March 31, 2021
"Binance, which has an office in Singapore but says it lacks a single corporate headquarters, hasn’t been accused of misconduct and the investigation may not lead to an enforcement action."

Why this is important: Interest in cryptocurrency is exploding, and investors are seeking out exchanges on which they can buy, sell, and trade this new asset class. But, these exchanges have to be mindful of laws affecting their operations. The United States Commodity Futures Trading Commission ("CFTC"), for example, has taken the position that cryptocurrencies are commodities and exchanges and must register with the agency. That means that these exchanges either must register and become subject to U.S. oversight or take steps to block U.S. residents from their platform. Taking the latter option, however, is not always easy. In addition to technological limitations, there are deliberate attempts by U.S. residents to avoid geographic limitations, whether to avoid regulatory scrutiny or simply trade cryptocurrencies that are not available on U.S.-based exchanges. And, the consequences of imperfect screening measures are demonstrated by the CFTC’s reported investigation of Binance. Expect, then, cryptocurrency exchanges operating outside the U.S. to follow this matter closely and explore new and better ways to restrict U.S residents. --- Joseph V. Schaeffer

Why is this important: So what is the correct answer? Did they or didn't they infringe? Actually, it is not a simple yes or no. Technically, the PBT accurately reported a portion of the Initial Determination by the Administrative Law Judge, which states that Samsung's accused products, multifunction emulators and products, directly infringe claims of four separate Dynamics patents. In all, there were 12 claims asserted by Dynamics. However, and more importantly, the Administrative Law Judge determined that there was no VIOLATION of Section 337 (unfair import investigations)…because 10 of the 12 asserted claims were shown to be invalid - i.e., unenforceable - and of the two remaining claims, well, those claims were NOT infringed.

So while accurate, it seems misleading to report a headline that Samsung infringed on Dynamics patents, while the outcome essentially exonerated Samsung of any liability to Dynamics. The Law 360 headline captured the substantive outcome accurately. Of course, this is not the end of the case, as the loser, Dynamics, may request review by the Commission, and ultimately may appeal an adverse final decision by the ITC. Stay tuned. --- William P. Smith
"WHO Director-General Tedros Adhanom Ghebreyesus called for more manufacturers to adopt this model to boost supplies, including for the COVAX vaccine sharing programme seeking to speed more shots to developing countries."

Why this is important: This article is important as an example of why the World Health Organization is derided by so many these days. The article quotes the Director of the WHO (Tedros) and his recent comments that the COVID-19 vaccines are not reaching less developed countries in sufficient amounts. He proposes that the solution is for the makers of these vaccines to license the manufacture of these vaccines to others. Of course, this is happening now, as has been reported. Almost all the successful vaccine developers now are licensing manufacturing in various other countries, including India and South Africa. Tedros still is correct that a large percentage of these vaccines are reaching the EU and North America first. What he fails to address is that the developers of these vaccines have two reasons, besides profit motive, to resist licensing manufacture to parties they do not know and trust. 1.) Many biotech molecules are large and complicated. Once efficacy seems likely, the next challenge is perfecting the manufacturing process. Although they can patent the molecule(s), and sometimes a novel delivery system, the manufacturing process often is protected mostly as a trade secret. Exposing that process to others risks jeopardizing the trade secret status. This is particularly troubling in a new technology such as mRNA. 2.) Manufacturing any large molecule can be difficult, as hinted above. The two mRNA vaccines currently on the market (a third may be approved shortly) are devilishly difficult to manufacture. This is not just about "greed," it's also about practicality. Finally, there is one country that has an argument about sharing IP, and it is the one that will get no sympathy from WHO. The U.S. put billions of dollars into incentives and pre-purchasing vaccines that might not be successful. It did that by spreading the money around, not trying to pick winners. All were motivated by cash (and patriotism?) to concentrate almost all their efforts on this target. Fortunately, more than one was successful. If the U.S. starts arguing for rights to the IP, the pharma companies: 1.) will argue that the U.S. lost its rights to that by not making it a clear part of the original deal; and 2.) may rightfully refuse such an offer in the future after being burned on this innovative approach. And, all that applies only to the U.S. If we start giving away IP to governments based solely on need, we undermine the entire pharma development process. Feel free to disagree, but ask this: Would we better off if we did not even have vaccines? --- Hugh B. Wellons
"The AMCA security incident was by far the largest healthcare data breach that year, impacting at least 21 million individuals across the country."

