Uncategorized

Ethan Mobley, MJLST Staff Member

Recently, an FDA-commissioned panel recommended the Administration approve a cancer fighting drug developed by Novartis called EP2006. The recommendation is significant because if the FDA follows the panel’s advice and approves the drug, it will be the first time the FDA has approved a “biosimilar” drug under the Biologics Price Competition and Innovation Act (BPCI Act). A biosimilar drug is a drug that is “interchangeable” with or “highly-similar” to a biological drug already licensed by the FDA. In the words of the FDA, “[a] biological product may be demonstrated to be ‘biosimilar’ if data show that the product is ‘highly similar’ to the reference product notwithstanding minor differences in clinically inactive components and there are no clinically meaningful differences between the biological product and the reference product in terms of safety, purity and potency.” Interestingly, a biosimilar drug is not considered to be a generic version of its already-approved counterpart– only bioequivalent drugs could be generics. Nonetheless, biosimilar drugs are still desirable for consumers because they are subject to an expedited approval process compared to their already-approved counterpart. Such drugs would be readily substitutable by a pharmacist without requiring the prescriber’s permission.

In this case, the panel advised the FDA that EP2006 is biosimilar to Amgen’s medication, Nuopogen (filgrastim), which is used to boost white-blood cell production in the body. Unfortunately, Neupogen is predictably expensive. But, introduction of EP2006 into the market would make cancer-fighting medication more price-accessible for many patients. Such a decrease in price would necessarily follow from increased competition for a white blood cell-producing drug and the reduced development costs of EP2006 attributable to the expedited approval process under the BPCI Act. Ideally, a groundbreaking approval of EP2006 under the BPCI Act would also pave the way for other price-accessible medication meant to treat all sorts of ailments.

Erin Fleury, MJLST Managing Editor

Earlier this year, the general public became acutely aware of the Heartbleed security bug which exposed vast amounts of encrypted data from websites using OpenSSL technology (estimated to affect at least 66% of active websites). Software companies are still fixing these vulnerabilities but many servers remain vulnerable and surely victims could continue to suffer from these data breaches long after they occurred. While Heartbleed, and the fact that it was around for nearly two years prior to detection, is troubling by itself, it also raises concerns about the scope of the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. §1030, and white-hat hackers.

The CFAA prohibits “intentionally accessing a computer without authorization or exceed[ing] authorized access” and thereby “obtain[ing] information from a protected computer.” See § 1030(a)(2). It would appear that the Heartbleed bug operates by doing exactly that. In very simplistic terms, OpenSSL authorizes limited requests for information but Heartbleed exploits a flaw to cause systems to send back far more than what is intended. Of course, the CFAA is meant to target people who use exploits such as this to gain unauthorized access to computer systems, so it would seem that using Heartbleed is clearly within the scope and purpose of the CFAA.

The real problem arises, however, for people interested in independently (i.e. without authorization) testing a system to determine if it is still susceptible to Heartbleed or other vulnerabilities. With Heartbleed, the most efficient way to test for the bug is to send an exploitive request and see if the system sends back extra information. This too would seem to fall squarely within the ambit of the CFAA and could potentially be a violation of federal law. Even testing a website which has been updated so that it is no longer vulnerable could potentially be a violation under §1030(b)(“attempting to commit a violation under subsection (a)”).

At first glance it might seem logical that no one should be attempting to access systems they do not own, but there are a number of non-nefarious reasons someone might do so. Perhaps customers may simply wish to determine whether a website is secure before entering their personal information. More importantly, independent hackers can play a significant role in finding system weaknesses (and thereby helping the owner make the system more secure), as evidenced by the fact that many major companies now offer bounty programs to independent hackers. Yet those who do not follow the parameters of a bounty program, or who discover flaws in systems without such a program, may be liable under the CFAA because of their lack of authorization. Furthermore, the CFAA has been widely criticized for being overly broad because, among other reasons, it does not fully distinguish between the reasons one might “exceed authorization.” Relatively minor infractions (such as violating the Terms of Service on MySpace) may be sufficient to violate federal law, and the penalties for fairly benevolent violations (such as exploiting security flaws but only reporting it to the media rather than using the obtained information for personal gains) can seem wildly disproportional to the offense.

