Blog Post

Tiny Robots to Combat Climate Change

Cecilia Santostefano

With climate change a dividing issue in the recent presidential election, biomimicry has received a large amount of media attention. Biomimicry studies and then translates nature into human strategy.[1] There are many designs that exist today to monitor how an ecosystem is operating, so that man-made technology may mirror and improve that given environment.

Eighteen years ago, Dr. Helmuth developed robotic mussels to place among the living mussels nearby. When asked about his tiny robots Dr. Helmuth replied, “you won’t know where to look if you only look from the point of view of a human.”[2] The mussels contain thermometers and data loggers that collect temperatures as the mussels experience them – whether it be from the sun shining or the wind blowing above.[3] The thermometers are then able to detect and document how the animals nearby are reacting to the changing climate.[4]

By placing these mussels in various “hot spots” and not just the locations predicted to be affected by global warming, Dr. Helmuth’s tiny robots have directly rebutted the widely adopted theory that only animals and plants living at the edges of a habitat will be most affected by rising temperatures.[5] As of today, it appears to be another example of how biomimicry is being used to combat climate change.

 

[1] The Biomimicry Institute, Message to COP21 leaders: Need solutions? Ask nature., Biomimicry Institute, (Dec. 1, 2015), https://biomimicry.org/message-to-cop21-leaders/#.WAZkqDKZNao.

[2] Tatiana Schlossberg, Robotic Mussels Track Rising Temperatures for Climate Research, NY Times, (Oct. 17, 2016), http://www.nytimes.com/2016/10/18/science/robotic-mussels-climate-change.html?rref=collection%2Fsectioncollection%2Fscience&action=click&contentCollection=science&region=rank&module=package&version=highlights&contentPlacement=2&pgtype=sectionfront&_r=0.

[3] Schlossberg, supra note 2.

[4] Id.

[5] Id.

Smarthome Devices Used in Cyber Attack

Caitlin Holland

On Friday, October 22nd, Twitter, Spotify, Reddit, and other companies that use the company called Dyn to direct users to its website were offline. Security analysts concluded that hackers used internet-connected home devices to attack the Dyn company. Dyn is an DNS service, “a crucial part of web infrastructure” that acts as an “internet phonebook” which directs internet users to certain websites.

Millions of internet addresses were subject to the attack. Security analysts say that the internet connected home devices, such as CCTV, web-cams, and printers, that come with easy-to-guess and unchangeable usernames and passwords created a massive vulnerability for the “Internet of Things” devices. Websites hosting a variety of different services that do not use Dyn were also affected by the attack including BBC News and Amazon Web Services.

The notable part of this attack, aside from it’s scale, is that it denotes a change in tactic and strategy of online attackers and hacker, not a single website but a huge internet service provider. Further, the hackers were not targeting personal computers or servers, they were targeting household products that one would not normally think would be subjected to hacking.
This attack has shocked the cyber world and showcased just how fragile and vulnerable the internet infrastructure is. To put it short, as the head of security for Salesforce tweeted, “[i]n a relatively short time we’ve taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters.”

Brexit Impact on EU Safe Harbor Agreements

Christopher W. Folk

In the referendum on June 23 with voter turnout exceeding 70%, voters in the UK decided 52% to 48% to leave the European Union.  The exit of the UK from the EU has been coined Brexit (Britain and exit).  Under the EU, a member may exit subject to Article 50 of the Lisbon Treaty which gives the UK and the EU two years to negotiate the terms of the UK’s exit.[i]

Data Protection and Brexit

Throughout the near-term and until the UK effectuates its exit from the EU, the UK will continue to operate under existing EU laws and the new General Data Protection Regulation (“GPDR”) with mandatory compliance by June 2018 will shape the way that UK firms handle personal data.[ii]  Consequently, it is anticipated that UK firms will be required to implement the GPDR policies concerning the protection of data for EU citizens.  This is echoed by the new Information Commissioner for the UK, Elizabeth Denham.  Denham openly advocates for the UK to move forward with the new GPDR regulations irrespective of the impending Brexit.[iii]  Consequently, in many respects technology firms in the UK have some assurance that the UK will move forward with GPDR, however, there is still some risk.  As Brexit follows closely on the heels of the European Court of Justice’s ruling that the EU/US safe-harbor agreement was invalid due to in large part to the lack of data privacy protections for EU citizens.[iv]  Which is interesting to note since Britain and Ireland were both largely supportive of the Safe Harbor agreement; whereas France and Germany had been pushing for more stringent privacy controls to safeguard their citizens’ data.[v]  Consequently, it would seem that while the replacement for Safe Harbor is being negotiated the UK will likely have a very keen interest in both the direction as well as the outcome since it often finds itself closely aligned with its ally across the Atlantic.

