August 18, 2021
"Hackers claim to have obtained the data of 100 million people—including sensitive personal information."

Why this is important: Earlier this week, reports began leaking that T-Mobile had suffered a data breach related to 100 million people. According to the article, this may be the sixth breach T-Mobile has suffered in four years. What makes this breach different from most breaches being reported today is the amount of information about each person and the fact that it's collected and organized. News of the breach began when an unknown person started advertising on the dark web that the information was harvested and included names, physical addresses, phone numbers, Social Security Numbers, driver's license numbers and International Mobile Equipment Identity ("IMEI") numbers (a unique identifying number tied to each mobile device). While some of this information likely already has been compromised for many people, IMEI numbers likely have not. The fact that the compromised information ties a particular IMEI number to a specific person along with other identifying data about that person makes it easier for a threat actor to perpetrate a more sophisticated and authentic-looking SMS-based phishing attack or identity theft. T-Mobile has confirmed that an incident occurred and still is investigating whether it can confirm that any customer data was compromised. In the meantime, the individual claiming to have the data has offered a portion of it for sale for $280,000. --- Nicholas P. Mooney II
"A 2007 concept car from Nissan could sense alcohol on the shifter or in the air, and also monitored the driver for signs of drunken driving."

Why this is important: On August 10, 2021, the U.S. Senate passed the Infrastructure Investment and Jobs Act. Included within the Act is a provision that mandates passive technology in all new cars to prevent impaired drivers from operating the vehicle. The legislation requires the Secretary of Transportation to issue a final rule prescribing a safety standard for the new technology within three years of the enactment of the Act. To allow auto manufacturers time to implement the requirements, the compliance date of the rule shall not be earlier than two years and not more than three years from the date the rule is issued. This can be extended by the Secretary of Transportation.

The bill's language does not specify what type of technology must be utilized. Such technology may include camera-based monitoring systems, alcohol odor sensors and vehicle operational behavior. This is not the first time that these systems have been discussed as Nissan unveiled a concept car, which contained multiple preventive features to combat impaired driving, in 2007. That same year, Toyota announced it was developing cars with sensors to detect alcohol.

Supporters of the legislation include Mothers Against Drug Driving. Critics of the legislation have expressed concerns that the language is too vague and does not specify what type of technology auto manufacturers will be required to install. The U.S. House still must approve the measure. --- Annmarie Kaiser Robey
"At present it takes several scans to diagnose dementia and scientists have claimed the new technology could help improve the quality of life for patients."

Why this is important: Cambridge University has developed an artificial intelligence system that may shorten the time required to diagnose dementia, which often is difficult to assess early. Dementia of all types is becoming a leading source of death in developed countries. Diagnosing the condition earlier often leads to a longer life and better quality of life. Cambridge researchers have developed a scan that, using AI, can predict dementia very early--when treatment is available and, for the most part, effective. Preclinical trials will begin shortly in England on 500 patients. --- Hugh B. Wellons
"The ruling could have significant ramifications for carriers given the growing prevalence of BIPA class-action lawsuits and the resulting settlements."

Why this is important: This case highlights the importance of the language in insurance policy provisions. This lawsuit was brought by customers of a tanning salon who alleged the salon violated BIPA by capturing biometric information about them and sharing that information with a third party vendor. The salon's insurer sought to avoid coverage by arguing (1) the lawsuit didn't involve a "personal injury" or "advertising injury" as the policy required and (2) the policy excluded coverage for violation of statutes that prohibit the transmission, distribution or communication of information. The insurer's first argument didn't prevail because the court found that an advertising injury could be implicated in the class action as the salon providing the information to the third party vendor could qualify as a "publication" of that information, a requirement under the policy. The insurer's second argument didn't prevail as the court found that a violation of a statute only was excluded if the statute involved "communications" and that BIPA involved "the collection, use, and safeguarding of biometric information." The result is the insurer is on the hook to defend the salon in the BIPA class action. With the increasing number of BIPA cases being filed and the dollar figures sometimes involved in them (one involving a $650 million settlement earlier this year), insurers likely will be reviewing their policy language to address BIPA claims and damages. --- Nicholas P. Mooney II
"One day your doctor could prescribe drugs based on how a biochip version of you reacts to them."

Why this is important: All your health information in one place--where it is needed and ready to be scanned by your health care provider that day. How exciting! What could go wrong? That was the concern five years ago. Now, we are approaching availability of an embedded chip with our actual DNA and responses to medications. Presumably, this will allow testing of possible medications on the chip to determine what will be both safest and most effective for that individual. Of course, it also will provide a lot of personal health information for the medical facility using that chip. The article explains how this is being developed. This looks to me to be at least 10 years away. It also demonstrates how close we are to personalized medicine, with both the health benefits and the near complete loss of any health privacy. Caveat emptor. --- Hugh B. Wellons
"Sports and cryptocurrency executives say sponsorships are growing, with some worth seven or eight figures a year."

