By: Monique Witter

We live in a generation where millennials are constantly finding innovative and creative ways to contribute to society through entrepreneurship. Some even go as far as applying for trademark protection through the U.S. Patent and Trademark Office (USPTO). However, the same protection they think will protect their business may be what actually ends it. 

The USPTO introduced a new rule requiring all trademark applications to include an email address for the applicant and the applicant lawyer. Like other contact information, the applicant’s information will be published on USPTO’s public database website. Trademark owners are opposed to this rule. The rule has led to digital versions of scam letters to plague brand owners. The USPTO reason for implementing this rule is to further digitize trademark proceedings to ensure that the agency can still email applicants if they are no longer represented by their attorney. However, trademark lawyers have reacted negatively to this rule. Lawyers have seen their clients get hit with a deluge of scam letters aimed at duping trademark owners into paying fake fees. The mailing address used for those letters are pulled from the same database in which the USPTO will now feature email address.

This rule has invoked a furious reactions from other U.S. trademark counsels. U.S. trademark counsel claims that the USPTO is not considering the privacy of its users, especially in light of new data protection and privacy laws in California (California Consumer Privacy Act) and the European Union (General Data Protection Regulation). According to attorney Stacy J. Grossman, “I appreciate the trademark office’s efforts to prevent fraud, and its need to have necessary information to contact trademark owners. However, I don’t understand why this information has to be published in a public database, and why the failure to include a proper email address could cause a trademark applicant to lose its filing date.”

            Attorney Peter J, Riebling reiterates these issues by noting that the issue is more problematic for well-known public figures. “We have heard from numerous counsels overseas who represent celebrity clients, who are genuinely concerned about the privacy aspects, and the extra burden of having to file a petition to the director of the USPTO for a special waiver of the rule. Yes, a petition may be filed to redact the applicant’s email address in the TSDR documents tab in an ‘extraordinary situation’. And yes, an applicant being a celebrity – and the related privacy and safety concerns – will likely qualify as an extraordinary situation to waive the rule as allowed under TMEP (Trademark Manual of Examining Procedure) §1708. But is not every applicant a ‘celebrity’ in some way or form, if even in their own mind?  What is the legal test the director will use for who is and not a celebrity? Where is the line?”

            In response to the criticism, the USPTO will allow for trademark applicants to create a “unique” email address for dealing with the agency. The new filing released by the USPTO stated “to avoid receiving unsolicited communications at a personal or business email address, applicants and registrants may wish to create an email address specifically for communication and correspondence related to their trademark filings at the USPTO.” The USPTO responded to stakeholders’ concerns regarding the potential for misuse of owner email addresses and for owners represented by attorneys. 

The USPTO responded “in order to address these concerns, and balance them against the need for contact information concerning registrations, the USPTO is reissuing the examination guide. The USPTO is continuing to explore additional improvements, including potentially masking email addresses, and will provide notice of any such system updates in the future.” 

Bill Donahue, After Backlash, USPTO Trying To Hide TM Email Addresses, Law 360, (February 11, 2020), https://advance.lexis.com/document/?pdmfid=1000516&crid=10e9a042-caaf-4c2f-9f2e71e5cf73873a&pddocfullpath=%2Fshared%2Fdocument%2Flegalnews%2Furn%3AcontentItem%3A5Y7J-SBN1-F30T-B05R-00000-00&pddocid=urn%3AcontentItem%3A5Y7J-SBN1-F30T-B05R-00000 00&pdcontentcomponentid=122080&pdteaserkey=sr5&pditab=allpods&ecomp=spnqk&earg=sr5&prid=adad6bc3-12f4-4c9d-b0ee-1130ec9833c1.

 Liz Brodzinski, IP Alert | USPTO Trademark Rule Changes: Electronic Filing, Email Addresses and More, (February 20, 2020) https://bannerwitcoff.com/ip-alert-uspto-trademark-rule-changes-electronic-filing-email-addresses-and-more/.

Tim Lince, USPTO urged to halt applicant email requirement following revolt by trademark attorneys, (February 10, 2020), https://www.worldtrademarkreview.com/governmentpolicy/uspto-urged-halt-applicant-email-requirement-following-revolt-trademark.

 

 

By: Dejaih Johnson

Medicine is rapidly approaching a time where robots will perform surgeries autonomously. From minimally invasive surgery to emergency response and medical robotics, robotically assisted surgeries now represent one of the fastest growing sectors in the medical devices industry. The introduction of these robotic medical devices has made medical operations much more efficient and effective. Surgeons have reported quicker recovery times, less pain, and less blood loss when using a robotic medical device. Though these devices have the capacity to greatly improve the practice of medicine, their usage is not without issue. Over the past twenty years, robotic surgeries have resulted in more than 144 deaths, 1391 injuries, and 8061 device malfunctions. 

Lack of regulation in this area raises many regulatory, ethical, and legal issues. In the European Union (EU), for example, they have yet to establish a clear regulatory framework. Under the Medical Devices Directive, the EU classifies these devices as “Class IIb medical devices”. This means that surgical robots are regulated in the same category as scissors and scalpels. Additionally, the EU does not recognize separate qualifications for surgeons. This approach has proven problematic since surgeons using medical robots require special skills different from that of regular surgeons, such as the ability to control the robot’s manipulators. EU manufacturers are required to seek a certificate for each medical device they wish to sell, but the process is not specific to robotically assisted surgeries. 

On the other hand, the United States has taken a bit of a different approach. Currently, the Food and Drug Administration (FDA) regulates robots as medical devices. The issue, however, lies in the fact that the FDA can regulate them only as medical devices since the FDA lacks the authority to regulate the practice of medicine. Presently, robotic devices in the United States are only used under the supervision of surgeons. For example, surgeons enter calculations and program decisions into their robotically assisted surgical devices. But the United States has failed to fully develop an appropriate regulatory scheme to address this unique issue.

