Category: Global

President Trump Announces Withdrawal from Paris Agreement on Climate Change

President Trump announced on Thursday his intention to initiate a formal withdrawal of the United States from the Paris Agreement, a global agreement designed to address climate change by reducing greenhouse gas (“GHG”) emissions. The President indicated that the United States would move forward with the pull-out and possibly attempt to re-negotiate the agreement in order to get “terms that are fair to the United States.”  President Trump frequently discussed pulling out of the Paris Agreement while on the campaign trail, citing concerns regarding its potential impact on the American economy, particularly the energy sector.

While the President’s intentions are clear, the path forward is less obvious. The U.S. cannot immediately exit the Paris Agreement and several nations, including Germany, France, and Italy, announced in a joint statement that “that the Paris Agreement cannot be renegotiated.”  In addition to announcing withdrawal from the Paris Agreement, President Trump also indicated that the U.S. would immediately halt the remaining $2 billion of the $3 billion in aid to developing countries pledged by President Obama as a part of the Green Climate Fund, which also is a component of the UNFCCC.

The Paris Agreement’s formal processes does not allow for a notice of withdrawal to be submitted until November 4, 2019, after which it will take one year for such notice to become effective. Assuming adherence to this process, the earliest the U.S. can formally withdraw from the Paris Agreement is November 5, 2020, one day after the next presidential election.  Because the Agreement’s only binding obligations are certain reporting requirements, the withdrawal is viewed by some as a symbolic gesture, since any federal GHG reduction measures resulting from the Paris Agreement would still need to be pursued through domestic legislation or regulatory action.  As a practical matter, irrespective of the Paris Agreement the administration can—and likely will—take steps to alter federal climate change policy.

Paris Agreement Background

The Paris Agreement builds on the United Nations Framework Convention on Climate Change (UNFCCC), a treaty signed by President George H. W. Bush and ratified by the United States Senate in 1992. The Paris Agreement was adopted in December 2015 as part of the twenty-first session of the Conference of the Parties (COP21) to the UNFCCC.  Following its initial adoption, President Obama ratified the Paris Agreement as an “executive agreement” on September 3, 2016.  The Paris Agreement was ultimately signed by 195 parties, ratified by 146 nations and the European Union, and entered into force on November 4, 2016.

The Paris Agreement directs signatory nations to develop voluntary GHG reduction measures, known as “Intended Nationally Determined Contributions,” which convert to “Nationally Determined Contributions” (NDCs) after a nation ratifies the Paris Agreement.  The Paris Agreement further provides for periodic updates to NDCs in order to continually “enhance” emission reductions targets.  The Paris Agreement’s only binding provisions are reporting obligations largely governed by the UNFCCC and “global stocktakes” that occur every five years.  These reporting measures were designed to help track total carbon emissions and progress towards meeting each NDC.  However, actual attainment of an NDC is voluntary and the Paris Agreement has no legally binding enforcement mechanism. The Paris Agreement also directs wealthier nations to help developing nations reduce GHG emissions and adapt to the impacts of climate change, but again these actions would be taken on a voluntary basis.

What happens next?

The UNFCCC made a formal statement in response to President Trump’s announcement that it “regrets” the decision of the United States to withdraw from the Paris Agreement, and that it remains open to discussion of the rules and modalities currently being negotiated for implementation of the Paris Agreement.  At the same time, the UNFCCC stated that the Paris Agreement has been “signed by 195 Parties and ratified by 146 countries plus the European Union [and] cannot be renegotiated based on the request of a single Party.”  Based on this statement and similar statements from France, Germany, Italy, and other nations, it appears that any near-term renegotiation of the Paris Agreement is unlikely.

Regardless of whether the United States is a party to the Paris Agreement, multinational corporations will still be subject to GHG reduction programs in other nations as those nations attempt to fulfill their NDCs. In addition, France and other nations have indicated the possibility of imposing a carbon tax on American imports from certain industries if the United States does formally withdraw from the Paris Agreement.

Under the Paris Agreement, the United States established its NDC as a goal of reducing GHG emissions 26-28 percent below 2005 levels, by 2025, and to make “best efforts” to reduce emissions by 28 percent. It is important to note that the U.S. is in the first sustained period where greenhouse gas emissions have decreased while economic growth has increased, largely the result of increased reliance on natural gas, improved vehicle fuel economy, state and regional GHG programs, and growth in renewable energy.  These factors are likely to persist even if the U.S. leaves the Paris Agreement.  And even in the absence of U.S. commitments under the Paris Agreement or additional federal action, U.S. GHG emissions are expected to decline by about 15-18 percent below 2005 levels by 2025.

The federal Clean Power Plan was one measure that was expected to further reduce U.S. GHG emissions. However, that program is subject to ongoing legal challenges and has been stayed by the U.S. Supreme Court.  There also are various lawsuits underway seeking to compel the federal government to take action on climate change. See e.g., Juliana v. United States, No. 6:15-cv-01517-TC (D. Or. Nov. 10, 2016).   Apart from litigation, the Trump Administration has indicated a willingness to modify the Clean Power Plan (should it be upheld) and reconsider other federal regulations and programs directed at GHG emissions and climate change, such as motor vehicle emissions standards.  These processes will take time to play out and, in combination with ongoing state-level programs, will ultimately determine the course of climate change policy in the United States for the remainder of the Trump Administration.

