Saturday, October 07, 2017

MIRLN --- 17 Sept - 7 Oct 2017 (v20.14)

MIRLN --- 17 Sept - 7 Oct 2017 (v20.14) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | FUN | LOOKING BACK | NOTES

Future Navy accident investigations will look for cyber attacks (NextGov, 15 Sept 2017) - Rampant internet speculation aside, there's no evidence yet that any hostile electronic breach led to recent U.S. Navy mishaps, according to the admiral who leads the service's cyber operations. In fact, it was mostly to put such speculation to rest that Vice Adm. Jan Tighe said she dispatched a small team to join the Navy's investigation into the Aug. 21 collision of the USS McCain with a cargo ship off Singapore. That accident followed a similar June 17 incident involving another destroyer, the USS Fitzgerald. Tighe said there's no particular schedule for the team to complete its work. "Quite frankly, with respect to McCain, this is a 'first of.' We have a really hard time predicting a timeline," she said. "It rather depends on what and if we find anything that looks suspicious and what and how we will go about determining whether it is, actually, suspicious or not. So, it could be weeks. It could be months. I don't think it's years." But that's part of the point. As Tighe's investigators sniff around for evidence of meddling, they are trying to figure out where to look, whom to talk to, what angles to consider, and more. They are, in fact, pioneering a new kind of inquiry for the Navy. "Codifying how we will do these types of mishap investigations to account for a cyber component going forward is where we will learn from the results of the McCain investigation," she said. Eventually, the Navy will "make it part of the normal process of how we do mishap investigations." top

The alternate reality of prior art (Patently-O, 17 Sept 2017) - Thought pioneer Dan Abelow fits within an interesting designation. So far in 2017, his U.S. Patent Publication No. 2012/0069131 - mysteriously titled "Reality Alternate" - is the Most-Oft examiner cited U.S. prior art reference. The document - now patented as U.S. Patent No. 9,183,560 - covers a method of providing "a portal for a user … to be present simultaneously in two or more different non-fictional alternate realities that are distinct from a non-fictional physical reality of the user." [Here, I'm looking at Examiner citations rather than those submitted by Applicants] The Abelow document reads something like science-fiction novel - defining a new Alternate Reality world both in terms of its incredible impact and technical specifications. From the abstract: Just as fiction authors have described alternate worlds in novels, this introduces an Alternate Reality-but provides it as technical innovation. This new Alternate Reality's "world" is named the "Expandaverse" which is a conceptual alteration of the "Universe" name and a conceptual alteration of our current reality. Where our physical "Universe" is considered given and physically fixed, the Expandaverse provides a plurality of human created digital realities that includes a plurality of human created means that may be used simultaneously by individuals, groups, institutions and societies to expand the number and types of digital realities-and may be used to provide continuous expansions of a plurality of Alternate Realities. To create the Expandaverse current known technologies are reorganized and combined with new innovations to repurpose what they accomplish and deliver, collectively turning the Earth and near-space into the equivalent of one large, connected room (herein one or a plurality of "Shared Planetary Life Spaces" or SPLS) with a plurality of new possible human realities and living patterns that may be combined differently, directed differently and controlled differently than our current physical reality. In addition to being written in a way that draws diverse connections (helpful for obviousness conclusions), the reference is also 750 pages long! (The patentee paid an extra $4,000+ in filing costs for the extra page length). One of the best patent attorneys in the country - David Feigenbaum - filed this case and helped push it through to issuance. [ Polley : Hmmmmmm… Snowcrash ? Rainbow's End ?] top

Lawyers can accept payment in bitcoin, Nebraska ethics opinion says (ABA Journal, 18 Sept 2017) - Lawyers may accept payment in digital currencies such as bitcoin but must immediately convert the money into U.S. dollars, according to a Nebraska ethics advisory opinion. The opinion , issued Sept. 11, is the first by a state ethics body to address the ethics of bitcoin payments, the Norfolk Daily News and Coin Desk report. Nebraska lawyer Matt McKeever says he requested the opinion. Eastern Nebraska is a rapidly growing hub for payment processing and financial technology, McKeever told the Norfolk Daily News. Bitcoin ATMs are already in use in the area, and the currency is being used on a daily basis, he said. The ethics opinion by the Lawyer's Advisory Committee says a growing number of law firms in other jurisdictions accept payments in bitcoin, a currency with volatile prices. In 2013, for example, the price fluctuated from about $7 per bitcoin to $1,200 per bitcoin. Immediate conversion to dollars mitigates the risk of volatility and possible unconscionable overpayment for legal services, the ethics opinion says. Lawyers who receive payment in digital currencies should take three steps, the opinion says. First, the lawyer should notify the client that the payment will be immediately converted to U.S. dollars. Second, the lawyer should make the conversion through a payment processor. Third the lawyer should credit the client's account at the time of payment. The opinion also says that lawyers who accept virtual currency "must be careful to see that this property they accept as payment is not contraband, does not reveal client secrets, and is not used in a money-laundering or tax avoidance scheme; because convertible virtual currencies can be associated with such mischief." Lawyers may hold digital currencies in trust for clients after advising that the currency won't be converted to U.S. dollars, but the currency must be held separate from the lawyer's property and must be properly safeguarded, the ethics opinion says. There is no bank or FDIC insurance to reimburse a client for hacked bitcoin, so lawyers should take precautions such as encryption or use of more than one private key for access. top

