REVIEW –

In mid-July of last year (A.D. 2017), I wrote a piece on monopolies and market dominance in the Gig eConomy, and concluded that there wasn’t any “traditional” comparability between the old and new economies, but through a hybridized analysis I did concede that monopoly and market dominance were possible, and could be easily seen when they appeared or threatened to appear.[1]  I will now go out on a limb and state that I think one particular entity may well be approaching that line …. Amazon!

 

SCHEMA –

With specific focus on the FAAAN group of Facebook, Amazon, Alphabet/Google, Apple, and Netflix,[2] I had looked at the standard market sectors and Monopoly / Antitrust analytical frameworks and mixed the old with the new to devise a total of 5 (“five”) hybrid sectors that covered everything from farming, through manufacturing and eCommerce, to such gig economy staples as food delivery, ride-hailing, and cloud services.  These 5 sectors (with each one also having several sub-sectors), were as follows:

(1)          General Goods and Services Sector;

(2)          Specialized Goods and Services Sector;

(3)          Digital Tools, Applications, and Services Sector;

(4)          Social infotainment Sector;

(5)          Gig eConomy Sector.[3]

Next, selecting the Specialized Goods and Services Sector, I had included 8 (“eight”) sub-sectors as follows:

(i)  Conglomerates;

(ii)  Financial Services;

(iii)  Food;

(iv)  Health and Wellness;

(v)  Information Communications Technologies;

(vi)  Information Data Technologies;

(vii)  Personal Services;

(viii)  Shelter.[4]

 

ANALYSIS –

Amazon is already a conglomerate, offering Information Communications Technologies (Amazon Web Services); Information and Data Technologies (such as Amazon Echo); other Services (order fulfillment for food and beverages through Fresh and Amazon Restaurants, and for consumer products and general goods through the Amazon.com marketplace); and operating in technology, industry, and manufacturing through the many Amazon and non-Amazon branded products that it owns and regarding which it conducts research and development as through Annapurna Labs for example, or that it otherwise makes available through AmazonBasics and Amazon Private Label),[5] amongst others.[6]

One could always have suspected, but not predicted as to when, that Amazon would expand into other areas.  However, within less than 8 (“eight”) months to date, we have heard or seen Amazon’s expansion announcements: further into Transportation, with its own fleet of trucks, planes, and drones destined to pickup and deliver parcels and other goods for both itself and other vendors through Shipping with Amazon (SWA);[7] further into Food, with its purchase of the organic grocer, Whole Foods Market;[8] and initially into Health and Wellness, with its announcement to partner with Berkshire Hathaway and JPMorgan Chase in establishing a healthcare entity to “create solutions that benefit our U.S. employees, their families and, potentially, all Americans.”[9]

It being the case that transportation was already a line item (“Leisure, Property, and Transportation”) within Conglomerates,[10] and because there is no standalone category for it, Amazon gets a pass on that “existing service, line-item”.  However, the Whole Foods Market purchase and the healthcare initiative represent new, “standalone divisions” under the schema, and therefore expansions into further sub-sectors under General Goods and Services, as shown.

When one considers the existing ownership by Mr. Bezos of the Washington Post newspaper,[11] under Information Communications Technologies (publishing and printed media), the presence of Amazon Echo within Personal services (virtual assistants), and Amazon Web Services, itself (Information and Data Technologies), we can more clearly see that Amazon and its Chief Executive are now substantially present in 6 (“six”) of the 8 (“eight”) subsectors for Specialized Goods and Services.

Those substantially untouched subsectors, are: (ii) Financial Services; and (viii) Shelter.

If Amazon were to delve further into (or grow its volume or revenue substantially in) banking than its payment services and debit cards (Amazon Cash), or its small business loans that surpassed $3 billion in 2017;[12] or if it bought an established “brick and mortar” or “online” financial services entity outright in the United States or Canada;[13] or if it leveraged block chain technology to form a standalone financial services entity – whether by itself or with one or more partners and regardless of whether it was in the United States or Canada,[14] it would have become firmly and undeniably entrenched in that financial services sector.

Also, if Amazon were, for example, to purchase a major builder or cruise and travel operator, a major hotelier or landlord, or a major building services and maintenance provider,[15] it would have become firmly and undeniably entrenched in that shelter subsector.

Hence, we would see complete sector presence, “sector octo-occupation”, or “sector octopedence”, and the potential for a monopoly – or at the very least a modern Chaebol,[16] Keiretsu,[17] or perhaps even something more.[18]

 

SUMMARY –

As I had said in the July, 2017 article:

“It is only if, and when, well-funded market operators start to occupy whole sectors (in the new schema laid out here) … that we should start to worry about abuse of dominant positions, monopolies, and over-concentration in the control of personal data”.[19]

Some readers may ask how mere presence in a subsector can equate to monopoly or lead to a dominant market position and its abuse?  The answer is that the whole is greater than the sum of its parts, and when a small, mid-size, or large entity is supported by a parent company’s constantly renewable cash hoard, raw analytical and computing power, intimate knowledge of consumer tastes and purchase  histories, ancillary and mutually supporting businesses, and a first mover advantage in synergizing all of these, you may have a monopoly right from the gate if others cannot compete with their pricing and service terms, enter the market with a fighting chance, or nimbly adapt and persist once it moves to match or better them at what they do, and what they did, and how.

 

PREDICTION –

Admittedly, as one notable commentator has said, traditional economic analysis will still find no monopoly or antitrust red flags, or market dominance in the FAAAN entities, as yet,[20] and some readers may disagree with my analysis and conclusions.   But, let’s watch this space and see whether or not Amazon and its CEO make decisive and deeper moves into either or both of “Finance” and “Shelter” as outlined above, and sometime within the next 4-6 months, or at least before the close of calendar 2018.

I really think and predict, that we will see such a decisive move or moves from Mr. Bezos and Amazon.  But, only time will tell, for certain.[21]

**********************************************************************

Author:

Ekundayo George is a lawyer and sociologist.  He has also taken courses in organizational and micro-organizational behavior, and gained significant experience in regulatory compliance, litigation, and business law and counseling.  He has been licensed to practise law in Ontario and Alberta, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America.  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other services, and Environmental Law and Policy; working with equal ease and effectiveness in his transitions to and from the public and private sectors.  He is a published author on the National Security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and he enjoys complex systems analysis in legal, technological, and societal milieux.

Trained in Legal Project Management (and having organized and managed several complex projects before practising law), Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant – sourcing, managing, and delivering on complex engagements with multiple stakeholders and multidisciplinary teams.  Team consulting competencies include program investigation, sub-contracted procurement of personnel and materials, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, and other targeted engagements through tapping a highly-credentialed resource pool of contract professionals with several hundred years of combined expertise, in: healthcare; education and training; law and regulation; policy and plans; statistics, economics, and evaluations including feasibility studies and business cases; infrastructure; and information technology/information systems (IT/IS) – also sometimes termed information communications technologies (ICT).  See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering of any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.  Past results are no guarantee of future success, and specific legal advice should be sought for particular matters through counsel of your choosing, based on such factors as you deem appropriate.

**********************************************************************

[1] Ekundayo George.  Monopolies and Market Dominance in the “GIG” eConomy: What Might These Look Like / Are We There Yet?  Posted July 16, 2017 on ogalaws.wordpress.com.  Online: >https://ogalaws.wordpress.com/2017/07/16/monopolies-and-market-dominance-in-the-gig-e-conomy-what-might-this-look-like-are-we-there-yet/<

[2] Id, at Introduction.

[3] Id, at Sectors (Specialized Goods and Services Sector).

[4] Id, at Specialized Goods and Services Sector (Subsectors).

[5] Ibid.  Under this schema, Amazon has therefore occupied all 5 of the conglomerate sub-elements or variants.  See e.g. Shareen Pathak.  In 2018, Amazon will turn to private label goods.  Posted December 29, 2017 on digiday.com.  Online: >https://digiday.com/marketing/2018-brand-amazon-will-turn-private-label/< See also Leon Doitscher.  Why Amazon Paid $350 Million for Annapurna Labs.  Posted January 26, 2015 on medium.com.  Online: >https://medium.com/chasing-buzzwords/why-amazon-paid-350-million-for-annapurna-labs-9026527d3fb9<

[6] Tara Johnson.  The Complete List of Amazon’s Private Label Brands.  Posted July 5, 2017 on cpcstrategy.com.  Online: >http://www.cpcstrategy.com/blog/2017/07/amazons-private-label-brands/<

[7] Jack Roberts.  Amazon Moves to Launch Its Own Delivery Fleet.  Posted February 12, 2018 on truckinginfo.com.  Online: >http://www.truckinginfo.com/channel/fleet-management/news/story/2018/02/reports-amazon-moves-to-launch-its-own-p-d-fleet.aspx<

[8] Sarah Butler and Zoe Wood.  Amazon to buy Whole Foods Market in $13.7bn deal.  Posted June 16, 2017 on theguardian.com.  Online: >https://www.theguardian.com/business/2017/jun/16/amazon-buy-whole-foods-market-organic-food-fresh<

[9] Tom Murphy – The Associated Press.  Amazon to create new health-care company with Berkshire Hathaway, JPMorgan.  Posted January 30, 2018 on thestar.com.  Online: >https://www.thestar.com/business/2018/01/30/amazon-to-create-new-health-care-company-with-berkshire-hathaway-jpmorgan.html< This quotation in the article headline was attributed to Jamie Dimon, the Chairman and CEO of JP Morgan Chase.  Also according to the article, these three companies have a combined U.S. workforce of approximately 1 million, and the U.S. employer-sponsored healthcare market covers some 167 million employees.

[10] Ekundayo George.  Monopolies and Market Dominance in the “GIG” eConomy: What Might These Look Like / Are We There Yet?  Posted July 16, 2017 on ogalaws.wordpress.com.  Online: >https://ogalaws.wordpress.com/2017/07/16/monopolies-and-market-dominance-in-the-gig-e-conomy-what-might-this-look-like-are-we-there-yet/<

[11] Monica Nickelsburg.  Washington Post profitable and growing for two years under Jeff Bezos’ ownership.  Posted January 9, 2018 on geekwire.com.  Online: >https://www.geekwire.com/2018/washington-post-profitable-growing-two-years-jeff-bezos-ownership/<

[12] By Jeffry Pilcher.  Amazon Bank: Will Banking’s Worst Nightmare Come True in 2018?  Posted January 2, 2018 on thefinancialbrand.com.  Online: https://thefinancialbrand.com/69436/amazon-bank/<

[13] Ibid.

[14] See generally World Economic Forum.  Beyond Fintech: A Pragmatic Assessment Of Disruptive Potential In Financial Services.  Published August 22, 2017 on weforum.org.  Online: >https://www.weforum.org/reports/beyond-fintech-a-pragmatic-assessment-of-disruptive-potential-in-financial-services<

[15] Amazon Hub, is actually a locker system that Amazon pays landlords to host with a one-time fee, as a means of facilitating and further securing its package deliveries to customers.  Should the payments be reversed and become an “As a Service” offering or otherwise require some periodic fee to Amazon, then yes, Amazon will become the landlord for that limited purpose.  See generally Laura Kusisto.  Amazon and Big Apartment Landlords Strike Deals on Package Delivery.  Posted October 17, 2017 on foxbusiness.com.  Online: >http://www.foxbusiness.com/features/2017/10/17/amazon-and-big-apartment-landlords-strike-deals-on-package-delivery-update.html<

[16] Wikipedia.  Chaebol.  Posted on Wikipedia.com.  Online: >https://en.wikipedia.org/wiki/Chaebol<

[17] Wikipedia.  Keiretsu.  Posted on Wikipedia.com.  Online: >https://en.wikipedia.org/wiki/Keiretsu<

[18] I am toying with the words “NeoRetsu” (new age Keiretsu), or “IchiBol”, because “ichi” means “number one”, in Japanese, and IchiBol just so happens to combine both the Korean and Japanese languages, and both business concepts: the Chaebol as a family-owned business with centralized management by family members, and the Keiretsu as a family of businesses with professional managers, centred on a core bank (or a money machine).

[19] Ekundayo George.  Monopolies and Market Dominance in the “GIG” eConomy: What Might These Look Like / Are We There Yet?  Posted July 16, 2017 on ogalaws.wordpress.com at “Summary”  Online: >https://ogalaws.wordpress.com/2017/07/16/monopolies-and-market-dominance-in-the-gig-e-conomy-what-might-this-look-like-are-we-there-yet/<  at Summary.

[20] Greg Ip.  The Antitrust Case Against Facebook, Google and Amazon.  Posted January 16, 2018 on wsj.com.  Online: >https://www.wsj.com/articles/the-antitrust-case-against-facebook-google-amazon-and-apple-1516121561<

[21] – RESERVED –

Advertisements

BACKGROUND:

 

SPEECH –

An example of “public speech”, in this context, would be an open and notorious change to one’s LinkedIn profile, such as adding a project, an interest, or a competency and skill; and then positively choosing to publicize these profile changes to one’s network.

 

WHISPER –

An example of a “public whisper”, in this context, would be changing one’s skills or communication preferences to show openness to career opportunities, thereby letting recruiters know that one might be interested in opportunities; willingly sharing one’s LinkedIn profile with potential recruiters; or making a public speech as above, but then “specifically” choosing to not announce this profile change to one’s network or to members of the general public.

 

LINKEDIN

LinkedIn    (“LinkedIn”) is a very widely-used networking site that allows users to choose between making such public speech and public whispers, in their settings preferences.

 

hiQ

hiQ Labs, Inc. (“hiQ”), is a data analytics entity that has developed and deployed automated “bots” that can access public speech and that last definitional element of a public whisper[1] (hushed or stealthy profile changes) on LinkedIn in a Skill Mapper, allegedly not always in accordance with LinkedIn user-selected visibility preferences,[2] and then further share, publicize or sell the results whether in the raw or aggregated formats to its own customer base of interested employers and parties and persons attempting to contact such job-seeking, job-interested, and passively job interested LinkedIn users.

 

“Companies like LinkedIn, Twitter and Facebook view scraping of the data generated by their users not just as theft – they sometimes charge to license data (to higher level business users) – but a violation of their users’ privacy, because some information can be limited so not all users can view it”[3] [additional words in parentheses].

