Articles Posted in Government

Published on:

This week’s article explores the European Union’s brewing copyright law and its possible effects on the internet.  Proponents intend for the law to modernize and suit copyright law for the digital age.  Critics say the law will make the internet substantially less free.  Today we discuss the Directive on Copyright in the Digital Single Market, and more specifically, three of its most recently approved provisions that could pose problems to internet freedom: its right for press publishers, its filtering obligations, and its text-and-data-mining stipulations.

The law’s right for press publishers would allow news companies to collect compensation when their stories are shared on social media platforms.  Known as the “link tax,” it would require platforms to purchase a license to post current-events information coming from news institutions.  Current copyright law already protects journalistic articles as literary works; republishers must ask permission to use such content.  The proposed right, however, effectively expands this protection to data and facts that have already been published. Whereas only creative descriptions or puns in headlines are now protected, mere non-creative fact could be too; this would effectively hold information for ransom.  The purpose of copyright law is to grant a limited monopoly over specific creative works and original ideas.  To extend the law to envelop full ideas or factual content is nonsensical, and stymies the very processes copyright is meant to assist.  Rather than foster innovation by protecting its fruit, the law would chill it by stealing its raw material.  It would obstruct citizens from running businesses and from creating original products using factual information.  In a region without the First Amendment, there is cause for concern.

The law’s filtering provision would require all website hosting providers to use filtering software that checks content against a database of copyright material.  As the law stands, platforms such as YouTube, Facebook, and Twitter are not liable for the copyright infringement of their users, as long as when they are notified of it, they take it down.  The users who post it, however, are still liable to authors or authorship-rights holders.  The current law attempts a balance between honoring the investment of creative authors and promoting innovation through the spread of information.  The “notice and takedown” process allows rights holders to notify the platform, requires that the platform take action but only once it’s told, and reminds users that they may ultimately be held accountable for infringement; this spreads liability out somewhat evenly. The proposed version would subject this process to automation.  This would nominally place the majority of liability on platforms by forcing them to monitor content proactively.  However, the users and their speech will feel the brunt due to the platforms’ much stricter resultant guidelines.  The arbiter of this would be a machine, checking content against a copyright database, which would include factual material.  The necessary software also doesn’t exist—allowed uses of copyrighted content like parody or criticism would be at risk because artificial intelligence cannot distinguish them from infringement.  This imperils important content such as university lectures, for example.

Published on:

In the accelerating information frenzy of the modern world, the specter of hacking has become more threatening as technology progresses.  For example, information is more accessible and vulnerable especially when it is valuable. Public and private institutions rely heavily on electronic communications and storage, which raises the stakes of a transgression.  Currently, there are legal barricades and consequences for accessing or exploiting another individual’s digital information without permission, but most are defensive, and some are largely ineffective.  The need for hacking countermeasures has been introduced and debated, but not satisfied.  International cooperation has largely helped, but is ultimately undergirded by political motive rather than principle.  To a degree, the law remains irresolute as to how to best combat online hacking and similar misconduct.

The federal government has exacted large punishments for hacking computer systems without authorization.  It defines “hacking” as accessing a computer without authorization or exceeding one’s authorization access, obtaining information that the United States government determines to be classified for reasons relating to national defense or foreign relations, or willfully communicating or attempting to communicate the information to any foreign nation, or willfully retaining the information and failing to deliver it to the officer or employee of the United States entitled to receive it.  It can be punished as a misdemeanor or a felony depending on the circumstances, resulting in a up to one year in prison and a $100,000 fine or up to ten years and $250,000, respectively.

