02 May 2015

Attention and Property

'The Right to Attention' by Jasper L. Tran argues
In 1890, U.S. Supreme Court Associate Justice Louis D. Brandeis and his former classmate Samuel D. Warren published an article titled “The Right to Privacy” in the Harvard Law Review’s Fourth Volume. Little did they know, 125 years later, that article has given rise to and shaped a substantial body of constitutional law that inspired many civil right movements and gave rise to many constitutional rights each individual has today. That article also inspires the writing of this article, “The Right to Attention,” celebrating its 125th anniversary.
What marketing, contracts, healthcare — specifically informed consent and mandatory ultrasounds — have in common is the right to attention from the information receiver. However, scholarship most often focuses on the communicator’s perspective — e.g., how much information the communicator discloses — or on the information itself, but surprisingly, not much on the receiver’s perspective.
This dearth of scholarship from the information receiver’s perspective is problematic, because the information receiver is often the “little guy” in the conversation. We own and are entitled to our attention, yet advertisement companies and scam artists freely bombard us with their “products” daily resulting in our own time and monetary loss. Just to name a few, without recognizing the right to attention, contract formation and informed consent are hollow and superfluous: contract has no meeting of the mind from both parties and informed consent is giving consent without being informed. States could continue to freely mandate ultrasounds for pregnant women against their wills like their attentions were not really theirs in the first place. Similarly, other problems in our daily lives that involve attention would likely continue to go unaddressed. New emerging technologies make this an issue of increasing importance.
This paper proposes legislation to recognize the right to attention as a statutory right, or alternatively, the courts to recognize the right to attention as a common law right based on the U.S. Constitution. Specifically, the right to attention’s much larger, as-yet-poorly-defined bundle of rights include, for example, the right to deny attention when demanded, the right to be left alone, the right to not be spammed and the right not to receive ads when such advertisement is unwanted or uninvited, the right to waive the understanding of an agreement, the right to give consent without being informed, and the right not to be required to receive information against one’s will.
This paper is the first to identify this right to attention, including its much larger, as-yet-poorly-defined bundle of rights. This paper hopes to identify and illuminate this right to attention in hope to generate further discussion and exploration of this novel bundle of rights.
'Information Privacy and Data Security' by Lauren Henry in (2015) Cardozo Law Review de Novo comments 
 Legal academic and policy discourse generally presumes that information privacy and data security are interchangeable goals. The conventional wisdom is that data security is a handmaiden of information privacy, and so what serves data security will serve information privacy. This Essay aids law and policy development in both fields by defining their relationship to one another. The two fields are inexorably related because both are sets of rules governing sensitive data sets, and so modifications to set of rules can impact the other set. Furthermore, information privacy and data security both implicate issues of trust and institutional legitimacy from the point of view of the individuals whose data is being collected, processed, or distributed. However, data security has separate objectives from information privacy that can be agnostic or even in opposition to information privacy. The law should acknowledge information privacy and data security as separate institutional objectives to prevent undesirable – or at least unpredictable – results in edge cases where data security’s objectives run counter to those of information privacy. Henry's 'Privacy as Quasi-Property' was noted here.


'The Economics of Memory: How Copyright Decides Which Books Do (and Don’t) Become Classics' by Stephen M. Maurer argues
Legal scholars usually analyze copyright as an incentive and sometime obstacle to creation. This encourages us to see publishers as middlemen who siphon off rents that would be better spent on authors. By comparison, recent social science research emphasizes that word-of-mouth markets are highly imperfect. This means that many deserving titles will never find readers unless some publisher takes the trouble to market them. But this second view is deeply subversive. After all, the need for publishers – and reward – does not end when a book is published. At least in principle, copyright should last forever.
The trouble with this argument is that it assumes what ought to be proven. How much effort do publishers really invest in finding forgotten titles? And does vigorous marketing attract more readers than high copyright prices deter? This article looks for answers in the history of 20th Century print publishers and today’s Print-on-Demand and eBook markets. We argue that, far from promoting dissemination, copyright frequently operates to suppress works that would otherwise erode the price of new titles. This pathology has gotten dramatically worse in the Age of eBooks. Meanwhile, public domain publishers are facing their own crisis. Mid-20th Century books had large up-front costs. This deterred copyists. By comparison, digital technologies make it easy for copyists to enter the market. This has suppressed profits to the point where many public domain publishers spend little or nothing on forgotten titles.
The article concludes by reviewing possible reforms. Partial solutions include clarifying antitrust law so that firms have more freedom to implement price discrimination; modifying copyright so that consumers can re-sell used eBooks; letting on-line markets limit the number of publishers allowed to post redundant public domain titles on their sites; and strengthening non-commercial institutions for finding, curating, and delivering quality titles to readers.


