Facebook’s Massive Cybersecurity Breach: Regulating the Unknown

Just months after clips of Facebook CEO Mark Zuckerberg’s testimony before Congress regarding the Cambridge Analytica scandal faded from the forefront of the internet, Facebook is again facing major scrutiny in what has been labeled the company’s biggest cybersecurity breach to date.

On September 28, Facebook announced that the digital login access tokens of 50 million users had been stolen, signifying that those accounts and their contents had been compromised. Another 40 million had been placed at risk before the company was able to “patch the security vulnerability.” Exploiting three bugs in the website’s “View As” function, hackers were able to access users’ login tokens, effectively giving them access to all of the content in roughly 50 million accounts.

The legal system’s approach to increasingly massive cybersecurity issues like these is similar to how it dealt with Uber’s major security breach back in 2014: as they tread into the relatively uncharted arena of cybersecurity, regulatory agencies and courts are desperately attempting to delineate the responsibility that these companies have in terms of security protection for their users. As of now, many businesses, especially small ones, share the sentiment of “shooting a bit blind regarding how to protect data and the consequences for not doing so.”

A wrinkle in this investigation that poses an especially interesting inquiry for the legal world stems from Facebook’s Single Sign-On (SSO) feature, an idea implemented nearly a decade ago, which allows users to sign into third-party applications with a single Facebook login token. Companies like Airbnb, Tinder, Instagram, and thousands more utilize the SSO feature to streamline the sign-up and login process, thereby rapidly expanding their user bases at a higher speed. Because hackers acquired Facebook users’ digital login keys, they theoretically could have had access to accounts in these third-party companies as well.

So as the FTC attempts to better delineate Facebook’s security responsibilities within its own company for its own users, the SSO issue poses an additional layer of inquiry that it must answer: does an SSO require heightened scrutiny in terms of cybersecurity? What is the burden that a company like Facebook has in relation to third-party companies that utilize features like SSOs? Facebook benefitted immensely from the feature for years despite the multiplicity of security risks that would happen in the event of a security breach. That event, with this hack, has finally arrived.

Thanks to the landmark 2015 ruling in FTC v. Wyndham Worldwide Corporation, the FTC now has the green light from the Third Circuit to establish companies’ responsibilities and liabilities in the “Wild West” of the cybersecurity world. As investigations continue, the FTC will not only see the real magnitude of the harm that may have been multiplied by Facebook’s SSO feature, but also, in conjunction with the courts, come to a clearer judgment about cybersecurity responsibilities.

Facebook’s Massive Cybersecurity Breach: Regulating the Unknown

ACLU Files Complaint Regarding Facebook’s Discriminatory Advertisements

The American Civil Liberties Union recently filed a complaint against Facebook, claiming that many of the employment advertisements displayed on the popular social media website were discriminatory. Specifically, the advertisements centered on Facebook’s strategic targeting of individuals that identified as male and implicitly discriminating against women and those that are non-binary.

The United States has a long history of employment discrimination, which has primarily affected those from underrepresented and marginalized communities. This form of discrimination is still ever present today, as many people of color and women suffer from explicitly discriminatory hiring practices based upon phenotypic appearance and even their legal name. These practices continue to contribute to the lack of diversity in professions of many fields and, subsequently, maintain the status quo of male dominance.

Despite ultimately being an issue of fairness, as established by the Civil Rights Act of 1964, employment discrimination effectively creates economic ramifications. One primary consequence is the lack of economic efficiency. Businesses that participate in discriminatory hiring practices can suffer economic loss by self-restricting their hiring pools and failing to seek the most qualified candidates. Due to these businesses’ discriminatory preferences, they hire individuals that may be less qualified and, thus, provide compensation for subpar labor.

Ultimately, access to employment and the right to exchange one’s labor for wages are essential components of capitalism. Wages can motivate individuals to pursue the American dream of homeownership and create intergenerational wealth. This capitalistic society is inherently unequal when a singular group reaps these benefits while it actively excludes others. Such behavior contributes to the present wealth gap, and this gap will cease to close if opportunities are not made readily available to everyone.

