Richmond Journal of Law and Technology

The first exclusively online law review.

Category: Blog Posts (Page 15 of 18)

Blog: Net Neutrality

By Jessica Ertel, Associate Articles Editor

The D.C. Court of Appeals recently turned down federal net neutrality legislation, thus allowing Internet service providers to charge Internet companies fees for faster delivery of Internet content.

Net neutrality legislation requires that broadband providers treat all Internet traffic equally. The Federal Communications Commission also calls this “Internet openness.” The FCC supports an open Internet because without net neutrality legislation, broadband providers might prevent their subscribers from accessing certain websites altogether or degrade the quality of these sites in order to direct Internet traffic towards their own competing services, or to collect fees from these websites.1 The Commission’s purpose in the net neutrality legislation was to prevent broadband providers from blocking or discriminating against certain Internet site providers.

By throwing out net neutrality legislation, the decision opens the door for Internet Services providers to charge fees to companies who want their Internet content to be delivered to consumers more quickly. Internet services providers, such as petitioner Verizon, applaud the ruling, because it means that they can make money off of Internet companies who want the information from their sites delivered “first class.” The Internet companies who deliver streaming content are the ones most distressed by the U.S. Court of Appeals’ decision. Netflix is one such company. The CEO of Netflix, Reed Hastings, responded to the outcome of the case: “Were this draconian scenario to unfold with some [Internet Service Provider], we would vigorously protest and encourage our members to demand the open Internet they are paying their ISP to deliver.”2

Big companies such as Netflix would be the ones most hurt by this ruling, and the company estimates that it would potentially be forced to pay as much as 10 percent of its annual revenue to broadband providers.3 This could in turn be pushed onto the consumers in the form of higher prices to access sites like Netflix. Yet such a price increase is unlikely to happen soon, and further, Internet service providers have expressed their commitment to their consumers’ ability to freely access Internet sites.4

In spite of this roadblock for the FCC, it has promised to find other ways to pursue Internet openness. The Appeals Court did find that the FCC had the authority to regulate broadband providers’ treatment of Internet traffic.5 The FCC appears ready for the challenge to find other ways to promote Internet openness.


1Verizon v. F.C.C., 11-1355, 2014 WL 113946, at *2 (D.C. Cir. Jan. 14, 2014). 

2 Steven Russolillo, Netflix CEO on Net Neutrality: We Will ‘Vigorously Protest’ a “Draconian Scenario,Wall St. J. (Jan. 22, 2014), available at

3 Scott Mortize & Cliff Edwards, Verizon Victory on Net-Neutrality Rules Seen as Loss for Netflix, Bloomberg Law, Jan. 14, 2014, available at

4 Edward Wyatt, Rebuffing F.C.C. in ‘Net Neutrality’ Case, Court Allows Streaming Deals, N.Y. Times, Jan. 14, 2014, available at vice president expressing the company’s commitment to deliver an open Internet to its customers). 

5Verizon v. F.C.C., 11-1355, 2014 WL 113946, at *1 (D.C. Cir. Jan. 14, 2014). 

Blog: Snapchat May Not Be Just for Friends – How About Insider Trading?

by Dylan Denslow, Associate Technology and Public Relations Editor


          Since its launch in September 2011, Snapchat has amassed some 26 million users who together send an average 400 million “snaps” each day.[1]  To say the app is popular is an understatement.  However, Snapchat’s reputation has been primarily as an outlet for teenagers and college students to send scandalous or embarrassing photos of themselves.  Recently however, a new app named Confide has taken the idea behind Snapchat, the notion of a disappearing message, and brought it to Wall Street.[2]  


            Confide is a “new ‘off-the-record’ messaging app” that has raised $1.9 million in seed funding, and was initially referred to as “Snapchat for business”.[3]  Business people commonly run into a situation where they do not want to create a paper trail of emails discussing a particular subject – instead they prefer to talk over the phone where their discussions aren’t recorded and may not bring about as many legal consequences.  Confide is meant to alleviate this situation where phone tag is frequent and an unnecessary impediment to transacting business.[4] 


            On its face, this seems like a great idea that could cure business problems faced on a daily basis.  However, the app is ripe for abuse and potentially provides a mechanism by which employees may be able to skirt or break state and federal laws.  Insider trading immediately comes to mind.  For example, an executive with a stock tip could send a message through Confide to an investor knowing that the record of that message would soon disappear.[5]  The messages sent on Confide are not stored on servers, and the company has put in place protections to avoid users taking screenshots of the messages themselves.[6]  This seems like a perfect mechanism to help exec’s and employees send messages without worrying about later consequences of their statements.