The short 'Is There Anybody Out There? Analyzing the Regulation of Children's Privacy Online in the United States of America and the European Union According to Eberlein et al. TBGI Analytical Framework' (Osgoode Legal Studies Research Paper No. 15/2015) by Nachshon Goltz
analyzes the regulation of children’s privacy online, especially in the context of personal information collection as a commodity, in the United States of America and the European Union according to Eberlein et. al. Transnational Business Governance Framework. The article reviews the regulatory structure of this field in these two jurisdictions including global organizations, according to Elberlein et al components and questions. In the analysis, a map of the regulatory interactions within this global realm will be presented and discussed. Finally, conclusions are drawn and suggestions are made.
There's somewhat more meat in 'Protecting Privacy to Prevent Discrimination' by Jessica L. Roberts in (2015) 56 William & Mary Law Review which argues 
A person cannot consider information that she does not have. Unlawful discrimination, therefore, frequently requires discriminators to have knowledge about protected status. This Article exploits that simple reality, arguing that protecting privacy can prevent discrimination by restricting access to the very information discriminators use to discriminate. Although information related to many antidiscrimination categories, like race and sex, may be immediately apparent upon meeting a person, privacy law can still do significant work to prevent discrimination on the basis of less visible traits such as genetic information, age, national origin, ethnicity, and religion, as well as in cases of racial or gender ambiguity. To that end, this Article explores the advantages and disadvantages of enacting privacy protections to thwart discrimination. It concludes that the weaknesses endemic to privacy law might be addressed by adopting an explicit antidiscrimination purpose. Hence, just as privacy law may further antidiscrimination, so may antidiscrimination enhance privacy law

Gene Patents

'The mouse that trolled: the long and tortuous history of a gene mutation patent that became an expensive impediment to Alzheimer's research' by Tania Bubela, Saurabh Vishnubhakat and Robert Cook-Deegan in (2015) Journal of Law and the Biosciences presents
 the tale of the academic discovery of a rare mutation for early-onset Alzheimer's disease that was patented by a sole inventor and licensed to a non-practicing entity (NPE), the Alzheimer's Institute of America (AIA). Our aims are (1) to relate this story about patents, research tools, and impediments to medical progress, and (2) to inform ongoing debates about how patents affect research, disposition of university inventions, and the distribution of benefits from publicly funded research. We present an account of the hunt for Alzheimer's genes, their patenting, assignment, and enforcement based on literature, litigation records and judicial decisions. While AIA's litigation eventually failed, its suits against 18 defendants, including one university, one foundation, and three non-profit organizations were costly in court years, legal fees, and expert time. Reasons for the failure included non-disclosure of co-inventors, State laws on ownership and assignment of university inventions, and enablement. We discuss the policy implications of the litigation, questioning the value of patents in the research ecosystem and the role of NPEs (“patent trolls”) in biotechnological innovation. The case illustrates tactics that may be deployed against NPEs, including, avenues to invalidate patent claims, Authorization and Consent, legislative reforms specifically targeting NPEs, reforms in the America Invents Act, and judicial action and rules for judicial proceedings. In the highly competitive research environment of Alzheimer's genetics in the 1990s, patents played a minor, subordinate role in spurring innovation. The case produces a mixed message about the patent system. It illustrates many mistakes in how patents were obtained, administered, and enforced, but, eventually, the legal system rectified these mistakes, albeit slowly, laboriously, and at great cost.
 The authors comment
This case study is a cautionary tale about a patented genetic discovery, a double mutation in a gene conferring high risk of Alzheimer's disease. The patent was licensed as a research tool to expand understanding of the molecular and genetic basis of Alzheimer's disease. Our goals are first, to relate an intricate, fascinating story about patents, research tools, and impediments to medical progress and, second, to inform ongoing debates about whether and how patents can affect research, disposition of ownership of university inventions, and the just distribution of benefits from publicly funded medical research.
Randall Rader, in his dissent as former Chief Judge of the US Court of Appeals for the Federal Circuit (CAFC) in Momenta Pharma. v Amphastar Pharma, concluded that ‘patents on research tools and biomedical innovations do not significantly slow the pace of research and do not deter researchers from pursuing promising projects’. Patent owners, he said, do not sue researchers because ‘experiments do not produce income or a source of damages’. Indeed, disclosure in patent documents ‘encourages publication and sharing of research results’. Our case study is a counterexample to temper Chief Judge Rader's sanguine assessment. While it describes an unusual outlier example and is not an argument against patents, this case study suggests that without a clear research exemption, or other mechanisms to enable access to research tools, biomedical researchers can face patent infringement litigation that imposes significant costs and slows down both academic and commercial scientific inquiry.
