Hosts Kurt Fredrickson ’23 and Jonathan Baer ’23 discuss antitrust action against Google, the latest in TikTok’s troubles with the current administration, and a data breach class action against Amazon.

[Kurt] You’re listening to This Week in Tech Law, brought to you by the Berkeley Technology Law Journal. I’m Kurt Fredrickson.

[Jonathan] And I’m Jonathan Baer. Here are some recent headlines about what’s been happening This Week in Tech Law.

[Kurt] Today we’ll be covering a developing antitrust suit against Google, TikTok’s pending injunction to prevent the Trump administration’s ban of its app, consumer claims against Amazon arising from a data breach, and the DOJ’s recent proposal to limit legal immunity of tech platforms.

[Jonathan] The DOJ, after an extensive investigation, is planning to file antitrust charges against Alphabet, Google’s parent company, as early as the end of the month.^[1]

The investigation purportedly looked into whether Alphabet participated in anti-competitive practices, such as forcing Android phone makers to pre-install Alphabet’s apps on their devices.^[2]  The investigation also examined whether Alphabet underpaid their advertisers and the legality of how Alphabet built its advertising business.^[3]

One of the expected centerpieces of the investigation includes Google’s purchase of DoubleClick for over three billion dollars in 2007.^[4] The purchase gave Google the rights to DoubleClick’s advertising software and also expanded Google’s relationships with internet publishers, advertisers, and ad agencies.^[5] Google’s purchase of DoubleClick, and other ad software development startups, has provided Google with a market share in each level of online advertising,^[6] raising questions of whether Google’s ad business could be considered anticompetitive.

The wide-ranging investigations include those launched by both the DOJ and various state attorneys generals,^[7] including those of Texas, Utah, and Iowa.^[8] Lawyers in the DOJ’s antitrust division described the inquiry against Alphabet as “the case of the century.”^[9] Accordingly, members of Congress are currently split on how rapidly to bring the investigation, with Republicans alleging that Democratic attorney generals are slowing investigations so that a potential Biden administration can bring the charges.^[10] In contrast, Democrats maintain that Republican attorney generals are rushing the investigations under President Trump before the upcoming election.[11]

Some experts say that the U.S. government needs to make it more difficult for big tech companies to buy other companies like DoubleClick because antitrust investigations are long and complicated.^[12] For example, William Kovacic, a former member of the Federal Trade Commission who approved the DoubleClick deal in 2007, said, “If I knew in 2007 what I know now, I would have voted to challenge the DoubleClick acquisition.”^[13] Alphabet, however, responded that the rationale for the DoubleClick deal was “finding a piece of technology” to invest in, rather than to monopolize the ad marketplace, and that online ad prices have steeply fallen, showing that the ad marketplace remains highly competitive.^[14]  Although a coalition of fifty states and territories have shown support for antitrust investigations into Alphabet, it is unclear how many members of the coalition will join the DOJ on a potential lawsuit.^[15] For now, it remains to be seen what charges will be brought against Google by the DOJ, and whether Congress will take any further legislative steps to prevent future big-tech mergers.

[Kurt] On Wednesday, September 23rd, the social media company TikTok and its parent company, ByteDance, sued the Trump administration in federal court to halt the Department of Commerce’s impending ban of TikTok, the popular video-sharing app.^[16]

TikTok’s lawsuit is in response to rules issued by the Department of Commerce mandating that Apple and Google remove TikTok from their respective mobile app stores, making it unavailable for further downloads and preventing future updates for existing users in the United States.^[17] This ban is the result of an executive order signed by President Trump, who claims that TikTok poses serious national security concerns.^[18] For example, national security officials argue that China could censor U.S. TikTok users as well as access users’ sensitive data.^[19]

Over the last few weeks, TikTok has been working to merge with a U.S. company in order to prevent the ban.^[20] On Monday, President Trump said he would not approve a deal that involved U.S. companies Oracle and Walmart purchasing ownership stakes in TikTok, with Oracle storing TikTok data in the U.S. as part of the deal.^[21] In response, TikTok on Wednesday filed in the U.S. District Court for the District of Columbia, requesting an injunction on the Department of Commerce’s ban.^[22] TikTok argued in the request that the proposed ban violates the International Emergency Economic Powers Act, the Administrative Procedure Act, and the First and Fifth Amendments.^[23] The Trump administration has not yet responded to this request for an injunction.

