Blogs & News

  • Mon, September 03, 2018 4:27 AM | Akriti Dayal

    Litigation funding enables companies to monetise valid commercial disputes while preserving capital, mitigating litigation risk and reducing management time

    A conundrum facing many companies with a commercial dispute is whether they should litigate or ignore the claim. We believe that litigation funding offers a viable solution to this.

    For example, assume a company has completed $2 million worth of work and the client is refusing to pay, giving rise to a breach of contract claim. Further, the company is confident that it has a good claim. In these circumstances, it is reasonable to assume that the company would seek to enforce its rights.

    However, there are several impediments to litigation. Foremost among these is the high cost (a typical Supreme Court action can cost upwards of $300,000). There is also:

    the potential of an adverse costs order, meaning the company could lose a total of say $600,000;

    the opportunity cost of both management and in-house legal time dealing with the claim rather than focusing on core business; and

    tying up cashflow which could otherwise be used to generate revenue.

    Faced with these issues it is easy to see why a company may decide to ignore a claim. On the other hand, successful pursuit of our example claim may give rise to recovery by the company of part or all of the $2 million damages, benefiting the company’s cash flow and its bottom line.

    Introducing a litigation funder into the decision-making process removes these concerns. A litigation funder undertakes detailed diligence on a claim. If it has legal merit and the defendant has the means to pay for any recovery, they enter into a funding agreement with the company and the law firm (selected by the company).

    Funding is provided on a non-recourse basis – if the claim is unsuccessful, the funder loses its capital while the company has preserved its capital. The funder pays for adverse costs insurance as part of the funding to protect the company in the event of an adverse costs order.

    The funding agreement sets out the terms on which the funder will pay for the costs of running the claim (legal fees, counsel costs, disbursements and insurance premium). Where there is a successful resolution, the funder receives its capital back and a success fee from the award with the company receiving the balance.

    The funder’s success fee is understandably of interest to corporate claimants. Many funders charge a percentage of the gross or net recovery, typically 20–30 per cent of the award amount. The Augusta approach is different. Augusta charges a multiple of deployed funds. There are several benefits to this approach. The success fee is unambiguous as it is calculated on the costs of the litigation rather than the amount of the award (which may vary considerably). A further benefit is the fee is charged on funds deployed. For instance, if the amount of funding required to trial is $300,000 and the case resolves with $150,000 being deployed, the Augusta success fee is charged as a multiple of the $150,000 only.

    The benefits to the company from litigation funding are clear:

    Alignment of interest – Augusta only receives its capital back and a success fee if the claim resolves successful.

    Cashflow – The company does not fund the matter and in-house counsel does not need to request funds from the chief financial officer to prosecute the claim. This allows the company to increase its legal spend on litigation without impacting on cashflows.

    Risk mitigation – Adverse cost risk is managed by insurance, so it should not be necessary to note litigation as a contingent liability in the firm accounts. Additionally, risk of own litigation costs is removed.

    Reduces management time – Augusta monitors the case with the law firm selected by the company. As part of this, Augusta agrees on a case budget with the law firm and the company and monitors the progression of the matter to ensure that invoices are in line with the agreed budget. Control over the conduct of matter remains with the company.

    Confidence in case merit – Augusta can provide additional comfort to in-house counsel on the merits of the case as funding is subject to careful due diligence.

    In-house counsel can be converted from a cost centre to a ‘notional profit centre’ where successful case resolutions can be notionally offset against the cost of in-house counsel.

    Augusta is happy to consider funding commercial claims seeking damages over $1 million and will fund legal costs up to around $8 million. If you would like further information on how funding can help your company, please call us on (02) 8311 0555.


  • Mon, August 27, 2018 5:50 AM | Akriti Dayal

    By relying on AI software to make decisions, attorneys are potentially leaning on programs whose inner workings may be neither transparent nor easily deciphered.

    While artificial intelligence is powering the next generation of legal technology and potentially changing the foundation of the legal work, its use is not without controversy. For attorneys, who are bound by strict ethical rules of conduct, using AI can sometimes feel like a dereliction of duty.

    “I think when we are talking about ethics and AI it comes down to the fact that AI is basically replacing human decision-making,” said Jose Lazares, vice president of Product Strategy and Business Management at Intapp. “We’re really talking about machines and algorithms replacing human decision-making and the implications of that.”

    Lazares was one of several legal tech speakers discussing the problems with relying on AI at an ILTACON 2018 session Tuesday titled, “Code of Ethics and How Does the ABA Fit into Artificial Intelligence?”.

    For Johannes Stiehler, CTO at e-discovery and analytics company Ayfie, the ethical concerns with AI mostly relate back to the issue of accountability. “The question of culpability is going to be key to these ethical discussions, in law as much as in medicine,” he said.

    Lazares, however, argues that such concerns can be addressed by ensuring humans always have some control over the how an AI platform comes to a decision. At Intapp, the approach is to make sure there is “a human decision point” in AI processes so there is “a chance to review and understand” how choices are made.

