Wednesday, January 21, 2015

Significant Cyberspace Developments of 2014

It's a bit late for a year-end wrap-up, but better late than never, right?  For those who may have missed some of these, here are my picks for some of the more important developments in Cyberspace law that occurred in 2014. This is not meant to be an exhaustive list, and there are certainly other important developments not on the list.  

In no particular order:

·        Data Breaches --- 2014 may be “the Year of the Data Breach”.  Either that or we are just discovering and reporting them more.  The Identity Theft Resource Center identified 783 data breaches in 2014, exposing over 85 MILLION records!  One real problem is who pays for it.  The retailers (Home Depot, etc.) just shrug and say “Not our problem.  Banks, you pay for remediation”  The banks are fighting back.  Indemnification battles are getting fierce on data protection clauses in contracts.  If the industry does not sort things out, we may need the regulators to step in.
·        Alice Corp. v CLS Bank  -- A major decision in patent law from the U.S. Supreme Court.  The Court invalidated a patent that implemented an escrow process by using a computer, holding that the invention only covered an abstract idea and was not eligible for patent protection.  The decision has already being used to invalidate over a dozen patents (including one to run a bingo game on a computer), and my guess is many more are no longer being enforced but will never see a formal decision.  The decision is a bad one for patent trolls, who are often trying to enforce relatively weak or unenforceable patents.
·        ABC V. Aereo --- Not a fair use case, but a corollary of the “Don’t build a business model based on fair use” theorem.  The Supreme Court held that Aereo's system was just too contrived, and violated the broadcasters' exclusive right to perform copyrighted works by transmission.  The Court's holding was narrowly drawn,   probably due to a gut feeling that what Aereo was doing just was not kosher, and the Court avoided applying its decision broadly to "cloud computing" and other Internet business models.  We shall have to wait and see how the decision is applied to new streaming services like Slingstream.
·        I-O---- I don’t like the acronym, but it works.  Everything is being connected to everything. In May, the White House Report on Big Data recognized opportunities and concerns about data collection.   BUT WHO OWNS THE DATA???    In the absence of regulation, contracts will determine who can do what with the data.  But vendors like Sirius need to learn how to do online contracting correctly.  Once the vendors figure it out,  mass market consumers may have little ability to say "No."  Watch for the FTC to step in, at least to "encourage" transparency in data collection practices.
·        Online Contracting --- Cases like Barnes & Noble (and others) reaffirm that there is a right way and a wrong way to obtain assent to online terms.  Now Safeway also reaffirms Douglas v. California (9th Cir. 1997), that you can’t simply modify the terms at will without providing notice to the users and expect to be able to enforce the new terms.  Despite the prevailing practice, the American Bar Association's Cyberspace Law Committee (disclosure: of which I am a member) has been preaching this for over a decade!
·        Riley v California --- The U.S. Supreme Court recognized that a cell phone is not the same as a pack of cigarettes, and ruled that police cannot search the data on a cell phone without a warrant.  This is a big victory for privacy.  But where does the Supreme Court's analogy stop?  Does it extend to personal content stored on the cloud (query how the police could get access)?  What about personal data stored on a PC? 
·        Right to be Forgotten --- This is a big enough topic in Europe it needs to be mentioned.  In May the European Court of Justice ruled that Google needs to comply with EU data privacy laws and must remove links to a 1998 story about the plaintiff.  Whether the concept takes hold in the United States remains to be seen, especially with the tradition of robust First Amendment jurisprudence.
·        ApplePay --- Fad or flop?  Time will tell.  I vote flop.  Not enough vendors have the proper equipment, and there is not a huge installed base of iPhone 6 users yet.  

What do you consider to be the top Cyberspace law developments of 2014? 

(Edit) Here is Professor Eric Goldman's list of Top 10 Internet Law developments for 2014