Category: Technology

LinkedIn Petitions Circuit Court for En Banc Review of hiQ Scraping Decision

On October 11, 2019, LinkedIn Corp. (“LinkedIn”) filed a petition for rehearing en banc of the Ninth Circuit’s blockbuster decision in hiQ Labs, Inc. v. LinkedIn Corp., No. 17-16783 (9th Cir. Sept. 9, 2019). The crucial question before the original panel concerned the scope of Computer Fraud and Abuse Act (CFAA) liability to unwanted web scraping of publicly available social media profile data and whether once hiQ Labs, Inc. (“hiQ”), a data analytics firm, received LinkedIn’s cease-and-desist letter demanding it stop scraping public profiles, any further scraping of such data was “without authorization” within the meaning of the CFAA. The appeals court affirmed the lower court’s order granting a preliminary injunction barring LinkedIn from blocking hiQ from accessing and scraping publicly available LinkedIn member profiles to create competing business analytic products. Most notably, the Ninth Circuit held that hiQ had shown a likelihood of success on the merits in its claim that when a computer network generally permits public access to its data, a user’s accessing that publicly available data will not constitute access “without authorization” under the CFAA.

In its petition for en banc rehearing, LinkedIn advanced several arguments, including:

  • The hiQ decision conflicts with the Ninth Circuit Power Ventures precedent, where the appeals court held that a commercial entity that accesses a website after permission has been explicitly revoked can, under certain circumstances, be civilly liable under the CFAA. Power Ventures involved Facebook user data protected by password (that users initially allowed a data aggregator permission to access). LinkedIn argued that the hiQ court’s logic in distinguishing Power Ventures was flawed and that the manner in which a user classifies his or her profile data should have no bearing on a website owner’s right to protect its physical servers from trespass.

“Power Ventures thus holds that computer owners can deny authorization to access their physical servers within the meaning of the CFAA, even when users have authorized access to data stored on the owner’s servers. […] Nothing about a data owner’s decision to place her data on a website changes LinkedIn’s independent right to regulate who can access its website servers.”

  • The language of the CFAA should not be read to allow for “authorization” to be assumed (and unable to be revoked) for publicly available website data, either under Ninth Circuit precedent or under the CFAA-related case law of other circuits.

“Nothing in the CFAA’s text or the definition of ‘authorization’ that the panel employed—“[o]fficial permission to do something; sanction or warrant,” suggests that enabling websites to be publicly viewable is not ‘authorization’ that can be revoked.”

  • The privacy interests enunciated by LinkedIn on behalf of its users is “of exceptional importance,” and the court discounted the fact that hiQ is “unaccountable” and has no contractual relationship with LinkedIn users, such that hiQ could conceivably share the scraped data or aggregate it with other data.

“Instead of recognizing that LinkedIn members share their information on LinkedIn with the expectation that it will be viewed by a particular audience (human beings) in a particular way (by visiting their pages)—and that it will be subject to LinkedIn’s sophisticated technical measures designed to block automated requests—the panel assumed that LinkedIn members expect that their data will be ‘accessed by others, including for commercial purposes,’ even purposes antithetical to their privacy setting selections. That conclusion is fundamentally wrong.

Both website operators and open internet advocates will be watching closely to see if the full Ninth Circuit decides to rehear the appeal, given the importance of the CFAA issue and the prevalence of data scraping of publicly available website content. We will keep a close watch on developments.

© 2019 Proskauer Rose LLP.

Second Circuit Confirms Arbitration Awards That Are (Literally) Out of This World

Arbitration over whether a South Korean company or a Bermuda company headquartered in Hong Kong owns a geostationary satellite in light of an order from a South Korean regulatory agency can be complicated. The Second Circuit recently affirmed a decision confirming an arbitration award adjudicating ownership of the satellite in question and awarding damages related to a party’s failure to obtain regulatory approvals necessary to complete the sale over claims that the arbitration panel exceeded its power, disregarded the law, and violated public policy.

KT Corp., a Korean company, agreed to sell a satellite to ABS Holdings Ltd., a Bermuda company headquartered in Hong Kong. The companies signed a purchase agreement to convey the title to the satellite and an operations agreement under which KT agreed to operate the satellite on behalf of ABS. Both agreements contained New York choice-of-law provisions and mandatory arbitration clauses. The purchase agreement required KT to obtain and maintain all necessary licenses and authorizations for the sale and the continued operation of the satellite.

The sale was completed and title to the satellite was transferred.

Nearly two years later, a South Korean regulatory agency issued an order declaring the purchase agreement null and void because KT had failed to obtain a required export permit. The agency canceled KT’s permission to use certain frequencies to operate the satellite.