So, hacking private companies or individuals can yield similar consequences.  Private companies are no strangers to cyberattacks.  In recent years, though, the scope of offense has broadened from companies contracted with the government or armed forces, to victims as diverse as movie studios and financial institutions.  As it stands, businesses have limited avenues to justice.  They may monitor, take defensive action, and fix whatever damage they incur on their own.  A Congressional bill recently drafted aims to allow businesses to “hack back” legally.  This can mean anything from simply tracing an attack, to identifying the attacker, to actually damaging the attacker’s devices.  However, the bill in its current form is discouragingly vague, and a company’s misstep could risk violating the same laws that were meant to protect it.  So, companies may be unwilling to take that risk.  Another criticism of the bill is that it does little to protect innocent third parties from retaliation where their systems might simply have been hijacked in a hacker’s scheme.  This concern is exacerbated by vagueness in the bill’s language allowing retaliation against “persistent unauthorized intrusion.”

Published on:

On April 10, 2018, Mark Zuckerberg, founder and chief executive of Facebook, took a chair beneath an array of Senators to answer for the uneasiness his company’s behavior had been giving the public.  The testimony comprised a broad variety of concerns – from user privacy to election meddling, to misinformation and an alleged bias in combatting it. The latter concern has fascinating legal implications we will discuss today.

More pointedly speaking, allegations that the large social media companies’ community guidelines have been enforced selectively have sparked a public controversy.  The accounts of some particularly controversial speakers, for better or worse, have been shut down, and others report that the volume of exposure their content gets has suddenly dwindled.  Pundits, for the most part on the right wing, have strongly condemned the companies, and ensuing arguments tend to hit all the philosophical tenets of the classical debate over free speech.

The First Amendment does not ensure anyone’s place on a private platform; it only restricts the government from discriminating with regard to speech, including, but not limited to, hate speech.  For the most part, it is left to market pressures to correct any perceived bias or wrongdoing on the part of the social media companies.  There are other areas of the law, however, that social media companies have some potential to run afoul of.  Critics and commentators have brought up both antitrust law and publishing law issues.  Although, there is debate over the likelihood that companies like Facebook infract upon either, yet the potential does exist.

Published on:

Most, if not all, of our readers are familiar with e-commerce websites and related transactions.  Notably, Amazon.com’s empire, as well as other forms of e-commerce such as iTunes subscription services or purchasing an e-Book are part of these transactions.  In recent news, one of China’s largest e-commerce websites is being sued in the United States for selling counterfeit and knock-off products. Shares of the company, Pinduoduo, plummeted after news of the lawsuit was made public.  Currently, six law firms are in the process of filing class actions on behalf of investors who purchased shares of Pinduoduo.  The company went public in the United States earlier this year, raising over $1.6 billion from investors. Pinduoduo is traded on NASDAQ under PDD, and currently has a $25 billion market cap.

Pinduoduo is known for combining online shopping with entertainment. It was founded in September 2015 by Colin Guang, a former Google employee.  As of now, however, the company has faced an influx of negative media in China, with claims that the platform sells knock-offs of major brand names. This selling of fake goods could give investors standing to sue.  If the investors were misled, and invested because of the false information, they will have a cause of action under the federal securities laws. Executives of companies, and insiders who communicate information to investors about a company, have a duty not to make any misleading or materially false statements about the company.  This includes information about the financial health of the business.

Started only three years ago, Pinduoduo had 295 million active users and 4.3 billion total orders in 2017.  China is the largest online retail market, with other e-commerce names such as Alibaba and JD.com.  Pinduoduo sells groceries, electronics, clothing, and household items, among other things.  While Amazon may be the number one e-commerce website in the United States, Pinduoduo is the second larges e-commerce website in China behind Alibaba.

Published on:

Do you monitor what personal information companies access and store when you visit a website?  Do you wish you had more ability to know what companies do with such data?  In 2018, user data privacy rights have become a major topic for discussion. Starting with Europe’s enactment of the General Data Privacy Regulation earlier in the year, and California’s passing of the Consumer Privacy Act, we have seen many changes in the online legal world.  The trend continues, with internet giants now lobbying for a federal regulatory scheme, which would ease the number of laws they have to comply with if each state follows California and enacts its own user privacy legislation.  In this blog, we will provide an overview of the recent changes.

