Category: Communication Media & Internet

Internet of Things: Regulatory Ecosystem and Consumer Product Health and Safety – Part I

IoT: International Framework

Technological Revolutions are quiet and astonishing. Step by step new technological applications are pushing existing paradigms and changing the way business is transacted by consumers, companies and in society. In the past, electricity and printing had a revolutionary role in social development, shifting all sectors of life. These days, the Internet of Things (IoT) is pivotal in creating quick, profound and quiet transformations.

According to the Committee on Digital Economy Policy of Directorate for Science, Technology and Innovation of OCED:

The Internet of Things (IoT) could soon be as commonplace as electricity in the everyday lives of people in OECD countries. As such, it will play a fundamental role in economic and social development in ways that would have been challenging to predict as recently as two or three decades ago[1].

In 2008-2009, according to Cisco IBSG – Internet Business Solutions, there were more connected objects, such as smartphones, tablets and computers, than the world’s population. Therefore, this period is considered the year that IoT was born[2]. In 2008, Rob Van Kranemburg published “The Internet of Things”, which addresses a new paradigm in which objects produce information.

Supporting CISCO’s statement, the chart below of Google Trends shows the period of time during which popularity in searches on Google increased. In the last 5 years, IoT has sharply rocketed as a very attractive subject in the general mind of the people on the internet[3]:

Compliance Risks Chart 1
Interest Over Time (2004-2019) As Search Item

 

Digging deeper we can see that IoT popularity is not only relevant to internet users or to some futuristic curiosity on Google, it is a real and concrete “combination of network connectivity, widespread sensor placement, and sophisticated data analysis techniques” which enables“applications to aggregate and act on large amounts of data generated by IoT devices in homes, public spaces, industry and the natural world”[4].

The potential benefits of this kind of connectivity are immense: real-time monitoring and more accurate metrics, the ability to remotely control various actions, interconnectivity and automation, plus the ease of handling a variety of devices that can be centralized on just one smartphone. Nonetheless, this technological avalanche also brings risks and vulnerabilities to users, such as increased vigilance over our habits, exposure of our personal data, hacking vulnerabilities, global or cascading failures, among others.

In the last two years, a set of supporting policy actions have been adopted by the European Commission to accelerate the take-up of IoT and to unleash its potential in Europe for the benefit of European citizens and businesses[5]. These policy actions and statements are not only a guess or shallow forecast, they are a serious result of data and market analysis that came from several studies which found impressive numbers such as 11 billion connected ‘things’ in 2018[6]. This could be as many as 20 billion connections by 2020[7], about 6 billion of which will be in Europe[8]. Of these, 60-65% are consumer devices.

According to the Centre for the Promotion of Imports (CBI) more than 65% of businesses are expected to use IoT products by 2020, compared to 30% in 2017. Europe accounts for more than a third of global Industrial IoT investments by 2020. The market is expected to grow at an impressive average annual rate of 22%. Reaching a value of €287 billion in 2020, Industrial IoT is Europe’s largest IoT market[9].

Seizing the Benefits and Addressing the Challenges

The Centre for the Promotion of Imports (CBI), an Agency of the Netherland’s Ministry of Foreign Affairs and part of the development cooperation effort of the foreign relations of the Netherlands conducted research on the IoT in Europe in January 2019. It concluded:

The European market for Internet of Things (IoT) solutions is growing. Western and Northern Europe are especially promising. Both consumer and business IoT offer opportunities, but specialisation may give you a competitive advantage. The home, health and finance sectors are front runners. National and European initiatives are working to stimulate the roll-out of Industrial IoT solutions and lower barriers. The shortage of skilled specialists continues to drive outsourcing[10].

Apart from an advantageous and “smart” business opportunity, IoT can facilitate innovation in the private sector supporting a wide range of innovative businesses, not only raising the productivity level but increasing the accountability and responsiveness of companies and its employees, improving the client confidence.

Thus, IoT can work to facilitate Private Sector Innovation by so-called industrial Internet, Next Production Revolution (NPR)[11], autonomous machines and big data[12] and automotive industry[13]. On the other hand, innovative Public Sector Delivery with IoT applications could provide smart cities[14], smart governments, smart street lighting[15]and traffic flow optimization[16], innovation in healthcare practice and delivery[17]. IoT technologies are, therefore, expected to play a major role in improving the management of transport, energy use, water services, education, employment, health, crime prevention, by making society more efficient, innovative, safe, sustainable, and inclusive[18].

Regardless of all the benefits, there are many challenges and risks associated with IoT digital security, such as cyber attacks, digital incidents and privacy challenges. Furthermore, bad outcomes can happen causing physical consequences in case of the wrongdoing of autonomous vehicles, health care tools or industrial machines.

The Vision of IoT in 2020

First of all, the 2020 scenario might be approached by a combination of the Cloud and Big Data. Nowadays the hyperconnectivity[19] of society drives IoT to be “The Next Big Thing” in business. According to OECD this next big thing will be related to “a sophisticated industry ecosystem consisting of vendors (providing components), suppliers (creating solutions), service providers, and enterprise users in all sectors of the economy” that will be “measured in billions of Euro in Europe alone, and that will extend across the world too”[20].

Could expectations be too high? Maybe not, because of the following points: I) the centrality of IoT in the upcoming years is corroborated by the sheer number of connections that are expected to be in place by 2020; II) IoT ecosystem will have grown to encompass not only the traditional supply-side actors, but also a rising number of businesses and organizations serving and using  IoT; III) hyper-connected society will be an established reality by 2020, as most of the “things” that can be connected, will be by then.

