Cryptocurrency Brings Disruption to Bankruptcy Courts—What Parties Can Expect and the Open Issues Still To Be Resolved (Part Two)

In this second part of our blog exploring the various issues courts need to address in applying the Bankruptcy Code to cryptocurrency, we expand upon our roadmap.  In part one, we addressed whether cryptocurrency constitutes property of the estate, the impacts of cryptocurrency’s fluctuating valuation, issues of perfection, and the effects of cryptocurrency on debtor-in-possession financing.  In this part two, we explore preferential transfers of cryptocurrency, whether self-executing smart contracts would violate the automatic stay, and how confusing regulatory guidelines negatively impact bankruptcy proceedings, including plan feasibility.

Preferential Transfers

Pursuant to section 547(a) of the Bankruptcy Code, a debtor-in-possession (or trustee) can avoid a transfer of the debtor’s property to a creditor made in the 90-days before filing the petition if, among other things, the creditor received more than it would have in a Chapter 7 liquidation proceeding.  Notably, such a transfer can only be avoided if the thing transferred was the debtor’s property.  When cryptocurrency is valued and whether cryptocurrency is considered to be property of the estate can impact preference liability.

Perhaps the first question to arise in cryptocurrency preference litigation is whether the transferred cryptocurrency is property of the estate.  If, as in the Chapter 11 bankruptcy case of Celsius Network LLC and its affiliates, the cryptocurrency withdrawn by the accountholder during the ninety days prior to the bankruptcy is determined to be property of the estate, and not the accountholder’s property, a preferential transfer claim could be asserted.  If, however, the cryptocurrency was property of the accountholder, for instance if it was held in a wallet to which only the accountholder had exclusive rights, no preference liability would attach to the withdrawal of the cryptocurrency.

Assuming that a preferential transfer claim lies, the court must decide how to value the preferential transfer.  Section 550 of the Bankruptcy Code allows a debtor-in-possession to recover “the property transferred, or, if the court so orders, the value of such property.”[1] This gives the debtor-in-possession wide latitude in asserting a preference claim.  For instance, the debtor-in-possession could take the position that the cryptocurrency is a commodity, in which case a claim could be asserted to recover the cryptocurrency itself, which, by the end of the case, may be worth a much more than it was at the time of the transfer, with any gain accruing to the estate’s benefit.[2]  In contrast, the party receiving the transferred cryptocurrency would likely take the position that the cryptocurrency is currency, in which case a claim would be limited to the value of the cryptocurrency at the time of the transfer.[3]

The proper valuation methodology has not to date been definitively addressed by the courts.  Perhaps the closest a court has come to deciding that issue was in Hashfast Techs. LLC v. Lowe,[4] where the trustee claimed that a payment of 3,000 bitcoins to a supplier was a preferential transfer.  The bitcoin was worth approximately $360,000 at the time of the transfer but was worth approximately $1.2 million when the trustee asserted the preferential transfer claim.  The trustee argued that the payment to the supplier was intended to be a transfer of bitcoins and not a payment of $360,000, and that the supplier was required to pay 3,000 bitcoins to the estate, notwithstanding the substantial increase in value (and the resulting windfall to the estate).  Ultimately, the court refused to decide whether bitcoin is either currency or commodities and held that “[i]f and when the [trustee] prevails and avoids the subject transfer of bitcoin to defendant, the court will decide whether, under 11 U.S.C. § 550(a), he may recover the bitcoin (property) transferred or their value, and if the latter, valued as of what date.”[5]

The changing value of cryptocurrency will also impact the question of whether the creditor received more than it would have in a Chapter 7 liquidation proceeding.[6]  While the value of preferential transfers are determined at the time of the transfer,[7] the analysis of whether such transfer made the creditor better off than in a Chapter 7 liquidation is determined at the time of a hypothetical distribution, which means, practically, at the time of the petition.[8]  Therefore, if a customer withdraws cryptocurrency from a platform during the 90-day preference period, and the cryptocurrency experiences a decrease in value during those 90 days, that customer could arguably be liable for a preferential transfer because the withdrawn cryptocurrency was worth more at the time of the transfer than at the time of the petition.

Presently unanswered is whether the safe-harbor provisions provided for in section 546(e) of the Bankruptcy Code shield cryptocurrency transfers from preferential transfer attack.  Pursuant to section 546(e), a debtor-in-possession cannot avoid as a preference a margin payment or settlement payment made to “financial participant . . . in connection with a securities contract . . . commodity contract . . . [or] forward contract . . . that is made before the commencement of the case.” If the court determines that cryptocurrency is a security or commodity, and that the transfers were made in connection with forward or commodities contracts, then section 546(e) may shield those transfers from attack as preferential.

Violations of the Automatic Stay and Smart Contracts

The self-executing nature of smart contracts may raise automatic stay concerns.  The automatic stay arises upon the filing of a bankruptcy petition, and in general, prevents creditors and other parties from continuing their collection efforts against the debtor.[9]  Of relevance to smart contracts, section 362(a)(3) of the Bankruptcy Code states that the stay applies to “any act” to obtain possession of or control of property of the estate.  Very recently, in Chicago v. Fulton, the United Stated Supreme Court held that section 362(a)(3) prevented any “affirmative act that would alter the status quo at the time of the bankruptcy petition.”[10]

Prior to Fulton, a bankruptcy court in Arkansas examined an analogous issue in Hampton v. Yam’s Choice Plus Autos, Inc. (In re Hampton).[11]  In Hampton, the court adjudicated whether a device that automatically locked the debtor out of her car violated the automatic stay when it disabled function of the car’s engine postpetition.  The device relied on a code—if the debtor paid, the creditor sent her a code, which she would then input, and this prevented the device from automatically disabling the car’s starter.  In this instance, the court found a violation of the automatic stay.[12]

Based on current case law, it remains unclear whether a smart contract, operating automatically, would violate the automatic stay.  For example, if a smart contract is based on a DeFi loan, and it automatically executes postpetition to transfer to the lender assets of the estate, a court may find a violation of the automatic stay.

