Download: 5 Future Tech Forces & Board Expectations

A new publication by the National Association of Corporate Directors examines the areas of technology that are “fundamentally changing the economic world.”

The article can be downloaded from the NACD’s website at no charge.

The areas discussed in the article include artificial intelligence, blockchain, cybersecurity, hyperconnectivity, and symbiotic systems.

J.T. Kostman, the author of the article and managing director of Applied Artificial Intelligence at Grant Thornton, provides real-world examples that illustrate the capabilities these technologies have enabled, the risks they pose, and why they are considered to be the driving forces of “the fourth industrial revolution.”

Download the article.



Lenovo $8.3M Spyware Class Action Settlement Gets Initial OK

Lenovo Group Ltd. can move ahead with an $8.3 million settlement to end a class action that its ad software exposed customer laptops to performance, privacy, and security problems, reports Bloomberg Law.

The federal court’s initial approval of the settlement comes four months after Lenovo and the consumer class filed with the court to end the spyware action. The SuperFish software, which Lenovo began installing in 2014, could access customer Social Security numbers, financial data, and sensitive heath information, the court said.

“Lenovo is set to pay $7.3 million to the settlement fund, and SuperFish will kick in another $1 million from a prior deal with consumers over the spyware issue,” according to Bloomberg’s Daniel R. Stoller.

Read the Bloomberg Law article.



Fewer Lawsuits for Corporations, But More Oversight on Data andTax Risk

Corporate counsel report a decrease in the number of lawsuits against their companies over the last year, but they face more regulatory proceedings and arbitrations in navigating increased cyber risk, data protection and tax issues.

Norton Rose Fulbright’s 2018 Litigation Trends Annual Survey polled 365 senior corporate counsel representing US-based organizations on disputes-related issues and concerns.

Two thirds of respondents report feeling more exposed in 2018 to cybersecurity and data protection disputes. The survey also found that the growing international nature of many business operations has caused a spike in conflicts related to countries’ differing discovery and data protection laws and regulations.

See the survey results.



Blockchain Alliance Reaches 100 Members

Steptoe & Johnson LLP announced that the Blockchain Alliance, a public-private forum to combat criminal activity involving cryptocurrencies and blockchain technology, has grown to include 100 industry and government agencies in 19 countries.

Founded in October 2015 by the Chamber of Digital Commerce and Coin Center and led by Steptoe, the Alliance is comprised of a broad coalition of companies and government agencies that work to make the blockchain ecosystem more secure through education and dialogue between government and industry. In less than three years, the Alliance has grown from 17 industry members and six U.S. federal agencies to a total of 100 participants all over the world, including not only cryptocurrency and blockchain technology companies but also regulatory and enforcement agencies on six continents, as well as international entities including Interpol and Europol.

Steptoe partner Jason Weinstein (former deputy assistant attorney general in charge of cybercrime investigations at the Department of Justice and a member of the strategic advisory boards of BitFury, Coin Center and the Chamber of Digital Commerce) serves as the group’s director. Steptoe of counsel Alan Cohn (former assistant secretary for strategy at the Department of Homeland Security and a strategic advisor to several blockchain startups) serves as counsel to the Alliance.

“The growth of this Alliance – with 100 members around the world representing industry and government – is remarkable and reflects the growth of the cryptocurrency and blockchain space as a whole,” Cohn said. “Our mission is to enable industry and law enforcement to jointly protect public safety and help create an environment where innovation can thrive, and it’s working.”

“The Blockchain Alliance is an important organization that furthers vital communication between blockchain-oriented businesses and government agencies to help strengthen their understanding of enforcement objectives and cooperation,” said Amy Kim, chief policy officer of the Chamber of Digital Commerce. “The group’s work is critical in fostering the development of properly functioning markets involving virtual currency in particular and is much needed at a time when policy makers continue to have questions about this space. Its efforts have been instrumental in aiding law enforcement to detect crime and prosecute wrongdoers.”