 

Understandably, LinkedIn, “which charges recruiters, salespeople and job hunters for higher levels of access to profile data”,[4] issued a 3-page cease-and-desist letter to hiQ on May 23, 2017,[5] advising the recipient that it was in violation of the LinkedIn user agreement with those behaviours, notifying  the recipient that additional security precautions had been implemented to prevent any recurrence, demanding that the recipient delete and destroy all such “improperly obtained material” in its possession or custody or control, and putting the recipient on notice that any further such behaviour would be in violation of applicable state and federal laws, with citation to a leading 2015 case in that jurisdiction of the United States federal District Court for the Northern District of California (USDC, NDCA), in which the court had barred similar “website data scraping” conduct.[6]

 

hiQ promptly filed for a Temporary Restraining Order (TRO) in California federal court (USDC, NDCA),[7] to bar any actual application of that cease-and-desist language pending ultimate determination of the underlying matters in a court of competent jurisdiction.  And so it was, that on Monday, August 14, 2017, the court granted hiQ its TRO.[8]

 

 

ANALYSIS:

 

CRAIGSLIST

In the case that LinkedIn cited within its cease-and-desist letter to hiQ, Craigslist, Inc., had filed a Complaint against the defendant, but the defendant had not timely answered.  As a result, Craigslist then applied for and was granted, a Default Judgement.[9]  According to the ruling, a certain Brian Niessen, a Craigslist user, had answered a Craigslist advertisement posted by another Craigslist user, for a “Skilled Hacker at Scraping Web Content”.[10]  Niessen had described himself as a hacker, and professed that he was already scraping several thousand websites, including “[c]raigslist, Twitter, Groupon, Zagat, and others.”[11]  3taps then entered into a business relationship with Niessen to continue his scraping, for them, which Craigslist stated was in violation of its terms of use (TOU) and constituted a breach of contract because Niessen, as a registered Craigslist user, had agreed to the TOU on several occasions.[12]

 

“The TOU prohibit, among other things, “[a]ny copying, aggregation, display, distribution, performance or derivative use of craigslist or any content posted on craigslist whether done directly or through intermediaries, […]”[13]

 

Craigslist did secure injunctions against the Niessen co-defendants, including Lovely, PadMapper, and 3taps.[14]  However, Niessen – named along with those co-defendants in the Amended Complaint with its 17 Claims for Relief,[15] was somewhat more elusive; as he was first difficult to effectively serve with the Complaint, and then after being served, he failed to provide an answer within the specified time.[16]  As a result, the Clerk of Court first entered a Notice of Default against Niessen, and then Craigslist made Motion for a Default Judgement against Niessen, which the court granted.[17]

 

 

LINKEDIN –

LinkedIn had sought a response by May 31, 2017 to its cease-and-desist letter of May 23, 2017.[18]  However, hiQ filed its Complaint for Declaratory and Injunctive relief against LinkedIn on June 7, 2017.[19]  In summary, with the first paragraph of the Introduction for same, hiQ writes:

 

“This is an action for declaratory relief under the Declaratory Judgment Act, 28 U.S.C. § 2201 and 2202, and for injunctive relief under California law.  hiQ seeks a declaration from the Court that hiQ has not violated and will not violate federal or state law by accessing and copying wholly public information from LinkedIn’s website.  hiQ further seeks injunctive relief preventing LinkedIn from misusing the law to destroy hiQ’s business, and give itself a competitive advantage through unlawful and unfair business practices and suppression of California Constitutional free speech fair guarantees.  hiQ also seeks damages to the extent applicable.”[20]

 

hiQ did promptly and appropriately seek and retain counsel to engage in discussions with LinkedIn upon receipt of the cease-and-desist letter, in order to better understand LinkedIn’s position and seek an accommodative solution to their serious differences.[21]  LinkedIn argued through counsel that it was protecting the interests of its users and seeking to remedy violations of state and federal laws; and hiQ argued through counsel that not only did LinkedIn lack any proprietary interests in the posted data, which was still owned by its users, but that LinkedIn was therefore attempting to “pervert the purpose of the laws at issue by using them to destroy putative competitors, engage in unlawful and unfair business practices and suppress the free speech rights of California citizens and businesses.”[22]

 

On May 30, 2017, hiQ then sent its own letter to LinkedIn seeking the ongoing interim website access that would allow it to persist as a going concern – because “complying with LinkedIn’s demands would essentially destroy hiQ’s business”,[23] while continuing discussions towards “a mutually amicable resolution” of their impasse.  However, on receiving no response, hiQ filed its Complaint for declaratory and injunctive relief.[24]

 

 

HIQ –

The parties entered into a standstill agreement that preserved hiQ’s access to the public LinkedIn data, and agreed to convert hiQ’s original motion into one for a preliminary injunction, after the court had heard the initial party arguments on the hiQ complaint on July 27, 2017.[25]  In California federal District Court, “[a] plaintiff seeking a preliminary injunction must establish that he is likely to succeed on the merits, that he is likely to suffer irreparable harm in the absence of preliminary relief, that the balance of equities tips in his favor, and that an injunction is in the public interest.[26]  Within the United States Court of Appeals for the Ninth Circuit, which lays-down controlling precedent for United States Federal District Courts in California and several other states and territories,[27] there is a sliding scale for the standard of proof on these elements; which means “a stronger showing of one element may offset a weaker showing of another.”[28]

 

The court also grappled, inter alia, with the language of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030,[29] which prohibits and sanctions unauthorized (whether lacking authorization ab initio or with authorization later revoked), or improperly elevated or improperly applied access to a computer or computer system, because although the LinkedIn profiles were public, they rested on one or more private servers, which were computers.[30]  However, as the court finally opined, “[…] hiQ has, at the very least, raised serious questions as to applicability of the CFAA to its conduct.[31]

 

“The CFAA must be interpreted in its historical context, mindful of Congress’ purpose. The CFAA was not intended to police traffic to publicly available websites on the Internet – the Internet did not exist in 1984. The CFAA was intended instead to deal with “hacking” or “trespass” onto private, often password-protected mainframe computers.”[32]

 

With regard to hiQ‘s claims that the LinkedIn conduct had violated applicable California free speech laws, the court was more circumspect.  hiQ had cited to Robins v. Pruneyard Shopping Ctr.,[33] a case involving attempts to curtail political speech in a privately-owned shopping mall, to analogize that the LinkedIn site was a public forum akin to a shopping mall with guaranteed free access, free speech, and free association, because “[…] the state’s guarantee of free expression may take precedence over the rights of private property owners to exclude people from their property.”[34]

 

The court was very loathe to start traveling down this most slippery of slopes, stating that: no court had, as yet, extended Pruneyard to the internet in so complete a manner; unlike a shopping mall, the Internet had no single controlling authority; there may result significant repercussions on the capacity of social media hosts to curate posted materials in such a public forum; and there was a lingering question as to whether the same rules would apply to the websites of small, medium, and large entities, alike.[35]  The court therefore concluded, that “[i]n light of the potentially sweeping implications discussed above and the lack of any more direct authority, the Court cannot conclude that hiQ has at this juncture raised “serious questions” that LinkedIn’s conduct violates its constitutional rights under the California Constitution.[36]

 

On the balance, the court agreed that hiQ had raised enough of a question as to whether LinkedIn’s actions against it had violated the provisions of California’s Unfair Competition Law (UCL)[37] by “leveraging its power in the professional networking market for an anticompetitive purpose”;[38] disagreed that hiQ had either claimed to be a third-party beneficiary of LinkedIn’s promise to its users that they could control the publicity of their profiles, or shown that a third-party could assert such a claim of promissory estoppel in the first instance;[39] and agreed that the public interest favoured a granting of hiQ’s injunction, because “[i]t is likely that those who opt for the public view setting expect their public profile will be subject to searches, date (sic) mining, aggregation, and analysis.”[40]

 

 

CONCLUSION:

 

Of note, regarding all of its claims and especially the estoppel claim, hiQ had also argued that LinkedIn had long acquiesced to its usage of the website and publicly available user data in this way; including attending hiQ conferences where the host thoroughly explained its methodology and business model, and even gave at least one LinkedIn employee an award.[41]  Indeed, some industry commentators have opined that LinkedIn has merely had a change in policy subsequent to its acquisition by Facebook which the courts should not enjoin, and they foresee several other negative repercussions from the outcome of this case if hiQ prevails, and they expect LinkedIn to appeal the District Court ruling.[42]  However, there are also several strong voices supporting hiQ that see negative repercussions if LinkedIn prevails.[43]

 

Suffice it so say that for now, LinkedIn has been Ordered to withdraw its cease and desist letters to hiQ, and stop blocking hiQ, both with immediate effect from the August 14, 2017 date of the Order of Edward M. Chen, United States District Judge.[44]

 

We await LinkedIn’s appeal,[45] if any, but in the interim …… all who so do, are advised to publicly shout, and to publicly whisper, with caution, because they never know who might be cataloguing their words – and where those words that they own might land; (or more specifically, land the originator of those very words) in this Gig e-conomy[46] that exemplifies the gentle admonition that “sharing is daring!

 

 

*********************************************************************

 

Author:

Ekundayo George is a lawyer and sociologist.  He is a keen student of organizational and micro-organizational behavior and has gained significant experience in regulatory compliance, litigation, and business law and counseling.  He has been licensed to practise law in Ontario and Alberta, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America.  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services and Public Finance, Public Procurement, Healthcare and Public Pensions, Entertainment, Real Estate and Zoning, International/cross-border trade, other services, and Environmental Law and Policy; working with equal ease and effectiveness in his transitions to and from the public and private sectors.

 

Of note, Mr. George has now worked at the municipal government, provincial government, and federal government levels in Canada, as well as at the municipal government, state government, and federal government levels in the United States.  He is also a published author on the National Security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and enjoys complex systems analysis in legal, technological, and societal milieux.

 

Trained in Legal Project Management (and having organized and managed several complex projects before practising law), Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant – sourcing, managing, and delivering on complex engagements with multiple stakeholders and multidisciplinary teams.  Team consulting competencies include program investigation, sub-contracted procurement of personnel and materials, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, and other targeted engagements through tapping a highly-credentialed resource pool of contract professionals with several hundred years of combined expertise, in: healthcare; education and training; law and regulation; policy and plans; statistics, economics, and evaluations including feasibility studies and business cases; infrastructure; and information technology/information systems (IT/IS) – also sometimes termed information communications technologies (ICT).  See, for example: http://www.simprime-ca.com.

 

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

 

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering of any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.  Past results are no guarantee of future success, and specific legal advice should be sought for particular matters through counsel of your choosing, based on such factors as you deem appropriate.

 

 

[1] See Infra note 7 at Introduction, ¶2.  hiQ does specifically state in its Complaint, that: “hiQ does not analyze the private sections of LinkedIn, such as profile information that is only visible when you are signed-in as a member, or member private data that is visible only when you are “connected” to a member. Rather, the information that is at issue here is wholly public information visible to anyone with an internet connection.”  But See HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 6.  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>…

“LinkedIn maintains that […] while the information that hiQ seeks to collect is publicly viewable, the posting of changes to a profile may raise the risk that a current employee may be rated as having a higher risk of flight under Keeper even though the employee chose the Do Not Broadcast setting. hiQ could also make data from users available even after those users have removed it from their profiles or deleted their profiles altogether. LinkedIn argues that both it and its users therefore face substantial harm absent an injunction; if hiQ is able to continue its data collection unabated, LinkedIn members’ privacy may be compromised, and the company will suffer a corresponding loss of consumer trust and confidence” [emphasis added].

[2] Id. at Introduction, ¶5.  On this point, hiQ writes to specify LinkedIn’s 5 levels of profile visibility preference, and emphasize its own limited access to and use of same:

“LinkedIn members can choose to (1) keep their profile information private; (2) share only with their direct connections; (3) share with connections within three degrees of separation; (4) allow access only to other signed-in LinkedIn members, or (5) allow access to everyone, even members of the general public who may have no LinkedIn account and who can access the information without signing in or using any password. It is only this fifth category of information – wholly public profiles – that is at issue here: hiQ only accesses the profiles that LinkedIn members have made available to the general public.”

[3] Thomas Lee.  LinkedIn, HiQ Spat Presents Big Questions for Freedom, Innovation.  Published July 8, 2017 on sfchronicle.com.  Web: <http://www.sfchronicle.com/business/article/LinkedIn-HiQ-spat-presents-big-questions-for-11274133.php#comments>

[4] Ibid.

[5] LinkedIn Corporation.  RE: Demand to Immediately Cease and Desist Unauthorized Data Scraping and other Violations of LinkedIn’s User Agreement.  Letter dated May 23, 2017.  Web: <https://static.reuters.com/resources/media/editorial/20170620/hiqvlinkedin–ceaseanddesist.pdf>

[6] Craigslist, Inc v. 3Taps, Inc et al, 12-cv-03816-CRB (N.D. Cal. October 9, 2015).  ORDER Granting Application for Default Judgment, issued by Charles R. Breyer, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA).  Web: <http://law.justia.com/cases/federal/district-courts/california/candce/3:2012cv03816/257395/280/>

[7] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-LB (N.D. Cal. June 7, 2017).  COMPLAINT FOR DECLARATORY JUDGMENT UNDER 22 U.S.C. § 2201 THAT PLAINTIFF HAS NOT VIOLATED: (1) THE COMPUTER FRAUD AND ABUSE ACT (18 U.S.C. § 1030); (2) THE DIGITAL MILLENNIUM COPYRIGHT ACT (17 U.S.C. §1201);(3) COMMON LAW TRESPASS TO CHATTELS; OR (4) CAL. PENAL CODE § 502(c); INJUNCTIVE RELIEF TO ENJOIN: (1) INTENTIONAL INTERFERENCE WITH CONTRACT AND PROSPECTIVE ECONOMIC ADVANTAGE; (2) UNFAIR COMPETITION (CAL. BUS. & PROF. CODE § 17200); (3) PROMISSORY ESTOPPEL; AND (4) VIOLATION OF CALIFORNIA FREE SPEECH LAW; AND RELATED MONETARY RELIEF. Filed 2017, in the United States District Court for the Northern District of California (USDC, NDCA).  Web: <https://www.unitedstatescourts.org/federal/cand/312704/1-0.html>

[8] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA).  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>

[9] Craigslist, Inc v. 3Taps, Inc et al, 12-cv-03816-CRB (N.D. Cal. October 9, 2015).  ORDER Granting Application for Default Judgment, issued by Charles R. Breyer, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA).  Web: <http://law.justia.com/cases/federal/district-courts/california/candce/3:2012cv03816/257395/280/>

[10] Id. at 2.

[11] Ibid.

[12] Id. at 3.

[13] Id. at 2.

[14] Craigslist, Inc v. 3Taps, Inc et al, 12-cv-03816-CRB (N.D. Cal. October 9, 2015).  ORDER Granting Application for Default Judgment, issued by Charles R. Breyer, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 3.  Web: <http://law.justia.com/cases/federal/district-courts/california/candce/3:2012cv03816/257395/280/>

[15] Craigslist, Inc v. 3Taps, Inc et al, 12-cv-03816-CRB (N.D. Cal. November 20, 2012).  First Amended Complaint.

Web: <http://www.3taps.com/images/pics/430_Amended Compalint .pdf>

[16] Supra note 14 at 3.

[17] Ibid.

[18] LinkedIn Corporation.  RE: Demand to Immediately Cease and Desist Unauthorized Data Scraping and other Violations of LinkedIn’s User Agreement.  Letter dated May 23, 2017.  Web: <https://static.reuters.com/resources/media/editorial/20170620/hiqvlinkedin–ceaseanddesist.pdf>

[19] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-LB (N.D. Cal. June 7, 2017). COMPLAINT FOR DECLARATORY JUDGMENT UNDER 22 U.S.C. § 2201 THAT PLAINTIFF HAS NOT VIOLATED: (1) THE COMPUTER FRAUD AND ABUSE ACT (18 U.S.C. § 1030); (2) THE DIGITAL MILLENNIUM COPYRIGHT ACT (17 U.S.C. §1201);(3) COMMON LAW TRESPASS TO CHATTELS; OR (4) CAL. PENAL CODE § 502(c); INJUNCTIVE RELIEF TO ENJOIN: (1) INTENTIONAL INTERFERENCE WITH CONTRACT AND PROSPECTIVE ECONOMIC ADVANTAGE; (2) UNFAIR COMPETITION (CAL. BUS. & PROF. CODE § 17200); (3) PROMISSORY ESTOPPEL; AND (4) VIOLATION OF CALIFORNIA FREE SPEECH LAW; AND RELATED MONETARY RELIEF.  Filed 2017, in the United States District Court for the Northern District of California (USDC, NDCA).  Web: <https://www.unitedstatescourts.org/federal/cand/312704/1-0.html>

[20] Id. at Introduction, ¶1.

[21] Id. at ¶¶27-8.

[22] Id. at ¶28.

[23] Id. at ¶¶34, 38, 46.

[24] Id. at ¶29.

[25] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 3.  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>…

[26] Id. at 4.

[27] The United States Court of Appeals for the Ninth Circuit covers Alaska, Arizona, California, Guam, Hawaii, Idaho, Montana, Nevada, the Northern Mariana Islands, Oregon, and Washington state.  See generally Geographical Boundaries of United States Courts of Appeals and United States District Courts.  Online: <https://www.supremecourt.gov/about/Circuit Map.pdf>

[28] Supra note 25 at 4.

[29] Congress of the United States, United States Code18 USC 1030: Fraud and related activity in connection with computers.  Title 18: Crimes and Criminal Procedure; Part I: Crimes; Chapter 47: Fraud and False Statements. Web: <uscode.house.gov/browse/prelim@title18/part1/chapter47&edition=prelim>

[30] Supra note 25 at 10.