KT and ABS arbitrated who held title to the satellite and whether KT had violated the purchase agreement before a panel of the International Chamber of Commerce. In two awards, the panel concluded that ABS held title to the satellite because title had lawfully passed when the conditions precedent to the purchase agreement were completed when there was no requirement that KT obtain an export permit. And even if that was not the case, the panel concluded, the regulatory order had no effect because it was issued retroactively without notice to the parties in violation of New York law, and KT breached its obligations by failing to obtain all the approvals necessary for the continued operation of the satellite (even though an export permit may not have been required for the sale of the satellite, one was necessary to maintain the satellite’s operations).

KT petitioned the Southern District of New York to vacate the award, and ABS petitioned the court to confirm it. The district court granted ABS’ petition and confirmed the panel’s award.

The Second Circuit affirmed. KT argued that the panel had exceeded its authority and that the award disregarded the law and violated public policy. KT claimed that the panel’s conclusion that the regulatory order was without effect violated due process principles. The court disagreed, noting that KT had not challenged the order, its counsel had questioned its validity, and the panel did not rest on the validity of the order; the panel referenced the propriety of the order as an alternate basis for its primary conclusion that title to the satellite properly changed hands. The court also rejected KT’s argument that the panel had disregarded New York contract law. Regarding public policy, although the court recognized that it is the public policy of the United States to enforce foreign judgments that are not repugnant to U.S. policy, it was unclear whether that public policy extended to foreign regulatory orders, and it was not even clear that the regulatory order in this case was enforceable under South Korean law according to KT’s expert.

KT Corp. v. ABS Holdings, Ltd., No. 18-2300 (2d Cir. Sept. 12, 2019).

©2011-2019 Carlton Fields, P.A.

ARTICLE BY Brendan N. Gooley of Carlton Fields.
For more arbitration decisions, see the National Law Review ADR / Arbitration / Mediation page.

Ubers of the Future will Monitor Your Vital Signs

Uber has announced that it is considering developing self-driving cars that monitor passengers’ vital signs by asking the passengers how they feel during the ride, in order to provide a stress-free and satisfying trip. This concept was outlined in a patent filed by the company in July 2019. Uber envisions passengers connecting their own health-monitoring devices (e.g., smart watches, activity trackers, heart monitors, etc.) to the vehicle to measure the passenger’s reactions. The vehicle would then synthesize the information, along with other measurements that are taken by the car itself (e.g., thermometers, vehicle speed sensors, driving logs, infrared cameras, microphones, etc.). This type of biometric monitoring could potentially allow the vehicle to assess whether it might be going too fast, getting too close to another vehicle on the road, or applying the brakes too hard.  The goal is to use artificial intelligence to create a more ‘satisfying’ experience for the riders in the autonomous vehicle.

This proposed technology presents yet another way that ride-sharing companies such as Uber can collect more data from their passengers. Of course, passengers would have the choice about whether to use this feature, but this is another consideration for passengers in this data-driven industry.

Copyright © 2019 Robinson & Cole LLP. All rights reserved.

For more about self-driving cars, see the National Law Review Communications, Media & Internet law page.

Who Benefits from Self-Driving Cars?

Everyone will benefit from self-driving cars, but to varying degrees. Society, from a safety standpoint, benefits from eliminating some or all of the 34,247 motor vehicle fatalities per year. The elderly and disabled can benefit by regaining independence. Commuters can benefit by turning their dreaded drive to work into a relaxing or productive session they look forward to. But what about car manufacturers?

Car manufacturers may potentially benefit the most from self-driving cars. Assuming that they develop safe, fully autonomous robotaxis, then a car manufacturer may be able to operate the car as a robotaxi and potentially generate ten times the sale price of a vehicle over the life of the vehicle. But before this can happen, a company has to produce a fully self-driving vehicle at a reasonable cost. From a hardware standpoint, a key challenge is sensor technology. Lidar, a critical sensor for autonomous cars that can bridge the deficiencies in today’s camera and radar systems, is a significant hurdle due to its cost (e.g., up to $75,000), size, and complexity.

Therefore, it comes as no surprise that lidar companies are benefiting from large investments and partnerships this year to develop advanced lidar solutions. For example, Sense Photonics recently emerged from stealth mode and made headlines with a $26 million round advertising a whole new approach that allows for an ultra-wide field of view and flexible installation. Sense Photonics claims they have a “flash” lidar which can illuminate the entire scene with one giant flash, as opposed to the scanning or sweeping systems employed by the early popular lidars systems, such as those from Velodyne. Luminar recently announced they developed a new LIDAR sensor that weighs less than 2 pounds, is the size of a soda can, and will cost as little as $500. Another upstart, Lumotive, announced that it has a solid-state sensor with metamaterial (e.g., a non-naturally occurring material that can have a negative refractive index) that includes tiny tunable components that can slow down parts of the laser beam in order to steer the beam. Steering a laser beam in this manner, according to Lumotive, may eliminate the need for mechanically moving parts. Yet another lidar company, Quanergy, touts that they have a fully solid-state automotive grade lidar based on optical phased arrays that do not include any moving parts on any scale, while offering an unparalleled level of quality and reliability.

