Syllabus Globalization: Business, Legal and Public Policy Issues January Term, 2017 — January 3-6, 9-13, 17-18

Simply stated, the bright new financial system—for all its talented participants, for all its rich rewards—has failed the test of the market place. To meet the challenge, the Federal Reserve judged it necessary to take actions that extend to the very edge of its lawful and implied powers, transcending certain long embedded central banking principles and practices. The extension of lending directly to non-banking financial institutions—while under the authority of nominally “temporary” emergency powers—will surely be interpreted as an implied promise of similar action in times of future turmoil. What appears to be in substance a direct transfer of mortgage and mortgage-backed securities of questionable pedigree from an investment bank to the Federal Reserve seems to test the time honored central bank mantra in time of crisis—“lend freely at high rates against good collateral”—to the point of no return.¹³¹

1. 
   Did the government assistance programs during the crisis create or exacerbate a problem of moral hazard in the financial industry? If the crisis was, as Bernanke suggests, a “classic financial panic,” is reform enough to prevent a future crisis?
   

2. 
   Will a government backstop (e.g., the role of the Fed as the Lender of Last Resort) always be necessary? What are the potential pitfalls of the changes Dodd-Frank made to the emergency authority of the Fed?
   
3. 
   Former Treasury Secretary Larry Summers says that “[a] competent lender of last resort—in Bagehot’s sense of one who lends freely at a penalty rate against good collateral—actually turns a profit, as the IMF did in its response to the financial crises of the 1990s.”¹³⁴ Do the Treasury and the Fed’s actions during the crisis qualify for this standard?
   
4. 
   What could have been done differently? Should Lehman have been “allowed to fail,” as the popular narrative goes, where Bear and AIG were not?
   

5. 
   What is meant by “Systemically significant”? Is it determined simply by the rise of the system if the institution fails? Or are there positive contributions to the global financial system by the existence and scale of the SIFI’s?
   

1. 
   Former FDIC Chair Sheila Bair argues that under Dodd-Frank, taxpayer bailouts are “completely prohibited,” and that the problem of Too Big to Fail has been abolished. Meanwhile, U.S. Senator Elizabeth Warren argues that the problem of Too Big to Fail has only gotten worse, pointing to the evidence that today, the four biggest banks are 30% larger than they were five years ago. U.S. Senator Sherrod Brown also thinks that “too big to fail is alive and well,” but not because of the size of the institutions, but because the biggest banks have yet to submit credible living wills to the FDIC.¹³⁵
   

2. 
   The reform effort has created some tension between efforts to coordinate regulatory reform at the international level (that is, a focus on cross-border regulation) and efforts to maintain the safety and soundness of domestic financial systems. While Dodd-Frank exhorts U.S. regulators to coordinate with their foreign counterparts, it also includes enhanced powers for them to oversee and terminate operations of foreign financial institutions in the United States.¹³⁶ Under this authority, the Federal Reserve is in the process of finalizing a rule that will require a foreign banking organization with $50 billion or more in U.S. assets to place virtually all of its U.S. subsidiaries in a U.S. intermediate holding company (IHC). The IHC will be subject to U.S. Basel III, capital planning, Dodd-Frank stress testing, liquidity, and risk management requirements.¹³⁷ Some have called this a new form of “financial protectionism” that will force foreign banks to “ring-fence” their capital or assets within a jurisdiction and lead to a “Balkanization” of banking activity, as financial institutions will shift away from international activity.¹³⁸
   

3. 
   The end of the financial crisis has not been accompanied by an end of alleged wrongdoing at some of the world’s largest financial institutions. Perhaps most notably, the LIBOR scandal (and associated rate-rigging scandals) revealed that traders continued to manipulate global interest rates even after 2008.¹³⁹ New York Fed President Bill Dudley said in a speech that enhancements to the current regulatory regime “may not solve another important problem evident within some large financial institutions—the apparent lack of respect for law, regulation and the public trust.”¹⁴⁰
   

Is culture something that can be changed? How would you change it? How would you deal with the problems of repeated ethical lapses such as the allegations of collusion in setting rates, the incidence of fraud, the number of regulatory breaches; the challenge of assuming effective risk management, compliance and controls?

