The integration of AI in legal research presents efficiency benefits but raises significant ethical concerns, highlighted in the case of Viola Russell v. Linda Burnell Mells. Inaccurate citations from AI led to sanctions for the attorney involved, emphasizing the need for legal professionals to thoroughly verify AI-generated outputs and uphold ethical standards.
In the rapidly evolving landscape of legal technology, the integration of artificial intelligence (AI) into legal research and documentation has become increasingly prevalent. While these advancements offer significant benefits such as increased efficiency and accessibility to legal resources, they also introduce a range of ethical challenges that legal professionals must navigate with caution. A recent case from the District Court of Appeal of Florida, Second District, underscores the critical importance of maintaining rigorous standards of accuracy and integrity when utilizing AI tools in legal practice.
The Case Overview
In the case of Viola Russell v. Linda Burnell Mells, an appeal was filed against the dismissal of a complaint which involved complex issues surrounding the care and estate of an aged individual. The appellant, Ms. Russell, challenged the procedural and substantive aspects of the trial court’s decision, which dismissed her complaint with prejudice and granted entitlement to attorney’s fees to the appellee, Ms. Mells.
Ethical Breach Highlighted
During the appellate process, a significant ethical concern was raised regarding the conduct of Ms. Mells’ counsel, specifically related to the use of AI in legal research. The appellate court discovered that the answer brief filed by Ms. Mells’ attorney contained inaccurate citations and misquotations of case law. Most notably, one of the cited cases, “Cade v. Roberts,” was found to be nonexistent—a clear fabrication likely generated by an AI tool used during the legal research process.
Court’s Response and Ruling
The appellate court treated this matter with the seriousness it warranted, emphasizing the duty of legal professionals to ensure the accuracy and validity of their citations. The court expressed its concern that reliance on AI without sufficient oversight could lead to the erosion of trust and integrity in legal proceedings. As a result, the attorney was referred to the Florida Bar for potential sanctions, highlighting the consequences of failing to meet the ethical standards expected in legal practice.
Key Takeaways for Legal Professionals
1. **Verify AI-Generated Outputs**: While AI can streamline the research process, it is imperative that all outputs generated by AI tools are thoroughly checked for accuracy and reliability. Legal professionals must verify each case citation and quotation to ensure they are correct and applicable.
2. **Understand the Tools**: Legal professionals should strive to understand the capabilities and limitations of the AI tools they use. This includes being aware of how these tools generate data and the potential for errors or “hallucinations” where the AI fabricates information.
3. **Ethical Obligations Remain Paramount**: The use of AI does not alter the fundamental ethical obligations of lawyers. Diligence, honesty, and accuracy are non-negotiable aspects of legal practice, irrespective of the tools employed.
4. **Continuing Education**: As AI becomes more integrated into legal practices, ongoing education and training on the ethical use of technology in law will be crucial. Legal professionals must stay informed about the latest developments and best practices related to AI.
5. **Institutional Guidelines**: Law firms and legal institutions should develop clear guidelines and training programs on the appropriate use of AI in legal research. This can help prevent misuse and ensure that all staff adhere to ethical standards.
Conclusion
The case of Viola Russell v. Linda Burnell Mells serves as a crucial reminder of the ethical challenges posed by the integration of AI in legal practices. As we continue to embrace technological advancements, it is essential that we maintain the integrity of legal processes and uphold the highest standards of professional conduct. The legal community must be proactive in managing these technologies to harness their benefits while mitigating risks and ensuring justice is served with the utmost reliability and accuracy.
In the legal case between Pursuit Credit Special Opportunity Fund and KrunchCash LLC, reliance on artificial intelligence (AI) for drafting legal documents has raised significant concerns. Errors found in Defendants’ submissions, such as misquotes and incoherent arguments, highlight the risks of using AI without proper oversight. This situation emphasizes the ethical duties of attorneys to ensure accuracy and suggests a need for stricter guidelines regarding AI in legal processes.
In a recent legal dispute between Pursuit Credit Special Opportunity Fund, L.P. (“Pursuit”) and KrunchCash LLC, along with its associated entities and Jeffrey Hackman (collectively, “Defendants”), an unusual yet increasingly pertinent issue has surfaced: the reliance on artificial intelligence (AI) in preparing legal documents. This scenario provides a stark illustration of the potential pitfalls of integrating AI technology into legal practices without sufficient oversight and rigor.
1. **Mismatched Responses and Statements**: The Defendants responded to paragraphs that did not exist in Pursuit’s original statement of material facts and misquoted or hallucinated statements purportedly from Pursuit’s submissions.
2. **Incoherent Argumentation**: There were instances where the roles of the plaintiff and defendants were confused, and the responses were often not aligned with the corresponding statements from Pursuit.
