3.27.2018

Googacle Continues

We are just getting word that the U.S. Court of Appeals for the Federal Circuit has sided with Oracle in the latest round of this litigation. Please see here for a slideshare on Open Source Adoption Rates, with attention to slide
12, reproduced below:





Also, please see here for a table of cases cited in this most recent round of the litigation. Please note the intersection of cases cited by both sides, and also, the small number of Supreme Court cases that were cited overall. 

3.13.2018

Fitness For a Particular Purpose

While serving a non-profit pro bono I spent some time researching antitrust issues in the standard setting process. Approaching anti-competition risk management from this perspective is quite different than approaching antitrust regulations from the perspective of defense counsel in the corporate space, and I am grateful for the opportunity to have considered this area of law from these divergent vantage points.

One may tend to orient oneself to a number of different facts and circumstances from within the context of the Clayton Act when approaching antitrust as a defense counsel in the corporate space; one is often dealing with more antitrust counsel and with opposing counsel, perhaps at the DOJ or the European Commission, or Ministry of Commerce, and these are parties who are necessarily well versed in antitrust law- they might even be the parties who wrote the laws or who spent five or seven or thirteen years on a particular matter, absorbing all of the relevant legal details as they followed a particular controversy from the complaint stage to the appellate stage.

In the non-profit space one might find oneself evaluating or making recommendations on specific scenarios or policies with attorneys and advisors who have high technical proficiency in their practice area, but not necessarily a background in business law.

Thus I would like to share a link to the helpful guide: ISO's "Competition Law Guidelines for Participants in the ISO Standards Development Process", which includes helpful tips such as:
"Do ensure that you and other participants that attend meetings have the necessary technical expertise."
"Do feel free to use and share information from the public domain, including historical and aggregated industry information (which doesn’t allow an individual business’s pricing or commercial strategy to be identified), but do be careful that it doesn’t lead to discussions on future strategy."
"Don’t fix any prices or price-related conditions with competitors."

Since it is Women's History Month, I am also going to share this chart from the US Department of Labor that conveys some statistics on women in the workplace. According to the chart, female chief executives comprise 28% of all chief executives in the labor force. Preschool and kindergarten teachers are 97.7% female. Lawyers are 37.4% female. Judges, magistrates, and other judicial workers are 28.1% female. Electricians are 2.5% female. Physicians and surgeons are 40% female.

From the chart, I was not able to deduce how many women are represented in standard setting organizations. It's an important question to consider; most of the above cited examples require a license, and are thus regulated by some set of standards somewhere.

It seems logical that the older a standard is, the more likely it is that it was devised exclusively by men. This would be true if gender balance statistics in standard making bodies are consistent with historic gender imbalances in the broader workplace. While some would want to spend time considering whether this is good, or unfortunately bad, I would merely posit that this is so.  Further, I would seize the opportunity to make a brief reference to Rawls' "Veil of Ignorance", while contemplating this assertion.

So, some questions to ask this Women's History Month when thinking about standards:
Who developed the standard? When was the last time the standard was evaluated? Have female experts ever commented on how they approached the standard? Is it the best available standard for evaluating fitness for a particular purpose? How would we begin to undertake a task such as reconsidering all of our existing standards, in all contexts, in a big data world?

Happy March, all.
🐱

1.22.2018

#governmentshutdown2018

This weekend I caught up with some guests from out of town and was somewhat chagrined to have to contemplate telling them that they might not be able to visit some of the country’s best sights due to the government shutdown of 2018. The botched plans of tourists were only one facet of ruminating upon what, exactly, would take place during such an event.

