Category: Communication Media & Internet

Intellectual Property for the Metaverse

How do you use the patent system to protect inventions related to the metaverse?

What is the Metaverse?

Merriam-Webster defines the metaverse as “a persistent virtual environment that allows access to and interoperability of multiple individual virtual realities.” The term “metaverse” originates from dystopian science fiction novels in which it referred to an immersive, computer-generated virtual world. Today’s “metaverse” is now firmly integrated into the technology sector and can be thought of as a common virtual world shared by all users across a plurality of platforms. Examples of metaverse-related technology includes the software that generates these virtual environments, as well as virtual reality (VR) and augmented reality (AR) headsets and other devices that enable human interaction with the environment and representations of other humans within it.

The adoption of metaverse-related technology is expanding. In 2021 the company then known as Facebook rebranded to “Meta” in an effort to emphasize the company’s commitment to developing a metaverse. In Fall of 2022, Apple announced the development of its own VR/AR headset. 2022 also saw the launch of the first Metaverse Fashion Week.

These events are indicative of the growing emphasis on the metaverse and the expectation amongst technology companies that the metaverse will be the eventual successor to the internet, smartphones, and/or social media. Applications of the metaverse are not limited to socialization and gaming—as the metaverse expands there is increased acknowledgment of the benefits it may provide in other settings, including in education, finance, and medicine.

As patent attorneys and innovators, we ask: How do you use the existing framework of the patent system to best protect inventions related to the metaverse?

Using Patents to Protect Inventive Concepts in the Metaverse

In this blog post, we explore considerations for protecting inventions in and related to the metaverse. Because many of these technologies are new and the industry surrounding the metaverse is in its infancy, inventions made today may prove to be quite valuable in the coming years. Protecting these inventions today is likely to be well worth the investment in the future. Inventive concepts in the metaverse can be protected using both utility patents which focus on the functional benefits of an invention and design patents which focus on the ornamental aspects of an invention.

Utility Applications for Metaverse

Utility patents may be used to protect the functional aspects of hardware or software-based innovative technologies in the metaverse.

Innovators in the metaverse environment might pursue patent protection on technologies associated with headsets, displays, cameras, user control interfaces, networked storage and servers, processors, power components, interoperability, communication latency, and the like. These hardware-based inventions for the metaverse may be a natural expansion of those previously developed for augmented and virtual reality, video-game technology, or the internet. Accordingly, patent applicants may look to those fields for best practices in protecting their hardware-based inventions. As with any patent application, identifying a point of novelty early on in the process is essential to deciding whether and how to pursue patent protection.

Software-based inventions may include technologies associated with performing tasks in the metaverse, such as representation of virtual environments and avatars, speech/voice processing, and blockchain transactions (e.g., for purchasing virtual goods). These software-based inventions may face additional challenges at the U.S. Patent and Trademark Office (USPTO), where the patent eligibility bar under 35 U.S.C. §101 prohibits the patenting of “abstract ideas” which may include methods of organizing human activity, mental processes, and mathematical concepts. It is typical for software-related patent applications to receive a patent eligibility rejection during the examination process.

One challenge in patenting software-based applications for the metaverse includes the fact that software that merely implements a process that is equivalent to a known process outside of the metaverse environment is unlikely to be allowed by the USPTO. However, a software-based invention that accounts for the changes introduced by being in a metaverse environment and addresses what specific problems were unique to the metaverse may be found patentable by the USPTO. Thus, best practices for drafting patent applications related to the metaverse may be to include details surrounding the considerations taken to account for the change in operating in the metaverse environment as opposed to a non-metaverse environment in any patent applications.

Additionally, while patent applicants may draft patent applications with the USPTO in mind, applicants should also consider the intricacies of claiming patent protection for software related technologies on a global basis. For example, patent applicants should consider that patents for software processes are more difficult to acquire in Europe unless clear indications of how a software-based invention provides a technical solution to a technical problem are included in the application.

Design Applications for Metaverse

Innovators in the metaverse may also use design patents to protect ornamental aspects of their invention. For example, fashion companies may seek protection of their branded objects within the metaverse. Technology companies may try to protect the ornamental features of their headsets or user interfaces.

The protection of objects within the metaverse presents an interesting avenue for patent protection. Objects displayed within the metaverse may be protected similarly to how innovations in video-game technology, web applications and graphical user interfaces are currently protected using design patents. For example, representations of physical items within a virtual environment can be considered computer-generated icons that can be protected so long as they are shown in an embodiment tying them to an article of manufacture such as a computer screen, monitor, other display panel, or any portion thereof in compliance with 35 U.S.C. 171. Similarly, movement of items within a multiverse environment can be protected similar to how changeable computer generated icons are protected today.

Again, while patent applicants may focus on the requirements of the USPTO, it is important to note that the metaverse is inherently global in its nature and that industrial design applications across the globe may have different requirements. For example, Europe does not require a display screen for industrial designs. Accordingly, comprehensive strategies for design protection of metaverse related technologies may consider the nuances of seeking industrial design protection in various jurisdictions.