World Wide Web Consortium abandons consensus, standardizes DRM with 58.4% support, EFF resigns (Cory Doctorow on BoingBoing, 18 Sept 2017) - In July, the Director of the World Wide Web Consortium overruled dozens of members' objections to publishing a DRM standard without a compromise to protect accessibility, security research, archiving, and competition. EFF appealed the decision , the first-ever appeal in W3C history, which concluded last week with a deeply divided membership. 58.4% of the group voted to go on with publication, and the W3C did so today, an unprecedented move in a body that has always operated on consensus and compromise. In their public statements about the standard, the W3C executive repeatedly said that they didn't think the DRM advocates would be willing to compromise, and in the absence of such willingness, the exec have given them everything they demanded. This is a bad day for the W3C: it's the day it publishes a standard designed to control, rather than empower, web users. That standard that was explicitly published without any protections -- even the most minimal compromise was rejected without discussion , an intransigence that the W3C leadership tacitly approved . It's the day that the W3C changed its process to reward stonewalling over compromise, provided those doing the stonewalling are the biggest corporations in the consortium. EFF no longer believes that the W3C process is suited to defending the open web. We have resigned from the Consortium, effective today. Below is our resignation letter : * * * top

Motel 6 to revamp privacy, data sharing policies after Phoenix locations send guest info to ICE (SC Magazine, 18 Sept 2017) - Motel 6 employees in the Phoenix area who voluntarily and routinely handed guest registers to ICE officials without the benefit of a warrant may not have run afoul of the company's privacy policy , but the hotel chain said it would take steps to shut down or prevent similar operations at its other properties nationwide. The Phoenix New Times reported last week quoted an employee at one of two Phoenix-area Motel 6 locations as saying, "every morning at about 5 o'clock we do the audit and push a button and it sends it to ICE," prompting the American Civil Liberties Union (ACLU) to call out the motel chain on both Twitter and Facebook. "Is this your official company policy?" the ACLU tweeted . The Motel Six had said the Phoenix operation was orchestrated by locals and was shut down when corporate caught wind of it. "Moving forward, to help ensure that this does not occur again, we will be issuing a directive to every one of our more than 1,400 locations nationwide, making clear that they are prohibited from voluntarily providing daily guest lists to ICE," according to a Motel 6 statement. "Additionally, to help ensure that our broader engagement with law enforcement is done in a manner that is respectful of our guests' rights, we will be undertaking a comprehensive review of our current practices and then issue updated, company-wide guidelines." top

New ABA book explores what makes cyber due diligence different (LegalTech, 18 Sept 2017) - Companies are now paying much closer attention to cybersecurity issues when involved in mergers and acquisitions. To help explain recent changes, the American Bar Association's Business Law Section has published a new book, the "Guide to Cybersecurity Due Diligence in M&A Transactions." It is edited by Thomas J. Smedinghoff, an attorney at Locke Lord, and Roland Trope, an attorney at Trope and Schramm. The 272-page book is broken down into 13 chapters that explore the importance of cybersecurity to due diligence and M&A, what acquirers should know, and how due diligence impacts a transaction. It also features an appendix that includes a listing of common U.S. data security laws and regulations. Among those working on the book were attorneys who specialize in corporate governance and cybersecurity. In explaining why the book came about, Trope told Legaltech News that "just a few years ago, cybersecurity due diligence was often ignored in M&A deals." He cited one 2015 survey of global dealmakers by an international law firm that found that 78 percent of the respondents indicated that cybersecurity was not analyzed in great depth or specifically quantified as part of the M&A due diligence process. "In the past two years, however, there has been a significant shift toward recognizing the importance of cybersecurity due diligence in the context of M&A transactions," he said. "Moreover, cybersecurity breaches have had a major impact on recent M&A transactions, further highlighting the need to address this important issue." Smedinghoff explained that, in the M&A process, cybersecurity due diligence is similar to due diligence of any other topic, such as finance. "It seeks to determine the state or status of cybersecurity preparedness of the target company," he told Legaltech News. He further highlighted some important questions that companies may want to address: * * * [ Polley : In a related vein, the Second Edition of the ABA's bestselling Cybersecurity Handbook will come out in early November; a must-read for anyone working in the field, including private-practice attorneys, in-house counsel, non-profit and government lawyers, and others. For more detail, visit the ABA store at http://bit.ly/2x7HNbJ . A limited number of pre-publication copies are available to the press; contact me for information.] top

