Anita Carpenter
Local Lawfirms & Legal Tips!
Tuesday 23 April 2019
Tim Cook said Apple's fight with the FBI in 2016 was a 'very rigged case,' and he wishes it went to court (AAPL)
- Apple CEO Tim Cook was interviewed by visiting Harvard professor Nancy Gibbs at the TIME 100 event on Tuesday.
- Gibbs asked Cook about privacy — since the last time they saw each other, Apple was in the midst of a privacy battle with the Justice Department over unlocking an iPhone.
- Cook says we've come a long way since Apple opposed the Justice Department's order to assist the FBI in unlocking a terrorist's phone, but says he wishes the case went to court since discovering it was "a very rigged case to begin with."
- Visit Business Insider's homepage for more stories.
In an interview with Nancy Gibbs at the TIME 100 event on Tuesday, Apple CEO Tim Cook said he wished his company's fight with the FBI over the ability to unlock an iPhone had actually gone to court.
"Our battle was over whether or not the government could force Apple to create a tool that could put hundreds of millions of people at risk in order to get into a phone — and we said no, the law does not support the government having the authority to do that," Cook told Gibbs.
In December 2015, the FBI obtained an iPhone 5C from one of the two perpetrators behind a mass shooting in San Bernardino, California, that killed 14 people and injured 22 others. Police killed the two attackers in a shootout, so the FBI was unable to get into the phone it recovered, as it had a 4-digit passcode enabled. The NSA was unable to unlock it, however, so the FBI asked Apple to help build a new operating system that could be installed on the phone and disable its security features — something Tim Cook called at the time the "software equivalent of cancer." Apple opposed the order, citing the security and privacy risks it would pose to other customers, and a hearing was scheduled for March 22.
But just one day before the scheduled hearing with Apple, the government said it found a third party that could help unlock the iPhone, and delayed the hearing. The FBI formally withdrew its request to Apple one week later.
"I wish that case went to court, to be honest," Cook said on Tuesday. "It was dropped the day before, and now after the Inspector General reports have come out, our worst fears have been confirmed: that it was a very rigged case to begin with."
The Inspector General report Cook alluded to, which was published in March 2018, mentioned how "there were misunderstandings and incorrect assumptions" among people working on this case at the FBI, and that Apple's involvement wasn't actually necessary in the first place. The FBI has a Remote Operations Unit (ROU) that's responsible for handling mobile devices like these — and this is the same unit that ultimately figured out how to unlock the shooter's iPhone — but the FBI failed to get the ROU involved before issuing its order to Apple for assistance.
"This was not the government's finest hour," Cook told Gibbs. "I have personally never seen the government apparatus move against a company like it did here in a very dishonest manner. I felt like the naive guy that thought these things didn't happen. They were trying to prevent a discussion or a dialogue or a debate about this. I hope that we've advanced much further than that."
Cook said privacy has become much more meaningful to mainstream Americans now, and reaffirmed Apple's stance on why it's so important.
"In the world where everything is totally open, people begin to guard what it is they will say. Think about where society goes if we're afraid to tell each other our opinions — if we're afraid that somebody's listening, or watching, or monitoring, or we're under surveillance. This is a bad thing inherently in a very broad way, not to mention the manipulation that can go on with pitting different groups against each other."
You can watch Cook's whole interview with Gibbs from the TIME 100 event below (Cook's portion begins about 45 minutes into the video, since the event is still ongoing).
SEE ALSO: Apple will help rebuild Notre-Dame Cathedral after its massive fire, according to CEO Tim Cook
DON'T MISS: The 20 best iPhone tips and tricks to make your life easier
Join the conversation about this story »
Tim Cook said Apple's fight with the FBI in 2016 was a 'very rigged case,' and he wishes it went to court (AAPL) posted first on http://lawpallp.tumblr.com
Monday 22 April 2019
A group of Microsoft and GitHub employees have come out in support of Chinese tech workers protesting the infamous '996' work hours (MSFT)
- On Monday, a group of Microsoft and GitHub employees published an open letter to show their support for a project called 996.ICU, which protests a harsh tech working culture in China.
- The name of the project is a reference to the idea that many tech workers work 9 a.m. to 9 p.m., six days a week, even though such practices are illegal in China.