            Although geared towards the business world, it is also likely that the app will eventually fall into other hands as well.  This in itself creates a number of potential legal issues.  For example, imagine a drug dealer with use of the app.  No longer is there a record of his texts to buyers, instead his messages are deleted immediately, making it more difficult for law enforcement to connect him with his past activities.  Although this violates the terms of Confide’s user agreement, it is unlikely that such an agreement would deter someone already involved with such criminal activity.[7]


            Snapchat has certainly brought value to its users, primarily through its ability to allow them to share fun experiences.  However, there have already been allegations that Snapchat is being used for insider trading, even when its reputation typically involves a drunken “selfie” at a bar or college party.[8]  Now, Confide brings a similar product to market specifically geared at the business community.  A user agreement prohibiting illegal activity will not be enough to deter law breaking.  As this technology moves into the business arena, messages will have more serious financial effects than the seemingly harmless Snapchats.  Lawmakers should be poised to monitor and regulate use of this technology in order to avoid any potentially serious legal issues that may arise.


[1] See

[2] See

[3] Id.

[4] Id.

[5] See

[6] See

[7] See

[8] See

Streaming Downton Abbey: When Will the Law Catch Up to Global Television?

       by Cate Gray, Associate Manuscripts Editor


     On January 5, 2014, PBS premiered season four of critically acclaimed period drama Downton Abbey to record-breaking ratings in the United States.[1]  The problem for diehard fans truly committed to knowing the trials and tribulations of the Crawley family?  In the United Kingdom, the season four finale already aired on December 25, 2013.[2]  Fans of BBC One’s Sherlock can sympathize; season three premiered nearly a month later here in the US than in the UK.[3]

            So, devoted US fans, why not utilize one of the many websites devoted to allowing viewers to stream these shows and stay up to date with our neighbors across the pond?  Simply put, it’s illegal.  In an effort to combat copyright infringement online, Congress defined all such websites as “dedicated to infringing activities” and therefore in violation of title 17 of the United States Code.[4]  But should it be? 

PBS, the Public Broadcasting Service, is available to any viewer with a digital antenna, so watching programming on the network doesn’t require a paid cable or satellite subscription.  The network itself is funded largely through private donations.[5]  Therefore, because the public does not pay for the ability to watch the channel, there is a question as to whether there is actual harm done to PBS.  Does streaming content from the United Kingdom that is not yet available to those of us in the United States truly harm PBS?

The more important question, however, is when will the law, and technology, catch up to an increasingly global society?   Television shows no longer have fans based solely in one country, and for those of us behind in broadcasts due to our geographic location, the Internet is a minefield of countless spoilers for episodes yet to air on our local networks.  The delay in airing shows in other counties with large fan bases creates a market for online streaming, and all but encourages fans to engage in a technically illegal activity in order to stay up to date with viewers in other locales.  Such a result places both the U.S. law and television networks in a difficult situation, and only time will tell whether they take steps to decrease the time between premiers in different regions, thereby reducing the need for online streaming.

[1] ‘Downton Abbey’ Season 4 Premiere Breaks PBS Ratings Record, Huffington Post (Jan. 6, 2014, 6:19 PM),


[2] “Downton Abbey” The London Season (TV Episode 2013) – Release Info, iMDB, (last visited Feb. 13, 2014).


[3] “Sherlock” Many Happy Returns (TV Episode 2013) – Release Info, iMDB, (last visited Feb. 13, 2014).


[4] S. 3804, 111th Cong. § 2 (2010).


[5] Support Public Television, PBS,  (last visited Feb. 13, 2014).


