It’s Time To Regulate The Internet… But Thoughtfully

Posted on by TSA Press

The internet policy world is headed for change, and the change that’s coming isn’t just a matter of more regulations but, rather, involves an evolution in how we think about communications technologies. The most successful businesses operating at what we have, up until now, called the internet’s “edge” are going to be treated like infrastructure more and more. What’s ahead is not exactly the “break them up” plan of the 2019 Presidential campaign of Senator Warren, but something a bit different. It’s a positive vision of government intervention to generate an evolution in our communications infrastructure to ensure a level playing field for competition; meaningful choices for end users; and responsibility, transparency, and accountability for the companies that provide economically and socially valuable platforms and services.

We’ve seen evolutions in our communications infrastructure a few times before: first, when the telephone network became infrastructure for the internet protocol stack; again when the internet protocol stack became infrastructure for the World Wide Web; and then again when the Web became infrastructure on which key “edge” services like search and social media were built. Now, these edge services themselves are becoming infrastructure. And as a consequence, they will increasingly be regulated.

Throughout its history, the “edge” of the internet sector has – for the most part – always enjoyed a light regulatory yoke, particularly in the United States. Many treated the lack of oversight as a matter of design, or even as necessarily inherent, given the differences between the timetables and processes of technology innovation and legislation. From John Perry Barlow’s infamous “Declaration of the Independence of Cyberspace” to Frank Easterbrook’s “Cyberspace and the Law of the Horse” to Larry Lessig’s “Code is law,” an entire generation of thinkers were inculcated in the belief that the internet was too complex to regulate directly (or too critical, too fragile, or, well, too “something”).

We didn’t need regulatory change to catalyze the prior iterations of the internet’s evolution. The phone network was already regulated as a common carrier service, creating ample opportunity for edge innovation. And the IP stack and the Web were built as fully open standards, structurally designed to prevent the emergence of vertical monopolies and gatekeeping behavior. In contrast, from the get-go, today’s “edge” services have been dominated by private sector companies, a formula that has arguably helped contribute to their steady innovation and growth. At the same time, limited government intervention results in limited opportunity to address the diverse harms facing internet users and competing businesses.

As the cover of the November 17, 2019 New York Times magazine so well illustrated the internet of today is no utopia. I won’t try to summarize the challenges, but I’ll direct anyone interested in unpacking them to my former employer Mozilla’s Internet Health Report as a starting point. We are due for another evolution of the internet, but in contrast to prior iterations, the market isn’t set up for change on its own – we need government action to force the issue.

I’m not alone in observing that the internet regulatory tide has turned. Governments are no longer bystanders. We are witnessing an inexorable rise in intervention. This is scary to many people: private companies operating in the sector worried about new costs and changes, academics and think tanks who celebrate the anti-regulatory approach we’ve had thus far, and human rights advocates concerned about future risks to speech and other freedoms. The internet has been an incredible socioeconomic engine, and continuing the benefits it brings requires preserving its fundamental good characteristics.

While new laws are not without risk of harm, further regulatory change today seems both necessary and inevitable. The open question is whether the effect will be, on balance, good or bad. If these imminent changes are done well, the power of government oversight will be harnessed to increase accountability and meaningful transparency, promote openness and interoperability, and center the future on user agency and empowerment to help make markets work to their fullest. If on the other hand these changes are done poorly, we risk, among other undesirable outcomes, reinforcing the status quo of centralized power, barriers to entry and growth, and business models that don’t empower users but instead subject them to ever-worsening garbage.

I’m an optimist; I think we’re on a course to make the internet better through good government intervention. From my perspective, we can already see the framework of the future comprehensive internet regulation that is to come, for better or for worse. Think of it as the Internet Communications Act of 2024, to use a U.S. naming convention; or the General Internet Sector Regulation, following the E.U. style. Advocates for a better internet can either sit on the sidelines as these developments continue, decrying the (legitimate) risks and concerns; or they can get into the mix, put forward some good ideas, and build strategies and coalitions to help shape the outcome so that it best serves the public’s interest.

Where are the key policy fights taking place? Geographically, over the past few years, we’ve seen the center of internet policy shift from Washington D.C. to Brussels, and that’s where we can see the future emerging most clearly today. The GDPR illustrates this shift, as despite its imperfections, it established a new paradigm for data protection that has been echoed in Kenya and California, with more to come.

