This Day in Legal History: National Security Act of 1947

On July 25, 1947, Congress passed the National Security Act of 1947, a landmark legislation that restructured the United States' military and intelligence operations in the post-World War II era. This pivotal act established the National Security Council (NSC), which would advise the President on security matters, and created the Central Intelligence Agency (CIA) to gather and analyze foreign intelligence. The Act also led to the formation of the Department of Defense, unifying the previously separate Department of War and Department of the Navy, and creating the National Military Establishment. This new establishment comprised three separate departments: the Army, the Navy, and the newly-formed United States Air Force. Additionally, the Joint Chiefs of Staff were established to ensure coordinated military strategy among the services. The National Security Act of 1947 fundamentally reshaped the U.S. defense and intelligence framework, reflecting the changing nature of global threats and the need for a cohesive national security strategy in the early Cold War period. This legislation laid the foundation for the modern American military and intelligence community, shaping U.S. defense policy for decades to come.

Walt Disney Co. must face a lawsuit backed by Elon Musk over the firing of Gina Carano, a former star of “The Mandalorian.” A federal judge in Los Angeles, Judge Sherilyn Peace Garnett, ruled against Disney's motion to dismiss the case, stating that Disney did not prove that employing Carano was an act of First Amendment-protected expressive association. The judge noted that Disney had not shown evidence that it hires actors to promote values like respect, decency, integrity, or inclusion.

The case will explore California's protections for employees' political activities outside of work. Carano, a former mixed martial artist, argues she was dismissed due to her political views, which clashed with the show's audience on social media. The incident that led to her firing was a February 2021 Instagram post comparing the treatment of Trump supporters to that of Jews during the Holocaust. Carano claims her male co-stars were not disciplined for their liberal-leaning posts, even when they also referenced the Holocaust. Strained logic, but we live in a time of strained logic.

Judge Garnett found that Carano sufficiently alleged her firing could have been to deflect criticism from Disney’s business practices and reorganization under former CEO Bob Chapek. Schaer Jaffe LLP represents Carano, while O’Melveny and Myers LLP represents Disney, Lucasfilm, and Huckleberry Industries. The case is Carano v. Walt Disney, C.D. Cal., No. 24-cv-1009, 7/24/24.

Disney Must Fight Musk-Backed ‘Mandalorian’ Actor Firing Suit

The U.S. Senate is set to vote on two online safety bills targeting the protection of children and teens on social media. Scheduled for Thursday, these bills have garnered broad bipartisan support and are expected to pass. Senate Majority Leader Chuck Schumer emphasized the importance of updating safety measures to address current online threats to children.

The Kids Online Safety Act (KOSA) aims to mandate social media platforms to offer minors options to safeguard their information and deactivate addictive features by default. It also imposes a legal duty on companies to mitigate risks such as suicide and disordered eating among minors.

The Children and Teens' Online Privacy Protection Act (COPPA 2.0) proposes a ban on targeted advertising to minors and data collection without their consent. It also allows parents and children to delete their information from social media platforms.

These bills represent the first significant legislative efforts to ensure online safety for children since the original COPPA was enacted in 1998. Tech companies like Microsoft and Snap have shown support for these initiatives, while Meta Platforms suggested that federal law should require app stores to seek parental approval for downloads by users under 16.

US Senate set to vote on two child online safety bills | Reuters

Boeing has finalized a guilty plea to a criminal fraud conspiracy charge and will pay at least $243.6 million for breaching a 2021 agreement with the U.S. Justice Department. This breach involved allowing potentially risky work at its factories and not ensuring accurate or complete airplane record keeping. Boeing admitted to conspiring to defraud the Federal Aviation Administration by making false representations about key software for the 737 MAX.

The Justice Department found Boeing violated the deferred prosecution agreement after a January in-flight panel blowout on an Alaska Airlines 737 MAX exposed ongoing safety and quality issues. Additionally, Boeing disclosed false stamping at its 787 plant in South Carolina, leading to further investigations. The company also failed to ensure proper sequence in airplane manufacturing, increasing the risk of defects.

By way of very brief background, "false stamping" refers to the practice of improperly marking or certifying parts or components as meeting required safety and quality standards when they do not. This fraudulent activity can involve the use of counterfeit certification stamps or documentation to falsely indicate that a part has passed necessary inspections and tests. Such actions undermine the integrity of the aircraft manufacturing process, potentially compromising the safety and reliability of the airplanes.

Boeing agreed to pay a maximum fine of $487.2 million, with a credit for its previous $243.6 million payment, and will spend at least $455 million over the next three years to enhance safety and compliance programs. An independent monitor will oversee Boeing’s compliance, with annual progress reports made public. Families of the 737 MAX crash victims can file objections before Judge Reed O'Connor, who will decide on accepting the deal and potential restitution. Boeing's board must also meet with the victims' families within four months of sentencing.

Boeing finalizes 737 MAX guilty plea deal, US outlines reasons | Reuters

United States v. The Boeing Company (4:21-cr-00005)

The Federal Trade Commission (FTC) is set to implement updates to its health data breach notification rule on July 29, which could lead to increased litigation for companies providing health-related services through mobile apps. These amendments, finalized in April, extend the rule's coverage to companies that aggregate health information from multiple sources, which are not currently governed by the Health Insurance Portability and Accountability Act (HIPAA).

The rule mandates that businesses must notify affected individuals and the FTC within 60 days of discovering a breach affecting 500 or more people. Non-compliance could result in civil penalties of up to $51,744 per violation. The FTC's amendments broaden the rule's scope, potentially transforming it from a data security breach rule to a consent requirement for sharing health data.

Legal experts have raised concerns about the FTC's lack of a precise definition for "authorized access," which could complicate compliance and lead to fines and litigation. Despite stakeholders' requests for clearer guidelines, the FTC only stated that unauthorized disclosures might include the sharing or selling of consumer information inconsistent with a company's stated policies.

The expanded rule could cover around 170,000 additional entities, though industry groups believe this number may be higher. Many of these entities might need to develop robust notification programs, as the new requirements mark unfamiliar territory for some.

The updated rule could also increase lawsuits against healthcare-related businesses for exposing user data to third-party advertisers. For example, enforcement actions against GoodRx and Easy Healthcare Corp. cited breaches due to sharing health information with advertisers via pixel tracking technology.

The FTC's broad interpretation of "unauthorized access" has significant implications. If a company's privacy policy is not sufficiently descriptive regarding data collection and sharing, the FTC may consider it an unauthorized disclosure. This aggressive stance by the FTC necessitates careful attention from industry players.

The rule also raises questions about who is responsible for reporting breaches concerning personal health records (PHR). Companies might struggle to determine whether they are acting as downstream service providers or PHR-related entities, complicating their compliance obligations.

FTC Health Breach Rule’s New Updates May Spur More Litigation

This is a public episode. If you’d like to discuss this with other subscribers or get access to bonus episodes, visit www.minimumcomp.com/subscribe