From California bill regulates IoT for first time in US, Naked Security (Sept. 13, 2018):

The State legislature approved SB-327 Information privacy: connected devices’ last Thursday and handed it over to the Governor to sign. The legislation introduces security requirements for connected devices sold in the US. It defines them as any device that connects directly or indirectly to the internet and has an IP or Bluetooth address. That covers an awful lot of devices.

The legislation says:

This bill, beginning on January 1, 2020, would require a manufacturer of a connected device, as those terms are defined, to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure, as specified.

H/T PinHawk Legal Technology Digest (Sept. 14, 2018). — Joe

From Motherboard: “the federal government says it may not be able to prosecute election hacking under the federal law that currently governs computer intrusions. Per a Justice Department report issued in July from the Attorney General’s Cyber Digital Task Force, electronic voting machines may not qualify as “protected computers” under the Computer Fraud and Abuse Act, the 1986 law that prohibits unauthorized access to protected computers and networks or access that exceeds authorization (such as an insider breach).”

H/T beSpacific. — Joe

Information Warfare: Issues for Congress (R45142, Mar. 5, 2018) “offers Congress a conceptual framework for understanding IW as a strategy, discusses past and present IW-related organizations within the U.S. government, and uses several case studies as examples of IW strategy in practice. Countries discussed include Russia, China, North Korea, and Iran. The Islamic State is also discussed.” — Joe

From John Flood & Lachlan Robb, Professions and Expertise: How Machine Learning and Blockchain are Redesigning the Landscape of Professional Knowledge and Organisation (Aug. 21, 2018):

Machine learning has entered the world of the professions with differential impacts. Engineering, architecture, and medicine are early and enthusiastic adopters. Other professions, especially law, are late and in some cases reluctant adopters. And in the wider society automation will have huge impacts on the nature of work and society. This paper examines the effects of artificial intelligence and blockchain on professions and their knowledge bases. We start by examining the nature of expertise in general and then how it functions in law. Using examples from law, such as Gulati and Scott’s analysis of how lawyers create (or don’t create) legal agreements, we show that even non-routine and complex legal work is potentially amenable to automation. However, professions are different because they include both indeterminate and technical elements that make pure automation difficult to achieve. We go on to consider the future prospects of AI and blockchain on professions and hypothesise that as the technologies mature they will incorporate more human work through neural networks and blockchain applications such as the DAO. For law, and the legal profession, the role of lawyer as trusted advisor will again emerge as the central point of value.

— Joe

From the blurb for Blockchain: A Practical Guide to Developing Business, Law, and Technology Solutions (McGraw-Hill Education, Feb. 16, 2018), by Joseph J. Bambara et al.:

Get the most out of cutting-edge blockchain technology using the hands-on information contained in this comprehensive resource. Written by a team of technology and legal experts, Blockchain: A Practical Guide to Developing Business, Law, and Technology Solutions demonstrates each topic through a start-to-finish, illustrated case study. The book includes financial, technology, governance, and legal use cases along with advantages and challenges. Validation, implementation, troubleshooting, and best practices are fully covered. You will learn, step-by-step, how to build and maintain effective, reliable, and transparent blockchain solutions.

•Understand the fundamentals of decentralized computing and blockchain
•Explore business, technology, governance, and legal use cases
•Review the evolving practice of law and technology as it concerns legal and governance issues arising from blockchain implementation
•Write and administer performant blockchain-enabled applications
•Handle cryptographic validation in private, public, and consortium blockchains
•Employ blockchain in cloud deployments and Internet of Things (IoT) devices
•Incorporate Web 3.0 features with Swarm, IPFS, Storj, Golem, and WHISPER
•Use Solidity to build and validate fully functional distributed applications and smart contracts using Ethereum
•See how blockchain is used in crypto-currency, including Bitcoin and Ethereum
•Overcome technical hurdles and secure your decentralized IT platform

— Joe

On In Custodia Legis, Leah K. Ibraheem, the web metrics analyst in the Office of the Chief Information Officer of the Library of Congress, answers the title’s question in the affirmative. She writes “As traffic to has grown over the past four years, the percentage of mobile traffic has also grown. In 2014, 21% of traffic was mobile. In the first 5 months of 2018, 44% of visits were from users on mobile devices. It’s also notable that in the first 5 months of 2018, there were more mobile visits than for all of 2014, 2015, and 2016. … What’s behind this trend? A societal pivot from desktop/laptop devices to mobile/tablet devices.”  — Joe