Symposium Series: What Is Information Governance?

     by Peter Sloan, Husch Blackwell LLP

February 5, 2014


If anything cries out for organizational governance today, surely it is information.   Data volumes are rising relentlessly; information is flowing in and out of organizations more pervasively than ever; and mobile computing, cloud services, big data analytics, and social networking are fundamentally transforming the organization’s relationship with information.  Meanwhile, the compliance environment grows yet more complicated, as organizations, regulators, and the courts wrestle with the repercussions of massive data breaches, the evolving scope of e-discovery, and allocation of responsibility for the retention and protection of information.  Shortcomings of the traditional practices used by organizations to deal with information are becoming clear, as is the need for a new, comprehensive approach.  And that fresh approach has been dubbed “Information Governance.”

But what exactly is Information Governance?  Despite widespread use of the term,[1] few definitions have been offered.  With due deference to Shakespeare’s Juliet,[2] and also to Justice Stewart,[3] names and definitions matter. They are particularly important when the subject, unlike roses and pornography, has not been with us for a very long time.  And Information Governance indeed is a new approach for addressing information issues.  To be more precise, Information Governance involves a new reconciliation of departmental interests (such as those of IT, Legal, Compliance, Records Management, and lines of business) and of traditional information disciplines (such as records & information management, privacy & data security, and litigation preservation & discovery)—in essence, connecting familiar building blocks in a new, different, and more effective way, to better serve the organization as a whole.  So, definitional clarity is essential here, precisely because Information Governance involves a fundamental change in established perspectives and practices.

What definitions have been proffered for Information Governance?  According to Gartner, the global information technology research and advisory company, Information Governance is “the specification of decision rights and an accountability framework to ensure appropriate behavior in the valuation, creation, storage, use, archiving and deletion of information.  It includes the processes, roles and policies, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.”[4]  ARMA International similarly defines Information Governance as “a strategic framework composed of standards, processes, roles and metrics that hold organizations and individuals accountable to create, organize, secure, maintain, use, and dispose of information in ways that align and contribute to the organization’s goals.”[5]

The Compliance, Governance, and Oversight Council (“CGOC”) has defined Information Governance as “the discipline of managing information according to its legal obligations and its business value, which enables defensible disposal of data and lowers the cost of legal compliance.”[6] 

Most recently, the Sedona Conference has defined Information Governance as “an organization’s coordinated, inter-disciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value.”[7] 

While each of these definitions has its strengths, here’s what I like about the Sedona Conference definition:[8] 

  • Success with Information Governance requires strategic commitment by the organization’s leadership, which is best accomplished when clear benefits accrue to the organization.  Embedding compliance, risk management, and value into the definition communicates a clear “why” for pursuing Information Governance.  These words articulate concrete, strategic benefits for the organization as a whole, and they also anchor the endeavor’s purpose. 
  • The terms “coordinated’ and “inter-disciplinary” succinctly capture the essence of Information Governance, addressing the strategic “what” that is being accomplished.  The most challenging aspect of adopting Information Governance is bridging across traditional information silos.  To be successful with Information Governance, the organization’s individual departments and functions such as Legal, IT, Records, Compliance, and lines of business must coordinate so that decisions about the organization’s information will reflect the needs of the organization as a whole, rather than parochial interests.  And success with Information Governance also requires inter-disciplinary assessment and decision-making, so that information decisions are not based solely on the limited perspectives of traditional disciplines such as records & information management, privacy & data security, and litigation preservation & discovery.  This is the essential feature of Information Governance, through which the organization expands its perspective to consider all aspects and angles of information compliance, risk, and value.

