By Michaela Fuller

 

European policymakers reached an agreement this week on the terms of the Digital Markets Act—a piece of legislation that has been donned “one of the world’s most far-reaching laws to address the power of the biggest tech companies, potentially reshaping app stores, online advertising, e-commerce, messaging services and other everyday digital tools.”[1]

The Digital Markets Act (the “DMA”) imposes a strict set of restrictions on big tech companies that qualify as “gatekeepers” under goals of ensuring fairness and regulation in the digital marketplace.[2] Gatekeepers include companies that measure at least €7.5 billion in annual revenue and €75 billion in market capitalization and have at least forty-five million monthly users and 10,000 yearly business users.^[3] Companies like Amazon, Google, Meta, Microsoft, and Apple will be affected.[4]

The DMA aims to “protect consumers and give rivals a better chance to survive against the world’s powerful tech juggernauts” with rules that will force gatekeeper companies to, among other things, offer its users alternative payment systems, search engines, and messaging platforms.[5] These regulations seek to increase the number of service options available for consumers to choose from while creating real opportunities for new innovators and start-ups to thoughtfully compete in the tech market.[6]

As far as the gatekeepers go, the European Commission notes the tech giants “will keep all opportunities to innovate and offer new services … [but] will simply not be allowed to use unfair practices towards the business users and customers that depend on them to gain an undue advantage.”[7] To hold the gatekeepers accountable, non-compliance with the DMA can result in fines reaching up to ten percent of the company’s worldwide revenue, and up to twenty percent for repeat offenders.[8]

What will these rules actually look like in practice? The DMA will grant users “the option to uninstall pre-installed software applications on a core platform service at any stage.”[9] This means that, for example, iPhone users will be able to delete Safari and Android users can remove Chrome from their devices without affecting the operating systems’ functionality. Apple and Google will also have to allow alternatives to their application stores and payment methods, and online advertising sellers “will see new limits for offering targeted ads without consent.”[10]

Perhaps most controversially, the DMA will also “force messenger services to ensure interoperability with other messaging services,” which will allow for seamless group chatting between users with different operating systems.[11] This means that messaging services like WhatsApp “could be required to offer a way for users of rival services like Signal or Telegram to send and receive messages to somebody using WhatsApp.”[12] Critics fear this interoperability requirement could lead to a huge divide in the market and even a potential collapse of service providers that may provide users with perks like better privacy practices, but cost more than other options.[13]

Messaging interoperability is not the only piece of the DMA that has received criticism, and many questions still remain as to the future of the law. Deemed “one of the fiercest lobbying efforts ever seen,” big tech companies have fought against the regulations at every step of the legislative process and are now “expected to look for ways to diminish [the DMA’s] impact through the courts.”[14]

The DMA will now seek final approval by a full session of the European Parliament and by ministers from the E.U.’s twenty-seven member states.[15] Once passed, the DMA will be “directly applicable across” the entire European Union.[16] Meanwhile, European regulators now face the task of enforcing the new law with the rest of the world watching the effects of his monumental step toward taming big tech.

 

[1] Adam Satariano, E.U. Takes Aim at Big Tech’s Power with Landmark Digital Act, N.Y. Times (Mar. 4, 2022), https://www.nytimes.com/2022/03/24/technology/eu-regulation-apple-meta-google.html.

[2] The Digital Markets Act: Ensuring Fair and Open Digital Markets, Eur. Comm’n, https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/digital-markets-act-ensuring-fair-and-open-digital-markets_en [hereinafter The Digital Markets Act].

[3] European Union Reached a Political Agreement on the Digital Markets Act, Nat’l L. Rev. (Mar. 29, 2022), https://www.natlawreview.com/article/european-union-reached-political-agreement-digital-markets-act.

[4] Satariano, supra note 1.

[5] EU Negotiators Agree Landmark Law To Curb US Big Tech Giants, Al Jazeera (Mar. 25, 2022), https://www.aljazeera.com/news/2022/3/25/eu-negotiators-agree-landmark-law-to-curb-us-big-tech-giants [hereinafter EU Negotiators].

[6] The Digital Markets Act, supra note 2.

[7] Id.

[8] EU Negotiators, supra note 5.

[9] The Digital Markets Act: What You Need to Know About the EU’s New DMA, The Stack (Mar. 28, 2022), https://thestack.technology/the-digital-markets-act-what-you-need-to-know/ [hereinafter What You Need to Know].

[10] Satariano, supra note 1.

[11] What You Need to Know, supra note 9.

[12] Satariano, supra note 1.

[13] What You Need to Know, supra note 9.

[14] Satariano, supra note 1.

[15] EU Negotiators, supra note 5.

[16] The Digital Markets Act, supra note 2.