[31] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 16.  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>

[32] Id. at 10.

[33] See Robins v. Pruneyard Shopping Ctr., 23 Cal. 3d 899, 905 (1979).

[34] Supra note 31 at 18

[35] Id. at 19.

[36] Id. at 20-21.

[37] See Unfair Competition Law (UCL), Cal. Bus. & Prof. Code §17200 et seq.

[38] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 21.  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>

[39] Id. at 23.

[40] Id. at 24.

[41] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-LB (N.D. Cal. June 7, 2017). COMPLAINT FOR DECLARATORY JUDGMENT UNDER 22 U.S.C. § 2201 THAT PLAINTIFF HAS NOT VIOLATED: (1) THE COMPUTER FRAUD AND ABUSE ACT (18 U.S.C. § 1030); (2) THE DIGITAL MILLENNIUM COPYRIGHT ACT (17 U.S.C. §1201);(3) COMMON LAW TRESPASS TO CHATTELS; OR (4) CAL. PENAL CODE § 502(c); INJUNCTIVE RELIEF TO ENJOIN: (1) INTENTIONAL INTERFERENCE WITH CONTRACT AND PROSPECTIVE ECONOMIC ADVANTAGE; (2) UNFAIR COMPETITION (CAL. BUS. & PROF. CODE § 17200); (3) PROMISSORY ESTOPPEL; AND (4) VIOLATION OF CALIFORNIA FREE SPEECH LAW; AND RELATED MONETARY RELIEF. Filed 2017, in the United States District Court for the Northern District of California (USDC, NDCA), at ¶7.  Web: <https://www.unitedstatescourts.org/federal/cand/312704/1-0.html>

[42] See generally Tristan Greene.  The future of your data could rest in the outcome of LinkedIn vs HiQ case.  Posted August 24, 2017 on thenextweb.com.  Web: <https://thenextweb.com/insider/2017/08/24/hiq-is-the-david-to-linkedins-goliath-in-legal-battle-over-user-data/#.tnw_Q1Tn05Hv>…

[43] Id.

[44] HiQ Labs, Inc. v. LinkedIn Corporation, 17-cv-03301-EMC (N.D. Cal. August 14, 2017).  Order Granting Plaintiff’s Motion for Preliminary Injunction, issued by Edward M. Chen, United States District Judge, United States District Court for the Northern District of California (USDC, NDCA), at 21.  Web: <https://assets.documentcloud.org/documents/3932131/2017-0814-Hiq-Order.pdf>

[45]  – Reserved

[46] For a general overview of the Gig e-conomy and its monopoly potential, see e.g. Ekundayo George.  Monopolies and Market Dominance in the “GIG” e-conomy: What Might These Look Like / Are We There Yet?  Published July 16, 2017 on ogalaws.wordpress.com.  Web: <https://ogalaws.wordpress.com/2017/07/16/monopolies-and-market-dominance-in-the-gig-e-conomy-what-might-this-look-like-are-we-there-yet/>

INTRODUCTION:

I will not get into legalese, as this is but a conceptual take on the topic.  I came across the following New York Times article,[1] which posed the question “Is It Time to Break Up Google?”  That article had been cited by a more recent one that spoke of the dominant market positions of the so-called FAAAN stocks (described as Facebook, Amazon, Alphabet, Apple and Netflix) or sometimes FAANG stocks (Facebook, Amazon, Apple, Netflix and Google), and the potential need to limit or dismantle them for such reasons as to protect the consumer, or to better protect against the loss or misuse of personal data, or to maintain market integrity, investment and productivity, and dynamism through vigorous multiparty competition.[2]  I will use FAAAN and FAANG interchangeably.

This is the language of competition regulators – avoiding monopolies, carefully watching oligopolies, and protecting the consumer from any entity that would abuse its dominant position in the market to take advantage of them.  There are competing schools in different regulator domains, however, as one side says that competition spurs innovation (European Union stance), whilst the other side appears more comfortable with FAAAN entity market shares than it was with those in telecommunications, oil and gas, and railways (United States stance).[3]  The Standard Oil Company, which maintained a 90% market share for twenty years, is often cited as the posterboy for monopoly power in the United States – but was it really so villainous?[4]  In any case, before we apply a solution, we must first answer 3 essential questions:

  1. What, exactly, are these FAAAN entities allegedly dominant in?
  • Facebook has a leading position in social media, through its control of Facebook Messenger, WhatsApp, and Instagram (and now sharing control, with Alphabet/Google, of approximately 56% of the U.S. market for mobile advertising).[5]
  • Amazon has a leading position in e-commerce, with its ubiquitous shopping portal (now handling approximately 30% of all U.S. e-commerce sales),[6] and in the provision of cloud hosting and data centre services.
  • Alphabet/Google has a leading position in online search, online video through its control of Youtube, and in the revenue yield from online advertising (now earning approximately 78% of all U.S. search advertising revenues).[7]
  • Apple has a leading position in smartphones wearables, and tablets, through its iPhone (now accounting for approximately 60% of global smartphone sales),[8] iPad, Watch, Mac, and MacBook lines.
  • Netflix also has a leading position in “over the top” (OTT) movie, performance, and documentary streaming (now reaching approximately 75% of all U.S. streaming service viewers).[9]

Are these indications of dominance, we ask, or just a solid and perhaps (for now) unassailable lead in markets resoundingly disrupted?

“Movies and television could become like opera and novels, because there are so many other forms of entertainment. Someday, movies and TV shows will be historic relics. But that might not be for another 100 years.”[10]

For example, all of these FAAAN stocks, other than Apple, may be especially dominant in the United States, but with the U.S. share of global e-commerce expected to fall from 20.7% in 2016 to 16.9% in 2020, while China’s share of it rises from 47% to 59.5% in the same period,[11] then given the restrictions on market entry into China,[12] how can any current such “dominance”, persist?

Microsoft is also sometimes mentioned as a market dominator, with its leading positions in operating system software, desktops and mobile, cloud hosting, big data, analytics, and online storage through its data centres; as is Uber, with its stated goal to dominate the ride-hailing space on a global scale.

  1. What, precisely, is the market or who, precisely, is the consumer that these FAANG entities are allegedly dominating?

Let us now start to break things down a little further, step by step.

VERTICALS –

I think we can all agree that there are three consumer verticals: government, business, and generic consumers – meaning neither of the preceding two verticals.  From there, however, things can get quite tricky, with this hierarchy of 3 verticals, then 5 sectors, then 30 groups, and finally, their many included elements.  Of course, each regulator or group of regulators assessing these entities, has its own domain, such as the United States (with its long tradition of Antitrust regulation), Canada (with its long experience in near oligopolies for financial services and telecommunications), Russia and China (with growing experience in competition regulation, and where Uber recently partnered with Yandex in Russia,[13] and earlier with Didi Chuxing in China,[14] for ride-hailing, or “on-demand transportation”), and the European Union (where Facebook,[15] Alphabet/Google,[16] Apple,[17] and Microsoft,[18] have all had run-ins with the local Competition regulator).

In the investing community, there are a number of ways to segment the market.  The diversified Standard & Poor’s 500 Index uses 11 market sectors,[19] and the NASDAQ (technology-heavy) index follows the Industry Classifications Benchmark (ICB) system, to create ten market sectors.[20]  There is some overlap between these two, but the Toronto Stock Exchange (energy and financial services- heavy) index has just seven market sectors.[21]  Personally, I have long used a modified schema of about 16 sectors, but I think it is time to change the whole approach because these FAAAN / FAANG entities have disrupted much, will continue to do so, and have spawned a whole series of ecosystems of disruptors that cross sectoral boundaries, serve multiple verticals, and make a mockery of most if not all commonly used methods of market and competition analysis, including clear regulatory categorization, for purposes of finding and assessing the impact of a dominant position.  This is collectively the “gig” -economy of on-demand piecework, tempwork, and peer-to-peer transacting that circumvents big businesses, with “gig” now having a U.S. labor market share now estimated at 34% and projected to rise to 43% by 2020.[22]

Hence, my analytical proposal is this:

SECTORS –

We start with 5 very broad sectors, and then break things down further.  Those five sectors, are: General Goods and Services; Specialized Goods and Services; Digital Tools, Applications and Services; Social Infotainment; and the Gig e-conomy.

GENERAL GOODS AND SERVICES SECTOR:

Here, I have placed the 8 key groups of Government, Manufacturing and Industry, Materials, Oil and Gas, Retail and Wholesale, Security, Transportation, and Utilities.

Government, is further divided across the 5 elements of: regulation; education and tutoring; standard setting; libraries and archives; and dispute resolution and keeping the peace.

Manufacturing and Industry, are further divided across the 5 elements of: aerospace and defence; construction and engineering; transportation and utilities infrastructure; technology, hardware, communications equipment and components and peripherals; and services.

Materials, are further divided across the 5 elements of: paper and forest products; metals and mining; construction materials and components; advanced materials; and CAD-CAM, and GIS and other services.

Oil and Gas, are further divided across the 5 elements of: oil and gas services; drilling and equipment; transportation and storage; refining, trade, plastics and chemicals; and other.

Retail and Wholesale, are further divided across the 5 elements of: leisure; household durable and furniture; household discretionary and personal products; retail (multiline and specialty); and luxury goods, apparel, and textiles.

Security, is further divided across the 5 elements of: national security and defence; societal security and emergency management; physical and industrial safety and security, and emergency management; personal safety and security, and incident response; and virtual security, and incident and event management.

Transportation, is further divided across the 5 elements of: public transportation networks; commercial transportation networks; carriage for hire and ride-hailing; personal and shared mobility properties; and drones and autonomous vehicles.

Utilities, are further divided across the 5 elements of: electric and gas; wind, solar, and water; nuclear; biomass and multi-utility; and other.

SPECIALIZED GOODS AND SERVICES SECTOR:

Here, I have placed the 8 key groups of Conglomerates, Financial Services, Food, Health and Wellness, Information Communications Technologies, Information and Data Techniques, Personal Services,  and Shelter.

Conglomerates, are further divided across the 5 elements/variants of: food, beverage, and consumer products; information communications technologies and information and data techniques; leisure, property, and transportation; technology, industry, and manufacturing; and services.

Financial Services, are further divided across the 5 elements of: consumer, trade, and business banking and finance, and cash and payment provision and processing; mortgages, home equity lines of credit, and real estate investment trusts; financial planning and advising, and portfolio and asset management; trusts and estates; and insurance and reinsurance.

Food, is further divided across the 5 elements of: crops; kept animals and kept animal products; beverages and other consumables; wholesale, retail, and restaurant; and processing, packaging, and distribution.

Health and Wellness, is further divided across the 5 elements of: medical and surgical services; medical and surgical equipment; pharmacology; mental and spiritual health; and fitness and alternatives.

Information Communications Technologies, are further divided across the 5 elements of: publishing, and printed media; cable, over-air, over the top, and satellite television; radio and satellite radio; fiber optics, telephone, and voice over internet protocol; and audio-visual and peripherals.

Information and Data Techniques, are further divided across the 5 elements of: collection and collation; privacy, security, and anonymization; storage and retrieval; transactions and analysis; and disposal.

Personal Services, are further divided across the 5 elements of: professional services; personal assistants, managers, and agents; virtual assistants; crisis, wardrobe, image and media consultants; and household staff.

Shelter, is further divided across the 5 elements of: single family; multi-family; mobile accommodations; hotel, motel, cruise and resort; and plant, office, maintenance and janitorial.

DIGITAL TOOLS, APPLICATIONS, AND SERVICES SECTOR:

Here, I have placed 8 key groups, and without any further division across elements because the developed and developing options are still far too broad to be coherently and comprehensively captured, if ever.  These 8, are:

  • Consumer Software, and Productivity applications.
  • eBooks, eNews, and other eMedia.
  • eCommerce.
  • eLearning.
  • Employment and Contracting.[23]
  • Entity Clouds and data centres for Big Data, storage, hosting, managed solutions, and analytics.
  • Online advertising, including by profile, location, nearfield communication, and radiofrequency identification;
  • Online search, mapping and geo-tagging or tracking, and navigation.

SOCIAL INFOTAINMENT SECTOR:

Here, I have placed the 2 key groups of Hardware; and Services.

Hardware, is further divided across the 5 elements of: phones; tablets; desktop devices; virtual and augmented reality; and content creation through interactive and autonomous devices with and without artificial intelligence.

Services, are further divided across the 5 elements of: standard and streaming live theatre, motion pictures, and video; standard and streaming live concerts, performance arts, and audio; social and chat, and introductions and networking; gaming, group casts, and similar interactions; and content creation, experiential learning, and immersive transactions.

GIG E-CONOMY SECTOR:

So now, let us use a “gig” e-conomy approach to assess the dominance issue across the preceding market sectors.  I think that you may well find yourself agreeing that there is no dominance at play, and that the competition is still quite healthy across the board.  Here, I have placed those “on demand” goods and services available through rapidly advancing technology that are or may be applicable.  Please note that no single person can possibly name all members of any subgroup and the Apps and Bots of competitors, as they multiply, morph, and merge on both daily and intraday bases; but I will, however, try to give sufficient coverage to convey the depth, breadth, and scope of offerings available.[24]

On-demand General Goods and Services, and their related providers or aggregators would be found here, such as Baidu Baike, The Canadian Encyclopedia, Encyclopedia Britannica, Encyclopedia.com, The Free Dictionary.com, Wikipedia and World Book Online (Government: libraries and archives); 3D printers (Materials: CAD-CAM, and GIS and other services); Alibaba, Amazon, Costco, WalMart, and Yandex (Retail and Wholesalewhole group); AppRiver, Bitdefender, Symantec/Norton, Kaspersky, McAfee, and Webroot SecureAnywhere Antivirus (Security: virtual security); and Uber, Lyft, Ourbus, Didi Chuxing, BlaBlaCar, and Yandex (Transportation: carriage for hire and ride-hailing).

On-demand Specialized Goods and Services, and their related providers or aggregators would be found here, such as Apple, Alphabet and Microsoft (Conglomerates: Information communications technologies – smartphones of iPhone, Pixel and Lumia, along with Watch, Mac, iPad, Surface, OneNote, and the operating systems of iOS, macOS, Linux, Android, Windows, and other solutions based on non-proprietary or open-source code); Amazon and Microsoft (Conglomerates: information and data techniques – cloud services); Consumer, trade, and business banking and finance (Financial Services: portals and standalone Apps of the major banks, worldwide, along with Fintech disruptors like rate.com and Kreditech); Android Pay, Apple Wallet, Bitcoin, Etherium, LG Pay, Microsoft Wallet, Samsung Pay or Samsung Pay Mini, Yandex Money, Alipay, PayPal and Stripe[25] (Financial Services: smartphone-based and web-based cash and payment provision and processing); Fund Razr, Indiegogo, Kickstarter, GoFundMe, AngelList, and CrowdCube (Financial Services: Consumer, trade, and business banking and finance); AlphaStreet, MyLo, Robinhood, and WealthBar (Financial Services: financial planning and advising, and portfolio and asset management); Deliveroo, Grubhub, Just-eat, Postmates, Door-Dash, UberEATS, Amazon, and Instacart (Food: processing, packaging, and distribution); SiriusXM and free AM/FM radio around the world[26] (Information Communications Technologies: radio and satellite radio); Netflix, Spotify, NotJustOk, YouTube, Hulu, Sling, HBO, and Amazon (Information Communications Technologies: cable, over-air, over the top, and satellite television); Google, Alibaba, Yandex, Amazon Web Services, Facebook, Tencent, Microsoft Cloud/Azure (Information and Data Techniqueswhole group, as also listed in Conglomerates, above); Monster, LinkedIn, Upwork, TaskRabbit (Personal Services: – whole group); Airbnb, Love Home Swap, Onefinestay (Shelter: hotel, motel, cruise and resort); and Handy, Homejoy, Merry Maids, Molly Maid, Life Maid Easy, and Bee Clean (Shelter: plant, office, maintenance and janitorial).

