The rise of Internet commerce has brought with it inconsistent laws and court decisions across states as to whether retailers that have no physical presence in a state, but solicit sales online, must collect sales tax from customers. The federal government has provided no guidance, ensuring the state-by-state differences would remain. On Cyber Monday, December 2, 2013, the Supreme Court denied petitions for certiorari in Overstock.com, Inc. v. N.Y. Dep’t of Taxation and Fin., 20 N.Y.3d 586 (2013), and Amazon.com, LLC v. N.Y. Dep’t of Taxation & Fin. 134 S.Ct. 682 (2013). Amazon and Overstock sought review of the New York Court of Appeals’ March 2013 decision upholding the New York State Department of Taxation and Finance’s requirement that Overstock and Amazon to collect sales tax from customers at the point of sale. Overstock, 20 N.Y.3d at 590. The Supreme Court’s denials left intact its 21-year streak of rendering no significant decision on state and local taxation issues. They also ensured that analysis of substantial nexus, a prerequisite for a state to levy tax on an interstate transaction, Complete Auto Transit, Inc. v. Brady, 430 U.S. 274, 277-78 (1977), would be guided by cases decided before Internet commerce was any substantial part of the economy.
Like clockwork or, dare I say, the regular beat of a heart, I am again fielding calls from friends and associates on what to do in response to the latest global threat to information security. This time the web page encryption software bug called, “Heartbleed.” My response is not groundbreaking nor is it as resigned at the response I am generally seeing in the news: “Well, there is not a lot you can do.” My response is that people do what they should have been doing all along: not relying on any one tool to safeguard your information and most definitely not relying solely on any company or government entity to protect your information. My colleague, Ron Raether, has similarly commented publicly.
For starters, Heartbleed is a security bug, or vulnerability, in the open-source OpenSSL encryption software code used to encrypt sensitive information on websites via the Transport Layer Security (TLS). The actual vulnerability is a missing “bounds check” in the handling of the TLS heartbeat extension. More to the point, the vulnerability may allow someone to access your sensitive information from an affected server. In effect, this security flaw renders useless the advice we always give about “looking for the lock,” or seeking “https” in the URL lookup to confirm a web page is encrypted before entering sensitive information has, in reality and to some degree, useless. Well, at least until the patch released on April 7, 2014, is applied to the website. It’s useless because of the way https encryption software works, meaning it can be tricked into giving out more information than it should, or doing so without encryption in place. Thus, information entered into these seemingly safe sites could wind up unencrypted and vulnerable to view or theft by the bad guys.
If the Supreme Court decides to grant certiorari in Kimble v. Marvel Enterprises, 727 F.3d 856 (9th Cir. 2013), to get rid of the universally-disliked, yet never abrogated, doctrine embodied in its 1964 decision in Brulotte v. Thys, it will be thanks in part to “your friendly neighborhood Spider-Man.” The Plaintiff in Kimble was issued a patent in 1990 for a toy that allowed a child (“or other user,” as the Ninth Circuit’s opinion carefully notes) to imitate Spider-Man’s web shooting abilities by allowing the user to shoot a foam string via a trigger attached to the palm of a glove, which trigger was attached to a line leading to a can of foam strapped to the user’s wrist. 727 F.3d at 857-58. Kimble pitched his invention to Marvel Enterprises, who agreed to compensate him if it used his ideas, although it claimed a lack of interest. Marvel, however, later came out with a suspiciously similar “Spider-Man role-playing toy” called the “Web Blaster.” Id. at 858. Kimble sued Marvel for patent infringement and for breach of contract. In 2001, the parties settled. Id. The settlement agreement required a lump sum payment and a running royalty payment of 3% on sales of the Web Blaster, in perpetuity, despite the fact that the patent expired in 2010. Id. at 858-59.
Next Page »