News & Commentary

13March

Appeals Court Rules on Twitter’s Role in “Material Support” of Terrorism

By Quandary Peak Research

An appeals court ruled in agreement with a lower court in January 2018 that Twitter was not liable for the deaths of two American military contractors, killed by a terrorist in Jordan in 2015. The ruling is the latest repudiation of the notion that social media services are willingly providing support to international terrorist groups – the court ruling says they’re not.

Background

Lloyd “Carl” Fields Jr. and James Creach were among multiple victims shot and killed by a Jordanian police captain-turned-terrorist at a training center for law enforcement in Amman, where Fields and Creach were working as military contractors. The lawsuit, brought by the estates of both victims, alleged that Twitter violated the Anti-Terrorism Act, having for years “knowingly permitted the terrorist group ISIS to use its social network as a tool for spreading extremist propaganda, raising funds, and attracting new recruits.”

The Brookings Institute released research in 2015 that, for the first time, cataloged and profiled ISIS-supporting Twitter accounts. The research indicated a minimum of 46,000 ISIS-supporting Twitter accounts and pegged the maximum at 70,000. While the findings acknowledged Twitter was actively suspending pro-ISIS accounts, the study “saw evidence of potentially thousands more.”

Pro-ISIS users account for a modicum of Twitter’s overall user base, but they have a propensity for reaching exponentially larger numbers of people by going viral. The Brookings report indicated that the high rate of tweets from between 500 to 2,000 ISIS-related accounts “…drives the success of ISIS’s efforts to promulgate its message on social media…short, prolonged bursts of activity cause hashtags to trend, resulting in third-party aggregation and insertion of tweeted content into search results.”

A Look at the Litigation

Fields v. Twitter has been dismissed twice; it was initially heard by a US District Judge in August 2016. In neither instance did the […]

Comments (0)|Read more

5March

Comcast Accused of Demanding Punitive Compensation from Rival

By Quandary Peak Research

Wave Broadband, a rival of telecom giant Comcast, has filed a complaint with the FCC, accusing the company of demanding “a punitive ransom totaling nearly $3.5 million” in order to continue airing Comcast-owned sports programming. It is the latest in a series of grievances taken to the FCC by Comcast’s competitors, who argue that the cable company’s price demands force them to raise their own prices for their customers, giving Comcast an unfair competitive advantage.

The Case So Far

Wave, which serves almost half a million subscribers and is Comcast’s largest cable competitor in Washington, Oregon, and California, filed the complaint against NBCUniversal and three Comcast-owned Regional Sport Networks (RSNs) in December 2017, alleging they withheld “must-have regional sports programming” and demanded compensation for access to content they were obligated to provide.

According to Wave, these withholdings “blatantly [violated]” Section 548(b) provisions, which are designed to “promote the public interest, convenience, and necessity by increasing competition and diversity in the multichannel video programming market” by prohibiting cable providers from deceiving, or using unfair methods, to prevent distributors from providing programming to consumers. Wave is asking for refunds and damages to the tune of $3,480,710.54 – the exact amount, plus interest, for the payments it made from July to December 2017 – as well as for the FCC to declare specific contract provisions null and void.

Responses

NBCUniversal, a subsidiary of Comcast, petitioned the FCC in January to throw out the complaint, arguing that a recent merger between Wave and nationwide broadband service provider RCN/Grande (which closed on January 24) means RSN distribution will be “governed by [the terms of the RCN] agreement”. Comcast also argued that the […]

Comments (0)|Read more

22February

Trade Secrets and Cover-Ups: The Case of Waymo vs. Uber

By Quandary Peak Research

In February 2017, Waymo filed a lawsuit in San Francisco federal court against Uber, alleging theft of trade-secrets related to Waymo’s self-driving car technology. The lawsuit, full of twists and turns, was settled earlier this month, with Uber agreeing to pay $245 million in shares to Alphabet (Google), Waymo’s parent company.

Below we’ll take look back on the facts of the case and examine the implications of the settlement, particularly given both companies’ desire to dominate the self-driving market.