The Sedona definition does not prescribe the particulars of how Information Governance is implemented, referring instead to the organization’s “approach” to accomplishing this coordinated, inter-disciplinary effort, and leaving the specifics of the implementation “how” to supporting guidance.  I think that’s prudent, because there will be various approaches for implementing Information Governance, and the definition should not be too limiting.  Reality suggests that different organizations adopting the Information Governance approach will operate at different points on a maturity continuum.  Some, frankly, will begin by simply getting the right people together in the room to thoroughly explore all angles to information-related decisions at the organization before they are made.  Others will put in place elements of structure, direction, and resources to support Information Governance efforts, along with mechanisms for accountability.  Yet others will establish robust control systems for Information Governance, based upon applicable information-related standards[9] or modeled upon standards for internal control systems generally.[10] 

Years from now, perhaps most organizations will be well along the path of this maturity continuum, and hopefully so.  And yes, organizations certainly will need authoritative guidance on implementation frameworks, strategies, and options for building Information Governance programs. But my hunch is that, at least in the short term, different organizations will pursue Information Governance programming in a wide variety of ways.  While I may feel strongly about the importance of conducting Information Governance assessments and setting program objectives, followed by establishing structure, direction, resources, and accountability for an effective Information Governance program, these are specifics of implementation — the How, rather than the definitional What and Why.


[1]  A simple Google search for “Information Governance” on February 3, 2014 yielded 1,250,000 search results.

[2]  “What’s in a name?  That which we call a rose by any other name would smell as sweet ….”  Shakespeare, Romeo and Jul
, Act 2, Scene 2.

[3]  “I shall not today attempt further to define the kinds of material I understand to be embraced within that shorthand description; and perhaps I could never succeed in intelligibly doing so.  But I know it when I see it, and the motion picture involved in this case is not that.”  Jacobellis v. Ohio, 378 U.S. 184, 197 (1964) (Stewart, J., concurring).

[4]  See Gartner IT Glossary, (last visited January 29, 2014).

[5]  See Glossary of Records and Information Management Terms, 4th Ed. (ARMA TR 22-2012). 

[6]    The CGOC’s definition of information governance is found Information Governance Benchmark Report in Global 1000 Companies, CGOC 1, 8 (2010).

[7]  The Sedona Conference, the Sedona Conference Commentary on Information Governance (Public Comment Version) (2013), Available at

[8]  Full disclosure — I am a Sedona Conference Working Group 1 participant and contributed to its Commentary on Information Governance.  I am also a member of ARMA International and have participated in the CGOC.  Obviously, my views are my own and are not attributable to these fine organizations.

[9]  Various standards provide organizations guidance on assessing information practices and providing structure, direction, resources, and accountability for information governance.  See International Standard ISO 15489‑1, Records Management; International Standard ISO 30301, Management Systems for Records; International Standard ISO/IEC 27001, Information Security Management Systems; and ISO/IEC 27001:2005(E).  See also The Generally Accepted Recordkeeping Principles, ARMA (Feb. 17, 2013).

[10] See COSO, Internal Control-Integrated Framework, Executive Summary (May 2012).  A COSO-based internal control system is the combination of five integrated components, including a control environment, risk assessment, control activities, information and communication, and monitoring activities.  Id. at 4-5.

Blog: With E-Cigarettes, FDA Regulation Likely to Rule the Day

By: Walton Milam, Associate Staff

Though the FDA banned Television advertisements for cigarettes over four decades ago, e-Cigarettes advertisements are not yet subject to these FDA regulations and have flooded the airwaves recently.[1]  E-cigarette advertisements will even make it on the air during the Superbowl in some locales.[2]  The FDA is closely monitoring this movement and is expected to release regulations regarding e-Cigarette advertising at some point this year.[3]

Though the FDA decided long ago to stifle the free market from freely advertising tobacco products to Americans, it remains to be seen how the FDA will handle this new product which does not contain Tobacco and supposedly has far less damaging health effects than traditional cigarettes.[4]  E-Cigarette sellers are certainly hoping the FDA won’t curtail their intense advertising blitz that must be paying off.  Though E-cigarette manufacturers only spent $1.1 million on advertising over the first nine months of 2012, they spent $15 million over the first nine months of last year.[5] 

In addition to health concerns regarding E-cigarettes themselves, some fear their resemblance to actual cigarettes is reason enough to ban their advertisement on television as young viewers believe the advertisements will depict individuals smoking tobacco cigarettes.[6]  E-cigarette manufacturers claim their market is adults who already smoke tobacco cigarettes and want a healthier alternative.[7]

