Reflections-February 2022

THIS IS REFLECTIONS, our weekly roundup of events in the legal and technology sector, covering various topics and interesting learning points for today’s professionals.

If you couldn’t make an event, don’t worry, we probably made it and have all the juicy scoop for your reading pleasure and learning.

Do you have an upcoming event you would like us to know about or attend? OR do you know of one you would like to read about? Send an email to us HERE.

A REPORT ON WEBINAR ORGANISED BY UNIVERSITY OF RICHMOND SCHOOL OF LAW

TOPIC: LAWYERING IN THE DIGITAL AGE

DEAN WENDY PERDUE – HOST AND MODERATOR

PANELIST:

Welcome and Opening Remarks – Dean Wendy Perdue

AI and Facial Recognition Updates – Clare Garvie,

Cryptocurrency 101 – Evan Kielar, Thomson Reuters Special Services

Taxation of Cryptocurrency – Sofya Bakradze, Paul, Weiss Rifkind, Wharton & Garrison LLP

Cryptocurrency Regulatory Concerns – Stephen Gardner, Chief Compliance Officer and General Counsel, ZeroHash

Hot Topics in Ethical Cybersecurity for Your Law Firm –Sharon Nelson & John Simek, Sensei Enterprises, Inc.

Responsible AI – Owen Larter, Microsoft and Josh Kubicki, University of Richmond Law

INTRODUCTION

The host Wendy Perdue began the webinar by introducing the speakers that will discuss a variety of topics including cryptocurrency, the metaverse, telehealth, and the ethics of cybersecurity. She equally gave the welcoming address and gave brief introduction about the school. Thereafter, she introduced the first speaker, Clare Garvie, to discuss on the first topic for the day titled AI and Facial Recognition Updates.

AI AND FACIAL RECOGNITION UPDATES – CLARE GARVIE

Clare started by stating that in today’s networked world, the need to maintain the security of information or physical property is becoming both increasingly important and increasingly difficult. From time to time, we heard about the crimes of credit card fraud, computer breakings by hackers, or security breaches in a company or Government building. According to her, in most of these crimes, the criminals were taking advantage of a fundamental flaw in the conventional access control systems: the systems do not grant access by “who we are”, but by “what we have”, such as ID cards, keys, passwords, PIN numbers, or mother’s maiden name. She further stated that face recognition is one of the few biometric methods that possess the merits of both high accuracy and low intrusiveness. It has the accuracy of a physiological approach withoutbeing intrusive.

She discussed about a Brown University Student, Majeed, who was mistakenly identified as a Sri Lanka bombing suspect where the police issued a statement acknowledging the error, and officials later blamed a small team of investigators that mistakenly found Majeed’s photo using facial recognition software.

According to her, face recognition will not affect everyone equally. This is what she termed Risk: Discriminatory Surveillance. The discriminatory surveillance was categorized into gender, age and race. She stated that men are twice likely to be targeted, 15% of women are targeted for voyeuristic reasons, 65% of teenagers are targeted for no reason and people of colour are between 1.5 and 2.5 times more likely to be targeted.

CRYPTOCURRENCY REGULATORY CONCERNS

ANCHORED BY: Stephen Gardner, Chief Compliance Officer and General Counsel, ZeroHash.

The anchor began his presentation by stating that; as cryptocurrency’s transformation from speculative investment to a balanced portfolio stablemate continues to gather pace, governments around the world remain divided on how to regulate the emerging asset class. He then began to break down the current digital currency regulatory landscape as it applies to several countries.

The United States was the first Country he discussed about. He talked about the fact that, despite a large number of cryptocurrency investors and blockchain firms in the United States, the country hasn’t yet developed a clear regulatory framework for the asset class. The Securities and Exchange Commission (SEC) typically views cryptocurrency as a security, while the Commodity Futures Trading Commission (CFTC) calls Bitcoin (BTCUSD) a commodity, and the Treasury calls it a currency. Crypto exchanges in the United States fall under the regulatory scope of the Bank Secrecy Act (BSA) and must register with the Financial Crimes Enforcement Network (FinCEN). They are also required to comply with anti-money laundering (AML) and combating the financing of terrorism (CFT) obligations. Meanwhile, the Internal Revenue Service (IRS) classifies cryptocurrencies as property for federal income tax purposes. Crypto investors should closely monitor a high-profile Court case between Ripple Labs Inc. and the SEC, as well as threats by the agency to sue leading digital currency exchange Coinbase Global Inc. (COIN), for further regulatory clarity.

