Many of us had a Tic Tac box in our pockets as kids, no matter the country we grew up in. Ferrero Spa (“Ferrero”), the Italian manufacturer of Tic Tac (and lots of other delicious confectionary products) registered the Tic Tac box as a trade mark in several jurisdictions, including Italy.
After succeeding before the CJEU in the invalidation action against BMB sp. z o.o. earlier this year (click here), in a recent case brought before the Italian courts, Ferrero successfully defended its shape marks, despite the invalidity claim brought by S.r.o. Mocca spol. (“Mocca”), a Czech company selling Bliki-branded mints in an identical container.
Background
In 2017, Ferrero commenced proceedings against Mocca for infringement of its 3D reputed trade marks, the earliest of which was registered in 1973, as well as unfair competition.
Mocca, on the other end, argued that:
an Italian court had no jurisdiction, as Mocca’s mints were produced in the Czech Republic;
Ferrero’s trade marks would be invalid, as the shape would give substantial value to the goods or would be necessary to obtain a technical result; and
there would be no likelihood of confusion because the containers would carry different word marks and the shape of the mints is standard in the industry.
The court’s findings
The court of Turin determined that it did have jurisdiction to hear the case, as the claimant was enforcing Italian trade marks, irrespective of where the defendant resides. The court also noted that sales of the Bliki products had taken place in Italy, providing further reason for the Italian court’s jurisdiction.
With regard to the second argument brought by the defendant, the court found that Ferrero’s box shape is not necessary to obtain a technical result, although it had been previously registered as a patent. In fact, the patent was registered for the closing mechanism, which is not visible on the representation for the trade marks. Lastly, the court also denied that the shape gives substantial value to the goods, as Ferrero’s mints are also sold separately, and it has not been proved that the box influences the purchase experience.
In relation to the likelihood of confusion, the court noted that the only difference claimed by the defendant was the brand on the box. However, the brand (ie Bliki and Tic Tac) was irrelevant in this case, as Ferrero was enforcing its exclusive rights on the box shape rather than on the Tic Tac trade mark (which was not included in the 3D mark registrations). By contrast, the defendant box maintained the same shape and size of the Tic Tac mints.
As a result, the court determined that the Ferrero trade marks were valid and had been infringed. In addition, Mocca’s acts amount to unfair competition. Ferrero was awarded the legal costs of this matter, the payment of a penalty should any box be sold by Mocca after 60 days from the decision and the publication of the decision on a national newspaper. However, Ferrero was not awarded damages as no evidence was filed in this regard.
Implications
In comparison to traditional trade marks, protecting shape marks can be difficult, as their validity is likely to be challenged in the context of an infringement proceeding. Therefore, national registrations may be helpful tools to ensure an effective enforcement strategy. In addition, as shown in this case, trade mark holders should always consider registering shapes without brands or logos to achieve a greater overall protection.
I had intended to commend the European Court of Justice for placing sensible limits on the extraterritorial enforcement of the EU’s Right to be Forgotten. They did, albeit in a limited way,[1] and it was a good decision. There. I did it. In 154 words.
Now for the remaining 1400 or so words.
But reading the decision pushes me back into frustration at the entire Right to be Forgotten regime and its illogical and destructive basis. The fact that a court recognizes the clear fact that the EU cannot (generally) force foreign companies to violate the laws of their own countries in internet sites that are intended for use within those countries (and NOT the EU), does not come close to offsetting the logical, practical and societal problems with the way the EU perceives and enforces the Right to be Forgotten.
As a lawyer, with all decisions grounded in the U.S. Constitution, I am comfortable with the First Amendment’s protection of Freedom of Speech – that nearly any truthful utterance or publication is inviolate, and that the foundation of our political and social system depends on open exposure of facts to sunlight. Intentionally shoving those true facts into the dark is wrong in our system and openness will be protected by U.S. courts.
Believe it or not, the European Union also has such a concept at the core of its foundation too. Article 10 of the European Convention on Human Rights states that:
“Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.”
So we have the same values, right? In both jurisdictions the right to impart information can be exercised without interference by public authority. Not so fast. The EU contains a litany of restrictions on this right, including a limitation of your right to free speech by the policy to protect the reputation of others.
This seems like a complete evisceration of a right to open communication if a court can force obfuscation of facts just to protect someone’s reputation. Does this person deserve a bad reputation? Has he or she committed a crime, failed to pay his or her debts, harmed animals or children, stalked an ex-lover, or violated an oath of office, marriage, priesthood or citizenship? It doesn’t much matter in the EU. The right of that person to hide his/her bad or dangerous behavior outweighs both the allegedly fundamental right to freedom to impart true information AND the public’s right to protect itself from someone who has proven himself/herself to be a risk to the community.
So how does this tension play out over the internet? In the EU, it is law that Google and other search engines must remove links to true facts about any wrongdoer who feels his/her reputation may be tarnished by the discovery of the truth about that person’s behavior. Get into a bar fight? Don’t worry, the EU will put the entire force of law behind your request to wipe that off your record. Stiff your painting contractors for tens of thousands of Euros despite their good performance? Don’t worry, the EU will make sure nobody can find out . Get fired, removed from office or defrocked for dishonesty? Don’t worry, the EU has your back.
And that undercutting of speech rights has now been codified in Article 17 of Regulation 2016/679, the Right to be Forgotten.