Image source: https://images.app.goo.gl/GnqHmD4X54nfJiwe6

By Najah Walker

 

Earlier this year, “Black Panther” director Ryan Coogler was arrested after attempting to withdraw $12,000 from his Bank of America account in Atlanta, Georgia.[1] The teller told her boss that she suspected Coogler was attempting to rob the bank- even though he presented valid identification and had an account with the bank.[2] Coogler was eventually released, but this incident triggered public outrage and accusations of racism.[3] Coogler’s experience is a part of a larger issue.[4] Black communities are financially shut out and discriminated against everyday through the steady decline of black-owned banking institutions and the decrease in the number of banks in Black-majority neighborhoods.[5]

In the wake of the murder of George Floyd, many national banks announced efforts to address lower bank branch density in historically underserved areas.[6] However, the problem persists with Black adults being more likely to have to travel more than 10 minutes to a bank branch, if there is a local branch at all.[7]

Because of the lack of access to in-person banking services, Black adults have turned to digital only banks to meet their financial needs.[8] A survey conducted by Morning Consult between July 2021 and January 2022 found that 14% of Black adults consider a digital bank to be their primary banking provider.[9] To keep pace with Black consumers’ financial preferences and needs, banking providers must continue to evolve their digital capabilities.[10]

Daniel Griggs, founder of ATX The Brand, suggests that digital transformation could even help black-owned banks and be a tool to keep them alive.[11] His hope is that the growing number of consumers will want financial institutions that provide digital services such as virtual account management, banking apps, and video meetings.[12] Several black-owned banks and credit unions have already taken steps to enhance their digital presence and attract customers.[13] Although black-owned banks have historically been unsupported by our government,[14] they are needed and wanted in the United States.[15] As black-owned banks continue to embrace new digital tools, one can only hope that the future of banking is more equitable and accommodating for black communities.

 

[1] Black Panther Ryan Coogler Director Mistaken for Bank Robber, BBC News (Mar. 9, 2022), https://www.bbc.com/news/world-us-canada-60685146.

[2] Id.

[3] Peony Hirwani, Ryan Coogler Fans Accuse Bank of America of Racism Over Robbery Fiasco, Independent (Mar. 10, 2022), https://www.independent.co.uk/arts-entertainment/films/news/ryan-coogler-arrested-robbery-bank-b2032612.html.

[4] See Kristen Borady, Mac McComas, and Amine Ouazad, An Analysis of Financial Institutions in Black-majority Communities, Brookings (Nov. 2, 2021), https://www.brookings.edu/research/an-analysis-of-financial-institutions-in-black-majority-communities-black-borrowers-and-depositors-face-considerable-challenges-in-accessing-banking-services/.

[5] Id.

[6] Charlotte Principato, The Black Banking Experience is Digital, but Banking Leaders Must Understand Why, Morning Consult (Feb. 22, 2022), https://morningconsult.com/2022/02/22/black-banking-experience-is-digital-but-banking-leaders-must-understand-why/.

[7] Id.

[8] Id.

[9] Id.

[10] Id.

[11] Jefferey McKinney, Digital Transformation Could Help Black Banks Survive and Not Surrender, Black Enterprise (Jan. 20, 2022), https://www.blackenterprise.com/entrepreneur-how-digital-transformation-could-help-black-banks-pull-through/.

[12] Id.

[13] Id.

[14] See Borady, supra note 4.

[15] McKinney, supra note 11.

Image source: https://www.businessinsider.com/personal-finance/black-owned-banks-credit-unions

By Chris Jones

 

I. Introduction

COVID-19 sparked a “tsunami of growth” in the United States’ telehealth industry.[1] The Office for Civil Rights (“OCR”) Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency (“Notification”) allowed medical providers to utilize telehealth platforms that fell short of The Health Insurance Portability and Accountability Act of 1996’s (“HIPAA”) privacy requirements.[2]

Technology companies and governments have “long shown themselves to be wolves in sheep’s clothing when it comes to privacy: promising privacy while conducting widespread and illicit surveillance.”[3] A recent study determined that over 70% of medical applications shared users’ sensitive information with third-party data aggregators, without the user’s knowledge or consent.[4]

Data aggregators can use this information to potentially damage the individual financially, physically, or psychologically.[5] This data is often marketed and sold to a variety of commercial third parties including employers, advertisers, and insurers.[6] In one case, a data aggregator sold the digital health-related data of approximately 3 million individuals to an insurance company.[7]

By allowing medical providers to utilize inferior privacy measures, the risk of individual privacy harm continues to increase. Privacy injuries associated with the unauthorized use of an individual’s data may include reputational, discrimination, physical, psychological, economic, and relationship harms.[8] Thus, telehealth platforms should be required to obtain a Telehealth Privacy Certification (“Certification”) of compliance prior to public market release. This Certification would strengthen security and ensure a patient’s privacy rights are protected moving forward—regardless of what the future holds.

II. Telehealth During COVID-19

During the COVID-19 pandemic, private telehealth companies and health care systems reported an increase of telehealth use ranging from 100% to 4300%.[9] According to the Center for Disease Control and Prevention (“CDC”), 43% of medical providers had telehealth capabilities before the pandemic.[10] After the pandemic began, 95% offered telehealth.[11]

Telehealth is defined as the use of electronic information and communications technologies to deliver clinical and nonclinical health care services.[12] Telehealth communications generally consist of three types: (1) Synchronous, which involves direct communication between the provider and the patient using phone, video, or data transmission such as texting; (2) Asynchronous, which involves the storage of information for the provider or patient with the expectation the other party will review it and respond back at some point in the future; and (3) Remote patient monitoring, which involves a mix of both synchronous and asynchronous telehealth that allows the provider to monitor the patient over time.[13] Prior to the pandemic, there were many barriers to utilizing telehealth such as provider licensing, insurance approval, lack of equipment, and the overall costs of complying with HIPAA.[14] For example, extremely expensive devices were required for both the patient and physician with costs ranging from $799 on up.[15]

As telehealth appointments have become common events, patients confide in their providers as they would if meeting in person. Patients can be particularly susceptible to privacy harm when being videotaped. Typical telehealth sessions often contain a patient’s personal disclosures of “objective and highly sensitive statements of fact” that “may be inherently more revelatory” than the provider’s ordinary notes based on subjective impressions.[16] Even when complying with HIPAA, providers are free to retain archived, stored, or transmitted data from telehealth sessions.[17]

