Photo of Jeffrey Neuburger

Jeffrey Neuburger

Subscribe to Jeffrey Neuburger's Posts

Jeffrey Neuburger is co-head of Proskauer’s Technology, Media & Telecommunications Group, head of the Firm’s Blockchain Group and a member of the Firm’s Privacy & Cybersecurity Group.

Jeff’s practice focuses on technology, media and intellectual property-related transactions, counseling and dispute resolution. That expertise, combined with his professional experience at General Electric and academic experience in computer science, makes him a leader in the field.

As one of the architects of the technology law discipline, Jeff continues to lead on a range of business-critical transactions involving the use of emerging technology and distribution methods. For example, Jeff has become one of the foremost private practice lawyers in the country for the implementation of blockchain-based technology solutions, helping clients in a wide variety of industries capture the business opportunities presented by the rapid evolution of blockchain. He is a member of the New York State Bar Association’s Task Force on Emerging Digital Finance and Currency.

 

Jeff counsels on a variety of e-commerce, social media and advertising matters; represents many organizations in large infrastructure-related projects, such as outsourcing, technology acquisitions, cloud computing initiatives and related services agreements; advises on the implementation of biometric technology; and represents clients on a wide range of data aggregation, privacy and data security matters. In addition, Jeff assists clients on a wide range of issues related to intellectual property and publishing matters in the context of both technology-based applications and traditional media.

Contact:Read more about Jeffrey Neuburger

We continue to wait to see if the Supreme Court will accept LinkedIn’s petition to overturn the Ninth Circuit’s blockbuster ruling in the hiQ Labs case.  In that case, the appeals court held that an entity engaging in scraping of “public” data had shown a likelihood of success on its claim that such access does not constitute access “without authorization” under the federal Computer Fraud and Abuse Act (CFAA).

In the meantime, earlier this week the Supreme Court agreed to hear the appeal of an Eleventh Circuit decision that affirmed the conviction of a police officer under the CFAA for “exceeding authorized access” for accessing police databases for personal gain. (See U.S. v. Van Buren, 940 F. 3d 1192 (11th Cir. 2019), pet. for cert. granted Van Buren v. U.S., No. 19-783 (Apr. 20, 2020)).  This would be the Supreme Court’s first CFAA case.

And in addition to the news at the Supreme Court, late last month, a D.C. district court issued a ruling interpreting the extent of criminal liability under the CFAA for accessing websites in contravention of terms of use for academic research. In that case, the D.C. court held that the mere violation of website terms of use cannot form the basis of criminal liability for “unauthorized access” or “exceeding authorized access” under the CFAA. (Sandvig v. Barr, No. 16. 1368 (D.D.C. Mar. 27, 2020)).

In an innovative initiative in the battle against the Coronavirus, the newly-formed Open COVID Coalition (the “Coalition”) launched the Open COVID Pledge (the “Pledge”), a framework for organizations to contribute intellectual property to the fight against COVID-19. Pursuant to the Pledge, rightsholders can openly license intellectual property to facilitate the development of tools and technologies to counter the COVID pandemic. These would include the manufacturing of medical equipment and testing kits, as well as the development of software, AI and biotech solutions to contain and end the virus. Many major technology companies and other organizations have signed on to the Pledge.

The Coalition created a form of license which participants may to use to fulfill the pledge.  Under the license, the Open COVID License 1.0 (“OCL”), the pledgor grants a “non-exclusive, royalty-free, worldwide, fully paid-up license (without the right to sublicense)” to exploit the IP (other than trademarks or trade secrets) in products, services and other articles of manufacture “for the sole purpose of ending the ‘COVID-19 Pandemic’ (as defined by the World Health Organization, “WHO”) and minimizing the impact of the disease, including without limitation the diagnosis, prevention, containment, and treatment of the COVID-19 Pandemic.” The term of the OCL is retroactive to December 1, 2019 and runs until one year after WHO declares the end of the pandemic. Under the OCL, the pledgor “will not assert any regulatory exclusivity against any entity for use of the Licensed IP” in accordance with the license grant, and agrees to not seek injunctive or regulatory relief to prevent any entity from using the licensed IP. As with some traditional open source licenses, the licensed IP is granted without any warranties and the license is suspended if the license threatens or initiates any legal proceeding against the pledgor. Lastly, all copyright and related rights granted under the OCL are deemed waived pursuant to the Creative Commons 1.0 Universal License (public domain dedication).

