Saturday, June 25, 2016

MIRLN --- 29 May - 25 June 2016 (v19.09)

MIRLN --- 29 May - 25 June 2016 (v19.09) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | PODCASTS/MOOCS | RESOURCES | LOOKING BACK | NOTES

Ethics opinion draws line on when social media is considered advertising (ABA, 20 May 2016) - Whether social media constitutes attorney advertising is an unsettled question for attorneys. A recent ethics opinion provides much-needed guidance on the question. Attorneys can post away on professional networking sites like LinkedIn with certain caveats, according to an ethics opinion of the Association of the Bar of New York Committee on Professional Ethics . Attorneys looking for guidance regarding attorney advertising will find the opinion a useful resource. Whether social media constitutes attorney advertising is a question that has plagued attorneys in recent years. Ethics committees "find themselves straining to force fit the proverbial peg of social media into the round hole of legal ethics-with varying degrees of success," the New York City Bar noted. In addition, "due to the pace of technological change, bar regulators may be reluctant to amend ethics rules to incorporate social media use," the opinion added. This is because of "a legitimate concern that any such rules may become obsolete as social media platforms develop and change." The New York City Bar provided a detailed analysis in an attempt to address these concerns. A lawyer's LinkedIn profile is attorney advertising only if the profile meets five criteria: the lawyer makes the content; the primary purpose is for client retention of the lawyer for pecuniary gain; the content relates to the lawyer's legal services; new clients are the intended audience; and the content does not fall into an exception to the definition of attorney advertising. The New York City Bar noted that, although its opinion focused on LinkedIn, it applies to other social networking sites such as Facebook and Twitter. The New York City Bar emphasized that a LinkedIn profile comprises advertising only if there is "clear evidence that a lawyer's primary purpose is to attract paying clients." The opinion allows many types of LinkedIn content, for example, including a list of skills or description of practice areas. Simply displaying recommendations and endorsements is similarly permissible. * * *

top

- and -

Attorney confidentiality, cybersecurity, and the cloud (Dan Solove, 6 June 2016) - There is a significant degree of confusion and lack of awareness about attorney confidentiality and cybersecurity obligations. This issue is especially acute when it comes to using the cloud to store privileged documents. A common myth is that storing privileged documents in the cloud is a breach of attorney-client confidentiality. In other instances, many attorneys and firms are not paying sufficient attention to their obligation to protect the confidentiality and security of the client data they maintain. The general rules of professional conduct are written broadly, without specifically addressing privacy and cybersecurity issues. Under Rule 1.6 of the ABA Model Rules of Professional Conduct , "a lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent." Lawyers must "make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client." The application of this rule to digital technologies has been dealt with by resolutions and commentary. Fairly recently, the ABA published Resolution 109 , calling for firms to "develop, implement, and maintain an appropriate cybersecurity program." And few years ago, the ABA amended Comment 8 to Model Rule 1.1 (requiring "competent representation to a client") to state that "a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology ." (added language italicized). Is it ethical for attorneys and law firms to store privileged documents in the cloud? After all, they are storing such documents on a third party's computer. This question has been a widespread concern, enough so that several state bar associations have issued guidance. Their consistent conclusion is that it is ethical to store privileged documents in the cloud. For example, according to the Pennsylvania Bar Association Formal Opinion 2011-200 : "An attorney may ethically allow client confidential material to be stored in 'the cloud' provided the attorney takes reasonable care to assure that (1) all such materials remain confidential, and (2) reasonable safeguards are employed to ensure that the data is protected from breaches, data loss and other risks." According to the Florida Bar Association Opinion 12-3 , "Cloud computing is permissible as long as the lawyer adequately addresses the potential risks associated with it." The Massachusetts Bar Association Opinion 12-03 provides that lawyers "may store and synchronize electronic work files containing confidential client information across different platforms and devices using an Internet based storage solution" if they undertake "reasonable efforts to ensure that the provider's terms of use and data privacy policies, practices and procedures are compatible with the lawyer's professional obligations, including the obligation to protect confidential client information." * * *

top

- and -

Another state adopts the duty of technology competence for lawyers (Robert Ambrogi, 17 June 2016) - I have been tracking here the states that have adopted the ethical duty of technology competence for lawyers. I have just learned of one more state that has adopted the duty. That brings the total number of states to 21. The latest state is North Dakota, where the Supreme Court ordered adoption effective March 1, 2016, of an amendment to Rule 1.1 of the North Dakota Rules of Professional Conduct. The amendment to the rule on maintaining competence adds the phrase adopted by the ABA in 2012 in Model Rule 1.1, Comment 8. In North Dakota, the comment is number 5 and reads: "To maintain the requisite knowledge and skill, a lawyer must keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements." The amendment added the italicized phrase, which is identical to the phrase in the Model Rule. (For the full list of states that have adopted the rule, see my earlier post .)

top

Rethinking the "standard" arbitration clause in cloud agreements (part ii) (LeClair Ryan, 23 May 2016) - Part I of this article included a little bit of history about how it came to be so common that modern technology agreements - including "cloud agreements" - often include a rather ubiquitous, sort of "standard" arbitration clause. The first article in this three-part series also put forth the question of whether some of the common assumptions about arbitration - namely, that arbitration is cheaper, faster and better than a traditional lawsuit - are true. This middle article in the series aims to try to answer that question: Is arbitration truly "cheaper, faster or better?" A close examination of these common assumptions reveals that, while there are indeed some clear advantages to arbitration, some of the claimed advantages may be lost if parties simply agree to a "standard" arbitration clause, without giving the matter any considered thought on the front end of a transaction. This kind of inertia often leads to an arbitration proceeding that looks very much like a traditional lawsuit. The parties who agree to an arbitration provision without giving it any thought will find that arbitration is often just as expensive as a traditional lawsuit, that it may not be any faster, and that a "more rational result" does not necessarily work to every party's advantage.

top

Born in the VCR era, great courses seeks to evolve (NYT, 27 May 2016) - Decades before TED Talks, so-called massive open online courses and YouTube videos made top educators accessible to the masses, the Great Courses built a loyal audience of lifelong learners by making "the world's greatest professors" available to anyone with a VCR or cassette player. Larry Weinberg, 72, typifies the Great Courses' core customer: A voracious learner, he got hooked on the Great Courses video and audio classes shortly after he retired from Boeing a decade ago. His personal library now includes more than 200 courses, as varied as "Understanding Multivariable Calculus" and "Yoga for a Healthy Mind and Body," all carefully cataloged on bookshelves and computer hard drives. Now the Great Courses program hopes to broaden its demographics with an all-you-can-learn streaming service, Great Courses Plus, which it introduced late last year. With the streaming option, customers are not limited to a single course. For $19.99 a month, or about $180 for an annual subscription, they have unlimited online access to more than 280 of the most recent and popular courses from the company's library of roughly 600 courses on topics including astrophysics and wine tasting. "I'm a big believer that we are the Netflix of learning," said Paul Suijk, chief executive of the Teaching Company of Chantilly, Va., which owns the Great Courses and has $150 million a year in revenue. "Looking at Netflix and where they are going, I think there are many similarities."

top

Doctors fire back at bad Yelp reviews - and reveal patients' information online (WaPo, 27 May 2016) - Burned by negative reviews, some health providers are casting their patients' privacy aside and sharing intimate details online as they try to rebut criticism. In the course of these arguments -- which have spilled out publicly on ratings sites like Yelp - doctors, dentists, chiropractors and massage therapists, among others, have divulged details of patients' diagnoses, treatments and idiosyncrasies. One Washington state dentist turned the tables on a patient who blamed him for the loss of a molar: "Due to your clenching and grinding habit, this is not the first molar tooth you have lost due to a fractured root," he wrote. "This tooth is no different." And a California dentist scolded a patient who accused him of misdiagnosing her. "I looked very closely at your radiographs and it was obvious that you have cavities and gum disease that your other dentist has overlooked. … You can live in a world of denial and simply believe what you want to hear from your other dentist or make an educated and informed decision." Health professionals are adapting to a harsh reality in which consumers rate them on sites like Yelp, Vitals and RateMDs much as they do restaurants, hotels and spas. The vast majority of reviews are positive. But in trying to respond to negative ones, some providers appear to be violating the Health Insurance Portability and Accountability Act, the federal patient privacy law known as HIPAA . The law forbids them from disclosing any patient health information without permission. Yelp has given ProPublica unprecedented access to its trove of public reviews -- more than 1.7 million in all -- allowing us to search them by keyword. Using a tool developed by the Department of Computer Science and Engineering at the NYU Tandon School of Engineering, we identified more than 3,500 one-star reviews (the lowest) in which patients mention privacy or HIPAA. In dozens of instances, responses to complaints about medical care turned into disputes over patient privacy.

top

Goldman Sachs: 5 practical uses for blockchain - from Airbnb to stock markets (Business Insider, 28 May 2016) - "Is the hype around blockchain justified?" asks Goldman Sachs in a blockbuster 88-page note sent to clients this week. The financial world has been going crazy for blockchain technology for the last year or so, hypothesising how it could rip out huge amounts of costs for big banks and streamline operations. Goldman itself was one of the key hype men, declaring in December that the technology "can change... well everything." The bank has examined the technology's application in 5 markets. We've summed up its thinking below * * *

top

Get the complete guide to preservation case law 2008-2016 (GC News, 31 May 2016) - Zapproved has published its updated Preservation Case Law Summaries 2008-2016 , the definitive guide to preservation case law with summaries tagged by venue, sanction and topic. Zapproved says courts are analyzing preservation cases for spoliation with a high bar to determine if awarding sanctions is appropriate. The standards set forth in proposed changes to Rule 37(e) require that in order to impose an adverse inference, spoliation must have (i) caused substantial prejudice in the litigation and the result of willfulness or bad faith; or (ii) irreparably deprived a party of any meaningful opportunity to present or defend against the claims in the litigation.