Amidst the anxiety generated by such governmental and political dysfunction, please be reminded that some professionals show leadership by conveying clear instructions in the event of such a contingency. Here’s a link to the SEC’s Operations Plan in the event of a government shutdown, which is posted on the agency’s website, and thus accessible to the general public: https://www.sec.gov/files/sec-operations-plan-gov%20shutdown-to-omb-12042017.pdf.  There is a similarly accessible plan posted on the DOJ website: https://www.justice.gov/jmd/page/file/1015676/download. The Department of Commerce’s contingency plan is 137 pages long: https://www.commerce.gov/sites/commerce.gov/files/plan_for_orderly_shutdown_due_to_lapse_of_congressional_appropriations_-_20171207.pdf in contrast to the previous two, which were less than twenty pages in length.  A link to the VA’s contingency plan may be found on this page: https://www.blogs.va.gov/VAntage/43654/va-contingency-plan-2017/. It seems to be formatted in MS, unlike the others just cited, which were PDFs.

Why isn’t there one of these contingency plans on the homepage of all of our government agencies, or at least for each Cabinet office? Now is probably a good time to observe that respect is earned, most often during moments when some are grandstanding while others quietly make sure people are supplied with a plan of action, and a government.  

1.14.2018

Insidious Hacks

Have you ever been trying to share something online and find that when you look at the final published product, you misspelled something- even though you know how to spell it and your drafts reflect a correct spelling?

You might have been hacked. There are a number of hacks that can intercept your message and, for example, just remove one letter or change one letter from your draft.
Here's a link to a blog post that addresses a spam link injection- which operates on the same theory:
https://digwp.com/2009/06/spam-link-injection-hacked/

One of the reasons this is such an insidious hack, is that it lowers other parties' perception of your credibility. People tend to do business with people they like, who they perceive to be competent in their professional area. A spelling error on a crowdfunding page lowers the chance of success of that project by 13%, according to at least one academic source.

Further, this hack is insidious in that it could cause you to question your own memory- which could potentially be interpreted as intentional infliction of emotional distress.

Since crowdfunding is a regulated activity in many jurisdictions, it goes to follow that performing a hack of this type on a webpage associated with a crowdfunding campaign could be part of a much larger fraud, aimed at reducing the economic opportunities of a party or entity.

Another reason this type of hack is insidious is because it is subtle. If fifty-thousand dollars goes missing from a checking account, most persons would likely act. However if a colleague's list serve post reflects a spelling error- her less cyber savvy colleagues may slowly begin to doubt her judgement, but it is not likely that many would be thinking about reporting anyone to the authorities.

Some additional places to watch out for this type of malfeasance would be on blogs and social media posts, so take a screenshot of your draft and preserve your sanity.

Cheers to 2018, loves. 

12.31.2017

Cyber and Risk Disclosure on The Last Day Of The Year

Season's greetings, dear readers. On the last day of 2017, please enjoy some thoughts on cyber and risk.

As cyber, risk and information security is such a varied and diverse landscape of experience, it is so important to listen, so as to encourage a candid exchange of ideas.

That being said, one observation, that I have observed at least twice, I feel is not evidenced by existing data: "Cyber risk disclosures always take place in hindsight".

First, let's see if we can agree that risk as a general concept is exposure to vulnerability, harm or loss.  There is a moment, then, when exposure to a vulnerability goes from being a possibility to an actuality. Thus, when disclosing an event that has become an actuality ("yes, we have been exposed to this risk"), indeed, hindsight is involved. When disclosing an event of which there is a possibility of exposure to a risk, is that hindsight? Does it depend on how possible?  This could be a relevant distinction with regard to the issue of  how to approach materiality, i.e. the several hundred million dollar question: Was the risk material?

Second, let's talk about forseeability, a favorite concept of tort professors (and tortfeasors) everywhere. Let's use a simple definition: "the idea that a reasonable person could reasonably anticipate the result or the results, as predictable."

Alas, now that foreseeability has entered our last-day-of-the-year conversation, it's time to mention something else heard a few times: "We as attorneys went to school to practice law, and not to become experts on cybersecurity." My response to this is that yes, that is true; most of us intended to study law, and were not necessarily focused on any other particular area outside of law, BUT, the market will address this position, and by that I mean, of course, the clients will look for and find attorneys with a more expansive view. 