Scholars from varying disciplines have weighed in on the question of how to regulate this practice. One approach, developed by Guang-Zhong Yang, takes into account the uniqueness of medical robotics: the varying levels of autonomy at which the device may operate. As the level of autonomy increases, more stringent regulations and additional requirements would apply. Yang proposes six levels of autonomy for medical robotics, with accompanying levels of regulation and procedure for each. The six levels would break down as follows:

Level 0 – No autonomy: Includes tele-operated robots or prosthetic devices that respond to and follow the user’s command; may also include a surgical robot with motion scaling. 

Level 1 – Robot assistance: Robot provides some mechanical guidance or assistance during a task while the human has continuous control of the system (e.g., surgical robots with virtual fixtures and lower-limb devices with balance control). 

Level 2 – Task autonomy: Robot is autonomous for specific tasks initiated by a human. Operator has discrete, rather than continuous, control of the system (e.g., suturing where the surgeon indicates where a running suture should be placed, and the robot performs the task autonomously while the surgeon monitors and intervenes as needed). 

Level 3 – Conditional autonomy: System generates task strategies but relies on the human to select from among different strategies or to approve an autonomously selected strategy. Robot can perform a task without close oversight (e.g., where active lower-limb prosthetic device can sense the wearer’s desire to move and adjusts automatically without any direct attention from the wearer). 

Level 4 – High autonomy: Robot can make medical decisions but under the supervision of a qualified doctor (e.g., robotic resident who performs the surgery under the supervision of an attending surgeon). 

Level 5 – Full autonomy: No human needed; robot can perform an entire surgery. 

In addition to taking into account the varying levels of autonomy, manufacturers of the device would have to seek licensing and certification from the hospital. The upside of this would be that the framework allows regulators to establish a forward-thinking approach to the robotic medical devices. 

As technology advances faster than regulation, regulators must determine an appropriate framework to address the myriad of issues. Even in the uncertainty, however, it still remains there must be a response to the influx of regulatory, ethical, and legal questions raised. 

References:

Damini Kunwar, Robotic Surgeries Need Regulatory Attention(Jan. 8, 2020), The Regulatory Review, https://www.theregreview.org/2020/01/08/kunwar-robotic-surgeries-need-regulatory-attention/.

Guang-Zhong Yang, et al., Medical robotics – Regulatory, ethical, and legal considerations for increasing levels of autonomy(Mar. 15, 2017), Science Robotics, http://robotics.tch.harvard.edu/publications/pdfs/yang2017medical.pdf.

By: Nolan Hale

Everyone likely has been affected by the cruel disease known as Alzheimer’s. Alzheimer’s is the sixth-leading cause of death in the U.S and according to the Alzheimer’s Association, 5.8 million Americans are living with the Alzheimer’s disease. 

Like many families, my family watched the steady decline of a wonderful human being who we lost too young. My grandmother had the disease when she was in her early 70’s. I remember there being many hurdles that my family had to overcome, like getting the proper treatment and competent nursing home care. While I was young, I remember the stress on the faces of my family members up until the very end. My grandma is one of millions who go through this nightmare and researchers have been trying to find answers. Unfortunately, there have been new developments that are not so promising. 

Last Monday, the Banner Alzheimer’s Institute in Phoenix released the results of a study of people who are destined to develop Alzheimer’s at a young age because of rare gene flaws. The study involved 200 people in the United States and Europe. Unfortunately, the results were a disappointment for scientists. The drugs failed to prevent or slow mental decline of the people who inherited rare gene flaws. Each person had a genetic mutation that almost guaranteed Alzheimer’s in your 30’s to 50’s. While these people account for 1% of Alzheimer’s cases, their brains are similar to those who develop the disease at a later age.

The numbers surrounding Alzheimer’s are staggering and there are many reasons to lose hope. Behind these numbers is something that people seem to forget – the caregivers. According to the Alzheimer’s Association, more than 16 million Americans provide unpaid care for people with Alzheimer’s or dementia. Additionally, these caregivers provide an estimated 18.5 billion hours of care valued at $234 billion.

Is there any hope left? I am sure many of you are wondering. Meet Jack and Beverly Blackard. Jack has been battling Alzheimer’s since 2019. They live in Clarksville, Tennessee and Beverly has been Jack’s full-time caregiver. The Alzheimer’s Association is pushing to pass a three-year policy program that would provide state funded home care and delivered meals for caregivers. Jack and Beverly are advocates for passing the bill by meeting lawmakers and telling their story. Some assembly members are taking notice.  Assembly members Cecilia Aguiar-Curry (D-Winters) and Monique Limón (D- Santa Barbara) introduced Assembly Bill 2047 and Assembly Bill 2048, flanked on the floor of the State Assembly. The bills provide seniors, providers, and caregivers with the tools they need to recognize and plan for an Alzheimer’s diagnosis. Other lawmakers are taking notice and many hope that the bills will take steam. However, like trying to find a cure for Alzheimer’s, passing a bill of this magnitude will take a long time. In the meantime, families should be aware of their options.

According to Karl Steinberg, a California geriatrician, “If you’ve got the resources, where you’ve got family and paid caregivers at home, you’re all set.” However, he states that if you are living in a facility, you are likely to die in the facility. Many Americans have turned to dementia directives created in recent years. The Advance Directives are growing in demand because a patient can refuse oral assisted feeding when they are in an advanced state of dementia and cannot make decisions. It is controversial because terminally ill patients will likely die within two weeks after refusing food and water. The directives drafted in New York and Washington State have drawn hundreds of users. 

People need to be aware that Alzheimer’s can put you in a situation where you can no longer take independent action. There are many different viewpoints as to whether someone should be able to decline medical intervention in advance. Dementia is different for everyone and it may be difficult for doctors to determine when they can no longer make decisions. Some are at home with a caregiver while some are in a facility that may be understaffed and poorly operated. If a doctor does not give food or water because of a directive against the family’s wishes, legal battles could ensue. Where should the doctor draw the line? 

