The Fair Use Doctrine Remains an Issue in the Courts Even for Tech Giants

By: Veronica Medina
As technology advances, the fair use doctrine in 17 U.S.C. § 107 is becoming more of an issue in the courts. The application of the fair use doctrine by judges in courts portrayed inconsistencies in variance because the factors are applied on a case-by-case basis.1 The courts apply a four factor analysis from the fair use doctrine to cases where a defendant is accused of copyright infringement.2 17 U.S.C. § 107 considers whether a work is transformative, its purpose, the nature of the original, the amount taken, and the market effect.3
Once a work is considered transformative, the fair use doctrine then analyzes the other factors.4 To apply the factors in a way that would not cause too much variance in decisions, the courts balance the weight of the factors.5 The main factors they focus on are the work’s
__________________
1 T. Randolph Beard et. al., Fair Use in the Digital Age, 65 J. Copyright Soc’y, 1, 23 (2018).
2 17 U.S.C.S. § 107 (LexisNexis 2018).
3 Id.
4 Richard Stim, Fair Use: The Four Factors Courts Consider in a Copyright Infringement Case, NOLO (2018), https://www.nolo.com/legal-encyclopedia/fair-use-the-four-factors.html.
5 See id.; See also Campbell v. Acuff-Rose Music, Inc., 510 U.S. 569, 584(1994).
purpose and the market effect.6 However, as technology advanced and became the norm, the courts varied in their decisions with the fair use doctrine.
Oracle American Inc. v. Google LLC was described as being deadlocked when centralizing on the issue of fair use.7 The case concerned whether Google’s use of Oracle’s packages from Java application programming interface (API) was within fair use.8 Google used 37 of Oracle’s API packages and formed the rest with their own code.9 Google then used that for Android software.10 The case traveled through the courts since 2012 when the district court held the API packages were not subject to copyright.11 However, the issue of fair use began in 2014 when the federal circuit held Oracle’s API packages were copyrighted.12 The federal circuit sent it back to the lower courts to decide if Google’s actions were within fair use.13 Google was
______________
6 See id.
7 Oracle Am., Inc. v. Google LLC, 886 F.3d 1179, 1186 (Fed. Cir. 2018).
8 Id.
9 Id.
10 Id. at 1187.
11 Oracle Am., Inc. v. Google Inc., 872 F. Supp. 2d 974 (N.D. Cal. 2012).
12 Oracle Am., Inc. v. Google Inc., 750 F.3d 1339, 1348 (Fed. Cir. 2014).
13 Id.
found to be within fair use in the second jury trial and by the district court.14 The district court also rejected the motion Oracle filed for a judgment as a matter of law.15
In the recent ruling of Oracle Am., Inc. v. Google LLC, the court ruled in favor of Oracle.16 The court held that Google’s code was not transformative because even taking a little portion of the implementing code was not transformative.17 This then weighed into the purpose factor with the court’s analysis of profitability, which ruled against Google that Google’s Java in Android was commercial.18 The second and third factors were also against Google because the court found the API to be creative, which Google plagiarized a sufficient amount.19 The fourth factor was found against Google because the court claimed Google competed with the same market as Oracle.20
_______________
14 Oracle Am., Inc. v. Google Inc., No. C 10-03561, 2016 U.S. Dist. LEXIS 74931 (N.D. Cal. June 8, 2016).
15 Id.
16 Oracle Am., Inc. v. Google LLC, 886 F.3d 1179, 1211 (Fed. Cir. 2018).
17 Id. at 1197-98.
18 Id.
19 Id. at 1204-1207.
20 Id. at 1211.
Oracle Am., Inc. v. Google LLC is of great significance. The case depicts evidence that the fair use doctrine needs reform. Specifically, in obtaining more direct and fair rules that are applicable to software. For example, lower courts like the one presented in this case applied fair use differently than the court of appeals here.21 For instance, it should be a form of transformation when Google used a small portion of Oracle’s code and then used its own code.22 Software, as Android stated, is complicated to form.23 Hence, it should be within fair use to use little portions of other software to advance technology at a quicker speed.
Since courts do not focus on the second and third factors, perhaps the doctrine should re-word them more specifically or not include them.24 Lastly, for the fourth factor, the doctrine should be more specific in which types of markets count as competition for software purposes.25 This way, Tech Giants in the future can be more aware before they use another’s software that is not counted as fair use.
_________________
21 See id. at 1186.
22 See Oracle, 886 F.3d at 1186; See also id. at 1199.
23 Id. at 1187.
24 See 17 U.S.C.S. § 107(2-3) (LexisNexis 2018).
25 See id. at (4).

The Case for Recognizing (Once Again) the Internet as a Public Utility on the Federal Level