The Allegations

Waymo, Google’s spun-off self-driving car project, and Uber, the ride-sharing giant with autonomous car ambitions of its own, were the main parties in the lawsuit. Waymo alleged that Anthony Levandowski, a former Google engineer and expert in the field, downloaded 14,000 files from Google’s system a month before leaving the company in January 2016. Waymo argued that Levandowski used the content from those files to launch Otto, his self-driving truck startup. Uber entered the picture seven months later, when they purchased Otto for a reported $680 million.

Waymo claimed that the files allegedly downloaded by Levandowski contained highly-secretive, proprietary design information. The company became aware of the suspected misconduct when it was copied on an email chain from a supplier that contained design information about Uber’s lidar (short for ‘light detection and ranging’) technology – designs that bore “a striking resemblance” to Waymo’s designs, to the point of patent infringement.

Waymo accused Otto and Uber of stealing their intellectual property in order to “avoid incurring the risk, time, and expense of independently developing their own technology…[netting] Otto employees over half a billion dollars and [allowing] Uber to revive a stalled program” at Waymo’s expense. They also accused other former Google employees of downloading supplier lists, manufacturing details, and technical information before defecting to Otto at Levandowski’s […]

Comments (0)|Read more

29January

Lawsuit alleges Apple Pay Patent Violation

By Quandary Peak Research

Kenneth Weiss, the former CTO and Chairman of the Board at RSA Security, sued Apple Inc. and Visa in May 2017. Mr. Weiss is the founder of Universal Secure Registry (USR) and the inventor of RSA’s SecurID technology, and he is alleging that Apple Pay violates various patents he owns related to encryption technology. Below, we’ll examine the history surrounding the case and its implications.

The History

Mr. Weiss, who founded Secure Dynamics in 1984 and was its chairman until 1996 (when the company acquired RSA Data Security), holds 13 patents for various authentication systems he invented. Most of these patents are in security and encryption, specifically relating to smartphones, fingerprint identification, and token systems for secure financial transactions. He founded USR with the mission “to be the enabling technology of the cashless society by licensing its proprietary authentication and identification software technology, entering into strategic alliances and cooperatively supporting third parties implementing USR technology”.

Starting in mid-2010, Mr. Weiss states he had multiple meetings with Visa higher-ups to discuss a commercial implementation for his technology, culminating with Visa signing a 10-year nondisclosure agreement for access while also assigning engineers to understand its ins-and-outs. Mr. Weiss says he wrote to Apple multiple times beginning in July 2010, offering the opportunity to license the technology for their use. He alleges that both companies then ceased to communicate with him – Apple never responded to his query, and Visa never secured a license for commercial use. Three years later, Visa, Apple, and other major credit card companies worked together to create the Apple Pay technology, which was released to the public in 2014.

The Lawsuit

The lawsuit argues that Apple Pay violates four specific patents (all of which are foundational to the platform) relating to technology invented by Mr. Weiss and held by […]

Comments (0)|Read more

4January

Net Neutrality, Repealed – What to Expect Ahead

By Quandary Peak Research

The FCC’s recent repeal of net neutrality regulations has provoked strong reactions from free speech advocates, corporations, politicians, and everyday internet users alike, making it difficult to separate the facts from the bluster. We’ve outlined the case for net neutrality before, so in this piece we’ll examine the legal elements of the repeal, review the arguments for and against net neutrality, and examine what lies ahead.

What, Exactly, Does the Repeal Cover?

The net neutrality repeal rolls back Obama administration-era rules from 2015, which allowed the FCC to treat broadband as a utility under Title II of the Communications Act. This characterization enabled the FCC to prohibit the following actions, which it deemed harmful to the open internet:

• Blocking – discriminating against lawful content by blocking websites or apps
• Throttling – slowing data transmission for legal content based on the nature of said content
• Paid Prioritization – no fast lanes for customers who pay a premium, and no slow lanes for those who don’t

The Arguments

The argument for net neutrality (defined in basic terms as the open and indiscriminate movement of content over a network) revolves around equality—giving Americans equal access to content and equal ability to pursue their objectives online. One of the key concerns of net neutrality supporters is that Internet Service Providers (ISPs) like Comcast and AT&T will become, in the words of the New York Times’ Cecilia Kang, “gatekeepers to information and entertainment”. Major technology companies like Google, Facebook, and Amazon are among the biggest supporters of net neutrality. They argue the repeal will give ISPs the ability to block services, prioritize content, and create ‘slow and fast lanes,’ ultimately undermining the capacity for innovation that drives so much of the internet.

