Monday 19 July 2021

Rewards for Information on Cyberattacks Paying Off Already?

On July 15, 2021, the U.S. State Department announced that up to $10 million rewards would be provided to informants with information concerning cyberattacks sponsored by or on behalf of foreign governments.  Details of the program can be found here and here.   Notably, today, the White House has announced that the United States and its allies have determined that the Chinese government has utilized contract criminal hackers in cybersecurity hacking involving zero day vulnerabilities in Microsoft’s Exchange Server.  The Biden Administration notes generally that:

[United States Department of Justice] imposing costs and announcing criminal charges against four MSS [PRC Ministry of State Security] hackers.

The US Department of Justice is announcing criminal charges against four MSS hackers addressing activities concerning a multiyear campaign targeting foreign governments and entities in key sectors, including maritime, aviation, defense, education, and healthcare in a least a dozen countries. DOJ documents outline how MSS hackers pursued the theft of Ebola virus vaccine research and demonstrate that the PRC’s theft of intellectual property, trade secrets, and confidential business information extends to critical public health information. Much of the MSS activity alleged in the Department of Justice’s charges stands in stark contrast to the PRC’s bilateral and multilateral commitments to refrain from engaging in cyber-enabled theft of intellectual property for commercial advantage.

The Biden Administration notes that it “working around the clock” to address cybersecurity issues.  Here are some of the measures the Administration is taking:

  • The Administration has funded five cybersecurity modernization efforts across the Federal government to modernize network defenses to meet the threat. These include state-of-the-art endpoint security, improving logging practices, moving to a secure cloud environment, upgrading security operations centers, and deploying multi-factor authentication and encryption technologies.
  • The Administration is implementing President Biden’s Executive Order to improve the nation’s cybersecurity and protect Federal government networks. The E.O. contains aggressive but achievable implementation milestones, and to date we have met every milestone on time including:

      • The National Institute of Standards and Technology (NIST) convened a workshop with almost 1000 participants from industry, academia, and government to obtain input on best practices for building secure software.
      • NIST issued guidelines for the minimum standards that should be used by vendors to test the security of their software. This shows how we are leveraging federal procurement to improve the security of software not only used by the federal government but also used by companies, state and local governments, and individuals. 
      • The National Telecommunications and Information Administration (NTIA) published minimum elements for a Software Bill of Materials, as a first step to improve transparency of software used by the American public.  
      • The Cybersecurity and Infrastructure Security Agency (CISA) established a framework to govern how Federal civilian agencies can securely use cloud services.
  • We continue to work closely with the private sector to address cybersecurity vulnerabilities of critical infrastructure. The Administration announced an Industrial Control System Cybersecurity Initiative in April and launched the Electricity Subsector Action Plan as a pilot. Under this pilot, we have already seen over 145 of 255 priority electricity entities that service over 76 million American customers adopt ICS cybersecurity monitoring technologies to date, and that number keeps growing. The Electricity Subsector pilot will be followed by similar pilots for pipelines, water, and chemical.
  • The Transportation Security Administration (TSA) issued Security Directive 1 to require critical pipeline owners and operators to adhere to cybersecurity standards. Under this directive, those owners and operators are required to report confirmed and potential cybersecurity incidents to CISA and to designate a Cybersecurity Coordinator, to be available 24 hours a day, seven days a week. The directive also requires critical pipeline owners and operators to review their current practices as well as to identify any gaps and related remediation measures to address cyber-related risks and report the results to TSA and CISA within 30 days. In days to come, TSA will issue Security Directive 2 to further support the pipeline industry in enhancing its cybersecurity and that strengthen the public-private partnership so critical to the cybersecurity of our homeland.

By exposing the PRC’s malicious activity, we are continuing the Administration’s efforts to inform and empower system owners and operators to act. We call on private sector companies to follow the Federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents.