Why this is important: The attorneys general from 41 jurisdictions are working to resolve a multistate investigation into a massive 2019 healthcare data breach by The Retrieval-Masters Creditors Bureau, d/b/a American Medical Collection Agency ("AMCA"). The breach affected at least 21 million people across the country when a hacker gained access for eight months to billing records and medical data of AMCA clients such as Quest Diagnostics, LabCorp, and others. The compromised data included, in various configurations depending on the AMCA client, names, demographics, dates of birth, financial information (such as credit card numbers, balances for medical services, etc.), and medical information such as provider names, service dates, and more. Settlement terms include structural changes to their data collection and management programs, including submitting to external assessments. Failure to comply with these terms will result in a $21 million fine, encouraging the company to comply. This issue underscores the necessity of having data protection and incident response plans sooner rather than later. Had ACMA's privacy and cybersecurity protocols identified the hacker's presence sooner, the breach would likely have been much smaller in scale. --- Risa S. Katz-Albert
"The justices declined to hear Facebook’s appeal of a lower court ruling that revived proposed nationwide litigation accusing the company of violating a federal law."

Why this is important: The Supreme Court's refusal to hear Facebook's appeal of the U.S. Court of Appeals for the Ninth Circuit's decision in In Re Facebook, Inc. has significant implications for the social media industry. In this case, four users of Facebook brought suit against Facebook alleging that the social media company unlawfully collected personally-identifiable information from Facebook users between May of 2010 and September of 2011, even after Facebook users left the Facebook website and ventured to third party sites. The way that the process allegedly worked is that Facebook was able to continue tracking user visits to third party websites so long as those websites had a Facebook "Like" button on the page through the use of "cookies" that attach to individual web browsers when using Facebook and the embedded plug-ins located on the third party webpages that opened up a backdoor way to track the user's communications with third-party websites. Facebook has not denied that it engaged in such practices during that timeframe and publicly proclaims that it has stopped the practice. The question presented in this case is whether users have standing to bring claims against Facebook directly under the federal Wiretap Act, the California Invasion of Privacy Act ("CIPA") and common law privacy claims. The Ninth Circuit held that they do, where in many prior cases, courts held that users do not.

To have standing to bring the claims, an individual must show that he or she (i) suffered a particularized and concrete injury in fact, (ii) that the injury is traceable to the conduct of the defendant, and (iii) that the injury is capable of being redressed by the court. Showing the particularized injury has been the hurdle that most class action plaintiffs could not overcome where privacy-related claims are concerned because there is no specific financial or physical harm to the user by suffering the alleged invasion of privacy of being tracked - or is there? The Ninth Circuit found that there was such an injury, by looking to the legislative intent of the statutes and finding that one's privacy is a right that can suffer concrete injury even if there is no physical or financial harm to the user. Further, the Ninth Circuit's decision rejected Facebook's assertion that its actions fall within the federal Wiretap Act and CIPA exemptions for parties to a communication - the theory being that if you are a party to the communication, you can listen in. There is a split of authority among the Circuits as to whether cookies that open up a backdoor channel to track user website activity to third party websites create a second channel of communication, such as it constitutes unlawful eavesdropping on the second link in the communication chain. The Ninth Circuit denied Facebook's efforts to dismiss the class action on that basis. Now that the Supreme Court has declined to hear Facebook's appeal of the Ninth Circuit's rulings on Facebook's motions to dismiss, the case resumes. Those in the industry will be paying close attention as this case moves forward. --- Lori D. Thompson
"This newly developed DDS allows nanoparticles to convert skin-penetrating near-infrared light into visible light so that drug release can be controlled in medical devices installed in the body."

Why this is important: This is a new arrow in the quiver. We have begun internalizing messy treatments for many diseases, including diabetes, where something called an artificial pancreas can test your blood and automatically calculate and administer insulin. (No, it still does not manufacture insulin, as most real pancreases do.) Use of nanoparticles to release a drug only when subjected to a certain wave of light may be another boon to the mobility of patients with chronic conditions. Others have developed similar delivery systems, but a large issue has been the power source. This new model claims solar power to charge the device(s). --- Hugh B. Wellons
"A hacktivist group was able to access over 150,000 Verkada cameras simply by taking control of a corporate 'super admin' account via credentials that they say were publicly posted on the internet."