Hampton would suggest that such actions would be a violation—but two issues caution against relying on Hampton as a clear bellwether.  First, Hampton was decided pre-Fulton and it remains unclear whether, and to what extent, the Supreme Court’s holding in Fulton would change the outcome of Hampton. Second, a potentially key factual distinction exists: the device in Hampton required the creditor to give the debtor a code to prevent the disabling of the car, but smart contracts can be programmed to automatically execute postpetition without any further action by the parties.  If a smart contract is found to violate the automatic stay, the next question is whether such a violation is willful, meaning that a court can impose monetary penalties, including potentially punitive damages.[13]

Note that even if a smart contract is found not to violate the automatic stay, it does not mean that a creditor can retain the property.  Section 542 of the Bankruptcy Code requires those in possession of estate property to turnover the property to the estate.  The estate is created at the time of the filing of the petition, and therefore, any smart contract that executes postpetition would theoretically concern estate property and be subject to turnover.  Unfortunately, ambiguities arise even in this statute, as section 542 contains a good-faith exemption to the turnover mandate if the recipient is not aware of bankruptcy filing and transfers the assets.[14]  Thus, the turnover mandate may be difficult to apply to non-debtor parties to smart contracts who program the contract ahead of time with the knowledge that such a contract may execute after a bankruptcy petition but with no actual knowledge of such petition having been filed.

Regulatory Confusion

The regulatory world has no uniform approach to cryptocurrency. Both the Securities and Exchange Commission (SEC) and the Commodities Future Trading Commission (CFTC), perhaps in part spurred by executive pressure, recently advanced heavier regulatory oversight of cryptocurrency.[15]  The two agencies also share jurisdiction; one agency asserting authority to regulate cryptocurrency does not preclude the other from doing so.[16]  Other agencies, such as the Department of the Treasury’s Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCen), have also asserted the jurisdiction to regulate cryptocurrency.[17]  The result is regulatory confusion for market participants, both because of the sheer number of agencies asserting jurisdiction and the fact that individual agencies can sometimes issue confusing and ill-defined guidelines.

For instance, the SEC applies the Howey test, developed in the 1940s, to determine whether a specific cryptocurrency is a security.[18]  Unfortunately, the SEC has stated that whether a specific cryptocurrency is a security can change overtime, and recently announced even more cryptocurrencies that they believe meet Howey’s definition of a security via their lawsuits with crypto exchanges Binance.US and Coinbase.[19]

The regulatory confusion clouding cryptocurrency has directly impacted bankruptcy proceedings. One recent case study offers a glimpse into that disconcerting influence. In 2022, crypto exchange Voyager Digital Holdings Ltd. filed for Chapter 11 bankruptcy. Another major crypto exchange, Binance.US, entered into an agreement with Voyager to acquire its assets—valued at around $1 billion. The SEC, the New York Department of Financial Services (NYDFS), and the New York Attorney General all filed sale objections in Voyager’s bankruptcy proceedings, arguing that if Voyager’s crypto assets constitute securities, then Binance.US’s rebalancing and redistribution of these assets to its account holders would be an “unregistered offer, sale or delivery after sale of securities” in violation of Section 5 of the Securities Act.[20]  The NYDFS also alleged that the agreement “unfairly discriminates” against New York citizens by subordinating their recovery of diminished assets in favor of Voyager’s creditors—as well as foreclosing the option to recover crypto rather than liquidated assets.[21]

SEC trial counsel noted that, “regulatory actions, whether involving Voyager, Binance.US or both, could render the transactions in the plan impossible to consummate, thus making the plan unfeasible.”[22]  In April 2023, Binance.US sent Voyager a legal notice canceling the prospective transaction, writing that “the hostile and uncertain regulatory climate in the United States has introduced an unpredictable operating environment impacting the entire American business community.”[23]

The SEC’s desire towards regulating cryptocurrency as securities appears to be growing.  On August 15, 2023, the SEC settled for $24 million its claims against Bittrex, which included violations of Section 5 of the Securities Act.[24] Upon the settlement, the director of the SEC stated that Bittrex “worked with token issuers . . . in an effort to evade the federal securities law.  They failed.”[25]  Uncertainty combined with aggressive enforcement leaves cryptocurrency entities in an uncertain and precarious position.

Plan Feasibility

The Voyager case also highlights issues with plan feasibility in Chapter 11.  In Voyager, the SEC objected to plan feasibility on the basis that one known digital asset of Voyager was a security, and therefore, the purchaser should register as a securities dealer.[26]  Although the court overruled the SEC’s objection, as noted above, Binance.US ultimately withdrew its purchase offer, placing blame on the overall regulatory climate.[27]  As regulations remain uncertain, and government authorities have shown a willingness to assert themselves into the process of reorganization, debtors who file for bankruptcy will have to brace for new or unforeseen objections to an otherwise confirmable plan.

