This blog is devoted to the tension created as traditional legal concepts are applied to new questions created by technolgy. AKA the problem of  trying to fit a square peg in a round hole, to use an old cliche.

I recently ran across an article by a friend of mine, John Amabile and his partners at Parker Poe, Michael Birns and Todd Sprinkle entitled “Textualism Is The Law of the Land in Georgia: What To Do About it?” Here is a link to the article which appeared on December 7, 2017 in jdsupra. The article poses this exact question within the confines of a series of decisions by the Georgia Supreme Court.

 

“textualism requires the court to apply the plain meaning of the statutory text at the time the statute was originally“

John and his team report that the Georgia Supreme Court has firmly embraced the concept of textualism and rightfully lament the deleterious impact the application of this concept could have on businesses.   Continue Reading Textualism: The Enemy of Innovation?

Earlier this month, the 9th Circuit dealt online anonymous reviewing services a chilling blow when it decided United States v. Glassdoor. Faced with an online service which allowed people to post employer reviews for the benefit of others, the Court determined that those who posted on the service were like newspaper reporters and reverted to an analysis used for print media some 40 years ago.

Specifically, the Court ruled that the government could compel Glassdoor to reveal the identity of anonymous reviewers of employers by employees who posted on the site even if those who had posted didn’t consent. What this means for other online services that rely on similar anonymous posts could be significant. At the very least, use of outmoded legal concepts for new technological driven will be chilling and is unfortunate.

This means the government could compel Glassdoor to reveal the identity of anonymous reviewers of employers by employees who posted on the site even if those who had posted didn’t consent.

Background

The case started when the government served a subpoena on Glassdoor, an online forum where current and former employees can anonymously post reviews about the salaries and work environments of their places of employment. The subpoena asked for identifying information for more than one hundred accounts that had posted reviews of an employer whose contracting practices were apparently under criminal investigation by a federal grand jury. The investigation centered on alleged wire fraud by one of the companies that was under investigation by a Grand Jury.
Glassdoor refused to reveal its users’ identity to the Grand Jury citing among other things the First Amendment right of its users to speak anonymously. Continue Reading When Anonymous Isn’t Really: Government Threats to Online Reviews

Fear of new technology sometimes creates strange legislative results and perhaps unintended consequences.

In 2008, Illinois passed the Biometric Information Privacy Act (BIPA), designed to protect employees and consumers against perceived abuses associated with the collection of bio metric data by businesses and providing a statutory cause of action for its violation.

Fearing how such technology might be used and worried about the privacy implications of how data might be used, (the Preamble actually provides “the full ramifications of biometric technology are not fully known”), the Illinois Legislature enacted a law requiring businesses planning to maintain any sort of databases of these identifiers enact policies to receive written authorization from customers or employees before scanning fingerprints, retinas or other biometric identifiers. It also requires businesses to share with those whose biometrics are being scanned information on how those identifiers would be stored and even disposed of. Continue Reading Illinois Biometric Information Privacy Act: Legitimate Privacy Protection or Pandora’s Box?

Under a new law recently proposed in Ohio, businesses that take steps to secure data could be protected from lawsuits if a hack occurs. The bill, Senate Bill 220, was the first bill to emerge from the Ohio attorney general’s office’s and its cyber-security task force of business leaders, information technology experts, and law enforcement created in the wake of high-profile hacks of consumer information. The bill is an effort to help businesses with cyber related claims, encourage them to be proactive and recognize the difficulty in creating standards for constantly evolving technologies. It’s a valid effort to balance law and technology.

According to Ohio Attorney General Mike DeWine, a member of the task force, “Those business that take reasonable precautions and meet these important standards will be afforded a safe harbor against claims should a data breach occur…To trigger the safe harbor provision, businesses must create their own cyber-security programs that meet certain standards.” Continue Reading New Ohio Bill Proposes Data Breach Protections

“No stop signs, speed limit
Nobody’s gonna slow me down
Like a wheel, gonna spin it
Nobody’s gonna mess me around”
AC/DC

This blog is directed toward examining the tensions that arise as technology runs square into the law and the practice of law. Often the fit between the two doesn’t exist, or isn’t great mainly because the law looks backward and cant see solutions to problems that didn’t exist before. And sometimes the opposite occurs: we try to change the law to attack a new kind of problem and in doing so create a whole host of unintended consequences.

One glaring example is the ACDC Act which was proposed earlier this year by Rep. Tom Graves of Georgia. Continue Reading Highway to Hell: The ACDC Act

Smart Home Exhibit @ The Museum of Science and Industry

We have all heard about smart homes and the nirvana they may create. But we hear little about the risks, exposure and liability smart homes may pose. These risks stem from the fact that the standards governing smart home devices and the Internet of Things (IoT) simply don’t yet exist. And to the extent any do, they are not necessarily consistent and the law is not well developed. Nor has it addressed many of the issues raised by the new technologies. So we have a bunch of new devices that are popular, that carry some risks with few standards or laws governing them. Sound like a recipe for litigation? Continue Reading Smart Homes: Risky Business?

This year’s Clio Conference in New Orleans just concluded. Clio calls itself a cloud based law practice management software company. Every year, it holds a conference with lots of razzle dazzle, speakers and parties. And it always skates where the puck is going.
This year was no exception. While it offered a slew of new products (here’s a good article from Bob Ambrogi on these new ones), here are my top 10 takeaways on the conference itself.

1. If Jack Newton, the CEO and one of the founders of Clio is not the Steve Jobs/Elon Musk of legal tech, I don’t know who is. 10 years ago he created a product, grew it immensely and continues to innovate. Last year he gave us the first comprehensive Survey of the legal profession (see below). This year, a new interface and software program. And to top it all off, he gives us a honest to goodness technology conference with dazzling keynotes, great content, high energy, music, parties and fun. No one else in the industry seems to understand that people are drawn to good presentations, good speakers, welcoming atmosphere and, of yes, music. Clio knows how to succeed in this space better than anyone. Continue Reading ClioCloud9: 10 Takeaways

Recently I was the subject of a well written post by one of my favorite people, Kevin O’Keefe, in Above the Law. Kevin talked about an idea I had about a better way to handle the kind of work I have historically done: mass tort defense.

 

By way of background, I have spent most of my career defending mass tort actions, either litigation stemming from a single disaster or from non pharmaceutical serial litigation. Continue Reading Collaborative Disintegration: A Better Mousetrap?

It’s been said that bad facts make bad law. If that’s true then those who defend class action data breach cases better buckle down for some stormy seas. The facts surrounding the new Equifax breach couldn’t get much worse.

Equifax knew of the breach months in advance of when it announced it. It failed to take even the most simple precautions to prevent it. One key employee’s user name was reportedly admin. His password: you guessed it, admin. And some are claiming the breach was caused by the failure to keep the Equifax software up to date.

And the information held by Equifax was substantial. Names, addresses, health info, credit info, social security info. The most sensitive and valuable stuff. Not to mention the size: 140 million records were stolen.

And the fact that chief officers sold substantial stock in the company right before the breach certainly doesn’t help. Oh and by the way, if you go to the Equifax to check on your personal situation, you will be directed to a page where you can buy protection from…wait for it… Equifax.

All conduct that has received publicity. All conduct which could and will raise the ire of a judge looking at the case and deciding whether to allow it to proceed against Equifax as a class action.

The big issues is damage. Or better put, the lack thereof. In most data breach cases, its hard to find the more concrete, real damages that most courts are used to seeing in other kinds of cases

By way of background, Courts have been struggling with how to deal with data breach cases. The big issues is damage. Or better put, the lack thereof. In most data breach cases, its hard to find the more concrete, real damages that most courts are used to seeing in other kinds of cases. This makes determining whether standing for constitutional purposes exists a harder question for Courts to deal with.

Ever since the Supreme Court decided Clapper if not before, standing could be satisfied by a showing of actual damages or the “imminent threat” of actual damage. It is one the latter point that the federal circuits have split—some are more liberal and some more conservative. What is an imminent threat of harm when electronic records are stolen but not immediately used for fraud? Do the electronic records themselves and the resulting loss of privacy have value apart from any real use of them?

The plaintiffs argument is that we must force companies to be responsible when they put private records at risk. That privacy is a fundamental right. That its worth something. And that the mere theft of records by the bad guys itself shows the imminent harm—you wouldn’t steal the car keys if you weren’t going to drive the car.

The defense says that data breaches are inevitable and really can’t be stopped. How can you hold a company accountable for something that can’t be prevented? And not all hacks result in financial fraud or real damage. Indeed, so far none of the stolen Equifax information has appeared on hacker forums which could suggest that the breach may not be financially motivated.

And as the data breaches mount, as I recently wrote, more and more Courts seem willing to side with those whose personal information has been purloined even if its not used. And certainly, the more heinous the conduct, the more likely Courts will allow actions to proceed: it just doesn’t seem fair or right that a case against an entities like Equifax should simply be dismissed and that they not be called on to account for their conduct.

the more heinous the conduct, the more likely Courts will allow actions to proceed: it just doesn’t seem fair or right that a case against an entities like Equifax should simply be dismissed and that they not be called on to account for their conduct.

So the pressure on the judiciary, even federal judges appoint for life, will be extraordinary. Can you imagine the news headlines if claims against Equifax are dismissed? The editorial comment? The backlash?

So for all these reasons, this is a situation where bad facts may result in a decision that wouldn’t otherwise be made. Once again, the judiciary will be called upon to make the square peg of technology and what it can do fit into the round hole of existing precedent, even though it doesn’t fit very well. And the solution is not obvious since unlike most disrupters, the bind of precedence it particularly tight on judges and lawyers, making a more creative resolution–perhaps one that stops short of full blown standing but recognizes the potential risk of harm– hard to implement.

Photo Attribution: GotCredit via Flickr.

What  do we call (what I shudder to mention as) “non lawyers”?

One of the interesting by products of the increased use of technology, collaboration and disruption is the panoply of business professionals now serving the legal profession from MBA’s, marketing experts, IT folks and innovators. These professionals and others play an integral role in and for many lawyers either as employees or outsourced resources.

 

Given the innovation and creativity now required to succeed, these folks will be even more valuable in the future.

Ahh but notice I didn’t use the dreaded term “non lawyers” or the slightly less offensive term “staff” in describing these folks.

Continue Reading So What’s In A Name, Anyway?