On-demand Digital Tools, Applications, and Services, and their related providers or aggregators would be found here, such as Apple’s App Store, Google’s Play Store, Adobe, Corel, Microsoft/Windows, Etherium, Intuit and QuickBooks (Consumer software and productivity applications); Amazon Kindle, Voyage, and Oasis, Barnes & Noble Glowlight, Nook, and Touch, and the Kobo and Aura (eBooks); Amazon, Alibaba, Costco, Craigslist, DaWanda, eBay, Etsy, Shopify, WalMart and Yandex (eCommerce); ADrive, Apple iCloud, Box, Dropbox, Google Drive, iDrive, Media Fire, Mozy, Microsoft OneDrive, and PhotoBucket (Entity Clouds – storage); Accenture Cloud Hosting Services, Amazon Web Services, CSC Cloud Computing Services, Canadian Cloud Hosting, Canadian Web Hosting, CenturyLink, Cloud Sigma, Dimension Data Cloud Surround, Distil Networks, Fujitsu Cloud Solutions, Google App Engine/Cloud Platform, Helion Public Cloud, Lunacloud, Microsoft Azure/Cloud, OpenShift, OpenStack Cloud, Rackspace, Softlayer, Verizon Terremark, ViaWest KINECTed Cloud, and VMware (Entity Clouds and Data Centres for Big Data, hosting, managed solutions, and analytics); Google, Facebook, Snap, Twitter and Youtube (online advertising, including by profile, location, nearfield communication, and radiofrequency identification); and Google, Baidu, and Yandex (online search, mapping and geo-tagging or tracking, and navigation).

On-demand Social Infotainment, and their related providers or aggregators would be found here, such as Apple iOS/macOS ecosystems, Blackberry smartphones and data centres, Facebook Oculus Rift, Google Android ecosystem along with Cardboard, Daydream Viewer, and robotics and autonomy, HTC Vive, Huawei smartphones, LG smartphones, Microsoft Windows ecosystem along with HoloLens and Windows Mixed reality, Samsung Gear and robotics and autonomy, Sony Playstation VR and robotics and autonomy, Linux, and other environments and platforms created using open source or non-proprietary code (Hardwarewhole group); Netflix, NotJustOk, Spotify, YouTube, Hulu, Sling, HBO, Pokemon, and Amazon (Serviceswhole group); and Facebook, WhatsApp, Tencent, WeChat, Vodi, Instagram, LinkedIn, Monster, Match.com, Lavalife, eHarmony, and Zoosk (Services – social, chat, and introductions and networking; gaming, group casts, and similar interactions; and content creation, experiential learning and immersive transactions.  You may have noticed that “on-demand Social Infotainment” anticipates content creation by both the hardware makers and the service providers with ever more collaboration, hence the lines become consumers and producers of content have become irrevocably blurred and blended.  Similarly, the gig e-conomy’s “on-demand social infotainment” and “on-demand digital tools, applications, and services” sectors rely upon one another for continuity – the social infotainment needs all that the digital has to offer, and the digital feeds the rising ubiquity of the social infotainment.

  1. Considering the above and now fuller picture of the competitive landscape, is any one of these FAAN/FAANG entities really dominant in any meaningful way?

The answer to this, must therefore be a resounding No. There are a number of groups in which a few players have literally occupied the entire field.  However, in no place is there only one entity.  Clearly, then, competition is alive and fierce in all sectors and groups, as laid out in this analytical scheme.

Any Facebook domination alleged for social media fades away with the diversity of competitors and offerings found within the converged gig e-conomy’s “on-demand social infotainment”;

Any Amazon domination alleged for e-commerce and for search, fades away with the diversity of competitors and offerings under the converged gig e-conomy Sector’s “on-demand general goods and services”, and “on-demand specialized goods and services”.

Any Alphabet/Google domination alleged for online search, online video, and online advertising revenue yield, fades away with the diversity of competitors and offerings under the converged gig e-conomy’s “on demand digital tools, applications, and services”.

Similarly, any Apple domination alleged in smartphones, wearables and tablets, fades away with the diversity of manufacturers and operators found in the converged gig e-conomy sector’s “on-demand specialized goods and services”, as conglomerates offering information and communications technologies, and undertaking information and data techniques.

Finally, any Netflix domination alleged for “over-the-top” (OTT) movie, performance, and documentary streaming, fades away with the diversity of entities competing to deliver services within the converged gig e-conomy’s “on-demand social infotainment”.

SUMMARY:

It is only if, and when, well-funded market operators start to occupy whole sectors (in the new schema laid out here), taking out whole swathes of their competitors and content providers[27] in Pacman “gig”-abites to become the sole players in many of the specific groups within those sectors, that we should start to worry about abuse of dominant positions, monopolies, and over-concentration in the control of personal data[28] – incessant data breaches[29] and global ransomware events,[30] notwithstanding.

Perhaps, you agree now?![31]

********************************************************************

Author:

Ekundayo George is a lawyer and sociologist.  He has also taken courses in organizational and micro-organizational behavior, and gained significant experience in regulatory compliance, litigation, and business law and counseling.  He has been licensed to practise law in Ontario and Alberta, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America.  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, e-commerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other services, and Environmental Law and Policy; working with equal ease and effectiveness in his transitions to and from the public and private sectors.  He is a published author on the National Security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and he enjoys complex systems analysis in legal, technological, and societal milieux.

Trained in Legal Project Management (and having organized and managed several complex projects before practising law), Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant – sourcing, managing, and delivering on complex engagements with multiple stakeholders and multidisciplinary teams.  Team consulting competencies include program investigation, sub-contracted procurement of personnel and materials, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, and other targeted engagements through tapping a highly-credentialed resource pool of contract professionals with several hundred years of combined expertise, in: healthcare; education and training; law and regulation; policy and plans; statistics, economics, and evaluations including feasibility studies and business cases; infrastructure; and information technology/information systems (IT/IS) – also sometimes termed information communications technologies (ICT).  See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

 

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering of any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.  Past results are no guarantee of future success, and specific legal advice should be sought for particular matters through counsel of your choosing, based on such factors as you deem appropriate.

[1] Jonathan Taplin.  Is It Time to Break Up Google?  Published on nytimes.com, April 22, 2017.  Web: >https://www.nytimes.com/2017/04/22/opinion/sunday/is-it-time-to-break-up-google.html?_r=2<

[2] David McLaughlin.  Are Facebook and Google the New Monopolies?: QuickTake Q&A.  Published on Bloomberg.com, July 12, 2017. Web: >https://www.bloomberg.com/news/articles/2017-07-13/antitrust-built-for-rockefeller-baffled-by-bezos-quicktake-q-a<  See also Ayanna Alexander.  Mobile App Location Sharing Brings Awesome Opportunities, Privacy Fears.  Published on bna.com, July 11, 2017.  Web: >https://www.bna.com/mobile-app-location-b73014461529/<

[3] Ramsi Woodcock.  EU’s Antitrust ‘War’ on Google and Facebook Uses Abandoned American Playbook.  Published on observer.com, July 14, 2017.  >http://observer.com/2017/07/eus-antitrust-war-google-facebook-uses-american-playbook-margrethe-vestager-european-union/<

[4] Alex Epstein.  Vindicating Standard Oil, 100 years later.  Published on dailycaller.com, May 13, 2011.  Web: >http://dailycaller.com/2011/05/13/vindicating-standard-oil-100-years-later/2/<

[5] David McLaughlin.  Are Facebook and Google the New Monopolies?: QuickTake Q&A.  Published on Bloomberg.com, July 12, 2017. Web: >https://www.bloomberg.com/news/articles/2017-07-13/antitrust-built-for-rockefeller-baffled-by-bezos-quicktake-q-a<

[6] Ibid.

[7] Ibid.

[8] Ibid.

[9] Sarah Perez.  Netflix reaches 75% of US streaming service viewers, but YouTube is catching up.  Published on techcrunch.com, April 10, 2017.  Web: >https://techcrunch.com/2017/04/10/netflix-reaches-75-of-u-s-streaming-service-viewers-but-youtube-is-catching-up/<

[10] Joe Nocera.  Can Netflix Survive in the New World It Created?  Published on nytimes.com, June 15, 2016.  Web: >https://www.nytimes.com/2016/06/19/magazine/can-netflix-survive-in-the-new-world-it-created.html<

Quoting Reed Hastings – Chairman of the Board, President, Chief Executive Officer, Netflix.

[11] Patrick Seitz.  Move Over FANGs, China’s BAT Stocks Go From Copycats To Fat Cats.  Published on investors.com, July 14, 2017.  Web: >http://www.investors.com/research/industry-snapshot/move-over-fangs-chinas-bat-stocks-go-from-copycats-to-fat-cats/?src=A00220&yptr=yahoo<

[12] IdSee also infra, note 14.

[13] Eric Auchard and Anastasia Teterevleva.  Uber and Yandex to combine ride-hailing in Russia and beyond.  Published on reuters.com, July 13, 2017.  Web: >http://www.reuters.com/article/us-uber-tech-m-a-yandex-idUSKBN19Y10V<  The new entity will operate regionally, in Russia, Armenia, Azerbaijan, Belarus, Georgia and Kazakhstan.

[14] Scott Cendrowski.  Uber Had No Way Out of China Except Through a Merger With Didi.  Published on fortune.com, July 31, 2016.  Web: >http://fortune.com/2016/08/01/uber-didi-merger/<

[15] Jason Aycock.  Facebook eases into crosshairs of EU antitrust watchdogs.  Published on seekingalpha.com, July 3, 2017.  Web: >https://seekingalpha.com/news/3276761-facebook-eases-crosshairs-eu-antitrust-watchdogs<

[16] Peter Sayer.  EU Competition Commissioner spells out priorities: Google as Alphabet is still under investigation.  Published on pcworld.com, October 26, 2015.  Web: >http://www.pcworld.com/article/2997529/android/eu-competition-commissioner-spells-out-priorities-google-as-alphabet-is-still-under-investigation.html<

[17] Sean Farrell and Henry McDonald.  Apple ordered to pay €13bn after EU rules Ireland broke state aid laws.  Published on theguardian.com, August 30, 2016.  Web: >https://www.theguardian.com/business/2016/aug/30/apple-pay-back-taxes-eu-ruling-ireland-state-aid<

[18] Charles Arthur.  Microsoft loses EU antitrust fine appeal.  Published on theguardian.com, June 27, 2012.  Web: >https://www.theguardian.com/technology/2012/jun/27/microsoft-loses-eu-antitrust-fine-appeal<

[19] These 11 S&P 500 market sectors are: Energy, Materials, Industrials, Consumer Discretionary, Consumer Staples, Health care, Financials, Real Estate, Information Technology, Telecommunications Services, and Utilities.

See S&P 500 Factsheet – Sector Breakdown.  Published on ca.spindices.com and visited on July 13, 2017.  Web: >http://ca.spindices.com/indices/equity/sp-500<

[20] These 10 NASDAQ market sectors are: Oil and Gas, Basic materials, Industrials, Consumer Services, Consumer Goods, Healthcare/Financials, Technology, Telecommunications, and Utilities.  See NASDAQ Composite Index – COMP Fact Sheet – Industry Breakdown.  Published on nasdaqomx.com and visited July 13, 2017.  Web: >https://indexes.nasdaqomx.com/Index/Overview/COMP<

[21] These 7 TSE market sectors are: Clean Technology, Diversified Industries, Energy and Energy Services, Life Sciences, Mining, Real Estate, and Technology.  See The Toronto Stock Exchange, Sector and Product Profiles.  Published on tsx.com and visited July 13, 2017.  Web: >http://tsx.com/listings/listing-with-us/sector-and-product-profiles<

[22] Patrick Gillespie.  Intuit: Gig economy is 34% of US workforce.  Published on money.cnn.com, May 24, 2017.  Web: >http://money.cnn.com/2017/05/24/news/economy/gig-economy-intuit/index.html<

[23] Including this as a standalone group has become a necessity, thanks to the enabling rise of the “gig” e-conomy.  See e.g. Nick Wells. The ‘gig economy’ is growing — and now we know by how much.  Published on cnbc.com, October 13, 2016.  Web: >http://www.cnbc.com/2016/10/13/gig-economy-is-growing-heres-how-much.html<

[24] All names and marks mentioned herein are and remain the property of their respective owners, and no good or service or provider of same that is mentioned or omitted or referenced whether in whole or in part within this article or within its attached notes is either endorsed or disdained.

[25] Memberful.  Stripe vs PayPal: Who should you choose?  Published on memberful.com and visited on July 15, 2017.  Web: >https://memberful.com/blog/stripe-vs-paypal/<

[26] John-Erik Koslosky.  Sirius XM’s Strongest Competition May Surprise You.  Published on fool.com, September 12, 2015.  Web: >https://www.fool.com/investing/general/2015/09/12/sirius-xms-strongest-competition-may-surprise-you.aspx<

[27] Nick Wingfield and Michael J. de la Merced.  Amazon to Buy Whole Foods for $13.4 Billion.  Published on nytimes.com, June 16, 2017.  Web: >https://www.nytimes.com/2017/06/16/business/dealbook/amazon-whole-foods.html<

[28] Business Leader.  Google dominates search. But the real problem is its monopoly on data.  Published on theguardian.com, April 19, 2015.  Web: >https://www.theguardian.com/technology/2015/apr/19/google-dominates-search-real-problem-monopoly-dataSee also Ben Thompson.  Facebook and the Cost of Monopoly.  Published on stratechery.com, April 19, 2017.  Web: >https://stratechery.com/2017/facebook-and-the-cost-of-monopoly/<

[29] Dave Burton.  Minimize “Dwell Time” to Cut the Cost of Data Center Breaches.  Published on infosecisland.com, October 20, 2016.  Web: >http://www.infosecisland.com/blogview/24835-Minimize-Dwell-Time-to-Cut-the-Cost-of-Data-Center-Breaches.htmlSee also Jessica Davis.  Former Bupa employee posts 1 million records for sale on dark web.  Published on healthcareitnews.com, July 14, 2017.  Web: >http://www.healthcareitnews.com/news/former-bupa-employee-posts-1-million-records-sale-dark-web<   See Generally Ekundayo George.  Cybersecurity: Its not just about “B” for Bob, but also eCommerce, Structure, and Trust.  Published on ogalaws.wordpress.com, November 3, 2014  Web: >https://ogalaws.wordpress.com/2014/11/03/cybersecurity-its-not-just-about-b-for-bob-but-also-ecommerce-structure-and-trust/<

[30] Jesse McKenna.  WannaCry: How We Created an Ideal Environment for Malware to Thrive, and How to Fix It.  Published on infosecisland.com, July 12, 2017.  Web: >http://www.infosecisland.com/blogview/24941-WannaCry-How-We-Created-an-Ideal-Environment-for-Malware-to-Thrive-and-How-to-Fix-It.html<

[31] Ekundayo George.  Monopolies and Market Dominance in the “Gig” eConomy?  We are Getting There!  Posted February 19, 2018 on ogalaws.wordpress.com.  Online: >https://ogalaws.wordpress.com/2018/02/19/monopolies-and-market-dominance-in-the-gig-economy-we-are-getting-there/<

ECJ

INTRODUCTION:

On October 6, 2015,[1] the Court of Justice of the European Union (ECJ) declared invalid a decision of the European Commission on July 26, 2000[2] that had, pursuant to the relevant EU data protection law,[3] granted and acknowledged safe harbour for certain United States entities when transferring the personal data of European Union citizens to, and processing and storing that data within the United States. The case had been referred to the ECJ for a preliminary ruling from the High Court of Ireland, with a subsequent non-binding Opinion from the ECJ Advocate General, Yves Bot,[4] that the ECJ eventually followed.