In 2018, the World Economic Forum (WEF) published a study considering initiatives on the future of production. Essentially, it gives an insight into: i) Solution-driven: technology can tackle and solve challenges that have previously been insurmountable; ii) Human-centric: technology can unlock human potential by unleashing creativity, innovation and productivity in new ways; iii) Sustainable: technology can promote sound production processes that minimize negative environmental impact, conserve energy and resources and enable carbon neutrality; iv) Inclusive: employees, companies and countries at different stages of development benefit from Fourth Industrial Revolution technologies and the transformation of production systems[21].

One of its conclusions is that in the coming years, the IoT market is expected to grow across Europe. Most of the front runners are Western European countries, which have traditionally invested more in IT. And together, six countries make up more than 75% of the European IoT market, this makes them especially promising target markets for 2020.

Market Size in Europe
Chart 2. IoT Market Size in Europe

 

Further, apart from the geographic localization of the opportunities arising, to have a real and concrete overview it is important to be aware of the market size and 2020 forecast by sector. By 2020, industrial IoT is predicted to consist of:

  • 60% cross-industry devices – used in multiple industries, mainly to save costs;
  • 40% vertical-specific devices – used in a specific industry to improve efficiency/accuracy.
  • Industrial IoT also offers good opportunities, as the average spending per device is much higher in this sector. This makes total spending on consumer and industrial IoT about equal by 2020[22].
Compliance and Risks Chart 3
Chart 3: IoT Market Size Per Sector

 

Based on the US Dollar: Euro exchange rates in October 2018, the global average spending on IoT devices is expected to be:

  • €102 per consumer device;
  • €114 per cross-industry business device;
  • €239 per vertical-specific business device.

Finally, electronic sensors are now everywhere – in smartphones, cars, home electronic systems, healthcare devices, fitness monitors and in the workplace. It has been estimated that, by 2020, over 200 billion sensor devices will be inter-connected, creating a market size that, by 2025, will be between $2.7 trillion and $3 trillion a year[23].

At the same time, the market opportunity will bring regulatory challenges. The next section of this report will analyze by specific studies the impact of regulatory requirements on IoT devices and deployment.

Read more: Internet of Things: The Global Regulatory Ecosystem and the Most Promising Smart Environments Part II

[1]  OCDE. Committee on Digital Economy Policy of Directorate for Science, Technology and Innovation. The Internet of Things: Seizing the Benefits and Addressing the Challenges. Background Report for Ministerial Panel 2.2. English Version. 24 May 2016. P. 5. Available here.

[2] MANCINI, Monica. Internet das Coisas: História, Conceitos, Aplicações e Desafios. Available here.

[3] Interest over time. Numbers represent search interest relative to the highest point on the chart for the given region and time. A value of 100 is the peak popularity for the term. A value of 50 means that the term is half as popular. A score of 0 means there was not enough data for this term. The information is available here.

[4] Idem, p. 5.

[5] European Commission. Digital Single Market. Policies: Internet of Things. Available here.

[6] Gartner, Inc. Press Release. Gartner Says 8.4 Billion Connected “Things” Will Be in Use in 2017, Up 31 Percent From 2016. February 2017. Available here.

[7] Idem, Leading the IoT. Gartner Insights on How to Lead in a Connected World. 2017. P. 2.

[8] European Commission. Definition of a Research and Innovation Policy Leveraging Cloud Computing and IoT Combination. FINAL REPORT. A study prepared for the European Commission. DG Communications Networks, Content & Technology. Digital Agenda for Europe. Available here.

[9] Netherlands Ministry of Foreign Affairs. Centre for the Promotion of Imports (CBI). January 2019. Available here.

[10] Netherlands Ministry of Foreign Affairs. Centre for the Promotion of Imports (CBI). January 2019. Available here.

[11] (NPR) entails a confluence of technologies ranging from a variety of digital technologies (e.g. 3D printing, the Internet of Things [IoT] and advanced robotics) to new materials (e.g. bio- or nano-based) to new processes (e.g. data-driven production, artificial intelligence [AI] and synthetic biology). The Next Production Revolution. A Report to G20. OECD, 2017. Available here.

[12] Autonomous machines and the use of big data are increasingly present in agriculture. Robots can now sort plants based on optical recognition, harvest lettuce and recognise rotten apples. Idem, Ibidem.

[13] The automotive industry is one of the sectors most affected by interconnectivity and enhanced efficiency in both production and operation of vehicles. Idem, Ibidem.

[14] “Smart city plans explore the ability to process huge masses of data coming from devices such as video cameras, parking sensors and air-quality monitors to help local governments achieve goals in terms of increased public safety, improved environment and better quality of life. In: OCDE. Committee on Digital Economy Policy of Directorate for Science, Technology and Innovation. The Internet of Things: Seizing the Benefits and Addressing the Challenges. Background Report for Ministerial Panel 2.2. English Version. 24 May 2016. P. 16.

[15]“Dublin (Ireland), Oslo (Norway) and Chattanooga, Tennessee in the United States have started to use smart street lighting systems.29 Often triggered by replacing municipal lighting with LED solutions to save on energy costs, smart street lighting can offer combined savings of up to USD 100 per streetlight per year”. Idem, Ibidem.

[16]“The SCOOT system developed by Transport for London uses data on road usage with real-time control of traffic lights in the city to deliver on average a 12% improvement in traffic flow. Other large cities, like Beijing, São Paulo, Toronto or Preston have introduced SCOOT”. Idem, Ibidem.