Yesterday, the GPO announced that it was “collaborating with the Office of the Clerk of the House of Representatives, the Office of the Secretary of the Senate, and the Office of the Federal Register on parallel projects to convert a subset of enrolled bills, public laws, the Statutes at Large, the Federal Register, and the Code of Federal Regulations into United States Legislative Markup (USLM) XML. A draft of the United States Legislative USLM 2.0.0 schema, a schema review guide, and sample USLM XML files are now available for comment on GPO’s GitHub repository.” — Joe

Here’s the abstract for Michal Gal’s Algorithms as Illegal Agreements, Berkeley Technology Law Journal, Forthcoming:

Despite the increased transparency, connectivity, and search abilities that characterize the digital marketplace, the digital revolution has not always yielded the bargain prices that many consumers expected. What is going on? Some researchers suggest that one factor may be coordination between the algorithms used by suppliers to determine trade terms. Simple coordination-facilitating algorithms are already available off the shelf, and such coordination is only likely to become more commonplace in the near future. This is not surprising. If algorithms offer a legal way to overcome obstacles to profit-boosting coordination, and create a jointly profitable status quo in the market, why should suppliers not use them? In light of these developments, seeking solutions – both regulatory and market-driven – is timely and essential. While current research has largely focused on the concerns raised by algorithmic-facilitated coordination, this article takes the next step, asking to what extent current laws can be fitted to effectively deal with this phenomenon.

To meet this challenge, this article advances in three stages. The first part analyzes the effects of algorithms on the ability of competitors to coordinate their conduct. While this issue has been addressed by other researchers, this article seeks to contribute to the analysis by systematically charting the technological abilities of algorithms that may affect coordination in the digital ecosystem in which they operate. Special emphasis is placed on the fact that the algorithms is a “recipe for action”, which can be directly or indirectly observed by competitors. The second part explores the promises as well as the limits of market solutions. In particular, it considers the use of algorithms by consumers and off-the-grid transactions to counteract some of the effects of algorithmic-facilitated coordination by suppliers. The shortcomings of such market solutions lead to the third part, which focuses on the ability of existing legal tools to deal effectively with algorithmic-facilitated coordination, while not harming the efficiencies they bring about. The analysis explores three interconnected questions that stand at the basis of designing a welfare-enhancing policy: What exactly do we wish to prohibit, and can we spell this out clearly for market participants? What types of conduct are captured under the existing antitrust laws? And is there justification for widening the regulatory net beyond its current prohibitions in light of the changing nature of the marketplace? In particular, the article explores the application of the concepts of plus factors and facilitating practices to algorithms. The analysis refutes the Federal Trade Commission’s acting Chairwoman’s claim that current laws are sufficient to deal with algorithmic-facilitated coordination.

— Joe

Omri Ben-Shahar (University of Chicago Law School) has posted Data Pollution on SSRN. Here is the abstract:

Digital information is the fuel of the new economy. But like the old economy’s carbon fuel, it also pollutes. Harmful “data emissions” are leaked into the digital ecosystem, disrupting social institutions and public interests. This article develops a novel framework- data pollution-to rethink the harms the data economy creates and the way they have to be regulated. It argues that social intervention should focus on the external harms from collection and misuse of personal data. The article challenges the hegemony of the prevailing view-that the harm from digital data enterprise is to the privacy of the people whose information is used. It claims that a central problem has been largely ignored: how the information individuals give affects others, and how it undermines and degrade public goods and interests. The data pollution metaphor offers a novel perspective why existing regulatory tools-torts, contracts, and disclosure law-are ineffective, mirroring their historical futility in curbing the external social harms from environmental pollution. The data pollution framework also opens up a rich roadmap for new regulatory devices-an environmental law for data protection-that focus on controlling these external effects. The article examines whether the general tools society has long used to control industrial pollution-production restrictions, carbon tax, and emissions liability-could be adapted to govern data pollution.

H/T Legal Theory Blog. — Joe

The Law School Innovation Index was launch in November 2017 as a prototype that highlights 38 law school legal-service delivery innovation and technology programs of which the creators were aware as of October 31, 2017. In this prototype, the creators endeavored to build a framework for the index so that they can receive feedback before undertaking adding each of the 200+ U.S. law schools.

The objective of this study are:

  • Create a measure of the extent to which each of the 200+ U.S. law schools prepare students to deliver legal services in the 21st century.
  • Create a taxonomy of law school legal-service delivery innovation and technology programs.
  • Differentiate between programs and courses focused on “legal-service delivery innovation and technology” and those focused on the intersection of law and technology (e.g., “law and [technology] courses”).
  • Raise public awareness of law schools that are educating students about legal-service delivery innovation and technology, including awareness among employers, prospective and current law students, and alumni.
  • Raise prospective and current law students’ awareness of the disciplines and skills needed to be successful in the 21st century.