top

Panama Papers fallout: What if your lawyer gets hacked? (Information Week, 31 May 2016) - Your company has likely spent a lot of time, effort, and money keeping its security systems, policies, and practices up to date. Can the same be said of your law firm? The legal industry isn't exactly known for its technology leadership, which should be of concern, especially from a security perspective. Don't assume that your data is safe, in other words. Be prepared to do your own due diligence. "Law firms retain a lot of sensitive corporate data that would be extremely valuable to hackers or outside parties. In particular, hackers are interested in corporate legal information, intellectual property from their clients, information on directors and officers of corporate clients, settlement terms, and more," said Jacob Olcott, the former legal adviser to the Senate Commerce Committee, counsel to the House of Representatives Homeland Security committee, and current VP at Bitsight Technologies , in an interview. "Since law firms often deal with highly sensitive information, they are a clear target for hackers trying to earn money on the black market. In addition, hacktivists may be interested in the information held by a law firm for political purposes." "Many top law firms have pretty good structural security. However, they drop the ball in two places: They use less sophisticated local counsel and give them sensitive documents, and they don't put sufficient checks on their people," said Jay Edelson, founder and CEO at law firm Edelson PC , in an interview. The actual scope of attacks is difficult to gauge. For example, in its 2015 Annual Security Report, Cisco named the legal industry No. 7 in its list of top 10 company types at risk for Web malware infections. According to an American Bar Association (ABA) 2015 Legal Technology Survey Report , 15% of the 880 lawyer respondents said their firms had experienced a security breach, and 23% of them said they didn't know if they had. More than four in ten (42%) said their computers had been affected by a virus, while 23% said they didn't know. The larger the law firm, the greater the increase in breaches. "Law firms represent a critical component of most companies' supply chain[s]," said BitSight's Olcott. "Most companies are focused on managing the cyber risk of their supply chain, and one of the first organizations they start with is their law firm." [ Polley : See also The security vulnerabilities law firm hacks create for corporations (Inside Counsel, 1 June 2016)]

top

- and -

A brief history of law firm cyberattacks (Law360, 2 June 2016) - The legal industry is the latest gold mine for hackers, whose attacks continue growing in sophistication, frequency and motivation. This, coupled with the fact that so many law firms have branches and associates located around the world, means the entry points for hackers have become even more numerous. Over the past few months alone, major law firms including Cravath Swaine & Moore LLP , Weil Gotshal & Manges LLP , and most recently, Mossack Fonseca, have all fallen victim to simple, easily preventable data breaches. In the case of Mossack Fonseca, more than 2.6 terabytes of data were stolen without the firm detecting any sign of theft, and overall, a whopping 11.5 million sensitive records were confiscated. Most law firms do not have basic cybersecurity controls in place for detecting and mitigating data breaches. The incident at Mossack Fonseca just scratched the surface of demonstrating the lack of cybersecurity resources within the legal sector, as 90 percent of law firms have five or fewer employees dedicated to information security and safeguarding the business' crown jewels. The fact that the law firms entrusted with so much sensitive information have such poor cybersecurity policies, procedures and technologies should be alarming to just about every business, as the quickening pace of breaches could put thousands of businesses at risk. The FBI has reacted by issuing warnings to firms, but overall, the legal industry is - and always has been - lagging. Here's a look at the history of events leading up to the Mossack Fonseca incident: * * * [interesting graphic timeline] * * * According to Vincent I. Polley, former deputy general counsel for Schlumberger Ltd . for 20 years and co-author of a recent book for the American Bar Association on cybersecurity, "A lot of firms have been hacked, and like most entities that are hacked, they don't know that for some period of time. Sometimes, it may not be discovered for months and even years." History has a tendency of repeating itself, and given the aforementioned cybersecurity events, law firms must take proactive measures to properly secure the sensitive data. Through actions such as regular employee and third-party contractor training, cybersecurity audits, and investing in data protection technology tools and resources, firms can avoid falling victim to the next data breach - which could happen at any second. [ Polley : I wasn't interviewed for this story.]

top

Tattoo recognition research threatens free speech and privacy (EFF, 2 June 2016) - Tattoos are inked on our skin, but they often hold much deeper meaning. They may reveal who we are, our passions, ideologies, religious beliefs, and even our social relationships. That's exactly why law enforcement wants to crack the symbolism of our tattoos using automated computer algorithms, an effort that threatens our civil liberties. Right now, government scientists are working with the FBI to develop tattoo recognition technology that police can use to learn as much as possible about people through their tattoos. But an EFF investigation has found that these experiments exploit inmates, with little regard for the research's implications for privacy, free expression, religious freedom, and the right to associate. And so far, researchers have avoided ethical oversight while doing it. The research program is so fraught with problems that EFF believes the only solution is for the government to suspend the project immediately. At a minimum, scientists must stop using any tattoo images obtained coercively from prison and jail inmates and tattoos that contain personal information or religious or political symbolism. EFF has been filing public records requests around the country to reveal how law enforcement agencies are using mobile biometric technology-including facial recognition, digital fingerprinting, and iris scanning-to identify people based on their physical and behavioral characteristics. As part of this investigation, we learned that the National Institute for Standards and Technology (NIST), one of the oldest federal scientific institutions, began an initiative in 2014 to promote and refine automated tattoo recognition technology for the FBI. The FBI's plans for automated tattoo recognition go beyond developing algorithms that can identify people by their tattoos. The experiments facilitated by NIST also focused on improving technology that can map connections between people with similarly themed tattoos or make inferences about people from their tattoos (e.g. political ideology, religious beliefs). On top of the free speech concerns, the project should raise red flags for religious liberty advocates, since many of the experiments involved sorting people and their tattoos based on Christian iconography. NIST's Tattoo Recognition Technology program also raises serious questions for privacy: 15,000 images of tattoos obtained from arrestees and inmates were handed over to third parties, including private companies, with little restriction on how the images may be used or shared. Many of the images reviewed by EFF contained personally identifying information, including people's names, faces, and birth dates.

top

Ponemon 2016 Cost of Data Breach study (June 2016) - IBM and Ponemon Institute are pleased to release the 2016 Cost of Data Breach Study: Global Analysis . According to our research, the average total cost of a data breach for the 383 companies participating in this research increased from $3.79 to $4 million2. The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $154 in 2015 to $158 in this year's study. In addition to cost data, our global study looks at the likelihood of a company having one or more data breach occurrences in the next 24 months. We estimate a 26 percent probability of a material data breach involving 10,000 lost or stolen records.

top

Will the Constitution protect your next smartphone? (The Atlantic, 3 June 2016) - Will new unlocking methods enjoy the same Fifth Amendment protections that prevent the government from forcing a person to give up their passwords? It all comes down to a distinction that the legal system uses to determine how far Fifth Amendment protections extend. The amendment covers what's in your head (thoughts, memories) but not what you are (fingerprints, DNA). A memorized password is unambiguously protected. But devices secured by biometrics or behavioral traits exist in a grayer area. When Apple introduced its first fingerprint reader-equipped iPhone in 2013, scholars speculated that the Fifth Amendment may not apply to fingerprints. Indeed, just a year later, a Virginia judge ruled that police could force a person to unlock his own iPhone with his fingerprint. And this February, a federal judge in Los Angeles signed a search warrant that compelled a 29-year-old woman to do the same. But these decisions don't necessarily mean the debate over the Fifth Amendment and fingerprint readers is all wrapped up, says Al Gidari, a technology lawyer and the director of privacy at Stanford University's Center for Internet and Society. Gidari disagrees with the judges who signed warrants for fingerprint unlocks. The Supreme Court has determined that the Fifth Amendment applies only to "testimonial communication that is incriminating." Gidari says that even though a fingerprint on its own isn't covered by the Fifth Amendment, the act of unlocking a device with a fingerprint falls into the special protected category. "When you put your fingerprint on the phone, you're actually communicating something," Gidari said. "You're saying, 'Hi, it's me. Please open up.'" [ Polley : Gidari is smart and experienced; his views are welcome counterpoint to others; see immediately below.]

top

- and -

The Fifth Amendment limits on forced decryption and applying the 'foregone conclusion' doctrine (Orin Kerr in Volokh Conspiracy, 7 June 2016) - The U.S. Court of Appeals for the 3rd Circuit has a case pending on the Fifth Amendment limits of forcing a suspect to enter his password to decrypt a computer. The case provides an opportunity for the 3rd Circuit to correct an error in the 11th Circuit's treatment of the same question, specifically on how to apply the "foregone conclusion" doctrine to an order requiring decryption of a storage device. Given the importance of the issue, I want to explain the issue, show where the 11th Circuit got it wrong, and explain what I think the right analysis should be. I'll start with a short summary of the facts in the pending case as found in the government's brief and the defense brief . The suspect, referred to in the briefs only as "John Doe," is a Philadelphia police officer. (News reports have named him as Francis Rawls , but I'll stick with "John Doe" to be consistent with the briefs.) Doe is believed to have used a peer-to-peer network to download a lot of child pornography from the Internet. Investigators were able to decrypt Doe's Apple computer without Doe's help pursuant to a search warrant. A search of the computer revealed evidence that Doe had accessed more than 20,000 files with child-porn-related file names and then stored the files on two external hard drives that were connected to Doe's computer when the government seized them. This case is about the government's access to the two external hard drives. The government obtained a search warrant to search the two hard drives as well as a supplemental order under the All Writs Act ordering Doe to decrypt them. Doe was then taken to a government computer lab where the drives were connected to a computer, and he was told to enter in the passwords to decrypt his hard drives. Doe claimed that he was unable to comply with the order because he did not remember the passwords. * * * [ Polley : pretty interesting reading.]