In recent years, courts have issued a host of rulings as to whether online or mobile users received adequate notice of and consented to user agreements or website terms when completing an online purchase or registering for a service. Some online agreements have been enforced, while others have not. In each case, judges have examined the circumstances behind the transaction closely, scrutinizing the user interface and how the terms are presented before a user completes a transaction. In general, most courts seek to determine whether the terms are reasonably conspicuous to the prudent internet user and whether the user manifested sufficient assent by signing up for a service or completing a transaction.

From the perspective of making a sign-up process as smooth as possible, there is often an interest in moving the reference to terms and conditions out of the main flow of user sign-ups.  However, as we were reminded recently by an Illinois court examining the interfaces of DVD rental company Redbox, one does so at risk of finding those terms to be unenforceable.

The Illinois court noted numerous shortcomings with Redbox’s electronic contracting process.  It found that because links to the relevant terms were not clearly and conspicuously displayed, customers did not have constructive notice that they were assenting to those terms when hitting the “Pay Now” button to rent a DVD at a kiosk or by signing into a Redbox account online. (Wilson v. Redbox Automated Retail, LLC, No. 19-01993 (N.D. Ill. Mar. 25, 2020)). As such, the court denied Redbox’s motion to compel arbitration of plaintiff’s claims.

In early February 2020, before most of us were truly aware of the implications of COVID-19, a well-respected IT consulting group predicted a $4.3 trillion global spend on information technology in 2020. Drivers of the projected activity included cybersecurity, outdated infrastructure, mobile accessibility needs, cloud and SaaS transitions, and on-premises technology requirements.  In late 2019, another well-respected consulting group had predicted that, in 2020, “[t]here will be increasing opportunities for technology vendors and service providers to grow their businesses, and for technology buyers to innovate and upgrade their infrastructure, software, and services.” In fact, as 2020 began, many deals for technology development, implementation and related services were signed and technology providers, consultants and related service providers (collectively referred to in this post as “vendors”) and their customers were busy building, implementing and testing new systems.

Then came COVID-19. Most people in the United States and in many other parts of the world are now working from home. Capital markets are volatile. The global economy came to a screeching halt and recessions are forecast.  As a result of these and other factors, many deals that were humming along nicely are now facing significant and unanticipated challenges. For example:

  • In many cases, neither the vendor nor the customer community is “in the office.” While it is not uncommon for software developers to work remotely, many important aspects of a complex implementation – e.g., hardware installation, software testing and user training – are most effective when done on site. Obviously, given the work-from-home and no-travel environment that we are in, this is not possible.
  • Key individuals from both the vendor and customer community may be less available, either due to their own illnesses or due to pressing family issues or other concerns related to the pandemic.
  • Some customers may experience significant and unanticipated financial distress, and as a result, the payment obligations associated with the initiative may become particularly burdensome for them. Vendors may also be facing similar financial distress.
  • Due to the downturn in the business climate resulting from the pandemic, the business volume assumptions on which the ongoing initiative was based may no longer be realistic.

This blog post is intended to suggest a practical approach that both technology vendors and their customers might take to find amicable solutions to challenged deals.

While Washington’s comprehensive data privacy bill (SB 6182) — inspired by California’s CCPA — died when legislators could not hammer out a compromise over enforcement mechanisms, the state legislature did reach agreement and Gov. Jay Inslee signed into law a facial recognition bill (SB 6280) that provides some important privacy and antidiscrimination provisions regarding state and local governmental use of the technology.

