Too good to not post

Matt Levine is awesome.  The first topic of his editorial is just fantastic. If you don’t subscribe to his newsletter oped newspaper thing, you’re very much missing out. You don’t even need to subscribe to Bloomberg to get it for free gratis!

The article does a great job of capturing the job of thinking like a lawyer – and where people go wrong on their thinking.

A modern lawyer’s life

I found this Slate Money podcast fascinating.  A lot of this is about the abdication of morals in the process of growing a business – and how business schools and consultancies have helped this along.

I’m sure my enjoyment of this is wrapped up in my belief that in-house lawyers are now the moral core of a company and have a prominent role in manipulating guiding the company into doing the “right” thing.

I’ve definitely found this true in my career, what about you?

You Can’t Train for Everything

“It was just like, ‘We found a seal with an eel stuck in its nose. Do we have a protocol?’ ” Littnan told The Post in a phone interview.

There was none, Littnan said, and it took several emails and phone calls before the decision was made to grab the eel and try pulling it out.

https://www.washingtonpost.com/nation/2018/12/07/make-better-choices-endangered-hawaiian-monk-seals-keep-getting-eels-stuck-up-their-noses-scientists-want-them-stop/?utm_term=.1d97dc16653a

For some reason this reminds me of a lot of legal work.

Cybersecurity Ethics

At an MLCE today and got this hypothetical:

Your Company learns that a bug in one of your apps could have provided bad guys with access to confidential user information, but you do not have evidence that anyone actually obtained such information. You’ve fixed the bug. Arguably, privacy statutes require the Company to make disclosure to users and/or regulators. Management makes decision not to disclose, because no indication of actual breach. Ethical issue?

The audience of lawyers split 75% / 25% (live polling) calling this an ethical issue. Fascinating.

Two points: (1) I think the right answer is no. If the statute “arguably” does not require disclosure (i.e. reasonable people disagree) then this is not an ethical issue. But also (2) this scenario is almost certainly true all the time for all companies with confidential user data and internet-facing systems. Should they all be disclosing all the time? Is that even realistic?

Just take a look at the National Vulnerability Database, do a blank search, and look at the security bugs listed today. Awful security bugs are being found, published, and fixed every day for every major application everywhere. If you have confidential user information and internet-facing applications, you may face this hypothetical every single day.

When tech comes to health

Apple Watch’s ECG feature is making the news, as it should.* I’m not tracking it, and don’t plan to, but this should spawn a lot of innovation from the plaintiffs’ bar in the complaints we see against Apple. Wrongful alerts leading to economic and health harms, negligence for not alerting (what constitutes a proper training set? And when is that training a form of negligence? What’s the duty? – so much fun stuff), does it reach to wrongful death?

*Full disclosure, I used to work at Apple but never advised on this feature.

Permian Extinction Resolved / Replicated

So this is bad:

On Thursday, a team of scientists offered a detailed accounting of how marine life was wiped out during the Permian-Triassic mass extinction. Global warming robbed the oceans of oxygen, they say, putting many species under so much stress that they died off. 

And we may be repeating the process, the scientists warn. If so, then climate change is “solidly in the category of a catastrophic extinction event,” said Curtis Deutsch, an earth scientist at the University of Washington and co-author of the new study, published in the journal Science.

https://www.nytimes.com/2018/12/07/science/climate-change-mass-extinction.html

Feels like this should be bigger news.

You could see this working in the future (or now)

I find this case (paywall) very enjoyable and creative.  But read the actual decision attached – it’s short and delightful!

Plaintiff alleged that the medical provider used software that was not secure and that it did not protect his personal information. But also tacitly admits that, as of yet, no one has taken or used plaintiff’s personal information.

In other words, the poorly secured software had yet to be hacked. But plaintiff was harmed because it could be.

The plaintiff lost. But imagine a world where this was a siren’s call for someone to hack the hospital system. It’s a really interesting market. Regular folks find deficient security on a platform that should probably be more secured.  That person hires a lawyer.  The lawyer drafts up and files the complaint and… maybe publicizes to interesting channels that are willing to poke around in weak systems.

And ta da! You may have yourself an actual case at that point.  

Does this feel to anyone like short sellers who short a company and then say how awful a company is?