Tag: FTC

Made in the USA (For the Most Part)

made in the USANewspaper headlines report a new economic trend—manufacturing is returning to the United States. The country’s industrial production grew by 0.7 percent in July, its biggest jump since November 2014. This number represents everything made by factories, mines, and utilities. Before companies start slapping “Made in the USA” labels on their wares, they need to make sure they are familiar with the legal requirements to do so.

The Federal Trade Commission (the FTC) monitors the marketplace and aims to keep businesses from misleading consumers. Within the FTC’s jurisdiction is regulating “Made in the USA” claims.

If a product is labeled as “Made in the USA,” without any qualification, it must be “all or virtually all” made in the United States. “[A]ll significant parts and processing that go into the product must be of U.S. origin. That is, the product should contain no – or negligible – foreign content.” The FTC contemplates the site of final assembly or processing, the proportion of manufacturing costs paid to the U.S., and how detached the foreign material is from the finished product. For many businesses, this standard can be hard, if not impossible, to meet.

Since January 2015, the FTC has issued 46 letters to companies asserting misleading U.S. origin claims on a wide range of products, such as cookware, snow blowers, auto parts and pet products.

For example, the FTC recently determined that Shinola—a Detroit-based manufacturer of high-end watches, bicycles, and leather goods—did not meet it. Shinola advertises its products with the slogans “Built in the USA” and “Built in Detroit.” But in June of this year, the FTC called this labeling misleading because “100 percent of the cost of materials used to make certain watches . . . [and] more than 70 percent of the cost of the materials used to make certain belts” goes to imported materials. For example, Shinola’s watches incorporate Swiss-made timekeeping components.

Shinola’s founder had a good reason for why his company incorporated foreign parts:  many of the components are unavailable in the U.S. The components are imported to Detroit where Shinola’s 400 employees assemble watches in the company’s factory. The FTC, however, applied its “net impression” analysis and determined that Shinola’s slogans contradict reality. Shinola’s advertisements will now read “Built in Detroit using Swiss and Imported Parts.”

In light of the FTC’s stance on U.S. origin claims, companies should follow FTC decisions and exercise caution when saying “Made in the USA.” There is no bright line rule for whether a product is “all or virtually all” made in the USA. Companies should consider how their products fit within the FTC’s framework and only then decide whether their merchandise has, according to the FTC, been “Made in the USA.”

ARTICLE BY Brittany Robbins of Schiff Hardin LLP

© 2016 Schiff Hardin LLP

Federal Trade Commission Continues to Scrutinize Social Media Influencer Programs

Social Media Influencer ProgramsThis week, as part of its ongoing focus on influencer programs, the Federal Trade Commission (FTC) settled charges against Warner Brothers Home Entertainment, Inc. regarding its use of such a campaign to market the video game Middle Earth: Shadow of Mordor. This investigation of Warner Bros. was brought under the FTC Act, which prohibits deceptive marketing, and requires that endorsers “clearly and conspicuously” disclose any “material connection” to the brand they are endorsing.

In late 2014, Warner Bros. and its advertising agency, Plaid Social Labs, LLC, hired “influencers” (i.e., individuals with large social media followings) to create videos and post them on YouTube, and promote the videos on Twitter and Facebook.  One of the influencers hired for the program, PewDiePie, is the most-subscribed individual creator on YouTube, with more than 46 million followers. Warner Bros. paid each of the influencers from a few hundred to tens of thousands of dollars for the videos, in addition to providing free copies of the game. Under these contracts, Warner Bros. had the ability to review and approve the videos.

The FTC alleges that Warner Bros. failed to require sponsorship disclosures clearly and conspicuously in the video itself, where viewers were likely to notice them. Instead, Warner Bros. instructed influencers to place the disclosures in the description box below the video. Warner Bros. also required the influencers to include other information about the game in the description box, so most of the disclosures appeared “below the fold,” visible only if consumers clicked on the “Show More” button. Additionally, when influencers embedded the YouTube videos on Facebook or Twitter, the description field (and thus, the disclosure) was completely invisible.  Some of the disclosures also only mentioned that the game was provided free, and did not disclose the payment.