CASE HISTORY:

The case began when Maximilian Schrems, an Austrian Citizen (and law student at that time), spearheaded a group to file a complaint with the Irish Data Protection Commissioner (DPC)[5] against Facebook Ireland Ltd, which is the company’s European headquarters. When Billy Hawkes, the Irish DPC rejected the case,[6] Schrems and his group sought and were granted judicial review at the High Court of Ireland.[7] Citing pre-emption on the key issues by European law, Mr. Justice Hogan adjourned the case pending referral to the European Court of Justice (ECJ).[8] Those key issues were: (a) whether the Edward Snowden revelations of 2013[9] revealed such a wholesale (both actual and potential) lack of compliance with European law that the U.S. Safe Harbour provisions with regard to transferring the personal information of European Citizens were essentially invalid; and (b) whether EU member states were bound by controlling EU privacy laws regarding those safe harbours, or free to pursue their own investigations into allegations of privacy breach or other non-compliance as and when needed, and were then subsequently able to suspend data transfers if they violated EU laws and/or EU citizen rights. Advocate General Bot had opined in the affirmative on both of these points,[10] and the ECJ agreed.

IMPLICATIONS:

Being effective immediately and with no grace period (or period of suspended invalidity as would likely have been applicable in Canada,[11] were the matter heard under Canadian jurisdiction),[12] the ruling immediately put the businesses and business practices of thousands of entities in legal jeopardy for their reliance on an invalid law. Fortunately for all, the European Union’s 28 national data protection authorities, acting through their Article 29 Working Party, issued an October 16, 2015 statement[13] encouraging those entities impacted by the ruling to negotiate, establish, and implement their own interim measures to ensure compliance with the ruling, including, in a later Q&A compliance release of November 6, 2015, that they “consider putting in place any legal and technical solutions to mitigate any possible risks they face when transferring data”;[14] assuring European businesses and citizens that privacy and data protection remained key elements of European law, and that they would issue further guidance at a national level, but at a later date; and implying quite strongly, that coordinated enforcement actions might issue if an appropriate successor framework could not be negotiated with the United States by the end of January, 2016.[15] That specific “deadline” language, read:

“If by the end of January 2016, no appropriate solution is found with the US authorities and depending on the assessment of the transfer tools by the Working Party, EU data protection authorities are committed to take all necessary and appropriate actions, which may include coordinated enforcement actions.”[16]

Essentially, then, the Commissioners agreed to implement a suspended enforcement as they could not retroactively seek or secure any period of suspended invalidity from the ECJ, and nobody had asked for one to be considered on the possibility of such a decision resulting. It would have been interesting to read the ECJ views on Canadian and other such precedent …. Perhaps we’ll read that some other time!

For now, we watch as companies scramble to “not” comply with this newly invalid law;[17] we wait for both that national European guidance (whether or not uniform or coordinated);[18] and we follow – to the extent made public – negotiations between the United States and Europe up to January 31, 2016. There may already be light at the end of that negotiation tunnel, as two identical bills – H.R.1428[19] in the House of Representatives (now passed by the full House), and S.1600 in the United States Senate[20] may eventually grant the United States District Court for the District of Columbia (USDC, DC) exclusive jurisdiction to hear foreign citizens’ privacy breach complaints against federal (not state) government actors of the United States. But, only the President can sign any final version of either Bill, into law.

In addition, the matter – now transferred back to the Irish High Court for further deliberations, may still result in a finding that Facebook cannot provide adequate data privacy protections for European citizens. If again referred or appealed to the ECJ, and upheld, Facebook’s European operations might cease under subsequent enforcement actions in one or many European jurisdictions on such a ruling.

And so, one way or the other, we wait![21]

*****************************************************************

Author:

Ekundayo George is a lawyer and sociologist. He has also taken courses in organizational and micro-organizational behavior, and gained significant experiences in regulatory compliance, litigation, and business law and counseling. He is licensed to practice law in Ontario and Alberta, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America. See, for example: http://www.ogalaws.com. A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other services, and Environmental Law and Policy; working with equal ease and effectiveness in his transitions to and from the public and private sectors. He is a published author on the National Security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and he enjoys complex systems analysis in legal, technological, and societal milieux.

Trained in Legal Project Management (and having organized and managed several complex projects before practicing law), Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant – sourcing, managing, and delivering on complex engagements with multiple stakeholders and multidisciplinary teams. Team consulting competencies include program investigation, sub-contracted procurement of personnel and materials, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, and other targeted engagements through tapping a highly-credentialed resource pool of contract professionals with several hundred years of combined expertise, in: Healthcare; Education & Training; Law & Regulation; Policy & Plans; Statistics, Economics, & Evaluations including feasibility studies; Infrastructure; and Information Technology/Information Systems (IT/IS) – also sometimes termed Information Communications Technologies (ICT). See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering of any professional service, or attorney advertising where restricted or barred. The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein. Past results are no guarantee of future success, and specific legal advice should be sought for particular matters through counsel of your choosing, based on such factors as you deem appropriate.

[1] Schrems (Judgment) [2015] EUECJ C-362/14 (06 October 2015), [2015] EUECJ C-362/14, [2015] WLR(D) 403, EU:C:2015:650, ECLI:EU:C:2015:650. Online: http://www.bailii.org/eu/cases/EUECJ/2015/C36214.html

[2] Commission Decision 2000/520/EC of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the US Department of Commerce (OJ 2000 L 215, p. 7)

[3] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ 1995 L 281, p. 31).

[4] Case C-362/14 Maximillian Schrems v. Data Protection Commissioner [2015] EUECJ C-362/14, Opinion of AG Bot (23 September 2015). Online: http://www.uni-muenster.de/Jura.itm/hoeren/itm/wp-content/uploads/C0362_2014-EN-Opinion.pdf

[5] RTE News. Data Protection Commissioner says no action will be taken against Apple and Facebook. Published on rte.ie, July 26, 2013. Online: http://www.rte.ie/news/2013/0726/464770-data-protection/

[6] Id.

[7] Schrems v. Data Protection Commissioner [2014] IEHC 310 (18 June 2014). Online:http://www.bailii.org/ie/cases/IEHC/2014/H310.html

[8] Ruadhán Mac Cormaic. High Court refers Facebook privacy case to Europe. Published on irishtimes.com, June 19, 2014. Online: http://www.irishtimes.com/business/technology/high-court-refers-facebook-privacy-case-to-europe-1.1836657

[9] Barton Gellman. Edward Snowden, after months of NSA revelations, says his mission’s accomplished. Published on washingtonpost.com, December 23, 2013. Online: >http://www.washingtonpost.com/world/national-security/edward-snowden-after-months-of-nsa-revelations-says-his-missions-accomplished/2013/12/23/49fc36de-6c1c-11e3-a523-fe73f0ff6b8d_story.html

[10] Supra note 4.

[11] Schachter v. Canada, [1992] 2 S.C.R. 679 at 715-16, 1992 CanLII 74 (SCC) per Lamer, CJ. Online: http://scc-csc.lexum.com/scc-csc/scc-csc/en/item/903/index.do

A court may strike down legislation or a legislative provision but suspend the effect of that declaration until Parliament or the provincial legislature has had an opportunity to fill the void. This approach is clearly appropriate where the striking down of a provision poses a potential danger to the public (…) or otherwise threatens the rule of law (…). It may also be appropriate in cases of underinclusiveness as opposed to overbreadth. For example, in this case some of the interveners argued that in cases where a denial of equal benefit of the law is alleged, the legislation in question is not usually problematic in and of itself. It is its underinclusiveness that is problematic so striking down the law immediately would deprive deserving persons of benefits without providing them to the applicant. At the same time, if there is no obligation on the government to provide the benefits in the first place, it may be inappropriate to go ahead and extend them. The logical remedy is to strike down but suspend the declaration of invalidity to allow the government to determine whether to cancel or extend the benefits. (Citations omitted).

[12] As I wrote in an earlier blog post, Canadians are very much aware of the challenges of international data governance and transnational privacy protection. See e.g. Ekundayo George. In who’se pocket is your data packet? – International Data Governance. Published on ogalaws.wordpress.com, February 6, 2013. Online:

https://ogalaws.wordpress.com/2013/02/06/in-whose-pocket-is-your-data-packet-international-data-governance/

[13] Article 29 Working Party (Art. 29 WP). Statement on the implementation of the judgement of the Court of Justice of the European Union of 6 October 2015 in the Maximilian Schrems v Data Protection Commissioner case (C-362-14). Brussels, October 16, 2015. Online: http://ec.europa.eu/justice/data-protection/article-29/press-material/press-release/art29_press_material/2015/20151016_wp29_statement_on_schrems_judgement.pdf

[14] European Commission – Fact Sheet. Q&A: Guidance on transatlantic data transfers following the Schrems ruling.

MEMO/15/6014. Brussels, November 6, 2015. Online: http://europa.eu/rapid/press-release_MEMO-15-6014_en.htm

[15] Supra, note 13.

[16] Id.

[17] See e.g. supra, note 14.

[18] Technology executives and politicians alike have even warned that if these concerns over, and an increasingly vocal resistance to, targeted and/or bulk collection of personal data through government surveillance continue to “trend”, we may very soon see a real splintering of the internet into several disparate and walled-off variants. See e.g. Stephen Lawson, IDG News Service. Jitters over US surveillance could break the Internet, tech leaders warn. Published on itworld.com, October 8, 2014. Online: http://www.itworld.com/article/2825590/security/jitters-over-us-surveillance-could-break-the-internet–tech-leaders-warn.html

[19] First introduced in the United States House of Representatives (the “House”) on March 18, 2015 by Representative F. James Sensenbrenner, a Wisconsin Republican, the HR.1428 Bill is officially known as The Judicial Redress Act of 2015, and has a stated purpose “[t]o extend Privacy Act remedies to citizens of certified states, and for other purposes”. Online: https://www.congress.gov/bill/114th-congress/house-bill/1428/all-info

[20] First introduced in the United States Senate (the “Senate”) on June 17, 2015 by Senator Christopher S. Murphy, a Connecticut Democrat, the S.1600 Bill has now been referred (as H.R.1428) to the Senate Judiciary Committee, but it is yet to be considered and voted upon by the full Senate. Online: https://www.congress.gov/bill/114th-congress/senate-bill/1600/all-info

[21] *Reserved (pending further news).

Looking back to 2013, I had predicted the 5 top technology trends (specifically for consumers) in that year, to be:

(i) Accelerated lived experience;

(ii) Bring Your Own Device (BYOD);

(iii) Crowdsourcing;

(iv) Distance education; and

(v) End-User legal authority/license autonomy/leveraged ability (EULA3). [1]

These pretty much held true, and even lasted both into and through 2014. The pace of instantaneous news, social tweets and alerts, and all manner of reality TV from financing pitches, through entire shows that are literally “celebrity selfie-cams”, to instantaneous gratification through crowd sourcing of funding, business and consumer information, and general gossip, have created this ever accelerating lived experience. Ever greater sales of handheld devices have forced employers to draft BYOD policies for employees too attached to their own devices to let them go, and all manner of distance education is now available for a fee, or for free in the ever-expanding offerings of Massive Open Online Course (MOOC).[2] As well, immersive gaming, as it develops with optional story lines, the move to taking software bits as building blocks for people to create their own widgets and full applications, and the myriad of customizable self-help, professional, and practical document templates available online, taken together, will only further speed EULA3.[3]

Fully justified then (and thankfully so) in my predictions, let us now move on to 2015-16, then. Here, in the midst of technology and its relentless forward motion, all I see – is “Paper”! This stands for:

Personalization;

A3 (aggregation, analytics, and advising);

Protection;

eMoney; and

Remoting. We will consider them in turn, and in that order.

Personalization:

Whether it is widgets, backgrounds, wallpapers, icons, ringtones, and home screen layouts of the ipod, android, iphone, desktop, laptop, or tablet,[4] personalization and customization are all the rage for maximizing the user-centric experience.

“The constantly connected consumers of today are extremely savvy, using all available channels and devices to research, review, compare prices and ultimately purchase products. Basic personalization (such as name and account personalization and dynamic interest or product content) no longer serves consumers’ demand for deeper levels of real-time personalized information. Increasingly, these savvy consumers are taking their business to companies that provide more than basic personalization and automated lifecycle campaigns. Customers now prefer brands that deliver individualized experiences that match their needs in the present moment”.[5]

Even giants of the online world, such as Yahoo,[6] have now realized that the way to truly reach and engage your customer, it to intimately know your customer for and through, “Real-time Marketing[7] and personalization practices. Personalization is based on gathering and analyzing observation data, to analyze and make predictions based upon what you know. This is why A3, which underlies real-time marketing, will also be a top trend for 2015-16, in my prediction.

A3 (Aggregation, Analytics, and Advising):

The SAS Institute, Inc., put out a 2013 white paper on demand sensing and shaping through big data analytics,[8] which perfectly sums-up the first stage of the real-time marketing process. In the second stage, I would add demand supporting and serving, which sustains that demand in existence by providing those cues to trigger it (familiarity, emotional advertising triggers, positive associations in product placement, and so forth), and thence return customers to your established, satisfaction-source.

Big Data (and its means of collection)[9] do have other applications beyond the pure consumer, however. These include generic disaster management applications,[10] and estimating or better “guess”-timating the true incremental and future impacts of climate change on humans and the environment.[11]

Protection:

With all of this data and its very many faces,[12] along with the potential to gather and analyze it, and the undisputed value of the end result in the predictive analytics space, there is a growing need at all levels, for more robust protective mechanisms – wherever it falls on the spectrum of privacy practices,[13] data governance and document preservation, or cybersecurity. IT in general, is looking forward to a banner year in 2015.[14] The IT security sub-sector, for its part, is not too far off, either, with a spate of increasingly spectacular, recent[15] and historical[16] hacks and cyberattacks drawing the attention of the risk management industry,[17] regulators,[18] private businesses,[19] and concerned citizens in an ongoing and multi-sided tussle,[20] both amongst themselves and with criminal elements. A very large data breach was just disclosed at Anthem Inc. (a health insurer with operations across 14 states), in which up to 80 million records of Personally Identifiable Information (PII) – but apparently no Personal Health Information (PHI), according to initial evaluations – are suspected to have been compromised.[21]

eMoney:

Despite the dangers and concerns, however, the pace of progress continues to pick-up, with electronic payments of the Paypal variety moving to Square and eMoney, in the largely unregulated (and hacked)[22] Bitcoin, and the more mainstream proposed and competing offerings of CurrentC from the Merchant Customer Exchange (MCX) – which was also hacked,[23] and Google Wallet, Softcard, and Apple Pay.

Remoting:

With ever-more personalized experiences being available through more and more interconnected devices, we are moving towards an Internet of Things (IoT) that raises even more cybersecurity concerns that now include remote access and remote control/takeover,[24] whether or not authorized or even traceable back to source.[25] This has led one commentator to describe this future state as the “Internet of Bad Things”.[26] Going further to consider the impetus for a change in our security mindset, consider the words of Dr. Arati Prabhakar, the director of the United States Defence Advanced Research Projects Agency (DARPA), when she said:

“The largest explosion of millisecond machine actions will take place when billions of IoT devices are deployed. Until we find a way to authenticate, view, audit, analyze and block IoT devices often connected to cloud computing, we frankly shouldn’t be putting IoT out there. As the security industry saying goes, “money trumps security,” and as increasingly more of these IoT product (sic) are released, cybersecurity will just be playing catch-up. With potentially billions of these devices being deployed all over the world, this could lead to a cyber attack free-for-all of catastrophic proportions.”[27]

However, remoting is not all doom and gloom. Witness the growing use of crowdfunding to raise money for important events, popular initiatives, or proposed or emerging or growing business ventures; and even the burgeoning business of “pay to watch” that has now gone from the original voyeur cams, through specialized YouTube channels where you can pay to watch people play video games,[28] or modern day South Korea, where people will pay to remotely watch someone – a “broadcast jockey” – do something as mundane as eating.[29] Drones, scene capture devices, and wearable devices in ever-lighter cameras (from glass and its successors, through GoPro, police cam, dash cam, spy cam, home surveillance, commercial and industrial surveillance, government surveillance, and mobile devices in any and all form factors now known or yet to come, and from the clunky to the micro- or nano-scale), will combine[30] to bring more, and ever uniquer, shareable, monetizable remoting experiences to come![31]

CONCLUSION

These then, are my PAPER predictions for technology in 2015-16 – Personalization, A3 (aggregation, analytics, and advising), Protections, eMoney, and Remoting. I think they will come to fruition, just as predicted, but we have to wait and see. Enjoy the view!