And how does this new decision affect the rule? In the past couple weeks, the Grand Chamber of the EU Court of Justice issued an opinion limiting the extraterritorial reach of the Right to be Forgotten. (Google vs CNIL, Case C‑507/17) The decision confirms that search engines must remove links to certain embarrassing instances of true reporting, but must only do so on the versions of the search engine that are intentionally servicing the EU, and not necessarily in versions of the search engines for non-EU jurisdictions.
The problems with appointing Google to be an extrajudicial magistrate enforcing vague EU-granted rights under a highly ambiguous set of standards and then fining them when you don’t like a decision you forced them to make, deserve a separate post.
Why did we even need this decision? Because the French data privacy protection agency, known as CNIL, fined Google for not removing presumably true data from non-EU search results concerning, as Reuters described, “a satirical photomontage of a female politician, an article referring to someone as a public relations officer of the Church of Scientology, the placing under investigation of a male politician and the conviction of someone for sexual assaults against minors.” So, to be clear, while the official French agency believes it should enforce a right for people to obscure that they have been convicted of sexual assault against children from the whole world, the Grand Chamber of the European Court of Justice believes that the people convicted child sexual assault should be protected in their right to obscure these facts only from people in Europe. This is progress.
Of course, in the U.S., politicians and other public figures, under investigation or subject to satire or people convicted of sexual assault against children do not have a right to protect their reputations by forcing Google to remove links to public records or stories in news outlets. We believe both that society is better when facts are allowed to be reported and disseminated and that society is protected by reporting on formal allegations against public figures or criminal convictions of private ones.
I am glad that the EU Court of Justice is willing to restrict rules to remain within its jurisdiction where they openly conflict with the basic laws of other jurisdictions. The Court sensibly held,
“The idea of worldwide de-referencing may seem appealing on the ground that it is radical, clear, simple and effective. Nonetheless, I do not find that solution convincing, because it takes into account only one side of the coin, namely the protection of a private person’s data.[2] . . . [T]he operator of a search engine is not required, when granting a request for de-referencing, to operate that de-referencing on all the domain names of its search engine in such a way that the links at issue no longer appear, regardless of the place from which the search on the basis of the requester’s name is carried out.”
Any other decision would be wildly overreaching. Believe me, every country in the EU would be howling in protest if the US decided that its views of personal privacy must be enforced in Europe by European companies due to operations aimed only to affect Europe. It should work both ways. So this was a well-reasoned limitation.
But I just cannot bring myself to be complimentary of a regime that I find so repugnant – where nearly any bad action can be swept under the rug in the name of protecting a person’s reputation.
As I have written in books and articles in the past, government protection of personal privacy is crucial for the clean and correct operation of a democracy. However, privacy is also the obvious refuge of scoundrels – people prefer to keep the bad things they do private. Who wouldn’t? But one can go overboard protecting this right, and it feels like the EU has institutionalized its leap overboard.
I would rather err on the side of sunshine, giving up some privacy in the service of revealing the truth, than err on the side of darkness, allowing bad deeds to be obscured so that those who commit them can maintain their reputations. Clearly, the EU doesn’t agree with me.
[1] The Court, in this case, wrote, “The issues at stake therefore do not require that the provisions of Directive 95/46 be applied outside the territory of the European Union. That does not mean, however, that EU law can never require a search engine such as Google to take action at worldwide level. I do not exclude the possibility that there may be situations in which the interest of the European Union requires the application of the provisions of Directive 95/46 beyond the territory of the European Union; but in a situation such as that of the present case, there is no reason to apply the provisions of Directive 95/46 in such a way.”
[2] EU Court of Justice case C-136/17, which states, “While the data subject’s rights [to privacy] override, as a general rule, the freedom of information of internet users, that balance may, however, depend, in specific cases, on the nature of the information in question and its sensitivity for the data subject’s private life and on the interest of the public in having that information. . . .”
Hyperconnectivity is a real phenomenon and it is changing the concerns of society because of the kinds of interactions that can be brought about by IoT devices, which could be: i) People to people; ii) People to things (objects, machines); iii) Things/machines to things/machines.
It gives rise to different issues for people. According to a European Survey, 72% of EU Internet users worry that too much of their personal data is being shared online and that they have little control over what happens to this information[1]. It gives rise to inevitable ethical issues and its relationship with the techno environment.
The discussion on ethics that follows aims to provide a quick tour on general ethical principles and theories that are available as they may apply to IoT[2]. Law and ethics are overlapping, but ethics goes beyond law. Thus, a comparison of law and ethics is made and their differences are pointed out in the great work of Spyros G Tzafestas, who wrote Ethics and Law in the Internet of Things World. In this article, he considers that the risks and harms in a digital world are very high and complex, especially explaining those tech terms and their impact in our private life. Thus, it is of primary importance to review IoT and understand the limitations of protective legal, regulatory and ethical frameworks, in order to provide sound recommendations for maximizing good and minimizing harm[3].
Major data security concerns have also been raised with respect to ‘cloud’-supported IoT. Cloud computing (‘the cloud’) essentially consists of the concentration of resources, e.g. hardware and software, into a few physical locations by a cloud service provider (e.g. Amazon Web Service)[4]. We are living in a data-sharing storm and the economic impact of IoT’s cyber risks is increasing with the integration of digital infrastructure in the digital economy[5]. We are surrounded by devices which contain our data, for instance:
Wearable health technologies: wearable devices that continuously monitor the health status of a patient or gather real-world information about the patient such as heart rate, blood pressure, fever;
Wearable textile technologies: clothes that can change their color on demand or based on the biological condition of the wearer or according to the wearer’s emotions;
As a result of the serious impact IoT may have and because it involves a huge number of connected devices, it creates a new social, political, economic, and ethical landscape. Therefore, for a sustainable development of IoT, political and economic decision-making bodies have to develop proper regulations in order to be able to control the fair use of IoT in society.