Unfortunately, the FDA will almost assuredly inflict some sort of regulation on E-cigarettes and both those opposed to E-cigarette advertising and those in favor will spend millions of lobbying dollars hashing out the issue on capital hill.   The FDA’s whole existence is based on the idea that consumers themselves are incapable of making informed health decisions and that government regulation is needed to block dangerous products from getting in the hands of consumers.  Though the folks in the FDA no doubt have good intentions, their time and money might better be spent creating an advertisement of their own.  If advertisements are such an effective way to influence consumers, as the FDA no doubt believes they are, why not create an FDA television ad explaining the negative health affects of E-Cigarettes (or tobacco cigarettes for that matter, though the hatchet was long ago buried the tobacco industry.)  Why not empower consumers with information that allows them to make an informed choice as to whether or not they want to take on the risks of smoking E-cigarettes rather than preventing any information from reaching consumers, pro or con. 

Though the FDA will assuredly not create an advertisement arguing the negative effects of E-cigarettes, they are likely to come up with some sort of regulations for E-cigarettes in the near future.  Furthermore, though millions of dollars will be spent on lobbying, consumer will likely be left with no more information about E-cigarettes than they had at their disposal in the first place.


[2] Id.

[3] Id.




[7] Id.

Blog: Drones, the future of delivery?

by Emma Buck, Associate Staff


Futuristic movies, television shows, and books have introduced us to the idea of unmanned drones in our everyday lives. Imagine having your mail or packages delivered by something that resembles a mini-helicopter and is piloted by someone many miles away. Even a few years ago, this idea would be pure imagination or fantasy but with recent technological advances, that is no longer the case. Drones with impressive technological abilities are already available to be purchased by individuals.1 Amazon has recently announced their new drone project, Amazon Prime Air.2 This service would allow certain users the option of thirty-minute drone delivery for their online orders. Amazon, which has frequently been a leader in innovation, anticipates that Amazon Prime Air will be available by 2015.


The Federal Aviation Administration regulates the national airspace. In recognition of the inevitable presence of drones in daily life, the FAA has been charged with developing new policies to integrate drones into the national airspace by September 2015.3 These policies will shape how companies, individuals, and governments can use drones in the near future. Many states have implemented bans on the use of drones by governmental entities, preventing potential Fourth Amendment search and seizure concerns.4 While these Constitutional issues only apply to government actions, there are also common law principles such as privacy and trespassing that would also apply to private use of drone technology.


One danger of the easy availability of drones that have video cameras attached is the potential abuse of privacy rights. Imagine that you are sunbathing in your fenced in backyard when suddenly a drone flies over the fence, capturing images of you that you did not want anyone else to see. The claim that would apply in this situation is “intrusion upon seclusion” and could likely apply to use of drones because such conduct may be highly offensive to a reasonable person. 5 This cause of action could likely be used in cases where someone is using drone technology to gather information about another. However, this is an objective standard so it may open the pilot to unintended liability if the drone ends up flying into a private situation, regardless of the pilot’s intentions. As this technology is still developing, there is very little legal precedent that actually speaks directly to this issue so it is unsure how the courts will decided that drone activity fits within this established standard.


A second concern is property rights. Courts have applied trespass to aerial vehicles (planes, helicopters, etc..,) when they are driven into the airspace close enough to someone’s home that it would interfere with their use and enjoyment of the land.6 Usually this has been met when the vehicle causes some sort of excessive noise or vibrations, which a smaller vehicle like a drone is unlikely to do. Yet, this principle would still apply to drones that caused a disturbance and any drone that landed on the property directly.


Drone technology creates all sorts of new and exciting possibilities. Some states are being proactive and starting to preemptively create laws that would regulate the use of this technology. However, these efforts have been more focused on use by the government and not as much by individuals.7 Those that use drones should be aware that they may be opening themselves up to liability in an area with very little guiding legal precedent directly on point.