Mental health therapist Tiffany Chhuom worries about the impact of temporarily lifting privacy protections for patient data included in video or text discussions with their doctors.[18] “The ways in which these clients who are so vulnerable on video could be exploited — I don’t have the words to explain how much that concerns me,” said Chhuom.[19]

III. Legal Background

While it is generally understood that medical providers should use the highest level of standards to assure peace of mind for their patients,[20] HIPAA regulates the use of technology to transmit certain medical data at the federal level.[21] HIPAA requires covered entities to follow data privacy, data security, and data breach notification requirements when handling applicable medical information.[22]

The Health Information Technology for Economic and Clinical Health Act (“HITECH Act”) amended HIPAA in 2009 to further define the responsibilities and roles of healthcare providers and business associates.[23] The HITECH Act requires that covered entities utilize a Business Associate Agreement (“BAA”)[24] and demands that associates comply with the appropriate sections of HIPAA’s Privacy and Security Rules.[25] Absent exception, HIPAA’s Privacy Rule requires patient consent in order for a covered entity to share Protected Health Information (“PHI”) with third parties.[26] HIPAA’s Security Rule requires that covered entities utilize “administrative, physical, and technical safeguards to prevent threats or hazards to the security of electronic PHI.”[27]

Herein lies the broader issue—under the current regulation, the use of specific telehealth equipment or technology cannot ensure an entity is HIPAA-compliant.[28] Thus, the burden to utilize HIPAA-compliant telehealth platforms falls on the covered entity.[29] If a covered entity utilizes telehealth involving PHI, the entity must comply with the same HIPAA requirements that it would if the patient visited the office.[30] This requires the entity to have technical knowledge in order to conduct a thorough assessment of any potential risk or vulnerability that may affect the confidentiality or integrity of the patient’s PHI.[31] Pandemic or not, this level of technical compliance can be difficult for medical specialists to ascertain.

IV. OCR’s Notification of Enforcement Discretion

During the COVID-19 pandemic, patients across the country were asked to accept a trade-off between access to remote health care and protection of their sensitive health data.[32]  In March 2020, the United States government further relaxed its already anemic privacy standards by enacting the Notification that allowed medical providers to utilize telehealth platforms, which fell short of HIPAA privacy requirements.[33] This Notification declared the OCR would not impose penalties for noncompliance with HIPAA regulatory requirements regarding telehealth during the pandemic, as long as the activities were carried out in good faith—even if the appointment was not related to COVID-19.[34] Without stringent privacy and security features employed, a telehealth appointment can have devastating effects on a patient’s employment status, insurance ratings, and personal reputation.[35]

Any non-public facing remote communication products were allowed to be utilized for medical appointments, regardless of the privacy and security features.[36] For example, this Notification allowed a provider to examine a patient utilizing a videoconferencing application on the patient’s phone.[37] Additionally, it only suggested the provider notify their patients of potential third-party privacy risks and only recommended they should utilize all encryption and privacy modes available.[38] This waiver applied to HIPAA’s Privacy, Security, and Breach Notification Rules.[39]

The OCR provided a list of potential video communication platforms that claimed to be HIPAA-compliant and were willing to enter into a BAA;[40] yet did not specifically endorse them.[41] This Notification recommended that providers concerned about additional privacy protections for their patients continue to utilize services through HIPAA-compliant vendors.[42]

For example, this Notification allowed medical providers to utilize the consumer version of Zoom for confidential telehealth visits.[43] Zoom experienced a 10-fold increase in usage since the COVID-19 pandemic began, including increased use in healthcare.[44] According to a study by Sermo, Zoom was the most common telehealth platform in use during the COVID-19 pandemic.[45]

Zoom has come under fire as a myriad of articles and lawsuits exposed its privacy flaws.[46] Zoom users encountered Zoom Bombing, which occurs when someone joins a meeting they weren’t invited to and “drops gross or disturbing images.”[47] Confidential secrets are easily revealed when random people join private videoconferences.[48] For example, online classes at UCLA were disrupted by a Zoom Bomber shouting slurs and insulting individuals.[49] Zoom Bombers have even posted pornographic content during video chats like AA meetings.[50]

As this Notification allowed for any non-public teleconferencing platform to be used,[51] the privacy issues exposed here are not unique to Zoom alone—Zoom likely only scratches the surface.[52]

This Notification of Enforcement Discretion was inadequate as it essentially stripped consumers of their right to privacy by allowing providers to utilize random videoconferencing applications with no guarantees of confidentiality or security. The importance of privacy and security concerns surrounding telehealth cannot be overlooked as medical data necessitates a higher standard of security due to its personal and sensitive nature.[53] The effects of this Notification may be felt for years or decades to come if the medical data makes its way into the hands of data brokers,[54] unscrupulous actors, or onto the Dark Web.

V. Two Years In – Where Do We Go From Here?

For the past two years, medical providers and patients have become accustomed to utilizing telehealth without the safety of regulatory oversight. As the state of emergency declarations are lifted, this compliance waiver will likely end. Covered entities will no longer be allowed to utilize whatever nonpublic telehealth modality patients have chosen, and will be required to resume utilizing only telehealth platforms that comply with HIPAA.