    But such transparency is not always possible. “There are some AI methods that are much more of a ‘black box’, like deep learning, while other methods are much more explainable,” said Daniel Katz, an associate professor of law at Chicago-Kent College of Law.

    Once initially trained, such AI tools can learn autonomously, meaning their inner workings can be exceedingly difficult to untangle and understand.

    What’s more, some AI companies may not be too eager to unveil the inner workings of their technology for fears it will show their products in a negative light. “Most software providers don’t like to do that,” Stiehler said. “We don’t want to tell you [our product] is only 70 percent accurate. The software tend to hide those errors which makes human intervention much more difficult.”

    Concerns over how AI programs make decisions have been heightened in recent years, given the use of the Correctional Offender Management Profiling for Alternative Sanctions analytics tool in some U.S. state courts to predict inmate recidivism. A 2016 investigation by ProPublica found that COMPAS showed bias against African-American prisoners.

    Katz, however, noted that bias in the criminal justice program would exist with or without AI. “There are plenty of complaints of biases of judges and police,” he said, adding that it’s interesting that there is so much focus on fixing AI, but little focus on addressing human biases.

    But Stiehler believes it is only right that technological biases are more heavily scrutinized. AI software “is being held to a higher standard because it is repeatable, always making the same decisions,” he said.

    Stiehler added that what is needed is to “educate people about the limits of AI systems, which are beyond what a human can do, but still, there are some limits. People tend to expect pure awesomeness from AI without any effort, and that’s just not true.”


  • Mon, August 27, 2018 5:39 AM | Akriti Dayal

    An opinion from the State Bar of Texas’ Professional Ethics Committee essentially blessed lawyers’ use of attorney internet forums to get answers to tricky legal questions, as long as the query does not give up too much about their client’s identity.

    Can lawyers use social media such as Facebook to seek advice from other attorneys for the benefit of their clients without running afoul of the Texas Disciplinary Rules of Professional Conduct?

    An opinion from the State Bar of Texas’ Professional Ethics Committee recently tackled that question and essentially blessed lawyers’ use of attorney internet forums to get answers to tricky legal questions, as long as the query does not give up too much about their client’s identity.

    According to the opinion, it is common for attorneys to have informal lawyer-to-lawyer consultations touching on client-related issues in online discussion groups, at CLE seminars, or when a lawyer seeks advice from a trusted mentor.

    But the opinion points out that Disciplinary Rule 1.05 prevents lawyers from knowingly revealing confidential information about a client, and Rule 1.05(a) broadly defines the term “confidential information” as all information protected by the attorney-client privilege, as well as some unprivileged information provided by the client or acquired by the lawyer during the representation of the client.

    However, not all lawyer-to-lawyer consultations involve the revelation of confidential information, and inquiring lawyers may consider it necessary to provide a certain amount of factual context to obtain useful feedback.

    And the opinion notes that disciplinary rules have several exceptions when it comes to revealing unprivileged information about a client, including Rule 1.05(d)(1), which allows such revelations when a lawyer is authorized to do so in order to carry out the representation; and Rule 1.05(d)(2), which allows it when an attorney has a reason to do so to carry out the representation effectively.

    “The Texas Disciplinary Rules of Professional Conduct do not categorically prohibit informal lawyer-to-lawyer consultation for the benefit of a client, whether the consultation occurs in an online discussion group, an in-person meeting, or otherwise,” the opinion states. “However, inquiring lawyers must honor their duty of confidentiality. …

    “If possible, the inquiring lawyer should limit such consultation to general or abstract inquiries that do not disclose confidential information relating to the representation,” the opinion continues. “If it is not reasonably possible to address the issues in question using a general or abstract inquiry, a lawyer may reveal a limited amount of unprivileged client information in a lawyer-to-lawyer consultation, without the client’s express consent, when and to the extent that the inquiring lawyer reasonably believes that the revelation will benefit the inquiring lawyer’s client in the subject of the representation.”

    Scott Rothenberg, a Houston solo who has served as an expert witness on Texas legal ethics and who teaches a State Bar of Texas CLE course on the subject, said he posed the question to the ethics committee after observing discussions of legal questions between lawyers on Facebook.

    The online discussions were vigorous and encouraging, but Rothenberg worried that some lawyers gave away enough information to make clients identifiable through an electronic court records search.

    “It’s a balancing situation that is very perilous because on one hand, lawyers supporting lawyers by being mentored is strongly in a client’s best interest, but protecting a client’s confidential information is also in a client’s best interest,” Rothenberg said.

    Rothenberg suggested that lawyers familiarize themselves with information available on district, intermediate appellate and Texas Supreme Court websites about a client’s case before asking a question about it on social media that may reveal the client’s identity inadvertently.

    He also suggested lawyers place language in their employment agreements informing clients that they may use social media or informal consultations with other attorneys to better serve their interests.

    “That will take care of 90 percent of the issues about lawyers discussing issues on social media,’’ Rothenberg said.


  • Mon, August 27, 2018 5:32 AM | Akriti Dayal

    At ILTACON 2018, four major law firm movers and shakers gave their own personal stories about how innovation is a people problem as much as a tech one.