Conclusion

Cryptocurrency has been seen by some as a disruptive force in finance.  As the above issues show, it also appears to be a disruptive force in bankruptcy cases.  Debtors and creditors alike will have to weather the disruption as best they can while the courts continue to grapple with the many open issues raised by cryptocurrencies.

See Cryptocurrency Brings Disruption to Bankruptcy Courts—What Parties Can Expect and the Open Issues Still To Be Resolved (Part One)


[1] See 11 U.S.C. § 550(a).

[2] This position would arguably be consistent with cases interpreting section 550(a) of the Bankruptcy Code that have held that the estate is entitled to recover the value of the property when value has appreciated subsequent to the transfer.  See, e.g., In re Am. Way Serv. Corp., 229 B.R. 496, 531 (Bankr. S.D. Fla. 1999) (noting that when the value of the transferred property has appreciated, “the trustee is entitled to recover the property itself, or the value of the property at the time of judgment.”).

[3] Mary E. Magginis, Money for Nothing: The Treatment of Bitcoin in Section 550 Recovery Actions, 20 U. Pa. J. Bus. L. 485, 516 (2017).

[4] No. 14-30725DM (Bankr. N.D. Cal. Feb. 22, 2016),

[5] Order on Motion for Partial Summary Judgment at 1-2, Hashfast Techs. LLC v. Lowe, Adv. No. 15-3011DM (Bankr. N.D. Cal. 2016) (ECF No. 49).

[6] See 11 U.S.C. § 547(b)(5) (requiring the transferee to have received more that it would have received in a Chapter 7 liquidation).

[7] Maginnis, supra note 3.

[8] See In re CIS Corp., 195 B.R. 251, 262 (Bankr. S.D.N.Y. 1996) (“Thus, the Code § 547(b)(5) analysis is to be made as of the time the Debtor filed its bankruptcy petition); Sloan v. Zions First Nat’l Bank (In re Casteltons, Inc.), 990 F.2d 551, 554 (9th Cir. 1993) (“When assessing an alleged preferential transfer, the relevant inquiry . . . [is] . . . the actual effect of the payment as determined when bankruptcy results.”).

[9] 11 U.S.C. § 362(a).

[10] 141 S.Ct. 585, 590 (2021).

[11] 319 B.R. 163 (Bankr. E.D. Ark. 2005).

[12] Hampton, 319 B.R. at 165-170.

[13] See 11 U.S.C. § 362(k) (providing that, subject to a good faith exception “an individual injured by any willful violation of [the automatic stay] shall recover actual damages, including costs and attorneys’ fees, and, in appropriate circumstances, may recover punitive damages.”).

[14] See 11 U.S.C. § 542(c).

[15] David Gura, The White House calls for more regulations as cryptocurrencies grow more popular (Sept. 6, 2022, 6:00 AM), https://www.npr.org/2022/09/16/1123333428/crypto-cryptocurrencies-bitcoin-terra-luna-regulation-digital-currencies.

[16] See, e.g.CFTC v. McDonnell, 287 F. Supp. 3d 222, 228-29 (E.D.N.Y. 2018) (“The jurisdictional authority of CFTC to regulate virtual currencies as commodities does not preclude other agencies from exercising their regulatory power when virtual currencies function differently than derivative commodities.”).

[17] See Treasury Announces Two Enforcements Actions for over $24M and $29M Against Virtual Currency Exchange Bittrex, Inc., (October 11, 2022), https://home.treasury.gov/news/press-releases/jy1006.

[18] See SEC v. W.J. Howey Co., 328 U.S. 293 (1946).

[19] Emily Mason, Coinbase Hit With SEC Suit That Identifies $37 Billion of Crypto Tokens As Securities, (June 6, 2023 5:08 pm), https://www.forbes.com/sites/emilymason/2023/06/06/coinbase-hit-with-sec-suit-that-identifies-37-billion-of-crypto-tokens-as-securities/?sh=3cc4c6d667a9SEC Charges Crypto Asset Trading Platform Bittrex and its Former CEO for Operating an Unregistered Exchange, Broker, and Clearing Agencyhttps://www.sec.gov/news/press-release/2023-78 (last visited July 31, 2023).

[20] Jack Schickler, SEC Objects to Binance.US’ $1B Voyager Deal, Alleging Sale of Unregistered Securities, (last updated Feb. 23, 2023 at 2:32 p.m.), https://www.coindesk.com/policy/2023/02/23/sec-objects-to-binanceus-1b-voyager-deal-alleging-sale-of-unregistered-securities/.

[21] See NYDFS Objection to Plan, In re Voyager Digital Holdings, et al. at 9-10, No. 22-10943 (Bankr. S.D.N.Y. Feb. 22, 2023) [ECF No. 1051].

[22] Kari McMahon, SEC and New York Regulators Push Back on Binance.US’s Acquisition of Voyager, The Block (Feb. 23, 2023), https://www.theblock.co/post/214333/sec-and-new-york-regulators-push-back-on-binance-uss-acquisition-of-voyager.

[23] Yueqi Yang & Steven Church, Binance US Ends $1 Billion Deal to Buy Bankrupt Crypto Firm Voyager, Bloomberg (April 25, 2023), https://www.bloomberg.com/news/articles/2023-04-25/binance-us-terminates-deal-to-buy-bankrupt-crypto-firm-voyager.