Other Methods for Protecting Inventive Concepts in the Metaverse

As with any product or company, a comprehensive strategy for intellectual property protection includes not only patents but also trademarks and copyrights. As intellectual property attorneys consider the best ways to protect a client’s product, they may often turn to trademarks and copyrights in connection with design and utility patent applications to provide more holistic protection of intellectual property assets. For example, fashion-based companies may utilize a combination of trademark protection and design patent protection for their brands and the innovative designs for which they are known in the metaverse. Software-based companies may turn to a combination of copyright and utility patents to protect innovative functionality for the metaverse.

Concluding Thoughts

The growth in use of utility and design patent applications to protect concepts related to the metaverse is immense. One study conducted by IALE Tecnología found that “over the past five years, metaverse-related patent applications have doubled to more than 2,000.” This rapid expansion in patents for innovative concepts surrounding the metaverse is only expected to advance in the coming years.

Cohesive and comprehensive strategies involving utility patents, design patents, trademarks, copyrights and trade secrets are likely to provide the best protection to innovators operating in the metaverse.

©1994-2023 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

For more Intellectual Property Legal news, click here to visit the National Law Review.

Clop Claims Zero-Day Attacks Against 130 Organizations

Russia-linked ransomware gang Clop has claimed that it has attacked over 130 organizations since late January, using a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, and was successful in stealing data from those organizations. The vulnerability is CVE-2023-0669, which allows attackers to execute remote code execution.

The manufacturer of GoAnywhere MFT notified customers of the vulnerability on February 1, 2023, and issued a patch for the vulnerability on February 7, 2023.

HC3 issued an alert on February 22, 2023, warning the health care sector about Clop targeting healthcare organizations and recommended:

  • Educate and train staff to reduce the risk of social engineering attacks via email and network access.
  • Assess enterprise risk against all potential vulnerabilities and prioritize implementing the security plan with the necessary budget, staff, and tools.
  • Develop a cybersecurity roadmap that everyone in the healthcare organization understands.

Security professionals are recommending that information technology professionals update machines to the latest GoAnywhere version and “stop exposing port 8000 (the internet location of the GoAnywhere MFT admin panel).”

Article By Linn F. Freedman of Robinson & Cole LLP

For more cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2023 Robinson & Cole LLP. All rights reserved.

Privacy Tip #358 – Bank Failures Give Hackers New Strategy for Attacks

Hackers are always looking for the next opportunity to launch attacks against unsuspecting victims. According to Cybersecurity Diveresearchers at Proofpoint recently observed “a phishing campaign designed to exploit the banking crisis with messages impersonating several cryptocurrencies.”

According to Cybersecurity Dive, cybersecurity firm Arctic Wolf has observed “an uptick in newly registered domains related to SVB since federal regulators took over the bank’s deposits…” and “expects some of those domains to serve as a hub for phishing attacks.”

This is the modus operandi of hackers. They use times of crises, when victims are vulnerable, to launch attacks. Phishing campaigns continue to be one of the top risks to organizations, and following the recent bank failures, everyone should be extra vigilant of urgent financial requests and emails spoofing financial institutions, and take additional measures, through multiple levels of authorization, when conducting financial transactions.

We anticipate increased activity following these recent financial failures attacking individuals and organizations. Communicating the increased risk to employees may be worth consideration.

Article By Linn F. Freedman of Robinson & Cole LLP

For more communications, media, and internet legal news, click here to visit the National Law Review.

Copyright © 2023 Robinson & Cole LLP. All rights reserved.

How to Succeed in Environmental Marketing Claims

Environmental marketing claims often present something of a Catch-22—companies that are doing actual good for the environment deserve to reap the benefits of their efforts, and consumers deserve to know, while at the same time, heightened scrutiny from the Federal Trade Commission (FTC), the National Advertising Division (NAD), state regulators and the plaintiffs’ bar have made such claims increasingly risky.

In 2012, the FTC issued the Green Guides for the use of environmental marketing claims to protect consumers and to help advertisers avoid deceptive environmental marketing. Compliance with the Green Guides may provide a safe harbor from FTC enforcement, and from liability under state laws, such as California’s Environmental Marketing Claims Act, that incorporate the Green Guides. The FTC has started a process to revise the Green Guides, including a request for comments about the meaning of “sustainable.” In the meantime, any business considering touting the environmental attributes of its products should consider the following essential takeaways from the Green Guides in their current form:

    • Substantiation: Substantiation is key! Advertisers should have a reasonable basis for their environmental claims. Substantiation is the support for a claim, which helps ensure that the claim is truthful and not misleading or deceptive. Among other things, substantiation requires documentation sufficient to verify environmental claims.
    • General benefit claims: Advertisers should avoid making unqualified claims of general benefit because substantiation is required for each reasonable interpretation of the claim. The more narrowly tailored the claim, the easier it is to substantiate.
    • Comparative claims: Advertisers should be careful and specific when making comparative claims. For example, a claim that states “20% more recycled content” begs the question: “compared to what?” A prior version of the same product? A competing product? Without further detail, the advertiser would be responsible for the reasonable interpretation that the product has 20% more recycled content than other brands, as well as the interpretation that the product has 20% more recycled content than the advertiser’s older products.
    • General greenwashing terms: Advertisers should be very cautious when using general environmental benefit terms such as “eco-friendly,” “sustainable,” “green,” and “planet-friendly.” Those kinds of claims feature prominently in many complaints alleging greenwashing, and they should only be used where the advertiser knows and explains what the term means, and can substantiate every reasonable interpretation of the claim.