In October 2021, the American Medical Association (“AMA”) called on the OCR to extend this Notification for yet another year, in order to provide its members with more time to adapt to HIPAA-compliant technologies.[55] The AMA has requested that the OCR assist providers by establishing “guidance documents that specifically speak to telemedicine platforms and what HIPAA requires for use of such technology.”[56] As the AMA explained, “many clinicians are using telemedicine for the first time and may not be well-versed in the unique risks and vulnerabilities associated with the new tools they are using.”[57]

This chain of events is taking Americans’ privacy concerns even further off track.  As the AMA confirmed, medical providers are not technologists and do not specialize in decrypting the intricate privacy concerns involved with third-party applications.

In order to protect both health and privacy, Congress should enact a comprehensive federal regulation to require Telehealth Privacy Certification (“Certification”), administered by the OCR, for all platforms prior to public market release. The OCR already has a trained staff of technologists currently tasked with HIPAA auditing and enforcement. Thus, the OCR should implement a new system to standardize and simplify the necessary HIPAA-compliant technological requirements for telehealth platforms and control how personal telehealth data is maintained.[58] This Certification should also implement one standardized BAA required for use with all approved telehealth platforms.

By requiring telehealth platforms to meet or exceed HIPAA regulations upfront, entities that specialize in medicine would no longer be tasked with attempting to analyze whether or not technology platforms comply with the applicable laws. Instead, medical providers can confidently focus their resources on treating patients’ health concerns—the true purpose of telehealth.

With Certification, it is possible to leverage the public health benefits of telehealth without subjecting unsuspecting patients to abusive or illicit surveillance. This long-term solution would safeguard the privacy rights of telehealth users and ensure that patients’ medical data is protected—both during a pandemic and beyond.

 

[1] See Marie Fishpaw & Stephanie Zawada, Telehealth in the Pandemic and Beyond: The Policies That Made It Possible, and the Policies That Can Expand Its Potential, Heritage Found. (July 20, 2020), https://www.heritage.org/health-care-reform/report/telehealth-the-pandemic-and-beyond-the-policies-made-it-possible-and-the.

[2] See Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency, U.S. Dep’t Health & Hum. Servs., https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/notification-enforcement-discretion-telehealth/index.html (last updated Mar. 30, 2020) [hereinafter Notification of Enforcement Discretion]; Telehealth and Telemedicine: Frequently Asked Questions, Cong. Research Serv. (Mar. 12, 2020), https://crsreports.congress.gov/product/pdf/R/R46239.

[3] Jake Goldenfein, Ben Green, & Salome Viljoen, Privacy Versus Health Is a False Trade-Off, Jacobin, https://jacobinmag.com/2020/4/privacy-health-surveillance-coronavirus-pandemic-technology (last visited Sept. 19, 2020).

[4] Lori Andrews, A New Privacy Paradigm in the Age of Apps, 53 Wake Forest L. Rev. 421, 421 (2018).

[5] Id. at 424.

[6] Id. at 421.

[7] Id. at 461.

[8] See Daniel J. Solove & Danielle Keats Citron, Privacy Harms, GW L. Fac. Publ’n & Other Works, 1534, (2021), https://scholarship.law.gwu.edu/faculty_publications/1534/.

[9] Fishpaw, supra note 1.

[10] Hanna B. Demeke, Sharifa Merali, Suzanne Marks, et al., Trends in Use of Telehealth Among Health Centers During the COVID-19 Pandemic — United States, June 26–November 6, 2020 (Morbidity and Mortality Weekly Report), CDC (Feb. 19, 2021), https://www.cdc.gov/mmwr/volumes/70/wr/mm7007a3.htm.

[11] Id.

[12] Telehealth and Telemedicine: Frequently Asked Questions, Cong. Research Serv. (Mar. 12, 2020), https://crsreports.congress.gov/product/pdf/R/R46239. While the World Health Organization limits the term “telemedicine to services provided by doctors,” whereas “telehealth is broader, including services from other health providers such as nurses, psychologists and pharmacists;” the terms telehealth and telemedicine are often used interchangeably. Dana Shilling, Telemedicine in the age of COVID-19, 35 Elder L. Advisory NL 1, 1 (2020).

[13] See David A. Hoffman, Increasing Access to Care: Telehealth During COVID-19, 7 J. L. & Biosciences 1, 3 (2020).

[14] See Miranda A. Moore & Dominique D. Monroe, COVID-19 Brings About Rapid Changes in the Telehealth Landscape, Mary Ann Liebert, Inc., Publishers (Aug. 14, 2020), https://www.liebertpub.com/doi/10.1089/TMJ.2020.0228.

[15] Id.

[16] Josh Sherman, Double Secret Protection:  Bridging Federal and State Law to Protect Privacy Rights for Telemental and Mobile Health Users, 67 Duke L. J. 1115, 1143 (2018).

[17] See id. at 1141–43.

[18] Kate Kaye, HHS Notice on Telehealth Penalties Raises Privacy Concerns, Int’l Ass’n of Privacy Prof’ls (Mar. 20, 2020), https://iapp.org/news/a/hhs-notice-on-telehealth-penalties-raises-privacy-concerns/. Chhuom worked with the Washington State Health Care Authority to utilize digital technology in its response to the COVID-19 pandemic. Chhuom has first-hand experience with patient technology as she owns Eth Tech, a digital training firm. See id.

[19] Id.

[20] See Geoffrey Lottenberg, COVID-19 Telehealth Boom Demands Better Privacy Practices, Lexis Law 360 (July 2, 2020), https://www.law360.com/articles/1287404/covid-19-telehealth-boom-demands-better-privacy-practices-.

