Today, the Supreme Court issued its decision in Facebook v. Duguid, adopting a narrow interpretation of a key definitional term in the Telephone Consumer Protection Act (TCPA) and resolving the circuit split we previously described here and here. In effect, the Supreme Court’s opinion means that to qualify as an “automatic telephone dialing system” (ATDS) under the TCPA, a … Continue Reading
On Wednesday, January 13, the Supreme Court heard arguments in AMG Capital Management LLC v. Federal Trade Commission. This case raises the question whether the Federal Trade Commission (FTC) has been properly using Section 13(b) of the FTC Act, the provision authorizing requests for preliminary and permanent injunctions where the FTC believes the defendant “is … Continue Reading
Last week, an Ohio district court found that violations of the Telephone Consumer Protection Act (“TCPA”) occurring between 2015 and July 2020 cannot be enforced because the law was unconstitutional at the time. The case is captioned Lindenbaum v. Realgy, LLC, No. 19-CV-02862 (N.D. Ohio), and the opinion builds on an earlier decision from a … Continue Reading
Another week, another proposal concerning Section 230 of the 1996 Communications Decency Act. This week, Senator Lindsey Graham (R-SC) introduced the Online Content Policy Modernization Act, which primarily establishes an alternative dispute resolution program for copyright small claims. Relevant to this blog, however, are the last three pages of the proposal, which limit civil liability … Continue Reading
Today, the Supreme Court issued its decision in Barr v. American Association of Political Consultants, which addressed the constitutionality of the Telephone Consumer Protection Act (TCPA). Although the Court splintered in its reasoning—producing four separate opinions—the justices nevertheless coalesced around two core conclusions: (1) the TCPA’s exception for government debt collection calls is unconstitutional, and (2) the … Continue Reading
On June 16, 2020, the First Circuit released its opinion in United States v. Moore-Bush. The issue presented was whether the Government’s warrantless use of a pole camera to continuously record for eight months the front of Defendants’ home, as well as their and their visitors’ comings and goings, infringed on the Defendants’ reasonable expectation … Continue Reading
On May 5, 2020, the Seventh Circuit held that violations of the section 15(b) disclosure and informed consent provisions of the Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. (“BIPA”) constitute “an invasion of personal rights that is both concrete and particularized” for the purposes of establishing Article III standing to sue in … Continue Reading
Yesterday, the Supreme Court heard oral argument (by telephone) in Barr v. American Association of Political Consultants, a case that centers on the constitutionality of the Telephone Consumer Protection Act (TCPA), and, more specifically, the prohibition on transmitting automated calls or texts to mobile telephone numbers without prior express consent. Given the litigious environment surrounding … Continue Reading
Last week, a California magistrate judge denied federal prosecutors’ application for a search warrant on the grounds that law enforcement cannot force people to unlock their phones using biometric features, such as fingerprints and facial recognition.… Continue Reading
[This article also was published in Law360.] In March 2017, Rep. Tom Graves, R-Ga., introduced a draft bill titled the Active Cyber Defense Certainty Act. The bill would amend the Computer Fraud and Abuse Act to enable victims of cyberattacks to employ “limited defensive measures that exceed the boundaries of one’s network in order to … Continue Reading
A class-action lawsuit filed last month alleges that Wal-Mart’s video recording technology at its self-service checkout kiosks collects “personal identification information” in violation of the California Song-Beverly Act Credit Card Act of 1971 (“Song-Beverly Act”). The Song-Beverly Act, like analogous statutes in several other states, generally prohibits businesses from recording customers’ “personal identification information” as … Continue Reading
Yesterday, the Federal Communications Commission (“FCC”) released a Public Notice seeking comment on a range of issues relevant to its interpretation of the Telephone Consumer Protection Act (“TCPA”), including how the FCC should interpret what constitutes an “automatic telephone dialing system” in the wake of a recent decision by the U.S. Court of Appeals for … Continue Reading