While the timeline is uncertain, it is likely that self-driving cars will be safer than human drivers, and that auto manufacturers and technology suppliers will find opportunities to increase profits. However, this will likely bring about certain disadvantageous. Some disadvantages are obvious, such as the loss of transportation-related jobs due to automation, but there may be other less obvious disadvantages. If a car manufacturer can make more money by keeping their car, why would they sell it to consumers? Elon Musk thinks that is the case, and part of his “Master Plan” is to enable self-driving hardware to operate as autonomous robotaxis to generate revenue for Tesla itself. While autonomous robotaxis may have many benefits, the inability to buy a reasonably priced car because it is more profitable in the hands of the car manufacturer does not benefit the car shopper!

© 2019 Foley & Lardner LLP

More more on self-driving cars, see the Utilities & Transport law page on the National Law Review.

You Can be Anonymised But You Can’t Hide

If you think there is safety in numbers when it comes to the privacy of your personal information, think again. A recent study in Nature Communications found that, given a large enough dataset, anonymised personal information is only an algorithm away from being re-identified.

Anonymised data refers to data that has been stripped of any identifiable information, such as a name or email address. Under many privacy laws, anonymising data allows organisations and public bodies to use and share information without infringing an individual’s privacy, or having to obtain necessary authorisations or consents to do so.

But what happens when that anonymised data is combined with other data sets?

Researchers behind the Nature Communications study found that using only 15 demographic attributes can re-identify 99.98% of Americans in any incomplete dataset. While fascinating for data analysts, individuals may be alarmed to hear that their anonymised data can be re-identified so easily and potentially then accessed or disclosed by others in a way they have not envisaged.

Re-identification techniques were recently used by the New York Times. In March this year, they pulled together various public data sources, including an anonymised dataset from the Internal Revenue Service, in order to reveal a decade’s worth of Donald Trump’s negatively adjusted income tax returns. His tax returns had been the subject of great public speculation.

What does this mean for business? Depending on the circumstances, it could mean that simply removing personal information such as names and email addresses is not enough to anonymise data and may be in breach of many privacy laws.

To address these risks, companies like Google, Uber and Apple use “differential privacy” techniques, which adds “noise” to datasets so that individuals cannot be re-identified, while still allowing access to the information outcomes they need.

It is a surprise for many businesses using data anonymisation as a quick and cost effective way to de-personalise data that more may be needed to protect individuals’ personal information.

If you would like to know more about other similar studies, check out our previous blog post ‘The Co-Existence of Open Data and Privacy in a Digital World’.

Copyright 2019 K & L Gates
This article is by Cameron Abbott of  K&L Gates.
For more on internet privacy, see the National Law Review Communications, Media & Internet law page.

Are Your AI Selection Tools Validated? OFCCP Provides Guidance for Validation of AI-Based Algorithms

We have long counseled employers using or contemplating using artificial intelligence (“AI”) algorithms in their employee selection processes to validate the AI-based selection procedure using an appropriate validation strategy approved by the Uniform Guidelines on Employee Selection Procedures (“Uniform Guidelines”).  Our advice has been primarily based on minimizing legal risk and complying with best practices.  A recently updated Frequently Asked Questions (“FAQ”) from the Office of Federal Contract Compliance Programs (“OFCCP”) provides further support for validating AI-based selection procedures in compliance with the Uniform Guidelines.

On July 23, 2019, the OFCCP updated the FAQ section on its website to provide guidance on the validation of employee selection procedures.  Under the Uniform Guidelines, any selection procedure resulting in a “selection rate for any race, sex, or ethnic group which is less than four-fifths (4/5) (or eighty percent) of the rate for the group with the highest rate will generally be regarded by Federal enforcement agencies as evidence of adverse impact,” which in turn requires the validation of the selection procedure.  These validation requirements are equally applicable to any AI-based selection procedure used to make any employment decision, including hiring, termination, promotion, and demotion.

As stated in the Uniform Guidelines, and emphasized in the FAQ, the OFCCP recognizes three methods of validation:

  1. Content validation – a showing that the content of the selection procedure is representative of important aspects of performance on the job in question;

  2. Criterion-related validation – production of empirical data demonstrating that the selection procedure is predictive or significantly correlated with important aspects of job performance; and

  3. Construct validation – a showing that the procedure measures the degree to which candidates possess identifiable characteristics that have been determined to be important in successful performance on the job.