This post was written by Brook J. Detterman, Leah A. Dundon and Kristin H. Gladd of Beveridge & Diamond PC.

State Department Makes Predictions about EB Cut-Off Date Movement

Notably, the State Department stated with certainty that the EB-2 Rest of the World category likely will retrogress in the coming months.

At a recent American Immigration Lawyers Association meeting, the US Department of State made comments about Employment-Based (EB) cut-off date movement in the final third of the fiscal year. This Immigration Alert summarizes the comments made by the State Department and what they could mean for EB cut-off date movement in the upcoming months.

EB-1: China and India

US Citizenship and Immigration Services announced that the “final action date” of January 1, 2012 will control for the China and India EB-1 categories. These have apparently exhausted close to 50% of the entire EB-1 limit for the 2017 fiscal year. This cut-off date is expected to be maintained until the end of September, when the fiscal year ends. The final action cut-off date for the China and India EB-1 categories may once again become current at the start of the new fiscal year on October 1, 2017, but there is no guarantee that this will happen.

EB-1: Rest of the World

The EB-1 Rest of the World category (i.e., countries other than China, India, Mexico, the Philippines, El Salvador, Guatemala, and Honduras) should remain current for the foreseeable future.

EB-2: India

A slight advancement in the EB-2 India category will occur in June, but it is unlikely that this category will once again reach the most advanced final action cut-off date that was reached last year. The State Department stated that it may maintain the existing final action date through the end of September, but there is no guarantee that this will occur.

EB-2: China

EB-2 China will advance by less than one month to March 1, 2013 in June. The State Department noted that the EB-2 China category should continue to advance slowly and will probably exhaust its per-country limit before the end of the year.

EB-3: China

EB-3 China’s final action date of October 1, 2014 will continue to apply in June. As a result of a significant EB-3 downgrade volume, retrogression in this category is possible in the final months of the fiscal year.

EB-2: Worldwide

The State Department noted that the EB-2 category has experienced significant usage, and stated with certainty that a final action cut-off date will be imposed for the EB-2 Rest of the World category in August—or even as early as JulyThis cut-off date, once imposed, should remain unchanged through the end of September, with a small advancement possible in September and a return to currency in October.

EB-3: Rest of the World

The EB-3 Rest of the World category will move forward by one month in June to April 15, 2017. The State Department expects further forward movement in this category for the rest of the fiscal year.

EB-3: India

The State Department noted that the EB-3 India category will advance in June from March 25, 2005 to May 15, 2005. Continued forward movement is expected in July and August. The State Department predicts that the July cut-off date for the EB-3 India category will advance to October 15, 2005.

How This Affects You

It is highly likely that the cut-off date movement predicted by the State Department will occur. Persons seeking permanent residence through the EB process should take note of this predicted movement and plan accordingly. In particular, persons in the EB-2 Rest of the World category may wish to consider filing adjustment of status applications before the anticipated retrogression in this category occurs in July or August. Once this retrogression occurs, only persons with priority dates before the new cut-off date will be able to file such applications.

This post was written by A. James Vázquez-Azpiri of Morgan, Lewis & Bockius LLP.

Trump Administration Notifies Congress of Intent to Renegotiate NAFTA

The White House formally notified Congress on Thursday of the Trump administration’s intent to renegotiate the North American Free Trade Agreement (NAFTA). The notification letter from U.S. Trade Representative Robert Lighthizer marked the start of a 90-day window to consult with members of Congress on developing negotiation priorities before beginning formal negotiations with Canada and Mexico as early as August 16, 2017.NAFTA, USA, Mexico, Canada

Currently, there is no indication that renegotiations will impact NAFTA-related immigration programs. However, under the Bipartisan Congressional Trade Priorities and Accountability Act of 2015, the administration’s negotiation objectives are required to be made public 30 days before formal negotiations begin. While the letter to Congressional leadership did not discuss any specific changes to NAFTA, the administration indicated that it would aim to modernize outdated chapters of the agreement and address challenges faced by U.S. consumers, businesses, and workers.

NAFTA Immigration Programs

Among other economic and trade relationships established under NAFTA, the agreement created the TN nonimmigrant classification, which allows certain citizens of Canada and Mexico to work temporarily in the United States in a professional capacity. The agreement also provides an expanded range of permissible business activities for Canadian and Mexican citizens in B-1 visitor status and permits Canadian citizens to submit L-1 intracompany transferee petitions directly at U.S. ports of entry and pre-flight inspection stations for adjudication by U.S. Customs and Border Protection.

Whether the Trump administration intends to alter existing immigration programs under NAFTA is not yet known.

This post was written by Kara Kelly of Ogletree, Deakins, Nash, Smoak & Stewart, P.C.

