EU Calls for US to Restore Privacy Trust But Maintains Safe Harbor

On November 27th, 2013, the European Commission announced that it would not suspend the safe harbor agreement between the EU and the United States that has allowed cross-border personal data transfers between the two jurisdictions since 2000. The announcement followed the Edward Snowden revelations of U.S. surveillance activities, which prompted a number of public calls for suspension of the safe harbor by EU member states and statements by EU officials condemning the U.S.' reported practices.

In preserving (for now) the Safe Harbor, the EC nonetheless called for changes to U.S. governmental practices in order to "restore trust in EU-U.S. data flows." It released a Communication (strategy paper) on data flows between the regions, an analysis of how the Safe Harbor has functioned (and where it has failed), and other documents supporting its position. In the accompanying press release, the EC called for action in six key areas:

• A swift adoption of the EU's data protection reform: the strong legislative framework, as proposed by the European Commission in January 2012 (IP/12/46), with clear rules that are enforceable also in situations when data is transferred and processed abroad is, more than ever, a necessity. The EU institutions should therefore continue working towards the adoption of the EU data protection reform by spring 2014, to make sure that personal data is effectively and comprehensively protected (see MEMO/13/923). 

• Making Safe Harbour safer: the Commission today made 13 recommendations to improve the functioning of the Safe Harbour scheme, after an analysis also published today finds the functioning of the scheme deficient in several respects. Remedies should be identified by summer 2014. The Commission will then review the functioning of the scheme based on the implementation of these 13 recommendations. 

• Strengthening data protection safeguards in the law enforcement area: the current negotiations on an “umbrella agreement” (IP/10/1661) for transfers and processing of data in the context of police and judicial cooperation should be concluded swiftly. An agreement must guarantee a high level of protection for citizens who should benefit from the same rights on both sides of the Atlantic. Notably, EU citizens not resident in the U.S. should benefit from judicial redress mechanisms. 

• Using the existing Mutual Legal Assistance and Sectoral agreements to obtain data: The U.S. administration should commit to, as a general principle, making use of a legal framework like the mutual legal assistance and sectoral EU-U.S. Agreements such as the Passenger Name Records Agreement and Terrorist Financing Tracking Programme whenever transfers of data are required for law enforcement purposes. Asking the companies directly should only be possible under clearly defined, exceptional and judicially reviewable situations. 

• Addressing European concerns in the on-going U.S. reform process: U.S. President Obama has announced a review of U.S. national security authorities’ activities. This process should also benefit EU citizens. The most important changes should be extending the safeguards available to US citizens to EU citizens not resident in the US, increased transparency and better oversight. 

• Promoting privacy standards internationally: The U.S. should accede to the Council of Europe’s Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (“Convention 108”), as it acceded to the 2001 Convention on Cybercrime. 

The complete collection of the EC's materials accompanying the announcement may be found here.

Innovative Smartguns May Trigger New Jersey Gun Law

Picture from- http://www.ohgizmo.com/2006/01/16/a-biometric-smart-gun/

Groundbreaking developments in firearm technology may set into motion a decade-old New Jersey gun law.  Several firearms manufacturers have successfully created a “smart gun,” a gun that can only be fired when in the right hands.  In December of 2002, New Jersey’s then governor James E. McGreevey enacted legislation requiring all handguns sold in the state of New Jersey to be smart guns within three years of the technology being readily available.  Now, with smart guns (also known as personalized guns) currently being manufactured and sold throughout Europe, it appears that smart gun technology is in fact readily available. 

