US Copyright Office Report on Copyrightability of AI Output

The U.S. Copyright Office has released a report titled, “Copyright and Artificial Intelligence: Part 2 Copyrightability.”  The report is in response to comments by interested parties concerning the copyrightability of AI generated outputs.  The report has a helpful summary of the approach of other countries.  The full report is available, here.  The report makes several conclusions and recommendations:

• Questions of copyrightability and AI can be resolved pursuant to existing law, without the need for legislative change.

• The use of AI tools to assist rather than stand in for human creativity does not affect the availability of copyright protection for the output.

• Copyright protects the original expression in a work created by a human author, even if the work also includes AI-generated material.

• Copyright does not extend to purely AI-generated material, or material where there is insufficient human control over the expressive elements.

• Whether human contributions to AI-generated outputs are sufficient to constitute authorship must be analyzed on a case-by-case basis.

• Based on the functioning of current generally available technology, prompts do not alone provide sufficient control.

• Human authors are entitled to copyright in their works of authorship that are perceptible in AI-generated outputs, as well as the creative selection, coordination, or arrangement of material in the outputs, or creative modifications of the outputs.

• The case has not been made for additional copyright or sui generis protection for AI generated content.

Addressing Insider Threats: CIA Analyst Divulges Confidential Information

One of the most difficult cybersecurity issues concerns predicting insider threats -- identifying the person or persons in your organization who are likely to divulge personal data or intellectual property.  The U.S. Department of Justice issued this press release recently: 

A former CIA analyst pleaded guilty today to retaining and transmitting Top Secret National Defense Information to people who were not entitled to receive it, information which was publicly posted on a social media platform in October 2024.

According to court documents, Asif William Rahman, 34, of Vienna, was an employee of the CIA since 2016 and had a Top-Secret security clearance with access to Sensitive Compartmented Information (SCI).

. . .

According to court documents, on Oct. 17, 2024, Rahman accessed and printed two Top Secret documents containing National Defense Information regarding a U.S. foreign ally and its planned actions against a foreign adversary. Rahman removed the documents, photographed them, and transmitted them to individuals he knew were not entitled to receive them. By Oct. 18, 2024, the documents appeared publicly on multiple social media platforms, complete with the classification markings.

After Oct. 17, 2024, Rahman deleted and edited journal entries and written work product on his personal electronic devices to conceal his personal opinions on U.S. policy and drafted entries to construct a false narrative regarding his activity. Rahman also destroyed multiple electronic devices, including a personal mobile device and an internet router he used to transmit classified information and photographs of classified documents, and discarded the destroyed devices in public trash receptacles in an effort to thwart potential investigations into him and his unlawful conduct.

Beginning in the spring of 2024 and continuing through November 2024, Rahman repeatedly accessed and printed classified National Defense Information, including documents classified up to the Top Secret level, to take them to his residence. There, Rahman reproduced the documents and, while doing so, altered them in an effort to conceal their source and his activity. Rahman then communicated Top Secret information that he learned in the course of his employment to multiple individuals he knew were not entitled to receive it.

Rahman was indicted by a grand jury on Nov. 7, 2024, and was arrested by the FBI as he arrived to work on Nov. 12, 2024. He has remained in custody since his arrest.

Rahman pleaded guilty to two counts of willful retention and transmission of classified information related to the national defense. He is scheduled to be sentenced on May 15, 2025. He faces a maximum penalty of 10 years in prison for both counts in the plea agreement. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.

American Intellectual Property Law Association Releases IP Wishes Letter to Incoming Trump Administration

The AIPLA has released a letter to the Trump Administration that highlights concerns with the IP system in the United States.  The letter addresses patent eligibility, patent quality, AI and IP, digital piracy and counterfeiting, trade secrecy and international IP harmonization.  The letter is available, here. 

White House Releases Fact Sheet on US India Strategic Technology Collaboration

The White House released a Fact Sheet outlining collaboration efforts concerning national security and technology with India on January 6, 2025.  The Fact Sheet states in relevant part:

Today, U.S. National Security Advisor (APNSA) Jake Sullivan met with Indian National Security Advisor (NSA) Ajit Doval, Indian External Affairs Minister S. Jaishankar, and Prime Minister Modi in New Delhi as the United States and India continue to forge a strategic technology partnership that benefits both of our countries and our partners around the world.  APNSA Sullivan and NSA Doval launched the U.S.-India initiative on Critical and Emerging Technology (iCET) in 2022 at the direction of President Biden and Prime Minister Modi.  In the intervening years, our two nations have taken significant steps forward together to integrate our technology and defense supply chains in recognition that, now more than ever, we need to work with our partners to build a trusted and resilient innovation base.