In this sense, the most developed regions as regards establishing IoT Regulations and an ethical framework are the European Union and the United States both of which have enacted:
Legislation/regulations.
Ethics principles, rules and codes.
Standards/guidelines;
Contractual arrangements;
Regulations for the devices connected;
Regulations for the networks and their security; and
Regulations for the data associated with the devices.
In light of this, the next section will deal with Data Protection Regulations, Consumer Protection Acts, IoT and Cyber Risks Laws, Roadmap for Standardization of Regulations, Risk Maturity, Strategy Design and Impact Assessment related with 2020 scenario, which is: 200 billion sensor devices and market size that, by 2025, will be between $2.7 trillion and $3 trillion a year.
Europe
The Alliance for Internet of Things Innovation (AIOTI) was initiated by the European Commission in order to open a stream of dialogue between European stakeholders within the Internet of Things (IoT) market. The overall goal of this initiative was the creation of a dynamic European IoT ecosystem to unleash the potential of IoT.
In October 2015, the Alliance published 12 reports covering IoT policy and standards issues. It provided detailed recommendations for future collaborations in the Internet of Things Focus Area of the 2016-2017 Horizon 2020 programme[7].
The IoT regulation framework in Europe is a growth sector:
EU Directive-2013/40: this Directive deals with “Cybercrime” (i.e., attacks against information systems). It provides definitions of criminal offences and sets proper sanctions for attacks against information systems[8].
EU NIS Directive 2016/1148: this Network and Information Security (NIS) Directive concerns “Cybersecurity” issues. Its aim is to provide legal measures to assure a common overall level of cybersecurity (network/information security) in the EU, and an enhanced coordination degree among EU Members[9].
EU Directive 2014/53: this Directive “On the harmonization of the laws of the member states relating to the marketing of radio equipment”[10] is concerned with the standardization issue which is important for the joint and harmonized development of technology in the EU.
EU GDPR: European General Data Protection Regulation 2016/679: this regulation concerns privacy, ownership, and data protection and replaces EU DPR-2012. It provides a single set of rules directly applicable in the EU member states.
EU Connected Communities Initiative: this initiative concerns the IoT development infrastructure, and aims to collect information from the market about existing public and private connectivity projects that seek to provide high-speed broadband (more than 30 Mbps).
United States
A quick overview of the general US legislation that protects civil rights (employment, housing, privacy, information, data, etc.) includes:
Fair Housing Act (1968);
Fair Credit Reporting Act (1970);
Electronic Communication Privacy Act (1986), which is applied to service providers that transmit data, the Privacy Act 1974 which is based on the Fair Information Practice Principle (FIPP) Guidelines;
Breach Notification Rule which requires companies utilizing health data to notify consumers that are affected by the occurrence of any data breach; and
IoT Cybersecurity Improvement Act 2019: the Bill seeks “[t]o leverage Federal Government procurement power to encourage increased cybersecurity for Internet of Things devices.” In other words, this bill aims to shore up cybersecurity requirements for IoT devices purchased and used by the federal government, with the aim of affecting cybersecurity on IoT devices more broadly.
SB-327 Information privacy: connected devices: California’s new SB 327 law, which will take effect in January 2020, requires all “connected devices” to have a “reasonable security feature.”
The above legislation is general, and in principle can cover IoT activities, although it was not designed with IoT in mind. Legislation devoted particularly to IoT includes the following:
White House Initiative 2012: the purpose of this initiative is to specify a framework for protecting the privacy of the consumer in a networked work.
This initiative involves a report on a ‘Consumer Bill of Rights” which is based on the so-called “Fair Information Practice Principles” (FIPP). This includes two principles:
Respect for Context Principle: consumers have a right to insist that the collection, use, and disclosure of personal data by Companies is done in ways that are compatible with the context in which consumers provide the data;
Individual Control Principle: consumers have a right to exert control over the personal data companies collect from them or how they use it.
China
Where we start to see the most advanced picture is in China. In 2017, the Ministry of Industry and Information Technology (MIIT), China’s telecom regulator and industrial policy maker, issued the Circular on Comprehensively Advancing the Construction and Development of Mobile Internet of Things (NB-IoT) (MIIT Circular [2017] No. 351, the “Circular”), with the following approach in the opening provisions:
Building a wide-coverage, large-connect, low-power mobile Internet of Things (NB-IoT) infrastructure and developing applications based on NB-IoT technology will help promote the construction of network powers and manufacturing powers, and promote “mass entrepreneurship, innovation” and “Internet +” development. In order to further strengthen the IoT application infrastructure, promote the deployment of NB-IoT networks and expand industry applications, and accelerate the innovation and development of NB-IoT[11]
Nowadays China already has a huge packet of regulation on technological matters:
2015 State Council – China Computer Information System Security Protection Regulation (first in 1994);
2007 MPS – Management Method for Information Security Protection for Classified Levels;
2001 NPC Standing Committee – Resolution about Protection of Internet Security;
2012 NPC Standing Committee – Resolution about Enhance Network Information Protection;
July 2015: National Security Law – ‘secure and controllable’ systems and data security in critical infrastructure and key areas;
2014 MIIT – Guidance on Enhance Telecom and Internet Security;
2013 MIIT – Regulation about Telecom and Internet Personal Information Protection
2014 China Banking Regulatory Commission – Guidance for Applying Secure and Controllable Information;
Technology to Enhance Banking Industry Cybersecurity and Informatization Development
Further, as if this were not enough, the Chinese government is being proactive and has several important laws and regulations in the Pipeline, as it can be seen from the list below:
CAC: Administrative Measures on Internet Information Services;
CAC Rules on Security Protection for Critical Information Infrastructure;
Cybersecurity Law;
Cyber Sovereignty;
Security of Product and Service;
Security of Network Operation (Classified Levels Protection, Critical Infrastructure);
Data Security (Category, Personal Information);
Information Security.
