By Alexis Furgal

A regulatory sandbox is a “controlled environment” in which companies reward innovative contributions regulatory freedom with.[1] Essentially, companies enjoy (temporarily) fewer regulatory hurdles to overcome during the sprint to bring novel technologies and services to market.[2] On one hand, regulatory sandboxes foster innovation and promote advancement because companies are free to “trial run” the efficacy of–and consumer response to–their product in the marketplace.[3] On the other hand, regulatory sandboxes allow regulators to closely observe company activity and consumer response, in order to more closely tailor new regulations to the nuances revealed through the simulated market. [4]

In North Carolina, the banking and insurance industries are “major economic driver[s].”[5] Due to its technological and financial prestige, growing job opportunities, and affordability, North Carolina is uniquely poised to become a national leader in the financial technology and insurance industries. [6] As such, North Carolina joined the ranks as one of only a few states driving innovation by implementing a regulatory sandbox.[7] The first iteration of its sandbox—introduced in 2019—failed because it prioritized “innovation at the expense of consumer protection.”[8]  However, two years later, the idea was revisited by the N.C. General Assembly, with increased consumer protections built in, and this time proved fruitful.[9] In October 2021, the North Carolina Regulatory Sandbox Act of 2021 (the “Act”) was signed into effect.[10] At the time, North Carolina was one of only ten states that took such a bold approach. [11]

The Act created a framework for pioneering companies to make a case for their product or service and specify which regulations would prevent their ideas from becoming a reality. [12] The applicable State agency is then authorized, under the Act, to temporarily waive the requested requirements as they see fit, to allow the applying company a greater chance of success. [13] The Act also created the Innovation Council—a panel of 11 statutorily-designated members of various, but relevant, backgrounds—to both manage day-to-day operations and promulgate permanent sandbox rules.[14] In order to participate in the sandbox, companies must submit an application to the Council, detailing the ins and outs of their product, business model, consumer protections, risk-management strategies, and more.[15] If accepted, the company is entitled to 24 months sans (approved) regulations to offer their product to the public and strengthen their company’s continued viability before being re-subject to all applicable regulations. [16]

Unlike some of the other states that implemented comparable regulatory sandboxes, North Carolina’s sandbox does not have a statutory end date. [17]  For example, Hawaii’s regulatory sandbox recently—and right on schedule—came to an end,[18] and Utah is now in second phase of its own sandbox. [19] Although the end-date and ultimate impact of North Carolina’s regulatory sandbox is largely still inconclusive, one thing is clear: the Innovation Council remains diligently committed to furthering the goals of the Act.

Pursuant to the authority vested in it by N.C.G.S. 169, the Innovation Council has released notice of proposed permanent rules (Council Rules).[20] These Council Rules are scheduled to take effect in March 2025.[21]

While the Act left much of the application, review, and waiver process up to the Innovation Council’s discretion,[22] the Council Rules clearly delineate the sandbox application process, including voting mechanisms, mandatory opportunity for public comment, and optional company presentation of products and service to the Innovation Council for review.[23]

Interestingly, the Council Rules also incorporate an additional dimension to the application process: an “expression of interest” opportunity for companies to receive a preliminary review of their proposed product and waived requirements.[24]

Under the Act, company applications must be submitted to the Innovation Council, which then selects and refers applicants to the relevant State agencies.[25] If accepted into the program, the company is eligible to be granted a waiver of applicable statutory or regulatory requirements, provided such waiver is not broader than necessary, as determined by the applicable State agency.[26] However, per the Council Rules, it appears the Council may have increased its discretion in the review process relative to the State agencies. Under section .0106 of the Council Rules, State agencies will be provided with an opportunity to review company applications and provide recommendations, but, if the review is not provided within 45 days, the Council, “in its discretion, may deem the [] application acceptable.”[27]

Moving forward, both the content of the proposed Council Rules and responses to calls for the expansion of North Carolina’s regulatory sandbox to other industries[28] will be critical to watch.


[1] Matthew C. Christoph, Note: Criminal Justice Technology and the Regulatory Sandbox: Toward Balancing Justice, Accountability, and Innovation, 84 U. Pitt. L. Rev. 971, 975 (2023).

[2] Id.

[3] Kyle A. Conway, Comment: Blockchain Technology: Limited Liability Companies and the Need for North Carolina Legislation, 45 Campbell L. Rev. 127, 139 (2022).

[4] Id

[5] N.C. Gen. Stat. § 169-2 (2021).

[6] Kristen Smithberg, Recent College Grads Could Fare Well in These Four Markets, Globest.com (Jul. 31, 2024), https://www.globest.com/2024/07/31/recent-college-grads-could-fare-well-in-these-four-markets/.

[7] Conway, supra note 3, at 139.

[8] North Carolina’s Proposed Regulatory Sandbox Needs Work, The FinReg Blog (May 28, 2019), https://sites.duke.edu/thefinregblog/2019/05/28/north-carolinas-proposed-regulatory-sandbox-needs-work/.

[9] Conway, supra note 3, at 139.

[10] Id. at 138.

[11] Id. at 139.

[12] N.C. Gen. Stat. § 169 (2021).

[13] Bill Patterson, N.C. Legislative Analysis Division, Analysis of: House Bill 624: North Carolina Regulatory Sandbox Act (2021), https://dashboard.ncleg.gov/api/Services/BillSummary/2021/H624-SMTG-122(e4)-v-2.

[14] Id.

[15] N.C. Gen. Stat. § 169 (2021).

[16] Id.

[17] Manjeet Mane, Hawaii’s Regulatory Sandbox for Crypto Companies Concludes Today, Cryptometer.io (Jul. 1, 2024), https://www.cryptometer.io/news/hawaiis-regulatory-sandbox-for-crypto-companies-concludes-today/#:~:text=A%20total%20of%2011%20companies%20were%20approved%20to,period%20from%20July%201%20to%20December%2030%2C%202024.

[18] Hilary R. Sledge-Sarnor et al., Hawaii’s Money Transmitters Modernization Act Will No Longer Apply To Cryptocurrency Activities, Mondaq (Feb. 22, 2024), https://www.mondaq.com/unitedstates/fin-tech/1427532/hawaiis-money-transmitters-modernization-act-will-no-longer-apply-to-cryptocurrency-activities#authors.

[19] Sandbox Phase 2, Utah Office of Legal Services Innovation, https://utahinnovationoffice.org/sandbox-phase-2/#:~:text=The%20Utah%20Supreme%20Court%E2%80%99s%20legal%20regulatory%20Sandbox%20is,narrow%20the%20access-to-justice%20gap%20without%20increasing%20consumer%20harm.