This continues the FTC’s focus on influencer programs with insufficient disclosures. In March, the FTC settled charges against national retailer Lord & Taylor related to its use of an Instagram influencer program with insufficient disclosures, where the influencers were paid and provided with a free dress. The influencers were required to make a post with the hashtag #DesignLab, and tagging @LordandTaylor, but were not instructed to disclose the payment or the free goods. At the same time, Lord & Taylor placed a paid article in Nylon, an online magazine, and purchased a paid placement on the Nylon Instagram account. Neither the post nor the article indicated they were paid advertising.

Likewise, in September 2015, the FTC settled charges against Machinima, an online entertainment network. Microsoft, through its advertising agency, hired Machinima to promote its Xbox One gaming console and video games. The  FTC alleged Machinima gave pre-release versions of the console and games to influencers, as well as payments of tens of thousands of dollars in some cases, in exchange for their uploading and posting endorsement videos.  Machinima did not require that the influencers disclose the sponsorship.

In each of these cases, the FTC entered consent agreements that require the brands to closely monitor and review its influencer content for appropriate disclosures, and terminate influencers who fail to accurately and conspicuously disclose their paid endorsements. The brands must keep records of their compliance and the FTC may review them at any time—with penalties of $16,000 per violation.

As marketing teams continue to try to reach consumers in new and creative ways, the FTC continues to signal its intention to closely scrutinize each development. As these methods evolve, brands should be conscious of their obligations to ensure appropriate disclosures in every format and to monitor for compliance.

ARTICLE BY Katherine Dennis Nye of Neal, Gerber & Eisenberg LLP

© 2016 Neal, Gerber & Eisenberg LLP.

Serious Games Require Serious Attention to Marketing Statements

BrainLumos Labs recently paid $2 million to the Federal Trade Commission to settle claims that it deceived consumers about its brain training application’s ability to increase cognitive function. According to the FTC,  the company alleged that its app, called Lumosity, provided many beneficial effects including the ability to improve users’ school and work performance, delay the onset of age-related cognitive disorders and help restore brain function lost as a result of brain trauma and other health conditions.

According to the FTC, the company did not have sufficient scientific data to back up the claims made in its ads. The FTC also claimed that the company did not disclose that it solicited consumer testimonials about the effectiveness of the product via a contest that offered users the chance to win iPads and other prizes.

In a prepared statement, the company stood by the scientific basis for its brain-training methods and asserted that the settlement was a result of its marketing language that has since been discontinued.

The use of games for “good” causes, such as education, health and training is known as “serious games.” The potential for these types of games to help people in a variety of ways is immense. The number of these games is growing rapidly.

Makers of these games must be mindful not to overreach in the claims of what these games can do. The FTC has been active in policing unsupported claims by app makers.

Additionally, the FTC has been enforcing its endorsement guidelines which require disclosure when a company provides some compensation or financial incentive for endorsements or testimonials. Here, the fact that users had a chance to win valuable prizes in exchange for providing testimonials apparently was not disclosed.

Serious games and other apps have tremendous opportunity to provide beneficial results. However, it is important for makers of these games and apps to understand and comply with the various legal issues that are relevant to these offerings. It is advisable to seek legal review of all serious games and apps and their marketing plan before they are released to identify potential legal issues.

Article By James G. Gatto of Sheppard, Mullin, Richter & Hampton LLP
Copyright © 2015, Sheppard Mullin Richter & Hampton LLP.

Government Forces Awaken: Rise of Cyber Regulators in 2016

As the sun sets on 2015, but before it rises again in the New Year, we predict that, in the realm of cyber and data security, 2016 will become known as the “Rise of the Regulators.” Regulators across numerous industries and virtually all levels of government will be brandishing their cyber enforcement and regulatory badges and announcing: “We’re from the Government and we’re here to help.”

The Federal Trade Commission will continue to lead the charge in 2016 as it has for the last several years. Pursuing its mission to protect consumers from unfair trade practices, including from unauthorized disclosures of personal information, and with more than 55 administrative consent decrees and other actions booked so far, the FTC (for now) remains the most experienced cop on the beat.   As we described earlier this year, the FTC arrives with bolstered judicial-enforcement authority following the Third Circuit’s decision in the Wyndham Hotel case.  Notwithstanding the relatively long list of administrative actions and its published guidance – businesses that are hacked and that lose consumer data, are at risk of attracting the attention of FTC cops and of proving that their cyber-related systems, acts and practices were “reasonable.”

