By: Shakira Ramirez (Managing Editor, 2024-25) - originally posted Oct. 23, 2023

In today’s digital age, people across the globe are choosing to video conference their personal, business, and formal meetings. Now, there are Artificial Intelligence tools, such as Otter.ai that can attend a meeting as your own personal virtual assistant, take screenshots of the presentation and send you a live transcript of the entire meeting.[1]  A quick download is tempting, however, take a moment to actually read Otter.ai’s Privacy Policy. Otter.ai’s privacy policy states, “We obtain explicit permission (e.g. when you rate the transcript quality and check the box to give Otter.ai and its third-party service provider(s) permission to access the conversation for training and product improvement purposes) for manual review of specific audio recordings to further refine our model training data.”[2]

During my internship, I saw the implications of an AI Assistant recording and transcribing meetings that were confidential. For example, Otter.ai can attend a scheduled Zoom meeting without your presence and attend on your behalf. Otter.ai then sends a general message letting the Zoom participants of the meeting know that the meeting is being recorded, and transcribed live. This was alarming to multiple people attending this meeting because the information was confidential, this led the host of the meeting frantically removing all AI assistants. This led to issues of privacy and potential breach of confidentiality in meetings. Immediately, the company decided to limit the use of all types of artificial intelligence assistance to maintain privacy. The reasoning for this decision was that new forms of AI assistants are being constantly being developed and the company did not want their sensitive data to be used in the artificial intelligence data model training. This prompted an educational informational meeting, and all employees were told to check in with the legal and security department before downloading or using any form of artificial intelligence.

Artificial Intelligence systems are being used in various sectors including journalism. Recently, a journalist by the name Phelim Kine interviewed a human rights advocate named Mustafa Aksu.[3] Mustafa Aksu is a part of the Uyghur Human Rights Project, a research-based program that promotes the civil rights of Uyghurs and other Turki Muslim peoples in East Turkistan.[4] Phelim used Otter.ai to transcribe the phone interview, and the next day Phelim decided an email stating, “Hey Phelim, to help us improve your Otter’s experience, what was the purpose of this particular recording with titled ‘Mustafa Aksu’ created at ‘2021-11-08 11:02:41’?”[5] When Phelim decided to contact Otter.ai seeking to confirm if this was a real survey or phishing attempt, Otter.ai originally confidence the survey was legitimate, but then followed with a denial from the same Otter.ai representative, and Phelim was told to “not respond to that survey and delete it.” [6] This lead Phelim to ask clarifying questions to Otter.ai such as, “whether it shares user data with non-U.S. government or law enforcement agencies,” and Otter.ai’s response was, “We disclose Personal Information if we are legally required to do so, or if we have a good faith belief that such use is reasonably necessary to comply with a legal obligation, process or request.”[7] As a journalist this made Phelim hyperaware of the alarming privacy tradeoff of using an AI assistance for ease of transcribing.[8]

As users look for convenience in relying on artificial intelligence assistant systems, we must be aware of what, if any privacy measures we have in using those services. Caveat emptor might be the standard that is applied when relying on AI assistant systems, therefore, it is highly suggested to read the privacy policy before downloading and ask yourself, “Is the convenience worth subjecting my personal material to an artificial intelligence data model training system?”

Endnotes:

[1] Otter Quick Start Guide, https://help.otter.ai/hc/en-us/categories/360002285334-Getting-started (choose “Otter Quick Start Guide”) (last visited Sept. 26, 2023).

[2] Otter.ai Privacy Policy, (June 14, 2023) https://otter.ai/privacy-policy.  

[3] Phelim Kine, My Journey Down the Rabbit Hole of Every Journalist’s Favorite App, Politico (Feb.16, 2022 12:00pm), https://www.politico.com/news/2022/02/16/my-journey-down-the-rabbit-hole-of-every-journalists-favorite-app-00009216.

[4]Who We Are, Uyghur Human Rights Project, https://uhrp.org/about/ (last visited Sep. 26, 2023).

[5] Kine, supra note 3.

[6]Id.

[7]Id.

[8]Id.

By: James J. Park (Managing Research Editor 2024-25) - originally posted Oct. 26, 2023

On February 21, 2023, the United States Copyright Office (USCO) extended protection for creative works using AI-generative tools by granting limited copyright protection for Kristina Kashtanova’s comic book, Zarya of the Dawn. The USCO found that in its application of the Feist test[1], the text contained more than the required level of “modicum of creativity” and was thus registrable.[2] As such, although the individual comic panels were not found to be copyright protected, Kashtanova’s authorship was.[3]