5 Restatement (Second) of Torts §652B (1977).


6 United States v. Causby, 328 U.S. 256, 264 (1946).




Blog: Google Glass Becoming Problematic for Legislators and Law Enforcement

by Kevin Conneran, Associate Technical & Public Relations Editor


Google Glass is the future of computers (if you believe Google). Google envisions a world where instead of purchasing your prescription glasses from eyewear stores, you simply provide your prescription to Google and they will outfit your computer with your prescription.[1] Lately, however Goggle’s Glass-centric lifestyle has not been embraced by state legislatures and government agencies.


Recently Wyoming joined a growing number of states that have started looking into banning drivers from using Google Glass.[2] Wyoming Democratic State Senator Floyd Esquibel crafted a bill directed at accomplishing this goal.[3] He stated,” Common sense would tell you that you really don’t need to be looking at a little computer while driving.” Similar measures have been proposed in Delaware, Illinois, Missouri, New Jersey, New York and West Virginia.[4]


Google Glass users have also had their fair share of hassles as society figures out how to handle this technological leap. In California, a woman received a ticket for operating a video display in front of the drivers head rest (Ca. Vehicle Code 27602).[5] She subsequently fought the ticket and ultimately won because there was not enough evidence to prove the device was on while the user was driving.[6]


In Ohio, a man was detained by Homeland Security officials for wearing Google Glass while in a movie theater.[7] Officials believed he was filming the movie through his Glass and interviewed him until they determined that he was not using the Glass for piracy.[8]


These are just some issues that have plagued Glass users, and Glass is still in its infancy. Once Glass is fully brought to market instances like this will only become more commonplace. States, government agencies, and businesses need to start planning now, so that they have established standards in place by the time Glass is as common as a Bluetooth.


[1]    See


[3]    Id.

[4]    Id.


[6]    Id.


[8]    Id.

Blog: Google Turns Up the Heat

by Anne Curtis Saunders, Associate Staff

Last week, the ever-innovative Google acquired Nest Labs (Nest), a small Palo Alto operation, for a whopping $3.2 billion, roughly five percent of Google’s available cash.[1] Nest is a producer of “reinvented” home products, an example of which is its cutting-edge thermostat that “…learns your schedule, programs itself and can be controlled from your phone,” and may lead to reducing “your heating and cooling bills up to 20%.”[2] To me, someone who spends far too much time adjusting the thermostat several times a day to get the temperature just right, this thermostat sounds sensational and approaches necessity. Nevertheless, why does Google want it?

Danny Sullivan, leader of and journalist for Search Engine Land, a search engine news and information site,[3] says that “Google likes to know everything they can about us, so I suppose devices that are monitoring what’s going on in our homes is another excellent way for them to gather that information.”[4] He further asserts, “[t]he more [Google is] tied into our everyday life, the more they feel they can deliver products we’ll like and ads.”[5] And, it is the sharing of this information data that has consumers concerned.[6]

Tony Fadell, founder and CEO of Nest, assures consumers that immediately Google will be utilizing the current privacy policy of Nest, whereby the information gained from the products’ monitoring will only be used for the advancement of its own products and services.[7] Or, if changes do occur to the privacy policy, they will be transparent and opt-in.[8] But, what if these possible changes do occur, then what happens?

According to Fadell’s statements, it means that Google will let consumers know of the change in policy, but the change will still occur. And, what can be done about it legally? Unfortunately, not much. For when any privacy policy change takes place, consumers will have agreed to terms of service that refer to the privacy policy, agreeing with whatever the privacy policy may be, including any information data sharing authorized in the policy and any changes that may occur.

The moral of the story – under the present existing legal framework, consumers are offered little to no recourse for such changes to the privacy policy, so think twice before “accepting” terms of service and a possibly not-so-private privacy policy.

[1] Barry Ritholtz, Google Plays Smart Defense by Buying Nest, Bloomberg (Jan. 22, 2014, 7:46AM),


[2] Life with Nest Thermostat, Nest, (last visited Jan. 23, 2014).


[3] About Search Engine Land, Search Engine Land, (last visited Jan. 23, 2014).


[4] Claire Cain Miller, For Google, A Toehold Into Goods for a Home, The New York Times (Jan. 13, 2014),


[5] Id.