Putting it into Practice: Given the scrutiny that environmental claims tend to attract, advertisers should exercise care when making environmental benefit claims about their products and services. They should narrowly tailor their claims to the specific environmental attributes they want to promote, and perhaps most important, they should ensure they have adequate backup to substantiate their claims. While the FTC Green Guides are due for a refresh (which we will surely report on), for the time being, they will continue to serve as important guidance for advertisers seeking to inform consumers without exposing their business to FTC scrutiny or class action litigation.

To AI or Not to AI: U.S. Copyright Office Clarifies Options

The U.S. Copyright Office has weighed in with formal guidance on the copyrightability of works whose generation included the use of artificial intelligence (AI) tools. The good news for technology-oriented human creative types: using AI doesn’t automatically disqualify your work from copyright protection. The bad news for independent-minded AI’s: you still don’t qualify for copyright protection in the United States.

On March 16, 2023, the Copyright Office issued a statement of policy (“Policy”) to clarify its practices for examining and registering works that contain material generated by the use of AI and how copyright law’s human authorship requirements will be applied when AI was used. This Policy is not itself legally binding or a guarantee of a particular outcome, but many copyright applicants may breathe a sigh of relief that the Copyright Office has formally embraced AI-assisted human creativity.

The Policy is just the latest step in an ongoing debate over the copyrightability of machine-assisted products of human creativity. Nearly 150 years ago, the Supreme Court ruled at photographs are copyrightable. See Burrow-Giles Lithographic Company v. Sarony, 111 U.S. 53 (1884). The case involved a photographer’s claim against a lithographer for 85,000 unauthorized copies of a photograph of Oscar Wilde. The photo, Sarony’s “Oscar Wilde No. 18,” is shown below:

Sarony’s “Oscar Wilde No. 18"

The argument against copyright protection was that a photograph is “a reproduction, on paper, of the exact features of some natural object or of some person” and is therefore not a product of human creativity. Id. at 56. The Supreme Court disagreed, ruling that there was sufficient human creativity involved in making the photo, including posing the subject, evoking the desired expression, arranging the clothing and setting, and managing the lighting.

In the mid-1960’s, the Copyright Office rejected a musical composition, Push Button Bertha, that was created by a computer, reasoning that it lacked the “traditional elements of authorship” as they were not created by a human.

In 2018, the U.S. Court of Appeals for the Ninth Circuit ruled that Naruto, a crested macaque (represented by a group of friendly humans), lacked standing under the Copyright Act to hold a copyright in the “monkey selfie” case. See Naruto v. Slater, 888 F.3d 418 (9th Cir. 2018). The “monkey selfie” is below:

Monkey Selfie

In February 2022, the Copyright Office rejected a registration (filed by interested humans) for a visual image titled “A Recent Entrance to Paradise,” generated by DABUS, the AI whose claimed fractal-based inventions are the subject of patent applications around the world. DABUS’ image is below:

“A Recent Entrance to Paradise”

Litigation over this rejected application remains pending.

And last month, the Copyright Office ruled that a graphic novel consisting of human-authored text and images generated using the AI tool Midjourney could, as a whole, be copyrighted, but that the images, standing alone, could not. See U.S. Copyright Office, Cancellation Decision re: Zarya of the Dawn (VAu001480196) at 2 (Feb. 21, 2023).

The Copyright Office’s issuing the Policy was necessitated by the rapid and remarkable improvements in generative AI tools over even the past several months. In December 2022, generative AI tool Dall-E generated the following images in response to nothing more than the prompt, “portrait of a musician with a hat in the style of Rembrandt”:

Four portraits generated by AI tool Dall-E from the prompt, "portrait of a musician with a hat in the style of Rembrandt."

If these were human-generated paintings, or even photographs, there is no doubt that they would be copyrightable. But given that all four images were generated in mere seconds, with a single, general prompt from a human user, do they meet the Copyright Office’s criteria for copyrightability? The answer, now, is a clear “no” under the Policy.

However, the Policy opens the door to registering AI-assisted human creativity. The toggle points will be:

“…whether the ‘work’ is basically one of human authorship, with the computer [or other device] merely being an assisting instrument, or whether the traditional elements of authorship in the work (literary, artistic, or musical expression or elements of selection, arrangement, etc.) were actually conceived and executed not by man but by a machine.” 

In the case of works containing AI-generated material, the Office will consider whether the AI contributions are the result of “mechanical reproduction” or instead of an author’s “own original mental conception, to which [the author] gave visible form.” 

The answer will depend on the circumstances, particularly how the AI tool operates and how it was used to create the final work. This will necessarily be a case-by-case inquiry.” 

See Policy (citations omitted).

Machine-produced authorship alone will continue not to be registerable in the United States, but human selection and arrangement of AI-produced content could lead to a different result according to the Policy. The Policy provides select examples to help guide registrants, who are encouraged to study them carefully. The Policy, combined with near future determinations by the Copyright Office, will be critical to watch in terms of increasing likelihood a registration application will be granted as the Copyright Office continues to assess the impacts of new technology on the creative process. AI tools should not all be viewed as the “same” or fungible. The type of AI and how it is used will be specifically considered by the Copyright Office.