The Blockchain Alliance serves as a resource for law enforcement and regulatory agencies to benefit from the expertise of some of the brightest minds in the blockchain industry for technical assistance in response to challenges faced during investigations. The Alliance also serves as a platform for open dialogue among law enforcement and regulatory agencies and the blockchain community about issues of concern to make blockchain technology more secure and to deter its use for unlawful purposes.

Additionally, the Alliance provides education and technical assistance regarding cryptocurrencies and other applications for blockchain technology, including through a series of webinars that have reached almost 700 participants in more than 35 countries.

“We are proud of the meteoric growth of the Alliance in just three years. The companies in the Alliance are good corporate citizens, and they deserve the credit for their commitment to working proactively with governments around the world to promote a secure blockchain ecosystem – for the benefit of government, industry, consumers, and the public,” Weinstein said.



Access to Law Firm Data ‘Just Too Easy,’ Worrying Clients

Hacking - cybersecurity - phishingA cybersecurity scare at Foley & Lardner has drawn new attention to a debate over data security at top law firms, and some clients and outside organizations are taking matters into their own hands, according to a Bloomberg Law report.

Bloomberg’s Sam Skolnik writes that general counsels’ offices have been expressing renewed concern about whether even the biggest law firms are adequately protecting highly sensitive data.

“Cyber incursions into law firms clearly appear to be on the rise. According to a December 2017 American Bar Association legal technology report, just over a third of law firms with between 10 and 49 attorneys reported experiencing some sort of data-related security breach in the previous 12 months,” according to Skolnik.

Read the Bloomberg Law article.



Supreme Court Weighs Google Settlement That Paid Class Members Nothing

The U.S. Supreme Court heard arguments this week on whether it should place limits on class-action settlements in which the plaintiffs’ lawyers receive millions and their clients get nothing, reports The New York Times.

“The case arose from an $8.5 million settlement between Google and class-action lawyers who said the company had violated its users’ privacy rights,” writes Times reporter Adam Liptak. “Under the settlement, the lawyers were paid more than $2 million, but members of the class received no money.”

As a part of the settlement, Google agreed to contribute to institutions concerned with privacy on the internet, including centers at Harvard, Stanford and Chicago-Kent College of Law, and AARP.

“How can you say that it makes any sense?” Justice Samuel A. Alito Jr. asked a lawyer for the members of the class.

Read the NY Times article.



Chinese Company Charged With Stealing Trade Secrets From U.S. Computer Firm

NBC News reports that the Justice Department revealed Thursday that a federal grand jury has charged companies in China and Taiwan  and three individual Taiwanese nationals with a scheme to steal trade secrets from Micron.

China is “shamelessly bent on stealing its way up the ladder of economic development and doing so at American expense,” said John Demers, assistant attorney general for national security.

NBC reporter Pete Williams writes: “Federal prosecutors said one of the defendants served as president of a company acquired by Micron five years ago. The charges said he went to work for the Taiwan company, United Microelectronics Corporation, and orchestrated the theft of trade secrets from Micron worth nearly $9 billion.”

Read the NBC News article.



Foley & Lardner Hit With Cybersecurity Incident

CybersecurityBloomberg Law is reporting that Foley & Lardner LLP experienced a cybersecurity incident earlier this month, but said there was “no unauthorized access to client data.”

Jill Schachner Chanen, external communications manager at Foley & Lardner, told Bloomberg Law in an email that the incursion occurred earlier this month.

She said the firm has security safeguards in place designed to protect the IT system and data and that no client data was exposed to the cyber intruders.

Read the Bloomberg Law article.



3 Key Takeaways: How Blockchain Technology will Reshape Legal Contracting

A recent presentation at the ACC Colorado Fall Frenzy in Denver addressed how blockchain platforms are reshaping contracting, particularly how blockchain can be used to protect the security and integrity of contracts and automatically execute based on external conditions.