Author of key internet freedom law opposes new sex trafficking bill (Ars Technica, 19 Sept 2017) - The United States Senate is moving toward passage of a bill that would-for the first time-water down a landmark 1996 law that shields website operators from lawsuits and state prosecution for user-generated content. And one of the authors of that 1996 law, Sen. Ron Wyden (D-Ore.), argued Tuesday that this would be a mistake. The Stop Enabling Sex Trafficking Act now has 28 co-sponsors, and the breadth of that support was evident at a Tuesday hearing before the Senate Commerce Committee. The legislation would allow state attorneys general to prosecute websites that are used to promote sex trafficking-something that's currently barred by Section 230 of the 1996 Communications Decency Act. It would also allow private lawsuits against sites that host sex trafficking ads. But Wyden argued at Tuesday's hearing that weakening Section 230 would be a mistake. In Wyden's view, Section 230 has been essential for establishing the United States as a global technology leader. It freed Internet startups from worrying about getting sued for hosting user-generated content, Wyden claimed. The section also allows startups to focus their resources on hiring developers and designers instead of lawyers. top

- and -

The ten most important Section 230 rulings (Eric Goldman, 26 Sept 2017) - I've posted a new essay entitled " The Ten Most Important Section 230 Rulings ." It will be published in the Tulane Journal of Technology & Intellectual Property. Everyone loves lists and rankings, but this essay is more than just fluffy clickbait. Organizing Section 230 cases by importance actually creates a helpful narrative about the development of Section 230 jurisprudence and the ongoing dialogue between different judges and courts. I'm pretty sure you can guess what's #1 on the list (and we'll be throwing it a proper 20th birthday party-more on that soon), and maybe you can guess #2, but can you guess #3 or #4? Would you reorder my list? Would you subtract one of my top 10 and replace with something different? Wars have broken out over lesser controversies. As always, I'd love to hear your thoughts, and feel free to thrash out the debate in the comments, too. * * * top

Cyber attack, hurricane weigh on FedEx quarterly profit (Reuters, 19 Sept 2017) - Package delivery company FedEx Corp ( FDX.N ) said on Tuesday a June cyber attack on its Dutch unit slashed $300 million from its quarterly profit, and the company lowered its full-year earnings forecast. The company said the cyber attack slashed 79 cents per share from its profit - nearly 40 times the 2 cents per share caused by deadly Hurricane Harvey, which brought catastrophic flooding to southeastern Texas. FedEx joins a string of companies that reported big drops in earnings due to the NotPetya virus, which hit on June 29, crippling Ukraine businesses before spreading worldwide to shut down shipping ports, factories and corporate offices. * * * Excluding the impact of the cyber attack and Hurricane Harvey, FedEx said it would have posted EPS of $3.32, above analysts' expectations. Most services of the Dutch TNT Express unit resumed during the quarter and systems had been restored, but TNT Express volume, revenue and profit still remained below pre-attack levels, the company said. FedEx did not have insurance in place that covered the impact from the cyber attack. top

Patent venue: Cyberspace does not expand place of business (Patently-O, 21 Sept 2017) - Following the Supreme Court's decision in TC Heartland , the debate has moved to interpretation of the requirement that an infringement defendant have either residence or " a regular and established place of business " in the chosen venue. Any civil action for patent infringement may be brought in the judicial district where the defendant resides, or where the defendant has committed acts of infringement and has a regular and established place of business. 28 U.S.C. § 1400(b). In Raytheon v. Cray , the defendant is a Washington corporation with facilities in Austin and Houston - both of which are outside of the Eastern District of Texas. Still, E.D. Texas Judge Gilstrap found the company to fit within the regular and established place of business venue requirement based upon evidence that two Cray sales executives worked from home within the district - developing new sales and accounts worth ~ $350 million over the past 7 years. The execs received reimbursement for certain utilities and charges within the district and publicly advertised their "office" phone numbers within E.D. Texas. In the process of deciding its case, Judge Gilstrap also set forth an open four-factor test finding a regular and established place of business: physical presence, defendant's representations, benefits received, and targeted interactions with the district. As a general matter, Judge Gilstrap's interpretation appears fairly broad, and on writ of mandamus , the Federal Circuit has rejected Gilstrap's analysis and directed that he transfer the case to a more appropriate venue. * * * Important mandamus order narrowing patent venue. In re Cray (Fed. Cir. 2017) [ Read the Case ] top

Deloitte hit by cyber-attack revealing clients' secret emails (The Guardian, 25 Sept 2017) - One of the world's "big four" accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal. Deloitte , which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months. One of the largest private firms in the US, which reported a record $37bn (£27.3bn) revenue last year, Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world's biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies. The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments. So far, six of Deloitte's clients have been told their information was "impacted" by the hack. Deloitte's internal review into the incident is ongoing. The Guardian understands Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016. [ see also, Deloitte breach affected all company email, admin accounts (Krebs on Security 25 Sept 2017)] top