- Employees decided to publish this letter because they were concerned that Microsoft is facing pressure to take down this project.
- Visit Business Insider's homepage for more stories.
A group of Microsoft employees are speaking out to support an online protest in China over grueling, 12-hour workdays that organizers say are unhealthy, illegal and increasingly common.
About 20 Microsoft employees signed an open letter published on Monday in support of the so-called 996.ICU project in China.
Tech workers in China started the 996.ICU project in March on code-sharing website GitHub, which is owned by Microsoft. The numbers 996 refer to the concept of working from 9 a.m. to 9 p.m., six days a week.
Such hours, the workers say, are illegal in China even though they say many employers in the country expect it of their workers. The name 996.ICU refers to an ironic saying among Chinese workers: "工作 996,生病 ICU" or "Work by '996', sick in ICU," as in the intensive care unit of a hospital.
The 996.ICU project is a repository of what is allegedly evidence of these working conditions, as well as a new software license designed to advocate for workers' rights. More specifically, any software project created under the terms of this license cannot be used by companies that break labor laws, per the language contained therein.
Monday's letter was signed by 50 tech employees altogether, including several from Google, urging Microsoft and GitHub not to remove the 996.ICU project from the GitHub site. Already, Chinese browsers from Tencent, Alibaba, and others have restricted or blocked access to the 996.ICU project, the Microsoft employees' letter said.
"We, the workers of Microsoft and GitHub, support the 996.ICU movement and stand in solidarity with tech workers in China. We know this is a problem that crosses national borders. These same issues permeate across full time and contingent jobs at Microsoft and the industry as a whole," the letter said.
Censorship
The 996 schedule has become a controversial topic. Jack Ma, the cofounder of Alibaba, recently described the 996 schedule last week as a "blessing" for young workers, according to Reuters.
A Microsoft employee who wished to remain anonymous told Business Insider that employees started this petition because they were concerned that Microsoft may be facing pressure to censor the project, in the wake of the alleged moves from Tencent and Alibaba.
"We must entertain the possibility that Microsoft and GitHub will be pressured to remove the repository as well," the letter said.
The Microsoft and GitHub employees who wrote the petition want to make sure that the project to keep the project remains uncensored and available to all, especially in China.
'
Developers outside China have supported this project as well. In less than a month, this project has garnered over 2,500 contributions from 533 developers. The project has also been starred nearly 230,000 times — a way for GitHub users to show their support or interest for a project.
Standing in solidarity
Pooya Parsa, an open source developer from Iran, helped translate the project to Persian. He said a "996" schedule is not common in Iran, but he has previously had experiences with overworking.
"I used to work on such schedule for 1 to 2 years which made serious health problems to me and stopping to pay attention to other daily living matters like family, body health and even improving programming skills," Parsa told Business Insider. "Forcing or even allowing developers to work on such schedule may help short-term success but it finally takes creativity, innovation, and motivation from them."
With this letter, employees hope to make a larger statement on labor standards around the world.
"Another reason we must take a stand in solidarity with Chinese workers is that history tells us that multinational companies will pit workers against each other in a race to the bottom as they outsource jobs and take advantage of weak labor standards in the pursuit of profit. We have to come together across national boundaries to ensure just working conditions for everyone around the globe," the letter said.
Join the conversation about this story »
A group of Microsoft and GitHub employees have come out in support of Chinese tech workers protesting the infamous '996' work hours (MSFT) posted first on http://lawpallp.tumblr.com
Facebook hired a top State Department lawyer to be its new general counsel (FB)
- Facebook has hired a new general counsel.
- Jennifer Newstead, a top lawyer at the US State Department, is joining the beleaguered social networking firm.
- She is replacing Colin Stretch, who has been planning to leave for nearly a year.
- Visit Business Insider's homepage for more stories.
Facebook has finally found a new general counsel — hiring Jennifer Newstead, a top lawyer at the US State Department, to fill the role.
The social network's previous general counsel, Colin Stretch, originally announced his intention to leave in July 2018. But as the California company lurched from scandal to scandal, he ended up staying on. He will continue to be with Facebook "through the summer to help with the transition," the company said on Monday.
Newstead most recently served as a legal adviser for the US State Department, "overseeing work on all domestic and international legal issues affecting the conduct of US foreign policy," Facebook said in a blog post announcing the news.
