Volume 4, Issue 4, 2023


Welcome to the fourth issue of Decoded for 2023.

We have several in-depth articles for your review in this issue along with a round up of top news stories and why we consider them important.

In addition, we are sponsoring and participating in three upcoming conferences that you may find interesting. 

On May 1-2, the West Virginia Manufacturers Association is holding its WV Manufacturing Energy and Growth Summit. This regional, annual event brings together manufacturing and energy leaders, state and local officials, economic development professionals, and friends of industry and energy from West Virginia, Ohio, and Pennsylvania. Summit attendees will explore the broader intersections of manufacturing and energy from power generation to downstream manufacturing development through feedstocks by created oil & natural gas and rare earth extraction. Click here to learn more and register.

On May 3-5, DRI is hosting their 2023 Employment and Labor Law Seminar. Considered to be one of the nation’s best employment law seminars, it brings together leading management-side employment and labor attorneys, in-house counsel, human resources professionals, and EPLI representatives from throughout the U.S. and Canada. Always intensely practical and accompanied by helpful written materials, this seminar is indispensable for experienced practitioners as well as those who are just getting started in labor and employment law. Click here to learn more and register.

On May 15, DRI is hosting their 2023 Wind Energy Litigation Seminar. At this seminar, attendees will gain an in-depth understanding about the onshore and offshore wind sector from experienced attorneys and directly from the industry itself. Click here to learn more and register.

We hope you enjoy this issue and, as always, thank you for reading.

Nicholas P. Mooney II, Co-Editor of Decoded, Chair of Spilman's Technology Practice Group, and Co-Chair of the Cybersecurity & Data Protection Practice Group


Alexander L. Turner, Co-Editor of Decoded and Co-Chair of the Cybersecurity & Data Protection Practice Group

Tech Vendors and Cybersecurity – Are They Responsible?

By Alexander L. Turner

It has long been recommended that when you contract with a technology vendor that you include an indemnity clause in the contract wherein the vendor will indemnify you if its product is compromised and results in a data breach of your computer network. This recommendation was recently validated by cyber authorities in the U.S. and in the U.K., Germany, Canada, Australia, New Zealand, and the Netherlands. The basis for the governmental recommendation was to use the market to ensure that technology products are secure by design and default. Currently, the way technology products are designed is vulnerability-by-design, which results in the end user bearing the brunt of cybersecurity with constant monitoring, routine updates, and damage control to prevent cyberattacks.  

Click here to read the entire article.

SAY WHAT??—Defamation in an Era when Content Is King

By Lee D. Denton

On April 18, 2023, Fox News agreed to pay Dominion Voting Systems a staggering $787.5 million to settle a defamation lawsuit. Particularly startling about the settlement is that Dominion was valued at around $51 million as recently as 2018, meaning that the settlement resulted in a payout up to fifteen times Dominion’s value. Dominion filed the lawsuit in response to publicly broadcast statements by Fox News and its guests after the 2020 election. Dominion alleged that the statements were not only false, but that Fox News knew that the statements were false and repeatedly broadcast them anyway.

Click here to read the entire article.

Do You Know Your Data? The Dangers of Too Much Data and Not Cleaning House

By Alexander L. Turner

It is imperative that a company knows what data it holds, why it is holding it, where it holds it, and who has access to it. The old adage that information is power leads many to believe that holding on to as much data as possible is a smart institutional practice because you never know when you may need it. However, the opposite is true. The more data a company holds, especially data that it has no use for, the more at risk it is for a future data breach. Data hoarding has increased in recent years because of the low cost of storage and employees working remotely. In fact, many cloud-based data storage vendors encourage companies to keep all of their data indefinitely. Additionally, with remote work, employees may be storing company data on personal devices that are less secure.  

Click here to read the entire article.

ChatGPT’s Impact on Education and Student Data Privacy

By Alexander L. Turner

Data privacy professionals have characterized the data privacy risks associated with ChatGPT as a “nightmare.” In order to function, open artificial intelligence programs (“OpenAI”) like ChatGPT require huge amounts of data in order to learn and evolve. Where do the programmers get that data? From you and me without our knowledge or permission. Developers of ChatGPT used 300 billion words systematically collected from the internet, including from books, websites, articles, and online posts, in order to create the algorithm behind ChatGPT. As you use ChatGPT, it also saves your questions and uses that information to learn and evolve. The problem is, in collecting the data that formed ChatGPT, personal information necessarily was collected without permission or compensation. Even though this personal information may be publicly available, it may breach what is called contextual integrity, which dictates that individuals’ information is not revealed outside of the context in which it was originally created. There is also no way for an individual to determine whether ChatGPT holds the individual’s personal information as part of its algorithm.  