In conclusion, there are many ways to fight Alzheimer’s. The harsh reality is that having Alzheimer’s and caring for one with Alzheimer’s is a long uphill battle. It is best to have a plan in place if you or a loved one is struck with dementia before it is too late. This includes talking with your loved ones about how they would like to be taken care of and financially planning for any disease. There are options like Long term care Medicaid, a special needs trust, and powers of attorney. In the meantime, love your family like Beverly loves Jack – unconditionally and through thick and thin.

JoNel Aleccia,Diagnosed with dementia, she documented her wishes for the end. Then her retirement home said no,Washington Post(Jan. 18, 2020), https://www.washingtonpost.com/health/diagnosed-with-dementia-she-documented-her-wishes-for-the-end-then-her-retirement-home-said-no/2020/01/17/cf63eeaa-3189-11ea-9313-6cba89b1b9fb_story.html.

John Ross,What an Elder Law Attorney Has to Say About Alzheimer’s Disease, cbs19 (Feb. 16, 2020), https://www.cbs19.tv/article/news/health/what-an-elder-law-attorney-has-to-say-about-alzheimers-disease/501-f20f8c29-a4a5-478f-a85c-b2370e2d7bcb.

Assemblymembers Aguiar-Curry and Limón introduce legislative package to tackle Alzheimer’s crisis, Lake County Record-Bee (Feb. 5, 2020), https://www.record-bee.com/2020/02/05/assemblymembers-aguiar-curry-and-limon-introduce-legislative-package-to-tackle-alzheimers-crisis/.

Facts and Figures, Alzheimers Association, https://www.alz.org/alzheimers-dementia/facts-figures (last visited Feb. 18, 2020).

Dementia Advance Directive, End of Life Choices New York,

https://endoflifechoicesny.org/directives/dementia-directive/(last visited Feb. 18, 2020).

Joshua Prestonet al., The Legal Implications of Detecting Alzheimer’s Disease Earlier, AMA Journal of Ethics (Dec. 2016), https://journalofethics.ama-assn.org/article/legal-implications-detecting-alzheimers-disease-earlier/2016-12.

By: Maddie Loewenguth 

In the summer of 2019, after a series of measles outbreaks in New York schools during the previous academic year, a new state law was passed that ended the religious exemption for vaccinations.

Under the new law, Public Health Law Section 2164 and New York Codes, Rules and Regulations Title 10, Subpart 66-1, all children attending public, private or parochial school in New York State must be immune to diphtheria, tetanus, pertussis, measles, mumps, rubella, poliomyelitis, hepatitis B, varicella, and meningococcal in accordance with Advisory Committee on Immunization Practices recommendations. 

In the fall of 2019, all children had to begin getting their vaccines within the first two weeks of classes and complete them by the end of the school year, June 2020. This new law affects about 26,000 New York children who previously obtained religious exemptions. Parents who chose not to vaccinate their children had two options, home school or move out of New York. 

The measles outbreak began in New York City in October of 2018. There were 654 reported cases in New York City and 414 in other parts of the state. The majority of the cases involved unvaccinated children in Hasidic Jewish communities. Dr. Oxibris Barbot, the city’s health commissioner issued a statement that the “best defense against renewed transmission is having a well immunized city.”

The passage of the New York State law took place on June 13^th. New York is now the fifth state following California, Maine, Mississippi and West Virginia, to enact a law requiring children in public schools to be vaccinated and barring all nonmedical exemptions to vaccinations. New York is now considered the state with the strictest policies in the nation. 

Maine’s law does not go into effect until 2021 and makes exceptions for special education students. California, where nonmedical exemptions ended in 2015 allows districts to exempt disabled children. 

All states require children to receive certain vaccinations before entering public school, but every state allows exemptions for children who cannot be vaccinated for medical reasons. There are also states that allow for religious exemptions and for nonreligious exemptions based on personal belief. 

Several states have banned nonmedical exceptions, others have imposed rigorous requirements for parents seeking nonmedical exemptions. For example, in Nebraska, parents must submit “an affidavit signed by a legally authorized representative stating that the immunization conflicts with the tenets and practices of a recognized religious denomination of which the student is a member.” 

Three states also specify that “philosophical arguments” must not be cited as a basis for granting a religious exemption. For example, Alaska law states that “statements indicating philosophical or personal opposition to vaccines will invalidate religious documentation.” 

Parents are advocating on both sides of the issue, those against vaccines, either believe that their children have been injured by previous vaccinations or that it is against their religion to vaccinate their children and are exploring homeschooling options. Parents on the other side are worried about the effect non-vaccinated children will have on the health of their children and are asking schools not to place their children in classrooms with students who have not been vaccinated. 

The most recent news regarding the NYS immunization battle is the introduction of the HPV vaccine to be added to the mandatory list of vaccines for New York schoolchildren. HPV is associated with many cases of cervical cancer and the rates at which parents are vaccinating their children is dropping. It will be interesting to see if the HPV vaccination bill will pass and be added to the list of mandatory vaccines, as well as what states will follow New York in barring non-medical exemptions.  

Sharon Otterman, Get Vaccinated of Leave School: 26,000 N.Y. Children Face a Choice, New York Times, (Sept. 6. 2019) https://www.nytimes.com/2019/09/03/nyregion/measles-vaccine-exemptions-ny.html.

Leksandra Sandstrom, Amid Measles Outbreak, New York closes religious exemption for vaccinations but most states retain it,Pew Research Center(June 28, 2019). https://www.pewresearch.org/fact-tank/2019/06/28/nearly-all-states-allow-religious-exemptions-for-vaccinations/.

N.Y. Pub. Health Law§ 2164 (Consol. 2019). 

