goodthinking! blog

Because the Turing Test is not enough…

As businesses integrate artificial intelligence in their operations (including goodcounsel, which we’ve written about here), state legislatures are taking steps to regulate its use, particularly when there are civil rights and consumer protection implications. Much of the early focus has been on preventing algorithmic discrimination in areas such as hiring, housing, and lending. These regulations aim to ensure that automated systems do not produce biased outcomes that disproportionately affect protected groups.  

Recent statutes are focused on the risks when generative AI tools interact directly with consumers. For example, Utah’s Artificial Intelligence Policy Act (as amended) requires companies to program AI chatbots to disclose to users that they are interacting with artificial intelligence (rather than a human) at the outset of an interaction, if the interaction involves (1) the collection of “sensitive personal information” such as financial, health or biometric data, and (2) the provision of personalized recommendations or advice “that could reasonably be relied upon to make significant personal decisions,” including the provision of financial, legal, medical or mental health advice. There is no private cause of action under the statute, but Utah’s Division of Consumer Protection may impose administrative fines of $2,500 per violation, in addition to injunctions, disgorgement, and other relief. California and Colorado have their own statutes addressing AI disclosures and disclaimers in consumer interactions.  

This year, Alabama, Hawaii, Illinois, Maine, and Massachusetts introduced bills that would make failing to provide the required AI notification an “unfair or deceptive act or practice” (UDAP) violation under The Federal Trade Commission Act. These bills, when passed, would expose companies that use AI in consumer communications to investigation or enforcement by Attorneys General and, potentially, private actions. 

Please contact us if you need help knowing which states’ AI laws apply to your business, and how to comply with them.  


Categorised as: Artificial Intelligence, Regulatory alert

Illinois softens penalties for violations of the Biometric Information Privacy Act

Five years ago, we wrote a blog post about how Illinois was a pioneer in passing a comprehensive statute protecting biometric information, and how other states were following suit. Illinois’ Biometric Information Privacy Act (BIPA), enacted in 2008, protects these biometric identifiers: fingerprints, retina scans, iris scans, hand geometry scans, voiceprints, and face geometry scans. 

Illinois still distinguishes itself in that it is the only state that grants consumers the right to sue for monetary damages when their biometric data rights are violated. Other states, such as Texas and Washington, do not provide a private right of action; enforcement is typically reserved for the state attorney general.

Last August, Illinois amended BIPA so that an individual whose rights were violated under BIPA is entitled to only one recovery ($1,000 for a negligent violation and $5,000 for an intentional or reckless violation, along with reasonable attorneys’ fees and injunctive relief), regardless of the number of times the company disclosed, redisclosed, or otherwise disseminated the same biometric identifier or biometric information of the same person to the same recipient. Before the amendment, individuals could seek $1,000 for each negligent violation and $5,000 for each intentional or reckless violation.

This amendment comes as a big relief to companies that collect biometric information from Illinois residents. Perhaps you remember hearing about what at the time was the largest privacy-related cash recovery in the U.S.: in January 2020, Illinois class action plaintiffs succeeded in getting Facebook to establish a $650 million fund for users whose BIPA rights were violated by “Tag Suggestions,” Facebook’s facial recognition feature. (Since then, Meta, Facebook’s parent company, has agreed to even larger data privacy settlements.)

Reach out to us if your business collects biometric information. We can help ensure that you are complying with applicable state law. 


Categorised as: Biometrics non-compliance

Thinking about the Abundance Agenda at 185 mph

I am fortunate to be in Europe for a couple of weeks. It’s always striking to see the quality of public infrastructure here. The Paris Metro is a marvel—beautiful, fast, and extensive. (Why the Metro operates so much better than the NYC Subway, given its smaller operating budget, is a story for another time.)

This morning, I took the Metro to one of Paris’s several grand train stations, Gare du Nord, and boarded the Eurostar train to Antwerp via Brussels, where I am sitting right now. Even in second class, the train car was comfortable, quiet, and very well-maintained. Traveling at speeds as high as 185 mph (a speed that American trains only dream about), we completed the 164-mile segment to Brussels in about an hour and 20 minutes.

Why can’t we have this in US?

Read the rest of this entry »

Categorised as: Current events, News and Views

Let’s call it what it is—bribery

As is often the case with President Trump, the corruption is out in the open. As a lawyer, it sickens me that the president continues to get away with this. Are people okay with this?

CEO Makes Shocking Admission About Why He’s Buying Trump’s Meme Coin (Yahoo! News)

A crypto mogul who invested millions into Trump coins is getting a reprieve on civil fraud charges (CNN)

Trump’s controversial meme coin ‘contest’ proves predictably profitable for the president (MSNBC)


Categorised as: Current events, News and Views

We have a BOIR filing deadline – for now! But most companies are no longer required to file BOIRs.