*****************************************************************

Author:

Ekundayo George is a lawyer and sociologist. He has also taken courses in organizational and micro-organizational behavior, and gained significant experiences in business law and counseling, diverse litigation, and regulatory compliance practice. He is licensed to practice law in Ontario and Alberta, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America. See, for example: http://www.ogalaws.com. A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other services, and Environmental Law and Policy. He is a published author on the National Security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and he enjoys complex systems analysis in legal, technological, and societal milieux.

Trained in Legal Project Management (and having organized and managed several complex projects before practicing law), Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant – sourcing, managing, and delivering on complex engagements with multiple stakeholders and multidisciplinary teams. Team consulting competencies include program investigation, sub-contracted procurement of personnel and materials, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, and other targeted engagements through tapping a highly-credentialed resource pool of contract professionals with several hundred years of combined expertise, in: Healthcare; Education & Training; Law & Regulation; Policy & Plans; Statistics, Economics, & Evaluations including feasibility studies; Infrastructure; and Information Technology/Information Systems (IT/IS) – also sometimes termed Information Communications Technologies (ICT). See, for example: http://www.simprime-ca.com.

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering of any professional service, or attorney advertising where restricted or barred. The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein. Past results are no guarantee of future success, and specific legal advice should be sought for particular matters through counsel of your choosing, based on such factors as you deem appropriate.

[1] Ekundayo George. Ctrl-Shift-Del: 2013’s Top 5 Technology Trends for Consumers. Posted March 16, 2013, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2013/03/16/ctrl-shift-del-2013s-top-5-technology-trends-for-consumers/<

[2] Wikipedia.org. Massive Open Online Course (MOOC), a definition. Online: >http://en.wikipedia.org/wiki/Massive_open_online_course<

[3] Supra note 1.

[4] See e.g. selected Android personalization offerings, on display for download at the google store. Online:

>https://play.google.com/store/apps/category/PERSONALIZATION<

[5] Katrina Conn. Moving Beyond Basic Personalization to Real-Time Marketing. Posted January 7, 2014, on Clickz.com. Online: >http://www.clickz.com/clickz/column/2321243/moving-beyond-basic-personalization-to-real-time-marketing<

[6] Yahoo. The Balancing Act: Getting Personalization Right. Posted on yahoo.com. Online: >https://advertising.yahoo.com/Insights/BALANCING-ACT.html<

[7] Supra note 5. “Real-time marketing is the ongoing cycle of engagement, data management, analytical insights and optimization – performed continuously and immediately. In other words, it’s the streamlined management of data, transformed into actionable insight that is used to enhance your customer’s experience.”

[8] The SAS Institute. White Paper: Unlocking the Promise of Demand Sensing and Shaping Through Big Data Analytics – How to Apply High-Performance Analytics in Your Supply Chain. Published on idgenterprise.com, and visited February 2, 2015. Online: >http://resources.idgenterprise.com/original/AST-0112051_UnlockingPromise.pdf<

[9] Dennis Keohane. Aaron Levie, Box see drones and Internet of Things as data sources of the future. Posted September 23, 2014, on betaboston.com. Online: >http://betaboston.com/news/2014/09/23/aaron-levie-box-data-drones-internet-of-things/<

[10] See e.g. Robert A. Runge and Isabel Runge. Data-Driven Disaster Management. Posted October 29, 2014, on nextgov.com. Online: >http://www.nextgov.com/technology-news/tech-insider/2014/10/data-driven-disaster-management/97700/?oref=voicesmodule<

[11] See e.g. Chelsea Harvey. UN REPORT: Our Climate Change Future Is Terrifying And Emissions Need To Stop Completely As Soon As Possible. Posted November 4, 2014, on businessinsider.com. Online: >

http://www.businessinsider.com/un-climate-report-stop-all-greenhouse-emissions-2014-11

< ; See also Carl Zimmer. Ocean Life Faces Mass Extinction, Broad Study Says. Posted January 15, 2015, on nytimes.com. Online: >http://www.nytimes.com/2015/01/16/science/earth/study-raises-alarm-for-health-of-ocean-life.html?_r=0<

[12] Ekundayo George. The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 1 – Form Factors). Posted November 1, 2013, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2013/11/01/the-100-faces-of-data-a-5-part-complex-systems-study-part-1/<

[13] Amber Hunt, The Cincinnati Enquirer. Experts: Wearable tech tests our privacy limits. Posted February 5, 2015, on usatoday.com. Online: >http://www.usatoday.com/story/tech/2015/02/05/tech-wearables-privacy/22955707/< In one of my earlier blogs (if updated), the “User-Generated Legality Issues” (UGLIs) created by these treasure troves of “quantified self” data available through wearable devices, would be “self-outing 104”.

See e.g. Ekundayo George. The Video Privacy Protection Act (VPPA) Amendment of 2012 – Self-Outing 103? Posted January 11, 2013, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2013/01/11/the-video-privacy-protection-act-vppa-amendment-of-2013-self-outing-103/<

[14] Steve Ranger. Bigger budgets, better tech: Why 2015 is a good year to be working in IT. Posted February 4, 2015, on techrepublic.com. Online: >http://www.techrepublic.com/blog/european-technology/bigger-budgets-better-tech-why-2015-is-a-good-year-to-be-working-in-it/?tag=nl.e101&s_cid=e101&ttag=e101&ftag=TRE684d531<

[15] Pedro Hernandez. Xbox Live, PSN Back Online After Holiday DDoS Attacks. Posted December 29, 2014, on eweek.com. Online: >http://www.eweek.com/security/xbox-live-psn-back-online-after-holiday-ddos-attacks.html< See also the comprehensive hacking and public shaming of Sony, through compromised emails.

[16] I referenced several of the more historical, spectacular hacks in this earlier blog post. Ekundayo George. Cybersecurity: Its not just about “B” for Bob, but also eCommerce, Structure, and Trust. Posted November 3, 2014, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2014/11/03/cybersecurity-its-not-just-about-b-for-bob-but-also-ecommerce-structure-and-trust/<

[17] Pinsent Masons (out-law.com), citing the Institute of Chartered Accountants in England and Wales (ICAEW).

Cyber risks evolving faster than business capabilities, says accountancy body. Posted October 30, 2014, on out-law.com. Online: >http://www.out-law.com/en/articles/2014/october/cyber-risks-evolving-faster-than-business-capabilities-says-accountancy-body/<

[18] Aliya Sternstein. Report: Agencies Aren’t Properly Vetting All Cyber Contractors. Published September 9, 2014, on nextgov.com. Online: >http://www.nextgov.com/cybersecurity/2014/09/agencies-contractor-employees-cyber-workforce/93620/<

[19] Aliya Sternstein. 97 Percent of Key Industries Doubt Security Compliance Can Defy Hackers. Posted July 10, 2014, on nextgov.com. Online: >http://www.nextgov.com/cybersecurity/2014/07/97-percent-key-industries-doubt-security-compliance-can-defy-hackers/88324/?oref=ng-relatedstories<

[20] See e.g. In the Matter of a Warrant to Search a Certain email Account Controlled and Maintained by Microsoft Corporation. Memorandum and Order of James C. Francis IV, United States Magistrate Judge, released April 25, 2014. 13 Mag. 3814, United States District Court for the Southern District of New York (SDNY). Online: >https://s3.amazonaws.com/s3.documentcloud.org/documents/1149373/in-re-matter-of-warrant.pdf<

Just reading through this decision, which from the first paragraph defines the complexity of this issue, shows the many interests, laws and policies, and considerations at stake in that constant tussle between individual rights and privacy, business interests (including the personalization push), and the mandates of law enforcement and national security – whether nationally and across borders, or when multiple nations do or claim to have a primary stake.

The further steps since taken in that ongoing effort by the United States government to access emails stored on servers that are physically located in Ireland, only further underline the complexities and interests at stake. See also Mark Scott. Ireland Lends Support to Microsoft in Email Privacy Case. Posted December 25, 2014, on bits.blogs.nytimes.com. Online:>http://bits.blogs.nytimes.com/2014/12/24/ireland-lends-support-to-microsoft-in-email-privacy-case/?_r=0&module=ArrowsNav&contentCollection=Technology&action=keypress&region=FixedLeft&pgtype=Blogs<

[21] Elizabeth Weise, USA Today. Massive breach at health care company Anthem Inc. Posted February 5, 2015, on usatoday.com. Online: >http://www.usatoday.com/story/tech/2015/02/04/health-care-anthem-hacked/22900925/<

[22] Zack Whittaker for Zero Day. Bitstamp exchange hacked, $5M worth of bitcoin stolen. Posted January 5, 2015, on zdnet.com. Online: >http://www.zdnet.com/article/bitstamp-bitcoin-exchange-suspended-amid-hack-concerns-heres-what-we-know/<

[23] Ryan Mac, Forbes Staff. Apple Pay Rival and Walmart-backed MCX Hacked, User Emails Snatched. Posted October 29, 2014, on forbes.com. Online: >http://www.forbes.com/sites/ryanmac/2014/10/29/apple-pay-rival-and-walmart-backed-mcx-hacked-user-emails-compromised/<

[24] Katie Fehrenbacher. The real breakthrough of Google Glass: controlling the internet of things. Posted March 23, 2013, on gigacom.com. Online: >https://gigaom.com/2013/03/23/the-real-breakthrough-of-google-glass-controlling-the-internet-of-things/<

[25] Larry Karisny. Getting Cybersecurity to Actually Work: More Connections, More Problems. Posted September 15, 2014, on digitalcommunities.com. >http://www.digitalcommunities.com/articles/Getting-Cybersecurity-to-Actually-Work.html<

“Before we discuss solutions to these cybersecurity problems, let’s take a look at what the future looks like in our continually interconnected world. From social media to smart phones apps to the IoT promise of smart everything, we are reaching a point of truly not knowing what is connect to what — and hackers know this. Take the Target breach — the attacker used backdoor access to the company’s energy management systems to then access a server containing confidential customer information. We are increasing (sic) digitizing our people and machine processes, and are beginning to lose control of what we are doing.”  

[26] Zach Ferres. The Internet of (Bad) Things. Posted November 5, 2014, on linkedin.com. Online: >https://www.linkedin.com/pulse/article/20141105140616-28760747-the-internet-of-bad-things<

[27] Larry Karisny. DARPA Director Calls for Cybersecurity Change. Posted November 7, 2014, on digitalcommunities.com. Online: >http://www.digitalcommunities.com/articles/DARPA-Director-Calls-for-Cybersecurity-Change.html<

[28] By Josh Warwick, video by Phil Allen. Meet the 21-year-old YouTuber who made millions playing video games. Posted October 16, 2014, on telegraph.co.uk. Online: >http://www.telegraph.co.uk/men/the-filter/11139724/Meet-the-21-year-old-YouTuber-who-made-millions-playing-video-games.html<

[29] Stephen Evans. The Koreans who televise themselves eating dinner. Posted February 4, 2015, on BBC.com. Online: >http://www.bbc.com/news/magazine-31130947<

[30] Luisa Rollenhagen. Guy Hacks Google Glass to Steer Drone. Posted August 23, 2013 on mashable.com. Online:

>http://mashable.com/2013/08/24/drone-pilots-google-glass/<

[31] See e.g. Erin Carson. 2015: 4 IT job skills for the new year. Posted January 8, 2015, on techrepublic.com. Online: >http://www.techrepublic.com/article/2015-4-it-job-skills-for-the-new-year/<

Canvassing conventional and learned wisdom, I would humbly say that at least one of my predictions (protections) is echoed and supported in the focus here on “security skills” in this piece by HR and IT professionals. Three of my other predictions (Remoting, A3, and Personalization) are at least strongly implicated, in the call for “versatility” and skills in “project management”. “Desktop support” is the fourth 2015 IT job skill set listed by Techrepublic.

Aereo has had quite an exciting ride since its advent on the business scene and unbridled challenge to incumbents in the media and broadcast space,[1] to its defense of several and serial legal and regulatory challenges that went as far as the United States Supreme Court,[2] its maneuvering to find some safe harbor that would permit continued operations,[3] and its eventual succumbing in filing for bankruptcy,[4] after losing the fight against a temporary injunction[5] that sounded the death knell of its business model.

 

Of course, if you subscribe to the “circle of life, death, and rebirth”, then an end may also be a beginning, as shown by regulatory hints or suggestions[6] that the copyright and broadcast rules may be changed or even go so far as to favour entities such as Aereo in the future.[7] However, we will only know and believe it when we can see, sell, order, download, and display it (and out of), prime time.

 

Whether the company was a little guy (with big funding), that was just too far ahead of its time,[8] or an upstart that flaunted the law and appropriately got slammed for it,[9] varies by audience. On that much, we can all continue to disagree. However, until such time as another Aereo rises, or the rules change to invite same, Aereo is a part of business and media history,[10] and rather unlikely to make a comeback.

 

In all corners of the media and infotainment space – both new and old, lessons have been taught, and hopefully learned.

_____________________________________________________

Author:

Ekundayo George is a lawyer and a sociologist.  He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling, diverse litigation, and regulatory compliance practice.  He is licensed to practice law in Ontario and Alberta, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America.  See, for example: http://www.ogalaws.com.  A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications through work in the Satellite Policy Branch, International Bureau, at the Federal Communications Commission, eCommerce, Outsourcing, and Cloud contracts); Financial Services, Healthcare, Entertainment, Real Estate and Zoning; International/cross-border trade and other service industry sub-sectors; and Environmental Law & Policy.  A published author on the National Security aspects of Environmental Law, he has also represented clients in courts and before regulatory bodies in both the United States and Canada, and he enjoys complex systems analysis in legal, technological, and societal milieux.

 

As a Lead Consultant and founder of a consulting subsidiary, Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant – sourcing, managing, and delivering on small, medium and large strategic projects with multiple stakeholders and multidisciplinary teams.  Our selected consulting competencies include program investigation, sub-contracted procurement of personnel and materiel, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, and other targeted engagements through a highly-credentialed resource pool with several hundred years of combined expertise, in: Healthcare; Education and Training; Law and Regulation; Policy and Plans; Statistics, Economics, and Evaluations including feasibility studies; Infrastructure; and Information Technology/Information Systems (IT/IS) – also sometimes termed Information Communications Technologies (ICT) in other parts of the world.  See, for example: http://www.simprime-ca.com.

 

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

 

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred.  The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.  Past results are no guarantee of future success, and specific legal advice should be sought for particular matters through counsel of your choosing, based on such factors as you deem appropriate.

 

********************************************************************

[1] See Ekundayo George. WNET, THIRTEEN v. Aereo, Inc.: Antennas Jousting in and at Clouds, in the Eye of a Global Storm. Posted April 28, 2014, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2014/04/28/wnet-thirteen-v-aereo-inc-antennas-jousting-in-and-at-clouds-in-the-eye-of-a-global-storm/<

[2] See Ekundayo George. WNET THIRTEEN v. Aereo, Inc. – the United States Supreme Court (U.S.S.C.) Verdict. Posted June 26, 2014, on ogalaws.wordpress.com. Online: > https://ogalaws.wordpress.com/2014/06/26/wnet-thirteen-v-aereo-inc-the-united-states-supreme-court-u-s-s-c-verdict/<

[3] Aereo sought relief and an operating reprieve by way of the statutory licensing of cable transmissions through the below section of the Copyright Act; with itself to be deemed as a cable broadcaster in light of analysis within the United States Supreme Court’s ruling. However, the Copyright Office declined to grant it that status in a letter to Aereo of July 16, 2014, as the Aereo transmissions were not sufficiently “localized”. The Copyright Office did, however, accept the filing provisionally, pending further legislative or regulatory developments.

