Three faculty members of the University of Illinois College of Law will provide commentary for WILL-AM's Legal Issues in the News, airing Monday mornings at 7:35 am.More from Legal Issues in the News »
By: Sean Anderson Illinois Governor Bruce Rauner says the state will stop letting refugees from Syria resettle here. The civil war in Syria has turned millions of people into refugees, but only about 2200 have been allowed into the United States. The Obama administration plans to admit 10,000 more refugees from Syria in the next fiscal year. Now, in response to news that one or more of the terrorists who murdered at least 129 people in Paris may have been, or been posing as, Syrian refugees, governors of more than half the states have said they will temporarily stop accepting any Syrian refugees. I'll be blunt: I think the governors' move to bar refugees is sheer, mean-spirited demagoguery. But that's not the point of today's commentary. The point is that, if you're like me in deploring the governors' move, then you have reason to rejoice. Because, you see, Rauner and the other governors almost certainly have no legal power to bar resettlement of Syrian refugees, or for that matter any other refugees the federal government properly admits. The Constitution commits some powers to the states and other powers to the federal government. The Supreme Court has said repeatedly over the past 100-plus years that foreign policy, including immigration policy, is firmly on the federal side of tha t ledger. The Court reiterated that point just three years ago, in striking down several Arizona laws regarding immigration. If you're wondering why federal supremacy is so important in this area, just imagine the incoherence of U.S. foreign policy if fifty state governments got to tailor their own relations with other countries, including the terms on which the state would allow immigrants from those countries. With respect to refugees, the federal government has exercised its broad power, in part, by adopting a law called the Refugee Act of 1980. Under that law, the President has broad power to admit refugees, including those fleeing emergencies in their home countries—emergencies like the Syrian civil war. The Refugee Act says the federal government should consult with state authorities before resettling refugees in a state's territory, but it doesn't give states any way to enforce that consultation rule, and in any event the feds don't have to accept the state's recommendations. In short, if the federal government says Syrian refugees will be resettled in Illinois, then Governor Rauner almost certainly has no legal authority to stop it. He might ask the feds not to send refugees here, and he might find ways to make resettlement more difficult, such as by limiting refugees' access to state services, but he can't prevent it. At the national level, of course, Congress can pass legislation barring or restricting resettlement of refugees. In fact, the House of Representatives has already passed some restrictions on Syrian and Iraqi refugees, by a veto-proof margin. The measure seems unlikely to succeed in the Senate, though, let alone by the two-thirds vote necessary to override the President's threatened veto. In the meantime, the governors' announcements about suspending resettlement of Syrian refugees remain little more than empty symbolism—and misguided symbolism at that
If you've been paying attention to the news recently, you'll know that the text of the treaty establishing the Trans-Pacific Partnership was released last week by the Office of the U.S. Trade Representative. This historic agreement is designed to facilitate trade between countries on both side of the Pacific which already account for about 40% of world GDP. The list of potential members includes the U.S., Canada, & Mexico (already bound together by NAFTA), Japan, Australia, Chile, Peru, Singapore, New Zealand, Malaysia, & Vietnam (but not South Korea or China). One section of the agreement that has tongues wagging on both the right and the left provides protection for firms that make an investment outside their own home country. The agreement would provide for private mandatory arbitration of all investment disputes, usually by ICSID, the International Center for Investment Disputes. Disappointed investors will have the ability to sue host states that mistreat their investments. Some conservatives complain that this is a catastrophic giveaway of US sovereignty, while some liberals complain that it empowers US corporations to pillage developing. As a well-known contrarian, I would like to disagree with both sides. First, the provision of protection for foreign investments is virtually the same as that found in the 47 bi-lateral investment treaties that the US has already signed. We been signing agreements of this sort since 1981 and have never lost an arbitration, having only been sued six times. It's hard to see that the investment protection provisions are some sort of massive giveaway of US sovereignty. What the provisions promise foreign investors is non-discriminatory treatment—along with "fair and equitable treatment" and "full protection and security" for investments. "Fair and equitable treatment" requires observing due process when dealing with investments, and "full protection and security" means that our regulatory and security