After California passed a law this year, which grants consumers greater data privacy rights, there has been much backlash from technology giants.  Facebook, Google, Microsoft, and IBM are currently lobbying officials in Washington for a federal privacy law that would overrule California’s legislation.  These technology giants are hoping for such legislation to be passed through Congress, as the lobbyists would influence how the law is written, giving them discretion over their ability to use personal data and information.  Because federal law on such a matter would supersede state law, California’s user privacy law may become naught.

According to Ernesto Falcon of Electronic Frontier Foundation, a user rights group, the strategy of Facebook, Google, and Microsoft here is “to neuter California[‘s law] for something much weaker on the federal level.  The companies are afraid of California because it sets the bar for other states.”  As user data and information is such a key part of the business model of the social media companies – who use such information to sell advertisements – they want as much freedom as possible to collect and exploit such data.

Published on:

Is a warrant required for law enforcement to access a suspect’s location information generated by the suspect’s cell phone?  Would obtaining such data violate a person’s Fourth Amendment rights?  In this blog, we will be discussing whether a warrant is required for law enforcement to access a user’s location information from cell phone service providers.  As geolocation information is almost continually updated when users interact with apps and send and receive messages, such location information is almost always available.  But also, as constantly available are Fourth Amendment rights, namely the right to be free from unreasonable searches and seizures.

In Carpenter v. United States, the Supreme Court analyzed this Fourth Amendment issue.  In order to obtain a search warrant, police typically must submit a warrant application to an independent judge or magistrate.  In the application, the police must outline facts leading the judicial officer to believe there is probable cause that the suspect is engaging in criminal behavior.  This showing of likely criminal behavior is known as “probable cause” and is required for police to conduct a search of a place or person.

There is an applicable federal law.  Section 2703(d) of the Stored Communications Act, which protects privacy information and the stored content of electronics, allows an exemption to the typical warrant required for a search.  Orders made under 2703(d) can compel the production of certain stored communications or non-content information if “specific and articulable facts show that there are reasonable grounds to believe that the contents of a wire or electronic communication, or the records or other information sought, are relevant and material to an ongoing criminal investigation.” This is closer to what is known as the “reasonable suspicion” standard than “probable cause.”  Reasonable suspicion comes into play when police pull over a vehicle, for example, or conduct a stop and frisk of a suspicious person who they believe may be concealing a weapon.  Reasonable suspicion is a much lower bar to meet than probable cause.

Published on:

For this week’s blog post, we will continue with the topic of recent Supreme Court decisions that are affecting the business, e-commerce, and internet world.  Specifically, we will discuss Ohio v. American Express, a case involving the Sherman Antitrust Act and major credit card companies.

In the United States, credit card use is composed mainly of four cards: Visa (45%), American Express (26.4%), MasterCard (23.3%), and Discover (5.3%).  In 2010, the government and 17 states sued American Express, Visa, and Mastercard, alleging that the credit card companies were unreasonably restraining trade and therefore violating the Sherman Antitrust Act.  The government claimed that the credit card companies’ “anti-steering provisions” suppressed competition from rival credit card networks. These anti-steering provisions were between the credit card companies and merchants, and prohibited merchants from “steering” cardholders at the point-of-sale to use cards with lower merchant transaction fees.  Notably, American Express charged the highest transaction fee for merchants.

In fact, both Visa and MasterCard settled with the government in a consent decree in 2011 to change their anti-steering provisions.  American Express, however, continued to litigate up until the Supreme Court case was decided on June 25, 2018. American Express’s business model is different than most credit card companies, which generate revenue mainly from the credit portion of the transactions.  It instead focuses on offering better rewards to consumers than other credit cards, typically attracting a higher-spending for the wealthier consumer.  It then generates the majority of its revenue from merchant fees, arguing that higher merchant fees are justified by the higher spending clientele that it brings to merchants (AmEx also has a higher minimum spending amount for cardholders than other credit cards).