General Data Protection Regulation

The GPDR changes a number of things, the highlights are as follows: Personal data is expanded to include IP addresses and online identifiers and companies must have explicit consent to use this data.  Furthermore, citizens will be more readily able to ascertain which companies are storing their data, and how their data is being used.  GPDR also introduces the concept of data portability which allows a person to migrate their data between and amongst companies.  This also includes a duty for companies to advise when personal data is exposed (hacked) and upon request, personal data must be deleted.  Along with duties comes liability and companies that suffer data breaches can face fines of up to €20 million.[vi]

EU-US Privacy Shield

Following the ruling against the existing safe harbor agreement, the US and EU put together what is being termed as the Privacy Shield.  Under the Privacy Shield proposed framework, any US company that receives personal data from the EU must choose from one of the following cross-border transfer mechanisms: (1) typical contractual clauses, (2) binding corporate rules (e.g. intercompany/affiliate data transfers), or (3) the Privacy Shield framework.[vii]  Similarly, any EU company that transfers data to a US company must ensure that one of the three aforementioned schemes are utilized prior to a data transfer.  Any transfers conducted outside these mechanisms would be deemed illegal.  The Privacy Shield itself has several critical elements:

  • Contractual requirements for onward transfers of personal data to third parties: companies that transfer personal data to any third party must have specific contract provisions mandating that safeguards continue to persist for personal data even after the transfer and that the transferor retains control over the third parties use of the personal data;
  • Right to Modify Personal Data: the data owner has a persistent right to correct, amend, or delete inaccurate personal data or personal data that has been accessed in an unauthorized manner; further companies may not charge excessive fees when a user exercises their rights within this;
  • Persistent Contractual Obligations: under this, any downstream party (e.g. recipient) of data must adhere to all of the principles and rights afforded a person with respect to their personal data;
  • Opt-Out Rights: where personal data is either disclosed to a third party or when the data’s use is for a materially different purpose than the original agreement, the subject has an option to opt-out (to include modifying use for direct marketing purposes);
  • Dispute Resolution: there are a very specific set of steps and avenues for redress that may be pursued when a citizen asserts that a violation of the Privacy Shield has occurred;
  • Ongoing Compliance Monitoring: the US Dept. of Commerce is tasked with continuous monitoring to ensure that there is full compliance amongst US companies with the Privacy Shield provisions;
  • Restrictions on Bulk Collection: this was one of the leading criticisms of the EU-US Safe Harbor agreement following the revelations by Edward Snowden. Within this, bulk collection is expressly forbidden except in cases where selective collection is impractical and even in those outliers, minimization procedures must be effected to ensure that access to data is for specific purposes only;
  • Establishment of a Privacy Shield Ombudsman: this role will be filled by a person designated by the Secretary of State and will utilize additional State Department personnel as needed to ensure that this role is carried out in the absence of any influence or involvement by the Intelligence Community;
  • Annual Periodic Reporting and Assessment: data protection authorities from both the EU and US Dept. of Commerce will conduct periodic, annual reviews of the Privacy Shield framework to ensure compliance and to assess and advise of changes that should be implemented.[viii]

What path will the UK take?