Alternatively, the use of advertisements through Facebook does not have to be entirely negative; whereas, advertisements could be used to create access to career fields for groups that would otherwise be underrepresented. In a practical sense, this method can be used to recruit groups that lack representation in such fields but can contribute to an expansive and competitive pool of candidates. Rather than using advertisements to aid in discrimination methods, businesses could use these ads as a tool to pursue equity and remedy the lack of diversity in many career fields.

As we continue to navigate through the digital age and as businesses progressively use social media for their daily business practices, explicit biases in the hiring process will continue to manifest in creative ways. In order to successfully combat these biases, business and social media outlets alike must actively evaluate their hiring practices and understand how they are complicit in upholding injustices. Rather than perpetuating inequity, Facebook could enforce stricter regulations upon its employment advertisements to change the status quo.

ACLU Files Complaint Regarding Facebook’s Discriminatory Advertisements

U.S. and Broadband Industry Sue Over California’s Net Neutrality Law

California is facing lawsuits from the U.S. Department of Justice and the broadband industry over the state’s landmark net neutrality law.

Net neutrality is the principle that all internet traffic should be treated equally. In 2015, the FCC enforced net neutrality protections to regulate broadband providers like public utilities. The Trump-era FCC voted to repeal net neutrality rules in 2017. On one hand, Democrats, tech companies, and consumers have pushed for stricter regulations to prohibit the prioritization of internet traffic and boost innovation. On the other hand, Republicans and Internet Service Providers (“ISPs”) argue that net neutrality discourages investment.

The California net neutrality law (SB-822) is the strictest yet of the state legislative efforts to revive net neutrality. SB-822 goes further than just banning ISPs from implementing internet fast-lanes—it also prohibits selective exemptions of apps and services from customer data caps. Other states planning to enact their own net neutrality laws view SB-822 as the “gold standard” of internet regulation.

Federalism is the key issue in this legal fight. Both lawsuits allege the FCC’s deregulatory order preempts the California law and that SB-822 is an unconstitutional attempt to regulate interstate commerce. Supporters of SB-822 say that the FCC explicitly gave up the agency’s authority to regulate internet providers. Further supporters say that where there is no federal law, states can assert their own. According to California Attorney General Xavier Becerra, “California, the country’s economic engine, has the right to exercise its sovereign powers under the Constitution.”

The question of whether the FCC preempts state regulations will be decided by a case pending at the D.C. Circuit. If California prevails, it will set a new precedent of states reviving regulations in the wake of federal deregulatory orders and open the door for other states working on their own net neutrality laws.

U.S. and Broadband Industry Sue Over California’s Net Neutrality Law

Elon Musk, Twitter, and the SEC

On September 28th, 2018, the SEC sued Elon Musk for securities fraud and sought to ban him from serving as an officer of any publicly traded company. The SEC’s claims arise from Musk’s August 7th tweet of “funding secured” to take Tesla private. In response to the tweet, Tesla’s shares closed up 11 percent from the previous day. The SEC claims that at the time Musk tweeted, he had not discussed specific deal terms with any potential financing partners and that he knew taking Tesla private was still uncertain. Musk admits that he posted the tweet while driving to the airport without anyone’s review. His tweet also came after months of sleeping in Tesla’s factory to ensure hitting Model 3 production targets while fending off angry investors.

Today, Twitter enables leaders to engage directly with the public. Musk often uses Twitter to make bold statements, promising his grand vision for the future realized through his innovative companies like Tesla, SpaceX, and The Boring Company. As a result, Musk has drawn millions of followers and is able to drive national discussions around innovation.

The rise of Twitter usage by leaders, 280 characters at a time and often unfiltered, is a significant shift from the carefully crafted statements of traditional communication. Tweets often promote reactionary behavior, counter to the stability and predictability the SEC and investors prefer. For example, the Nasdaq stock exchange was forced to suspend trading of Tesla’s shares for 90 minutes because Musk tweeted material information without informing Nasdaq.