On the other side of the argument, the repeal supporters—most prominently large telecom companies like […]

Comments (0)|Read more

16November

Supreme Court to Hear Landmark Cellphone Surveillance Case

By Quandary Peak Research

In what could arguably be labeled as one of the most consequential Supreme Court terms in decades, one particular case stands out within the realm of technology and privacy: Carpenter v. United States, No. 16-402.

This case looms large as the Supreme Court seeks to determine the extent to which cell phone records can be used by law enforcement agencies to charge someone with a crime or to build a case against them. One lawyer working the case called it “one of the most important Fourth Amendment hearings in generations,” which is no stretch of the imagination—the case could ultimately set the standard for law enforcement in the digital era as it examines and debates modern surveillance law. The key detail in this case is whether law enforcement can legally obtain information regarding an individual’s cell phone location data, which is kept by cellphone companies and generally regarded as private.

The Case

The plaintiff, Timothy Carpenter, was convicted in multiple armed robberies over a period of two years. A co-conspirator in the case confessed and passed along cell phone numbers to law enforcement from multiple conspirators, including Carpenter’s. The government applied for three different court orders for cell-site records pertaining to the numbers, including “at call origination and at call termination for incoming and outgoing calls” for Carpenter’s phone. This data was used to depict Carpenter’s movements over multiple months, which placed him at ranges of half a mile to two miles from the robberies at the time they occurred. Mr. Carpenter is arguing that prosecutors failed to obtain a warrant for the information, violating his Fourth Amendment rights against unreasonable searches and seizures.

Legal Precedent

Recent Supreme Court rulings have limited the ability of law enforcement and government to track potential suspects via cell phones and location data. United States […]

Comments (0)|Read more

28June

How Viable are VPNs for your Online Privacy Needs?

By Quandary Peak Research

In a recent piece on internet privacy legislation, Quandary Peak’s editorial team addressed the Congressional vote in March to overturn Obama-era internet privacy laws. In short, the new law gives telecommunications companies greater flexibility in how they can track, collect, and sell customer data. From a consumer standpoint, the implications of this legislation may largely depend on one’s Internet Service Provider (ISP)’s specific policies – and whether those policies may change as a result of the new law.

In reality, a majority of consumers will be unaware and/or indifferent to this shifting landscape in online privacy rules. But for those increasingly concerned about the issue, part of the narrative has shifted to whether VPNs (virtual private networks) can be a potential solution for restoring a lost layer of privacy.

VPNs have long been used by businesses to allow employees in remote/foreign locations to connect to a business’s private computer network. VPNs have steadily become more mainstream for private citizens, but remain unfamiliar to a vast swath of internet users. This unfamiliarity begs a number of questions: what, exactly, are VPNs? What are their advantages and disadvantages? Are any VPNs a cut above the rest? And, if a person is concerned about their online privacy, is a VPN an adequate solution?

What is a Virtual Private Network (VPN), and How Does it Work?

A virtual private network (VPN) is a service that allows a user to connect to the internet over a public network as if it were a private network. A common analogy is to consider a tunnel that links a user’s computer directly to a server operated by the VPN provider. When a request is sent for information (like entering a website address), it is ‘funneled’ through the VPN’s secure connection, and the information is sent back through the same private […]

Comments (0)|Read more

10May

A Briefing on Internet Privacy Legislation (2017)

By Quandary Peak Research

On March 28, 2017, Congress voted to overturn Obama-era internet privacy laws that were scheduled to go into effect later this year. As one of their first orders of business under President Trump, Congress targeted the FCC rule that required Internet Service Providers (ISPs) to “protect the privacy of their customers…[ensuring] broadband customers have meaningful choice, greater transparency and strong security protections for their personal information collected by ISPs (emphasis ours).”