“WannaCry” Ransomware Attack Causes Disruption Globally – With Worst Yet to Come

A ransomware known as “WannaCry” affected 200,000 people in 150 countries over the weekend, locking computer files and demanding payment to release them. As of this morning, Australia and New Zealand users seem to have avoided the brunt of the attack, with the Federal Government only confirming three reports of Australian companies being affected.  Not that ransomware attacks tend to be the subject of reporting – there is quite a high rate of payment of affected users as the pricing is deliberately cheaper than most alternatives unless your back-up process is very good.

The ransomware utilises vulnerabilities in out-of-date, unpatched versions of Microsoft Windows to infect devices. It spreads from computer for computer as it finds exposed targets, without the user having to open an e-mail attachment or click a link as is commonplace in most attacks. Ransom demands start at US$300 and doubles after three days.

The U.K. National Health Service (NHS) was among the worst hit organisations, forcing hospitals to cancel appointments and delay operations as they could not access their patients’ medical records. The Telegraph suggested that 90 percent of NHS trusts were using a 16 year old version of Windows XP which was particularly vulnerable to the attack. More attacks are anticipated throughout the working week as companies and organisations turn on their devices.

The U.K. National Cyber Security Center has released guidance to help both home users and organisations limit the impact of the attacks. It can be read here.

Edwin Tan is co-author of this article. 

European Union Adopts Brexit Negotiation Guidelines

Brexit Bull HornOn April 29, a Special European Council, meeting as 27 member states (as opposed to the full 28 member states, as would usually be present), adopted the Article 50 guidelines (Guidelines) to formally define the EU’s position in Brexit negotiations with the United Kingdom. This follows the resolution of the European Parliament on key principles and conditions for the negotiations, adopted on April 5 (for further information, see the April 7 issue of Corporate & Financial Weekly Digest).

The Guidelines are set out under six headings covering:

  • core principles;
  • a phased approach to the negotiations;
  • agreement on arrangements for an orderly withdrawal;
  • preliminary and preparatory discussions on a framework for the EU-UK future relationship;
  • the principle of sincere cooperation; and
  • the procedural arrangements for negotiations under Article 50.

On May 22, the EU General Affairs Council is expected to authorize the opening of the negotiations, nominate the European Commission as the EU negotiator and adopt negotiating directives.

The Guidelines are available here.

President Trump Will Welcome Palestinian President to White House, Meet with Australian Prime Minister in New York City

White HouseCongress Will Hold Hearings on Human Trafficking, Remittances and International Development, While Also Focusing on a Longer-Term Funding Measure for the Remainder of Fiscal Year 2017

President Donald Trump welcomed Argentine President Mauricio Macri to the White House last Thursday. In a joint statement, the two leaders committed to expanding bilateral trade and investments; strengthening cooperation to counter narco-trafficking, terrorist financing, money laundering, corruption and other illicit finance activities; and increasing cooperation on cyber policy. President Trump will welcome Palestinian President Mahmoud Abbas to the White House on Wednesday. The President will travel to New York City on Thursday for an event and will also meet with Australian Prime Minister Malcolm Turnbull.

President Trump signed multiple executive documents last week, including a Memorandum on aluminum and national security interests, as well as Executive Orders (E.O.) on veterans affairs, energy, agriculture, land management, and education. President Trump marked his 100th day in office with a Make America Great Again rally in Harrisburg, Pennsylvania, after signing two more E.O.s related to trade on Saturday.

On Friday, Secretary of Defense Jim Mattis honored two U.S. Army Rangers who died Thursday in Afghanistan. He said: “They carried out their operation against [the Islamic State of Iraq and Syria-Khorasan] in Afghanistan before making the ultimate sacrifice to defend our nation and our freedoms.”

Congress passed a short-term measure on Friday to fund the Federal Government for another week, allowing both chambers additional time to negotiate a longer-term measure that will fund the Government through the end of Fiscal Year 2017.  The Senate also approved the nomination of Sonny Perdue to serve as Secretary of the U.S. Department of Agriculture last Monday. Congress is in session this week.

North Korea – U.S. Continues Pressure on the International Community

Secretary of State Rex Tillerson chaired the U.N. Security Council on Friday, where he focused on North Korea’s illegal nuclear program and its continued provocative activities. He sought to get the Council to act and leverage additional pressure on North Korea, saying:

“For too long, the international community has been reactive in addressing North Korea. Those days must come to an end.”

He outlined steps that the international community could undertake to leverage North Korea into abandoning its nuclear program. The White House released a brief statement on Friday afternoon acknowledging President Trump was briefed on North Korea’s failed missile test that day.

On Wednesday, after a briefing to the Senators at the White House, Secretary Tillerson, Defense Secretary Mattis, and Director of National Intelligence Dan Coats issued a joint statement on North Korea’s unlawful weapons programs and nuclear and ballistic missile tests, saying each provocation jeopardizes stability in Northeast Asia and poses a growing threat to U.S. allies and the U.S. homeland. The officials noted: “We are engaging responsible members of the international community to increase pressure on the D.P.R.K. in order to convince the regime to de-escalate and return to the path of dialogue. We will maintain our close coordination and cooperation with our Allies, especially the Republic of Korea and Japan, as we work together to preserve stability and prosperity in the region. The United States seeks stability and the peaceful denuclearization of the Korean peninsula. We remain open to negotiations towards that goal. However, we remain prepared to defend ourselves and our Allies.”