[20] N.C. Innovation Council: Financial and Insurance Regulatory Sandbox (proposed effective date Mar. 1, 2025) (to be codified at 04 N.C. Admin. Code 25C.0100-.0111) [hereinafter Council Rules].

[21] Id.

[22] N.C. Gen. Stat. § 169 (2021).

[23] Council Rules, supra note 20.

[24] Id.

[25] N.C. Gen. Stat. § 169-6(a) (2021).

[26] N.C. Gen. Stat. § 169-3 (2021).

[27] Council Rules, supra note 20.

[28] Jon Sanders, Let’s Broaden North Carolina’s Regulatory Sandbox, Locke (Feb. 12, 2024), https://www.johnlocke.org/lets-broaden-north-carolinas-regulatory-sandbox/.

By Maeve Hickey

On March 21, 2024, the United States Department of Justice (“DOJ”) and sixteen states sued Apple, claiming the company has monopolized or attempted to monopolize smartphone markets.[1] The suit is the latest in a series of antitrust actions against the “Big Tech giants.”[2] The Federal Trade Commission has spearheaded enforcement efforts against Meta and Amazon, while the DOJ has taken on Google and Apple.[3] In addition to two state-law claims, the Complaint against Apple brings four claims under Section 2 of the Sherman Act, which prohibits “monopoliz[ing], or attempt[ing] to monopolize” a particular market.[4] The Complaint defines two relevant markets: the smartphone market as a whole and the narrower “performance smartphone” market of upscale, more expensive devices.[5]

The Walls Around the iPhone

Many of the allegedly monopolizing practices at issue involve Apple’s cultivation of a walled garden with one market for applications (the App Store),[6] one digital wallet (Apple Pay),[7] smartwatches (Apple Watches) that only pair with one type of phone (iPhones),[8] and a messaging platform (iMessage) only available on Apple devices.[9] A walled garden is a closed system of products or services over which a single entity—here, Apple—maintains significant control.[10] Within the walled garden, “[e]verything plays well together,” but users can encounter obstacles when they purchase non-Apple devices, or even when they communicate with someone outside of Apple’s system.[11] The DOJ argues that these difficulties are a feature, not a bug, pointing to an Apple executive’s statement that the company’s long-held control over iMessage stops “iPhone families giving their kids Android phones.”[12]

Walled gardens are referred to as gardens and not prisons for a reason: many of their qualities are attractive to users.[13] According to Apple, the suit punishes it for making “products that work seamlessly together, protect people’s privacy and security, and create a magical experience for [its] users.”[14] Even in a model as successful as Apple’s, “the ‘walled garden’ approach, without more, is not illegal.” [15] The real question is whether Apple’s restrictions on interoperability amount to monopolizing practices.[16]

Privacy and Competition

Apple has increasingly marketed itself as a leader in consumer privacy.[17] It is easy to grasp Apple’s theory that opening up the iPhone to third-party digital wallets might create an opportunity for fraudulent transactions, or that funneling all apps through the App Store helps prevent malware.[18] Counsel for Apple made this argument in a separate antitrust case brought by Epic Games, maintaining that the App Store stops “fraudsters” and “hackers” from reaching users.[19] Counsel for Epic argued that “the only thing that is kept out by Apple’s walled garden is competitors.”[20]

If the DOJ establishes its prima facie case that Apple’s tactics amount to monopolization, the theory that these same tactics protect consumer privacy is not enough on its own. The Supreme Court has held that courts “cannot indirectly protect the public . . . by conferring monopoly privileges on [a company].”[21] The Sherman Act “precludes inquiry into . . . whether competition is good or bad.”[22] Its underlying policy is singular: promotion of competition.[23] Therefore, litigants cannot obtain “special dispensation from the Sherman Act” by arguing that a monopolistic practice provides some other societal benefit.[24]

Instead of pitting privacy against competition, Apple will have to confront the allegations of monopolization head-on.[25] Where tactics leading to a monopoly are not unreasonable per se, courts employ the rule of reason, a “three-part burden-shifting test” where a plaintiff must first prove that the defendant’s conduct has had a “‘substantial anticompetitive effect that harms consumers in the relevant market.’”[26] The defendant then has the burden of producing a “procompetitive justification for its conduct,” which can include reasons like “enhanced consumer appeal.”[27] Finally, the plaintiff must either rebut the justification or “demonstrate that the anticompetitive harm . . . outweighs the procompetitive benefit.”[28]

Antitrust scholars largely agree that the government has an uphill battle in establishing that Apple’s tactics were anticompetitive rather than merely successful.[29] By making privacy a part of its brand,[30] Apple has positioned itself favorably to argue that its tactics help it appeal to consumers in a competitive marketplace. As a result, the case may hinge on the final step of the rule-of-reason analysis: whether the DOJ can establish that Apple’s grip on smartphone markets is more anticompetitive than procompetitive. While the case will likely take several years, it still may put pressure on Apple to reduce barriers to interoperability so that the company can position itself more favorably for settlement or trial.

Finally, other tech companies are on notice that Apple’s business model has drawn scrutiny. Some of them have already been advocating for courts to rein in Apple’s dominance.[31] Whatever its outcome, United States v. Apple will likely influence how other tech companies decide to structure their own walled gardens—and how much boxing in of customers is too much.


[1] Press Release, Dep’t Just. Off. Pub. Affs., Justice Department Sues Apple for Monopolizing Smartphone Markets (Mar. 1, 2024), https://www.justice.gov/opa/pr/justice-department-sues-apple-monopolizing-smartphone-markets.

[2] Bryan Koenig & Stewart Bishop, DOJ Sues Apple, Rounds Out US Claims Against Tech Big 4, Law360 (Mar. 21, 2024, 10:52 AM EDT), https://www.law360.com/competition/articles/1805422/doj-sues-apple-rounds-out-us-claims-against-tech-big-4.

[3] Id.

[4] Compl. at 71–76, United States v. Apple, No. 2:24-CV-04055 (D.N.J. Mar. 21, 2024), ECF No. 1 (hereinafter “Complaint”); 15 U.S.C. § 2.

[5] Complaint ¶¶ 165, 172.

[6] Id. ¶ 41.

[7] Id. ¶ 11.

[8] Id. ¶ 96. 

[9] Id. ¶¶ 80, 91. 

[10] See Michael H. Wolk, The iPhone Jailbreaking Exemption and the Issue of Openness, 19 Cornell J.L. & Pub. Pol’y 795, 797 (2010).