The story began in the early 1980s with research into the genetics of Amyloid Precursor Protein (APP) and its linkage to early-onset Alzheimer's disease. Key researchers were active in Europe and the USA. Patents on a particular double mutation, APPswe, were filed in the early 1990s, listing a clinician-researcher, Dr Michael Mullan, as sole inventor. The patents covered nucleotide sequences coding for a rare double mutation identified in two Swedish families. The patents also claimed cell lines, transgenic mouse models, and assay and screening methods incorporating the mutation. The institutions that hosted the research were deliberately excluded from the patent rights. Stakeholders affected by the patents included other researchers and their institutions, pharmaceutical and biotechnology companies, philanthropists, foundations, and venture capital firms. The lead researcher, Mullan, assigned key patents to a non-practicing entity, the Alzheimer's Institute of America (AIA), which enforced rights against research uses. The patent rights were used to generate revenues, but the disposition of those revenues is difficult to trace. AIA may have sponsored some of Mullan's further research but is not acknowledged as a funder in the research publications from Mullan's team. The families from whom the mutations were isolated received none of the financial benefits, and are likely unaware that their mutation was used to enrich one researcher and a venture capitalist with the result of impeding Alzheimer's research. Ironically, after nearly a decade of litigation, claims in the patents might or might not have been deemed valid under current patent jurisprudence. We will never know, because the patents were deemed invalid based on inappropriate assignment and inventorship.
The case study is of interest because it illustrates a non-practicing entity (NPE) using patent rights over research tools to extract revenue from those striving to understand and treat Alzheimer's disease. AIA's enforcement against non-profit research institutions caused considerable consternation in Alzheimer's research circles. The case study touches on key points in ongoing debates about the value of patents in the research ecosystem. Did patent rights create incentives to do the research? Almost certainly not, at least for the initial discovery, since the samples were collected and grants secured long before the patent story began to unfold. How were contributions to the research evaluated and rewarded? How did legal frameworks enable university ownership, even without federal funding in the USA? How was enforcement of patent rights against non-profit research institutions enabled, and who was benefited? What mechanisms were brought to bear to mitigate the impact of the enforcement litigation? The case illustrates many mistakes in how patents were granted, administered, and enforced, but, in the end, the legal system rectified many of these errors, albeit after long delay and at great expense.
We begin with a brief account of the genetics of early-onset familial Alzheimer's disease and the discovery of the APP gene, then move on to the patents, and finally discuss patent assignment and enforcement: the resolution of many infringement lawsuits, and the lessons learned. Our account is based on data available in the public record from disparate sources: scientific publications, patents, news and commentary, biographies, and most importantly, litigation records and judicial decisions. The legal proceedings include findings of fact by the district court judge and/or jury based on the evidence presented. The role of the trial judge (and the jury in some details) is to assess the credibility of documentary evidence and oral testimony. This assessment leads to an accounting of what ‘really’ happened, even though in litigation, there are by definition multiple sides to the story. Appendix 1 presents a graphic chronology of the key events in the story.

01 May 2015


The latest FATF/APG report on Anti-money laundering and counter-terrorist financing measures in Australia considers "the level of compliance with the FATF 40 Recommendations and the level of effectiveness of Australia’s AML/ CTF system", along with recommendations for strengthening of the system.

The report states that
Overall, Australian authorities have a good understanding of most of Australia’s main money laundering (ML) risks but need to develop their understanding further in certain areas. They coordinate very well activities to address key aspects of the ML / terrorist financing (TF) risks but some key risks remain unaddressed, and an underlying concern remains that the authorities are addressing predicate crime rather than ML.
Authorities have a good understanding of TF risks, and are addressing them accordingly. They assess that TF is largely motivated by international tensions and conflicts. Operationally, national AML/CTF coordination is very comprehensive, but demonstrating its overall success is challenging, although results from national taskforces are showing positive trends. A stronger focus is required on monitoring and measuring success. Australia develops and disseminates good quality financial intelligence to a range of law enforcement bodies, customs and tax authorities. The amount of financial transaction data in the Australian Transaction Reports and Analysis Centre (AUSTRAC) database, and the fact that that all relevant competent authorities have access to this database and can use its integrated analytical tool, are strengths of Australia’s AML/CTF system. However, the somewhat limited use of AUSTRAC information by law enforcement as a trigger to commence ML/TF investigations presents a weakness in the Australian AML/CTF system.
Australia’s main criminal justice policy objective is to disrupt and deter predicate crime, including if necessary through ML investigations/prosecutions. Australia focuses on what it considers to be the main three proceeds generating predicate threats (drugs, fraud and tax evasion). However, Australia should expand its focus to ensure that a greater number of cases of ML are being identified and investigated adequately.
Confiscation of criminal proceeds, instrumentalities and property of equivalent value is being pursued as a policy objective; mainly in relation to drugs, and in relation to tax by the Australian Taxation Office (ATO). Competent authorities have increased their efforts to confiscate proceeds of crime, particularly since the establishment of the national Criminal Assets Confiscation Taskforce. But it is unclear how successful confiscation measures are across all jurisdictions, and total recoveries remain relatively low in the context of the nature and scale of Australia’s ML/TF risks and have only modestly increased over the past few years.
Australia’s legal framework to combat TF is comprehensive. Australia has undertaken several TF investigations and prosecutions, and secured three convictions for the TF offence. Australia also successfully uses other criminal justice and administrative measures to disrupt terrorist and TF activities when a prosecution for TF is not practicable.