agencies must provide minimally adequate services consistent with international law. It's no surprise that we haven't been successfully sued. These standards are already built into U.S. law. But does investment protection grant US firms excessive power overseas? The most criticized instance is probably Metalclad v. Mexico, a 1997 case involving a U.S. firm trying to site a toxic waste dump close to a small Mexican town. Siting a toxic waste dump is heavily regulated both here and overseas, and Metalclad obtained all the relevant permissions, permits and reassurances from the Mexican government before beginning work. Having satisfied all Mexican laws, they were surprised when a local zoning board declared the waste site an ecological preserve and blocked completion of Metalclad's facility. Metalclad brought an arbitration under NAFTA arbitration rules (very similar to the TPP provisions) and was able to show that under Mexican law, the local government lacked the power to overrule the permission granted by the federal government. It's easy to see why the locals didn't trust the central government in Mexico City, and it's easy to understand why they didn't want a toxic waste dump on their doorstep. However, it's also easy to understand the frustration of Metalclad after they had invested millions of dollars in reliance on the permits issued by the proper legal authority. An illegal action unfairly cost them a large investment. We can take a couple of lessons from the case. First, the result of the arbitration was an award of $17 million to Metalclad, NOT an injunction requiring the dumping of toxic waste in Mexico. States do not cede that sort of sovereignty in these investment treaties. Second, note that the behavior of the local government in Metalclad cost the central government a pile of cash. These investment protection treaties apply not only to the federal governments but also states, counties, municipalities and political sub-divisions, like the University of Illinois. That's right! The U of I research park shouldn't kick out a Malaysian start-up without giving it due process. Of course, the good news is that the feds will be picking up the tab for any misbehavior! I'm Paul Heald.
Fantasy sports involves real money, and lots of it. It also involves real legal problems. These include basic questions about the industry's relationship to gambling and the need to provide a level playing field. These legal problems are the subject of this week's radio commentary.
Another religiously-based challenge to parts of Obamacare may be headed to the Supreme Court.
The Affordable Care Act, known as Obamacare, requires employer-provided health care plans to cover certain preventive services without any out-of-pocket cost to employees or their families. Cancer screenings, immunizations, and a wide range of other services are included. One such service, contraception, has triggered both the Supreme Court’s 2014 decision in the case known as Hobby Lobby and the new challenge.
The latest set of lawsuits are brought by religiously affiliated employers—charities, colleges, orders of nuns, and the like. Obamacare already exempts churches and closely related entities from the contraception requirement. For other religious, non-profit employers, though, the government tried to steer a middle course.
Recognizing that many such employers would have religious objections to providing some or all contraceptives under their plans, the government gave those employers two alternative ways of complying with the law. Both of those ways essentially amount to this: the employer states in writing that it has a religious objection to providing contraceptive services. The burden of providing those services to employees then shifts to the employer’s insurance company or the company that administers the health care plan.
The challengers in the new lawsuits argue that even filling out that piece of paper places what the law—here, the Religious Freedom Restoration Act—calls a “substantial burden” on the employers’ religious freedom, because the paper is designed to lead to someone else providing contraceptives to which the employer has a religious objection. That might sound preposterous to many of us, and quite a few courts have already rejected the claim, but there’s an important background here. Courts in the United States have long been reluctant to inquire into whether a claimed religious belief is sincere, or whether it’s really part of your religion’s doctrine, even if it might seem strange to most of us. That reluctance is, in general, the right approach: imagine judges empowered to declare your religious belief, or mine, insincere or insufficiently grounded in scripture or church doctrine! But even if we assume the employers’ beliefs are sincere, that doesn’t necessarily mean they’re right in their legal conclusion that writing down their objections puts a substantial burden on those beliefs.
If the employers are right that the piece of paper itself imposes a substantial burden, then the government will have to show that the process it requires is the least restrictive way of accomplishing its health care goals. Put differently, there would have to be no other practical way the government could make sure people get access to contraceptive services, while putting less of a burden on the employers’ religious freedom.