[11] Joanna Stern, iPhone? AirPods? MacBook? You Live in Apple’s World. Here’s What You Are Missing., Wall St. J. (June 4, 2021, 10:40 AM ET), https://www.wsj.com/articles/iphone-airpods-macbook-you-live-in-apples-world-heres-what-you-are-missing-11622817653.

[12] Complaint ¶¶ 80, 91.

[13] See Stern, supra note 11.

[14] Michael Liedtke et al., Justice Department sues Apple, alleging it illegally monopolized the smartphone market, Assoc. Press (Mar. 21, 2024, 4:12 PM EDT), https://apnews.com/article/apple-antitrust-monopoly-app-store-justice-department-822d7e8f5cf53a2636795fcc33ee1fc3.

[15] Apple iPod iTunes Antitrust Litig., No. 05-CV-0037, 2014 WL 12719194, at *3 (N.D. Cal. Nov. 25, 2014).

[16] See Mark A. Lemley, The Splinternet, 70 Duke L.J. 1397, 1424 (2021).

[17] See, e.g., Apple, Privacy on iPhone | Data Auction | Apple, YouTube (May 18, 2022), https://youtu.be/NOXK4EVFmJY?feature=shared; Press Release, Apple, Apple builds on privacy commitment by unveiling new education and awareness efforts on Data Privacy Day (Jan. 24, 2023), https://www.apple.com/newsroom/2023/01/apple-builds-on-privacy-commitment-by-unveiling-new-efforts-on-data-privacy-day/.

[18] Liedtke et al., Justice Department sues Apple, supra note 14.

[19] See Michael Liedtke, Battle over the iPhone app store spills into appeals court, Assoc. Press (Nov. 14, 2022, 7:56 PM EDT), https://apnews.com/article/technology-business-apple-inc-games-c5fcfcc748398aa2f56586256711b0b9. Unlike the DOJ’s case, which focuses on smartphone markets, Epic’s case targets the App Store. Id.

[20] Id.

[21] Nat’l Soc’y Pro. Eng’rs v. United States, 435 U.S. 679, 695–96 (1978).

[22] Id. at 695.

[23] See Erika M. Douglas, Data Privacy as a Procompetitive Justification: Antitrust Law and Economic Analysis, 97 Notre Dame L. Rev. Reflection 430 (2022).

[24] Nat’l Collegiate Athletic Ass’n v. Alston, 594 U.S. 69, 94–95 (2021).

[25] Douglas, supra note 23, at 465 (explaining that the “social value of data privacy does not render its protection an antitrust concern under existing law.”).

[26] FTC v. Qualcomm Inc., 969 F.3d 974, 989, 991 (9th Cir. 2020) (quoting Ohio v. Am. Express Co., 585 U.S. 529, 541 (2018)).

[27] United States v. Microsoft Corp., 253 F.3d 34, 59 (D.C. Cir. 2001) (internal quotation marks omitted).

[28] Id.

[29] See Daniel A. Crane, Ranking the Big Tech Monopolization Cases, Yale J. on Regul: Notice & Comment (Mar. 26, 2024), https://www.yalejreg.com/nc/ranking-the-big-tech-monopolization-cases-by-daniel-a-crane/; Alex Keenan, ‘Apple will prevail’: US faces uphill slog in new antitrust battle, Yahoo! Finance (Mar. 27, 2024), https://finance.yahoo.com/news/apple-will-prevail-us-faces-uphill-slog-in-new-antitrust-battle-080027800.html.

[30] See supra note 17.

[31] See Dorothy Atkins, Microsoft, Others Can Weigh In On Epic, Apple App Store Row, Law360 (Apr. 5, 2024, 6:39 PM EDT), https://www.law360.com/articles/1822267/microsoft-others-can-weigh-in-on-epic-apple-app-store-row (discussing motions by Microsoft Corp., X Corp., Spotify USA, Inc., and others to file amicus briefs in Epic’s suit against Apple).

By Stephanie Flynn

California Attorney General Rob Bonta (A.G. Bonta) filed a Complaint against Amazon.Com, Inc. (Amazon) in San Francisco Superior Court claiming the tech company violated California’s Cartwright Act and California’s Unfair Competition Law.[1]  A.G. Bonta believes the lawsuit has a good chance of success despite the dismissal of a nearly identical claim brought by Washington D.C. Attorney General Karl Racine (A.G. Racine) against Amazon in the Superior Court of the District of Columbia.[2]  A.G. Bonta believes California’s pro-consumer state laws distinguish California from D.C. and will result in a favorable outcome for California.[3]

The Complaint filed by A.G. Bonta claims that Amazon’s market power gives it the ability to coerce third party sellers and wholesalers into agreeing to contractual provisions that promote anticompetitive conduct.[4] The Complaint alleges Amazon’s Retail Price Parity agreements are anticompetitive in nature because they require sellers to sign a Business Solutions Agreement, forcing sellers to agree to Amazon Marketplace’s “Program Policies.”[5]  Program policies include agreeing to Retail and Wholesale Price Parity Provisions.[6]  These contractual provisions prohibited retail sellers and wholesalers from listing their products for a lower price than their Amazon-listed price on any other channel of sale.[7]

The Complaint claims the price parity agreements are anticompetitive because they allow Amazon to insulate itself from competition, place barriers to entry, charge higher prices to consumers, and prevent consumers from benefiting from the full output of low prices across online retail stores that they would experience in a freely competitive market.[8]  A.G. Bonta claimed Amazon’s anticompetitive practices have effectively set a price floor costing both California retailers and consumers money.[9]  California’s Complaint claims Amazon violated the state’s Cartwright Act.[10]  The Cartwright Act is consumer friendly because it prohibits trusts from creating restrictions in trade or commerce.[11]  California’s Business and Professional Code defines a “trust” as a “combination of capital . . . or acts by two or more persons” and prevents trusts from creating restrictions in trade or commerce; increasing the price of any commodity; preventing competition; and fixing prices.[12]  He believes this lawsuit is important to combat the severe and far-reaching implications Amazon’s market power and coercive pricing tactics have on consumers.[13]

California state law may result in a successful lawsuit despite the dismissal of a nearly identical lawsuit, filed in Washington, D.C. by A.G. Racine against Amazon, earlier this year.[14]  D.C.’s lawsuit, like California’s, claims Amazon violated D.C.’s antitrust laws for barring third-party sellers from offering their products for lower prices on other online retail channels.[15]  The D.C. Complaint claimed Amazon’s anticompetitive practices violated § 28-4502 of the District of Columbia Antitrust Act (the Act).[16]  The Act provides “[e]very contract, combination in the form of a trust or otherwise, or conspiracy in restraint of trade or commerce all or any part of which is within the District of Columbia is declared to be illegal.”[17]  The Act uses broader language and lacks the explicit limitations on restraints on trade the California’s Cartwright Act places on trusts.