[24] See Crypto Asset Trading Platform Bittrex and Former CEO to Settle SEC Charges for Operating an Unregistered Exchange, Broker, and Clearing Agencyhttps://www.sec.gov/news/press-release/2023-150 (last visited Sept. 18, 2023).

[25] Id.

[26] See Objection of the U.S. Securities Exchange Commission to Confirmation at 3 n.5, In re Voyager Digital Holdings, et al., No. 22-10943 (Bankr. S.D.N.Y. Feb. 22, 2023) (ECF No. 1047).

[27] See supra at n. 23.

For more articles on cryptocurrency, visit the NLR communications, media and internet section.

Navigating Data Ownership in the AI Age, Part 1: Types of Big Data and AI-Derived Data

The emergence of big data, artificial intelligence (AI), and the Internet of Things (IoT) has fundamentally transformed our understanding and utilization of data. While the value of big data is beyond dispute, its management introduces intricate legal questions, particularly concerning data ownership, licensing, and the protection of derived data. This article, the first installment in a two-part series, outlines challenges and opportunities presented by AI-processed and IoT-generated data. The second part, to be published Thursday, October 19, will discuss the complexities of the legal frameworks that govern data ownership.

Defining Big Data and Its Legal Implications

Big data serves as a comprehensive term for large, dynamically evolving collections of electronic data that often exceed the capabilities of traditional data management systems. This data is not merely voluminous but also possesses two key attributes with significant legal ramifications. First, big data is a valuable asset that can be leveraged for a multitude of applications, ranging from decoding consumer preferences to forecasting macroeconomic trends and identifying public health patterns. Second, the richness of big data often means it contains sensitive and confidential information, such as proprietary business intelligence and personally identifiable information (PII). As a result, the management and utilization of big data require stringent legal safeguards to ensure both the security and ethical handling of this information.

Legal Frameworks Governing Data Ownership

Navigating the intricate landscape of data ownership necessitates a multi-dimensional understanding that encompasses legal, ethical, and technological considerations. This complexity is further heightened by diverse intellectual property (IP) laws and trade secret statutes, each of which can confer exclusive rights over specific data sets. Additionally, jurisdictional variations in data protection laws, such as the European Union’s General Data Protection Regulation (GDPR) and the United States’ California Consumer Privacy Act (CCPA), introduce another layer of complexity. These laws empower individuals with greater control over their personal data, granting them the right to access, correct, delete, or port their information. However, the concept of “ownership” often varies depending on the jurisdiction and the type of data involved — be it personal or anonymized.

Machine-Generated Data and Ownership

The issue of data ownership extends beyond individual data to include machine-generated data, which introduces its own set of complexities. Whether it’s smart assistants generating data based on human interaction or autonomous vehicles operating independently of human input, ownership often resides with the entity that owns or operates the machine. This is typically defined by terms of service or end-user license agreements (EULAs). Moreover, IP laws, including patents and trade secrets, can also come into play, especially when the data undergoes specialized processing or analysis.

Derived Data and Algorithms

Derived and derivative algorithms refer to computational models or methods that evolve from, adapt, or draw inspiration from pre-existing algorithms. These new algorithms must introduce innovative functionalities, optimizations, or applications to be considered derived or derivative. Under U.S. copyright law, the creator of a derivative work generally holds the copyright for the new elements that did not exist in the original work. However, this does not extend to the foundational algorithm upon which the derivative algorithm is based. The ownership of the original algorithm remains with its initial creator unless explicitly transferred through legal means such as a licensing agreement.

In the field of patent law, derivative algorithms could potentially be patented if they meet the criteria of being new, non-obvious, and useful. However, the patent would only cover the novel aspects of the derivative algorithm, not the foundational algorithm from which it was derived. The original algorithm’s patent holder retains their rights, and any use of the derivative algorithm that employs the original algorithm’s patented aspects would require permission or licensing from the original patent holder.

Derived and derivative algorithms may also be subject to trade secret protection, which safeguards confidential information that provides a competitive advantage to its owner. Unlike patents, trade secrets do not require registration or public disclosure but do necessitate reasonable measures to maintain secrecy. For example, a company may employ non-disclosure agreements, encryption, or physical security measures to protect its proprietary algorithms.

AI-Processed and Derived Data

The advent of AI has ushered in a new era of data analytics, presenting both unique opportunities and challenges in the domain of IP rights. AI’s ability to generate “derived data” or “usage data” has far-reaching implications that intersect with multiple legal frameworks, including copyright, trade secrets, and potentially even patent law. This intersectionality adds a layer of complexity to the issue of data ownership, underscoring the critical need for explicit contractual clarity in licensing agreements and Data Use Agreements (DUAs).

AI-processed and derived data can manifest in various forms, each with unique characteristics. Extracted data refers to data culled from larger datasets for specific analyses. Restructured data has been reformatted or reorganized to facilitate more straightforward analysis. Augmented data is enriched with additional variables or parameters to provide a more comprehensive view. Inferred data involves the creation of new variables or insights based on the analysis of existing data. Lastly, modeled data has been transformed through ML models to predict future outcomes or trends. Importantly, these data types often contain new information or insights not present in the original dataset, thereby adding multiple layers of value and utility.

The benefits of using AI-processed and derived data can be encapsulated in three main points. First, AI algorithms can clean, sort, and enrich data, enhancing its quality. Second, the insights generated by AI can add significant value to the original data, rendering it more useful for various applications. Third, AI-processed data can catalyze new research, innovation, and product development avenues.

