On April 29, 2016, Judge Ross issued his ruling on Ashley Madison’s motion for a protective order, prohibiting Plaintiffs from using the leaked documents, reports quoting the leaked documents, and information “stolen from Avid” in drafting their consolidated class action complaint. The result was largely policy driven, with Judge Ross stating broadly, “the Court cannot and will not allow Plaintiffs to take advantage of the work of hackers to access documents outside the context of formal discovery. To do so would taint these proceedings and, if left unremedied, potentially undermine the integrity of the judicial process.” The Court also ruled that it had inherent authority to issue a protective order with respect to documents obtained outside the course of normal discovery, and distinguished cases cited by the Plaintiffs in opposition. Rejecting Plaintiffs’ First Amendment argument, Judge Ross notes, “[j]ournalists … are in a completely different position than parties involved in private litigation. No doubt exists that the news media enjoy the freedom of ‘the press;’ however, the conduct of attorneys is informed by their ethical responsibilities as officers of the Court.” The amici briefs submitted by other Ashley Madison users made an impact on the Court as the Court found that the leaked information could not truly be considered “readily available to the public” due to the efforts of the other users to protect their privacy following the leak, as asserted in their briefs. Ultimately, Judge Ross emphasized the need to “protect the integrity of the internet and make it a safer place for business, research and casual use.”
The Federal Trade Commission recognizes that many people benefit from companies’ online tracking by getting advertising that is more targeted to their preferences. However, as the technologies and techniques used by companies and advertisers to uniquely identify and track individuals’ online behavior advances, the FTC warns that companies’ privacy disclosures and practices must be updated. Failure to do so could be considered deceptive under the FTC Act.
A Chicago law firm has challenged Jay-Z and Kanye West, filing a class action complaint for violations of the California Business & Professions Code, fraudulent inducement and unjust enrichment in the Northern District of California. The complaint alleges that Tidal, a music streaming service owned by Shawn “Jay Z” Carter and Kanye West, was in financial straits earlier this year but that help arrived when Kanye West used his valuable star power on Twitter to encourage his followers to subscribe to Tidal by tweeting that his highly anticipated new album The Life of Pablo would only be available on Tidal. Mr. West also tweeted that the “album will never never never be on Apple. And it will never be for sale… You can only get it on Tidal.” The complaint further alleges that subsequently “[n]ew subscriptions to the streaming platform skyrocketed, tripling its consumer base from 1 million to 3 million subscribers in just over a month.” All would have been well except that Mr. West made The Life of Pablo available through Apple Music, Spotify and his own online marketplace a month and a half after its initial release.
We’ve previously written about the distinctions between hacking credit and other financial data in comparison to hacking private information. (See Ashley Madison and Coming to “Terms” with Data Protection.) The issue of how much protection the latter receives when it relates to attorney-client communications is currently before the District Court of the Eastern District of Missouri in the multi-district litigation arising from the July 2015 Ashley Madison leaks. Plaintiffs—former users of the site who claim that Ashley Madison defrauded the public by creating fake female profiles to lure male users—hope to use leaked information in their consolidated complaint against the site, due to be filed June 3 of this year. The leaked information sought to be used includes references and citations to emails between Ashley Madison’s parent company, Avid Dating Life, and its outside counsel.
Recently, the Fourth Circuit handed down one of the first appellate-level decisions involving insurance coverage for a cyber-related event. The ruling is likely to create ripples among both carriers and company insureds, as it establishes the possibility that, under a general liability policy, a carrier may still be on the hook to cover cyberattacks or data breaches that are the result of a company’s negligence (as opposed to those stemming from a criminal attack, in which the company is the victim). In their Client Alert on the Fourth Circuit’s ruling, colleagues James Bobotek, Peri Mahaley and Benjamin Tievsky break down the ruling and its takeaways.
It’s apparent by now that along with an expected economic impact of billions or even trillions of dollars, the Internet of Things (IoT) also brings with it a host of security, health and policy concerns. (See our earlier post on managing the cybersecurity risks of the medical IoT for just one facet of these concerns.)
The U.S. government has noticed, and the National Telecommunications and Information Administration (NTIA), part of the Department of Commerce, is now seeking comments to guide its own rulemaking on the IoT. In a recent client alert, colleagues Aimee Ghosh, Sheila Harvey, Glenn Reynolds and Brian Wong break down what exactly the NTIA will be looking for in terms of feedback.
Last week, the en banc Federal Circuit declined to rehear its November 10, 2015, decision in ClearCorrect v. ITC, 2014-1527, leaving the U.S. International Trade Commission’s (ITC) Section 337 jurisdiction to “material things” that infringe U.S. intellectual property rights. This denial and the 2015 Federal Circuit decision have wide implications for a variety of industry sectors, especially those involved with the Internet of Things or any company that may transfer digital assets across the U.S. border. Regarding the case, this denial restricts the ITC from prohibiting ClearCorrect’s importation of digital files used to manufacture teeth aligners that allegedly infringed complainant Align Technology’s patents. (For more details on the November 10, 2015 decision, see our post, “Living in a Nonmaterial World: Determining IP Rights for Digital Data.”)
In a March 25, 2016 Order, Judge William Alsup of the Northern District of California gave Google and Oracle the choice between agreeing to a ban on conducting Internet and social media research on jurors until the trial is concluded or agreeing to disclose details as to the scope of their intended online research. As we wrote previously, Oracle is suing Google for copyright infringement on its Java API code. Google told the Court it was willing to forego digital research on jurors so long as the ban applied equally to both parties. Oracle, however, was not willing to agree to the ban.
In “The Case of Prince, a Dancing Baby and the DMCA Takedown Notice,” we discussed the potential impact of the Ninth Circuit decision in Lenz v. Universal Music Corp., 801 F.3d 1126 (2015), a.k.a. the “dancing baby case,” in which the appeals court held that under the Digital Millennium Copyright Act (DMCA), copyright holders have a “duty to consider—in good faith and prior to sending a takedown notification—whether allegedly infringing material constitutes fair use.” However, in considering whether there is fair use, the court was “mindful of the pressing crush of voluminous infringing content that copyright holders face in a digital age.” To deal with this reality, the court affirmed that computers may be leveraged to support the fair use analysis.