During their capstone meeting, APNSA Sullivan and NSA Doval underscored the vital importance of our efforts to jointly produce and develop strategic technologies that will allow us to deliver secure, reliable, and cost-competitive technology solutions for the world. As the United States and India deepen collaboration across key sectors – from space to semiconductors, biotechnology, cybersecurity, advanced telecommunications, and clean energy – we have seen the promise of our partnership deliver results.  Our partnership has also anchored multilateral work with like-minded nations from across the Indo-Pacific and Europe, including the Bio-5 Biopharmaceutical Supply Chain Consortium, the U.S.-India-ROK Technology Trilateral, and ongoing cooperation with Australia and Japan through the Quad.

Finally, APNSA Sullivan and NSA Doval reaffirmed our shared resolve to adapt and strengthen our technology protection toolkits and discussed efforts to address national security concerns associated with overcapacity in key technology sectors.  At the same time, they commended the progress we have made to address long-standing barriers to bilateral strategic trade, technology, and industrial cooperation.

The two national security leaders expressed their confidence that the bridges we have built across our governments, industry, and academia will endure and reflected on the significant achievements we have driven across every dimension of the technological enterprise – from the seabed to the stars, and beyond.  This includes:

Launching a New Era in Space Technology Cooperation

• Announcing the first-ever joint effort between American and Indian astronauts at the International Space Station with the launch of Axiom-4 scheduled to take place this spring, which will mark a significant milestone in the U.S.-India human spaceflight partnership and space exploration; 
• Reducing barriers to collaboration around commercial space technology following the U.S. government’s recent conclusion of updates to Missile Technology Control Regime export policy, which will open the door to additional technology licensing and co-development opportunities in support of the U.S.-India space partnership;
• Working toward the launch of a new bilateral space accelerator to promote commercial space cooperation, including around lunar exploration, human spaceflight, geospatial data and services, and the co-development of technology;
• Celebrating the conclusion of a Strategic Framework for Human Spaceflight Cooperation to deepen interoperability in space and working toward the imminent completion of additional agreements to commence advanced training for ISRO astronauts and ground personnel at the NASA Johnson Space Center and for joint experiments at the International Space Station;
• Preparing for the launch of the NASA-ISRO Synthetic Aperture Radar, a jointly developed satellite that will map the entirety of the Earth’s surface twice every 12 days as the United States and India work together to combat climate change and other global challenges, this spring;
• Deciding to hold the first bilateral experts’ exchange on space situational awareness and space traffic coordination in the first half of this year.  This exchange builds upon the two nations’ shared commitment to pursue opportunities for deeper collaboration to ensure safe and sustainable space operations;
• Exploring additional avenues for cooperation in space exploration technologies, including docking and interoperability demonstration missions, as well as India’s participation in the United States Traffic Coordination System for Space program. 

Deepening Defense Innovation and Industrial Cooperation

• Welcoming the advancement of discussions between Ultra Maritime and Bharat Dynamics Limited to enhance undersea domain awareness through a first-of-its-kind partnership on co-production of U.S. sonobuoys in support of the U.S. and Indian defense industrial bases;
• Welcoming India’s acquisition of the MQ-9B platforms, the possible co-production of land warfare systems, and progress on other co-production initiatives outlined in the U.S.-India Roadmap for Defense Industrial Cooperation;
• Celebrating the third edition of the India-U.S. Defense Acceleration Ecosystem (INDUS-X) Summit which took place at Stanford University in September 2024, and highlighting the continued progress under INDUS-X, including the Gurukul Educational Sessions and the launch of a third joint challenge on space situational awareness in low earth orbit;
• Welcoming the completion of an upgraded Memorandum of Understanding between the Defense Innovation Unit and the Defense Innovation Organization to expand cooperation on defense innovation and deepen collaboration between the U.S. and Indian startup ecosystems;
• Deepening cooperation between the U.S. Defense Innovation Unit and India’s Innovations for Defense Excellence to accelerate the joint adoption of cutting-edge commercial technologies for military solutions and capability enhancement of both countries’ defense ecosystems;
• Noting continued progress in the discussions between GE Aerospace and Hindustan Aeronautics Limited for the co-production of GE F414-INS6 engines to power India’s future fighter fleet;
• Expanding defense industrial partnerships, such as the launch of an AI Multi-Doman Situational Awareness product jointly developed by General Atomics and 114ai to support joint all domain command and control.