The D.C. Superior Court granted Amazon’s motion to dismiss the claim.[18]  Amazon argued using pricing restrictions in contracts is a common and legal practice in the retail industry.[19]  The court determined D.C.’s Complaint failed to state an anticompetitive effect under D.C. law.[20]  While the D.C. Superior Court found D.C. failed to state a claim, California’s claim provides numerous examples of Amazon engaging in conduct prohibited by California state law and harmful to consumers.[21]  A.G. Bonta was able to learn from the D.C. Superior Court ruling to ensure the Complaint included enough evidence to show Amazon’s Pricing Parities have an anticompetitive effect.[22]

The outcome of the D.C. lawsuit against Amazon did not deter A.G. Bonta from filing the lawsuit against Amazon.  He believes California’s pro-consumer state law allows for the possibility of a more favorable result in California than in D.C.’s claim against Amazon.[23]  The outcome of this case will be influential on future litigation against Big Tech companies.[24]  Depending on the outcome, other states looking to curb Big Tech’s anticompetitive tactics will look to legal decisions made from this case and apply them.[25]  It will be interesting to see whether California’s pro-consumer state law results in a different outcome and whether California will be able to provide a greater amount of evidence


[1] Complaint at 1, People of California v. Amazon.com, Inc., No. CGC-22-601826 (Cal. Super. Ct. Sept. 15, 2022), 2022 WL 4289172.

[2] David McCabe, D.C. Suit Accusing Amazon of Controlling Prices Is Thrown Out, N.Y. Times (March 18, 2022) https://www.nytimes.com/2022/03/18/technology/amazon-dc-antitrust-suit.html#:~:text=The%20lawsuit%20focused%20on%20how,the%20board%2C%20the%20suit%20argued.

[3] Dan Papscun, Amazon Faces Expansive California Antitrust Law in Pricing Suit, Bloomberg L. (Sept. 21, 2022) https://news.bloomberglaw.com/tech-and-telecom-law/amazon-faces-expansive-california-antitrust-law-in-pricing-suit.   

[4] Complaint at 15, People of California v. Amazon.Com, Inc., No. CGC-22-601826 (Cal. Super. Ct. Sept. 15, 2022).

[5] Id. at 42.

[6] Id. at 42, 65.

[7] Id. at 43.

[8] Id. at 77.

[9] Karen Weise & David McCabe, California Files Antitrust Lawsuit Against Amazon, N.Y. Times (Sept. 14, 2022) https://www.nytimes.com/2022/09/14/technology/california-files-antitrust-lawsuit-against-amazon.html.

[10] Complaint at 1, People of California v. Amazon.Com, Inc., No. CGC-22-601826 (Cal. Super. Ct. Sept. 15, 2022).

[11] Bus. & Prof. § 16720.

[12] Bus. & Prof. § 16720(a)-(d).

[13] Weise & McCabe, supra note 9.

[14] Papscun, supra note 3.

[15] Rhea Binoy, U.S. Court Dismisses D.C. Antitrust Lawsuit Against Amazon, Reuters (March 21, 2022) https://www.reuters.com/business/retail-consumer/us-court-dismisses-dc-antitrust-lawsuit-against-amazon-2022-03-19/.

[16] Complaint at 1, District of Columbia v. Amazon.Com, Inc. (May 25, 2021).

[17] D.C. Code Ann. § 28-4502 (West 2022).

[18] John D. McKinnon, Amazon Wins Dismissal of D.C. Antitrust Lawsuit Over Pricing, Wall St. J. (March 18, 2022), https://www.wsj.com/articles/amazon-wins-dismissal-of-d-c-antitrust-lawsuit-over-pricing-11647645389.

[19] Id.

[20] Papscun, supra note 3.

[21] Id.

[22] Id.

[23] Id.  

[24] Weise & McCabe, supra note 9.

[25] Id.

By Maryclaire M. Farrington

It’s a tale as old as time: the Ivy League dropout turned tech icon.[1]  Media’s maître d’ of tech, Elizabeth Holmes, was fawned by Forbes, Fortune, Time, and the New Yorker, to name a few.[2]  Nearly twenty years after founding Theranos Inc.,[3] her name flashes through the media again.[4]  However, this time, the headlines read “Theranos Founder Guilty of Fraud.”[5]

At nineteen, Holmes sought to “revolutionize the blood-testing industry” by creating a device that would run a full blood workup using a vial of a few drops of the patient’s blood.[6]  In theory, Holmes’s device would run the traditional bloodwork exam with a fraction of the blood, in a fraction of the time, and at a fraction of the cost of the traditional method.[7]

The company operated like a Silicon Valley tech startup that was shrouded in secret[8] and made “big promises . . . with little proof.”[9]  Operating under the protection of secretive and complex technological promises, Holmes adopted a “fake it till you make it” attitude, making empty promises to investors that she would deliver on her blood testing machine.[10]  Holmes’s “fake it till you make it” attitude worked.  With the help of $400 million from investors, Theranos was valued at $9 billion at its peak.[11]  But despite the company’s explosion of good press and high valuations, the science wasn’t working: the tests weren’t reliable, and the blood was actually being shipped and tested using traditional machines.[12]  Theranos denied the rumors, but dodged questions citing “trade secrets.”[13]

In 2018, Holmes was charged with two counts of conspiracy to commit wire fraud and ten counts of wire fraud,[14] including the accusation that Holmes defrauded both investors as well as patients.[15]  One of the conspiracy charges and several of the wire fraud charges alleged that Holmes defrauded investors.[16]  The other conspiracy charge and the remaining wire fraud charges alleged she defrauded patients and doctors.[17]  The jury found Holmes guilty of the investor conspiracy count and three counts of investor wire fraud, which included wire transfers above $140 million.[18]  Holmes was acquitted of the patient wire fraud count, three wire fraud counts, and one count of patient wire fraud was dismissed during trial. [19]  The final three investor fraud counts resulted in a hung jury. [20]  So how did the Silicon Valley business mogul turn criminal?