In the short term, the Policy provides some practical guidance to applicants on how to describe the role of AI in a new copyright application, as well as how to amend a prior application in that regard if needed. While some may view the Policy as “new” ground for the Copyright Office, it is consistent with the Copyright Office’s long-standing efforts to protect the fruits of human creativity even if the backdrop (AI technologies) may be “new.”

As a closing note, it bears observing that copyright law in the United Kingdom does permit limited copyright protection for computer-generated works – and has done so since 1988. Even under the U.K. law, substantial questions remain; the author of a computer-generated work is considered to be “the person by whom the arrangements necessary for the creation of the work are undertaken.” See Copyright, Designs and Patents Act (1988) §§ 9(3), 12(7) and 178. In the case of images generated by a consumer’s interaction with a generative AI tool, would that be the consumer or the generative AI provider?

Article By Nadia G. Aram and Dr. Christian E. Mammen of Womble Bond Dickinson (US) LLP

For more intellectual property legal news, click here to visit the National Law Review.

Copyright © 2023 Womble Bond Dickinson (US) LLP All Rights Reserved.

Lawyer Bot Short-Circuited by Class Action Alleging Unauthorized Practice of Law

Many of us are wondering how long it will take for ChatGPT, the revolutionary chatbot by OpenAI, to take our jobs. The answer: perhaps, not as soon as we fear!

On March 3, 2023, Chicago law firm Edelson P.C. filed a complaint against DoNotPay, self-described as “the world’s first robot lawyer.” Edelson may have short-circuited the automated barrister’s circuits by filing a lawsuit alleging the unauthorized practice of law.

DoNotPay is marketed as an AI program intended to assist users in need of legal services, but who do not wish to hire a lawyer. The organization was founded in 2015 to assist users in disputing parking tickets. Since then, DoNotPay’s services have expanded significantly. The company’s website offers to help users fight corporations, overcome bureaucratic obstacles, locate cash and “sue anyone.”

In spite of those lofty promises, Edelson’s complaint counters by pointing out certain deficiencies, stating, “[u]nfortunately for its customers, DoNotPay is not actually a robot, a lawyer, or a law firm. DoNotPay does not have a law degree, is not barred in any jurisdiction and is not supervised by any lawyer.”

The suit was brought by plaintiff Jonathan Faridian, who claims to have used DoNotPay for legal drafting projects, demand letters, one small claims court filing and drafting an employment discrimination complaint. Faridian’s complaint explains he was under the impression that he was purchasing legal documents from an attorney, only to later discover that the “substandard” outcomes generated did not comport with his expectations.

When asked for comment, DoNotPay’s representative denied Faridian’s allegations, explaining the organization intends to defend itself “vigorously.”

Article By Troy J. Chinnici of Wilson Elser Moskowitz Edelman & Dicker LLP

For more communications, media, and internet legal news, click here to visit the National Law Review.

© 2023 Wilson Elser

The Future of Stablecoins, Crypto Staking and Custody of Digital Assets

In the wake of the collapse of cryptocurrency exchange firm FTX, the Securities and Exchange Commission (SEC) has ratcheted up its oversight and enforcement of crypto firms engaged in activities ranging from crypto staking to custody of digital assets. This is due in part to concerns that the historically free-wheeling and largely unregulated crypto marketplace may adversely impact U.S. investors and contaminate traditional financial systems. The arguments that cryptocurrencies and digital assets should not be viewed as securities under federal laws largely fall on deaf ears at the SEC. Meanwhile, the state of the crypto economy in the United States remains in flux as the SEC, other regulators and politicians alike attempt to balance competing interests of innovation and investment in a relatively novel and untested asset class.

Is Crypto Staking Dead?

First, what is crypto staking? By way of background, it’s necessary to understand a bit about blockchain technology, which serves as the underpinning for all cryptocurrency and digital asset transactions. One of the perceived benefits of such transactions is that they are decentralized and “peer-to-peer” – meaning that Person A can transact directly with Person B without the need for a financial intermediary to approve the transaction.

However, in the absence of a central authority to validate a transaction, blockchain requires other verification processes or consensus mechanisms such as “proof of work” (which in the case of Bitcoin mining ensures that transactions are valid and added to the Bitcoin blockchain correctly) or “proof of stake” (a network of “validators” who contribute or “stake” their own crypto in exchange for a chance to validate a new transaction, update the blockchain and earn a reward). Proof of work has come under fire by environmental activists for the enormous amounts of computer power and energy required to solve complex mathematical or cryptographic puzzles to validate a transaction before it can be recorded on the blockchain. In contrast, proof of stake is analogous to a shareholder voting their shares of stock to approve a corporate transaction.

Second, why has crypto staking caught the attention of the SEC? Many crypto firms and exchanges offer “staking as a service” (SaaS) whereby investors can stake (or lend) their digital assets in exchange for lucrative returns. This practice is akin to a person depositing cash in a bank account in exchange for interest payments – minus FDIC insurance backing of all such bank deposits to protect investors.