Musk’s latest controversy highlights how America continues to grapple with social media’s impact on how people deliver and receive information. The mission of the SEC is to “protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation” through providing access to certain basic facts about an investment. Access to accurate information is at the heart of the SEC laws and rules. However, as the next generation of leaders rise with new technology and new norms of communication, the SEC will need to evolve while also staying true to its mission.

Eventually, under the pressure of his lawyers and investors of Tesla, Musk settled with the SEC. He will remain Tesla’s CEO but must resign as chairman of the board for 3 years and pay a $20 million fine.

Elon Musk, Twitter, and the SEC

SEC Imposes a $34.5 million Penalty on Walgreens Over Misstatement of Forecasted Earnings Goal

On September 29, 2018, the SEC imposed a cease-and-desist order against Walgreens Boots Alliance Inc., its former CEO Gregory Wasson, and its former CFO Wade Miquelon.  This order comes following the SEC’s investigation over allegations that the company and its directors had misled investors regarding Walgreen’s ability to achieve its forecasted earnings goal.

Walgreens, Wasson, and Miquelon consented to an SEC order finding they had violated Section 17(a)(2) of the Securities Act of 1933, which prohibits “untrue statement[s] of a material fact or any omission[s] to state a material fact” in the offer or sale of securities.  In addition to avoiding future violations of the Act, Walgreens must now pay $34.5 million while Wasson and Miquelon were fined $160,000 each.

The SEC’s investigation focused on Walgreen’s two-step merger with Alliance Boots in June 2012. As it announced the merger, Walgreens assured investors the “combined entity would generate $9 billion to $9.5 billion in combined adjusted operating income in the 2016 fiscal year.” It became apparent after the first step of the merger that the company would be unable to meet its 2016 projection. However, Walgreens, Wasson, and Miquelon continued to voice their confidence in the financial forecasts without disclosing the increased risk. As Walgreens moved forward with the second step of the merger, it presented an adjusted operating income projection of $7.2 billion, 20 percent less than its original projection. Unsurprisingly, the company’s stock price dropped 14.3%.

According to Stephanie Avakian, Co-Director of the SEC’s Division of Enforcement, “[t]he penalty assessed against Walgreens is intended to punish and deter such conduct, which deprived investors of information necessary to make fully informed investment decisions.”

It is worth noting that the SEC chose to charge Walgreens and its former senior management with a Section 17(a)(2) violation rather than a violation Rule 10b-5 of the Securities Exchange Act of 1934. While Rule 10b-5 requires satisfying the “scienter” requirement by showing recklessness, under Section 17(a)(2) the SEC has the authority to bring negligence-based charges as long as there is proof of negligence (i.e., deviation from the appropriate standard of care).

SEC Imposes a $34.5 million Penalty on Walgreens Over Misstatement of Forecasted Earnings Goal

From Immigration to Information Filtering: Google Shows Its Pro-Immigration Stance

In January 2017, the Trump administration shocked the world when it issued an executive order banning entry for 90 days by nationals of Syria, Libya, Somalia, Sudan, Iraq and Yemen. The same order also indefinitely halted the intake of Syrian refugees. In June 2018, the shock wave continued when the Supreme Court upheld the travel ban in a 5-4 decision. Both the original order and the Supreme Court decision fueled a national debate on immigration.

The conversation on immigration managed to infiltrate the core of companies such as Google. Frustrated with the travel ban, Google’s employees tried to find a way to counteract the negative effects of the policy. Internal company emails, obtained by The Wall Street Journal, indicate that Google considered displaying pro-immigration information when people searched for the travel ban. The emails also suggest the use of a search algorithm to provide different results for “prejudicial” search terms.