These security concerns are not limited to websites or the theft of data either. Other types of systems could pose far greater safety risks. The CFAA’s definition of a “protected computer” in § 1030(e)(1-2) applies to a wide range of electronics and this definition will only expand as computers are integrated into more and more of the items we use on a daily basis. In efforts to find security weaknesses, researchers have successfully hacked and taken control of implantable medical devices or even automobiles. Merely checking a website to see if it is still susceptible to Heartbleed is unlikely to draw the attention of the FBI, so in many ways these concerns can be dismissed for the simple reason that broad enforcement is unlikely and, of course, many of the examples cited above involved researchers who had authorization. Yet, the CFAA’s scope is still concerning because of the chilling effect it could have on research and overall security by dissuading entities from testing systems for weaknesses without permission or, perhaps more likely, by discouraging individuals from disclosing these weaknesses when they find them.

Without question, our laws should punish those who use exploits (such as Heartbleed) to steal valuable information or otherwise harm people. But the CFAA also seems to apply with great force to unauthorized access which ultimately serves a tremendous societal good and should be somewhat excusable, if not encouraged. The majority of the CFAA was written decades ago and, while there have been recent efforts to amend it, it remains a highly-controversial law. Surely, issues surrounding cybersecurity are unlikely to disappear anytime soon. It will be interesting to see how courts and lawmakers react to solve these challenging issues in an evolving landscape.

Becky Huting, MJLST Editor

To date, at least 19 women have come forward accusing Bill Cosby of some type of sexual abuse. The majority of the women have told similar stories that involve some variant of being drugged, sexually assaulted, or being drugged and also sexually assaulted by Cosby. The New York Times recently published a piece entitled “When a Rapist’s Weapon is a Drug” that talks about a particular kind of paraphilia that some hypothesize is present in Cosby: a sexual deviation that involves drugging and raping unconscious partners. While it is important to note there is no indication of any formal diagnoses of Cosby (nor of criminal charges), this narrative has opened the dialogue about the contours of sexual disorder diagnosis and what it might mean in our legal regime.

The DSM, or Diagnostic and Statistical Manual of Mental Disorders, is authored by the American Psychiatric Association (APA) and offers a standardized classification of mental disorders. According to the APA, the DSM is “intended to be applicable in a wide array of contexts and used by clinicians and researchers of many different orientations (e.g., biological, psychodynamic, cognitive, behavioral, interpersonal, family/systems).” The DSM’s 5th Edition (DSM 5) is the 2013 update to the APA tool, superseding the last (DSM-IV-TSR), which was published in 2000.

Paraphilic disorders are defined by an unusual sexual preference that becomes compulsive. The DSM 5 contains eight distinct groups of disorders that constitute paraphilia. They include: exhibitionistic disorder, fetishistic disorder, frotteuristic disorder (arousal from touching or rubbing against a stranger), pedophilic disorder, sexual masochism disorder, sexual sadism disorder, transvestite disorder, and voyeuristic disorder.

Now returning to Cosby: date rape incidents involving drugs being dosed to victims are very common. Alcohol is the most commonly used drug in sexual assaults, but some perpetrators use so-called “knock-out” drugs. Experts view the motives for the former simple opportunism, but some of the latter category of druggers have a different motive in mind: they like unresponsive partners. This preference for unconscious partners, and the erotic arousal dependent upon intruding upon an unresponsive partner, and sometimes waking the person, is being labeled “sleeping beauty syndrome” or “Somnophilia.” Somnophilia is a less common compulsion, but under a more common umbrella of a motive guided by coercion where the perpetrator is aroused by domination of their drugged partner.

According to Dr. Michael First, a psychiatrist and editorial consultant on the new DSM 5, the kind of coercion and domination achieved by drugging a partner is common enough that the APA actually contemplated adding it as a distinct diagnosis as a paraphilia disorder, but the idea was shelved in part because of concerns that doing so would give rapists added recourse in legal cases. This should be of interest for legal practitioners: it begs the question – should doctors be thinking about legal implications when they classify disorders? If they are indeed guided by what might be a legal defense, one could imagine the whole composition of the DSM changing tomorrow. Just a couple examples come quickly to mind. Schizophrenia is a widely accepted mental disorder included on the DSM, and yet is not infrequently used to bolster a legal defense for very horrific crimes. Consider also sleep-walking disorders. These too are on the DSM 5, and yet, criminal defendants have been known to use sleep-walking as a legal defense for equally ghastly crimes. It seems incongruous to say that leaving these kind of “excusing” mental disorders off is the policy here. They are already on the DSM, and criminal defendants have used them for quite some time. If the APA is willing to sacrifice classifying valid mental disorders in the name of some sense of legal responsibility, they must also consider the consequences for the field of psychiatry and the name of treatment.