Australia’s legal framework to implement targeted financial sanctions is a good example for other countries. The automatic, direct legal obligation to freeze assets as soon as an entity is listed by the UN and the numerous designations made under the domestic regime are to be commended as best practices for other countries. However, effective implementation of the legal framework is difficult to confirm in the absence of freezing statistics, financial supervision, or supervisory experience and feedback on practical implementation by the private sector.
Australia has not implemented a targeted approach nor has it exercised oversight in dealing with non-profit organisations (NPOs) that are at risk from the threat of terrorist abuse. Authorities have not undertaken a review of the NPO sector to identify the features and types of NPOs that are particularly at risk of being misused for TF.
Most designated non-financial business and profession sectors are not subject to AML/CTF requirements, and did not demonstrate an adequate understanding of their ML/TF risks or have measures to mitigate them effectively. This includes real estate agents and lawyers, both of which have been identified to be of high ML risk in Australia’s National Threat Assessment.
The major reporting entities – including the big four domestic banks which dominate the financial sector – have a good understanding of their AML/CTF risks and obligations, but some AML/CTF controls, whilst compliant with Australian obligations, are not in line with FATF Standards1. AUSTRAC has done a good job in promoting compliance with the AML/CTF standards by the vast amount of entities under its supervision. Australia has set up and developed a riskbased approach to supervision, although further improvement is required relating to the risk picture of the supervised entities. In mitigating risks through supervision, Australia should focus more on effective supervision and enforcement of individual reporting entities’ compliance with AML/CTF obligations within the various sectors.
Australia has not conducted a formal risk assessment on TF risks associated with legal persons and arrangements. The majority of legal persons are registered with the Australian Securities and Investment Commission (federal) while others with State or Territory authorities. While the information seems to be largely available to competent authorities and to the public, very limited verification is conducted on the information that is registered. Information on the beneficial owner of legal persons and legal arrangements is not maintained and accessible to competent authorities in a timely manner.
Australia cooperates well with other countries in MLA matters, including extradition. Informal cooperation is generally good across agencies
 FATF considers that
Australia has identified and assessed, and has a good understanding of most of, its main ML risks and has mechanisms in place to mitigate them. Domestic and foreign organised crime groups operate in Australia. The main sources of criminal proceeds are illicit drugs, frauds, and tax evasion. Australian drug markets are said to be some of the most profitable in the world, attracting interest from major syndicates in South East Asia and South America. Most laundering involves use of the banking sector, money remitters, and complex corporate structures, facilitated by gate-keepers. Australia is seen as an attractive destination for foreign proceeds, particularly corruption-related proceeds flowing into real estate, from the Asia-Pacific region. Outwards proceeds flows are directed mainly to major financial hubs in Asia and the Middle East, with tax proceeds also flowing to European havens.
Australia has properly identified and assessed, and has a good understanding of, its TF risk, and is addressing it accordingly. Globally, the amounts of funds generated to finance terrorism vary between groups. Funds raised by groups that are part of an international network can be significant in the TF context. These groups have the financial infrastructure to undertake sizeable fundraising and money transfer operations. Small domestic groups and lone wolf terrorists are also a significant TF risk. While the amounts raised by these radicalised groups or individuals are much smaller, their intent to undertake violent acts in Australia can pose a direct threat to the Australian community. The authorities have periodically and successfully disrupted domestic terrorism plots, and the associated funding. Recently, the emerging TF risk has involved some Australians funding travel from legitimate sources to fight in conflict zones. Some funds have also been raised through abusing registered and informal “pop-up” charities linked to humanitarian fund-raising.
Australia has a strong institutional framework for combatting ML, TF, and proliferation financing. Australia’s measures are particularly strong in legal, law enforcement, and operational areas, and targeted financial sanctions; some improvements are needed in the framework for preventive measures and supervision, in particular for designated non-financial businesses and professions. In terms of effectiveness, Australia has achieved high results in international cooperation, and substantial results in risk, policy and coordination, the use of financial intelligence and combating terrorist financing and proliferation financing. Only moderate or minor improvements are needed in these areas. Major improvements are needed in other areas, as noted below.
 In considering "Assessment of risk, coordination, and policy setting" the report states -
Australia has a good understanding of most of its main ML risks and coordinates comprehensively to address most of them. However, some key risks remain unaddressed and, inconsistently with the FATF Standards, the authorities are focussed more on predicate crime rather than ML. TF risk is well understood and actions are being taken to mitigate it, particularly by disrupting domestic terrorist activities. Australia has produced a national report on each of its ML (the National Threat Assessment—NTA) and TF risks (the National Risk Assessment—NRA), which are supplemented by ongoing risk analysis efforts. Australia has used the results of the assessments to help shape aspects of how it combats ML and TF and has a national strategy for combating organised crime which identifies ML as an intrinsic enabler of organised crime.