With the exception of criterion-related validating studies, which can be “transported” from other entities under certain circumstances, the Uniform Guidelines require local validation at the employer’s own facilities.

If a selection procedure adversely impacts a protected group, the employer must provide evidence of validity for the selection procedure(s) that caused the adverse impact. Thus, it is crucial that employers considering the implementation of AI-based algorithms in the selection process both conduct adverse impact studies and be prepared to produce one or more validation studies.

The new FAQ also provides important guidelines on the substantial methods utilized by OFCCP in evaluating potential adverse impact.  In accordance with the Uniform Guidelines, OFCCP will analyze the Impact Ratio – the disfavored group’s selection rate divided by the favored group’s selection rate.  Any Impact Ratio of less than 0.80 (referred to as the “Four – Fifths Rule”) constitutes an initial indication of adverse impact, but OFCCP will not pursue enforcement without evidence of statistical and practical significance.  For statistical significance, the OFCCP’s standard statistical tests are the Fisher’s Exact Test (for groups with fewer than 30 subjects) and the Two Independent-Sample Binomial Z-Test (for groups with 30 or more subjects).

With the publication of this new FAQ, employers – and particularly federal contractors – should be sure to evaluate their use of AI-based algorithms and properly validate all selection procedures under the Uniform Guidelines.  Moreover, although not addressed in the OFCCP’s new FAQ, employers should also ensure that their AI-based algorithms are compliant with all other state and federal laws and regulations.

©2019 Epstein Becker & Green, P.C. All rights reserved.

Drive.ai Introduces External Communication Panels to Talk to Public

Self-driving cars are inherently presented with a challenge—communicating with their surroundings. However, Drive.ai has attempted to address that challenge by equipping its self-driving cars with external communication panels that convey a variety of messages for drivers, pedestrians, cyclists and everyone else on the road. Drive.ai CEO Bijit Halder said, “Our external communication panels are intended to mimic what an interaction with a human drive would look like. Normally you’d make eye contact, wave someone along, or otherwise signal your intentions. With [these] panels everyone on the road is kept in the loop of the car’s intentions, ensuring maximum comfort and trust, even for people interacting with a self-driving car for the first time.” To help the company build its platform, one of the company’s founders recorded herself driving around normally and analyzed all the interactions she had with other drivers, including eye contact and hand motions.

Specifically, the panel uses lidar sensors, cameras, and radar to determine if any pedestrians are in or near a crosswalk as it approaches the crosswalk. If the vehicle detects that pedestrian’s path, the car begins to slow down and displays the message “Stopping for you.” Once the vehicle comes to a complete stop, it displays the message “Waiting for you.” When there are no more pedestrians are detected, the vehicle will display the message “Going now, please wait” to let other pedestrians to wait to cross.

Drive.ai continues to conduct research to determine the best means of communication including the best location for such communications, which is currently right above the wheels based on its previous studies. Halder said, “The more you can effectively communicate how a self-driving car will act, the more confidence the public will have in the technology, and that trust will lead to adoption on a broader scale.”

 

Copyright © 2019 Robinson & Cole LLP. All rights reserved.
More more in vehicle technology advances, see the Utilities & Transport page on the National Law Review.

Ericsson Offers FRAND – District Court Endorses Comparable Licenses, Rejects SSPPU Royalty Rate

On May 23, 2019, the court issued a declaratory judgment in the case of HTC v. EricssonNo. 18-cv-00243, pending in the United States District Court for the Eastern District of Texas (Judge Gilstrap). That judgment confirmed that Ericsson’s 4G standard-essential patents (“SEPs”) convey significant value to mobile handsets and held that Ericsson made an offer to HTC that complied with Ericsson’s obligations to license on fair, reasonable, and non-discriminatory (“FRAND”) terms. The decision, published on the heels of Judge Koh’s recent opinion in FTC v. Qualcomm, provides much-needed clarity to SEP owners by definitively rejecting the smallest-saleable patent practicing unit (“SSPPU”) royalty theory in favor of a real-world, market-based approach.

The Dispute

Ericsson owns a large portfolio of cellular patents essential to the 2G, 3G, and 4G standards that it licenses to handset makers worldwide. As a member of the ETSI standard setting organization, Ericsson agreed to license these patents on FRAND terms. Ericsson offered a license to HTC at a rate of $2.50 per 4G device, or 1% of the net device price with a $1 floor and $4 cap. HTC countered with a rate of $0.10 per 4G device. HTC sued Ericsson, claiming that Ericsson’s offered royalty rate was too high, and that Ericsson breached its FRAND commitment.