By: Logan LeCates
Since the end of net neutrality, various entities have been throttling bandwidth.[1] Is it fair or reasonable (or arguably a breach of contract) for the provider of a service to, of their own volition and lacking necessity, to throttle service to one customer who has already paid, in order to provide superior service to another? Detractors would contend that the buffering of a few YouTube or Netflix videos is a trivial convenience, and that consumers should consider using another ISP or internet service. However, ISPs often function as regional monopolies, and consumers in rural regions often have no alternative methods for internet access.[2] Furthermore, failing to hold ISPs accountable for this behavior can have far-reaching consequences. In fact, this behavior has already endangered emergency responders, who are often reliant on broadband for communications.[3]
Two points of interest alone would be sufficient to justify restoring the federal regulation of the internet: The Constitution, and the First Amendment. Article I, § 8, clause 3 provides that Congress has the power to regulate interstate commerce.[4] For most Americans, the days of walking down to the nickel and dime are gone; we use our phones or laptops to order products from Amazon, pre-order groceries (or even have them delivered), and transfer money for privately rendered services through applications such as Venmo. For example, in July 2018, the U.S. Census Bureau estimates that Americans spent $ 507.5 billion via e-commerce.[5] The necessity and volume of use are alone sufficient to allow Congress to justify passing legislation regulating broadband.
The other obvious concern is censorship – social media companies have the ability to permit and deny use of their platforms for the expression of thoughts and ideas, and this can be weaponized for political or ideological purposes. Considering how reliant we have become on the internet for communication, this is a legitimate concern; print is dead, and our public squares are now digital. If we are not free to express ourselves online, then how can diversity of thought and opinion prevail? Free market advocates would argue that these are companies and should not be subject to regulation, but they are behemoths, and like ISPs, function together as an oligopoly. There is no mechanism to incentivize or disincentivize their behavior, and they have no true competition. Under government regulation, these platforms could be precluded from this activity, and legislators could be held accountable for enforcement by the democratic process.
  1. Olga Kharif, YouTube, Netflix Videos Found to Be Slowed by Wireless Carriers, Bloomberg Technology (Sept. 4, 2018, 5:00 AM), https://www.bloomberg.com/news/articles/2018-09-04/youtube-and-netflix-throttled-by-carriers-research-finds.
  2. Kayleigh Rogers, More Than 100 Million Americans Can Only Get Internet Service From Companies That Have Violated Net Neutrality, Motherboard (Dec. 11, 2017, 2:30 PM), https://motherboard.vice.com/en_us/article/bjdjd4/100-million-americans-only-have-one-isp-option-internet-broadband-net-neutrality.
  3. Jon Bodkin, Verizon Throttling Could Trigger FTC Investigation of Deceptive Practices, Ars Tecnica,(Aug. 27, 2018, 12:10 PM), https://arstechnica.com/tech-policy/2018/08/verizon-throttling-could-trigger-ftc-investigation-of-deceptive-practices/.
  4. U.S. Const. art. I, § 8, cl.3.
  5. Advanced Monthly Sales for Retail and Services, August 2018 (Release Number: CB18-140), https://census.gov/retail/marts/www/marts_current.pdf (last visited Sept 4, 2018).

3D-Printing: Three Dimensional Dangers of CAD Files

By: Andrea Hageman
Although the concept of 3D printing has existed since 1981[1], it wasn’t until 2009 when a 3D printer first became commercially[2] available that the technology began to slowly become more accessible, even though they were still $10,000[3] a pop. Since then, the 3D printing movement has only gained more traction as they become more accessible[4]. As accessibility increases so have speculations about their potential uses. The obvious appeal is the ability to print anything you want and become one’s own personal manufacturer. However, a recent federal case has recently brought to light that this kind of technology has as much potential to be dangerous as it has to be convenient.
3D printers work by turning a computer aided design, or CAD file and converting the data into a series of two-dimension layers and printing those layers on top of each other[5]. In short, similar to downloading a word document to print, a user downloads CAD files to print an item. In essence, this allows a person to share an item to multiple people just by sending a simple
file. This is exactly what Cody Wilson, founder of Defense Distributed, did in December 2012[6] when he designed and released a CAD file of a plastic gun,[7] until he was and was told to remove the file[8]. In May 2015 Wilson sued the federal government alleging that the government in requiring him to remove the CAD file of the plastic gun violated his right to free speech and to bear arms and seeking an injunction to stop the government from requiring any pre-publication approval of Defense Distributed files so that they and others would be free to publish these and similar CAD files without governmental intervention.[9] The Court denied Wilsons’s motion for the injunction to stop the federal governments regulatory enforcements, reasoning that that by publishing the files Defense Distributed by facilitating access to the product of weapons would increase the type of global conflicts the government is empowered to regulate[10]. However, years later the controversy over 3D printed guns has only increased.
The regulations Wilson challenged in 2015 were recently scaled back by an agreement between the government and Defense Distributed which would allow the company and others to be able to publish CAD files of guns and other weapons.[11] In response however, Washington DC as well as eight other states filed their own lawsuit to invalidate the agreement between Defense Distributed and the federal government in order to stop the company from being able publish the weapons again[12]. This lawsuit has brought the potentially dangerous implications of 3D printing back into the public eye. Although the court granted the states’ motion, holding that they have sufficiently proven that the likelihood of injury due to the publishing of the CAD weapons is high and therefore warrants at least the temporary staying of the agreement[13], the once bright future of 3D printing is now dimmed by practical considerations of what the technology means not only for the way we live our lives but also by what kinds of regulatory reforms would be necessary to combat the dangers that come with people being able to print anything with the click of a button.
Although a preliminary injunction has been granted[14], therefore stopping Defense Distributed from being able to publish these files, the larger issue still stands: if 3D printing continues to become more accessible, will its social utility outweigh its potential dangers and if so, what if any regulations may the federal government place on the types of files people share and create in order to counteract these dangers? The more accessible this type of technology is, the easier it becomes for people to use it to get around the sorts of protects and regulations already in place, necessarily requiring that our protections evolve with technology. However what kinds of evolution with be sufficient as well as constitutional still remains to be seen. No doubt cases similar to this one will continue to pose this question as CAD files of weapons serve as a solemn reminder that being able to printer anything means being able to print anything.
  1. See generally Dana Goldberg, History of 3D Printing: It’s Older Than You Are (That Is, If You’re Under 30), Redshift by Autodesk (Apr. 13, 2018), https://www.autodesk.com/redshift/history-of-3d-printing/.
  2. See generally The Free Beginners Guide, 3D Printing Industry, https://3dprintingindustry.com/3d-printing-basics-free-beginners-guide#02-history.
  3. Id.
  4. See generally Hannah Bensoussan, The History of 3D Printing: 3D Printing Technologies from the 80s to Today, Sculpteo (Dec 14, 2016), https://www.sculpteo.com/blog/2016/12/14/the-history-of-3d-printing-3d-printing-technologies-from-the-80s-to-today.
  5. Chris Woodford, 3D Printers, Explain that Stuff! (Aug 4, 2018), https://www.explainthatstuff.com/how-3d-printers-work.html.
  6. See generally Defense Distributed v. United States Dep’t of State, 121 F. Supp. 3d 680, 687 (W.D. Tex. 2015).
  7. Megan Redman, Jessica Hopper, Knez Walker and Alexa Valiente, Entrepreneur behind fight for sharing 3D printed gun blueprints on why he’s advocating for ‘the people’s right to keep and bear arms, ABC News (Aug 9,2018), https://abcnews.go.com/US/man-fight-sharing-printed-gun-blueprints-hes-advocating/story?id=57117087.
  8. Washington v. United States Dep’t of State, 315 F. Supp. 3d 1202, 1204 (W.D. Wash. 2018).
  9. Id. at 1203.
  10. Id. at 1205.
  11. Id.
  12. Id.
  13. Id.
  14. David Sherfinski, Federal Judge Grants Preliminary Injunction in 3-D Printed Gun Case, The Washington Times (Aug 27, 2018), https://www.washingtontimes.com/news/2018/aug/27/judge-grants-injunction-3d-printed-gun-case/.