Operational activities are coordinated using a mixture of standing committees and task forces that include federal and State and Territory agencies, which is salient as Australia is a federation. The objectives and activities of most of the competent authorities are generally consistent with the ML/TF risks, with the major exception being a lack of focus on addressing risks from abuse of complex corporate structures, real estate (including through regulating relevant designated non-financial businesses and professions (DNFBPs)).
Australia does not have a developed national policy setting out what the overall AML/CTF system is meant to achieve, or how its success should be monitored or measured, making it challenging to determine how well the ML/TF risks are being addressed. Accordingly, national metrics about how well the authorities’ efforts are addressing ML/TF risks are limited, and the authorities were challenged to present convincing evidence about what outcomes their efforts are achieving. Exemptions from requirements for reporting entities and the application of enhanced or simplified measures are not based primarily on the results of the NTA, NRA or other efforts to assess ML/TF risks. The authorities coordinate and cooperate to a large extent to combat the financing of proliferation of weapons of mass destruction.
 In discussing "Financial intelligence, ML, and confiscation" the report goes on to comment
Australia develops and disseminates good quality financial intelligence to a range of law enforcement bodies, customs and tax authorities. AUSTRAC is a well-functioning financial intelligence unit (FIU). The amount of financial transaction data in the AUSTRAC database, and the fact that all relevant competent authorities have access to this database, and can use its integrated analytical tool, is a strength of Australia’s AML/CTF system. AUSTRAC information is accessed by federal law enforcement as a routine in most cases but less so by State and Territory police who conduct most predicate crime investigations, and this information assists in the investigation of predicate offences. However, the somewhat limited use of AUSTRAC information by law enforcement as a trigger to commence ML/TF investigations, presents a weakness in the Australian AML/CTF system and should be addressed. Broader use of the sound institutional structure for combating ML would mitigate ML/TF risks more effectively.
Australia’s main policy objective is to disrupt and deter predicate crime, including, if necessary, through ML investigations/prosecutions. Australia focuses on what it considers to be the main three proceeds generating predicate risks (drugs, fraud, and tax evasion). At the federal level, the authorities charge standalone and third party ML offences, but legal issues have arisen in relation to the prosecution of self-laundering offences, and ML related to foreign predicates including corruption is not frequently prosecuted. At the State/ Territory level, prosecutions for substantive ML offences, including third party laundering and stand-alone laundering charges, are less common.
Since the last assessment, Australia has improved in terms of obtaining ML convictions, and is achieving reasonable results in relation to the key risk and those geographic areas where Australia is focusing on ML, but the overall results are lower than they could be relative to the nature and scale of the risks. The authorities have applied a range of sanctions for ML offences to natural persons, but no corporations have been prosecuted for ML offences. The authorities apply other criminal justice measures to disrupt serious criminal activity, including ML offences, but in accordance with their policy of disruption of serious and organised crime such measures are applied whether or not it may be possible to secure a ML conviction.
Confiscation of criminal proceeds, instrumentalities, and property of equivalent value is being actively pursued as a policy objective in Australia. The competent authorities have enhanced their efforts since the last assessment with the amounts being restrained and confiscated increasing at the federal level, although overall the figures remain relatively modest in the context of the nature and scale of Australia’s ML/ TF risks. The majority of assets recovered to date have flowed from the drugs trade and also from tax evasion (using ATO recovery powers). The Criminal Asset Confiscation Taskforce (CACT) takes non-conviction based asset recovery proceedings in most cases, allowing for a lower civil standard of proof; however, cases can become difficult to pursue when complicated company or overseas structures are used or when foreign predicate offending is involved.
At the State and Territory level, the combined recoveries are about twice the value of recoveries made at the federal level due to the heavy emphasis on drug-related recoveries. Australia is taking some steps to target the cross-border movement of cash and bearer negotiable instruments (BNIs). Australia remains at significant risk of an inflow of illicit funds from persons in foreign countries who find Australia a suitable place to hold and invest funds, including in real estate.
 In relation to terrorist financing and proliferation financing FATF comments
It is positive to note that Australia has undertaken several TF investigations and prosecutions, and secured three convictions for the TF offence. Australia also successfully uses other criminal justice and administrative measures to disrupt terrorist and TF activities when a prosecution for TF is not practicable. Australia had successfully disrupted two domestic terrorist plots (Pendennis and Neath) at the time of the onsite visit. Australia also uses these other measures to address the most relevant emerging TF risk – individuals travelling to conflict zones to participate in or advocate terrorist activity. Australian authorities identify and investigate different types of TF offences in each counter-terrorism investigation, and counter-terrorism strategies have successfully enabled Australia to identify and designate terrorists, terrorist organisations and terrorist support networks. Australian authorities have not prosecuted all the different types of TF offences, such as the collection of funds for TF, or the financing of terrorist acts or individual terrorists, and the dissuasiveness of sanctions applied has not been clearly demonstrated.