A jury trial was held in February 2019. HTC argued that a royalty base must be calculated based on the profit margin of the baseband processor (which HTC argued was the SSPPU) rather than the price of the device as a whole. Ericsson argued that HTC’s SSPPU approach dramatically undervalued 4G cellular technology and that Ericsson’s patents in particular were worth far more. After a five-day trial, the jury found that Ericsson’s offers did not breach Ericsson’s commitment to license on FRAND terms and conditions.

The Decision

Following the verdict, the district court also issued its findings of fact and conclusions of law in connection with ruling on Ericsson’s request for a declaratory judgment that it had complied with FRAND. This declaration reaffirmed the jury’s findings, while also addressing more fully some key questions.

First, the court stated unequivocally that the ETSI FRAND commitment does not require a company to license its SEPs based on the profit or cost of the baseband processor or SSPPU.The district court’s decision is consistent with Federal Circuit precedent, such as Ericsson v. D-Link, which holds that “courts must consider the facts of record when instructing the jury and should avoid rote reference to any particular damages formula.”

Second, the order went further to conclude that Ericsson’s 4G portfolio is worth significantly more than a royalty rate based on the profit margin or cost of the baseband processor in HTC’s phones (HTC’s “SSPPU”). Looking to industry-wide evidence, the court held that the value of cellular technology far exceeded a valuation based on the price or profit of a baseband processor. The court found that “Ericsson established, and HTC’s own experts conceded, that there are no examples in the industry of licenses that have been negotiated based on the profit margin, or even the cost, of a baseband processor” and that credible evidence supported a finding that “the profit margin, or even the cost, of the baseband processor is not reflective of the value conferred by Ericsson cellular essential patents.”

Third, the court determined that both of Ericsson’s offers to HTC—(1) $2.50 per 4G device or (2) 1% with a $1 floor and $4 cap—were fair, reasonable, and non-discriminatory. The court found that Ericsson’s “comparable licenses provide the best market-based evidence of the value of Ericsson’s SEPs and that Ericsson’s reliance on comparable licenses is a reliable method of establishing fair and reasonable royalty rates that is consistent with its FRAND commitment.” At trial, evidence was presented regarding Ericsson’s licenses with Apple, BLU, Coolpad, Doro, Fujitsu, Huawei, Kyocera, LG, Panasonic, Samsung, Sharp, Sony, and ZTE. The court noted that several of Ericsson’s licenses contained express terms that were “similar or substantially similar” to Ericsson’s offers to HTC and rejected the argument that Ericsson’s offers to HTC were discriminatory.

Why It Matters

Judge Gilstrap’s declaration represents an important development in FRAND case law that looks to industry practice and market evidence rather than untested licensing theories. It affirms that basing a rate on comparable licenses is an acceptable FRAND methodology.

The decision also rejects the SSPPU royalty theory. Some have read the recent FTC v. Qualcommopinion to suggest that a FRAND royalty must be structured as a percentage rate on a baseband processor. Judge Gilstrap’s declaration demonstrates why such a reading is incorrect.  First, the declaration explains that the ETSI FRAND commitment simply does not require a SSPPU royalty base. Second, even if one were to indulge the SSPPU approach, the SSPPU for many standard-essential patents is not limited to a baseband processor. Third, a wealth of market evidence shows that Ericsson’s patents (and standard-essential patents generally) are far more valuable than a baseband processor-based royalty would reflect.

© McKool Smith
This article was written by Nicholas Mathews from McKool Smith.

Emerging Technologies Update

Our present era is one characterized by rapid technological change, marked by an influx of advancements aimed at enhancing productivity, reducing labor costs, and providing companies with previously unforeseen efficiencies and insights. These emerging technologies—a broad collection of hardware and software that includes artificial intelligence (AI), autonomous vehicles (AVs), biotechnology, robotics, and unmanned aerial systems (drones)—are being incorporated into everyday operations by seemingly every industry and sector.

A number of emerging technologies are finding particular value in the energy, natural resources, and transportation spaces.  A brief survey of these sectors reveals that companies are incorporating emerging technologies in a number of novel ways, including:

  • Use of drones to detect leaks along pipelines and to survey the structural integrity of offshore rigs;
  • Integration of machine learning-empowered connected devices by electric, gas, and water utilities to better serve communities by identifying ways to be more efficient with respect to how resources are managed;
  • Application of predictive analytics for refinery/gas plant optimization to mitigate un-programmed plant shutdowns, improve yields, and enhance safety awareness;
  • Incorporation of machine learning and computer vision into AV systems which have the capability to significantly improve road safety, reduce traffic fatalities, and improve vehicle efficiency;
  • Adoption of machine learning and data analytics by oil and gas companies into planning processes for drilling by hydraulic fracturing; and
  • Utilization of autonomous delivery systems—including aerial and sidewalk drones—in an effort to significantly reduce the cost of deliveries and environmental impacts over the “last mile.”