3. **Non-existent Evidence**: The Defendants cited evidence that simply did not exist, undermining the credibility of their legal arguments.
These errors not only compromise the integrity of the legal process but also potentially damage the Defendants’ position in the litigation. Such inaccuracies and hallucinations in legal documents can mislead the court and opposing parties, leading to unjust outcomes.
Pamela B. Ader, as executor of the estate of Richard H. Ader, Plaintiff, against Jason Ader, JS Property Holdings LLC, Defendants. Decided on October 1, 2025, Supreme Court, New York County
Justice Cohen’s October 1, 2025 Order for Sanctions Against Counsel
“The Court may award sanctions for frivolous conduct against a party and/or an attorney in its discretion where appropriate (22 NYCRR § 130-1.1). Moreover, Rule 3.3 of the New York Rules of Professional Conduct (“Conduct Before a Tribunal”) provides that a lawyer “shall not knowingly make a false statement of fact or law to a tribunal[.]” (NY ST RPC Rule 3.3). Finally, 22 NYCRR § 100.3(D)(2) provides that “[a] judge who receives information indicating a substantial likelihood that a lawyer has committed a substantial violation of the Rules of Professional Conduct (22 NYCRR Part 1200) shall take appropriate action.”
“Use of AI is not the problem per se. The problem arises when attorneys abdicate their responsibility to ensure their factual and legal representations to the Court—even if originally sourced from AI—are accurate. “The court relies on attorneys to do their jobs: advocate for their clients using law and facts—real law and real facts” (Enterprise v Shvo, NYSCEF 154 in Index No. 653221/2024 [Sup Ct, NY County, Dec. 24, 2024] [Masley, J.]). When attorneys fail to check their work—whether AI-generated or not—they prejudice their clients and do a disservice to the Court and the profession. In sum, counsel’s duty of candor to the Court cannot be delegated to a software program.”
“By now the risks and consequences of AI-hallucinated citations should be familiar (see e.g. Park v Kim, 91 F 4th 610, 615-16 [2d Cir 2024] [attorney referred to court’s grievance panel for disciplinary proceedings for submitting brief containing non-existent case citations generated by ChatGPT and case was dismissed]; Mata v Avianca, Inc., 678 F Supp 3d 443, 466 [SD NY 2023] [attorneys ordered to pay a penalty and to send copies of sanctions petition to client and each judge falsely identified as authors of fake opinions]; Enterprise v Shvo, supra [ordering attorney to reimburse movants for fees incurred in communications regarding improper AI use]; Matter of Samuel, 82 Misc 3d 616, 620 [Surr Ct, Kings County 2024] [affirmation brief struck from the record]). Moreover, courts have made clear that reliance on the research of others is not a valid excuse for presenting false citations (Johnson, 2025 WL 2086116, at *20 (citing cases)).”
“Here, Plaintiff seeks her attorney’s fees and costs and out-of-pocket expenses incurred by the delay in adjudicating her summary judgment motion as a sanction against Defendants for frivolous conduct. The Court finds that awarding Plaintiff her reasonable costs and attorney’s fees incurred in connection with the sanctions motion, together with such fees attributable to addressing Defendants’ unvetted AI citations and quotations in the summary judgment motion, is an appropriate monetary sanction against both Defendants and their counsel, jointly and severally.”
“In addition, in view of the reporting mandate of 22 NYCRR § 100.3(D)(2) and to deter such conduct going forward (see Johnson, 2025 WL 2086116, at *20), the Court directs Plaintiff’s counsel to submit a copy of this decision and order to the Grievance Committee for the Appellate Division, First Department and the New Jersey Office of Attorney Ethics, copying Defendants’ counsel and this Court on its transmittal letters. The Court will provide a copy of this decision and order to Judge Katz, who is presiding over a matrimonial matter in this Court in which Defendants’ counsel is representing Jason Ader (NYSCEF 169 at 23).”
“Therefore, it is”
“ORDERED that Plaintiff’s motion for sanctions pursuant to 22 NYCRR § 130-1.1 is GRANTED, such that Defendants and their counsel are jointly and severally liable to compensate Plaintiff for her reasonable costs and attorney’s fees incurred in connection with this [*4]motion, together with fees and costs attributable to addressing Defendants’ unvetted AI citations and quotations in the summary judgment motion; it is further”
“ORDERED that Plaintiff shall submit an application with supporting documentation for the fees awarded above within fourteen (14) days of the date of this order; Defendants and their counsel may submit opposition thereto within fourteen (14) days of Plaintiff’s application. Plaintiff shall notify the Court via letter filing on NYSCEF and by email when the application is complete and whether it is opposed or unopposed; and it is further”
“ORDERED that Plaintiff’s counsel promptly submit a copy of this decision and order to the Grievance Committee for the Appellate Division, First Department and the New Jersey Office of Attorney Ethics, copying defense counsel and this Court on its transmittal letters.”