Conversely, the challenges in data ownership are multifaceted. First, AI-processed and derived data often involves a complex web of multiple stakeholders, including data providers, AI developers, and end users, which can complicate the determination of ownership rights. Second, the rapidly evolving landscape of AI and data science leads to a lack of clear definitions for terms like “derived data,” thereby introducing potential ambiguities in legal agreements. Third, given the involvement of multiple parties, it becomes imperative to establish clear and consistent definitions and agreements that meticulously outline the rights and responsibilities of each stakeholder.

For more articles on AI, visit the NLR Communications, Media and Internet section.

California’s “Delete Act” Significantly Expands Requirements for Data Brokers

California recently passed a groundbreaking new law aimed at further regulating the data broker industry. California is already one of only three states (along with Oregon and Vermont) that require data brokers—businesses that collect and sell personal information from consumers with whom the business does not have a direct relationship—to meet certain registration requirements.

Under the new law, the regulation of data brokers—including the registration requirements—falls within the purview of the California Privacy Protection Agency (CPPA) and requires data brokers to comply with expanded disclosure and record keeping requirements. Notably, the law also requires the CPPA to make an “accessible deletion mechanism” available to consumers at no cost by January 1, 2026. The tool is intended to act as a single “delete button,” allowing consumers to request the deletion of all of their personal information held by registered data brokers within the state.

Putting it into practiceBusinesses considered “data brokers” should carefully review the new and expanded requirements and develop a compliance plan, as certain aspects of the law (e.g., the enhanced registry requirements) go into effect as soon as January 31, 2024.

For more articles on data brokers, visit the NLR Communications, Media and Internet section.

Chat with Caution: The Growing Data Privacy Compliance and Litigation Risk of Chatbots

In a new wave of privacy litigation, plaintiffs have recently filed dozens of class action lawsuits in state and federal courts, primarily in California, seeking damages for alleged “wiretapping” by companies with public-facing websites. The complaints assert a common theory: that website owners using chatbot functions to engage with customers are violating state wiretapping laws by recording chats and giving service providers access to them, which plaintiffs label “illegal eavesdropping.”

Chatbot wiretapping complaints seek substantial damages from defendants and assert new theories that would dramatically expand the application of state wiretapping laws to customer support functions on business websites.

Although there are compelling reasons why courts should decline to extend wiretapping liability to these contexts, early motions to dismiss have met mixed outcomes. As a result, businesses that use chatbot functions to support customers now face a high-risk litigation environment, with inconsistent court rulings to date, uncertain legal holdings ahead, significant statutory damages exposure, and a rapid uptick in plaintiff activity.

Strict State Wiretapping Laws

Massachusetts and California have some of the most restrictive wiretapping laws in the nation, requiring all parties to consent to a recording, in contrast to the one-party consent required under federal and many state laws. Those two states have been key battlegrounds for plaintiffs attempting to extend state privacy laws to website functions, partly because they provide for significant statutory damages per violation and an award of attorney’s fees.

Other states with wiretapping statutes requiring the consent of all parties include Delaware, Florida, Illinois, Maryland, Montana, Nevada, New Hampshire, Pennsylvania, and Washington. As in Massachusetts and California, litigants in Florida and Pennsylvania have started asserting wiretapping claims based on website functions.

Plaintiffs’ Efforts to Extend State Wiretapping Laws to Chatbot Functions

Chatbot litigation is a product of early favorable rulings in cases targeting other website technologies, refashioned to focus on chat functions. Chatbots allow users to direct inquiries to AI virtual assistants or human customer service representatives. Chatbot functions are often deployed using third-party vendor software, and when chat conversations are recorded, those vendors may be provided access to live recordings or transcripts.

This most recent wave of plaintiffs now claim that recording chat conversations and making them accessible to vendors violates state wiretapping laws, with liability for both the website operator and the vendor. However, there are several reasons why the application of wiretapping laws in this context is inappropriate, and defendants are asserting these legal arguments in early dispositive motion practice with mixed results.

What Businesses Can Do to Address Growing Chatbot Litigation Risk

Despite compelling legal arguments for why these suits should be stopped, businesses with website chat functions should exercise caution to avoid being targeted, as we expect to see chatbot wiretap claims to skyrocket. This litigation risk is present in all two-party consent states, but especially in Massachusetts and California. Companies should beware that they can be targeted in multiple states, even if they do not offer products or services directly to consumers.

In this environment, a review and update of your company’s website for data privacy compliance, including chatbot activities, is advisable to avoid expensive litigation. These measures include:

  • Incorporating clear disclosure language and robust affirmative consent procedures into the website’s chat functions, including specific notification in the function itself that the chatbot is recording and storing communications
  • Expanding website dispute resolution terms, including terms that could reduce the risk of class action litigation and mass arbitration
  • Updating the website’s privacy policy to accurately and clearly explain what data, if any, is recorded, stored, and transmitted to service providers through its chat functions, ideally in a dedicated “chat” section
  • Considering data minimization measures in connection with website chat functions
  • Evaluating third-party software vendors’ compliance history, including due diligence to ensure a complete understanding of how chatbot data is collected, transmitted, stored, and used, and whether the third party’s privacy policies are acceptable

Companies may also want to consider minimizing aspects of their chatbots that have a high annoyance factor – such as blinking “notifications” – to reduce the likelihood of attracting a suit. This list is not comprehensive, and businesses should ensure their legal teams are aware of their website functions and data collection practices.

For more articles on privacy, visit the NLR Communications, Media and Internet section.