So far a whopping seven federal courts of appeals have rejected the new challenge, and only one has accepted it. That one, though, creates what’s called a circuit split and significantly increases the odds that the Supreme Court will agree to hear the issue. If it does, then the government will have to win over at least one of the Justices who ruled against it in Hobby Lobby.
I’m Sean Anderson.
Data Breaches and the Emergence of Cyber Insurance
Insurance is a staple of modern life. If you own a car, many states require you to carry insurance on your car in case of an accident. The federal government now requires individuals to be covered by a health insurance plan.
Insurance shifts the risk of an adverse occurrence from the individual, whose financial well-being could be devastated by one event, to a well-funded company. The company collects premiums from you, essentially calculating that bad things will not happen to many of you, so they won’t have to pay out. You pay the premiums, because the amount that you pay in premiums will probably be significantly less than the amount of money it would take to recover from the accident.
The Identity Theft Resource Center reports that 783 data breaches occurred in the United States in 2014. Millions of records, including yours, have been compromised in recent years. As we speak, a criminal on the Dark Web may have a file that contains your credit card number or social security number.
In 2011, hackers invaded Sony Entertainment and stole information about customers of the PlayStation Network, including credit card numbers. In response, customers sued Sony in a class action. Sony then sued the insurance companies like Zurich that provided Sony with general liability insurance policies, arguing that the insurers were obligated to cover the harms from the data breach. Sony reasoned that the injury was the invasion of their customers’ privacy, and thus should be covered by Zurich’s policy. Zurich disagreed. The trial court also disagreed, concluding that this privacy harm provision of the insurance policy requires publication, and theft of data by hackers was not a publication. Sony appealed, but the case was then settled.
Companies may face an uphill battle when trying to argue that data breaches are part of the risks that their insurance companies are obligated to cover. Currently, there is a move toward explicitly excluding cyber harms from general liability insurance. In response, many companies have started obtaining a new type of insurance that specifically addresses losses from cyberattacks. Such plans may cover the cost of investigating an attack and require the insurance company to pay the damages if the company is successfully sued by its customers for the attack. Current providers include the Ace Group and AIG.
The cyber insurance industry is still developing and learning how to proceed in this environment. In response to recent high profile attacks, many cyber insurance providers recently increased premiums, raised deductibles, and set new coverage limits. When evaluating potential new clients, cyber insurance providers will often conduct intensive reviews of the potential client’s cybersecurity practices. It’s like a car insurance company checking your driving record before issuing a policy. You want coverage just in case something bad happens, and the insurer wants to make sure there isn’t some condition they don’t know about that will make it more likely that something bad will happen.
As data breaches continue to make headlines, companies become more interested in cyber insurance. But insurance can cause what economists refer to as a moral hazard. If the company is confident that they will not have to pay for the harm caused by a data breach, they might have less incentive to make sure their systems are secure. That is one reason why it is very important for insurance providers to include requirements for cybersecurity protection in their policies. The U.S. government probably lacks the authority to require private companies to adopt cybersecurity measures, but if cyber insurers impose the same requirements on their clients, the end result could be more secure systems and fewer data breaches.
I’m Jay Kesan.
Usually the Supreme Court is in the news when it decides a case. But sometimes the Court is in the news because it does nothing at all. That is what happened in U.S. v Newman. The Court refused to hear this high-profile insider trading case. Learn why the Supreme Court's silence matters in this week's radio commentary.
Sometimes funny little cases that don’t make the news contain interesting lessons if we take the time to think about them. One such case decided by the Supreme Court this last June is Kimble v. Marvel Entertainment which takes up the question of whether patent licenses can be written to keep royalties flowing even after the patent has expired.