“This constitutes the decision and order of the Court.” DATE 10/1/2025 JOEL M. COHEN, J.S.C.
AI in Legal Work: A Double-Edged Sword
The integration of AI into legal work offers promising benefits, such as increased efficiency and the ability to analyze large volumes of data quickly. However, the case at hand underscores the technology’s current limitations and risks. AI, particularly in its current form, lacks the nuanced understanding of legal principles and the strategic thinking required for legal argumentation. It can process and generate text based on patterns in data, but it does not comprehend context or the subtleties of legal reasoning.
Moreover, the use of AI can lead to a detachment of lawyers from their work. Relying on AI without thorough verification and oversight can result in errors going unnoticed until they potentially cause significant legal repercussions. This detachment not only diminishes the quality of legal practice but could also erode trust in legal proceedings.
Ethical and Procedural Implications
The situation also highlights the ethical considerations surrounding the use of AI in legal contexts. Lawyers are traditionally held to high standards of accuracy and diligence under legal and ethical frameworks. Delegating critical tasks to AI without adequate checks does not absolve lawyers from their responsibility to ensure the accuracy and appropriateness of their filings.
From a procedural standpoint, this case may prompt legal institutions to establish clearer guidelines and standards for AI use in legal processes. Ensuring that AI tools are used responsibly and do not undermine the fairness of legal proceedings is paramount.
Moving Forward: Caution and Regulation
As AI continues to evolve and integrate into various sectors, including law, it is crucial that this integration is approached with caution and guided by stringent standards. Legal professionals should be trained not only to use AI tools effectively but also to understand their limitations and risks. Regular audits and checks should be a mandatory part of using AI-generated content in legal filings to prevent errors and maintain the integrity of legal documents.
Ultimately, while AI represents a revolutionary tool in many fields, its use in law must be carefully managed to avoid compromising the quality and fairness of legal proceedings. The case of Pursuit vs. KrunchCash serves as a critical reminder of the need for balance between innovation and the traditional diligence required in the legal profession.
EMR Audit Trails: Importance in winning medical malpractice cases
When we consider the labyrinth of Electronic Health Records (EHRs), the concept of an audit trail might not strike us as immediately significant—until we delve into the realm of medical malpractice. Here, audit trails transcend their basic function to become pivotal elements in the quest for truth, often determining the course of justice in malpractice litigation.
An audit trail in the context of EHRs is essentially a digital breadcrumb trail. It meticulously logs every interaction with a patient’s health record. This includes not just the modifications made to the record, but also who accessed it and when. This might sound straightforward, but the implications are profound, particularly when the accuracy of medical records comes under scrutiny in a court of law.
Firstly, audit trails provide a precise timeline of patient care events. Imagine a scenario where the sequence of medical actions is disputed in a lawsuit. Here, the audit trail acts as a chronological witness to the events, lending clarity to the proceedings and often becoming a cornerstone of the legal argument.
Moreover, the integrity of health records is paramount. Audit trails ensure this integrity by logging every transaction and access—like a vigilant guard that keeps a watchful eye on the sanctity of medical data. This feature is crucial because it allows for the detection of any alterations or deletions to the records, which could suggest attempts to cover up errors. It’s a feature that brings both transparency and accountability to the digital records.
The data from audit trails can either corroborate or contradict the testimonies of healthcare providers. In legal contexts, where testimonies can vary wildly in their accounts, the objective, unchangeable log of an audit trail provides a baseline of facts that can affirm or challenge these subjective narratives.
Additionally, audit trails help to identify all healthcare professionals who interacted with the patient’s records. This can be especially useful in complex cases involving multiple caregivers, where pinpointing responsibility is key. The detailed logs of access and modifications can precisely attribute actions to specific individuals at specific times.
Beyond the basics of logging views and edits, audit trails also record system alerts and order sets. System alerts in audit trails can indicate automated medical responses triggered by certain data inputs, which can be crucial in understanding how and why certain decisions were made. Order sets documented within audit logs detail the specific care protocols that were prescribed, offering insights into the standard of care administered.
However, despite their utility, audit trails are complex beasts. They require expert analysis to be effectively understood and utilized in legal contexts. This complexity often necessitates the involvement of specialized Electronic Medical Record (EMR) data experts who can decipher the technical logs and translate them into comprehensible evidence for the courtroom. Audit trails commonly include the object identifier that the action refers to. Production of EMR often fails to clearly include the object identifier in the patient’s medical chart, sometimes requiring additional production requests of EMR that clearly label the object identifier of the care note, in basket message, order entered, lab results reviewed, and other health care provider documents created, edited, approved, printed or viewed.