This isn’t just a story about Europe, or about privacy, though. Competition reform is racing forward with major investigations and reports around the world; the United Kingdom has done perhaps the most work here, with its eye-opening Final Report of July 2020 (all 437 pages and 27 appendices of it!). Many countries are undertaking antitrust investigations of specific companies or reevaluating the modern day fitness of their competition legal frameworks.

Meanwhile social media companies and, more broadly, internet companies as intermediaries for user communications online, have come under fire all around the world, with Pakistan and India making some of the most aggressive moves so far. The European Union is advancing its own comprehensive regulatory vision for online content through the Digital Services Act, just as the United States is reevaluating its historical intermediary liability safe harbor, Section 230.

In the United States, we’re seeing a moment that bears many similarities to the late 1960s in the buildup to the Clean Air Act of 1970. That law had powerful bipartisan support, and commensurate industry opposition. Just as with those early climate political wars, advocates for reform are facing the weaponization of uncertainty as a tactic to resist government intervention, with the abuse of data and science and metrics to advocate for an outcome of inaction. As with climate change, inaction to address the harms presented by the internet ecosystem today is itself is a policy choice, and it’s the wrong one for the future health of the internet. I believe change will come though, and as with the Clean Air Act, eventually we’ll look back and appreciate the sea change we made by intervening at a critical moment. (Sorry, that pun was mostly inadvertent – and, in fact, a bit unfortunate given the current state of play of climate politics and the climate crisis… but that’s a piece for another author, another day.)

Considering that the Clean Air Act established the Environmental Protection Agency, perhaps in the U.S. we need what Harold Feld and his colleagues at Public Knowledge have been calling for in the Digital Platform Act, establishing something akin to an Internet Protection Agency. Or perhaps, as I’ve supported in the past, we need a revamped Federal Trade Commission with greater authority, building on that agency’s success at integrating technologists into its consumer protection work. Increasingly, I’m inclined towards the idea that what we need is an expanded Federal Communications Commission, given that agency’s relatively broad authority (no matter how circumscribed by the current leadership) and the nature of this evolution as advancing what feels like modern day communications infrastructure. The United Kingdom has decided to go in this direction for content regulation, for example, appointing OFCOM to manage future “duty of care” obligations for online platforms. The technologies and businesses are very different between the traditional telecom sector and the internet ecosystem, though, and substantial evolution of the regulatory model would be necessary.

Regardless of where you situate the future policy making and enforcement function within the U.S. government, we’re still at the normative development stage on these policy issues. And frankly, the internet policy world needs some new ideas for what comes next. So, over the next few posts in this series, I’m going to share a few fresh thoughts that I’ve been mulling over. Stay tuned!

It’s Time To Regulate The Internet… But Thoughtfully

More Law-Related Stories From Techdirt:

Another Florida Appeals Court Says Compelled Passcode Production Violates The Fifth Amendment
Appeals Court Says Address Mistakes On Warrants Are Mostly Harmless, Not Worth Getting Excited About
Ninth Circuit Says NSA’s Bulk Phone Records Collection Was Illegal, Most Likely Unconstitutional

An Open Letter To Incoming First-Year Associates

Posted on by TSA Press

Dear Class of 2020 Associates,

After three years — actually 25+ years — of hard work, you’re finally beginning your legal career. Some of you will start in a new office, and some of you will be starting remotely. These are weird times, and no one can fully prepare you for the months to come within this new paradigm. But certain themes will hold true no matter what the physical set-up may be.

Fifteen years ago, I was in your shoes, starting out as a first-year associate at Cleary Gottlieb in New York City. Here are 10 of the most important takeaways I can share from my seven-plus years as a Biglaw associate and seven-plus years (and counting) as a legal recruiter:

