Insights

On August 21, 2024, the National Institute of Standards and Technology (NIST) released the Second Public Draft of Digital Identity Guidelines (hereinafter, “Draft Guidelines”) for final review. The Draft Guidelines introduce potentially notable requirements for government contractors using artificial intelligence (AI) systems. Among the most significant draft requirements are those related to the disclosure and transparency of AI and machine learning (ML). By doing so, NIST underscores its commitment to fostering secure, trustworthy, and transparent AI, while also addressing broader implications of bias and accountability. For government contractors, the Draft Guidelines are not just a set of recommendations but a blueprint for future AI standards and regulations.

On Thursday, July 18, 2024, Judge Paul Engelmayer, U.S. District Judge for the Southern District of New York, dismissed the bulk of the Securities and Exchange Commission’s (SEC’s) landmark civil securities law claims against SolarWinds and its Chief Information Security Officer (CISO) Timothy Brown.  The Court dismissed all allegations based on SolarWinds’ public disclosures made after SolarWinds became a victim of the well-publicized SUNBURST cybersecurity attack, and also dismissed the SEC’s claims relating to SolarWinds’ internal accounting controls and disclosure controls and procedures.  However, the Court declined to dismiss claims of securities fraud against SolarWinds and its CISO based on SolarWinds’ pre-SUNBURST disclosures, finding that the SEC had properly pleaded that the company’s publicly-posted “Security Statement” was materially false and misleading. 

Universal Music Group, Sony Music, and Warner Music Group., represented by the Recording Industry Association of America (RIAA), have sued online music AI generators, Suno AI (“Suno”) and Udio AI (“Udio”), for alleged copyright infringement, accusing them of replicating their artists’ music using AI technology. The Suno complaint is filed in the U.S. District Court for the District of Massachusetts, and the Udio complaint is filed in the U.S. District Court for the Southern District of New York.  The lawsuits also target Alphabet Inc., Google's parent company. The RIAA is asking for damages amounting to up to $150,000 per infringing song, which could amount to hundreds of millions of dollars. 

Protecting critical infrastructure is paramount to today’s digital age. Critical infrastructure includes physical and virtual systems essential for the functioning of our society, economy, and national security. Such a definition may include power grids, communication networks, and financial institutions, among other networks that heavily rely on interconnected computer systems. These systems are also considered critical infrastructure, as they are used to protect critical cybersecurity infrastructure. 

47 USC  230 (“Section 230”) was enacted as part of the United States Communications Decency Act (CDA), providing immunity to interactive computer service providers for third-party content. Known as “the 26 words that created the internet,” this statute is responsible for the development of the modern internet as we know it. While Section 230 has allowed online platforms—like major social media platforms and search engines—to flourish, the broad legal protections that Section 230 provides have become controversial. To no success, various members of Congress, the Presidential Administration, and political candidates have called for Section 230 reforms, and for the first time, the way in which we use the internet may change depending how the U.S. Supreme Court rules in a highly-anticipated Section 230 case this term.