- and -

Law firm inadvertently leaks Pepsi client secrets to Wall Street Journal (Ride the Lightning, 28 Sept 2017) - Doesn't it seem like we've heard the same story before with different players? Yes, once again we have an inadvertently misaddressed e-mail going to the last place you want it to go - to a reporter with The Wall Street Journal . Corporate Counsel carried the story , reporting that Wilmer, Cutler, Pickering, Hale and Dorr was caught up on September 27 th in an e-mail error that revealed secret U.S. Securities and Exchange Commission and internal investigations at PepsiCo, after a Wilmer lawyer accidentally sent a Wall Street Journal reporter privileged documents detailing a history of whistleblower claims at the company. The internal investigation revolves around PepsiCo's 2011 acquisition of the Russian drinks company Wimm-Bill-Dann and the departure of general counsel Maura Smith in 2012 following allegations of financial misreporting and other wrongdoing at PepsiCo. A subsequent SEC investigation into Smith's dismissal, and whether the company fired her in violation of whistleblower laws, is "at an early stage," The Wall Street Journal reported. The reporter learned details about the years-old internal investigation started by Smith and about the more recent SEC probe, for which Smith was subpoenaed. The information included an August 31 memo about Smith's subpoena and her contact with federal investigators that was "mistakenly sent by a WilmerHale attorney to a Wall Street Journal reporter as part of communication to other attorneys working on the matter," the report said. Wilmer's explanation and apology, sent from a spokesman, came less than three hours after the newspaper published its report. The law firm said it "inadvertently" leaked privileged information by e-mail, then asked the reporter to delete what he received. Wilmer accuses the newspaper of going back on its word to delete leaked documents. top

- and -

FBI investigating hack attack on law firm defending top target of Chinese regime (World Tribune, 3 Oct 2017) - A law firm that was representing a major dissident who has exposed corruption at the highest realms of the Chinese Communist Party was targeted in a cyber attack, a report said. The FBI is investigating the alleged hacking this month at the Clark Hill law firm, which had been representing Guo Wengui, according to a report by Bill Gertz for the Washington Free Beacon on Sept. 29. The cyber attack "disrupted Clark Hill's information systems for several days and appeared to have been carried out by sophisticated hackers who targeted Guo's personal information and the lawyer representing him," the report said. "Private cyber investigators later traced the cyber attack to China and South Korea," according to persons with knowledge of the FBI investigation cited by the report. top

FCC proposes to eliminate requirement to keep hard copies of FCC rules (FCC, 26 Sept 2017) - The Federal Communications Commission today issued a Notice of Proposed Rulemaking that proposes to eliminate rules requiring certain broadcast and cable entities to keep paper copies of FCC rules. More than forty years ago, the Commission adopted rules requiring low power TV, TV and FM translator, TV and FM booster stations, cable television relay station (CARS) licensees, and certain cable operators to maintain paper copies of Commission rules. These rules were intended to ensure that such entities could access and stay familiar with the rules governing their operations. Because the rules are now readily accessible online, many parties believe that the paper copy requirements are outdated and unnecessarily burdensome. While regulated entities still would be required to be familiar with the rules governing their services, elimination of the paper copy requirements would give them flexibility to determine how to fulfill that obligation. This rulemaking is part of the Modernization of Media Regulation Initiative that the FCC launched earlier this year to reduce unnecessary regulation that can stand in the way of competition and innovation in media markets. top

Bloomberg Law launches AI research tool to find key points of law (Bob Ambrogi, 26 Sept 2017) - Bloomberg Law today rolled out to its subscribers new tool, Points of Law, that uses artificial intelligence and machine learning to help legal researchers quickly find language critical to a court's reasoning and to support their legal arguments. As a researcher scrolls through a court opinion, Points of Law highlights the essential language in the opinion, making it easier for the researcher to browse through the key discussion points and enabling the researcher to more quickly get the gist of the key holdings. A pop-up shows the top three cases cited for the principle. The user can then select any of these Points of Law to see an expanded treatment that shows other cases that make the same point of law and an visual timeline and citation map of these other cases, as well as the ability to see and search related points of law. Each Point of Law has its own distinct page with these elements. "We are using machine learning and AI to extract the sense of a what a judge says in an opinion to allow for quicker and easier research and to uncover language that might be hard to find," Darby Green, commercial product director for Bloomberg Law Litigation Solutions, told me yesterday. Bloomberg says that it has extracted more than one million Points of Law from its database of 13 million published and unpublished state and federal court opinions, and that these Points of Law are being continually updated as new cases are added. In addition to getting to these Points of Law through a court opinion, a researcher can also find them by conducting keyword searches across all case law or specific jurisdictions. top

- and -

New from Fastcase: Instantly add public hyperlinks to case citations in legal documents (Bob Ambrogi, 3 Oct 2017) - The legal research company Fastcase is introducing a new feature today, Cloud Linking, that automatically converts case citations in legal documents into hyperlinks to the full-text cases. Cloud Linking is notable because the links it creates are public and free - anyone can follow them regardless of whether they have a Fastcase account. While both LexisNexis and Westlaw also have tools that convert citations into hyperlinks, the person following their links must have a subscription to view the source material. "We're trying to make public law more public and useful - to move from a world in which law is scarce to one in which law is abundant," said Ed Walters, Fastcase cofounder and CEO. "Our team at Fastcase has always said that law should be like electric power: nearly ubiquitous, inexpensive, reliable, and useful for powering other things." To convert a document using Cloud Linking, you must be a Fastcase subscriber. In Fastcase 7, Cloud Linking now appears as an option on the top menu bar. In Fastcase 6, click Options in the top menu bar and then select Cloud Linking. top

