Saturday, February 21, 2015

MIRLN --- 1-21 February 2015 (v18.03)

MIRLN --- 1-21 February 2015 (v18.03) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | LOOKING BACK | NOTES

The cobweb (Jill Lepore in The New Yorker, 26 Jan 2015) - * * * For the law and for the courts, link rot and content drift, which are collectively known as "reference rot," have been disastrous. In providing evidence, legal scholars, lawyers, and judges often cite Web pages in their footnotes; they expect that evidence to remain where they found it as their proof, the way that evidence on paper-in court records and books and law journals-remains where they found it, in libraries and courthouses. But a 2013 survey of law- and policy-related publications found that, at the end of six years, nearly fifty per cent of the URLs cited in those publications no longer worked. According to a 2014 study conducted at Harvard Law School, "more than 70% of the URLs within the Harvard Law Review and other journals, and 50% of the URLs within United States Supreme Court opinions, do not link to the originally cited information." The overwriting, drifting, and rotting of the Web is no less catastrophic for engineers, scientists, and doctors. Last month, a team of digital library researchers based at Los Alamos National Laboratory reported the results of an exacting study of three and a half million scholarly articles published in science, technology, and medical journals between 1997 and 2012: one in five links provided in the notes suffers from reference rot. It's like trying to stand on quicksand. * * * The footnote problem, though, stands a good chance of being fixed. Last year, a tool called Perma.cc was launched. It was developed by the Harvard Library Innovation Lab, and its founding supporters included more than sixty law-school libraries, along with the Harvard Berkman Center for Internet and Society, the Internet Archive, the Legal Information Preservation Alliance, and the Digital Public Library of America. Perma.cc promises "to create citation links that will never break." It works something like the Wayback Machine's "Save Page Now." If you're writing a scholarly paper and want to use a link in your footnotes, you can create an archived version of the page you're linking to, a "permalink," and anyone later reading your footnotes will, when clicking on that link, be brought to the permanently archived version. Perma.cc has already been adopted by law reviews and state courts; it's only a matter of time before it's universally adopted as the standard in legal, scientific, and scholarly citation. [ Polley : Fascinating article. about the WABAC/Wayback machine, etc.]

top

Yelp goes to court to protect identity of anonymous review-writer (Consumerist, 30 Jan 2015) - Once again, a business who is displeased with an anonymous review on Yelp is trying to sue that reviewer and attempting to compel Yelp to reveal that user's actual identity. But this morning, lawyers for Yelp and consumer advocates were in court to argue that there is no justification for unmasking the writer of this review. In June 2013, a Yelp user with the screen name "Lin L." wrote a Yelp review for a real estate firm in Texas. The review stated that the agent she worked with was "by far the worst deceitful and money greedy sales agent you would ever deal with," who "failed to represent us as clients, never explained our contracts to us and not once did he ever ask us what we wanted to keep or take in our home," along with other claims that she was rushed into selling the house so that the agent could make his commission. Then in May 2014, the firm contacted Yelp to request the removal of the review. After looking into Lin L.'s comments, Yelp decided in June 2014 to allow the review to stand "because it appeared to reflect the user's personal experience and opinions, consistent with Yelp's Terms of Service and Content Guidelines." When Aug. 2014 rolled around, the firm's lawyer contacted Yelp, claiming that Lin L. was never a client and that what she describes in the review never occurred. The lawyer warned that if Yelp did not "immediately remove this review and disclose the full identity of this individual," the firm would file a lawsuit seeking damages and attorney fees. Yelp's response defended its decision to keep the review online saying it still believed the write-up reflected the user's opinions and experiences. However, if the real estate firm were able to prove in court that the review is defamatory, Yelp would reconsider. The site also said it would not reveal Lin L.'s identity without a valid subpoena. In Nov. 2014, more than a year after the original review was posted, the real estate firm filed suit [ PDF - complaint begins on p. 9 ] in a county court in Texas, alleging claims for defamation, civil conspiracy, and exemplary damages against defendant Lin L., but did not name Yelp as a defendant. The firm did, however, issue a subpoena to Yelp's registered agent in Delaware, demanding identifying information and "all records and documents in your possession pertaining to LIN L." Last week, Yelp and Paul Alan Levy, attorney for consumer advocacy group Public Citizen, filed an opposition [ PDF ] to the motion to compel, and then appeared before the court this morning to make their case. [ Polley : Spotted by MIRLN reader Elizabeth Polley .]

top

Binding teams in Silicon Valley (Patently-O, 30 Jan 2015) - In a recently published article, I report preliminary evidence supporting a novel view of what patents can do: keep inventive teams together. This evidence suggests that, in addition to their traditional role as incentives for innovation, patents may be doing important work in fostering collaboration in high tech industries. To see how this works, suppose you're the founder of a Silicon Valley start-up. After a few years, you've found modest success-a product launch, a small core of devoted customers. But it seems clear at this point that there's no massive IPO exit on the horizon. Instead, your capital is running low and the venture capitalists who financed your firm are getting impatient. Now Facebook shows up at your door: it wants to hire you and your team of engineers. The catch is that it wants the whole team. Facebook knows how hard it is to find talent that works well together. Plus, both you and Facebook know that if your team doesn't go as a group, any team member that strikes off on her own is likely to soon become a competitor. What do you do? One possibility is that you convince Facebook not only to hire your team, but also to buy the entire start-up. That way, Facebook can acquire the rights to any patents flowing from the work the team did at the start-up. These patents can then bind the team together by raising the costs to members of leaving-a departing team member won't be able to continue working in the path set out by the team's patents. Thus, while intellectual property is traditionally thought to prevent the entire public from freeriding on a creator's investment in producing a public good, it can also regulate relationships among team members, as Robert Merges and Paul Heald have separately argued in the patent context, and as Tony Casey and I have jointly argued in the copyright context. In my most recent article, I support this team-binding view of patents with data from Silicon Valley acqui-hires. Those transactions, illustrated by the founder-Facebook scenario posed above and explored in illuminating detail by John Coyle and Gregg Polsky, are understood to be driven by Silicon Valley norms of cooperation.

top

On FTC's staff report: cybersecurity for the Internet of Things (Lawfare, 31 Jan 2015) - On Tuesday, January 27, 2015, the Federal Trade Commission released a staff report on cybersecurity and the Internet of Things . Although as a staff report, the report has no binding authority on anyone, and the report merely stated that "commission staff encourages companies to consider adopting the best practices highlighted by workshop participants," it was predictable that opposing voices were heard noting that excessive regulation could smother innovation and scare customers away from a promising new technology. (See this , for example.) The best practices mentioned include building security into devices at the outset, rather than as an afterthought; training all employees about good security, and ensuring that security issues are addressed at the appropriate level of responsibility within the organization; using service providers that are capable of maintaining reasonable security and provide reasonable oversight for these service providers; implementing a defense-in-depth approach to security; limiting the ability of unauthorized persons to access a consumer's device, data, or even the consumer's network; and monitor products throughout their life cycle and, to the extent feasible, patching known vulnerabilities.

top

BMW fixes security flaw that left locks open to hackers (BBC, 2 Feb 2015) - BMW has patched a security flaw that left 2.2 million cars, including Rolls Royce and Mini models, open to hackers. The flaw affected models fitted with BMW's ConnectedDrive software, which uses an on-board Sim card. The software operated door locks, air conditioning and traffic updates but no driving firmware such as brakes or steering, BMW said. ADAC's researchers found the cars would try to communicate via a spoofed phone network, leaving potential hackers able to control anything activated by the Sim. The patch, which would be applied automatically, included making data from the car encrypted via HTTPS.

top

EFF joins coalition to launch Canarywatch.org (EFF, 2 Feb 2015) - "Warrant canary" is a colloquial term for a regularly published statement that an internet service provider (ISP) has not received legal process that it would be prohibited from saying it had received, such as a national security letter. The term "warrant canary" is a reference to the canaries used to provide warnings in coalmines, which would become sick from carbon monoxide poisoning before the miners would-warning of the otherwise-invisible danger. Just like canaries in a coalmine, the canaries on web pages "die" when they are exposed to something toxic-like a secret FISA court order. Warrant canaries rely upon the legal theory of compelled speech. Compelled speech happens when a person is forced by the government to make expressive statements they do not want to make. Fortunately, the First Amendment protects against compelled speech in most circumstances. In fact, we're not aware of any case where a court has upheld compelled false speech. Thus, a service provider could argue that, when its statement about the legal process received is no longer true, it cannot be compelled to reissue the now false statement, and can, instead, remain silent. So far, no court has addressed this issue. But if you're not paying attention to a specific canary, you may never know when it changes. Plenty of providers don't have warrant canaries. Those that do may not make them obvious. And when warrant canaries do change, it's not always immediately obvious what that change means. That's why EFF has joined with a coalition of organizations, including the Berkman Center for Internet and Society, New York University's Technology Law & Policy Clinic , and the Calyx Institute to launch Canarywatch.org. Canarywatch lists the warrant canaries we know about, tracks changes or disappearances of those canaries, and allows users to submit canaries not listed on the site. For people with interest in a particular canary, the site will show any changes we know about. The page's FAQ explains the mechanics and legal theories underpinning warrant canaries. It also has an anatomy of a canary that, since canaries come in so many different forms, helps anyone understand what they're seeing when they look at a particular canary.

