June 2020 Legal Report
Judicial Decisions
Hacking. A U.S. federal court ruled that academic researchers testing online hiring platforms for discrimination did not violate a federal hacking law.
Researchers Christian Sandvig, Kyratso Karahalios, Christopher Wilson, and Alan Mislove—working with nonprofit journalism group First Look Media Works, Inc.—said they planned to create fake job listings and profiles for fake job applicants to discover whether online job listing websites’ algorithms skewed candidates’ rankings due to race, gender, age, or other characteristics protected by U.S. civil rights laws. At the time of the court’s ruling, the researchers had not identified which websites they will test.
Concerned that the federal government would criminalize their future research, the researchers filed a preemptive suit against U.S. Attorney General William Barr, claiming that provisions of the Computer Fraud and Abuse Act (CFAA) violated the First and Fifth Amendments of the U.S. Constitution—the freedom of speech and the right to due process clauses, respectively. The CFAA criminalizes intentionally accessing a protected computer or website like LinkedIn without authorization.
Judge John Bates dismissed the case, bypassing the constitutional argument and determining that even if the research would violate a website’s terms of service—which could lead to civil liabilities—it would not constitute criminal liability under the CFAA. Most password-protected servers or websites have terms of service that allow permission in exchange for accurate information about a user. If such violations were criminalized, it would risk allowing terms of service for all websites to become individual laws, enacted by companies instead of governments. “Such an arrangement …would raise serious problems,” Judge Bates wrote.
Also, the researchers said they had no intention of bypassing any of the websites’ permission requirements, “and thus none of them when executed will constitute violations of the CFAA as interpreted,” Bates added. (Sandvig v. Barr, U.S. District Court of the District of Columbia, No. 16-1368-JDB, 2020)
Age discrimination. The Jet Propulsion Lab (JPL) for the National Aeronautics and Space Administration (NASA) agreed to pay roughly $10 million to settle claims of age discrimination brought by the U.S. Equal Employment Opportunity Commission (EEOC).
The EEOC said that since 2010, the spacecraft laboratory had “systematically, disproportionately adversely impacted employees aged 40 and older for layoff and rehire compared with employees aged 39 and younger,” according to the complaint filed in court.
The lab settled the claims before reaching a jury trial and also agreed to appoint an employment monitor, a diversity director, and a layoff coordinator. On top of this, for the next three years JPL will report certain data on dismissed employees and employee complaints to the EEOC. (U.S. Equal Employment Opportunity Commission v. Jet Propulsion Laboratory et al., U.S. District Court for the Central District of California, No. 2:20-cv-03131, 2020)
Kidnapping. A Pakistani court overturned the death sentence of British-born Ahmed Omar Saeed Sheikh, who was convicted of the 2002 kidnapping and murder of Wall Street Journal journalist Daniel Pearl.
While Sheikh was involved in Pearl’s kidnapping, his direct involvement in Pearl’s death remained disputed. After years of appeals, the high court of Sindh upheld only the kidnapping charge and its seven-year prison sentence. As of Security Management’s print deadline, Sheikh was awaiting release orders after serving 18 years in prison.
Sheikh’s three other Islamist militant co-defendants were serving life sentences for their involvement. The court also acquitted them of the charges.
Pakistani prosecutors said in a statement that they will probably file an appeal with the country’s supreme court.
The Pearl Project, an independent investigative project out of Georgetown University, maintained that the original trial against Sheikh and the three other men used perjured testimony to secure a speedy conviction. The project claimed that while the four men were involved in the kidnapping, a total of 27 men were allegedly involved in Pearl’s murder. (Ahmed Omar Sheikh v. The State, High Court of Sindh, Principal Seat Karachi, No. 87-73025, 2020)
Legislation
New Mexico
Nondisclosure agreements. New Mexico Governor Michelle Lujan Grisham enacted a measure that limits the use of nondisclosure agreements in instances of sexual misconduct.
With Grisham’s signing of House Bill 21, the U.S. state joins other states—including California, Illinois, New Jersey, New York, Oregon, and Washington—that now restrict clauses in settlement agreements in cases involving harassment and discrimination. The new law bars employers from demanding that staff sign such agreements and from requiring the agreements when settling discrimination or retaliation cases.
The law went into effect 20 May, applying to agreements signed by both parties on and after that date.
Regulations
Germany
Vaccines. Germany enacted a new law that requires parents of all children attending preschool or higher grades to immunize them against measles.
Parents failing to vaccinate their children could face fines of up to €2,500 ($2,726, approximately) and their children may not be admitted to school. Adults born after 1970 who work with children at certain sites—including day care centers, schools, and hospitals—must also provide proof of vaccination.
