Technology and I.P.

  • July 19, 2013
    Guest Post

    by Reuben Guttman, Director and Head of False Claims Group, Grant & Eisenhofer. This piece is a cross-post from The Lawyer.

    As former National Security Agency (NSA) and CIA employee Edward Snowden continues to try to evade the US authorities, the spectacle has been the talk of Washington DC. While Snowden is characterised as a whistleblower, the affair raises questions about the US government’s surveillance efforts. Deeper questions exist as to the role of private contractors in implementing governmental functions.

    At its heart the Snowden matter questions the role that contractors, including his employer, Booz Allen, play in the implementation of programmes most believe are run by government employees. Who would have thought that the US government would entrust a private contractor to conduct security clearance protocol? Learning about the number of employees working for private contractors demonstrates the extent to which such functions have been delegated to the private sector. That an individual with a sordid education and work history could secure high-level security clearance and access information maintained by the US government can only be explained by the negligence of a private contractor.

    Tea party conservatives love to complain about big government and their solution is to contract out the work. At best, their argument is that the private sector is more efficient. The truth is that when the private sector contracts with the government the result is akin to the looting during one of New York’s famous blackouts. The government simply lacks the ability to monitor its contract workforce.

    The irony is that if there was a whistle to blow, it should been blown on the process that allowed Snowden to be hired. It is apparently a process that allows unrestrained youth access to both potentially classified data and information about citizens’ private lives.

  • July 12, 2013
    Guest Post

    by Joseph Jerome, Legal and Policy Fellow, Future of Privacy Forum

    Harvard Law Professor Lawrence Lessig, in a piece for The Daily Best, wrote "Trust us' does not compute," in discussion about government national security surveillance programs. After a contentious, technical discussion at the ACS national convention of both the NSA's PRISM program and the cellular metadata orders, a panel of privacy law scholars were forced to concede that "trust us" is today's status quo when it comes to programmatic government surveillance.

    It wasn't supposed to be this way. When the Foreign Intelligence Surveillance Act was first passed in 1978, the law was designed to "put the rule of law back into things," explained Professor Peter Swire, co-chair of the Tracking Protection Working Group at the W3C and the first Chief Counselor for Privacy at OMB. The emergence of the Internet, however, changed everything. Intelligence agencies were faced with a legal framework that could not account for situations where "games like World of Warcraft [could be] a global terrorist communication network," he said.

    But even as communications technology has been made to serve bad actors, it has also ushered in a Golden Age of surveillance. Modern technology today can easily determine an individual's geolocation, learn about an individual's closest associates, and connect it all together via vast databases. Within the federal government, without strong champions for civil liberties, the availability of these technologies encouraged government bureaucracy to take advantage of them to the full extent possible. Absent outside pressure from either the Congress or the public, "stasis sets in," Swire said.

    Yet while service providers collect vast amounts of data about individuals, a combination of business practicalities and Fair Information Practice Principles which stress retention limits and data minimization mean that businesses simply do not keep all of their data for very long. As a result, the government has used Section 215 of the PATRIOT Act to collect and store as much information as possible in the "digital equivalent of the warehouse at the end of Indiana Jones," said Professor Nathan Sales, who largely defended the government's efforts at intelligence gathering.

  • December 13, 2012
    Guest Post

    by David G. Post, Professor of Law, Temple University, Beasley School of Law

    As you may have heard, the UN wants to take over the Internet. Two questions:  1. Really?  And 2. Should we be worried?

    On 1: The vehicle for the alleged takeover is the World Conference on International Telecommunications, now underway in Dubai. The WCIT has been convened by the International Telecommunications Union (ITU), and it involves, in the ITU’s words, “review of the current International Telecommunications Regulations (ITRs), which serve as the binding global treaty designed to facilitate international interconnection and interoperability of information and communication services.” 