Despite the general risks identified by the authorities in the NRA, Australia has not undertaken a risk review of the NPO sector to identify the features and types of NPOs that are particularly at risk of being misused for TF. Subsequently, there is no TF-related outreach to, or TF-related monitoring of, this part of the sector that would be at risk and that account for a significant share of the sector’s activities.
Australia has a sound legal framework for targeted financial sanctions relating to terrorism and proliferation, but it is difficult to determine the effectiveness of the system. Under the Australian legal framework, the legal obligation to freeze assets is automatic upon designation at the UN; no additional action by Australian authorities is needed to give legal effect to a designation (although email alerts are sent to subscribers). This is a best practice for other countries. The Department of Foreign Affairs and Trade (DFAT) has primary responsibility for compliance with sanction requirements. However, DFAT does not adequately monitor or supervise the financial sector for compliance with the requirements of the FATF Recommendations, as would be expected of a supervisory authority. In addition, no financial institutions are supervised or monitored for compliance with the targeted financial sanctions (TFS) requirements (as in financial supervision) by any other competent supervisory authority. The absence of freezing statistics, financial supervision, supervisory experience, and feedback on practical implementation by the private sector made it difficult to confirm the level of effectiveness of the system.
In relation to  preventive measures and supervision
Regulated entities generally have adopted preventive measures required under the Australian regime, but some controls are not yet in line with FATF Standards. 17. Australia’s AML/CTF regime has changed significantly since the last mutual evaluation report in 2005. The regime, introduced in 2006, significantly expanded the number of businesses subject to AML/ CTF obligations – known as reporting entities. Under the new AML/CTF regime, the preventive measures’ requirements have been brought more in line with FATF Standards, although deficiencies remain. Except for gaming and bullion, other DNFBP sectors are not subject to AML/CTF obligations. Understanding of ML/TF risks and implementation of preventive measures is better among larger players and in the regulated sectors.
Within the remittance sector, effective implementation of AML/CTF controls varies, depending on the industry’s size and resources. The banks, particularly domestic ones, account for a large share of banking sector assets and international funds transfers in the system, but do not fully implement preventive measures to the extent envisaged by the FATF, especially where they meet Australian domestic requirements which do not meet the FATF standard. Most DNFBPs, including real estate agents and legal professionals, are also not subject to AML/CTF controls or suspicious transaction reporting obligations, even though they are highlighted as being high-risk for ML activities.
To a large extent, licensing, registration and other controls implemented by Australia, adequately prevent criminals and their associates from entering the financial sector. An important factor AUSTRAC uses in identifying ML/TF risk at the Reporting Entity Group (REG) level is the volume and value of transaction reports (suspicious matter report (SMRs) and international fund transfer instructions (IFTIs)) as an indicator of the volume of funds flowing through an entity, the size of an entity as a proxy measure of the number of customers, products and distribution channels. It is not sufficiently clear that AUSTRAC, when risk profiling REGs or individual reporting entities, collects and uses sufficient information necessary to adequately determine the level of inherent risk of the REG and individual reporting entities, beyond the information from transaction reports.
AUSTRAC succeeds to a fair extent in promoting compliance with the AML/CTF requirements among the sectors it has engaged. The focus of supervision is targeting what AUSTRAC considers to be the high-risk entities for enhanced supervisory activity, and to test the effectiveness of REG’s/reporting entities’ systems and controls in practice. However, the number of enforcement actions and the subjects of these actions do not convincingly demonstrate that reporting entities are subject to effective and proportionate sanctions.
In relation to transparency and beneficial ownership
Australia has undertaken an assessment of the ML risks associated with legal persons and arrangements but did not comprehensively assess all forms of legal persons (including foreign companies operating in Australia). Legal persons and trusts were assessed as medium to high risk for ML but limited measures exist to mitigate risk associated with legal persons and very limited measures exist to mitigate the ML risk associated with legal arrangements. Authorities are nevertheless aware that legal persons can be, or are being, misused for ML. Australia has not conducted a formal assessment of the TF risks associated with legal persons and arrangements.
Overall, there is good information on the creation and types of legal persons in Australia, but less information about legal arrangements. Federal and State/Territory registries are publically available for legal persons and what is recorded is available to competent authorities. However, measures need to be taken, including imposing AML/CTF obligations on those who create and register legal persons and arrangements, in order to strengthen the collection and availability of beneficial ownership information.
The existing measures and mechanisms are not sufficient to ensure that accurate and up-do-date information on beneficial owners is available in a timely manner. It is also not clear that information held on legal persons and legal arrangements is accurate and up-to-date. The authorities did not provide evidence that they apply effective sanctions against persons who do not comply with their information requirements. Overall, legal persons and arrangements remain very attractive for criminals to misuse for ML and TF.
Australia cooperates well with other countries in mutual legal assistance (MLA) matters. MLA requests are processed in a timely manner in accordance with a case prioritisation framework. Australia cooperates well in extradition. Both making and receiving requests in ML and TF related matters and informal cooperation is generally good across agencies. But the ability to provide beneficial ownership information for legal persons and trusts in relation to foreign requests is more limited. Nevertheless, Australia cooperates well in providing available beneficial ownership information for legal persons and trusts in relation to foreign requests.