    Innovation isn’t just about technology. True innovation and true change can only occur if people are driving that change. Four law firm leaders brought their personal stories of people driving change in their organizations to ILTACON 2018. Here’s what they had to tell at Wednesday’s “Stories of Innovation: The Power of Personal Stories to Influence Behavior Change” keynote session.

    Get Them in the Room

    Wendy Butler Curtis, chief innovation officer and chair of the e-discovery & information governance group at Orrick, Herrington & Sutcliffe.

    A few weeks ago, Curtis went and saw Cher in Washington, D.C. Cher’s 70 years old, but it took a long time for her to initially break through—at 40, she was doing local dinner shows and was initially turned down for movie role after movie role.

    Curtis said she fears every day that a version of what happened to Cher will happen to her: What happens if people don’t want to actually embrace the innovation that she’s worked so hard to put forth?

    “As a leader of innovation pushing change, I worry that nobody’s going to come to my innovation show. … Lawyers have incredibly busy schedules, they travel, and they’re skeptics—they’re taught to question everything.”

    Orrick has a reputation as a forward-looking firm, but that doesn’t mean that immediately everyone is on board with a new, innovative idea. Curtis said that in one recent case, the only immediate feedback she got from one pitch session was that a third party “thought your voice was annoying.”

    Discouraging? Naturally. But she said that when pushing for change, “the most important thing is to get them in the room, even if the big win comes later.” In the above case, for instance, the people in the room came back after a few weeks and agreed to implement the idea.

    Now, she’s looking to put that thought to practice in all of her innovative endeavors—even if it means locking Orrick employees in a room and making attendance to a hackathon mandatory. But from there, she encourages problem-solving and gives permission to be outrageous and creative. Giving that freedom, she explained, allows the firm’s employees to know that innovation isn’t just a mantra, but something that can be pushed forth by working together.

    Explaining Legal Disruption to Legal

    Scott Rechtschaffen, chief knowledge officer at Littler Mendelson.

    A few years ago, managing directors at Littler asked Rechtschaffen to get in front of the firm’s shareholders and explain how the legal world is changing. But that’s easier said than done—how exactly do you tell long-term attorneys that their business model isn’t sustainable long term?

    Well, take a look at Netflix Inc., he figured at first—sending videos to people’s homes was not a new technology, but its business model upended Blockbuster. Kodak Co., Kmart. In other words, the examples of disruptive innovation are out there.

    But one problem: Most of them stopped listening at the beginning. “There’s something I call attorney exceptionalism. Attorneys think that we’re different,” he said. “In fact, we’re like the frog in the pot. Hey, it’s getting hot, but it’s not that much hotter than it was five minutes ago!”

    So he tried a different track and asked a few questions: How many people would go to a ball game if you actually had to go to a box office? Or if you had to buy a plane ticket at the airport? Or go to a bank to see your account? Of course, none raised their hands.

    “You know why? Because lawyers are just like their clients, and clients are just like their lawyers: We all live online.” Then, he asked the big question: “Why do you think clients will continue to work with us if we don’t offer any services online?”

    Many attorneys in the room got it. But in Rechtschaffen’s mind, there’s a bigger question of how attorneys use technology in general. “The problem is, we are asking them to act differently in the office than they act in real life.”

    That led Littler to develop what he calls “The Knowledge Desk,” where attorneys could answer any question of a tiny team of researchers internally. That team would then know the best tool to actually answer the question. This reduced the number of firmwide emails by 30 percent, without adding any new staff or software. “I’ve had attorneys tell me, this is the best KM technology tool I’ve ever rolled out.”

    Bending the Rules With Buddies

    Alison Grounds, e-discovery and litigation partner at Troutman Sanders and founder and managing director at Troutman Sanders eMerge.

    Long before she was a partner, before she had started eMerge, Grounds was an IP litigator. She thought she was rocking it—but the feedback she received during her fifth year at the firm was that what she was doing was support, or even paralegal work. E-discovery, she was told, wasn’t going to put her on the partner track.

    So, naturally, Grounds had a bit of a crisis, and pulled up Google about whether e-discovery was actually something worthwhile. She liked her e-discovery work, but becoming a partner was the ultimate goal. And if she couldn’t get there, well, maybe she could take up bartending?

    “I had the philosophy where if I don’t like what I’m doing, I don’t have to do it,” Grounds said. “I’ll save up enough money and leave at any time.”

    Emboldened with that in her back pocket, she went to firm leadership and said that what she wanted to do was entirely e-discovery work, the opposite of what some told her before was the optimal career path. And, perhaps surprisingly, the answer from her mentor was, “Go ahead.”

    That didn’t mean the path was easy. Despite looking to be a partner in her seventh and eighth years, she was passed over. Then, in her ninth year, she decided to do something bold: She went to firm leadership as an associate and asked for money to start a wholly owned e-discovery subsidiary. And once again, to her surprise, they said yes.

    Grounds was named a partner at that time and handed the keys to what would become Troutman Sanders eMerge. Today, the subsidiary has become a major part of the firm, and her team consists of 40 people—a measure of how the firm has continued to support her technology projects.