4. 
   In a response to Judge Rakoff’s piece, one corporate lawyer wrote:
   

[U]nder present corporate and securities law, horrible management of a financial institution is not a civil wrong, much less a crime, so long as appropriate procedural steps were taken and there was adequate disclosure to investors of the risks associated with the practices and transactions in question. . . . Without a doubt, there were far too many sloppy and reckless business practices leading up to the 2008 meltdown. . . . There was also far too little oversight of the persons responsible for these practices by their ostensible superiors on boards of directors and in upper management. However, under our present system of corporate and securities laws, there is a fundamental difference between reckless practice and fraud. . . . ([M]ore) high-level executives have not been prosecuted because they have not committed crimes or civil wrongs as the law now stands. ¹⁴¹

Judge Rakoff replied:
[M]anagement, that is, executives, have been the subject of numerous private and regulatory lawsuits in the wake of the financial crisis, in a great many of which they have accepted judgments against them, even if not admitting liability.To note just the most prominent example, in June 2009 the SEC (which has no power to bring criminal prosecutions) brought a civil action against Countrywide Financial Corporation’s three most senior executives—Angelo Mozilo, David Sambol, and Eric Sieracki—accusing them of falsely and intentionally misrepresenting the quality of Countrywide’s mortgage-backed securities over a period of several years. Four days before the case was scheduled to go to trial, the defendants settled, with Mr. Mozilo agreeing to pay $67.5 million. . . . Although, in accordance with the SEC’s policy at the time, the defendants were permitted to settle “without admitting or denying” the allegations of fraud, one is left to wonder why the Department of Justice did not bring a parallel criminal case.¹⁴²

Is financial regulatory reform enough? Does this argue for a fundamental revision or U.S. corporate laws? Or would it be enough for, as Judge Rakoff suggests, the Department of Justice to undertake criminal prosecutions that parallel the SEC’s civil enforcement actions?

1. 
   James B. Stewart, “Eight Days: The battle to save the American financial system,” The New Yorker (September, 21, 2009).
   

2. 
   Alan Blinder, “After the Music Stopped: The Financial Crisis, the Response, and the Work Ahead” (2013).
   
   1. 
      Chapter 1: “What’s a nice economy like you doing in a place like this?”
      
   2. 
      Chapter 6: “The Panic of 2008”
      
   3. 
      Chapter 10: “It’s Broke, Let’s fix it: The need for Financial Reform”
      

3. 
   Glossary of Financial Crisis Terms, Federal Reserve Bank of Boston (Revised April 2011).
   

4. 
   Rose, C., & Sesia, A. (2009). What Happened at Citigroup? (Rev. July 20, 2009)
   HBS No. 9-310-004. Boston, MA: Harvard Business School Publishing
   

5. 
   Hon. Jed Rakoff, “Why Have No High-Level Executives Been Prosecuted?”
   

6. 
   Ben Bernanke, “The Crisis as a Classic Financial Panic” (Speech of November 8, 2013)
   

7. 
   Stanley Fischer, “Financial Sector Reform: How Far Are We?” (Speech of July 10, 2014)
   

8. 
   Sheila Bair, “Dodd-Frank really did end taxpayer bailouts,” Washington Post (May 28, 2013)
   

9. 
   Lawrence Summers, “Beware Moral Hazard Fundamentalists,” Financial Times (Sept. 23, 2007)
   

10. 
    Cline and Gagnon, “Lehman Died, Bagehot Lives: Why did the Fed and Treasury Let a Major Wall Street Bank Fail?” PIIE Policy Brief, September 2013.
    

11. 
    FCIC Conclusions, January 2011
    

12. 
    FCIC Dissenting Statement, January 2011.
    
    
    
13. 
    Simon Johnson and James Kwak, “Policy Advice and Actions during the Asian and Global Financial Crises” (Chapter 5 of Responding to Financial Crisis: Lessons from Asia Then, the United States and Europe Now, edited by Changyong Rhee and Adam S. Posen, published by the Peterson Institute for International Economics and the Asian Development Bank).
    