Finally, China established, in 2016, the National Information Security Standardization Technical Committee and its current work is developing a Standardization – TC260 (IT Security) on Technical requirement for Industrial network protocol and general reference model and requirements for Machine-to-Machine (M2M) security.
Latin America
The Latin American countries have different levels of development and this sets up a huge asymmetry between the domestic legal frameworks. The following is a quick regulation overview on Latin American countries:
Brazil has the “National IoT Plan” (Decree N. 9.854/2019) that aims to ensure the development of public policies for this technology sector and members of Brazilian parliament presented the bill No. 7.656/17 with the purpose of eliminating tax charges on IoT products;
Colombia has a Draft of Law No. 152/2018 on the Modernization of the Information and Communication providing investments incentives to IT Techs (article 3);
Chile has a new Draft Law Boletín N° 12.192-25/2018 on Cyber crimes and regulation on internet devices and hackers attacks;
In 2017, Argentina launched a Public Consultation on IoT regarding regulations that must be updated and how to get more security and improve the technological level of the country[12].
Most Promising Smart Environments
Smart environments are regarded as the space within which IoT devices interact connected through a continuous network. Thus, smart environments aim to satisfy the experience of individuals from every environment, by replacing the hazardous work, physical labor and repetitive tasks with automated agents. Generally speaking, sensors are the basis of these kind of smart devices with many different applications e.g. Smart Parking, Waste Management, Smart Roads and Traffic Congestion, Air Pollution, River Floods, M2M Applications, Vehicle auto-diagnosis, Smart Farming, Energy and Water Uses, Medical and Health Smart applications, etc[13].
Another way of looking at smart environments and assess their relative capacity to produce business opportunities is to identify and examine the most important IoT use cases that are either already being exploited or will be fully exploited by 2020.
For the purposes of this article, the approach was restricted to sectors consisting of the most promising smart environments to be developed up to 2020 in the European Market as displayed in the Chart below:
Vertical IoT Market Size in Europe
The conclusions of the last report of the European Commission are impressive and can help to understand the continuous development of the IoT market and how every market has to comply with the law and they will emerge facing a regulatory avalanche as mentioned in item 2 on the Regulatory Ecosystem.
Final Considerations: IoT as Consumer Product Health and Safety
IoT safety is becoming more important every day. On the one hand, as mentioned above, most concerns for IoT safety are primarily in the areas of cyber-attacks, hacking, data privacy, and similar topics; what is better referred to as security than safety. On the other hand, it can be approached by physical safety hazards which may result from the operation of consumer products in an IoT environment or system. IoT provides a new way to approach business and it is not restricted to one or other market or topic. It is a metatopic ormetamarketshowing different possibilities and applications and will be spread in the near future.
In general, IoT products are electrical or electronic applications with a power source and a battery connected by a charging device. So long as the power source, batteries and charging devices are present we have the usual risks of electrical related hazards (fire, burns, electrical shock, etc.). Nonetheless, IoT makes matters more complicated as smart devices have the function to send commands and control devices in the real world.
IoT applications can switch the main electrical powers of secondary products or can operate complex motor systems and so on. Then they have to be accurate and might provide minimal requirements to care of consumer health and safety. Risk assessment and hazard mitigations will have to adapt to IoT applications reinventing new methods to assure regular standards of IoT usability. Traditional health and safety regulations might be up to date with this new technological reality to be effective at reducing safety hazards for consumer products.
To conclude, this article was intended to summarize two main issues: I) IoT as an increasing and cross topic market which will become a present reality closer to our daily lives; II) IoT will be regulated and become an important concern in consumer product health and safety.
[1] Nóra Ni Loideain. Port in the Data-Sharing Storm: The GDPR and the Internet of Things. King’s College London Dickson Poon School of Law Legal Studies Research Paper Series: Paper No. 2018-27.P2.
[4] Nóra Ni Loideain. Port in the Data-Sharing Storm: The GDPR and the Internet of Things. King’s College London Dickson Poon School of Law Legal Studies Research Paper Series: Paper No. 2018-27.P. 19.
[5] Petar Radanliev, David Charles De Roure and others. Definition of Internet of Things (IoT) Cyber Risk – Discussion on a Transformation Roadmap for Standardization of Regulations, Risk Maturity, Strategy Design and Impact Assessment. Oxford University. MPRA Paper No. 92569, March 2019, P. 1.
This is reflected in the composition of the UK Parliament and has resulted in an impasse, with Parliament rejecting both the transitional ‘deal’ to leave the EU negotiated by former Prime Minister Theresa May at the end of 2018 and the prospect of leaving the EU without a deal – a ‘no deal’ Brexit. The election of Boris Johnson as the new UK prime minister and his appointment of a government leaning firmly towards leaving the EU, with or without a deal on October 31, 2019, throws up some distinctive legal challenges: If a new deal cannot be struck with the EU, is a no-deal Brexit inevitable, or can the remainer MPs stop it?