In conclusion, the role of audit trails in electronic health records is multifaceted and indispensable. They not only foster transparency and accountability in patient care but also serve as vital tools in the adjudication of medical malpractice cases. By providing a clear, unalterable record of medical interactions, audit trails help ensure that justice can be appropriately served, influenced by concrete evidence rather than mere conjecture. Thus, in the intricate dance of legal proceedings, audit trails offer a step towards clarity and fairness, proving or disproving claims with the weight of digital truth.
On April 29th, the Raleigh Housing Authority fell victim to a cyber attack that shut down their computer system. The attack disrupted the agency’s ability to access their email, files, and financial records, leaving the organization struggling to conduct their day-to-day operations.
The RHA provides affordable housing for low-income individuals and families in the Raleigh area. The cyber attack has had a significant impact on the agency’s ability to fulfill its mission of providing safe and affordable housing. In the aftermath of the attack, the RHA has been forced to rely on manual processes to complete their work, causing delays in critical services for their clients.
Cyber attacks have become increasingly common in recent years, with hackers targeting organizations of all sizes and industries. These attacks can result in the loss of sensitive data, financial losses, and damage to a company’s reputation. In the case of the RHA, the attack has disrupted the lives of the low-income families who rely on their services.
To prevent cyber attacks, organizations must prioritize cyber security. This includes implementing strong password policies, regularly updating software and systems, and educating employees on how to recognize and report suspicious activity. Additionally, organizations should consider investing in cyber security insurance to mitigate the financial impact of an attack.
When a cyber attack does occur, it’s important to have a plan in place to respond quickly and effectively. This includes identifying and isolating affected systems, restoring data from backups, and conducting a thorough investigation to determine the cause of the attack and prevent future incidents.
In the case of the RHA, they have taken steps to restore their computer systems and minimize the impact of the attack. However, the incident serves as a reminder of the importance of cyber security and the devastating consequences that can result from a successful cyber attack.
In conclusion, the cyber attack on the Raleigh Housing Authority is a sobering reminder of the importance of cyber security for organizations of all types and sizes. By prioritizing cyber security, organizations can protect their data, their financial stability, and the well-being of their clients.
Informed consent prior to a procedure should be documented in the patients chart and visible on an audit trail.
by Dr. Aikaterina Assimacopoulos
Informed consent is a must prior to any elective procedure. After all risks, benefits and alternatives (r/b/a’s) are thoroughly explained consent can be given. An informed patient is one who understands the nature and purpose of the procedure as well as postoperative expectations of pain, recovery time, need for physical therapy, and any changes to physical appearance. Signed consent should be found in the patients EMR.
Informed Risk Assessment
Common surgical risks include the risk of infection, bleeding or damage to surrounding organs. If a minimally invasive approach is planned, the possibility to convert to an open procedure should be discussed. If the patient is to have an exploratory surgery, a risk is the possibility that nothing is found on exploration. In some cases, there is a potential the surgeon recognizes additional measures must be taken upon viewing the patient’s anatomy. In these cases, the surgeon is usually aware of this potential and should obtain consent and discuss r/b/a’s.
Doctor Washing Hands Before Operating. Hospital Concept.
The benefit or likelihood of a positive outcome should be clearly and realistically defined. The patient should be aware of any alternative options and their r/b/a’s. This includes both more conservative methods of treatment such as medications, physical therapy, or injections as well as any alternative surgical approaches that may vary in method or invasiveness. For example, a vaginal vs. abdominal approach to hysterectomy or LINX vs. Nissen fundoplication methods for gastroesophageal reflux.
Documented Consent
A signed consent form and statement should be uploaded in the chart. For example, “r/b/a’s discussed, patient expressed understanding, all questions asked and answered” should be documented in the chart. However, this does not necessarily mean the patient was properly informed. Often this statement is included as part of a provider’s template, without being consciously documented. Therefore, this raises the question of whether or not the conversation actually took place.
Because this discussion is verbal, it is difficult to use an audit trail to prove whether appropriate informed consent was obtained. However, an audit trail can be used to analyze other aspects of preoperative care which, if deficient, or incomplete, could support the notion informed consent was deficient as well.
What to look for in an audit trail
If surgical complications arose and the physician was concerned about the preoperative care provided, the physician could enter the patient chart after the fact and make additions to the patient’s chart. This is why it is necessary to get an audit trail that extends through the date the EMR is generated. Providers can alter a patients EMR at any time. These changes might not be visible on the EMR but will be on the audit trail.
In most cases, evidence of the following actions should exist in both the printed patient chart and the audit trail:
A clinic visit in which the patient’s need for surgery is assessed.