David Robinson, HPV Vaccine Joins NY school immunization battle, (Jan 11, 2020). 

https://www.mpnnow.com/news/20200111/hpv-vaccine-joins-ny-school-immunization-battle.

By: Sehseh K. Sanan

Procedural Due Process is embedded in the Constitution and demands that a person’s life, liberty, and property, are not denied without “notice, opportunity to be heard, and a decision by a neutral decisionmaker.” ^[1]

But what is a neutral decisionmaker? Typically, we would think of a judge or a jury, who is not a party in the case, listening to facts, applying law, and coming out to a decision. But what if the decisionmaker was a computer? Specifically, a computer deciding how long someone should be in jail. 

Right now, and approximately since 2016, courts across the world are beginning to use algorithms to determine sentencing guidelines. ^[2]Prior to using algorithms, in the U.S., judges had to rely on either sentencing guidelines or mandatory sentencing. ^[3]Sentencing Guidelines are provisions published by the Federal Government that go through factors such as “subjective guilt of the defendant and to the harm caused by his facts.” ^[4]Judges are not mandated to follow the Guidelines, but they are required to explain why they are departing from the federal suggestions. ^[5]Under mandatory sentencing, judges are required to impose minimum sentences depending on the charges that the prosecutor brings. ^[6]This is frequently seen in drug or drug-related charges. ^[7]What both of these systems have in common is that they are trying to assess the risk that an offender poses on society and how long they should be incarcerated to right the wrong. 

Figure 1^[8]

Artificial intelligence and algorithms claim to do the same thing as previous systems: assess risk and attempt to deter the offender. ^[9]Algorithms take into consideration factors such as “(1) the likelihood that the defendant will re-offend before trial (“recidivism risk”) and (2) the likelihood the defendant will fail to appear at trial.” While this may seem beneficial from a utilitarian perspective, the rise of algorithm usage has had devastating and long-lasting effects. ^[10]People like Darnell Gates, who served time from 2013 to 2018 for running a car into a house and violently threatening a domestic partner, was deemed high risk and did not even know it. ^[11]Further, as these algorithms are being made by human beings, their innate biases are being built into these algorithms. ^[12]It is no secret that people of color, particularly Black men, are more likely to be subjected to higher sentences. ^[13]

So, where do we go from here? Mandatory sentences are not the answer as they impose higher sentences even for first time offenders. ^[14]The guidelines also have racial biases. ^[15]Personally, if the goal of criminal justice and prisons are to reform offenders, then I think that the criminal justice system should be reformed to match that goal. Prisoners should receive education and a support system that will push them to not reoffend. We as a society could focus on a combination of rehabilitative and restorative justice. ^[16]By focusing on this combination, the troubles and obstacles that offenders find once they leave prison can be alleviated by the support of their community and society. ^[17]Maybe this could lead to a better society. But either way, we should definitely not let computers and algorithms decide. 

---

^[1]Procedural Due Process, Legal Information Institute, Cornell Law School,https://www.law.cornell.edu/wex/procedural_due_process(last visited Feb. 9, 2020).

^[2]Kehl, Danielle, Guo, Priscilla, Kessler, Samuel. Algorithms in the Criminal Justice System: Assessing the Use of Risk Assessments in Sentencing. (July 2017). Responsive Communities. Available at: https://cyber.harvard.edu/ publications/2017/07/Algorithms.

^[3]Federal Sentencing Guidelines, Legal Information Institute, Cornell Law School, https://www.law.cornell.edu/wex/federal_sentencing_guidelines(last visited Feb. 9, 2020); Mandatory Minimums and Sentencing Reform, Criminal Justice Policy Foundation, https://www.cjpf.org/mandatory-minimums(last visited Feb. 9, 2020). 

^[4]Federal Sentencing Guidelines, Legal Information Institute, Cornell Law School, https://www.law.cornell.edu/wex/federal_sentencing_guidelines(last visited Feb. 9, 2020). 

^[5]Id. 

^[6]Mandatory Minimums and Sentencing Reform, Criminal Justice Policy Foundation, https://www.cjpf.org/mandatory-minimums(last visited Feb. 9, 2020).

^[7]Id. 

^[8]Demographic Differences in Sentencing, U.S. Sentencing Comm’n, https://www.ussc.gov/sites/default/files/pdf/research-and-publications/research-publications/2017/20171114_Demographics.pdf(last visited Feb. 9, 2020).

^[9]Algorithms in the Criminal Justice System: Pre-Trial Assessment Tools, Electronic Privacy Information Center, https://epic.org/algorithmic-transparency/crim-justice/(last visited Feb. 9, 2020). 

^[10]Cade Metz, Adam Satariano, An Algorithm That Grants Freedom, or Takes It Away, NYTimes, Feb. 6, 2020, https://www.nytimes.com/2020/02/06/technology/predictive-algorithms-crime.html (last visited Feb. 6, 2020).

^[11]Id. 

^[12]Id. 

^[13]Demographic Differences in Sentencing, U.S. Sentencing Comm’n, https://www.ussc.gov/sites/default/files/pdf/research-and-publications/research-publications/2017/20171114_Demographics.pdf(last visited Feb. 9, 2020). 

^[14]Mandatory Minimums and Sentencing Reform, Criminal Justice Policy Foundation, https://www.cjpf.org/mandatory-minimums(last visited Feb. 9, 2020).

^[15]Racial, Ethnic, and Gender Disparities In Federal Sentencing Today, U.S. Sentencing Comm’n, https://www.ussc.gov/sites/default/files/pdf/research-and-publications/research-projects-and-surveys/miscellaneous/15-year-study/chap4.pdf(last visited Feb. 9, 2020). 

^[16]David Best, Pathways to Recovery and Desistance: The Role of the Social Contagion of Hope(2019). 

^[17]Id. 