[21] HIPAA, Telehealth, and COVID-19, Cong. Res. Serv. (June 5, 2020), https://crsreports.congress.gov/product/pdf/LSB/LSB10490.

[22] See id. (A Covered Entity is one that is (1) A health plan, (2) A health care clearinghouse, or (3) A health care provider who transmits any health information in electronic form in connection with a transaction covered by 45 CFR § 160.103). HIPAA imposes obligations on covered entities, those that have entered into a Business Associate Agreement (“BAA”) with a covered entity, and subcontractors of covered entities or business associates. See Business Associate Contracts, U.S. Dep’t of Health & Hum. Servs., https://www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html (last reviewed June 16, 2017).

[23] See Business Associate Contracts, supra note 22. (A Business Associate is a person or entity, including subcontractors, who “perform[s] functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information.”).

[24] A covered entity may share PHI with another entity only after a BAA has been entered into that provides “satisfactory assurances” the business will appropriately safeguard the information. Therefore, the business associates themselves are directly liable for breaches of HIPAA. See HIPAA, Telehealth, and COVID-19, supra note 21.

[25] See Leslie Lenert & Brooke Yeager McSwain, Balancing Health Privacy, Health Information Exchange, and Research in the Context of the COVID-19 Pandemic, J. Am. Med. Infomatics Ass’n (Apr. 26, 2020), https://academic.oup.com/jamia/article/27/6/963/5814212.

[26] See HIPAA, Telehealth, and COVID-19, supra note 21.

[27] See HIPAA, Telehealth, and COVID-19, supra note 21.

[28] HIPAA and Telehealth, Ctr. for Connected Health Policy, https://www.cchpca.org/sites/default/files/2018-09/HIPAA%20and%20Telehealth.pdf (last visited Dec. 18, 2020).

[29] Id.

[30] Id.

[31] Id.

[32] Goldenfein, Green, & Viljoen, supra note 3.

[33] See Notification of Enforcement Discretion, supra note 2.

[34] Notification of Enforcement Discretion, supra note 2.

[35] See Lothar Determann, Healthy Data Protection, 26 Mich. Tech. L. Rev. 229, 256 (2020).

[36] Notification of Enforcement Discretion, supra note 2.

[37] Notification of Enforcement Discretion, supra note 2.

[38] Notification of Enforcement Discretion, supra note 2. 

[39] FAQs on Telehealth and HIPAA During the COVID-19 Nationwide Public Health Emergency, U.S. Dep’t of Health & Hum. Servs., https://www.hhs.gov/sites/default/files/telehealth-faqs-508.pdf (last viewed Dec. 17, 2020).

[40] Notification of Enforcement Discretion, supra note 2.

[41] Notification of Enforcement Discretion, supra note 2.

[42] Notification of Enforcement Discretion, supra note 2.

[43] See Notification of Enforcement Discretion, supra note 2.

[44] Mohammad S. Jalali, Adam Landman, & William Gordon, Telemedicine, Privacy, and Information Security in the Age of COVID-19, SSRN 1, 2 (July 8, 2020), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3646320.

[45] Deborah R. Farringer, A Telehealth Explosion: Using Lessons from the Pandemic to Shape the Future of Telehealth Regulation, SSRN 1, 28 (Aug. 5, 2020), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3681070.

[46] See Ajay Chawla, Coronavirus – Covid 19 ‘Zoom’ Application Boon or Bane, SSRN (May 20, 2020), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3606716.

[47] Id.

[48]  See Michael Goodyear, The Dark Side of Videoconferencing: The Privacy Tribulations of Zoom and the Fragmented State of U.S. Data Privacy Law, 10 Hous. L. Rev. 76, 80-81 (2020).

[49] Emily MacInnis, Students, Professors Report Multiple Incidents of Zoombombing in One Day, Daily Bruin (Oct. 11, 2020, 6:00 PM), https://dailybruin.com/2020/10/06/students-professors-report-multiple-incidents-of-zoombombing-in-one-day.

[50] Chawla, supra note 46.

[51] Notification of Enforcement Discretion, supra note 2.

[52] See Goldenfein, Green, & Viljoen, supra note 3.

[53] Mohammad S. Jalali, Adam Landman, & William Gordon, Telemedicine, Privacy, and Information Security in the Age of COVID-19, SSRN (July 8, 2020), https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3646320.

[54] See WebFX Team, What are Data Brokers — and What is Your Data Worth?, WebFX (Mar. 16, 2020), https://www.webfx.com/blog/internet/what-are-data-brokers-and-what-is-your-data-worth-infographic/ (Data brokers belong to a “multi-billion dollar industry made up of companies who collect consumer data and sell it to other companies, usually for marketing purposes.” Because data brokers do not deal directly with consumers, many individuals are unaware these companies exist.).

[55] Letter from James L. Madara, MD, CEO Executive Vice President, Am. Med. Ass’n, to Lisa J. Pino, Dir., Off. Civ. Rts. (Oct. 25, 2021), https://searchlf.ama-assn.org/letter/documentDownload?uri=/unstructured/binary/letter/LETTERS/2021-10-25-Letter-to-Pino-on-HIPAA-Flexibility.pdf.

[56] Id.

[57] Id.

[58] Goldenfein, Green, & Viljoen, supra note 3.