WeChat, a messaging app owned by the China-based company Tencent, is also subject to the Department of Commerce’s ban.^[24] In August, a coalition of WeChat users unaffiliated with the company sued the Trump administration in the District Court for the Northern District of California, and presented similar arguments to those made by TikTok. They argued that the proposed ban violates the First Amendment’s guarantee of freedom of speech, the Fifth Amendment’s equal protection and due process clauses, the Religious Freedom Restoration Act, and the Economic Emergency Powers Act.^[25] Judge Laurel Beeler initiated a nationwide injunction against the implementation of the Department of Commerce’s ban of WeChat.^[26] This may suggest a similar outcome for TikTok’s request.

 [Jonathan] A federal court in the Eastern District of Virginia ruled on September 18th that Amazon cannot avoid liability for a data breach that involved the hacking of over 100 million people’s sensitive, personal information.^[27]

As reported by Bloomberg, Amazon stored personal data from Capital One customers on Amazon cloud servers.^[28] In 2019, a software engineer named Paige Thompson hacked into one of Amazon’s servers that hosted Capital One customers’ personal data, including bank account information and social security numbers.^[29] Data from the breach also included credit card applications submitted by individual consumers and small businesses, and the data included over 100,000 Social Security numbers and 80,000 bank account numbers.^[30] The breach was especially concerning because the credit card applications were for secured credit cards, which are typically used by people with poor credit histories,^[31] making them especially vulnerable to financial disruption, such as by identity theft. Although Thompson was a former employee of Amazon Web Services,^[32] no motive has yet been uncovered for her breaching of the server. A spokesperson for Amazon stated that the server “was not compromised in any way and functioned as designed.”^[33] Instead, Thompson accessed the server through a misconfigured firewall, not through hacking the cloud-based infrastructure.^[34]

Amazon and Capital One moved to dismiss the class action brought by consumers affected by the breach.^[35] Amazon argued that it was not liable for the hack due to its indirect relationship with the class members, but the court rejected this argument,^[36] holding that Amazon is still obligated to notify customers of a data breach over any information it “maintains.”^[37] Capital One argued that the suit failed to show a link between the hack and any identity theft, fraud, or unauthorized activity on the class members’ credit card accounts, but the court also rejected this argument, holding there was a “sufficiently close connection” between any unauthorized activity and the hack.^[38] The court’s ruling allows the plaintiffs’ claims to move forward against both companies.

[Kurt] On September 23rd, the DOJ sent Congress draft legislation amending Section 230 of the Communications Decency Act, also known as the CDA.^[39]

Section 230 of the CDA provides online intermediaries immunity from lawsuits arising from content that they “host or republish.”^[40] For instance, you can’t sue Twitter for a defamatory tweet; only the person who wrote the tweet can be held liable.

Under the DOJ’s proposed legislation, tech platforms that purposefully facilitate “harmful criminal activity” would not receive Section 230 immunity.^[41] Platforms that are aware of “known criminal content” on their sites and don’t take action could be held liable as well.^[42] The precise intended application of these proposed changes by the DOJ is not yet clear.

This is not the first time that Section 230 has been in the crosshairs of the current administration. In May, President Trump signed an executive order compelling the Department of Commerce to petition the FCC to limit and clarify Section 230.^[43] However, it’s doubtful that the FCC has any statutory authority to enforce Section 230.^[44] On August 3rd, FCC Chairman Ajit Pai announced that the agency is inviting the public to comment on the petition regarding Section 230.^[45]

While the draft legislation is not expected to pass anytime soon, the DOJ joins a large number of critics from both the Democratic and Republican parties in support of amending the law.^[46] Republican attacks on Section 230 often focus on alleged censorship of conservatives, whereas Democrats want to change the law due to tech companies allegedly not doing enough to fight misinformation.^[47] For instance, Democratic presidential candidate Joe Biden has argued that Section 230 should be “revoked” as a result of insufficient efforts to combat online misinformation.^[48]

In response, according to the Internet Association, tech companies argue that intermediary liability protections “make the best of the internet possible.”^[49] They point out that, without the law, online platforms that revolve around user-generated content (like Facebook, YouTube, and Twitter) would not be able to moderate content without fear of liability and may not even be able to exist at all.^[50] With last week’s developments at the DOJ, it appears that tweaking Section 230 of the CDA could be high on the priority list for the next Congress.^[51] We can also reasonably expect the tech industry to continue fighting to preserve the protections of the law, if not as is, then in some comparative fashion.

