Technology Law Archives

The Future of Cyber Operations and the Government

June 7th, 2019|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Compliance, Constitutional Law, Critical Infrastructure, Cybersecurity, Emerging Litigation & Risk|

In the forthcoming National Defense Authorization Act the House Armed Services Committee -- specifically the Subcommittee on Intelligence and Emerging Threat Capabilities -- seeks to amend the annual legislation to ensure that Congress is informed when the executive branch executes offensive or defensive cyber operations. The bill defines offensive or defensive cyber operations as a “sensitive military operation.” The goal of this shared information is additional oversight, especially given the newness of cyber tactics. As reported by journalist Derek B. Johnson of FWC.com, two covert cyber operations have taken place since POTUS announced the new policy. The first was in October 2018, a cyber operation with a goal of informing Russian operatives not to meddle with the midterm election. The second took place the following November in which the U.S. Cyber Command blocked access to Russian Internet Research Agency post election. While these two operations have been called “mild” in some critiques, former White House Director of Cyber Infrastructure Protection under President George W. Bush, Jason Healey, believes this highly specialized tactic is ideal since it presents the least potential for collateral damage. While Healey warns against grand and overt attacks, he states that sometimes "conflict is straightforward and you just have to stop adversaries from punching you in the mouth.” Read the complete post by Derek B. Johnson on FCW.com [...]

The New York Privacy Act Would Allow Direct Action

June 5th, 2019|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Compliance, Data Collection, Data Privacy, Privacy, Regulations|

The New York Privacy Act, introduced last month by state Sen. Kevin Thomas, advocates for consumer agency over their personal data and would give New Yorkers the right to sue companies directly for privacy violations. Thomas wants companies to put customer data protection ahead of their budgetary and business goals. The bill summary reads: "Enacts the NY privacy act to require companies to disclose their methods of de-identifying personal information, to place special safeguards around data sharing and to allow consumers to obtain the names of all entities with whom their information is shared; creates a special account to fund a new office of privacy and data protection." "Fiduciaries, like an attorney or a doctor, hold onto your information. They don't share it, unless there is a need for the purpose for which they collected it,” Thomas said. “That's not what's going on here with these data companies and these data brokers. They're sharing it, and we're getting targeted.” Pushback from the tech industry has been swift. John Olsen, Director of the Internet Association, said, “The NY Privacy Act, in its current form, is unworkable for businesses that want to comply and fails to provide New York residents meaningful control over how their data is collected, used, and protected." Facebook also chimed in saying they would have to shut down Facebook [...]

Dr. Babyl: Artificial Intelligence Could Save Lives, Time and Money — TheDailyBeast.com

May 27th, 2019|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Artificial Intelligence (AI), Cybersecurity, Data Analytics, Data Privacy, Healthcare|

Itchy throat? Headache? Upset stomach? There's an app for that. There is a new AI healthcare system called Babylon UK’s National Health Service which features an AI-driven app that is reportedly able to separate “run-of-the-mill” illnesses from more life-threatening ones, while saving time, money, and anxiety for patients and doctors alike. Babylon offers more than diagnostic assistance; it is accessible to people in remote areas. "For example, Babyl, the Rwandan version of Babylon, offers remote appointments with clinicians, fills prescriptions, orders lab tests, and issues referrals.” Babyl enables affordable, personalized healthcare, combined with “the brains of thousands of doctors at once” to reach patients who cannot get to a doctor’s officer. In addition to assisting doctors with everyday check-ups and treating the common cold, the AI’s abilities extend to clinical trials. “In 2018 the Mayo Clinic partnered with IBM’s Watson to match patients with breast cancer to accessible clinical trials covered by their health plans. The matching program increased the enrollment of breast cancer sufferers in Mayo Clinic’s own clinical trials by 80%." Questions are being raised, however, about how to mitigate risks posed by hacking or by nefarious manipulation of the system. Read about this and more in the complete post by Joelle Renstrom on TheDailyBeast.com.

Suits Allege Apple Concealed Knowledge of iPhone 7 Defect

May 10th, 2019|Categories: Class Actions, Complex Business Litigation, HB Risk Notes, Technology Law|Tags: Class Certification, Product Liability, Product Recall|