But the FTC is not alone. In electronic communications, the Federal Communications Commission (FCC) in 2015 meted out $30 million in fines to telecom and cable providers, including to AT&T ($25 million) and Cox Communications ($595K). And this agency, increasingly known for its enforcement activism, may have just begun.  Reading its regulatory authority broadly, the FCC has asserted a mandate to take “such actions as are necessary to prevent unauthorized access” to customers’ personally identifiable information. This proclamation, combined with the enlistment of the FCC’s new cyber lawyer/computer scientist wunderkind to lead that agency’s cyber efforts, places another burly cop on the cyber beat.

The Securities and Exchange Commission (SEC) will be patrolling the securities and financial services industries. Through its Office of Compliance Inspections and Examinations (OCIE), the SEC is assessing cyber preparedness in the securities industry, including investment firms’ ability to protect broker-dealer and investment adviser customer information. It has commenced at least one enforcement action based on the agency’s “Safeguards Rule” (Rule 30(a) of Regulation S‑P), which applies the privacy provisions in Title V of the Gramm-Leach-Bliley Act (GLBA) to all registered broker-dealers, investment advisers, and investment companies. With criminals hacking into networks and stealing customer and other information from financial services and other companies, expect more SEC investigations and enforcement actions in 2016.

Moving to the Department of Defense (DoD), new rules, DFARS clauses, and regulations (e.g., DFARS subpart 204.73, 252.204–7012, and  32 CFR § 236) are likely to prompt the DoD Inspector General and, perhaps, the Defense Contracting Auditing Agency (DCAA) to examine whether certain defense contractors have the required security controls in place.  Neither the DoD nor its auditors have taken action to date.  But don’t mistake a lack of overt action for a lack interest (or planning).  It would come as no surprise if, by this time next year, the DoD has launched its first cyber-regulation mission, be it by the False Claims Act, suspension and debarment proceedings, or through terminations for default.

In addition to these cyber guardians, other federal agencies suiting up for cyber enforcement include:

  • The Consumer Financial Protection Board’s (CFPB) growing Cybersecurity Program Management Office;

  • The Department of Energy’s (DOE) Office of Electricity Delivery and Energy Reliability, examining the security surrounding critical infrastructure systems;

  • The Office of Civil Rights (OCR) of the U.S. Department of Health and Human Services, addressing healthcare providers and health insurers’ compliance with health information privacy and security safeguard requirements; and

  • The Food and Drug Administration, examining the cybersecurity for networked medical devices containing off-the-shelf (OTS) software.

But these are just some of the federal agencies poised for action.   State regulators are imposing their own sector-specific cyber security regimes as well.   For example, the State of California’s Cybersecurity Task Force, New York’s Department of Financial Services, and Connecticut’s Public Utility Regulatory Agency are turning their attention toward cyber regulation. We believe that other states will join the fray in 2016.

At this relatively early stage of standards and practices development, the National Institute of Standards and Technology (NIST) 2014 Cyber Security Framework lays much of the foundation for current and future systems, conduct, and practices. The NIST framework is a “must read.” NIST, moreover, has provided additional guidance earlier this year in its June 2015 NIST Special Publication 800-171, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations.  While addressing security standards for nonfederal information systems (i.e., government contractors’ information systems), it also provides important guidance for companies who do not operate within the government contracts sphere.  Ultimately, this 2015 NIST publication may serve as an additional general standard against which regulators (and others) may assess institutional cybersecurity environments in 2016 – and beyond.

But for now, the bottom line is that in 2016 companies now must add to its list of actual or potential cyber risks and liability, the hydra-headed specter of multi-sector, multi-tiered government regulation – and regulators.

Article By Dave ThomasAlexander W. Major & Melinda R. Biancuzzo
Copyright © 2015, Sheppard Mullin Richter & Hampton LLP.

Part II: Legal Insights on Ashley Madison Hack

As more names emerge from the dark web data dump of Ashley Madison customers, lawyers around the globe have found a very willing group of would-be plaintiffs. Interestingly, all of these plaintiffs are named “Doe,” which must only be a coincidence, and certainly has nothing to do with the backlash that certain well-known ALM clients have experienced. All kidding aside, the size of the claims against ALM is staggering with one suit alleging more than $500 million in damages. How these plaintiffs will prove their damages is a question for another day, but the fact that ALM — which reported earnings of $115 million in 2014 — may soon face financial ruin must give any spectator pause.