Published on:

For this week’s blog post, we will be continuing with a discussion of another recently decided Supreme Court case.  Specifically, we will cover United States v. Microsoft Corporation, and talk about the ramification’s the Court’s decision has on the world of internet technology.

This case involves user data privacy rights and the ability of US based technology companies to refuse to comply with federal warrants when user data is stored overseas.  The case had to do with the extraterritorial (outside of the United States) application of the Stored Communications Act (SCA), and whether warrants issued under SCA could be effective with regard to new internet technology such as cloud storage and data centers.

In 2013, FBI agents obtained a warrant requiring Microsoft to disclose emails and information related to a customer’s account who was believed to be involved in drug trafficking.  Microsoft attempted to quash the warrant, claiming that all of the customer’s emails and information were stored in Microsoft data centers in Dublin, Ireland.  The court held Microsoft in civil contempt for refusing to give agents the emails, but this decision was reversed by the Second Circuit.  The Second Circuit held that requiring Microsoft to give federal agents emails that were stored overseas would be outside the realm of permissible extraterritorial application of the Stored Communications Act (18 U.S.C. 2703).

Published on:

For this month’s blog posts, we will be discussing some of the most recent Supreme Court cases that have been decided this year.  Specifically, we will address cases that are likely to have an impact on internet, e-commerce, technology, business, and cybersecurity laws.  We will start with a discussion of Murphy vs. NCAA.

Murphy vs. NCAA was decided on May 14, 2018, and generally was the Supreme Court ruling in favor of states’ ability to legalize sports betting.  The Supreme Court overturned the Professional and Amateur Sports Protection Act (PASPA), which previously prohibited all but a few states from legalizing sports gambling.  In Murphy, the Supreme Court held that PASPA violated states’ rights to make their own decisions regarding the legality of sports gambling.  The Court explained that Congress cannot commandeer states to enact or enforce a federal regulatory program, which was essentially what PASPA (as a federal act) was doing towards the states.

Many states, such as New Jersey, are thrilled with this decision.  They view it as an opportunity to generate revenue, prevent black market gambling, and help their economy.  The Court’s decision in Murphy empowers states with the ability to legalize and regulate an estimated $150 billion sports betting industry that was previously illegal.  New York, Connecticut, West Virginia, and New Jersey are among the 20 or so states already introducing legalizing legislation.

Published on:

Cyberbullying in schools is one of the most troubling activities currently plaguing our educational system.  When children are bullied, they can’t focus, they don’t feel that they fit in, and they often lose interest in school.  This creates absenteeism, depression, and even suicide among school-age children and teenagers in our society.

According to the California Attorney General: “Anyone who sends any online communication to deliberately frighten, embarrass, harass, or otherwise target another is a cyber bully.”  California Penal Code section 652.3 is slightly more specific, and states that every person who, with the intent to place another person in reasonable fear for their safety of the safety of their immediate family, by means of an electronic communication device, for the purpose of harassing, is guilty of a misdemeanor punishable by up to one year in a county jail, by a fine of not more than one thousand dollars ($1,000), or both.  Penal Code § 652.3 also makes it a crime to electronically distribute or make available personal identifying information, including a digital image of another person, or an electronic message of a harassing nature about another person, which would be likely to incite or produce unlawful action.

California law defines harassment as: A knowing and willful course of conduct that a reasonable person would consider as seriously alarming, seriously annoying, seriously tormenting, or seriously terrorizing and that serves no legitimate purpose (Penal Code § 652.3).  Electronic act as related to cyberbullying means: The transmission of a communication, including a message, text, sound, or image, or a post on a social network, by means of an electronic device.  This means that any post through Facebook, Twitter, Instagram, Snapchat, or email qualifies as an electronic act, and thus subjects the sender to potential liability for cyberbullying.