Click here to read the entire article.

AI Replaces NFT as Latest Tech Trend but It's not as Planet Friendly as You'd Think

“Both NFTs and AI require huge amounts of electricity to power the computers that run blockchain technology and machine learning.”

Why this is important: Artificial Intelligence has become the latest tech trend, but the innovative technology comes with an environmental cost. AI and other buzzworthy tech like NFTs require massive amounts of electricity, predominantly from non-renewable sources, to power the computers that run machine learning and blockchain technology. In 2022, it was reported that a single NFT transaction has a carbon footprint of around 48kg CO2 - that's the same as driving 123 miles in an average gasoline-powered car. The significant carbon footprint is often forgotten, overshadowed by the immense potential of these new technologies. We should be conscious of the environmental impacts of our ever-changing technological advances, and the tech industry should prioritize reducing carbon emissions. The tech sector is responsible for 1.8 - 3.9 percent of global greenhouse gas emissions. While AI makes up a small percentage of that total, it's very high for a single sector within the tech industry, its use is increasing exponentially worldwide. Switching to renewable energy to power the servers and computers needed to run AI and other technology would be a step in the right direction--and AI could even help us to better understand weather data for creating more efficient renewable energy farms. --- Alison M. Sacriponte

'Like Salmon Swimming Upstream': FDA's Peter Marks Lays Out Plan to Boost Gene Therapy Approvals

“If the FDA only approves two or three per year over the next few years, Peter Marks, M.D., head of the FDA’s Center for Biologics Evaluations and Research (CBER), says ‘that’s a failure.’”

Why this is important: The FDA's Center for Biologics Evaluations and Research (“CBER”) has set a goal to increase the approval rate of gene therapies. CBER's Head, Peter Marks, has proposed a four-point plan to achieve this goal, which includes improving manufacturing, clarifying the use of accelerated approval pathway, coordinating regulatory decisions, and launching an Operation Warp Speed for rare diseases. However, CBER faces staffing issues that may hinder the execution of these goals. Marks emphasizes the need to make gene therapy manufacturing more efficient and streamline the regulatory review process for viral vectors. In addition, the agency needs to maintain a national surveillance system for infectious diseases and remain vigilant about emerging viruses to avoid being caught off guard in case of a new disease outbreak.

In related news, the FDA has approved Intellia Therapeutics' gene-editing drug that uses CRISPR technology for in vivo testing, a significant milestone for in vivo gene editing in the United States. If successful, the drug could significantly reduce the cost of treating genetic diseases. Unlike traditional CRISPR treatments, Intellia's drug finds its way to the liver naturally, potentially eliminating the need for laboratory procedures and saving patients thousands of dollars. The company plans to file for another drug later in the year that would target an abnormal protein that accumulates in the heart. While other countries have already approved in vivo CRISPR treatments for testing, this approval represents a significant milestone for Intellia Therapeutics and the potential for in vivo gene editing in the United States.

For bioscience clients, this news highlights the FDA's focus on approving and advancing gene therapies and streamlining the approval process. Bioscience companies should focus on research and development to improve their manufacturing processes and meet the growing demand for gene therapies. Additionally, companies should stay well informed of the FDA's guidelines and regulations to ensure their products meet the least resistance when submitted for approval. Lastly, targeting rare diseases could present opportunities for expedited approval processes, as this is a focus area for the FDA, and a lot of time and money could be saved by taking advantage of the agency’s attention. --- Shane P. Riley

Rorschach Ransomware, with a Rare Encryption Speed, Makes It Even Harder for Companies to Respond

“The potential impact and victims claimed by Rorschach remain unknown, but one expert said some yet-undetected attacks are likely underway.”