So now let's put risk and foreseeability together: 
Surfing the internet involves risk, when software runs, there is a risk it will be/has been exploited. Thus, every moment online involves risk. Every IOT device involves risk. Flash involves a GREAT DEAL of risk. When engaged in or using the previously mentioned activities or products, it's foreseeable that some types of harm will occur, and there is an entire ecosystem of services and products in existence to address some of these risks.

There are some attorneys who have indicated that the risk involved in the packaging on your clients' product being punctured is commensurate with cyber risk, which one can take to mean some attorneys believe cyber risk only involves the risk of the client's end product or service being contaminated. But cyber is more than a supply chain issue.  It is a pervasive and persistent hazard that will not be adequately addressed if it is conceived as a supply chain issue only.

Now is a good time to go back to the statement: "Cyber risk disclosures always take place in hindsight". If you think about how what we are discussing here is more than a supply chain risk, that it is an issue that involves a pervasive and persistent hazard,  it may help some law practitioners to move beyond that statement, and we need to move beyond that idea or there will be more blackouts, more out-of-order hospitals,  and losses generally.

But it doesn't have to be that way... okay, back to listening. 

See you next year.

MCC

11.29.2017

Closing Out The Year

Hello readers. I wanted to take a moment to address the issue of "Closing out the Year." I don't mean this in the business sense, I mean this in the personal sense.
In order to give some context about my frame of mind as I draft this, please allow me to share that I am lounging, in fuzzy pajamas, sipping coffee, and that is pretty much all I plan to do today. In DC today, Carpenter is on the docket; elsewhere in the world, trials are being delayed, slaves are being sold, provocateurs are provoking, and all of that is worthy of the attention it is receiving, and perhaps even more, but I will be content if I can publish this blog post today.

So what does that mean, to close out the year? You may recall from a previous blog post the notion of "taking some time to contemplate, aiming for an improved perspective, while observing the cycle of life." I try to do this at least once a year. The last twelve months have forced my hand a bit on the issue of personal reckonings, so it is even more important to take this time to scan the horizon and look at the big picture. Be wary of tunnel vision.

One helpful item with respect to closing out the year is to reiterate one's tautologies, if one has any. You can go ahead and make a list of these if you think it will help.

Two: Consider what has changed, and how it affects your plans for the coming year. It's good to set some time to specifically consider which of your life's conditions has changed in the last 365 or so days, almost as if it was an administrative task.

Three: Consider the people in your life. There are some things we can control, and there are some over which we have no control. Many wise people have observed that an important process in life is to learn to tell the difference between the two. I would add that once this is done, take a look at the parties with whom you find yourself surrounded and consider whether they continue to merit a place in your life. Who can you help? Who must you learn to forget?

Four: Consider your surroundings. Do you like where you find yourself? I seriously love New York, as you may already know, however, relocating can be a great thing, for example, for one's career. Spending the months that are typically cold in New York City, in a milder place such as Las Vegas, or France or something along those lines is what seems to have worked best for me. It can be a lot of work to maintain a residence you don't see that often, so remember that the goal is comfort, not exhaustion. Whatever your preference, as you consider 1-3 above, (especially three) consider such within the context of four. If you have had to make hard decisions in life I'm sure you already know that you can think someone is groovy, but if they do not share your ideas about surroundings, it is best to not over-invest in that relationship, because you are not going in the same direction.

Five: Execution. What will you do in the next 365 days to make this vision of your life and who you are, into a reality? What can you refrain from doing?

My best wishes to you as you close out the year,
Martha

11.22.2017

Let Us Give Thanks 🦃

It's been a while since one of these blog posts addressed a favorite American pastime, cooking. As a way of saying "Thank You" to everyone who shares their cooking tips online, and as a way of getting ready for Thanksgiving, please read on for information on a technique that has the potential to make chicken or meatballs fluffier.

Half dollar sized chicken meatballs can work well as an appetizer. Lamb meatballs as well as pork and red meat meatballs also can work well in this size. Yum. Paired with a dipping sauce that is complementary to the entree, sharing these tiny savory treats is a great way to get guests relaxed and mingling around the dining room.

