The Federal Aviation Administration’s (FAA) recently-announced delay in implementing a policy to address the increasing popularity and availability of drones, or Unmanned Aircraft Systems (UAS), threatens to further hinder expansion of drones beyond hobbyists to commercial uses and to drive American companies’ UAS technology R&D overseas.
The FAA Modernization and Reform Act of 2012 contains language instructing the FAA to implement regulations that will safely integrate drones into the national airspace by 2015. However, at a Congressional hearing on December 10, 2014, Department of Transportation’s Assistant Inspector General for Aviation Audits Matthew Hampton stated that the FAA would not be able to meet that goal, citing “significant technological, regulatory, and management challenges.”
This delay does not come as a complete surprise, and a number of companies have expressed their frustration with the delays, threatening to take their research and technology overseas if the regulatory hurdles for commercial usage of drones are not streamlined and codified. Amazon is the most notable and outspoken American company voicing its concerns. Continue Reading
The New York State Department of Financial Service’s Banking Division supervises nearly 1,900 banking and other financial institutions with assets of more than $2.9 trillion.
On December 10th, Benjamin Lawsky, the Department Superintendent released a guidance letter outlining the Department’s plan to expand cybersecurity examination procedures of regulated institutions to focus more attention on cybersecurity.
The new plan includes three phases: a comprehensive risk assessment of each institution, a pre-examination First Day Letter, and a cybersecurity examination of the institution.
Last week, from Chicago came a little bit of holiday cheer and good tidings for P.F. Chang’s China Bistro when the District Court dismissed two class action complaints arising out of a data breach.
The Breach: On June 12, 2014, P.F. Chang reported it had a data breach that began in October 2013 involving patrons’ credit and debit card information. The attacks have been attributed to hacking groups in Russia using the Backoff malware – the same malware used in attacks on other major retailers this year. The malware, once installed, can collect credit card “track data” from a point of sale system’s (PoS) memory and return it to a centralized command server controlled by hackers. Reports estimate that using this method the P.F. Chang hackers compromised nearly 7 million cards. Continue Reading
In a prior post we noted a subtle but potentially far-reaching development in how federal prosecutors interpret the Electronic Communications Privacy Act. In that post we discussed the prosecution of Hammad Akbar for selling a software application that could be used to record file, text, or voice records on a mobile phone. The prosecution’s claim was that the software Akbar advertised and sold was a “device” under the Act. Previously, only physical devices (tape recorders, for instance) had been considered within the scope of the Act.
Of key importance to us in the case was the fact that one had to have total control of the phone in order to install the software app, meaning that the app was likely only installed by people who had a claim to owning or controlling the phone. The app was marketed as a way to spy on a cheating spouse.
This prosecution—and the novel interpretation of the Act it implies—caught our attention because if software is a “device” that can violate the wiretap laws, it is possible that cookies or similar common software installed quietly by third parties might also be interpreted to implicate the Act. In our mind, the software industry should be deeply disturbed by this new development. But, of course, it was always possible that the prosecutors would be rebuffed by the courts charged with interpreting the Act. Continue Reading
The European Parliament has voted to break up Google. The resolution is non-binding. But even if the Commission does pursue a breakup, it’s unclear how the EU could affect the decision. Google is an American company, and the US antitrust authorities have declined to prosecute Google for monopolization under US antitrust laws. I doubt an American court would enforce such a foreign order in that environment.
The EU’s complaints appear to be based on the notion that Google has market power in search and is using that power to advantage its ancillary services. According to the complainants, Google displays its own ancillary services more prominently than competitors. Other complaints include Google copying content from other providers and providing that content in their own search results; not allowing other advertisers to sell advertising on Google’s platform; and restrictions limiting the ability of advertisers to move campaigns to other search engines.
The Economist faults the EU’s decision. They believe “internet monopolies” are inherently transient. Entry barriers are lower; there is little lock-in (consumers don’t “standardize” to search engines as they would with, say, an operating system); and history suggests that tech monopolies, like IBM and Microsoft, don’t truly last.
What the EU, the BBC and The Economist seem to take for granted is that Google is “dominant.” Continue Reading
Note: This blog is largely for our friends in the legal community.
Increasingly, the court system is opposed to enforcing patents where the subject of the patent is an abstract idea. This has led to cases that undercut protections for software and “business method” patents.
One such decision was the Supreme Court’s June 2014 decision in Alice Corp. v CLS Bank. There the Court said that if a patent claim is directed toward an abstract idea or natural phenomena, the patent must also include something “significantly more” to be patentable.