Special Agent in Charge Bennett said, “This conspiracy misled doctors and patients about the reliability of medical tests that endangered health and lives.”[21]  But, the jury did not find the Theranos founder guilty of the four total counts of fraud for misleading patients and the inaccuracy of the blood tests.[22]  This is likely explained by the fact that  Holmes was directly involved in the investor fraud, while she was not so directly involved in defrauding patients and customers.[23]  The blurred lines between Holmes and doctors and patients made it much more difficult for the prosecution to prove those counts of fraud.[24]  Yet, some say that while the relationship is less clear, Holmes clearly “crossed a moral boundary,” and the not-guilty verdicts “represent an important missed opportunity for the legal system to restrain Silicon Valley’s dangerous embrace of ‘disruption’ at all costs by calling the intentional disregard for the public’s welfare a crime.”[25]

In retrospect, Theranos was built on smoke and mirrors—big promises and bigger secrets.  Indeed, Silicon Valley startup culture is often “hyperbolic” and based on “puffery,” and the trial court (and the jury) seemed to believe Holmes when she claimed she truly thought the Theranos technology would transform into what she advertised.[26]  Yet, Holmes’s technology wasn’t just another “typical start-up”[27]—Holmes built medical devices, not apps.[28]  But confidence and ambition trumped science and reason, and even investors with knowledge in healthcare trusted the innovators and the process.[29]  Perhaps the Theranos trial is an opportunity for investors and the public to reconsider their trust in the Silicon Valley system and to demand results instead of promises.

Calls for change to Silicon Valley have already begun.  Jina Choi, director of the SEC’s San Francisco Regional Office, said, “The Theranos story is an important lesson for Silicon Valley . . . . Innovators who seek to revolutionize and disrupt an industry must tell investors the truth about what their technology can do today, not just what they hope it might do someday.”[30]  Alternatively, in order to keep corporations and their officers accountable, some propose that federal agencies such as the Food and Drug Administration should be given greater resources to properly investigate and review bourgeoning startups.[31]

A 2019 New York Times article nearly predicted the exact outcome of the Theranos trial: “The challenge with charging corporate executives is that they are often insulated from the decisions that violate the law.  That can make it difficult, if not impossible, for prosecutors to prove they have the requisite intent.”[32]  In 2019, some politicians and legal experts, including Elizabeth Warren, suggested that the requirement of criminal intent for fraud should be replaced with a negligence standard.[33]  Warren’s proposed 2019 “Corporate Executive Accountability Act” would hold executives liable if they “negligently permit or fail to prevent a violation of law.”[34]  Such a law would undoubtably change Silicon Valley—but morally for the better.

Though it is promising that Holmes was investigated and eventually held responsible for investor conspiracy and wire fraud,[35] it is imperative to recall Holmes’s ability to captivate investors and the general public alike.[36]  Furthermore, the reasoning for her acquittal on the charges regarding patients was the lack of direct involvement with patients, yet her strategies were the same.[37]  If courts were to hold executives to a negligence standard, then Holmes’s trial would likely have a different outcome and find Holmes guilty of patient-related fraud. [38]  Change is necessary in Silicon Valley, and holding executives accountable is the ultimate mechanism to promote justice.


[1] See, e.g., Raqeebah, Theranos and the Continuing Allure of the Ivy League Dropout, Medium (Sept. 10, 2020), https://medium.com/swlh/theranos-and-the-continuing-allure-of-the-ivy-league-dropout-a8e8e8f97113; see also, e.g., Noah Kulwin, Theranos CEO Elizabeth Holmes’s Five Best Cover Story Appearances, Ranked, Vox: Recode (Oct. 26, 2015, 4:04 PM), https://www.vox.com/2015/10/26/11620036/theranos-ceo-elizabeth-holmess-five-best-cover-story-appearances.

[2] Kulwin, supra note 1.

[3] Zaw Thiha Tun, Theranos: A Fallen Unicorn, Investopedia  https://www.investopedia.com/articles/investing/020116/theranos-fallen-unicorn.asp (Jan. 4, 2022).

[4] See, e.g., Kulwin, supra note 1.

[5] See, e.g., James Clayton, Elizabeth Holmes: Theranos Founder Convicted of Fraud, BBC News (Jan. 4, 2022), https://www.bbc.com/news/world-us-canada-59734254; Michael Liedtke, Theranos Founder Elizabeth Holmes Convicted of Fraud and Conspiracy, Time, https://time.com/6132636/elizabeth-holmes-guilty/ (Jan. 4, 2022, 2:38 AM).

[6] Tun, supra note 3; Ken Auletta, Blood, Simpler, The New Yorker: Annals of Innovation (Dec. 8, 2014), https://www.newyorker.com/magazine/2014/12/15/blood-simpler.

[7] Auletta, supra note 6.

[8] Id.

[9] Kari Paul, Elizabeth Holmes Trial: Silicon Valley Watches Next Steps in High-Profile Case, The Guardian (Jan. 4, 2022, 2:30 PM), https://www.theguardian.com/technology/2022/jan/04/elizabeth-holmes-conviction-silicon-valley.

[10] Timothy B. Lee, How a Culture of Secrecy Set Theranos up for Failure, Vox (Oct. 23, 2015, 12:50 PM), https://www.vox.com/2015/10/23/9603442/theranos-elizabeth-holmes-secrecy.

[11] John Carreyrou, Hot Startup Theranos Has Struggled with Its Blood-Test Technology, Wall St. J. https://www.wsj.com/articles/theranos-has-struggled-with-blood-tests-1444881901 (Oct. 16, 2015, 3:20 PM).

[12] Id.

[13] Id.

[14] Press Release, U.S. Dep’t of Just., Theranos Founder Elizabeth Holmes Found Guilty of Investor Fraud (Jan. 4, 2022), https://www.justice.gov/usao-ndca/pr/theranos-founder-elizabeth-holmes-found-guilty-investor-fraud.

[15] Id.

[16] Id.

[17] Id.

[18] Id.

[19] Id.

[20] Id.

[21] Press Release, U.S. Dep’t of Just., Theranos Founder and Former Chief Operating Officer Charged in Alleged Wire Fraud Schemes (June 15, 2018), https://www.justice.gov/usao-ndca/pr/theranos-founder-and-former-chief-operating-officer-charged-alleged-wire-fraud-schemes.

[22] Noam Cohen, The Elizabeth Holmes Verdict and the Legal Loophole for ‘Disruption’, Wired (Jan. 5, 2022, 3:57 PM), https://www.wired.com/story/holmes-theranos-legal-loophole-disruption/.

[23] Id.

[24] Brandon Kim, Legal Experts Divided Over Elizabeth Holmes Verdict’s Accuracy, Significance of Case, The Stanford Daily (Jan. 6, 2022, 8:21 PM), https://stanforddaily.com/2022/01/06/legal-experts-divided-over-elizabeth-holmes-verdicts-accuracy-significance-of-case/.

