Photo of Keeley Sawyer

In one of the first lawsuits to allege that generative AI companies violate the U.S. Copyright Act by using copyrighted works to train machine learning models, Judge Stephanos Bibas of the Delaware Circuit Court recently denied the majority of issues raised in cross motions for summary judgment filed by plaintiff Thomson Reuters and defendant Ross Intelligence Inc.  The court declined to issue a dispositive ruling on the hot-button question of whether the fair use doctrine protects generative AI companies that use copyrighted materials to train their programs.

Thomson Reuters (owner of Westlaw) sued Ross Intelligence, a legal-research generative AI startup, in May 2020, alleging that Ross was liable for both copyright infringement and tortious interference with contract.  The allegations against Ross stem from its endeavor to create a search engine that uses machine learning and artificial intelligence to provide answers to commonly asked legal questions.

In need of material to train its generative AI, Ross attempted to obtain a license to use Westlaw.  When Westlaw turned Ross away, it asked third-party legal research companies to provide it with legal material — much of which those legal research companies obtained from Westlaw.  Thomson Reuters contends that Ross copied large portions of Westlaw’s Headnotes and Key Number System.Continue Reading AI Versus Westlaw Copyright Bellwether Hurtles Toward Jury as Summary Judgment Largely Denied

Much ink has been spilled over the Executive Order Enhancing Safeguards for United States Signals Intelligence Activities (the “Executive Order”) signed by President Biden in early October.  The Executive Order is supposed to establish the United States’ commitments reflected in the March 25, 2022 joint EU-U.S. announcement of the Trans-Atlantic Data Privacy Framework (the “Framework”).  While the Framework is described as an “agreement in principle” to facilitate cross-border transfer of personal data, the Executive Order is supposed to go further, toward actually implementing the promised protective measures.  But does it?
Continue Reading Does the Latest Move in Trans-Atlantic Privacy Really Change the Game?

A recent criminal verdict against a former Uber executive highlights the serious potential risks associated with concealing data breaches and using “bug bounty” programs as a means to hide hacking by threat actors. In early October, former Uber chief security officer Joe Sullivan was convicted of federal charges by unanimous verdict after four days of deliberation. The charges stemmed from payments Sullivan authorized to two hackers who breached the company’s data in 2016. This conviction came as a surprise to many security professionals. Many anticipated his acquittal because Sullivan had kept Uber’s CEO and others who were not charged informed of his actions. However, highlighting the insufficiency of this approach, Sullivan was found guilty of obstructing justice for failing to inform the Federal Trade Commission of the breach and of actively hiding a felony.
Continue Reading Sweeping Data Breaches Under the Bug Bounty Rug: Verdict against former Uber chief security officer highlights the risk of personal criminal liability for executives