The media really has neglected Puerto Rico (538, 28 Sept 2017) - While Puerto Rico suffers after Hurricane Maria, much of the U.S. media (FiveThirtyEight not excepted) has been occupied with other things: a health care bill that failed to pass, a primary election in Alabama, and a spat between the president and sports players, just to name a few. Last Sunday alone, after President Trump's tweets about the NFL, the phrase "national anthem" was said in more sentences on TV news than "Puerto Rico" and "Hurricane Maria" combined. Those other stories are worth covering, of course. But compared to the other natural disasters of the past few weeks, Hurricane Maria has been relatively ignored. Data from Media Cloud, a database that collects news published on the internet every day, shows that the devastation in Puerto Rico is getting comparatively little attention. [ Polley : pretty interesting graphics; more interesting are the techniques employed.] top

Restoring those old liner notes in music's digital era (NYT, 29 Sept 2017) - Two decades into the era of online music, streaming has been hailed as the industry's savior, but a complaint from the earliest days of digital services persists: What happened to the liner notes? Much of the material that once accompanied an album has long since been stripped away - not just the lyrics and thank-you lists, but also essays, artwork and even basic details like songwriting credits - leaving listeners with little more on their screens to look at but a song title and a postage-stamp-size cover image. One company, TunesMap , wants to return much of that lost information, and more, through an interactive display that, when cued by a song playing on a streaming service, will present a feed of videos, photographs and links to related material. After a decade of development, TunesMap is scheduled to make its debut in November as an Apple TV app that will work with Sonos, the connected speaker system. The app is the brainchild of G. Marq Roswell, a Hollywood music supervisor who has worked with David Lynch and Denzel Washington. He bemoans the way early digital players and online music stores like iTunes removed all sense of music coming from a particular place and time. Working with Nigel Grainge , an influential record executive who died in June; Erik Loyer, an app developer and media artist; and Jon Blaufarb, an industry lawyer, Mr. Roswell in 2007 began to design what he calls an interactive "context engine." Stream a song on a Sonos speaker and, if TunesMap's app is also fired up on Apple TV, images and historical information related to the artist or a song's origins begin to float buy. For a Bob Dylan song, the app shows vintage photographs of Greenwich Village, news clippings and links to related artists (like Martin Scorsese, who directed the Bob Dylan documentary "No Direction Home"). The goal is to present fans with a web of educational "rabbit holes" to explore. top

- and -

Elsevier launches encyclopedic tool (InsideHigherEd, 3 Oct 2017) - The publisher Elsevier has announced the launch of ScienceDirect Topics, an information platform that has been compared to Wikipedia . The tool, announced last month, uses information from Elsevier books to generate "a quick snapshot of definitions, terms and excerpts on scientific topics." An Elsevier news release said the tool would save researchers time because they won't have to navigate away from Elsevier research articles to look up information outside their core discipline. "Previously, researchers would have had to leave the site, open up a search engine and spend time trying to find the right and trusted information. Not anymore. Our new technology enables researchers to access these foundational references and knowledge quickly, easily and at the point of need," said Sumita Singh, managing director of Elsevier Reference Solutions. top

Google to ditch controversial 'first click free' policy (The Guardian, 2 Oct 2017) - Google is to abandon its controversial policy of forcing news providers to offer free articles in order to appear on its search engine as part of a collection of measures designed to support the growth of digital subscriptions. The US company will replace its so-called "first click free" policy, which requires publishers to offer three free articles a day before readers come across a pay wall. Instead Google will offer a flexible sampling model that allows news organisations to decide how many, if any, articles it offers for free. The "first click free" model has been described as "toxic" by publishers such as Axel Springer and Rupert Murdoch's News Corp. Google is making the move after feedback from publishers and readers and after tests with the New York Times and the Financial Times . It is also a recognition of the growth of subscription services and the fact a "one size fits all" approach was not appropriate. As well as dropping "first click free", Google will make it easier for users to subscribe to services. For example, people will be able to subscribe to news providers with one click through Google's existing payment technology. top

Equifax is reportedly reviewing actions of its top lawyer, who oversaw security and stock sales (ABA Journal, 2 Oct 2017) - Equifax's board of directors is reportedly scrutinizing the actions of the company's chief legal officer, John Kelley, because of two of his duties-overseeing security and approving stock sales by executives. The Wall Street Journal (sub. req.) has the story , based on anonymous sources. Kelley had the responsibility to approve stock sales by senior executives, three of whom sold stock worth about $1.8 million days after the company discovered the data breach on July 29, according to the Wall Street Journal. Equifax has said the executives were not aware of the breach when they sold stock. It's unknown when Kelley was told about the hack. Also, the company's former chief security officer reported to Kelley. The company wanted the chief legal officer to oversee cybersecurity rather than an executive who might be concerned about the allocation of money, the article explains. top