[17] “Smaller sensors, smartphone assisted readouts, big data analysis and continuous remote monitoring can enable new ways of managing care. Such a digital health feedback system includes wearable and that work together to gather information about medication-taking, activity and rest patterns. Idem. p.15.

[18] UN General Assembly, Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, A/HRC/32/38 (2016), P.12.

[19] A term invented by Canadian social scientists Anabel Quan-Haase and Barry Wellman, it refers to the use of multiple means of communication, such as email, instant messaging, telephone, face-to-face contact and Web 2.0 information services.

[20] OCDE. Committee on Digital Economy Policy of Directorate for Science, Technology and Innovation. The Internet of Things: Seizing the Benefits and Addressing the Challenges. Background Report for Ministerial Panel 2.2. English Version. 24 May 2016. P. 24.

[21] World Economic Forum. Insight Report. Readiness for the Future of Production. Report 2018. Available here.

[22] Netherlands Ministry of Foreign Affairs. Centre for the Promotion of Imports (CBI). January 2019. Available here.

[23] Russo et al. Exploring regulations and scope of the Internet of Things in contemporary companies: a first literature analysis. Journal of Innovation and Entrepreneurship, 2015, P. 5.

Copyright © 2019 Compliance and Risks Ltd.
This article was written by João Pedro Paro of Compliance & Risks.
For more on the Internet of Things, please see the National Law Review Communications, Media & Internet law page.

Hush — They’re Listening to Us

Apple and Google have suspended their practice of reviewing recordings from users interacting with their voice assistant programs. Did you know this was happening to begin with?

These companies engaged in “grading,” a process where they review supposedly anonymized recordings of conversations people had with voice assistant program like Siri. A recent Guardian article revealed that these recordings were being passed on to service providers around the world to evaluate whether the voice assistant program was prompted intentionally, and the appropriateness of their responses to the questions users asked.

These recordings can include a user’s most private interactions and are vulnerable to being exposed. Google acknowledged “misconduct” regarding a leak of Dutch language conversation by one of its language experts contracted to refine its Google Assistant program.

Reports indicate around 1,000 conversations, captured by Google Assistant (available in Google Home smart speakers, Android devices and Chromebooks) being leaked to Belgian news outlet VRT NWS. Google audio snippets are not associated with particular user accounts as part of the review process, but some of those messages revealed sensitive information such as medical conditions and customer addresses.

Google will suspend using humans to review these recordings for at least three months, according to the Associated Press. This is yet another friendly reminder to Google Assistant users that they can turn off storing audio data to their Google account completely, or choose to auto-delete data after every three months or 18 months. Apple is also suspending grading and will review their process to improve their privacy practice.

Despite Google and Apple’s recent announcement, enforcement authorities are still looking to take action. German regulator, the Hamburg Commissioner for Data Protection and Freedom of Information, notified Google of their plan to use Article 66 powers of the General Data Protection Regulation (GDPR) to begin an “urgency procedure.” Since the GDPR’s implementation, we haven’t seen this enforcement action utilized, but its impact is significant as it allows the enforcement authorities to halt data processing when there is “an urgent need to act in order to protect the rights and freedoms of data subjects.”

While Google allows users to opt out of some uses of their recordings; Apple has not provided users that ability other than by disabling Siri entirely. Neither privacy policy explicitly warned users of these recordings but do reserve the right to use the information collected to improve their services. Apple, however, disclosed that they will soon provide a software update to allow Siri users opt-out of participation in grading.

Since we’re talking about Google Assistant and Siri, we have to mention the third member of the voice assistant triumvirate, Amazon’s Alexa. Amazon employs temporary workers to transcribe the voice commands of its Alexa. Users can opt out of “Help[ing] Improve Amazon Services and Develop New Features” and allowing their voice recordings to be evaluated.

Copyright © 2019 Womble Bond Dickinson (US) LLP All Rights Reserved.

When Good Sites Go Bad: The Growing Risk of Website Accessibility Litigation

For a growing number of companies, websites are not only a valuable asset, but also a potential liability risk. In recent years, the number of website accessibility lawsuits has significantly increased, where plaintiffs with disabilities allege that they could not access websites because they were incompatible with assistive technologies, like screen readers for the visually impaired.

If you have never asked yourself whether your website is “accessible,” or think that this issue doesn’t apply to your company, read on to learn why website accessibility litigation is on the rise, what actions lawmakers and the courts are taking to try to stem the tide, how to manage litigation risk, what steps you can take to bring your company’s website into compliance, and how to handle customer feedback on issues of accessibility.

The Growing Risk of Website Accessibility Litigation

In recent years, there has been a nationwide explosion of website accessibility lawsuits as both individual lawsuits and class actions. Plaintiffs have brought these claims in federal court under Title III of the Americans with Disabilities Act (ADA) and, in some cases, under similar state and local laws as well. In 2018, the number of federally-filed website accessibility cases skyrocketed to 2,285, up from 815 in the year prior. In the first half of 2019, these cases have increased 51.7% over the prior year’s comparable six-month period, with total filings for 2019 on pace to break last year’s record by reaching over 3,200.

Why Website Accessibility Litigation is on the Rise

The ADA was enacted in 1990 to prevent discrimination against people with disabilities in locations generally open to the public (known as public accommodations). The ADA specified the duties of businesses and property owners to make their locations accessible for people with disabilities, but it was enacted before conducting business transactions over the internet became commonplace. With the rapid growth of internet use, lawsuits emerged arguing that websites were places of public accommodation under the meaning of the ADA.