    All it takes, Grounds said, is a little luck, a lot of patience, and a propensity for risk-taking: “I was told ‘no’ many more times than I was told ‘yes.’ I had to be connected with the right people at the right times to move forward.”

    It’s the Relationships, Not the Technology

    Jon Grainger, CIO at Freshfields Bruckhaus Deringer.

    Grainger was brand new to the legal industry as a whole, and he came in at an interesting time: The firm had just received its largest global mandate with heavy technology usage, at the same time as moving the technology function from London to Manchester.

    At the time, the firm’s technology function worked under the “Waterfall” method: A sequential process that ensures structure, but also rigidity and lacks the ability to scale up quickly.

    “I now understand 18 months into this industry that lawyers love certainty. But there’s a problem with the Waterfall method—at the beginning of this global mandate, there was no certainty,” Grainger said.

    Using that method to try and accomplish the global mandate started to look like a failure. Business analysts started to get stressed, and when they showed the developing technology to partners about four months in, there wasn’t anything that could be shared with clients.

    But rather than get down, Grainger decided to look at the problem a different way: “Well actually, this is going to be a huge opportunity to change how we work.”

    He talked with attorneys and found there was an alternative to act in a more collaborative way. The team moved to an agile development cycle with smaller, more frequent releases. The goal was to get to a minimum viable product within six weeks.

    But to do that, he felt he needed a lawyer to join the team and be a product owner. The tech team assumed this would be a nonstarter, and despite getting silence in the beginning, the firm ultimately decided to grant his request. His group managed to get the first software iteration out in four weeks, and now does a release drop every two weeks.

    “They say necessity is the mother of invention. Without that massive mandate, and having no alternative … we used that as an opportunity to move forward,” Grainger said.

    And the team has responded incredibly positively, feeling they have more space to innovate than ever before. He quoted one developer as saying, “In Waterfall, you are told what to do. In Agile, you decide what to do.”


  • Mon, August 27, 2018 5:28 AM | Akriti Dayal

    One expert in GDPR said that the "most common" factor in compliance challenges was that companies didn't know what data they had and where it could be located.

    K Royal is in the business of making sure companies are compliant with the European Union’s General Data Protection Regulation. As senior director of privacy at compliance and security company TrustArc Inc., she helps organizations bridge the gap between knowing they must fully follow the GDPR, and actually crossing the finish line.

    “I’ve worked with startups to global companies who are established in every country,” Royal explained. “The most common factor was that the companies did not know what data they have and where it is stored.”

    The GDPR, which came into effect on May 25, adds so many new requirements for companies that deal with European Union citizens’ personal data, that being able to locate it all is important. The law requires for instance, that companies report a breach to authorities within 72 hours and gives individuals the right to request data held on them and to have their data deleted.

    Luis Diaz, the general counsel and chief cybersecurity officer of Vision-e, had spent 10 years working as the outside counsel for the company while he was a partner at Gibbons P.C. In September 2017, the software company faced the challenges of becoming compliant with the GDPR and appointed him as the top legal officer to help with that process and work on other cybersecurity issues.

    Diaz said that when he started working at Vision-e, he and his team had to create the company’s first data maps. The first step was make sure the company knew what kind of data it had and where it was stored. Which was, according to Diaz, quite the undertaking.

    “It was a manual process for us working with IT. There are tools available but we choose to collaborate with IT to ensure we did not miss anything. It took thousands of man hours to complete,” Diaz said.

    He said they needed to understand what kind of design they were implementing, what controls they had in place and to make sure they understood the nature of their data and where consumer data was coming from.

    Diaz said Vision-e is working to continually improve their processes and will hopefully be able to employ artificial intelligence in the future to do the mapping.

    While many companies may have not taken GDPR preparation seriously, Diaz said the executives at Vision-e understood the urgency behind compliance.

    “In our particular case, because we are a ‘processor’ of data, it was clear that we had no choice but to be GDPR compliant,” Diaz said. “It was a business decision which was strategic to our future.”

    Diaz thinks businesses will even tout their GDPR compliance in the near future. “Don’t be surprised if in the next six months to a year you find people pointing to GDPR for a competitive advantage. It has raised and created an awareness for privacy issues,” he said.

    Royal said that in her experience nearly all of the companies she has worked with were cooperative and willing to make changes to become GDPR compliant.

    However data mapping has been an obstacle for her on one occasion. She said that with one company she worked with, which she declined to name, she was trying to help the organization map its data for GDPR compliance purposes. But she found the IT department would not let her begin the process and have the access to systems that she requested.


  • Mon, August 27, 2018 5:25 AM | Akriti Dayal

    Two recent federal district court decisions provide some guidance concerning whether the use of sham information to establish accounts for the purpose of data scraping violates the CFAA.

    Websites offer a substantial amount of information to their customers, subscribers and often the general public. Some websites, however require visitors to either provide personal information, set up a password and account and/or pay a fee for the access to specific, more coveted information.