Samsung Electronics Co., SK Hynix, and Micron Technology, Inc. Accused of DRAM Price Fixing

By: Michael Furda
Earlier this year, several large Dynamic Random Access Memory, also known as DRAM, manufacturing companies have been accused of colluding to fix prices on DRAM memory since June 2016.[1] DRAM is a type of memory used in computers, servers, graphics cards, printers, and many other common forms of technology.[2]
In April 2018, a group of consumers filed the first of several class action complaints against Samsung, Hynix, and Micron.[3] The plaintiffs allege that these manufacturers engaged in price fixing for DRAM starting in June 2016 to February 2018.[4] The plaintiffs seek to represent consumers that purchased products containing DRAM within that period.[5] They contend that during the class period, prices of DRAM more than doubled.[6] The price increase has drawn a lot of suspicion, mainly because in early 2016, Samsung, the largest DRAM manufacturer, publicly announced that it was experiencing negative growth on DRAM due to the previous years in which the three manufacturers competed heavily to capture market share from each other.[7] Shortly after Samsung’s announcement, DRAM prices began increasing and have only continued to grow.[8] For example, one 16GB DRAM memory kit was sold for $68.99 in June 2016, and by May 2018 it was being sold for $169.99.[9]
Following the complaint filed in April, another consumer filed a complaint against the same DRAM manufacturers with allegations almost identical to the complaint made in April.[10] The main difference between these complaints is that the more recent one seeks to represent only U.S. purchasers who bought DRAM directly from the companies and the class period continues to the present.[11]
Both complaints contend that the named manufacturers control approximately 95 percent of the worldwide market for DRAM.[12] Furthermore, the complaints state that because of the large market share these manufacturers hold, they deliberately reduced production of DRAM in order to increase prices.[13] Additionally, during the class period, Micron, Samsung, and Hynix have experienced a significant increase in revenue for DRAM sales; 322 percent, 260 percent, and 277 percent, respectively.[14]
These recent complaints are not the first time that these large manufacturers have been accused of price fixing DRAM. In 2006 a similar suit was filed that covered a time period between April 1999 and June 2002.[15] That suit ended up resulting in a $300 million settlement in 2006.[16] In 2005, the DOJ charged Samsung, Hynix, and several other DRAM manufacturers with price fixing.[17] Further investigation by the DOJ also resulted in several executives serving jail time.[18] Later in 2013, the manufacturers agreed to pay $310 million in California for price fixing the cost of DRAM.[19]
While it is certainly possible that these manufacturers could have engaged in price fixing during the current class periods, it is also possible that the price increase resulted from an increase in market demand. In recent years, there has been an increase in demand for DRAM due to its use in common technology such as smartphones, graphics cards, and NAND; which is used in USB flash drives, solid state drives, and many other pieces of technology.[20] In February, it has been observed that DRAM prices have begun to decrease shortly after Samsung agreed to increase its production following a memorandum of understanding with the National Development and Reform Commission, a department in China that has been recently investigating allegations of price fixing by DRAM manufacturers.[21]
Overall, only further investigation into the activity of these DRAM manufacturers over these last few years will reveal whether they have taken part in another price fixing scheme. If they are found guilty once again, it begs the question of how the courts will react to these repeat antitrust violations.
  1. Bryan Koenig, Samsung Facing Another DRAM Price Conspiracy Class Suit, Law360.com (June 27, 2018), https://advance.lexis.com/api/permalink/61044528-c3df-4152-b12d-9d0231382e4b/?context=1000516.
  2. Samsung: Settles DRAM Price-Fixing Class Action for $310-Mil, Class Action Reporter (August 13, 2014), https://advance.lexis.com/api/permalink/e9a76e86-3b21-4940-864c-a5b3699f7cc8/?context=1000516. See generally Margaret Rouse, Definition: DRAM (dynamic random access memory) (May 2015), https://searchstorage.techtarget.com/definition/DRAM (provides definition for DRAM).
  3. Kat Greene, Samsung Named In Suit Over Alleged DRAM Price Conspiracy, Law360.com (April 27, 2018), https://advance.lexis.com/api/permalink/b5e5bb66-f17e-4f32-be47-9cf996045fd1/?context=1000516.
  4. Id.
  5. Id.
  6. Id.
  7. Id.
  8. Id.
  9. James Sanders, Samsung, Hynix, Micron Sued for DRAM Price Fixing That Could Have Raised PC Prices, Tech Republic (May 1, 2018), https://www.techrepublic.com/article/samsung-hynix-micron-sued-for-dram-price-fixing-that-could-have-raised-pc-prices/.
  10. Koenig, supra note 1.
  11. Id.
  12. Id.; See generally Trendforce, DRAM Revenue in 1Q18 Rose by 5.4% QoQ to Another Record High as the Upswing of ASPs Continued (May 14, 2018), https://www.dramexchange.com/WeeklyResearch/Post/2/4980.html/.
  13. Koenig, supra note 1.
  14. Complaint at 14, Onshore Networks of IL, LLC v. Micron Technology, Inc., No. 4:18-cv-03905 (N.D. Cal. 2018) http://www.classactionsreporter.com/sites/default/files/dram_antitrust_complaint.pdf.
  15. Bruce Zagaris, IX. International Anti-Trust Enforcement Three Samsung Executives Plead Guilty for Role in DRAM Price Fixing Conspiracy, International Enforcement Law Reporter (May 2006), https://advance.lexis.com/api/permalink/ac94ceb9-3c57-4711-b5be-6827c136f465/?context=1000516.
  16. Koenig, supra note 1.
  17. Zagaris, supra note 15.
  18. Id.
  19. Koenig, supra note 1.
  20. DRAM Revenues to Top $100 Billion in 2018, ETMAG.com (August 21, 2018), https://advance.lexis.com/api/permalink/3480fc77-0182-4634-94d8-ba947327138f/?context=1000516.
  21. Green, supra note 3.