These claims have presented serious questions about whether, when, and how website owners must comply with the ADA. There is no legislation that directly sets out the technical requirements for website accessibility. And while the U.S. Department of Justice (DOJ) has stated that “the ADA applies to public accommodations’ websites,” it has not clarified exactly what standards websites must meet to comply with the law. In the absence of clear guidance, courts considering the question have frequently looked to the Web Content Accessibility Guidelines (WCAG), first developed by the World Wide Web Consortium (W3C) in 1999, but most recently updated in 2018.

In 2017, federal district courts in Florida and New York ruled that business websites failing to meet WCAG guidelines can violate Title III of the ADA, opening the door for litigants to bring an onslaught of claims in these courts. As a result, the rate at which these suits have been filed has skyrocketed, especially in New York and Florida, reaching businesses based throughout the U.S. and internationally. With the pace of these suits showing no signs of slowing, it is critical that every business operating a website consider how to manage the growing risk of litigation.

A Future Fix?
Some recent developments suggest that lawmakers or courts may soon stem the tide.  Congress may decide to enact precise standards, or the DOJ might give clarification or promulgate new rules. At the state level, lawmakers in New York have announced plans to address website accessibility suits based on an outcry from the business community.

Recent decisions in the Southern District of New York and the Fourth Circuit suggest that companies can successfully move to dismiss accessibility suits after mooting claims by taking swift remedial action or by showing that the plaintiff was neither eligible nor in a location to receive the goods or services provided on the website. In addition, the Eleventh Circuit and the Supreme Court may soon weigh in on whether Title III of the ADA categorically applies to all websites and apps.

How to Manage Litigation Risk for Website Accessibility

Knowing your level of exposure is an important first step. Individual risk is currently based on three factors:

  • Location: Brick and mortar locations, the delivery of products, or the performance of services in New York or Florida heighten a company’s exposure.
  • Industry: The present trend shows that retail, food service, hospitality, banking, entertainment industries, and educational institutions are especially at risk.
  • Current website structure: Sites with e-commerce functions or purchased from third-party developers not currently in compliance with WCAG standards are popular targets.

Unfortunately, it is often difficult to predict the cost and complexity of bringing a website into WCAG compliance-based simply on viewing it. An audit of the source code is often required. That said, you can start with a review of your site and develop plans and processes for accessibility. The first steps can include:

  • Assess current compliance: Use free online tools like wave and chrome vox and/or enlist a third-party audit to help you understand your current level of accessibility.
  • Plan for future compliance: Create an overall plan for achieving accessibility on a timeline that makes business sense.
  • Take immediate action: Adopt first-step improvements that can be implemented immediately, and create a process for considering accessibility before all future implementations.

Bringing your business into compliance with WCAG web standards does not need to be a standalone project. By integrating accessibility into regular updates, redesigns, and new pages, you can make meaningful improvements as part of your existing process. And if you don’t have a process for ongoing maintenance and updates on your website, consider whether your website is still looking fresh and modern and if it is still an accurate expression of your corporate brand.

Include in-house and third-party development teams as stakeholders in the process. Make accessibility a discussion in all new engagements and set expectations for accessibility going forward for new and existing teams:

  • Increase accessibility awareness: Make accessibility the topic of the next all-hands meeting with all stakeholders.
  • Ask third-party developers and vendors: Specifically, discuss your website’s current accessibility and which site options are readily available.
  • Integrate accessibility in projects: Ensure that agreements for ongoing and future site additions and upgrades incorporate accessibility. Seek representations, ask about compliance levels, and consider seeking warranties and indemnification.

Good customer care is always good business, but making thoughtful use of feedback on your website is a critical step to reducing your risk of an accessibility lawsuit. Everyone on the customer care team should be trained on the risk posed by non-compliance, and they should be empowered to carefully consider and respond to website feedback. The development team should also ensure that the site, whatever its level of WCAG compliance:

  • Encourages feedback: Provide a way for users to give feedback on and receive assistance with accessibility.
  • Supports engagement with feedback: Document, consider, and carefully respond to user feedback.
  • Reflects expert input: When receiving feedback, notices, complaints, or threatened litigation, consult with legal counsel and website accessibility experts as early as possible to ensure that your next steps limit potential liability.

Website accessibility is a fast-moving area of law that is primed for reform. With an increasing number of conflicting decisions and the possibility of new legislation or Supreme Court guidance, we will be closely monitoring this topic in the coming years.

©2019 Pierce Atwood LLP. All rights reserved.

Reading the Supreme Court Tea Leaves in Dex Media Inc. v. Click-to-Call Technologies, LP

On June 24, 2019, the U.S. Supreme Court granted the petition for certiorari in Dex Media Inc. v. Click-to-Call Technologies, LP. Next term, the Court will determine whether 35 U.S.C. § 314(d) permits appeal of the U.S. Patent Trial and Appeal Board’s decision to institute inter partes review upon finding that 35 U.S.C. § 315(b)’s time bar did not apply.

The Dex Media case has traveled a long and tortuous path. Its journey began with the service of a complaint in 2001 which was dismissed without prejudice in 2003, and the filing of a new complaint in 2012. The petition for inter partes review was filed in May 2013, and a final written decision of the Board issued in October 2014 finding that the asserted claims are invalid. From there, the case visited the Federal Circuit twice, the Supreme Court once and is now on its way back for a second time. On appeal, the dispute has focused on whether the petition for inter partes review was time barred by § 315(b), and whether the Federal Circuit has jurisdiction to hear the appeal of that issue.