Why this is important: The “fastest ever ransomware” was recently detected, and people should take notice. This ransomware strain, named Rorschach, has the ability to encrypt companies’ data much more quickly than other known ransomware strains. Thus, it’s more likely that an attack will be completed, and the victim’s data encrypted, before the victim even learns of the attack and can respond to it. Further, because ransomware attacks often can be longer, multistage operations, companies currently may be under attack, including being under attack by Rorschach ransomware, without even knowing it. They may not learn of a long-term attack until their data is encrypted and a ransom note received. All of this emphasizes the need for companies to detect attacks early, which in turn emphasizes the need for companies to have in place robust cybersecurity policies and procedures and incident response plans. --- Nicholas P. Mooney II

Cyber Security: No Industry Immune from Risk of Cyberattacks

“’In fact, Brad Spiess, vice president of Union Insurance Group, says the construction industry is the third most common industry targeted by hackers.’”

Why this is important: When you hear the word cyberattack you think of attacks on banks, large box stores, or medical facilities. You should add the construction industry to that list because it is the third most common target for cyberattacks. These types of attacks are only increasing because bad actors have created processes that have streamlined how they attack businesses. They like to attack the construction industry because large sums of money are being transferred in and out of bank accounts via wire transfers. Recently, we have seen companies experience bad actors squatting on business email accounts waiting to redirect wire transfers or direct deposits. The bad actors will use a phishing attack or spoofing attack to trick an employee to provide them with information that allows the bad actors to have administrative access to the company’s email system. With this administrative access, the bad actors will have emails redirected to them and they will wait for information related to a wire transfer or direct deposit to be emailed. The bad actor will then hijack that payment by emailing the sender with new wiring information from a legitimate account at the company, erase the email from the legitimate account holder’s outbox, and have the payment directed to a different account. Only later, when the business sees that payment for services have not been received, or an employee sees that a paycheck has not been deposited is the breach discovered. However, by that time, it is too late, and the bad actors are already gone with the funds.  

To prevent being a victim of a cyberattack, cybersecurity has to be made part of a company’s culture. A robust training and updating of policies and procedures is needed to combat this type of attack. Employees need improved training on the importance of cybersecurity, how to protect the company’s system from attack, and how to recognize an attack and report it. The company needs to invest in updating software and training, and be aware of the latest methods bad actors are using to infiltrate computer systems and how to prevent an attack. Finally, a company needs to do an audit of all of the data it is holding. The company needs to know what data it has, what data it needs to retain, what data it can get rid of, and who has access to all of that data. Holding a lot of data, especially data you no longer need, only increases the risk and liability to the company in the event of a data breach, so a business should establish a policy to periodically delete data the company no longer needs to hold. Additionally, not every employee needs access to all the data your company holds, so a company should limit employee access to only the data the employee needs to access in order to accomplish his or her job. If you would like a review of your policies and procedures, or if you need training for your workforce in cybersecurity, please contact a member of Spilman’s Cybersecurity Practice Group. --- Alexander L. Turner

U.S. Treasury, IRS May Tax NFTs as Collectibles, Ask Whether They are Art

“In the brief notice, the agencies defined NFTs as ‘unique digital identifiers that are recorded via distributed ledger technology’ – which uses independent digital systems to record, share, and synchronize transactions – and that ‘may be used to certify authenticity and ownership of an associated right or asset.’”

Why this is important: The U.S. Treasury Department and the IRS are seeking public feedback on the tax treatment of non-fungible tokens (“NFTs”) as collectibles under federal tax law. NFTs are unique cryptographic tokens that exist on a blockchain and cannot be replicated. These digital identifiers are used to certify the authenticity and ownership of an asset. But are NFTs collectibles on par with the tax code’s current list of collectable items, such as art, antiques, gems, stamps, and coins? Their classification as such bears great significance. Firstly, the classification of NFTs as collectibles would mean that they are subject to a higher capital gains tax rate than other assets. Capital gains from the sale or exchange of a collectible held for more than one year are taxed at a maximum of 28 percent, while other long-term capital assets, such as real estate, stocks and cryptocurrencies, are taxed at a maximum of 20 percent. It would also affect whether an NFT transfer to an individual retirement account (“IRA”) would result in a distribution from the IRA to the account holder, triggering a tax and a penalty. Some questions the agencies are asking include whether digital files can constitute a “work of art” and if digital assets can be “tangible personal property.” The public comment period is open until June 19, 2023.  