Recently, on February 9, 2023, the SEC charged two crypto firms, commonly known as “Kraken,” for violating federal securities laws by offering a lucrative crypto asset SaaS program. Pursuant to this program, investors could stake their digital assets with Kraken in exchange for annual investment returns of up to 21 percent. According to the SEC, this program constituted the unregistered sale of securities in violation of federal securities laws. Moreover, the SEC claims that Kraken failed to adequately disclose the risks associated with its staking program. According to the SEC’s Enforcement Division director:

“Kraken not only offered investors outsized returns untethered to any economic realities but also retained the right to pay them no returns at all. All the while, it provided them zero insight into, among other things, its financial condition and whether it even had the means of paying the marketed returns in the first place.”1

Without admitting or denying the SEC’s allegations, Kraken has agreed to pay a $30 million civil penalty and will no longer offer crypto staking services to U.S. investors. Meanwhile, other crypto firms that offer similar programs, such as Binance and Coinbase, are waiting for the other shoe to drop – including the possibility that the SEC will ban all crypto staking programs for U.S. retail investors. Separate and apart from potentially extinguishing a lucrative revenue stream for crypto firms and investors alike, it may have broader consequences for proof of stake consensus mechanisms commonly used to validate blockchain transactions.

NY DFS Targets Stablecoins

In the world of cryptocurrency, stablecoins are typically considered the most secure and least volatile because they are often pegged 1:1 to some designated fiat (government-backed) currency such as U.S. dollars. In particular, all stablecoins issued by entities regulated by the New York Department of Financial Services (NY DFS) are required to be fully backed 1:1 by cash or cash equivalents. However, on February 13, 2023, NY DFS unexpectedly issued a consumer alert stating that it had ordered Paxos Trust Company (Paxos) to stop minting and issuing a stablecoin known as “BUSD.” BUSD is reportedly the third largest stablecoin by market cap and pegged to the U.S. dollar.

The reasoning behind the NY DFS order remains unclear from the alert, which merely states that “DFS has ordered Paxos to cease minting Paxos-issued BUSD as a result of several unresolved issues related to Paxos’ oversight of its relationship with Binance in regard to Paxos-issued BUSD.”The same day, Paxos confirmed that it would stop issuing BUSD. However, in an effort to assuage investors, Paxos stated “All BUSD tokens issued by Paxos Trust have and always will be backed 1:1 with U.S. dollar–denominated reserves, fully segregated and held in bankruptcy remote accounts.”3

Separately, the SEC reportedly issued a Wells Notice to Paxos on February 12, 2023, indicating that it intended to commence an enforcement action against the company for violating securities laws in connection with the sale of BUSD, which the SEC characterized as unregistered securities. Paxos, meanwhile, categorically denies that BUSD constitute securities, but nonetheless has agreed to stop issuing these tokens in light of the NY DFS order.

It remains to be seen whether the regulatory activity targeting BUSD is the beginning of a broader crackdown on stablecoins amid concerns that, contrary to popular belief, such coins may not be backed by adequate cash reserves.

Custody of Crypto Assets

On February 15, 2023, the SEC proposed changes to the existing “custody rule” under the Investment Advisers Act of 1940. As noted by SEC Chair Gary Gensler, the custody rule was designed to “help ensure that [investment] advisers don’t inappropriately use, lose, or abuse investors’ assets.”The proposed changes to the rule (referred to as the “safeguarding rule”) would require investment advisers to maintain client assets – specifically including crypto assets – in qualified custodial accounts. As the SEC observed, “[although] crypto assets are a relatively recent and emerging type of asset, this is not the first time custodians have had to adapt their practices to safeguard different types of assets.”5

A qualified custodian generally is a federal or state-chartered bank or savings association, certain trust companies, a registered broker-dealer, a registered futures commission merchant or certain foreign financial institutions.6 However, as noted by the SEC, many crypto assets trade on platforms that are not qualified custodians. Accordingly, “this practice would generally result in an adviser with custody of a crypto asset security being in violation of the current custody rule because custody of the crypto asset security would not be maintained by a qualified custodian from the time the crypto asset security was moved to the trading platform through the settlement of the trade.”7

Moreover, in a departure from existing practice, the proposed safeguarding rule would require an investment adviser to enter into a written agreement with the qualified custodian. This custodial agreement would set forth certain minimum protections for the safeguarding of customer assets, including crypto assets, such as:

  • Implementing appropriate measures to safeguard an advisory client’s assets8
  • Indemnifying an advisory client when its negligence, recklessness or willful misconduct results in that client’s loss9
  • Segregating an advisory client’s assets from its proprietary assets10
  • Keeping certain records relating to an advisory client’s assets
  • Providing an advisory client with periodic custodial account statements11
  • Evaluating the effectiveness of its internal controls related to its custodial practices.12

The new proposed, cumbersome requirements for custodians of crypto assets appear to be a direct consequence of the collapse of FTX, which resulted in the inexplicable “disappearance” of billions of dollars of customer funds. By tightening the screws on custodians and investment advisers, the SEC is seeking to protect the everyday retail investor by leveling the playing field in the complex and often murky world of crypto. However, it still remains to be seen whether, and to what extent, the proposed safeguarding rule will emerge after the public comment period, which will remain open for 60 days following publication of the proposal in the Federal Register.