  1. Pick your practice area intentionally and wisely, thinking ahead about where you see yourself in terms of industry, lifestyle, and geography, five, 10, and 20 years down the road.
  2. Trust that the little stuff counts more than you now know. Be responsive and organized, meet deadlines, and pay attention to detail, appreciating that no job is too menial.
  3. Take extra time — no matter how busy you are or late it is — to understand the bigger picture. Force yourself to answer the underlying “why?”s and “how?”s on every matter you work on.
  4. Request, appreciate, and work with constructive feedback.
  5. Keep up on the latest law firm and industry news, and make an effort to learn your clients’ businesses.
  6. Keep your eyes open and be the ardent guardian of your professional development.
  7. Start developing your own business plan from Day 1.
  8. Be proactive in your career planning. Don’t trust the firm and your supervisors blindly. Recognize that career planning is a continuous and thoughtful process, not a one-and-done crisis management tool.
  9. Develop a relationship with a recruiter you trust so that you understand the legal market and your options at all times.
  10. Develop authentic relationships — with partners, peer lawyers, administrative staff and janitorial staff, and in your networking efforts. Treat everyone with equal respect and positivity.

For additional tips for getting your legal career off to the best possible start, see my articles on 25 Things All Young Lawyers Should Know In Order To Not Screw Up Their Legal Careers and Lessons For Success From A Former Biglaw Associate.

I urge you to reach out to me — not just when you’re planning an imminent move, but as you’re navigating your first year, deciding on a practice area, grappling with any other professional development questions, or seeking to just open a dialogue.

I wish you all the very best of luck in your new careers. Work hard, all the while learning and taking care of yourselves, mentally and physically. It may be a sprint at times, but it’s also a marathon.

Yours sincerely,

Abby Gordon
agordon@laterallink.com

Abby Gordon

Ed. note: This is the latest installment in a series of posts from Lateral Link’s team of expert contributors. This post is by Abby Gordon, Senior Director at Lateral Link, who works with attorney candidates on law firm and in-house searches, primarily in Boston, New York, and Europe.

Prior to joining Lateral Link, Abby spent seven years as a corporate associate with Cleary Gottlieb, focusing on capital markets transactions for Latin American clients in New York and for the last five years for European clients in Paris. A native of Boston, Abby holds a J.D., cum laude, from Georgetown University Law Center and a B.A. in government and romance languages, magna cum laude, from Dartmouth College. Abby also worked with the International Rescue Committee as a Fulbright Scholar in Madrid, Spain. She is a member of the New York, Massachusetts and Maine Bars and is fluent in French and Spanish (and dabbles in Portuguese and Italian). You can view additional articles by Abby here.

Lateral Link is one of the top-rated international legal recruiting firms. With over 14 offices worldwide, Lateral Link specializes in placing attorneys at the most prestigious law firms and companies in the world. Managed by former practicing attorneys from top law schools, Lateral Link has a tradition of hiring lawyers to execute the lateral leaps of practicing attorneys. Click here to find out more about us.

Texas Bar Exam Procedures Video Is Intense

Posted on by TSA Press

It’s not Mulan, but the other hot video release right now is the Texas Bar Exam’s procedures film prepping an unnamed bro applicant for the exam. Now that the Texas Supreme Court has casually abandoned all reason, they’re full steam ahead on their dollar store NBA bubble plan of holding the exam in-person within a hotel.

Meet our hero:

We’ll call him Norman out of some combination of Norman Bates for his authoritative shower opening skills and Norman, Oklahoma because that annoys Texans so much. Normie here is showing us everything an applicant must do before taking the test.

Does the entire minibar count as a personal item? Because we’re going to need a ruling on that.

This includes everything in the bathroom except “1 hand towel and 1 unwrapped bar of soap.” Hygiene is important!

Don’t do it dude, that’s how the Blair Witch gets you! I’m not sure why the proctors offer the casual Hitler salute but maybe that’s just a Texas thing.

Then the proctor will place a ziptie on the closet to ensure there’s no risk that the applicant can access their underwear during the test.

Whoa whoa whoa. I’ve already seen how this plays out.

Oh, that’s not what’s going on.

Or is it? By technological assistance they mostly mean “go to the bathroom” so it’s an apt symbol.

And then they’ll blow a whistle to end the exam and bring a conclusion to the thrill ride that was this video. Thank you all for joining me on this journey.

Check out the whole thing — which you have to watch on Youtube because the Board of Law Examiners disabled embeds… probably assuming this would deter Above the Law. No such luck!

HeadshotJoe Patrice is a senior editor at Above the Law and co-host of Thinking Like A Lawyer. Feel free to email any tips, questions, or comments. Follow him on Twitter if you’re interested in law, politics, and a healthy dose of college sports news. Joe also serves as a Managing Director at RPN Executive Search.