Facts of the Case

In 2001, Inforocket.com, Inc., an exclusive licensee to the patent-in-suit, filed a district court action against Keen, Inc. The complaint asserting infringement was served on September 14, 2001. While the case was pending, Keen acquired Inforocket as its wholly owned subsidiary and stipulated to a voluntary dismissal of the district court action without prejudice in 2003. Keen later changed its name to Ingenio. Click-to-Call subsequently acquired the patent-in-suit, and on May 29, 2012, filed patent infringement lawsuits against multiple parties, one of which was Ingenio.

On May 28, 2012, just under one year after being served with the complaint in the Click-to-Call action, Ingenio and two other defendants filed a petition for inter partes review (IPR) of the patent-in-suit. In its preliminary response, Click-to-Call contended, among other things, that § 315(b) statutorily barred institution of the IPR proceedings, noting that Ingenio’s predecessor-in-interest was served with a complaint alleging infringement of the patent-in-suit in 2001. Section 315(b) states, “An inter partes review may not be instituted if the petition requesting the proceeding is filed more than 1 year after the date on which the petitioner, real part in interest, or privy of the petitioner is served with a complaint alleging infringement of the patent.”

The Board instituted the proceeding, and based on Federal Circuit precedent found that dismissal of an infringement suit without prejudice nullifies the effect of the service of the original complaint against Keen. Therefore, service of the 2001 complaint did not bar the petition. Click-to-Call again argued that the petition was time-barred in its patent owner response; and in its final written decision, the Board reaffirmed its earlier conclusion on that point and found that the challenged claims were invalid.

In the case being reviewed by the Supreme Court, the Federal Circuit first had to decide whether it had jurisdiction to hear an appeal of the § 315(b) time bar in light of § 314(d), which states, “No Appeal. – The determination by the Director whether to institute an inter partes review under this section shall be final and unappealable.” The Federal Circuit, relying upon its en banc ruling in Wi-Fi One, LLC v. Broadcom Corp., 878 F.3d 1364 (Fed. Cir. 2018), held that time-bar determinations under § 315(b) are appealable.

In Wi-Fi One, the Federal Circuit based its finding on the rationale that the time-bar determination “is not akin to either the non-initiation or preliminary-only merits determinations for which unreviewability is common in the law,” and the fact that the time bar “sets limits on the Director’s statutory authority to institute.” Id. at 1373-74. Having decided the question of appealability, the Click-to-Call court then held en banc that the time-bar decision applies to bar institution of an IPR when a petitioner was served with a complaint for patent infringement more than one year before filing its petition, but the action was voluntarily dismissed without prejudice.

Predictions for the Supreme Court

Often, even without the presence of a circuit court split, the Supreme Court takes cases on appeal from the Federal Circuit to reign in and overrule the Appellate Court. In fact, the Supreme Court has reversed 70 percent of the Federal Circuit cases it has heard since 2007. There are two important factors to suggest that the Supreme Court will for a second time reverse the Federal Circuit in this case.

  • First, in a prior appeal of this case to the Federal Circuit in 2015, the Federal Circuit dismissed the appeal for lack of jurisdiction based on its prior precedent in Achates Reference Publishing, Inc. v. Apple Inc., which was subsequently overruled by Wi-Fi One. Click-to-Call petitioned the Supreme Court for review, and in June 2016, the Supreme Court granted cert, and vacated and remanded the case to the Federal Circuit to consider in light of the Supreme Court’s ruling in Cuozzo Speed Technologies, LLC v. Lee. This suggests that, at the time, the Supreme Court thought there was a clear path for the Federal Circuit to hold that § 315(b) rulings are appealable, as the Federal Circuit did in both Wi-Fi One and its ruling that is currently under review. Since then, the composition of the Supreme Court has changed, with Justice Kennedy’s retirement and the confirmation of Justices Gorsuch and Kavanaugh. It seems now that at least four of the justices of the newly constituted Court may believe that the Federal Circuit’s decision is not consistent with § 314(d).
  • This contention also is supported by the fact that the Supreme Court declined to review both of the questions presented by the petition for cert. Dex Media, Inc., the successor-in-interest to Ingenio, also requested that the Supreme Court decide whether § 315(b) bars institution of an inter partes review when the previously served patent infringement complaint, filed more than one year before the IPR petition, had been dismissed without prejudice. The Supreme Court declined to hear that issue. One might suppose that if the Supreme Court believes the time-bar question is appealable, the Court also would want to rule on whether a dismissal without prejudice negates the effect of service of the complaint under the time bar statute. It is entirely possible that the Court declined to make that determination because the question will be moot once the Court determines there is no appellate jurisdiction over the time-bar issue.

Implications of the Ruling

If the Supreme Court affirms the Federal Circuit’s ruling and finds that § 315(b) questions are appealable, the Federal Circuit’s jurisprudence regarding when the one-year period begins will remain binding, at least until the Supreme Court decides to hear that issue anew. This means that entities looking to file IPR petitions must be alert to the fact that a predecessor-in-interest may have been served with a complaint triggering the one-year time limit as well as whether to file a petition with other entities who (directly or through a predecessor-in-interest) may have been served with complaints that could bar the entire petition.