1 SEC Press Release 2023-25 (Feb. 9, 2023).

NY DFS Consumer Alert (Feb. 13, 2023) found at https://www.dfs.ny.gov/consumers/alerts/Paxos_and_Binance.

3 Paxos Press Release (Feb. 13, 2023) found at https://paxos.com/2023/02/13/paxos-will-halt-minting-new-busd-tokens/.

4 SEC Press Release 2023-30 (Feb. 15, 2023).

5 SEC Proposed Rule, p. 79.

6 SEC Fact Sheet: Proposed Safeguarding Rule.

7 SEC Proposed Rule, p. 68.

For instance, per the SEC, this could require storing crypto assets in a “cold wallet.”

9 Per the SEC, “the proposed indemnification requirement would likely operate as a substantial expansion in the protections provided by qualified custodians to advisory clients, in particular because it would result in some custodians holding advisory client assets subject to a simple negligence standard rather than a gross negligence standard.” See SEC Proposed Rule, p. 89.

10 Per the SEC, this requirement is intended to “ensure that client assets are at all times readily identifiable as client property and remain available to the client even if the qualified custodian becomes financially insolvent or if the financial institution’s creditors assert a lien against the qualified custodian’s proprietary assets (or liabilities).” See SEC Proposed Rule, p. 92.

11 Per the SEC, “[in] a change from the current custody rule, the qualified custodian would also now be required to send account statements, at least quarterly, to the investment adviser, which would allow the adviser to more easily perform account reconciliations.” See SEC Proposed Rule, p. 98.

12 Per the SEC, the proposed rule would require that the “qualified custodian, at least annually, will obtain, and provide to the investment adviser a written internal control report that includes an opinion of an independent public accountant as to whether controls have been placed in operation as of a specific date, are suitably designed, and are operating effectively to meet control objectives relating to custodial services (including the safeguarding of the client assets held by that qualified custodian during the year).” See SEC Proposed Rule, p. 101.

Article By Anjali C. Das of Wilson Elser Moskowitz Edelman & Dicker LLP

For more cryptocurrency and finance legal news, click here to visit the National Law Review.

© 2023 Wilson Elser

Locking Tik Tok? White House Requires Removal of TikTok App from Federal IT

On February 28, the White House issuedmemorandum giving federal employees 30 days to remove the TikTok application from any government devices. This memo is the result of an act passed by Congress that requires the removal of TikTok from any federal information technology. The act responded to concerns that the Chinese government may use data from TikTok for intelligence gathering on Americans.

I’m Not a Federal Employee — Why Does It Matter?

The White House Memo clearly covers all employees of federal agencies. However, it also covers any information technology used by a contractor who is using federal information technology.  As such, if you are a federal contractor using some sort of computer software or technology that is required by the U.S. government, you must remove TikTok in the next 30 days.

The limited exceptions to the removal mandate require federal government approval. The memo mentions national security interests and activities, law enforcement work, and security research as possible exceptions. However, there is a process to apply for an exception – it is not automatic.

Takeaways

Even if you are not a federal employee or a government contractor, this memo would be a good starting place to look back at your company’s social media policies and cell phone use procedures. Do you want TikTok (or any other social media app) on your devices? Many companies have found themselves in PR trouble due to lapses in enforcement of these types of rules. In addition, excessive use of social media in the workplace has been shown to be a drag on productivity.

Article By J. William Manuel and Anne R. Yuengert of Bradley Arant Boult Cummings LLP

For more communications, media, and internet legal news, click here to visit the National Law Review.

© 2023 Bradley Arant Boult Cummings LLP

FTC Launches New Office of Technology

On February 17, 2023, the Federal Trade Commission announced the launch of their new Office of Technology. The Office of Technology will assist the FTC by strengthening and supporting law enforcement investigations and actions, advising and engaging with staff and the Commission on policy and research initiatives, and engaging with the public and relevant experts to identify market trends, emerging technologies and best practices. The Office will have dedicated staff and resources and be headed by Chief Technology Officer Stephanie T. Nguyen.

Article By Hunton Andrews Kurth’s Privacy and Cybersecurity Practice Group

For more privacy and cybersecurity legal news, click here to visit the National Law Review.

Copyright © 2023, Hunton Andrews Kurth LLP. All Rights Reserved.

MAXIMUM PRESSURE: Stratics Networks Hit With Massive DOJ Complaint Related to RVM Use by Customers and The Heat is Really On Platforms Right Now

So just last month the covered the story of Phone Burner being absolutely destroyed by a recent FCC order directing carriers to stop carrying its traffic. It be came the most read story EVER on TCPAWorld.com.

This one might be even bigger.

Before I get to the punchline, bear with me for a second.

Ringless voicemail.

I have been saying for many years that these things are covered by the TCPA. The Courts have said it. The FCC has said it.

But the ringless voicemail providers, by and large, refused to get the message. As recently as late last year I still have people coming to me telling me that this platform or that service was telling them that the TCPA does not apply to ringless voicemail. And I have personally heard sales pitches within the last couple of years where a ringless voicemail provider told potential customers the TCPA does not apply to the technology.

Lies, lies and more lies. And I hate lies.