Concluding a new deal with the EU by October 31 is challenging, not least given the limited time available for negotiating it and having it approved by the European and UK Parliaments. This is compounded by the complexity of the issues the UK government seeks to renegotiate, particularly the Irish backstop, and the EU’s no-renegotiation stance – although it has indicated willingness to revisit the nature of the future relationship between the EU and UK.
The legal position on a no-deal Brexit is set out in the European Union (Withdrawal) Act 2018, as amended in April 2019. This Act sets Brexit date at October 31, 2019. It also requires Parliament to approve any withdrawal agreement with the EU. What it does not require is that there should, in fact, be a withdrawal agreement. Consequently, the Act does not require parliamentary consent for a ‘no deal’ Brexit. Prime Minister Johnson does not, accordingly, need to secure any parliamentary majority for this. And since the Act will prevail over any parliamentary vote to reject a no-deal Brexit, he does not have to comply with any vote passed to the contrary.
The first legal route open to remainer MPs is to seek to amend the 2018 Act. The problem that they would have is timing. Parliament is in recess until September 3. There is usually a further recess from mid-September to the second week in October for the party conference season. Even if the second recess were to be abandoned, there is insufficient time for an amending bill to be passed before October 31 using normal parliamentary procedures. There is provision for emergency legislation to be passed very quickly, but this would require a consensus among all parties and the support of the government, both of which seem unlikely given the split between remainers and leavers within the main parties and the new government’s express intention to achieve Brexit by October 31.
The second legal route open to remainer MPs is to force a general election. Under the terms of the UK Fixed-term Parliaments Act 2011, Leader of the Opposition Jeremy Corbyn would need to propose a motion of no confidence in Prime Minister Johnson’s government. At present, the Conservatives have a majority of one in Parliament, but only with the support of the Democratic Unionist Party from Northern Ireland. However, a number of Conservative MPs have indicated that they would be prepared to bring their own government down on this issue. An unknown factor is whether leaver MPs in the Labour Party are prepared to abstain or even vote against such a motion.
A motion of no confidence under the 2011 Act requires only a simple majority of MPs voting in favour. However, there are still timing issues. The earliest that such a motion can be proposed is September 3. If passed, it would trigger a cooling-off period of 14 days for an alternative government to be formed. At the end of this period, if, as he would be entitled to do, Mr Johnson were to remain prime minister, UK electoral law would require him to announce the date for a general election within a further 25 days. However, there is no requirement for the election actually to be held within a particular time. Although the Queen must be consulted about the date, this is a formality. Prime Minister Johnson would, therefore, be within his constitutional rights to call an election only after the October 31 Brexit deadline has passed and the UK has left the EU.
Remain supporters have indicated that their strategy, if they are able to force an election, would be to rely on the legal status of the ‘standstill’ or status quo convention to prevent a no-deal Brexit on October 31. When an election is called, the government immediately becomes a caretaker administration. By parliamentary convention (‘convention’ in the sense of accepted practice), this administration should not embark on any major new projects and may not use the UK civil service for such a purpose. Cabinet Secretary Sir Mark Sedwill, the head of the civil service, is reported as having expressed the view that the ‘standstill’ in this situation would be that the UK remains in the EU. However, government spokespersons have said that this would involve the civil service effectively acting in contravention of the 2018 Withdrawal Act.
It seems likely, if this scenario develops, that the matter will be referred to the UK Supreme Court. The British constitution is not written down and relies on many traditions and convention, some of considerable antiquity. However, there is precedent in a December 2018 Supreme Court case, which decided that the legislative consent motions passed by the Scottish Parliament under the Scotland Act 1998 could not be used to affect the validity of the 2018 Withdrawal Act. It had been argued that the convention requiring the Scottish government to be consulted on any UK legislation that involved matters devolved to Scotland was absolute. The Supreme Court disagreed, on the basis that a convention could not take precedence over a statute. On this basis, any reference to the Supreme Court seeking to block the operation of the 2018 Act through convention would likely fail.
It is often said ‘a week is a very long time in politics’. Prime Minister Johnson may be able to secure some last-minute concessions from the EU negotiators enabling a withdrawal agreement to be approved by Parliament, but this looks challenging. Legal routes to block Brexit are also likely to meet several hurdles. Consequently, at this stage, Britain’s exit from the EU on October 31 looks the more likely outcome. Whether that means an abrupt departure from the EU, or whether a managed ‘no-deal’ Brexit could be achieved through negotiation and agreement on key matters, remains to be seen.
The hippy ethos that birthed early management of the internet is beginning to look quaint. Even as a military project, the core internet concept was a decentralized network of unlimited nodes that could reroute itself around danger and destruction. No one could control it because no one could truly manage it. And that was the primary feature, not a bug.
Well, not anymore.
I suppose it shouldn’t surprise us that the forces insisting on dominating their societies are generally opposed to an open internet where all information can be free. Dictators gonna dictate.
Beginning July 17, 2019, the government of Kazakhstan began intercepting all HTTPS internet traffic inside its borders. Local Kazakh ISPs must force their users to install a government-issued certificate into all devices to allow local government agents to decrypt users’ HTTPS traffic, examine its content, re-encrypt with a government certificate and send it on to its intended destination. This is the electronic equivalent of opening every envelope, photocopying the material inside, stuffing that material in a government envelope and (sometimes) sending it to the expected recipient. Except with web sites.