By: Casey Bessemer

Let’s say that you are online shopping, as millions of Americans do. You go to Amazon.com and pick out a particularly nice doodad and buy it. It gets that sweet, free two-day shipping because you have Amazon Prime and it arrives and it’s the best time. But several weeks later, you learn that Amazon’s database has been hacked into and, to make matters worse, the hackers got away with enough of your personal information to open, and then spend on, several credit cards. How do you solve this problem? Will you sue Amazon for lack of adequate security measures? But where do you bring the suit, the place where Amazon keeps it servers or the place where the cyberattack originated? What if the attack originated from outside the United States, but was routed through several states before attacking Amazon’s servers? Each of these questions would have to be answered in a variety of ways, making the issue even more confusing. 

In 2016, there were approximately 1,093 data breaches that affected more than 3.6 millions files, with attacks predicted to increase as the world uses the internet to store more and more data.^[1]These files contain personal data from various sources, everything from healthcare to social media to consumer websites. About half of Americans “feel that their personal information is less secure than it was five years ago”^[2]and with Facebook founder’s Mark Zuckerberg’s recent testimony at his Senate hearing, I can’t blame them. Sure, there are methods, such as password encryption software, that consumers could use to better protect their personal data on their own end, but these major breaches are occurring within the major companies themselves, within their databases that are supposedly “secure.” Shouldn’t these corporations have to follow the security measures to protect our data? It was a rhetorical question: the answer is yes. 

            In light of this, the United States has yet to enact any sweeping legislation that would relieve the consumer of the confusion of how to prosecute cyber-criminals. Consequently, “the struggle to regulate consumer data shows how lawmakers have largely been unable to turn rage at Silicon Valley’s practices into concrete action.”^[3]The United States does have three key pieces of legislation (the 1996 Health Insurance Portability and Accountability Act (HIPAA), the 1999 Gramm-Leach-Bliley Act, and the 2002 Homeland Security Act, which included the Federal Information Security Management Act (FISMA)) but these pieces of legislation only cover specific industries, specifically “healthcare organizations, financial institutions, and federal agencies.”^[4]They are of little use to the average consumer. Instead, the average consumer needs laws for a global medium that can be implemented across various jurisdictions with consistent rulings and punishments. 

THE INTERNET IS NOT A SINGULAR PLACE
            First, and perhaps the most obvious, is that the internet is not a singular place. Rather the internet is “a global computer network providing a variety of information and communication facilities, consisting of interconnected networks using standardized communication protocols.”^[5]And the fact that the internet is a “global” medium means that any information gathered by and then stored on the internet is effectively stored around the globe at a single time. Companies and legislations may argue that the data is on servers and the servers are subject to the laws of the jurisdiction that the servers are located in, but when a malicious third party attacks those servers, they do not go travel to the actual servers – they do attack remotely, from any possible location with an internet connection. Since the nature of these attacks can come from any jurisdiction, it stands to reason that they should be punishable within any jurisdiction, regardless of the location of the attackers or the servers themselves. In absence of some global legislation and taskforce, countries will have to rely on their own individual legislation and taskforces. Unfortunately, the United States has no such national privacy legislation. 

STATE BY STATE PROTECTION

            Currently, “federal level security and privacy legislation are lost in a morass of partisan politics and corporate lobbying delays.”^[6]So states have taken the task into their own hands. Currently, “at least 43 states and Puerto Rico [have] introduced or considered close to 300 bills or resolutions that deal significantly with cybersecurity; thirty-one states [have] enacted cybersecurity-related legislation in 2019.”^[7]Now that is a lot of coverage, but not complete coverage. States, being independent jurisdictions and personalities, have chosen different methods of defining what a “cyber attack” means and what punishment is available to any offenders. For example, Nevada, Minnesota, and Maine have specific legislation that “prohibits using, disclosing, selling, or permitting access to customer personal information unless the customer expressly consents to such,” while California has many more regulations, each targeting a specific goal such as consumer privacy or children.^[8]But some states have yet to address the issue. It is because of this hodgepodge of legislation in different states that a national privacy law makes even more sense: a national security law would impose consistent basis of prosecution and determinable punishments. 

CONCLUSION

            Because of the continued reliance and use of the internet as a medium for transactions and storage of personal data, there will eventually come a time where the United States needs to enact a federal statute to completely cover cybercrimes, something akin to the General Data Protection Regulation (GDPR) in Europe. This change must come because the current method of state-by-state regulation creates a mess of legislation that does not completely cover cyber attacks, and because the internet is a global place, the legislation needs to be applicable everywhere. Although lawmakers have said “they wanted a new federal law to protect people’s online privacy,” little to nothing has actually happened.^[9]

---

^[1]A Glance at The United States Cyber Security Laws, https://www.appknox.com/blog/united-states-cyber-security-laws(last viewed Jan. 31, 2020). 

^[2]Aaron Smith, Americans and Cybersecurity, PEW RESEARCH CENTER(Jan. 26, 2017), https://www.pewresearch.org/internet/2017/01/26/americans-and-cybersecurity/.

^[3]David McCabe, Congress and Trump Agreed They Want a National Privacy Law. It is Nowhere in Sight., N.Y. TIMES(Oct. 1, 2019), https://www.nytimes.com/2019/10/01/technology/national-privacy-law.html.

^[4]Supra note 1.

^[5]Internet, Oxford Reference(Jan. 10, 2020), https://www.oxfordreference.com/view/10.1093/oi/authority.20110803100008533.

^[6]Cynthia Brumfield, 11 new state privacy and security laws explained: Is your business ready?, CSO(Aug. 8, 2019), https://www.csoonline.com/article/3429608/11-new-state-privacy-and-security-laws-explained-is-your-business-ready.html.

^[7]Cybersecurity Legislation 2019, NCSL.COM(Jan. 10, 2020), https://www.ncsl.org/research/telecommunications-and-information-technology/cybersecurity-legislation-2019.aspx.

^[8]Id.

^[9]Supranote 3.