The argument for RVM not being covered by the TCPA is a dreadful one. Some lawyer–NOT ME– long ago prepared a white paper suggesting that because voicemail is a title III information service and not a title II communication service that, somehow, that means the direct drop process to leave a voicemail also wasn’t a communication. Its nuts. Totally irrational. And beyond that, it was just dumb.

There was a better rationale for the argument–that the messages traversed business class landlines and not cellular networks–but that argument, too, has been rejected in recent years.

Anyhoo, RVM are definitely covered by the TCPA and that is a fact that has been known for many years. But that did not stop one major RVM provider from–allegedly–allowing its users to blast folks without consent.

And here is where we get to the big news: On Friday the Department of Justice filed a massive complaint–on referral from the FTC–against a debt relief company that was allegedly violating the TSR by sending RVMs without consent and failing to include content required by the TSR in the message.

Please notice that the complaint was NOT just filed against the debt relief company. It was filed against Stratics Networks–the wholesale carrier that permitted the traffic and also, apparently, supplied the RVM platform that was used to send the messages. But the complaint was also filed against the intermediary VOIP service provider, Netlatitude, Inc.–and its president Kurt S. Hannigan personally (!),  that provided access to the debt relief company through Stratics (or perhaps vice versa.)

The actual wrongdoers were apparently a debt relief company called Tek Ventures, LLC, doing business as Provident Solutions and a marketing company hired by Provident–Atlas Marketing Partners, Inc.

A bunch of other players, including INDIVIDUALS are also named as the FTC and DOJ really came to play with a sledgehammer here.

Each of these companies (and people) are alleged to have done something a bit different wrong. And its worth seeing how the government is going after each member of the alleged illegal robocall ring.

Of most interest to me–and I suspect most of you–is the case against Stratics. Like Phone Burner, Stratics is a very well known platform out there. Big footprint. And it is perceived to be a fairly compliant player.

Out of the gate, some of the allegations of the Complaint seek to impose a MUCH broader set of requirements on a carrier than have ever been seen before. For instance, the DOJ complains:

  • Despite acknowledging in its terms and conditions of service that its customers must “obtain the prior written consent from each recipient to contact such recipient” “[w]here required by applicable law or regulation,” Stratics Networks did not have evidence of such consent and did not request or require that its customers submit such evidence;

  • Stratics Networks has access to the prerecorded messages its customers upload to its RVM platform and reserves the right to audit its customers’ accounts in its terms and conditions of service, but it does not conduct due diligence to ensure that the messages actually identified the seller or caller, or to prohibit the transmission of prerecorded messages that failed to do so, or to ensure that that the call recipient had given express consent to receive the call; and

  • Stratics did not “require[]” and “ensur[e] that users  obtain prior express written consent from recipients, scrub lists of uploaded phone numbers against the DNC Registry, or otherwise comply with the TSR as a condition of using the platform.

But, so what?

A carrier owes no duty to at law to review the content of messages sent over its network. Gees, it would be a huge violation of privacy if it did. And sure an RVM platform may have access to the voicemails that were uploaded but since when is it required to review those and provide compliance advice? That’s just plain nuts.

Further, the fact that Stratics required consent for users of its platform is plenty. Folks use AUPs and disclosures to assure their platforms are not being misused. Since when does the law require them to actually possess consent–or “require” and “ensure” compliance– before allowing someone to use their network? Since never. And its just nuts for the FTC and DOJ to suggest otherwise.

Outside of really extreme cases, a carrier is still just a carrier. And a platform is still just a platform. Sure there can be times when these companies are so involved with messages–or know (we’ll get to that) of abuses–such that they are responsible as if they had sent them. But in the ordinary course these folks have NO DUTY to ensure…. anything.

So I’m a bit perturbed by the insinuation that these allegations, alone, make Stratics blameworthy. They speak to duties that do not exist in the law. If the DOJ and FTC doesn’t like the current state of the law they should take it up with Congress (or, in the case of the FTC, start an NPRM process, hint hint.)

But other allegations are more damaging–particularly those related to the knowledge Stratics had about the use of its platform. And, here again, we see the ITG playing a big role.

Per the Complaint, “Stratics Networks received numerous Traceback Requests from USTelecom’s ITG alerting it to suspected illegal robocall traffic delivered via Stratics Networks’ RVM platform service and seeking its assistance in identifying the source(s) (i.e., upstream carrier or originating end-user) of these “likely illegal” robocalls, including over 30 such requests between August 2019 and February 2021.”

Now 30 requests may seem like a lot, but you have to keep in mind how active the ITG is. They’re firing off a ton of “tickets” every single day. So I’m not convinced that 30 tickets over a year and a half is really that big of a deal. Plus, these tickets are directed at the content of user messages traversing the Stratics network–it does not mean that any of these were actually Stratics customers. (BTW, the DOJ was kind enough to name a bunch of the ticket sources: “Atlas Marketing, Telecord, Telesero, Health Innovations, National Homebuyers, Elite Processing, Deltracon, Technest Limited, Shamoon Ahmad, Progressive Promoting, Nitzke Enterprize, Care Advocacy Solutions, and PubClub.” Hope your name isn’t in there!)