[25] Cohen, supra note 22.

[26] Kim, supra note 24.

[27] Erin Woo, What Elizabeth Holmes’s Trial Means for Silicon Valley, N.Y. Times (Nov. 23, 2021), https://www.nytimes.com/2021/11/23/technology/elizabeth-holmess-trial-silicon-valley.html.

[28] Id.

[29] James Clayton, Elizabeth Holmes: Has the Theranos Scandal Changed Silicon Valley?, BBC News (Jan. 4, 2022), https://www.bbc.com/news/technology-58469882.

[30] Erin Griffith, Theranos and Silicon Valley’s ‘Fake It Till You Make It’ Culture, Wired (Mar. 14, 2018, 3:12 PM), https://www.wired.com/story/theranos-and-silicon-valleys-fake-it-till-you-make-it-culture/.

[31] Clayton, supra note 29.

[32] Peter J. Henning, Elizabeth Warren Wants to Make It Easier to Prosecute Executives,  N.Y. Times (Apr. 22, 2019), https://www.nytimes.com/2019/04/22/business/dealbook/elizabeth-warren-finance-executives.html.

[33] Id.

[34] Id.

[35] Press Release, U.S. Dep’t of Just., supra note 14.

[36] See, e.g., Carreyrou, supra note 11.

[37] See Cohen, supra note 22.

[38] See Henning, supra note 32.


Post image by Marco Verch Professional Photographer on Flickr

By Morgan Kleinhandler

There is no doubt that the advance of modern technology has allowed for an increase in the interconnected nature of American society.[1]  Specifically, the popularity of smartphones has allowed for a new level of immediate interconnectedness that was previously impossible. [2] With this rise in technology has come a new form of human interaction that can lead to dangerous and irreparable consequences[3]—for example, encouraging the suicide of another through text messaging.  A new legal precedent has been set in Massachusetts to deter this type of encouragement, making it a criminally punishable offense to encourage suicide through texting.[4]  In many states, it is illegal to assist in the suicide of another, and being found guilty of doing so will result in criminal liability.[5]  As technology has evolved, the state of Massachusetts has made national headlines for including the encouragement of suicide through text message as an illegal and punishable form of assisting in a suicide.[6]

In 2017, Michelle Carter was found guilty in Massachusetts state court for encouraging her boyfriend, Conrad Roy, to commit suicide through thousands of text messages.[7]  Similarly, this past month, on December 23, 2021, Inyoung You pleaded guilty in Massachusetts to assisting in the suicide of her boyfriend, Alexander Urtula, through about 47,000 text messages.[8]  Both cases have grabbed national attention[9] and have opened Americans’ eyes to the way that communication through technology can lead to dire consequences.

The Supreme Court has established that the right to suicide is not a fundamental or liberty interest protected by the Constitution, and governmental impairment to the right to suicide will receive the lowest level of scrutiny from the courts.[10]  However, the First Amendment establishes the right to free speech for all citizens,[11] which the Supreme Court has long interpreted.[12]  The Supreme Court has held that the First Amendment, which states that “Congress shall make no law . . . abridging the freedom of speech,”[13] establishes a “fundamental personal right[]”[14] to free speech which can only be impaired by the government if such impairment survives strict scrutiny.[15]  Because the right to suicide is not constitutionally protected and receives minimal scrutiny[16] whereas government impairment on freedom of speech receives the highest level,[17] some courts have held that encouraging another’s suicide will be punishable only if strict scrutiny for such punishment is met.[18]  For these reasons, the Minnesota Supreme Court held that verbal encouragement to another person before that person’s suicide is constitutionally protected speech that could not be criminally punishable because it does not survive strict scrutiny.[19]

The State of Massachusetts interpreted the situation differently, however, finding that when speech constitutes the crime of involuntary manslaughter, First Amendment rights are not affected.[20]  In the case of Michelle Carter, the court clarified that it was not simply Carter’s words that were being punished; it was “reckless or wanton words causing death” that constituted a crime.[21]  The court held that even though Carter committed the crime of involuntary manslaughter using just words, she could not “escape liability” through First Amendment protection.[22]  Thus, because Carter’s illegal conduct was being punished, and not Carter’s speech alone, her First Amendment right to free speech was not violated.[23] 

Massachusetts also concluded restriction of verbal encouragement of suicide could pass strict scrutiny even if the First Amendment applied because the state “has a compelling interest in deterring speech that has a direct, causal link to a specific victim’s suicide.”[24]  On appeal, the court affirmed that the state had a justifiable reason to restrict Carter’s speech, holding that the state has a “compelling interest in preserving life.”[25]  Through Massachusetts’s reasoning, because states have a compelling interest in deterring citizens from committing suicide, especially with the encouragement of others leading to the suicide,[26] the constitutional protections provided by the First Amendment may be overcome in cases like Michelle Carter and Inyoung You.

The Massachusetts court in Carter did point out, however, that the elements of involuntary manslaughter charges must be met on a case-by-case basis to rightfully prove that charge in the case of encouraging suicide through text message.[27]  In Massachusetts specifically, in order to prove involuntary manslaughter, the state must prove that the defendant caused the death of another through wanton or reckless behavior or failure to act.[28]  These elements align with many other states’ laws on involuntary manslaughter.[29] In Carter’s case, the court found that her text messages were enough to prove she committed involuntary manslaughter.[30]  The court reasoned that because Carter had such a close relationship with her boyfriend and because her text messages were so supportive and temporally close to Roy’s suicide that they were a probable cause of his suicide.[31]  Carter’s case was appealed to the United States Supreme Court, but the Court denied the petition for writ of certiorari,[32] suggesting that the Court may agree with Massachusetts’s analysis on the matter.

Michelle Carter’s sentence was the first time an American has been punished for encouraging the suicide of another using only text messaging.[33]  A few years later, Inyoung You’s sentencing following a guilty plea for a near-identical situation shows a trend in punishing text messages which explicitly encourage the suicide of another.[34]  Although both Carter and You’s cases occurred in Massachusetts, this trend of punishing those who actively encourage and contribute to the suicide of another using technological communication could very well become a trend throughout the states.


[1] Ray Zinn, The Interconnectedness of Things, Forbes (Dec. 15, 2017, 9:00 AM), https://www.forbes.com/sites/forbestechcouncil/2017/12/15/the-interconnectedness-of-things/?sh=18e1245865d1.

[2] Christian Jarrett, How Are Smartphones Affecting Our Relationships?, World Econ. Forum (Nov. 3, 2015), https://www.weforum.org/agenda/2015/11/how-are-smart-phones-affecting-our-relationships/.