Australia maintains comprehensive statistics in relation to MLA and extradition matters including in relation to ML and TF, although there are some limitations in relation to categorisation of ML offences within the case management framework. AUSTRAC cooperates well with its foreign counterparts. Informal cooperation is generally good across agencies.
FATF recommends the following "prioritised actions" - 
Undertake a re-assessment of Australia’s ML risks in keeping with the requirements and guidance issued in relation to Recommendation 1, and formalise the ongoing processes for re-assessing risks. Australia should also identify metrics and processes for monitoring and measuring success. The authorities should place more emphasis on pursuing ML investigations and prosecutions at the federal as well at the State/Territory level. The authorities should increase efforts to address ML risks associated with:
  • predicate crimes other than drugs and tax, including foreign predicates; 
  • the abuse of legal persons and arrangements and the real estate sector; 
  • identity fraud; 
  • fraud; and 
  • cash intensive activities.
CACT should continue its good early work and demonstrate its effectiveness over time to confiscate the proceeds and instrumentalities of crime.
AUSTRAC should incorporate more (inherent) risk factors besides data analysis from filed reports into identifying and assessing the risk of reporting entities. AUSTRAC should consider opportunities to further utilise its formal enforcement powers to promote further compliance by reporting entities through judicious use of its enforcing authority.
Australia should ensure financial institutions are actively supervised for implementation of DFAT lists, most likely through a legislative amendment to the statute identifying and authorising the agency responsible for supervision.
Australia should implement a targeted approach in relation to preventing NPOs from TF abuse. As a first step, Australia needs to undertake a thorough review of the TF risks that NPOs are facing (beyond the issues already covered in the NRA) and the potential vulnerabilities of the sector to terrorist activities.
Ensure that lawyers, accountants, real estate agents, precious stones dealers, and trust and company service providers understand their ML/TF risks, and are required to effectively implement AML/ CTF obligations and risk mitigating measures in line with the FATF Standards. Ensure that reporting entities implement as early as possible the obligations on enhanced customer due diligence (CDD), beneficial owners, and politically exposed persons introduced on 1 June 2014.
Australia should assess the risks of TF posed by all forms of legal persons and arrangements. Australia should also take measures to ensure that beneficial ownership information for legal persons is collected and available. Trustees should be required to hold and maintain information on the constituent elements of a trust including the settlor and beneficiary.

29 April 2015

Smart Cars

The connected car: who is in the driver’s seat? A study on privacy and onboard vehicle telematics technology [PDF], a study by Philippa Lawson for the British Columbia Freedom of Information and Privacy Association, comments
Our vehicles are changing. Telematics and wireless connectivity have transformed what used to be purely mechanical vehicles into electronically-controlled transportation and mobile communications devices. Vehicle performance data is now transmitted over the air to external computers where it is analyzed and used to monitor vehicle health and driver behaviour. Navigation systems allow for monitoring of vehicle location and route history. Drivers and passengers can now use on- board infotainment systems for voice and data communications, on-demand entertainment, web browsing and a growing range of convenience- related applications. Increasingly, cars are capable of recognizing individuals and customizing settings accordingly. There is no question that Connected Cars offer a growing range of services to car owners and drivers.
But what is the cost to our privacy? All of this data can be linked to the vehicle owner or registered user. The same technologies that allow for safer, more convenient and entertaining vehicles are also capable of amassing vast databases of information about drivers and analyzing that data in order to generate “actionable insights.” These insights can be used not only to improve vehicle systems and features, but also to track and profile customers for targeted marketing and other purposes. With connectivity, cars are becoming highly efficient data harvesting machines and a major element of the evolving Internet of Things. Customer data generated by the Connected Car is now seen as a major new source of revenue for automakers and their many partners. In fact there is so much competition for access to this data that some automakers are now publicly pushing back.
The data generated by telematics and vehicle infotainment systems is highly revealing of personal lifestyles, habits and preferences. In addition to customer account data and vehicle performance data, it includes driver behaviour data, biometrics and health data, location data, personal communications (voice, text, email, social networking), web browsing data, personal contacts and schedules, use of features and applications, and choice of music, radio and other streamed audio or video content. The breadth and depth of personal data that can be culled from Connected Cars is enormous and goes significantly beyond that already available via mobile devices, both in quality and in quantity.
Telematics is also now being used by automobile insurers to offer “usage-based insurance” (“UBI”) programs, under which insurance premiums are determined based on driving behaviour – where, when and how one drives. UBI is relatively new in Canada and subject to regulation at the provincial level. Current regulations require that it be offered on a voluntary basis and be used to provide discounts only (not to impose penalties), but that could change over time if UBI becomes more prevalent in the insurance marketplace.