Imagine you are a small company needing access to expensive patented technology. The patent will expire in five years and the cost of a five-year license is a million dollars. Well, ideally you’d pay $200,000 a year for five years to use the technology, but what if you don’t have the cash? What if you are a struggling start-up and cannot come up with a million dollars so quickly? Well, you might want to suggest a payment plan that takes more time to pay off, just as homeowners do when they finance a house for 30 years instead of 5. The start-up company and the technology owner might rationally agree to stretch out payments over a longer period than five years as a financing mechanism. One way to do this would be for the start-up to pay a small amount up front and then agree to pay a reasonable royalty every year for the use of the technology.
Does such an agreement sound nefarious? Well, in 1964 the Supreme Court in Brulotte v. Thys held that royalty agreements that exceed a patent’s term length are per se illegal and unenforceable. Economists have been howling about the case ever since.
Well, the Supreme Court was asked to reconsider Brulotte last June in a case involving a patent license on a Spiderman toy that was written to exceed the length of the toy’s patent. We economists in-the-know predicted the Court would reverse the silly rule in Brulotte, especially since the case presents an added reason to enforce such agreements.
In Kimble v. Marvel Entertainment, the patentee is actually the little guy, an independent inventor licensing to a multi-billion-dollar media group. Marvel paid Kimble a fixed sum up front and then agreed to pay a 3% yearly royalty on sales of the toy with no fixed end date. Now, why would Marvel engineer such a deal when it certainly has the cash to pay for the entire value of the invention from day one? Well, think about . . . how can anyone really know the present value of the invention? How many toys will be sold? Will it be a flop or a hit? With most patents you have extreme valuation problems before you actually try to make and sell a product. Of course, one way to rationally deal with this uncertainty is to enter into a long-term royalty agreement rather than an outright sale. That way, the risks of success or failure are shared between the parties over time.
Sound reasonable? Well, unfortunately for Mr. Kimble, a lawyer at Marvel ran across the old Brulotte case and argued that Marvel did not have to honor the royalty agreement once the patent expired. The case made its way to the Supreme Court with economists cheering all way for the Court to throw water on the old wicked witch of Brulotte v. Thys.
But funny thing happened. The Court acknowledged the uniform economic condemnation of Brulotte, if not its silliness, but refused to overrule the case. Legal economists were especially shocked because the reasoing in Brulotte itself was so odd. There is nothing in the patent law, for example, about how long royalty agreements can run, and it’s always seemed a very shaky case.
Nonetheless, the Court held firm and told Marvel that it can stop paying Mr. Kimble when the patent expires. Stare decisis, it said, the doctrine embodying the force of legal precedent, means that the Court should only reverse itself in extraordinary circumstances.
How come? Well, stare decisis is also a way for the Court to paint itself as an institution bound by existing law, not an institution that is authorized to search for the best policy. Stare decisis assures institutional integrity and the image of objective decision-making, something the Court badly needs to communicate after Citizens United (which inflamed liberals by holding that corporations have First Amendment rights) and Obergfell (which inflamed conservatives by establishing marriage equality).
Our funny little patent case may in fact be a little piece in a larger story about how the Court intends to rebuild its image as a legal institution.
These are turbulent times in legal education, with U.S. law schools facing multiple challenges to the way they do business.
First, the numbers just aren’t adding up the way they used to. Between 2005 and 2014, the number of law school applicants dropped by more than 40%. In large part, that decline has to do with a sluggish economy: If you don’t think you’ll get a good job after law school—one that will let you pay down the big loans necessary to pay for law school—then you might be less inclined to apply in the first place.
Some schools have responded by enrolling fewer students, but that choice puts a lot of pressure on a school’s bottom line. Cutting just a few students from each year’s class can quickly add up to hundreds of thousands of dollars in lost revenue.
The alternative, for all but the very top-ranked schools, is to keep admitting bigger classes at the cost of accepting, on average, less qualified students. As the number of total applicants shrinks, it becomes harder for a given law school to enroll enough students with high undergraduate grades and admission test scores. So, if the school wants to keep its class size up, it’s forced to admit students with lower numbers.
