Cloud-Computing Lessons using Software as a Service (SaaS)

Businessman drawing a CloudLong before anyone referred to “the cloud” as something related to the Internet, software companies began shifting away from expensive, customized, on-site software implementations to something we used to call Software as a Service (SaaS).  Now, “the cloud” is widely recognized as a place where Internet-based computing resources are shared, but SaaS is still out there.  In fact, it’s probably the most widespread type of “cloud” computing; you just don’t hear it called “SaaS” that much anymore.  But SaaS is, fundamentally, the same as it ever was – a type of Internet-based computing that provides shared computer device processing resources and data on demand. The SaaS software distribution model otherwise known as “on demand software” gives users access to application software and databases without having to manage and host those resources on their own.

In helping some clients who operate their business completely in the cloud, we’ve learned some things over time. The list below is not exhaustive, but four of the most important lessons are as follows:

CONTINUE READING . . .

Ninth Circuit Reaffirms Section 230 Protections

yelpInformation Counts.  That’s the title of this blog.  And it’s an indisputable fact.  Information is – and has been for at least 20 years – the currency of our economy, providing consumers, regulators and the general public information about business, practices and events.

A critical, and even indispensable, factor in the development of the information economy is Section 230 of the Communications Decency Act, which was part of the massive Telecommunications Reform Act of 1996.  That subsection provides that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”

It means, essentially, that an interactive website (think Angie’s List) is not liable for content that was created by others.  So, if there is a false and defamatory post on Angie’s List about a particular business, the business can sue the “speaker” (e.g., the person who authored the post), but generally cannot sue Angie’s List.  The impact of this law cannot be overstated.  If it did not exist, websites like Yelp, Angie’s List, Amazon and eBay, and hundreds others, might not exist because, rather than facing liability for the posts of their users, they would simply shut down.

CONTINUE READING . . .

Policing Internet Privacy: FCC’s New Frontier

fccUnwilling to be left behind by the likes of Google and Facebook, Internet Service Providers are increasingly exploring how they may capitalize on the high-value targeted advertising market.  In November 2016, AT&T explained that targeted advertising is a major contributor behind its bid to buy Time Warner Inc. for $85 billion.  AT&T is not alone.  In 2015, Comcast acquired an ad-targeting firm, Visible World, in what has been widely viewed as an effort to gain stronger footing in the industry.  Another major mobile carrier recently came under fire following its acquisition of a name-brand ISP for sharing information about users of its mobile phone network with the ISPs advertising network.

These and other ISP efforts to collect and capitalize on user data have not gone unnoticed.  On October 27, 2016, the Federal Communications Commission passed new rules that govern how ISPs may share customers’ information with third parties. According to the FCC “[t]he [R]ules do not prohibit ISPs from using or sharing their customers’ information – they simply require ISPs to put their customers into the driver’s seat when it comes to those decisions.”

CONTINUE READING . . .

You Just Used My Picture Without Permission?

Young couple on holidays taking selfieArtist Richard Prince’s exhibit entitled “New Portraits’’ was displayed at New York City’s Gagosian Gallery and Frieze New York during the summer of 2015.  This exhibit featured screenshots of other people’s Instagram photos.  These screenshots were not altered.  They were simply the pictures that Instagram users posted, with an addition of Prince’s comments in the comment section of the post. What is remarkable is that the individuals whose likenesses and photographs were used were unaware of the use.  Prince did not ask for permission or provide notice.  He just used the pictures.  Apparently, the art world was pleased with his work, and he has reportedly sold many of the individual works for anywhere from $90,000 to $1 million.  How much of that went to the Instagram poster?  Likely nothing.

How can this be?  Well, ultimately we will see if it can be.  There would seem to be compelling copyright infringement arguments as well as rights of publicity arguments (for misappropriation of the person’s likeness). A make-up artist whose likeness was used filed a lawsuit claiming Prince wrongfully created copies of her photo without her consent and “engaged in acts of widespread self-promotion of the copies directed at the public at large.” Lawsuits have also been brought by photographers who claim that Prince stole and unfairly profited from their work.

CONTINUE READING . . .

Autonomous Vehicles and the Internet of Things

Autonomous cars on a road with visible connectionThis is our second post in a row regarding autonomous vehicles, otherwise referred to as driverless cars.  As we noted last week, driverless cars are no longer an idea of the future or science-fiction. Very soon they will become every commuter’s reality. Several major car companies such as Ford, Volvo, and Toyota have announced that their autonomous vehicles will be available to the mass market within five years. The belief among manufacturers is that autonomous vehicles will reduce traffic congestion, create efficiency, increase safety and save consumers money (i.e. time and fuel).

Simultaneously with the development of autonomous cars – and, in fact, fueling that development –the Internet of Things (IoT) continues to evolve rapidly.  Everyday objects increasingly have network connectivity enabling them to send and receive data. The goal of the IoT is to make these everyday objects “smart.”  Devices gather data and the “cloud” – which is just a descriptor for Internet-based applications – provides secure (hopefully) and intelligent infrastructure to hold all the gathered data and enable access and sharing across various types of devices, including cars.  Currently, driver-enabled cars increasingly include Internet connectivity.  But as the development of driverless cars progresses, the network connectivity will spread beyond the vehicle to the environment around it. This will bring the IoT and autonomous cars to life on a large scale. 