top

'Wifi whisperer' siphons your data in the creepiest way possible (Wired, 4 June 2016) - If you're connected to a wireless network, odds are high that little bits of data are trickling out of your device like water from a leaky faucet. "Our phones leak data in a bunch of different ways," says artist Kyle McDonald. "Sometimes it's really insidious or unexpected." Recently at Moogfest, a music and technology festival in Durham, N.C., McDonald with the help of fellow artist Surya Mattu created an installation called WiFi Whisperer that called attention to all that data your phone is giving away for free. As festivalgoers walked past the installation, the artwork grabbed insecure data and display it on monitors, while a hidden speaker whispered the stream of data-what networks you've recently connected to and websites you've visited, for example-like a creepy, demon-voiced Big Brother. "It's sort of like looking over someone's shoulder," says McDonald, "except you're doing it without actually looking over their shoulder." The artists built sniffers made from eight Raspberry Pis and wireless antennas, tuned to the different frequencies of open wireless channels. "We know where the data is in the air," McDonald explains. "Normally these packets are getting sent from one device to another, but there's no reason you can't just stand nearby and listen to that same data as though you were the device it was intended for." By partnering with Festify, Moogfest's wireless internet provider, the artists were able to grab even more data-things like the names of networks you were previously connected to, your device's MAC address, the host name of your laptop or phone, the server your http traffic is aiming for, and even text from whatever website you're visiting. "You can see exactly what articles people are looking at," McDonald says. "You can see exactly which comment they've thumbs-up'd." Businesses have actually used this kind of data to build consumer profiles. In 2012, Nordstrom began tracking the wifi signals emitted from shoppers' phones, to pinpoint their location in the store. Nordstrom argued it was simply the brick and mortar version of what online retailers do with cookies. Consumers didn't agree, and Nordstrom ended its experiment. Analytics companies like Euclid and Nomi use what they claim is anonymous data to figure out exactly where customers go and how many customers leave without buying something. Fairly practical information, you might think. The issue, McDonald says, is that most of us don't even realize we're broadcasting personal information.

top

This interactive proves just how wrong our world maps really are (FastCoDesign, 6 June 2016) - There are millions of reasons to love The West Wing , especially in a literally insane election year. But for design nerds, these four minutes in which White House Press Secretary C.J. Cregg takes a meeting with the Cartographers for Social Equality might be the highlight of the series. It's probably the only pop culture explanation of how well and truly borked our world maps actually are. Across the board, the Mercator projection of the Earth-which has been our baseline for world maps since the 16th century-skews the actual size of countries so they look bigger (and therefore, more important than they are) when they fall within the middle of the Northern Hemisphere. It's not just bad design, it has real geopolitical implications. For example, in most people's minds, Greenland is a much larger country than Australia. But the reality is that Australia dwarfs Greenland. Likewise, you probably think Africa and North America are roughly the same size, but Africa can swallow all of North America and Greenland with room for all of Western Europe to spare. And so on. Inspired by the aforementioned episode of The West Wing , James Talmage and Damon Maneice created The True Size . The web app lets you drag-and-drop different countries on a world map and see how they shrink or grow on a standard Mercator Projection map. It's a simple tool, but an eye-opening one that can be quickly used to show just how skewed our maps really are.

top

Google's fair use victory is good for open source (Pam Samuelson, 13 June 2016) - Oracle and Google have been fighting for six years about whether Google infringed copyright by its use of 37 of the 166 packages that constitute the Java API in the Android software platform for smart phones. Last week Google won a jury trial verdict that its reuse of the Java API elements was fair use. Let me first explain the main facts and claims in the lawsuit, and then why Google's fair use victory is a good thing not only for Google, but also for open source developers, for software developers more generally, and for the public. * * * [ Polley : excellent piece.]

top

Cloaking threat risk assessments under legal privilege (Aird & Berlis, 15 June 2016) - Threat risk assessments against technology-based systems and surrounding environments are increasingly mandated by customers and regulators. Threat risk assessments (TRAs) are typically done either pre-breach event as internal due diligence, or responsive to an event to determine the origins of the event and the scope of the impact. The breadth and penetration level of TRAs vary, but they are inherently intrusive, command significant time and financial resources, and will inevitably result in disclosing areas of possible vulnerabilities. The intent of TRAs is in part to identify those weaknesses, but that goal is often balanced by the concern that having actual knowledge of weaknesses and vulnerabilities exposes businesses to greater liability upon a breach event if the business was unable to implement a solution before the breach event occurs. Rectifying vulnerabilities, which could include simply catching up on ever-changing industry standards, often takes a significant amount of time to complete and that assumes that the business in question has the resources to allocate to such effort (whether or not this is simply the cost of doing business can be discussed another time). That inherently leaves a period of time between when an organization becomes aware of a vulnerability and when the solution is in place. In the United States, many law firms have standing agreements with cyber security experts to undertake TRAs. This is often done with the view that if the law firm engages the cyber security expert to perform the TRA and provide the resulting TRA report to the law firm, the TRA report and findings therein would be protected by a form of legal privilege and harder to use against the client should someone want to discover that TRA report. This approach has been tested in limited cases in the United States, and in certain post-breach incident TRAs, it has had some success. (We refer you to an Order issued by the U.S. District Court of Minnesota on October 23, 2015 by a U.S. Magistrate Judge, Jeffrey J. Keyes, in the matter relating to Target and a TRA prepared by Verizon Business Network Services). In Canada, the approach of law firms retaining cyber security experts to undertake the TRAs is less prevalent, but the merits and limitations should be considered.

top

The net neutrality court decision, in plain English (WaPo, 15 June 2016) - You may have heard something Tuesday about a court and net neutrality and something about the Internet. Maybe it didn't make much sense. And that's a good thing! If we all spent our time trying to decipher the Web, we'd never get around to actually using it, or creating awesome new things with it. That said, some debates are so important to the healthy function of the Internet that they're worth learning about in depth, and in the process grasping their implications for free speech, online commerce, educational opportunity and all the reasons that make the Internet worth using in the first place. One of those debates reached a key turning point Tuesday, when a federal appeals court said that the Internet is basically like a giant telephone network and that the companies that provide it, such as Comcast and Verizon, must offer essentially the same protections to Internet users that the government has required of phone companies for decades. [ Polley : This is key - while the "net neutrality" stuff is nice, the fundament of it is the recharacterization of ISPs as "telecom service" providers rather than "information service" providers. That recharacterization enables the FCC to regulate things like net neutrality; but also lots of other things, too.]

top

Key takeaways from the SEC Morgan Stanley cybersecurity case (D&O Diary, 16 June 2016) - As I noted in a recent post , on June 8, 2016, the SEC, in what one commentator called "the most significant SEC cybersecurity-related action to date," announced that Morgan Stanley Smith Barney LLC had agreed to pay a $1 million penalty to settle charges that as a result of its alleged failure to adopt written policies and procedures reasonably designed to protect customer data, some customer information was hacked and offered for sale online. In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC's Office of Internet Enforcement, takes a look at the circumstances at the company that led to this enforcement action and reviews the important lessons that can be learned from what happened. A version of this article originally appeared on CybersecurityDocket. I would like to thank John for his willingness to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this site's readers. Please contact me directly if you would like to submit a guest post. Here is John's guest post. * * *

top

Blockchain tech tested for Sweden's land registry system (ArsTechnica, 17 June 2016) - Blockchain-the technology that underpins Bitcoin-is to be tested on Sweden's land registry to see if it helps speed up property deals in the country. The Swedish National Land Survey ( Lantmäteriet ) has announced a trial that could have a significant impact on land deals, which are currently jotted down on paper, requiring several official documents, and the use of physical mail. A proof-of-concept both of the technology itself, and how it would work within the land registry has been developed by the government agency, alongside Swedish blockchain outfit ChromaWay‚ consulting firm Kairos Future, and telecoms company Telia. They say that the system is faster, more secure, and far less prone to human error than the current method.

top

Tor torpedoed! Tesco Bank app won't run with privacy tool installed (The Register, 18 June 2016) - UK supermarket giant Tesco's mobile banking app refuses to run on handsets where the Tor app is also installed, it emerged this weekend. Mainframe database admin Marcus Davage revealed the Tesco banking app tells users they must remove the Tor Project's anonymizing Android software to access the supermarket's money services. Davage posted an image of the message, which advises that in order to use the Tesco app, the Tor Project's Orbot Android client has to not only be turned off but removed entirely from the device. The issue appears to be related to security. Tesco's help site notes that the Android app checks for malware and other possible security risks (such as the phone being rooted) upon launching and, in this case, the Tor software triggers an alert.