To have made this prototype list, a law school must offer a course with instruction in at least one of these legal-service delivery disciplines:

  • Business of law.
  • Process improvement.
  • Leadership for lawyers.
  • Project management.
  • Innovative/entrepreneurial lawyering.
  • Computational law.
  • Empirical methods.
  • Data analytics.
  • Technology basics.
  • Applied technology.

Only two law schools teach all 10 disciplines: MSU Law, which is home to LegalRndD, and Chicago-Kent College of Law, home to The Law Lab and the Center for Access to Justice and Technology. Northwestern University Pritzker School of Law, Stanford Law School, Suffolk University Law School, and the University of Miami School of Law topped the index as well.

What do you think? — Joe

From the conclusion from Law Technology Today’s Legal Analytics vs. Legal Research: What’s the Difference?:

Technology is transforming the legal services industry. Some attorneys may resist this transformation out of fear that new technologies might change how they practice law or even make their jobs obsolete. Similar concerns were voiced when legal research moved from books to computers. But that transition did not reduce the need for attorneys skilled in legal research. Instead, it made attorneys better and more effective at their jobs.

Similarly, legal analytics will not make the judgment and expertise of seasoned lawyers obsolete. It will, however, enable those who employ it to provide better and more cost-effective representation for their clients and better compete with their opponents.

— Joe

Here’s the abstract for Frank Fagan’s Systemic Social Media Regulation, Duke Law & Technology Review, Forthcoming:

Social media platforms are motivated by profit, corporate image, long-term viability, good citizenship, and a desire for friendly legal environments. These managerial interests stand in contrast to the gubernatorial interests of the state, which include the promotion of free speech, the development of e-commerce, various counter terrorism initiatives, and the discouragement of hate speech. Inasmuch as managerial and gubernatorial interests overlap, a self-regulation model of platform governance should prevail. Inasmuch as they diverge, regulation is desirable when its benefits exceed its costs. An assessment of the benefits and costs of social media regulation should account for how social facts, norms, and falsehoods proliferate. This Article sketches a basic economic model. What emerges from the analysis is that the quality of discourse cannot be controlled through suppression of content, or even disclosure of source. A better approach is to modify, in a manner conducive to discursive excellence, the structure of the forum. Optimal platform architecture should aim to reduce the systemic externalities generated by the social interactions that they enable, including the social costs of unlawful interference in elections and the proliferation of hate speech. Simultaneously, a systemic approach to social media regulation implies fewer controls on user behavior and content creation, and attendant First Amendment complications. Several examples are explored, including algorithmic newsfeeds, online advertising, and invited campus speakers.

— Joe

TechRepublic’s Charles McLellan explains how the combination of automatic speech recognition, natural-language understanding and text-to-speech has come to mainstream attention in virtual assistants such as Apple’s Siri, Google Now, Microsoft’s Cortana, and Amazon’s Alexa. For details, see his How we learned to talk to computers, and how they learned to answer back. Recommended. — Joe

Three snips from the conclusion of Volodymyr Lysenko and Catherine Brooks, Russian information troops, disinformation, and democracy, 23 First Monday no. 7 (May 7, 2018:

This work illuminates some of the activities, investments, and strategies behind a case of contemporary information war, an approach that will be ever more prevalent in this increasingly digital world. We provide evidence showing these kinds of patterns emanating from Russia, given the potential effects Russia’s information-based strategies may be having around the globe, and especially in electoral processes (e.g., in the U.S., France, and Germany). Indeed these findings show that in this exemplary case of Russian information-based activities, digital hacking is so far an “easy and cheap road” for Russia to deploy the kinds of disruptions that can interrupt democratic processes or governing efforts around the world. We investigate Russian information-based global influences or “hacks” in order to generate new ideas about disruptive digital activities that can emanate from any country and bring effects that are potentially global in size.

we can see an important chain of command worth reviewing. Based on our findings, we argue that Putin’s geopolitical advisors point to areas of concern and political tension, and those get translated into hacking assignments taking place in the FSB, GRU, possibly the SVR (Sluzhba vneshney razvedki, Foreign Intelligence Service), or by paid civil trolls or “unpaid” cyber-patrol “volunteers”. These assignments are sent via curators in these contexts who, in turn, distribute assignments to their subordinate hackers and trolls. Such chain of command may explain why the DNC was independently and simultaneously hacked by the APT 29 (FSB) and APT 28 (GRU). That is, the assignments were likely passed along to the FSB and GRU independently, to increase the likelihood of the successful hack.