This finding by the United States Copyright Office was surprising given how narrowly it ruled previously in similar cases. In Thaler v. Perlmutter for example, the DC District Court there ruled against the creator of an AI art generating tool that accepted written prompts, holding that “human authorship is a bedrock requirement of copyright.”[4] In Naruto v. Slater, Naruto, a macaque monkey, took a photographer’s camera to take several selfies. After the photographer published a book with the selfies, PETA filed a next friends suit on behalf of Naruto. The 9th Circuit Court of Appeals ruled against Naruto, interpreting the Copyright Act to apply only to humans.[5]

The USCO ruled ambiguously that AI generated art is copyrightable if there is “sufficient amount of original authorship.”[6] For Kashtanova’s comic, the USCO found one defining characteristic in Zarya of the Dawn that warranted copyright protection: her conscious arrangement of the AI-generated art. The USCO stated in its letter to Kashtanova’s attorney that it found her “selection and arrangement of images and texts” as protectable in compilation.[7]

In contrast, however, it did not find her copyright claims to some of the comic panels sufficient. The Compendium of U.S. Copyright Office Practices (Third Edition) states that sufficient modifications, edits, or revisions to otherwise unprotected material may amount to copyright protection.[8] Although Kashtanova made edits to some of the AI-generated images in Photoshop (characters’ mouth shapes, shading, age lines)[9], these were deemed as insufficient for copyright protection. The USCO emphasized the significant distance between the written prompt entered into Midjourney, the AI art generating tool used by Kashtanova, and the produced image. “Midjourney users lack sufficient control over generate images to be treated as the ‘master mind’ behind them.”[10]

Endnotes:

[1]See Feist Publ’ns, Inc. v. Rural Tel. Serv. Co., 499 U.S. 340, 361 (1991).

[2] Letter from Robert J. Kasunic, United States Copyright Office, to Van Lindberg, Re: Zarya of the Dawn (Registration # Vau001480196) at 4 (Feb. 21, 2023) (on file with U.S. Copyright Office) (https://copyright.gov/docs/zarya-of-the-dawn.pdf).

[3]Id. at 1.

[4] Thaler v. Perlmutter, No. 22-1564 (BAH), 2023 U.S. Dist. LEXIS 145823, at *11.

[5] Naruto v. Slater, 888 F.3d 418, 426 (9th Cir. 2017).

[6] Kasunic, supra note 2.

[7]Id. 

[8] U.S. Copyright Office, Compendium of U.S. Copyright Office Practices § 313.2 (3d ed. 2021).

[9] Kasunic, supra note 2.

[10]Id. at 9.

By: Jonathan Lu (Managing Editor, 2024-25) - originally posted Oct. 26, 2023

The meteoric rise and subsequent fall of cryptocurrency values has shown that the legal landscape around cryptocurrency is still developing. XRP is a cryptocurrency developed by Ripple Labs in 2012 as an alternative to Bitcoin.[1] XRP has the fifth highest market capitalization out of all cryptocurrencies and is traded on major exchanges including Binance, BTCEX, and Deepcoin.[2]  XRP made headlines on December of 2020 when the Securities and Exchange Commission (SEC) sued Ripple for violating the Securities Act by selling XRP as an unregistered security.[3] On July 17th, 2023, Judge Analisa Torres in SEC v. Ripple Labs, Inc[4] held that the sale of XRP on public exchanges were not offers of securities.[5] However the court awarded the SEC a partial victory by finding that Ripple’s sale of $728 million of XRP directly to hedge funds did amount to the sale of unregistered securities.[6]

Section 5 of the Securities Act states that it is unlawful to sell a security unless it is registered with the SEC.[7] The most important question in deciding this case was whether or not XRP is a security.[8] In 1946, the Supreme Court created the Howey Test to evaluate whether assets are subject to U.S. securities laws.[9] A security under the Howey Test is an investment of money in a common enterprise to be derived from the efforts of others.[10] Using the Howey Test, Judge Torres ruled that sales of XRP on public exchanges are not offers of securities because “purchasers did not have a reasonable expectation of profit tied to Ripple’s efforts”.[11] Retail purchasers of XRP on public exchanges do not know if they are buying XRP from Ripple or from other private sellers.[12] However, Judge Torres ruled that Ripple’s direct sales and marketing to institutional investors such as hedge funds did make it clear that such investors could depend on Ripple’s efforts to increase the value of XRP.[13]

Proponents of cryptocurrencies celebrate SEC v. Ripple Labs, Inc as a victory, but the fight is not over yet.[14] On August 9th, 2023, the SEC filed an appeal.[15] If the 2nd Circuit reverses and rules in favor of the SEC, then the SEC will have its first precedential case law on how to apply the Howey Test to cryptocurrency.[16] In light of the SEC’s current actions against Coinbase and Binance, the 2nd Circuit’s decision will shape the legal landscape of cryptocurrency.[17]

Endnotes:

[1] Tobi Amure, What is XRP?, Investopedia (Aug. 1, 2023), https://www.investopedia.com/what-is-xrp-6362550.