Both as a citizen and a first-generation immigrant, I could relate to the employees’ outrage and desire to act. However, the potential impact of filtering information to promote a political view alarmed me more than the executive order and the decision of the Supreme Court combined. Limiting people’s access to information based on a private company’s idea of morality would set a dangerous precedent and forever change the way we receive our information. While people might sympathize with Google’s motivation in the context of immigration, they might not all agree on other controversial issues such as women’s rights, LGBTQ issues, or euthanasia—just to name a few. Additionally, filtering information might have the unintended effect of making people uninformed about the issue at hand. The potential consequences could be catastrophic both in the short term and the long term.

However, Google denies that any such filtering occurred. Google claims that search results have never been altered for political purposes and that the emails were “just a brainstorm of ideas, none of which were ever implemented.” According to Google, company policy would never allow the manipulation of search results to promote political ideologies. Nonetheless, the discussions that took place at Google, and technology’s ability to implement such discussions, should make all of us very uneasy.

The issue of immigration requires an ongoing national debate and new policies. However, filtering information to combat ignorance creates a very slippery slope and allows corporations to dictate our stances on both moral and political issues—a slope we don’t want to find ourselves on as a nation.

From Immigration to Information Filtering: Google Shows Its Pro-Immigration Stance

Airbnb Seeks to Turn Hosts into Shareholders

For several years, Airbnb insisted that its product is nothing more than a platform that connects hosts with guests. Several Silicon Valley companies, such as Airbnb, Uber, and Facebook, have insisted on their role as platform providers, often as a means of skirting regulations that otherwise apply to the industries they seek to disrupt. Users of these platforms are generally seen as neither employees nor customers but rather as independent contractors and consumers. Without employees or customers in the traditional sense, platform companies hold that they are not responsible for violations of regulations, payment of taxes, or civil liability and that these burdens ought to fall on their platforms’ users instead.

But, that may soon change. Airbnb has recently filed a request with the SEC to give its hosts equity stakes in the company. Federal regulation stipulates that while private companies, like Airbnb, can grant stock to employees and investors, they can’t grant stock to contractors. Airbnb has long held publicly that it wishes to align the interests of all stakeholders, including employees, hosts, guests, and investors, in the company’s business. A change in Rule 701 of the Securities Act to include “gig economy workers” would dramatically change how these workers are compensated and taxed.

By granting some stock to its hosts, Airbnb is also creating a financial incentive for hosts to boost the company’s long term financial prospects. Hosts would be incentivized to support the company’s interests when it comes to lobbying for looser regulations concerning Airbnb and hoteliers. Hearkening back to an infamous advertisement campaign that featured an African-American couple describing how Airbnb helps them meet their mortgage payments, hosts are likely even more encouraged to fight for their ability to continue making an income from the platform. Given that Airbnb “believes that 21st-century companies are most successful when the interests of all stakeholders are aligned,” this proposed change could be an integral step for all gig economy companies towards reinventing corporate governance and equity distribution in the private market.

While hosts stand to become part owners of Airbnb, there still lurks the question of whether sharing economy companies can still call their products mere platforms. Hosts would no longer be impartial, neutral users of the site but are rather investors in the company that are being compensated with not just the direct value of their rentals but with a share of the company’s overall value too. These hosts could wind up in an employee-employer relationship with Airbnb that would result in a more significant portion of the hosts’ compensation coming in the form of equity. A claim that one’s product is merely a platform would likely become a far less plausible defense in light of these changes.

The question of whether or not this new shareholder class of gig economy workers will come with voting privileges remains unanswered. Nevertheless, the SEC ultimately will have to look at whether such a change affects hosts and investors fairly while cities looking to regulate will re-evaluate whether a platform where the users are also part-owners could still be classified as a platform.

Airbnb Seeks to Turn Hosts into Shareholders

Walmart, Patagonia and Lyft Make Push to Increase Voter Turnout

As the midterm elections draw near, approximately 150 companies, including Walmart, Patagonia and Lyft, have come together to form the Time to Vote campaign. This initiative is aimed at increasing voter turnout at the midterm elections.