Update: The Securities and Exchange Commission has reviewed and substantially revised the BOIR rule. Under the updated rule, domestic companies are now exempt. Only companies formed in foreign jurisdictions that domesticate with U.S. secretaries of state are required to file a BOIR, and only with respect to beneficial owners who are not U.S. citizens

Do not despair if your business hasn’t filed its Beneficial Ownership Information Report (BOIR) yet — FinCEN has provided a new deadline.

FinCEN just announced that a company formed before 2025 has until March 21, 2025, to file its BOIR, and a company formed after December 31, 2024, has until March 21, 2025, or 30 days from the filing date (whichever is later).

Filing deadlines have changed due to conflicts between injunctions issued by federal circuit courts and appeals by the Department of Justice. While the new deadline gives businesses more time, don’t wait too long—noncompliance comes with substantial penalties.

Wait, what’s a BOIR Again?

Under the Corporate Transparency Act (CTA), most U.S. businesses – especially small and privately-held companies – are required to report details to FinCEN about their “beneficial owners” (people who own at least 25% of the company or have substantial control).

The goal? To crack down on fraud, money laundering, and shell companies hiding illicit activities.

If your business falls under this requirement and hasn’t filed yet, now’s the time to act.

If you want more information, you can check out our previous blog post here, but disregard the deadline dates!

Who Needs to File?

Most LLCs, corporations, and other registered business entities must file a BOIR. Some companies, like publicly traded businesses, large operating companies, and certain financial institutions, are exempt.

Not sure if your business qualifies? We can help.

What Happens If You Don’t File?

Ignoring the BOIR requirement isn’t an option. If you miss the deadline, you could face:

  • Fines up to $500 per day for ongoing violations
  • Criminal penalties of up to $10,000 and possible jail time for willful violations

Even though FinCEN extended the deadline, the penalties remain the same—so it’s best to take care of this sooner rather than later.

What Should You Do Now?

If you haven’t filed yet, here’s your game plan:

  • Check if your business needs to file – Review FinCEN’s reporting requirements.
  • Gather ownership details – Identify anyone who owns 25% or more or has significant control.
  • Submit your BOIR before the deadline – March 21, 2025, for pre-2025 entities, or the latter of March 21, 2025, or within 30 days of formation.
  • Stay updated – The CTA and BOIR requirements are still evolving, so keep an eye on any further changes.

Need Help? goodcounsel Has You Covered

If the BOIR process feels overwhelming, you don’t have to tackle it alone. We’re here to help.

We can walk you through the process, ensure everything is filed correctly, and keep your business compliant—with minimal stress.

📩 Get in touch today, and let’s ensure you meet the deadline hassle-free.


Categorised as: Lawyering

Alert! Protect your software against reverse engineering

Protecting proprietary software is critically important for many technology startups. Proprietary software can potentially be protected as a trade secret or by copyright or patent law – there are pros and cons to each approach. For example, some companies prefer going the trade secret route because, unlike with copyrights and patents, it requires no filings or disclosures; generally, all that is required is for the company to take reasonable measures to keep the trade secret confidential.

A company may lose its competitive advantage if a competitor “reverse engineers” its proprietary software. Reverse engineering software is the process of analyzing, disassembling, or experimenting with the software to discover its structure, design, or source code. Successful reverse engineering may enable a competitor to create a substantially similar or duplicate product. It may surprise you that reverse engineering software — even when it is copyrighted or protected as a trade secret — is generally lawful under federal and state law, unless theft, fraud, bribery, espionage, or other improper means are involved.

Fortunately, there are steps a business can take to minimize the risk of reverse engineering, such as contractually prohibiting business partners, licensees, and others with access to the proprietary software from reverse engineering it – with a breach of this obligation resulting in liability for breach of contract and trade secret appropriation.

Contact goodcounsel if you have concerns that your proprietary software is not adequately protected.

Jared Montney, an intern and 4th-year student at the University of Chicago, provided substantial assistance researching, drafting, and editing this blog post.


Categorised as: Lawyering

FTC issues a nationwide ban on noncompetes

Following the trend of many states that have severely limited or prohibited employee noncompetes, the FTC announced in April a final rule prohibiting noncompete provisions in agreements with workers. The FTC rule, which will become effective on September 4, 2024 (assuming it withstands legal challenges) will, if nothing else, bring uniformity and clarity to the now-fragmented national landscape of noncompete regulation.

The rule prohibits employers from entering into, attempting to enter into, or maintaining noncompete clauses with any workers (whether employees or contractors) and requires notice to certain workers that their noncompetes are now unenforceable. With respect to noncompete clauses entered into prior to the effective date, enforceability depends on the seniority level of the employee – senior executive noncompetes, narrowly defined, are grandfathered.

Although legal challenges are pending, it is crucial for businesses to prepare for compliance by reviewing and adjusting their current employee agreements, assessing all outstanding noncompete agreements, and preparing notifications to the extent required by the rule.

If you need help understanding how this rule applies to your business or any other guidance on next steps, please do not hesitate to contact us.


Categorised as: Employment Law, Legal Issues, Regulatory alert