According to ZDNet, the Kazakh government, unsurprisingly, said the measure was “aimed at enhancing the protection of citizens, government bodies and private companies from hacker attacks, Internet fraudsters and other types of cyber threats.” As Robin Hood could have told you, the Sheriff’s actions taken to protect travelers and control brigands can easily result in government control of all traffic and information, especially when that was the plan all along. Security Boulevard reports that “Since Wednesday, all internet users in Kazakhstan have been redirected to a page instructing users to download and install the new certificate.
This is not the first time that Kazakhstan has attempted to force its citizens to install root certificate, and in 2015 the Kazakhs even applied with Mozilla to have Kazakh root certificate included in Firefox (Mozilla politely declined).
Despite creative technical solutions, we all know that Kazakhstan is not alone in restricting the internet access of its citizens. For one (gargantuan) example, China’s population of 800 million has deeply restricted internet access, and, according to the Washington Post, the Chinese citizenry can’t access Google, Facebook, YouTube or the New York Times, among many, many, many others. The Great Firewall of China, which involves legislation, government monitoring action, technology limitations and cooperation from internet and telecommunications companies. China recently clamped down on WhatsApp and VPNs, which had returned a modicum of control and privacy to the people. And China has taken these efforts two steps beyond nearly anyone else in the world by building a culture of investigation and shame, where its citizens could find their pictures on local billboard for boorish traffic or internet behavior, or in jail for questioning the ruling party on the internet. All this is well documented.
23 countries in Asia and 7 in Africa restrict torrents, pornography, political media and social media. The only two European nations that have the same restrictions are Turkey and Belarus. Politicians in the U.S. and Europe had hoped that the internet would serve as a force for freedom, knowledge and unlimited communications. Countries like Russia, Cuba and Nigeria also see the internet’s potential, but they prefer to throttle the net to choke off this potential threat to their one-party rule governments.
For these countries, there is no such thing as private. They think of privacy in context – you may keep thoughts or actions private from companies, but not the government. On the micro level, it reminds me of family dynamics –When your teenagers talk about privacy, they mean keeping information private from the adults in their lives, not friends, strangers, or even companies. Controlling governments sing the song of privacy, as long as information is not kept from them, it can be hidden from others.
The promise of Internet freedom is slipping further away from more people each year as dictators and real life versions of movie villains figure out how to use the technology for surveillance of everyday people and how to limit access to “dangerous” ideas of liberty. ICANN, the internet control organization set up by the U.S. two decades ago, has proven itself bloated and ineffective to protect the interests of private internet users. In fact, it would be surprising if the current leaders of ICANN even felt that such protections were within its purview.
The internet is truly a global phenomenon, but it is managed at local levels, leaving certain populations vulnerable to spying and manipulation by their own governments. Those running the system seem to have resigned themselves to allowing national governments to greatly restrict the human rights of their own citizens.
A tool can be used in many different ways. A hammer can help build a beautiful home or can be the implement of torture and murder. The internet can be a tool for freedom of thought and expression, where everyone has a publishing and communication platform. Or it can be a tool for repression. We have come to accept more of the latter than I believed possible.
Post Script —
Also, after a harrowing last 2-5 years where freedom to speak on the internet (and social media) has exploded into horrible real-life consequences, large and small, even the most libertarian and laissez faire of First World residents is slapping the screen to find some way to moderate the flow of ignorance, evil, insanity, inanity and stupidity. This is the other side of the story and fodder for a different post.
And it is also probably time to run an updated discussion of ICANN and its role in internet management. We heard a great deal about internet leadership in 2016, but not so much lately. Stay Tuned.
On August 20, trade officials from the United States, Mexico, and Canada concluded the first round of negotiations to modernize the North American Free Trade Agreement (NAFTA). In a joint statement released following five days of talks, trade officials reiterated their commitment to updating the deal, continuing domestic consultations, and working on draft text. They also pledged their commitment to a comprehensive and accelerated negotiation process to set 21st Century standards and to benefit the citizens of North America.
Their agenda covered a wide range of existing and new NAFTA chapters, including: updating the Rules of Origin, adding and amending trade remedies provisions, addressing transparency, combatting corruption, increasing intellectual property protections, and addressing issues facing financial services and investment. The U.S. reportedly tabled roughly 10 proposals updating existing chapters or proposing new ones. Officials expect the modernized NAFTA deal will include a total of 30 chapters (the current agreement is comprised of 22 chapters and seven annexes).
The NAFTA negotiating teams are being led by Assistant U.S. Trade Representative for the Western Hemisphere John Melle, veteran Canadian trade expert Steve Verheul, and Director of the Embassy of Mexico’s Trade and NAFTA Office Kenneth Smith Ramos. In addition to negotiators, a number of Canadian and Mexican stakeholders – including eight members of the Mexican Senate and 150 representatives of Mexico’s private sector – were present on the margins of the talks. However, U.S. negotiators have acknowledged that their accelerated schedule leaves little time for formal business stakeholders to be included in events like those organized during the Trans-Pacific Partnership talks.
Negotiators are expected to head to Mexico City for the second round of talks from September 1 to 5, and to Canada for their third round in late September (reportedly September 23-27). Negotiators will continue at this rapid pace, moving back to United States in October and planning additional rounds through the end of the year. The NAFTA parties hope to finish talks by the end of 2017 or early 2018, ahead of Mexico’s July 2018 presidential elections.