Based on the fact that Brexit is going to take a minimum of two years, it seems as though the UK will have no choice but to comply with the GPDR regulations that take effect in 2018.  Having done so, it seems that moving away from those and trying to adopt an agreement such as the Privacy Shield would result in a cost benefit analysis for which the most efficient solution may likely be to merely continue under the GPDR.  However, as the UK continues to assert independence from the concept of the EU, it may need to find and validate a competitive advantage which could potentially be achieved by moving away from the GPDR and into the Privacy Shield framework.  While the negotiations are just entering their nascent stage, it will be important for EU and UK privacy interests that the terms of the GPDR or a Privacy Shield like agreement be fully ironed out.  Once outside the UK for example, the Data Protection Act would no longer denote the UK as a “safe” destination for data since the UK would be external to the European Economic Area.  Thus, either the negotiations under which the UK leaves the EU will have to include some of these provisions or the UK could be folded into or create its own Privacy Shield framework within which it could continue to operate.[ix]

Conclusion

Irrespective of the approach that the UK takes; it seems clear that data protection is going to be a topic of interest during the negotiations and citizens and companies will have a vested interest in the outcome.  Depending on how this moves and on what is implemented, companies in the UK may be merely on a level playing field with EU companies or they may be able to bargain for a comparatively better position which affords UK companies the ability to differentiate themselves either from a cost or a services perspective.  Meanwhile, the UK’s slow shift towards some of the US philosophies and their support for the previous Safe Harbor agreement may indicate that the UK is interested in adopting or becoming a partner in the new Privacy Shield agreement.  The last thing the UK wants is a competitive disadvantage and depending upon how they position themselves and on what other options are “on the table” will ultimately decide which way the UK chooses to move forward.

 

[i] Brian Wheeler and Alex Hunt, Brexit: All you need to know about the UK leaving the EU, BBCNews, available at http://www.bbc.com/news/uk-politics-32810887 (Oct. 3, 2016) (The two-year time period begins once Article 50 is invoked and negotiations start).

[ii] Nick Heath, Brexit: 5 Ways the UK leaving the EU will affect tech firms, TechRepublic, available at http://www.techrepublic.com/article/brexit-5-ways-the-uk-leaving-the-eu-will-affect-tech-firmsect-tech-firms/ (Jun 24, 2016).

[iii] Adrian O’Connell, Information Commissioner calls for post-Brexit Britain to implement EU data rules, Irish Legal News, available at http://www.irishlegal.com/5462/information-commissioner-calls-for-post-brexit-britain-to-implement-eu-data-rules/ (Oct. 3, 2016).

[iv] Mark Scott, Data Transfer Pact Between U.S. and Europe Is Ruled Invalid, The New York Times, available at http://www.nytimes.com/2015/10/07/technology/european-union-us-data-collection.html?_r=0 (Oct. 6, 2015).

[v] Id.

[vi] Joe Curtis, EU Passes GPDR laws that require companies to drastically improve their data privacy policies, ITPro, available at http://www.itpro.co.uk/data-protection/26365/your-business-must-prepare-today-for-2018-eu-data-protection-laws (Apr., 15, 2016).

[vii] Chanley T. Howell, et al., Safe Harbor Replacement EU-US Privacy Shield Approved, The National Law Review, available at http://www.natlawreview.com/article/safe-harbor-replacement-eu-us-privacy-shield-approved (Jul., 12, 2016).

[viii] Id.

[ix] Toni Vitale, Brexit and Data Protection – Q&A, Lexology, available at http://www.lexology.com/library/detail.aspx?g=45fa1c0a-54c4-465e-a752-c27a80a6736a (Jun., 30, 2016).

October FDA Update – Approval of Cancer Drug, Lartruvo

William Salage

On October 19, 2016, the US Food and Drug Administration (FDA) approved a new drug, Lartruvo (olaratumab), to treat adults with certain soft tissue sarcomas (STS). Specifically, cancers that develop in muscles, fat, tendons or other soft tissues. Lartruvo is approved alongside the already approved drug doxorubicin for the treatment of patients with STS who cannot be cured with radiation or surgery and who have a type of STS for which an anthracycline (chemotherapy) is an appropriate treatment.

Lartruvo’s approval marks the first time the FDA has approved an initial treatment of STS in over 40 years. The National Cancer Institute estimates that 12,310 new cases of STS and nearly 5,000 deaths are likely to occur from the disease in 2016. The most common treatment for STS that cannot be removed by surgery is treatment with doxorubicin alone or with other drugs. STS includes a wide variety of tumors arising in the muscle, fat, blood vessels, nerves, tendons or the lining of the joints.