Emojis in eDiscovery

Emojis Pose Challenges to Lawyers, Juries & Discovery Specialists

We have all used emojis.  Whether in our text messages or in our IMs, these wordless communications are commonplace.  In fact, by some estimates, more than 10 billion emojis are sent every day in various electronic messaging mediums. With the use of chat and mobile platforms only increasing, what do lawyers and eDiscovery professionals need to know about these marks and how they impact the discovery process and the courtroom?

What is an Emoji?

Emojis are small cartoon images that are interpreted and supported at the discretion of each application developer.  The predecessor to the emoji was the emoticon.

Why Are Emojis Complicated?

Anyone reading eDiscovery content knows that these tiny little carton pictures while often playful and cute, can be a challenge to identify, collect and process.  Part of the challenge is volume driven but part is platform driven.  Specifically, the Unicode Consortium, which is the standards body that allows software to recognize text characters and display them uniformly, acknowledges thousands of different emojis. But that number includes variables of the same image – for example different genders and skin tonality. And while much work has been done to standardize emojis, different systems support different emojis.  For example, while a slice of pizza is likely recognized universally, in reality a slice from the popular Domino’s® franchise looks different from a slice bought at the local brick oven pizza parlor.  Similarly, when dealing in emojis, a slice of pizza viewed on one device will look different than one viewed on a device by a different company.  For those of you who have ever shared a text among different phone operating system users, you have undoubtedly learned this lesson before now.  Indeed, if you ever received the question mark inside the rectangular shaped box – which appears when the recipient’s application does not support the sender’s application – the emoji image is indecipherable.   Complicating this phenomenon is that different instant messaging systems have proprietary emojis and additionally allow users to create their own emojis – none of which are acknowledged by Unicode.org. Add to that the fact that emojis often evolve.  For example, the “pistol” emoji was changed in 2016 by one operating system to a less dangerous version of itself (i.e., a “water pistol” or “toy gun”).  But, when received by a different platform, that water pistol or toy gun emoji might still appear to be a regular “gun” or “pistol” emoji.

Emojis in Litigation

Assuming you have been able to secure during discovery relevant emojis, use during litigation can be paved with surprises.  In fact, once a wordless communication (i.e., an emoji) is admitted into the record, courts and juries will look to the surrounding circumstances to interpret the communication.  And, while this analysis generally includes scrutiny of the accompanying text and whether the emoji alters the meaning of the message, how does one account for platform interpretation issues?  Meaning – what if the water gun I sent from my device is received by another device in a way that reflects a menacing weapon thereby manifesting a different intent to the recipient than what was intended by the sender.  At first glance, the emoji may seem innocuous, such as a simple smile to communicate happiness but taken in the context or community in which the communication is used, the meaning may be interpreted differently by the sender and/or recipient.  Indeed, emojis should not be considered a universal language having universal meaning and, like certain physical actions, the meaning of symbols can vary by community or culture.  Consider for example that the “thumbs up” emoji is considered vulgar in many countries in the Middle East yet typically considered a positive expression in most other countries.[1]

Because the complexities of interpreting the meaning and intent of the emoji in court is exacerbated by competing platforms, focused inquiry on the sender’s and recipient’s intent, surrounding circumstances and accompanying text may be critical. Unfortunately, 1 + 1 does not always equal 2 and things may not be as they may appear merely because of a certain electronically generated animated face.


[1] A few cases involving emojis include Ghanam v. Does (where the Michigan Court of Appeals had to analyze the circumstances surrounding the use of the emoji “sticking out its tongue” within a communication in a defamation case); Commonwealth v. Danzey, (smile face embedded in social media did not immunize claims defendant stalked and harassed victim where wording demonstrated criminal intent); Kryzac v. State, (Tennessee case where “frowning face” emoji used as evidence of relationship between defendant and victim); State v. Disabato, (defendant in Ohio was convicted of telecommunications harassment for sending unwanted text messages, some of which included “rodent” emojis); Commonwealth v. Foster (Pennsylvania defendant on probation for a drug-related conviction raised the suspicion of his probation officer when he posted photographs depicting guns and money along with three “pill” emoji).

For more articles on eDiscovery, visit the NLR Litigation section.

Using AI to Replicate or Replace Human Creativity May Violate Intellectual Property Law

As artificial intelligence (AI) becomes better and more prevalent, people will increasingly use its computing power to supplement or replace human creativity. Film director Gareth Edwards attempted to do just that  in his new movie, The Creator, about artificial intelligence. Edwards used an AI algorithm to attempt to replicate the musical style of composer Hans Zimmer.  Ultimately, Edwards abandoned this effort and hired Zimmer to compose the score because although the AI-generated track was convincing, Edwards believed it still felt short of human Zimmer’s work.

Because AI generates new content through a database of existing content, the model’s output can convincingly replicate existing artists. However, the AI-generated content may be simplistic and lack a human’s creativity. In an interview with the MIT Technology Review, Edwards stated his belief that generative AI should be embraced like Photoshop and treated like a tool for improving the creative process.

Although there may be similar creative benefits between generative AI and Photoshop, using AI to replicate or replace human creativity may violate intellectual property laws. Writers, including Game of Thrones author George R.R. Martin, are currently suing OpenAI alleging that the company violated the authors’ copyrights by using their collective works to train its model. The results of this case and similar cases may determine the future viability of generative AI as a creative tool for mass consumer entertainment.

