Understanding MongoDB’s New Copyleft Open Source License

MongoDB, the developer of a popular document-oriented distributed database server by the same name, has updated the open source license that applies to versions of its software published after October 16, 2018.

Previously, the MongoDB software was licensed under the GNU Affero General Public License v.3 (“AGPLv3”), which is a “strong copyleft” license. Strong copyleft licenses, among other things, require that the source code for the licensed software (including any modifications) be made available to the public, typically when the software is distributed to third parties. AGPLv3 goes further than other strong copyleft licenses in that the obligation to make source code available is triggered not only when the software is distributed, but also when it is accessed over a computer network, such as the Internet.

In an apparent response to attempts by users of MongoDB to architect their services so as to avoid the obligation to make their source code modifications available under AGPLv3, MongoDB has created a modified version of AGPLv3 (see here for a redline comparison) with broader disclosure and licensing obligations. The new license is called the Server Side Public License v.1 (“SSPLv1”).

Continue Reading

IoT Update: The UK publishes a final version of its Code of Practice for Consumer IoT Security

Following an informal consultation earlier this year – as covered by our previous IoT Update here – the UK’s Department for Digital, Culture, Media and Sport (“DCMS”) published the final version of its Code of Practice for Consumer IoT Security (“Code”) on Oct. 14, 2018. This was developed by the DCMS in conjunction with the National Cyber Security Centre, and follows engagement with industry, consumer associations, and academia. The aim of the Code is to provide guidelines on how to achieve a “secure by design” approach, to all organizations involved in developing, manufacturing, and retailing consumer Internet of Things ‘IoT’ products. Each of the thirteen guidelines are marked as primarily applying to one or more of device manufacturers, IoT service providers, mobile application developers and/or retailers categories.

The Code brings together what is widely considered good practice in IoT security. At the moment, participation in the Code is voluntary, but it has the aim of initiating and facilitating security change through the entire supply chain and compliance with applicable data protection laws. The Code is supported by a supplementary mapping document, and an open data JSON file which refers to the other main industry standards, recommendations and guidance.  Ultimately, the Government’s ambition is for appropriate aspects of the Code to become legally enforceable and has commenced a mapping exercise to identify the impact of regulatory intervention and necessary changes.

Continue Reading

IoT Update: BEREC launches public consultation on the ‘Data Economy’

On the 10th October 2018, BEREC (the Body of European Regulators for Electronic Communications) launched its public consultation on the ‘Data Economy’. This comes at a time when different regulators are increasingly discussing the importance of big data, including the opportunities and risks that it brings about, how these may evolve, and how (and increasingly who should take the responsibility) to regulate. While the data protection and competition authorities have so far been most vocal in this deepening regulatory debate, the opening of this consultation represents a clear and decisive move by European telecom regulators to ‘throw their hat’ into the ring and get included in the discussion – and potentially future regulation – of Europe’s data economy.

All interested stakeholders, including public organisations, industry actors, consumers, associations, academics, financial advisers, and other stakeholders with expertise or interest in the data economy are strongly encouraged to have their say. BEREC’s consultation video can be accessed here, and the consultation is open until 21 November 2018.

Continue Reading

AI Update: Senators Introduce AI in Government Bill

On September 26, a bipartisan group of senators introduced the Artificial Intelligence in Government Act, legislation that would direct certain executive agencies to specifically research and consider AI applications and strategy, as well as create an advisory board to address AI policy and issues. The bill’s sponsors cited both the promises and risks of AI as significant motivations for the proposed legislation.

Senators Cory Gardner (R-CO), Kamala Harris (D-CA), Rob Portman (R-OH), and Brian Schatz (D-HI) introduced the initial draft of the bill. Each pointed to AI’s great potential across numerous facets of society, as well as the importance of proactively addressing AI’s place in government. As Senator Portman summed up, “[a]rtificial intelligence will have significant impacts for our country, economy, and society. Ensuring that our government has the capabilities and expertise to help navigate those impacts will be important in the coming years and decades. . . . [T]his bipartisan legislation [ensures that] our government understands the benefits and pitfalls of this technology as it engages in a responsible, accountable rollout of AI.” Continue Reading

California Adopts Net Neutrality Law; Court Hearing Scheduled for Nov. 14

On September 30, California Governor Jerry Brown signed a bill to apply net neutrality rules to Internet Service Providers (“ISPs”) operating in that state.  California is not the first state to enact legislation on net neutrality, but its bill contains the most stringent requirements yet.  The Trump Administration and multiple ISPs have sued to prevent the new law from going into effect, arguing that it conflicts with federal law.  The first hearing on the legal challenge will take place on November 14.