top

Sookasa provides HIPAA-compliant, encrypted cloud storage (Lawyerist, 2 Feb 2015) - Although there are many ways to encrypt your communications, and plenty of storage services that offer HIPAA compliance, most of them come with a price: lack of convenience, and clunkiness. That is probably why a lot of us just end up stashing things in Dropbox. It's easy and there are apps for any device you might have. On your home computer, you can just drag and drop into Dropbox and it lives forever in the cloud. However, Dropbox certainly isn't the most secure solution, and is not HIPAA compliant. Sookasa works with Dropbox and gives you an encrypted (and, if you pay for it, HIPAA- and FERPA-compliant) storage folder. Putting files in Sookasa is as easy as putting them in your Dropbox; it is that ease of use that often gets us to be more aggressive about securing data. There are no extra steps and you do not need to be some sort of Internet-ninja wizard to use the product. HIPAA, of course, governs the security of health data. Briefly, if you are looking for a HIPAA-compliant data storage service, you need to make sure it can do three things: * * * [ Polley : Sounds interesting, but I haven't investigated. Reader comments/experiences welcome.]

top

Court tosses warrant after FBI's Internet 'ruse' (The Hill, 3 Feb 2015) - A federal magistrate judge is dismissing an FBI search warrant that led to the arrest of as many as eight people accused of running an illegal online sports betting operation out of Las Vegas. The warrant raised eyebrows after it was revealed that FBI agents cut the suspects' Internet access, then posed as cable repairmen to enter their luxury hotel rooms and gather evidence that was later used to support the bureau's search warrant. As a result, Magistrate Judge Peggy Leen ruled the warrant was "fatally flawed." When applying for the warrant, investigators failed to disclose that their suspicions were largely founded on a "ruse," Leen said. It doesn't matter that subsequent evidence gathered with the search warrant turned up more incriminating information. The decision must be approved by a district court judge. The men who were charged in the case have filed a lawsuit against the government.

top

Brokerage firms worry about breaches by hackers, not terrorists (NYT, 3 Feb 2015) - The online attack on Sony Pictures Entertainment in the fall that federal authorities linked to the North Korean government raised alarm bells about the hacking threat posed by foreign governments. But brokerage firms based in the United States remain most concerned about an attack carried out by a loose band of hackers or employees with a grudge. A report released on Tuesday by the Financial Industry Regulatory Authority, the industry's self-monitoring organization, said a study of about 20 brokerage firms found the threat of an online intrusion by a nation or a terrorist group ranked near the bottom of the industry's concerns. Worries about state-sponsored breaches were highest at big investment banks. But few of the largest firms questioned by Finra put such attacks at the top of their list. All the firms said they had little concern about a hacking carried out by a competitor. The results of the study were included in a Finra report that focused on best practices that brokerage firms should enact to prevent serious attacks that can compromise a customer's personal and financial information. The organization conducted the survey last year to better understand what brokerage firms, both large and small, are doing to guard against a serious breach. In another sign of just how important the threat of an intrusion has become for the financial services industry, the Securities and Exchange Commission issued its own report on Tuesday that examined how prepared Wall Street investment banks and brokerage firms were to repel hackers bent on gaining access to their digital networks. That examination of more than 100 registered firms found that the overwhelming majority "have been the subject of a cyber-related incident." The Finra report recommended that all brokerage firms assess their security as well as review the safeguards put in place by their vendors. These reviews should focus on things like data encryption, the number of employees who have access to a network, the frequency of software patches and updates, the security of data storage facilities, and measures taken to secure wireless and mobile systems. The report said about 80 percent of firms questioned already conducted some form of periodic security self-assessment. But the regulatory agency said it was "concerned that the remaining firms either had no program in place or were in the nascent stages of establishing a program."

top

GCs play growing role in managing 'super risk' issue of cybersecurity (Legal Intelligencer, 3 Feb 2015) - As general counsel combat the constant threat of data breaches, their companies' information security officers are the most likely colleagues on speed dial. But with breaches viewed as almost inevitable, law firms also play a critical role in helping general counsel navigate a patchwork of state laws and how to handle fallout when information is compromised. "You can almost assume you will get attacked and infiltrated. Everybody does," said a utility company general counsel who wanted to remain anonymous. "The question is how do you recover from that." This general counsel wasn't alone in not wanting to be named or, in some cases, even talk about cybersecurity issues out of fear hackers would want to test the company's proclaimed security measures. While cybersecurity issues began years ago as one of many risks a board of directors had to manage, the issues faced by companies like Sony and Target have turned cybersecurity into a "super risk," the general counsel said. "It's now treated at a governance level with the board of directors not just as another risk, but an issue unto itself," the GC said. "Thwarting and responding to breaches of corporate data is increasingly a reality for today's GCs and CLOs," said Veta T. Richardson, ACC president and CEO. "As attempted data breaches become more sophisticated, the CLO will play a growing role in cybersecurity strategy, risk assessment and prevention." [ Polley : pretty interesting article.]

top

- and -

Cybersecurity in the wake of Sony (WSJ, 10 Feb 2015) - If there was one specter hanging over this year's gathering of The Wall Street Journal's CIO Network, it could be spelled: S-O-N-Y. Conversation during breaks gravitated to the remarkable destruction of Sony Pictures Entertainment's network and files that hackers caused in November. This hack wasn't about stealing intellectual property and slinking away, or pranking a former employer. These hackers broke in and fired up the wrecking ball. The global chief information officers who gathered at the third annual CIO Network in San Diego last week are a chastened crew. When asked who hasn't been hacked, just one hand went up in the audience, and that CIO got a lot of skeptical looks. And when asked if business and the government were making progress against hacking or were losing the battle, the group overwhelmingly said the latter. But the conversation quickly got pragmatic. "Don't go overboard on security," one CIO said. "I still have to address other matters." Company networks need to grow and be flexible, interact with vendors and customers, and accommodate internal innovation. Cybersecurity has become just one more item on the corporate risk-management list-albeit high on the list, several CIOs said.

top

- and -

SEC and FINRA issue cybersecurity publications (Nat'l Law Journal, 6 Feb 2015) - On February 3, the Securities and Exchange Commission and Financial Industry Regulatory Authority issued separate publications on cybersecurity risk. The SEC's risk alert provides summary observations from the SEC's Office of Compliance Inspections and Examinations based on prior examinations of broker-dealers and investment advisers. These examinations focused on how firms (1) identify cybersecurity risks; (2) establish cybersecurity policies, procedures and oversight processes; (3) protect their networks and information; (4) identify and address risks associated with remote access to client information, fund transfer requests and third-party vendors; and (5) detect unauthorized activity. The SEC also released an investor bulletin that provides guidance to help investors safeguard their online investment accounts. Among other things, the SEC recommends using a strong password and a two-step verification process. Separately, FINRA released two publications on cybersecurity. FINRA's cybersecurity report identifies best practices for managing cybersecurity threats based on prior examinations of its member firms. These practices include, among other things, establishing a sound governance framework, utilizing risk assessments and technical controls, developing cyber-incident response plans, and training staff on cybersecurity issues. FINRA also released an investor alert to help investors safeguard their brokerage accounts and financial information. The publications are available here: SEC Risk Alert , SEC Investor Bulletin , FINRA Report and FINRA Investor Alert . [ Polley : see also Proskauer's piece on the FINRA report: FINRA Cybersecurity Report Highlights Risks, Best Practices (7 Feb 2015)]

top

- and -

After high-profile hacks, many companies still nonchalant about cybersecurity (CS Monitor, 19 Feb 2015) - Conventional wisdom suggests that the costly data breaches at Target, Home Depot, JPMorgan, and elsewhere have elevated information security concerns to the highest echelons of corporate America and are driving major improvements in security practices. But the results of two separate surveys highlight a somewhat more nuanced reality. The breaches and resulting losses have made security a higher priority on the corporate agenda. But a disconnect still appears to exist between the security function and senior leadership at many companies. What's more, many corporate boards seem nonchalant about the risks their organizations face from information security failures such as the ones that have hit Sony Pictures, Anthem, and others in recent months. In a survey commissioned by defense contractor Raytheon of 1,006 chief information officers, chief information security officers, and other technology executives, 78 percent said their boards had not been briefed even once on their organization's cybersecurity strategy over the past 12 months. In fact, just a quarter of the respondents said senior management viewed security as a strategic priority while the remaining 75 percent said they viewed it as a necessary cost. The findings are similar to those reported by PricewaterhouseCoopers in its Global State of Information Security Survey last year in which fewer that 42 percent of respondents said their board actively participates in overall security strategy while barely 25 percent said their boards were involved in reviewing and privacy risks to the their organizations. [ Polley : !!!!]

top

Cisco makes its annual predictions on mobile data traffic (NYT, 3 Feb 2015) - If everybody has a smartphone, maybe we'll soon just start calling them phones. Cisco Systems on Tuesday released its annual multiyear forecast for global mobile data traffic. This one, covering the years 2014-2019, has what has become the usual projection of tenfold growth in mobile traffic over the period - in this case, to 24.3 exabytes a month. One exabyte is a billion gigabytes. Digging into the numbers, a few significant factors are seen as the causes for that sustained growth. For one, by 2019, 69 percent of the world, or 5.2 billion people, are expected to be mobile users. Among that crowd, there will be 4.6 billion smartphones, compared with 3.1 billion feature phones. Clearly, many people will own more than one phone. The study also covered connected devices like tablets and Wi-Fi-enabled laptops, which Cisco said were likely to regain share from tablets. The growth in smartphones is interesting not just because they will be the majority type of phone sometime around 2018; smart devices tend to use more data, so that 97 percent of overall global traffic will be from smart devices. Video is expected to be a particularly big bandwidth hog: 72 percent of mobile traffic will be video, Cisco said. Another important development is the amount and type of traffic that will be offloaded from conventional cellular systems to Wi-Fi and small cell networks. Cisco said 54 percent of mobile data traffic will be on these systems, which keep carriers from congestion, but also keep them from realizing some profits, since they can't charge for Wi-Fi connections the same way.