top

Fed internal watchdog to study oversight of cybersecurity at banks (Reuters, 20 June 2016) - The Federal Reserve's internal watchdog plans to study how well the central bank is overseeing cybersecurity practices at financial institutions, the U.S. central bank said on Monday. The Office of Inspector General (OIG) at the Fed's Board of Governors plans to release the audit in the fourth quarter, the OIG said in a report on current and upcoming projects. Fed Chair Janet Yellen is due to appear before a U.S. Senate committee on Tuesday and will likely face questions about cybersecurity breaches involving the central bank. Lawmakers are also probing the Fed's own cybersecurity practices after a Reuters report revealed more than 50 cyber breaches at the Fed between 2011 and 2015. "The growing sophistication and volume of cybersecurity threats presents a serious risk to all financial institutions," the OIG said in its report released on Monday. The OIG study due later this year could be the first public report on how well the Fed is holding banks to rules that require them to have effective information security programs. Past studies posted on the Fed's website focused on the central bank's overall cybersecurity practices or on the security of particular information technology systems at the Fed.

top

Online interactive legal documents would be legal in North Carolina under bill passed by legislature (ABA Journal, 22 June 2016) - North Carolina lawmakers have passed a bill that amends the state's definition of law practice to permit websites that offer interactive legal documents. House Bill 436 (PDF) won unanimous approval last week, ending a long-running dispute with LegalZoom, WRAL reports. The bill was forwarded to Gov. Pat McCrory on Tuesday, according to the legislature's website. The bill says the practice of law does not include websites offering interactive software that generates a legal document based on the consumer's answers to legal questions. The bill adds several restrictions, including these: * * *

top

Law schools are going online to reach new students (NYT, 22 June 2016) - Law schools, in the face of marked declines in enrollment, revenue and jobs for graduates, are beginning to adopt innovative new ways of delivering legal education. Some law schools are moving away from relying solely on classic settings and instead are blending classroom learning with online instruction, said Michael B. Horn, a founder of the Clayton Christensen Institute, a research institution in San Mateo, Calif., that explores disruptive innovation in education. "Legal education is confronting the most imminent threat in higher education," Mr. Horn said. "Law schools are increasingly out of step with shifts in the legal services market." Law schools that "are able to pioneer online, competency-based programs that focus outside of the traditional J.D. will have a leg up in the struggle to survive," said Mr. Horn, an author of the newly released report, "Disrupting Law School: How Disruptive Innovation Will Revolutionize the Legal World." Mitchell Hamline School of Law, in St. Paul; Washington University School of Law, in St. Louis; and Syracuse University College of Law, in New York, all offer programs that fuse some elements of traditional legal education with technology in new educational vehicles. Harvard Law School also offers an online class on copyright law to its on-campus students and to students who can enroll for the free, not-for-credit course from anywhere in the world. Opportunities to earn a full-fledged law degree online are few, so far. The William Mitchell College of Law began offering a hybrid law degree in January 2015. The school has since merged with Hamline University School of Law. Syracuse's law school adopted a somewhat different approach when it announced in April that it would offer a hybrid law degree once it received approval from New York State and the American Bar Association, which regulates accredited law schools. Syracuse is working with 2U Inc., an education technology provider in Landover, Md., that has collaborated with some major universities, including Northwestern and Georgetown. The online degree program would use 2U's platform. The program will be for people whose work or family obligations prevent them from attending a residential law program. It will offer live online classes with Syracuse Law faculty members who will interact with students. The program, which is expected to begin in 18 months, will also include courses on campus and internships with outside employers.

top

Applying the Fourth Amendment to placing calls from a locked phone to identify its owner (Orin Kerr in Volokh Conspiracy, 22 June 2016) - A story in the Sacramento Bee flags a novel Fourth Amendment issue pending in federal court. Here's the issue: If the police find a locked phone that was left behind at a crime scene, do the police need to get a warrant before trying to identify the phone's owner by calling 911, thereby generating a caller-ID record at 911 that discloses the phone's number and leads to identification of its owner? This question has come up in the "Gone Girl" kidnapping case currently before Judge Troy Nunley in Sacramento. As I understand the facts from the SacBee story, the defendant, Matthew Muller, allegedly attempted a home burglary months after the kidnapping. The homeowner fought back, and Muller fled. In the course of fleeing, Muller left his locked cellphone behind. Cellphones allow emergency calls without unlocking the phone. The police took advantage of this and used the phone to call 911. Placing the call necessarily sent the phone's number to 911, and investigators then obtained the number from 911. The number was registered as a Verizon cellphone number. The police went to Verizon to find out who the registered user was. After serving a warrant on Verizon for this information, the police learned that the phone was registered to Muller's stepfather. That led the police to Muller. Muller has now moved to suppress the evidence that resulted from his identification. The issue being litigated is whether the government could call 911 from the phone without a warrant. Muller says no, because using the phone was a warrantless search. The government says yes, because the phone was abandoned when Muller left it behind. There are a lot of interesting issues here, and I can't do all of them justice in one post. But here's an overview of my thoughts. First, I think that calling 911 from another person's phone generally should be deemed a Fourth Amendment search of the phone. It's accessing another person's property to obtain information stored inside it, which I think of as a classic kind of search . Granted, the information from inside the phone (the number) is being retrieved in an unusual way. It's being pushed out and routed to 911 rather than revealed on the screen. And the only information retrieved is the number stored inside. But I think that is still accessing information from inside the device , and that it should still count as a search. That's my view, but there's some authority that points the other way. The best precedents on the other side are probably the recent cases holding that accessing the magstripe of a credit card is not a search. Those cases reasoned in part that there was no search because the information stored inside was disclosed to others in the ordinary course of use. The phone number associated with a phone is also disclosed to others in the ordinary course of use. If you buy the reasoning of the magstripe cases, you might say that getting the number from a phone is not a search for that reason. Because I don't think those cases are persuasive for reasons explained in my earlier posts , I would still say that calling from a phone is ordinarily a search.

top

- and -

The Fourth Amendment does not protect your home computer (EFF, 23 June 2016) - In a dangerously flawed decision unsealed today , a federal district court in Virginia ruled that a criminal defendant has no "reasonable expectation of privacy" in his personal computer, located inside his home. According to the court, the federal government does not need a warrant to hack into an individual's computer. This decision is the latest in, and perhaps the culmination of, a series of troubling decisions in prosecutions stemming from the FBI's investigation of Playpen -a Tor hidden services site hosting child pornography. The FBI seized the server hosting the site in 2014, but continued to operate the site and serve malware to thousands of visitors that logged into the site. The malware located certain identifying information (e.g., MAC address, operating system, the computer's "Host name"; etc) on the attacked computer and sent that information back to the FBI. There are hundreds of prosecutions, pending across the country, stemming from this investigation. The implications for the decision, if upheld, are staggering: law enforcement would be free to remotely search and seize information from your computer, without a warrant, without probable cause, or without any suspicion at all. To say the least, the decision is bad news for privacy. But it's also incorrect as a matter of law, and we expect there is little chance it would hold up on appeal. (It also was not the central component of the judge's decision, which also diminishes the likelihood that it will become reliable precedent.) [ see also Judge says FBI can hack computers without a warrant because computer users get hacked all the time (TechDirt, 24 June 2016)]

top

NOTED PODCASTS/MOOCS

'State of Surveillance' with Edward Snowden (Vice, 8 June 2016; 27 minute video) - When NSA whistleblower Edward Snowden leaked details of massive government surveillance programs in 2013, he ignited a raging debate over digital privacy and security. That debate came to a head this year, when Apple refused an FBI court order to access the iPhone of alleged San Bernardino Terrorist Syed Farook. Meanwhile, journalists and activists are under increasing attack from foreign agents. To find out the government's real capabilities, and whether any of us can truly protect our sensitive information, VICE founder Shane Smith heads to Moscow to meet the man who started the conversation, Edward Snowden.

top

RESOURCES

Griffiths on exhaustion and the alteration of copyright works in EU copyright law (MLPB, 6 June 2016) - Jonathan Griffiths, Queen Mary University of London, School of Law, has published Exhaustion and the Alteration of Copyright Works in EU Copyright Law - (C-419/13) Art & Allposters International BV v Stichting Pictoright at ERA Forum 1 (May 2016). Here is the abstract: The Judgment of the Court of Justice in (C-419/13) Art & Allposters International BV v Stichting Pictoright concerned a claim that the transfer of an image from paper poster to artist's canvas infringed copyright in that image. It is argued here that, while the case sheds little light on the potential application of the Usedsoft principle to copyright works more generally, its significance extends well beyond the relatively specialist practices with which the national proceedings were concerned. Following an outline of the Judgment, the article goes on to consider its implications for our understanding of the reproduction, distribution and adaptation rights in EU copyright law.

top

Manning on Hyperlinks and Copyright Law (MLPB, 9 June 2016) - Colin Manning, Cork Institute of Technology, has published Hyperlinks & Copyright Law . Here is the abstract: Reconciling the desire for wide distribution with the desire for control has proven challenging for the law. Deep linking is a good illustration of how applying print and broadcast era concepts to the challenges of the digital era can result in uncertainty and unintended consequences. In the Svennson decision, the court not only failed to acknowledge the distinction between linking and embedding, but it explicitly permitted embedding of content from other sites. This could have implications for how content is distributed, and may ultimately harm user privacy.