[Kurt] Thank you for listening! The BTLJ Podcast is brought to you by Podcast Editors Andy Zachrich and Haley Broughton. Today’s episode was written and hosted by Kurt Fredrickson and Jonathan Baer and produced by Haley Broughton.

[Jonathan] We are committed to bringing you interesting news at the intersection of technology and law. If you enjoyed our podcast, please support us by subscribing and rating us on Apple Podcasts, Spotify, or wherever you listen to your podcasts.

[Kurt] If you have any questions, comments, or suggestions, write us at btljpodcast@gmail.com.

[Jonathan] Information presented here does not constitute legal advice and is only up-to-date as of Friday, September 25th. This podcast is intended for academic and entertainment purposes only.

^[1] Katie Benner & Cecilia Kang, Justice Dept. Plans to File Antitrust Charges Against Google in Coming Weeks, N.Y. Times (Sept. 3, 2020), https://www.nytimes.com/2020/09/03/us/politics/google-antitrust-justice-department.html.

^[2] James Langford, For Google, $5 Billion EU Fine that Irks Trump Is (Relatively) Small, Wash. Examiner (July 19, 2018, 1:38 PM), https://www.washingtonexaminer.com/business/5-billion-european-fine-that-irks-trump-isnt-so-massive-for-google.

^[3] Steve Lohr, This Deal Helped Turn Google into an Ad Powerhouse. Is That a Problem?, N.Y. Times (Sept. 21, 2020), https://www.nytimes.com/2020/09/21/technology/google-doubleclick-antitrust-ads.html.

^[4] Louise Story & Miguel Helft, Google Buys DoubleClick for $3.1 Billion, N.Y. Times (Apr. 14, 2007), https://www.nytimes.com/2007/04/14/technology/14DoubleClick.html.

^[5] Id.

^[6] Lohr, supra note 3.

^[7] Id.

^[8] David McLaughlin & Ben Brody, Google Probe Has States Split On Strategy With U.S. Antitrust Case Looming, Bloomberg (July 2, 2020, 4:24 PM), https://www.bloomberg.com/news/articles/2020-07-02/google-probe-has-states-split-on-strategy-with-u-s-case-looming.

^[9] Benner & Kang, supra note 1.

^[10] Id.

[11] Id.

^[12] Lohr, supra note 3.

^[13] Id.

^[14] Id.

^[15] Benner & Kang, supra note 1.

^[16] Mike Isaac, TikTok Files for Injunction to Stop Ban of App, N.Y. Times (Sept. 23, 2020), https://www.nytimes.com/2020/09/23/technology/tiktok-injunction-ban-app.html.

^[17] Press Release, U.S. Dep’t of Commerce, Commerce Department Prohibits WeChat and TikTok Transactions to Protect the National Security of the United States (Sept. 18, 2020), https://www.commerce.gov/news/press-releases/2020/09/commerce-department-prohibits-wechat-and-tiktok-transactions-protect.

^[18] Ana Swanson, David McCabe & Jack Nicas, Trump Administration to Ban TikTok and WeChat from U.S. App Stores, N.Y. Times (Sept. 18, 2020), https://www.nytimes.com/2020/09/18/business/trump-tik-tok-wechat-ban.html.

^[19] Louse Matsakis, Does TikTok Really Pose a Risk to US National Security?, Wired (Sept. 18, 2020, 3:10 PM), https://www.wired.com/story/tiktok-ban-us-national-security-risk.

^[20] David E. Sanger, David McCabe & Erin Griffith, Oracle Chosen as TikTok’s Tech Partner, as Microsoft’s Bid Is Rejected, N.Y. Times (Sept. 13, 2020), https://www.nytimes.com/2020/09/13/technology/tiktok-microsoft-oracle-bytedance.html.

^[21] Isaac, supra note 16.

^[22] Id.