    
    
14. 
    Timothy Geithner, “Stress Test: Reflections on Financial Crises”—pp. 176-186; 190-195; 202-206; 255-257
    
    
    
15. 
    Daniel K. Tarullo, “Good Compliance, Not Mere Compliance” (Speech of October 20, 2014)
    
    
    
16. 
    William C. Dudley, “Enhancing Financial Stability by Improving Culture in the Financial Services Industry” (Speech of October 20, 2014)
    

17. 
    Financial Times, "Why Wells Fargo is a watershed moment for clawbacks" (2016) https://www.ft.com/content/33a8e0ae-856d-11e6-8897-2359a58ac7a5.
    

18. 
    Financial Times, “Wells Fargo sham-accounts scandal lifts lid on ‘ridiculous’ cross-selling” (2016) https://www.ft.com/content/32b989ac-870f-11e6-a75a-0c4dce033ade.
    

19. 
    Wall Street Journal, “Lawmakers Take More Swings at Wells Fargo CEO John Stumpf (2016) http://www.wsj.com/articles/lawmakers-take-more-swings-at-wells-fargo-ceo-john-stumpf-1475171906.
    

20. 
    Bloomberg, “Stumpf’s Bad Day: A Summary of Lawmakers’ Withering Attacks” (2016) http://www.bloomberg.com/news/articles/2016-09-29/stumpf-s-bad-day-a-summary-of-lawmakers-most-bitter-attacks.
    

1. 
   “Margin Call,” Lions Gate Films, Inc., 2011. Film
   

2. 
   “The Big Short,” Paramount Pictures, 2015. Film
   

3. 
   “The Giant Pool of Money,” Transcript, This American Life, NPR, (originally aired May 5, 2008). Audio: http://www.thisamericanlife.org/radio-archives/episode/355/the-giant-pool-of-money
   
   
   

There are three questions below. For each question, two groups will prepare a memo, one from the perspective of a federal agency (regulator) and one from the perspective of a financial institution (general counsel or CEO).

Group 1: Question 1 - federal agency
Group 2: Question 1 - financial institution
Group 3: Question 2 - federal agency
Group 4: Question 2 - financial institution
Group 5: Question 3 - federal agency
Group 6: Question 3 - financial institution

1. How do you assess or grade the key reforms adopted in Dodd Frank and its implementation to date? After five years since Dodd Frank's passage, what gaps or revisions must still be addressed?

2. How would you improve the culture of financial institutions? How would you bolster reputation and improve performance under conditions of severe financial stress?

3. How can financial institutions and regulators deal with the competition for talent? To the extent you think it important, how can we achieve greater international convergence of rules and standards? In your answer, please include your thoughts on compensation.

Prime Oil & Gas (“Prime”) is a multi-billion dollar, multinational public oil and gas company, headquartered in the U.S. and with customers primarily in the U.S. and Europe. Prime’s business includes oil and gas exploration, refining, export, and delivery to customers. Recently, Prime has been growing its natural gas business due to the shale-gas and fracking boom in the United States. However, the U.S. cannot absorb all of the natural gas supply because the U.S. infrastructure is primarily set up for oil and gasoline, not natural gas. Prime has been looking to other markets to profit off its accumulated supply of natural gas.

To make matters worse, Prime’s website was recently hacked by Anonymous, a notorious group of hackers that frequently hack as a form of protest. The hackers did not inflict any permanent damage to the company, but they placed images of cross and bones, explosions, and dying polar bears all over Prime’s website. It took the company twenty-four hours to remove the images. U.S. federal prosecutors managed to identify, arrest, and indict the particular hackers who engaged in the attack on Prime—a huge coup for the government given the difficulty in identifying these hackers. The convicted hackers face several years in jail. Prime is still facing significant PR backlash on environmental issues, and the company must decide how it wants to respond to the news of the hackers’ indictment.

The Qatari and Turkish gas companies have now also learned of the breach at Prime and that this much coveted natural gas liquefaction and regasification technology is no longer proprietary. Both companies have started to delay the deal closing on the joint venture, offering public explanations that Prime knows is not the real reason for their newfound hesitation. Prime has heard from unofficial sources that both Qatar and Turkey are now possibly in talks with Russia about a partnership—indicating that they may be leaning toward siding with Russia in the larger geo-political struggle. This is certainly very worrisome for Prime, who is beginning to think it may have taken too great a risk in moving forward with the joint venture, but it is also of major concern to the U.S. State Department.