To prepare, assemble the meatball ingredients, including breadcrumbs, to your liking. The more breadcrumbs, the less dense the meatballs will be when they are cooked, and less dense is good for an appetizer. (Notwithstanding edamame, which makes a great appetizer; there are probably lots of other great dense appetizers...)  Now take some olive oil and warm it in a sauce pan. Once the oil is warm, add the warmed oil to the reserved breadcrumbs. The bread crumbs will immediately absorb the warm oil. Then add the bread crumbs to the meat mixture, or if you are reading this aghast at the use of ground meat, please feel free to try this with ground chick peas and share your results. You can preheat the oven around the time you start apportioning the meat mixture.

Chicken Meatballs Appetizer:

Ground chicken meat, 1 lb.
salt, thyme and rosemary to taste
1/4 cup milk
2 eggs beaten
1/2 cup olive oil
3/4 cup bread crumbs

Mix all ingredients, except for the breadcrumbs and the olive oil, together. The breadcrumbs should be in a separate ceramic or other heat-safe bowl somewhere. Warm the olive oil over low to medium heat in a saucepan. When the viscosity of the oil begins to change, the oil is warm enough. Take it off the heat and pour the oil over the breadcrumbs; use a fork to combine well. Let breadcrumbs sit for about a minute and then add to the ground meat mixture; combine well. Use an ice cream scoop or other spoon to apportion the meat mixture and roll into spheres that are about the diameter of a half-dollar.
Place in an oven-safe tray that is large enough to fit all of the meatballs without them touching and bake for about seventeen minutes at 450 degrees.

The dipping sauce: Remember earlier in the blog post where it states this recipe is best used for appetizers? Well think about what your main entree is going to be. If it involves roasting or sautéeing anything, make a simple roux and add some of the pan drippings from the roast, or from the sautée to the roux to create a complimentary dipping sauce for the appetizer. If you're fresh out of ideas, or if you are attending a pot luck and have no idea what the main course will be, try one of these ideas for a dipping sauce. 

Thank you for reading and Happy Thanksgiving🦃 








10.23.2017

Notes From CLE with Preet Bharara & Co. in September

At CUNY law for continuing legal ed:

The first speaker is former political candidate and professor of law, Zephyr Teachout. Arguing for some type of strict liability standard in corruption matters, she observes that we are unaware when we are influenced

Is there something inherent in policing that leads to corruption? This question was posed by the panelist from Sidley Austin. Later he references Caperton.

There is an interesting comment, within the context of public corruption, about the existence of an anonymous website for self-reporting http://ipaidabribe.com/ )The anonymity of it raised an eyebrow from me, especially as was thinking recently about , and a pseudonymous Twitter account. Had been thinking about how I personally was surprised that  was being pseudonymous online (if it is, in fact ■) because it seemed like an abdication of leadership to me. Those of us who have the authority and the education and the skill set need to consider the value of coming forward and setting an example of what is appropriate and legal and what is not, especially for the benefit of those who are not so sure. However if ■ and I disagree then, clearly, reasonable minds may differ on this issue. 

Nevertheless, what can reliably be determined about a data set that is self-reported and can't be verified/authenticated?  Am briefly reminded about that legal case regarding anonymous Yelp comments, it could be anyone- thus intent may be at issue. 

(Note: the above paragraph takes on a renewed level of significance after last week's #MeToo tsunami, so here is a link to "A cryptographic solution to securely aggregate allegations could make it easier to come forward" h/t Legal Hackers

It is marvelous to be in a classroom again, and to catch up with the dean and my constitutional law professor.

Now we are having a break and Preet Bharara should be here soon... We shall see what will happen.. ( I think he has arrived because some of the panelists excitedly headed backstage)...

Preet! So far 7 people have silently gotten up with posters to protest something, something about the Bronx, the protestors seem to see him as a proxy for law enforcement generally. 

Will be thinking about tonight for some time...



Sent from my iPad


(Somewhat redacted to shield those who may prefer to stay anonymous  -MCC