The plaintiffs’ bar is certainly not the lone specter haunting ALM’s corridors these days. Although the company touts its cooperation with government officials in attempting to bring criminal charges against the Impact Team, that cooperation will be punctuated by the all-but-certain FTC enforcement action to come — assuming that the FTC’s data breach enforcement team were not among the 15,000 email addresses registered to a .mil or .gov account.

How will that enforcement action proceed? In many cases, the FTC initiates its investigation with a letter, sometimes called an “Access Letter” or an “Informal Inquiry Letter.” Although there is no enforceable authority behind such a letter, companies typically conclude that cooperation is the best course. For more formal investigations (or when the access letter is ignored), the FTC will issue “Civil Investigative Demands,” which are virtually the same as a subpoena, and are enforceable by court order. After collecting materials, the investigators will – in order from best case scenario to worst – drop the matter altogether, negotiate a consent decree, or begin a formal enforcement action via a complaint.

There is, of course, a lot more to an action than what I’ve listed above, which deserves a series of posts of their own. For today, the pressing question is – what’s going to happen to ALM when the FTC calls? Under the circumstances, it would make sense for ALM to push as hard as it can for a consent order, given that the likelihood of succeeding in litigation against the Commission is vanishingly low – there is little doubt that ALM failed to comply with its own promised standards for protecting customer data. And, in light of recent revelations about what really happened when customers paid to “delete” their Ashley Madison accounts, ALM will want to forestall the threat of a separate, non-data breach related unfair business practices suit any way it can.

Every consent order looks different, but the FTC has made a few requirements staples of its agreements with offending businesses over the last two decades. These include:

  • Establishing and maintaining a comprehensive information security program to protect consumers’ sensitive personal data, including credit card, social security, and bank account numbers.

  • Establishing and reporting on yearly data security protocol updates and continuing education for decision makers and data security personnel.

  • Working to improve the transparency of data, so that consumers can access their PII without excessive burdens.

  • Guaranteeing that all public statements and advertisements about the nature and extent of a company’s privacy and data security protocols are accurate.

 ALM will undoubtedly offer to take all of these steps, and more, in negotiations with the Commission. But as I mentioned above, the torrent of lawsuits ALM faces in the next year or so may moot any consent decree with the FTC. If ALM liquidates in the face of ruinous lawsuits and legal bills, the FTC’s demands will be meaningless. ALM, then, is likely an example of a company that would have benefited from a more minor security breach and subsequent FTC imposition of the kind of remedial measures that may have stopped this summer’s catastrophic data breach. An ounce of prevention is worth a pound of cure, they say, and ALM may learn that lesson at the cost of its business.

Article By James J. Ward of Bilzin Sumberg Baena Price & Axelrod LLP

© 2015 Bilzin Sumberg Baena Price & Axelrod LLP

Unlucky 13: FTC Settles Charges under International Safe Harbor Framework

Thirteen companies have agreed to settle with the Federal Trade Commission (FTC) charges relating to their participation in the U.S.–EU and U.S.–Swiss Safe Harbor Frameworks. Seven companies allegedly failed to renew their Safe Harbor self-certifications, including a sports marketing firm, two software developers, a research organization, a business information firm, a security consulting firm, and an e-discovery service provider. Another six allegedly failed to seek certification under the Frameworks, but nevertheless claimed in their privacy policies to be certified, including an amusement park, two sporting companies, a medical waste service provider, a food manufacturer, and an e-mail marketing firm. Last year, fourteen companies settled with the FTC over similar claims, and advocacy group named 30 companies in a complaint alleging that they were out of compliance with the Safe Harbor Frameworks.

The European Commission’s Directive on Data Protection prohibits the transfer of personal data to non-EU countries that do not meet the EU standard for privacy protection, so the U.S. Department of Commerce (DOC) negotiated the Safe Harbor Frameworks to allow U.S entities to receive such data provided that they comply with the Directive. To participate in the Safe Harbor Frameworks, companies must annually self-certify that they comply with seven key privacy principles for meeting EU’s adequacy standard: notice, choice, onward transfer, security, data integrity, access, and enforcement. Only appropriately self-certified companies may display the Safe Harbor certification mark on their websites, and the FTC is charged with enforcing violations.

