FDA Cordially Invites 23andMe to Bring Health Claims Up to Code

POSTED BY Lloyd Chebaclo

23andMe, the direct-to-consumer genetic testing service, is partly on hold after the U.S. Food and Drug Administration (FDA) sent it a warning letter for marketing its Saliva Collection Kit and Personal Genome Service (PGS) “without marketing clearance or approval in violation of the Federal Food, Drug and Cosmetic Act (the FD&C Act).”

The company takes saliva samples from its customers and offers the customer the option to track her ancestral origins and trace her lineage with a “personalized analysis of your DNA.”  What drew the FDA’s attention is the health and disease-related analysis the company offers using the DNA samples.  The FDA asserted that the PGS product is a device under section 201(h) of the FD&C Act, 21 U.S.C. 321(h) “because it is intended for use in the diagnosis of disease or other conditions or in the cure, mitigation, treatment, or prevention of disease, or is intended to affect the structure or function of the body.”  The FDA pointed to the company’s PGS marketing materials based on its November 6, 2013 review of the www.23andme.com/health site that it provides “health reports on 254 diseases and conditions,” including categories such as “carrier status,” “health risks,” and “drug response,” and specifically as a “first step in prevention”  that enables users to “take steps toward mitigating serious diseases” such as diabetes, coronary heart disease, and breast cancer.

Some of the concerns here are that customers will rely on a service that has not been vetted under the Act to their potential detriment monetarily and in health outcomes.


Some of the uses for which PGS is intended are particularly concerning, such as assessments for BRCA-related genetic risk and drug responses (e.g., warfarin sensitivity, clopidogrel response, and 5-fluorouracil toxicity) because of the potential health consequences that could result from false positive or false negative assessments for high-risk indications such as these. For instance, if the BRCA-related risk assessment for breast or ovarian cancer reports a false positive, it could lead a patient to undergo prophylactic surgery, chemoprevention, intensive screening, or other morbidity-inducing actions, while a false negative could result in a failure to recognize an actual risk that may exist.

Currently, for customers of the genetic testing service 23andMe after November 23, 23andMe will no longer offer its interpretation of the genetic sequencing until it conforms to the FDA’s requirements.

23andMe appears to be working on bringing its health-related services into compliance with FDA regulations before bringing its full range of services back into the market.  The letter suggests that the FDA and the company have had a series of exchanges since 2009 in which the FDA has informed the company about steps it could take to comply such as through modifying product labeling and data it needs to submit for the intended uses of PGS, but it has not to date met agency standards.

A brief look at the FDA’s legal basis for the letter:

…23andMe must immediately discontinue marketing the PGS until such time as it receives FDA marketing authorization for the device. The PGS is in class III under section 513(f) of the FD&C Act, 21 U.S.C. 360c(f). Because there is no approved application for premarket approval in effect pursuant to section 515(a) of the FD&C Act, 21 U.S.C. 360e(a), or an approved application for an investigational device exemption (IDE) under section 520(g) of the FD&C Act, 21 U.S.C. 360j(g), the PGS is adulterated under section 501(f)(1)(B) of the FD&C Act, 21 U.S.C. 351(f)(1)(B).  Additionally, the PGS is misbranded under section 502(o) of the Act, 21 U.S.C. § 352(o), because notice or other information respecting the device was not provided to FDA as required by section 510(k) of the Act, 21 U.S.C. § 360(k).

 There had been unavailing efforts to classify the products in class II which would only require Premarket Notification or PMN, otherwise called a 510(k) clearance under the Act or de novo classification and not premarket approval (PMA).

While advances in applications of genetics such as new forms of gene therapy such as target gene editing to introduce beneficial genes appear to be on the horizon, this story seems to show that government agencies are staying active in upholding regulations to protect the consumer. Some suggest that this FDA action against 23andMe is a somewhat futile, narrow response to a broader movement of gene sequencing and interpretive services that would require a larger change in regulations.  Just prior to the FDA action, 23andMe had announced its plan to use a new custom microarray chip to genotype its customers which would use probes to detect single nucleotide polymorphisms (SNPs) selected by its researchers to “maximize the number of actionable health and ancestry features available to customers as well as offer flexibility for future research.”  As discussed, the health reports associated with the new methods will not be marketed, pending FDA authorization.