In contrast, what will happen if the Supreme Court reverses the Federal Circuit’s ruling and Orders dismissal of the appeal on the grounds that § 314(d) prohibits appeal of the time bar issue? Prior to the Federal Circuit’s ruling, the Board had consistently found, as they did in this case, that dismissal of a complaint without prejudice constituted a nullity in terms of the time-bar statute. If the Federal Circuit’s opinion in this case is overruled, its opinion would not be precedential and the Board could either interpret the statute as they had previously or alter the interpretation in view of the Federal Circuit’s opinion, though they would be under no obligation to do so. It also is possible that this becomes one of the many issues that are panel-dependent, forcing petitioners who were served with complaints that have been dismissed without prejudice to “roll the dice” on the issue.

PTAB practitioners should be watching the outcome of this case closely and consider all of the implications of the ruling before filing a petition for inter partes review. As the facts of this case highlight, they also should perform a thorough due diligence review of all “real parties in interest” related to the contemplated petitioner.

©2019 Drinker Biddle & Reath LLP. All Rights Reserved

Control Freaks and Bond Villains

The hippy ethos that birthed early management of the internet is beginning to look quaint. Even as a military project, the core internet concept was a decentralized network of unlimited nodes that could reroute itself around danger and destruction. No one could control it because no one could truly manage it. And that was the primary feature, not a bug.

Well, not anymore.

I suppose it shouldn’t surprise us that the forces insisting on dominating their societies are generally opposed to an open internet where all information can be free. Dictators gonna dictate.

Beginning July 17, 2019, the government of Kazakhstan began intercepting all HTTPS internet traffic inside its borders. Local Kazakh ISPs must force their users to install a government-issued certificate into all devices to allow local government agents to decrypt users’ HTTPS traffic, examine its content, re-encrypt with a government certificate and send it on to its intended destination. This is the electronic equivalent of opening every envelope, photocopying the material inside, stuffing that material in a government envelope and (sometimes) sending it to the expected recipient. Except with web sites.

According to ZDNet, the Kazakh government, unsurprisingly, said the measure was “aimed at enhancing the protection of citizens, government bodies and private companies from hacker attacks, Internet fraudsters and other types of cyber threats.” As Robin Hood could have told you, the Sheriff’s actions taken to protect travelers and control brigands can easily result in government control of all traffic and information, especially when that was the plan all along. Security Boulevard reports that “Since Wednesday, all internet users in Kazakhstan have been redirected to a page instructing users to download and install the new certificate.

This is not the first time that Kazakhstan has attempted to force its citizens to install root certificate, and in 2015 the Kazakhs even applied with Mozilla to have Kazakh root certificate included in Firefox (Mozilla politely declined).

Despite creative technical solutions, we all know that Kazakhstan is not alone in restricting the internet access of its citizens. For one (gargantuan) example, China’s population of 800 million has deeply restricted internet access, and, according to the Washington Post, the Chinese citizenry can’t access Google, Facebook, YouTube or the New York Times, among many, many, many others. The Great Firewall of China, which involves legislation, government monitoring action, technology limitations and cooperation from internet and telecommunications companies. China recently clamped down on WhatsApp and VPNs, which had returned a modicum of control and privacy to the people. And China has taken these efforts two steps beyond nearly anyone else in the world by building a culture of investigation and shame, where its citizens could find their pictures on local billboard for boorish traffic or internet behavior, or in jail for questioning the ruling party on the internet. All this is well documented.

23 countries in Asia and 7 in Africa restrict torrents, pornography, political media and social media. The only two European nations that have the same restrictions are Turkey and Belarus. Politicians in the U.S. and Europe had hoped that the internet would serve as a force for freedom, knowledge and unlimited communications. Countries like Russia, Cuba and Nigeria also see the internet’s potential, but they prefer to throttle the net to choke off this potential threat to their one-party rule governments.

For these countries, there is no such thing as private. They think of privacy in context – you may keep thoughts or actions private from companies, but not the government. On the micro level, it reminds me of family dynamics –When your teenagers talk about privacy, they mean keeping information private from the adults in their lives, not friends, strangers, or even companies. Controlling governments sing the song of privacy, as long as information is not kept from them, it can be hidden from others.

The promise of Internet freedom is slipping further away from more people each year as dictators and real life versions of movie villains figure out how to use the technology for surveillance of everyday people and how to limit access to “dangerous” ideas of liberty. ICANN, the internet control organization set up by the U.S. two decades ago, has proven itself bloated and ineffective to protect the interests of private internet users.  In fact, it would be surprising if the current leaders of ICANN even felt that such protections were within its purview.

The internet is truly a global phenomenon, but it is managed at local levels, leaving certain populations vulnerable to spying and manipulation by their own governments. Those running the system seem to have resigned themselves to allowing national governments to greatly restrict the human rights of their own citizens.

A tool can be used in many different ways.  A hammer can help build a beautiful home or can be the implement of torture and murder. The internet can be a tool for freedom of thought and expression, where everyone has a publishing and communication platform.  Or it can be a tool for repression. We have come to accept more of the latter than I believed possible.

Post Script —

Also, after a harrowing last 2-5 years where freedom to speak on the internet (and social media) has exploded into horrible real-life consequences, large and small, even the most libertarian and laissez faire of First World residents is slapping the screen to find some way to moderate the flow of ignorance, evil, insanity, inanity and stupidity. This is the other side of the story and fodder for a different post.

And it is also probably time to run an updated discussion of ICANN and its role in internet management.  We heard a great deal about internet leadership in 2016, but not so much lately. Stay Tuned.

Copyright © 2019 Womble Bond Dickinson (US) LLP All Rights Reserved.
For more global & domestic internet developments, see the National Law Review Communications, Medis & Intenet law page.