She joins Facebook at a time of extreme upheaval. Over the last two years the company has faced successive crises, from the Cambridge Analytica scandal to its role spreading hate speech that fueled genocide in Myanmar. Public attitudes towards big tech — and Facebook specifically — have soured accordingly, with increasing calls for stricter legislation or even antitrust measures.
"I'm excited to be joining Facebook at an important time and working with such a fantastic team," she said in a statement. "Facebook's products play an important role in societies around the world. I am looking forward to working with the team and outside experts and regulators on a range of legal issues as we seek to uphold our responsibilities and shared values."
On Monday, Facebook also announced a new vice president of global communications — John Pinette, the former VP of marketing and communications at Vulcan, who has also worked at Google and Bill Gates' Gates Ventures. He replaced Caryn Marooney, who announced her exit in February 2019.
Got a tip? Contact this reporter via encrypted messaging app Signal at +1 (650) 636-6268 using a non-work phone, email at rprice@businessinsider.com, Telegram or WeChat at robaeprice, or Twitter DM at @robaeprice. (PR pitches by email only, please.) You can also contact Business Insider securely via SecureDrop.
SEE ALSO: Watch Bill Gates tear up the dance floor at a Miami club
Join the conversation about this story »
NOW WATCH: Facial recognition is almost perfectly accurate — here's why that could be a problem
Facebook hired a top State Department lawyer to be its new general counsel (FB) posted first on http://lawpallp.tumblr.com
Friday 19 April 2019
Meet the programmer-turned-drummer-turned-lawyer who's helping open source startups stand their ground against Amazon's cloud amid a 'clash of ideologies'
- Open source licensing lawyer Heather Meeker, one of Business Insider's 100 people transforming business, has helped companies like MongoDB, Redis Labs, and Confluent write new software licenses.
- These companies changed their licenses in response to cloud vendors like Amazon Web Services selling the software they created -- which is completely legal.
- Meeker discusses the controversy around these licenses from advocates who say they go against the definition of open source.
- Meeker helps open source software startups find a middle ground as they strive to create a business model that works.
- See the full list of Business Insider's 100 people transforming business here.
Heather Meeker has seen her share of career changes. She's been a software programmer and a drummer in a rock band. Now, she's very likely the most prominent lawyer working specifically with the world of open source software.
She's made a name for herself as one of the top experts in the field, especially in the last year. Companies like MongoDB, Redis Labs, and Confluent turned to Meeker to help them write new, more restrictive licenses that prevent big cloud providers like Amazon Web Services, Alibaba, and Tencent from using their code freely.
She calls 2018 a "watershed year" for these new licenses, which sparked fierce debate in the open source software community. The companies in question argued that while it's completely legal for the big tech companies to take open source code and resell it as a commercial service for profit, it's not especially fair — especially since Amazon, in particular, is seen as not contributing enough code back to the open source communities in return.
"[These companies] were concerned about cloud providers free riding on their development efforts without sharing their modifications," Meeker told Business Insider. "They were concerned about sustaining a business and big companies were just using it for free and making a lot of money from making it available for others. They thought, that's a business problem for us."
The result, as we've seen over the last several months, is a dramatic industry-wide debate over the future of open source: Some companies have chosen to find new monetization models for open source, while others have doubled down and actually released their entire product line-up as open source code.
This all comes as investors flock to open source startups, in the wake of mega-deals like IBM's$34 billion acquisition of Red Hat and Microsoft's $7.5 billion GitHub buy.
Besides her licensing work, Meeker is involved in the startup scene as a founding portfolio partner at OSS Capital, a VC firm specifically aimed at commercial open source software startups. She helps these startups with their business and licensing models, helping them solve a problem that's now decades-old: How do you make money with a business built on free, open source software?
"I've always understood that you could make money doing open source development, but there were a lot of people who were really skeptical for a long time," Meeker said. "You can make money with an open source business very effectively if you plan it properly."
"Flavor of the month"
Meeker graduated from Yale in 1978 and spent the early '80s as a programmer. Her degree is in economics, but she learned to program on her own as a child, picking up some basics from her computer scientist father.
"I was a nerd. I love technology all my life," Meeker said. "I learned about it at an early age which at the time was very unusual."