President Trump announced on Thursday his intention to initiate a formal withdrawal of the United States from the Paris Agreement, a global agreement designed to address climate change by reducing greenhouse gas (“GHG”) emissions. The President indicated that the United States would move forward with the pull-out and possibly attempt to re-negotiate the agreement in order to get “terms that are fair to the United States.” President Trump frequently discussed pulling out of the Paris Agreement while on the campaign trail, citing concerns regarding its potential impact on the American economy, particularly the energy sector.
While the President’s intentions are clear, the path forward is less obvious. The U.S. cannot immediately exit the Paris Agreement and several nations, including Germany, France, and Italy, announced in a joint statement that “that the Paris Agreement cannot be renegotiated.” In addition to announcing withdrawal from the Paris Agreement, President Trump also indicated that the U.S. would immediately halt the remaining $2 billion of the $3 billion in aid to developing countries pledged by President Obama as a part of the Green Climate Fund, which also is a component of the UNFCCC.
The Paris Agreement’s formal processes does not allow for a notice of withdrawal to be submitted until November 4, 2019, after which it will take one year for such notice to become effective. Assuming adherence to this process, the earliest the U.S. can formally withdraw from the Paris Agreement is November 5, 2020, one day after the next presidential election. Because the Agreement’s only binding obligations are certain reporting requirements, the withdrawal is viewed by some as a symbolic gesture, since any federal GHG reduction measures resulting from the Paris Agreement would still need to be pursued through domestic legislation or regulatory action. As a practical matter, irrespective of the Paris Agreement the administration can—and likely will—take steps to alter federal climate change policy.
Paris Agreement Background
The Paris Agreement builds on the United Nations Framework Convention on Climate Change (UNFCCC), a treaty signed by President George H. W. Bush and ratified by the United States Senate in 1992. The Paris Agreement was adopted in December 2015 as part of the twenty-first session of the Conference of the Parties (COP21) to the UNFCCC. Following its initial adoption, President Obama ratified the Paris Agreement as an “executive agreement” on September 3, 2016. The Paris Agreement was ultimately signed by 195 parties, ratified by 146 nations and the European Union, and entered into force on November 4, 2016.
The Paris Agreement directs signatory nations to develop voluntary GHG reduction measures, known as “Intended Nationally Determined Contributions,” which convert to “Nationally Determined Contributions” (NDCs) after a nation ratifies the Paris Agreement. The Paris Agreement further provides for periodic updates to NDCs in order to continually “enhance” emission reductions targets. The Paris Agreement’s only binding provisions are reporting obligations largely governed by the UNFCCC and “global stocktakes” that occur every five years. These reporting measures were designed to help track total carbon emissions and progress towards meeting each NDC. However, actual attainment of an NDC is voluntary and the Paris Agreement has no legally binding enforcement mechanism. The Paris Agreement also directs wealthier nations to help developing nations reduce GHG emissions and adapt to the impacts of climate change, but again these actions would be taken on a voluntary basis.
What happens next?
The UNFCCC made a formal statement in response to President Trump’s announcement that it “regrets” the decision of the United States to withdraw from the Paris Agreement, and that it remains open to discussion of the rules and modalities currently being negotiated for implementation of the Paris Agreement. At the same time, the UNFCCC stated that the Paris Agreement has been “signed by 195 Parties and ratified by 146 countries plus the European Union [and] cannot be renegotiated based on the request of a single Party.” Based on this statement and similar statements from France, Germany, Italy, and other nations, it appears that any near-term renegotiation of the Paris Agreement is unlikely.
Regardless of whether the United States is a party to the Paris Agreement, multinational corporations will still be subject to GHG reduction programs in other nations as those nations attempt to fulfill their NDCs. In addition, France and other nations have indicated the possibility of imposing a carbon tax on American imports from certain industries if the United States does formally withdraw from the Paris Agreement.
Under the Paris Agreement, the United States established its NDC as a goal of reducing GHG emissions 26-28 percent below 2005 levels, by 2025, and to make “best efforts” to reduce emissions by 28 percent. It is important to note that the U.S. is in the first sustained period where greenhouse gas emissions have decreased while economic growth has increased, largely the result of increased reliance on natural gas, improved vehicle fuel economy, state and regional GHG programs, and growth in renewable energy. These factors are likely to persist even if the U.S. leaves the Paris Agreement. And even in the absence of U.S. commitments under the Paris Agreement or additional federal action, U.S. GHG emissions are expected to decline by about 15-18 percent below 2005 levels by 2025.
The federal Clean Power Plan was one measure that was expected to further reduce U.S. GHG emissions. However, that program is subject to ongoing legal challenges and has been stayed by the U.S. Supreme Court. There also are various lawsuits underway seeking to compel the federal government to take action on climate change. See e.g.,Juliana v. United States, No. 6:15-cv-01517-TC (D. Or. Nov. 10, 2016). Apart from litigation, the Trump Administration has indicated a willingness to modify the Clean Power Plan (should it be upheld) and reconsider other federal regulations and programs directed at GHG emissions and climate change, such as motor vehicle emissions standards. These processes will take time to play out and, in combination with ongoing state-level programs, will ultimately determine the course of climate change policy in the United States for the remainder of the Trump Administration.
The White House formally notified Congress on Thursday of the Trump administration’s intent to renegotiate the North American Free Trade Agreement (NAFTA). The notification letter from U.S. Trade Representative Robert Lighthizer marked the start of a 90-day window to consult with members of Congress on developing negotiation priorities before beginning formal negotiations with Canada and Mexico as early as August 16, 2017.