But that choice can lead the school into a nasty feedback loop. Rankings of law schools depend, in part, on students’ grades and test scores; if those numbers decline, so can the school’s ranking. And a lower ranking makes it harder to attract applicants with higher grades and scores. Even further, students with weaker qualifications entering law school will, on average, have a harder time passing the bar exam and getting good jobs after law school. In turn, if fewer grads pass the bar and find good jobs, the school’s ranking can suffer, and around we go again.
A sustained economic recovery would provide some relief for law schools. As legal jobs become more plentiful, more highly qualified students will choose law school, and some of the ill effects of the past decade could be offset. But there’s also pressure on law schools from practicing lawyers—pressure to focus more on teaching students practical skills and less on seemingly more intellectual pursuits. In addition, there’s pressure to make legal education less expensive, or at least to slow down the growth in its cost.
Those are old debates, but one by-product this time around has been the idea of reducing a standard legal education from three years to two, with the third year spent gaining practical experience in an internship or the like. That idea gained momentum in 2013, when President Obama endorsed it. Some law schools are exploring the idea more enthusiastically than others, but it poses a challenge to the current economic model, which depends on three years of tuition from each student.
Lawyers aren’t going to become obsolete anytime soon, which means law schools won’t either. But that doesn’t mean every existing law school will stay in business, and it doesn’t mean law schools can simply stick with old ways of doing things. I’m Sean Anderson.
On three different occasions between 2008 and 2010, hackers broke into the systems of the Wyndham hotel chain, altogether stealing the payment information of over 619,000 customers. These thefts resulted in over $10.6 million in fraudulent charges to customers’ credit cards. This sounds almost quaint compared to some of the data breaches that have occurred over the last few years, but recent litigation against Wyndham has the potential to completely change how data breaches are handled in the United States.
The Federal Trade Commission, or FTC, has the authority to investigate, fine, and sue companies that violate federal laws prohibiting unfair and deceptive trade practices. In 2012, the FTC sued Wyndham on the theory that Wyndham’s inadequate data security measures met the definition for an unfair or deceptive practice. In 2014, a federal district court in New Jersey agreed and allowed the FTC’s lawsuit to proceed. In late August 2015, a federal appeals court affirmed that the FTC could pursue actions against companies when the inadequate security measures at those companies resulted in data theft by hackers.
The law prohibiting unfair and deceptive trade practices states that when suing a company in federal court, the FTC can seek a civil penalty up to $10,000 per violation. The Wyndham case is proceeding slowly, and no court has decided upon an appropriate penalty. The effects of the Wyndham case on how data breaches are treated nationwide will likely depend on how the courts decide that the penalty should be calculated. If the “violation” was each hacking incident, the penalty might be limited to a maximum of $30,000. On the other hand, with over 7,000 hotels worldwide, counting each hotel as one violation could raise the maximum penalty to over $70 million. Multiplying that number by each major security failing could increase the maximum penalty to several hundred million dollars. If each stolen credit card number counted as one violation, the potential maximum penalty jumps up to over $6 billion. A higher maximum penalty could provide a stronger deterrent against unsafe practices, and increase the incentive for companies to do everything they possibly can to protect your information.
The FTC has brought complaints based on cybersecurity failings in the past, but there are no clear rules about what counts as a single violation in the context of data breaches. The FTC makes most of its decisions on a case by case basis. More clarity in this area is desperately needed. A lot of people are currently urging Congress to enact a federal data breach statute. If such a law is enacted, it should address questions concerning the FTC’s authority and what the appropriate penalties might be. Another option would be for the FTC to draft rules to clarify these important questions.
Data breaches and the resulting epidemic of information insecurity demand timely answers in order to ensure that one company’s cybersecurity failures don’t wreak havoc on your life.
I’m Jay Kesan.
Remember Deflategate? The Patriots and its quarterback Tom Brady were accused of letting air out of footballs used in their championship game with the Colts. Brady was suspended for four games. On September 3, 2015, a federal trial judge vacated Brady’s suspension. He was free to play. Why? And what does Deflategate tell us about legal fair play? Legal Issues commentator Verity Winship has more.