He continued further, discussing the regulatory concerns of cryptocurrency in Canada. He examined the fact that regulators have generally taken a proactive stance toward crypto in Canada. It became the first country to approve a Bitcoin exchange-traded fund (ETF) in February 2021. Additionally, the Canadian Securities Administrators (CSA) and the Investment Industry Regulatory Organization of Canada (IIROC) have clarified that crypto trading platforms and dealers in the country must register with provincial regulators. Furthermore, Canada classifies crypto investment firms as money service businesses (MSBs) and requires that they register with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). From a taxation standpoint, Canada treats cryptocurrency similar to other commodities.

He then talked about the United Kingdom. The United Kingdom considers cryptocurrency as property but not legal tender. Additionally, cryptocurrency exchanges must register with the U.K. Financial Conduct Authority (FCA) and are banned from offering crypto derivatives trading. Moreover, the regulatory body has introduced cryptocurrency-specific requirements relating to know your customer (KYC), as well as to the above-mentioned AML and CFT. Although investors still pay capital gains tax on crypto trading profits, more broadly, taxability depends on the crypto activities undertaken and who engages in the transaction.

Moreso, Australia takes a relatively proactive stance toward crypto regulation. Australia classifies cryptocurrencies as legal property, which subsequently makes them subject to capital gains tax. Exchanges are free to operate in the country, provided that they register with the Australian Transaction Reports and Analysis Centre (AUSTRAC) and meet specific AML/CTF obligations. In 2019, the Australian Securities and Investments Commission (ASIC) introduced regulatory requirements for initial coin offerings (ICOs) and banned exchanges offering privacy coins.

Similarly, to the United Kingdom, Singapore classifies cryptocurrency as property but not legal tender. The country’s Monetary Authority of Singapore (MAS) licenses and regulates exchanges as outlined in the Payment Services Act (PSA). Singapore, in part, gets its reputation as a cryptocurrency safe haven because long-term capital gains are not taxed. However, the country taxes companies that regularly transact in cryptocurrency, treating gains as income.

He then moved on to the Continent of Asia, examining South Korea, Japan, China and India. He began with South Korea, stating that the country doesn’t consider cryptocurrencies as legal tender or financial assets. As such, digital currency transactions avoid capital gains tax. The South Korean Financial Supervisory Service (FSS) oversees crypto exchange regulation, with operators subject to strict AML/CFT obligations. As of September 2021, cryptocurrency exchanges and other virtual asset service providers must register with the Korea Financial Intelligence Unit (KFIU), a division of the Financial Services Commission (FSC).

He further stated that; Japan however takes a progressive approach to crypto regulations, recognizing cryptocurrencies as legal property under the Payment Services Act (PSA). Meanwhile, crypto exchanges in the country must register with the Financial Services Agency (FSA) and comply with AML/CFT obligations. Japan treats trading gains generated from cryptocurrency as “miscellaneous income” and taxes investors accordingly.

He continued further, talking about the emerging global power in China which doesn’t class cryptocurrencies as legal tender; however, it does classify them as property for the purposes of determining inheritances. The People’s Bank of China (PBOC) bans crypto exchanges from operating in the country, stating that they facilitate public financing without approval. The world’s largest crypto exchange, Binance, initially launched in China but relocated its headquarters to the Cayman Islands in 2017 following the country’s crackdown on crypto regulation. Furthermore, China placed a ban on bitcoin mining in May 2021, forcing many engaging in the activity to close operations entirely or relocate to jurisdictions with a more favorable regulatory environment.

He then talked about India, stating that; like most countries, India outlines that cryptocurrencies are not legal tender. Despite this, the country’s Central Board of Direct Taxation specifies that investors must pay taxes on crypto trading profits. In 2018, the Reserve Bank of India (RBI) banned financial institutions from transacting in virtual currencies; however, the Supreme Court reversed this decision in March 2020. Still, regulations remain uncertain in the country. For instance, India proposed a law in early 2021 that would make it illegal to issue, hold, mine, and trade cryptocurrencies other than state-backed digital assets.

He began to conclude his presentation, examining the regulatory concerns of Cryptocurrency in the European Union. He stated that Cryptocurrency is legal throughout most of the European Union (EU), although exchange governance depends on individual member states. Meanwhile, taxation also varies by country within the EU, ranging from 0% to 50%. In recent years, the EU’s Fifth and Sixth Anti-Money Laundering Directives (5AMLD and 6AMLD) have come into effect, which tighten KYC/CFT obligations and standard reporting requirements. In September 2020, the European Commission proposed the Markets in Crypto-Assets Regulation (MiCA)—a framework that increases consumer protections, establishes clear crypto industry conduct, and introduces new licensing requirements.