The FDA is approving Lartruvo under the agency’s accelerated approval program, which allows approval of a drug to treat a serious or life-threatening disease or condition based on clinical data showing the drug influences a surrogate endpoint that is reasonably likely to predict clinical benefit. Lartruvo also received orphan drug designation, which provides incentives such as tax credits, user fee waivers and eligibility for exclusivity to assist and encourage the development of drugs intended to treat rare diseases

Under Pressure: Samsung Now Officially Terminates the Flagship “Boom 7”

Xiang Qi

On Tuesday, Samsung finally killed it flagship cellphone “Galaxy Note 7” after numerous reports of phone explosion in the United States and worldwide. Starting from August, Galaxy Note 7 has spontaneously exploded during normal usage by customers. Initially, Samsung concluded that the defect was caused by faulty batteries from one of its suppliers. After Samsung issued recall of the problematic devices in September, it continued to ship new Galaxy Note 7s with batteries from a different supplier. However, some of the replacement phones continued to explode as Samsung’s technicians were unable to identify the problem.

Samsung finally pulled Note 7 out of its product line after the company suffered a disastrous stock slump, potentially causing more financial losses to the company as well as it shareholders. Note 7, now commonly referred by consumers as Boom 7, came to the market bearing hope that it will surpass iphone by winning more consumers from its archrival. Market analysts pointed out that the top-down, militaristic approach most Korean “Chaebols” operate also contributed to this time’s Boom 7 fiasco as people at the top has no idea how product technology worked.

It was an unusual and bold move for Samsung to end production of its flagship cellphone. However, this move is helpful in the long run as it tends to help rebuild consumer trust in Samsung’s products. It remains to be seen whether the growing consumer distrust in Samsung will spread to the rest of its product line as it seems that Samsung’s technicians still do not know where the problem is with Boom 7.

Potential Ninth Planet in Our Solar System

Lindsey Marie Round

Ten years ago, the world received shocking news that Pluto is not a full planet, but rather a dwarf planet.[1] In fact, scientists determined that there is not just one dwarf planet, Pluto, but there are multiple of these smaller planets in our solar system.[2] For all of those who grew up being taught in school that there were nine major planets, this scientific discovery was major news. However, the idea that there are eight major planets may be change once again. Professor Michael Brown at California Institute of Technology has proposed reasoning for why the plane of planet orbitals is slightly tilted. [3] Professor Brown has discovered evidence that there may be a huge planet, about the size of Neptune, located beyond Neptune orbiting the sun.[4] Since this planet is located beyond Neptune it would have the power to tilt the rest of the planets.[5] Professor Brown believes that scientists will be able to learn more about this possible ninth planet within the upcoming year.[6] So for now, there are eight major planets, but that could change in the near future, except this time the ninth planet will not be Pluto.

 

[1] Jorge Salazar, This Date in Science: Pluto Gets a Demotion, EarthSky (Aug. 24, 2006), http://earthsky.org/space/this-date-in-science-pluto-demoted-to-dwarf-planet-status.

[2] Id.

[3] Nicholas St. Fleur, If Planet Nine is Out There, It Tilts Our Solar System, N.Y. Times (Oct. 20, 2016), http://www.nytimes.com/2016/10/21/science/planet-nine.html.

[4] Id.

[5] Id.

[6] Id.

Obama Administration Calls for Supreme Court to Review Lexmark Decision

Aiden Scott

In a case that is surely near and dear to anybody who has gone through the plight of owning an inkjet printer, the Obama administration has called for the Supreme Court of the United States to review the Court of Appeals decision in Lexmark International, Inc., v. Impression Products, Inc.[1] The Solicitor General has requested that the Supreme Court review the U.S. Court of Appeals for the Federal Circuits’ decision. This month, they held that Impression Products had infringed Lexmark’s patents. The alleged “infringement comes from their sale of refurbished Lexmark ink cartridges that were sold with “single use” or “no resale” restrictions.”[2]

They urge that the Federal Circuit has “misconstrued 150 years of precedent”, and through its effect “unsuspecting downstream purchasers are at risk of spatent infringement suits.” [3] The gravamen of the case is to determine how far “patent owners can control the use of their products after an authorized sale, domestic, or foreign.”[4] Further, the Solicitor General argues that the decision by the Federal Circuit “would substantially erode the exhaustion doctrine.”[5] In any case, we will have to patiently wait to see if the court will grant cert.      

