Swire & Kennedy-Mayo on The Effects of Data Localization on Cybersecurity

Peter Swire (Georgia Institute of Technology) and DeBrae Kennedy-Mayo (same) have posted “The Effects of Data Localization on Cybersecurity” on SSRN. Here is the abstract:

This paper is the first systematic examination of the effects of data localization laws on cybersecurity. This paper focuses on the effects of “hard” data localization, where transfer of data is prohibited to other countries. Other “softer” versions of data localization also exist, such as where a country requires a copy of data to be stored or mirrored in the country, but transfer of the data remains lawful. The discussion includes both de jure and de facto effects, including China’s explicit laws, recent enforcement actions in the European Union, and proposed privacy legislation in India. The focus is on effects on cybersecurity defense, rather than offensive cyber measures.

Part I provides background. Part II examines privacy and non-privacy reasons driving localization laws, including examining ways that cybersecurity might either reinforce privacy or exist in tension with it. Part III addresses the research for this paper. In addition to a traditional literature review, we reviewed approximately 200 comments submitted to the European Data Protection Board in late 2020 concerning data transfers. Approximately 25% of the comments discussed data localization or a similar concept.

Part IV provides a new categorization of the effects of data localization on cybersecurity. First, our analysis shows that data localization would threaten an organization’s ability to achieve integrated management of cybersecurity risk. 13 of the 14 ISO 27002 controls, as well as multiple sub-controls, would be negatively affected by data localization. As a specific finding, required localization in two or more nations clearly restricts the ability to conduct integrated cybersecurity management.

Second, the analysis explains how data localization pervasively limits provision of cybersecurity-related services by third parties, a global market of roughly $200 billion currently. Notably, data localization laws supported in the name of cybersecurity often undermine cybersecurity – purchasers in the locality are deprived of best-in-breed cybersecurity services, thereby making them systematically easier targets for attackers. Third, data localization threatens non-fee cooperation on cybersecurity defense. Notably, localization undermines information sharing for cybersecurity purposes, which policy leaders have emphasized as vital to effective cybersecurity.

Finally, until and unless proponents of localization address these concerns, scholars, policymakers, and practitioners have strong reason to consider significant cybersecurity harms in any overall analysis of whether to require localization.

Gervais on AI Derivatives: the Application to the Derivative Work Right to Literary and Artistic Productions of AI Machines

Daniel J. Gervais (Vanderbilt Law) has posted “AI Derivatives: the Application to the Derivative Work Right to Literary and Artistic Productions of AI Machines” (Seton Hall Law Review, Vol. 53, 2022) on SSRN. Here is the abstract:

This Article predicts that there will be attempts to use courts to try to broaden the derivative work right in litigation either to prevent the use of, or claim protection for, literary and artistic productions made by Artificial Intelligence (AI) machines. The Article considers the normative valence and the (significant) doctrinal pitfalls associated with such attempts. It also considers a possible legislative alternative, namely attempts to introduce a new sui generis right in AI productions. Finally, the Article explains how, whether such attempts succeed or not, the debate on rights (if any) in productions made by AI machines is distinct from the debate on text and data mining exceptions.

Ferrandis & Lizarralde on Open Sourcing AI: Intellectual Property at the Service of Platform Leadership

Carlos Muñoz Ferrandis (Max Planck Institute for Innovation and Competition; Universidad de Alicante; Global Innovation, Policy & Law Research Group (GIPLaw-UA)) and Marta Duque Lizarralde (TUM School of Management,Technical University of Munich) have posted “Open Sourcing AI: Intellectual Property at the Service of Platform Leadership” on SSRN. Here is the abstract:

Artificial Intelligence – AI – is one of the most strategic technologies of our century. Consequently, tech companies are adopting intellectual property strategies to protect their investment in the field, which encompasses copyright, patents and trade secrets. While the number of AI-related patent applications is increasing, the number of open source AI projects sponsored by major AI patent holders is also on the rise. This article explores the strategic reasons behind the growing adoption of open source licensing in the AI space. More precisely, it assesses how IP rights are articulated around “openness” as a competitive factor in ecosystem competition, and how some players are using open source licensing successfully to attract a critical mass of users and build an ecosystem around their AI platforms. Moreover, this article integrates the debate on the protectability of AI features by IP rights to assess the potential implications for open source. Finally, it analyses the most used open source licences in AI projects and highlights existing and future challenges from an IP and contractual law perspective.

Meurer on Bilski and the Information Age a Decade Later

Michael J. Meurer (Boston University – School of Law) has posted “Bilski and the Information Age a Decade Later” on SSRN. Here is the abstract:

In the years from State Street in 1999 to Alice in 2014, legal scholars vigorously debated whether patents should be used to incentivize the invention of business methods. That attention has waned just as economists have produced important new research on the topic, and just as artificial intelligence and cloud computing are changing the nature of business method innovation. This chapter rejoins the debate and concludes that the case for patent protection of business methods is weaker now than it was a decade ago.