Putin admitted in May 2017 that there may exist some “patriotic” hackers who may fight for Russia globally on their own, and may have interfered in a recent U.S. election. At the same time, he denied state-level interference. We assert that this kind of reference to volunteer patriots is similar to his reasoning about Russian involvement in Ukrainian disruptions, that attacks were simply activities of average citizens and not of state-sponsored employees and troops. There’s a blurring of lines we find in the case of Russia between state-sponsored workers and those can be viewed as average citizens being encouraged and rewarded for hacking activities.

As hybrid war is on the rise — that is, war involving both physical military strategies and information/cyber tactics — new kinds of information/cyber strategies will continue to emerge. The type of attacks or disinformation efforts will shift over time, by country, and with rapid advancements in digital life. With this work, we offer an in-depth investigation of a case of hybrid war, focusing on information/cyber strategies in particular. From this case we can consider other cases underway and ideally, begin to consider the kinds of peace-keeping strategies in an information era in order to maintain a healthy geopolitical climate.

Recommended. — Joe

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. It was adopted on April 14 2016, and after a two-year transition period, becomes enforceable on May 25 2018. Any company that stores or processes personal information about EU citizens within EU states must comply with the GDPR, even if they do not have a business presence within the EU.

What types of privacy data does the GDPR protect?

  • Basic identity information such as name, address and ID numbers
  • Web data such as location, IP address, cookie data and RFID tags
  • Health and genetic data
  • Biometric data
  • Racial or ethnic data
  • Political opinions
  • Sexual orientation

Kelly LeBlanc’s Europe’s GDPR to Set New Standards in Data Protection and Privacy Law focuses on the GDPR’s over-arching purpose and mission, common misconceptions, and the road to compliance. Recommended. — Joe

Ars technica and the Washington Post report that Amazon is actively courting law-enforcement agencies to use a cloud-based facial-recognition service called Rekognition that can identify people in real time. Rekognition is already being used by the Orlando Police Department and the Washington County Sheriff’s Office in Oregon, according to documents the ACLU obtained under Freedom of Information requests. The ACLU and more than two dozen other civil rights organizations called on Amazon CEO Jeff Bezos to stop selling the face-recognition services to government agencies. — Joe

American businesses operating or serving customers in the EU must comply with the EU’s GDPR which becomes effective on May 25. A recent survey found that 91 percent of American businesses lack awareness surrounding the details of the GDPR, while 84 percent don’t understand the GDPR’s implications for their specific business. On Recode, Nancy Harris offers a practical guide to the European Union’s GDPR for American businesses. — Joe

According to the In-House Counsel’s LegalTech Buyer’s Guide 2018, the number of artificial intelligence companies catering to the legal field has grown by 65 percent in the last year, from 40 to 66. In his LawSites post, Bob Ambrogi offers some caveats:

First, its listing of AI companies is not complete. Most notably, it omits Thomson Reuters, whose Westlaw, with its natural-language processing, was one of the earliest AI products in legal. Thomson Reuters Labs and, within it, the Center for Cognitive Computing, are major initiatives devoted to the study of AI and data science. Just in January, TR rolled out an AI-powered product for data privacy law.

In addition, there are a number of small legal tech startups that are using AI but that are not included on this list.

Second, when the guide suggests that established players such as LexisNexis are joining the field, it should be pointed out, for the sake of accuracy, that LexisNexis, like TR, was using AI in its research platform well before most of these other players came along.

— Joe

Here’s the abstract for Anupam Chandler’s How Law Made Silicon Valley, ___ Emory Law Journal ___:

Explanations for the success of Silicon Valley focus on the confluence of capital and education. In this article, I put forward a new explanation, one that better elucidates the rise of Silicon Valley as a global trader. Just as nineteenth century American judges altered the common law in order to subsidize industrial development, American judges and legislators altered the law at the turn of the Millennium to promote the development of Internet enterprise. Europe and Asia, by contrast, imposed strict intermediary liability regimes, inflexible intellectual property rules, and strong privacy constraints, impeding local Internet entrepreneurs. The study challenges the conventional wisdom that holds that strong intellectual property rights undergird innovation. While American law favored both commerce and speech enabled by this new medium, European and Asian jurisdictions attended more to the risks to intellectual property rights-holders and, to a lesser extent, ordinary individuals. Innovations that might be celebrated in the United States could lead to jail in Japan. I show how American companies leveraged their liberal home base to become global leaders in cyberspace. Nations seeking to incubate their own Silicon Valley must focus not only on money and education, but also a law that embraces innovation.

— Joe