    It sounds harmless enough. The ITU (and its regulations) go back almost 150 years. In the late 19th and early 20th century, international telecommunications meant telegraphs and telephones, and the ITU was created by 20 European countries to standardize telephone/telegraph interconnection protocols so that a telegraph message or phone call placed in London could be received intact in Rome (and, somewhat later, Rio de Janeiro and Riyadh). It’s not a trivial task, involving both technical standards and economic arrangements (to work out a system for allocating transmission charges), and by all accounts the ITU performed it well. Because telecommunications facilities were generally state-owned and state-operated for most of this period in most of the world, the ITU was constituted as a kind of “treaty organization,” one to which nation-state governments sent official representatives from the Ministry of Telecommunications (or its equivalent) to negotiate with their counterparts from other countries.  After WW II, the ITU was absorbed into the United Nations as a “specialized agency.”

  • September 27, 2012
    Guest Post

    By Eric Priest, Assistant Professor, University of Oregon School of Law

    China’s pervasive intellectual property piracy problem, and the resulting impact on American industry and jobs, is a constant refrain in U.S. media and even the presidential campaign.  But are some U.S. companies also benefitting from the infringement?  Some policy makers and software companies are beginning to ask whether U.S. businesses are actually indirect beneficiaries of pirated intellectual property in China (and elsewhere).  When an upstream producer such as a Chinese factory uses pirated software in its manufacturing or logistics operations, the cost of production is reduced.  Some of those savings can also be passed along to the U.S.-based firm that hired the factory, or to the retailer that sells the product.  These cost savings arguably give the overseas manufacturer and the seller of such a product in the U.S. an unfair edge over competitors in the U.S. market.

    Louisiana and Washington State passed laws in 2010 and 2011, respectively, that make it an act of unfair competition to sell a product manufactured using “stolen or misappropriated” information technology.  The Louisiana statute is terse and therefore broad, while the Washington statute contains detailed limitations on liability and requires that the defendant be given notice and have the opportunity to cure.  The Washington statute creates liability for the manufacturer as well as for certain third parties (i.e., sellers other than the manufacturer), although it limits potential third-party liability to large companies with over $50 million in annual revenue, which are better positioned to police suppliers.  

    In addition, Attorneys General from thirty-six states and three U.S. territories last November requested that the FTC consider using its broad unfair competition authority under § 5 of the FTC Act to pursue manufacturers who sell in the U.S. goods that they produced using pirated software in competition with law-abiding manufacturers.  In addition to such federal action, some state Attorneys General have indicated they would consider the possibility of using existing state unfair competition laws (the “mini-FTC Acts”) to the same effect.

  • September 10, 2012

    by Joseph Jerome

    Recently in The New York Times, Adam Liptak cautioned that the legislative paralysis brought on by congressional polarization has made the Supreme Court increasingly more powerful, but a dysfunctional legislature can also increase the power of the presidency. Issue after issue, important separation of powers principles are being distorted as the other branches assert their power. In the courts, this produces policy without accountability. When the president acts without Congress, it creates a democracy governed by executive decree.

    In our system of checks and balances, power grabs, particularly by the executive, are not surprising. “[A]ll the time, presidents are pushing out on the boundaries of their power and claiming new authority,” Professor William Howell explains, but the president’s ability to secure that authority is dependent upon how the other branches respond. If Congress’ failure to address calls for cybersecurity legislation is any indication, Congress’ response these days is simply to pass the buck over and over again.

    Before leaving for its recent recess, congressional dysfunction was on a full display when the Senate failed to overcome a filibuster of the Cybersecurity Act of 2012. The Senate’s treatment of the issue devolved into a circus, with longtime allies Sens. Joe Lieberman (I-Conn.) and John McCain (R-Ariz.) arguing over each other’s national security bona fides. The legislative breakdown followed a familiar pattern:  after Senate Majority Leader Harry Reid refused to permit additional amendments to the bill, the threat of a Republican filibuster ended any further discussion, and the Senate closed for business.

    Sen. Mitch McConnell (R-Ky.) insisted that Republicans did not really wish to filibuster the bill, arguing instead that Republicans only sought to improve the proposed law through their set of amendments.  Yet he failed to mention that one of his own suggestions to “improve” cybersecurity legislation was to completely repeal the Affordable Care Act, leaving Reid to wonder what gutting health care reform had to do with cybersecurity.