Federal Bill Would Broaden FTC’s Role in Cybersecurity and Data Breach Disclosures

Last week, the House Energy and Commerce Committee advanced H.R. 4551, the “Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies Act” (“RANSOMWARE Act”).  H.R. 4551 was introduced by Consumer Protection and Commerce Ranking Member Gus Bilirakis (R-FL).

If it becomes law, H.R. 4551 would amend Section 14 of the U.S. SAFE WEB Act of 2006 to require not later than one year after its enactment, and every two years thereafter, the Federal Trade Commission (“FTC”) to transmit to the Committee on Energy and Commerce of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a report (the “FTC Report”).  The FTC Report would be focused on cross-border complaints received that involve ransomware or other cyber-related attacks committed by (i) Russia, China, North Korea, or Iran; or (ii) individuals or companies that are located in or have ties (direct or indirect) to those countries (collectively, the “Specified Entities”).

Among other matters, the FTC Report would include:

  • The number and details of cross-border complaints received by the FTC (including which such complaints were acted upon and which such complaints were not acted upon) that involve ransomware or other cyber-related attacks that were committed by the Specified Entities;
  • A description of trends in the number of cross-border complaints received by the FTC that relate to incidents that were committed by the Specified Entities;
  • Identification and details of foreign agencies, including foreign law enforcement agencies, located in Russia, China, North Korea, or Iran with which the FTC has cooperated and the results of such cooperation, including any foreign agency enforcement action or lack thereof;
  • A description of FTC litigation, in relation to cross-border complaints, brought in foreign courts and the results of such litigation;
  • Any recommendations for legislation that may advance the security of the United States and United States companies against ransomware and other cyber-related attacks; and
  • Any recommendations for United States citizens and United States businesses to implement best practices on mitigating ransomware and other cyber-related attacks

Cybersecurity is an area of recent federal government focus, with other measures recently taken by President Bidenthe Securities and Exchange Commissionthe Food and Drug Administration, and other stakeholders.

Additionally, H.R. 4551 is also consistent with the FTC’s focus on data privacy and cybersecurity.  The FTC has increasingly taken enforcement action against entities that failed to timely notify consumers and other relevant parties after data breaches and warned that it would continue to apply heightened scrutiny to unfair data security practices.

In May 2022, in a blog post titled “Security Beyond Prevention: The Importance of Effective Breach Disclosures,” the FTC’s Division of Privacy and Identity Protection had cautioned that “[t]he FTC has long stressed the importance of good incident response and breach disclosure as part of a reasonable information security program, and that, “[i]n some instances, the FTC Act creates a de facto breach disclosure requirement because the failure to disclose will, for example, increase the likelihood that affected parties will suffer harm.”

As readers of CPW know, state breach notification laws and sector-specific federal breach notification laws may require disclosure of some breaches.  However, as of May 2022 it is now expressly the position of the FTC that “[r]egardless of whether a breach notification law applies, a breached entity that fails to disclose information to help parties mitigate reasonably foreseeable harm may violate Section 5 of the FTC Act.”  This is a significant development, as notwithstanding the absence of a uniform federal data breach statute, the FTC is anticipated to continue exercise its enforcement discretion under Section 5 concerning unfair and deceptive practices in the cybersecurity context.

© Copyright 2022 Squire Patton Boggs (US) LLP

Between the Legal Lines — Jessica Pfisterer [PODCAST]

With big dreams of helping people, Jessica Pfisterer began her career in public interest law, though she soon realized she wasn’t going to see the change she hoped for at the pace she wanted. Where Jessica truly found her passion was in People Operations and HR, thanks to her GC at the time. In this episode of Between the Legal Lines, Jessica shares with Andrea Bricca the story of how that pivotal role shaped the future of her career and what she has learned as a human resources leader who is also a trained lawyer.

Jessica Pfisterer is an HR leader and dancer, with a background in civil rights law and social justice work. She currently heads the People team at Lively, and dances with Duniya Dance and Drum Company. She is also on the board of TurnOut, a nonprofit that supports LGBTQ+ organizations, support for LGBTQ+ organizations, ensuring they are positioned to succeed and to continue serving the community. She is a Bay Area local and spends her free time traveling and exploring the great outdoors.

©2022 Major, Lindsey & Africa, an Allegis Group Company. All rights reserved.