Google's new Gmail security: If you're a high-value target, you'll use physical keys (ZDnet, 2 Oct 2017) - Google will soon be offering an Advanced Protection Program to lock down the Gmail accounts of high-value targets. According to Bloomberg , the new Gmail service will block third-party apps from accessing user data and introduces a replacement for two-factor authentication based on Google's USB Security Key. Google will begin offering the Advanced Protection Program next month, which will be marketed to "corporate executives, politicians and others with heightened security concerns". Bloomberg notes that the service builds on USB Security Key, for which Google introduced software in 2014 . Security Key is a physical USB key used in place of a code required for two-step verification. It's more secure because an attacker needs physical possession of the key to access an account they have credentials for. The USB key also cryptographically verifies the user is on a legitimate Google site and not a phishing site. G Suite admins can force their users to require the USB key for login. The Advanced Protection Program will require two keys to use the service, according to Bloomberg. top

More than 80% of all net neutrality comments were sent by bots, researchers say (Motherboard, 3 Oct 2017) - The Trump administration and its embattled FCC commissioner are on a mission to roll back the pro-net neutrality rules approved during the Obama years, despite the fact that most Americans support those safeguards . But there is a large number of entities that do not: telecom companies , their lobbyists, and hordes of bots. Of all the more than 22 million comments submitted to the FCC website and through the agency's API found that only 3,863,929 comments were "unique," according to a new analysis by Gravwell , a data analytics company. The rest? A bunch of copy-pasted comments, most of them likely by automated astroturfing bots, almost all of them-curiously-against net neutrality. "Using our (admittedly) simple classification, over 95 percent of the organic comments are in favor of Title II regulation," Corey Thuen, the founder of Gravwell, told Motherboard in an email. This one was sent to the FCC 1.2 million times: The unprecedented regulatory power the Obama Administration imposed on the internet is smothering innovation, damaging the American economy and obstructing job creation.\n\nI urge the Federal Communications Commission to end the bureaucratic regulatory overreach of the internet known as Title II and restore the bipartisan light-touch regulatory consensus that enabled the internet to flourish for more than 20 years.\n\nThe plan currently under consideration at the FCC to repeal Obama's Title II power grab is a positive step forward and will help to promote a truly free and open internet for everyone.\n In case you are wondering, the "\n" strings as well as other weird symbols that might appear in other comments are alternative representation of certain special characters, or line breaks, according to Thuen. The comment above was already spotted as coming from bots in May . (Gravwell published some of the data they crunched in a spreadsheet in case you are curious.) top

App listening for audio beacons may be illegal wiretapping-Rackemann v. Colts (Technology & Marketing Law Blog, 4 Oct 2017) - This is a lawsuit against the Colts and app developers, alleging that the Colts' app activates a device's microphone and temporarily records portions of audio, for advertising purposes. The app monitors the audio for "beacon tones" which are then used to deploy advertisements. The app is able to listen on command and while running in the background. The app's terms of service allegedly does not disclose the use of beacon technology or that it activates the microphone for the purposes of "listening in". It's unclear from the order precisely when the listening feature was activated. Plaintiff alleged that he downloaded the app from the Google Play store and used it to follow the Colts and as a result, the app listened in on his "private conversations". He sued on his own behalf and on behalf of a putative class. The various defendants (the Colts, app developers) moved to dismiss. The court denies the motions. * * * top

Supreme Court says live streaming would "adversely affect" oral arguments (Ars Technica, 4 Oct 2017) - The Supreme Court is setting aside a request to live stream its oral arguments. The attorney for Chief Justice John Roberts Jr. told members of Congress that live streaming even the audio portion of its oral arguments might impact the outcome. "The Chief Justice appreciated and shares your ultimate goal of increasing public transparency and improving public understanding of the Supreme Court," Roberts' attorney, Jeffrey P. Minear, wrote (PDF) the four members of Congress seeking (PDF) to have the court's gerrymandering case live streamed in audio. "I am sure you are, however, familiar with the Justices' concerns surrounding the live broadcast or streaming of oral arguments, which could adversely affect the character and quality of the dialogue between the attorneys and Justices. Consequently, the Court is unable to accommodate your request." For years, members of Congress and the public have been trying to get the high court to televise or to live stream the audio of their oral arguments, in a bid to make the court more transparent. The response has always been an affirmative "NO" out of fear that it could affect the proceedings. The court's oral arguments are open to the public, however, and the audio version of an oral argument is usually made publicly available on the Friday of the week that the case was argued. The court's opinions are also posted to its website when the court releases them. In other ways, however, public access to the court has been stuck in the Dark Ages-such as when it comes to obtaining briefs submitted by parties to the court. The court does not make them available online. But it plans to do so for free beginning next month . The lower federal courts started making their records available online nearly two decades ago using a paid system called PACER . [ Polley : Why should the Supreme Court be different from other gov't entities?] top

