Hey there What’s Next readers! This week we’re digging into the legal efforts already shaping up after Facebook’s massive data breach. Plus, a look at whether the Trump administration’s actions against California’s new net neutrality lawactually rests on precarious grounds. Also in store: crossroads in the “brave new world” of cryptocurrency (including insider trading), facial hacking of iPhones, and the debate over a federal privacy law. As always, drop me a line at ilopez@alm.com or on Twitter at @IanMichaelLopez.



Facebook’s Legal Fallout From Its Massive Data Breach

Facebook claims it’s taking an active approach in working with law enforcementand international regulators to address the massive data breach affecting 50 million of its users, but that isn’t keeping it out of regulators’ cross hairs or clear of legal action.

A number of congressional committees are already alluding to efforts. Senate Commerce Committee Chairman John Thune described the breach to Axios as “pretty serious,” noting his committee’s staff has “been in contact” with Facebookand “will determine whether or not it’s something we need to have a hearing about.” Likewise, Sen. Richard Blumenthal of Connecticut used the breach to promote the type of federal privacy law he’s been toting.

Internationally, things seem more harrowing for the tech giant. The Irish Data Protection Commission has already vocalized its concerns to the Wall Street Journal, raising the prospect of big tech’s boogeymanGDPR, being used as grounds to fine Facebook up to $1.63 billion. That could mark “the first major testof Europe’s tough data protection laws,” according to CNBC.

As if matters couldn’t get worse for Facebook, angry users seem to be looking to the courts as recourse against the company. Class actions have been filed in Torontoand California over the beach, with users fed up with Facebook’s handling of their data. As John Yancunis, a Morgan & Morgan attorney involved with one of the suits, told The Recorder: “It is shocking that after all the publicity surrounding Facebook’s handling of personal information in the wake of Cambridge Analytica and its promises to do better by its users that Facebook has yet again failed to protect consumers’ information from hackers.”

➤ Looking Ahead: Facebook is no stranger to legal action for its handling of user data, but this recent breach is shaping up to create battles on multiple legal fronts.

Also on The Radar

➤ Federal Privacy Framework was the focus of discussion at a Senate hearinglast week. Lining up to sing their siren song of an American GDPR were tech companies like Google and Twitter, pricking the ears of US lawmakers, many of whom suspect big tech is attempting to evade a privacy push from the states. As Sen. Ed Markey of Massachusetts put it, the companies “want California law pre-empted and they’re going to want other states’ laws pre-empted… They’re going to ask this panel to do that. So our goal has to be to ensure that any law which we pass out of this committee is a strong law. We don’t need to pass weak laws in Washington that override strong laws in California or Massachusetts or other states.”

➤ $148 Million was the amount Uber agreed to pay as penalty to settle allegations it intentionally hushed a 2016 data breach exposing names, email addresses and cell phone numbers of 57 million users. As you may recall, a multistate investigation pointed to Uber paying hackers $100,000 to stay mum about the breach rather than reporting it, a violation of federal notification laws. What’s more, the company withheld notifying the public until a year after the event, a move that led “regulators to say the company lefts its drivers vulnerable to financial fraud and identity theft,” NPR’s Yugi Noguchi reports. FWIW, Uber CLO Tony West claims the company learned its lesson, defining its principles of “today” as “transparency, integrity, and accountability.”

➤ Open Sesame. Remember the fracas over the Feds hacking the San Bernardino Shooter’s iPhone? In the latest edition of iPhones Gone Hacked, the FBI made an iPhone X owner unlock his phone with his face. The move came in a child abuse investigation where a U.S. magistrate judge gave investigators the go-ahead to scour a suspect’s web communications and anything else deemed relevant to the investigation. As Forbes’ Thomas Brewster put it, this case “marks another significant moment in the ongoing battle between law enforcement and tech providers, with the former trying to break the myriad security protections put in place by the latter.” And it isn’t likely to be the last.

➤ Poor Elon. If Twitter weren’t helping people get into enough trouble — Elon Musk’s recent outbursts on the social media platform over taking Tesla private have landed him in hot water with the SEC. In a lawsuit filed in the Southern District of New York, the agency says Musk should have realized his comments were reckless, noting he’d neither discussed nor confirmed “key deal terms” like price with “any potential funding source.” In the SEC’s telling, that realm of obliviousness extends to Tesla’s own head of investor relations, who allegedly texted Musk 12 minutes after his tweet and asked, “Was this text legit?” Interestingly, the SEC’s action could be viewedas both a sort of harbinger of repercussions for exec disclosures on social mediaand signal that the SEC doesn’t wait around with dropping charges for consequential online outbursts.



Can The Government Quell California’s Net Neutrality Rebellion?

California Gov. Jerry Brown probably didn’t surprise anyone by signing California’s own “net neutrality” rules. Just ask the Trump administration, which sued in the Eastern District of California an hour after Brown set down his pen. Yet the fateof what many call the free and open internet may actually rest with the D.C. Circuit.

As Electronic Frontier Foundation’s Ernesto Falcon writes, “the fine print” of the administration’s lawsuit isn’t California’s right to pass its own net neutrality law. Rather, the government’s wiggle room in deciding “the legality of California’s law” hinges on a pending D.C. Circuit case challenging the FCCs repeal of federal net neutrality protections in 2017. “If [this week's] argument prevails, it simply means that California’s law is temporarily paused until the D.C. Circuit issues its opinion.

That’s not the only argument challenging the federal government’s legal grounds to quelling a state net neutrality rebellion. Stanford Law’s Barbara Van Schewick points out in The Verge that “when the FCC repealed the 2015 Open Internet Order, it said it had no power to regulate broadband internet access providers,” meaning the FCC basically nixed its own authority “to preempt the states” in legislating them.

But the federal government obviously sees things much differently. FCC chairman Ajit Pai, the axeman of neutrality protections, described California’s move as both “egregious” and “illegal”, while Attorney General Jeff Sessions said “states do not regulate interstate commerce — the federal government does.”

➤ Takeaway: The government may want to quash state net neutrality moves, but experts argue their fate rests with the courts.

Protocol:  2 Things to Know

➤ “Brave New World.” That’s how U.S. District Judge Vincent Chhiabradescribed the cryptocurrency scene. His words came at a hearing to toss a class action alleging that exchange platform Coinbase bungled the launch of Bitcoin Cash (BCH) trades. Arguments hemmed over insider-trading like allegations, with plaintiffs claiming the company—the largest U.S. crypto exchange by volume—took steps that drove up BCH value by 200 percent, moves that benefitted a small group of investors and Coinbase employees at the expense of plaintiff and others outside-the-know. Coinbase claims to see things differently, with its attorneys at Keker, Van Nest & Peters claiming in court docs that “Plaintiff may have buyer’s remorse, but, as a matter of law, he cannot place his purported losses at Defendants’ feet.”

➤ Bitcoin Bots. It’s no secret that crypto markets can be volatile (see above). But lesser known are a category of bots behind what the Wall Street Journal calls “bitcoin’s violent mood swings.” These digital dabblers manipulate prices via means like automated “pump-and-dump” schemes and quickly posting and cancelling orders before an investor can make a purchase (kind of like “spoofing”.) While many agree such practices, oft executed by “unscrupulous traders,” damage crypto market credibility, others consider them a “fact of life.” As Virgin Capital’s Stefan Qin told WSJ: “Such is the wild West of crypto.”

That’s it for this week! Stay tuned for What’s Next!