Not Just For Jilted Ex-Lovers: The Criminalisation of the Non-Consensual Distribution of Intimate Images in Western Australia

This week marked the conclusion of the first prosecution under the Criminal Law Amendment (Intimate Images) Act 2018 (WA). Mitchell Joseph Brindley, 24 years old, pleaded guilty to posting ten intimate images of the woman he dated. The images were taken with the woman’s consent whilst they were in a relationship. When it ended, Mr Brindley created fake Instagram accounts under her name and posted the images without her consent.

Non-consensual intimate image dissemination is colloquially known as ‘revenge porn’. A study in 2017 found that 20% of Australians between the ages of 16-49 years had a picture or video of themselves shared without their consent.

A global movement has emerged to counter the surge of ‘revenge porn’.

All Australian states and territories (except Tasmania) have implemented intimate image legislation. The WA Act amends the WA Criminal Code by creating a new offence relating to the non-consensual distribution of intimate images, empowering courts to make an order requiring a person to remove the images, and ensuring that existing threat offences apply.

Mr Brindley was this week given a 12-month intensive supervision order. The Magistrate found that the case fell in the least severe of the four categories of image-based abuse, being relationship retribution. More severe cases involve “sextortion”, “voyeurism” and “sexploitation”. The Magistrate said that if Mr Brindley’s crime had been motivated by sexual gratification or to obtain money, he would have received a jail term.

In April, videos emerged of NRL players engaging in sexual acts with women. Although the case involving player Tyrone May is ongoing, it will be interesting to see the outcome of any sentence, particularly if a jail term is sought.

Copyright 2019 K & L Gates
Article by Cathryn Palfrey of K&L Gates.

Continued Efforts to Bolster Wireless Infrastructure as California Officials Brace for Wildfire Season

California has been plagued by devastating wildfires over the past two summers, with the 2018 Camp Fire the deadliest and most destructive on record. Now that summer has officially started in 2019, officials are bracing for a possible string of new fires, with Governor Gavin Newsom telling officials to “prepare for the worst” in a recent meeting with emergency managers. In a discussion of what to expect for future California wildfire seasons, Chris Field, the Perry L. McCarty Director of the Stanford Woods Institute for the Environment, stated:

The combination of climate change, increasing development in the wildland-urban interface, and fuel accumulation from decades of fire suppression dramatically increases the risk of fires that are large and catastrophic. Former California Governor Jerry Brown described the situation as a “new abnormal.” We need to recognize that, in California, we face the real risk that every fire season will be among the most destructive, or even the most destructive, on record.

Federal, state, and local officials, utilities, and residents, among many others, are now grappling with how to best prepare for this “new abnormal.” Efforts range from the U.S. Forest Service and the California Department of Forestry and Fire Protection’s fast-tracked forest management projects to Governor Newsom’s June 2019 proposal to create a $21 billion fund to compensate future wildfire victims. One big piece of the puzzle is strengthening wireless infrastructure to ensure that residents are connected to loved ones and vital services in the event of a disaster, particularly as the number of households without landlines continues to grow.

Senate Bill 670

As discussed in this blog previously, cellular service has a number of vulnerabilities that can cause it to falter during an emergency. During wildfires, one of the key risks for wireless infrastructure is physical damage and burning of underground and pole-mounted fiber lines. Gaps in cellular service can prevent residents from being able to reach 911 or receive crucial emergency notifications. This disruption of service is particularly dangerous in the face of a rapidly moving wildfire. Legislation aiming to address part of the problem is currently winding its waythrough the California legislature: Senate Bill 670, authored by State Senator Mike McGuire (D-Healdsburg).

The proposed legislation would require telecommunications companies to report outages impacting customers’ ability to access 911 or receive emergency notifications to the California Office of Emergency Services (Cal OES) within 60 minutes of discovering the outage. Cal OES would then forward this information to local first responders so that they can identify any residents cut off from service. In 2018, certain Butte County residents received no official warning of the coming Camp Fire due to damaged cellular towers, with Sonoma County residents facing similar problems in 2017. The gap in communications was compounded by ineffectual use of wireless alert systems at the local level. Senator McGuire also authored Senate Bill 833, establishing statewide emergency alert protocols and regulations, which former Governor Jerry Brown signed in September 2018.

Concerns Regarding Power Supplies for Wireless Infrastructure

In May 2019, the Public Advocates Office (formerly the Office of Ratepayer Advocates), an independent organization within the California Public Utilities Commission (CPUC) that advocates on behalf of utility ratepayers, filed a legal motion urging the agency to act immediately to ensure that communication systems work during emergencies. As stated in a press release accompanying the motion:

[T]he Public Advocates Office seeks to better protect Californians during emergency situations by asserting that communication providers need to (1) ensure that calls and data be transmitted, without delay, during times of emergencies, (2) install backup generators or battery power at wireless facilities in high fire threat areas to reduce outages, (3) develop plans for alternative methods needed to support 9-1-1 call centers; (4) and take steps to improve their emergency alert and warning systems.

The Wireless Infrastructure Association has responded, pointing to regulatory hurdles inhibiting the expansion of cell sites to accommodate additional power sources and network redundancy. It has asked the Federal Communications Commission (FCC) to collaborate with local governments to prioritize and streamline the approval process.