Building a Clean Energy and a Critical Minerals Partnership for the 21^st Century

• Advancing discussions to unlock new commercial partnerships around the deployment of small modular reactor technology in India;
• Reflecting the progress the United States and India have made—and will continue to make—as strategic partners and countries with a shared commitment to peaceful nuclear cooperation, NSA Sullivan announced US efforts to finalize necessary steps to delist Indian nuclear entities, which will promote civil nuclear cooperation and resilient clean energy supply chains;
• Commending the signing of a bilateral Critical Minerals Memorandum of Understanding between the U.S. Department of Commerce and the Indian Ministry of Commerce and Industry and the Ministry of Mines, and driving additional areas of cooperation in critical mineral supply chains such as for graphite, gallium, and germanium;
• Advancing collaboration between U.S. and Indian organizations and companies for carrying out research studies for beneficiation and co-development of processing technologies for critical minerals, including lithium, titanium, gallium, and vanadium;
• Building a collaborative program between the Geological Survey of India and the U.S. Geological Survey on exploration, characterization and evaluation of rare earth elements and critical mineral deposits.

Promoting Strategic Semiconductor Supply Chain Partnerships

• Advancing a strategic semiconductor partnership between the U.S. Space Force and 3rdiTech to establish a compound semiconductor fabrication plant in India to manufacture infrared, gallium nitride, and silicon carbide semiconductors that will be used in national security-relevant platforms; this includes favorably reviewing a technical assistance agreement and export licenses to promote technology transfers;
• Building on the U.S.-India Semiconductor Supply Chain and Innovation Partnership MOU and promoting secure, resilient, and sustainable semiconductor supply chains through continued collaboration between the U.S. Department of Commerce and the India Semiconductor Mission, Ministry of Electronics and Information Technology including facilitating investments in semiconductor manufacturing and strengthening R&D collaboration around state-of-the-art semiconductor and packaging technologies.

Building New Collaboration around AI, Advanced Computing, and Quantum

• Developing a government-to-government framework for promoting reciprocal investments in AI technology and aligning protections around the diffusion of AI technology;
• Strengthening cooperation around the national security applications of AI, following the U.S. government’s recent issuance of a National Security Memorandum on AI last fall, and promoting safe, secure, and trustworthy development of AI;
• Noting the importance of sustained engagement for cooperation on Quantum Information Science and Technology (QIST) as agreed to in the second meeting of the U.S.-India Quantum Coordination Mechanism held last August, during which both countries committed to achieving concrete outcomes;
• Initiating new cooperation in quantum science and technology, including through a workshop on post-quantum cryptography and quantum hardware held at the University of California, Los Angeles in September 2023 and facilitating visits of Indian technical experts from academia and the private sector to visit U.S. national laboratories and quantum institutions.

Bridging our People, Talent, and Innovation Bases

• Celebrating progress toward opening U.S. Consulate Bengaluru in early 2025 and continuing work to establish new Indian Consulates in Boston and Los Angeles;
• Advancing a “Bio-X” initiative that would promote biotechnology cooperation by leveraging the synergies between domestic programs and enhancing the competitiveness of the biotechnology industries in both countries;
• Celebrating steps that expand of the ability of top AI scientists, engineers, and entrepreneurs from India to come to the United States, including rulemaking that modernized the U.S. H-1B application process, recent clarifications of the rules for O-1 visas and other visa categories, and other efforts that have streamlined visa processing;
• Noting the recently launched U.S.-India Advanced Materials R&D Forum, which convened its inaugural meeting in November 2024, to expand collaboration between U.S. and Indian universities, national laboratories, and private sector researchers.

U.S. Department of Justice Releases Final Rule on Protecting Personal Data in Bulk Transfers

The Department of Justice recently issued a final rule preventing access to U.S. citizens personal data.  The Press Release states, in relevant part:

. . . Today, the Justice Department issued a comprehensive final rule carrying out Executive Order (E.O.) 14117 “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” The E.O. charged the Justice Department with establishing and implementing a new regulatory program to address the urgent and extraordinary national security threat posed by the continuing efforts of countries of concern (and covered persons that they can leverage) to access and exploit Americans’ bulk sensitive personal data and certain U.S. Government-related data.. . .