Clearly here the concern by the American Psychiatric Association is that giving disorders like Somnophilia a name legitimizes it – those ostensibly like Bill Cosby will now have a diagnosis to stand behind in court. They can say: “it wasn’t my fault, it’s my disposition. I have a disorder.” (It is also unclear that a jury would give any sympathetic weight or credence to this). But the clear question is whether lawyers want doctors doing the legal work for them behind the scenes. Will psychiatry and its patients actually benefit by this kind of legal policy gut-checking, or should we just ask politely ask doctors to do what they do best – classify, diagnose, and treat?

Paul Overbee, MJLST Editor

A large portion of society does not put much thought into what they post on the internet. From tweets and status updates to YouTube comments and message board activities, many individuals post on impulse without regard to how their messages may be interpreted by a wider audience. Anthony Elonis is just one of many internet users that are coming to terms with the consequences of their online activity. Oddly enough, by posting on Facebook Mr. Elonis took the first steps that ultimately led him to the Supreme Court. The court is now considering whether the posts are simply a venting of frustration as Mr. Elonis claims, or whether the posts constitute a “true threat” that will direct Mr. Elonis directly to jail.

The incident in question began a week after Tara Elonis obtained a protective order against her husband. Upon receiving the order, Mr. Elonis posted to Facebook, “Fold up your PFA [protection-from-abuse order] and put it in your pocket […] Is it thick enough to stop a bullet?” According the Mr. Elonis, he was trying to emulate the rhyming styles of the popular rapper Eminem. At a later date, an FBI agent visited Mr. Elonis regarding his threatening posts about his wife. Soon after the agent left, Mr. Elonis again returned to Facebook to state “Little agent lady stood so close, took all the strength I had not to turn the [expletive] ghost. Pull my knife, flick my wrist and slit her throat.”
Due to these posts, Mr. Elonis was sentenced to nearly four years in federal prison, and Elonis v. United States is now in front of the Supreme Court. Typical state statutes define these “true threats” without any regard to whether the speaker actually intended to cause such terror. For example, Minnesota’s “terroristic threats” statute includes “reckless disregard of the risk of causing such terror.” Some states allow for a showing of “transitory anger” to overcome a “true threat” charge. This type of defense arises where the defendant’s actions are short-lived, have no intent to terrorize, and clearly are tied to an inciting event that caused the anger.

The Supreme Court’s decision will carry wide First Amendment implications for free speech rights and artistic expression. A decision that comes down harshly on Mr. Elonis may have the effect of chilling speech on the internet. The difference between a serious statement and one that is joking many times depends on the point of view of the reader. Many would rather stop their posting on the internet instead of risk having their words misinterpreted and charges brought. On the other hand, if the Court were to look towards the intent of Mr. Elonis, then “true threat” statutes may lose much of their force due to evidentiary issues. A decision in favor of Mr. Elonis may lead to a more violent internet where criminals such as stalkers have a longer leash in which to persecute their victims. Oral argument on the case was held on December 1, 2014, and a decision will be issued in the near future.

Kirsten Johanson, MJLST Staff Member

Over the last few years, companies and private individuals have fully embraced novel space activities. Felix Baumgarner completed a space jump with the Red Bull Stratos making him the first human to break the sound barrier without any engine power. SpaceX developed the first reusable rocket, the Grasshopper, and was the first private company to deliver a shipment to the International Space Station. Recently, for the first time in history, the European Space Agency’s Rosetta mission successfully landed its space probe, Philae, on a comet. All of these ventures pushed the boundaries of space exploration beyond limits previously imagined and all indications are that such ventures will continue. One such undertaking is the concept of asteroid mining.