What constitutes “significantly more” is the question lower courts will have to answer. My colleagues in Chadbourne’s Intellectual Property practice tell me that a California District Court decision from earlier this month goes a long way towards filling in that answer. If you are interested in reading their analysis, please visit our Client Alert.
With cyber attacks growing in scale, complexity, and frequency and in the midst of the U.S. Postal Service and Federal Weather Network breaches, NIST continues to march on with efforts to stem the tide. At the end of October, NIST released the draft Guide to Cyber Threat Information Sharing. The public comment period closes November 28. The Guide seeks to reduce cyber attacks through increased sharing of cyber threat information and proactive responses.
Proactive response and cyber defense is necessary because reactive defenses alone are not suitable for dealing with the advanced persistent threats that leverage sophisticated tools, zero-day exploits, and advanced malware to compromise systems and networks. Because cyber attackers often use similar strategies, tools and methods against multiple organizations, when one organization identifies and successfully responds to a cyber attack, it acquires information that can be used by other organizations to counter similar threats. The Guide’s goal of sharing threat intelligence will allow organizations to more readily detect intrusion attempts and rapidly deploy effective countermeasures. Continue Reading
We’ve written repeatedly about net neutrality. The debate is very theoretical. So let’s tackle a concrete issue.
“Zero rating” is when your mobile data provider doesn’t count the data used in accessing a certain type of application against your monthly data plan. Let’s imagine a simple example. Imagine that Netflix is zero rated by AT&T Wireless. Some users would clearly benefit from the zero rating. But there is a dark underside. If Netflix were to be zero rated by AT&T Wireless, competing video offerings would be harmed.
Why would something be zero rated? There are three main possibilities. Using our example above, first, because AT&T wants to give you Netflix for free to help AT&T compete against other mobile carriers who would charge you for the data used to access Netflix. Second, because Netflix is paying AT&T for the data you use. Or third, because AT&T owns Netflix and wants to harm competing applications.
Free is good, and therefore up to a point, you as a consumer are unlikely to object to zero rating. This is particularly true of two of the most recent cases: Virgin Mobile’s prepaid data plan that gives customers unlimited access to Facebook, Instagram, Pinterest or Twitter for US$12 a month (or US$22 for all four), and T-Mobile’s plan that allows you to stream a lot of Internet radio apps on a zero-rated basis. Likely these seem uncontroversial because they are offered by small players and because markets experiment with innovative pricing models as a regular course.
But what if Apple entered into an agreement with AT&T and Verizon to zero rate only iTunes Radio? Would that bother you as a consumer? What if you preferred Pandora? After all, theoretically you would be free to transition to anther wireless carrier, although of course you would have to pay for a new phone and a new plan, plus you might still owe AT&T for a while if your data plan term has not ended.
Do you think markets should be constrained such that the arrangement between Apple and AT&T and Verizon is subject to scrutiny? If you do, then you may be in favor of some sort of net neutrality principles or rules.
In an unpublished decision last week, Scentsy Inc. v. Harmony Brands, the United States Court of Appeals for the Ninth Circuit reaffirmed that subjective comparisons of a copyrighted visual work (in this case scented wax and wax-warmer products) to an allegedly infringing work should be left to a jury—not decided on summary judgment.
To establish copyright infringement, a plaintiff must prove both ownership of a valid copyright in a work, and copying of the original elements of the work. Because direct evidence of copying is not available in most cases, a plaintiff can establish copying by showing that the defendant had access to the plaintiff’s work and that the two works are substantially similar. To determine substantial similarity, the Ninth Circuit applies a two-part test. First, an “extrinsic test” is applied by objectively comparing specific expressive elements in the two works, focusing on the “articulable similarities.” Next, an “intrinsic test” is applied by subjectively comparing the works, focusing on whether an ordinary reasonable observer would consider the works substantially similar in “total concept and feel.” Continue Reading
On November 5, 2014, the Chairman of the Commodity Futures Trading Commission (CFTC), Timothy G. Massad, gave keynote remarks at the Futures Industry Association Expo 2014 in Chicago, Illinois.
Chairman Massad’s remarks focused, in part, on the importance of the Commission’s oversight of cybersecurity issues for the financial institutions, exchanges and markets that it regulates. This comes on the heels of the Federal Financial Institutions Examination Council’s (FFIEC) November 3, 2014 release of its Cybersecurity Assessment General Observations of more than 500 financial institutions and their preparedness to mitigate cyber risks. See our prior post to read more about that.
Chairman Massad discussed what the Commission is doing regarding cybersecurity, including a description of the safeguards that it has in place. Continue Reading