industry players signed onto a pledge to adopt similar student data protections nationwide.  By signing the pledge, the participating companies publicly promise not to sell information or conduct targeted advertising using data obtained from K-12 students. This pledge is not legally binding, but does leave the participating companies open to enforcement actions by the Federal Trade Commission.  Notably, Google refused to sign the Pledge, despite that fact that SOPIPA was pushed through largely in response to breaking news that Google was scanning student emails for advertising purposes. According to social media attorney Bradley Shear, “Google's refusal to sign the industry backed pledge appears to be an acknowledgement that if it signs the Pledge it will be in violation of Article 5 of the FTC Act regarding unfair and deceptive trade practices.” A lack of federal standards allows companies like Google to continue questionable data collection practices.  The lack of federal standards also makes compliance with SOPIPA and other state-implemented privacy laws extremely difficult for online education companies that provide services in multiple states. While SOPIPA has the potential to serve as a template for federal reform, there are some ambiguities in the law that should be addressed.  First, it is unclear what is encapsulated by the phrase “K-12 school purposes.”  Should it be read narrowly to cover services used solely for instructional and educational purposes or more broadly to cover products used for administrative functions like storing student records?  Arguably, the provision could be interpreted to include social media sites that have some educational connection but are not exclusively used for K-12 purposes.  Furthermore, because SOPIPA does not include any user control provisions, a school might elect to retain student records for educational analytics purposes for an unlimited amount of time.  In addition to clarifying the definition of K-12 purposes, federal legislation should consider including such user control provisions in order to give students and parents some ability to decide how their data is collected, used, and stored. Regardless of these ambiguities, SOPIPA represents an admirable first step towards establishing national standards for student data protection.  

Written by

November 24th, 2014 at 1:18 pm

Posted in Commentary

Search the Blog