[6] Valentina Palladino, Nest CEO Promises Future Privacy Policy Changes Would Be “Opt-In,” The Verge (Jan. 20, 2014, 10:46AM),


[7] Privacy Statement, Nest, (last visited Jan. 23, 2014).


[8] Valentina Palladina, supra note 6.


Blog: Is Your Secure Online Shopping Information Really Secure?

by Spencer Mead, Associate Survey and Symposium Editor

The invention of the internet forever changed the way consumers shop. Consumers now can order an item and receive it within less than 24 hours of the order date. Some of the benefits of online shopping include ease, ability to compare prices across multiple stores, it can be cheaper, and shopping can be more efficient be eliminating the need to physically drive to a store. This has caused a massive surge in the number of people who are shopping online instead of going through a store. Most people assume it is safe to shop online as long as they stay away from phishing scams and seedier parts of the internet. But is this just a false sense of security? This explosion in internet shopping has coincided with a large increase in the number of hackers around the world attempting to get one’s personal information in order to steal their identity or their money.


            Any security felt with being on the internet seems to be a false one with the government’s extensive spying efforts recently coming to light.[1] Some are probably thinking the NSA’s spying program was targeted only at possible terrorists right? Well the short answer is no, the NSA has been targeting all Americans and hording vast amounts of information on these Americans.[2] Well if the government is spying on us are the big companies at least doing anything to try and protect our information? The short answer is yes they are, but how successful are they?


            Target recently made headlines for having over 70 million Target customer’s information stolen.[3] These 70 million customers had their personal information stolen such as their email addresses, mailing addresses, and/or phone numbers stolen.[4] In addition, 40 million target customers had all of their credit card information stolen.[5] This obviously can create problems with people using this stolen information to charge items on the credit accounts. Additionally, if a person’s social security number was tied into the credit card information these thieves would be able to open up other lines of credit in the person’s name without their knowledge. This can have a major impact on a person’s credit score.


            So as a consumer what can you do to protect your information? Well unfortunately not shopping online is not an option. The credit card information was stolen from consumers that used their credit cards within a physical Target store.[6] The best thing a consumer could realistically do would be to not shop online, and to make all purchases in cash. This would eliminate the possibility of a company ever obtaining one’s personal information. However, this raises other concerns such as carrying large amounts of a cash on one’s person, building a credit score by regularly using a credit card, and how to make large purchases easily.


            Obviously there is no way to keep one’s information perfectly safe in this day and age. However, being aware of the problems and putting pressure on large companies to better protect consumer information is a step in the right direction to better secure our personal data. Maybe one day payment methods will be tied into a person’s DNA so that they are the only ones that could possibly use it. However, any such technology is a long ways off and we are going to have to deal with the shortcomings of today’s security.

[1] Electronic Frontier Foundation, How the NSA’s Domestic Spying Program Works, (last visited on Jan. 22, 2014).

[2] Id.

[3] Hadley Malcom, Target: Data stolen from up to 70 million customers, USA Today, Jan. 10, 2014 available at

[4] Id.

[5] Id.

[6] Id.

Blog: Sniffing for Patent Infringement

by: Billy Raska, Associate Staff

Starting back in 2011, Innovatio IP Ventures, LLC (“Innovatio”) began suing various hotels, coffee shops, restaurants, supermarkets, and other commercial Wi-Fi users for infringing several patents that it had acquired from Intermec Technologies Corporation and Intermec IP Corporation, Norand Corporation, and Broadcom Corporation.[1] Most of the publicity surrounding this case has focused on the fact that Innovatio is a non-practicing entity and that the act of suing companies for merely using Wi-Fi is an abusive use of the patent system.[2] However, it is equally interesting to examine how Innovatio has gone about discovering the alleged infringement of its patents.