The companies involved in Time to Vote are taking different steps to achieve this goal. Some are focused on ensuring that their own employees go to the polls. For example, Patagonia will shut down its corporate campus and all US retail stores on November 6th to give employees time to vote. Further, Levi Strauss will give all employees at least three hours off to vote.

Other companies are focused on increasing voter awareness and accessibility to vote. For instance, Walmart created a website with election materials and information. In addition, Lyft is offering discounted rides anywhere in the United States and free rides to people in underserved communities.

Executives say the Time to Vote initiative is a nonpartisan effort aimed at increasing voter participation. However, it is impossible to ignore the symbolism in America’s current political climate. Though the Trump administration might have a business-friendly reputation, as evidenced by this year’s tax overhaul, many of the companies involved in Time to Vote have become increasingly outspoken in their opposition to President Trump’s policies.

Patagonia sued President Trump last December over the diminishment of national monuments. Further, Walmart’s chief executive, Doug McMillon criticized President Trump after he refused to condemn white supremacists following the violent protests in Charlottesville in the summer of 2017. Lyft also made a $1 million donation to the ACLU after President Trump announced his initial travel ban.

Regardless of whether the companies have an underlying goal of expressing disdain for President Trump or whether their efforts are truly non-partisan, the companies seem to be responding to their stakeholders’ interests. Scott Farrel, communications executive for the international PR firm Golin, said in August 2017 that, “Millennials want companies to take a stand. A measured risk needs to be taken, and whichever way you want to go, you can’t sit in the middle anymore.”

Farrel’s sentiment appears to be shared by many companies, so it will be interesting to follow the businesses involved in Time to Vote as we approach Election Day.

Walmart, Patagonia and Lyft Make Push to Increase Voter Turnout

Silicon Valley Startups: Caught in the Crossfire of the U.S.-China Trade War

President Trump has announced new tariffs on Chinese imports, further escalating the ongoing trade war between the United States and China. On September 17th, the administration released a sprawling list of Chinese products, ranging from food items to industrial machinery. In total, the slew of goods (everything from tuna to fertilizer to cranberries to steam turbines) amounts to roughly $200 billion worth of Chinese products. Each item will be subject to a 10% tariff. Importantly, the extensive list includes circuit boards, semiconductors, cell tower radios, and internet modems. A 10% tax on these items will have devastating effects throughout Silicon Valley. The Valley’s smaller tech startups will be among the first to feel the adverse impacts.

In recent years, fledgling American innovators have managed to carve out their space in the Silicon Valley market largely thanks to cheap Chinese manufacturing. By outsourcing their operations to China, these startups are able to produce goods in much larger quantities, thereby benefitting from economies of scale. Utilizing China’s cheap labor and lax regulations, smaller startups have managed to avail themselves of the advantages that come with mass-production. With these new tariffs, however, small-tech is struggling.

Under the new import restrictions, young businesses will be faced with a 10% tax when they try to import their Chinese-made products back to the Silicon Valley. There are only two ways for companies to deal with this problem: 1) absorb the extra cost by cutting into their profit margins or 2) pass the cost along to consumers, in the form of higher prices. The former option is unavailable to small startups; with thinner margins, many of these nascent companies simply don’t have the ‘wiggle-room’ to take on additional costs. And pursuing the latter option would likely mean being priced out of the market. Thus, startups who rely on outsourcing will struggle to remain afloat. If small businesses truly are the backbone of the American economy, the weight of these tariffs will likely crack some vertebrae.

The tech industry’s larger companies do not face the same existential threat. With massive margins, they are better able to absorb extra costs. Moreover, they are better equipped to reorganize their supply chains. Already, Micron has discussed shifting its production out of China, moving its factories to other low-wage countries within its global supply chain. For smaller companies with limited funds, uprooting an entire production facility is not so simple. Further, large industry titans can exercise lobbying power, thereby insulating themselves against the tariffs. For example, thanks to Apple’s successful lobbying efforts, the administration exempted the Apple Watch and Apple AirPods from the import tax. Of course, smaller startups lack the political influence to have their imports exempted. Thus, while big tech is protected by transferrable supply chains and lobbying, small businesses remain vulnerable.