The new Masernschutzgesetz (Measles Protection Act) was approved after German health officials noticed a significant increase in measles cases, despite the availability of the measles vaccine. The World Health Organization recorded approximately 90,000 cases throughout Europe within the first half of 2019.
United States
Biometrics. The U.S. Department of Justice published a final rule that empowers the U.S. Department of Homeland Security (DHS) to collect DNA samples from certain non-citizens that the DHS detains.
The rule, supported by the DNA Fingerprint Act of 2005, allows for the DHS to collect samples and enter them into the FBI’s Combined DNA Index System (CODIS), which enables forensic laboratories to exchange and compare DNA profiles electronically.
Disclosure. The U.S. Customs and Border Protection (CBP) agency was reclassified as a “security agency,” allowing it to shield information about its personnel from Freedom of Information Act requests and other public disclosures.
The shift in status under the U.S. Office of Personnel Management (OPM) places the agency in a protection class with the FBI and the U.S. Secret Service. The CBP focuses on border security, monitoring trade and travel activities at the U.S. border, and it currently employs an estimated 24,500 officers and roughly 19,650 border patrol agents.
The decision to reclassify the agency began in 2019 when CBP and the U.S. Department of Homeland Security discovered a Twitter account that had posted employee information, including salaries. The information was previously publicly available from an OPM salary database.
Ransomware. The U.S. National Institute of Standards and Technology (NIST) issued two draft guidelines for businesses to create defensive strategies that would protect data against ransomware attacks.
Ransomware attacks occur when an individual or group of attackers gains access to a victim’s computer, uses that access to encrypt the victim’s data, and demands a ransom to decrypt the data.
New Jersey
Wages. The New Jersey Department of Labor and Workforce Development issued two stop-work orders over alleged wage violations by a construction company and a restaurant.
After the department found that construction subcontractor REB Construction and Maintenance LLC failed to take out deductions or keep payroll records, it issued the order
on 31 January that resulted in $19,250 in penalties.
The department also issued a stop-work order to the owner of the Publick House Tavern and Inn in January after another investigation revealed nonpayment of wages to two employees. The owner ended up paying $14,500 in back wages and penalties.
The orders came down after the U.S. state’s governor, Phil Murphy, enacted a new law that gives the agency the power to stop work when an employer violates state wage, benefit, or tax law.
Elsewhere in the Courts
Corruption. Lawrence Hoskins received a 15-month prison sentence for his role in a multimillion-dollar money laundering scheme, violating the U.S. Foreign Corrupt Practices Act (FCPA). Hoskins, a former senior vice president for French power and transportation company Alstom S.A., was also fined $30,000. He conspired to bribe Indonesian officials to gain assistance in securing a $118 million contract for his company. Hoskins and others involved in the conspiracy hired two consultants as a screen for the bribes beginning in 2002, claiming they were providing legitimate consulting services on behalf of Alstom. (United States of America v. Lawrence Hoskins, U.S. District Court for the District of Connecticut, No. 3:12-cr-238-JBA, 2020)
Harassment. The University of Rochester in New York agreed to pay a $9.4 million settlement to end a sexual harassment lawsuit. The suit was filed in December 2017 by nine former senior professors, junior faculty, and students who claimed the university retaliated against and defamed them after they accused a linguistics professor of sexual harassment. According to court documents, Florian Jaeger allegedly behaved as a “serial sexual predator” and “created a hostile environment for women,” both students and colleagues. Jaeger was never found guilty by the university. The settlement was agreed to after a U.S. federal judge upheld the case’s legal validity, which created the possibility of a court battle with the university. (Richard Aslin, et al., v. University of Rochester, et al., U.S. District Court Western District of New York, No. 6:17-cv-06847, 2020)
Hate crime. Australian terrorist Brenton Tarrant claimed responsibility for the March 2019 gun attacks at two New Zealand Muslim worship sites. Although Tarrant, a white supremacist, initially pleaded not guilty, he changed his plea to guilty in early March 2020. The attacks on two mosques in Christchurch, New Zealand, left 51 people dead and another 40 injured. Tarrant also faces one charge of terrorism, and the accumulated crimes could result in a sentence of life in prison. As of Security Management’s print deadline, no date has been set for a sentencing hearing, which could be delayed by the country’s lockdown in response to the coronavirus pandemic. (The Queen v. Brenton Harrison Tarrant, The High Court of New Zealand Christchurch Registry, No. CRI-2019-009-2468, 2020)