Three Ways to Use LinkedIn’s Notifications Tab to Build Your Network and Business

Here’s an easy and effective way to leverage LinkedIn for business development and networking – use information and updates about your connections from the Notifications tab to build stronger relationships.

LinkedIn gives you many reasons to reach out to people in your professional network through the Notifications tab

These reasons range from new business, networking, jobs, referrals and branding opportunities.

Prompts from the LinkedIn Notifications tab about your connections’ birthdays, work anniversaries and new jobs can serve as powerful catalysts to get back in touch with your connections.

I have seen these prompts lead to new business and reignited relationships many times.

I call these notifications “low hanging fruit” because they require very little effort on your part and they’re easy to do, and can yield major benefits.

Marketing strategies don’t have to be complicated to be successful. We often overlook them when it’s so basic.

So how do you leverage them?

  1. For a work anniversary notification, you could say, “Hey Jim, I can’t believe it’s been X years since you joined your company! Time sure flies. How are you?” Then take it a step further, suggest an off-line conversation either in person, over the phone or via zoom.

  2. For a new job announcement try, “Congratulations on the new role – how is it going so far?” again offer to take the conversation off-line and have a separate conversation either in-person or virtually.  (Many people don’t send an email when they get a new job anymore – it’s up to us to do the due diligence to find out where they landed and then take the initiative to congratulate them on their job move).

  3. Wish your connections a happy birthday.  Just saying a simple “Happy birthday – I hope you’re having a great day – would love to take you for lunch or a drink to celebrate” is a great way to make someone’s day. Adding your birthday into LinkedIn works – I had about 200 LinkedIn birthday well wishes and one of them actually led to a new client.

Sometimes the basic actions that take just minutes are the most impactful.

Having reasons to reach out to your connections is powerful versus the dreaded “just checking in” email.

LinkedIn has made it even easier now to stay updated on others’ notifications by enabling us to follow certain individuals by clicking the bell on their profile.

No one knows who you are following, so use it strategically and follow your clients, referrals, VIP connections and even your competitors. You should also follow content creators whose information you find useful.

I’d love to hear how the Notifications section has worked for you.

Copyright © 2022, Stefanie M. Marrone. All Rights Reserved.

New Survey Shows that Americans are Ready for More Deliveries by Drone

Auterion, a drone software company, commissioned a survey from the market research company, Propeller Insights, of 1,022 adults. The survey was gender-balanced and distributed across age groups from 18 to 65+, living in rural, suburban, and city environments in the United States, and was conducted in May 2022.

In the report summarizing the survey, “Consumer Attitudes on Drone Delivery,” Auterion reveals that 58 percent of Americans like the idea of drone deliveries, and 64 percent think drones are becoming an option for home delivery now or will be in the near future. With more than 80 percent of those surveyed reporting that they have packages delivered to their homes on a regular basis, the survey finds that Americans are generally ready to integrate drone delivery into daily life for ease and speed. Of the 64 percent who see drones becoming a more common option for home delivery, 32 percent think it’s possible now or within the next 1 to 2 years.

Only 36 percent of those surveyed had doubts about this type of drone integration, including some individuals who think the general public or governments will not approve of large-scale drone adoption for delivery and others who just prefer that drone delivery doesn’t happen at all.

With individuals choosing more than one option, the survey found that the most common types of home package deliveries reported by consumers today, by vehicles and trucks, are:

  • 39 percent – groceries

  • 34 percent – clothing

  • 33 percent – household items

  • 31 percent – meals

  • 27 percent – medicine

  • 11 percent – baby food/needs

Based on these findings, those surveyed were also asked if they were willing to consider drones as a “new corner store” for conveniently delivering small and last-minute necessities: 54 percent of the individuals said “yes.”

With regard to concerns related to these drone deliveries, 43 percent of those surveyed fear the drone will break down and they will not receive their item, and 19 percent are worried about not having human interaction with their delivery person. However, drone delivery and systems provide accurate trackability and direct delivery, and, therefore are more capable of accurate delivery timing. Delivery drones are built to analyze the environment with precision, to communicate through control software in a common language and predict safe landing spots for the packages. Air space is becoming a great option in a time when highways are filled with cars and trucks, and fuel prices are rising. Drones can help to reduce our reliance on gas-powered delivery vehicles, and provide safer, more flexible, and more cost-effective delivery.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.