“This final rule is a crucial step forward in addressing the extraordinary national security threat posed of our adversaries exploiting Americans' most sensitive personal data,” said Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division. “This powerful new national-security program is designed to ensure that Americans' personal data is no longer permitted to be sold to hostile foreign powers, whether through outright purchase or other means of commercial access.”

The Final Rule implements the E.O. by promulgating generally applicable rules for certain categories of data transactions that pose an unacceptable risk to the national security of the United States. As described in the E.O., countries of concern and covered persons can use their access to this data to engage in malicious cyber-enabled activities and malign foreign influence activities, bolster their military capabilities, and track and build profiles on U.S. persons (including members of the military and U.S. Intelligence Community, as well as other Federal employees and contractors) for illicit purposes such as blackmail, coercion, and espionage, and to bolster their military capabilities. Countries of concern and covered persons can also exploit this data to collect information on activists, academics, journalists, dissidents, political opponents, or members of nongovernmental organizations or marginalized communities to intimidate them; curb political opposition; limit freedoms of expression, peaceful assembly, or association; or enable other forms of suppression of civil liberties.

The Final Rule reflects the risk highlighted in the E.O. that the vulnerability of Americans’ bulk sensitive data is exacerbated because countries of concern are increasingly using bulk sensitive personal data to develop and enhance artificial intelligence (AI) capabilities and algorithms that, in turn, enable the use of large datasets in increasingly sophisticated and effective ways to the detriment of U.S. national security. Countries of concern can use AI in conjunction with multiple unrelated data sets, for example, to identify U.S. persons whose links to the federal government would be otherwise obscured in a single dataset and who can then be targeted for espionage or blackmail.

Among other things, the Final Rule identifies countries of concern and covered persons to whom the Final Rule applies, and designates classes of prohibited, restricted, and exempt transactions. The Final Rule establishes bulk thresholds for certain sensitive personal data, including human ‘omic data, biometric identifiers, precise geolocation data, personal health data, personal financial data, and certain covered personal identifiers. The Final Rule also prescribes processes to obtain licenses authorizing otherwise prohibited or restricted transactions; protocols for the designation of covered persons; and provides advisory opinions, and recordkeeping, reporting, and other due diligence obligations for covered transactions.

The Final Rule is consistent with the United States’ commitment to promoting an open, global, interoperable, reliable, and secure internet; protecting human rights online and offline; supporting a vibrant, global economy by promoting cross-border data flows that are required to enable international commerce and trade; and facilitating open investment. Notably, the Final Rule does not impose generalized data localization requirements regarding the physical or electronic storage of Americans’ bulk sensitive personal data or U.S. Government-related data, nor does it require locating computing facilities within the United States to process such data. The Final Rule does not prohibit U.S. persons from conducting medical, scientific, or other research in countries of concern, or from partnering or collaborating with covered persons to share data to conduct researching, if that activity does not involve the exchange of payment or other consideration as part of a covered data transaction. The Final Rule also does not broadly prohibit U.S. persons from engaging in commercial transactions, including exchanging financial and other data as part of the sale of commercial goods and services with countries of concern or covered persons, or impose measures aimed at a broader decoupling of the substantial consumer, economic, scientific, and trade relationships that the United States has with other countries.

The Final Rule further exempts several classes of data transactions from the scope of its prohibitions and restrictions, including personal communications and certain financial services transactions, corporate group transactions, transactions authorized by Federal law and international agreements, investment agreements subject to a Committee on Foreign Investment in the United States (CFIUS) action, telecommunication services, biological product and medical device authorizations, clinical investigations, and others.

The Final Rule’s prohibitions and restrictions are consistent with other access restrictions on sensitive personal data that have been imposed in other contexts, including transactions reviewed by the CFIUS and the Committee for the Assessment of Foreign Participation in the U.S. Telecommunications Services Sector (Team Telecom).

Lastly, under the Final Rule, parties engaging in vendor agreements, employment agreements, and investment agreements involving access by countries of concern or covered persons to bulk U.S. sensitive personal data or U.S. Government-related data would be restricted transactions that must comply with the separate security requirements that have been developed by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) in coordination with the Justice Department. These security requirements include organizational and system-level requirements (such as ensuring that basic organizational cybersecurity policies, practices, and controls are in place), and data-level requirements (such as data minimization and masking, encryption, and privacy-enhancing techniques). These critical requirements will be published separately by CISA through the Federal Register and on CISA’s website.

In connection with the Final Rule, the Justice Department will publish compliance, enforcement, and other guidance, which will be located at www.justice.gov/nsd/data-security.. . .