 

17 U.S. Code §111 – Limitations on exclusive rights: Secondary transmissions of broadcast programming by cable. See Jacqueline C. Charlesworth, General Counsel and Associate Register of Copyrights, United States Copyright Office. Letter to Aereo. Re Section 111 Statement of Account Filings, dated July 16, 2014. Posted on nab.org and visited November 25, 2014. Online: >http://www.nab.org/documents/newsRoom/pdfs/071614_Aereo_Copyright_Office_letter.pdf< See also Cornell Legal Information Institute (LII), 17 U.S.C. §111. Online: >http://www.law.cornell.edu/uscode/text/17/111<

 

Aereo also sought relief from the FCC, in having itself deemed a multichannel video program distributor (MVPD) over the internet. Noting a lack of clear legal rules that could assist new entrants in their challenge to incumbents, and their efforts at market expansion in favour of the consumer, Counsel for Aereo wrote in the letter, that:

 

“The Commission could provide such assurance to new market entrants like Aereo by defining or construing “MVPDs” to include systems that transmit linear channels of video programming to consumers via the internet—thereby securing to all MVPDs, in a technology-neutral way, the right to engage in timely, good faith negotiations to license channels by retransmission consent.”

 

After meeting with the FCC Commissioners and senior staffers to present its case and plea for an expedited notice of proposed rulemaking (NPRM) procedure, however, and before the Commission could issue a ruling on the matter, the New York Federal District Court made its adverse preliminary injunction ruling against Aereo.

 

“Finally, Aereo emphasized that timely Commission action is crucial to its ability to bring such a service to market. Issuing the proposed NPRM within the next several weeks, and adopting the proposed rule within several months thereafter, would support Aereo’s re-launch as a viable and sustainable new entrant in competition with incumbent MVPDs.”

 

See Seth Greenstein, Esq., of Constantine Cannon LLP, Counsel to Aereo. Letter to the Federal Communications Commission (FCC), Re: Ex Parte Presentation Notice, Interpretation of the Terms “Multichannel Video

Programming Distributor” and “Channel,” MB Docket No. 12-83, dated October 10, 2014. Published on apps.fcc.gov. Online: >http://apps.fcc.gov/ecfs/document/view?id=60000972464<

[4] On November 20, 2014, Aereo filed for protection from its creditors under Chapter 11 (reorganization) of the United States Bankruptcy Code, in the United States Bankruptcy Court for the Southern District of New York. The case number is 1:14-bk-13200. See Pacer for a fuller chronology of the petition. Online: >https://www.pacermonitor.com/public/case/5258727/Aereo,_Inc<

[5] See American Broadcast Companies, Inc., v. Aereo, Inc., 12-cv-1540, and WNET et al. v. Aereo, Inc., 12-cv-1543, October 23, 2014 temporary injunction Opinion and Order of The Honourable Alison J. Nathan, United States District Judge, in the United States District Court for the Southern District of New York. Posted on nab.org, visited November 25, 2014. Online: >http://www.nab.org/documents/newsRoom/pdfs/102314_Aereo_injunction.pdf<

 

“In light of the Supreme Court’s decision, Plaintiffs are now able to demonstrate a likelihood of success on the merits. The balance of hardships also now tips in their favor and, as previously held, an injunction would not disserve the public interest, Aereo I, 874 F. Supp. 2d at 403-404.”

Opinion and Order at page 16: III Conclusion.

 

The court in its ruling, soundly rejected both the Aereo’s arguments under 17 U.S.C. §111 (community antenna television system/cable broadcaster), and 17 U.S.C. §512(a) (innocent conduit). See also 17 U.S. Code §512 – Limitations on liability relating to material online. Published on Cornell Legal Information Institute (LII). Online: >http://www.law.cornell.edu/uscode/text/17/512<

[6] See T.C. Scottek. FCC considers backdoor rule change that could jumpstart the era of internet television. Posted May 23, 2012, on theverge.com. Online: >http://www.theverge.com/2012/5/23/3038777/fcc-rule-change-internet-tv-cable-mvpd< In 2012, conventional wisdom placed the FCC on the verge of re-interpreting the word “channel” under the Communications Act of 1934 (as amended by the Telecommunications Act of 1996), to be used both ““in a “container” sense, to refer to a range of frequencies used to transmit programming, and in a “content” sense to refer to the programming itself,”” which would have put internet television providers (online video distributors, or “OVDs”) such as Hulu and Netflix into the same category as mainstream cable and satellite companies – such as Comcast and TimeWarner, and forced the incumbent major networks to provide them with content as multichannel video programming distributors (MVPDs). However, the initiative did not hold its ground.

[7] Chairman Tom Wheeler, the United States Federal Communications Commission (FCC). Tech Transitions, Video, and the Future (Official FCC Blog). Posted October 28, 2014, on fcc.gov/blog. Online: >http://www.fcc.gov/blog/tech-transitions-video-and-future<

 

“The mantra “Competition, Competition, Competition” fits perfectly with consumers’ desires for video choices. That’s why I’m asking my fellow Commissioners to update video competition rules so our rules won’t act as a barrier to this kind of innovation. Specifically, I am asking the Commission to start a rulemaking proceeding in which we would modernize our interpretation of the term “multichannel video programming distributor” (MVPD) so that it is technology-neutral. The result of this technical adjustment will be to give MVPDs that use the Internet (or any other method of transmission) the same access to programming owned by cable operators and the same ability to negotiate to carry broadcast TV stations that Congress gave to satellite systems in order to ensure competitive video markets.”

 

“A key component of rules that spur competition is assuring the FCC’s rules are technology-neutral. That’s why the definition of an MVPD should turn on the services that a provider offers, not on how those services reach viewers. Twenty-first century consumers shouldn’t be shackled to rules that only recognize 20th century technology.” (Emphasis added).

 

[8] TMP Staff. Aereo bankruptcy: A visionary tech startup killed off by big media and courts? Posted November 22, 2014, on techmediapolitics.com. Online: >http://www.techmediapolitics.com/aereo-bankruptcy-a-visionary-tech-startup-killed-off-by-big-media-and-courts/<

[9] Joan E. Solsman. Aereo’s bankruptcy filing marks a fade to black: After months of “not dead yet” declarations, the streaming-TV startup files for Chapter 11 reorganization, the clearest sign that a Supreme Court ruling set it on a road to nowhere. Published November 21, 2014, on cnet.com. Online: >http://www.cnet.com/news/aereo-files-for-bankruptcy-protection/<

[10] See e.g. Aereo. The Next Chapter. Posted November 21, 2014, on blog.aereo.com. Online: >http://blog.aereo.com/2014/11/next-chapter/<

PREFACE:

Just the other day, when I was looking over a post on the 5 largest cyberbreaches of 2014 (to date),[1] my mind went back to the Case of Bob,[2] a malfeasing cyber breach insider, on whom I blogged in an earlier post.  The top 5 list sequenced a total of 309 million records.[3]  That is, I believe, enough to cover stealing one record each, from every Citizen of Canada (34 million), Italy (61 million), France (63 million), the United Kingdom (64 million), and Germany (82 million); at a total of 304 million records, according to their respective population counts in 2013.[4]  Looking only domestically, in the United States, this 309 million could account for the loss of a single record (e.g. social security number) for all but 6 million U.S. Citizens in a 315 million population count at 2013.[5]  That’s a whole lot of broken (out/into) records![6]

Clearly, this is a big and growing problem.  And so, I decided to look a little more closely at that list, focus-in on the non-American example of South Korea,[7] and lay-down a better understanding of why the cyber realm remains so hard to secure – not just from last year’s big breaches at Target,[8] Adobe,[9] and LivingSocial,[10] but persistently and consistently for even those most tech-savvy of U.S. businesses and veterans of the eCommerce and eBanking verticals, including Google/Gmail,[11] Home Depot,[12] JPMorgan Chase & Co,[13] and eBay;[14] along with assorted state and federal government entities.[15]

I will look at the problem from four angles: “B” for Bob, “E” for eCommerce, “S” for Structure, and “T” for Trust; addressing the challenges and opportunities in which, obviously requires certain “b-e-s-t” practices.  This is a simplification of an extremely complex issue, but a useful approach, nevertheless.

 

THE B-ANGLE:

Bob[16] was not the first, nor will he be the last insider to “go rogue”.  The debate continues on whether insiders or outsiders are the greater threat.

“The fact that the individual was reportedly able to access and then sell on vast quantities of customer information is very worrying. It should not be the case that an employee – and in this case a temporary consultant – is able to access and then download sensitive data without this suspicious activity being flagged up,” (…)[17]

“It would seem that this case is a classic example of the ‘insider threat’ – that is, the malicious abuse of privileged access. A breach of customer data can spell disaster for a business, due to the loss of customer confidence, revenue and the possibility of severe financial penalties if they are found to have been negligent in the protection of this information.”[18]

However, it is the safest and the highest of best practices, to do one’s utmost best to protect against both, and each through the other, in a figure of eight lattice-work.

Suggested solutions include: proper and more comprehensive onboarding and offboarding; segregation of duties; rigorous credentialing and authorization procedures; real-time access and event logging; training and discipline with enforced usage rules (BYOD, social media, portable media, telecommuting); behavioural guidance including full disclosure of privacy limitations and waivers as applicable (travel and mobile security, regulatory compliance, data governance, eDiscovery, and cybersecurity); and so forth – including ONGOING due diligence on ALL employees, vendors, contractors, and counterparties on these parameters.[19] Just as banks were looking to their law firms to harden cyber defences,[20] regulators and especially financial sector regulators, have also been increasingly focused on the issue of cybersecurity.

The question we need to all ask as regulators is should we be considering the cyber threat as something as fundamental to institutions as capital levels. I’m not saying yet that they’re equal but we should probably start discussing them in the same breath[.][21] The legal community has long weighed-in on this issue for and regarding others, but has only recently and so publicly, been forced to look at its own house, with some resulting and readily available, practical guidance on the starting point for a law firm cyber audit that is easily applicable to other industries.[22]

 

THE E-ANGLE:

eCommerce is a 5-edged sword (hard to see in reality – especially as anything easy to wield or even effective, but logically easy to conceptualize). There are the two (alleged) counterparties; there are each of the (apparent) originating and destination locations; and then there are the (acceptable, accredited, and accepted) payment parameters. These are the five.

Counterparties are “alleged” because one or more may be fictitious or on a borrowed or pilfered identity.  Originating and destination locations may be fronts, dead drops, or non-existent.  And the acceptable payment methods may have one party presenting something with false accreditation that is accepted as valid until it is too late to halt the deal;[23] something with proper accreditation that is intercepted before being properly accepted by the intended recipient;[24] or something with proper accreditation that is accepted by a fictitious or otherwise fraudulent counterparty.[25]

Albeit fraught with dangers, eCommerce has become indispensable in an interconnected, and beyond line of sight business world.  The best we can do is manage it, harden it in advance, and adapt as and when a new vulnerability is shown in this constant battle for sword edges between victims, and rogues.

 

THE S-ANGLE:

Now, we look back to South Korea, and ask whether there is any structural strength or weakness that makes the nation a recurring[26] and worthy[27] target for cybercrime; and the answer is a very loud yes.

With a wealthy and tech savvy population that has a GDP/PPP over US $33,000, South Korea in 2013, was Asia’s 4th largest economy, 12th largest in the world, and 10th largest, globally, in terms of trade in merchandise and services, alone.[28] In that same year, the economy grew by 2.8%, and had a projected 2014 growth forecast of 3.5-4%.[29]

Essentially, South Koreans are connected, mobile-friendly, and absolutely just love eCommerce.  Nearly 80% of the population is online, which makes it the most connected country in the world.[30]  Mobile penetration has also long been high,[31] with 75% of South Koreans using smartphones overall, and a 98% penetration rate for the 18-24 demographic.[32] On the subject of eCommerce, the consultant Borderfree, “found that an increasing number of South Koreans shop overseas retailers to find lower prices, leverage parcel forwarding to save on shipping costs and join online communities to resell imported items they don’t want.”[33]  Since at least 2008, it has been quite commonplace for South Koreans to send and receive gift certificates and discount coupons by mobile or smart phone, which can be redeemed just by showing the phone and having it scanned, making coupon clipping (and paper coupons), things of the past.[34]

“From smartphones with flexible, foldable screens to smart refrigerators where you can view the inside contents while shopping; or smart communities, where even your child’s wanderings can be tracked through a central operations centre, Korean companies are on the cutting edge of technology.  Each is vying to be the first to develop the Next Big Thing.”[35]

Hence it follows that if everything cyber-new is there, as in methods and applications in a target-rich environment, then every old and new form of cyber offence will also follow into this nation that is essentially structured and functions, as a massive testbed!

This factor is further underscored by the fact that: “South Koreans have on average five credit cards, compared to two in the U.S., and the country has the highest credit card penetration globally.  Consumers in South Korea also use credit more often.  There are 129.7 credit card transactions per year in South Korea, compared to 77.9 credit card transactions annually in the U.S.[36]  Newer technologies introduced will invariably have often unforeseen vulnerabilities that have yet to be patched, and credit card ownership and use have, to date, hardly proved to be entirely risk-free.

It is therefore no surprise that cyber-criminals will congregate at that confluence of high credit card use, high technology, extreme connectivity and mobility, and intense eCommerce that is South Korea.

 

THE T-ANGLE:

I have written, elsewhere, that data has very many “faces” – ranging through Form Factors, Applications, Categories, End-users, and Scale; and therefore presenting many attack surfaces vulnerable to myriad and multiplying attack vectors.[37]  Yes, we can (and must) generally trust the data of and provided by counterparties in an eCommerce-driven world, but why not also verify? Too few are taking the time to fully go through the steps, due to cost and time concerns.  When you receive an email, does the return email match the claimed sender, is the content their usual, are the links or required/suggested actions suspicious in any way?  When it is a business, does the contact information match what they list in a directory (remembering that the spoof site found through an internet search is still a spoof site)?  If this is a claimed professional, are they registered somewhere in a searchable official or regulatory database with the same contact data?  Finally, if it is a financial institution account communication, then do you do business with them?  If the answer is no, or your financial services provider does not send you such open login requests, then you should delete the message! These are very basic steps.

Forensic investigations, eDiscovery, disaster preparedness and recovery, and assessing the effect and impact of remediation measures are now greatly aided by better information governance;[38] as well as backups balanced with commonsense and due diligence in knowing what you are getting into with specific situations as a cloud vendor, a cloud user, or a basic data custodian.[39]

 

CONCLUSION:

Banks had all the money, but data custodians have all the data. Criminals therefore go after the motherlodes of data (financial services entities, telecommunications providers, medical legal and accounting professionals, governments, and other data-loaded intermediaries including high volume vendors – supermarkets, department stores, and hardware stores) where no shotguns or facemasks are needed, because they are unseen and can blend into that stream of blissfully unmonitored eCommerce.

Whether stupendously big, or comparatively small,[40] and even if we don’t hear about them publicly or immediately,[41] there will likely still be hacks for quite some time to come. However, all is far from lost, despite the mind-numbing possibility of staggering single and cumulative future data breaches in new markets,[42] and due to developing mobile and virtual payment and settlement solutions – regardless of the breach’s apparent or alleged nation of origin.

“However, I also think that all threats can be adequately considered when you focus on: (a) achieving buy-in to the need for security protocols and adherence thereto at all levels of the organization; (b) you budget accordingly for training, ERP, and the staff and tolls to deal with the threat universe; and (c) you assiduously enforce best practices, even when it makes (for some) the accessing of preferred apps. or sites inconvenient to impossible, or slows people down a little.  I call this cubing the B.”[43]

In the end, it all starts with leadership, because where there is no buy-in for doing what needs to be done from the higher-ups due to cost concerns, short sightedness, or bad advice, there will be little to no I.T. security budget, best practices will be whatever the heck everyone feels like doing at the time, and a breach will surely come.[44]

At the very least, then, in response to Bob & Co. and what they can do, you should sincerely cube that B!