    Certain visitors to these websites, such as the site’s competitors, may want to obtain this information through methods such as data scraping (i.e., the extraction of data from a website through the use of a computer program) but may not wish to disclose their identity. These visitors, therefore, use false names and other fictitious information to establish accounts through which they can access all the data on the website. This practice will usually violate the terms of service of the website.

    Does it also violate the Computer Fraud and Abuse Act (CFAA), which prohibits the accessing of a computer without authorization or in excess of authorization? There is scarcity of case law concerning the issue. However, two recent federal district court decisions provide some guidance concerning whether the use of sham information to establish accounts for the purpose of data scraping violates the CFAA.

    hiQ Labs v. LinkedIn

    In hiQ Labs, Inc. v. LinkedIn Corp., hiQ Labs, which provides businesses with information on their workforces based upon statistical analysis of publicly available employee data sought a preliminary injunction to prevent LinkedIn from blocking hiQ’s access to users’ public profiles on LinkedIn’s site. After apparently tolerating years of hiQ’s access and use of the public profiles, LinkedIn sent a cease and desist order to hiQ, threatening action under the CFAA and other theories of civil liability. In addition to seeking a preliminary injunction, hiQ sought a declaration from the district court that it had not and would not violate the CFAA by accessing LinkedIn’s public profiles.

    The district court granted hiQ’s request for a preliminary injunction, finding that hiQ would suffer immediate and irreparable harm because its business depended on access to information on LinkedIn’s site that its users had expressly made public, and that hiQ had a likelihood of success on the merits. In ruling in hiQ’s favor, the district court found a substantial likelihood that it would prevail in showing that its access to public profiles was not unauthorized access to LinkedIn in violation of the CFAA, even after LinkedIn had notified hiQ that it was no longer permitted to access its site.

    In reaching this decision, the district court distinguished the Ninth Circuit’s CFAA decisions in Facebook, Inc. v. Power Ventures, Inc. and United States v. Nosal. In Power Ventures, the Ninth Circuit held that a party that accessed a website after permission had been explicitly revoked and did so by circumventing IP barriers violated the CFAA. Similarly, in Nosal, the Ninth Circuit held that a defendant whose login credentials were revoked but who used the credentials of a current employee to access the computer system of his former employer did so without authorization in violation of the CFAA. The hiQ court observed:

    Each of these cases is distinguishable in an important respect: none of the data in [either case] was public data. Rather, the defendants in those case gained access to a computer network . . . and a portion of a website . . . that were protected by a password authentication system. In short, the unauthorized intruders reached into what would fairly be characterized as the private interior of a computer system.

    These scenarios, the hiQ court found, were materially different from hiQ’s access to LinkedIn user profiles that the users themselves had made public. It found that “[t]he CFAA was not intended to police traffic to publicly available websites on the Internet,” and that the statue “was intended instead to deal with ‘hacking’ or ‘trespass’ onto password-protected mainframe computers.”

    The hiQ court drew a similar distinction between the use of an automated program to scrape publicly available data on a website and the use of same program to scrape data accessible only with a password. It held that “[a] user does not ‘access’ a computer ‘without authorization’ by using bots [to scrape data], even in the face of technical countermeasures, when the data it accesses is otherwise open to the public.” In contrast, the hiQ court noted: “Where a website or computer owner has imposed a password authentication system to regulate access, it makes sense to apply a plain meaning of ‘access,’ ‘without authorization’ such that a defendant can run afoul of the CFAA when he or she has no permission to access a computer or when such permission has been revoked explicitly.” The hiQ decision suggests that, using a false name or other fictitious personal information to access and scrape publicly available data on a website does not violate the CFAA; whereas, employing similar fraudulent techniques to access and scrape password protected data may contravene the CFAA.

    Sandvig v. Sessions

    A decision by the district court in the District of Columbia reinforces the distinction recognized by the hiQ court. In Sandvig v. Sessions, the plaintiffs, a group of professors and a media organization, wanted to conduct research into whether the use of algorithms to automate decisions by different employment and housing websites resulted in discriminatory outcomes. The plaintiffs wanted to conduct audit tests by creating false user profiles to measure how these websites processed their information and deploying bots to scrape data from these websites. Because these activities would violate the terms of service for the websites, the plaintiffs alleged in their complaint that they had to either refrain from conducting their testing and research or subject themselves to criminal prosecution over the Access provisions of the CFAA (which prohibited accessing a website “without authorization”). Thus, the plaintiffs challenged the Access provisions of the CFAA as violating their First Amendment rights.

    The Sandvig court held that the plaintiffs had standing and allowed their claim that the Access provisions of the CFAA “as applied” to plaintiffs unconstitutionally restrict their protected speech. In reaching this conclusion, the district court examined whether there was a credible risk of criminal prosecution against plaintiffs for their proposed conduct. The Sandvig court found that there was a circuit split concerning what activity constituted “without authorization” under the CFAA. The Second, Fourth and Ninth Circuit adopted a more narrow interpretation and held that this language prohibits only unauthorized access to information. In contrast, the First, Fifth and Eleventh Circuits have adopted a more expansive interpretation and held that it also covers unauthorized use of information that a defendant was authorized to access only for specific purposes. The district court held the narrow interpretation to be the “best reading of the statute.”