[2]Id.

[3]Id.

[4] SEC v. Ripple Labs, Inc., 20 Civ. 10832 (AT), 2023 WL 4507900 at *8 (S.D.N.Y. July 13, 2023).

[5] Jody Godoy, Ripple Labs Notches Landmark Win in SEC Case over XRP Cryptocurrency, Reuters (July 13, 2023, 5:26 PM), https://www.reuters.com/legal/us-judge-says-sec-lawsuit-vs-ripple-labs-can-proceed-trial-some-claims-2023-07-13/.

[6]Id.

[7]Ripple Labs, Inc., 2023 WL 4507900, at *5.

[8]Id.

[9] Nathan Reiff, Howey Test Definition: What It Means and Implications for Cryptocurrency, Investopedia (July 31, 2023), https://www.investopedia.com/terms/h/howey-test.asp.

[10] S.E.C. v. W.J. Howey Co., 328 U.S. 293, 299 (1946).

[11] Godoy, supra note 5.

[12]Id.

[13]Id.

[14] Peter Fox et al., Ripple v. SEC: Why the Crypto Industry may have Celebrated too Early, Fortune (Aug. 10, 2023, 6:28 AM), https://fortune.com/2023/08/10/ripple-v-sec-crypto-industry-may-have-celebrated-too-early-peter-fox/.

[15] Nikhilesh De, SEC Will Appeal XRP Ruling in Case Against Ripple, Coindesk (Aug. 9, 2023, 5:33 PM), https://www.coindesk.com/policy/2023/08/09/sec-will-appeal-xrp-ruling-in-case-against-ripple-regulator-says/.

[16] Fox, supra note 14.

[17]Id.

By: Christina Little (Publication Editor 2024-25) - originally posted Oct. 26, 2023

The Federal Rules of Evidence (FRE) outlines the types of self-authenticating evidence in Rule 902[1]. In particular, FRE 902(14) describes the two-step procedure for certified data copied from an electronic device, storage medium, or file[2]. To be self-authenticating, the first requirement is that the data must be offered with a certification by a qualified individual per FRE 902(11) or (12)[3].  The second requirement is that notice of intent to use the data as evidence must be given per FRE 902(11)[4]. In practice, FRE 902(14) can be used to admit inter alia, data[5], texts[6], and recordings[7].  

The intent behind requiring a certification is to save costs and time spent on authentication witnesses[8]. The Advisory Committee reasons that often after a party retains a qualified individual, either the parties stipulate as to the evidence’s authenticity or no objection is made to the individual’s authentication testimony[9].

The purpose behind requiring notice of intent[10] to use certified data is that the opposing party will have sufficient time to prepare to challenge the admission or merits of the evidence[11]. Notably, this allows challenges to the authentication to be made before the trial begins[12]. Proper authentication does not prevent the opposing party from objecting to the material on other grounds, such as hearsay, relevance, etc.[13] However, the notice may lead to Motions to Exclude or Suppress Evidence on grounds other than authentication.

Further, the Advisory Committee notes that hash values are commonly used to authenticate data copied from an electronic device, storage, medium, or file[14]. Hash values are a series of numbers that identify data[15]. Hash values can be thought of as a unique fingerprint for data[16]. Accordingly, a qualified individual can authenticate the offered data evidence by certifying that the hash code of the original data and the copy before the court are identical[17]. Likewise, a qualified individual can certify the offered data evidence’s hash code does not match the original’s and that it is an altered copy[18]. Interestingly, the Advisory Committee leaves room in FRE 902(14) for authentication through other means as technology develops[19].

Endnotes:

[1] Fed. R. Evid. 902.

[2] Fed. R. Evid. 902(14).

[3] Id.

[4] Id.

[5] United States v. Hagen, No. 3-19-CR-0146-B, slip op. at 9 (N.D. Tex. June 3, 2021).

[6] United States v. Anderson, No. 22-1237, slip op. at 7 (6th Cir. May 12, 2023).

[7] United States v. DeLeon, 428 F. Supp. 3d 716, 749 (D.N.M. 2019).

[8] Fed. R. Evid. 902(14) advisory committee’s note to 2017 amendment.

[9] Id.

[10] Fed. R. Evid. 902(11).

[11] Fed. R. Evid. 902(14) advisory committee’s note to 2017 amendment.

[12] Id.

[13] Id.

[14] Id.

[15] Bill Wagner, et al. Ensuring Data Integrity with Hash Codes, Microsoft, (Jan. 3, 2023), https://learn.microsoft.com/en-us/dotnet/standard/security/ensuring-data-integrity-with-hash-codes.

[16] See id.

[17] Fed. R. Evid. 902(14) advisory committee’s note to 2017 amendment.

[18] Id.

[19] Id.