The Truth About Massive Training Costs Provided By Agents To NFL Prospects

Posted on by TSA Press

More than 50 college football players have opted out of the Fall 2020 season. Some of those players will choose to return to their respective athletic programs in 2021 while others will hire agents and begin preparations for the 2021 NFL Draft.

Notable players who have decided to opt out of the Fall 2020 season include Georgia quarterback Jamie Newman, Virginia Tech defensive back Caleb Farley, Penn State linebacker Micah Parsons, and LSU wide receiver Ja’Marr Chase. The aforesaid individuals, other than Newman, have all already retained agents and will more than likely rely on their representatives to cover their training costs, provide a monthly stipend and offer up a handsome lump sum of cash, referred to as a “marketing advance,” that is technically supposed to be recovered by the agents over time from the marketing revenue that the players are able to generate from off-field endeavors.

Recruiting and representing these high-profile players is an expensive effort for agencies even when global pandemics are not present. This year, with the coronavirus pandemic in play and a growing number of players opting out in August and September, the price to compete for top talent has gone up for sports agents, mainly because the monthly stipend and training cost coverage are being delivered at a much earlier date.

Football insider Neil Stratton suggested that those players projected to be selected among the top 20 picks of the 2021 NFL Draft are likely to command $7,000 to $8,000 per month in the form of a stipend, a separate marketing guarantee that ranges from $150,000 to $300,000, and $30,000 to $40,000 in training expenses, which typically includes a car rental as well as room and board. These are all out-of-pocket costs that the sports agent will incur prior to ever receiving any money from the represented players.

The estimated costs obviously scale down as the players are projected to be selected later in the 2021 NFL Draft. Stratton predicted stipends of roughly $5,000 per month for players pegged at the 21st to 50th slots, a bit less than $4,000 per month for those likely to be drafted at the end of the second round through the third round, and then $1,500 to $2,000 for those who are predicted to be off the board by at least the end of the fifth round. Players selected in these areas will also be seeking marketing guarantees, but there is a big drop off in amounts they should be reasonably able to command as the projections get worse.

The one category of costs that remains rather static for any of the opt outs suggested to be drafted before the end of the fifth round of the 2021 NFL Draft is related to training. Stratton said that it is unlikely that an agent will be able to successfully convince any of these players that they deserve less than full cover for the amount of their training at the facility of their choice, which ultimately will end up running at least $30,000 throughout the duration of the experience.

The little-known fact is that all of these pre-Draft expenses, but for the marketing guarantee, are typically not recoverable by agents, and agents are known to often neglect requiring the marketing guarantee to be reimbursed so long as the players remain signed to the parties’ Standard Representation Agreement (SRA).

If an agent brings a dispute against a player for reimbursement of these expenses, which only occurs when a player leaves the agent (a somewhat common practice), then the agent will have the burden to prove entitlement to reimbursement. The general rule is that, if a player pays the agent the agent’s commission on the NFL team deal negotiated by the agent, then the agent is not entitled to recapturing out-of-pocket costs, including those training costs that the player may have contractually agreed to reimburse in the case that the player terminates the SRA. The justification for this precedent is that it would be tantamount to a double payment that does not comport with notions of justice and equity. A rare exception to the general rule is when there are unusual or extenuating circumstances (such as the representation of an undrafted player and/or a relatively new agent involved in the transaction), and the precedent established within the NFL Players Association arbitration system is controlling on that issue as well.

The vast majority (if not all) of the college football players opting out and selecting agents will be drafted, and drafted quite high. The agents who sign these players are extremely unlikely to be classified as inexperienced. As such, it is much more likely than not that, as long as the players pay their agents the commissions they will be entitled to for negotiating their forthcoming rookie deals (assuming the players do not switch agents prior to such negotiations), these agents will never receive a reimbursement for the training costs and stipends they lay out for these players leading up to the 2021 NFL Draft. Chalk it up to being the cost of doing business in a cutthroat industry.

Darren Heitner is the founder of Heitner Legal. He is the author of How to Play the Game: What Every Sports Attorney Needs to Know, published by the American Bar Association, and is an adjunct professor at the University of Florida Levin College of Law. You can reach him by email at heitner@gmail.com and follow him on Twitter at @DarrenHeitner.