DJs and Sampling: Is the Transformative Prong of Fair Use the Key to Avoiding Copyright Infringement?

By: Bradley Fenniman
  1. Introduction
Electronic dance music, commonly referred to as “EDM” is a broad term that encompasses a multitude of musical subgenres produced using a computer and other technological instruments.[1] For example, the subgenre referred to as “dubstep” is created by mixing certain basslines and chord progressions at the 140 beats per minute (bpm) range using different programs and electronic synthesizers. Commonly, dubstep artists and artists in electronic genres will use short clips of other people’s artistic creations, called “samples”, to enhance their own song.[2] Sampling songs in DJ’s live performances and created works present a major issue: is this fair use under the federal copy right law?
  1. Sampling Sound
Sampling sound is the act of taking small sound bites or “clips” from other creative works and incorporating them in to a new piece of music.[3] This is encompassed in new songs as well as live performances. It is an incredibly common production tool that electronic music producers use to enhance their own creation.[4] Sampling is popular in electronic music production because of its availability in the digital era.[5] No longer does a producer need to hire musicians for vocals for other musical elements.[6] One can simply download sample packs online and chop and break beats in countless combinations until their creation is complete. However, DJs and producers can face legal claims if they do not obtain the rights to use the sampled works or cannot claim fair use.[7]
  1. What Constitutes Fair Use in EDM?
DJs can legally sample other works of art if they can successfully assert an affirmative defense of fair use under 17 U.S.C. § 107.[8] 17 U.S.C. § 107 highlights four elements that the court can weigh to determine fair use:  the purpose and character of the use; the nature of the copyrighted work; the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and the effect of the use upon the potential market for or value of the copyrighted work.[9] These enumerated elements act as a defense to an infringement claim in order to allow courts to avoid stifling the artistic creativity and ingenuity that copyright law was meant to protect.[10]
  1. What are the Options?
A DJ or producer could simply purchase the rights of other’s creations, but that requires resources.[11] However, a DJ or producer can try to use fair use as an affirmative defense.[12] Out of the four factors from the Fair Use Doctrine, the court in Campbell makes the argument that the more transformative the artwork is, the less important the other factors will be.[13] While the 4th prong is not necessary to find fair use, this decision means that DJs and producers have a stronger argument if they distort or change the sampled use so much so that their work will be considered different enough from the original to avoid copyright infringement.[14] If the courts continue this trend it could be very positive for electronic music producers as new production technology allows for unlimited combinations of alteration to sampled music.
  1. John Masachi, What Is Electronic Music?, World Atlas (Apr. 25, 2017), https://www.worldatlas.com/articles/what-is-electronic-music.html.
  2. Glenn Jackson, Modern Approaches: Sampling, Red Bull Music Academy Daily, (Jul. 26, 2016), http://daily.redbullmusicacademy.com/2016/07/modern-approaches-sampling.
  3. Id.
  4. Id.
  5. Id.
  6. Id.
  7. See 17 U.S.C. § 107 (2012).
  8. Id.
  9. Id.
  10. Campbell v. Acuff Rose Music, 510 U.S. 569, 577 (1994).
  11. See Ian Clifford, Sample Clearance – a cautionary tale, Make It In Music, (Oct. 11, 2011), https://www.makeitinmusic.com/sample-clearance-tale/.
  12. See Campbell, 510 U.S. at 590.
  13. See Campbell, 510 U.S. at 579.
  14. Id.

Private Search Doctrine and Known Hashes

By: Dana Domenick
A Fourth Amendment search occurs where a government official invades an individual’s reasonable expectation of privacy.[1] However, Fourth Amendment protection is not invoked against an unreasonable search conducted by a private party.[2] A private search terminates the individual’s expectation of privacy.[3] Under the private search doctrine, government officials are authorized, without a warrant, to replicate a private search undertaken so long as the government search does not exceed the scope of the private search.[4] When government officials reconstruct a private search which reveals no more information than that which was previously learned by the private search, an individual’s privacy is not further infringed on, thus no Fourth Amendment violation occurs.[5]
The private search doctrine is applicable where a private party detects illegal files in an individual’s electronic device and either sends the files or turns the device over to law enforcement.[6] Most commonly, internet providers scan its users files by comparing each file’s hash value to known hash values corresponding to images of child pornography.[7] Service providers, in accordance with federal law, subsequently forward the files to the National Center for Missing and Exploited Children (NCMEC).[8] Once a NCMEC analyst confirms the images contain illegal content, NCMEC alerts law enforcement.[9]
The manner in which law enforcement receives the file impacts the court’s ruling. Circuits are split on what constitutes a search under the private search doctrine. In the Sixth, Tenth, and Eleventh Circuits, where a private party opened one file on a device, law enforcement agents may access only that single file and nothing more, otherwise an unlawful Fourth Amendment search is triggered.[10] For instance, in United States v. Ackerman, the Tenth Circuit court found a Fourth Amendment search where law enforcement agents who received a folder from NCMEC, viewed all four images in the folder, despite that only one file was flagged as child pornography. [11] Conversely, the Seventh Circuit found no Fourth Amendment search where a private party opened one file on a computer and law enforcement subsequently accessed the entire computer.[12]
In the aforementioned cases, each circuit ruled that law enforcement is protected under the private search doctrine in opening individual files that have hashes which match known hashes corresponding to child pornography. [13] Although this investigative technique is beneficial for the purposes of identifying violent offenders, it raises concerns that any file with a known hash, not limited to images of child exploitation, are subject to law enforcement’s viewing.[14]
  1. See Katz v. United States, 389 U.S. 347, 360-61 (1967).
  2. See United States v. Ackerman, 831 F.3d 1292, 1295 (10th Cir. 2016).
  3. See United States v. Johnson, 806 F.3d 1323, 1334 (11th Cir. 2015).
  4. See United States v. Jacobsen, 466 U.S. 109, 122, 130 (1984).
  5. See id. at 117.
  6. See United States v. Runyan, 275 F.3d 449, 463-64 (5th Cir. 2001).
  7. See Ackerman, 831 F.3d at 1294.
  8. See id.
  9. See id.
  10. See id. at 1306-08; United States v. Lichtenberger, 786 F.3d 478, 491 (6th Cir. 2015); Johnson, 806 F.3d at 1335 (11th Cir. 2015).
  11. See Ackerman, 831 F.3d at 1306-08.
  12. See Rann v. Atchison, 689 F.3d 832, 838 (7th Cir. 2012).
  13. See id.; Runyan, 275 F.3d at 464; Ackerman, 831 F.3d at 1294; Lichtenberger, 786 F.3d at 491; Johnson, 806 F.3d at 1335.
  14. See Orin Kerr, Opening a File After A Hash Was Made and Matched to Known Image of Child Pornography is not a “Search,” Fifth Circuit Rules, (Aug. 17, 2018) https://reason.com/volokh/2018/08/17/opening-a-file-after-a-hash-was-made-and.