Image source: https://labblog.uofmhealth.org/rounds/telehealth-visits-skyrocket-for-older-adults-but-concerns-and-barriers-remain

By Austin Wade-Vicente

 

Fossil fuels have changed the course of human history.[1] The 1500s and 1600s used trees to supply warmth to thousands, but reliance on wood deforested entire countries for fuel consumption. In the 1900s, horse-drawn carts and buses expedited transportation, yet the beasts’ dung brought flies that spread a miasma of disease.[2] Today, our transportation, heat, and other energy needs are predominantly satisfied through the use of fossil fuels, but they greatly impact our atmosphere and environment.[3] However, engineers at the University of Delaware have discovered a new technological breakthrough that may build the bridge to a post-fossil fuel age.[4]

The University of Delaware’s research team accidentally created an effective carbon-capturing solution when it was experimenting with “hydroxide exchange membrane (HEM) fuel cells, a more affordable and environmentally friendly alternative to traditional acid-based fuel cells.[5] These fuel cells would function to change chemical energy into electric energy in hybrid or zero-emission vehicles, but they were kept off the road because they are incredibly sensitive to carbon dioxide input.[6] Carbon dioxide caused these fuel cells to lose 20% efficiency, making them no better than a regular gasoline engine.[7] It took the team nearly decades of research, but soon, that hindrance became a leverageable strength. Using hydrogen to control the short-circuiting fuel cells created a mechanism that can capture 98% of all carbon dioxide running through them at a rate of 10 liters per minute.[8] Effectively, electric vehicles equipped with this technology could continuously remove carbon emissions from the air while driving.[9]

There are two notable drawbacks to this system, however. First, this fuel cell system is only stable with added hydrogen. Hydrogen consumption in the U.S. alone is predominantly used by industry for refining petroleum, treating metals, producing fertilizer, and processing foods.[10] There are a few hydrogen-based electric vehicles for sale, but the market is in its infancy.[11] Regardless, two head engineers from the University of Delaware HEM project have created the spinoff company Versogen to further research towards sustainable green hydrogen and bringing these environmentally friendly fuel cells to market.[12] Second, environmentalists see carbon capture as a dangerous distraction from ceasing reliance on fossil fuels. Carbon dioxide transportation is normally done through pipelines that can leak or rupture and can result in the asphyxiation of humans and animals. It can even taint freshwater sources.[13] Regardless, carbon capture is not propagated as a silver bullet solution, and neither is immediately dropping fossil fuel usage either. The pandemic dropped global carbon emissions in 2020 by 4%–7% but damaged the world’s economy at the same time.[14] Even worse is that current electric vehicle batteries are not feasible for any kind of substantial shipping, further underscoring the need for technological innovation before renouncing fossil fuels.[15]

Despite risks espoused by environmentalists, lawmakers have begun to see carbon capture as a viable solution to mitigating our carbon emissions.[16] Senator Joe Manchin of West Virginia introduced bipartisan legislation to give tax credits to and encourage those undergoing carbon capture projects.[17] Manchin’s Carbon Capture, Utilization, and Sequestration (CCSU) Amendments Act also would allow for direct payment of carbon credits and increase commercialization/support for direct air capture of CO2.[18] Legislation such as this could be the legal mechanism that fuels carbon capture technology like Delaware’s HEM fuel cell project. If fully operational, this venture could begin to greatly impact transportation emissions, which make up the majority of greenhouse gas emissions in the U.S.[19] Legislative support for further research into carbon capture and hydrogen vehicles may be the bridge needed to finally begin the transition from fossil fuels and create the green age of travel by land, sea, air, and even to the stars.[20]

 

[1] Samantha Gross, Why are Fossil Fuels so Hard to Quit?, Brookings Inst. (June, 2020), https://www.brookings.edu/essay/why-are-fossil-fuels-so-hard-to-quit/.

[2] Id.

[3] See Sources of Greenhouse Gas Emission, EPA (last visited Feb. 27, 2022), https://www.epa.gov/ghgemissions/sources-greenhouse-gas-emissions#transportation.

[4] See generally Chris Young, New ‘Game-Changing’ Technology Removes 99% of Carbon Dioxide from the Air, Interesting Engineering (Feb. 4, 2022), https://interestingengineering.com/new-game-changing-technology-removes-99-of-carbon-dioxide-from-the-air.

[5] Id.

[6] 99% of CO2 Could Be Removed from Air by Game-Changing Technology, Technology Networks (Feb. 4, 2022), https://www.technologynetworks.com/applied-sciences/news/99-of-co2-could-be-removed-from-air-by-game-changing-technology-358214.

[7] Id.

[8] Id.

[9] Id.

[10] Hydrogen Explained, Energy Info. Admin. (Jan. 20, 2022), https://www.eia.gov/energyexplained/hydrogen/use-of-hydrogen.php#:~:text=Nearly%20all%20of%20the%20hydrogen,the%20sulfur%20content%20of%20fuels.

[11] See Id.

[12] Karen B. Roberts, Researchers Report Game-Changing Technology to Remove 99% of Carbon Dioxide from Air, Tech Xplore (Feb. 3, 2022), https://techxplore.com/news/2022-02-game-changing-technology-carbon-dioxide-air.html.

[13] Carbon Capture ‘A Dangerous Distraction’, 500 Organizations Warn Canada, U.S., The Energy Mix (July 22, 2021), https://www.theenergymix.com/2021/07/22/carbon-capture-a-dangerous-distraction-500-organizations-warn-canada-u-s/.

[14] Gross, supra note 1.

[15] Id.