The agencies are not alone in considering the extent to which a digital file may be considered a “work of art.” This was a critical issue in the Hermès v. Rothschild case, which raised the question about whether digital files (NFTs in this case) could constitute a “work of art.” Rothschild, an artist, created “MetaBirkins” – digital images of fur-covered Birkin handbags underlying NFTs – alluding to the Hermès Birkin bag, an iconic item in the world of fashion. Hermès alleged that the artist was infringing on its trademark rights, while Rothschild argued that his MetaBirkins were “an artistic take on an icon” and his artworks were subject to First Amendment protection and fair use exceptions to copyright and trademark laws. Ultimately, a Manhattan jury ruled in favor of Hermès because the artworks were likely to confuse consumers, a factor considered in trademark cases regardless of artistic relevance. --- Alison M. Sacriponte

A New 3D Printing Material for Construction could be Capable of Capturing CO₂

"The issue is particularly important as the demand for concrete is expected to continue to grow, as is the trend toward urbanization globally."

Why this is important: 3D construction is now being tested to see if it can be a more sustainable construction method. Oregon State University and Sandia National Laboratory have been awarded a three-year, $540,000 grant from the U.S. Department of Energy to investigate whether it is possible to trap industrial carbon emissions in 3D printed construction materials. This process, if successful, would lower the construction industry’s effect on the environment. The construction industry is one of the leading producers of CO₂ with the generation of 13 percent of global CO₂ emissions. The concrete used in 3D printing construction material is no different than concrete used in other construction applications, and is one of the greatest contributors to the construction industry’s CO₂ emissions. To combat these emissions, the researchers aim to “develop sustainable binders that can store and mineralize the carbon dioxide captured in printed building components such as walls.” This is an exciting new development in sustainable construction that hopefully will result in more economical and environmentally friendly construction in the future. --- Alexander L. Turner

Pennsylvania’s Tech Office Opposes IT Restructuring Bill, Again

“The Pennsylvania Office of Administration opposes a bill that would create a standalone IT office and consolidate IT spending.”

Why this is important: Pennsylvania State Senator Kristin Phillips-Hill has reintroduced a bill to create a unified spending mechanism for technology across the Commonwealth, despite opposition from the Commonwealth's Office of Information Technology (“OIT”). The legislation would establish a standalone OIT office under the Commonwealth’s executive branch and a single Information Technology Fund to pay for all IT procurements across Pennsylvania. OIT's director has testified against the bill, claiming it is "overly prescriptive" and would limit the office's flexibility. The fund would also see the IT budgets for all state agencies moved under the new IT office, potentially increasing the Office of Administration's IT costs by up to $25 million per year, according to the former state Chief Information Officer, John MacMillan. The bill is currently being considered by the state Senate’s Communications & Technology Committee.

This push comes while the administration has yet to appoint a permanent replacement for MacMillan, who stepped down as CIO last October. As Gov. Shapiro’s administration opposes the restructuring of OIT, the scales appear to tip in their favor on the issue, but the official word from the administration is that they are working on addressing Phillips-Hill’s concerns. --- Shane P. Riley

Drywall Finishing Robot That Perfectly Imitates Humans

"Canvas robot can semi-autonomously finish large sections of drywall."

Why this is important: A good drywall installer is invaluable. It was once believed that skilled labor like drywall installer was safe from automation. That may no longer be the case. Robotics company Canvas now has a robotic solution for installing drywall. Currently, the robot is only able to semi-autonomously finish large sections of drywall by applying finishing compound and smoothing out drywall. Workers are still needed to do the taping and to finish more complex geometries. The robot is able to perform this skilled work by imitating human expertise. The robot does require a human operator to assign it tasks. And, the robot has become so user friendly that Canvas employees no longer need to be onsite to operate it. After five days of training, a drywall subcontractor can now operate the robot itself to supplement its workforce. As this technology progresses, the cost of installing drywall is likely to drop while the quality remains the same or better. --- Alexander L. Turner

LinkedIn Share This Email
This is an attorney advertisement. Your receipt and/or use of this material does not constitute or create an attorney-client relationship between you and Spilman Thomas & Battle, PLLC or any attorney associated with the firm. This e-mail publication is distributed with the understanding that the author, publisher and distributor are not rendering legal or other professional advice on specific facts or matters and, accordingly, assume no liability whatsoever in connection with its use.

Responsible Attorney: Michael J. Basile, 800-967-8251