Governments are working with the private sector to develop Intelligent Transportation Systems that involve automatic, ongoing communications between vehicles, as well as between vehicles and infrastructure, in order to alert drivers to impending dangers and reduce the number of traffic accidents. Such “Connected Vehicle” systems are also being promoted to improve traffic efficiency and lower carbon emissions. But they also involve the sharing of vast amounts of data that could, if not properly limited and secured, create an architecture of surveillance that would be ripe for exploitation by governments, corporations and cybercriminals alike if not properly protected. Especially when tracked, combined or linked with other available data, the information generated by telematics devices can reveal intensely private details of a person’s life and is therefore highly sensitive and vulnerable to abuse. The monitoring of a person’s vehicle use, driving routes and destinations alone, for example, can reveal a great deal about that person – information that is useful not just for marketers and insurance companies but also to thieves, stalkers, and others with malicious intent. The security risks created by this unnecessary and inappropriate collection and retention of personal data is concerning, while the potential for hacking of electronic car systems that could interfere with control of the vehicle raises additional safety and security concerns.
The privacy risks are amplified in an industry ecosystem characterized by multiple players (who often play multiple roles) vying for a piece of the data pie. In order to offer infotainment services, for example, automakers must partner with telecommunications and applications providers. Key players include telecommunications and information technology giants such as Verizon, AT&T, Apple and Google, who already have a strong position in the market for consumer data and analytics. Similarly, insurers rely upon third party telematics service providers to deliver usage-based insurance. Other aftermarket providers are also taking part in this 21st Century “data rush”, offering telematics products that can turn existing unconnected vehicles into Connected Cars.
Cars are a necessity for many if not most Canadian households. Doing without a vehicle is simply not an option for most families. But as vehicles are increasingly outfitted with telematics systems, purchasers of new vehicles have little choice in the extent to which their cars are capable of monitoring their driving behaviour and location. Laws and policies have been put in place limiting access to accident data collected by Event Data Recorders, but the same data is now being collected and transmitted wirelessly by vehicle telematics systems.
Of even greater concern is the limited choice consumers are being offered when it comes to the use and disclosure of their personal data collected by the Connected Car. Our review of several Connected Car privacy policies and terms of service indicates that the industry is violating Canadian data protection laws. In addition to lack of consent and forced agreement to unnecessary and arguably inappropriate uses such as marketing, Connected Car service providers are failing to meet the standards of Canadian law in respect of openness, accountability, individual access and limiting collection, retention, use and disclosure of customer data. Even the highly publicized “Consumer Privacy Protection Principles for Vehicle Technologies and Services” issued by automakers in November 2014 fail to meet the standards of Canadian data protection law in numerous respects.
The time for action is now, while Connected Car systems are still being designed.
Canadians are demanding that the privacy of their personal information be respected by Connected Car service providers and that they be given control over the data collected about them and their vehicles. Policy-makers have to provide the guidance that the automotive industry desperately needs on how general principles of data protection apply in their sector. Just as detailed safety standards were established for the industry and are enforced by regulation, a set of data protection standards should be developed collaboratively and enforced via regulation. This will have the beneficial effect of providing a baseline of privacy protection and clear guidance to the industry, while ensuring a level playing field for domestic manufacturers and importers alike.
 The report offers several recommendations:
1. Establish data protection regulations for the Connected Car industry. 
2. Develop national data protection standards for usage-based insurance. 
3. Involve privacy experts in the design stage of Intelligent Transportation Systems, including Connected Vehicle research projects. 
4. Adopt “Privacy by Design” Principles and Related Tools
4a – Establish a Privacy Management Program 
4b – Identify and Avoid Unintended Uses 
4c – Be Open and Transparent 
4d – Respect for User Privacy: Keep it User-Centric 
4e – Work with device manufacturers, OS/ Platform Developers, Network Providers, Application Developers, Data Processors to integrate controls and data minimization techniques.

28 April 2015


'The Jurisprudence of Nature' by Jill Fraley in (2015) 63 Catholic University Law Review comments
Informal regulations defining nature, natural and organic have proliferated across diverse fields of law from patents to agriculture, from taxation to gemstones. The unwritten jurisprudence of defining nature is primarily a story of the struggle to isolate mankind’s manipulations and interventions, creating a man-nature dichotomy that frustrates more than it explicates. This failure to define nature continues with the Supreme Court’s recent Myriad decision, which struggles to define the law of nature exception to patentability, highlighting the challenge of measuring levels of human intervention and manipulation. Our dichotomous definitions do not generate neat, binary answers, but rather complicated scales of human agency. This article seeks to generate a history of the jurisprudence of defining nature. Such a comparative history naturally elucidates the challenges of predictable outcomes when an ostensibly binary system is effectively implemented as a scale. The evidence of inconsistency and confusion provokes an exploration of the literature of history, sociology, and philosophy on the cultural history and pitfalls of defining nature. The article concludes by exploring how the language of property might more efficiently and reliably allow us to navigate the need to legally distinguish manipulations and interventions to protect both public property and private investments not only in patents, but also in consumer products.