FCC’s Examination of Disaster Response and Recovery

Meanwhile, the FCC, on June 13, 2019, held the first meeting for the recently re-chartered Broadband Deployment Advisory Committee (BDAC), which will examine, in part, ways to boost wireless infrastructure during disasters and other emergencies. The committee will study how to accelerate the deployment of high-speed broadband access, focused on the following three areas:

  • Disaster Response and Recovery Working Group. Measures to improve resiliency of broadband infrastructure before a disaster occurs, and strategies that can be used during and after the response to a disaster to minimize broadband network downtime.
  • Increasing Broadband Investment in Low-Income Communities Working Group. New ways to encourage the deployment of high-speed broadband infrastructure and services to low-income communities.
  • Broadband Infrastructure Deployment Job Skills and Training Opportunities Working Group. Ways to make more widely available and improve job skills training and development opportunities for the broadband infrastructure deployment workforce.

Working in tandem with the BDAC, the FCC, in November 2018, launched a re-examination of the Wireless Resiliency Cooperative Framework, a voluntary commitment by mobile carriers focused on restoring communications during disasters and other emergencies, originally approved in 2016. The move was a response to major disruptions in wireless service following Hurricane Michael in the Florida Panhandle, but it is intended as a broader examination of wireless services in the event of a disaster.

 

© 2010-2019 Allen Matkins Leck Gamble Mallory & Natsis LLP
For more on mobile & wireless infrastructure, please see the Communications, Media & Internet page on the National Law Review.

Court Compels Arbitration Based on Text Message Agreement

A district court has granted a motion to compel arbitration based on an arbitration clause in an agreement sent via text message and agreed to via a reply text.

Lexington Law Firm, a debt collection company, was sued in a putative class action under the Electronic Funds Transfer Act after purportedly deducting funds without consent.

Lexington moved to compel arbitration. It had sent the named plaintiff a text message agreement that contained an arbitration clause requiring him “to arbitrate all disputes and claims between [him] and Lexington on an individual basis only.” The plaintiff responded with a text that said: “Agree.” The plaintiff opposed Lexington’s motion. He claimed, inter alia, that there was no mutual assent and that the arbitration clause was unconscionable because it was a contract of adhesion and because it was so broadly worded. The district court disagreed.

The plaintiff had been given the agreement and had agreed to it. The court distinguished, among other things, cases involving “browsewrap” agreements in which a website user “agreed” to terms and conditions merely by using a website. Although the court found the agreement minimally procedurally unconscionable because it was a contract of adhesion, that did not render the agreement unconscionable as a whole. The agreement was not substantively unconscionable merely because it was broadly worded, at least where, as here, the plaintiff’s claims were related to the agreement he signed. The court therefore dismissed the putative class action.

Starace v. Lexington Law Firm, No. 1:18-cv-01596 (E.D. Cal. June 27, 2019).

 

©2011-2019 Carlton Fields, P.A.

No Means No

Researchers from the International Computer Science Institute found up to 1,325 Android applications (apps) gathering data from devices despite being explicitly denied permission.

The study looked at more than 88,000 apps from the Google Play store, and tracked data transfers post denial of permission. The 1,325 apps used tools, embedded within their code, that take personal data from Wi-Fi connections and metadata stored in photos.

Consent presents itself in different ways in the world of privacy. The GDPR is clear in defining consent as it pertains to user content. Recital 32 notes that “Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data…” Consumers pursuant to the CCPA can opt-out of having their personal data sold.

The specificity of consent has always been a tricky subject.  For decades, companies have offered customers the right to either opt in or out of “marketing,” often in exchange for direct payments. Yet, the promises have been slickly unspecific, so that a consumer never really knows what particular choices are being selected.

Does the option include data collection, if so how much? Does it include email, text, phone, postal contacts for every campaign or just some? The GDPR’s specificity provision is supposed to address this problem. But companies are choosing to not offer these options or ignore the consumer’s choice altogether.

Earlier this decade, General Motors caused a media dust-up by admitting it would continue collecting information about specific drivers and vehicles even if those drivers refused the Onstar system or turned it off. Now that policy is built into the Onstar terms of service. GM owners are left without a choice on privacy, and are bystanders to their driving and geolocation data being collected and used.

Apps can monitor people’s movements, finances, and health information. Because of these privacy risks, app platforms like Google and Apple make strict demands of developers including safe storage and processing of data. Seven years ago, Apple, whose app store has almost 1.8 million apps, issued a statement claiming that “Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines.”

Studies like this remind us mere data subjects that some rules were made to be broken. And even engaging with devices that have become a necessity to us in our daily lives may cause us to share personal information. Even more, simply saying no to data collection does not seem to suffice.

It will be interesting to see over the next couple of years whether tighter option laws like the GDPR and the CCPA can not only cajole app developers to provide specific choices to their customers, and actually honor those choices.

 

Copyright © 2019 Womble Bond Dickinson (US) LLP All Rights Reserved.
For more on internet and data privacy concerns, see the National Law Review Communications, Media & Internet page.

DNA Information of Thousands of Individuals Exposed Online for Years

It is being reported that Vitagene, a company that provides DNA testing to provide customers with specific wellness plans through personalized diet and exercise plans based on their biological traits, left more than 3,000 user files publicly accessible on Amazon Web Services servers that were not configured properly.

The information that was involved included customers’ names, dates of birth and genetic information (such as the likelihood of developing medical conditions), as well as contact information and work email addresses. Almost 300 files contained raw genotype DNA that was accessible to the public.

Vitagene has been providing services since 2014 and the records exposed dated between 2015 and 2017. Vitagene was notified of the accessibility of the information on July 1, 2019, and fixed the vulnerability.

Copyright © 2019 Robinson & Cole LLP. All rights reserved.
This article was written by Linn F. Freedman of  Robinson & Cole LLP.