^[23] See Plaintiffs’ Application for a Preliminary Injunction and Request for Expedited Briefing and a Hearing, TikTok Inc. v. Trump, No. 20-cv-02658-CJN (D.D.C. Sept. 23, 2020), https://cdn.vox-cdn.com/uploads/chorus_asset/file/21905506/gov.uscourts.dcd.222257.15.0_8.pdf.

^[24] John D. McKinnon, Lawsuit Claims U.S. WeChat Ban Is Unconstitutional, Wall St. J. (Aug. 21, 2020, 9:29 PM), https://www.wsj.com/articles/lawsuit-claims-u-s-wechat-ban-is-unconstitutional-11598059765.

^[25] See U.S. WeChat Users All. v. Trump, No. 20-cv-05910-LB, 2020 U.S. Dist. LEXIS 165981 (N.D. Cal. Sept. 10, 2020).

^[26] Id.

^[27] Andrea Vittorio, Amazon Can’t Avoid Consumer Claims from Capital One Cloud Hack, Bloomberg (Sept. 21, 2020, 9:55 AM), https://news.bloomberglaw.com/privacy-and-data-security/amazon-cant-avoid-consumer-claims-from-capital-one-cloud-hack.

^[28] Id.

^[29] Emily Flitter & Karen Weise, Capital One Data Breach Compromises Data of Over 100 Million, N.Y. Times (July 29, 2019), https://www.nytimes.com/2019/07/29/business/capital-one-data-breach-hacked.html.

^[30] Id.

^[31] Id.

^[32] Id.

^[33] Stephen Gandel, What We Know So Far About Accused Capital One Hacker Paige Thompson, CBS News (July 31, 2019, 8:20 PM), https://www.cbsnews.com/news/paige-thompson-what-we-know-about-accused-capital-one-breach-hacker-2019-07-31.

^[34] Id.

^[35] Vittorio, supra note 27.

^[36] Id.

^[37] In re Capital One Consumer Data Sec. Breach Litig., No. 19md2915, 2020 WL 5629790, at *26 (E.D. Va. Sept. 18, 2020).

^[38] Vittorio, supra note 27.

^[39] Press Release, U.S. Dep’t of Justice, The Justice Department Unveils Proposed Section 230 Legislation (Sept. 23, 2020), https://www.justice.gov/opa/pr/justice-department-unveils-proposed-section-230-legislation.

^[40] 47 U.S.C. §§ 223, 230 (2018); see also Section 230 of the Communications Decency Act, Elec. Frontier Found., https://www.eff.org/issues/cda230 (last visited Sept. 25, 2020).

^[41] David McCabe, Justice Dept. Urges Congress to Limit Tech’s Legal Shield, N.Y. Times (Sept. 23, 2020), https://www.nytimes.com/2020/09/23/technology/social-media-internet-speech-section-230.html.

^[42] U.S. Dep’t of Just., supra note 39.

^[43] Mariella Moon, Trump Administration Petitions FCC to Reinterpret Section 230 Rules, ENGADGET (July 28, 2020), https://www.engadget.com/trump-administration-fcc-section-230-petition-053109450.html.

^[44] Harold Feld, Could the FCC Regulate Social Media Under Section 230? No, Pub. Knowledge (Aug. 14, 2019), https://www.publicknowledge.org/blog/could-the-fcc-regulate-social-media-under-section-230-no/.

^[45] Judy E. Faktorovitch, The FCC Opens Public Comments on Trump’s Proposed Revisions to Section 230, Lawfare (Aug. 21, 2020, 9:01 AM), https://www.lawfareblog.com/fcc-opens-public-comments-trumps-proposed-revisions-section-230.

^[46] Adi Robertson, Democrats Want a Truce with Section 230 Supporters, The Verge (July 28, 2020, 5:17 PM), https://www.theverge.com/2020/7/28/21340737/section-230-pact-act-thune-schatz-big-tech-reform-hearing.

^[47] Id.

^[48] McCabe, supra note 41.  

^[49] Content Moderation: Section 230 of the Communications Decency Act, Internet Ass’n, https://internetassociation.org/positions/content-moderation/section-230-communications-decency-act/ (last visited Sept. 25, 2020).

^[50] Id.

^[51] See Marguerite Reardon, Democrats and Republicans Agree that Section 230 Is Flawed, CNET (June 21, 2020, 5:00 AM), https://www.cnet.com/news/democrats-and-republicans-agree-that-section-230-is-flawed/.