While several companies have successfully created smartguns, each uses different technology and processes.  For example, Armatix, a Germany-based company uses radio frequency technology in its .22-caliber pistol.  The pistol only activates if the holder is wearing a corresponding radio controlled watch.  As soon as the gun loses radio contact with the watch, the gun automatically deactivates itself and cannot be fired.  The gun’s safety mechanism can be activated and deactivated with a PIN code entered through the watch, though the safety mechanism can also be activated and deactivated manually.  Similarly, an Ireland-based company called Triggersmart has developed a comparable radio technology that they intend to license to gun manufacturers.  Like the Armatix smartgun, the Triggersmart gun can only be fired if the holder is wearing a corresponding radio transmitter, in this case a ring.  However, the company also offers radio frequency chips for subdermal implantation.  Another company, Kodiak Arms, an American company based in Utah, manufactures a gun that uses a fingerprint locking system.  The gun, dubbed the “Intelligun,” has a thumbprint scanner on the gun handle, and can only fire when the owner’s thumbprint remains in contact with the scanner.  The gun owner can authorize others to be able to use the gun as well.  Kodiak Arms says the Intelligun will be in full production by the end of 2013.  Meanwhile, researchers at the New Jersey Institute of Technology are in the process of developing a smart gun that recognizes the size and shape of the hand holding the gun, as well as the pressure applied by the hand. 

For New Jersey’s ban on the sale of ordinary handguns to go into effect, New Jersey’s Attorney General must report to the Governor and the legislature that a manufacturer has delivered at least one production model of a personalized handgun to a registered firearms dealer in the U.S.  According to New Jersey statute a personalized handgun means “a handgun which incorporates within its design, and as part of its original manufacture, technology which automatically limits its operational use and which cannot be readily deactivated, so that it may only be fired by an authorized or recognized user.”  Also, “no make or model of a handgun shall be deemed to be a ‘personal handgun’ unless the Attorney General has determined, through testing or other reasonable means, that the handgun meets any reliability standards…” Twenty-four months after this initial delivery, New Jersey’s Attorney General must direct the Superintendent of State Police to compile a list of smartguns that may be sold in the state.  A copy of this list will then be made available to registered and licensed firearms dealers in New Jersey.  The Attorney General must also create rules and regulations for establishing a process for future handgun manufacturers to demonstrate that their handguns meet New Jersey’s statutory definition of a personalized handgun.  Six months after the compilation of the list of personalized handguns which may be sold in the state, no person, retailer, or wholesaler can sell non-personalized handguns in the state of New Jersey.  However, this ban on non-personalized handguns does not apply to federal, state and local law enforcement officers or members of the Armed Forces.  Also, New Jersey residents who obtained a non-personalized handgun prior to the enactment of this ban will not be required to vacate their firearms.

Though personalized handguns are available online from European manufacturers, they are not yet available through U.S. distributors.  However, with both Kodiak Arms and Armatix claiming that they will have a personalized handgun on the shelves at the end of this year, it appears that New Jersey’s ban on non-personalized handgun may soon go into motion, possibly culminating in 2016.

The entire text of New Jersey’s personalized-gun legislation can be found here.

(Blog entry written by Alex Diamond, IBLT/Carter DeLuca Entrepreneurship Support Fellow for the Fall 2013 semester)

Samsung Fined by Taiwan’s Fair Trade Commission for Astroturfing

On October 24, 2013, Taiwan’s Fair Trade Commission announced that Samsung was being fined 10 million New Taiwan Dollars for paying others to post negative comments about a business competitor on the Internet.  This act of masking paid content under the guise of Internet comments, blog posts, tweets, and other "grassroots" communications is known as “astroturfing.”  The fine equals roughly 340,000 U.S. Dollars.

Taiwan’s Fair Trade Commission opened its investigation of Samsung in April of 2013 amid allegations that the company was implementing deceptive advertising practices.  In particular, Samsung was alleged to have hired students to post negative reviews of rival handset-producer HTC while posting positive reviews of Samsung’s products.  At the time the investigation was announced in April of 2013, Samsung posted the following statement on its Facebook page, apologizing for any illegalities possibly committed by the company:

Samsung Electronics remains committed to engaging in transparent and honest communications with consumers as outlined in the company’s Online Communications Credo. We have encouraged all Samsung Electronics employees worldwide to remain faithful to our Credo. The recent incident was unfortunate, and occurred due to insufficient understanding of these fundamental principles.

Samsung Electronics Taiwan (SET) has ceased all marketing activities that involve the posting of anonymous comments, and will ensure that all SET online marketing activities will be fully compliant with the company's Online Communications Credo.