[16] See Manchin Introduces Carbon Capture Legislation, Senate Comm. on Energy & Nat. Res. (Mar. 25, 2021), https://www.energy.senate.gov/2021/3/manchin-introduces-carbon-capture-legislation#:~:text=Washington%2C%20DC%20%E2%80%93%20Today%2C%20U.S.,available%20and%20easier%20to%20use.

[17] Id.

[18] Id.

[19]  Sources of Greenhouse Gas Emissions, EPA (last visited Feb. 27, 2022), https://www.epa.gov/ghgemissions/sources-greenhouse-gas-emissions#transportation.

[20] See generally Young, supra note 4.

Image Source: https://www.leopardsystems.com.au/cleaner-greener-how-to-drive-down-fleet-emissions-reduce-your-carbon-footprint/

By Eleni Poulos

 

The documentary, Tinder Swindler, looks at the story of Simon Hayut, who posed as the son of a diamond mogul and used the popular dating app Tinder to meet women and manipulate them into providing him money.[1] Ultimately, Hayut scammed approximately $10 million from these women.[2] Unfortunately, this isn’t an isolated incident.[3] It is reported that Americans alone lost nearly $1 billion in 2021 to online dating scams like the Tinder Swindler.[4] The law protects those who are financially harmed by online dating scams and in the aftermath of Hayut’s con, the victims sued in hopes of recovering the money they lost during their “relationship” with Hayut.  Though, recourse is not always successful.[5] For example, one of Hayut’s victims, Pernilla Sjöholm recently lost a battle in court against the banks she believes in partially responsible for the scam.[6] Another victim of Hayut’s—Ayleen Charlotte—lost her case against the bank, ING.[7] But what about those victims that do not necessarily lose their money, but instead lose their time and emotional stability?

Laws in the United States do not adequately protect against falsehoods and manipulation on dating applications, even though studies show that individuals using online dating apps, like Tinder, Hinge, and Bumble, often lie about their name, relationship status, and appearance.[8] More than half the respondents in a study by B2B International and Kaspersky Lab, admitted to lying in their profiles.[9] As a result, a law professor at Hofstra University, Irina Manta, focused extensively in this area and uses the term “sexual fraud” to define this type of behavior.[10] She makes three main arguments for addressing it.[11] First, she argues that because of the ineffectiveness of criminal law in these circumstances, the courts should use a rendition of trademark law to “reduce search costs and deception in the dating marketplace, just as we do in the economic marketplace.”[12] Manta also argues that legal recourse would be more effective, if the process could take advantage of slam claims courts as a way of “discourage[ing]” behaviors that may bring significant dignitary, emotional, and other harms” to the individuals using these dating apps.[13] Finally, she argues that statutory damages should be available to victims of sexual fraud.[14] She makes the point that proving this fraudulent behavior and thus allowing an individual to recover damages is easier now than ever—since the evidence is saved on these dating apps.[15] Overall, the theory requires that a profile be truthful and that what is advertised on an individual’s profile does not mislead another, or pay the consequences of fraudulent behavior.[16] Manta believes this is an integral first step in making online dating, and the Internet more generally, a safe place to be. [17]

Nevertheless, though legal recourse for this kind of sexual fraud is limited, states have formed legislation to help protect their citizens. Though this is a positive step, the legislation still has a way to go. As more and more stories of scams like the Tinder Swindler come to light, it’s fair to assume that the law may also evolve to protect individuals using these apps. If it doesn’t, will the responsibility begin to fall on the app developers themselves?

 

[1] The Tinder Swindler, Wikipedia (Mar. 13, 2022), https://en.wikipedia.org/wiki/The_Tinder_Swindler.

[2] Id.

[3] Maya Yang, American Lost $1bn to Tinder-Swindler style romance cons last year, FBI says, The Guardian, (Feb. 15, 2022), https://www.theguardian.com/us-news/2022/feb/15/tinder-swindler-americans-romance-scam-con-fbi.

[4] Id.

[5] See Emily Smith, ‘Tinder Swindler’ victim suffers legal setback, Page Six, (Mar. 14, 2022), https://pagesix.com/2022/03/14/tinder-swindler-victim-pernilla-sjoholm-suffers-legal-setback/.

[6] Id.

[7] Id.

[8] Amy Polacko, Netflix’s ‘Tinder Swindler’ isn’t alone. Beware Match monsters and Bumble betrayers, too, NBC News, (Feb. 11, 2022), https://www.nbcnews.com/think/opinion/netflix-tinder-swindler-simon-leviev-isn-t-only-dating-app-ncna1288981.

[9] Id.

[10] Irina D. Manta, Tinder Lies, 54 Wake Forest L. Rev. 207, 207 (2019).

[11] Id. at 207.

[12] Id.

[13] Id. at 207-08.

[14] Id. at 208.

[15] Manta, supra note 10, at 236.

[16] Polacko, supra note 8.

[17] Manta, supra note 10, at 249.

Image source: https://www.flickr.com/photos/51035749109@N01/8637598848

By Grayson Walloga

 

Can a robot write a symphony? Can a robot turn a canvas into a beautiful masterpiece? Can a robot produce a beautiful and impactful movie script?

In 2016, there was an attempt. Sunspring is a short science fiction film written entirely by an AI that named itself Benjamin.[1] The director, Oscar Sharp, fed hundreds of sci-fi screenplays to the AI and then instructed it to create its own. Was it any good? Well, it did place in the top ten out of hundreds of entries in the Sci-Fi London contest.[2] The film was enjoyed by many, though mostly for the wrong reasons. Sunspring is entirely incoherent. Most of the dialogue is littered with grammatical errors, the plot is non-existent, and the characters have whole conversations on what seems like an alternative plane of reality. That being said, the film is quite fun. Most of the praise should go to the actors who did their best to interpret the mess conjured up by Benjamin.[3] They turned a script composed of utter nonsense into a gripping tale of romance and murder by their own tone and body language which allowed for Benjamin’s story to be realized in some way.