23andMe is supported by Google, which also funds the ambitious Calico project intending to use its vast data processing capabilities to research new approaches to counteract mortality and aging.  A class action lawsuit has since been filed against 23andMe alleging false and misleading advertising.


It’s a Name, It’s a Domain, It’s a…Contract For Services?

POSTED BY Alexander D. Schultheis

There are a number of legal scholars who take the position that intellectual property (IP) is not that much different from real property.  Thus, many of the same ownership rights that exist in property law are advocated for in the realm of IP.  It seems reasonable from an objective viewpoint that a domain name is the property of the firm that owns it.  Thus, much like property sold at a bankruptcy auction to pay off creditors of the firm, it seemed reasonable that IP assets, too, should be sold if necessary to relinquish debts a firm might owe, including a domain name.  But a United States District Court recently reasoned otherwise in Alexandria Surveys, LLC v. Alexandria Consulting Group, LLC, U.S. Dist. LEXIS 160595 (E.D. Va. 2013), holding that domain names are not in fact the property of a judgment debtor under Virginia state law, and are thus not part of the debtor’s bankruptcy estate.

The decision reversed an order of the Bankruptcy Court for the Eastern District of Virginia, which ordered the domain name of Alexandria Surveys, LLC (“Surveys”) to be sold at auction to pay off its creditors.  At the auction, Alexandria Consulting Group, LLC (“ACG”) purchased the domain name, as well as Surveys’ phone numbers. Surveys appealed this decision to the District Court for the Eastern District of Virginia, arguing that the domain name and phone numbers sold to ACG were not property of the debtor, and therefore could not be sold by the bankruptcy trustee as part of its bankruptcy estate.

Federal bankruptcy law defines property of a debtor’s estate as “all legal and equitable interest of the debtor in property as of the commencement of the estate.”  11 U.S.C. § 541(a)(1).  However, with no specific provisions in the Bankruptcy Code addressing telephone numbers or web domain names, it has largely been left to the courts to define the boundaries of whether or not these items may be sold by a trustee as debtor property to satisfy its judgment creditors.  Confounding the debate further, the circuits have split as to whether telephone numbers are property of a debtor’s estate.  The Fourth Circuit has not addressed this issue on its own yet.  However, the Supreme Court has weighed in on this question, and stated that state law determines the boundaries for property interests that a trustee may distribute to creditors in a bankruptcy proceeding. Butner v. United States, 440 U.S. 48, 49 (1979).

With this law in mind, Surveys cited the Virginia Supreme Court’s decision in Network Solutions, Inc. v. Umbro International, Inc., 529 S.E.2d 80 (Sup. Ct. Va. 2001), which held that a judgment debtor has no property right in its telephone numbers and web addresses. In that case, the Virginia Supreme Court reasoned that “a domain name registrant acquires the contractual right to use a unique domain name for a specified period of time” and is thus “the product of a contract for services” because neither the telephone numbers nor web addresses exist separately from the services which created them.  Network Solutions, 529 S.E.2d 86-87.  ACG rebutted this argument by distinguishing Network Solutions as a garnishment proceeding, not a bankruptcy proceeding.  But the District Court rejected this argument, following the Virginia Supreme Court’s reasoning that telephone numbers and web addresses are not separate from the contracts that service providers offer to make them functional.  Additionally, the trustee did not assume the executory contracts that Surveys had with Cox Communications, so even if Surveys had an IP interest in the domain address and the telephone numbers, it was rejected by the trustee.