Government Brings First Cryptocurrency Insider Trading Charges

In a series of parallel actions announced on July 21, 2022, the Department of Justice (DOJ) and Securities and Exchange Commission (SEC) initiated criminal and civil charges against three defendants in the first cryptocurrency insider trading case.

According to the criminal indictment, DOJ alleges that a former employee of a prominent cryptocurrency exchange used his position at the exchange to obtain confidential information about at least 25 future cryptocurrency listings, then tipped his brother and a friend who traded the digital assets in advance of the listing announcements, realizing gains of approximately $1.5 million. The indictment further alleges that the trio used various means to conceal their trading, and that one defendant attempted to flee the United States when their trading was discovered. The Government charged the three with wire fraud and wire fraud conspiracy. Notably, and like the Government’s recently announced case involving insider trading in nonfungible tokens, criminal prosecutors did not charge the defendants with securities or commodities fraud.

In its press release announcing the charges, US Attorney for the Southern District of New York Damian Williams said: “Today’s charges are a further reminder that Web3 is not a law-free zone. Just last month, I announced the first ever insider trading case involving NFTs, and today I announce the first ever insider trading case involving cryptocurrency markets. Our message with these charges is clear: fraud is fraud is fraud, whether it occurs on the blockchain or on Wall Street. And the Southern District of New York will continue to be relentless in bringing fraudsters to justice, wherever we may find them.”

Based on these facts, the SEC also announced charges against the three men in a civil complaint alleging securities fraud. In order to assert jurisdiction over the matter, the SEC alleges that at least nine of the cryptocurrencies involved in the alleged insider trading were securities, and the compliant traces through the Howey analysis for each. The SEC has not announced charges against the exchange itself, though in the past it has charged at least one cryptocurrency exchange that listed securities tokens for failure to register as a securities exchange. Perhaps coincidentally, on July 21 the exchange involved in the latest DOJ and SEC cases filed a rulemaking petition with the SEC urging it to “propose and adopt rules to govern the regulation of securities that are offered and traded via digitally native methods, including potential rules to identify which digital assets are securities.”

In an unusual move, Commissioner Caroline Pham of the Commodity Futures Trading Commission (CFTC) released a public statement criticizing the charges. Citing the Federalist Papers, Commissioner Pham described the cases as “a striking example of ‘regulation by enforcement.’” She noted that “the SEC’s allegations could have broad implications beyond this single case, underscoring how critical and urgent it is that regulators work together.” Commissioner Pham continued, “Major questions are best addressed through a transparent process that engages the public to develop appropriate policy with expert input—through notice-and-comment rulemaking pursuant to the Administrative Procedure Act.” She concluded by stating that, “Regulatory clarity comes from being out in the open, not in the dark.” The CFTC is not directly involved in either case, and it is atypical for a regulator to chide a sister agency on an enforcement matter in this fashion. On the same day, another CFTC Commissioner, Kristin Johnson, issued her own carefully-worded statement that seemed to support the Government’s actions.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

How to Market Your Firm When You Don’t Need an In-House Hire

Law firms of any size need some level of marketing for long-term growth and sustainability. To be successful, every law firm must focus on its marketing. In an ideal world, lawyers would have the time to do what they do best and also market their business so it can grow. However, lawyers are inherently busy individuals, and it often doesn’t make sense to try to do it all themselves. Trying to do it all alone is overwhelming, and your time is best spent helping clients.

The simple answer to this time crunch dilemma is to hire someone in-house to take over the marketing efforts. But for many firms, that has a laundry list of drawbacks, such as additional time and expense. Perhaps you don’t have the marketing needs or budget to hire someone to market your law firm on a full- or even part-time basis. Hiring someone in-house means you need to have enough work and room in your budget to keep them busy. So, what are your other options?

Do it Yourself

Continuing to market your law firm yourself is one option. But let’s be realistic; you cannot do it all. With your busy schedule, you might only have one to three hours per week to dedicate to your marketing efforts. If this is the case, pick one or two marketing elements to be consistent with. For example, focus on your blogs or social media posts. If you need more help, as this tiny sliver of weekly time is not likely to move the needle or be sustainable, it’s time to outsource.

Hire an Agency or Freelancer

One viable option could be hiring an agency or freelancer to take over all or most of your marketing tasks. Outsourcing can help take some of this pressure off. Leaving your marketing in the hands of an experienced and knowledgeable agency or freelancer gives you peace of mind that it’s being done optimally. It also lets you focus on your clients and practicing law—which is what you went to school for, after all.