Allegedly Sexual Deviant Crispin Odey Definitely A Racist, Ghoul

Posted on by TSA Press

Morning Docket: 09.04.20

Posted on by TSA Press

(Photo by Michael Loccisano/Getty)

* A judge has ruled that Kanye West will not appear on the presidential ballot in Virginia. Maybe Kanye had his attention on West Virginia anyways… [Hill]

* A former doctor has been convicted of attempted murder for purportedly trying to kill a lawyer who opposed the doctor in two lawsuits. [ABA Journal]

* A Loyola University law student is accused of torching his New Orleans apartment after a heated dispute with her landlord. [Times-Picuyane]

* A disbarred New York lawyer has been charged for allegedly stealing money meant for 9/11 first responders. [New York Law Journal]

* A New Jersey lawyer has been charged with fraudulently obtaining $9 million in COVID-19 relief money and using the funds to buy a mansion and other luxury items. [New Jersey Law Journal]

* The top lawyer for an online retailer has pleaded guilty to stealing around $6 million from his company and used the money to fund his lavish lifestyle. Lots of lawyers behaving badly in the Morning Docket today! [New York Daily News]

Jordan Rothman is a partner of The Rothman Law Firm, a full-service New York and New Jersey law firm. He is also the founder of Student Debt Diaries, a website discussing how he paid off his student loans. You can reach Jordan through email at jordan@rothmanlawyer.com.

Please Send Any And All Pilfered Suspicious Activity Reports To tips at dealbreaker dot com

Posted on by TSA Press

Former White House Staffer Helms New Cybersecurity, Discovery and Info Gov Services Company | LawSites

Posted on by TSA Press

Launching today is a company formed to provide cybersecurity, e-discovery, managed review and information governance services to commercial and government organizations, and leading it is the lawyer who formerly served as director of information governance at the White House.

Called Empire Technologies Risk Management Group, the company says its lawyers and technologists have more than 100 years of collective experience in cybersecurity and information governance, with professional staff who have formerly served the Department of Defense, the Federal Trade Commission, the White House, law firms and Fortune 500 companies.

Kenya Dixon

The company’s general counsel and chief operating officer, Kenya Dixon, served until June as director of information governance in the White House. She was formerly at the Federal Trade Commission, where she was assistant director of the Division of Litigation Technology & Analysis.

She was recently among the finalists in voting for the Stellar Women in E-Discovery award, the winner of which will be named by e-discovery company Relativity during its Relativity Fest conference slated for Sept. 21-23.

The company is based in Washington, D.C., and says its plans to soon open additional offices in Chicago and New York.

I was not able to speak with anyone from the company prior to this morning’s announcement. Its LinkedIn page lists no employees other than Dixon and its website also provides no further information about company executives.

A spokesperson told my by email that ETRM Group is a holding company for multiple companies in the data and legal industries, with an overarching cybersecurity focus. It is privately owned and has financial backing from private investors.

The spokesperson said that the company has multiple executives, many of whom are industry executives and some of whom are silent partners. The company’s board of executives consists of executives from the entities rolling up under the ETRM Group Company. Those acquisitions will be announced over the next six months, as will be other strategic partnerships.

Focus on Cybersecurity

In a statement provided by the company, Dixon said:

“The legal marketplace is facing an unprecedented number of cyberattacks and breaches because the data security industry has focused only on secure networking – not a secure working environment. At ETRM Group, we believe that cybersecurity is the foundation of every successful legal process or technology – whether it’s eDiscovery, managed review or adapting to new standards like a remote workforce.”

The company’s website says that the customers it serves are corporations, law firms and government agencies.

The services it provides include:

  • Risk management and fraud investigations.
  • Cyber security, including development of cybersecurity protocols and information technology governance, design and monitoring of network defense systems, incident response and containment, and remediation.
  • Discovery services, including discovery management, data hosting, digital forensics, managed review and paper discovery.

Although the company is officially announcing its launch today, it appears to have soft-launched in May and been operating since then.

On Detecting And Deterring Moles And Miscreants In The Workplace

Posted on by TSA Press

Organizations are facing increasingly complex and international threats — from trade-secret exfiltration from countries like China in furtherance of economic espionage and academic advantages, to criminal gangs intent on installing malware on networks to extract hefty ransoms. While the exploits themselves are not new, the pace, the breadth, and the incentives are enhanced, creating heightened concern at the highest corporate and governmental levels. With trade secrets, valuable IP, reputation, and shareholder value on the line, what are best-in-class security teams doing to protect themselves against advanced threat actors?