Chairman of the Joint Chiefs of Staff Joseph Dunford also participated in the Senate briefing.  In a summary, the Defense Department recapped North Korea as an urgent national security threat and a top foreign policy priority for the U.S. Government.

On 27 April, the head of U.S. Pacific Command recommended that the U.S. military develop capabilities that can directly defend against North Korean artillery. Testifying at a Senate Armed Services Committee hearing last week, Adm. Harry Harris shared that the U.S. currently cannot counter an artillery barrage from North Korea. He explained the missile defense system that the United States is deploying to South Korea, is only designed to intercept ballistic missiles. North Korea currently possesses roughly 4,000 artillery pieces positioned near the demilitarized zone. Committee Chairman John McCain (R-Arizona) noted that these pieces had the potential to target the South Korean capital, Seoul, and its metropolitan area of 26 million people.

South Korea – McMaster Affirms Missile Defense

On 30 April, National Security Adviser Lt. Gen. H.R. McMaster confirmed that the United States would adhere to its agreement with South Korea for a new missile defense system, but indicated that payment for the system might be renegotiated. The Terminal High Altitude Area Defense system, also known as THAAD, is being rolled out in response to military provocations from North Korea.

In an interview with “Fox News Sunday,” McMaster shared that he told his South Korean counterpart that “until any renegotiation, that the deal’s in place,” but explained that, “what the president’s asked us to do is to look across all of our alliances and to have appropriate burden-sharing, responsibility-sharing.” President Donald Trump said in a recent interview that he “informed South Korea it would be appropriate if they paid” for the missile defense system.

Syria, Iraq – Combating ISIS

The Pentagon gave an update last Friday on the U.S. and Coalition military forces’ efforts to combat the Islamic State of Iraq and Syria (ISIS). Coalition forces conducted 24 strikes consisting of 30 engagements against ISIS targets in Syria. In Iraq, Coalition forces conducted eight strikes consisting of 24 engagements against ISIS targets, coordinated with and in support of the Iraqi government. The destruction of ISIS targets in both countries also further limits the group’s ability to project terror and conduct external operations throughout the region and the rest of the world, according to task force officials.

U.S. Ambassador to the United Nations Nikki Haley said on Thursday at a U.N. Security Council session she chaired on the humanitarian crisis in Syria:

“All eyes and all pressure now need to go to Russia because they are the ones that could stop this if they wanted to…the images don’t lie. The humanitarian workers don’t lie. The fact that they can’t get the assistance they need – that’s not lying. What is, is to continue to give Russia a pass for allowing this terrible situation to occur. I will continue to press the Security Council to act, to do something, regardless of if the Russians continue to veto it, because it is our voice that needs to be heard.”

The Department of State designated Mubarak Mohammed A Alotaibi as a Specially Designated Global Terrorist (SDGT) under Executive Order E.O. 13224 on 27 April.  Alotaibi is the Syria-based deputy leader of Islamic State of Iraq and Syria’s (ISIS) affiliate in Saudi Arabia, which was designated by the U.S. Department of State as a SDGT under E.O. 13224 on 19 May 2016.

On 24 April, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced new sanctions targeting 271 Syrian individuals in response to the 4 April sarin gas attack in Syria. According to an accompanying press release, the action – one of the largest OFAC has ever taken – targets employees of Syria’s Scientific Studies and Research Center (SSRC). They have been added to OFAC’s list of Specially Designated Nationals (also known as the SDN List) pursuant to Executive Order 13582, “Blocking Property of the Government of Syria and Prohibiting Certain Transactions With Respect to Syria.” The full list of newly-designated individuals can be found here.

Afghanistan – Review of U.S. Policy

Defense Secretary Mattis added another stop to his Middle East trip last week that focused on a theme of combatting ISIS. The Secretary was in Kabul, Afghanistan, last Monday. At a press conference Secretary Mattis said of the 21 April Taliban attack on an Afghan military base and mosque that killed more than 100 people: “As if we needed a reminder of the type of enemy we’re up against, the killing of Afghan citizens and soldiers — protectors of the people — just as they were coming out of a mosque, a house of worship, it certainly characterizes this fight for exactly what it is. These people have no religious foundation. They are not devout anything, and it shows why we stand with the people of this country against such heinous acts perpetrated by this barbaric enemy and what they do.”

Regarding President Trump’s directive to review of U.S. policy in Afghanistan, Secretary Mattis said: “This dictates an ongoing dialogue with Afghanistan’s leadership, and that’s why I came here: to get with President Ghani and his ministers and hear directly and at length from … General Nicholson to provide my best assessment and advice as we go forward.”