top

NSA's chief privacy officer admits that maybe the NSA shouldn't rely on 'cute' interpretations of the law (TechDirt, 4 Feb 2015) - Almost exactly a year ago, the NSA announced the hiring of Rebecca Richards to be its Civil Liberties and Privacy Officer, leading many to exclaim, wait, the NSA has that job? Indeed it does. Though we haven't heard much from Richards since that hiring, she did appear on the latest "Cyberlaw Podcast" with Stewart Baker. During the podcast, Richards admits what many of us have been arguing for years (since even before the Snowden revelations), that the NSA is probably making a mistake in relying on "cute" interpretations of the law to claim that it has legal justifications for its actions: "If the law on it's face does not-if you have to go through too many contorted legal [inaudible], I mean what is legal? That's where we need to, not have perhaps cute legal interpretations."

top

Lawmakers call for 'virtual Congress' (The Hill, 6 Feb 2015) - Reps. Steve Pearce (R-N.M.) and Eric Swalwell (D-Calif.) have introduced a bill urging development of ways for members of Congress to avoid traveling to Washington away from their districts. The resolution offered by Pearce and Swalwell, who both hail from districts on the opposite side of the country as Washington, envisions a Congress allowing members to vote and participate in committee hearings via the Internet. That way, they argue, lawmakers wouldn't have to travel all the way to the Capitol to conduct official duties and jet back to their districts every week. Specifically, their resolution directs the House Administration Committee to identify "best practices" for conducting congressional business virtually. The bipartisan duo argue that a virtual Congress would prevent members and staff from becoming out of touch with their districts. "[M]any congressional staffers do not spend time in the district for which they were hired to work, and are less in touch with the needs of constituents," the resolution states. The measure further cites security concerns of having all 535 members of Congress in one place.

top

IEEE amends its patent (FRAND) policy (Patently-O, 9 Feb 2015) - On February 8, the Board of Directors of the Institute of Electrical and Electronics Engineers (IEEE) voted to approve a set of amendments to the organization's patent policy. The changes largely relate to the commitment of IEEE members to license patents to users of IEEE standards on terms that are "fair, reasonable and nondiscriminatory" (FRAND). As most readers are aware, these commitments have been the subject of recent litigation. IEEE's Wi-Fi standards alone have played prominent roles in Microsoft v. Motorola, Apple v. Motorola, In re. Innovatio and Ericsson v. D-Link, among others. In most of these cases, there has been sharp disagreement over whether the patent holder complied with its FRAND obligations. To decide these cases, judges and juries have been required to speculate regarding the scope and intent of these obligations, choosing between the divergent views advanced by the litigants and their experts. Observers of these disputes have long wondered why standards-setting organizations (SSOs) like IEEE have not simply clarified these issues in their patent policies. Doing so would eliminate much of the uncertainty and debate that currently characterizes disputes over FRAND compliance. In fact, in a 2013 article , the chief economists of the U.S. Department of Justice, Federal Trade Commission and European Commission Directorate-General for Competition jointly urged SSOs to clarify issues surrounding FRAND in their patent policies. Yet few SSOs, if any, did so. Until now. The IEEE amendments do several things. Most notably they makes clear that IEEE members holding patents covering IEEE standards: * * *

top

Gaining access via fake identity to an individual's Facebook page and chats is a "search" requiring a warrant (David Post on Volokh Conspiracy, 10 Feb 2015) - The apparently increasing use of fictitious, sham Facebook accounts by law enforcement officers involved in sexual predator "sting" operations has been the subject of considerable criticism of late (see e.g. here , here , and here ). The pattern seems to be that police officers set up fake FB accounts, posing as underage women, and then "friend" various persons whom they believe, for one reason or another, might be engaged in unlawful sexual conduct with minors. In a recent case in Bozeman, Montana, the State's law enforcement agent posed as a 16-year old girl, arranged to become friends with the defendant, and then exchanged sexually explicit pictures with the defendant and arranged for a meeting (at which point the defendant was arrested for attempted sexual conduct with a minor). Defendant moved to suppress all of the evidence obtained through the FB impersonation, and in its recent decision, the district court in Gallatin County, Montana, agreed , holding that the defendant had a subjectively and objectively reasonable expectation of privacy in the contents of his Facebook page (given that he had chosen to use the highest available privacy settings for the page), and in the "chat" conversations that he had with other FB friends online, and that the State's use of evidence it obtained from his page and from those chats was a "search" requiring the government to obtain a judicial warrant before collecting the evidence. [ Polley : and see Orin Kerr's response post Undercover Facebook investigations and the federal/state divide - a response to David Post (11 Feb 2015)]

top

Florida is the latest state to allow attorneys to advise clients about the removal of social media posts and pictures (Gibbons E-Discovery Law Alert, 10 Feb 2015) - On January 23, 2015, the Professional Ethics Committee of the Florida Bar issued an advisory opinion holding that before litigation commences , and absent any other preservation obligation, an attorney may advise a client to: (1) remove information from social media pages and (2) change privacy settings from public to private, as long as the client retains a record of any deleted information or data. In so holding, the Florida ethics committee joined panels from New York, Pennsylvania, and North Carolina that have issued similar guidance. By way of background, an attorney sought guidance about the ethical implications of advising a client to "clean up" his social media pages before litigation commences to delete "embarrassing" information the attorney deemed immaterial and not directly related to impending litigation. Because the client retained counsel, the ethics committee assumed litigation was "reasonably foreseeable" and, therefore, determined the appropriate inquiry was whether the social media was "relevant," rather than "related directly" to the underlying litigation. The ethics committee held that relevancy is determined on a factual, case-by-case basis. With those parameters in place, the ethics committee then reviewed the opinions of other panels that recently considered this issue, all of which reached similar conclusions, with some nuances: * * * [ Polley : parses opinions from the NY County Lawyers Assn, the Philadelphia Bar Assn, the Pennsylvania Bar Assn, and the NC State Bar.]

top

- and -

When is a blog lawyer advertising? Proposed California state bar opinion offers guidance (ABA Journal, 18 Feb 2015) - Legal ethics rules on advertising should apply to attorneys and law firms that publish blog posts as part of a professional website. Likewise, posts that explicitly or implicitly make clear that the author is available to represent clients also should be covered by legal ethics rules, a California State Bar group says. In a draft opinion (PDF), the Committee on Professional Responsibility and Conduct calls for what the California Bar Journal describes as a bright-line test to determine which legal blogs fall within COPRAC's purview. Another page on the California State Bar website summarizes the draft opinion. Not everyone, however, is a fan of the approach taken by the proposed opinion. In a Socially Awkward blog post, Avvo general counsel Josh King says it is overbroad and infringes on attorneys' First Amendment rights. COPRAC is accepting comments on the proposed opinion until 5 p.m. on March 23. They should be sent to Angela Marlaud at the State Bar of California, 180 Howard St., San Francisco, CA, 94105, or emailed to angela.marlaud@calbar.ca.gov.

top

Facebook launches platform for companies to share security threat data (LA Times, 11 Feb 2015) - You might use Facebook to share Hawaiian vacation pics with your friends and relatives. Now, Dropbox, Bitly, Pinterest, Tumblr, Twitter, Yahoo and other tech companies are using Facebook to share information about threats to their computer systems. Facebook on Wednesday introduced ThreatExchange, a platform where partner companies can query available cybersecurity threat information and publish their own. The incentive to create ThreatExchange came a little more than a year ago, when a group of technology companies came together to discuss automated spam attacks on their servers. "We quickly learned that sharing with one another was key to beating the botnet because parts of it were hosted on our respective services and none of us had the complete picture," Mark Hammell, manager of the threat infrastructure team at Facebook, said in a blog post Wednesday. "During our discussions, it became clear that what we needed was a better model for threat sharing." ThreatExchange includes a set of privacy controls so that participating firms can share only with the group or groups they wish.

top

Private eye is said to face prosecution in a hacking (NYT, 12 Feb 2015) - Private investigators may be the newest front for federal prosecutors in cracking down on the hacker-for-hire business. In the coming weeks, a private investigator in New York is expected to plead guilty to charges of paying a so-called hacker-for-hire firm to steal email passwords and credentials, said three people briefed on the matter, who spoke on the condition of anonymity because no charges had been filed yet. The guilty plea would wrap up a nearly yearlong investigation by the Federal Bureau of Investigation and federal prosecutors in New York. Separately, federal prosecutors in San Francisco on Wednesday announced the indictment of two private investigators and two computer hackers on charges that they illegally entered email and Skype accounts to gather information for matters they were working on for clients. Some of the illegally gathered information was intended to support a lawsuit, authorities said. The identity of the private investigator in New York, who works for a small firm, could not be determined. Law enforcement authorities focused on the investigator because of the clients he has worked for, including some lawyers, the people briefed on the matter said. The investigation, however, has the potential to shed light on a less-than-savory activity that has been the subject of speculation in the legal community: the hiring of private investigators by lawyers to hack into email accounts to learn more about potential witnesses and gather evidence for trial strategies. The notion that lawyers would countenance the hacking of emails appears to flout the legal profession's most basic ethical standards. But security experts and former prosecutors said that investigations over the years had unearthed evidence that some lawyers hire private investigators to obtain information for cases without delving too deeply into how it is gathered.

top

Court allows US law enforcement to evade fourth amendment by piggybacking on foreign searches (Steptoe, 12 Feb 2015) - Like a fullback opening a hole in the line for a following tailback, foreign law enforcement can blast a hole in Fourth Amendment protections by conducting a search of electronic evidence before U.S. law enforcement does. So ruled the Eleventh Circuit in U.S. v. Odoni . The court held that a person has no reasonable expectation of privacy in computer files that were previously searched by foreign law enforcement agents, meaning U.S. law enforcement could subsequently search those files without a warrant. It relied on the "private search" doctrine established by the Supreme Court in United States v. Jacobsen , in which the Court held that individuals do not have a reasonable expectation of privacy in objects that have already been searched by a private party. The Eleventh Circuit found that this principle "applies with equal force" to items searched by foreign government officials.