Know And Protect Your ‘Crown Jewels’

Identifying the ‘crown jewels’ of an organization is often a reasonable first step in understanding how best to protect these treasures, especially for enterprises with mature security teams leveraging threat intelligence, red team, threat hunting, trust and safety, and incident response capabilities. Key customer lists, intellectual property descriptions, business strategy documents, board materials, and network access lists form the basis of corporate value. Understanding where these jewels exist and how they are being protected is critical in protecting them, according to Nisos co-founder Landon Winkelvoss, who worked within the intelligence community fending off nation-state actors.

A flat network where an adversary has natural access or can move laterally to pick up jewel after jewel creates an absolute windfall for the intruder. Reverse this game of cyber ‘pick-up-sticks’ by segmenting critical areas of the network and using creative, customized, and cost-effective monitoring solutions so that intruders are limited in their ability to gain access to and proceed through the corporate bounty.

Develop An “Open-Door” Security Culture

A culture of security awareness is a healthy ecosystem where employees feel empowered to come to a security team or legal department with concerns that a heist is underway. According to the Federal Bureau of Investigation, organizations that ward off intellectual property theft the best do so through cultural and systematic controls which include the following measures:

  • Educate and regularly train employees on security or other protocols.
  • Ensure that proprietary information is adequately, if not robustly, protected.
  • Use appropriate screening processes to select new employees.
  • Provide nonthreatening, convenient ways for employees to report suspicions.

Insider Threat Program Manager for Tesla, Charles Finfrock, believes that the highest return on investment for an organization comes from transforming a workforce into a ‘sensor network’ through rigorous training and building rapport so the workforce is comfortable bringing unusual activity to the security team. This culture of heightened awareness and collaboration yielded extraordinarily high dividends for Tesla this summer in uncovering a Russian crime gang’s plot to infiltrate the company’s network to install ransomware via a USB drive. The hero in this incident was a company employee who turned down the $1 million lure and instead reported the event to the security team resulting in the would-be attacker being arrested by the FBI.

According to Finfrock, an effective insider threat program is not so much about having a complex network monitoring solution to ‘boil the ocean’ and find the needle in the haystack as cultivating an ethos of trust and transparency within the workforce.

Indicators Of Compromise

An employee who appears disgruntled, works odd hours, has unexplained absences, and unreported foreign travel may be an insider threat, according to the FBI. Any combination of these may point to a spy in your corporate ranks, and bears investigation. Additional indicators of insider threats include the following:

  • Changes in work hours
  • Changes in computer asset usage
  • Excessively large downloads
  • Usage of log clearing software/methods
  • Increase in visits to file share or intranet sites
  • Installation of high-risk software
  • Spikes in inbound/outbound email traffic volume
  • Frequent external/personal recipients on emails
  • Attachments sent to suspicious recipients
  • Removable media alerts
  • Modification to remote file share folders/file accesses
  • Bursts in printing on weekends and holidays
  • Notice of resignation or termination
  • Declining performance reviews
  • Disciplinary action
  • Increase in visits to job search sites
  • Increase in outbound email to competitors
  • Social media posts
  • Financial duress
  • Privileged user activity
  • Access levels/permissions
  • Changes in remote network connectivity/VPN Endpoint behavior alerts
  • Sharing passwords or unauthorized use of credentials
  • Attempts to access resources outside of job role
  • Noncompliance with training requirements
  • Policy violations

Like taking apart and rebuilding a plane in flight, organizations cannot simply deconstruct and rebuild their workforces and networks. But rethinking security awareness and empowering security teams to shore up on professionals with high emotional quotients and other characteristics which allow them to gauge the trustworthiness of, and garner the trust of their teams, can be extremely impactful –- not just for organizations and their stakeholders, but for our nation’s technology and its critical infrastructure.

Jennifer DeTrani is General Counsel and EVP of Nisos, a technology-enabled cybersecurity firm.  She co-founded a secure messaging platform, Wickr, where she served as General Counsel for five years.  You can connect with Jennifer on Wickr (dtrain), LinkedIn or by email at dtrain@nisos.com