The District Court’s ruling highlights an important philosophical underpinning to certain types of IP: those which are contracted for are treated no differently than executory contracts, should a bankruptcy arise and the debtor not list said contracts on their bankruptcy schedule (something Surveys did not do in this case). While some IP scholars may disagree with this ruling on the grounds that the web address and the telephone numbers should be sold to ACG as “property” of the estate, irrespective of whether it is listed on the schedule, web addresses and telephone numbers are not the same as owning other types of IP, such as a copyright or a patent.  For these forms of IP, the individual holder normally obtains ownership of the property without having to contract for its use with another party.  Instead, it is granted by the federal government through an application process whereby the applicant demonstrates they have met the statutory requirements to receive protection for their work.  In this case, however, the District Court, and more appropriately the Virginia Supreme Court (on whom it relied) correctly noted the contractual nature of providing web domain services and telephone numbers.

This one key difference marks the outcome of this case, one which the U.S. District Court for the Eastern District of Virginia properly arrived at in its reasoning. It remains to be seen what happens with IP assets in bankruptcy proceedings in the 21st century, as this is still a developing area of law. But the lesson is clear: For bankruptcy purposes, IP that is contracted for, in a non-assigning manner, is not property of a debtor’s estate, if state law says it is not, and the trustee is bound by such a determination.

Gone “Phishing”

POSTED BY Rebecca Rubin

Internet users are well-attuned to the prevalence of SPAM emails in their Inboxes. But really, some SPAM we assume is just clogging our Inboxes is merely an empty shell for a highly-intrusive hacking technique: phishing. Phishing is the reason SPAM emails can be so dangerous, and is the means employed to recover usernames, passwords, and banking information through manipulating website links and pretending to be actual emails from our favorite websites. While phishing is not a new phenomenon, recent news articles are popping up regarding its ever-growing danger to obtain easily accessible personal information. Yet, simultaneously Google is exploring methods to crack down on phishing scams, while the FBI targets phishing suspects by turning the tables and making dangerous hackers the bait.

While the average individual is a prime target for phishing attackers, large companies worldwide are not immune from being on the hook of attackers through the method of “spearphishing.” Recently, Indian companies reportedly lost $53 million in just three months from corporate inducements into revealing personal and financial information, making India the fourth nation attacked globally. The United States, United Kingdom, Australia, and Germany ranked high on the list of countries with targeted corporate enterprises and U.S. companies as a whole lost $882M during the same three-month span as India.

Due to these alarming figures and the prevalence of phishing overall, Google recently submitted a blog post explaining preventive measures for Gmail users and email solicitors to avoid phishing attacks. Google confirmed that email authentication standards are working and responding to this worldwide problem after almost a decade of no success. These implemented standards such as DomainKey Identified Email (DKIM) and Sender Policy Framework (SPF) allow for digital signature validation by recipients and provides overall methods to associate email messages with valid domain names. The proof of success is in the numbers – out of 91.4% of authenticated emails sent to Gmail users, a total of 74.7% are now filtered through these new standards.

The fight against phishing has also spawned darker methods, uncovering controversial issues in FBI battles to catch attackers such as detailed in a Washington Post article. Government desperation to thwart phishing scams is resulting in questionable violations of the Fourth Amendment relating to search and seizure. In response to multiple emailed, video chatted, and internet phone-based threats made in 2012 to detonate bombs at universities and airports by a mysterious phisher, “Mo,” the FBI’s most tech-savvy team of hackers designed malicious malware to infiltrate Mo’s accounts. The goal was to gather any and all information which may relay the location of Mo’s computer. The warrant to release the malware was finally issued in December 2012 but limited the search to a two-week window to activate the surveillance software. Yet, human error resulted in a misspelled email address on the warrant, and a new warrant had to be issued. It turned out, after all of the FBI’s effort the results were not so triumphant and Mo’s location remains largely unknown.

Many judges were reluctant to give out search warrants in similar cases that same year for uncrossed boundaries in search and seizure law. One critic, Georgetown University law professor Laura K. Donahue, commented, “You can’t just go on a fishing expedition…There needs to be a nexus between the crime being alleged and the material to be seized. What they are doing here, though, is collecting everything.” Relevant worries about the highly intrusive nature of the internet, even to potential criminal defendants, may lead to a sea of cases regarding phishing and search and seizure concerns in multiple courts, reflected by the current lack of consensus related to granting warrants.