A post on the website of Kilpatrick Townsend expands on the three takeaways: Blockchains have important uses besides cryptocurrencies; smart contracts are already in use by companies; and the technology is in its infancy and several pitfalls exist.

Read the article.




Registration Open for 2018 Eastern District of Texas Bench Bar Conference

Registration has begun for the 2018 Eastern District of Texas Bench Bar Conference, which is being held in conjunction with The Center for American and International Law’s Patent Trial and Appeal Board Bench Bar Conference.

Hosted by the Eastern District of Texas Bar Association, the annual event is one of the largest of its kind nationally, bringing together practicing lawyers, general counsels, in-house counsels, respected judges, and industry experts from across the globe to discuss the latest issues in patent law and intellectual property litigation. Topics will also include Corporate Cyber Threats, Qui Tam litigation, Trade Secret Theft and Protection, and many others.

The Honorable Andrei Iancu, U.S. Under Secretary of Commerce for Intellectual Property and Director of the United States Patent and Trademark Office (USPTO), will be the keynote speaker.

The 22nd annual EDTX Bench Bar Conference is set for October 17-19 at the Marriott Legacy Town Center in Plano, and registration information is available here.

Contact Andrea Williams-McCoy for more information on conference programs, registration and lodging at 903-870-0070 or

Judge Slashes Attorneys’ Fees in Anthem Data Breach Settlement

A federal judge slashed attorneys’ fees in a $115 million data breach case settlement between Anthem Inc. and its customers, according to Bloomberg Law.

“The Aug. 16 ruling by Judge Lucy Koh of the U.S. District Court for the Northern District of California closes the long-running lawsuit against Anthem. The case stemmed from a 2015 breach that exposed Social Security numbers, birth dates, and health-care data of 78.8 million customers,” explains reporter Daniel R. Stoller.

The judge ruled that attorneys for the class action plaintiffs are entitled to $31 million in fees, $2 million in expenses, and $132,000 for other operation costs. Class attorneys had requested $37.95 million in fees, or roughly one-third of the total settlement fund, which Koh approved Aug. 15.

Read the Bloomberg Law article.



Recovering Data Breach Losses from Non-Contractual Parties

A post on Dykema’s The Firewall blog considers the question: Who bears the loss from a breach perpetrated by a data breach fraudster: the consumer whose data was compromised, the financial institution where the data was used, or the business that failed to protect the data?

The author, David B. West, writes that the answer depends on which law applies.

“While statutes require banks and their vendors to protect customers’ Personally Identifiable Information (“PII”), the obligation of other businesses to do so is not as well defined,” West explains. “Regulatory obligations to protect data vary by industry and geography.”

He also discusses relying on common law for data breach losses, recovering damages, and the need for consistent ability to recover losses.

Read the article.




Bitcoin Exchange Operator Faces 40 Years in Jail for Lying to SEC

Smart contracts - bitcoin - blockchainBloomberg Law is reporting that a virtual currency operator accused of running off with investor funds after a 2013 hack and lying to investigators has accepted a plea deal with federal prosecutors in New York.

Reporter Lydia Beyoud writes that Jon E. Montroll of Saginaw, Texas, faces up to 40 years in prison.

Manhattan U.S. Attorney Geoffrey S. Berman said in a July 23 statement accompanying the plea agreement that Montroll “repeatedly lied during sworn testimony and misled SEC staff to avoid taking responsibility for the loss of thousands of his customers’ bitcoins,” in 2013, Berman said.

Read the Bloomberg Law article.



Invitation: SCCE’s Compliance & Ethics Institute

The Society of Corporate Compliance and Ethics will present its 17th Annual Compliance & Ethics Institute, October 21-24, 2018, in Las Vegas, with top industry experts and professionals from around the world.

At this four-day networking and educational event, participants will gain information they need to effectively manage their compliance programs and mitigate risk, the SCCE says on its website.