An interesting New York Times article last week posited that governments’ use of digital surveillance techniques for the COVID-19 response – such as the tracking of geolocation to gauge quarantine restrictions – would lead to more pervasive digital tracking in the future. On a related note, there have been reports of an increased use of facial recognition technologies as governments use digital tools to respond to the outbreak.

These developments bring to mind some interesting questions:

In the future, given our collective experience with this invisible foe, will there be a move away from contact-based security and access control systems to “germless” and “touchless” processes?

If so, what role will be played by facial recognition and other biometrics-based systems in that shift?

Teami, LLC (“Teami”), a marketer of teas and skincare products, agreed to settle FTC charges alleging that its retained social media influencers did not sufficiently disclose that they were being paid to promote Teami’s products. The FTC’s Complaint also included allegations that Teami made unsupported weight-loss and health claims about its products, an issue that is beyond the scope of this blog post. The Stipulated Order for Permanent Injunction and Monetary Judgment was approved by a Florida district on March 17, 2020.

This settlement is significant in that it identifies clear steps that an advertiser can follow in the interest of avoiding similar FTC allegations of deception with respect to paid endorsers. Compliance in this area remains an ongoing concern as the FTC reiterated in a statement accompanying the settlement that: “[T]he Commission is committed to seeking strong remedies against advertisers that deceive consumers because deceptive or inaccurate information online prevents consumers from making informed purchasing decisions….”

Despite continued scrutiny over the legal immunity online providers enjoy under Section 230 of the Communications Decency Act (CDA), online platforms continue to successfully invoke its protections. This is illustrated by three recent decisions in which courts dismissed claims that sought to impose liability on providers for hosting or restricting access to user content and for providing a much-discussed social media app filter.

In one case, a California district court dismissed a negligence claim against online real estate database Zillow over a fraudulent posting, holding that any allegation of a duty to monitor new users and prevent false listing information inherently derives from Zillow’s status as a publisher and is therefore barred by the CDA. (924 Bel Air Road LLC v. Zillow Group Inc., No. 19-01368 (C.D. Cal. Feb. 18, 2020)). In the second, the Ninth Circuit, in an important ruling, affirmed the dismissal of claims against YouTube for violations of the First Amendment and the Lanham Act over its decision to restrict access to the plaintiff’s uploaded videos. The Ninth Circuit found that despite YouTube’s ubiquity and its role as a public-facing platform, it is a private forum not subject to judicial scrutiny under the First Amendment. It also found that its statements concerning its content moderation policies could not form a basis of false advertising liability. (Prager Univ. v. Google LLC, No. 18-15712 (9th Cir. Feb. 26, 2020)). And in a third case, the operator of the messaging app Snapchat was granted CDA immunity in a wrongful death suit brought by individuals killed in a high-speed automobile crash where one of the boys in the car had sent a snap using the app’s Speed Filter, which had captured the speed of the car at 123MPH, minutes before the fatal accident. (Lemmon v. Snap, Inc., No. 19-4504 (C.D. Cal. Feb. 25, 2020)).   

With the spread of the novel coronavirus (COVID-19), many organizations are requiring or permitting employees to work remotely.  This post is intended to remind employers and employees that in the haste to implement widespread work-from-home strategies, data security concerns cannot be forgotten.

Employers and employees alike should remain vigilant of increased cybersecurity threats, some of which specifically target remote access strategies.  Unfortunately, as noted in a prior blog post, cybercriminals will not be curtailing their efforts to access valuable data during the outbreak, and in fact, will likely take advantage of some of the confusion and communication issues that might arise under the circumstances to perpetrate their schemes.

Employees working from home may be accessing or transmitting company trade secrets as well as personal information of individuals. Inappropriate exposure of either type of data can lead to significant adverse consequences for a company.  Exposure of trade secrets or confidential business information can potentially cause significant business damage or loss. Exposure of personal information can potentially trigger state or federal data breach notification laws, and result in significant liabilities for a company as well as expanded identity theft issues for individuals.  The threat is not only an online concern – physical security is at issue as well. Unauthorized access to printed copies of sensitive documents could lead to additional exposures.