New CIS cybersecurity guide for small and medium businesses (Ride The Lightning, 5 Oct 2017) - The Center for Internet Security (CIS) recently published CIS Controls: Implementation Guide for Small- and Medium-Sized Enterprises (SMEs). This guide contains a small sub-set of the CIS Controls specifically selected to help protect SMEs. The guide seeks to empower the owners of small and medium-sized enterprises to help them protect their businesses with a small number of high priority actions based on the CIS Controls - a comprehensive set of cybersecurity best practices developed by IT experts that address the most common threats and vulnerabilities. The guide is only 15 pages - well worth reading in conjunction with the NIST Cybersecurity Framework (covers businesses with up to 500 users) - and it mentions a number of free and low-priced tools. The CIS Controls discussed include: * * * top

RESOURCES

Law Enforcement Access to Student Records: A Guide for School Administrators & Ed Tech Service Providers (Future of Privacy Forum, 26 Sept 2017) - Today, the Future of Privacy Forum released a new paper, Law Enforcement Access to Student Records: A Guide for School Administrators & Ed Tech Service Providers . With the repeal of the Deferred Action for Childhood Arrivals (DACA) program last month, it is important that schools - and the companies that serve them - understand their legal options and when they may be required to disclose student personal information to law enforcement. "The Federal Education Rights and Privacy Act (FERPA) broadly prohibits schools from disclosing student records without the written consent of the parent or student," said Amelia Vance, FPF Policy Counsel. "In this Guide, we highlight two key best practices when responding to federal requests for student data: 1) consult legal counsel to determine your obligations; and 2) carefully align the amount and types of data you collect about students to the programs and services you provide," said Vance. The Guide notes that some schools collect student immigration status or other data that can be used to imply immigration status. "If schools collect student immigration status data, it is considered part of the student record and is protected by FERPA," Vance said. The Guide explains that schools may only disclose this information with consent or in response to a valid court order or subpoena. In addition to the Guide, FPF has released an accompanying blog with a list of supplemental resources and articles. top

Stop and Frisk Online: Theorizing Everyday Racism in Digital Policing in the Use of Social Media for Identification of Criminal Conduct and Associations (Sage Journals, 28 Sept 2017) - Abstract: Police are increasingly monitoring social media to build evidence for criminal indictments. In 2014, 103 alleged gang members residing in public housing in Harlem, New York, were arrested in what has been called "the largest gang bust in history." The arrests came after the New York Police Department (NYPD) spent 4 years monitoring the social media communication of these suspected gang members. In this article, we explore the implications of using social media for the identification of criminal activity. We describe everyday racism in digital policing as a burgeoning conceptual framework for understanding racialized social media surveillance by law enforcement. We discuss implications for law enforcement agencies utilizing social media data for intelligence and evidence in criminal cases. top

FUN

I Fought The Law; A photo exploration of the most absurd American laws and legal legends (Mashable, 28 Sept 2017) - It all started with one vague conversation. "One winter evening in 2012, a friend told me it was illegal to have an ice-cream cone in your back pocket," says photographer Oliva Locher. "Our conversation quickly moved on to a new topic but that statement stuck with me. After doing some research and learning of many other strange laws I knew I had a new project." That project transformed itself into Locher's new book, I Fought The Law , a photo examination of the absurd laws in American history. For the book, Locher figured out strange laws in each state in the U.S. and photographed each one being broken. top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Yahoo strikes deal to catalog lyrics online (SiliconValley.com, 24 April 2007) -- Yahoo has teamed up with Gracenote, an Emeryville company, to offer what it is calling "the largest catalog of legal, licensed song lyrics" on the Web. "It fills a huge, gaping hole out there," said Ian Rogers, general manager of Yahoo Music. While there are plenty of Web sites offering lyrics, Gracenote is the first company to have gone through the painstaking process of negotiating deals with the thousands of publishers who own copyrights to the lyrics. The catalog offered by Yahoo will include lyrics of 400,000 songs owned by more than 10,000 publishers. About 9,000 artists are represented, ranging from classic names such as the Beatles and Bob Dylan to more recent stars like Radiohead and Beyonce. Craig Palmer, chief executive of Gracenote, said it took more than two years and nearly 100 deals to forge the legal framework behind the database. Gracenote then had to create standards for publishing lyrics on the Web and put together an automated system for compensating the songwriters. This can include as many as 10 writers on a single hip-hop song. "The copyrights, the database and the payments issues all had to be solved in order to bring this obvious service to market," Palmer said. Yahoo's song lyrics are supposed to be the official versions. Under the licensing agreement, Yahoo will share with copyright holders the revenue from the ads that will be displayed alongside the lyrics. Music publishers such as BMG Music Publishing, EMI Music Publishing, Sony/ATV Music Publishing, Universal Music Publishing Group and Warner/Chappell Music are contributing lyrics. top