After five years as a programmer, she says she became bored. At the time, she was developing accounting applications, and felt that she had hit a roadblock in her career. So instead, she pursued what she says was her first passion, and became a musician. She was a drummer and a leader of a band that played blues, college radio rock, and anything people wanted them to play.
It was a good time, she says, but it didn't pay the bills.
"It's easy to explain why I changed from being a musician to a lawyer," Meeker said. "I wanted health insurance. It was fun, but it was not a career. Compared to other lawyers, I deeply appreciate the practice of law as a career because I've been through something much more difficult. I have loved being a lawyer much more than I expected."
She went into law school at UC Berkeley, thinking she would combine law with music and entertainment to become an entertainment lawyer. But soon enough, she realized interesting things were cropping up in technology law, and she changed course.
As a lawyer, she started off doing intellectual property and licensing. It wasn't until a couple years later when she discovered the niche field of open source licensing — open source software is, by definition, free for anybody to use and modify, but licensing is a crucial element that controls what's allowed and what isn't, legally speaking.
"I set out to learn all I could about it," Meeker said. "In any organization, if you learn a little bit more than the person in the next office, you're the expert. Then they came to me with questions, so I learned more about it. Open source to me is really an interesting thing to focus on."
Meeker expected open source to be like a "flavor of the month;" a fad that would eventually disappear. But it never did.
'A clash of ideologies'
Today, using open source is the rule in the modern software industry, rather than the exception, Meeker says. The world is embracing open source, and more clients have asked her about it. They wanted to use open source software, but they weren't sure how — and when she first started, most corporate counsels simply advised clients to stay away.
"I thought there has to be a better answer than 'no,'" Meeker said. "I thought there has to be a 'yes, if.' That's how I started my practice by trying not to say no. If you want to be a good business lawyer, you have to give your clients more practical and nuanced advice."
Generally, her clients want to make sure they're in compliance with open source licenses when they use or modify the code. Some clients want to learn how to set up a foundation to run an open source project of their own, or they may have a dispute over the interpretation of a license. Lately, she's been involved in writing new software licenses.
"Most open source licenses don't have any requirements until you distribute the software," Meeker said. "The advent of cloud computing has changed how people deploy software. A lot of people are asking what is that activity that invokes distribution of open source. There is some sort of doctrinal ambiguity about it."
These new licenses have been controversial, as free software activists argue that some of the licenses she's helped write go against the definition of open source. Meeker says she cannot comment on her clients directly, but that she only does what she's been asked to do.
More broadly, Meeker says, open source startups are only seeking new ways to protect their business, and that change always comes as a shock to any community.
"Some software that was previously open source became not open source, so people didn't like that," Meeker said. "There was also a clash of ideologies. You have some people who are free software advocates who object to anyone who uses anything but a free software license, and you have businesses saying we can't sustain a business with a free software license."
A problem, she says, is that advocates, developers, and businesses may all have different ideas on what open source should be. For those advocates, open source is an ideal, while developers find it to be an easier way to work together on large software projects. Open source software-based businesses have to balance these principles, while also finding ways to make money.
In theory, these "ideologies," can't meet, Meeker says, but in practice, they're combined all the time. For example, most of these companies follow a so-called "open core model," which means that they have a free version of their software, and sell an enterprise version that carries more features for businesses and other power users.
Meeker says that it's important to find these moments of balance as a way to grow the overall open source community, commensurate with its outsized impact in the world.
"In open source world, there's a lot of philosophical debate that gets very contentious," Meeker said. "While it's important to air ideas and have debate, to people outside who are looking in and are not thinking about open source issues everyday, it's very confusing and concerning to them. I would like to see open source be a big tent instead of a little tent."
Join the conversation about this story »
NOW WATCH: Watch Google's Stadia video-game-platform event in 5 minutes
Meet the programmer-turned-drummer-turned-lawyer who's helping open source startups stand their ground against Amazon's cloud amid a 'clash of ideologies' posted first on http://lawpallp.tumblr.com
Thursday 18 April 2019
Facebook may have broken the law by harvesting 1.5 million users' email contacts, experts say (FB)
- Facebook harvested 1.5 million users' email contact data without their consent, Business Insider revealed on Wednesday.
- In doing so, Facebook might have violated US and EU laws, experts say.
- The social network says it unintentionally collected the contacts and is now deleting them.