CONTINUE READING . . .

Autonomous Vehicle Business Models: How Will You ‘Own’ One?

autonomous-vehicleGoogle, Uber, and several major automakers are working to bring autonomous vehicles (i.e. self-driving cars) to the marketplace. In mid-October 2016, Tesla announced that three of its models will be fitted with all the hardware needed to be driverless. In September 2016, Uber cars were seen on the streets in self-driving mode. The technology is rapidly maturing, and we continue to see testing of cars with driverless capabilities in some cities.  There has been speculation that autonomous vehicles are the next radical market transformation for the automotive industry, as cloud computing was for the software industry.  The prediction is that we will move from an automotive product-based ownership model to a use-based service model – and this change will happen within the next ten years.

People consume transportation differently based on where they are in life and family responsibilities.  For example, parents with young children need their car in a different way than an unmarried person with no children or an empty nester.  Given this reality, there may be six different models of autonomous vehicle usage that can, and perhaps will, co-exist.  Let’s explore them:

CONTINUE READING . . .

The C-Suite’s Perspective on Cybersecurity and Liability

Stylized photo of an empty conference roomRecently, IBM surveyed more than 700 C-Suite executives in 18 industries and 28 countries about their views on cybersecurity.  Ninety-four percent of those interviewed believe that their respective companies will experience a cybersecurity incident in the next two years. Despite such widely-held acceptance of the inevitability of an incident, only sixty-five percent of C-Suite executives expressed a confidence in their cybersecurity plans. Sixty percent of the Chief Finance, HR, and Marketing Officers surveyed expressed their feeling that they are the least involved in cybersecurity measures, even though they are the individuals responsible for data most coveted by cybercriminals.

Another takeaway from IBM’s research shows that transparency and collaboration are important tools in presenting a unified front against cybercriminals. Yet sixty-eight percent of C-Suite executives admitted their reluctance to externally share information about their cybersecurity incidents.  Perhaps the more technically savvy Chief Information Officers (CIOs), Chief Information Security Officers (CISOs), and Chief Risk Officers (CROs) view their organizations’ cybersecurity measures more confidently than do the CEOs. Chief Marketing, Finance, and HR Officers tend to have less confidence in their organizations’ cybersecurity. 

CONTINUE READING . . .

Bring Your Own Device (BYOD) – Be Smart

At the dawn of portable electronic devices, they were primarily work-related productivity tools.  Often, employers would purchase (or lease) devices and distribute them to their need-to-have employee base.  It’s not so long ago that we can remember when the Blackberry transitioned from a business device to a consumer device.  Everybody wanted a Blackberry (weren’t those the days for RIM?) and free email providers like Yahoo and Gmail offered accessibility of their email content through the Blackberry.

Then, mobile devices got smart.  They became phones and productivity tools and the footprint shrunk from two devices to one.  One smart device that was both phone and email.  And, of course, all those cool new apps.

CONTINUE READING . . .

Encryption: Ensuring the Right to Privacy in the Information Age?

concept of computer securityOn December 2nd, 2015, a tragic mass shooting occurred in San Bernardino, California. The attack resulted in 14 deaths and severe injuries to 22 others. The attackers, a married couple, targeted the husband’s workplace – the Department of Public Health. After the shooting the couple fled the scene of the crime, but the police eventually caught up with them. The couple was subsequently killed in a shootout.

As part of the FBI investigation, an Apple iPhone became the center of a security showdown between the Silicon Valley giant and the federal government. The Apple iPhone 5C, a work-issued phone given to the male perpetrator—Syed Farook —was equipped with operating software that protected the data on the phone through the use of 256-bit AES encryption. Because the phone was secured with this encryption and locked with a passcode to which only Farook was privy, the FBI approached Apple to develop software to crack open the iPhone. Apple declined.

CONTINUE READING . . .

Cyber Insurance: Common Pitfalls of the Insured

Insurance Application Risk Management Safety ConceptAs we have noted in a number of recent posts, tech companies need cyber insurance. The risk of not having it is simply not worth it.  But cyber insurance policies can be confusing to understand because the policies vary depending on your type of business, business needs, and how your customers are serviced. Some companies might need a combination of cyber policies in order to have complete cyber insurance coverage. It is very important to do your due diligence, think critically about the cyber insurance needs of your company, and find a policy that covers all of your company’s cyber risk.

Companies must pay attention to the details of the cyber insurance policy and be both clear and accurate about the representations they are making in the application for coverage. The insurance industry makes money by collecting premiums and minimizing claims. This creates a natural tension between the policyholder and carrier.  When a company makes a claim, it would like to get the benefit of the bargain it made with the insurer. That benefit is for the insurer to pay for the claim. The insurer agrees to pay, as long as the claimant has met all of its obligations under the policy.

CONTINUE READING . . .