    Utilizing the narrow interpretation, the Sandvig court found that “most of the plaintiffs’ proposed activities fall outside the CFAA’s reach” and that “[s]craping or otherwise recording data from a site that is accessible to the public is merely a particular use of information that plaintiffs are entitled to see.” The court continued: “Employing a bot to crawl a website or apply for jobs may run afoul of a website’s ToS, but it does not constitute an access violation when the human who creates the bot is otherwise allowed to read and interact with that site” as “bots are simply technological tools for humans to more efficiently collect and process information that they could otherwise access manually.” However, the Sandvig court did not condone all of plaintiffs’ activities, noting that “only [plaintiffs’] plan to create fictitious user accounts on employment would violate the CFAA” because “[u]nlike plaintiffs’ other conduct, which occurs on portions of websites that any visitor can view, creating false accounts allows [plaintiffs] to access information on these sites that is both limited to those who meet the owners’ chosen authentication requirements and targeted to the particular preferences of the user.”

    Taken together, the hiQ and Sandvig decisions appear to offer some guidance concerning how courts will treat data scraping. Both decisions seem to stand for the proposition that scraping publicly available data off websites is permissible under the CFAA, even if the scraping is accomplished through technological means, such as bots, and violates the website’s terms of service. However, both decisions also seem to draw a line when visitors attempt to bypass an authentication system, such as a password gate, to access data that is not available to the general public. Under those circumstances, the decisions seem to indicate that such conduct constitutes access “without authorization” or “in excess of authorization” and runs afoul of the CFAA. Thus, using false names or fictitious personal information to establish accounts to bypass password safeguards would violate the Access provisions of the CFAA under these two cases.

    Although the hiQ and Sandvig decisions appear to condone the scraping of publicly available data from websites, data scrapers and aggregators should exercise caution. The hiQ decision not only limits its holding to the appropriateness of injunctive relief in that specific factual context but is also currently on appeal before the Ninth Circuit. Moreover, the Sandvig decision also possesses unique circumstances. The plaintiffs in Sandvig were scraping data for a non-competitive, academic purpose rather than for a commercial purpose. Courts may reach a different result if the data scrapers were doing so for commercial gain or advantage. Despite these caveats, the hiQ and Sandvig decisions reflect a positive trend for data scrapers.

    About the Author

    Hanley Chew is Of Counsel in the Litigation Group with Fenwick & West. He focuses his practice on privacy and data security litigation, counseling and investigations, as well as intellectual property and commercial disputes affecting high technology and data driven companies.


  • Mon, August 27, 2018 5:09 AM | Akriti Dayal

    Entrepreneur Michael Terpin sued the phone carrier, claiming that it should be held liable for fraudsters who hijacked his mobile phone number to steal about $24 million worth of cryptocurrency. The suit also seeks $200 million in punitive damages.

    Entrepreneur and cryptocurrency investor Michael Terpin sued AT&T on Wednesday, claiming that it should be held liable for fraudsters who hijacked his phone number and stole about $24 million worth of cryptocurrency.

    The suit, filed in U.S. District Court for the Central District of California by a team at Greenberg Glusker Fields Claman & Machtinger led by Pierce O’Donnell, seeks to recover Terpin’s losses as well as $200 million in punitive damages. He claims that AT&T knew that employees at its retail stores could override security measures meant to protect high-profile customers or those who were likely targets of fraud.

    “AT&T does virtually nothing to protect its customers from such fraud because it has become too big to care,” wrote the Greenberg Glusker lawyers. “The prevalence of SIM swap fraud and AT&T’s knowledge of such fraud, including the active participation of its own employees in the fraud, demonstrate that the January 7, 2018 SIM swap fraud on Mr. Terpin that led to the theft of nearly $24 million in cryptocurrency was neither an isolated nor an unforeseeable event,” they wrote.

    A spokesman for AT&T told Reuters Wednesday the company disputed the allegations and looks forward to presenting its case in court.

    SIM swap fraud, also called SIM swapping, SIM hijacking, or “port out scam,” involves fraudsters who have access to a target’s phone number convincing a telecom employee to load a SIM card with the number. The tactic allows the fraudsters to gain access to a target’s accounts via their own device, even in some cases where those accounts are protected by two-factor authentication.

    Terpin alleges that he was initially targeted using the tactic in June of last year when his phone suddenly became inoperable. He claims he quickly alerted AT&T and the cloned SIM card was shutdown. Terpin also noted that when he met with AT&T representatives two days later, they added a requirement for a 6-digit passcode to be presented on his account to make any future changes, something available for “high risk” or “celebrity” accounts.

    But according to the lawsuit, an AT&T employee sidestepped the passcode requirement in January of this year and assisted fraudsters who then made off with about $24 million in cryptocurrency.