NAFTA – U.S. Withdrawal Averted

President Trump considered signing an order last week that would have withdrawn the United States from the North American Free Trade Agreement (NAFTA). After news of the possible action emerged, the leaders of Mexico and Canada, interested stakeholders, and Members of Congress rallied to call the White House and urge against such action. President Trump said in an interview on Thursday: “I was all set to terminate [NAFTA]. I looked forward to terminating. I was going to do it.” Later in the interview, the President added he reserves the right to change his mind – “I can always terminate.”

Nominations – Update

The Senate has yet to schedule a final vote on Amb. Robert Lighthizer’s nomination to serve as U.S. Trade Representative.  A vote is expected to happen in the next couple of weeks.

Last week, President Trump announced his intent to nominate the following individuals: (1) Kari A. Bingen to serve as Principal Deputy Under Secretary of Defense for Intelligence.  Ms. Bingen currently serves as the policy director for the House Armed Services Committee. (2) Robert Story Karem to serve as Assistant Secretary of Defense for International Security Affairs.  Mr. Karem most recently served on the Presidential Transition Team as an advisor to Central Intelligence Agency Director, Mike Pompeo, during his confirmation process.  He previously served in the White House as a Middle East policy advisor to former Vice President Richard B. Cheney.

Congressional Hearings This Week

  • On Tuesday, 2 May, the House Foreign Affairs Subcommittee on Global Human Rights is scheduled to hold a hearing titled “Wining the Fight Against Human Trafficking: The Frederick Douglass Reauthorization Act.”

  • On Tuesday, 2 May, the Senate Banking, Housing, and Urban Affairs Committee is scheduled to hold a hearing titled “Examining the U.S. – E.U. Covered Agreements.”

  • On Tuesday, 2 May, the Senate Foreign Relations Committee has scheduled a hearing to consider the nomination of the Honorable Terry Brandstad, to serve as U.S. Ambassador to China.

  • On Wednesday, 3 May, the House Foreign Affairs Committee is scheduled to hold a hearing to consider the following bills:

    • R. 1625 – To amend the State Department Basic Authorities Act of 1956 to include severe forms of trafficking in persons within the definition of transnational organized crime for purposes of the rewards program of the Department of State, and for other purposes.

    • R. 1677 – To halt the wholesale slaughter of the Syrian people, encourage a negotiated political settlement, and hold Syrian human rights abusers accountable for their crimes.

    • R. 2200 – To reauthorize the Trafficking Victims Protection Act of 2000, and for other purposes.

  • On Wednesday, 3 May, the Senate Foreign Relations Subcommittee on International Economic, Energy, and Environmental Policy is scheduled to hold a hearing titled “Global Philanthropy and Remittances and International Development.”

  • On Thursday, 4 May, the Senate Foreign Relations Committee is scheduled to hold a hearing titled “International Development: Value Added Through Private Sector Engagement.”

Looking Ahead

Washington is expected to focus on the following upcoming events:

  • 3 May: President Trump will welcome Palestinian President Mahmoud Abbas

  • 4 May: President Trump travels to New York City, where he will hold a bilateral meeting with Australian Prime Minister Malcolm Turnbull

  • May: Formal notification to Congress of intent to renegotiate NAFTA expected

  • 25 May: President Trump to attend the NATO Leaders Meeting in Belgium

  • 26-28 May: President Trump to attend the G-7 Leaders’ Summit in Taormina, Sicily

  • 18-20 June: SelectUSA Investment Summit in National Harbor, Maryland

ARTICLE BY Stacy A. Swanson and Pooja Virkar of Squire Patton Boggs (US) LLP

© Copyright 2017 Squire Patton Boggs (US) LLP

Right to Disconnect: New Right for French Employees?

right to disconnect FranceA new law, called El Khomri law, passed on August 8th, 2016 in France providing a right to disconnect for employees.

Such right is entered into force on January 1st, 2017

According to the law, it belongs to the employers and the unions to negotiate this new right to determine its modalities of application and of control. Such negotiation should take place in companies having at least 50 employees and should provide for the implementation of mechanisms of regulation regarding the use of the new technologies in order to ensure the compliance with rest times and holidays and the familial and personal life of the employees.

Should no agreement be reached with the unions defining the methods of implementation of the right to disconnect, the employer shall unilaterally elaborate, after having consulted the work’s council committee, a policy which shall need to provide for the training actions and sensitization to the use of digital tools.

However, the idea to enable an employee to disconnect completely outside of his working hours is not new in France.  In 2004, the French Supreme Court had already judged that an employee could not be dismissed for serious misconduct due to the fact that he had not responded to professional solicitations during his lunch break (Cass. Soc. February 17, 2004 n°01-45889).

Furthermore, several collective bargaining agreements applicable in different sectors of industry had already provided for a right to disconnect (e.g. Syntec).

If the title of this right seems simple, its exact nature questions.

Indeed, no legal definition of what is exactly the right to disconnect is given.

The right is generally described as a right for the employee to not be connected to a digital professional tool (email, smartphone…) during off-duty and vacation time.  However, it is not easy to impose the right to disconnect in a professional environment in which the “BYOD” concept has experienced a takeoff without precedent and which therefore has the consequence of dimming a little more the barrier between professional and private life.