Asteroid mining is exactly what it sounds like–humans landing equipment on asteroids (and other celestial bodies) and mining for the minerals that exist on such bodies. This concept might seem far-fetched but, in reality, it is a serious topic of debate primarily because of the usefulness of the minerals that exist in the crust of asteroids. NASA has released an estimate “that the mineral wealth resident in the belt of asteroids between the orbits of Mars and Jupiter would be equivalent to about 100 billion dollars for every person on Earth today.” The reason such minerals are so valuable is because of their potential usefulness in “developing the space structures and in generating the rocket fuel that will be required to explore and colonize our solar system in the twenty-first century.”

Today, the physical process of actually mining these minerals is still not cost-effective. As a result, the bigger debate on this issue is currently over the legal implications of mining these minerals and returning them to earth. In space, no single country’s laws apply but, in 1967, over one hundred countries signed the United Nations’ Outer Space Treaty of 1967. This treaty is the current law governing space and it prevents the appropriation of outer space or any celestial body in space by any nation in its space explorations. While this law unequivocally applies to sovereign nations, the recent dispute is over the extension of this treaty to private companies participating in asteroid mining. If it does not, companies like Deep Space Industries, Planetary Resources, SpaceX, or other private players in the space exploration field could begin developing mining procedures that would give them rights to any mined asteroid minerals. However, if it does extend to private companies, this opportunity will likely die before it gets started.

Many in the public and private sector in the United States are pushing for a narrow application of the law to nations which would leave open a huge industry for private development. In Congress, the American Space Technology for Exploring Resource Opportunities In Deep Space (ASTEROIDS) Act was recently introduced in the House of Representatives to officially clarify the law. The Act states that “[a]ny resources obtained in outer space from an asteroid are the property of the entity that obtained such resources.” This would mean that any asteroid mining company would have unlimited access and appropriation rights over any asteroid materials they mine but not over the asteroid itself.

Proponents of such a reading have introduced various statutory interpretation arguments that get them to this conclusion, but it is still unclear which of these will likely be the winning argument. Or even if there will be a winning argument. While asteroid mining does present significant opportunities well into the future, it is still a long-term venture unlikely to launch anytime soon. As a result, if the ASTEROID Act does find enough support in Congress, that is only the first step. The United States will still have to assert an international position amenable to other countries.

Overall, this Act and the publicity it will need to generate to garner sufficient support of this industry is an important first step but it cannot be the only step. Other countries, particularly the signers of the Outer Space Treaty of 1967, must develop a workable solution to the ownership question of asteroid materials. However, with the potential technological advancements and economic realizations of such an industry, it is unlikely that countries with active space exploration will be opposed. Hopefully, these countries see the development opportunities as outweighing the costs because, if there is wide acceptance, this might be the real start of space development and colonization.

Comi Sharif, Managing Editor

This week marks the end of the 2014 Major League Baseball regular season, and with it, the completion of the first regular season under the league’s expanded rules regarding the use of instant replay technology. Though MLB initially resisted utilizing instant replay, holding out longer than other American professional sport leagues, an agreement between team owners, the players association, and the umpires association produced a gross expansion of the use of replay technology beginning this season.

The expanded rules permit managers to “challenge” at least one call made by an umpire during a game. The types of calls allowed to be challenged are limited to objective plays such as whether a runner was safe or out at a base, or whether a fielder caught or “trapped” a batted ball. Subjective umpire calls, including calls regarding balls and strikes and “check” swings, are not reviewable. The complete set of MLB’s instant replay rules is available here.

As alluded to above, the process of going from the idea of instant replay in baseball to actual implementation was long and complex. First, rule changes must be collectively bargained by MLB and the players association (MLBPA). Thus, the proposal to expand the use of instant replay had to be proposed during the recent collective bargaining agreement (CBA) discussions in 2011. What both sides agreed to was language in the CBA stating that subject to approval by the umpires association, MLB baseball could expand the use of instant replay. Second, after agreeing to general idea of more instant replay, MLB developed specific rules and policies for instant replay, which had to be approved by the owners of the 30 MLB franchises. Once the owners approved the specific rules, which they did unanimously, the rules could finally be put into action. One issue to watch is how each of the different parties involved in the approval process reacts to the changes instant replay has on the league. The current CBA expires in December of 2016, at which time wholesale changes to the current instant replay system could be realized.