[3] See generally Melissa Locker, Two Young Women Have Been Accused of Persuading Their Boyfriends to Kill Themselves—but Why?, Health (Jan. 24, 2020), https://www.health.com/mind-body/inyoung-you-case-commit-suicide (discussing how texting can lead to more detached feelings and judgments).

[4] Commonwealth v. Carter, 115 N.E.3d 559 (2019), cert. denied 140 S. Ct. 910 (2020).

[5] Sierra Taylor, Comment, Kill Me Through the Phone: The Legality of Encouraging Suicide in an Increasingly Digital World, 2019 BYU L. Rev. 613, 627 (2020).

[6] Locker, supra note 3.

[7] Carter, 115 N.E.3d at 561–62, 574.

[8] Marisa Sarnoff, Inyoung You Pleads Guilty in Boston Manslaughter-by-text Case, Can’t Profit from Story, Bos. Herald, https://www.bostonherald.com/2021/12/23/inyoung-you-pleads-guilty-in-boston-manslaughter-by-text-case-cant-profit-from-story/ (Dec. 23, 2021, 8:11 PM); Locker, supra note 3.

[9] Sarnoff, supra note 8; Locker, supra note 3.

[10] Washington v. Glucksberg, 521 U.S. 702, 728 (1997).

[11] U.S. Const. amend. I.

[12] See, e.g., Gitlow v. New York, 268 U.S. 652, 666–69 (1925); Cohen v. California, 403 U.S. 15, 23–26 (1971); Reno v. Am. C.L. Union, 521 U.S. 844, 870–74 (1997).

[13] U.S. Const. amend. I.

[14] Gitlow, 268 U.S. at 666.

[15] Id.

[16] Washington v. Glucksberg, 521 U.S. 702, 728 (1997).

[17] Gitlow, 268 U.S. at 666.

[18] State v. Melchert-Dinkel, 844 N.W.2d 13, 24 (Minn. 2014); cf. Commonwealth v. Carter, 115 N.E.3d 559, 572 (Mass. 2019), cert. denied 140 S. Ct. 910 (2020).

[19] Melchert-Dinkel, 844 N.W.2d at 24.

[20] Carter, 115 N.E.3d at 572.

[21] Id.

[22] Id. at 570.

[23] Id. at 571.

[24] Commonwealth v. Carter, 52 N.E.3d 1054, 1064 n.17 (Mass. 2016), aff’d, Carter, 115 N.E.3d 559.

[25] Carter, 115 N.E.3d at 572.

[26] Id.

[27] Carter, 52 N.E.3d at 1063.

[28] Carter, 115 N.E.3d at 569.

[29] See 40 C.J.S. Homicide § 127 (2021) (describing broad elements of involuntary manslaughter statutes).

[30] Id.at 568.

[31] Id.

[32] Carter v. Massachusetts, 140 S. Ct. 910 (2020).

[33] Locker, supra note 3.

[34] Id.


Post image by Helen Harrop on Flickr

By: Inyoung Park

Many companies, large or start-up, are recognizing the potential of quantum technology.[1] Quantum technology is based on quantum mechanics that study the movements of subatomic particles.[2] Unlike other particles that follow Newtonian physics, the quantum system differs in that the particles can be in superposition and exhibit entanglement, for example.[3] Superposition means that objects can “exist in multiple states at the same time.”[4] whereas entanglement means that two particles replicate each other’s moves even when they are apart.[5]

Quantum computing is using quantum technology to reach a fast speed.[6] Ordinary computers today convert information into binary digits, also called bits.[7] Each bit only has two possible values: zero and one.[8] However, a combination of these binary digits allow computer processing text documents to provide a web-based service.[9] Like ordinary computers, quantum computers translate information into bits called qubits.[10] The difference is that, unlike normal bits, qubits do not have to choose either zero or one:[11] they can also be “in a state where it is both [values] at the same time” based on superposition.[12] This unique property of qubits allows quantum computers to be faster, store more information, and work multiple calculations simultaneously.[13]

Despite the benefits advanced technology quantum computing can bring, it is not without its faults.[14] It, for example, still requires a way for qubits to operate in higher temperatures, and an ability to withstand and operate normally even after electrical disturbance.[15] When quantum computers are fully developed in the future, it is expected to be powerful enough to break through most of the encryption present today.[16] Current encryption systems rely on large prime numbers since today’s computers have a hard time factoring these large numbers to break the encryption.[17] However, quantum computers can, potentially, break them all and jeopardize the security of digital data.[18] For this reason, the legal system has to adapt to the changing technology system to protect digital information.

Regulations such as Article 5 of the European Union’s General Protection Regulation (“GDPR”) and the Cybersecurity Act require personal data to be stored with appropriate security and protection against unauthorized users.[19] However, there is new legislation available that would prevent victims of quantum computing from being placed at fault at times where new technology and the COVID-19 pandemic increased their risk of cybersecurity.[20]

At least 45 states and Puerto Rico have introduced more than 250 bills or resolutions dealing with cybersecurity.[21] Legislative activity includes measures “requiring government agencies to implement cybersecurity training, to set up and follow formal security policies, standards, and practices, and to plan for and test how to respond to a security incident.”[22] They also mentioned creating task forces specifically to study and advise on matters of cybersecurity issues.[23]

Senators also have drafted a bill to require public and private entities to report cybersecurity violations within 24 hours of a breach to the government.[24] President Biden stated that to ensure cybersecurity, the private sector must “partner with the Federal Government to foster a more secure cyberspace.”[25] Since there is no single federal standard regarding cybersecurity breach notification,[26] the passage of the bill can provide a platform for a unified procedure in dealing with the problem.

There is an effort to also strengthen the connection between the national cybersecurity chain with state and local governments.[27] President Biden has stressed providing significant investments to defend against cybersecurity, rather than incremental improvements.[28] State and local governments generally do not have the same resources to dedicate to cybersecurity protection as private companies and federal agencies, as these groups typically have more money to protect their networks against cybersecurity. However, Congress recently provided $360 billion to states to increase their spending on cybersecurity.[29] But the amount can increase under the new legislation that is getting drafted, which aims to provide as much as $500 million to states and local governments annually for them to continuously monitor networks.[30]

President Biden has responded with an executive order on “Improving the Nation’s Cybersecurity” to keep pace with the ever-changing technology.[31] It stated that “the Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services; . . . and invest in both technology and personnel to match these modernization goals.”[32] Since the drafting of legislation and execution of the executive order all occurred in early 2021, more time is needed to see the outcomes and effects on cybersecurity.