Apple Inc. has been sued in federal courts in Illinois and California for allegedly knowingly selling iPhone 7 and 7 plus models with an audio chip defect, called the “Audio IC Defect” or “Loop Disease” by consumers, which causes an array of operational issues. The bug gums up handset audio functions, grays out speaker buttons during calls, and degrades microphone fidelity. And if that's not enough it can kill Siri's voice command capabilities. The plaintiffs accuse Apple of actively concealing the Audio IC Defect while advertising the iPhone 7 as “the best iPhone we ever made.” The plaintiffs claim that when they first experienced operational problems Apple didn't offer complimentary repairs. The suits allege breach of warranty and violation of California and Illinois consumer protection laws. Plaintiffs seek class certification, damages, attorneys' fees, and injunctive relief. In Illinois, the plaintiffs may also try to force Apple to repair, recall, and/or replace current defective iPhone 7s in the United States and notify all purchasers of the Loop Disease. Evidence shows “Apple’s internal acknowledgement and subsequent discontinuation of their out-of-warranty repairs without public announcement of the Audio IC Defect amounts to misrepresentation and concealment of the Audio IC Defect,” the California complaint in Casillas v. Apple reads. Complaints available on Scribd.com. Casillas v. Apple, N.D. Calif., No. 3:19-cv-2455 Castelli v. Apple, N.D. Ill., [...]

Artificial Intelligence: DeepMind on Debugging Learned Predictive Models

May 9th, 2019|Categories: Complex Business Litigation, HB Risk Notes, Technology Law|Tags: Artificial Intelligence (AI), Cybersecurity, Data Analytics, Data Breach, Legal Tech|

DeepMind, an artificial intelligence research company, in a recent blog post discusses three ways to eliminate bugs in learned predictive models. The company was founded in London in 2010. Google acquired it in 2014. In addition to London they have research centers in Edmonton and Montreal, Canada, and a DeepMind Applied team in Mountain View, California. "Bugs and software have gone hand in hand since the beginning of computer programming," the post reads. "Over time, software developers have established a set of best practices for testing and debugging before deployment, but these practices are not suited for modern deep learning systems. Today, the prevailing practice in machine learning is to train a system on a training data set, and then test it on another set. While this reveals the average-case performance of models, it is also crucial to ensure robustness, or acceptably high performance even in the worst case. In this article, we describe three approaches for rigorously identifying and eliminating bugs in learned predictive models: adversarial testing, robust learning, and formal verification." Read the complete post here!

Moving Your Corporate Data to the Cloud: Top 13 Things to Think About as you Review Your Hosting Agreement — Judy Selby Consulting

May 6th, 2019|Categories: HB Risk Notes, Insurance, Technology Law|Tags: Data Breach, Data Privacy, Duty to Indemnify, Insurance Companies, Risk Management|

Some data migration risks can be mitigated at the cloud contract stage, Allison Bird, Judy Selby’s partner at Clearview Privacy Consulting LLC, explains. Regarding indemnification, Bird says, "If data is lost or exposed by the hosting company, your company as well as any affiliates who use the services will be subject to suits from clients and individuals whose data was impacted. You may also be subject to regulatory scrutiny which could result in legal costs and regulatory penalties. To the extent possible, negotiate a full indemnification of third party claims arising out of the hosting services." She says the limitation of liability section of your hosting agreement "may be the single most important" part. "Your hosting company may make a lot of promises in the agreement. However, if their liability under the agreement is significantly capped, you won’t receive the monetary compensation necessary to make up for hosting company’s acts and omissions that damage the company. Negotiations for a higher cap will translate into real dollars in the event of a security incident." Of course, insurance is always a good solution if done right. "You can negotiate the perfect contract but unless your hosting company has a deep pocket, it may not have sufficient capital to make good on contractual obligations in the event of a breach or data loss situation, especially [...]

The Cloud: Selected Benefits, Risks, and Insurance Coverage Issues (Part 1) — Barnes & Thornburg

May 6th, 2019|Categories: HB Risk Notes, Insurance, Technology Law|Tags: Cybersecurity, Data Breach, Data Privacy, Insurance Companies, Professional Liability|

Cloud Risk: Do You Transfer Liability Along with Data? Many of us were using data clouds before we even knew what they were. Now, while most of us are comfortable with the concept, we may not be comfortable knowing who is liable when data is lost, damaged or breached. It's not a given that your cloud provider absorbs any liabilities, and it's not a given they can even afford the liability should it arise. Below are quotes from an article by Scott Godes, Kara Cleary, and Heidi Fessler of Barnes & Thornburg LLP on the subject, and a link to their complete article. Godes, Cleary, and Fessler list several cloud-related risks: data breaches, data loss, interruption of access, compromised credentials and broken authentication, and denial of service. But two other categories for concern are: #1. BYOC, or Bring Your Own Cloud. Employees may be innocently using productivity applications that store work data on non-company clouds, in effect, "bringing their own clouds" to the workplace. #2. Multi-Tenancy. This involves risks posed when unrelated cloud users are sharing the same computing resources. "Both the cloud provider and the user must be aware of system and data security to prevent a breach in the security. In addition, when a risk is realized, it may not always be clear who is at fault for the [...]