By: Erin Kelly

In 1990, the Federal Bureau of Investigations (FBI) developed software to compare DNA samples found at crime scenes against the DNA samples of arrestees. This software, the Combined DNA Index System (CODIS), has over 14.3 million DNA samples stored to its system. In 2013, the Supreme Court of the United States ruled in Maryland v. Kingthat states may collect DNA samples from arrestees without probable cause. However, law enforcement officials have recently used independent, commercial databases to identify suspects in criminal cases.

Ancestry is a company that specializes in commercialized DNA testing to show customers their family trees and their genetic heritage. The company has over sixteen million DNA samples stored in the Ancestry DNA database. A competitor company, 23andMe, has over ten million customers who have purchased a DNA testing kit. Both companies have reported that their customer information is not released to law enforcement officials absent a warrant or subpoena. This is not true of every commercial genealogy database.

After receiving their DNA data test results, customers from companies like Ancestry and 23andMe can upload their DNA data to third party websites to expand their search for familial connections. For example, GEDmatch is free to use and allows individuals to find genetic connections with users from across DNA testing websites, not just the original company they used. In 2018, Joseph James DeAngelo was arrested and charged with thirteen counts of murder committed in California between 1976 and 1986. When searching for suspects in this cold case, law enforcement officials created a profile on GEDmatch with the crime scene DNA. This is only one example of how DNA data from publicly available websites has helped to apprehend criminals.

After news broke about DeAngelo’s arrest and law enforcement’s use of GEDmatch, privacy concerns arose. To address these concerns, GEDmatch altered their terms of service. Previously, the website allowed law enforcement to use its database when investigating a violent crime. However, the website’s terms never defined “violent crime.” GEDmatch’s updated terms created an opt-in agreement, where customers must affirmatively agree to opt-in to automatically be included in future law enforcement searches. Customers who choose not to opt-in still have complete access to GEDmatch’s services.

On the surface, this might seem to address privacy concerns. In practice, these terms only apply to situations in which law enforcement formally requests access to GEDmatch’s database. As with the DeAngelo case, law enforcement officials may still create a profile on the website using the crime scene DNA. This provides complete access to the website’s DNA database. In December 2019, a forensic genomics company, Verogen, purchased GEDmatch. According to its website, Verogen works to improve the field of forensic science through technological advances. Verogen announced that “GEDmatch’s terms of service will not change, with respect to the use, purposes of processing, and disclosures of user data.” Verogen has previously worked with the FBI to create DNA profiles for the National DNA Index System, combining federal, state, and local forensic contributions. Therefore, GEDmatch users will likely not experience more privacy protection in the wake of the Verogen takeover.

            If law enforcement officials are able to make a profile with crime scene DNA, like in the DeAngelo case, are they also able to access the more popular Ancestry or 23andMe? These websites operate differently. Individuals gain access to their online profile only after purchasing a DNA test kit from one of these websites and sending in the completed kit. Therefore, unlike other websites, law enforcement officials cannot upload DNA samples collected from crime scenes. This does not necessarily mean the data is secure. These companies are not health care providers, therefore, the Health Insurance Portability and Accountability Act (HIPPA) does not apply. HIPPA is a federal law that ensures the privacy of health data. Subpoenas seeking the release of medical records are usually insufficient to release genetic information protected by HIPPA.

            As science and technology advance, legislatures try to keep up. In January 2020, Senator Susan Lee introduced a bill before Maryland’s General Assembly, requiring the State’s Attorney to make a disclosure to criminal defendants if “forensic genetic genealogical DNA analysis and search” is used during the case investigation. The disclosure is limited to cases where publicly available open databases and consumer genealogy services are used by law enforcement. The bill has support from Maryland House Delegate Charles Sydnor III, who proposed a similar bill in 2019, which did not make it out of committee. Consumers should exercise caution and make an informed decision when using any product, especially those that threaten constitutional rights, like privacy.

Sources:

Antony Barone Kolenc, “23 and Plea”: Limiting Police Use of Genealogy Sites After Carpenter v. United States, 122 W. Va. L. Rev.53 (2019).

Maryland v. King, 569 U.S. 435 (2013).

Our Story,Ancestry, https://www.ancestry.com/corporate/about-ancestry/our-story (last visited Jan. 16, 2020).

About Us, 23andMe, https://mediacenter.23andme.com/company/about-us/ (last visited Jan. 16, 2020).

Jason Tashea, Genealogy Sites Give Law Enforcement a New DNA Sleuthing Tool, but the Battle Over Privacy Looms, ABA (Nov. 1, 2019), http://www.abajournal.com/magazine/article/family-tree-genealogy-sites-arm-law-enforcement-with-a-new-branch-of-dna-sleuthing-but-the-battle-over-privacy-looms.

Breeanna Hare & Christo Taoushiani, What We Know About the Golden State Killer Case, One Year After a Suspect Was Arrested, CNN, https://www.cnn.com/2019/04/24/us/golden-state-killer-one-year-later/index.html (last updated Apr. 24, 2019).

Julian Husbands, GEDmatch Partners with Genomics Firm, Verogen(Dec. 9, 2019), https://verogen.com/gedmatch-partners-with-genomics-firm/. 

Nila Bala,We’re Entering a New Phase in Law Enforcement’s Use of Consumer Genetic Data,Slate(Dec. 19, 2019), https://slate.com/technology/2019/12/gedmatch-verogen-genetic-genealogy-law-enforcement.html.

Heather Murphy, What You’re Unwrapping When You Get a DNA Test for Christmas, N.Y. Times,https://www.nytimes.com/2019/12/22/science/dna-testing-kit-present.html? (last updated Dec. 23, 2019).

Taking the Fear out of Responding to Subpoenas for Medical Records, Norcal Group(June 29, 2017). https://www.norcal-group.com/library/taking-the-fear-out-of-responding-to-subpoenas-for-medical-records.

S.B. 46, 440th Gen. Assemb., Reg. Sess. (Md. 2020).

