At an MLCE today and got this hypothetical:
Your Company learns that a bug in one of your apps could have provided bad guys with access to confidential user information, but you do not have evidence that anyone actually obtained such information. You’ve fixed the bug. Arguably, privacy statutes require the Company to make disclosure to users and/or regulators. Management makes decision not to disclose, because no indication of actual breach. Ethical issue?
The audience of lawyers split 75% / 25% (live polling) calling this an ethical issue. Fascinating.
Two points: (1) I think the right answer is no. If the statute “arguably” does not require disclosure (i.e. reasonable people disagree) then this is not an ethical issue. But also (2) this scenario is almost certainly true all the time for all companies with confidential user data and internet-facing systems. Should they all be disclosing all the time? Is that even realistic?
Just take a look at the National Vulnerability Database, do a blank search, and look at the security bugs listed today. Awful security bugs are being found, published, and fixed every day for every major application everywhere. If you have confidential user information and internet-facing applications, you may face this hypothetical every single day.
As you’ve seen everywhere – Elon Musk on 60 Minutes: “I do not respect the SEC.”
And to that, I say good luck to their new general counsel. Like really, no sarcasm. Tough row to hoe.
So this happened – Marriott sued because an alleged security issue still exists (discovered by a plaintiff’s firm in-house forensics team). Pre-emptive litigation at its finest. Again, the lawsuit doesn’t allege there has been a new breach, just that their could be one.
Previously on this blog, in the same vein.
Apple Watch’s ECG feature is making the news, as it should.* I’m not tracking it, and don’t plan to, but this should spawn a lot of innovation from the plaintiffs’ bar in the complaints we see against Apple. Wrongful alerts leading to economic and health harms, negligence for not alerting (what constitutes a proper training set? And when is that training a form of negligence? What’s the duty? – so much fun stuff), does it reach to wrongful death?
*Full disclosure, I used to work at Apple but never advised on this feature.
This is all over the news now, but the voter fraud story coming out of North Carolina is fascinating. My favorite coverage so far was the 538 podcast. A little dated at this point, but still very enjoyable.
So this is bad:
On Thursday, a team of scientists offered a detailed accounting of how marine life was wiped out during the Permian-Triassic mass extinction. Global warming robbed the oceans of oxygen, they say, putting many species under so much stress that they died off.
And we may be repeating the process, the scientists warn. If so, then climate change is “solidly in the category of a catastrophic extinction event,” said Curtis Deutsch, an earth scientist at the University of Washington and co-author of the new study, published in the journal Science.https://www.nytimes.com/2018/12/07/science/climate-change-mass-extinction.html
Feels like this should be bigger news.
I find this case (paywall) very enjoyable and creative. But read the actual decision attached – it’s short and delightful!
Plaintiff alleged that the medical provider used software that was not secure and that it did not protect his personal information. But also tacitly admits that, as of yet, no one has taken or used plaintiff’s personal information.
In other words, the poorly secured software had yet to be hacked. But plaintiff was harmed because it could be.
The plaintiff lost. But imagine a world where this was a siren’s call for someone to hack the hospital system. It’s a really interesting market. Regular folks find deficient security on a platform that should probably be more secured. That person hires a lawyer. The lawyer drafts up and files the complaint and… maybe publicizes to interesting channels that are willing to poke around in weak systems.
And ta da! You may have yourself an actual case at that point.
Does this feel to anyone like short sellers who short a company and then say how awful a company is?
This from Forbes:
Blockchain is the latest innovation to take over vacation planning. It’s expected to disrupt the industry as much as when Expedia, Airbnb, and Priceline took vacation planning online.
A company is attempting to apply blockchain to the travel industry. To be successful it needs to outcompete other entrenched rivals such as Expedia, Airbnb, and Priceline in a historically very low margin business. At the time of this writing, blockchain has not been found to be a competitive advantage in any industry outside of blackmarket transactions.
How to comply with legal rules? It’s even worse in other countries.
Speaking personally, I recently spent about a year living in Spain (helping out our Barcelona office) and I read everything I could on Spain visas before I went but I knew that I still didn’t know enough to do it on my own. So I hired a really good and really expensive Spain immigration lawyer and in about three hours she totally set me straight and I walked out of her office knowing exactly what to do and I did it and it worked. 90 percent of what I had read about Spain visas on the internet was true but ten percent that was either dead ass wrong or had changed recently changed or just did not apply to our specific situation. Had I gone with just what I had learned on the internet, I likely would have been booted out of Spain in 90 days. Despite all that I had learned by going through all of this, when it came time for another American lawyer in my firm to take my place in Spain, he too went to this same Spain immigration lawyer and he reported back to me the same result. She saved him huge amounts of time and huge amounts of problems.
And the whole point of this excerpt is that China is way worse.
If you haven’t yet listened to season 3 of Serial, I highly recommend it. While the podcast itself is great and well reported, what I find interesting is the Sarah Koenig’s surprise at what she finds. This is exactly how the legal system works. It’s ugly.
Sometimes I feel like lawyers are all in on a great secret that we’re all ashamed to talk about. That the legal system is meant to handle volume, not individual cases.