    “In reality, the vaunted extra protection was, like the Maginot Line, a useless defense that was easily evaded by AT&T’s own employees, who it knew or should have known actively cooperated with hackers in SIM swap fraud,” Terpin’s lawyers wrote. “Despite AT&T’s knowledge of the futility of these actions, AT&T falsely informed Mr. Terpin, to his detriment, that he should implement such additional security measures.”


  • Tue, August 21, 2018 4:36 AM | Akriti Dayal

    Here's What A Crypto Attorney Says Are The Next Big ICO Funding Trends

    ICOs, Initial Coin Offerings, used as the latest manner in which to fund startups is definitely a bit of a tricky trend to track - particularly from a legal perspective. For those not yet deeply entrenched in the space, finding true and complete information is somewhat like a scavenger hunt with certain players holding some keys, while others have different ones. There are few, real go-to's precisely because the space is so very new and fragmented. But one thing is undeniable. It's a space that shows no signs of slowing down anytime soon and already has upcoming new trends for which to watch.

    Indeed, the ICO space is an arena where just a year ago, funding could be secured with little more than a white paper and that which only a handful of law firms sporting 500+ attorneys handled for fees up to $500,000 plus points. Fast forward just a few months and various factors are already beginning to rapidly change. In fact Jay Swob, an ICO attorney says, "In all my years of law, this is one of the fastest changing sectors I've ever seen. It changes each week, like a snake in the grass twisting and turning. There is simply no way to plan, but it's very, very exciting."

    Swob, who is highly regarded in the ICO legal space given the number of deals he has worked on coupled with a love for cryptocurrency since childhood, an engineering background and a combination JD/MBA, says that part of the excitement is keeping up with and staying ahead of the fast-paced trends in the space. And one of the main areas of change in the ICO game is around legal fees. Smaller firms and individual attorneys have now entered the market offering very competent services that rival the space that legal behemoths once held exclusively. For example, the overall legal costs associated with creating an ICO if a company creates one on U.S. soil, which is, therefore, subject to U.S. Securities law, is approximately $100-$150k. However, an ICO conducted off-shore in, for example, the Cayman Islands which means no U.S. investor participation could cost as low as $50-75k. That means the possibility of using an ICO as a startup mechanism is now more accessible to more founders.

    But wait, there's more.

    In just a little more than a year, the format has changed for investors, as well. "People were giddy from 100x and 1000x returns," explains Swob. "Large amounts were raised just on a white paper. Now, investors are more concerned with due diligence. More and more they want to see a white paper, a presentation deck, sometimes even a minimum viable product (MVP). They also want to know the network, meaning the programmatic platform, the technical infrastructure that supports to ICO model. Everything is beginning to change simply because the business is starting to mature a bit."

    And this is not the only way in which investors are maturing. Swob says to watch now for new, secondary markets developing. Individuals who have made significant amounts of return in the crypto space are now either becoming "crypto angels" or even going as far as to start their own ICO crypto funds so that they can have more control in the startup investment game. "The next iteration of all this is the position of crypto portfolio manager," he says. "Watch for more individuals to enter into this space, but it will not be for the faint of heart. This person will oversee any number of opportunities and investments many times on a 24-hour clock."

    But even if one has had enough sleep, the ICO area is a space where even the amount of time for the overall process is not completely firm. According to several in the industry, from the time one decides to create an ICO to the actually receiving investments could range anywhere from three months to over a year. "50 percent of this timeframe depends upon the personality of the founder and 50 percent upon the business model," explains Swob. Thus a super Type-A Millennial founder could possibly create his or her own timeline. However, startups tied to, say, the healthcare space would not have such luxuries, as a result of HIPAA compliance demands and so very much more.

    And naturally, if on-shore, securities issues affect the timeline. Swob cautions that companies need to be very careful if they are creating tokens purely for functional use around part of the business model or to actually raise funds. If it is the latter, then naturally the token is considered a security. Of course, if the ICO is conducted offshore, then the startup avoids all U.S. securities laws and income tax but then, of course, U.S. investors are excluded. But most don't seem to mind.

    Indeed, nearly two-thirds of those conducting ICOs are brand, new startups, currently. According to Swob, "The key is that they are created in reputable international financial centers such as the Cayman Islands, for example, where everything is highly vetted. Most traditional hedge funds are headquartered in the Cayman Island or Bermuda so there is a standard that is supportive."

    But what's next in this creative trend in financing? Swob has a few predictions based on being so

    entrenched in the space. "Watch for a hybrid SAFE with SAFT to become the new norm, at least for as long 'normal' is defined in cryptocurrency. This will provide companies with greater flexibility," explains Swob. "The other hot area will be bifurcation. This will be for those who want the U.S. market. This will be about a dual token, meaning a security token, offered only to accredited investors (and with a 12-month lockup) and a simultaneous utility token to drive a fanbase." Swob says that such an approach minimizes compliance issues and therefore, legal costs are reduced. However, this strategy will not be for every new company because decisions will hinge upon the current stage of the business.

    One of the main trends to watch regarding ICOs, however, will be how this avenue impacts the angels and venture capital firms operating in the traditional fiat space. With talk of new models, new collaborations and hybrid partnerships between the crypto and fiat players, there could be some very interesting bedfellows on the horizon. Free from the stranglehold of out-dated pattern-matching standards and homogeneous gatekeepers, the startup community will be a fascinating one to behold that is more inclusive and rich on every front.