While these and other technologies show great promise, they also create a host of new challenges for governments, companies, and individuals.  In particular, emerging technologies could usher in an era of massive disruption that dramatically alters and upsets traditional notions of consumer safety and privacy, national security, job security, and environmental quality.  Federal and state regulators and legislators are already starting to tackle the challenges arising from emerging technologies—with mixed results. These actions risk generating unintended consequences that could stifle innovation and/or forestall the incorporation of emerging technologies into various industry operations.

This inaugural VNF Emerging Technology Update is intended to identify recent executive and legislative branch developments in the emerging technology space that may impact the deployment of these technologies, which in turn could impact client operations. If you have a question about these or any other developments in the emerging technology space, please contact the authors of this alert.

Recent Emerging Tech Developments

DOT Announces New Measures to Facilitate Drone Deployment

On January 14, 2019, Secretary of Transportation, Elaine Chao, announced several significant regulatory developments that should—in time—provide drone companies and operators with more operational flexibility.

First, Secretary Chao announced that the Federal Aviation Administration (FAA) had unveiled a proposed rule entitled, “Operation of Small Unmanned Aircraft Systems over People.” Among other things, the proposed rule would allow a small drone to “pass[] over any part of any person who is not directly participating in the operation and who is not located under a covered structure or inside a stationary vehicle”—provided that the drone meets certain operational constraints related to drone weight, design, and risk of injury to people.  The proposed rule would also permit drones to operate at night provided that (i) the drone is equipped with an anti-collision light that is visible for at least three statute miles, and (ii) the operator has completed relevant knowledge training and testing.

While the proposed rule is a good first step in facilitating further innovation in small drone use cases, it is unlikely that the rule would have any immediate impact because it is contingent on the FAA implementing remote identification and tracking regulations, which the FAA is expected to promulgate in proposed form later this year.  Moreover, remote ID and tracking rules are necessary to stymie nefarious and nuisance operations that could target critical systems and infrastructure, including events similar to those that occurred at London’s Gatwick and Heathrow airports late in 2018 and early in 2019, and at Newark International Airport on January 22, 2019. Thus, while the proposed rule is a welcome step toward facilitating drone innovation, regulators still have a lot of work to do before companies (and consumers) realize the potential benefits of commercial drones.

In addition to the proposed rule, the FAA also announced an advanced notice of proposed rulemaking (ANPR) seeking comments on the “Safe and Secure Operations of Small Unmanned Aircraft Systems.” The ANPR recognizes the potential national security threat that drones pose to critical infrastructure, acknowledging that it is continually assessing the ability of the Part 107 regulations to address these concerns.  In addition, the ANPR notes that the FAA is working to develop a process to allow certain fixed-site facility owners to petition the agency to prohibit or restrict drone operations in close proximity to, e.g., critical infrastructure sites. The ANPR further recognizes public safety and national security concerns arising from loss of control of a drone. The agency seeks comment on the need to promulgate regulations establishing design requirements (such as redundancy) for systems critical to flight safety.

It is important to note that the current government shutdown has impacted the publication of these regulatory actions in the Federal Register. Therefore, the FAA is not yet accepting public comment on these actions. The FAA has not indicated when it will publish these actions in the Federal Register, but simply says both will be published “at a later date.”

FCC Proposed Rule on Unlicensed Use of 6 GHz Band

On December 17, 2018, the Federal Communications Commission (FCC) published a proposed rule to expand unlicensed use of the 5.925-7.125 GHz band (6 GHz band). Specifically, the FCC would allow unlicensed access points to operate on the 5.925-6.425 GHz and 6.525-6.875 GHz sub-bands only on frequencies determined by an automated frequency control (AFC) system. For the 6.425-6.525 GHz and 6.875-7.125 GHz sub-bands, the FCC would not mandate an AFC system and would permit unlicensed access points to operate at lower transmitted power.

The FCC’s press release on the proposed rule notes that “[u]nlicensed devices that employ Wi-Fi and other unlicensed standards have become indispensable for providing low-cost wireless connectivity in countless products used by American consumers.” The proposed rule represents one element of the FCC’s broader objective to facilitate and ensure that adequate spectrum exists to accommodate the proliferation of connected devices in the internet of things (IoT).

While the FCC asserted its commitment to “protecting the incumbent licensed services that operate in this spectrum,” the FCC’s proposed action does raise the possibility of conflict with electric, gas, and water utilities and other critical infrastructure systems, which have long relied on the 6 GHz band for their communications networks. Some worry that the FCC’s action could unleash a flood of new unlicensed users on the spectrum, which could create radio frequency interference that compromises both reliability and emergency response capabilities.