Wednesday 14 July 2021

Biden Administration Executive Order on Competition: Some IP Portions

On July 9, 2021, the Biden Administration released an “Executive Order on Promoting Competition in the American Economy” that literally will touch almost every part of the U.S. economy.  The Executive Order can be found, here.  Concerning SEPs the Executive Order states:

To avoid the potential for anticompetitive extension of market power beyond the scope of granted patents, and to protect standard-setting processes from abuse, the Attorney General and the Secretary of Commerce are encouraged to consider whether to revise their position on the intersection of the intellectual property and antitrust laws, including by considering whether to revise the Policy Statement on Remedies for Standards-Essential Patents Subject to Voluntary F/RAND Commitments issued jointly by the Department of Justice, the United States Patent and Trademark Office, and the National Institute of Standards and Technology on December 19, 2019.

The Order further directs the FTC Chair to consider rulemaking in the following areas:

          (i)    unfair data collection and surveillance practices that may damage competition, consumer autonomy, and consumer privacy;
          (ii)   unfair anticompetitive restrictions on third-party repair or self-repair of items, such as the restrictions imposed by powerful manufacturers that prevent farmers from repairing their own equipment;
          (iii)  unfair anticompetitive conduct or agreements in the prescription drug industries, such as agreements to delay the market entry of generic drugs or biosimilars;
          (iv)   unfair competition in major Internet marketplaces;
. . . and
          (vii)  any other unfair industry-specific practices that substantially inhibit competition.

The Order directs the Secretary of Agriculture to prepare a report concerning IP laws and seeds and other inputs:

to help ensure that the intellectual property system, while incentivizing innovation, does not also unnecessarily reduce competition in seed and other input markets beyond that reasonably contemplated by the Patent Act (see 35 U.S.C. 100 et seq. and 7 U.S.C. 2321 et seq.), in consultation with the Under Secretary of Commerce for Intellectual Property and Director of the United States Patent and Trademark Office, submit a report to the Chair of the White House Competition Council, enumerating and describing any relevant concerns of the Department of Agriculture and strategies for addressing those concerns across intellectual property, antitrust, and other relevant laws.

The Order directs the Secretary for Health and Human Services to address drug access and pricing:

          (iv)    not later than 45 days after the date of this order, submit a report to the Assistant to the President for Domestic Policy and Director of the Domestic Policy Council and to the Chair of the White House Competition Council, with a plan to continue the effort to combat excessive pricing of prescription drugs and enhance domestic pharmaceutical supply chains, to reduce the prices paid by the Federal Government for such drugs, and to address the recurrent problem of price gouging;
          (v)     to lower the prices of and improve access to prescription drugs and biologics, continue to promote generic drug and biosimilar competition, as contemplated by the Drug Competition Action Plan of 2017 and Biosimilar Action Plan of 2018 of the Food and Drug Administration (FDA), including by:
               (A)  continuing to clarify and improve the approval framework for generic drugs and biosimilars to make generic drug and biosimilar approval more transparent, efficient, and predictable, including improving and clarifying the standards for interchangeability of biological products;
               (B)  as authorized by the Advancing Education on Biosimilars Act of 2021 (Public Law 117-8, 135 Stat. 254, 42 U.S.C. 263-1), supporting biosimilar product adoption by providing effective educational materials and communications to improve understanding of biosimilar and interchangeable products among healthcare providers, patients, and caregivers;
               (C)  to facilitate the development and approval of biosimilar and interchangeable products, continuing to update the FDA’s biologics regulations to clarify existing requirements and procedures related to the review and submission of Biologics License Applications by advancing the “Biologics Regulation Modernization” rulemaking (RIN 0910-AI14); and
               (D)  with the Chair of the FTC, identifying and addressing any efforts to impede generic drug and biosimilar competition, including but not limited to false, misleading, or otherwise deceptive statements about generic drug and biosimilar products and their safety or effectiveness;
          (vi)    to help ensure that the patent system, while incentivizing innovation, does not also unjustifiably delay generic drug and biosimilar competition beyond that reasonably contemplated by applicable law, not later than 45 days after the date of this order, through the Commissioner of Food and Drugs, write a letter to the Under Secretary of Commerce for Intellectual Property and Director of the United States Patent and Trademark Office enumerating and describing any relevant concerns of the FDA; 
          (vii)   to support the market entry of lower-cost generic drugs and biosimilars, continue the implementation of the law widely known as the CREATES Act of 2019 (Public Law 116-94, 133 Stat. 3130), by:
               (A)  promptly issuing Covered Product Authorizations (CPAs) to assist product developers with obtaining brand-drug samples; and
               (B)  issuing guidance to provide additional information for industry about CPAs; and
          (viii)  through the Administrator of the Centers for Medicare and Medicaid Services, prepare for Medicare and Medicaid coverage of interchangeable biological products, and for payment models to support increased utilization of generic drugs and biosimilars.