Any attempt to manage symptoms with more conservative first-line measures. For example, prescription orders or referrals to physical therapy or a pain specialist.
A diagnosis made prior to surgery and added to the patient’s problem list.
In some cases, evaluation of the patient’s personal risk due to any comorbid conditions is done using a ‘risk calculator’ and results should be documented.
A preoperative physical/assessment for higher risk patients.
A complete history and physical note (H&P) within the 30 days prior to surgery.
Procedure-specific labs and imaging which should be viewed by the surgeon prior to surgery.
Judge James O’Hara writes order in full support of the law to release all of patients audit trail information to them. This was in response to the case of Angela Prieto vs. Rush University Medical Center in Chicago.
Cook County Circuit Court Judge James N. O’Hara wrote a Memorandum Order for the case of Angela Prieto vs. Rush University Medical Center (“RUMC”) and other defendants. The 23-page order highlights some important federal statutes, such as HIPAA and the HITECH Act. This established a legal basis for a plaintiff to receive their complete electronic medical record. Judge O’Hara implements a severe sanction that effectively was a default judgement leaving only the dollar amount of financial award to be determined by the jury.
Case Background
Plaintiff, Angela Prieto, on behalf of her son alleged that RUMC “negligently caused [her son] to suffer from hypoxic ischemic encephalopathy and respiratory distress syndrome during birth.” The case was originally filed in 2018. The request for production of electronic health records was originally filed in January of 2019. Plaintiff requested RUMC to produce the complete and unaltered EMR and audit trail. As of January 2022, there were three repeated requests from Prieto for RUMC to produce the complete EMR audit trail.
Audit Trails in EMR
The use of Electronic Medical Records (“EMR”) also known as Electronic Health Records (“EHR”) is mandatory to comply with requirements that health care providers maintain electronic medical records for patients. Every hospital, doctors office, or any medical practice in the United States must be compliant. The transition to using EMR began in 1992. Electronic medical records became mandatory since the start of 2014 through the American Recovery and Reinvestment Act.
All EMR systems are required by federal law to have an audit trail system built in. Audit trails show any deletions or edits that may not be part of the finalized medical record. A complete EMR audit trail shows all entry, access or modifications made to a patient’s chart. EMR audit trail productions should include all available records from the initial patient encounter until the date of production.
Audit Trail Manipulation
Health care providers often limit their production of audit trail records to the date the patient left the health care facility. However, this practice is problematic. When a patient’s EMR is modified after a Plaintiff files litigation and requests their complete EMR with audit trail records, manipulation of the Plaintiff’s medical records after that date can’t be detected. It is a common practice for healthcare providers to only produce the finalized patient EMR chart. This omits the revision history, a clear indicator of when the patient’s EMR was modified, by whom, from where, what time, and the specific redline changes that were made, as is required by any HIPAA compliant EMR system.
Healthcare electronic charting
Electronic Health Records and EMR revision history must be retained by any HIPAA compliant EMR software system.
As Judge O’Hara put it in his order, “The term ‘Audit Trail’ refers to the part of the patient’s EHR that displays any person logging in to the record to modify the record, correct the record, add to the record, alter the record, revise the record, complete the record, put finishing touches on the record, and any other entry or access into the medical record, or any other name synonymous with the reflection of who, when and what a person did in relation to the Electronic Health Record.”
Request for ‘a complete, unaltered EHR Audit Trail’
He went on to discuss the EMR audit trail request in this specific case stating, “…requests asked for ‘a complete, unaltered EHR’…Prieto also requested ‘a complete, unaltered Audit Trail… in native format.’” This is a typical wording of requests for EHR or EMR Audit Trails that many healthcare providers fail to produce the first time. Instead, healthcare providers often send incomplete audit trails filtering out certain information.
…inspection revealed many aspects of the audit trail and EHR discovery that were either withheld, misrepresented or otherwise not produced…
Judge James O’Hara
When the Defendant in this case failed to produce the Plaintiff’s complete electronic medical records, including a complete audit trail and EMR revision history as requested, Judge O’Hara granted “a motion for in camera, on-site inspection of the auditing systems at RUMC…” Judge O’Hara actually attended the onsite inspection himself. The date for the on-site inspection with the judge was set and O’Hara wrote of it, “…inspection revealed many aspects of the audit trail and EHR discovery that were either withheld, misrepresented, or otherwise not produced…”
Federal Laws Pertaining to EHR Audit Trail Production
HIPPA
Judge O’Hara listed the federal law governing audit trails. “Congress enacted the Health Insurance Portability and Accountability Act (“HIPAA”) to ‘improve the efficiency and effectiveness of the health care system, by encouraging the development of a health information system through the establishment of standards and requirements for the electronic transmission of certain health information,’” O’Hara quoted from HIPAA. He then continued, “In response to HIPAA, the Department of Health and Human Services (“HHS”) published HIPAA’s right of access rule: ‘Except as otherwise provided… an individual has a right of access to inspect and obtain a copy of protected health information about the individual in a designated record set, for as long as the protected health information is maintained in the designated record set.’”