Why this is important: In this week's episode of worst nightmares coming true, Verkada, a provider of surveillance cameras to various industries, suffered a breach which exposed the live video feeds and video archives of more than 150,000 accounts after a "hacktivist" group utilized account credentials posted online. The range of camera feeds accessed included views of ICU hospital beds, prison cells, interrogation rooms, elementary schools, the inner working of the Shanghai Tesla plant and more. Beyond the camera feeds and archived footage, they also had access to Verkada's business information, including customer lists, private financial documents, and root access to all systems. The product Verkada provides is more than just live feed coverage, it includes a technology that requires internet connectivity, but allows clients to search their feeds by AI-driven face and object recognition technology, allowing clients to sort footage by a number of metrics, such as gender, clothing color, and more. The need to connect to the internet to take advantage of this increased function without the proper cybersecurity protocols in place created this vulnerability, though the group responsible might have otherwise been able to access the views due to the apparent availability online of corporate credentials. Regardless of the specific exploited vulnerability, this incident is a sharp reminder that companies not only need to worry about their policies, employees, and data, but also they need to make sure vendors and anyone who has access to their systems are also up to snuff on their protections. Additionally, a security system is only as strong as its most weakly protected credentials. While it is unclear how those credentials were leaked online, the fact that they were available demonstrates a massive vulnerability in the privacy and security culture of Verkada. --- Risa S. Katz-Albert
"They discussed the dual action of such compounds for their brain-boosting benefits and antiviral activities."

Why this is important: Many naturally occurring compounds, such as caffeine, have both brain-boosting and anti-viral qualities. COVID-19, and other current and projected pathogens, affect both in the body in general, especially the respiratory system, and the brain. In some (most?) cases, the brain and the rest of the body may require different amounts of this compound to treat the symptoms and prevent the virus. These researchers are experimenting with using nanoencapsolation of compounds into different kinds of other cells to modify delivery in specific areas. R&D in this is very early. --- Hugh B. Wellons
"During the 3rd Security Token Summit, Peirce sheds light on whether non-fungible tokens (NFTs) could be considered securities."

Why this is important: Noting that "it's a wonder what some people will pay for," SEC Commissioner Hester Peirce recently discussed whether non-fungible tokens ("NFTs") could be considered securities, making their sale unlawful if the seller hasn't complied with SEC requirements. Here at Decoded, we've previously written on the explosive growth NFTs have seen in the past couple months and the different and unique forms they're taking - everything from virtual real estate to William Shatner trading cards to CryptoKitties. Commissioner Peirce was right to remark "people are being very creative in the types of NFTs they're putting out there." So, when does an NFT cross the line into possibly being a security? Peirce summed it up well: "If you're doing something where you are saying, 'I'm selling you this thing and I'm gonna build it, I'm gonna put a lot of effort into building something so that this thing that you are buying has a lot of value.'" That's going to raise questions as to whether the NFT might meet the criteria of being a security. The bottom line is the same type of discussions were had about ICOs (initial coin offerings) and still are being had. As the NFT market continues to grow, people's creativity in the NFT product they're offering are going to abut more against the test for an investment contract/security. Eventually, we'll see government action. --- Nicholas P. Mooney II
"Targeted approach could lead to an opioid-free way of treating chronic pain."

Why this is important: CRISPR-cas9 is a technology for gene editing that we have discussed before. It is a very powerful technology that literally modifies genes at the DNA level. It is dangerous because many genes have more than one function, and it is possible to eliminate a problem caused by a gene, inadvertently causing a bigger one. This is complicated because most physical traits have many genes involved. These researchers have, apparently, treated chronic pain in mice without pain medication. This is a long way from using this technology on humans, if it ever is allowed. It does, however, demonstrate how broad the application of gene-altering technology may become. --- Hugh B. Wellons
"According to the complaint, ProctorU 'develops, owns, and operates an eponymous online proctoring software service that collects biometric information,' in violation of the Illinois Biometric Information Privacy Act."