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Choicepoint to pay $15 million for data breach (CSO Online, 26 Jan 2006) -- ChoicePoint Inc., the data broker that set off a national debate after disclosing a data breach early in 2005, will pay US$15 million in fines and other penalties for lax security standards, the U.S. Federal Trade Commission (FTC) announced Thursday. ChoicePoint's $10 million fine is the largest civil fine in the FTC's history, the FTC said. Under a settlement with the FTC, the Georgia company will also set up a $5 million fund to aid victims of identity theft that resulted from the data breach, and the company has agreed to implement new security measures and have an independent auditor review its security every other year until 2026, said FTC Chairwoman Deborah Platt Majoras.

top

- and -

Keeping your enemies close (New York Times, 12 Nov 2006) - If you found yourself running a company suddenly branded one of the most reviled in the country - if, for example, you noticed that visitors to Consumerist.com, a heavily visited consumer Web site, voted yours as the second "worst company in America" and you had just been awarded the 2005 "Lifetime Menace Award" by the human rights group Privacy International - you might feel obliged to take extraordinary steps. You might even want to reach out to your most vocal critics and ask them, "What are we doing wrong?" So it was in early 2005 that Douglas C. Curling, the president of ChoicePoint, a giant data broker that maintains digital dossiers on nearly every adult in the United States, courted two critics whom he had accused just months earlier of starting "yet another inaccurate, misdirected and misleading attack" on his company. Mr. Curling also contacted others who had spent years calling for laws requiring better safeguarding of personal information that ChoicePoint and other data brokers assemble - records such as Social Security numbers, birth dates, driver's license numbers, license plate numbers, spouse names, maiden names, addresses, criminal records, civil judgments and the purchase price of every parcel of property a person has ever owned. "It was sort of like when I talk with my wife when she's not happy with me," Mr. Curling said of his dealings with some of ChoicePoint's harshest critics. "It's not exactly a dialogue I look forward to, but I can't deny it's important." He also could not deny his motivations for engaging in these conversations: in the public's mind, ChoicePoint had come to symbolize the cavalier manner in which corporations handled confidential data about consumers. [ Polley in 2006 : Long, excellent, thorough, piece on the fall, and rise, of ChoicePoint. Includes useful collateral graphics and timelines. Illuminates the social-engineering dimension of data security.]

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. Aon's Technology & Professional Risks Newsletter

5. Crypto-Gram, http://www.schneier.com/crypto-gram.html

6. Steptoe & Johnson's E-Commerce Law Week

7. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

8. The Benton Foundation's Communications Headlines

9. Gate15 Situational Update Notifications, http://www.gate15.us/services.html

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

Saturday, May 28, 2016

MIRLN --- 8-28 May 2016 (v19.08)

MIRLN --- 8-28 May 2016 (v19.08) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | PODCASTS/MOOCS | RESOURCES | LOOKING BACK | NOTES

Law schools as innovation hubs - the Global Legal Technology Lab (Open Law Lab, 5 May 2016) - Today I had the pleasure of attending an exploratory meeting for a new initiative - the Global Legal Technology Lab . It's a network of law schools, legal technology companies, and other organizations interested in pushing forward new innovations in the legal system - particularly around access to justice. It grew out of meetings at University of Missouri - Kansas City Law School, that the Kauffman Foundation had supported to explore how innovation and technology could be brought to law. But it is not strictly a UMKC, MIT, or Kauffman project. It is meant to be a new network of law schools who build new technologies and launch projects that make the legal system more accessible, efficient, and empowering. Today was about exchanging ideas about projects, and thinking through how the Global Legal Technology Laboratory could operate. One of the driving ideas is to link projects across different schools and silos, stop duplication of efforts, and drive a stronger agenda of what the future of legal education and innovation should look like. The concept is that people at law schools can propose projects, draw upon the GLTL's resources to get more guidance, man/womanpower, and perhaps also funding. These projects could come from hackathons, classes, research, or otherwise. Instead of these projects stalling out after being identified and scoped, the GLTL should help keep their momentum and contribute to their implementation.

top

Restraining order? Don't follow her on Instagram (Newsweek, 10 May 2016) - A clothing designer allegedly attacked his ex-girlfriend last year in New York City, choking her, throwing her to the ground and dragging her by her hair, according to the criminal complaint charging him with misdemeanor assault. About a week later, the woman obtained an order of protection barring the designer, Nicholas Lemons, from contacting her, but he couldn't resist trying to keep tabs on her. Just four months after a Manhattan judge signed the order of protection, Lemons tried to follow his former flame on Instagram, court papers state-leading to another criminal charge the judge said was the first of its kind. Lemons, 34, was charged with criminal contempt in September 2015 for violating the order of protection that forbade him contacting his ex-girlfriend through any means, including electronically. The former model-who posed on the cover of Out magazine in 2006 wearing green briefs and a necklace-argued he didn't violate the restraining order because his follow request merely "triggered a notification by Instagram" and there was no direct contact. But Manhattan criminal court judge Steven Statsinger shot down that argument, ruling against Lemons and marking a new wrinkle in the intersection of the internet and the law. "The situation described here is exactly the same as if the defendant, using his iPhone, had asked Siri to place a call to the complainant, instead of dialing her number himself," Statsinger wrote in his May 2 decision . A Massachusetts family law attorney said he advises all his clients with orders of protection to stay off social media. "If you have to use social media, don't say anything about your ex and don't follow them. And don't ever, ever, ever say anything about the judge," says Alan Pransky , who is not involved in the Lemons case but has handled cases involving domestic violence and internet issues.

top


- and -

Judge scolds litigant for making Facebook account "private" during litigation (Venkat Balasubramani, 16 May 2016) - This is a social media evidence ruling. Plaintiff filed a Fair Housing Act lawsuit alleging that a prospective landlord decline to rent an apartment after learning that two of plaintiff's children would be living with her. The lease denial allegedly caused emotional harm to plaintiff. Defense counsel flagged the issue of plaintiff's social media accounts early, warning plaintiff's counsel that plaintiff's social media accounts would be scrutinized and that she should be warned about "spoilage" [sic]. In the context of another motion, plaintiff acknowledged to the court that she had Facebook and Instagram accounts and that these accounts were "private". Shortly after this filing, defense counsel sought sanctions for spoliation and an injunction prohibiting plaintiff from accessing her social media accounts. [ Spoiler alert : the court denies the requested injunction.] In a supporting declaration, defense counsel averred that he had viewed plaintiff's social media accounts and observed posts "disappearing from view". In defendant's view, these posts were relevant to plaintiff's claims for emotional distress and might counter-indicate that she suffered emotional distress as a result of being unable to rent the apartment in question. The posts also allegedly demonstrated that plaintiff was not separated from her family, which was the supposed cause of her emotional distress. The court holds an evidentiary hearing at which two lawyers and the plaintiff testify. According to one of the lawyers for the defense, she accessed plaintiff's accounts at one point despite not being "friends" with plaintiff. She later looked at the accounts and saw many posts were missing. The Plaintiff also testified that, to her knowledge, she never deleted anything. She did hide a few posts from her timeline which appeared there because she had been tagged by others. She said she thought she originally set her Facebook account to private and she merely double checked this after defendant filed its spoliation motion. Counsel for plaintiff offered to provide to defense counsel a copy of plaintiff's entire Facebook account. * * *

top

Autonomous cars require a self-driven legal hybrid teams (ReadWrite, 10 May 2016) - Business and law have gone hand-in-hand since the concept of law was invented. Virtually every industry in the business world has its own set of unique legal issues. For the emerging business of autonomous vehicles - with all the regulatory hurdles and business model crossovers - it looks like it's becoming even more important to have a focused legal team. This is why many auto-industry serving law firms across the nation are forming special autonomous vehicle teams to better serve clients as they build their autonomous vehicle products and services and work them through the legal red tape to bring them to market. In a recent interview with Crain's Detroit business , Jennifer Dukarski from the Ann Arbor-based law firm Butzel Long described the work of its dedicated autonomous vehicle team as, "very traditional legal issues, but with very new context." While the debate rages on in states and throughout the Federal government as to what new laws and/or regulations need to apply to this new type of vehicle, companies depend on law firms to not only help them navigate the constantly-changing legal waters, but to take part in the business deals that help make innovation in the new space possible.

top

Immediate action for human resource departments on the Defend Trade Secrets Act (Patently-O, 11 May 2016) - Starting May 12, 2016 all employers will be required by Federal Law to provide a notice-of-immunity to employees and contractors "in any contract or agreement with an employee [or independent contractor] that governs the use of a trade secret or other confidential information." (If the DTSA is enacted as expected.) The Defend Trade Secrets Act (DTSA) amends 18 U.S.C. 1832 to provide limited whistle blower immunity. The headline for the provision is "immunity from liability for confidential disclosure of a trade secret to the government or in a court filing." Thus, an action that would otherwise count as trade secret misappropriation will be immunized if the disclosure: (A) is made (i) in confidence to a Federal, State, or local government official, either directly or indirectly, or to an attorney; and (ii) solely for the purpose of reporting or investigating a suspected violation of law; or (B) is made in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal. The statute is clear that the immunity extends to protect against both state and federal law; both civil and criminal allegations. Under the provision, employers are required to provide notice of the immunity "in any contract or agreement with an employee [or independent contractor] that governs the use of a trade secret or other confidential information." The statute suggests that this may be done via reference to a policy document rather than restating the entire immunity provisions in each agreement.

top

- and -

Defend Trade Secrets Act of 2016: Markup and commentary (Patently-O, 12 May 2016) - President Obama has signed the Defend Trade Secrets Act of 2016 (DTSA) into law. The new law creates a private cause of action for trade secret misappropriation that can be brought in Federal Courts and with international implications. I have created a mark-up (with commentary) of the new law that shows how the DTSA's amendments to the Economic Espionage Act (EEA). * * *

top

Negotiating key cyber exclusions (Holland & Knight, 11 May 2016) - * * * The following is intended to cover some tips on how to negotiate the exclusion section of a cyber liability insurance policy. Although the tips below are limited to the exclusions section, it is not the only section of a cyber pol- icy that must be negotiated. * * *

top

Disaggregation of legal information an opportunity for all (Kevin O'Keefe, 11 May 2016) - Shaunna Mireau , ‎Director of Knowledge Management and Process Improvement at Field Law, reports on an interesting development on the reporting of UK law.

Per a recent press release from ICLR (The Incorporated Council of Law Reporting for England and Wales): [ICLR] has started the process of disaggregating its law reports from the online services operated by LexisNexis and Thomson Reuters in Australia, Canada, New Zealand and the United States. Subscribers to these services based elsewhere in the world will not be affected. The process of removing ICLR content from these providers will take effect on 1 January 2017. Thereafter, the ICLR - the publisher of the English official series, The Law Reports - will provide its case law service directly to lawyers, judges, academics and students in these regions through its established online platform, ICLR Online. * * *

top

Hail and farewell to the Google books case (James Grimmelmann, 11 May 2016) - "The petition for a writ of certiorari is denied. Justice Kagan took no part in the consideration or decision of this petition." With that two-sentence order, the Supreme Court brought the long-running Google Books case to a close on April 18. After ten years, two lawsuits, one failed settlement , a parallel case against Google's library partners , and five landmark copyright decisions there is nothing more for the courts to say. Google Books is legal. Full stop. If the news felt a bit anticlimactic, it wasn't just because of the Supreme Court's dull legalese. Google's scanning project and the subsequent lawsuits once commanded the attention of the publishing and library worlds. But over the years they became peripheral. As Google copied some 20 million volumes from library shelves, the sky did not fall on publishers, or copyright owners. Rather, the end of the litigation merely confirmed a few realities of modern publishing. * * *

top

Understanding cybersecurity threats in law practice (Special Counsel, 12 May 2016) - Organized, financially motivated hackers have turned their attention on the latest soft target: law firms. Even before the Panama Papers leak, a number of high-profile breaches put the legal profession on notice. Why do hackers target law offices in cybersecurity attacks? Because they house some of the most sensitive information in the world. Although some savvy companies have established honey pots full of false data to mislead and misdirect cyber hackers, law offices typically lack such decoys. In fact, the honesty fostered by attorney-client privilege means law offices frequently guard information that is both very sensitive and quite authentic. "Hackers know they are probably getting the real deal," says Vincent Polley, president of KnowConnect PLLC and co-editor of the ABA Cybersecurity Handbook ." That means the information hackers do find [in law firm systems] is going to be even higher value than they might otherwise get." It's the 21st century equivalent of raiding Fort Knox. "What is a law firm's wealth? Proprietary information. Its clients' secrets," says Christopher F. Smith, director, cybersecurity strategy at SAS . "To a hacker, information is money. That's why law firms make such alluring targets." Below are some guidelines to better understand cybersecurity threats and attacks and coping with the situation. * * *

top

- and -

Did the Panama Papers end the honeymoon for law firms? (Security Current, 16 May 2016) - Try and do an information security risk assessment of a law firm your company uses. Give them an InfoSec security questionnaire to fill out and request key information security documents. And if they host a lot of your sensitive data ask for a SOC2 report or even a penetration test report. What are the chances you will not get a major push back? What about your right to audit? Can you come onsite and validate some key security controls? Do you think law firms have had a free pass? Do you think the Panama Papers lawsuit will change anything? Do you think cyber crooks will take a peek at law firms more now - especially knowing how much sensitive data about people and corporations they may have? Is it all just about contractual terms and conditions? Many of the bigger law firms have indeed taken information security seriously and thus have a sound information security program in place. But, as is with many industries, the real challenges continue to haunt in particular the medium and small firms, some of which have significant engagements with many big companies putting sensitive data at risk.

top

Federal Circuit: Software and data structures are not inherently abstract (Patently-O, 12 May 2016) - In a rare win for a software patentee, the Federal Circuit has rejected a lower court ruling that Enfish's "self-referential" database software and data-structure invention is ineligible under 35 U.S.C. § 101 as effectively an abstract idea.[1] The apparent saving-grace of the claims here is that the improvement is directed to the database operation and is not tied to the business improvement or economic activity: In this case . . . the plain focus of the claims is on an improvement to computer functionality itself, not on economic or other tasks for which a computer is used in its ordinary capacity. Accordingly, we find that the claims at issue in this appeal are not directed to an abstract idea within the meaning of Alice. Rather, they are directed to a specific improvement to the way computers operate, embodied in the self-referential table.

top

Want a security clearance? Feds will now check Facebook and Twitter first (WaPo, 13 May 2016) - The government will start scanning Facebook, Twitter, Instagram and other social media accounts of thousands of federal employees and contractors applying and re-applying for security clearances in a first-ever policy released Friday. Federal investigators looking at applicants' backgrounds to determine their trustworthiness will not ask for passwords or log in to private accounts, limiting their searches to public postings. And when they find information that has no relevance to whether they should have access to classified information, it will be wiped from government servers, the policy promises.

top

Federal Acquisition Regulation; Basic safeguarding of contractor information systems (FedReg, 16 May 2016) - DoD, GSA, and NASA are issuing a final rule amending the Federal Acquisition Regulation (FAR) to add a new subpart and contract clause for the basic safeguarding of contractor information systems that process, store or transmit Federal contract information. * * * This final rule has basic safeguarding measures that are generally employed as part of the routine course of doing business. DoD, GSA, and NASA published a proposed rule in the Federal Register at 77 FR 51496 on August 24, 2012, to address the safeguarding of contractor information systems that contain or process information provided by or generated for the Government (other than public information). This proposed rule had been preceded by DoD publication of an Advance Notice of Proposed Rulemaking (ANPR) and notice of public meeting in the Federal Register at 75 FR 9563 on March 3, 2010, under Defense Federal Acquisition Regulation Supplement (DFARS) Case 2008-D028, Safeguarding Unclassified Information. * * * This rule, which focuses on ensuring a basic level of safeguarding for any contractor system with Federal information, reflective of actions a prudent business person would employ, is just one step in a series of coordinated regulatory actions being taken or planned to strengthen protections of information systems.

top

Federal judge says internet archive's Wayback machine a perfectly legitimate source of evidence (TechDirt, 18 May 2016) - Those of us who dwell on the internet already know the Internet Archive's " Wayback Machine " is a useful source of evidence. For one, it showed that the bogus non-disparagement clause KlearGear used to go after an unhappy customer wasn't even in place when the customer ordered the product that never arrived. It's useful to have ways of preserving web pages the way they are when we come across them, rather than the way some people would prefer we remember them, after vanishing away troublesome posts, policies, etc. Archive.is performs the same function. Screenshots are also useful, although tougher to verify by third parties. So, it's heartening to see a federal judge arrive at the same conclusion, as Stephen Bykowski of the Trademark and Copyright Law blog reports : The potential uses of the Wayback Machine in IP litigation are powerful and diverse. Historical versions of an opposing party's website could contain useful admissions or, in the case of patent disputes, invalidating prior art. Date-stamped websites can also contain proof of past infringing use of copyrighted or trademarked content. The latter example is exactly what happened in the case Marten Transport v. PlatForm Advertising , an ongoing case in the District of Kansas. The plaintiff, a trucking company, brought a trademark infringement suit against the defendant, a truck driver job posting website, alleging unauthorized use of the plaintiff's trademark on the defendant's website. To prove the defendant's use of the trademark, the plaintiff intended to introduce at trial screenshots of defendant's website taken from the Wayback Machine, along with authenticating deposition testimony from an employee of the Internet Archive. The defendant tried to argue that the Internet Archive's pages weren't admissible because the Wayback Machine doesn't capture everything on the page or update every page from a website on the same date. The judge, after receiving testimony from an Internet Archive employee, disagreed. He found the site to a credible source of preserved evidence -- not just because it captures (for the most part) sites as they were on relevant dates but, more importantly, it does nothing to alter the purity of the preserved evidence.

top

Coming soon: An online network exclusively for in-house counsel (Robert Ambrogi, 18 May 2016) - Launching this summer is an online networking community where only in-house counsel will be allowed to participate. Called In the House, the professional networking site will be the online companion to the eponymous In the House networking organization for in-house counsel that has been operating since 2011. The purpose of the In the House networking site will be to provide members with a forum for freely exchanging ideas, asking questions, and requesting referrals in a confidential and secure environment. The new site will be formally unveiled at an all-day event for in-house counsel in New York City on June 20. The site will launch in late June or early July. The In the House organization was founded in 2011 by Christopher Colvin, then an attorney with an AmLaw 100 firm and now a partner at the IP law firm Eaton & Van Winkle . He saw in-house counsel as isolated from their peers at other companies and believed they would benefit from a networking forum. The organization sponsors educational and social programs for in-house lawyers and provides various practice-support materials and resources. It says it has 23,000 members. Access to the site will be free for any in-house counsel who registers. For an annual fee of $95, in-house counsel can purchase a full membership, which gives them access to the site, free attendance at live events, and other members-only materials. The site is being built on a platform provided by HighQ , a company that provides secure collaboration platforms and data rooms for law firms, investment banks and corporations. * * * From what little I know about this site so far, it sounds similar in concept to Legal OnRamp , a professional networking and collaboration site started in 2007 by the general counsel of nine blue chip companies, led by Mark Chandler, general counsel at Cisco. Its goal similarly was to create an online collaboration and content-sharing network primarily for in-house counsel, although membership could also be granted to outside counsel based on the fit of their practice and their willingness to contribute to the site. Legal OnRamp's CEO was Paul Lippe, a former general counsel who is now familiar to many for the column he writes for the ABA Journal, The New Normal . Legal OnRamp eventually morphed into a company, OnRamp Systems, that marketed several collaboration and analysis tools for corporate counsel and their outside firms. While the focus turned more to the products, the network continues to operate.

top

Free WiFi, phone chargers, cooler design - can NYC make buses hip? (CSM, 18 May 2016) - The Metropolitan Transportation Authority (MTA) has embarked on an ambitious plan to modernize public transportation in New York. On Tuesday, New York Gov. Andrew Cuomo (D) announced the first next-generation public transit bus had arrived in New York City. The bus is the first of 75 that will be launched this year to address a growing problem of out-dated and overcrowded transport in the region with more modern designs and digital features to satisfy an increasingly wired public. The MTA is the largest transportation network in the country, commuting over a 5,000-square-mile area with 15.2 million people. In total, the agency has a fleet of 5,667 buses that service more than on an average weekday, according to MTA statistics. Of those, 2,042 buses are now set to be replaced with new, high-tech models over the next five years. All of the new buses will have free WiFi for passengers and USB charging ports line the top of the buses above the windows. Thousands of buses new and old will also be fitted with new information screens. Also at the announcement event, a new free app that will allow riders to buy tickets for metro and train lines via their phones was shown to have successfully passed its first field test. It would be available for all riders by the end of 2016. The new buses and MTA eTix app are just one part of a bold and expensive ( $29 billion ) new Capital Project that was passed in October 2015 to revitalize the MTA.

top

Elsevier buys SSRN (Cory Doctorow on Boing Boing, 18 May 2016) - Elsevier is one of the world's largest scholarly publishers and one of the most bitter enemies that open access publishing has; SSRN is one of the biggest open access scholarly publishing repositories in the world: what could possibly go wrong? As renowned security academic Matt Blaze pointed out in a series of tweets , there is a common misconception about the role scholarly publishers play in research: the publishers don't pay a cent towards the research, nor do they compensate the researchers for publishing their work; but they do represent a huge cost-center for scholarly institutions in the form of subscription charges, which continue to increase far ahead of inflation. Scholarly publishers are in the business of charging money to show the public the results of research that the public paid to undertake. Elsevier says that nothing will change at SSRN, but there's good cause to be skeptical: it's like if Monsanto bought out your favorite organic farm co-op. Meanwhile, Scihub , a brazen and comprehensive repository of copyright-infringing papers from publishers like Elsevier, has become the major source of reference materials for millions around the world, with inbound links from technical discussions and the New York Times -- there's a confrontation on the horizon, there. Finally, Elsevier and the other scholarly publishers are potentially in a lot of legal trouble. Until recently, the typical academic employment agreement assigned all rights to scholars' work to their institution -- the university or college. But the contracts that scholars signed with the scholarly presses assigned copyright to them -- these are the copyrights that the publishers now assert when they fight over sites like Scihub. The problem is that if the scholars were in a work-made-for-hire situation with their employers, then they didn't have title to the copyright when they signed their contracts. That means that nearly all the publications in the journals before a certain year infringed on university copyrights. Since copyright is strict liability (that is, even if you think you're not infringing, you're still liable for damages) and since it's subject to high statutory damages ($150,000/work!) and since it lasts so long (meaning that all those works are still in copyright, still being infringed upon today), that means that the universities are owed several multiples of the total planetary GDP, each by all the major scholarly presses. That's a hell of a bargaining chip.

top

- and -

Sci-Hub and academic identity theft: An open letter to university faculty everywhere (Scholarly Kitchen, 19 May 2016) - Dear Colleagues: All of you, upon being hired at your institution, were probably assigned a network ID and password. These constitute your network identification credentials - the way in which your campus's computer and security systems recognize you as someone with a particular set of rights to see, use, and manipulate information stored on the campus's network. Your ID and password are probably also what allow you to gain off-site access to licensed information resources purchased on your behalf by the library: online journals and databases, ebooks, and other scholarly products licensed for campus use. At some time in the last year or so, you may have been contacted by an organization called Sci-Hub , which has been providing free access to published scholarship by (among other strategies) gathering the network authentication credentials of faculty members at institutions around the world and using those credentials to copy licensed scholarly publications and create an open database of them. Sometimes Sci-Hub's representatives gather these faculty credentials by simply asking for them, and sometimes they reportedly send deceptive "phishing" messages designed to trick you into sharing those credentials. (Sci-Hub's founder denies that they do this "through the Sci-Hub website"; an interesting three-way email exchange between Sci-Hub, a university administrator who believes his faculty were targeted by Sci-Hub, and an interested third party can be found here .) So far, the Sci-Hub database reportedly contains roughly 50 million articles, most of them obtained by allegedly illegal means . You may well sympathize with Sci-Hub's goal of providing free access to high-cost scholarly and scientific information; after all, there are problems with the current system of scholarly communication, and the high cost of access is one of them. By freeing published scholarship from the chains of toll access and copyright protection and making them freely available to all, it can feel like you are helping a Robin Hood figure rob from the rich and give to the poor. However, by giving someone your network credentials, you're doing something else as well: you're sharing with that person the ability to do lots of interesting things that have nothing to do with providing access to published scholarship. Depending on how access is configured on your campus, these may include: * * *

top

Legal first: California court holds inaccessible website violates ADA (Frederick & Byron, 19 May 2016) - In what appears to be the first court decision of its kind, a California state court held not only that the Americans with Disabilities Act (ADA) applies to websites, but also that in the case of Colorado Bag'n Baggage, the website design and features were sufficiently inaccessible to blind users (using screen reader technology) that the site owner violated ADA as well as the California Unruh Act and is liable for monetary damages and injunctive relief. To review the full option, see Davis v. BMI/BMD Travelware, San Bernardino Superior Court, California, March 21, 2016. * * * Unfortunately, as the opinion is relatively brief, it does not shed much light as to the specific standards or requirements applicable to websites. For example, is WCAG 2.0 AA the standard as has been suggested by some commentators? Or some other standard?

top

Classified legislation: Tracking Congress's library of secret law (Lawfare, 19 May 2016) - Most citizens assume that all of the law Congress writes is public. That is not, in fact, true. Our general norm of publishing law has a significant and largely overlooked legislative exception: classified addenda associated with three annual national security acts. If a four decade-old practice holds, the Intelligence Authorization Act (IAA), the National Defense Authorization Act (NDAA), and the Department of Defense Appropriations Act (DODAA) now moving through Congress will all do part of their lawmaking inside these classified documents. Usually, when people discuss secret law, they are referring to classified or otherwise unpublished presidential orders, Justice Department memoranda, or Foreign Intelligence Surveillance Court decisions. In a recent article , I conclude that this claim of secret law's existence is generally credible and important, and that secret law is being produced by Congress as well. To date, Congress's classified lawmaking has received scant attention outside of a small circle of legislators, committee staff, White House and agency officials, and budgeteers. Yet the public record shows that these addenda govern enormously consequential classified U.S. government activities, including surveillance, covert action, and the use of missile-armed drones. By using the term "secret law" to describe what Congress is doing here, I do not mean to suggest anything nefarious. Having served in all three branches of government, including in the Intelligence Community, I have the greatest regard for the public servants who draft and implement secret law, and for the very real national security considerations that drive its creation. I mean only that there is a body of law that meets the following definition: legal authorities that require compliance that are classified or otherwise unpublished. In this post I outline the origins, purposes, and dilemmas of these classified legal authorities, and the varieties of legislative references to them. I summarize the findings of my empirical analysis , recently published in the Harvard National Security Journal . The addenda are an example of a broader three-branch phenomenon of non-published law that we can reasonably term secret law―one with which the nation needs to come to terms. * * *

top

The slippery business of plagiarism (InsideHigherEd, 24 May 2016) - Plagiarism is a widespread problem around the world. It can take various forms - copying and pasting text without acknowledging its source, "recycling" or self-plagiarism (presenting the same paper several times as original), purchasing papers from an agency or a ghostwriter and submitting them as one's own. With the benefit of new technologies, cheating is booming, such that some countries are describing a 'plagiarism epidemic'. In the United Kingdom, for example, almost 50,000 university students were caught cheating from 2012 to 2015. This is only the reported cases - how many more cases remain undetected? Students, especially those who come from corrupt environments where plagiarism is prevalent but ignored or seen as a trivial offense, need better guidance about the consequences of violating the rules of academic integrity. For example, during the academic year 2014-2015, the Department of Immigration in Australia cancelled 9,250 international student visas - plagiarism was one of the reasons cited in addition to other forms of academic misconduct[2]. Students need to understand that plagiarism during the course of their university studies could have significant repercussions - not only in the short-term, but also for their future careers Some famous politicians have been implicated in plagiarism scandals. Following the public scandal revolving around plagiarism identified in their dissertations, German Defense Minister Karl-Theodor zu Guttenberg resigned in 2011 and German Education Minister Annette Schavan in 2013. Evidence of plagiarism was found in the dissertation of Ursula von der Leyen, the current German Defense Minister. Igor Danchenko and Clifford Gaddy, scholars at the Brookings Institute, found extensive plagiarism in the dissertation of Russian President, Vladimir Putin, "Strategic Planning of the Reproduction of the Mineral Resource Base of a Region under Conditions of the Formation of Market Relations (St. Petersburg and Leningrad Oblast)," which he'd successfully defended at the St. Petersburg Mining Institute in 1997. U.S. Vice President Joe Biden was thwarted by a plagiarism scandal that dated back to his law school years and that ended his 1988 presidential campaign. [ Polley : In 2006, I spotted evidence of repeated plagiarism in a draft article submitted by a law professor . Talk about modeling bad behavior.]