Moving to the Cloud, But Which One?

By Michael D Bach
According to ABA Model Rule 1.6(c), “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”[1] A comment to the rule gives some “[f]actors to be considered in determining the reasonableness of the lawyer’s efforts [which] include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients.”[2] Without specifically defining “reasonable efforts”, attorneys and law firms are left to decide the best practices for storing confidential information and data. Recent data breaches of companies and law firms should have firms of all sizes reconsidering the way they store their data.[3] According to a 2017 ABA TechReport, more than half of firms have begun to transition to using a primarily cloud based storage system.[4] Despite rising popularity, there are still security concerns firms need to consider depending on the cloud based system they opt for. Firms have the option of choosing a public cloud, a private cloud, or a hybrid cloud.[5]
The most commonly used cloud service by firms is the public cloud, with 59% of respondents noting they used Dropbox in the ABA Legal Technology Survey Report of 2017.[6] Public clouds, such as Dropbox, Google Apps, and iCloud, are owned and operated by a third-party cloud service provider and delivered over the internet.[7] Firms opting for a public cloud reap benefits such as lower costs, no maintenance, near-unlimited scalability, and high reliability.[8] While these features are enticing, the documents circulating a law firm can contain a wide array of confidential client information that requires heightened security. “Breaches involving health information, trade secrets and intellectual property are typically the most devastating.”[9] Another thing to consider when operating with a public cloud is that the firm’s information is stored in a cloud not within the organization’s control.[10] This creates the issue that a firm runs the risk of their confidential information being transmitted over the open internet to the cloud provider.[11]
Due to the variety and amount of confidential information law firms deal with, firms “should consider a cloud-based provider that focuses on the legal industry and offers private servers with enhanced security measures, such as enterprise-grade firewalls, intrusion detection/prevention systems, and dual-factor authentication.”[12] A private cloud mainly differs from a public cloud because the cloud that is being used by the firm is dedicated solely to that firm, instead of sharing a cloud infrastructure with multiple users.[13] Private clouds offer more flexibility for a firm to customize it’s cloud to meet their specific needs, allocate their resources accordingly, and provide enhanced security and privacy.[14] Heightened security and privacy come with the implementation of a private cloud because its resources are isolated to the firm who owns the cloud.[15] Further, a private cloud provides the firm with more control over where the data actually resides. Firms have the option between storing their private cloud infrastructure in-house, or to entrust their private cloud with a third-party.[16] Unlike a public cloud, when a firm outsources their private cloud to a third-party, the cloud is solely used by the firm it belongs too, not shared with other users.[17] Not sharing a third-party’s hardware with other users allows firms to maintain confidentiality and privilege when handling their sensitive data.[18] Private clouds are optimal for firms where security and control of information are highly important, and where the highest performance of applications is desired.[19] There are some disadvantages to using a private cloud, such as being primarily responsible for security and data breaches because the firm has more control of who can access the servers.[20] However, there are several private clouds and applications available solely to benefit law firms.[21] This helps make it easier for firms to transition to a private cloud and select which applications are the most useful for the services they provide.
Combining both public and private clouds, the hybrid cloud gives a firm the benefits from both while maintaining a desirable level of security. “In a hybrid cloud, data and applications can move between private and public clouds for greater flexibility and more deployment options.”[22] With a hybrid cloud, firms have the ability to store less sensitive information on a public cloud, while keeping highly confidential information on the firm’s private cloud.[23]
Firms have a few options to choose from when deciding to move to a cloud. Each firm operates differently and deals with a variety of confidential information so each firm needs to conduct their own internal analysis to determine which type best serves their purposes. Although a private cloud has its downsides, it seems the heightened levels of things like control, access, and privacy would be the go-to option for firms who are genuinely concerned about applying the best possible “reasonable efforts”. Regardless of the type of data storage a firm decides to use, they must conduct their own research in order to assure they are in compliance with the ABA Model Rule 1.6(c), despite there being no clear definition of what a reasonable effort consists of.
  1. Christopher T. Anderson and Dan Barahona, When “secure enough” isn’t enough: A Law Firm Guide to Protecting the Confidentiality of Shared Client Files, American Bar Association, https://www.americanbar.org/content/dam/aba/events/professional_responsibility/2015/May/Conference/Materials/4_byod_lexisnexis_document_security_whitepaper.authcheckdam.pdf.
  2. Model Rules of Prof’l Conduct r. 1.6(c) cmt. 18 (Am. Bar Ass’n 2016).
  3. See Jeff John Roberts, Law Firm DLA Piper Reels Under Cyber Attack, Fate of Files Unclear, Fortune (June 29, 2017), http://fortune.com/2017/06/29/dla-piper-cyber-attack/; See also, Jeff John Roberts, Exclusive: China Stole Data From Major U.S. Law Firms, Fortune (Dec. 7, 2016), http://fortune.com/2016/12/07/china-law-firms/; See also, Staci Zaretsky, Global Biglaw Firm ‘Paralyzed’ By New Ransomware Attack, Above the Law (Jun. 27, 2017, 11:44 AM), https://abovethelaw.com/2017/06/global-biglaw-firm-paralyzed-by-new-ransomware-attack/?rf=1.
  4. Dennis Kennedy, Cloud Computing, American Bar Association, https://www.americanbar.org/groups/law_practice/publications/techreport/2017/cloud_computing.html.
  5. See What are public, private, and hybrid clouds?, Microsoft Azure, https://azure.microsoft.com/en-us/overview/what-are-private-public-hybrid-clouds/.
  6. Techreport Series: Cloud Computing, Law Technology Today (Mar. 22, 2018), https://www.lawtechnologytoday.org/2018/03/techreport-series-cloud-computing/.
  7. What are public, private, and hybrid clouds?, Microsoft Azure, https://azure.microsoft.com/en-us/overview/what-are-private-public-hybrid-clouds/.
  8. Id.
  9. Alex Bennett, 8 Public Cloud Security Threats to Enterprise in 2018, Compare the Cloud (Apr. 10, 2018), https://www.comparethecloud.net/articles/8-public-cloud-security-threats-to-enterprises-in-2017/.
  10. Id.
  11. David Gewirtz, Security Implications of Public vs. Private Clouds, ZDNet (Apr. 22, 2013, 7:20 AM), https://www.zdnet.com/article/security-implications-of-public-vs-private-clouds/.
  12. Joe Kelly, In-House or in the Cloud: Choosing the Right IT for Your Law Firm, Legal Workspace (Aug. 1, 2016), https://legal-workspace.com/house-cloud-choosing-right-law-firm/.
  13. See Tim Pat Dufficy, What is Private Cloud? Advantages and Disadvantages, Server Space (Oct. 22, 2014), http://www.serverspace.co.uk/blog/what-is-private-cloud-plus-advantages-disadvantages.
  14. See id.
  15. See id.
  16. See id.
  17. See What are public, private, and hybrid clouds?, Microsoft Azure, https://azure.microsoft.com/en-us/overview/what-are-private-public-hybrid-clouds/.
  18. Joe Kelly, In-House or in the Cloud: Choosing the Right IT for Your Law Firm, Legal Workspace (Aug. 1, 2016), https://legal-workspace.com/house-cloud-choosing-right-law-firm/.
  19. See Single-Tenant Security For Your Cloud, Rackspace, https://www.rackspace.com/cloud/private.
  20. David Gewirtz, Security Implications of Public vs. Private Clouds, ZDNet (Apr. 22, 2013, 7:20 AM), https://www.zdnet.com/article/security-implications-of-public-vs-private-clouds/.
  21. See Stephanie L. Kimbro and Tom Mighell, Popular Cloud Computing Services for Lawyers: Practice Management Online, American Bar Association, https://www.americanbar.org/publications/law_practice_magazine/2011/september_october/popular_cloud_computing_services_for_lawyers.html.
  22. See What are public, private, and hybrid clouds?, Microsoft Azure.
  23. See id.

