Hello and welcome to another edition of What's Next. I'm Ben Hancock, a Law.com reporter in San Francisco, and I wonder how SEC Chair Jay Clayton would feel about me renaming this briefing “The Bitcoin Ethereum Blockchain ICO Report.” Catchy, no? Sure to get subscribers!

Next week I'll be reporting from the big Legalweek conference in New York — the latest evolution of LegalTech. I welcome your news tips, and suggestions for best late-night Korean barbecue in midtown. Feel free to drop a line: [email protected]. I'm also on Twitter @benghancock

➤➤ Want to receive this briefing as an email? Sign up here.


|

Watch This Space: Facing Off in Biometric Litigation

Google made another splash in the news last week when the Chicago Tribune and other outlets got wind that its popular “art selfie” feature in the Arts & Culture app wasn't being offered in Illinois and Texas. Why, you ask, would Google deny citizens of those great states the ability to match their face with someone in a painting?(It told me I look like this guy, though he clearly has a more awesome beard.) Why, biometric data privacy legislation, of course!

It may have been an overly cautious move; Google has said it doesn't “use your selfie for anything else and only keeps it for the time it takes to search for matches”—suggesting the feature may not be subject to the law anyway. But once bitten, twice shy. Google is already facing a suit in federal court in Illinois over the state's BIPA law, enacted in 2008, over the facial recognition feature in its Google Photos service. It lost a bid to get out of the suit early, when a judge rejected the argument that BIPA only applies to in-person scans. The case is ongoing.

Here's the thing: For a statute enacted a decade ago, the full impact of BIPA and statutes like it is just on the cusp of becoming clear. As lawyers at Baker & McKenzie wrote last fall, 2017 saw an explosion of lawsuits under the law—mainly in the employment space. As companies have switched to facial and fingerprint scan technology in place of older time-logging methods, the plaintiffs bar started to bring complaints that workers' data was taken without consent.

The big issue still to be decided is standing. An intermediate Illinois appellate court handed a win to defendants in December, in a case called Rosenbach v. Six Flags Entertainment Corp., ruling that language in the statute means a plaintiff must allege “actual harm.” (Plaintiffs last week asked for an extension to seek review.) Meanwhile, Facebook is trying to knock out a suit in federal court in San Francisco on similar grounds. But that hasn't been ruled on yet.

And if the decision goes for plaintiffs, what's next? Assessing just how high BIPA's statutory penalties can go. The law imposes $1,000 for each negligent violation, and $5,000 for each willful violation. What counts as a violation is an issue still to be litigated—and has potentially major consequences. “Nobody wants to be on the wrong end of an 'each-violation' ruling,” said Patrick Castle, an associate at Shook, Hardy & Bacon in Chicago who focuses on biometrics litigation.

>> Think Ahead: Illinois' BIPA law is currently the only one on the books with a private right of action. But its impact has been felt nationwide. Facebook is now also arguing that it only ought to apply to data processing done in Illinois. Watch for a ruling on that.


|

On the Radar: 3 Things to Know

1. The Swiss lawyer who helped established the “Swiss foundation” model for ICOs now thinks it isn't such a great idea.

Luka Mueller of the firm MME helped Tezos and others in the blockchain space set up their initial coin offerings. Now, he tells Reuters the Swiss foundation “actually is a very old, inflexible, stupid model.”

● At the same time, Democrats in the Senate said they have 50 votes to revive net neutrality. They're seeking a willing Republican.

>> Think Ahead: It's become apparent that borders don't limit the reach of U.S. securities laws when it comes to ICOs. Zug, Switzerland—aka “Crypto-valley”—is taking note.

2. EU lawmakers and data privacy scholars are warning SCOTUS that a ruling against Microsoft would lead to a conflict with the General Data Protection Regulation.

A win for the U.S. government in a case over emails stored in Ireland would violate the EU data privacy law, which is set to take effect in May, they argued. The scholars and lawmakers were among the many individuals and groups weighing in for Microsoft.

Jan Philipp Albrecht, a German member of the Greens party, was among those on the EU lawmakers' brief. He was one of the people who helped shepherd the GDPR through the legislative process to its enactment in 2016.

>> Takeaway: The conflict-of-law argument could be important to the Supreme Court's analysis of whether forcing Microsoft to turn over the emails is an “extraterritorial” application of the Stored Communications Act, the statute at issue.

3. A new report says that software designed to predict in criminal recidivism has questionable utility—not to mention potential bias.

● Two Dartmouth researchers analyzed COMPAS, the software used by judges and parole officers to predict recidivism. They found that it performed roughly as well as random people pulled from Amazon's Mechanical Turk crowdsourcing platform, reports Ars Technica.

● The report follows earlier findings by Pro Publica that COMPAS produces an outsize number of false positives for black defendants. The crowdsourced pool of respondents also produced false positives for black defendants at a rate higher than white defendants, but not to the same degree that COMPAS did.

>> Takeaway: “If the algorithm could be matched by what is almost certainly a bunch of amateurs, [the researchers] reasoned, maybe it's because it is not especially good.”


“As we make it cheaper to understand and process more of this information, it's probably just going to increase our appetite.”

— Scott Reents, lead attorney for data analytics and e‑Discovery at Cravath, Swaine & Moore on why data analytics and AI may not solve the challenges of digging through data. Listen to the full conversation with Scott in the latest episode of Law.com's “Unprecedented” podcast, and catch him speak at the upcoming Legalweek conference in New York.


|

In Futuro: eDiscovery is Still Heavy Data Lifting

Back in 2015, the federal courts changed rules around digital evidence in civil litigation in ways that were supposed to make it easier for parties to manage their mountains of data. But Gibson, Dunn & Crutcher writes in a year-in-review reportthat in reality, eh, not so much.

“We're seeing quite a few courts [where] they're writing decisions which don't mention Rule 37(e),” Gibson Dunn litigation partner Gareth Evans told LegalTech News, referring to the amended rule. According to the report, judges are still issuing sanctions—like adverse inference instructions—for data that was lost based on the old framework. “I think a lot of it has to do with education of the bar and education of the judiciary on these issues,” Evans added.

Meanwhile, litigators and legaltech vendors are increasingly facing the challenge of collecting data stored on mobile devices and in the cloud. This often requires “advanced tools and significant expertise to collect, process and search,” the report says.


|

Dose of Dystopia

“I'd know that voice anywhere…” So begins a leaked NSA memo about voice-recognition technology reported on by The Intercept in a deep-dive on the U.S. government's ability to pick up and identify people's voices out of the noise of digital and phone communication:

“[A] decade before voice commands like 'Hello Siri' and 'OK Google' became common household phrases, the NSA was using speaker recognition to monitor terrorists, politicians, drug lords, spies, and even agency employees. … By intercepting and recording millions of overseas telephone conversations, video teleconferences, and internet calls— in addition to capturing, with or without warrants, the domestic conversations of Americans—the NSA has built an unrivaled collection of distinct voices.”

Presumably, that kind of warrantless snooping on Americans will be even easier– from a legal perspective — with the renewal of Section 702 and the green-lighting of “abouts” searches (which I mentioned last week). For those already wary of government surveillance, it's a spooky prospect: Just by hopping on the phone or Skype, authorities might know who exactly is saying what.


Thanks for reading, and keep plugged in with What's Next.