- It is already under investigation by US regulator the FTC for potentially violating a consent decree.
Facebook harvested 1.5 million users' email contact data without their consent, and experts say that in doing so the company may have violated American and European Union laws.
On Wednesday, Business Insider revealed that the California social network had since May 2016 been scraping some new users' email contact books after asking for their email passwords to "verify" their accounts. Around 1.5 million users ultimately had their data taken without permission; Facebook says this was done "unintentionally" and it is now deleting the data.
Experts speaking to Business Insider on Thursday said that they believed Facebook's actions had potentially violated multiple laws — including a US FTC consent decree, the EU General Data Protection Regulation (GDPR) — the European Union's data privacy regulation — and while there would likely be a strong defence for Facebook, perhaps even the Computer Fraud and Abuse Act (CFAA), a US criminal statute involving computer fraud and abuse.
If their theories are accurate, and regulators ultimately decide to take action against Facebook over the issue, then it could further exacerbate the legal headaches facing the company, which has been battling scandals on multiple fronts for the past two years — from Cambridge Analytica's misappropriation of tens of millions of users' data to the social network's role spreading hate speech that fueled genocide in Myanmar.
A Facebook spokesperson declined to comment.
Facebook is already under investigation by the FTC
Since 2011, Facebook has been subject to a consent decree by US regulator the FTC (Federal Trade Commission), after it settled charges that alleged it had misled users over privacy issues. The FTC is now investigating Facebook over its subsequent privacy practices, namely the Cambridge Analytica scandal. The FTC is inquiring whether the incident violated the 2011 consent decree, and is reportedly close to negotiating a settlement with Facebook that may be in the billions of dollars.
Ashkan Soltani, a former chief technologist for the FTC, said he believed Facebook's actions with users' email contacts may itself have broken the terms of the consent decree if it was using the data. "In my opinion, Facebook's collection and use of users' address books would be another clear violation of the Consent decree and merit an investigation," he said.
"The FTC enforces unfair and deceptive trade practices. On its own, downloading and using users' address books under a deceptive pretext of 'security' would constitute a deceptive practice, even IF the company wasn't under order," he said, speaking in the abstract.
Dina Srinivasan, a Yale Law graduate who recently wrote a paper called "The Antitrust Case Against Facebook," argued that the company's behavior was potentially illegal "on the grounds that Facebook was deceiving consumers when it came to their data and privacy. This can be a violation of 3 things. (1) Federal antitrust laws. (2) Unfair competition laws which every state has a version of. (3) The FTC consent decree."
That said, it's not yet clear whether the FTC will ultimately attempt to take any action against Facebook on this issue, and a spokesperson for the organization didn't respond to a request for comment.
"There are so many different potential violations at this point that I don't know that FTC will investigate this latest ... particularly because it's under a lot of pressure to act on the Cambridge Analytica [incident]," said Sally Hubbard, the director of enforcement strategy at the Open Markets Institute, a research and advocacy group that focuses on issues around corporate power.
She explained that, even if this did constitute a violation, it would be difficult to investigate. "Once there's a revised consent decree in place, it will be hard for the FTC to go back and investigate any misconduct that came before it (depending on the terms of the negotiated agreement settling the claims — it likely will resolve all liability for violations up to the date it's agreed to)."
The Silicon Valley firm could face trouble in Europe too
In May 2018, the European Union started enforcing GDPR, its tough new data protection legislation. Facebook hasn't yet said if any of the affected users signed up in Europe after that data, but it seems extremely likely — in which case some believe Facebook may have fallen afoul of GDPR.
"It is especially problematic because it was not just data of the user being verified that was ... processed, but the personal data of their contacts too," London-based data protection researcher and Alan Turing institute fellow Michael Veale said in an email.
"It might just have been 1.5m users that were directly affected, but considering the number of unique emails that were harvested and the network information linking them, the total number of individuals affected is likely in the hundreds of millions."
He suggested there may have been multiple breaches of the law, including not informing users, and processing people's data for advertising purposes without informing them. "This could be construed as a general security breach, as Facebook were not aware their system was effectively compromised," he added.
The Irish Data Protection Commission, which is responsible for regulating Facebook's data practices in the EU under GDPR, said it's now in contact with Facebook over the issue and is considering its next move.