The Virginia Supreme Court held that license plate images taken by law enforcement agencies constitute “personal information,” reviving a challenge to the police storage of license plate data. Automatic license plate readers (“ALPRs”) are used by police departments across the country to take thousands of photos of license plates per hour. Officers check these numbers … Continue Reading
Earlier this week, the Fourth Circuit Court of Appeals affirmed a lower court decision to dismiss a Telephone Consumer Protection Act (“TCPA”) lawsuit against General Dynamics Information Technology, Inc. (“GDIT”), on the basis that GDIT was immune from suit as a government contractor under what is known as the “Yearsley doctrine.” Craig Cunningham v. GDIT, … Continue Reading
Last summer, Marcus Hutchins, the security researcher who stopped the “WannaCry” malware attack, was arrested and charged for his role in allegedly creating and conspiring to sell a different piece of malware, known as Kronos. As we have previously discussed on this blog, however, the indictment was notable for its lack of allegations connecting Hutchins … Continue Reading
The U.S. Court of Appeals for the D.C. Circuit on Friday issued a long-awaited ruling in a lawsuit challenging the Federal Communications Commission’s interpretations of key terms under the Telephone Consumer Protection Act of 1991 (“TCPA”), holding that the FCC in 2015 had adopted an unreasonably broad definition of the type of calling equipment subject … Continue Reading
In a ruling with implications for both net neutrality and privacy, the Ninth Circuit ruled en banc today that the common carrier exemption in Section 5 of the FTC Act is activity-based, reversing a 2016 panel ruling that the exemption was status-based. Today’s decision bolsters the FTC’s authority to bring consumer protection (including privacy) and … Continue Reading
On December 1, 2017, the High Court of England and Wales found the fourth-largest supermarket chain in the UK, Wm Morrisons (“Morrisons”), vicariously liable for a data breach caused by the intentional criminal actions of one of its employees, namely the leaking of payroll information online. The breach affected almost 100,000 Morrisons employees and the … Continue Reading
On Wednesday, the Supreme Court heard oral arguments in Carpenter v. U. S., a case that involved the collection of 127 days of Petitioner Thomas Carpenter’s cell site location information as part of an investigation into several armed robberies. We attended the argument to gain any insights into how the Supreme Court may resolve this … Continue Reading
On September 19, 2017, the U.S. District Court for the Northern District of California dismissed three of the six counts in the Federal Trade Commission’s (“FTC’s”) January 2017 complaint against D-Link Systems, Inc., allowing the FTC until October 20, 2017 to amend its complaint. The FTC’s complaint alleged that D-Link engaged in unfair and deceptive … Continue Reading
By Benjamin Duke, Matt Schlesinger, and Scott Levitt [This article was also published as a Client Alert.] Two recent federal district court decisions involving computer “spoofing” scams highlight the uncertainty about whether such incidents may be covered under standard “computer fraud” provisions in widely used crime insurance forms. The conflicting results in these cases provide … Continue Reading
The closely watched lawsuit alleging Spokeo, Inc., violated the Fair Credit Reporting Act (“FCRA”) may proceed, after a federal appeals court ruled — on remand from the Supreme Court — that publication of the inaccuracies alleged by the plaintiff would constitute a sufficiently “concrete” harm to give the plaintiff standing to sue in federal court. … Continue Reading
By Alex Berengaut [This article also was published in Law360.] In May 2017, the “WannaCry” malware was used to launch a worldwide ransomware cyberattack. WannaCry encrypted files on victim computers and demanded a ransom payable in bitcoin to provide the encryption key. The attack was stopped when a British security researcher, Marcus Hutchins, accidentally discovered … Continue Reading
Customers’ allegations that they face a substantial risk of identity theft as a result of a 2014 data breach are sufficiently plausible to allow their suit against health insurer CareFirst to proceed, the U.S. Court of Appeals for the D.C. Circuit held in an August 1 decision. CareFirst discovered in April 2015 — and announced … Continue Reading