This enforcement action is a reminder of the importance of maintaining current Safe Harbor status for those who elect to participate the program. It is also a reminder that companies must act in accordance with their published privacy policies, and periodically review their privacy policies to ensure that they remain current and reflect companies’ actual practices.

ARTICLE BY Sheila A. MillarTracy P. Marshall & Nathan A. Cardon of Keller and Heckman LLP

© 2015 Keller and Heckman LLP

Is the SCOTUS Rule of Reason Unreasonable?

“Not too hard, not too soft,” says the Supreme Court in FTC v. Actavis, 133 S. Ct. 2223 (2013).  The majority tries to reach middle ground by rejecting both the FTC’s argument that any reverse payment in settlement of a patent claim is presumptively unlawful and Actavis’ argument that any settlement within the scope of the patent is permissible, but is the court’s new “rule of reason” approach really “just right?” Let’s see how this plays out in a simple scenario using a product whose success everyone loves to hate—the Snuggie.

Meet Peter.  He has a pug with whom he likes to spend his evenings, wrapped up in a Snuggie, watching movies and sharing popcorn.  Peter was quite dismayed, though, to see his poor little pug shivering and cold without a Snuggie of his own.  So, Peter invented the Puggie.  He used special fibers formulated specifically to maintain heat while resisting odors because no one likes a smelly dog blanket.  Peter even obtained a patent on his Puggie and began producing more to sell around his neighborhood, the Franklin Terrace Community.  Once word spread of Peter’s success, however, several of Peter’s neighbors began producing competing products—the Pug Pelt, the Schnauzzie, and so on–which boasted the same odor-resistant properties as Peter’s Puggie.

Outraged, Peter publicly accused his competitors of patent infringement and demanded that they stop producing their “piddly dog pelts.” But they refused, claiming their fibers were different.  Knowing how costly an extensive fiber dispute could be, Peter offered his competitors $1,000 to stop producing their competing pelts for a period of two years.  The other pelt producers agreed, took the money, and stopped production immediately.  The Franklin Terrace Community, however, was not pleased.  Peter had not only run off the competition, but he had also bumped the Puggie price up afterward, making a killing during the chilly winter as the sole pelt producer.  Community members petitioned the homeowners’ board for some guidance on whether Peter’s payment constituted an unfair trade practice.  Peter opposed the petition and claimed that he had the right to pay whatever amount he deemed fit to protect his patent.

The board found the community’s argument that any “reverse settlement” payment by a patent holder is presumptively unlawful to be too harsh.  Peter’s assertion, however, that any payment is immune from attack so long as it remains within the scope of the patent was believed to be too soft.  Peter complained that the money and time he would have to commit to an extensive patent lawsuit over his odor-resistant fibers would put him out of business, but the board believed that his willingness to drop a grand to keep his competitors at bay was a much more accurate representation of Peter’s confidence in his patent.  Specifically, the board found Peter’s payment of $1,000 to be a “strong indicator of power.”  In an effort to come up with a more “middle of the road” approach, the board created the “rule of reason” to determine the legality of reverse settlement payments.  No real guidance was provided, though, on how to apply the new rule—just not too hard, not too soft.

Without any elaboration on how this new “rule of reason” is to be applied in antitrust lawsuits, did the board cause more confusion than clarity?  And, how large must a reverse settlement payment be to stand as an “indicator of power” and “lack of confidence” in the patent?  If Peter’s patent was iron-clad and his competitors were infringing, should he have had the right to pay any amount he deemed fit to protect his patent, or was $1,000 too much for some piddly pooch pelts?  Does this unfairly prohibit Peter from settling litigation that he may see as too costly or damaging?  Or, does the need to protect consumers from the Puggie monopoly Peter created outweigh Peter’s patent rights?

It is hard to say exactly what effect the Supreme Court’s “rule of reason” decision in FTC v. Actavis will have on future antitrust litigation.  We are likely to see an increase in the number of antitrust suits that are tried as opposed to settled. What do you make of this amorphous, middle-of-the-road approach?

ARTICLE BY Annie Dike of IMS ExpertServices
© Copyright 2002-2015 IMS ExpertServices, All Rights Reserved.