HITECH & THE Cures Acts
O’Hara went on to quote, “the HITCH Act in 2009, Congress ‘expanded HIPAA to include individuals’ rights to obtain electronic health records and added a stronger privacy and security requirements to protect health information.’” He continued on, “The Cures Act would later respond to a growing concern that healthcare software developers and provided sought to restrict the amount and types of information accessible to individuals by adding ‘information blocking’ provisions – to further encourage the broad access to patients’ own health information.” Healthcare providers often cite the “Designated Record Set” as not including the EMR audit trail or revision history.
U.S. Department of Health and human services (“HHS”)
Judge O’Hara continued to quote the rules of HHS in regards to a patient’s EHR audit trail production, “‘Individually identifiable health information’ is further defined as information created by a health care provider that relates to the provision of health care to an individual, among other things, that can be used to identify the patient. Id. In sum, audit trail information is included in the patient’s right of access if it is created or used by the healthcare provider, can be used to help treat or identify the patient, relates to the provision of health care to the patient, and is maintained in electronic media.”
Electronic medical records with patient data and health care information stored electronically in tablet. Doctor using digital smart device to read the patient’s EMR chart.
The Alleged Burden of Producing the Complete Medical Record
The supposed time burden for the medical facility to produce the EHR Audit Trail and revision history is a major objection provided to the court as a defense to the request for a Plaintiff’s complete electronic medical record. Judge O’Hara addresses that point in stating, “HHS has acknowledged that this imposes a heavy burden on healthcare providers… However, the national policy is that this burden cannot overcome the patient’s right of access… HHS went even further to impose a scheme of penalties for entities that disobey this national policy.”
Federal law says that audit trail data… is included in the patients right of access
Judge James O’Hara
Judge O’Hara finalized his section on the law by stating, “In sum, federal law says that audit trail data, including metadata associated with a patient’s EHR, is included in the patient’s right of access and that it constitutes information blocking to refuse to produce such data.”
Spyware being used by governments all over the world infringes on people’s freedoms.
The spyware produced by NSO Group and used by governments should be a concern to all. Everyone should consider the impact it has on human rights. Even if journalists and human rights activists are the effected party, it effects all.
Governments using the Pegasus spyware from NSO to silence and attack journalists and activists
Concerned non-profits, news outlets, and more have highlighted NSO Group’s use of spyware to target certain groups. The Pegasus Project is a collaboration of journalists in 10 different countries. Paris-based nonprofit, Forbidden Stories, organized it. They get technical support from Amnesty International. The project has raised the issue of attacking groups most likely to speak out such as journalists and activists. Large companies including Apple and WhatsApp have also addressed the issue, bringing legal cases against NSO Group.
The use of spyware to target journalists and human rights activists is not just something to concern the individuals in question. Everyone should pay attention to how governments are using NSO Group’s spyware and the impact that it has on freedom of speech and expression. Human Rights Watch says governments should “immediately cease their own use of surveillance technologies in ways that violate human rights.” There have been a confirmed dozens of cases so far. They say the number of people targeted by this type of surveillance could be much larger. Reporting from the Pegasus Project was based on a leaked list of 50,000 phone numbers. Human Rights Watch reports some of their staff members appear on this list.
Used to violate the rights of anyone who may be critical of the government
Human Rights Watch and other groups argue that NSO Group and others in their industry have failed to regulate themselves. Many who sell surveillance products, do so to governments that don’t offer transparency or oversight over how the products are used. However, it also has impact on those who may self-censor out of fear of surveillance, including journalists and their sources.
Targeting by spyware doesn’t just directly affect journalists and activists. It undermines free expression as well as removing personal security and even threatening lives.
One prominent example of surveillance highlighted by the Pegasus Project was that of the family of the murdered Saudi journalist, Jamal Khashoggi, by Saudi operatives. Selected for targeting shortly before he was killed in 2017 was Cecilio Pinedo, a Mexican journalist. Pegasus has also been used in Azerbaijan and India. The Prime Minister of India bought the spyware as part of a weapons deal with Israel in 2017.
Targeted journalists are from major international publications including CNN, the Associated Press, and the New York Times. This type of surveillance by governments erodes the freedoms and rights of everyone by restricting freedom of information and expression.
A trade secret theft from General Electric that was in the works for 11 years finally ended in jailtime.
A former General Electric engineer has been sentenced to 2 years in federal prison for stealing trade secrets. Jean Patrice Delia conspired with Miguel Sernas to compete against CE worldwide.