However, by sending back to the collective negotiation, the El Khomri law leaves it to unions and employers to guarantee the efficiency of such a right in a manner that matches with the way the company operates.  This relative flexibility obliges them however to be imaginative and to find devices adapted to the nature of the functions occupied by the employees to the variety of the means of communication used, considering evidently the needs of each company.

As such, the right to disconnect is not uniform and can materialize itself in several ways:

  • by a reinforced information of the employees on the use of digital tools (e.g. avoiding to reply to all recipients or to send emails during the week-end or holidays),

  • by the implementation of training actions or sensitization to new technologies (e.g. reminding the employees that they should not send emails after 9.00 pm or the absence of obligation of the recipient to answer emails outside of regular hours),

  • more radically, by automatically redirecting the emails of the employees who are out of the office to an appropriate available employee or the interruption of the professional mailbox during evenings and weekends, or even during holidays.

The new law does not provide for any sanction in case of noncompliance, however, companies should take into consideration that employers failing to implement it will likely be sanctioned by judges on the basis of the necessity to preserve the health and safety of the employees at the workplace as well as the necessity to comply with working time regulations.

ARTICLE BY Cécile Martin of Proskauer Rose LLP

© 2017 Proskauer Rose LLP.

Exiting from the EU: Bre(xit)aking News

EU brexit UK Supreme CourtThe Supreme Court of the United Kingdom by a majority of 8 to 3 has today confirmed that triggering the exit procedure from the European Union requires an Act of Parliament.

As such the Supreme Court disagreed with the current UK Government which had argued that Government ministers could rely on their prerogative powers to trigger Article 50 of the Treaty on the European Union without prior authorisation by Parliament. Scottish Parliament, Welsh and Northern Ireland assemblies had argued that they too should be consulted. The judges did not agree with that view.

This is a big blow for the current Government. The judges held that triggering Article 50 will bring fundamental change to the UK’s constitutional arrangements by cutting off the source of EU law and by removing existing domestic rights of UK residents. As to the Brexit referendum, the Supreme Court confirms its political significance, however, notes that the statute authorising the Referendum was mute as to the specific legal consequences resulting from it. Defining the legal consequences will remain in the power of Parliament which will have to enact legislation fleshing out the changes in the law required to implement the referendum. Whether this will upset Theresa May’s timetable of invoking Article 50 by the end of March will have to be seen, the Government certainly does not think so and is expected to introduce a bill into Parliament shortly.

In the end the Supreme Court’s judgment is unlikely to change all that much given in particular that the Scottish Parliament, and the Welsh and Northern Ireland assemblies are unable to exercise any veto. In addition, over the last days members of Parliament from other parties have indicated their support for the triggering of Article 50. For those hoping that Article 50 will not be triggered the question is whether the pro-EU members of Parliament are able to form a credible opposition in the time available and will vote as a matter of their conscience.

The uncertainty for companies will remain. The reaction amongst clients and companies exposed to the UK has been varied so far with some already moving jobs and operations while others are waiting or are committing to the UK despite Theresa May’s indication on future steps all supporting a hard Brexit. We are following legal and political developments in the UK closely and would be delighted to discuss concerns with you.

Full text of the judgment, transcripts from the hearings and parties’ submissions: here.

ARTICLE BY Oliver Heinisch of Sheppard, Mullin, Richter & Hampton LLP

Copyright © 2017, Sheppard Mullin Richter & Hampton LLP.

Swiss-US Privacy Shield Will Replace Swiss-US Data Protection Safe Harbor

Swiss Privacy ShieldOn January 11, 2017, the Swiss Federal Council announced that a new framework will govern the transfer of personal data from Switzerland to the US.  According to the Federal Council, the Swiss-US Privacy Shield Framework “will apply the same conditions as the European Union.”  The International Trade Administration stated that the US Department of Commerce will begin accepting certifications on April 12.  Certification will allow companies to comply with Swiss data protection requirements, facilitating transatlantic commerce.

  • The Federal Council made note of several changes from the Swiss-US Safe Harbor to the Swiss-US Privacy Shield, including:

  • “Stricter application of data protection principles by participant companies”

  • Heightened administration and supervision requirements by US authorities

  • Enhanced cooperation between the Swiss Federal Data Protection and Information Commissioner and the US Department of Commerce

  • A new arbitration body to handle claims

  • Introduction of an ombudsperson in the US Department of State, who will address Swiss persons’ concerns about the processing of their personal data by US intelligence services

Because the Swiss-US Privacy Shield aligns with the EU-US Privacy Shield, the self-certification process should not be overly burdensome.

However, in light of this change, it is important to reassess current business practices to determine whether a company is participating in the transfer of personal data from Switzerland to the US.  If so, companies should remove any references to the Safe Harbor, and should be ready to apply for self-certification.  Further, companies should prepare for changes to internal policies to comply with the new requirements under the Swiss-US Privacy Shield.

ARTICLE BY Theodore F. Claypoole & Taylor Ey of Womble Carlyle Sandridge & Rice, PLLC

Copyright © 2017 Womble Carlyle Sandridge & Rice, PLLC. All Rights Reserved.