The replay technology used by MLB is somewhat unique compared to that used by other professional sports leagues such as the National Basketball Association and the National Football League. Often in the NBA and NFL, referees or officials view video replays of a contested call themselves with technology located at the playing venue itself. MLB, however, created a “Replay Operation Center” (ROC), located at MLB headquarters in New York City, where a team of umpires reviews video replays and communicates a final ruling through headsets to the umpires on the field. Additionally, MLB permits each team to have a “video specialist” located in the clubhouse to watch for challengeable plays; the specialist can call the manager by phone to communicate whether or not the play should be challenged.

In one sense, the MLB system may be advantageous because it allows the ROC to have the best available technology, whereas the NBA and NFL have to adapt the sophistication of their replay systems to make it possible for use at every stadium and to the referees or officials at the venue immediately. While the NFL and NBA referees and officials typically look at one relatively small monitor when reviewing a play, the ROC houses 37 high-definition televisions, each of which can be subdivided into 12 smaller screens. Though this may not seem like a big deal to the casual observer, a number of calls are so close that the quality of the image available on replay can directly impact the call. One might conclude, then, that because MLB has more advanced technology at its disposable, its replay system is, in fact, more accurate. The MLB system does have its downsides, however. Outsourcing the review process can lead to lengthy delays and put decisions in the hands of an umpire thousands of miles away from the action, which many find unappealing.

The site Retrosheet has a comprehensive collection of data on MLB’s replay system, including an entry for every play reviewed, its result, and the length of time taken for the review to be completed.

Overall, there are mixed reviews concerning the success of the expanded replay rules used in MLB this season. Though it’s unclear exactly how MLB will adjust its system in the future, if the current trend continues, as increasingly effective technology becomes available, the impact of that technology on the sport of baseball is only likely to rise as well.

Mickey Stevens, MJLST Staff

The Eleventh Circuit’s recent decision in United States v. Davis, 754 F.3d 1205 (11th Cir. 2014) has created a split among the circuits regarding the interaction between the Third-Party Doctrine and cell site data recorded by cell phone service providers. The Stored Communications Act 18 U.S.C. § 2703, which was enacted as part of the Electronic Communications Privacy Act of 1986, allows the Government to obtain disclosures of information regarding wire and electronic communications held by third-party service providers. Under 18 U.S.C. § 2703(d), the Government may obtain this information by court order and bypass any requirement of a warrant or showing of probable cause. The Third-Party Doctrine, which says that a person who voluntarily turns information over to third parties has no legitimate expectation of privacy in that information, served as grounds for this provision to operate without violating the Fourth Amendment. This practice was a central issue involved in the Davis decision, rendered this past June.

In Davis, a panel for the Eleventh Circuit ruled that law enforcement officers violated the Appellant’s Fourth Amendment rights when they obtained, without a warrant, records of location evidence based on cell site information. Despite this ruling, the panel concluded that the trial court’s denial of Appellant’s motions to suppress did not constitute reversible error due to the good faith exception to the exclusionary rule.

In reaching its decision, the panel rejected the Government’s argument that the Third-Party Doctrine applied to the cell site data evidence. The panel cited to a 2010 decision from the Third Circuit, In re United States for an Order Directing Provider of Elec. Commun. Serv. to Disclose Records to the Gov’t, 620 F.3d 304 (3d Cir. 2010), which held that a cell phone user voluntarily conveys only the number dialed and not the location data when he makes a call. The Eleventh Circuit’s decision is clearly contradictory to a 2013 decision from the Fifth Circuit, In re Application of the United States for Historical Cell Site Data, 724 F.3d 600 (5th Cir. 2013). There, the Fifth Circuit held that a cell phone user voluntarily conveys his cell site data each time he makes a call, and that this data could be properly obtained without a warrant.

On September 4, 2014 the Eleventh Circuit granted a motion for rehearing en banc. If the en banc court’s decision maintains the split between the Eleventh and Fifth Circuits, we might see a decision from the Supreme Court on the matter. The Supreme Court seems to have shown a particular interest in digital data as of late, judging by recent decisions in Riley v. California, 134 S. Ct. 2473 (2014), and United States v. Jones, 132 S. Ct. 945 (2012), among others. If the pro-privacy holdings and rationale in Riley and Jones serve as any indication, the Supreme Court may put an end to the Third-Party Doctrine’s application to warrantless gathering of cell site data.