Comments on the proposed rule are due by February 15, 2019.

BIS Contemplating Export Controls for Certain Emerging Technologies

On November 19, 2018, the Bureau of Industry and Security (BIS)—an agency within the Department of Commerce—published an ANPR seeking public comment on criteria for identifying emerging technologies that are essential to U.S. national security. The BIS ANPR comes at a time of heightened scrutiny over global technology transfers. The past year alone has been dominated by headlines of (i) potential national security concerns related to the import of Chinese telecommunications technologies; (ii) potential supply chain attacks on U.S. technology manufacturers; and (iii) escalating trade tensions between the United States and China precipitated at least in part by U.S. objections over Chinese theft of intellectual property.

It is this third risk that BIS’s ANPR is attempting to redress. With the help of public comments received over the course their comment period (which closed on January 10, 2019) BIS will evaluate potential national security risks that may arise from the export of emerging technologies.  The agency has indicated that it will likely promulgate a proposed rule to amend the Commerce Control List (CCL) to include new Export Control Classification Numbers (ECCNs) for certain emerging technologies.

While there is certainly a need to address the economic, national security, and political implications of technology transfers—and the deleterious impacts of industrial espionage—some of the most prominent technology companies and technology industry advocacy groups argue that BIS’s action will do little to mitigate potential national security risks and may actually do more to harm U.S. emerging technology companies, because any prohibition on technology exports will apply to companies operating within the United States. Consequently, sophisticated external actors will still be able to engage in industrial espionage, thereby extracting potentially sensitive technologies outside of officially-sanctioned processes, allowing certain emerging technologies to end up in jurisdictions outside of the United States or its allies without U.S. companies being able to control the dissemination of those technologies.

Given the potential negative impacts of BIS’s contemplated regulatory action—as well as the fact that BIS issued the ANPR immediately before the year-end holiday season—many companies petitioned the agency for an extension of the original 30-day comment period. While BIS did extend the comment period an additional three weeks, the compressed comment period undoubtedly prevented some companies and individuals from offering more detailed insights.  Given the potential economic and security impacts of the ANPR, companies may wish to engage with the Office of Information and Regulatory Affairs (OIRA) within the Office of Management and Budget (OMB) as an alternative or parallel strategy to ensure that the Administration is aware and understands the potential implications on U.S. companies.

Senators Warner and Rubio Introduce Bill to Establish the Office of Critical Technologies and Security

On January 4, 2019, Senators Mark Warner (D-VA) and Marco Rubio (R-FL) introduced S.29, which would establish an “Office of Critical Technologies and Security” within the White House. Recognizing threat of industrial espionage, forced technology transfers, and supply chain vulnerabilities, the bipartisan bill is intended to ensure that technology transfer decisions occur within a broader policy context—a “whole of government technology strategy”—that weighs relevant economic, geopolitical and national security concerns in a way different from the existing BIS regulatory process.

As of January 22, the Senate has taken no further action on the bill.

 

© 2019 Van Ness Feldman LLP
This post was written by R. Scott Nuzum and Eric C. Wagner of Van Ness Feldman LLP.

Medical Products & FDA: What to Watch for in 2019

Major legislation impacting FDA often accompanies user fee reauthorizations every 5 years. However, Congress has acted to address public health issues between user fee cycles. FDA regulates 20¢ of every U.S. consumer dollar spent on products ranging from heart valves to insulin to breakfast cereal, so there’s always something Congress can do in the realm of FDA’s statutory authorities. Many FDA-related bills are often bipartisan, too, which suggests action despite different parties in power in the House and Senate. Here are a few key medical product issues we’ll be tracking in 2019.

Laboratory Developed Tests (LDTs)

An LDT is a type of in vitro diagnostic test that is designed, manufactured, and used within a single laboratory. In recent years, FDA has attempted to more actively regulate LDTs, claiming they are more complex now than when the agency was granted authority to regulate devices in the 1970s (FDA had, until recently, generally ignored LDTs using a policy known as enforcement discretion). A few years ago, the agency published a proposed approach that caused a stir in Congress and the lab industry and after years of debate Congress seems ready to act on LDTs, which some are now calling In Vitro Clinical Tests (IVCTs). However, New Jersey Democrat Frank Pallone, the likely incoming chairman of the House Energy & Commerce Committee has expressed concern with FDA’s proposed approach to IVCT regulation, especially its heavy reliance on review by accredited persons (i.e., third party review) and pre-certification. FDA’s position was outlined by Commissioner Scott Gottlieb, who in a September 2018 speech stated that FDA envisions reviewing only 10% of IVCTs, 40% would use the pre-certification model, and the remainder would not be subject to FDA premarket review.