top

Online court proposed to resolve claims of up to £25,000 (The Guardian, 15 Feb 2015) - The UK justice system should receive a radical overhaul for the digital age with the creation of an online court to expand access to justice and resolve claims of up to £25,000, the official body that oversees civil courts has recommended. In a transformative proposal for largely lawyer-free, virtual courtrooms, the civil justice council is calling for an internet-based dispute resolution system to be available within two years. Backed by Lord Dyson, the master of the rolls, who is head of the civil judiciary in England and Wales, the report says existing services - such as eBay's disagreement negotiation procedure and Cybersettle's blind-bidding operations - provide prototypes worth studying. The online dispute resolution (ODR) model proposed in the report envisages a three-tier process: evaluation through interactive services and information, negotiation with online "facilitators" and finally, if agreement has not been reached, resolution by a trained judge relying on electronic submissions. Only the judge need be legally qualified. If necessary, telephone hearings could be built into the last stage. Rulings by the online judge would be as enforceable as any courtroom judgment. The report's principal author, Prof Richard Susskind, who is president of the Society for Computers and Law, said the UK was falling behind other countries that have begun to incorporate online elements into their judicial systems. His recommendations include "automated negotiation" where differences may be resolved "without the intervention of human experts" by relying on blind bidding processes.

top

The Equation Group's sophisticated hacking and exploitation tools (Bruce Schneier on Lawfare, 17 Feb 2015) - This week, Kaspersky Labs published detailed information on what it calls the Equation Group - almost certainly the NSA - and its abilities to embed spyware deep inside computers, gaining pretty much total control of those computers while maintaining persistence in the face of reboots, operating system reinstalls, and commercial anti-virus products. The details are impressive, and I urge anyone interested to read the Kaspersky documents, or this very detailed article from Ars Technica. In some ways, this isn't news. We saw examples of these techniques in 2013, when Der Spiegel published details of the NSA's 2008 catalog of implants. (Aside: I don't believe the person who leaked that catalog is Edward Snowden.) In those pages, we saw examples of malware that embedded itself in computers' BIOS and disk drive firmware. We already know about the NSA's infection methods using packet injection and hardware interception . This is targeted surveillance. There's nothing here that implies the NSA is doing this sort of thing to every computer, router, or hard drive. It's doing it only to networks it wants to monitor. Reuters again: "Kaspersky said it found personal computers in 30 countries infected with one or more of the spying programs, with the most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria. The targets included government and military institutions, telecommunication companies, banks, energy companies, nuclear researchers, media, and Islamic activists, Kaspersky said." A map of the infections Kaspersky found bears this out. On one hand, it's the sort of thing we want the NSA to do. It's targeted. It's exploiting existing vulnerabilities. In the overall scheme of things, this is much less disruptive to Internet security than deliberately inserting vulnerabilities that leave everyone insecure. On the other hand, the NSA's definition of "targeted" can be pretty broad. We know that it's hacked the Belgian telephone company and the Brazilian oil company . We know it's collected every phone call in the Bahamas and Afghanistan . It hacks system administrators worldwide. On the other other hand - can I even have three hands? - I remember a line from my latest book : "Today's top-secret programs become tomorrow's PhD theses and the next day's hacker tools." Today, the Equation Group is "probably the most sophisticated computer attack group in the world," but these techniques aren't magically exclusive to the NSA. We know China uses similar techniques. Companies like Gamma Group sell less sophisticated versions of the same things to Third World governments worldwide. We need to figure out how to maintain security in the face of these sorts of attacks, because we're all going to be subjected to the criminal versions of them in three to five years. [ Polley : As usual with Schneier's articles, it's worth reading the entire piece.]

top

EFF to Supreme Court: the Fourth Amendment covers DNA collection (EFF, 18 Feb 2015) - People have a Fourth Amendment right to privacy when it comes to their genetic material, the Electronic Frontier Foundation (EFF) argues in an amicus brief filed this week with the Supreme Court of the United States. EFF is asking the Supreme Court to hear arguments in Raynor v. State of Maryland, a case that examines whether police should be allowed to collect and analyze "inadvertently shed" DNA without a warrant or consent, such as swabbing cells from a drinking glass or a chair. EFF argues that genetic material contains a vast amount of personal information that should receive the full protection of the Constitution against unreasonable searches and seizures. "As human beings, we shed hundreds of thousands of skin and hair cells daily, with each cell containing information about who we are, where we come from, and who we will be," EFF Senior Staff Attorney Jennifer Lynch said. "The court must recognize that allowing police the limitless ability to collect and search genetic material will usher in a future where DNA may be collected from any person at any time, entered into and checked against DNA databases, and used to conduct pervasive surveillance." Glenn Raynor's genetic material was collected and tested without his knowledge or consent after he agreed to an interview at a police station as part of a criminal investigation. The police didn't have probable cause to arrest Raynor, and he refused to provide a DNA sample. After he left the station, police swabbed the armrest of the chair where he had been sitting to collect his skin cells without his knowledge. The police then extracted a DNA profile from the cells and used it to connect him to the crime. The Maryland Court of Appeals ruled that this collection was lawful, and Raynor petitioned the Supreme Court for review. EFF's brief supports Raynor's petition.

top

Researcher discovers Superfish spyware installed on Lenovo PCs (NYT, 19 Feb 2015) - Lenovo, the Chinese tech giant, was shipping PCs with spyware that tracks its customers' every move online, and renders the computers vulnerable to hackers. Lenovo, the world's largest PC manufacturer, was installing Superfish, a particularly pernicious form of adware that siphons data from a user's machine via web browser. Banking and e-commerce sites, or any web page that purports to be secure with the image of a tiny padlock, are made vulnerable. The adware discovery was made early last month by Peter Horne, a 25-year veteran of the financial services technology industry, after he bought a brand-new Lenovo Yoga 2 Notepad at a computer retailer in Sydney, Australia. Even though the PC came with McAfee antivirus software, Mr. Horne said, he installed antivirus software made by Trend Micro. Neither virus scanner picked up any adware on the machine. But Mr. Horne noted that traffic from the PC was being redirected to a website called best-deals-products.com. When he dug further, he found that website's server was making calls to Superfish adware. Superfish's "visual discovery" adware, Mr. Horne and others now say, is far more intrusive than typical adware. It not only drops ads into a user's web browser sessions, it hijacks a secure browsing session and scoops up data as users enter it into secure websites.

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

New York Times Mulls Charging Web Readers (Reuters, 7 Jan 2005) -- The New York Times Co. is considering subscription fees to the online version of its flagship newspaper, which now is available for free, but it has no immediate plans to do so, the company said on Friday. One of the paper's biggest rivals, Dow Jones & Co. Inc.'s Wall Street Journal, charges for its online edition. A New York Times spokeswoman said the company is reviewing whether it should make any business changes to the online version but that no shifts were imminent. "We are reviewing the site to see whether or not there would be any areas where we should change the business model," said the spokeswoman, Catherine Mathis, adding: "This is not new. We've been discussing this for some time." According to the upcoming issue of BusinessWeek magazine, whose cover story focuses on The New York Times Co., an internal debate has been raging at the newspaper over whether its online edition, which had about 18.5 million unique monthly visitors as of November, should adopt a subscription fee. N.Y. Times publisher Arthur Sulzberger Jr. was quoted in the article as saying: "It gets to the issue of how comfortable are we training a generation of readers to get quality information for free. That is troubling."

top

More find online encyclopedia is handy (New York Times, 14 Nov 2005) -- By several measures, the user-written online encyclopedia Wikipedia (www.wikipedia.com) has exploded in popularity over the last year. The Internet traffic-measurement firm Nielsen//NetRatings found that Wikipedia had more than tripled its monthly readership in September from the same month in 2004. September may have been a month of especially heavy usage for Wikipedia: the site does better during major news events, and September saw both the aftermath of Hurricane Katrina and the confirmation of John G. Roberts Jr. as chief justice of the United States Supreme Court. But Wikipedia's popularity is not limited to periods of big news. Intelliseek, a marketing-research firm that measures online buzz, has found that the term Wikipedia is consistently used by bloggers - about twice as often as the term "encyclopedia" - and showed up in roughly one out of every 600 blog posts last month; it was one of every 3,300 posts in October 2004. "For bloggers, it's almost like a badge of credibility to embed Wikipedia in their blog references," said Pete Blackshaw, chief marketing officer for Intelliseek. "There's something about Wikipedia that confers a degree of respectability, because multiple Web users have converged on it."