So, again, I don’t love the government’s case so far. But it does get stronger. For instance:

  • In some instances, even when Stratics Networks did identify the RVM customers responsible for these illegal robocalls, Stratics Networks allowed these RVM customers to open additional accounts and/or continue utilizing its RVM platform service for several weeks or months without suspending or terminating their RVM accounts.

  • In some instances, Stratics Networks did not suspend these RVM customers’ accounts until after it received a civil investigative demand from the FTC in November 2020 inquiring about prerecorded messages delivered using its RVM platform service.

Ok, now the government is getting closer. The case law is reasonably clear that where a carrier or platform knows of illegal traffic on its network it does need to take some action to prevent it. If Stratics allowed customers who were committing violations to open new accounts or run new campaigns that could be a problem, unless it did extra heightened diligence to assure compliance.

But now, the big allegations:

  • Several of US Telecom’s ITG’s Traceback Requests to Stratics Networks concerned robocalls delivered over Stratics Networks’ RVM platform as part of the Atlas Defendants’ debt relief telemarketing campaign, including Traceback Requests Stratics Networks received between April and June 2020. These Traceback Requests indicated that they concerned a “DebtReduction-Hardship” or “DebtReduction CoronaHardship” campaign, and they noted that the robocalls delivered prerecorded messages offering preapproved loans and did not identify the caller.

  • Notwithstanding Stratics Networks’ representation to US Telecom’s ITG in response to a April 29, 2020 traceback request that it “ha[d] taken immediate action and triggered a full investigation” into the Traceback Request and “also suspended traffic,” Stratics Networks permitted Atlas Marketing to continue using its RVM platform service to deliver millions more robocalls for over five more months;

  • After April 29, 2020, Stratics Networks permitted Atlas Marketing to use its RVM service to deliver more than 23 million additional ringless voicemail robocalls to American consumers.

Ok so Stratics allowed 23 million voicemails by Atlas after telling the ITG it would suspend its traffic. Now that could be a problem. Especially if those 23MM voicemails violated the TSR and TCPA (although that fact is, perhaps tellingly, left out of the complaint.)

Notice the timing here also. ITG tickets went out in April, 2020. A CID followed in October, 2020. And then the complaint was filed in February, 2023 two and a half years later.

So all of you carriers and platforms that have received ITG tickets followed by CIDs, keep this in mind. Even if a year or more has passed, the FTC might still be working the case.

So what did Netlatitude do wrong? Well this appears to be a volume play. Specifically the FTC is concerned that Netlatitude allowed Atlas to send “136,000 robocalls” using Stratics Networks’ SIP termination service on just two days in September 2020.

Again, I kind of want to shrug at that. While high volume traffic can be a red flag, there is ZERO requirement a carrier decline to carry traffic merely because there might be a lot of it.

Netlatitude also apparently received several ITG tickets but it is not clear that they had anything to do with Atlas. So I am very fuzzy as to why Netlatitude is in the case–except that Stratics apparently pointed the finger at Netlatitude and its President.

As to the debt relief companies, the claims here are wide and varied. First, there is a claim of straight consumer deception. They allegedly promised consumers they’d be out of debt in two years and that monthly payments would be used in a way that turned out not to be true. Ok. Makes sense.

Next they allegedly sent voicemails that did not identify the sender and sent calls to numbers on the DNC list without consent. Again, pretty straightforward.

They also allegedly received a fee prior to providing debt relief, which is also not permitted. So… if true, open and shut case. I think.

In the end the government is asking for a bunch of stuff. Most damaging for Stratics is the injunctive relief provision:

A. Enter a permanent injunction to prevent future violations of the TSR and the FTC Act by Defendants;

B. Award monetary and other relief within the Court’s power to grant;

C. Award Plaintiff monetary civil penalties for every violation of the Telemarketing Sales Rule; and

D. Award Plaintiff such other and additional relief the Court may determine to
be just and proper

Lots of big take aways here. We already knew that carriers and platforms can’t turn a blind eye to bad traffic on their networks, but in this case the government seeks to go much further and impose duties on these companies to “require” and “ensure” only lawful traffic traverses their networks. That is just craziness and I think a lot of carriers will fold up shop if they suddenly become strictly liable for misconduct on their networks. Indeed, just 8 years ago carriers were completely beyond liability for traffic on their network and now they are to be treated as always liable for it? That is unfair and absurd.

Obviously those of you in the debt relief game need to pay careful attention here as well. NO cheating allowed. If you make a representation it has to be true. And don’t charge that fee up front–can get you into trouble.

Notice also that NONE of these claims are brought under the TCPA. But some could have been. The TCPA also prevents the use of RVMs to to cell phones without the proper level of consent. And the TCPA bans solicitations to residential numbers on the DNC list. I presume the DOJ didn’t want to tangle with any additional issues here–or perhaps the FTC did not want to tread on the FCC’s toes by moving into TCPA issues. Unclear to me.

But what IS clear to me is that this complaint is a huge deal and should really have every carrier and platform out there asking itself what the future may hold…

Read the complaint here: Complaint Against Stratics, et al.

Article By Eric J. Troutman of Troutman Firm

For more internet and telecom legal news, click here to visit the National Law Review.

© 2023 Troutman Firm