Who blinks first? Based on my experience at FDA, the agency is likely to wait for Congress to make the first move largely because FDA went all in by submitting 59 pages of “technical assistance”—essentially a draft bill—to Congress in August 2018. A Democrat-controlled E&C may push for more oversight or a phased-in approach, which is something FDA has resisted. Sure to further complicate discussions is the role of user fees in funding an IVCT regulatory program. Among the questions that need to be answered: how much IVCT oversight will FDA have relative to third parties, how much will that cost, and who’s paying the bill? As a former user fee negotiator for FDA, I can tell you those conversations are not going to be easy.

Digital Health

FDA’s exploration of a new regulatory paradigm for digital health products hit a bump in the road on October 10 when Senators Warren, Murray, and Smith (all Democrats) sent a letter to FDA asking, among other things, what the legal basis is for the digital health pre-cert program. Because FDA does not have the staff capacity or expertise to review all digital health products (including software), part of its solution is to rely on certifications that a product developer has a culture of quality and organizational excellence. FDA also says the current review paradigm is not well-suited to software and similar products that have fast, iterative development cycles. This idea has merit but the details need to be hammered out—likely in statute. And while 2019 is too early to expect legislation, the October 10 letter foreshadows intense scrutiny from HELP Committee Democrats. The agency is still collecting comments on its proposed framework.

Medical Device Cybersecurity

FDA recently made a splash with its cybersecurity playbook and a recently updated premarket cybersecurity guidance. However, while I was at FDA we responded to a lot of requests for technical assistance from both sides of the aisle on legislative language that would: mandate convening stakeholders to recommend guidelines for improving cybersecurity of devices, mandate software bills of materials, or provide basic cybersecurity operational standards for Internet-connected devices, among other ideas. The jury is out on how much any of these ideas would meaningfully improve the nation’s cybersecurity infrastructure at least as it pertains to medical devices. Considering cybersecurity is a hot topic in other contexts (e.g., election security, personal computing), the 116th Congress will likely continue to look for legislative wins in this space and we’ll be watching closely to see what the impacts could be on medical products.

Device Servicing

FDA continues to look for a solution to problematic device servicing and will be holding another public meeting in December 2018. While we’re optimistic FDA will come out of that meeting with a draft policy (the agency said it plans to issue a draft guidance document before October 2019), we see challenges with some of the ideas mentioned in a discussion paper the agency released in October 2018. Even as FDA reviews public comments and publishes guidance, there could be a role for Congress, such as to ensure appropriate oversight of servicing through mandated inspections. We’re looking forward to seeing how interaction between OEMs, servicers, and FDA at the December workshop could influence the draft guidance.

OTC Monograph Reform

As noted in our Lame Duck Preview for health issues, OTC monograph reform legislation passed the House but awaits action in the Senate, where it’s stuck in committee. An OTC monograph is like a recipe for an over-the-counter drug that, once approved by FDA, can be used by any drug manufacturer without FDA pre-approval of the manufacturer’s specific drug. The bill would speed up the regulatory process for OTC monographs by allowing use of administrative orders rather than rulemaking. Both bills authorize FDA to grant exclusivity for the monograph developer, which would protect market access, though the amount of exclusivity differs (18 months in the House bill; 24 months in the Senate bill). Likely incoming House E&C Chairman Pallone is—again—who we’re looking to regarding action on this. Despite voting for the House version, it is well-known that Rep. Pallone has concerns about the exclusivity provision. The OTC monograph process has not changed since 1972 and reform efforts have been brewing for a while; if this does not move in the lame duck, this could be in play in 2019.

Opioids

Congress passed major opioids legislation in September 2018 so while Congress may shift its focus to other issues, we’ll be keeping an eye on how the administration is implementing its mandates. FDA in particular has as full plate with:

  • Holding a public meeting to address challenges of developing non-addictive medical products for acute or chronic pain;
  • Issuing new or updating existing guidance documents addressing, among other topics, how FDA considers pain, pain control, or pain management in assessing whether a disease or condition is serious or life-threatening and how FDA may require postmarket studies to assess reductions in effectiveness of a drug that change the drug’s benefit-risk profile;
  • Issuing prescribing guidelines for the indication-specific treatment of acute pain;
  • Developing a list of controlled substances to refer to Customs and Border Protection and other import controls; and
  • Implementing new authority to require unit dose packaging (aka blister packs).

This list is not exhaustive, yet it’s clear FDA will be busy. We’ll be keeping a close eye on administration and congressional actions related to these and other important public health issues in 2019.

©1994-2018 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

ARTICLE BY

Aaron L. Josephson