A Human Fight For Robot’s Rights

By: Anthony Accardo
As Artificial Intelligence becomes more sophisticated and perhaps even autonomous, the question of “robot’s rights” has become inevitable and unavoidable. One Florida based company, the Nonhuman Rights Project, is working to guarantee rights to all autonomous beings, including the possibility of non-living entities.[1] Steven Wise, who leads the organization’s legal team, says that the same logic applies to any autonomous entity, living or not.[2] If one day we have sentient robots, he says, “we should have the same sort of moral and legal responsibilities toward them that we’re in the process of developing with respect to nonhuman animals.”[3]
Recently, Boston Dynamics released a video of their robotic dog, “Spot”, being kicked over to showcase the robots incredible balancing ability.[4] Animal rights group People for the Protection of Animals (PETA) released a statement over the video stating that Spot’s treatment in the video was inappropriate and was akin to animal cruelty.[5] Although the robot dog does not feel pain, many researchers believe it is important to treat robotic beings similarly to other humans. The question of how to treat sentient computers is not a new idea. Alan Turing, one of the first Computer Scientists, first thought of this question nearly seventy years ago[6]. The criteria that Turing came up with to determine how to treat non-living beings is still used today and is known as the “Turing Test”. The Turing Test is quite simple, if a human can hold a conversation with the entity, then it should be treated as a free-thinking individual.[7]
In Saudi Arabia, a robot named “Sophia” was recently given citizenship.[8] Sophia has an uncanny resemblance to a human, in both appearance and function.[9] Sophia’s AI technology allows her to recognize and remember faces, hold eye contact, and most importantly, hold conversation- and make jokes.[10] Sophia may be a citizen of Saudi Arabia, but what exactly does that mean? Saudi Arabia has not stated specifically what rights Sophia has, subsequently increasing skepticism among some critics who argue Sophia’s citizenship is nothing more than a publicity stunt.[11] International Law of the U.N., although unenforceable, does grant Sophia some rights, even if she is used solely for entertainment purposes.[12] According to Article 23 of a U.N. Resolution, “everyone who works has the right to just and favorable remuneration”[13] and Article 17 entitles everyone to the right to own property.[14] Sophia may potentially have more rights as a robot citizen in Saudi Arabia than as a female citizen in Saudi Arabia. [15]
AI technology may one day have the ability to create itself or improve itself to the point where it is a free-thinking entity without the need for human intervention; easily satisfying the Turing Test. If a robot could perhaps separate itself from its human creator and become independent as though it was a child leaving its parent’s home, the ethical concerns surrounding ownership of robots as property may become a hot topic of debate around the world. One day, possibly, robots will be guaranteed the same rights and privileges as a human citizen.
  1. Dan Falk, The rise of smart machines puts spotlight on ‘robot rights’Are computers on their way to becoming people?, CBS News (Dec. 04, 2017, 9:20 AM), https://www.nbcnews.com/mach/science/rise-smart-machines-puts-spotlight-robot-rights-ncna825791.
  2. Id.
  3. Id.
  4. Id.
  5. Id.
  6. Id.
  7. Psychology Department , Univ. of Toronto, http://www.psych.utoronto.ca/users/reingold/courses/ai/turing.html, (last visited Sep. 5, 2018).