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. Steptoe & Johnson's E-Commerce Law Week

8. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

9. The Benton Foundation's Communications Headlines

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

Saturday, January 31, 2015

MIRLN --- 11-31 January 2015 (v18.02)

MIRLN --- 11-31 January 2015 (v18.02) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

READER COMMENTS | NEWS | RESOURCES | DIFFERENT | LOOKING BACK | NOTES

READER COMMENTS

Apropos MIRLN 18.01's story "How IBM shrunk a complex contract down to 2 pages", see: IBM's 2-page cloud services agreement [found by MIRLN reader Prof. Jane Winn ]

- and -

Plenty of room for improvement: my critique of IBM's new two-page cloud-services contract (Ken Adams, 29 Dec 2015) - Assuming that you get rid of the dead wood, make appropriate trade-offs, and don't lose anything vital, shorter is good. Apparently the response has been positive. Indeed, the new contract resulted in IBM's being named a finalist in IACCM's Innovation Awards, in the operational improvement category. The article quotes the head of the IBM team as saying that the new contract uses "concise, plain language." Doubtless it's more concise and plainer than what came before, but there's plenty of room for improvement. How much room? [ Updated December 29, 2014: At the request of @tieguy , I created PDFs that includes all the comments. Go here for a PDF with the comments on separate pages; go here for a PDF with connector lines between the comments and the related text, but with smaller text as a result.] Go here to see my annotated PDF. Thanks to dozens of comments, it's awash with fluorescence. (To read my comments, you'll have to download the PDF and open it with whatever PDF-reading software you prefer. In the comments, "MSCD" refers to the third edition of A Manual of Style for Contract Drafting .) [spotted by MIRLN reader Bob Rath .]

top

NEWS

The sneakiest way prosecutors get a guilty verdict: PowerPoint (Wired, 23 Dec 2014) - In Washington state earlier this month, an appeals court threw out a murder conviction based on shoddy work by the defense. But the court also took the prosecutor to task for something even stranger: a bad PowerPoint presentation. The prosecutor had dressed up her closing argument to the jury with a series of slides, complete with "sound effects and animation," the appellate court wrote. On one slide, footprints materialized across the bottom of the screen. Other slides exhibited "concentric rings of a target," with each ring corresponding to an item of evidence; the defendant's name, Sergey Fedoruk, was in the bull's-eye. The prosecution's final slide, the pièce de résistance, opened with a header that said "Murder 2." Then, under the header, a single word flashed, in all capital letters, in 96-point red type: GUILTY. As the word flashed, the prosecutor told the jury: "The defendant is guilty, guilty, guilty." At least 10 times in the last two years, US courts have reversed a criminal conviction because prosecutors violated the rules of fair argument with PowerPoint. In even more cases, an appellate court has taken note of such misconduct while upholding the conviction anyway or while reversing on other grounds (as in the case of Sergey Fedoruk). Legal watchdogs have long asserted that prosecutors have plenty of ways to quietly put their thumb on the scales of justice -such as concealing exculpatory evidence, eliminating jury-pool members based on race, and so on. Now they can add another category: prosecution by PowerPoint. "It's the classic 'A picture is worth a thousand words,'" said Eric Broman, a Seattle attorney who focuses on criminal appeals. "Until the courts say where the boundaries are, prosecutors will continue to test the boundaries."

top

Ex-Microsoft Bug Bounty dev forced to decrypt laptop for Paris airport official (The Register, 6 Jan 2015) - Paris airport security went one step further than simply asking a security expert to power up her laptop - they requested she type in her password to decrypt her hard drive and log into the machine. Katie Moussouris, chief policy officer at HackerOne, and best known as the woman behind Microsoft's Bug Bounty Program, was en route back to the US from the CCC hacking conference. She complied with the request in order not to miss her flight. The computer never left her possession and the security agent never fully explained the request, according to Moussouris, and there's no question that HackerOne customers' vulnerability reports were exposed - no exploits were stored on the device. Nonetheless, the incident at Charles de Gaulle airport has sparked a lively debate among privacy and security advocates. Moussouris has put together a blog post explaining her experience: * * *

top

FCC launches its own probe into AT&T's throttling practices (GigaOM, 9 Jan 2015) - The Federal Communications Commission is investigating whether AT&T misled its customers over its throttling policies, which restrict network speeds on unlimited data customers after they've hit a certain threshold each month. The Federal Trade Commission also filed a lawsuit against AT&T over the practice in October, but of the two agencies, it seems Ma Bell would prefer that the FCC do the investigating. AT&T disclosed the FCC probe in a motion to the dismiss the FTC's lawsuit (first spotted by Ars Technica ). AT&T argued that it's not subject to the FTC's jurisdiction because of its "common carrier" status as a regulated phone service provider. That jurisdiction lies with the FCC, which has launched its own investigation, AT&T claimed. "The FTC seeks to litigate the very same issues in an inappropriate parallel proceeding," AT&T said in the motion to dismiss file this week . But how safe AT&T would be under the FCC's eye remains to be seen. FCC Chairman Tom Wheeler has come down hard on the carriers over their throttling practices . And AT&T may be taking a risk by arguing its common carrier status. Currently, mobile broadband isn't considered a common carrier service the same way regular telephone networks are considered utilities, but the Obama administration wants data services to be reclassified to make the internet neutral ground for all web services. Wheeler has said he will bring a net neutrality proposal to a vote on February 26.

top

Hackers release Swiss bank data over $12k unpaid ransom (Bloomberg, 9 Jan 2015) - A hacking group leaked identifying details about 30,000 clients of a small Swiss bank, after Banque Cantonale de Geneve declined the group's request to pay a ransom. The hackers' asking price for continued privacy: Ten. thousand. euros. The hack and its seemingly small-scale demand -- $12,000 at current exchange rates -- speak to the prevalence and ease of a rapidly growing extortion industry that deals in stolen or hijacked data.

top

What it means when law firms and startups give away legal documents (TechCrunch, 10 Jan 2015) - Over the past five years, law firms in Silicon Valley, New York and Boston have put online - for free - the documents that startups need to execute basic legal transactions. New sites, Cooley GO and WHLaunch , join first-movers Founders' Workbench and Start-Up Forms Library , to enable entrepreneurs to incorporate their company, secure early-stage financing, hire employees and compensate them with stock options. SeriesSeed.com has emerged as an industry standard for documenting seed investments, and StartupCompanyLawyer.com offers answers to over 100 frequently asked questions, along with a term-sheet generator. But as big law firms mimic their small clients' "freemium" business development model, they face increasing competition from startup companies seeking to disrupt the legal industry. I interviewed several lawyers working on these sites, founders of two startups in the legal space, and a law professor surveying the changing landscape. They reflected on the evolving business of law, how startups consume legal products, and what it all means for law firms and the emerging companies they serve. * * *

top

Non Practicing Entities in Europe (Patently-O, 11 Jan 2015) - Non practicing entities (NPEs) are a familiar part of the IP landscape in Europe, just as they are in the US. However, NPE activity has historically been lower in Europe. This article analyses the present situation in Europe compared to the US. In addition, we analyse how NPE activity might develop in Europe with the anticipated arrival of the Unified Patents Court (UPC). There are various factors in a patent system that might influence or encourage activity by a NPE. A non-exhaustive list of possible factors is outlined below, and Europe is compared against the US * * *

top

Why tort liability for data breaches won't improve cybersecurity (Stewart Baker on Volokh Conspiracy, 11 Jan 2015) - Government policymakers have been hoping for twenty years that companies will be driven to good cybersecurity by the threat of tort liability. That hope is understandable. Tort liability would allow government to get the benefit of regulating cybersecurity without taking heat for imposing restrictions directly on the digital economy. Those who see tort law as a cybersecurity savior are now getting their day in court. Literally. Mandatory data breach notices have led, inevitably, to data breach class actions. And the class actions have led to settlements. And those freely negotiated deals set what might be called a market price for data breach liability, a price that can be used to decide how much money a company ought to spend on security. So, how much incentive for better security comes from the threat of data breach liability? Some, but not much. As I've been saying for a while, the actual damages from data breaches are pretty modest in dollar terms, and the pattern of losses makes it very hard to sustain a single class, something that forces up the cost of litigation for the plaintiffs. You can see this pattern in recent data breach settlements. I put this chart together for a talk on the subject at the Center for Strategic and International Studies. While the settlements below all have complications (Sony's settlement was mostly in free game play, for example), they all cap the defendants' total liability. And what's striking about the caps is how low a price these agreements set, especially on an individual basis, where $2.50 per victim looks to set the high end and 50 cents the low. Of course, to determine how much you spend annually to avoid that liability, a company would have to discount the settlement price by the probability of a breach in any given year. Even Sony doesn't have a breach every year, so a probability adjustment cuts the value of avoiding liability to something between a half and a tenth. At those prices, I wouldn't expect much change in corporate cybersecurity budgets.

top

- and -

Cyber in top 5 business risks (Intelligent Insurer, 14 Jan 2015) - The risk of cyber crime and IT failures has continued its rapid rise, moving into the top five business risks globally for the first time. This is according to Allianz's risk barometer, which added that in Germany, the UK and the US cyber risks are among the top three corporate risks. Globally, cyber crime was ranked as the eighth business risk in 2014 and 15th in 2013.

top

- and -

Here's how insurance will respond to the Sony cyber hack (Insurance Business, 14 Jan 2015) - The Sony Pictures cyber attack of seven weeks ago represented a game-changer in the recent string of data breaches that have plagued high-profile companies like Target, Home Depot and Dairy Queen. With repercussions ranging from entertainment industry rumors to potential matters of national security, the breach was a strong reminder of just what's at risk when hackers attack. It was also a test of the strength of cyber liability insurance. Though cyber insurance products have been circulating since the mid-1990s, industry analysts have expressed concern that low levels of loss data and widespread appetite for the risk may lead to insufficient pricing. And in the wake of a particularly large event-like the Sony hack-would policy limits be enough? In this case, the answer appears to be yes. Sony Pictures CEO Michael Lynton revealed this week that the cyber attack would be completely covered by insurance and will not mean any more cost-cutting for the company. "I would say the cost is far less than anything anybody is imagining and certainly shouldn't be anything that is disruptive to our budget," Lynton told Reuters. Though declining to reveal the exact cost of the breach, he confirmed it is "well within the bounds of insurance." The attack reached into huge amounts of data, including email, sensitive employee data and pirated copies of new movies, and famously limited the release of the comedy "The Interview"-which depicts the assassination of North Korean leader Kim Jong-Un-to independent theaters and video-on-demand services. All told, some experts have put the cost of the breach at $100 million. That figure could include computer repair or replacements, lost productivity and any steps taken to improve security and prevent a future attack. According to Lynton, cyber insurance will cover all such expenses.