Continue Reading

IoT and AI Update: California Legislature Passes Bills on Internet of Things, Artificial Intelligence, and Chatbots

The California legislature recently passed three bills meant to address rapidly-developing technologies including the Internet of Things, artificial intelligence (AI), and chatbots.

Internet of Things. At the end of August, California became the first state to promulgate regulations requiring security features for Internet-connected devices. Senate Bill 327 requires that a manufacturer of a connected device equip the device with “reasonable security features” that are (1) appropriate to the nature and function of the device; (2) appropriate to the information it may collect, contain, or transmit; and (3) designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure. Continue Reading

AI Update: A Discussion on Global Innovation and Singapore

On September 25, 2018, Lee Tiedrich, the co-chair of Covington’s global Artificial Intelligence (“AI”) Initiative,  participated in a roundtable discussion on the future of innovation, the challenges of the Fourth Industrial Revolution, and the need for multidisciplinary approaches involving the entire eco-system to address the adoption of new technologies in society. She was joined by Singapore’s Ambassador to the United States, Ashok Kumar Mirpuri, and Dean of the Duke University Fuqua School of Business, Bill Boulding.

This program began with a discussion of Singapore’s growth over the last sixty years into a global innovation hub. The Ambassador shared lessons from Singapore’s growth since the 1960s and its investment in its future through Smart Cities partnerships, transportation, and education. He stressed Singapore’s emphasis on building a fertile ground for international investment and innovation to prosper.

Continue Reading

IoT Update: FCC Efforts to Encourage 5G Infrastructure Investment

5G deployment and availability will greatly expand and enhance the Internet of Things (IoT). As we explored in a prior post, apart from spectrum availability, one of the other primary keys to promoting 5G development is increased investment in both wireless and wireline infrastructure. Without the necessary infrastructure (e.g. small cells, fiber backhaul) to support advanced 5G offerings, nascent IoT technologies will be inhibited by ever-increasing capacity demands that put strains on the existing infrastructure.

On September 26, 2018, the Federal Communications Commission (FCC) voted to approve a Declaratory Ruling and Third Report and Order (Order) designed to encourage and facilitate the investment necessary to deploy infrastructure to meet the demands of 5G networks. As the FCC explained in the Order, 5G is so important because it can “enable increased competition for a range of services—including broadband—support new healthcare and Internet of Things applications, speed the transition to life-saving connected car technologies, and create jobs.” Continue Reading

IoT Update: The E-Privacy Regulation – Impact on the IoT market

It is now four months after the General Data Protection Regulation (EU) 2016/679 (“GDPR”) came into force. One of its objectives is to create uniform standards for data protection in Europe and to adapt data protection to technical progress. In addition, the “Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications” (“E-Privacy Regulation“) was originally also to come into force as the successor to the corresponding Directive, though it now appears likely to come into force only in 2019. The E-Privacy Regulation is also an EU legal act which is directly applicable in the Member States without having to be transposed into national law. It is intended to protect both electronic communications content and electronic communications metadata as well as end-users‘ terminal equipment information. It is important to note that protection is not limited to personal data like in the GDPR – and therefore includes even more protected information and data. This post looks at the implications of the E-Privacy Regulation for IoT manufacturers starting with a short summary of the GDPR and some of its effects.

Continue Reading

AI Update: NDAA Renewal Addresses Uses and Implications of AI in National Security Context

Computer code on a screenLast month, President Trump signed into law the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (“NDAA” or the “Act”), which, among other things, includes provisions addressing the development and use of artificial intelligence (“AI”) in the context of national security and defense. Continue Reading

LexBlog