Molly Callahan, Should robots have rights?, Northeastern Univ. (Dec. 8, 2017), https://phys.org/news/2017-12-robots-rights.html.

  1. Hanson Robotics Ltd., http://www.hansonrobotics.com/robot/sophia/, (Last visited Sep. 5, 2018).)
  2. Zara Stone, Everything You Need To Know About Sophia, The World’s First Robot Citizen, Forbes (Nov. 7, 2017, 12:22pm), https://www.forbes.com/sites/zarastone/2017/11/07/everything-you-need-to-know-about-sophia-the-worlds-first-robot-citizen/#4823a1db46fa.
  3. Id.
  4. Id.
  5. Universal Declaration of Human Rights, G.A. Res. 217 (III) a, U.N. Doc A/RES/217(III) (Dec. 10 1948). 7
  6. Id. d
  7. Michelle Mark, Women in Saudi Arabia will be allowed to drive for the first time — here’s what they still can’t do, Business Insider (Sep. 27, 2017, 3:55 pm), https://www.businessinsider.com/saudi-arabia-women-rights-driving-ban-male-guardianship-2017-9.

The Intersection of Standing and Data Breaches

By: Amanda Williams

Today, cybersecurity is a primary concern for every major and minor corporation in the world. The level of sophistication hackers have achieved implies that a data breach is inevitable. Since it cannot be stopped, all that can be done are attempts to mitigate the damage, whether it be to the compromised systems or to the affected consumers. In fact, courts have been reluctant to grant standing to the victims of data breaches where there has yet to be either fraudulent credit card activity or identity theft but personal information was exposed.[1] Article III standing requires that there be an injury in fact, a causal connection between the injury and the conduct, and that injury must be “fairly traceable” to the challenged action of the defendant, and not the result of a third party.[2] Specifically, the injury in fact must be concrete, particularized, and actual or imminent, not merely hypothetical.[3] By using new rationale and distinguishing cases on the facts, courts around the country are beginning to confer standing in instances where in the past, they would not.[4]

Previously, circuit and district courts have said that without actually being harmed by the unauthorized release of personal identifying information, generally via fraudulent credit card activity or identity theft, a consumer did not have standing.[5] Without more than an increased risk of misuse of personal data, the consumers had not suffered a harm the court was prepared to remedy.[6] When analyzing Article III standing, one of the main considerations when looking at standing for an injury that has yet to occur is the concept of how imminent that injury is. [7] “Imminence is concededly a somewhat elastic concept, it cannot be stretched beyond its purpose, which is to ensure that the alleged injury is not too speculative for Article III standing- that the injury is certainly impeding.”[8] Under that framework, courts have required that an injury not simply be threatened, and have found that a mere possible future injury is not sufficient to be considered an injury in fact.[9]

After the court denied standing to those who failed to show a certainly impending future injury, noting that one “cannot manufacture standing by incurring costs in anticipation of non-imminent harm,” courts across the nation began to distinguish data breach cases on the facts.[10] In the past, the Supreme Court has acknowledged it does not necessarily require that the plaintiffs show a harm that is literally certain to have standing; accepting a “substantial risk” that the harm will come to pass, which may incite a person to incur costs in an attempt to mitigate that harm.[11] Requiring the Plaintiffs to wait until they actually suffer fraudulent activity as a result of the breach would be counterintuitive to the concept that the harm not be “literally certain” for standing to be conferred.

Ultimately, while courts are differentiating these cases on the facts, and not appearing to issue new bodies of law, they are granting standing in cases where they would not in the past. They are looking at what type of information has been released and what risk is posed by the release of that specific type of personal information.[12] For example, if only credit card tails were released, and the possibility of fraudulent activity is low, the injury is less likely to be treated as certainly impending.[13] Conversely, if entire credit/debit card numbers, health information, passwords or social security numbers are compromised, the risk of fraudulent activity is significantly higher, and the court generally considers that as sufficient for the “certainly impending” standard.[14] Additionally, the courts have taken the stance that the time and cost incurred in resolving identity theft or illegal credit card activity is sufficient to confer standing, presuming the other two elements of standing, causation and redressability, are met.[15] Ultimately, the courts are beginning to move in a direction that grants standing to the victims of data breaches, regardless of whether they have experience fraudulent activity as a result.

 

[1] See Clapper v. Amnesty Int’l USA, 568 U.S. 398 (2013).

[2] Lujan v. Defs. of Wildlife, 504 U.S. 555, 590 (1992) (Blackmun, J., dissenting).

[3] Id. at 560.

[4] See generally Remijas v. Neiman Marcus Grp., LLC, 794 F.3d 688 (7th Cir. 2015); See also Galaria v. Nationwide Mut. Ins. Co., 663 F. App’x 384 (6th Cir. 2016); See also Lewert v. P.F. Chang’s China Bistro, Inc., 819 F.3d 963 (7th Cir. 2016).

[5] Pisciotta v. Old Nat’l Bancorp, 499 F.3d 629, 639 (7th Cir. 2007).

[6] Id.

[7] See Lujan, 504 U.S. at 565.

[8] Id.

[9] See id. at 560-61.

[10] See Clapper, 568 U.S. at 422.

[11] See Galaria, 663 F. App’x at 388.

[12] See Krottner v. Starbucks Corp., 406 F. App’x 129 (9th Cir. 2010); See also In re Adobe Sys. Privacy Litig., 66 F. Supp. 3d 1197 (N.D. Cal. 2014).

[13] See Krottner, 406 F. App’x at 129.

[14] See In re Adobe Sys. Privacy Litig., 66 F. Supp. at 1215.

[15] See Galaria, 663 F. App’x at 384; See also Lewert, 819 F.3d at 963.