top

- and -

Treasury official advocates for cyber insurance (Manatt, 15 Jan 2015) - Reflecting the continued regulatory focus on cyber risks, Deputy Secretary of the Treasury Sarah Raskin has some advice for banks: buy cyber insurance. Speaking at the Texas Bankers' Association Executive Leadership Cybersecurity Conference, Raskin said the lesson from recent high-profile data breaches (including JPMorgan Chase's 83 million hacked records) should be consideration of cyber risk insurance. In addition to the financial recovery the insurance can provide, the underwriting process itself can help financial institutions more adequately assess their risk level and cybersecurity controls, she said. Focusing her remarks on the cybersecurity of the nation's banks, Raskin first explained the mission of the U.S. Department of the Treasury: "Our ultimate goal is to instill confidence and show that the government - working in appropriate collaboration with the private sector - is defending the American public from damage caused by cyber attacks." To that end, Raskin provided a checklist with ten questions for CEOs, with concrete steps for banks to take before an attack occurs. The road map began with some baseline protections intended to prevent penetration of networks and systems as well as limit damage in the event of unauthorized access.

top

NJ law requires insurers to encrypt (Gov Info Security, 12 Jan 2015) - A New Jersey law that will go into effect in July requires health insurers in the state to encrypt personal information that they store in their computers - a stronger requirement than what's included in HIPAA. The new law, signed by N.J. governor Chris Christie last week, was triggered by a number of health data breaches in the state, including the 2013 Horizon Blue Cross Blue Shield of New Jersey breach affecting 840,000 individuals. That breach involved the theft of two unencrypted laptops. The new law states: "Health insurance carriers shall not compile or maintain computerized records that include personal information, unless that information is secured by encryption or by any other method or technology rendering the information unreadable, undecipherable, or otherwise unusable by an unauthorized person.

top

First day of class for hybrid JD (InsideHigherEd, 13 Jan 2015) - William Mitchell College of Law's hybrid J.D. program -- the first of its kind to be approved by the American Bar Association -- launched on Monday with 85 students. The four-year program blends online courses with nine scheduled campus visits and externships in the students' communities. The college also offers a traditional J.D. program. "The aspiring lawyers are medical doctors, college professors, bankers, baggage handlers, mothers and fathers, from 31 states and two countries," the college said in a press release. "They range in age from 22 to 67. At least 35 have advanced degrees -- including 14 M.B.A. degrees, five medical doctors and five Ph.D. degrees. Forty-five percent of the students are women and 19 percent are people of color."

top

Johnson & Johnson will make clinical data available to outside researchers (NYT, 15 Jan 2015) - The health care giant Johnson & Johnson has agreed to make detailed clinical trial data on its medical devices and diagnostic tests available to outside researchers through a collaboration with Yale University , making it the first large device manufacturer to systematically make such data public. The announcement came on the same day that the Institute of Medicine, of the National Academy of Sciences, called on all sponsors of clinical trials to share detailed study data with outside researchers and recommended that such data be made available within 30 days of a product's approval. The dual developments are part of a broader shift toward making clinical trial data more publicly available and follows years in which the industry resisted calls to share its research with outsiders, claiming such moves would expose trade secrets and violate patient privacy. Medtronic , another large device maker, had previously allowed Yale to evaluate data on a controversial spinal treatment, but the agreement with Johnson & Johnson is the first time a device manufacturer has made data available in a systematic way. "I think what's remarkable is that we are now seeing very basic principles of the responsible conduct of research - which should best serve society - becoming mainstream by a whole range of organizations, including industry," said Dr. Harlan M. Krumholz, a longtime advocate for data transparency who is director of the Yale University Open Data Access project, which is overseeing the Johnson & Johnson collaboration. In a policy that takes effect this year, the European Medicines Agency, which oversees drug approvals in Europe, will publish detailed study data for every newly approved drug, and the American and European pharmaceutical trade groups have issued policies favoring data sharing. But adoption by individual companies has been sporadic, and their policies on making their data public vary widely.

top

Wolfram|Alpha iOS app is a Swiss Army Knife for lawyers (Robert Ambrogi, 15 Jan 2015) - If ever there was a Swiss Army knife of an app for lawyers, it is the Wolfram Lawyer's Professional Assistant . This multi-function app for iPad and iPhone can perform calendar computations, fee calculations, settlement calculations, interest-rate calculations and more. Use it to research historical weather information or population demographics. Look up legal terms and statutes of limitation. The list of what it can do goes on. * * * [ Polley : NO! - I usually like Ambrogi's postings and have trusted his recommendations. If you trust mine, don't waste your time/$ on this app.]

top

California Bar offers a reason to keep your website and blog separate (MyShingle, 16 Jan 2015) - Should a law firm blog be incorporated into a website or function as a freestanding entity? That's a question that's been asked almost since the beginning of time, with at least two experts - Sam Glover and Kevin O'Keefe endorsing separation for a variety of different reasons. But now, a recent California ethics decision offers yet another reason for lawyers to maintain their blog's independence. The California decision addresses whether blogs constitute advertising, and analyzes a couple of different fact patterns. The California bar concludes that a freestanding blog offering informational or educational materials that is free standing, intended to enhance the lawyer's education in the community and doesn't include any "call us now for help" solicitations is not subject to bar advertising rules. By contrast, that same blog, if included as part of a law firm website would be deemed advertising essentially be association and subject to the same regulations as the parent site.

top

Need some espionage done? Hackers are for hire online (NYT, 16 Jan 2015) - A man in Sweden says he will pay up to $2,000 to anyone who can break into his landlord's website. A woman in California says she will pay $500 for someone to hack into her boyfriend's Facebook and Gmail accounts to see if he is cheating on her. The business of hacking is no longer just the domain of intelligence agencies, international criminal gangs, shadowy political operatives and disgruntled "hacktivists" taking aim at big targets. Rather, it is an increasingly personal enterprise. At a time when huge stealth attacks on companies like Sony Pictures, JPMorgan Chase and Home Depot attract attention, less noticed is a growing cottage industry of ordinary people hiring hackers for much smaller acts of espionage. A new website, called Hacker's List, seeks to match hackers with people looking to gain access to email accounts, take down unflattering photos from a website or gain access to a company's database. In less than three months of operation, over 500 hacking jobs have been put out to bid on the site, with hackers vying for the right to do the dirty work. It is done anonymously, with the website's operator collecting a fee on each completed assignment. The site offers to hold a customer's payment in escrow until the task is completed. In light of the novelty of the site, it's hard to say whether it violates any laws. Arguably some of the jobs being sought on Hacker's List - breaking into another person's email account - are not legal. The founders of Hacker's List, however, contend that they are insulated from any legal liability because they neither endorse nor condone illegal activities. The website includes a 10-page terms and conditions section to which all users must agree. It specifically forbids using "the service for any illegal purposes." Some experts say it is not clear whether Hacker's List is doing anything wrong in serving as a meeting ground for hackers and those seeking to employ them. The website, which is registered in New Zealand, is modeled after several online businesses in which companies seeking freelancers can put projects out to bid. Some have compared the service to a hacker's version of the classified advertising website Craigslist. Hacker's List even has a Twitter account (@hackerslist), where it announces the posting of new hacking assignments. Still, the three founders of Hacker's List are not willing to go public with their own identities - at least not yet.

top

Google goes public with more Windows bugs (Computerworld, 16 Jan 2015) - Google this week let fly two new disclosures of Windows vulnerabilities before Microsoft was able to patch them, marking the third and fourth times it's done so in the past 17 days. The bugs were revealed Wednesday and Thursday on Google's Project Zero tracker. The more serious of the two allows an attacker to impersonate an authorized user, and then decrypt or encrypt data on a Windows 7 or Windows 8.1 device. Google reported that bug to Microsoft on Oct. 17, 2014, and made some background information and a proof-of-concept exploit public on Thursday. Project Zero is composed of several Google security engineers who investigate not only the company's own software, but that of other vendors as well. After reporting a flaw, Project Zero starts a 90-day clock, then automatically publicly posts details and sample attack code if the bug has not been patched. The team's previous disclosures of Windows bugs -- one on Dec. 29, 2014, the second on Jan. 11, 2015 -- led Microsoft to blast Google for putting its Windows customers at risk because neither vulnerability had been patched by the deadlines.

top

US Drug Enforcement Agency halts huge secret data program (Reuters, 16 Jan 2015) - The U.S. Drug Enforcement Administration has halted a secret, nearly 15-year program that collected virtually all data on international calls between the United States and certain countries, according to documents and officials familiar with the matter. The sweeping bulk DEA database program was stopped in September 2013, shortly after elements were revealed by Reuters and then The New York Times, according to a redacted court filing made public on Thursday and U.S. officials. The program, run by DEA's Special Operations Division, collected international U.S. phone records to create a database primarily used for domestic criminal cases - not national security investigations, according to records and sources involved. DEA shared this information with other law enforcement agencies, including the FBI, IRS, Homeland Security, and intelligence agencies, according to records reviewed by Reuters. "The American people deserve to know that the DEA engaged in the bulk collection of their international phone records in routine criminal investigations without judicial review," said Democratic Senator Patrick Leahy, who had urged the DEA to end the program. A Justice Department spokesman said on Friday that the DEA no longer collects the data and that "all of the information has been deleted." Two people briefed on the DEA program said that it began in the late 1990s. Records show it involved the use of administrative subpoenas, which can be issued by federal agents - rather than grand jury subpoenas, which must be approved by prosecutors, or search warrants, which must be approved by a federal judge. The court document made public on Thursday was an affidavit by a DEA official in an export violations case against Shantia Hassanshani, arrested in Los Angeles in 2013. In that case, DEA officials linked a phone number in Iran to a Google Voice number assigned to Hassanshani. His lawyer was not available for comment.