Jean Patrice Delia from Montreal pleaded guilty to the charges. Delia admitted that he had worked with another man to use trade secrets from GE to compete against the company. Miguel Sernas, from Mexico City, and Delia went into business together at ThermoGen Power Services. Delia stole the information from GE in Schenectady, between the years of 2001 and 2012.
He was accused of stealing thousands of electronic files from GE. The files included exclusive tools developed to calibrate turbines in GE’s worldwide power plants. Delia has been ordered to jail for 2 years as well as ordered to pay $1.4 million in restitution. His final sentence is shorter than that asked for by prosecutors. They had originally requested a term of 3 years and 1 month. They argued that Delia was the person who stole the materials and was the driving force behind the plan. Prosecutors pointed out that the crime was not victimless. Prosecutors argued that many people were effected and the consequences should reflect that.
On the other hand, Delia’s attorney Paul S. Folk asked for time served, saying that he had accepted responsibility and was trying to make amends. Delia entered his guilty plea almost 2 years ago, in December 2019. Miguel Sernas was sentenced to time served which amounted to about a year in jail. He was also ordered to pay $1.4 million, the same amount as Delia.
Other employees stealing trade secrets in recent cases
Another recent case involving trade secrets theft is that of a former employee at Pfizer. Chun Xiao Li is being sued by her previous employer. Pfizer alleges that Li stole trade secrets including documents relating to their COVID-19 vaccine, as well as other products. They allege that she uploaded over 12,000 documents. Additionally, she allegedly lied about why and where the files were stored on a private Google Drive account. Li had been working as an associate director of statistics. She had already been under investigation by Pfizer when she resigned from the company in November.
Also in recent weeks, the first Chinese spy has been convicted in the US of economic espionage for trying to steal aviation trade secrets. Yanjun Xu has been convicted of two counts of conspiring and attempting to commit economic espionage, conspiracy to commit trade secret theft and attempted theft of trade secrets. He could be fined more than $5 million and receive up to 60 years in prison. Xu targeted several aviation and aerospace companies, including GE Aviation, which is a unit of General Electric. He was first arrested in Belgium in 2018, with his extradition to the US following six months later.
Both large corporations and small businesses could be at risk of intellectual property theft and trade secret misappropriation. These prominent cases in the news could result in organizations taking steps to reduce the risks of this happening.
Pfizer launched a lawsuit against a former employee, Chun Xiao Li. They are alleging the theft of thousands of documents relating to some of their products.
Pfizer is suing a recently departed employee on accusations of stealing trade secrets. They allege that Chun Xiao Li downloaded thousands of documents before she resigned. They included documents linked to their COVID-19 vaccine, as well as two other products, Bavencio, and elranatamab, both of which are monoclonal antibody treatments for cancer.
Li uploaded more than 12,000 documents and mislead the company about her reasons
The brief for the lawsuit was filed in California on November 23 and published by Bloomberg Law. Pfizer says that Li uploaded more than 12,000 documents from the company to a Google Drive account. She misled the company about her reasons for uploading the files and where they were downloaded. She was the associate director of statistics at the time of her departure. Li had worked at the company since 2006. She first worked in China before moving to the US and working in La Jolla. Pfizer had already been investigating her conduct when she resigned on November 12. Potentially for a job offer elsewhere.
Pfizer says the company presented Li with the chance to explain her actions and where the files were on multiple occasions. However, Li failed to do so, which has led to Pfizer filing a lawsuit against her. They have also filed for a temporary restraining order and for financial relief of the company’s costs.
Pfizer says they do not yet understand the full scale of the alleged intellectual property theft. This is due to the number of files involved. The company says that although Li appeared to cooperate at first, she misled the company about what she did with the files. They also allege that she presented the company with a decoy laptop to derail the investigation. The lawsuit alleges theft of trade secrets and breach of contract, among other things.
Similar cases in the biopharma industry
In another case of trade secret theft in the biopharma industry, ex-employees of Genentech recently pleaded guilty to the act. The US Department of Justice said that Xanthe Lam, who was a principal scientist at Genentech, and her husband Allen Lam pleaded guilty to conspiring to steal trade secrets to aid competitors. The pair stole information relating to several cancer drugs made by the company, Rituxan, Herceptin, and Avastin, as well as a treatment for cystic fibrosis. They gave the stolen intellectual property to JHL Biotech, a Taiwanese firm that has now been renamed Eden Biologics.
The DOJ also set its sights on other parties involved, including two co-founders of JHL Biotech, ex-CEO Racho Jordanov, and former COO Rose Lin. They all were indicted by a federal grand jury in San Francisco. Jordanov and Lin were also Genentech employees. They allegedly began scheming to steal trade secrets from the company as early at 2008. They recruited the Lams in 2009, founding JHL in 2011. The indictment also says that the two former executives of JHL obtained thousands of documents used to “cut corners, reduce costs, solve problems, save time, and otherwise accelerate product development timelines”.