Solicitors, released in 2020, was another short film written by an AI.[4] Two senior student filmmakers from Chapman University used GPT-3 (specifically, the tool “Shortly Read”) to create most of the film, but started off the script with just the following lines: “Barb’s reading a book. A knock on the door. She stands and opens it. Rudy, goofy-looking, stands on the other side.”[5] GPT-3 is a 175 billion parameters Transformer deep learning model from OpenAI that has been used for translation work, writing scripts for films, and even the creation of fake blog posts (not this one).[6]

Solicitors, unlike Sunspring before it, actually manages to make a bit of sense and adhere to a basic three-act structure. It even throws in an M. Night Shyamalan plot twist for good measure! There are times when the dialogue becomes odd or characters contradict themselves after a while, but for a machine-written work it is very impressive. The GPT-3 tends to be more effective on shorter content as it usually has problems retaining a story’s tone.[7] While that means an author might run into issues trying to get a whole novel created with GPT-3, he can still find great success using the technology to overcome writer’s block when working on a particular scene. [8] Authors should still make sure the machine-written scene makes sense before adopting it into their work. Just because a machine can write a story doesn’t mean it will be any good.

Of course, there is also the problem with interpreting the machine-written story too. Both Sunspring and Solicitors explore the necessary inclusion of human beings in AI writing. For Sunspring, the actors were the ones who turned the poorly written jumble of words into an overly dramatic, so-bad-its-good experience like The Room.[9] The more tightly written Solicitors was half the run time as Sunspring, and had parameters set with the initial scenario being pre-written. [10] As it stands right now, machine-written works can only truly work through the combined efforts of humans and artificial intelligence.[11]

Eager to find out how entertaining a machine-written story might be, I set out to find one that I could use free of charge. DeepStory is an AI-driven script & story generator that is freely available online.[12] You can write something entirely from scratch or choose from some preloaded prompts. Wishing to be inspired by a new take on a personal favorite tale, I had the AI generate a modified scene from The Lord of the Rings. This scene is set during the Council of Elrond, where the fate of the One Ring is being discussed. DeepStory can generate actions, characters, and dialogue at the touch of a button. The results were…intriguing.

I generated a few actions right after Frodo places the Ring for all to see. Instead of the lengthy discussion of what should be done, the stone floor cracked open and revealed the eye of Sauron! And then another eye of Sauron appears at the front gate. And then the eyes started shooting fireballs at everyone. The scene ended with “glimpses of violence and destruction.” Not exactly in line with the established canon, but divorced from the lore it was certainly entertaining.

I reset the scene and tried again to see if the AI could do something drastically different. This time, DeepStory decided to have Gimli stand tall and march straight towards the Ring, not unlike the film version. A few other characters go with him, one of whom is not even supposed to show up until the next book, but then Pippin “holds the ring like a grenade…” as he nervously inspects his comrades. Frodo then stands up and exclaims, “It is time.  The battle of Endor began many years ago.  It is time we are all on the same side.” DeepStory seems to have mixed up its nerd franchises. While both AI-generated scenes have their problems, they still have their uses. AI-generated content like this is useful in helping a writer figure out his own style, voice, or themes for his own work.[13] At the very least, you can see an example of how not to write your story, though maybe you’ll find a diamond in the artificially generated rough.

 

[1] Annalee Newitz, Movie written by algorithm turns out to be hilarious and intense, Ars Technica (May 30, 2021), https://arstechnica.com/gaming/2021/05/an-ai-wrote-this-movie-and-its-strangely-moving/.

[2] Id.

[3] Id.

[4] Sejuti Das, OpenAI’s GPT-3 Now Writing Screenplay For A Short Film With A Plot Twist, Analytics India Magazine (Oct. 26, 2020), https://analyticsindiamag.com/openais-gpt-3-now-writing-screenplay-for-a-short-film-with-a-plot-twist/.

[5] Id.

[6] Przemek Chojecki, Why GPT-3 Heralds a Democratic Revolution in Tech, Built In (Nov. 3, 2020), https://builtin.com/machine-learning/why-gpt-3-heralds-democratic-revolution-tech (last updated July 13, 2021); see Kim Lyons, A college student used GPT-3 to write fake blog posts and ended up at the top of Hacker News, The Verge (Aug. 16, 2020), https://www.theverge.com/2020/8/16/21371049/gpt3-hacker-news-ai-blog.

[7] See Jacob Vaus & Eli Weiss, How We Made a Movie by an AI Script Writer, Built In, https://builtin.com/media-gaming/ai-movie-script (last updated July 13,2021).

[8] See ShortlyAI, https://www.shortlyai.com/ (last visited Mar. 10, 2022).

[9] Newitz, supra note 1.

[10] Das, supra note 4.

[11] Vaus & Wiess, supra note 7.

[12] DeepStory, https://www.deepstory.ai/#!/ (last visited Mar. 10, 2022).

[13] See Jason Boog, How To Write Movie Reviews with AI, Toward Data Sci. (Feb. 3, 2020), https://towardsdatascience.com/how-to-write-movie-reviews-with-ai-d17f758f2ed5.

Image source: https://blockgeni.com/an-ai-that-can-write-books/