1. 
   U.S. and China cybersecurity relations [Groups 1-2]
   
2. 
   Privacy at stake: cyber theft of personal information [Groups 3-4]
   
3. 
   Denial of service attacks (DOS): “hacktivism,” warfare, and financial motivations [Groups 5-6]
   

1. 
   David Clark, Thomas Berson, and Herbert S. Lin, At the Nexus of Cybersecurity and Public Policy, The National Academies Press.
   
2. 
   Verizon, 2015 Data Breach Investigations Report, April 2015.
   
3. 
   McAfee, The Economic Impact of Cybercrime and Cyber Espionage, Center for Strategic and International Studies, July 2013.
   

4. 
   The Wall Street Journal, What’s Next for the U.S. and China in Cybersecurity, July 5, 2016.
   
5. 
   Economic Espionage and Trade Secret Theft: An Overview of the Legal Landscape and Policy Responses.
   
6. 
   The Washington Post Editorial Board, The U.S. needs to tame the cyber-dragon, February 14, 2013
   
7. 
   Edward Wong, U.S. Case Offers Glimpse Into China’s Hacker Army, The New York Times, May 22, 2014
   
8. 
   Shane Harris, Exclusive: Inside the FBI’s Fight Against Chinese Cyber-Espionage, www.foreignpolicy.com, June 18, 2014
   
9. 
   Adam Segal, Department of Justice Indicts Chinese Hackers:What Next, Council on Foreign Relations, May 19, 2014
   
10. 
    Adam Segal, Chinese Cyber Espionage: We Know the Who, How, Why, and Why it Matters – We’re Missing the What to Do, Council on Foreign Relations, June 11, 2014
    
11. 
    Nicole Perlroth, Russian Hackers Targeting Oil and Gas Companies, the New York Times, June 30, 2014
    
12. 
    Jack Goldsmith, More Questions About the USG Basis for Complaints about China’s Cyber Exploitations, Lawfare, May 30, 2013
    
13. 
    Michael Riley, How the U.S. Government Hacks the World, Bloomberg Businessweek, May 23, 2013
    
14. 
    Kristine Kwok and Stephen Chen, Snowden effect changes US-China dynamic on cybersecurity, U.S. China Perception Monitor, June 17, 2014
    

15. 
    Michael Riley, Ben Elgin, Dune Lawrence, and Carol Matlack, Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It, Bloomberg Businessweek, March 13, 2014
    
16. 
    The White House, Executive Office of the President, Big Data: Seizing Opportunities, Preserving Values, May 2014.
    
17. 
    Mark Scott, Europe Urges U.S. to Handle Data Private With Care, The New York Times, November 27, 2013
    
18. 
    David Jolly, European Union Takes Steps Toward Protecting Data, The New York Times, March 12, 2014
    

19. 
    EconoTimes, New cryptocurrency ‘DDoSCoin’ incentivizes users for participating in DDoS attacks, August 15, 2016
    
20. 
    Somini Sengupta, The Soul of the New Hacktivist, The New York Times, March 17, 2012
    
21. 
    John Markoff, Before the Gunfire, Cyberattacks, The New York Times, August 13, 2008
    
22. 
    Nicole Perlroth and Quentin Hardy, Bank Hacking Was the Work of Iranians, Officials Say, The New York Times, January 8, 2013
    
23. 
    William J. Broad, John Markoff and David E. Sanger, Israeli Test on Worm Called Crucial in Iran Nuclear Delay, The New York Times, January 15, 2011
    
24. 
    Nicole Perlroth and David E. Sanger, Nations Buying as Hackers Sell Flaws in Computer Code, The New York Times, July 13, 2013
    
25. 
    Nicole Perlroth, Cybercriminals Zero In on a Lucrative New Target: Hedge Funds, The New York Times, June 19, 2014
    
26. 
    Noah Hampson, Hacktivism: A New Breed of Protest in a Networked World, 35 B.C. Int'l & Comp. L. Rev. 511 (2012)
    

1. 
   Nicole Perlroth, Sony Pictures Computers Down for a Second Day After Network Breach, The New York Times, November 25, 2014.
   
2. 
   Brooke Barnes and Nicole Perlroth, Sony Pictures and F.B.I. Widen Hack Inquiry, The New York Times, December 3, 2014.
   