At the Compliance & Ethics Institute, participants will:

  • Network with over 1,800 professionals from all industries and 40 countries.
  • Choose from 10 learning tracks, 100+ sessions, and over 150 speakers.
  • Get up-to-date on issues relevant to your current challenges, including global antitrust compliance, cyber security, anti-corruption, and harassment and discrimination prevention.
  • Leave with practical solutions you can immediately put into practice at your organization.

This conference is for compliance and risk professionals and those who work with them in an advisory or partnership capacity. Positions include: in-house and outside counsel, audit managers and officers, consultants, corporate executives, human resource managers, privacy officers, researchers and policy makers, risk managers, staff educator and trainers, and more.

Get more information.



$17M Target Data Breach Settlement Affirmed on Second Try

Image by Mike Mozart

Target Corp.’s $17 million class settlement to resolve consumer claims over a 2013 data breach passed Eighth Circuit scrutiny on its second trip to the appeals court, reports Bloomberg Law.

The court rejected an objector’s challenge that the named plaintiffs weren’t adequate representatives for the whole class because they received compensation while others didn’t, according to reporter Perry Cooper.

He explained:

“All class members had the ability to register for credit monitoring, and all of the compromised payment cards undoubtedly were canceled and replaced by the issuing banks,” Judge Bobby E. Shepherd wrote for the U.S. Court of Appeals for the Eighth Circuit.

“Any risk of future harm is therefore entirely speculative,” the court said.

Read the Bloomberg Law article.



In-House Forum: Guard Your Company Against Internal Cybersecurity Threats

The 4th annual Bloomberg Law In-House Forum will Explore the steps that general counsel need to take to mitigate the internal cybersecurity threat.

The event will be Wednesday, June 27, 2018, at the Grand Hyatt San Francisco, 345 Stockton Street, San Francisco 94108.

Specifically, the event will dissect one of the most pressing issues affecting the modern corporate workplace: cybersecurity threats from its own employees. Participants will learn how general counsel can effectively partner with other teams at the organization to guard against this growing risk.

Speakers will guide the discussion, outlining how corporate counsel can build relationships between IT and Human Resources in order to act in a leadership role, crafting an effective risk avoidance plan that includes auditing, training, and both preemptive and post-breach initiatives.

Register for the event.



Dismiss Big Law Malicious Prosecution Suit, Judge Recommends

Bloomberg Law is reporting that a federal magistrate judge recommended the dismissal of a lawsuit that accuses Reed Smith LLP and Clark Hill PLC of using baseless lawsuits, discovery delays—and even thuggish private eyes—to help a client conceal its criminal activities.

Reporter Samson Habte writes that the recommendation could bring an end to one of several high-stake lawsuits that LabMD Inc. is pursuing against cybersecurity firm Tiversa Inc. and some of the nation’s largest law firms.

In a lawsuit, LabMD accused former U.S. Attorney Mary Beth Buchanan and Bryan Cave Leighton Paisner LLP of trying to prevent a whistleblower from revealing Tiversa hacked LabMD with “FBI surveillance software” it got from Buchanan.

The suit also claimed that Reed Smith and Clark Hill helped Tiversa cover up Tiversa’s allegedly criminal activities. “The firms allegedly did so by bringing baseless defamation suits that drained LabMD’s resources, and by using private investigators to intimidate and silence the whistleblower,” according to Habte.

Read the Bloomberg article.



Biglaw Firm, Former U.S. Attorney Accused of Hacking Cover-Up

Bloomberg Law is reporting that a little-noticed lawsuit filed in New York federal court accuses a former federal prosecutor of unethically preventing a whistleblower from telling the FTC that he hacked an embattled company’s files using “FBI surveillance software” that the prosecutor gave him.

The allegations are in a suit against former U.S. Attorney Mary Beth Buchanan and Bryan Cave Leighton Paisner LLP, the global megafirm where she is now a partner, according to reporter Samson Habte.