Why this is important: Rising in popularity during the pandemic, crypto companies are sponsoring sports franchises in an effort to become a “mainstream speculative asset.” The crypto companies are pumping money into a sector of the economy that was hit hard during the pandemic and in return are gaining legitimacy from these sponsorships. However, as some of these sponsorships are set to last several years, major issues could arise. For example, the regulatory uncertainty surrounding digital assets means they are not guaranteed to exist throughout the entire period they are obligated to be a sponsor. One thing is certain--by partnering with sports franchises and getting exposure to the franchises’ respective fan bases, these crypto companies have taken a large step toward becoming a mainstream speculative asset. --- Kellen M. Shearin
"The Biden administration reportedly isn’t interested in applying the Senate infrastructure bill's definition of 'broker' to miners, validators, and developers."

Why this is important: The U.S. Senate recently passed an infrastructure bill that includes a provision related to cryptocurrency actors. It defines "any person…who is responsible for and regularly provides and services effectuating transfers of digital assets" as a broker who is required to file 1099 forms with the IRS on behalf of customers. The problem is some of the actors in the cryptocurrency space, like miners, wallet providers, and validators of transactions, may meet that definition but have no way of obtaining and reporting the required information. Two competing amendments were introduced to revise the broker definition, but neither made it into the final version of the bill. The Senate ultimately passed a bill that requires some actors to comply with reporting requirements in circumstances where it's impossible for them to comply. The Biden administration is being quoted as saying it's "silly" to think "they'd apply third-party tax reporting rules to entities like miners that aren't actually brokers…" That's less than comforting when the language of the bill appears to require those actors to report. The bill now goes to the House of Representatives where it hopefully will be revised to clarify "broker" and eliminate this problem. --- Nicholas P. Mooney II
"Researchers at ETH university in Zürich have produced nanocrystals made of two different metals using an amalgamation process whereby a liquid metal penetrates a solid one."

Why this is important: Alchemy fascinated me in my youth, until I realized that, except in rare circumstances (nuclear reactions!), you cannot change one element into another. Modern "alchemy" may be "amalgamation." This was a technique used in gold mining 150 years ago. It involves using mercury, or other liquids, to melt away or combine certain other metals, leaving the desired metal behind. The article explains how a similar process now is used to make faster and more efficient circuit boards. In this case, they are using amalgamation to create lattices of different metals on a nano-scale. This could have many implications in medical devices, allowing them to be smaller and possibly more efficient. --- Hugh B. Wellons
"The allegation referring to increased robo calls and 'spoofing' (most commonly known as phishing) emails is often overlooked or maybe more correctly, not connected to data breaches, in many of these lawsuits."

Why this is important: A recent class action filed in federal court in New York provides a warning to refuse operators that they have a duty to safeguard their customers' information. The lawsuit alleges that a breach occurred in January 2021, but the refuse company did not report this breach to customers until four months later in May 2021. The plaintiffs rely on theories of liability that are common to data breach lawsuits: negligence, breach of contract, and violation of statutes. The article points out the unique aspect of this lawsuit. The plaintiffs left no stone unturned in creating a laundry list of potential damages they allege they have suffered or are likely to suffer, including, in addition to those mentioned above, the costs associated with the time spent and loss of their own productivity in addressing, monitoring, mitigating, and dealing with the consequences of the breach. --- Nicholas P. Mooney II
"Such a national deterrence strategy would make networks harder to breach, hit back harder against hackers and claw back gains from those who succeed."

Why this is important: This article discusses strategies that individual companies and the government might take to counter ransomware attacks. It is a nice summary, although not anything new. A few weeks back, we quoted a Wall Street Journal article that suggested that the U.S. government copy a strategy from The Barbary War and late 16th and early 17th century British history. That article explained that Letters of Marque or specific "privateering" laws could allow U.S. hackers three things: immunity; "eat what you kill;" and, in some cases, an award for taking down certain named ransomware sites and culprits. Provide incentive to the market! Perhaps Congress could provide a fund and general parameters, and allow one of the intelligence agencies to experiment with different plans. Whatever we do, we need to be both relentless and creative in attacking this threat. --- Hugh B. Wellons
IP Basics Part II: What is a Trademark or Servicemark?

In our last issue, we provided a brief primer on patents. For the second part of our Intellectual Property series, we take a look at trademarks. Trademarks are not generally considered "technology", but the U.S. Patent and Trademark Office ("PTO") is charged with administering them along with patents. Certainly, technology startups must be aware of both of these types of Intellectual Property.

We dive into what trademarks and servicemarks are here.
Thank you for reading this issue of Decoded! We hope you found the information timely and useful. If you have topics you would like us to cover or would like to add someone to our distribution list, please email us.

Nicholas P. Mooney II, Editor of Decoded and Chair of Spilman's Technology Practice Group
This is an attorney advertisement. Your receipt and/or use of this material does not constitute or create an attorney-client relationship between you and Spilman Thomas & Battle, PLLC or any attorney associated with the firm. This e-mail publication is distributed with the understanding that the author, publisher and distributor are not rendering legal or other professional advice on specific facts or matters and, accordingly, assume no liability whatsoever in connection with its use.
Responsible Attorney: Michael J. Basile, 800-967-8251