The presentation came to an end, afterwhich he was asked several questions by the Host. Once the questions were concluded, the session came to an end by 6:30pm, going for a break pending the start of the next session.

HOT TOPICS IN ETHICAL CYBERSECURITY FOR YOUR LAW FIRM: Sharon Nelson & John Simek, Sensei Enterprises, Inc.

Sharon Nelson stated the presentation by stating that Confidential data in computers and information systems, including those used by attorneys and law firms, faces greater security threats today than ever before. They take a variety of forms, ranging from e-mail phishing scams and social engineering attacks to sophisticated technical exploits resulting in long term intrusions into law firm networks. They also include lost or stolen laptops, tablets, smartphones, and USB drives, as well as inside threats – malicious, untrained, inattentive, and even bored personnel.

These threats are a particular concern to attorneys because of their duties of competence in technology and confidentiality. Attorneys have ethical and common law duties to take competent and reasonable measures to safeguard information relating to clients. They also often have contractual and regulatory duties to protect client information and other types of confidential information.

Security threats to lawyers and law firms continue to be substantial, real, and growing; security incidents and data breaches have occurred and are occurring. It is critical for attorneys and law firms to recognize these threats and address them through comprehensive information security programs.

John Simek discussed on how more and more law firms utilize cloud services continuing operations during and after a disaster is becoming much easier. However, taking advantage of cloud services means that a connection to the internet is of prime importance. If your internet connection goes down, you’ll need an alternative method to get to your client data. Also, the pandemic forced law firms and businesses to close up shop (most in a single day) and send employees home for an extended period. The sudden closure of law firms allowed for only scant planning.

A lot of law firms were not as fortunate. Those that didn’t have laptops as a primary work device for their employees were forced to use home computers for work purposes as laptop demand skyrocketed and lead times for orders took months for delivery. The pandemic significantly slowed laptop production, which didn’t help. Even though the pandemic forced work-from-home (WFH) on many law firms, other natural disasters could also force law firm employees into a remote work environment.

Home networks are 3.5 times more vulnerable to attack than law firm networks for a variety of reasons. Consumer grade equipment is used in home networks and not generally kept up to date. That includes computers as well as networking equipment such as wireless routers. Surveys show that less than 30% of users have changed the default administration password on their home routers. This is one reason the attacks on home networks increased significantly at the beginning of the pandemic. Cybercriminals knew that lawyers were now working from home utilizing insecure devices.

Another consideration in a WFH world is the security of the device used to connect to the law firm network or cloud service. Devices located within a law firm network are typically centrally managed and kept up to date with the latest security patches and application updates. There are many more challenges when someone is remote, especially if working on a non-firm owned device. To help improve the situation, some firms elected to make the home machines part of the law firm’s centrally managed environment. This means that the firm would remotely patch the home computers and make sure all security configurations and updates were installed.

He stated that there are some challenges when folding a home machine into the managed environment. Privacy considerations become top of mind. Not just the privacy (and security) of client information, but the personal privacy of the home user. There needs to be a crystal-clear understanding of what the law firm is allowed to do to the home user’s computer and what information may be accessed. The obvious conclusion is that it would be a much better alternative to put a law firm owned device on the home network rather than taking control of a home machine.

Simek also emphasized on the need to train employees. He stated that training is essential to adequately responding to a disaster. No matter what the disaster (e.g. tornado, hurricane, pandemic, etc.), employees are stressed out dealing with the situation. They may be concerned for the life and safety of family, friends, and colleagues. Their defenses are down – they may be moving way too fast and not thinking clearly. Then they must deal with cybercriminals seeking to exploit a disaster. Training needs to be done for employees to properly recognize a phishing attack, especially since over 90% of successful cyberattacks start with a phishing email. Unfortunately, the cybercriminals have become very sophisticated and are constantly changing their methods and tactics to gain access to valuable information. That information may be the user’s login credentials, firm financial information, or client information that ultimately results in financial gain. Phishing attacks have drastically increased since the beginning of the pandemic. Besides trying to get users to click on an attachment or open a malicious link, cybercriminals want to let users feel safe when receiving a phishing email. There may not be any link or attachment with the attacker simply starting aconversation e.g., “Are you available to talk?” After a few “innocent” emailexchanges, the attacker then “pulls the trigger” and gets to the real purpose ofthe email exchange. These attacks are primarily financially driven. The FBIcategorizes these events as BEC (Business Email Compromise).

Finally, he stated that as attacks increase, lawyers need to be diligent in protecting access to clientconfidential data. This means having more stringent methods and policies toprotect access credentials. Having weak passwords or reusing passwords is not anacceptable practice to protect client data. Using a password manager will helporganize your logon credentials utilizing strong, unique passwords for eachservice.