For more articles on AI, visit the NLR Communications, Media & Internet section.

Intellectual Property for the Metaverse

How do you use the patent system to protect inventions related to the metaverse?

What is the Metaverse?

Merriam-Webster defines the metaverse as “a persistent virtual environment that allows access to and interoperability of multiple individual virtual realities.” The term “metaverse” originates from dystopian science fiction novels in which it referred to an immersive, computer-generated virtual world. Today’s “metaverse” is now firmly integrated into the technology sector and can be thought of as a common virtual world shared by all users across a plurality of platforms. Examples of metaverse-related technology includes the software that generates these virtual environments, as well as virtual reality (VR) and augmented reality (AR) headsets and other devices that enable human interaction with the environment and representations of other humans within it.

The adoption of metaverse-related technology is expanding. In 2021 the company then known as Facebook rebranded to “Meta” in an effort to emphasize the company’s commitment to developing a metaverse. In Fall of 2022, Apple announced the development of its own VR/AR headset. 2022 also saw the launch of the first Metaverse Fashion Week.

These events are indicative of the growing emphasis on the metaverse and the expectation amongst technology companies that the metaverse will be the eventual successor to the internet, smartphones, and/or social media. Applications of the metaverse are not limited to socialization and gaming—as the metaverse expands there is increased acknowledgment of the benefits it may provide in other settings, including in education, finance, and medicine.

As patent attorneys and innovators, we ask: How do you use the existing framework of the patent system to best protect inventions related to the metaverse?

Using Patents to Protect Inventive Concepts in the Metaverse

In this blog post, we explore considerations for protecting inventions in and related to the metaverse. Because many of these technologies are new and the industry surrounding the metaverse is in its infancy, inventions made today may prove to be quite valuable in the coming years. Protecting these inventions today is likely to be well worth the investment in the future. Inventive concepts in the metaverse can be protected using both utility patents which focus on the functional benefits of an invention and design patents which focus on the ornamental aspects of an invention.

Utility Applications for Metaverse

Utility patents may be used to protect the functional aspects of hardware or software-based innovative technologies in the metaverse.

Innovators in the metaverse environment might pursue patent protection on technologies associated with headsets, displays, cameras, user control interfaces, networked storage and servers, processors, power components, interoperability, communication latency, and the like. These hardware-based inventions for the metaverse may be a natural expansion of those previously developed for augmented and virtual reality, video-game technology, or the internet. Accordingly, patent applicants may look to those fields for best practices in protecting their hardware-based inventions. As with any patent application, identifying a point of novelty early on in the process is essential to deciding whether and how to pursue patent protection.

Software-based inventions may include technologies associated with performing tasks in the metaverse, such as representation of virtual environments and avatars, speech/voice processing, and blockchain transactions (e.g., for purchasing virtual goods). These software-based inventions may face additional challenges at the U.S. Patent and Trademark Office (USPTO), where the patent eligibility bar under 35 U.S.C. §101 prohibits the patenting of “abstract ideas” which may include methods of organizing human activity, mental processes, and mathematical concepts. It is typical for software-related patent applications to receive a patent eligibility rejection during the examination process.

One challenge in patenting software-based applications for the metaverse includes the fact that software that merely implements a process that is equivalent to a known process outside of the metaverse environment is unlikely to be allowed by the USPTO. However, a software-based invention that accounts for the changes introduced by being in a metaverse environment and addresses what specific problems were unique to the metaverse may be found patentable by the USPTO. Thus, best practices for drafting patent applications related to the metaverse may be to include details surrounding the considerations taken to account for the change in operating in the metaverse environment as opposed to a non-metaverse environment in any patent applications.

Additionally, while patent applicants may draft patent applications with the USPTO in mind, applicants should also consider the intricacies of claiming patent protection for software related technologies on a global basis. For example, patent applicants should consider that patents for software processes are more difficult to acquire in Europe unless clear indications of how a software-based invention provides a technical solution to a technical problem are included in the application.

Design Applications for Metaverse

Innovators in the metaverse may also use design patents to protect ornamental aspects of their invention. For example, fashion companies may seek protection of their branded objects within the metaverse. Technology companies may try to protect the ornamental features of their headsets or user interfaces.

The protection of objects within the metaverse presents an interesting avenue for patent protection. Objects displayed within the metaverse may be protected similarly to how innovations in video-game technology, web applications and graphical user interfaces are currently protected using design patents. For example, representations of physical items within a virtual environment can be considered computer-generated icons that can be protected so long as they are shown in an embodiment tying them to an article of manufacture such as a computer screen, monitor, other display panel, or any portion thereof in compliance with 35 U.S.C. 171. Similarly, movement of items within a multiverse environment can be protected similar to how changeable computer generated icons are protected today.

Again, while patent applicants may focus on the requirements of the USPTO, it is important to note that the metaverse is inherently global in its nature and that industrial design applications across the globe may have different requirements. For example, Europe does not require a display screen for industrial designs. Accordingly, comprehensive strategies for design protection of metaverse related technologies may consider the nuances of seeking industrial design protection in various jurisdictions.

Other Methods for Protecting Inventive Concepts in the Metaverse

As with any product or company, a comprehensive strategy for intellectual property protection includes not only patents but also trademarks and copyrights. As intellectual property attorneys consider the best ways to protect a client’s product, they may often turn to trademarks and copyrights in connection with design and utility patent applications to provide more holistic protection of intellectual property assets. For example, fashion-based companies may utilize a combination of trademark protection and design patent protection for their brands and the innovative designs for which they are known in the metaverse. Software-based companies may turn to a combination of copyright and utility patents to protect innovative functionality for the metaverse.