  • Tue, August 21, 2018 4:17 AM | Akriti Dayal

    For several years litigation funding has been a hot topic for discussion. There have been many “big news” stories about funders posting record profits and much has been written about the flow of new money into the market

    This has caused some law firms to consider seeking a piece of the action through launching a fund of their own. However, comparatively little is said about the diverse and innovative products that are being developed to make use of the additional capital now available and the willingness of funders to treat a dispute as collateral for a loan to fund expenses above and beyond the legal fees incurred in bringing the case.

    When a big dispute arises, it can have serious implications on a company’s ability to maintain its every day operations. Even the slam dunk cases take time and money to resolve and can leave the claimant company struggling to make ends meet whilst the dispute runs its course. A number of funders are now providing assistance to companies involved in a dispute by offering recourse and non-recourse capital not just to pay the legal fees but also to pay for general operating expenses to effectively keep the lights on during the life of the case.

    In its simplest form, the funder is providing an advanced payment in respect of all or a portion of an actual or prospective award. Monetising the claim in this way enables the claimant company to access the proceeds of the dispute at the point of the agreement with the funder – rather than waiting for the money to come from the opponent, which could be several years down the line.

    The funder provides the capital on the assumption that the case will be successful, and that they will ultimately recoup their investment and make a profit. Should the dispute prove unsuccessful, the funder loses its investment. Needless to say, such an arrangement is only available where the case enjoys good prospects of success and where the opponent is based in an enforcement friendly jurisdiction and is likely to have the means to pay the award.

    The capital does not necessarily come cheap. The funder’s fee must be calculated to account for the risk that the case could ultimately be unsuccessful or that they may be unable to enforce the award against the opponent. But the ability to monetise their actual or prospective award rather than wait for a recovery from the opponent can be the difference between the company surviving or failing.

    The cost of such an arrangement depends upon the case in question but a funder will often either pay an upfront sum to the company and retain any money recovered from the opponent or pay a down payment at the outset and share any money recovered with the company as and when it comes in.

    There is a growing trend towards building alternative finance options for companies with a single claim or a portfolio of disputes used as collateral to raise funds for legal fees and other operating costs.

    The funders offering these types of arrangements, whilst sizeable and well established, are not limited to your “go to” litigation funders and not all heavily market their appetite in this area above their appetite in other asset classes.

    We frequently see a carpet-bombing approach to the mainstream litigation funding market, often led by a company’s external lawyers and without full consideration being given to the client’s ultimate objectives. This rarely yields favourable results.

    We strongly recommend focusing the initial discussion on the core concerns for the company and most desirable outcomes in order to identify the most appropriate product. Taking an objective approach to identifying the right product and keeping an open mind on the provider is likely to lead you to the most commercial solution.

    There is a risk that some external lawyers could lose objectivity or have a partial conflict when seeking financial instruments that include funding for their legal fees, especially given that their engagement might, in itself, be dependent upon securing finance for their client. But that’s a separate discussion.


  • Mon, August 20, 2018 3:04 AM | Akriti Dayal

    Leading global law firm Baker McKenzie has partnered with LitiGate, a Tel Aviv-based legal tech venture, to assist them to further develop and test a litigation platform that uses artificial intelligence ('AI') to automate legal research and argument assessment in relation to High Court applications.

    Alongside Taylor Wessing and Mishcon de Reya, we have been approached to collaborate with LitiGate for our extensive experience in dispute resolution and continued investment in technology.

    Ben Allgrove, Baker McKenzie's Global R&D Partner, comments: "Technology and AI are transforming the delivery of legal services and our partnership with LitiGate is a great opportunity for us to support them develop cutting edge legal tech solutions, and ultimately shape the future of law. This collaboration is a core part of our innovation strategy and we look forward to embarking on this journey with LitiGate."

    Founded by experienced litigator Nimrod Aharon and AI expert Guy Uziel, LitiGate aims to revolutionise the conduct of litigation by delivering contentious legal services faster, at less cost and with improved accuracy.

    The platform uses state of the art machine learning algorithms to autonomously review arguments, suggest counter arguments and fall-backs, and recommend preferred procedural steps.

    As part of the partnership, we will be providing our expertise and resources to assist LitiGate with further development and testing of the platform.

    Nimrod Aharon, CEO of LitiGate, says: "These are exciting times of revolutionising the legal research as we know it. Our partners do not settle for 'our lawyers are smarter than the ones across the street', they take proactive actions to reduce fees and find innovative ways to deliver top-tier legal services to their clients. Together with our partners, we have formed a unique community of highly ranked global law firms, investing their expertise and resources to provide the first AI arguments analysis platform."


Please share this page with your contacts:

© All Rights Reserved. 
International Excellence Forum, Inc. (IExForum)
589 S 22nd St., San Jose, CA 95116, USA

Phone No.: +1 408 597 4074
Fax: +1 408 668 1000