Currently, there is no indication that renegotiations will impact NAFTA-related immigration programs. However, under the Bipartisan Congressional Trade Priorities and Accountability Act of 2015, the administration’s negotiation objectives are required to be made public 30 days before formal negotiations begin. While the letter to Congressional leadership did not discuss any specific changes to NAFTA, the administration indicated that it would aim to modernize outdated chapters of the agreement and address challenges faced by U.S. consumers, businesses, and workers.
NAFTA Immigration Programs
Among other economic and trade relationships established under NAFTA, the agreement created the TN nonimmigrant classification, which allows certain citizens of Canada and Mexico to work temporarily in the United States in a professional capacity. The agreement also provides an expanded range of permissible business activities for Canadian and Mexican citizens in B-1 visitor status and permits Canadian citizens to submit L-1 intracompany transferee petitions directly at U.S. ports of entry and pre-flight inspection stations for adjudication by U.S. Customs and Border Protection.
Whether the Trump administration intends to alter existing immigration programs under NAFTA is not yet known.
On February 1st, the U.S. Drug Enforcement Agency (DEA) announced an unspecified number of arrests of Hizballah money launderers, including Mohamad Noureddine. These arrests followed the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designation of Noureddine pursuant to its counterterrorism authority. The OFAC press release for this designation identifies Noureddine as a key Hizballah money launderer. According to OFAC, Noureddine and his company Trade Point International S.A.R.L. established a money laundering network across Asia, Europe, and the Middle East that provides bulk cash shipping and black market currency exchange services for those seeking to hide their ill-gotten gains.
Hizballah International Financing Prevention Act of 2015
Irrespective of the detention of Noureddine, foreign financial intuitions that knowingly facilitate or conduct significant financial transactions for Trade Point International S.A.R.L. may have their U.S. correspondent or payable through accounts severed. OFAC has this authority under Section 102 of the Hizballah International Financing Prevention Act of 2015, which authorizes secondary sanctions on Hizballah.
Lebanese Canadian Bank
The arrests stem from interagency investigations of the Lebanese Canadian Bank (LCB). U.S. law enforcement agencies have a long history with this now defunct Hizballah-linked bank. In February 2011, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a Notice of Proposed Rulemaking to exclude LCB from the U.S. financial system, finding that the bank is of “primary money laundering concern.” In response to this action, the Banque du Liban revoked LCB’s banking license in September 2011. The bank’s remaining assets and liabilities were then sold to Societé General. Two years later, LCB entered into a $102 million settlement agreement to resolve a civil forfeiture and money laundering lawsuit filed by the U.S. Attorney for the Southern District of New York. FinCEN withdrew its Notice of Proposed Rulemaking in September 2015, on the basis that LCB no longer exists.
Coordinated Effort to Combat Money Laundering
The success of the ongoing money laundering investigation and recent arrests were possible because of the cooperation and coordination among the following international and domestic agencies:
DEA Philadelphia, DEA Miami, DEA Newark, DEA New York
DEA Special Operations Division and DEA Bilateral Investigative Unit
DEA country offices in Europe
DEA country offices in Bogota and Cartagena, Colombia
S. Customs and Border Protection National Targeting Center
S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN)
S. Department of the Treasury’s Office of Foreign Assets Control (OFAC)
Various French, German, Italian and Belgian law enforcement agencies
EUROPOL
EUROJUST
Like the LCB investigation before it, yesterday’s arrests will likely lead to additional U.S. and international actions against money launderers around the world.
Trade ministers announced that they will continue negotiations over several unresolved provisions of the Trans-Pacific Partnership (TPP) during a four-day meeting in Maui, Hawaii that concluded July 31. Trade ministers representing the 12 Pacific Rim countries included in the free trade deal remain optimistic about negotiations and said in a joint statement that they are “more confident than ever that TPP is within reach.”
One of the major sticking points reportedly centers around intellectual property protections for biologics. The U.S. reportedly attempted to secure 12 years’ data protection for pharmaceutical companies, while Australia is insisting on five years. Observers suggest the agreement will fall somewhere between five and seven years’ data protection. U.S. stakeholders concerned with a deal that only includes five years of data protection could threaten to round up enough opposition in Congress to stymie the deal.
Other points of contention arose over agricultural issues and the auto industry. The U.S. is pushing for greater access to Canada’s dairy market, but Canada is concerned that could cause instability in its prices. Australia is seeking increased access to the U.S. sugar market, while the U.S. is trying to limit large increases in sugar imports. Meanwhile, the U.S., Canada, Mexico and Japan are hashing out “rule of origin” and other auto industry issues.
Once all 12 trade ministers agree to a deal, Congress will have 90 days to review and approve it. If talks continue beyond August, pushing the review period deep into the fall or winter, the deal is likely to become front and center in the U.S. presidential campaign. Democratic front-runner Hillary Clinton would face intense pressure from labor unions to disavow the deal, along with the 28 House Democrats who supported legislation to fast-track passage of the agreement. It could also become a problem for Canadian Prime Minister Stephen Harper, who is up for re-election in October.
The TPP will govern foreign exports, imports, and investment implicating several major sectors of the U.S. economy, including manufacturing, intellectual property, textiles and apparel, telecommunications, agriculture and others. It will also cover labor, employment, and environmental issues. The TPP will initially cover 12 countries: Australia, Brunei, Canada, Chile, Japan, Malaysia, Mexico, New Zealand, Peru, Singapore, the United States, and Vietnam. Collectively these countries represent 40 percent of the global economy.
These arrests followed the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designation of Noureddine pursuant to its counterterrorism authority. The OFAC 