Federal Trade Commission: Start with Security

On June 30, 2015, the Federal Trade Commission (FTC) published “Start with Security: A Guide for Businesses”(the Guide).

The Guide is based on 10 “lessons learned” from the FTC’s more than 50 data-security settlements. In the Guide, the FTC discusses a specific settlement that helps clarify the 10 lessons:

FTC_FederalTradeCommission-Seal

  1. Start with security;

  2. Control access to data sensibly;

  3. Require secure passwords and authentication;

  4. Store sensitive personal information securely and protect it during transmission;

  5. Segment networks and monitor anyone trying to get in and out of them;

  6. Secure remote network access;

  7. Apply sound security practices when developing new products that collect personal information;

  8. Ensure that service providers implement reasonable security measures;

  9. Implement procedures to help ensure that security practices are current and address vulnerabilities; and

  10. Secure paper, physical media and devices that contain personal information.

The FTC also offers an online tutorial titled “Protecting Personal Information.”

We expect that the 10 lessons in the Guide will become the FTC’s road map for handling future enforcement actions, making the Guide required reading for any business that processes personal information.

ARTICLE BY Julia Jacobson & Jennifer S. Geetter of McDermott Will & Emery
© 2015 McDermott Will & Emery

What Is The FTC Looking at When It Reviews Merger Agreements?

In our last post, we spoke about a proposed merger between office supply chains Office Depot and Staples. As we noted, Office Depot shareholders recently voted to go forward with the acquisition, but the Federal Trade Agreement still has to review the agreement and make a decision, which could make or break the process.

FTC_FederalTradeCommission-SealIn reviewing any merger agreement the Federal Trade Commission—or the Department of Justice, depending on which agency reviews the agreement—an important consideration is the impact the transaction will have on the market. Speaking generally, federal law prohibits mergers that would potentially harm market competition by creating a monopoly on goods or services.

According to the FTC, competitive harm often stems not from the agreement as a whole, but from how the deal will impact certain areas of business. Problems can arise when a proposed merger has too much of a limiting effect based on the type of products or services being sold and the geographic area in which the company is doing business.

With that having been said, most mergers—95 percent, according to the FTC—present no issues in terms of market competition. Those that do present issues are often resolved by tweaking the agreement so as to address any competitive threats. In cases where the reviewing agency and the businesses cannot agree on a solution, litigation may be necessary, but it often isn’t.

Any company that plans on going forward with a merger or acquisition needs to have a clear understanding of the law and the review process. This is especially the case if issues come up regarding competitive threats.

ARTICLE BY Business and Corporate Law Practice Group of McBrayer, McGinnis, Leslie and Kirkland, PLLC
© 2015 by McBrayer, McGinnis, Leslie & Kirkland, PLLC. All rights reserved.

New Data Security Bill Seeks Uniformity in Protection of Consumers’ Personal Information

Morgan, Lewis & Bockius LLP.

Last week, House lawmakers floated a bipartisan bill titled the Data Security and Breach Notification Act (the Bill). The Bill comes on the heels of legislation proposed by US President Barack Obama, which we recently discussed in a previous post. The Bill would require certain entities that collect and maintain consumers’ personal information to maintain reasonable data security measures in light of the applicable context, to promptly investigate a security breach, and to notify affected individuals of the breach in detail. In our Contract Corner series, we have examined contract provisions related to cybersecurity, including addressing a security incident if one occurs.

Some notable aspects of the Bill include the following:

  • Notification to individuals affected by a breach would generally be required within 30 days after a company has begun taking investigatory and corrective measures (rather than based on the date of the breach’s discovery).

  • Notification to the Federal Trade Commission (FTC) and the Secret Service or the Federal Bureau of Investigation would be required if the number of individuals whose personal information was (or there is a reasonable basis to conclude was) leaked exceeds 10,000.

  • To advance uniform and consistently applied standards throughout the United Sates, the Bill would preempt state data security and notification laws. However, the scope of preemption continues to be discussed, and certain entities would be excluded from the Bill’s requirements, including entities subject to existing data security regulatory regimes (e.g., entities covered by the Health Insurance Portability and Accountability Act).

  • Violations of the Bill would be enforced by the FTC or state attorneys general (and not by a private right of action).

ARTICLE BY

Michael L. Pillion
A. Benjamin Klaber
Morgan, Lewis & Bockius LLP