Identify Your Marketing Goals

If you decide to go this route, determine what your primary marketing goals are and go from there:

  • Do you want more leads?

  • Do you want to see more conversions?

  • Do you need to get more referrals?

  • Do you need a better ROI for your marketing dollars?

By listing your marketing goals and dreams and what you’re already doing, you can visualize your marketing gap and identify when it’s time to work with a professional. The more significant this gap, the more likely you need to hire a professional as soon as possible. In the meantime, you could be missing out on signing new clients.

Get an Outside Opinion

When you work with a freelancer or marketing agency, you will have a professional on your side who can also audit your marketing plan and tell you what your marketing is missing. Having another person, especially a marketing expert, lay eyes on what you’ve done to market your law firm and your future plans can help you identify your weaknesses and course correct to the right path. Marketing professionals can take what you have already started and turn it into something bigger and more successful.

Benefits of Working with a Marketing Agency or Freelancer

Working with a marketing agency or freelancer can provide your law firm with the following benefits:

  • Increased brand awareness

  • Greater ability to be found on the internet

  • More website traffic

  • Building trust and credibility with your audience

  • Improved online presence and engagement

  • Conversion rate optimization

  • Cost efficiency

  • Tracking and interpreting marketing efforts

  • Strategy and creativity – for example, creating targeted campaigns for niche clients

Last but not least, they allow you to focus on obtaining optimal outcomes for your clients instead of trying to market your law firm.

© 2022 Denver Legal Marketing LLC

Could the Crypto Downturn Lead to a Spike in M&A?

In 2021, we saw a cryptocurrency boom with record highs and a flurry of activity. However, this year, the cryptocurrency downturn has been significant.  We have seen drops in various cryptocurrencies ranging from 20 to 70 percent, with an estimated $2 trillion in losses in the past few months.

Industry watchers had already predicted a spike in crypto M&A from the beginning of 2022, and in a recent interview with Barron’s, John Todaro, a senior crypto and blockchain researcher at Needham & Company, said he believes this downturn could lead to a wave of mergers and acquisitions in the crypto space for the second half of this year and even into 2023.

Valuations have dropped across the board this year as the market has faced incredible volatility, and Todaro told Barron’s, “The valuations for public crypto companies have fallen by about 70% this year.”  These lower valuations could make these companies increasingly attractive targets for acquisition, and this activity has already started to pick up.

According recent coverage from CNBC, some larger crypto companies are already looking for acquisition targets in order to drive industry growth and to help them acquire more users. Todaro feels most of the M&A activity we will see will be this kind of crypto to crypto acquisition as opposed to traditional buyers, although there is still opportunity for non-crypto companies to capitalize on these lower valuations and some are already doing so.

With more government regulation coming for the crypto sector this year, it could also impact the activity level as well.  Achieving some legal and regulatory clarity could have implications for this uptick in M&A for crypto companies. Our analysis of the SEC’s recent proposed regulations, other government activity in this area, and their potential implications can be found here.

We could of course see a growing number of acquisitions across industries as valuations remain lower than a year ago, but as the crypto sector continues to see this kind of a downturn, the level of activity in this area could be much greater than it has previously seen.  With that said, both the target company and the acquirer should be looking at any transactions with the same level of due diligence instead of rushing into any deal fueled by panic or haste.

© 2022 Foley & Lardner LLP

A Rule 37 Refresher – As Applied to a Ransomware Attack

Federal Rule of Civil Procedure 37(e) (“Rule 37”) was completely rewritten in the 2015 amendments.  Before the 2015 amendments, the standard was that a party could not generally be sanctioned for data loss as a result of the routine, good faith operation of its system. That rule didn’t really capture the reality of all of the potential scenarios related to data issues nor did it provide the requisite guidance to attorneys and parties.

The new rule added a dimension of reasonableness to preservation and a roadmap for analysis.  The first guidepost is whether the information should have been preserved. This rule is based upon the common law duty to preserve when litigation is likely. The next guidepost is whether the data loss resulted from a failure to take reasonable steps to preserve. The final guidepost is whether or not the lost data can be restored or replaced through additional discovery.  If there is data that should have been preserved, that was lost because of failure to preserve, and that can’t be replicated, then the court has two additional decisions to make: (1) was there prejudice to another party from the loss OR (2) was there an intent to deprive another party of the information.  If the former, the court may only impose measures “no greater than necessary” to cure the prejudice.  If the latter, the court may take a variety of extreme measures, including dismissal of the action. An important distinction was created in the rule between negligence and intention.