 

[1] Barbara Grzincic Administration Backs U.S. Supreme Court Review of Lexmark Patent Exhaustion Ruling, Reuters legal, (Oct. 14, 2016), https://1.next.westlaw.com/Document/Ie4d1ab6091f511e68f45b58dd1e656b4/View/FullText.html?originationContext=docHeader&contextData=(sc.Category)&transitionType=Document&needToInjectTerms=False&docSource=c904320afb854063b83b1d38880e8ad5.

[2] Id.

[3] Id.

[4] Id.

[5] Id.

Are Satellites the Next Cybersecurity Battleground?

Jeffrey Cullen

Alyssa Newcomb explains that many of our everyday activities rely on global positioning systems (GPS). Satellites in space are used in many different ways including intelligence gathering, communication, and navigation.[1] There has been much discussion about the vulnerability of our data through the use of the Internet. One realm that people may overlook is the technology that we have in space and its susceptibility to being hacked. The systems that we have in space are becoming older and face new threats. The space systems are not advancing at the same rate as our technology on earth and are at a high risk of being interfered with by hackers. It is said that any disruption to the satellite system could have major ramifications due to the interconnectedness of the system.[2] Accessibility to space is increasing. Therefore, updated security measures are needed in order to properly protect information.

 

[1] Alyssa Newcomb, Hacked in Space: Are Satellites the Next Cybersecurity Battleground?, NBC News (Oct. 3, 2016), http://www.nbcnews.com/tech/security/hacked-space-are-satellites-next-cybersecurity-battleground-n658231.

[2] Id.

Comcast to Cap Residential Data

Shamsheer Kailey

Beginning November 1, Comcast is applying 1-terabyte data cap to residential broadband customers in nearly a dozen states. Which means additional fee will be charged for going over the monthly limit. Usually, home Internet providers avoid placing a cap on data usage leaving it to the discretion of the wireless carriers. This is going to change.

Even though Comcast claims that users will not hit the limit, the cap will restrict many customers. Some of the states affected are: California, Colorado, Minnesota, Oregon, Washington, Wisconsin among others.

Customers will be provided alternatives to opt out of the data cap. Pay Comcast $50 a month extra for unlimited data or switch to an expensive fiber-optic service, Gigabit Pro, for $300 a month. Switching to lower-end plan with slower service will also let the customers avoid the plan.

According to the Charlie Douglas, a company spokesman the fact that the change affects primarily western and central U.S. and not northeast customers is intentional. However, the possibility hasn’t been ruled out.

______________________________________________________________________

Brian Fung, Nearly a dozen new states are about to get Comcast data caps, Washington Post (October 7, 2016), https://www.washingtonpost.com/news/the-switch/wp/2016/10/07/comcasts-internet-just-got-a-lot-more-like-cellphone-service/

“Life Does Not Stop and Start at Your Convenience” The Aid in Dying Movement Gains New States

Emma Fusco

Aid in dying has been a movement that has been under fire, with states like Oregon taking much of the flack.  Luckily for them, the backlash will likely now be dispersed over more states.  New York, Colorado, and the District of Columbia may soon join Oregon and a handful of other states where doctors are permitted to prescribe lethal doses of painkillers to terminally ill patients. [1]

Oregon, Washington, Vermont, California, and Montana are all under very strict guidelines in order to grant physician-assisted dying, and the pending regulations in the aforementioned three states are likely to follow in their footsteps.[2]  In order for physicians to legally assist patients in dying, two physicians must come to the conclusion that the patient seeking aid in dying is likely to die within six months.[3]  The terminally ill patient must also be of sound mind and free of coercion.[4]  Some states also require for the request for the lethal dose of drugs to be ask for again 15 days after the initial inquiry of such drugs.[5]

In states where this practice is banned, terminally ill patients are left two only two options.  The first is to somehow obtain a lethal dose of drugs under the table, exposing health care workers to law suits.[6]  The second option is to refuse food and starve to death.[7]  Is this how you would chose to die?

 

[1] The Editorial Board, Aid in Dying Movement Advances, N.Y. Times, Oct. 10, 2016, at A20.

[2] Id.

[3] Id.

[4] Id.

[5] Id.

[6] Id.

[7] Id.