Russia v. USA: Geo Political Cyber Warfare And Your Business

Cyber warfare, Russian Flag HackThe cyber war battlefield has expanded, and your business is now a fighter and a target.

A new U.S. Government report explains many reasons for identifying and penalizing Russian hackers, the Russian intelligence services, and the Russian leadership in response to hacks on U.S. government, political and business targets. The report contains detailed information that organizations can use to determine if the Russians have accessed their systems, plus a detailed list of prudent steps and best practices that all organizations should consider as part of their cyber security efforts.

The overarching message of the report is that the DNC hack was not an isolated incident but part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens. These cyber operations have included campaigns targeting government organizations, critical infrastructure entities, think tanks, universities, political organizations, and corporations leading to the theft of information.

The report is best understood as a call to arms for U.S. private sector and government entities to strengthen their vigilance and defenses against Russian Intelligence Services and join DHS and FBI in their effort to counter them. Many organizations believe that because they hold no state secrets, defense-related intellectual property, or sensitive information on government employees, they have no stake in geopolitical cyber security. DHS and the FBI are saying that this is not true. The national interest in cyber security is materially weakened whenever organizations with credibility and standing allow their domains to be breached and used conduits for cyber-attacks on others –as happened in the DNC breach. Furthermore, data collected from breaches of non-traditional targets is often used to create the highly-targeted and highly credible email packages for use in spear phishing campaigns against more traditional targets. Geopolitical cyber security is being “democratized” with wide ranging potential public policy implications.

On December 29, 2016, the United States Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) jointly identified the Russian civilian and military intelligence services (RIS) as responsible for the 2015-2016 hack of the Democratic National Committee and its leadership. (In a nod to investigatory confidentiality, the joint DHS/FBI report refers to the targets only as a “U.S. political party,” and “multiple senior party members.”) The U.S. government has given the RIS effort the rather unartfully chosen name of “GRIZZLY STEPPE.”1

The joint DHS/FBI report provides the most detailed public discussion to date by U.S. law enforcement and cyber security agencies of the means and methods used in a foreign government-sponsored cyber-attack against U.S. interests. In October 2016, DHS and the Director of National Intelligence had reported that they were “confident” that RIS was behind the DNC attack. But this is the first time that a DHS/FBI joint report had formally assigned culpability for a specific cyber-attack to a specific nation. It is also the first time that specific operational groups within a foreign cyber directorate have been singled out and their identifying practices, approaches and tools have been publically discussed.

The report links these operations by RIS to damaging or disruptive cyber-attacks committed in recent years on foreign interests.2 The report does not mention these attacks by name but apparently is referencing recent cyber-attacks on the Ukrainian electrical grid, banking system and other infrastructure,3 and on Estonian governmental and quasi-governmental entities. All of these cyber-attacks have been widely attributed to the Russian government, which denies that attribution.

As part of its call to arm, the DHS/FBI report provides “technical details regarding the tools and infrastructure” being used by the RIS “to compromise and exploit networks and endpoints associated with a range of U.S. Government, political and private sector entities.

The report shows how groups working within RIS have been able to plant command and control infrastructure within the servers and domains of U.S. organizations and educational institutions –infrastructure they used to send phishing emails to potential victims and to serve as a pipeline to receive and retransmit stolen data once a breach was established. The report infers that the Russians were able to camouflage their actions by routing this malicious internet traffic through otherwise known and legitimate –perhaps even well-respected— private and educational organizations.

In the report, DHS and the FBI provides “technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to these the indicators provided and information on how to report such incidents to the U.S. Government.” The technical indicators include the specific software fingerprints (Yara signatures) for the malware planted by RIS, and the specific IP addresses, URLs and file hashes that the RIS operatives have used in their attacks on U.S. computer systems.

DHS and the FBI call on the private sector and others to put this information to immediate use to identify and remediate on-going RIS breaches and to limit future vulnerabilities. It is likely that other private and governmental entities are subject to active and breaches by the RIS, and may be serving as infrastructure for on-going RIS attacks on others. To this end, the report recommends that network administrators “review the IP addresses, file hashes, and Yara signatures provided and add the IP addresses to their watchlists” to determine whether malicious activity is taking place in their systems today.

The DHS/FBI report cautions that some of the traffic crossing network perimeters or firewalls and reflecting the suspicious IP addresses and other identifying information may prove to be legitimate. Conversely, some traffic that appears legitimate may involve RIS or others scanning public-facing servers (e.g., HTTP, HTTPS, FTP) to identify websites that are vulnerable cross-site scripting (XSS) or Structured Query Language (SQL) injection attacks. This scanning can be the precursor to exploitation of the vulnerabilities found.

The FBI and DHS cannot impose direct legal consequences on private sector and governmental entities who fail to act on this information. But scenarios can be envisioned where the failure to do so could be considered a failure to provide the minimum levels of data protection that are may be required by the multiple statutory, regulatory and common law constructs under which businesses operate today. Womble Carlyle advises its clients to evaluate the DHS/FBI report carefully, and to document and the actions and decisions taken response to it for future reference.

