Commercial Litigation Update

On March 15, 2022, President Biden signed into law the 2022 Consolidated Appropriations Act containing the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Cyber Incident Reporting Act”). While President Biden’s remarks highlighted the $13.6 billion in funding “to address Russia’s invasion of Ukraine and the impact on surrounding countries,” the 2022 Consolidated Appropriations Act contained numerous other laws, including the Cyber Incident Reporting Act, which should not be overlooked. The Cyber Incident Reporting Act puts in motion important new cybersecurity reporting requirements that will likely apply to businesses in almost every major sector of the economy, including health care, financial services, energy, transportation and commercial facilities. Critical infrastructure entities should monitor the upcoming rule-making by the Cybersecurity and Infrastructure Security Agency (“CISA”), as the final regulations will clarify the scope and application of the new law.

On a single evening, William Dale Wooden went on a spree, burglarizing 10 units in the same storage facility. The question resolved in the Supreme Court’s somewhat unanimous decision in Wooden v. United States is whether, under the Armed Career Criminal Act, 18 U. S. C. §924(e)(1) (ACCA), Wooden’s prior convictions were for offenses occurring on different “occasions,” because the burglary of each unit happened at a distinct point in time, rather than simultaneously. All of the Justices (Kagan, J., writing the definitive majority opinion) agreed that the answer is “no.” Convictions arising from a single criminal episode can only count once under ACCA.

Recently I was going back and forth with a colleague about training programs for our developing lawyers. This colleague, a respected friend, looked at the list I proudly provided of the various advocacy, writing, presentation and positioning lessons filling the educational schedule, and responded with the pith of perception “Not a word about listening.” I immediately saw the gap absent in my perception only moments before. And, I knew the truth of which Oliver Wendell Holmes (not the judge, but the judge’s father) wrote in Chapter X of The Poet At The Breakfast Table (1872), when he said "It is the province of knowledge to speak. And it is the privilege of wisdom to listen." What a great lesson for lawyers, especially trial lawyers, to remember.

The Supreme Court decided two more cases today, one unanimously, the other anything but so.

Yesterday, in United States v. Zubaydah, the Court upheld the government’s assertion of the state secrets privilege, rejecting an al Qaeda terrorist leader’s discovery request for information concerning his torture by the CIA. The Court continued its interest in the privilege in today’s unanimous opinion, authored by Justice Alito, in Federal Bureau of Investigation v. Fazaga.

The Court has decided two important cases today, United States v. Zubaydah, upholding the government’s assertion of the state secrets privilege and rejecting the al Qaeda terrorist leader’s discovery request for information concerning his torture by the CIA, and Cameron v. EMW Women’s Surgical Center, P.S.C., allowing the intervention of the Kentucky attorney general to assume the defense of the state’s abortion law after the official who had been defending the law decided not to seek further review. Both cases are, at root, about significant issues of public interest and policy—the torture of terrorists and restrictive abortion policies—but neither opinion resolves any such question. Indeed, the lessons learned from each of these cases are essentially procedural, and though the outcomes are determined by significant margins, the alliances of Justices on the multiple opinions published are also instructive.

Interesting question: Can someone trademark another person’s name without that person’s consent? The answer to that is usually “no,” but, hey, we would not be the first people to say that we live in interesting times. And if we said that, we would not be infringing on anyone’s rights. That aside, the answer to the first question this week is “yes,” at least when the person is a public figure, and the trademark is viewed as an exercise of free speech critical of that public figure.

The U.S. Cybersecurity and Infrastructure Agency (CISA) has urged a “Shields Up” defense in depth approach, as Russian use of wiper malware in the Ukrainian war escalates. The Russian malware “HermeticWiper” and “Whispergate” are destructive attacks that corrupt the infected computers’ master boot record rendering the device inoperable. The wipers effectuate a denial of service attack designed to render the device’s data permanently unavailable or destroyed. Although the malware to date appears to be manually targeted at selected Ukrainian systems, the risks now escalate of a spillover effect to Europe and the United States particularly as to: (i) targeted cyber attacks including on critical infrastructure and financial organizations; and (ii) use of a rapidly spreading indiscriminate wiper like the devastating “NotPetya” that quickly moves across trusted networks. Indeed, Talos researchers have found functional similarities between the current malware and “NotPetya” which was attributed to the Russian military to target Ukranian organizations in 2017, but then quickly spread around the world reportedly resulting in over $10 billion dollars in damage.[1] The researchers added that the current wiper has included even further components designed to inflict damage.

Recent decisions from the European Union (EU) have placed renewed focus on the use of common cookies used on ecommerce and other websites used by consumers and employees and transfers of personal data collected through cookies to the United States. The EU Data Protection Authorities (DPAs) found that the use of widely used website technologies (i.e., cookies and java script) to automatically collect identifiers from the users’ devices or through their use of internet protocols (e.g., IP addresses) resulted in the collection of personal data. The DPAs further found that the subsequent transfer of this data to Google servers located in the United States violated EU cross-border data transfer requirements because there were inadequate safeguards under the Schrems II decision invalidating the EU-US Privacy Shield. One notable impact of the decisions is to dismiss the adequacy of encryption technologies where the service provider (such as Google) has access to the cryptographic key and can be compelled to surrender it in order for the data to be decrypted and read by U.S. surveillance authorities. Consideration of the impact of these decisions is critically important for ecommerce and other websites operating in the EU, as well as more generally for organizations that transfer personal data of consumers and employees to the U.S.

Former Alaska Governor and Vice Presidential candidate Sarah Palin recently lost the trial of her defamation case against The New York Times. Given the complexity of the legal issues and the unusual events at trial, a messy appeal is sure to follow. But if the appellate courts can see past the procedural novelties, Palin’s case could become a vehicle for revisiting the seminal case of New York Times v. Sullivan.

The Court has decided the case of Unicolors, Inc. v. H&M Hennes & Mauritz, L.P., holding that lack of knowledge of either fact or law can excuse an inaccuracy in a copyright registration. Reversing the Ninth Circuit, the Court held that the appeals court was wrong to overturn a copyright infringement verdict that a fabric designer won against fast-fashion chain H&M when it ruled that inadvertent legal errors cannot be the basis for challenging a copyright registration.