3. 
   Press Statement by White House Secretary of State, John Kerry, Condemning Cyberattack by North Korea, December 19, 2014.
   
4. 
   David Sanger and Martin Fackler, N.S.A. Breached North Korean Networks before Sony Attack, Officials Say, The New York Times, January 19, 2015.
   
5. 
   David E. Sanger and Julie Davis, Hacking Linked to China Exposes Millions of U.S. Workers, The New York Times, June 4, 2015.
   

1. 
   Should the hacks of protest organizations such as Anonymous be treated as part of free speech? In the case study, the Anonymous hack only harmed Prime’s public image; it did not result in the theft of any of Prime’s property. Should we treat “protest” hacking different from other types of hacking?
   

2. 
   Why would the U.S. government indict foreign nationals when it is unclear whether they will be able to prosecute them? Do you think this was wise on the U.S.’s part given the U.S.’s own cyber espionage? Is the U.S.’s public position on China’s or Russia’s cyber espionage valid? Why? In the case study example, should the U.S. government bring charges against the Russian hackers?
   

3. 
   What options are available to Prime after a cybersecurity breach? What risks does the company face? What, if any, should be the limits of corporate civil liability for cybersecurity breaches where customer information is stolen, as in the Target case or customer funds are taken, as in the case of hedge fund hacking? How should policy makers allocate responsibility in this rapidly changing environment? Is there a significant role for regulation? For insurance? For diplomatic solutions through trade and investment treaties? Should these be pursued on a multi-lateral global basis, through regional negotiations or as bilateral agreements?
   

4. 
   Compare EU and U.S. privacy law. What are the pros and cons of each approach?
   

5. 
   Should the private sector cooperate with the government on cybersecurity issues? To what extent? What are the advantages and disadvantages of a company disclosing to the government that it has suffered a cyber-attack? What should a company do if it gets conflicting messages from different parties of the U.S. government, like Prime in the case study? Should there be a formal protocol for private companies to report hacking to the U.S. government? What would the protocol require?
   

6. 
   Should private companies take matters into their own hands to rebuff cyber-attacks? Should they launch counter-attacks? Should they attempt to identify the hackers, such as determining whether the hackers are private parties or government-sponsored? What are the risks of companies taking counter-measures in response to a cyber-attack? Should the law protect such countermeasures?
   

7. 
   What should a private company do if it believes it was attacked by entities that are part of or affiliated with a foreign government as part of a geopolitical struggle? Does your view of a company’s obligation or options depend on whether you believe the hackers were driven by geo-political strategy, economic gain or other interests? Does a private company have any way to avoid becoming a victim in geopolitical conflicts or international criminal behavior?
   

8. 
   To what extent is it possible to protect intellectual property in today’s rapidly changing technology landscape? How does this affect innovation?
   

9. 
   How can the government effectively legislate in an area such as cybersecurity which evolves almost daily? In the absence of formal legislation on cybersecurity, does the guidance that agencies like the DOJ produce suffice to guide companies in the face of cyber - attacks ? Which agencies should get a say in formulating such ‘guidance’ for companies?
   

10. 
    Should government regulators bring enforcement actions against companies who have lost customer personal information in a cyber -attack? Can a company use its compliance with the DOJ guidelines, for example, as an affirmative defense when it faces charges for data loss after a cyber-attack? On the other hand, can a company’s non-compliance with such guidelines be used against it in enforcement actions?
    

11. 
    Should companies be required or incentivized to invest more on cybersecurity? Should certain companies receive a greater subsidy or incentive to increase cybersecurity protections because of the nature of their technologies or data and the likely motivations of those responsible for the breach?
    

12. 
    Do individuals have responsibility for the personal information accessible on their mobile phones? Should Prime be liable in private lawsuits for stolen customer information where the information was stolen from customers’ phones and not directly from Prime’s servers?
    

13. 
    Should there be a coordinated global response to cyber-attacks against private entities? What would the response entail?
    
    
    
14. 
    Should the government use cyber as a tool for intelligence gathering or for other offensive purposes and also seek to protect its public and private entities from cyber attacks?
    

Reflecting on the new readings and on the readings/discussion from class 1, each group should prepare a brief memo that prioritizes provisions for federal legislation on their assigned topic: IP theft, consumer privacy, and security (including denial of service attacks). Group assignments are the same as for class 1. Please send your memos directly to Professor Kaden (lewis.kaden@gmail.com) by 9:00 pm.