Although the tariffs may not send Google and Apple plummeting into collapse, the impact on small businesses cannot be ignored. A recent empirical analysis shows that startups account for nearly all net job growth in the U.S. economy. Indeed, that data reveals that, for the past four decades, startups have been responsible for virtually all net job creation. Moreover, beyond their indispensable contributions to employment, startups are also essential to innovation. Research indicates that larger companies tend to invest in ‘incremental technologies’ (i.e. improvements upon existing technologies); this is because improving an existing device—for example, upgrading the camera on a Samsung Galaxy or equipping an iPhone with a thumbprint scanner—involves less risk and a more predictable return. Meanwhile, smaller startups are more amenable to high-risk, high-reward ventures and therefore direct their R&D towards developing groundbreaking innovations.

For these reasons, startup growth is absolutely crucial to economic progress. Currently, Silicon Valley leads the world in startup growth. Between 2012 and 2017, the Valley produced 57 ‘unicorn’ startups (i.e. startups that grew to be worth $1 billion). Over that same time period, China produced only 46. Simply put, the Bay Area alone cultivates more successful startups than the entire nation of China. The Valley’s explosive startup growth is one of the few areas in which we outpace China by leaps and bounds. If these new tariffs undermine the growth of Valley startups, it will threaten a key pillar of our economic dominance, thus undercutting the very objective Trump seeks to achieve.

Deeply concerned by the tariffs’ impacts on our economy, some have called for legal action against the Trump administration. President Trump has been levying these tariffs pursuant to 19 U.S.C. § 2411. In a recent statement, the Consumer Technology Association (CTA) argued that President Trump and the United States Trade Representative have not conformed to the stringent requirements of the law. Specifically, the CTA alleges that President Trump has failed to meet certain statutory deadlines and, moreover, is acting outside the scope the authority conferred upon him by 19 U.S.C. § 2411.

Silicon Valley Startups: Caught in the Crossfire of the U.S.-China Trade War

Provision Designed to Protect Consumers from Unreasonable Airline Fees Dropped by Congress

The American airline industry celebrated this past Saturday as Congress decided to drop a provision that would have given the Department of Transportation the authority to determine if airline fees were “reasonable and proportional.”  Congress will be voting on the measure this week, before the September 30 deadline.

The “reasonable and proportional” fee provision had been supported by consumer groups, celebrated as a bipartisan effort.  The provision was part of a compromise between chairman of the Commerce, Science and Transportation Committee, Republican Senator John Thune (R-SD) and chairman of the Transportation and Infrastructure Committee, Representative Bill Shuster (R-PA), Democrat leaders, and Republicans in other committees.

The Trump administration’s Department of Transportation told Congress it opposed the measure, going so far as to say that many new consumer protections were deemed to be “unnecessary and wasteful.”  The Department of Transportation’s deputy general counsel, James Owens, said the provision was a “giant step backwards” and presented a risk of wider regulation that would hurt both consumers and air carriers.

Airlines make significant profits from fees that are largely seen as unreasonable by consumers.  In 2017, airlines charged passengers $4.6 billion in fees related to baggage, seat assignment, and flight changes.  Given how much they stood to lose, it is no surprise that airlines heavily lobbied against the provision.  Airlines for America, an airline trade group that represents United, Southwest, and American among others, publicly stated that the provision should be rejected, arguing that it would result in “government-mandated price controls.”

It is also worth noting that the airline industry is heavily involved in politics, having contributed $2.4 million to incumbents in Congress for the November 6 election cycle and over $12.4 million to incumbents in the last ten years.  In 2017, Airlines for America spent $8.59 million on lobbying efforts, likely due to the FAA reauthorization bill as well as the viral video of a United passenger being violently removed from his flight.

Provision Designed to Protect Consumers from Unreasonable Airline Fees Dropped by Congress