By: Dominique Kelly

State laws governing biometric data are not common in the United States, as there are only three states that currently employ such laws: Illinois, Washington, and Texas. As it stands, biometric data in the United States are not governed by federal guidelines, but are instead governed by contracts that users must usually agree to in order to utilize most devices (think: terms and conditions longer than a Supreme Court opinion standing between you and using your new smartphone). We may not be aware of the biometric data collection features surrounding our daily lives, but some common features such as fingerprint scanners or facial recognition to unlock phones, voice prints collected in the presence of our good friend ‘Alexa,’ or even retinal scans at a country’s borders. However, there is one important category of biometric data we may be quick to forget about: health data. Fitness tracker brands such as Fitbit, Garmin, Fossil, or even popular smart watches by Samsung, Apple, and other electronic brands, contain features which can track steps, heart rate, sleep cycles, trail locations, and menstrual cycles amongst other things. While this data may be harmless, users should still have a right to control this type of biometric information although they may have agreed to use the device to track the information.  

What could be the harm in collecting health related biometric data? Consider this: your employer offers you discounts on a new fitness tracking device in an effort to boost morale, promote fitness, and use friendly competition to enhance comradery. You do not want to miss out, so you purchase a great fitness tracker and your employer begins offering incentives for taking steps to pursue and/or maintain a healthy lifestyle. Your new fitness tracker arrives and you immediately take it out of the box and slap it right on your wrist and begin set up. You enter basic information, such as age, weight, cycle dates, etc. and the tracker begins, you guessed it: tracking. Now this tracker has obtained more information than you would be willing to give on a first date, in a matter of a few minutes. Not only is your tracker now tracking your steps, heart rate, and cycle, but you’ve also been tracking your weight, your exercise regimens, the running path you were just on for the past 30 minutes, and your caloric and water intake. Before you know it, you’re seeing ads on Instagram for the newest exercise machine, sponsored NIKE ads are attempting to sell you new running shoes, and Amazon is suggesting you purchase sanitary products around the beginning of your cycle.  

Generally, individuals who buy health trackers don’t believe the information that is being tracked will be used by other entities for monetary gain. But in this age of increasing sponsored advertisements on social media platforms based on seemingly unrelated searches completed on search engines, should we have expected our health-related biometric data to be commercialized? There is a push for states to regulate privacy protections of biometric data as there is no federal body currently governing this type of data. Amidst the new acquisition of Fitbit by Google, lawmakers have begun preparing bills in an effort to protect consumer health data. One bill that has been created is the Smartwatch Data Act or the Stop Marketing and Revealing the Wearables and Trackers Consumer Health Data Act. Conveniently defined, the purpose of this proposed Act is to protect identifiable biometric data (sleep, health, exercise data, etc.) that would likely be tracked by fitness trackers created by Fitbit, Garmin, and other brands. This bill would ideally treat these types of biometric data as protected health information and require the enforcement of violations as any other HIPAA (Health Information Portability and Accountability Act) violation. The bill would also stop entities collecting this biometric data on personal fitness trackers from transferring, selling, or sharing said data. 

Currently, HIPAA does not protect this type of personal information because HIPAA regulations currently only applies to health plans, health care clearinghouses, and any health care provider transmitting health information electronically. Since entities who create fitness trackers do not fall under a health plan, health care provider, or clearinghouse, they do not have to submit themselves to HIPAA guidelines. Thus, if those advocating for more protection of health related biometric data cannot successfully bring this protection under HIPAA guidelines, then perhaps an alternative is to encourage each state to create general biometric information protection laws. For example, the Illinois Biometric Information Privacy Act gives individuals the right to control their biometric information by requiring notice before collecting the data and giving the individuals the power to withhold consent. Another law governing collection and use of biometric data can be found in Washington state. This Act requires entities that collect biometric data (including health related biometric data) to disclose the way the information would be used and provide notice and obtain consent from the individual before the data is used. Much like the Illinois Act, only the Washington state attorney general has the ability to enforce the act preventing consumers from being able to sue companies when there is a violation. Texas is the third state that has enacted laws regulating the use and collection of biometric data. The Act requires only that any employer using biometric identifiers must destroy those identifiers within a reasonable time from the date the purpose for collecting the data expires. So, for example, if the data was collected for security purposes, then the expiration date of the purpose would be the date the employee no longer works with the employer.

In turning back to the biometric health data collected by fitness trackers, the state laws that are enacted in Illinois, Washington, and Texas may not provide the protection necessary to prevent the unlawful or unwanted use of consumer health data. The Illinois Act may be the closest law available to protect health data until bills and laws such as the Smartwatch Data Act, that include HIPAA or HIPAA related protection, become widespread in each state. Until then, we should continue to be aware of how our sleep, heart rate, exercise regimen, water intake data, etc. are used. In the meantime, grab a cup of tea and enjoy those long ‘terms and conditions’ agreements.  

Sources:

In re Facebook Biometric Info. Privacy Litig., 185 F. Supp. 3d 1155 (N.D. Cal. 2016).

Fitbit, Inc. v. AliphCom, No. 15-cv-04073-EJD, 2017 U.S. Dist. LEXIS 12657 (N.D. Cal. Jan. 27, 2017).

Chelsea Cirruzzo, Cassidy, Rosen Introduce Consumer Privacy Bill Amid Google Scrutiny, InsideHealthPolicy(Nov. 14, 2019, 7:02 PM), https://insidehealthpolicy.com/daily-news/cassidy-rosen-introduce-consumer-privacy-bill-amid-google-scrutiny.

Jerry Lynn Ward, Texas Biometric Privacy Law restricts certain “biometric identifiers.” Only three states have laws regulating the collection and storage of Biometric data., GarloWard, P.C. (Mar. 26, 2018), https://www.garloward.com/2018/03/26/texas-biometric-privacy-law-restricts-certain-biometric-identifiers-three-states-laws-regulating-collection-storage-biometric-data/.