Why this is important: Students who took tests like the Graduate Record Examination and the Law School Admissions Test have filed a class action complaint in the Central District of Illinois against ProctorU, an online exam proctoring system. They allege violations of Illinois' Biometrics Information Privacy Act ("BIPA"), specifically that ProctorU “failed to provide the requisite data retention and destruction policies, and failed to properly ‘store, transmit, and protect from disclosure’ these biometrics in direct violation of BIPA.” ProctorU's software utilizes photos from IDs and day of exam, and keystroke analysis to verify identity to preserve exam integrity. However, ProctorU's policies fail to specify a time range or method for destruction of the data, and a July 2020 data breach affected records as far back as 2012, suggesting that the data is being retained far longer than necessary for its function of exam day identity verification. BIPA, unique to Illinois, provides an individual right of action and statutory damages for both negligent violations ($1,000 per violation) and willful violations ($5,000 per violation) of the biometric data protections required under the act. --- Risa S. Katz-Albert
"Researchers have used a genetic engineering strategy to dramatically reduce levels of tau—a key protein that accumulates and becomes tangled in the brain during the development of Alzheimer's disease—in an animal model of the condition."

Why this is important: Similar to an additional article in this e-newsletter, this shows how broad gene-altering technology may be. Scientists have long suspected that the evident, prime "culprit" for Alzheimer's disease, the accumulation of tau (a kind of plaque) in the brain, may have genetic components. Now, researchers are experimenting in mice with zinc finger protein transcription factors, which are DNA-binding proteins, to target and affect the expression of specified genes that control the creation of tau in the brain. Both direct and intravenous injections into the hippocampus of the brain seem to reduce tau in the brain and reduce the symptoms of Alzheimer's in those mice. Introducing something to affect the expression of certain genes is less intrusive than actually replacing the genes, but it still is dangerous until we understand exactly how each of those genes work and what else they may affect. --- Hugh B. Wellons
"Developers plan to construct 15 3D-printed homes over 5 acres in Rancho Mirage, Calif."

Why this is important: A home that uses 95 percent less labor hours to build and 10 times less waste than conventional construction is coming to Rancho Mirage, California. Sustainable real estate development group Palari and construction tech company Mighty Buildings have joined forces to create a community of 15 3-D printed, eco-friendly homes. The 1,450-square foot homes come with swimming pools, and optional features include Tesla Powerwall batteries and electric vehicle charging stations. All energy needed for the homes will be supplied by solar power. The price tag for these homes? $595,000 for the base model and up to $950,000 at the top end. That equates to the base model costing $410/sq. ft., compared to about $255/sq. ft. for traditional construction in that locale (in other words, about 38 percent more). Constructing homes with less waste that are powered by renewable energy is a great advancement for the home construction industry. However, costing a homeowner 38 percent more to construct their home will reduce the likelihood of widespread adoption of this method. The next hurdle will be bringing the construction costs in line with traditional construction. If/when that happens, 3-D homes may spring up across the country. --- Nicholas P. Mooney II
"In a new lawsuit filed in Illinois, AbbVie alleges Alvotech recruited one of its former manufacturing executives, Rongzan Ho, in order to steal secrets on Humira manufacturing."

Why this is important: I won't say any more about it, except to say that this is yet one more alleged example of targeting a company and an IP through its employees. 1.) Protect IP with patents and other methods (copyright, trade secret, etc.). 2.) Make everyone sign an effective confidentiality agreement. 3.) If possible, make each employee or contractor sign a noncompete agreement. 4.) Monitor the activity of employees and contractors, while employed/contracted and, as permitted, after they leave employment or contract (according to local laws, of course). And, 5.) Enforce those agreements and any applicable laws. Well, one more thing that this demonstrates: It is critical to restrict access to internal technology and status of products to those employees and contractors with a real "need to know." --- Hugh B. Wellons
This is an attorney advertisement. Your receipt and/or use of this material does not constitute or create an attorney-client relationship between you and Spilman Thomas & Battle, PLLC or any attorney associated with the firm. This e-mail publication is distributed with the understanding that the author, publisher and distributor are not rendering legal or other professional advice on specific facts or matters and, accordingly, assume no liability whatsoever in connection with its use.
Responsible Attorney: Michael J. Basile, 800-967-8251