Plaintiff LabMD Inc., a cancer-screening firm, says it went out of business after falling victim to a “shakedown scheme” by a cybersecurity firm that hacked the lab’s files—and then reported it to the FTC when it refused to pay for “remediation” services.

LabMD’s complaint alleges Buchanan gave FBI surveillance tools to Tiversa Inc., which then allegedly used the tool to hack LabMD. It also alleges Buchanan unethically represented the whistleblower in FTC proceedings to keep him from divulging how Tiversa received the hacking tool.

Read the Bloomberg article.



Michael Best Expands Privacy & Cybersecurity Practice with Addition of Velvet Johnson

Michael Best announced that Velvet Johnson has joined the firm’s Privacy & Cybersecurity Practice Group as senior counsel in Washington, D.C.

In a release, the firm said Johnson’s arrival comes on the heels of other recent hires to the group, including partners Ryan Sulkin and Elizabeth Rogers in Chicago and Austin, respectively.

Johnson concentrates her practice advising clients on various matters of internet policy, regulatory compliance, privacy and cyber-related issues, in addition to providing counsel on numerous cross-border business issues.

“Velvet has an incredibly strong background on cybersecurity matters from her time working in the government,” said Adrienne Ehrhardt, Chair of Michael Best’s Privacy & Cybersecurity Practice Group. “Her reputation and breadth of experience in Washington, D.C. will certainly enhance our group’s ability to address client’s needs, particularly as it relates to policy assessment and legal frameworks. Her addition comes at a key period in time as well with the European Union’s enforcement of the General Data Protection Regulation beginning later this month.”

Prior to joining Michael Best, Johnson spent nearly a decade in various legal and policy advisory roles both within the U.S. Congress and the U.S. Department of Defense (DoD). Much of her time was spent advising on matters related to federal cybersecurity legislation, the National Institute of Standards and Technology Framework for Improving Critical Infrastructure, and national security law guidelines. In her latter role, she represented the DoD in multiple National Security Council-led Cybersecurity Interagency Committees, Working Groups, and senior-level policy forums. After her time with the government, she spent two years as a cyber strategy consultant with a global management consulting firm where she was responsible for managing and executing security and risk programs on behalf of her clients.

“We’re thrilled that Velvet has decided to join us here in Washington, D.C.,” said Kevin Barner, Michael Best’s Washington, D.C. Office Managing Partner. “Her addition will help our clients navigate the complex regulatory and compliance challenges they will inevitably face.”

Johnson received her J.D. from the University of Maryland School of Law and her B.S. from the University of Richmond. In addition to her university degrees, Johnson also earned a cybersecurity certification from Georgetown University and the Certified Information Privacy Professional/United States (CIPP/US) credential through the International Association of Privacy Professionals (IAPP).



Webinar: What Every Lawyer Needs to Know About Open Source Software

Flexera will present a complimentary webinar about the basics of open source licensing, vulnerabilities, trends and expectations for compliance.

The event will be Wednesday, April 18, at noon Central time.

Data shows that most companies are significantly under-counting their use of open source software (OSS), leading to potential legal and security concerns that need to be respected, monitored, and — if needed — resolved. Additionally, your customers are expecting higher levels of compliance. This begs the question, what is your legal team’s role in managing compliance and security vulnerabilities associated with OSS?

Marty Mellican, VP and Associate General Counsel at Flexera, will discuss the need for process and lawful management of OSS. This webinar will cover:

  • The basics of intellectual property (IP) law and how open source licenses are built on top of those principles
  • The most common licenses, including the GPL, AGPL, BSD, Apache, and MIT to name a few
  • How to work effectively and securely with OSS both as a consumer and a creator of OSS
  • Trends in OSS license enforcement in the last year
  • Expectations for compliance and what compliance looks like
  • How GDPR will affect your open source use and management

Register for the webinar.