top

Apps in Law -- new website reviewing apps for lawyers (iPhone JD, 26 May 2016) - Apps in Law is a new website which launched this week and which highlights the best apps for lawyers. The site is published by Brett Burney , an e-discovery consultant based in Ohio who has long had his thumb on the pulse of legal technology. Burney was the chair of ABA TECHSHOW in 2015, and because Burney and I have given presentations together in the past, I know first-hand that he knows his stuff - especially when it comes to Apple technology. The format of Apps in Law is to provide a short, focused review of helpful apps, accompanied by a short, fast-paced video showing off the app. The website debuts with reviews of GoodReader (one of the most useful apps in my law practice), Noteshelf, Week Calendar and iAnnotate.

top

NOTED PODCASTS/MOOCS

Long Now (11 May 2016) The Long Now Foundation is making its video archive of the Seminars About Long-Term Thinking (SALT) freely available on its website and on the new Apple apps , allowing people to stream the SALT Seminars on Apple TV and their iOS devices. The free iOS apps feature videos of The Long Now Foundation's latest Seminars, including those by author and Nobel prize winner Daniel Kahneman; author Neil Gaiman; English composer and record producer Brian Eno; oceanographer Sylvia Earle; biotechnologist, biochemist and geneticist, Craig Venter; WIRED's founding executive editor Kevin Kelly; author and MacArthur Fellow Elaine Pagels; Zappos CEO Tony Hsieh; biologist Edward O. Wilson; author and food activist Michael Pollan; and psychologist Dr. Walter Mischel, creator of The Marshmallow Test. The Long Now Foundation Seminars, which are hosted by Stewart Brand, are online and available in the iTunes store as a free app and audio podcast . The iOS app initially launched with 50 Seminars, with new videos added monthly as part of the Foundation's ongoing lecture series. The Seminars are free to watch, and are made available through the generous donations of the members and sponsors of The Long Now Foundation. [ Polley : I've been a paying member here for years; their monthly seminars are usually fantastic; they do not typically address legal matters, but I highly recommend them; I'm planning on visiting their space The Interval when I'm in San Francisco for the ABA Annual meeting.]

top

RESOURCES

Samuelson on copyright's Merger Doctrine (MLPB, 10 May 2016) - Pamela Samuelson, University of California, Berkeley, School of Law, is publishing Reconceptualizing Copyright's Merger Doctrine in volume 63 of the Journal of the Copyright Society of the U.S.A. Here is the abstract: Under the merger doctrine of U.S. copyright law, courts sometimes find original expression in a work of authorship to be "merged" with the idea expressed, when that idea is incapable of being expressed, as a practical matter, in more than one or a small number of ways. To be true to the principle that copyright law does not extend its protection to ideas, courts have held in numerous cases that the merged expression is unprotectable by copyright law. This Article, which memorializes the 2015 Brace Lecture, identifies and dispels eight myths about the merger doctrine, including the myth that the doctrine was borne in the Supreme Court's Baker v. Selden decision. It also discusses merger in relation to other copyright doctrines, such as scenes a faire, originality, and the exclusion of processes embodied in copyrighted works. Finally, it considers various functions of the merger doctrine, such as averting unwarranted monopolies, policing the boundaries between copyright and patent law, and enabling the ongoing progress of knowledge.

top

Intelligence services, peer constraints, and the law (Lawfare, 10 May 2016) - Zachary Goldman and Samuel Rascoff recently released Global Intelligence Oversight: Governing Security in the Twenty-First Century . The edited volume "is a comparative investigation of intelligence oversight systems in democratic countries, which focuses on some of the new dynamics shaping and constraining intelligence services, and the range of purposes a holistic approach to oversight should serve." This week, Lawfare is hosting a mini-forum where contributing authors discuss their chapters. As Lawfare readers know, the post-9/11 years have been replete with substantive public debates about the legality, morality, and public wisdom of various U.S. intelligence activities, ranging from the NSA's electronic surveillance to the CIA's detention, interrogation, and rendition program. Nor have the intelligence activities of other states been immune from scrutiny: surveillance by the UK's Government Communications Headquarters, Israel's alleged targeting of Iranian nuclear scientists, and Russian and Chinese cyber-espionage have all come under the microscope. Alongside debates about the substance of intelligence activities are debates about the role and efficacy of intelligence oversight in constraining and modulating these intelligence activities. When most people think about intelligence community oversight, they tend to focus on domestic actors and to analyze overseers prescribed in law: parliamentary committees, inspectors general, and courts. These days, they might also think about the media and non-governmental organizations, which play a less formalized but important watchdog role over intelligence activities. Yet even this range and quantity of oversight frequently proves insufficient and unsatisfying in capturing some of the most prominent forces that shape and regulate intelligence activities.

top

What Consumers "Buy" When They Buy Digital Media (Public Citizen, 21 May 2016) - Aaron Perzanowski of Case Western Reserve and Chris Jay Hoofnagle of Berkeley have written What We Buy When We 'Buy Now', 165 University of Pennsylvania Law Review (Forthcoming 2017 ), Here's the abstract: Retailers such as Apple and Amazon market digital media to consumers using the familiar language of product ownership, including phrases like "buy now," "own," and "purchase." Consumers may understandably associate such language with strong personal property rights. But the license agreements and terms of use associated with these transactions tell a different story. They explain that ebooks, mp3 albums, digital movies, games, and software are not sold, but merely licensed. The terms limit consumers' ability to resell, lend, transfer, and even retain possession of the digital media they acquire. Moreover, unlike physical media products, access to digital media is contingent - it depends on shifting business models, the success and failure of platforms, and often on the maintenance and availability of DRM authentication systems years after the consumer clicked "buy now."

This article presents the results of the first-ever empirical study of consumers' perceptions of the marketing language used by digital media retailers. We created a fictitious Internet retail site, surveyed a nationally representative sample of nearly 1300 online consumers, and analyzed their perceptions through the lens of false advertising and unfair and deceptive trade practices. The resulting data reveal a number of insights about how consumers understand and misunderstand digital transactions. A surprisingly high percentage of consumers believe that when they "buy now," they acquire the same sorts of rights to use and transfer digital media goods that they enjoy for physical goods. The survey also strongly suggests that these rights matter to consumers. Consumers are willing to pay more for them and are more likely to acquire media through other means, both lawful and unlawful, in their absence. Our study suggests that a relatively simple and inexpensive intervention - adding a short notice to a digital product page that outlines consumer rights in straightforward language - is an effective means of significantly reducing consumers' material misperceptions.
 Sales of digital media generate hundreds of billions in revenue, and some percentage of this revenue is based on deception. Presumably, if consumers knew of the limited bundle of rights they were acquiring, the market could drive down the price of digital media or generate competitive business models that offered a different set of rights. We thus turn to legal interventions, such as state false advertising law, the Lanham Act, and federal unfair and deceptive trade practice law as possible remedies for digital media deception. Because of impediments to suit, including arbitration clauses and basic economic disincentives for plaintiffs, we conclude that the Federal Trade Commission (FTC) could help align business practices with consumer perceptions. The FTC's deep expertise in consumer disclosures, along with a series of investigations into companies that interfered with consumers' use of media through digital rights management makes the agency a good fit for deceptions that result when we "buy now."

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Court rules Google cache constitutes fair use (EFF, 25 Jan 2006) -- A federal district court in Nevada has ruled that the Google Cache feature does not infringe U.S. copyright law. The ruling clarifies the legal status of several common search engine practices and could influence future court cases, including the lawsuits brought by book publishers against the Google Library Project. Case name is Field v. Google. Decision at http://www.eff.org/IP/blake_v_google/google_nevada_order.pdf

[ Polley : amusing that this EFF link has rotted!]

top

MySpace moves into digital music business (Reuters, 2 Sept 2006) -- MySpace, the wildly popular online teen hangout, said on Friday it will make its first move into the digital music business by selling songs from nearly 3 million unsigned bands. MySpace is the latest company to try to take on Apple Computer Inc.'s iTunes Music Store, but unlike many other start-up rivals, it already boasts 106 million users, as well as the backing of parent company News Corp. "The goal is to be one of the biggest digital music stores out there," MySpace co-founder Chris DeWolfe told Reuters. "Everyone we've spoken to definitely wants an alternative to iTunes and the iPod. MySpace could be that alternative." In the past year, MySpace.com has become the single most visited Internet address among U.S. Web users, according to Hitwise, with mainly teenagers and young adults using the site to socialize, share music and photographs. Before the end of 2006, De Wolfe said MySpace will offer independent bands that have not signed with a record label a chance to sell their music on the site. MySpace says it has nearly 3 million bands showcasing their music. Songs can be sold on the bands' MySpace pages and on fan pages, in non-copyright-protected MP3 digital file format, which works on most digital players including Apple's market-dominating iPod.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. Aon's Technology & Professional Risks Newsletter

5. Crypto-Gram, http://www.schneier.com/crypto-gram.html

6. Steptoe & Johnson's E-Commerce Law Week

7. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

8. The Benton Foundation's Communications Headlines

9. Gate15 Situational Update Notifications, http://www.gate15.us/services.html

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose.

top