Hello and welcome to What’s Next. I’m Ben Hancock, a reporter for Law.com in San Francisco. Favorite thing last week? The fun logos that the researchers who discovered Meltdown and Spectre created for the security bugs. Least favorite? Worrying about taking the time to patch my various devices.

Got a tip, or want to tell me what’s on your radar? Drop me a line at bhancock@alm.com and if you haven’t already, make sure to subscribe.


Watch This Space: Decrypting the Iran Protests


For an outsider, understanding the complex dynamics behind the swelling protests in Iran is difficult. But they appear to have been touched off by something I write about a lot here – a data leak. According to The New York Times, a leaked government budget allowed masses of Iranians to see just how much money is flowing to elite hard-line military and religious institutions, fueling anger among those who have been struggling in austere times.

Since the protests began in the city of Mashhad, organizers have been helped along by Telegram, a messaging app that features end-to-end encryption and allows ephemeral communication. After Iranian authorities blocked access to the service, you would think protesters would just switch over to one of a variety of other secure apps — right?

Well, hang on. As my colleague Caroline Spezio reports, U.S. legal sanctions against Iran, paired with stringent export control regulations on encryption, make it tricky for U.S. messenger services centered around crypto like Wickr and Signal to make themselves available in Iran. Typically, under the rules, those companies would need government approval in order to so. Telegram reportedly operates out of Germany, and thus seems outside the scope of U.S. law; Wickr and Open Whisper Systems — which makes Signal — are based in San Francisco.

There are exceptions for services where secure messaging is incidental to a larger service, like Facebook and Instagram, provided that those services are generally available and free, according to Kara Bombach, a shareholder and attorney at Greenberg Traurig who focuses on export controls and sanctions. But Facebook and Instagram have also been blocked.

>> Takeaway: “While U.S. politicians have expressed support for Iranian dissidents, American encryption export policy could actually make it harder for protesters to organize,” Caroline writes me in an email. “With the Iranian government blocking access to well-known messaging apps like Telegram, a steady supply of new, lesser-known services in the country could be crucial for a long-term movement.”

[Photo: Tehran. Borna Mirahmadian/iStock]


On the Radar: 3 Things to Watch in 2018


1. Meanwhile, Telegram is planning to launch an ICO to allow payments in a new cryptocurrency. It could be bigger than the Tezos ICO.

  • According to TechCrunch, Telegram is “considering raising as much as $500 million in the pre-ICO sale … Those figures would make it possibly the biggest private crypto raise to date after Tezos, which raised over $230 million in July.”
  • The idea is to use Telegram’s user base of 180 million to create “as rocket fuel to power forward into mainstream adoption off cryptocurrency and making Telegram, effectively, a kingmaker of other cryptocurrencies,” TechCrunch adds.

>> Think Ahead: Unlike Bitcoin, which has become more of an investment asset than a currency because of transaction costs, Telegram seems to be eyeing the electronic payments market. If the ICO is as big as reported, expect regulators (and securities lawyers) to be watching.

2. Customs: We won’t search your phones out of curiosity anymore. Unless they’re encrypted. Then we might.

  • Customs and Border Patrol has had a lot of liberty to download what’s on your device in recent years when entering the country, Rileynotwithstanding. But the agency has now imposed a “reasonable suspicion” standard for searching devices, The Registerreports.
  • But UC Davis law professorElizabeth Johpoints out that may not mean a whole lot — CBP can still download your phone if it’s not “readily accessible for inspection” (i.e. locked or otherwise encrypted). “*Warning flag*,” she tweeted.

>> Takeaway: Ansel Halliburton of Kronenberger Rosenfeld summarizes in response, “That sure sounds like CBP wants to set up Cellebrite stations and rip people’s phones, with no process.”

3. A wave of suits is crashing down on chipmakers over the Meltdown and Spectre flaws. These won’t just be your normal consumer class actions.

  • My colleague Ross Todd reports that Intel was among the first to be hit with a lawsuit on behalf of individual computer users after the news broke about fundamental security flaws that cause data to leak from memory.
  • The lawsuits are not only over the bugs, but because the cure is on some level worse than the disease– reportedly slowing computing speeds by between 5 and 30 percent. For companies with massive investments in cloud servers, that’s huge money.

>> Context: The bugs — plus news that he sold a chuck of stock prior to the disclosure — made for an awkward keynote address at the CES tradeshow by Intel CEO Brian Krzanich. “A few months from now, we’ll still be talking about Meltdown and Spectre. It’s hard to know if we’ll be talking about anything Intel showed off at CES,” Dieter Bohn of The Verge writes.  

“People who are managing open source projects now need to be sensitized about these issues. They needed to before, but it is inevitable that there are going to be some significant and public problems.”

— Heather Meeker, partner at O’Melveny & Myers, talking about sexual harassment post #MeToo in the online, consensus-driven world of open source software development. Listen to my full interview with Meeker in the latest episode of Law.com’s Unprecedented podcast.


In Futuro: Elevating the Role of Data


Two years ago, labor and employment giant Littler Mendelson made clear it was investing in the potential for data analytics to change how law is practiced when it hired a data scientist educated at MIT. Now it’s pushing ahead with the hiring of a chief data analytics officer.

Roy Strom reports that Littler’s Aaron Crews will be tasked with managing the firm’s data capabilities and to help it roll out more technology-based products. Crews, a former Littler partner and electronic discovery counsel, re-joins the firm after having spent the past six months as general counsel and vice president of strategy at legal artificial intelligence company Text IQ.

>> Think Ahead: Crews predicts that one way data could change law is by allowing the creation of a market where companies can trade legal claims. Better data means better pricing of a claim’s worth, he argued.


Dose of Dystopia


Ah, electronic commerce. Bringing you pantry items and lamps and everything you can imagine almost immediately. Except when you accidentally check the box that tells the carrier not to leave the package at the door, and you happen to actually leave your house. Then — *sigh* — it’s another day of waiting.

Solving for this distinctly first-world problem is August, a company that offers to let you unlock your doors to total strangers for in-home deliveries while you’re away, reports Ars Technica:

“At CES, August announced it’s expanding its trial in-home delivery service called August Access through a partnership with Deliv, a last-mile delivery service that specializes in same-day delivery. Deliv currently serves more than 4,000 retailers across 1,400 cities in the US, allowing August to provide those retailers with Deliv same-day delivery and August Access in-home delivery.”

So, what’s the legal liability if someone, say, ruins your rug after you let them in? Alternate question: How badly do you really want that package delivered today?

Thanks for reading! Keep plugged in with What’s Next.