_____________________________________________________

 

Author:

Ekundayo George is a lawyer and a sociologist. He has also taken courses in organizational and micro-organizational behavior, and has significant experienced in business law and counseling (incorporations, business plans, contracts and non-disclosure agreements, teaming and joint venture agreements), diverse litigation, and regulatory compliance practice. He is licensed to practice law in Ontario, Canada, as well as in New York, New Jersey, and Washington, D.C., in the United States of America (U.S. business advising, outsourcing and cross-border trade, technology contracts, and U.S. financing). See, for example: http://www.ogalaws.com. A writer, blogger, and avid reader, Mr. George has sector experience in Technology (Telecommunications, eCommerce, Outsourcing, Cloud), Financial Services, Healthcare, Entertainment, Real Estate and Zoning, International/cross-border trade, other services, and Environmental Law and Policy. He is a published author on the National Security aspects of Environmental Law, has represented clients in courts and before regulatory bodies in both Canada and the United States, and he enjoys complex systems analysis in legal, technological, and societal milieux.

 

Mr. George is also an experienced negotiator, facilitator, team leader, and strategic consultant- sourcing, managing, and delivering on large, strategic projects with multiple stakeholders and multidisciplinary teams. Our competencies include program investigation, sub-contracted procurement of personnel and materiel, and such diverse project deliverables as business process re-engineering, devising and delivering tailored training, and other targeted engagements through a highly-credentialed resource pool with several hundred years of combined expertise, in: Healthcare; Education & Training; Law & Regulation; Policy & Plans; Statistics, Economics, & Evaluations including feasibility studies; Infrastructure; and Information Technology/Information Systems (IT/IS) – sometimes also termed Information Communications Technologies, or ICT). See, for example: http://www.simprime-ca.com.

 

Hyperlinks to external sites are provided to readers of this blog as a courtesy and convenience, only, and no warranty is made or responsibility assumed by either or both of George Law Offices and Strategic IMPRIME Consulting & Advisory, Inc. (“S’imprime-ça”) including employees, agents, directors, officers, successors & assigns, in whole or in part for their content, accuracy, or availability.

 

This article creates no lawyer-client relationship, and is not intended or deemed legal advice, business advice, the rendering any professional service, or attorney advertising where restricted or barred. The author and affiliated entities specifically disclaim and reject any and all loss claimed, no matter howsoever resulting as alleged, due to any action or inaction done in reliance on the contents herein.

 

***********************************************************************

[1] Chris DiMarco. The top 5 largest cyberbreaches of 2014 (for now). Published October 9, 2014 on insidecounsel.com. Online: >http://www.insidecounsel.com/2014/10/09/the-top-5-largest-cyberbreaches-of-2014-for-now?page=1<

The writer gave these top 5, in ascending order, as: Gmail/Google (5 million), Korea Credit Bureau (20 million), Home Depot (56 million), JPMorgan & Chase Co. (83 million), and eBay (145 million). See also infra, notes 11-14, and 7.

[2] Ekundayo George. Cybersecurity: the Enemy is also (perhaps even more so), Within – the case of “Bob”. Published January 17, 2013 on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2013/01/17/cybersecurity-the-enemy-is-also-perhaps-even-more-so-within-the-case-of-bob/<

[3] Supra, note 1.

[4] See generally, Wikipedia.

[5] Id.

[6] This is especially true as a sixth big breach has been added since the list was first made, which now fully covers those 6 million “formerly” lucky U.S. Citizens. See e.g. Steve Kovach. Nearly 7 Million Dropbox Passwords Have Been Hacked. Published October 13, 2014, on businessinsider.com. Online: >http://www.businessinsider.com/dropbox-hacked-2014-10<

[7] Initially pegged at 20 million (which number I have retained), the Korea Credit Bureau breach was later re-calculated to have impacted 27 million South Koreans. See Steve Ragan. 27 million South Koreans affected by data breach. Published August 25, 2014, on csoonline.com. Online: >http://www.csoonline.com/article/2597617/data-protection/27-million-south-koreans-affected-by-data-breach.html<

[8] CBC News. Target data hack affected 70 million people. Published January 10, 2014, on cbc.ca. Online: >http://www.cbc.ca/news/business/target-data-hack-affected-70-million-people-1.2491431<

[9] Chris Welch. Over 150 million breached records from Adobe hack have surfaced online. Published November 7, 2013, on theverge.com. Online: >http://www.theverge.com/2013/11/7/5078560/over-150-million-breached-records-from-adobe-hack-surface-online<

[10] Rachel King for Zero Day. LivingSocial confirms hacking; More than 50 million accounts affected. Published April 26, 2013, on zdnet.com. Online: >http://www.zdnet.com/livingsocial-confirms-hacking-more-than-50-million-accounts-affected-7000014606/<

[11] See generally Google Corporate. Cleaning up after password dumps. Published September 10, 2014, on googleonlinesecurity.blogspot.ca. Online: >http://googleonlinesecurity.blogspot.ca/2014/09/cleaning-up-after-password-dumps.html<

[12] Ben Elgin, Michael Riley, and Dune Lawrence. Home Depot Hacked After Months of Security Warnings. Published September 18, 2014, on businessweek.com. Online: >http://www.businessweek.com/articles/2014-09-18/home-depot-hacked-wide-open<

[13] Jim Finkle and Karen Freifeld. States probe JPMorgan Chase as hack seen fueling fraud. Published Friday, October 3, 2014, on reuters.com. Online: >http://www.reuters.com/article/2014/10/03/us-jpmorgan-cybersecurity-idUSKCN0HS1ST20141003<

[14] Jennifer Abel. eBay hacked again? BBC reports hijacked seller accounts. Published September 23, 2014, on consumeraffairs.com. Online: >http://www.consumeraffairs.com/news/ebay-hacked-again-bbc-reports-hijacked-seller-accounts-092314.html<

[15] Administrative Office of the Washington Courts. Washington Courts Data Breach Information Center: Common Questions. Visited November 3, 2014 (regarding a data breach discovered in February/March, 2013). Online: >http://www.courts.wa.gov/newsinfo/?fa=newsinfo.displayContent&theFile=dataBreach/commonQuestions< ;

The Associated Press in Washington. Records of up to 25,000 Homeland Security staff hacked in cyber-attack.

Published Saturday August 23, 2014, on theguardian.com. Online: >http://www.theguardian.com/technology/2014/aug/23/homeland-security-25000-employees-hacked<

[16] Ekundayo George. Cybersecurity: the Enemy is also (perhaps even more so), Within – the case of “Bob”. Published January 17, 2013, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2013/01/17/cybersecurity-the-enemy-is-also-perhaps-even-more-so-within-the-case-of-bob/<

[17] Sophie Curtis. Credit card details of 20m South Koreans leaked. Published January 20, 2014, on telegraph.co.uk. Online: >http://www.telegraph.co.uk/technology/internet-security/10584348/Credit-card-details-of-20m-South-Koreans-leaked.html<, comments on the Korea Credit Bureau case by Matt Middleton-Leal, regional director for the UK and Ireland at security firm CyberArk.

[18] Id.

[19] Indeed, both of the monumental hacks – at Target and Korea Credit Bureau, were accomplished through third parties: Krebs on Security, Email Attack on Vendor Set Up Breach at Target. Published February 12, 2014, on Krebsonsecurity.com. Online: >http://krebsonsecurity.com/2014/02/email-attack-on-vendor-set-up-breach-at-target/< ; Lucian Ciolacu. Contractor with USB Stick Commits Biggest Credit Card Data Heist in South Korean History. Published January 21, 2014, on hotforsecurity.com. Online: >http://www.hotforsecurity.com/blog/contractor-with-usb-stick-commits-biggest-credit-card-data-heist-in-south-korean-history-7667.html<

As a result, some banks with their own compliance concerns, are now quite nervous about their law firms as vulnerable third parties. See e.g. Jennifer Smith and Emily Glazer of Dow Jones Business News. Banks Demand That Law Firms Harden Cyberattack Defenses. Published October 26, 2014, on nasdaq.com. Online: >

http://www.nasdaq.com/article/banks-demand-that-law-firms-harden-cyberattack-defenses-20141026-00022<

[20] Id. Jennifer Smith and Emily Glazer of Dow Jones Business News.

[21] Kara Scannell in New York. NY bank regulator targets cyber threat. Published October 6, 2014, on ft.com. Online: >http://www.ft.com/cms/s/0/5a981338-4cdf-11e4-a0d7-00144feab7de.html#axzz3HghMk1j4< quote of Benjamin Lawsky, Superintendent for New York’s Department of Financial Services.

[22] Sharon D. Nelson & John W. Simek. Clients Demand Law Firm Cyber Audits. Published in ABA Law Practice Magazine Vol 39, Number 6 (Nov./Dec. 2013) Online: >http://www.americanbar.org/publications/law_practice_magazine/2013/november-december/hot-buttons.html<

[23] As with a stolen credit card, a bounced cheque, or counterfeit cash, for example.

[24] As with a man in the middle attack (spoofed eCommerce website, or legitimate but infected site with cross-site scripting), for example.

[25] As in advance fee fraud, for example.

[26] In July of 2011, two websites (Cyworld and Nate) run by SK Communications of South Korea were breached, resulting in a loss of some 35 million records. “Hackers are believed to have stolen phone numbers, email addresses, names and encrypted information about the sites’ many millions of members.” See BBC. Millions hit in South Korean hack. Published July 28, 2011, on bbc.com. Online: >http://www.bbc.com/news/technology-14323787< . One year later, in July, 2012, South Korean authorities announced arrests in the case of hacks impacting 8.7 million users at KT Corp, the nation’s number one fixed line operator and number two mobile operator.

 

“The company says hackers stole subscribers’ names, phone and personal identification numbers, and then sold the data to telemarketers.”

 

“An illegally installed computer program had collected subscribers’ information over several months, KT Corp said.”

 

See BBC. South Korea arrests phone firm KT Corp hacking suspects. Published July 30, 2012, on bbc.com. Online: >

http://www.bbc.com/news/technology-19048494<

[27] To impact the Personally Identifiable Information (PII) records of 40% of an entire nation’s population in a single stroke, is certainly a major scoop, by any reckoning. Especially ironic, are the circumstances of this hack:

 

Customer details appear to have been swiped by a worker at the Korea Credit Bureau, a company that offers risk management and fraud detection services.” (Where were the vendor due diligence, segregation of duties, and the internal fraud controls?) (Emphasis added).

 

“The worker, who had access to various databases at the firm, is alleged to have secretly copied data onto an external drive over the course of a year and a half.” (Where were the access and event logs, “business need only” access privilege limitations, and random audits?) (Emphasis added).

 

See Sophia Yan and K.J. Kwon. Massive data theft hits 40% of South Koreans. Published January 21, 2014, on cnn.com. Online: >http://money.cnn.com/2014/01/21/technology/korea-data-hack/< See also supra, note 13, Jim Finkle and Karen Freifeld (JPMorgan Chase & Co.).

[28] Foreign and Commonwealth Office of the United Kingdom. Guidance: Overseas Business Risk – South Korea.

Last updated May 27, 2014, and published on gov.uk. Online: >https://www.gov.uk/government/publications/overseas-business-risk-south-korea/overseas-business-risk-south-korea<

[29] Id.

[30] Daniela Forte. South Korea Stands Out as Ecommerce Market for U.S. Retailers. Published June 19, 2014, on multichannelmerchant.com. Online: >http://multichannelmerchant.com/must-reads/south-korea-stands-out-in-ecommerce-market-for-u-s-retailers-19062014/<

[31] The Associated Press. Korea has nearly as many cell phones as people. Last updated January 28, 2009, and published on nbcnews.com. Online: >http://www.nbcnews.com/id/28893283/ns/technology_and_science-tech_and_gadgets/t/korea-has-nearly-many-cell-phones-people/#.VFKb0xbClGM<

[32] Id., and supra note 30.

[33] Supra note 30.

[34] Reuters. Paper is passe for tech-savvy South Koreans. Published Friday, May 9, 2008, on reuters.com. Online: >http://www.reuters.com/article/2008/05/09/us-korea-coupons-idUSS0914416520080509<

[35] Gordon Hamilton. Asia Pacific report: South Korea now a global technology tiger. Published November 25, 2013, on biv.com. Online: > http://www.biv.com/article/2013/11/asia-pacific-report-south-korea-now-a-global-techn/<

[36] Sarah Jones. South Korea boasts highest global credit card penetration: report. Published June 27, 2014, on luxurydaily.com. Online: >http://www.luxurydaily.com/south-korea-boasts-highest-global-credit-card-penetration-report/<

[37] Ekundayo George. The 100 “FACES” of Data: a 5-part Complex Systems Study (Part 1 – Form Factors). Published November 1, 2013, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2013/11/01/the-100-faces-of-data-a-5-part-complex-systems-study-part-1/<

[38] Ekundayo George. To Gatto from Zubulake: 2 Thumbs-up for Better Information Governance/Anti-Spoliation. Published March 31, 2013, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2013/03/31/to-gatto-from-zubulake-2-thumbs-up-for-better-information-governanceanti-spoliation/<

[39] Ekundayo George. Data Protection and Retention in the Cloud: Getting it Right. Published March 11, 2013, on ogalaws.wordpress.com. Online: >https://ogalaws.wordpress.com/2013/03/11/data-protection-and-retention-in-the-cloud-getting-it-right/< You cannot leave everything to a vendor or counterparty, if and when you are primarily responsible for your own security and the security of the data that you host at rest, in transit, or subject to access and change, for others.

[40] Terry Collins and Anne D’Innocenzio for The Associated Press. Twitter hackers nab data on 250,000 accounts. Published February 2, 2013, on ottawacitizen.com. Online: >http://www.ottawacitizen.com/business/Twitter+hackers+data+accounts/7911027/story.html<

[41] Ben Elgin, Dune Lawrence and Michael Riley. Coke Gets Hacked And Doesn’t Tell Anyone. Published November 4, 2012, on bloomberg.com. Online: >http://www.bloomberg.com/news/2012-11-04/coke-hacked-and-doesn-t-tell.html< This kind of silence is changing, however, due to increasing regulatory focus on cyber risks and cyber events, and a push for timely and full disclosure and remediation when it may impact the bottom line, systemically important entities, or public or investor confidence.

[42] China and India are the most populous nations on earth, with well over 1 Billion citizens, each; but comparatively (with all other nations) very low ratios of banked citizens, and citizens with access to organized credit facilities. The promised easing of China’s restrictions on foreign credit card issuers paves the way for many of the entry-market credit card products that we see in the West – secured cards, rechargeable cards, debit cards, and the like, along with the juicy fees for annual access, loading, overdrafts, late payments, cash advances, and per transaction. Of course, this will require the taking, keeping, and updating of vast amounts of data on a vast population; creating a single and captive, target rich environment of irresistible size that will remain very vulnerable to any lapses in data governance and/or cyber best practices. See generally Joe McDonald of The Associated Press. China easing credit card monopoly opening door for Visa, MasterCard. Published October 30, 2014, on ctvnews.ca. Online: >http://www.ctvnews.ca/business/china-easing-credit-card-monopoly-opening-door-for-visa-mastercard-1.2078518<

[43] Ekundayo George. Individual (allegedly) Wreaks Havoc with Former Employer – Another Teachable Moment in Infosec. Published May 16, 2013, on wordpress.ogalaws.com. Online: >https://ogalaws.wordpress.com/2013/05/16/individual-allegedly-wreaks-havoc-with-former-employer-another-teachable-moment-in-infosec-2/<

[44] See e.g. Supra note 12, Ben Elgin, Michael Riley, and Dune Lawrence (Home Depot).

%d bloggers like this: