March 29, 2017

Archives for August 2014

The Dangers of the New Trade Secrets Acts

First, I want to state how thrilled I am to be joining the great group here at CITP. Every CITP scholar that I’ve gotten to know over the past several years have become friends and influenced my work in areas ranging from voting machine code access to international lawmaking processes. I’m delighted to be a part of CITP’s dynamic team and environment and look forward to an exciting year. Now, on to business.

Congress is actively considering legislative responses to increased foreign cyber-espionage, driven by the perception that theft is increasing both in scale and in severity. Two bills – the “Defend Trade Secrets Act of 2014” (“DTSA“) and the “Trade Secrets Protection Act of 2014” (“TSPA“) – are the latest attempts at legislating in this area. The bills both create a new private cause of action under the Economic Espionage Act (“EEA”) for theft of commercially-valuable secret information.

Currently, trade secret misappropriation is a federal crime under the EEA, but trade secret owners can seek civil remedies only in state courts, under state laws. The theory underlying the Acts is that a private cause of action under the EEA will be an effective weapon against foreign cyber-espionage. Current law, so the argument goes, is ineffective in combating cyber-espionage.

Unfortunately, the bi-partisan sponsors of the Acts have gotten this one wrong. In reality, the Acts will create or exacerbate many existing legal problems, yet solve none. As such, Sharon Sandeen and I authored the linked letter in opposition to the sponsors of the Acts and Congress, which has been signed by 31 United States legal academics. While acknowledging that the United States needs to increase protection against cyber-espionage, we assert that, in sum, the Acts should be rejected for five primary reasons:
[Read more…]

Takedown 2.0: The Trouble with Broad TROs Targeting Non-Party Online Intermediaries

On August 14, a federal district court in Oregon issued an ex parte temporary restraining order (TRO) in a civil copyright infringement case, ABS-CBN v. Ashby. The defendants in the case are accused of operating several “pirate websites” that infringe the plaintiffs’ copyrights in broadcast television programs. In addition to ordering the defendants to stop engaging in infringing conduct, the court ordered unspecified “Internet search engines, Web hosts, domain-name registrars, and domain name registries or their administrators [to] cease facilitating access to any or all domain names and websites through which Defendants engage in the [infringement] of Plaintiffs’ copyrighted works.” The court ordered the domain name registrars that had originally registered the defendants’ domain names to transfer the registrations for the pendency of the litigation to a new registrar chosen by the plaintiffs. It then ordered the new, as-yet-unidentified registrar to divert traffic from the defendants’ sites to a location displaying legal documents from the case. None of the online intermediaries targeted by the order is a named party in the case, and none was represented in court before the TRO issued.

A little over a week before the Oregon court issued its TRO, a federal district court in California issued a TRO in another “pirate website” case involving sites streaming and distributing pre-release copies of “The Expendables 3.” The California court’s order to stop providing services to the defendants was directed broadly to “persons and entities providing any services to or in connection with the domain names <limetorrents.com>, <billionuploads.com>, <hulkfile.eu>, <played.to>, <swankshare.com> and/or <dotsemper.com> or the websites to which any of those domain names resolve.” In addition to domain name registrars and hosting services, the California court’s order swept in “[a]ll banks, savings and loan associations, payment processors or other financial institutions, payment providers, third party processors and advertising service providers of Defendants.” Again, none of the online intermediaries targeted in the order is a named party in the case and none was represented in court before the TRO issued.

The reach of these orders is breathtaking, particularly in light of the non-party status of the targeted intermediaries. [Read more…]

Airport Scanners: How Privacy Risk Leads to Security Risk

Debates about privacy and security tend to assume that the two are in opposition, so that improving privacy tends to degrade security, and vice versa. But often the two go hand in hand so that privacy enhances security. A good example comes from the airport scanner study I wrote about yesterday.
[Read more…]