top

- and -

License plate data lets cops spy on US drivers at record rates (GigaOM, 27 Jan 2015) - A new investigation shows the scale of surveillance on U.S. highways is more extensive than many previously imagined, thanks to a license plate database that allows federal and local law enforcement to watch cars and even drivers in real time. According to documents reviewed by the Wall Street Journal , the database was created by the Drug Enforcement Agency to track cartel activity, but it soon came to comprise millions of records that are regularly shared with police forces across the country: The Justice Department has been building a national database to track in real time the movement of vehicles around the U.S., a secret domestic intelligence-gathering program that scans and stores hundreds of millions of records about motorists […] The DEA program collects data about vehicle movements, including time, direction and location, from high-tech cameras placed strategically on major highways. Many devices also record visual images of drivers and passengers, which are sometimes clear enough for investigators to confirm identities. The database was created to help the DEA carry out civil forfeitures , a controversial practice that involves taking cash, vehicles and property from individuals suspected of ties to drug-related activity without basic due process. But soon all sorts of state and local law enforcement groups joined into the effort, tapping into the database for a wide variety of purposes, according to the Journal.

top

- and -

Surveillance and the chilling effect on speech (MLPB, 28 Jan 2015) - Margot E. Kaminski, Ohio State University Law School & Yale University Law School, and Shane Witnov, University of California, Berkeley, School of Law, have published The Conforming Effect: First Amendment Implications of Surveillance, Beyond Chilling Speech in volume 49 of the University of Richmond Law Review (2015). Here is the abstract: First Amendment jurisprudence is wary not only of direct bans on speech, but of the chilling effect. A growing number of scholars have suggested that chilling arises from more than just a threat of overbroad enforcement - surveillance has a chilling effect on both speech and intellectual inquiries. Surveillance of intellectual habits, these scholars suggest, implicates First Amendment values. However, courts and legislatures have been divided in their understanding of the extent to which surveillance chills speech and thus causes First Amendment harms. This article brings First Amendment theory into conversation with social psychology to show that not only is there empirical support for the idea that surveillance chills speech, but surveillance has additional consequences that implicate multiple theories of the First Amendment. We call these consequences "the conforming effect." Surveillance causes individuals to conform their behavior to perceived group norms, even when they are unaware that they are conforming. Under multiple theories of the First Amendment - the marketplace of ideas, democratic self-governance, autonomy theory, and cultural democracy - these studies suggest that surveillance's effects on speech are broad. Courts and legislatures should keep these effects in mind.

top

Google is now a more trusted source of news than the websites it aggregates (Quartz, 20 Jan 2015) - Here is some sobering news for anyone in the journalism industry: Online search engines have overtaken traditional media as the most trusted source for general news and information, according to a global survey of 27,000 people by Edelman, a public relations firm. The trust gap between traditional media and search engines is even more pronounced among millennials. The biggest search engine is, of course, Google. And the striking thing is that Google does not actually report on anything, but instead serves up links to stories on a mix of other sites that users, apparently, trust less than the aggregator itself. The search engine also serves, for better or worse, as the simplest and quickest way to find most things online, including news. (Yahoo, its smaller rival, has been getting into direct content creation, including news.) Getting an at-a-glance look at a wide range of stories deemed relevant by a search-engine algorithm-be they from traditional news outlets, blogs, advertisements, and much else besides-is more comforting to the curious reader, it seems, than simply pulling up a single news outlet's site (or indeed picking up a newspaper or turning on the TV). Perhaps more reassuring, from the journalist's perspective, is that traditional media are still more trusted than the flotsam and jetsam on social media, according to the study, although faith in the latter is rising quickly. At the same time, big social media sites like Facebook are becoming increasingly important sources of referral traffic for traditional media sites. So the lines are increasingly blurry there as well.

top

Every Khan Academy course is now available on the iPad for the first time (The Verge, 20 Jan 2015) - Two technology trends are inescapable: people want to do everything online, and they want to do those things on a mobile device. Education and learning are no exception - online universities and other teaching aids have proliferated in the last decade, and tablets like the iPad have often been lauded as highly useful (albeit expensive) teaching tools. Not-for-profit organization Khan Academy has the first part of that equation down - it was started in 2008 to provide learning tools, videos, and exercises to anyone who wanted them, for free. And while Khan Academy has had an iOS app since 2012, it has typically not offered the full experience found on its website. All of its videos were available, but none of its thousands of training exercises were offered to iOS users. That all changes today with the introduction of a completely redesigned app for the iPad - now, everything that lives on the site is also available to iPad users. That includes some 150,000 learning exercises, content that product director Matt Wahl said was "where the majority of people spend their time on Khan Academy today." Rather than just port all of the exercises to the app, Khan Academy took the time to add some iPad-specific features to make the experience fit the platform better. When looking at a demo for some geometry questions, Wahl showed me how you could touch and manipulate geometric figures to help answer the questions. Another math-specific feature coming to the iPad app is the so-called "friendly guide." The guide analyzes the questions you answer correctly and incorrectly as well as how long it takes you to answer and then suggests other exercises that'll help you in areas you're not as strong with. And all your progress now gets synced back and forth between the iPad and the desktop, as long as you log in with a Khan Academy account.

top

HarvardX for alumni (InsideHigherEd, 21 Jan 2015) - In the spring of 2014 HarvardX and the Harvard Alumni Association launched HarvardX for Alumni . If HarvardX is new to you, as it was to many of our alumni, it is a University-wide strategic initiative to enable our faculty to build and create online learning experiences that would also transform residential learning and enable groundbreaking research in online pedagogies. Much of the HarvardX online offerings are distributed by edX , the Harvard and MIT founded MOOC platform. Why should the rich community of learning that so many alumni cherish end with graduation? Indeed, this was an opportunity to redefine the idea of life-long learning as a life-long relationship with Harvard. To meet his vision, the resulting HarvardX for Alumni, a 4-month 'beta' that blended online and in-person experiences, took advantage of new learning technologies to engage alumni who wanted to keep on learning---together---thereby growing and evolving their personal networks. Over this past summer we had the time to crunch the data, reflect, and share our observations on the experimental endeavor. With nearly 15,000 alumni (over 20,000 when guests are included) registrations via Harvard's alumni website and over 10,000 (12,000 with guests) completed enrollments (those who went on to take the course) on the edX platform, HarvardX for Alumni is one of the largest centralized Harvard alumni programs, in terms of participation, to date. Moreover, in addition to the online elements, HarvardX for Alumni also took advantage of the Harvard club network (essentially facilitating meet-ups so alumni could watch and discuss courses together in real time) and sent the faculty involved to select clubs for in-person talks. This first expression of the program was an important experiment: we presented it to our alumni, clubs, and internal stakeholders as a way to explore, together, how to think about digital engagement. * * *

top

European law gives a more expansive reading, alas, to jurisdiction over Internet activities (David Post on Volokh Conspiracy, 22 Jan 2015) - A few days ago I noted a recent California Court of Appeal ruling holding that an Internet posting (on a Facebook page, in that instance) that was accessible in California and caused harm to California residents was not a sufficient basis for finding that the defendant was subject to the personal jurisdiction of the California courts. As I pointed out, this ruling continued a trend in US courts rejecting the more expansive "effects test" for personal jurisdiction - a test that in my view is a "a wildly inappropriate doctrine for the Internet Age; if you're subject to jurisdiction where the "effects" of your actions or communications are felt, then given that the "effects" of communications over the Internet can plausibly be felt everywhere and anywhere, simultaneously and instantaneously, the [effects test] has the potential to nullify any and all limits on personal jurisdiction and subject everyone to jurisdiction everywhere - not a reasonable outcome." Interestingly, along comes the European Court of Justice with a ruling endorsing (at least in the copyright context) this very test (and, therefore, that unreasonable outcome). [The opinion in the case, Hejduk v EnergieAgentur.NRW GmbH, is available here; people unfamiliar with reading CJEU decisions might find Martin Husovec's excellent summary write-up easier to digest and understand]. In short, because the allegedly infringing content was available on a website that was accessible in Austria (the plaintiff's country of residence, and the location of the court in which she sued), the damage occurred in Austria, and jurisdiction over the action is proper in Austria. The "targeting" or "purposeful availment" requirement that is so central to U.S. law before a court can find jurisdiction doesn't apply: * * *

top

Amazon announces self-publishing program for education (InsideHigherEd, 24 Jan 2015) - Retail giant Amazon wants to attract more academics to self-publish their textbooks through the Kindle Direct Publishing (KDP) program, and on Thursday, the company announced KDP EDU , a division of that program focused on education. Scholars who choose to self-publish through the program can use Amazon's software, called the Kindle Textbook Creator, to convert their work into files readable on the Kindle app, which is available on most smartphones, tablet and computers. The app enables students to highlight text, add notes and quickly look up dictionary definitions within their textbooks.

top

How to subpoena information from Facebook and other social networks (Lawyerist, 26 Jan 2015) - So is social media information accessible via civil subpoena? Who knows. Courts are all over the place with it. That said, Keith Lee reviews the relevant law and links to subpoena information for all the popular social networks in his "Social Media Subpoena Guide, 2015 Edition."

top

Privacy and data security moving up on the list of issues in M&A transactions (Inside Counsel, 27 Jan 2015) - Privacy and data security issues do not yet loom large on M&A parties' radar screens, but the regulatory environment and customers might soon change that. About two-thirds of the respondents in Dykema's 10th annual M&A survey said that cybersecurity ranks about the same this year in terms of their due diligence focus, but the other third is paying more attention this year than last.