While Google’s efforts are restricted to Gmail users, it is no small feat against phishing scams and will likely cause other email providers and domain managers to follow suit with stricter authentication policies. Yet, the FBI’s methods are not exactly setting an example for email users or potential phishers. Since there are no legal limitations on this new policing method, judges are being cornered to weigh in on serious issues during a rushed window of time to target potential security threats. While law enforcement’s methods may be promising, the controversial risks and inefficiency posed by having to go through the legal process to obtain warrants may not be worth the effort. A quieter and seemingly successful solution appears to have been achieved by Google, but of course higher security risks tend to prompt heightened needs for protection. As phishing in the public sphere decreases, it may continue to thrive in private legal matters. Let’s just hope human error does not promote malware to be mistakenly sent to the wrong email address, and that phishing by law enforcement leads to success stories in the future.

Call Me Maybe: The FCC Proposes to Lift Ban on In-Flight Cell Phone Use

POSTED BY Meghan T. Bonk

The Federal Communications Commission (“FCC”) has recently made a proposal to allow the use of cell phones on airline flights. The Wall Street Journal reported that cell phone use would still be restricted during takeoff and landing, but once the plane reaches 10,000 feet, “airborne calls” and “cellular data” use would be permitted. In 1991, the FCC created a restriction that banned the use of in-flight cell phone use. It proposed to lift the restriction in 2004 and received more than 8,000 public comments. In 2007, the commission decided against lifting the restriction after flight attendants and other groups argued that “in flight calls would be a nuisance.” The iPhone was created by Apple in 2007, and since then, cell-phone related activity has increased making it more reasonable to lift the ban on in-flight cell phone use today.

The FCC chairman, Tom Wheeler, stated that the agency wishes to do away with outdated rules and restrictions. He also stated that the airlines themselves are in the best position to decide what is in the best positions of the passengers, but he wanted to confirm that in-flight cell phone use is safe. According to The Washington Post, airline consultant, Robert Mann, also commented on the matter and explained that previously, the FCC was the main excuse airlines had for not allowing in-flight cell phone use and that now, the FCC wants to take itself “out of the equation.”

Ultimately, the FCC plans to invite public comment on the issue of permitting airborne calls and cellular data usage by airline passengers. One of the issues that could come about because of this proposed rulemaking is that while the FCC will allow public comment, will the airlines themselves be given enough of a voice in the matter? Airline passengers themselves will most likely have noise concerns about the lifted ban on cell phone use. However, airlines will pay the ultimate price because once one airline decides to allow in-flight cell phone use, other competing airlines will feel the need to follow suit. This means that thousands, perhaps even millions of dollars will be spent to install equipment on planes that connects to cell phone towers on the ground.  Even though Chairman Wheeler reassured that in-flight cell phone is safe, other safety concerns arise. Monitoring passengers who appear to pose a terrorist risk to the flight and are using a cell phone, cell phone use during an emergency situation and the ability of flight attendants to give direction to passengers all pose a security risk if cell phone use was permitted.

Another effect of lifting the restriction on in-flight cell phone use could be that the unions associated with airlines could go on strike, causing mass cancellation of flights due to lack of essential personnel. A spokesman for the Association of Flight Attendants stated that the union objects to this proposed rulemaking and that it goes against its employees’ goal of creating a calm, secure environment. If the rule is adopted, surely other unions will have similar concerns.

While the FCC has ambitions to reevaluate rules that do not appear to be up to date with modern technology, there seems to be underlying motives within its proposed rulemaking. Cell phone companies could be lobbying for this rule to be put into place, or perhaps the new FCC chairman wants to use this proposed rulemaking as a stepping stone for his own political career. Either way, safety concerns as well as the concerns of airline personnel should be considered to a higher standard than that of the public. A more stringent proceeding that includes airline personnel representatives as a party to the action would be ideal in this case to ensure that all concerns are addressed thoroughly and completely.