We regret any inconvenience this incident may have caused. We will continue to reinforce education and training for our employees to prevent any future recurrence.

As expected, the ensuing investigation found the allegations of astroturfing to be true with Samsung hiring a large number of writers to post negative comments about competitors in Taiwanese forums while heaping false praise on Samsung.  Taiwan’s Fair Trade Commission also levied fines on two Taiwanese marketing firms for a combined total of $100,000 for their part in the scheme.

This is not the first time Samsung has been implicated in astroturfing. In fact, this past August Samsung was accused of paying developers to promote an upcoming developer competition on the online community Stack Overflow.  However, Samsung claimed they were unaware that a public relations firm was offering cash on their behalf and the PR firm corroborated Samsung’s claim.

Via TheVerge.com

(Blog entry written by Alex Diamond, IBLT/Carter DeLuca Entrepreneurship Support Fellow for the Fall 2013 semester)

Proposed USA FREEDOM Act Seeks to Limit NSA’s Reach

Photo courtesy of Electronic Frontier Foundation 
(https://supporters.eff.org/shop/illegal-spying-eagle-sticker)

 On October 29, 2013, Senator Patrick Leady (D-VT) and Representative Jim Sensenbrenner (R-WI) introduced a new NSA reform bill into both the House of Representatives and the Senate.  As of this writing, the act has 16 co-sponsors in the Senate and over 70 in the House.  The bill is called the Uniting and Strengthening America by Fulfilling Rights and Ending Eavesdropping, Dragnet-collection and Online Monitoring Act, or the USA FREEDOM ACT for short.  The goal of the act is to drastically limit the ability of the National Security Agency to collect information of United States citizens.  As stated in the bill’s official summary:

The bipartisan, bicameral USA FREEDOM Act will rein in the dragnet collection of data by the National Security Agency (NSA), increase the transparency of Foreign Intelligence Surveillance Court (FISA Court) decision-making, provide businesses the ability to release information regarding FISA requests, create an independent advocate to argue cases before the FISA Court, and impose new and shorter sunsets on controversial surveillance authorities.

Introduction of the bill comes amidst increasing concern of the NSA’s surveillance practices conducted on both American soil and abroad.   Prior to the leak committed by former intelligence analyst Edward Snowden last spring, the true scope of the NSA’s operations was unknown.  Now, it has been revealed that many of the NSA’s operations are being conducted with little judicial oversight and may even breach constitutional boundaries.  So far, Snowden’s leak has revealed that the NSA collects the metadata of millions of American citizens.  Metadata is information about the time and location of a phone call or email.  Though the contents of the call or email are not surveyed, it has been argued that collecting metadata infringes on Americans expectations of privacy and can reveal facts many citizens would not wish to disclose.  Also, pursuant to the 2008 FISA Amendments Act, these collections can be conducted without a warrant as long as one end of the communications is a non-US citizen, or if surveillance is sought over a US citizen located outside the country.  For matters concerning U.S. citizens at home, the NSA must request a warrant from a FISA (Foreign Intelligence Surveillance Act) court.  The FISA court sits ex parte- meaning that only the judge and the government are present at the hearings.  There is no attorney present to advocate against the granting of a surveillance warrant.  Since the court was established in 1978, the court has rejected only .03% of all government surveillance requests.

It has furthermore been revealed that through a program known as PRISM, the agency can collect data from major Internet companies such as Google, Facebook, Apple, Yahoo, and Skype.  Through PRISM, the NSA can collect content such as e-mail, videos, photos, file transfers, social network details, and even voice samples.  Many of these Internet companies claim that they are compelled by law to release this data in cooperation with the NSA, and have lobbied Congress for the right to disclose to the public exactly how many of its members are affected by the NSA’s data collection requests.  The goal of this transparency is to help the Internet companies regain the trust of its users and dispel any notions that the government has direct access to these companies’ servers.