So how does a ransomware attack fit into the new analytical framework? A Special Master in MasterObjects, Inc. v. Amazon.com (U.S. Dist. Court, Northern District of California, March 13, 2022) analyzed Rule 37 in the context of a ransomware attack. MasterObjects was the victim of a well-documented ransomware attack, which precluded the companies access to data prior to 2016. The Special Master considered the declaration from MasterObjects which explained that, despite using state of the art cybersecurity protections, the firm was attacked by hackers in December 2020.  The hack rendered all the files/mailboxes inaccessible without a recovery key set by the attackers.  The hackers demanded a ransom and the company contacted the FBI.  Both the FBI and insurer advised them not to pay the ransom. Despite spending hundreds of hours attempting to restore the data, everything prior to 2016 was inaccessible.

Applying Rule 37, the Special Master stated that, at the outset, there is no evidence that any electronically stored information was “lost.”  The data still exists and, while access has been blocked, it can be accessed in the future if a key is provided or a technological work-around is discovered.

Even if a denial of access is construed to be a “loss,” the Special Master found no evidence in this record that the loss occurred because MasterObjects failed to take reasonable steps to preserve it. This step of the analysis, “failure to take reasonable steps to preserve,” is a “critical, basic element” to prove spoliation.

On the issue of prejudice, Amazon argued that “we can’t know what we don’t know” (related to missing documents).  The Special Master did not find Amazon’s argument persuasive. The Special Master concluded that Amazon’s argument cannot survive the adoption of Rule 37(e). “The rule requires affirmative proof of prejudice in the specific destruction at issue.”

Takeaways:

  1. If you are in a spoliation dispute, make sure you have the experts and evidence to prove or defend your case.

  2. When you are trying to prove spoliation, know the new test and apply it in your analysis (the Special Master noted that Amazon did not reference Rule 37 in its briefing).

  3. As a business owner, when it comes to cybersecurity, you must take reasonable and defensible efforts to protect your data.

©2022 Strassburger McKenna Gutnick & Gefsky

Wegmans Settles With NYAG for $400,000 Over Data Incident

The New York Attorney General recently announced a data security-related settlement with Wegmans Food Markets. The issue arose in April 2021 regarding a cloud-based incident. At that time a security researcher notified Wegmans that the company had an Azure cloud storage container that was unsecured. Upon investigation, the company determined that the container had been misconfigured and that three million customer records had been publicly accessible since 2018. The records included email addresses and account passwords.

Of concern for the AG, among other things, were that the passwords were salted and hashed using SHA-1 hashing, rather than PBKDF2. Similarly, the AG found concerning the fact that the company did not have an asset inventory of what it maintained in the cloud. As a result, no security assessments were conducted of its cloud-based databases. The NYAG also took issue with the company’s lack of long-term logging: logs for its Azure assets were kept for only 30 days. Finally, the company kept checksums derived from customer driver’s license information, something for which the NYAG did not feel the company had a “reasonable business purpose” to collect or maintain.

The NYAG argued that these practices were both deceptive and unlawful in light of the promises Wegman’s made in its privacy policy. It also felt that the practices were a violation of the state’s data security law. As part of the settlement, Wegmans agreed to pay $400,000. It also agreed to implement a written information security program that addresses, among other things:

  1. asset management that covers cloud assets and identifies several items about the asset, including its owner, version, location, and criticality;
  1. access controls for all cloud assets;
  1. penetration testing that takes into account cloud assets, and includes at least one annual test of the cloud environment;
  1. central logging and monitoring for cloud assets, including keeping cloud logs readily accessible for 90 days (and further stored for a year from logged activity);
  1. customer password management that includes hashing algorithms and a salting policy that is at least commensurate with NIST standards and “reasonably anticipated security risks;” and
  1. policies and procedures around data collection and deletion.

Wegmans agreed to have the program assessed within a year of the settlement, with a written report by the third-party assessor provided to the NYAG. It will also conduct at-least-annual reviews of the program. As part of that review it will determine if any changes are needed to better protect and secure personal data.

Putting It Into Practice: This case is a reminder for companies to think not only about assets on its network, but its cloud assets, when designing a security program. Part of these efforts include clearly identifying locations that house personal information (as defined under security and breach laws) and evaluating the security practices and controls in place to protect that information. The security program elements the NYAG has asked for in this settlement signal its expectations of what constitutes a reasonable information security program.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.