Hine & Floridi on A Comparative Analysis of American and Chinese Governmental AI Policies

Emmie Hine (Oxford Internet Institute) and Luciano Floridi (Oxford Internet Institute; U Bologna Law) have posted “Artificial Intelligence with American Values and Chinese Characteristics: A Comparative Analysis of American and Chinese Governmental AI Policies” on SSRN. Here is the abstract:

As China and the United States strive to be the primary global leader in AI, their visions are coming into conflict. This is frequently painted as a fundamental clash of civilisations, with evidence-based primarily around each country’s current political system and present geopolitical tensions. However, such a narrow view claims to extrapolate into the future from an analysis of a momentary situation, ignoring a wealth of historical factors that influence each country’s prevailing philosophy of technology and thus their overarching AI strategies. In this article, we build a philosophy-of-technology-grounded framework to analyse what differences in Chinese and American AI policies exist and, on a fundamental level, why they exist. We support this with Natural Language Processing methods to provide an evidentiary basis for our analysis of policy differences. By looking at documents from three different American presidential administrations––Barack Obama, Donald Trump, and Joe Biden––as well as both national and local policy documents (many available only in Chinese) from China, we provide a thorough comparative analysis of policy differences. This article fills a gap in US-China AI policy comparison and constructs a framework for understanding the origin and trajectory of policy differences. By investigating what factors are informing each country’s philosophy of technology and thus their overall approach to AI policy, we argue that while significant obstacles to cooperation remain, there is room for dialogue and mutual growth.

Yueh-Ping Yang on When Jurisdiction Rules Meet Blockchain

Alex Yueh-Ping Yang (National Taiwan University – College of Law) has posted “When Jurisdiction Rules Meet Blockchain: Can the Old Bottle Contain the New Wine?” on SSRN. Here is the abstract:

The distributed nature of blockchain poses challenges to the existing legal system, notably the jurisdiction rules addressing court jurisdiction and governing laws. The In re Tezos case, a securities law dispute brought in the District Court of Northern District of California of the United States, was the case facing this particular challenge. In this paper, I conduct a case study of the In re Tezos case to illustrate how the distributed nature of blockchain impacts the determination of court jurisdiction and governing law in the securities regulation context. I argue that while the internet has already complicated those effect-based jurisdiction rules, blockchain further complicated those conduct-based jurisdiction rules. With this understanding, I offer several principles for addressing the jurisdiction issues in cases involving blockchain-based securities. Specifically, I propose an effect-based jurisdiction rule limited by a de minimis exception to mitigate blockchain’s impact, enhance legal certainty, and promote international coordination.

Sokol on A Framework for Digital Platform Regulation

D. Daniel Sokol (USC Gould School of Law; USC Marshall School of Business) has posted “A Framework for Digital Platform Regulation” (Competition Law International Vol 17 2021) on SSRN. Here is the abstract:

In rapid succession, a number of jurisdictions have moved away from focusing on antitrust enforcement to the proposed regulation of digital platforms. Ostensibly, the regulatory focus is about competition and potential concerns that traditional ex post enforcement may be ill-equipped to address the power of digital platforms. This article focuses on the realities of what platform regulation might mean, and how to better frame and structure the nature of appropriate regulation. This article first identifies a number of the different approaches to regulation that various jurisdictions have put forward, and then lays out six basic principles for platform regulation to help address some of the potential harms that such approaches may unwittingly be pursuing. Without guiding principles, platform regulation will be counter-productive by destroying the value creating aspects of platforms – stifling innovation, increasing prices and potentially distorting non-price factors of competition such as quality.

Lee on Licenses for CryptoPunks NFTs

Edward Lee (Chicago-Kent College of Law) has posted “The Cryptic Case of the CryptoPunks Licenses: The Mystery Over the Licenses for CryptoPunks NFTs” on SSRN. Here is the abstract:

The CryptoPunks NFT collection, produced by Larva Labs, is the highest-grossing NFT collection to date. Sales have surpassed $1.6 billion. That figure is all the more astounding given that Larva Labs gave away all 10,000 CryptoPunks NFTs for free in 2017. Christie’s has described the CryptoPunks as “the alpha and omega of the CyptoArt movement.” Adding to their mystique is a legal mystery: What content license governs the use of the CryptoPunks artwork and characters? Shockingly, Larva Labs distributed the 10,000 CryptoPunks NFTs without any written content license in 2017. Apparently, one of the Larva Labs co-founders John Watkinson later adopted the open-source NFT License in 2019 to apply to the CryptoPunks NFTs. But that adoption was in a chat on Discord, a social media platform. Mysteriously, Larva Labs has not officially adopted the NFT License in the Terms and Conditions for the CryptoPunks NFTs on its website. This Article dissects the cryptic case of the CryptoPunks licenses.