Besides improving your password hygiene, you should be using two-factorauthentication (2FA) wherever it is available. Should your password getcompromised, 2FA will help prevent a successful takeover of your account. Note:2FA is a subset of the more general multi-factor authentication (MFA). In studyingthe effectiveness of MFA, Microsoft has reported that utilizing MFA stops 99.9%of credential-based account takeover attacks.

One of the best features of MFA is the cost. Most MFA implementations are free.We have come to learn that FREE is a favorite word, especially among solo andsmall firm attorneys. Some vendors are now requiring that 2FA/MFA be enabledfor all accounts. Google enforces 2FA for its accounts and your Ring doorbellaccount must have it configured too. Some commentators say that it is nowethically required to use MFA because it is a “reasonable” way to safeguard clientdata.

When configuring MFA, you may have some options for obtaining the secondfactor. It is very common to obtain the code via SMS text message. SMS textmessage are the least secure of all the methods. Having said that, getting thecode via text message is far better than not having 2FA configured at all. If youhave the choice, retrieving the code from an authentication app such as Google Authenticator, Authy, Duo, Microsoft Authenticator, etc. is better than getting atext message. Push notifications via an authenticator app are even more secureand using a hardware token such as the YubiKey is the most secure. Time toeducate yourself on your MFA options.

CONCLUSION

Finally, it was brought to our understanding that the digital age has affected our activities on a daily basis, that companies should encourage it activities with the use of technology. Also companies, especially law firms, should protect their data from hackers at all cost to avoid having to pay ransom to hackers.

A REPORT ON WEBINAR ORGANIZED BY ESQ TRAININGS LIMITED

TOPIC:  WORLD BANK: ICSID-SETTLEMENT OF INVESTMENT DISPUTES

HOST: ESQ LIMITED TRAININGS

INTRODUCTION

The webinar started at 1:00pm (WAT) with the host welcoming all participants to the meeting. She gave a brief introduction of the topic, its role and necessity in the legal space. The panelists included Ronald Ziade, (Partner and Global Co-Head, International Arbitration, Linklaters); Funke Adekoya SAN (Partner& Head of Disputes Resolution, Practice Group at AELEX) and Olasupo Shasore, SAN (Partner, ALP).

DISCUSSION

Ronald Ziade began the session with an introduction to ICSID arbitration and Investment Disputes, how that the International Centre for the Settlement of Investment Disputes was set up under the auspices of the World Bank as a de-localized system that operated independently and exclusively of domestic legal systems. He explained that only investors from member States can bring claims against other member states and investors must demonstrate that the host State consented to resolve investment disputes under the ICSID Convention.

Mr. Ronald went on to explain how the ICSID Arbitration attains jurisdiction and highlighted some differences between ICSID arbitration and non-ICSID arbitration such as delocalization, jurisdiction, annulment and enforceability.

For the appointment of the Tribunal, Mr. Ronald discussed the common considerations for appointment such as nationality, absence of conflict of interest, language proficiency, knowledge of relevant laws, experience and others.

The session was concluded by Mr. Ronald explaining the steps in enforcing an ICSID award with focus on Article 54(1) of the ICSID Convention.

The second session was chaired by Olufunke Adekoya SAN, who focused on the structure of a typical ICSID arbitration proceeding especially jurisdiction and annulment. She explained the three elements to ICSID jurisdiction;

1. Ratione materiae that is, the legal dispute must arise directly out of an investment and though the definition of an investment under the Convention is vague, she explained that the Salini test is used to establish existence of an investment;
2. A contribution;
3. A certain duration;
4. A risk; and
5. A contribution to the economic development of a host state.

• Ratione personae, must involve a contracting State that is, a State that has ratified the ICSID Convention or a government subdivision or agency of a contracting State where so designated to ICSID as being capable of being a party to an ICSID arbitration.
• Ratione temporis, effect of time on a tribunal’s powers pursuant to a treaty. A tribunal’s jurisdiction does not extend ratione temporis to alleged breaches that took place prior to the making of an investment. Focus was placed on the challenges involving jurisdiction such as lack of consent, time, nature of dispute, etc.

Olufunke SAN went on to shed more light on annulment procedure under ICSID, the grounds for annulment and timeframe for it.

The final Panelist for the day was Olasupo Shasore, SAN who went ahead to give a brief history of ICSID and how it came to be. He discussed the role it has played especially in Africa and its various shortcomings.

CONCLUSION

The meeting was concluded with a general agreement by panelists that despite the leading role of ICSID in international dispute resolution, there is still the need for positive changes for better outcomes. Questions were taken from the audience and the meeting ended by 3:00pm.