Anderson Kill’s 5th Annual Cyber Insurance Recovery Conference

May 6th, 2019|Categories: Corporate Compliance, HB Risk Notes, Technology Law|Tags: Cybersecurity, Data Breach, Data Collection, Data Privacy, Regulations|

[one-half-first][/one-half-first] [one-half]Recent news of "Collection 1", a cache of sensitive data now appearing for sale on the dark web and comprised of an astonishing 773 million records, is a grim reminder of the scope of cyber perils for most. Last year's staggering tally of serious data breaches and theft coupled with a spate of new legislation for companies gathering, hosting and selling consumer data means policyholders must rise to the challenge. New state legislation compounds an already daunting federal and international regulatory landscape, and regulatory compliance will be a must to deal with the attendant fines, penalties and consumer claims that non-compliance can trigger. New technology also continues to drive the evolving conversation about the legal relationships between parties transacting business electronically. Risks range from anonymity that raises jurisdictional and collection issues to “immutable” record keeping that creates a permanent, public record of transactions. --Anderson Kill [/one-half] Find out more about this complimentary seminar from Anderson Kill here!

Spotify Tells EU Apple is Hampering Competitors as Apple Music Surpasses Spotify in U.S. — MoginRubin

April 30th, 2019|Categories: Complex Business Litigation, HB Risk Notes, Technology Law|Tags: Corporate & Securities, eCommerce, Information Technology Law, Regulations|

[one-half-first][/one-half-first] [one-half] "Apple Music recently surpassed Spotify in the U.S. market, according to the Wall Street Journal, signing up 28 million subscribers compared to Spotify’s 26 million. Spotify continues to have more total subscribers, however. "Spotify Founder and CEO Daniel Elk took to the company blog to make his case, saying, “Apple operates a platform that, for over a billion people around the world, is the gateway to the internet. Apple is both the owner of the iOS platform and the App Store—and a competitor to services like Spotify. In theory, this is fine. But in Apple’s case, they continue to give themselves an unfair advantage at every turn.” "In a recent statement, Apple says it revolutionized the distribution of music with iTunes, and did the same thing with the App Store, something that has created “many millions of jobs” and, it says, generated more than $120 billion for developers and new industries." Read the complete post on the MoginRubin Blog here! [/one-half]

Product Liability in the Internet of Things — Schiff Hardin Product Liability & Mass Torts Blog

April 14th, 2019|Categories: Complex Business Litigation, HB Risk Notes, Technology Law|Tags: Compliance, Emerging Litigation & Risk, Information Technology Law, Legal Tech, Product Liability|

[one-half-first] Photo by Markus Spiske on Unsplash [/one-half-first] [one-half]"Combining a physical object and an intangible technology also creates a novel issue when it comes to strict product liability principles, which typically hold that a product manufacturer may be strictly liable for a product’s defect. The first task in a strict product liability case is to identify the product. In the context of a device that has no internet connectivity, the answer is straightforward. If a ladder is defective and causes an injury, the ladder’s manufacturer may be held strictly liable because a ladder is the product. But when it comes to IoT devices, the line may be blurred. Almost always, the software part of the IoT device is 'manufactured' by a separate entity from the entity that manufactures the physical object. If the IoT device proves to be defective, the question becomes which entity may be held strictly liable." Read the complete post by Schiff Hardin's Gregory Dickinson & Jeffrey D. Skinner here. [/one-half]

National Geographic Disclosed Customer Info, Class Action Says — Top Class Actions Blog

April 14th, 2019|Categories: Class Actions, Corporate Compliance, HB Risk Notes, Technology Law|Tags: Data Privacy, Privacy, Regulations|

[one-half-first][/one-half-first] [one-half] "The National Geographic class action states that prior to and at the time that he subscribed to the magazine, the company did not notify him that it discloses the personal reading information of its customers. "Markham also claims that he wasn’t provided with any written notice that National Geographic makes a practice of renting, exchanging, or otherwise disclosing personal reading information to third parties, and provides no means of opting out. "However, the National Geographic information disclosure class action lawsuit says that since subscribing to National Geographic and between Mach 26, 2016 andJuly 30, 2016, National Geographic disclosed Markham’s personal reading information to data aggregators, data appenders, and/or data cooperatives." Read the complete post by Top Class Actions Editor Emily Sortor here. [/one-half]

Million-Dollar Settlement in Employee Background Check Case, Top Class Actions Reports

April 11th, 2019|Categories: Class Actions, Employment, HB Risk Notes, HB Tort Notes, Technology Law|Tags: Compliance, Data Privacy, Healthcare, Protected Personal Information (PPI)|

"Job applicants have secured a $1.2 million settlement ending allegations that Maxim Healthcare did not properly inform potential employees that they would have a consumer report pulled as part of the application process. Class Members include those who applied and got a job with the healthcare services company between May 5, 2009 and Aug. 27, 2012, who were also subject to a consumer report check by Maxim. The Maxim Healthcare class action lawsuit claimed that Maxim violated federal consumer privacy protections when procuring employee background checks."