U.S. Dep’t of Health and Human Servs., Summary of the HIPAA Privacy Rule (2003).

Justin Lee, Washington’s new biometrics law softer on privacy protections than Illinois BIPA, BiometricUpdate.com(July 24, 2017), https://www.biometricupdate.com/201707/washingtons-new-biometrics-law-softer-on-privacy-protections-than-illinois-bipa.

By: Bryan Harris

We all know about the tech giants for smartphones such as Apple, Samsung, and Microsoft which are featured in our everyday lives to help us connect to each other. However, there is another tech giant that we may have never heard of before that is caught up in a legal and political battle here in the United States. This company is the second largest in the world, yet many Americans have never heard of it before. This company is called Huawei and it is based out of China. Huawei itself has had $93 billion in sales in 2018, which is similar to what Microsoft earned over the same period. Huawei was looking to enter into the United States market earlier this year with their phones using carriers including Verizon and AT&T, however those deals have fallen through after immense pressure from the U.S. government. Huawei is also a large player in trying to develop the 5G network. 5G is the fifth generation of wireless technology and will be able to have greater speed to move more data, be more responsive, and allow for more devices to connect at one time. It is in the early days of development at this point and will be a technology that is more widespread in the 2020s.

            Huawei has long been a global player in the smartphone race to many different places over the years. They have not been without controversy as they have become a global powerhouse in the smartphone race. Throughout the years they have been accused by many different countries and unions of anything from hacking by the African Union to espionage by former CIA Directors. The first issue with Huawei occurred when their Chief Financial Officer was arrested in Canada for violating the U.S. trade sanctions by shipping Huawei items from the U.S. to Iran.

            One of the big issues with Huawei that has been apparent in their attempt to enter into the U.S. market is that they are seen as acting as a front for the Chinese government to spy on other countries and to subsequently have China become a worldwide leader in technology by 2025 (a stated goal of the Chinese government. The reason that Huawei is seen as being a front for the Chinese government, or the Chinese government having significant influence on the company, is the fact that shareholders within the company need to report the shares that they own to a trade union committee, which reports to the All-China Federation of Trade Unions, which is controlled by the Communist Party of China. Thus, with the shareholders ultimately, though indirectly, reporting to the leading party in China, there is significant influence the government can impose on the company. They have conducted corporate and industrial espionage, and have ignored sanctions, ignored other nations’ laws, and have paid out bribes to others. 

The U.S. government has also added Huawei to a list of companies that there is special approval needed to do business with. Earlier this year, President Trump issued an executive order which would create a process that can ban the use of technology from companies that are deemed to be a national security risk. However, after meeting with the Chinese President, Xi Jinping at the G20 summit, it was announced that President Trump would release the restrictions that were included in the executive order.

More recently however, we have seen that the FCC will stop giving broadband subsidies to companies that do not destroy and get rid of the gear that was made by Huawei and another Chinese company, ZTE. These blockings have the approval from the Attorney General, William Barr, for the national security threat that these companies possess. This ban has also been widely received bipartisan support from those in Congress. Although the FCC, the Attorney General, and other lawmakers have taken a  hard stance on the companies for their national security threat, President Trump seems to just be using the bans and restrictions as a bargaining chip in the trade war, as shown by his willingness to ease up on the restrictions after meeting with Chinese President Xi Jinping at the G20 earlier this year. However, the bans that President Trump has now set on Huawei working with U.S. companies have been pushed back to start in February of 2020. Amid all the bans and restrictions, Huawei has maintained that they do not work for the benefit of the Chinese government and would not act in improper ways.

As we approach the time in which President Trump’s bans go into effect and the FCC’s ruling, we will have to see if the hardball stances that have been placed will continue to act in a way for our best interest for national security, or whether those stances will continue to be used as a bargaining chip for the ongoing trade war with China.

Citations

Colin Lecher, Huawei is Getting Three More Months Before US Ban Takes Effect, The Verge(Nov. 18, 2019), https://www.theverge.com/2019/11/18/20970684/huawei-us-ban-delay-trump-china.

Sascha Segan, What Is 5G?, PCMag(Oct. 31, 2019), https://www.pcmag.com/article/345387/what-is-5g.

Shannon Liao, Verizon Won’t Sell Huawei Phones due to US Government Pressure, Report Says, The Verge(Jan. 30, 2018), https://www.theverge.com/2018/1/30/16950122/verizon-refuses-huawei-phone-att-espionage-cybersecurity-fears.

Dave Smith, Here’s Why It’s So Hard to Buy Huawei Devices in the US, Bus. Insider (May 20, 2019), https://www.businessinsider.com/why-huawei-not-sold-in-united-states-2018-12.

Mike Rogers, Huawei is National Security Issue, Not Trade Football for our Leaders, The Hill(June 21, 2019, 12:00 PM), https://thehill.com/opinion/national-security/449711-huawei-is-national-security-issue-not-trade-football-for-our-leaders.

Brandon Baker, Is Huawei a National Security Threat?, Penn Today(July 19, 2019), https://penntoday.upenn.edu/news/why-huawei-national-security-threat.

John Hendel, FCC Votes to Edge Huawei, ZTE out of U.S. Networks, Politico(Nov. 22, 2019), https://www.politico.com/news/2019/11/22/fcc-huawei-zte-subsidies-072901.

Colin Lecher, The FCC Votes to Block Huawei From Billions in Federal Aid, The Verge(Nov. 22, 2019), https://www.theverge.com/2019/11/22/20977703/fcc-vote-huawei-zte-china-funding-federal-aid.

Kelcee Griffis, FCC Eyes Broader Restrictions on Huawei, ZTE Products, Law360(Nov. 22, 2019), https://www.law360.com/technology/articles/1222689/fcc-eyes-broader-restrictions-on-huawei-zte-products.