 

They Know Where You Are Even When You Don’t

By: Jean-Pierre Zreik

As the digital age progresses, technology continues to evolve and expand, making us more reliant upon it. As we rely more on our devices, we input a greater amount of personal and sensitive information onto them, opening up ways for our privacy to be invaded.[1] One way privacy may be invaded is through location tracking on smartphones via geolocation data.[2] Geolocation is defined as the process or technique of identifying the geographical location of a person or device by means of digital information processed via the internet.[3] Nearly all devices and apps use geolocation data in location tracking,[4] but the United States has yet to enact legislation addressing the privacy implications of collecting this data.[5]

Without any guidance from federal legislation, companies had been getting away with deceptive privacy policies.[6] The Federal Trade Commission (“FTC”), under Section 5 of the FTC act, has taken a larger role in protecting consumer privacy.[7] The FTC has been regulating companies collecting or using geolocation data, specifically those with inadequate disclosure of that usage.[8] This has been a good start in protecting consumers privacy, however issues continue to arise.

In 2014, Snapchat settled an FTC action based upon false and misleading information in their privacy policy.[9] While Snapchat claimed location information was not asked for, tracked, or accessed, the app was found to be transmitting geolocation data on android devices.[10] The FTC showed that geolocation data is personal enough that it is subject to fair practice principles of proper notice and consent.[11] While Snapchat quickly fixed their privacy policy following their settlement, it seems that they once again are challenging the notions of privacy with their new feature “Snap Maps.” They do have it as an optional feature, which adheres to the FTCs ruling in the 2014 settlement, but it still seems to invite privacy problems. Once enabled, it constantly tracks your location each time the app is opened,[12] allowing anyone you are friends with on the app, can see your location down to the exact address.[13] You may have to opt in to this feature, but as aforementioned, geolocation data is seen by the FTC as extremely personal information, and this seems to be asking for trouble.[14]

Snapchat isn’t the only app that poses privacy risks or problems using geolocation data, one among them is Pokemon Go.[15] When playing Pokemon Go, most users leave the app open at all times, allowing Niantic, the creator of the app, to track all your movements, at all times.[16] Further, the privacy policy Niantic makes users agree to before playing allows them to share aggregated and non personal information with third parties.[17] In essence, Niantic can share where you go, what you do, and more, to just about anyone. In the wrong hands, say via a hack of Niantic, this is a huge privacy risk users take while playing Pokemon Go.

To help fix these privacy risks, the Geolocation Privacy and Surveillance Act (GPS Act) was introduced in Congress and the Senate in 2011 but gained no traction.[18] Since then it has been reintroduced 3 more times, most recently this past winter of 2017.[19] It not only requires law enforcement to obtain a warrant before accessing geolocation data but it requires service providers and companies to consent before sharing geolocation data with third parties.[20] The GPS act would finally put into writing regulations and establish a process to obtain geolocation data and a process to use it in monitoring or tracking individuals.[21] It would be an excellent step in protecting consumer privacy and has been referred to the Subcommittee on Crime, Terrorism, Homeland Security, and Investigation,[22] with the hopes that this time it’s voted through.[23]


[1]Julie Myhre, Technology is Invading Our Privacy, DMN (Aug. 20, 2013), http://www.dmnews.com/marketing-automation/technology-is-invading-our-privacy/article/307471/.

[2] Daniel Ionescu, Geolocation 101: How it Works, the Apps, and Your Privacy, PCWorld (Mar. 29, 2010, 7:45 PM), http://www.pcworld.com/article/192803/geolo.html.

[3] English Oxford Living Dictionaries, https://en.oxforddictionaries.com/definition/geolocation.

[4] Myhre, supra note 1. 

[5] Devika Kornbacher, Scott Breedlove, Janice Ta, and Aislinn Affinito, In Light of Recent FTC Actions, Review Your Privacy Policy, L.J. Newsl., (Jan. 2017), http://www.lawjournalnewsletters.com/sites/lawjournalnewsletters/2017/01/01/in-light-of-recent-ftc-actions-review-your-privacy-policy/?slreturn=20170914232441.

[6] Id.

[7] Id.

[8] Id.

[9] Snapchat Settles FTC Charges That Promises of Disappearing Messages Were False, Federal Trade Commission (May 8, 2014), https://www.ftc.gov/news-events/press-releases/2014/05/snapchat-settles-ftc-charges-promises-disappearing-messages-were.

[10] Id. 

[11] Id.

[12] J.J. Citron and Ellie Citron, Even Teenagers Are Creeped Out By Snapchat’s New Map Feature, Slate (July 17, 2017, 10:03 AM), http://www.slate.com/blogs/future_tense/2017/07/17/even_teenagers_are_creeped_out_by_snapchat_s_new_map_feature.html.

[13] Id.

[14] Id.

[15] Tiffany Li, Pokemon Go and The Law: Privacy, Intellectual Property, and Other Legal Concerns, Freedom to Tinker (July 19, 2016), https://freedom-to-tinker.com/2016/07/19/pokemon-go-and-the-law-privacy-intellectual-property-and-other-legal-concerns/.

[16] Id.

[17] Id.

[18] Rahul Kapoor and Christopher Archer, Geolocation Privacy and Surveillance Act Introduced in US Congress, Nat’l L. Rev. (Feb. 23, 2017), https://www.natlawreview.com/article/geolocation-privacy-and-surveillance-act-introduced-us-congress.

[19] GPS World Staff, Bill Seeks To Crack Down On Warrantless Government Tracking, GPS World (Mar. 16, 2017), http://gpsworld.com/bill-seeks-to-crack-down-on-warrantless-government-tracking/.

[20] Id.

[21] Id.

[22] GPS Act of 2017, H.R.1062, 115th Cong. (2017), https://www.congress.gov/bill/115th-congress/house-bill/1062/text.

[23] Wyden, Chaffetz, Conyers Bill to Crack Down on Warrantless Tracking by the Government, Use of Cell-Site Technology, Wyden.senate.gov (Feb. 15, 2017), https://www.wyden.senate.gov/news/press-releases/wyden-chaffetz-conyers-bill-to-crack-down-on-warrantless-tracking-by-the-government-use-of-cell-site-technology.