Are You Being Served? Court Authorizes Service of Process Via Airdrop

In what may be the first of its kind, a New York state court has authorized service via token airdrop in a case regarding allegedly stolen cryptocurrency assets. This form of alternative service is novel but could become a more routine practice in an industry where the identities of potential parties to litigation may be difficult to ascertain using blockchain data alone.

Background on the Dispute

According to the Complaint in the case, the plaintiff LCX AG (“LCX”) is a Liechtenstein based virtual currency exchange. As alleged in the Complaint, on or about January 8, 2022, the unknown defendants (named in the Complaint as John Does 1-25) illegitimately gained access to LCX’s cryptocurrency wallet and transferred $7.94 million worth of digital assets out of LCX’s control. Cryptocurrency wallets are similar in many ways to bank accounts, in that they can be used to hold and transfer assets. In the same way a thief can transfer funds from a bank account if they gain access to that account, thieves can also transfer cryptocurrency assets if they gain access to the keys to the wallet holding digital assets.

Following the alleged theft, LCX and its third-party consulting firm determined that the suspected thieves used “Tornado Cash,” which is a “mixing” service designed to hide transactions on an otherwise publicly available blockchain ledger by using complicated transfers between unrelated wallets. While Tornado Cash and other mixing services have legal purposes such as preserving the anonymity of parties to legitimate transactions, they are also utilized by criminals to launder digital funds in an illicit manner.

Even the use of these mixing services, however, can often also be unwound. This is especially true in transactions of large amounts of cryptocurrency, similar to how transactions utilizing complex money laundering schemes in the international banking system can be unwound. According to the blockchain data platform Chainalysis, although Illicit crypto transactions reached an all-time high of $14 billion in 2021, these suspected nefarious transactions accounted for 0.15% of crypto volume last year, down from 0.62% in 2020.

While the Complaint alleges the suspected thieves used Tornado Cash, LCX believes its hired consultants were able to unwind those mixing services to identify a wallet which is alleged to still hold $1.274 million of the allegedly stolen assets.

Unlike bank accounts which have associated identifying information, there are often no registered addresses or other identifying information connected to digital wallets. This makes it difficult to provide the actual proof of service required to institute an action or obtain a judgement against an individual where the only known information is their digital wallet addresses. Service via token airdrop into those wallet addresses solves that issue.

Service Via Airdrop

Service of lawsuits is traditionally made on the defendant personally at a home or business address via special process servers. In cases where service on the individual is not possible for some reason, many states authorize alternative means of service if the plaintiff can show that the alternative means of service likely to provide actual notice of the litigation to the defendant. For example, courts have historically allowed notice via newspaper publication as an alternative means of service where the defendant cannot be serviced personally.

Here, the Court permitted service via “airdrop” in which a digital token is placed in a specific cryptocurrency wallet, similar to how a direct deposit can place funds in a traditional bank account. This particular token contained a hyperlink to the associated court filings in the case, and a mechanism which allowed the data of any individual who clicked on the hyperlink to be tracked. While this is a novel way to serve notice of a lawsuit, similar airdrops have been used to communicate with the owners of otherwise anonymous cryptocurrency wallet owners. Such was the case recently when actor Seth Green had his Bored Ape non-fungible token (“NFT”) stolen and the unknowing buyer of the stolen NFT was otherwise difficult to locate.

While this type of digital service is new, it could be implemented in many disputes in the future regarding digital assets. Similar to the authorization of service that was seen recently in the Facebook Biometric Information Privacy Act litigation (where notice was served on potential class members via email and directly on the Facebook platform), service via airdrop may be the most efficient way to inform potential lawsuit participants of the pending dispute and how they can protect their rights in that dispute.

This type of airdropped service is not without issues, though. First, transactions on the blockchain are largely publicly available, meaning any individual with the wallet address would also be able to see service of the lawsuit notice. Additionally, many users are hesitant to click on unknown links (such as the one in the airdropped LCX) due to legitimate cybersecurity concerns.

While service via airdropped token is unlikely to replace traditional methods of service, it may be a useful means of serving process on unknown persons where there is a digital wallet linked to the acts which the applicable lawsuit relates.

© Polsinelli PC, Polsinelli LLP in California