Phrasing

The Verge with a headline “Fortnite keeps stealing dances – and no ones knows if it’s illegal.” If no one knows, is that stealing? Seems like the sentence is missing a modifier. Or perhaps it should say that the publisher believes this is stealing. Or… isn’t this sort of like saying light travels at 299,792,458 m/s – but no one knows what light is. That sentence provides no information. Thanks, Verge.

Privacy vs Security

It’s an old topic, long discussed, and for that reason somewhat boring / repetitive. But I think new intelligent video analytics and facial recognition technology are about to make this extremely relevant again.

There’s no question in my mind that we, as a society, as going to trade public privacy (e.g., being monitored in public all the time) for safety. If the DC Sniper incident happens again, we’ll have drones over every major city. But two points:

  1. The privacy of our homes continues to be relatively secure, apart from the voice-control and IoT devices we voluntarily invite inside. Will that change? I don’t see any need for safety purposes.
  2. Will the additional security change the debate on gun control? If we as a society (i.e. the government) know exactly where you are and what you’re doing every time you step outside, does it matter that you have an arsenal inside your home? So long as it stays there…

And I often think of the aphorism attributed to Ben Franklin:

Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.

Still relevant? Of course, like many old quotes, this one is often thrown about without any understanding of its context.

On balance, I lean towards freedom to deploy technology and catch law breakers. And freedom to own firearms. Safety and liberty?

Do Digital First Sales Exist?

If I have an iTunes song that I lawfully purchased and downloaded, can I sell that copy to anyone else? Ever? Not according to the Court of Appeal for the Second Circuit in Capital Records v. ReDigi.

ReDigi was a company that offered such a promise: sell your unwanted iTunes music! And they appear to have designed software to make that transaction as close to a physical transfer as possible:

ReDigi’s system differs in that it effectuates a deletion of each packet from the user’s device immediately after the “transitory copy” of that packet arrives in the computer’s buffer (before the packet is forwarded to ReDigi’s server). In other words, as each packet “leaves the station,” ReDigi deletes it from the original purchaser’s device such that it “no longer exists” on that device. Id. As a result, the entire file never exists in two places at once. Id.

The problem is that the Copyright Act prohibits making copies. And even if ReDigi effectively deletes the original copy (putting aside that this is relatively easy for a user to hide), ReDigi still makes a new copy. The law is violated.

ReDigi makes the reasonable objection that users should not be forced to sell their entire computer hard drive to sell the iTunes song they downloaded. The Second Circuit shrugs:

A secondary market can readily be imagined for first purchasers who cost effectively place 50 or 100 (or more) songs on an inexpensive device such as a thumb drive and sell it. . . . Furthermore, other technology may exist or be developed that could lawfully effectuate a digital first sale.

Sure. Ok. Although I think perhaps the court doesn’t understand the market, users, or computers.

You just don’t own digital copies in the same way you own physical copies, absent some major change in the law.

Alibaba Goes for It

But while Google slowly rolls out [their interactive voice chat service] in a limited public launch, Alibaba’s own voice assistant has already been clocking overtime. On December 2 at the 2018 Neural Information Processing Systems conference, one of the largest annual gatherings for AI research, Alibaba demoed the AI customer service agent for its logistics company Cainiao. Jin Rong, the dean of Alibaba’s Machine Intelligence and Technology Lab, said the agent is already servicing millions of customer requests a day.

Alibaba already has a voice assistant way better than Google’s

Anyone jealous that Alibaba can just roll this out and start running? While Google manages PR and privacy concerns? Anyone feel growth slowing?

Too good to not post

Matt Levine is awesome.  The first topic of his editorial is just fantastic. If you don’t subscribe to his newsletter oped newspaper thing, you’re very much missing out. You don’t even need to subscribe to Bloomberg to get it for free gratis!

The article does a great job of capturing the job of thinking like a lawyer – and where people go wrong on their thinking.

A modern lawyer’s life

I found this Slate Money podcast fascinating.  A lot of this is about the abdication of morals in the process of growing a business – and how business schools and consultancies have helped this along.

I’m sure my enjoyment of this is wrapped up in my belief that in-house lawyers are now the moral core of a company and have a prominent role in manipulating guiding the company into doing the “right” thing.

I’ve definitely found this true in my career, what about you?

You Can’t Train for Everything

“It was just like, ‘We found a seal with an eel stuck in its nose. Do we have a protocol?’ ” Littnan told The Post in a phone interview.

There was none, Littnan said, and it took several emails and phone calls before the decision was made to grab the eel and try pulling it out.

https://www.washingtonpost.com/nation/2018/12/07/make-better-choices-endangered-hawaiian-monk-seals-keep-getting-eels-stuck-up-their-noses-scientists-want-them-stop/?utm_term=.1d97dc16653a

For some reason this reminds me of a lot of legal work.

Cybersecurity Ethics

At an MLCE today and got this hypothetical:

Your Company learns that a bug in one of your apps could have provided bad guys with access to confidential user information, but you do not have evidence that anyone actually obtained such information. You’ve fixed the bug. Arguably, privacy statutes require the Company to make disclosure to users and/or regulators. Management makes decision not to disclose, because no indication of actual breach. Ethical issue?

The audience of lawyers split 75% / 25% (live polling) calling this an ethical issue. Fascinating.

Two points: (1) I think the right answer is no. If the statute “arguably” does not require disclosure (i.e. reasonable people disagree) then this is not an ethical issue. But also (2) this scenario is almost certainly true all the time for all companies with confidential user data and internet-facing systems. Should they all be disclosing all the time? Is that even realistic?

Just take a look at the National Vulnerability Database, do a blank search, and look at the security bugs listed today. Awful security bugs are being found, published, and fixed every day for every major application everywhere. If you have confidential user information and internet-facing applications, you may face this hypothetical every single day.