The goal of the Obama-era legislation was to provide customers with the information and tools needed to make informed decisions about the use and sharing of personal information. In many cases, that meant having some power in restricting an ISP from collecting browsing history data and selling that information on the open market (mainly to advertisers).

In order to understand the new legislation, it is worth taking a look at how the now-repealed Obama-era regulations were structured, essentially on three tiers:

Opt-in

Internet Service Providers were “required to obtain affirmative ‘opt-in’ consent from consumers to use and share sensitive information.” Sensitive information that could not be collected or shared without a customer’s approval included “precise geo-location, financial information, health information, children’s information, social security numbers, web browsing history, app usage history and the content of communications. ”

Opt-out

ISPs “would be allowed to use and share non-sensitive information (our emphasis) unless a customer ‘opts-out.’” Email addresses or other “service tier” information was considered non-sensitive, and “use and sharing of that information would be subject to opt-out consent, consistent with consumer expectations. ”

Exceptions to Consent Requirements

Exceptions existed when pertaining to basic services related to a consumer opening and maintaining an account with the broadband service, including “the provision of broadband service or billing and collection.”

The rules also included transparency requirements, rules that required broadband services to utilize “reasonable data security practices,” and […]

Comments (0)|Read more

27February

Code is Tricky, Part 2: Source Code Never Runs

By Jason Frankovitz

Every software expert at Quandary Peak regularly reads and analyzes large volumes of source code, and while understanding the specific programming language can help, it’s not the only skill we bring to a project. Knowing the unique qualities and nuances that apply to programming code can be the difference between winning and losing a trial. In this eight-part series of posts I’ll describe a few of the unintuitive aspects of source code that experts have to keep in mind when working on your case.

Source Code Never Runs

Like attorneys, software programmers are in the business of technicalities, where small distinctions can sometimes make a big difference. This is particularly important in software patent cases, which can often hinge on very minor, esoteric aspects of code (very minor to a non-computer-scientist, at least.) One of those potential trivialities is the distinction between the code written by programmers and what instructions the computer executes. As we shall see, virtually all the code written by programmers never runs on any computer. How is this possible? To explain this apparent contradiction, we need a bit of history.

Computers prefer numbers

Alan Turing was an early computer scientist who was instrumental in the Allies’ World War II victory. Seventy years ago he theorized a device, now called a Turing machine, that could read and write limitless numbers on an endless paper tape, to complete arbitrary mathematical tasks.

Later, in the 1970s, the first build-it-yourself home computer, the Altair 8800, was great at mathematical tasks, but not so great at inputting them: it had no keyboard. To enter a number into the Altair, you had to look up which switch positions on the front panel represented the number you wanted to enter, flip the switches accordingly, then flip a final switch to commit the number into memory.

Comments (0)|Read more

10February

Code is Tricky, Part 1: Dead Code

By Jason Frankovitz

Every software expert at Quandary Peak regularly reads and analyzes large volumes of source code, and while understanding the specific programming language can help, it’s not the only skill we bring to a project. Knowing the unique qualities and nuances that apply to programming code can be the difference between winning and losing a case. In this eight-part series of posts we’ll describe a few of the unintuitive aspects of source code that experts have to keep in mind when working on your case.

What is dead code?

Dead code is source code that is present in the program but doesn’t actually get used by the program. It’s not uncommon for a software product to have hundreds of thousands (even millions) of lines of code, and not all of them are used every time they’re run. Essentially, there are two situations which can result in dead code: one, if a condition required to run a piece of code is never fulfilled, or two, if the program provides no execution path into the code. In both cases the code exists in the program, but the program never executes it, resulting in dead code.

Unsatisfied conditions

For the first situation, here’s an oversimplified example to illustrate the mechanism:

Code can be dead because of unsatisfied conditions

Above, if the $DAY_OF_WEEK variable has the value of “Monday” or “Friday”, either the complain_about_work or the make_dinner_reservations method will run. The method infringe_valuable_patent will never run because there’s no such day as “Kronsday”. Because the condition to execute the patent-infringing code will never be true, the infringe_valuable_patent method will never run; it is dead code.

No route to execution

With just a small change we can illustrate how the second […]

Comments (0)|Read more