Innovatio sent technicians to the premises of the various hotels, coffee shops, restaurants, and supermarkets that it ultimately sued with a laptop and a Riverbed AirPcap Nx packet capture adapter[3] (or another similar device). The technicians analyzed only the headers of captured Wi-Fi packets using a modified version of Wireshark [4]. On August 22, 2012, in a preliminary ruling on the admissibility of the information that Innovatio had obtained through its Wi-Fi sniffing process, Judge Holderman held that “Innovatio may collect information from the defendants’ public-facing Wi–Fi networks according to its proposed protocol.”[5]

In reaching this conclusion, Judge Holderman examined the potential privacy concerns raised under the Federal Wiretap Act and ultimately found that “Innovatio’s proposed protocol falls into the exception to the Wiretap Act allowing a person ‘to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public.’”[6] Judge Holderman relied heavily on the fact that the Riverbed AirPcap Nx packet capture adapter is available to the public to purchase for $698 and the Wireshark software can be downloaded for free. Furthermore, Riverbed offers a more basic packet capture adapter for $198. Therefore, the information that Innovatio obtained was readily accessible because the technology used to obtain it was readily accessible to the general public.

A further analysis of the technology involved here reveals that Judge Holderman could have made an even stronger argument on this point. “[A]ll Wi–Fi devices necessarily store an entire received data packet, including the packet’s substantive communications, while the device processes the packet.”[7] These packets are then subjected to several different types of filters that are used to determine whether or not the packet is addressed to the particular Wi-Fi device. There are two types of filters that are of particular interest here: the first filter is used to determine whether or not the packet was sent on the same Wi-Fi network and the second filter is used to determine whether or not the packet is addressed to the particular Wi-Fi device.[8]

The first filter can be avoided by placing a device in “monitor mode.”[9] Some newer Linux machines have monitor mode functionality built in and for those computers that do not, devices such as the Riverbed AirPcap Nx packet capture adapter can be used.

The second filter can be avoided by placing a device in “promiscuous mode.”[10] This can be achieved by simply checking a box in the Wireshark software. Therefore, once a computer is connected to a Wi-Fi network, Wireshark can be used to capture packets on that Wi-Fi network that are not intended for that computer due to the underlying implementation of Wi-Fi.

This all goes to show that capturing Wi-Fi packets in today’s day and age is very easy to accomplish. There are several benefits to having the ability to place a device in monitor mode, but a lot can be accomplished in promiscuous mode. Innovatio targeted commercial entities that provided an open Wi-Fi network for customers. Anyone connected to one of those open Wi-Fi networks could have installed and run Wireshark in promiscuous mode in order to capture packets for FREE.

A point of concern is that Judge Holderman did not rely at all on the fact that Innovatio only collected the header information of the packets because Innovatio’s protocol fell under an exception to the Federal Wiretap Act. This raises the question: could Innovatio have also collected the personal information that was associated with the captured packets? If so, then this opens the door for companies to use the techniques employed by Innovatio to discover a much wider range of patent infringement than may have been initially anticipated.


[1] In re Innovatio IP Ventures, LLC Patent Litigation, 840 F.Supp.2d 1354 (Dec. 28, 2011); In re Innovatio IP Ventures, LLC Patent Litigation, 886 F.Supp.2d 888 (N.D.Ill. Aug. 22, 2012); In re Innovatio IP Ventures, LLC Patent Litigation, 921 F.Supp.2d 903 (N.D.Ill. Feb. 4, 2013); In re Innovatio IP Ventures, LLC Patent Litigation, No. 11C9308, 2013 WL 3874042 (N.D.Ill. July 26, 2013); In re Innovatio IP Ventures, LLC Patent Litigation, No. 11C9308, 2013 WL 5593609 (N.D.Ill. Oct. 3, 2013).

[2] E.g., Joe Mullin, Wi-Fi patent troll hit with racketeering suit emerges unscathed, Ars Technica (Feb. 13 2013, 10:05 AM),

[4] Wireshark, (last visited Oct. 26, 2013).

[5] In re Innovatio IP Ventures, 886 F.Supp.2d at 895.

[6] Id. at 892 (quoting 18 U.S.C. § 2511(2)(g)(i)).

[7] Id. at 891.

[8] WLAN (IEEE 802.11) Capture Setup, (last visited Oct. 26, 2013).

[9] Id.

[10] Id.

Page 15 of 18

Powered by WordPress & Theme by Anders Norén