As to the specific DNC attack, the report concludes that two separate groups within RIS breached the DNC computer system. These teams used different techniques and malware exploits and the report does not show direct coordination between the breaches. The report designates the two RIS hacking groups as APT (Advanced Persistent Threat) 28 and APT 29.

(An advanced persistent threat actor or APT is a hacker or team of hackers whose sophisticated methods, choice of targets, and the determination to breach those specific targets set them apart from even the most accomplished global cybercriminals. APTs are generally assumed to be associated with nation states and other political actors.)

The report indicates that the initial breach of the DNC computer resulted from a 2015 spear phishing campaign in which APT29 sent “out emails containing a malicious link to over 1,000 recipients, including multiple U.S. Government victims.” But even before this, APT29 had breached a number of “legitimate [internet] domains, to include domains associated with U.S. organizations and educational institutions.” Through these earlier breaches, APT29 had set up operational infrastructure (i.e., false user and email accounts) within the computer domains of these legitimate organizations. These accounts allowed APT29 to send spear phishing emails to its victims from legitimate organizations, possibly organizations known to and respected by the potential victims, albeit from unauthorized and fraudulent email accounts hosted there.

Links in the spear phishing emails directed the victims to web pages created by APT29 and hosted, once again, on the domains of these otherwise legitimate organizations. The pages included malware droppers which downloaded malicious software on the targets’ computer system when the victims’ clicked on the links.

At least one targeted individual, apparently a “U.S. Government victim,” activated the malicious link from a computer on the DNC’s system. The downloaded malware granted APT29 remote access to that individual’s computer which the group then used to obtain control over the computer’s operating systems (PowerShell commands). The group established “persistence” in the form of difficult to detect “back doors” allowing its members to come and go on the system at will. They “escalated privileges” harvesting credentials that allowed them wider and wider access to the data on the DNC’s system. They created their own user accounts on the DNC domains to receive, encrypt and exfiltrate (steal) data. They conducted surveillance and began exporting data using encrypted connections.

Operational infrastructure unwittingly hosted on legitimate sites formed the pipeline for breaching the DNC and transmitting the stolen data to Russia. This made the malicious nature of the transfers harder to detect.

A second breach occurred in the spring of 2016 when a separate RIS group, APT28, hacked the DNC using a different spear phishing technique. DHS and the FBI report that APT28’s established modus operandi is to “leverage[e] domains that closely mimic those of targeted organizations.” This can mean, for example, substituting www.yourcompany.co or www.youcompany.com for www.yourcompany.com. Spear phishing emails can be sent that spoof an email from the targets’ IT department or other leadership. The email instructs the targets to confirm or update their passwords using a link provided. The link is to a fraudulent web page on an unwitting host’s system. If the targets click on the link and enter passwords as instructed, their credentials are immediately transmitted to the hacker who uses them to gain access to the computer and begin uploading malware and conducting exploits.

APT28’s approach appears to gained access to the email accounts of “multiple senior party members” at the DNC. The report indicates that the 19,000 emails and other documents posted on WikiLeaks on the eve of the Democratic National Convention were harvested by APT28.

Other reports indicate that it was APT28’s attempts to breach the DNC’s computers in the spring of 2016 that led to DNC to retain cybersecurity consultants to look for a potential breach. Apparently, by the time remedial action could be taken the damage had been done. It also seems that the investigation into the APT28 cyber-attack lead to the discovery of the older, on-going APT29 breach, which may explain the fact that the team responsible for the older breach was assigned the higher reference number.

The DHS/FBI report does not say which “U.S. organizations and educational institutions” were the unwitting hosts to the RIS’s activities. But it is very reasonable to assume that sometime in the summer of 2016, a legitimate and undoubtedly respected U.S. organization or educational institution received a call from the FBI telling them that their lax cyber security policies materially contributed to what the U.S. government is now reporting to be a deliberate attempt by Russia to subvert the U.S. political process. Other organizations may be in a similar situation today, with RIS actively using their infrastructure to carry out cyber-attacks on other U.S. interests.

Would an organization become civilly liable, if absent good reasons, it were to ignore the tools and recommendations cited in this report and then becomes (or continues to be used as) the conduit for future data breaches that injure others? The law on this point is in its infancy. The answer will only come when courts resolve claims by specific plaintiffs seek against specific defendants in future lawsuits. But the process for creating future precedents on these matters will likely be slow, embarrassing and expensive for the defendants involved. And the resulting reputational black-eye may represent the greatest cost of all.

ARTICLE BY Belton T. Zeigler & Theodore F. Claypoole of Womble Carlyle Sandridge & Rice, PLLC

Copyright © 2016 Womble Carlyle Sandridge & Rice, PLLC. All Rights Reserved.

1 Would a second such cyber-attack become the “GRIZZLY TWO-STEPPE” or simply “DANCING BEAR?”

2 http://www.wsj.com/articles/behind-russias-cyber-strategy-1483140188

3 http://www.wsj.com/articles/cyber-experts-cite-link-between-dnc-hacks-an…