Concluding Thoughts

The growth in use of utility and design patent applications to protect concepts related to the metaverse is immense. One study conducted by IALE Tecnología found that “over the past five years, metaverse-related patent applications have doubled to more than 2,000.” This rapid expansion in patents for innovative concepts surrounding the metaverse is only expected to advance in the coming years.

Cohesive and comprehensive strategies involving utility patents, design patents, trademarks, copyrights and trade secrets are likely to provide the best protection to innovators operating in the metaverse.

©1994-2023 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

For more Intellectual Property Legal news, click here to visit the National Law Review.

Clop Claims Zero-Day Attacks Against 130 Organizations

Russia-linked ransomware gang Clop has claimed that it has attacked over 130 organizations since late January, using a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, and was successful in stealing data from those organizations. The vulnerability is CVE-2023-0669, which allows attackers to execute remote code execution.

The manufacturer of GoAnywhere MFT notified customers of the vulnerability on February 1, 2023, and issued a patch for the vulnerability on February 7, 2023.

HC3 issued an alert on February 22, 2023, warning the health care sector about Clop targeting healthcare organizations and recommended:

  • Educate and train staff to reduce the risk of social engineering attacks via email and network access.
  • Assess enterprise risk against all potential vulnerabilities and prioritize implementing the security plan with the necessary budget, staff, and tools.
  • Develop a cybersecurity roadmap that everyone in the healthcare organization understands.

Security professionals are recommending that information technology professionals update machines to the latest GoAnywhere version and “stop exposing port 8000 (the internet location of the GoAnywhere MFT admin panel).”

Copyright © 2023 Robinson & Cole LLP. All rights reserved.

Privacy Tip #358 – Bank Failures Give Hackers New Strategy for Attacks

Hackers are always looking for the next opportunity to launch attacks against unsuspecting victims. According to Cybersecurity Diveresearchers at Proofpoint recently observed “a phishing campaign designed to exploit the banking crisis with messages impersonating several cryptocurrencies.”

According to Cybersecurity Dive, cybersecurity firm Arctic Wolf has observed “an uptick in newly registered domains related to SVB since federal regulators took over the bank’s deposits…” and “expects some of those domains to serve as a hub for phishing attacks.”

This is the modus operandi of hackers. They use times of crises, when victims are vulnerable, to launch attacks. Phishing campaigns continue to be one of the top risks to organizations, and following the recent bank failures, everyone should be extra vigilant of urgent financial requests and emails spoofing financial institutions, and take additional measures, through multiple levels of authorization, when conducting financial transactions.

We anticipate increased activity following these recent financial failures attacking individuals and organizations. Communicating the increased risk to employees may be worth consideration.

Copyright © 2023 Robinson & Cole LLP. All rights reserved.

How to Succeed in Environmental Marketing Claims

Environmental marketing claims often present something of a Catch-22—companies that are doing actual good for the environment deserve to reap the benefits of their efforts, and consumers deserve to know, while at the same time, heightened scrutiny from the Federal Trade Commission (FTC), the National Advertising Division (NAD), state regulators and the plaintiffs’ bar have made such claims increasingly risky.

In 2012, the FTC issued the Green Guides for the use of environmental marketing claims to protect consumers and to help advertisers avoid deceptive environmental marketing. Compliance with the Green Guides may provide a safe harbor from FTC enforcement, and from liability under state laws, such as California’s Environmental Marketing Claims Act, that incorporate the Green Guides. The FTC has started a process to revise the Green Guides, including a request for comments about the meaning of “sustainable.” In the meantime, any business considering touting the environmental attributes of its products should consider the following essential takeaways from the Green Guides in their current form:

    • Substantiation: Substantiation is key! Advertisers should have a reasonable basis for their environmental claims. Substantiation is the support for a claim, which helps ensure that the claim is truthful and not misleading or deceptive. Among other things, substantiation requires documentation sufficient to verify environmental claims.
    • General benefit claims: Advertisers should avoid making unqualified claims of general benefit because substantiation is required for each reasonable interpretation of the claim. The more narrowly tailored the claim, the easier it is to substantiate.
    • Comparative claims: Advertisers should be careful and specific when making comparative claims. For example, a claim that states “20% more recycled content” begs the question: “compared to what?” A prior version of the same product? A competing product? Without further detail, the advertiser would be responsible for the reasonable interpretation that the product has 20% more recycled content than other brands, as well as the interpretation that the product has 20% more recycled content than the advertiser’s older products.
    • General greenwashing terms: Advertisers should be very cautious when using general environmental benefit terms such as “eco-friendly,” “sustainable,” “green,” and “planet-friendly.” Those kinds of claims feature prominently in many complaints alleging greenwashing, and they should only be used where the advertiser knows and explains what the term means, and can substantiate every reasonable interpretation of the claim.

Putting it into Practice: Given the scrutiny that environmental claims tend to attract, advertisers should exercise care when making environmental benefit claims about their products and services. They should narrowly tailor their claims to the specific environmental attributes they want to promote, and perhaps most important, they should ensure they have adequate backup to substantiate their claims. While the FTC Green Guides are due for a refresh (which we will surely report on), for the time being, they will continue to serve as important guidance for advertisers seeking to inform consumers without exposing their business to FTC scrutiny or class action litigation.