The Order directs the Secretary of Commerce to reconsider proposed regulations concerning technology transfer:

   (r)  The Secretary of Commerce shall:
          (i)    acting through the Director of the National Institute of Standards and Technology (NIST), consider initiating a rulemaking to require agencies to report to NIST, on an annual basis, their contractors’ utilization activities, as reported to the agencies under 35 U.S.C. 202(c)(5);
          (ii)   acting through the Director of NIST, consistent with the policies set forth in section 1 of this order, consider not finalizing any provisions on march-in rights and product pricing in the proposed rule “Rights to Federally Funded Inventions and Licensing of Government Owned Inventions,” 86 Fed. Reg. 35 (Jan. 4, 2021); 

                (iii)  not later than 1 year after the date of this order, in consultation with the Attorney General and the Chair of the Federal Trade Commission, conduct a study, including by conducting an open and transparent stakeholder consultation process, of the mobile application ecosystem, and submit a report to the Chair of the White House Competition Council, regarding findings and recommendations for improving competition, reducing barriers to entry, and maximizing user benefit with respect to the ecosystem.

Tuesday 13 July 2021

Cybersecurity Book Review: Perlroth

Nicole Perlroth's "This is How They Tell Me the World Ends" is a very engaging and entertaining book of around 470 pages concerning cybersecurity.  Ms. Perlroth is a New York Times reporter who covers cybersecurity issues.  This book is a whirlwind tour of why we are where we are at with respect to cybersecurity--at least in part.  She points to the development of the market for zero day vulnerabilities and the participation in that market by the United States government as well as other governments.  The book is based on many interviews and she effectively ties them together to make a compelling story that reads very much like a fast moving Tom Clancy book.  She does not pull many punches and takes a few shots at various U.S. presidential administrations, including finishing up on the Trump administration.  It is selling well and one would hope may lead to some people taking cybersecurity a bit more seriously.  

Saturday 3 July 2021

NFTs and Financing the Future of Potential Stars

NFTs are getting a lot of press.  For sure, NFTs have made a big splash in the art world.  I had an interesting conversation with a friend today about financing young athletes through the monetization of their right of publicity since the NCAA (and states) have begun allowing collegiate athletes to profit from their image etc.  One interesting issue concerns aspiring professional tennis players.  Often those players must make a decision between attempting to finance a shot at a professional career—a very expensive prospect, or go to college and see what develops.  Notably, as a friend mentioned to me, there are numerous excellent young tennis players who cannot finance the expenses to start a pro-career—expenses such as travel, coaching and trainer fees, hotel etc.  Many have to give up on a promising career because of a lack of funding.  Interestingly, this is a sport where economic class plays a big role—kids with less resources are unable to be developed and never get a legitimate shot at the pro-tour.  Allowing young players to monetize their right of publicity without damaging college prospects may be an interesting way for them to gather resources to support a professional career in the future and develop (maybe crowd-funding works).  Local businesses, family, friends and others could invest in young players early.  But, what if we could sweeten the deal?  What if we could use NFTs to create a market for, as an example, electronic playing cards for young athletes?  Can you imagine what the NFT “playing card” for an athlete such as a young Andre Agassi, Messi, Ronaldo, or Michael Jordan may be worth after they develop in the future?  There are a lot of details to sort out, but you can see how a market can develop creating an enormous amount of value and good (and yes, a potential for bad).  See here for Topps entry into the NFT market for trading cards: Topps Digital Launching Baseball Card NFTs (  What if we could expand the concept further?  There's no doubt that we are at a place where maximizing the potential of human resources is our greatest challenge.  This could be a way to help.  Extend it to brilliant children to finance their education?  IP and NFTs at their best?  It's an interesting thought experiment.