The field is broad and the environment is changing, so M&A professionals could be forgiven for wondering which issues should be on their radar. Here are some issues that often escape attention but can be major problems if not addressed early and well. * * * [ Polley : The ABA's Cyberspace Law Committee is working on a comprehensive M&A cybersecurity guide, at DHS's invitation. For more info, or to get involved, contact Roland Trope .]

top

Drone maker updates firmware on all drones to stop any flights in DC (Techdirt, 29 Jan 2015) - You may have heard the news recently about how a drunk employee of the National Geospatial-Intelligence Agency (can't make this crap up) accidentally flew a DJI Phantom II drone onto White House property, leading to a general collective freakout over the security implications of these personal helicopters. In response to this, President Obama has called for more drone regulations -- which may or may not make sense -- but it needs to be remembered that the FAA has been refusing to actually release any rules for quite some time. But beyond the call for regulations, the drone's maker, DJI has decided to do a little self-regulation in the form of automatically pushing out some new firmware that blocks the drone from flying in downtown DC: "The updated firmware (V3.10) will be released in coming days and adds a No-Fly Zone centered on downtown Washington, DC and extends for a 25 kilometer (15.5 mile) radius in all directions. Phantom pilots in this area will not be able to take off from or fly into this airspace."

top

Law firm founds project to fight revenge porn (NYT, 29 Jan 2015) - A California law student and a Virginia man dated for about six months after meeting through an online dating service. The fallout from the breakup, however, has gone on far longer, as the former boyfriend faces federal criminal charges over posting nude selfies and a sexually explicit video of the woman on pornographic websites. Now the former boyfriend has a new problem: A big law firm recently has come to the law student's aid and is suing him in federal court in Los Angeles. The woman's lawsuit , filed under a pseudonym to protect her privacy, seeks damages for violating United States copyright law by posting the video and photos without her permission and also causing her emotional distress. The lawsuit reflects a battle line that is being drawn in an age when it is not uncommon for couples to share nude photos digitally, and just as easy for a jilted lover to find a pornographic website willing to post them online. The litigation is the handiwork of a new initiative by K&L Gates, a Pittsburgh-based law firm. Begun in late September, its Cyber Civil Rights Legal Project has roughly 50 lawyers at the firm volunteering their time. The "Jane Doe" complaint filed on behalf of the law student is among the first lawsuits filed by the K&L clinic, which is working with about 100 victims of "revenge porn," a type of online harassment that involves the non-consensual posting of sexually explicit material - often involving a former girlfriend or a spouse. The program is believed to be the first of its kind at a major United States law firm and is led by David A. Bateman, a partner in the firm's Seattle office, and Elisa J. D'Amico, a litigator in the firm's Miami office. Most of its clients come through the program's website or referrals from two national advocacy groups for victims of revenge porn, the Cyber Civil Rights Initiative and Without My Consent.

top

New web service serves as 'ethics ER' for lawyers (Robert Ambrogi, 29 Jan 2015) - A former American Bar Association ethics lawyer has launched a web service that serves as an "emergency room" for lawyers who need immediate assistance with legal ethics issues. The site, ER for Lawyers , provides ethics research to lawyers nationwide. The site's founder, Kathryn A. Thompson, is an Illinois lawyer who formerly served eight years as ETHICSearch counsel for the ABA's Center for Professional Responsibility . There, she fielded ethics hotline inquiries from lawyers, judges and other legal professionals. The site is the first-ever privately operated nationwide ethics research service for attorneys, Thompson says. Lawyers can use ER for Lawyers to request research on any topic related to legal ethics and professional responsibility. Thompson will research the issue and provide a memo reporting her conclusions (for a fee, of course). Thompson is careful to say that she does not provide legal advice, only research: ER for Lawyers assists attorneys in identifying and researching the ethics issues relevant to their particular fact pattern. Our work product is intended to provide a form of self-help to lawyers and does not advocate a particular course of conduct. Thus, ER for Lawyers does not advise attorneys regarding the use or legal effect of the research, recommend a specific course of action to follow or express an opinion on whether a lawyer's described or alleged conduct constitutes a violation of a state's rules of professional conduct. If that paragraph sounds as if it was written by an ethics lawyer, then I suppose that's a good thing in this context. The site goes on to suggest that lawyers consider retaining legal counsel in their jurisdiction if they find themselves "unable to understand, assimilate or apply the information set forth in the research report."

top

RESOURCES

ICYMI: Casetext - free legal research and online lawyer community (JurisPage, 26 Nov 2014) - In the past we've reviewed free legal research tools like Google Scholar . Upon the launch of Google Scholar, many attorneys (myself included) thought it would be an amazing free resource that could potentially diminish Westlaw and Lexis' stranglehold on the legal research market. But Google Scholar never added the headnotes / Shepardizing features that Westlaw and Lexis Nexis have that make them so valuable. The manpower that Westlaw and Lexis have, with its army of legal research slaves, is far superior to the un-annotated case text of Scholar. And though Scholar is free, sifting through cases to find relevant points of law is just not an efficient use of time. People pay Westlaw and Lexis because they make finding the right case easy. So is there a free, good-quality legal research source out there that has a library of annotations and a large case database? Yep. It's called Casetext. Casetext is a legal research platform and online community with over five million cases, an ever-expanding library of case briefs, and a very large, active user community. Casetext is a legal research resource that provides case summaries, key facts of each case, annotations provided by its crowdsourced community of over 200,000 visitors each month (think Wikipedia for case law), and advanced search tools. Oh yeah, and it's free. "Our goal is to make all the world's laws free and understandable," said co-founder Jake Heller. They're on their way - Casetext has nearly all federal cases, and many state law cases free for the public and searchable through an open legal research database. Although PACER should have done this, Casetext is actually making it happen. [ Polley : MIRLN will be integrated in Casetext.]

top

Teaching with technology (InsideHigherEd, 28 Jan 2015) - Inside Higher Ed is pleased to release Teaching With Technology , our latest compilation of articles. The booklet is free and you may download a copy here . And you may sign up here for a free webinar on Feb. 17 at 2 p.m. Eastern about the themes of the booklet. From the booklet: The use of technology to deliver instruction is an idea whose time has come - though the extent of its use varies greatly. At some institutions, professors do little more than use learning management systems to record attendance and grades and to communicate with students. At the other end of the scale, millions of students study entirely online. For the great middle, though, professors are increasingly using their LMS and other technology tools to do things that don't simply replace paperwork. They are bringing together students from across the country or around the world. They are "flipping the classroom" and using class time for group work or student presentations, rather than for lecture. They are using simulations, videos and an ever-growing list of tools. And they are doing so in courses that are entirely online, entirely in person and in hybrid formats. As students, faculty members, and institutions evaluate various approaches to teaching with technology, tough questions are being asked about effectiveness. Not only do colleges look for efficiencies and cost savings, but they want to see demonstrable impact on retention and completion rates. With colleges facing more and more pressure on those statistics, choices about technology strategies matter more than ever.
The articles in this compilation show a range of strategies used by very different kinds of institutions, and with varying degrees of success. There are no silver bullets, but there are lots of promising experiments. Inside Higher Ed will continue to track these issues and we welcome your reactions to these articles and your suggestions for other areas of coverage.

top

DIFFERENT

Giving away 'The Story of Civilization' (InsideHigherEd, 19 Jan 2015) - This weekend I gave away The Story of Civilization. These books have followed me over 3 states, 4 moves, and the raising of 2 children. Every year I mean to crack into the 11 volume set. Each year I failed. I had purchased the full series at a used bookstore (for maybe $100 bucks) back in 1997, and it has sat on my bookshelf ever since. [ Polley : I've read 9.5 of the 11 volume set, making steady progress. Beautiful prose, with wit, erudition, and humor.]

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Google finds its map service (CNET, 8 Feb 2005) -- In its latest play in the ongoing search wars, Google on Tuesday quietly launched a beta site for a new map service. Google Maps offers maps, driving directions and the ability to search for local businesses. The search giant appears to be working with TeleAtlas for the mapping products. Neither Google nor TeleAtlas could be reached for comment. The service offers a few tweaks to standard mapping products. Someone using the service can click and drag the maps, instead of having to click and reload, for example, and magnified views of specific spots pop up in bubbles. The new map service supports Internet Explorer and Mozilla browsers. It covers the United States, Puerto Rico and parts of Canada. The ongoing search battles between Google and companies like Yahoo and Microsoft have led to new features and enhancements coming out almost weekly. Localization and mapping products have been a particular focus because they're popular with advertisers. Even Amazon.com has gotten into the game, offering a service through its A9.com search unit that shows digital photos of storefronts in its U.S. business listings.

top

U.S. agencies earn d-plus on computer security (SiliconValley.com, 16 Feb 2005) -- The overall security of computer systems inside the largest U.S. government agencies improved marginally since last year but still merits only a D-plus on the latest progress report from Congress. The departments of Transportation, Justice and the Interior made remarkable improvements, according to the rankings, which were compiled by the House Government Reform Committee and based on reports from each agency's inspector general. But seven of the 24 largest agencies received failing grades, including the departments of Energy and Homeland Security. The Homeland Security Department encompasses dozens of agencies and offices previously elsewhere in government but also includes the National Cyber Security Division, responsible for improving the security of the country's computer networks. ``Several agencies continue to receive failing grades, and that's unacceptable," said Rep. Tom Davis, R-Va., the committee's chairman. ``We're also seeing some exceptional turnarounds." Davis said troubling areas included lax security at federal contractor computers, which could be used to break into government systems; a lack of contingency plans for broad system failures and little training available for employees responsible for security. The Transportation Department improved from a D-plus to an A-minus; the Interior Department, which failed last year, improved to a C-plus; and the Justice Department rose from a failing grade to B-minus. The poor grades effectively dampen efforts by U.S. policy makers to impose new laws or regulations to compel private companies and organizations to enhance their own security. Industry groups have argued that the government needs to improve its own computer security before requiring businesses to make such changes.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. Steptoe & Johnson's E-Commerce Law Week

8. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

9. The Benton Foundation's Communications Headlines

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top