In addition, you may also consider: To what extent must Congress act to address cyber security challenges? In the absence of congressional action, to what extent may the President act unilaterally to address cyber security breaches or attacks? What can/should states and private businesses do?

Aside from the memo, everyone should also please read the following short articles relating to the recent U.S.-China cyber agreement and consider the following questions: Why did Washington and Beijing make this deal? What did each government achieve? Did China agree to change its behavior in any meaningful way? Given news reports of China’s continued IP theft after the deal, can we expect any change in China's behavior?

Required

• 
  Goldsmith, Jack. “What Explains the U.S.-China Cyber ‘Agreement’? (Links to an external site.),” Lawfare, September 26, 2015.
  
• 
  Nye, Joseph. "The World Needs New Norms on Cyberwarfare (Links to an external site.)," Washington Post, October 1, 2015.
  
• 
  Ellen Nakashima. "China Still Trying to Hack U.S. Firms Despite Xi's Vow to Refrain, Analysts Say (Links to an external site.)," Washington Post, October 19, 2015.
  
• 
  MandiantReport (Links to an external site.), Executive Summary (pp. 2-6).
  

Optional

• 
  Significant Cyber Events Since 2006 (Links to an external site.), Center for Strategic & International Studies
  
• 
  Sanger, David. “Cyberthreat Posed by China and Iran Confounds White House (Links to an external site.),” New York Times, September 15, 2015.
  
• 
  Perlroth, Nicole. “Online Attacks on Infrastructure Are Increasing at a Worrying Pace (Links to an external site.),” New York Times, October 14, 2015.
  

1. 
   Preet Bharara, Asleep at the Laptop, The New York Times, June 3, 2012
   
2. 
   William A. Owens, Kenneth W. Dam, and Herbert S. Lin, Editors, Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of CYBERATTACK CAPABILITIES, National Research Council of the National Academies, pp. 202-213
   
3. 
   Ian Urbina, Hacker Tactic: Holding Data Hostage, Hackers Find New Ways to Breach Computer Security, The New York Times, June 21, 2014
   
4. 
   Paul A. Ferrillo, Weil, Gotshal & Manges LLP, Cybersecurity, Cyber Governance, And Cyber Insurance: What Every Public Company Director Needs to Know, The Metropolitan Corporate Counsel, June 16, 2014
   
5. 
   Nicole Perlroth and Elizabeth A. Harris, Cyberattack Insurance a Challenge for Business, The New York Times, June 8, 2014
   
6. 
   Haynes and Boone, A Desk Guide to Data Protection and Breach Response
   
7. 
   Paul Rosenzweig, The Most Important Cybersecurity Case You’ve Never Heard Of, Lawfare, May 29, 2013
   
8. 
   Brent Kendall, Ruling Rejects Hotelier Wyndham’s Claim That Agency Lacks Power Over Cybersecurity Practices, The Wall Street Journal, April 7, 2014
   
9. 
   Sidley Austin LLP, SEC Launches Cybersecurity Examination Initiative – Promoting Cyber Preparedness, April 24, 2014
   
10. 
    Sidley Austin LLP, White House Releases NIST Cybersecurity Framework, February 13, 2014
    
11. 
    King & Spalding, Five Things Every In-House Counsel Should Understand About The NIST Cybersecurity Framework, February 25, 2014
    
12. 
    Optional: The Report of the Commission on the Theft of American Intellectual Property, The IP Commission Report, The National Bureau of Asian Research, May 2013
    
13. 
    Reuters, U.S. senators push ahead with cybersecurity legislation, Thomson Reuters, June 17, 2014
    
14. 
    Melissa E. Hathaway, Change the Conversation, Change the Venue and Change Our Future, Centre for International Governance Innovation, May 13, 2013.
    

15. 
    The White House, Securing Cyberspace – President Obama Announces New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts, January 13, 2015
    
16. 
    The Department of Justice, Sharing Cyber threat information under 18 USC §2072(a)(3), May 9, 2014.
    
17. 
    The Department of Justice and the Federal Trade Commission, Antitrust Policy Statement of Sharing Cybersecurity Information, April 10, 2014.
    