Ironically, much of the NSA’s current powers were granted under the Patriot Act of 2001, which was written in part by Representative Jim Sensenbrenner, co-writer of the USA FREEDOM Act.  The USA FREEDOM Act seeks to limit the scope of the NSA’s powers by amending certain sections of the Patriot Act as well as the Foreign Intelligence Surveillance Act (FISA).  The act seeks to end the bulk collection of American metadata, place a “Special Advocate” to be present at FISA court hearings to dispute government surveillance requests, and allow companies to disclose an estimate of the number of FISA orders and National Security Letters they have received, the number they complied with, and the number of users and accounts impacted.  

The USA FREEDOM ACT’s complete text can be found here.

(Blog entry written by Alex Diamond, IBLT/Carter DeLuca Entrepreneurship Support Fellow for the Fall 2013 semester)

A Pair of Patent Reform Bills Seek to Deter Patent Trolls

Illustration by David Saracino/New York Observer

On October 23, 2013, Representative and chairman of the House Judiciary Committee Bob Goodlatte (R-Va.) introduced a patent reform bill to the House of Representatives. The legislation is known as the Innovation Act and is co-sponsored by Democrats and Republicans alike. The bill seeks to curb abusive patent litigation most commonly associated with patent trolls. A patent troll (also known as a non-practicing entity or a patent assertion entity) refers to a patentee that does not make products or practice its own inventions and instead files suit against infringers to recoup royalties. A patent troll acquires patents solely for the purpose of extracting payments from alleged infringers and its entire business model centers on patent litigation. These non-practicing entities use the high cost of patent litigation as a threat to demand quick settlements. According to a May 2013 press release by New York Senator Charles Schumer:

In 2011 alone, patent trolls cost operating companies $29 billion. Under current law, a company hit with a patent suit only has two options – pay to defend the suit or pay a licensing fee or settlement agreement to make the suit go away. Both options are highly costly – the average troll settlement costs a small or medium company $1.33 million, while an in-court defense would cost the same company an average of $1.75 million per case.
Specifically, this has been an enormous problem among technology start-up companies: 62% of patents asserted by trolls from 1990-2010 were software patents; 75% were in computer and communications technology. And this is a particular problem for small businesses: 82% of companies targeted by trolls of annual revenues less than $100 million.

Furthermore, according to the Electronic Frontier Foundation, patent trolls only win 9.2% of the cases that are brought to judgment.

To stymie patent trolls from filing frivolous suits the Innovation Act has several key provisions pertaining to patent litigation. One such provision seeks to implement fee shifting in patent cases. Under current patent laws, each party to a patent litigation pays its own legal fees, regardless of the case’s outcome. However, the Innovation Act will allow courts to order the losing party to pay the victor’s legal fees. This would encourage defending companies with little money to take on the patent-assertion entities in court.

The Innovation Act will also allow manufacturers to defend their customers in patent litigation. This is in direct response to a familiar tactic employed by patent-assertion entities: instead of filing suit against a major manufacturer with the funds and ability to respond to the patent trolls in court, a patent troll will file suit against the manufacturer’s less wealthy customers. By allowing a manufacturer to defend their customers in patent litigation, the extent of financial resources available to the original defendant becomes a non-factor.

In addition, the Act requires a patent holder filing a lawsuit to disclose the names of everyone who has a financial interest in the affected patents. Often, a patent assertion entity is a shell corporation that is part of a much larger entity. These larger entities use these shell corporations to shield themselves from bad publicity. Requiring full disclosure of all those who have a financial interest in the affected patents will promote transparency and may discourage companies from filing frivolous lawsuits.

Furthermore, the Patent Litigation Integrity Act, brought before the Senate on October 30, 2013 by Senator Orrin Hatch (R-Utah) seeks to place even higher financial burdens on patent-assertion entities. The main provision of the Patent Litigation Integrity Act takes the fee-shifting provision of the Innovation Act one step further. Under the Patent Litigation Integrity Act, the company being sued could ask the court to require the company bringing the suit to post a bond for the cost of the defendant’s legal fees.

The full text of the Innovation Act can be found here.

The full text of the Patent Litigation Integrity Act can be found here.

(Blog entry written by Alex Diamond, IBLT/Carter DeLuca Entrepreneurship Support Fellow for the Fall 2013 semester)