"We are currently engaging with Facebook on this issue and once we receive further information we will decide what steps to take," said Graham Doyle, the head of communications at the Irish DPC.
The question of intent
Julian Sanchez, a senior fellow at the Cato Institute, discussed the possibility that Facebook had potentially violated the Computer Fraud and Abuse Act — which would veer into criminal territory.
"It's an offense under 18 USC 1030 to, among other things, intentionally exceed authorized access to a protected computer. A 'protected computer' is, for practical purposes, any computer connected to the Internet," he said. "So with respect to Facebook's access to users' e-mail contacts, the relevant questions are whether there's any viable argument that it was 'authorized,' which seems like a very hard sell when it's represented as being specifically for the purpose of authentication, and if not, whether the access in excess of authorization was intentional."
He added: "If we were talking about a rapidly-corrected coding mistake that had removed language about scraping the user's contacts, you'd have a plausible case for saying this was access in excess of authorization, but not intentional. But that becomes more difficult to buy the longer they were doing it."
Facebook says that the action was purely unintentional — that it previously notified users that it would be accessing their contacts, but a change inadvertently stripped that warning out. Such an argument would be a defense under the CFAA.
"Can they plead incompetence? In principle, though boy is that embarrassing," Sanchez said. "You'd need to look through internal correspondence to see whether anyone noticed the issue and Facebook decided not to fix it."
Got a tip? Contact this reporter via encrypted messaging app Signal at +1 (650) 636-6268 using a non-work phone, email at rprice@businessinsider.com, Telegram or WeChat at robaeprice, or Twitter DM at @robaeprice. (PR pitches by email only, please.) You can also contact Business Insider securely via SecureDrop.
Read more:
- Car-bomb fears and stolen prototypes: Inside Facebook's efforts to protect its 80,000 workers around the globe
- Facebook quietly killed its Building 8 skunkworks unit as it reshuffles its cutting-edge experiments and hardware
- Leaked Andreessen Horowitz data reveals how much Silicon Valley startup execs really get paid, from CEOs to Sales VPs
Join the conversation about this story »
NOW WATCH: Wearable and foldable phones are shaking up tech, making 2019 the year of weird phones
Facebook may have broken the law by harvesting 1.5 million users' email contacts, experts say (FB) posted first on http://lawpallp.tumblr.com
Facebook updated a blog post and said the number of unencrypted Instagram user passwords was in the 'millions' not its previous estimate of 'tens of thousands' (FB)
- Facebook has stored millions of Instagram users' passwords in an unencrypted format easily readable by its employees for years.
- The news came on Thursday by way of an update to an existing company blog post, which in March, announced that unencrypted passwords for hundreds of millions of Facebook and Facebook Lite users had been accessible on its internal servers.
- At the time, the company also said the same issue affected "tens of thousands" of Instagram users.
- On Thursday, that number was updated to "millions."
- Visit BusinessInsider.com for more stories.
Facebook has stored millions of Instagram users' passwords in an unencrypted format easily readable by its employees for years, the latest in a series of high-profile security missteps committed by the Silicon Valley giant.
The news came on Thursday by way of an update to an existing company blog post, which in March, announced that unencrypted passwords for hundreds of millions of Facebook and Facebook Lite users had been accessible on its internal servers. At the time, the company also said the same issue affected "tens of thousands" of Instagram users.
On Thursday, that number was updated to "millions."
Facebook said that since its previous post — on March 21 — it had discovered "additional logs of Instagram passwords being stored in a readable format," but that its "investigation has determined that these stored passwords were not internally abused or improperly accessed."
The company said it would notify affected users.
Back in March, Facebook said it discovered the vulnerability during a "routine security review" at the beginning of the year. The cybersecurity journalist Brian Krebs said the issue existed as far back as 2012.
The incident adds to a long line of serious scandals and crises to wrack Facebook over the past two years — many of which have been security- or privacy-related. Just yesterday, Business Insider discovered that the tech giant had been harvesting the email contacts of 1.5 million new users without their knowledge or consent.
Join the conversation about this story »
NOW WATCH: We tried the Samsung Galaxy S10 to find out if it's worth the $1,000
Facebook updated a blog post and said the number of unencrypted Instagram user passwords was in the 'millions' not its previous estimate of 'tens of thousands' (FB) posted first on http://lawpallp.tumblr.com