Biopharma is an industry where several prominent cases of trade secret theft have taken place in recent years.
As motor vehicle theft rates increase, criminals use of technology to open and start vehicles without breaking in may be accelerating the rate of theft.
Smash and grab is no longer required to open a motor vehicle and drive off.
Vehicle theft over the years has largely been on the decline. Technology has improved, therefore, Anti-Theft Systems have gotten more advanced. Beginning around 1983, keyless entry systems began appearing on American Motors vehicles. By the mid to late 2000s, many fobs enabling remote ignition start became more common place on higher end vehicles. However, as this technology advances, criminals are finding new ways to break through.
Security researchers first reported security vulnerabilities in motor vehicle fobs around 2016. This could allow an unauthorized person to unlock and even start a vehicle by intercepting radio frequency (“RF”) emissions from a driver’s fob. Once intercepted, the unauthorized party could use the intercepted signals to conduct a replay attack. As a result, a successful attack on these identified vulnerabilities can allow the unauthorized person to unlock and start a vehicle.
RF Relay Attack Reported in 2017
On November 28, 2017, Police in West Midlands, UK released video footage showing criminals stealing a car by relaying a signal from the fob key inside the home to the car in the driveway. This fob replay attack effectively allows thieves to unlock a vehicle and start the ignition then are able to drive off with the vehicle undamaged. Later on, the thieves swap out the VINs, and reprogram new key fobs to work with the stolen vehicle.
Defcon Cyber Security and Hacker Conference Focus on Vehicle Exploitation in 2018
In 2018, Defcon, a popular cybersecurity event, attended by black and white hat hackers, featured its first Car Hacking Village. During that convention, a good deal of technology related vulnerabilities on vehicles were shared. Both White and Black Hat hackers attend these events. The Black Hats are the bad guys that seek to use security vulnerabilities to exploit weaknesses and commit crimes.
Motor Vehicle Theft data sets have yet to be released for 2021 for the entire United States. Early indicators show these types of crimes are experiencing rapid growth across the US.
High end vehicles are more likely to have keyless entry and remote ignition starting capabilities. They can also fetch a higher dollar amount when resold outside the US. As a result, according to New Jersey state police officer Cory Rodriguez, “Car theft in 2021 is up over 21% year-to-date for total thefts and about 44% for high-end vehicles.” Reports have indicated that thieves are using technology to execute vehicle thefts more efficiently and without immediate detection.
Chicago Motor Vehicle Thefts Climb with Fewer Arrests Made in 2021
Chicago Police Officers have witnessed thieves using laptops and other cyber tools to accelerate their ability to quickly steal locked vehicles. Data compiled from the City of Chicago website shows that “Motor Vehicle Thefts” across the city are accelerating at an alarming rate. The problem isn’t specific to Chicago and vehicle thefts appears to be increasing across the country as well.
Doorbell video: Car thieves use computing device to steal SUV in Metropolitan ChicagolandElmhurst – Video by WGN News
In Chicago, February 2021 crime statistics reported a total of 627 Motor Vehicle Theft incident reports filed. Of those reports, only 26 (4.1%) resulted in an arrest. Comparatively, last month in January 2022, there were 1,073 Motor Vehicle Theft related police reports filed, with only 20 (1.8%) of those resulting in an arrest.
Our data analysis of Chicago Crime statistics for the 12 month period beginning February 2021 until January 2022 indicates that there were a total of 10,823. Motor Vehicle Theft incidents reported. This equates to 395 per 100,000 persons based on Chicago’s 2021 estimated population of 2,739,797.
Vehicle thefts on the rise throughout the USA
Vehicle theft isn’t just rising in Chicago. In fact, Chicago doesn’t even rank among the top 20 US cities in vehicle thefts. For example, California, Texas and Florida are continually among the top states in vehicle theft per capita. Bakersfield, California has been the top city in vehicle thefts since 2019 and in the top 10 even longer. The rate of vehicle theft went up almost 25% from 2019 in Bakersfield in 2020.
(Denver statistics filtered for reports coded as any of the following; “burg-auto-theft-busn-no-force”, “burg-auto-theft-busn-w-force”, “burg-auto-theft-resd-no-force”, “burg-auto-theft-resd-w-force”, “robbery-car-jacking “, “theft-items-from-vehicle”, and “theft-of-motor-vehicle”) California, Texas and Florida lead the states with the greatest number of vehicle thefts and accounted for 37% of all Motor Vehicle Thefts in the nation, based on 2020 National Insurance Crime Bureau statistics.