18. 
    The Department of Justice, Cybersecurity Unit, Best Practices for Victim Response and Reporting of Cyber Incidents, April 15, 2015.
    

In the late 1990s, many countries were being flooded with smuggled cigarettes, especially popular American brands such as Camel and Marlboro.¹⁴³ Because American cigarettes were often subject to high taxes and import duties, smugglers began buying these cigarettes in countries where they were not heavily taxed, such as Ukraine and Panama, and smuggling them into higher-tax countries like Colombia, Spain, and Italy.¹⁴⁴ Smuggled brand name cigarettes could be sold at a much cheaper price than their legally imported counterparts, while still earning substantial profits and leading to increased market share over other brands and local competitors.¹⁴⁵ Targeted countries were concerned for several reasons. First, cigarette smuggling cost governments billions of dollars in lost tax revenue.¹⁴⁶ Second, countries believed that tobacco smuggling was linked to organized terrorism, organized crime, and drug money laundering.¹⁴⁷

Plaintiffs also bring various RICO claims predicated on harms derivative of smuggling. The injuries include, inter alia, loss of funds spent to combat cigarette smuggling, and coordinate damage to the security and integrity of Plaintiffs’ relevant institutions and markets. Additionally, Plaintiffs seek equitable and injunctive relief designed to impede smuggling, improve future defenses against smuggling, and recoup monies lost to smuggling. All of these claims also trigger the revenue rule under the [Second Circuit’s] Attorney General of Canada ruling. Here, as there, “we would have to examine whether, when and to what extent the smuggling existed, which would require a determination that tax laws were applicable to defendants.”¹⁶²Frustrated in their efforts to combat cigarette smuggling, the European and Colombian plaintiffs spent the next several years appealing the decision with little success.¹⁶³ In January 2004, the Second Circuit affirmed the district court’s dismissal.¹⁶⁴ However, in May 2005 the Supreme Court granted certiorari and remanded for further consideration in light of its intervening decision in Pasquantino v. United States.¹⁶⁵ Pasquantino held that the revenue rule, while prohibiting civil suits to enforce the tax laws of another country, still permitted the United States to criminally prosecute individuals or companies who violated foreign tax laws.¹⁶⁶ On remand, the Second Circuit re-affirmed the district court’s original ruling that the lawsuits were barred by the revenue rule.¹⁶⁷ For their part, the tobacco companies fought back by bringing various claims in the Court of Justice of the European Communities, seeking annulment of the European Commission’s authorization of the U.S. lawsuits on the grounds it was illegal. However, these claims were ultimately rejected by the Court of Justice.¹⁶⁸

The refusal of the courts to resolve the substantive legal issues surrounding cigarette smuggling did not end the matter. Governments in Colombia and Europe still faced cigarette smuggling and lost tax revenue. The tobacco companies faced an uncertain legal environment in key markets. They were also worried that increased media attention and political pressure abroad would grab the attention of the United States Department of Justice, which was able to criminally prosecute companies that knowingly assisted in the violation of foreign tax laws under Pasquantino.¹⁶⁹ In addition, both sides continued to be hurt by the increasing prevalence of counterfeit cigarettes. On top of these problems, the relationship between the parties had soured. Both sides had shown a willingness to fight expensive, protracted legal battles, and neither side was willing to give up. Bilateral negotiations were also unlikely, given the number of countries involved and, on the European side, the various supra-national organizations, including the European Commission, the European Anti-Fraud Office (OLAF), the European Parliament, and its Trade and Justice Committees.Faced with limited legal options, the parties found a novel solution. The readings that follow present this solution, focusing on one tobacco company, Japan Tobacco International (JTI). JTI is the international division of Japan Tobacco, the largest tobacco company in Japan¹⁷⁰ and one of the four largest tobacco companies in the world.¹⁷¹ JTI owns the rights to popular R.J. Reynolds brands sold outside the United States, such as Winston, Camel, and Benson & Hedges.¹⁷² * * * * *

The preceding discussion presents one context in which a public-private regulatory regime can, and did, arise. However, due to the nature of the issues and parties involved, no two regimes will be the same. This section introduces several other types of public-private regulatory regimes, which are discussed in greater detail in the following readings.