In 2018, Arvind Krishna, a director of IBM Research, warned that “anyone that wants to make sure that their data is protected for longer than 10 years should move to alternate forms of encryption now.”[33] However, there wasn’t known legislation or policies on the requirement of minimum or maximum encryption strength in the past.[34]

Today, there are studies to find strong encryption methods to prepare for quantum computing. For example, encryption method can increase the key size and expand the space that the system must search through to find the key to unlock the encryption.[35] Researching and transferring the computing program to a new, safe encryption method will take a lot of money because the process is large-scaled and time consuming.[36] The United States government has sought to find quantum-safe encryption methods for government use through the National Security Agency (NSA) and the National Institute of Standards and Technology (NIST).[37] NIST also developed quantum cryptography standards private sectors can adopt to develop quantum-safe encryption.[38]

Quantum Computing can provide many benefits to society, but it can do so only if the legal system is equipped to provide cybersecurity. The legislative and executive branches recognize the fast-growing problems quantum computing can impose on cybersecurity and are actively suggesting ways to create protective measures against cyber danger, finance and the protection of encryption. Cybersecurity matters for everyone. People should follow to see if quantum computing can destroy encryption method and how law can develop to protect cybersecurity in danger.


[1] John Preskill, Quantum Computing in the NISQ Era and Beyond, 2 Quantum 79, 79 (2018).

[2] Jeanne Whalen, Seven Basic Questions about Quantum Technology, Answered, Wash. Post: Bus. (Aug. 18, 2019), https://www.washingtonpost.com/business/2019/08/18/seven-basic-questions-about-quantum-technology-answered/.

[3] Id.

[4] Id.

[5] Kenneth Macdonald, Scientists Shed New Light on ‘Entangled’ Particles, BBC News (Aug. 5, 2020), https://www.bbc.com/news/uk-scotland-53650369

[6] Schohini Ghose, Are You Ready for the Quantum Computing Revolution?, Harv. Bus. Rev. (Sept. 17, 2020), https://hbr.org/2020/09/are-you-ready-for-the-quantum-computing-revolution.

[7] Nat’l Acads. of Scis., Eng’g, and Med. et al., Quantum Computing: Progress and Prospects 24 (Emily Grumbling and Mark Horowitz eds., 2019), https://www.nap.edu/read/25196/chapter/4.

[8] Id.

[9] Id.

[10] Shannon Flynn, What is Quantum Computing and How is it Disrupting Law Firms?, Law Tech. Today (Dec. 15, 2020), https://www.lawtechnologytoday.org/2020/12/what-is-quantum-computing-and-how-is-it-disrupting-law-firms/.

[11] Id.

[12] Nat’l Acads. of Scis., Eng’g, and Med. et al, supra note 6, at 24.

[13] Flynn, supra note 7.

[14] Mauritz Kop, Regulating Transformative Technology in the Quantum Age: Intellectual Property, Standardization & Sustainable Innovation, 2 Stan. L. Sch. 1, 6 (2020).

[15] Id. at 6–7.

[16] Henry Kenyon, CQ Roll Call, Quantum Computing: Developing Secure, Un-Hackable Networks, Westlaw (Jan. 17, 2018), https://1.next.westlaw.com/Document/I4aee8a9dfbd211e79bf099c0ee06c731/View/FullText.html?navigationPath=%2FFoldering%2Fv3%2Fparki20%3D40wfu.edu%2Fhistory%2Fitems%2FdocumentNavigation%2F4d436bad-0277-47da-81d3-d67f4fe6176c%2FZ7s7PRgW%7CQFWun%609Lv2VkEXF5JqsOspP045ZMGM5tHL%60XO0PmgprzEHpBoPSQRMto21rXA3TKIXiY0c0hlUeHPZ%7CesBAm1oP&listSource=Foldering&list=historyDocuments&rank=5&sessionScopeId=3b9475abdd71b63cb023a62ee23622f244c6095becfe973806cd45be8767c55b&originationContext=MyResearchHistoryAll&transitionType=MyResearchHistoryItem&contextData=%28oc.Default%29&VR=3.0&RS=cblt1.0..

[17] Kenneth Chang, 2 Win Abel Prize for Work That Bridged Math and Computer Science, N.Y. Times (May 22, 2021), https://www.nytimes.com/2021/03/17/science/abel-prize-mathematics.html.

[18] Id.

[19] Information Commissioner’s Office, The Principles, ico., https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/ (last visited Sept. 26, 2021); Jeff Kosseff, Defining Cybersecurity Law, 103 Iowa L. Rev. 985 (2018), https://ilr.law.uiowa.edu/print/volume-103-issue-3/defining-cybersecurity-law/.

[20] NCSL, Cybersecurity Legislation 2021, Nat’l Conf. of State Legislatures, https://www.ncsl.org/research/telecommunications-and-information-technology/cybersecurity-legislation-2021.aspx.

[21] Id.

[22] Id.

[23] Id.

[24] Brian Fung & Alex Marquardt, Senators Draft Bill that Would Require Many Entities to Report Cyber Breaches Within 24 Hours, CNN Pols. (June 17, 2021), https://www.cnn.com/2021/06/16/politics/bill-report-cyber-breach-24-hours/index.html.

[25] The White House, Executive Order on Improving the Nation’s Cybersecurity, Briefing Room, https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/.

[26] Fung & Marquardt, supra note 21.

[27] Gopal Ratnam, Bipartisan House Bill Would Give States $500M for Cybersecurity, Gov’t Tech. (May 12, 2021), https://www.govtech.com/security/bipartisan-house-bill-would-give-states-500m-for-cybersecurity.

[28] The White House, supra note 22.

[29] Id.

[30] Id.

[31] The White House, supra note 22.

[32] Id.

[33] Tom Foremski, IBM Warns of Instant Breaking of Encryption by Quantum Computers: ‘Move Your Data Today,’ ZDNet (May 18, 2018), https://www.zdnet.com/article/ibm-warns-of-instant-breaking-of-encryption-by-quantum-computers-move-your-data-today/

[34] World Map of Encryption Laws and Policies, Glob. Partners Digit., https://www.gp-digital.org/world-map-of-encryption/ (last visited Sept. 26, 2021).

[35] Implications of Quantum Computing for Encryption Policy, Carnegie Endowment for Int’l Peace 6, https://carnegieendowment.org/2019/04/25/implications-of-quantum-computing-for-encryption-policy-pub-78985 (last visited Sept. 26, 2021).

[36] Id.

[37] Id. at 7.

[38] Id.