8.3 million Americans victims of id theft (Washington Post, 27 Nov 2007) - Nearly 4 percent of American adults were victims of identity theft in 2005, but half of them did not incur any out-of-pocket expenses, the U.S. Federal Trade Commission said on Tuesday. An agency survey found identity information was stolen from 8.3 million U.S. adults and most commonly used to access or open accounts for credit cards, bank checking, telephone service, e-mail, and medical insurance. "In more than half of the incidents, victims incurred no out-of-pocket expenses," the FTC said in a statement. However, 10 percent of the victims reported out-of-pocket expenses of $1,200 or more, it said. The FTC survey also looked at the value of goods or services that thieves obtained using the victims' personal information. In half of all incidents, thieves obtained items or services worth $500 or less while in 10 percent of cases, thieves got at least $6,000. Some 37 percent of victims reported problems beyond their out-of-pocket expenses, the FTC said. They included being harassed by debt collectors, denied new credit or loans, unable to use existing credit cards, having utilities cut off, or having difficulty obtaining or accessing bank accounts. top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Klein Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. Aon's Technology & Professional Risks Newsletter

5. Crypto-Gram, http://www.schneier.com/crypto-gram.html

6. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

7. The Benton Foundation's Communications Headlines

8. Gate15 Situational Update Notifications, http://www.gate15.us/services.html

9. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

Saturday, September 16, 2017

MIRLN --- 27 August – 16 Sept 2017 (v20.13)

MIRLN --- 27 August - 16 Sept 2017 (v20.13) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | LOOKING BACK | NOTES

An Attorney's Ethical Duties Regarding U.S. Border Searches of Electronic Devices Containing Clients' Confidential Information (Bar of the City of NY Formal Opinion 2017-5, July 2017) - Under the New York Rules of Professional Conduct (the "Rules"), a New York lawyer has certain ethical obligations when crossing the U.S. border with confidential client information. Before crossing the border, the Rules require a lawyer to take reasonable steps to avoid disclosing confidential information in the event a border agent seeks to search the attorney's electronic device. The "reasonableness" standard does not imply that particular protective measures must invariably be adopted in all circumstances to safeguard clients' confidential information; however, this opinion identifies measures that may satisfy the obligation to safeguard clients' confidences in this situation. Additionally, Under Rule 1.6(b)(6), the lawyer may not disclose a client's confidential information in response to a claim of lawful authority unless doing so is "reasonably necessary" to comply with a border agent's claim of lawful authority. This includes first making reasonable efforts to assert the attorney-client privilege and to otherwise avert or limit the disclosure of confidential information. Finally, if the attorney discloses clients' confidential information to a third party during a border search, the attorney must inform affected clients about such disclosures pursuant to Rule 1.4. [ Polley : Spotted by MIRLN reader Roland Trope - @RolandTrope. Very interesting opinion, and should be influential well beyond NYC; contains a scary sentence: " in many cases the attorney will entirely avoid carrying clients' confidential information in an electronic device ", and footnotes the increasing possibility that the same issues may arise upon entry to other countries.] top

VW engineer sentenced to 40-month prison term in diesel case (Reuters, 25 Aug 2017) - A federal judge in Detroit sentenced former engineer James Liang to 40 months in prison on Friday for his role in Volkswagen AG's multiyear scheme to sell diesel cars that generated more pollution than U.S. clean air rules allowed. U.S. District Court Judge Sean Cox also ordered Liang to pay a $200,000 fine, 10 times the amount sought by federal prosecutors. Cox said he hoped the prison sentence and fine would deter other auto industry engineers and executives from similar schemes to deceive regulators and consumers. Prosecutors last week recommended that Liang, 63, receive a three-year prison sentence, reflecting credit for his months of cooperation with the U.S. investigation of Volkswagen's diesel emissions fraud. Liang could have received a five-year prison term under federal sentencing guidelines. Liang's lawyers had asked for a sentence of home detention and community service. Volkswagen pleaded guilty in March to three felony charges under an agreement with prosecutors to resolve the U.S. criminal probe of the company itself. It agreed to spend as much as $25 billion in the United States to resolve claims from owners and regulators and offered to buy back about 500,000 vehicles. top

Despite privacy outrage, AccuWeather still shares precise location data with ad firms (ZDnet, 25 Aug 2017) - AccuWeather is still sending precise geolocation data to a third-party advertiser, ZDNet can confirm, despite updating its app earlier this week to remove a feature that collected user's location data without their permission. In case you missed it , AccuWeather was until this week sending the near-precise location of its iPhone app users to Reveal Mobile, a data monetization firm -- even when location sharing was switched off. Security researcher Will Strafach, who first reported the issue , also accused the company of sharing a user's precise GPS coordinates under the guise of providing local weather alerts. The news sparked outrage and anger. AccuWeather responded with a forced apology, which one leading Apple critic John Gruber called a "bulls**t response." However, tests conducted by Strafach show that the updated app, released Thursday, still shares precise geolocation data with a data monetization and advertising firm. ZDNet independently verified the findings. We found that AccuWeather was still, with location sharing enabled, sending precise GPS coordinates and altitude albeit to a different advertiser, without the user's explicit consent. That data can be used to pinpoint down to a few meters a person's location -- even which floor of a building they are on. top

How the NSA identified Satoshi Nakamoto (Medium, 26 Aug 2017) - The 'creator' of Bitcoin, Satoshi Nakamoto, is the world's most elusive billionaire. Very few people outside of the Department of Homeland Security know Satoshi's real name. In fact, DHS will not publicly confirm that even THEY know the billionaire's identity. Satoshi has taken great care to keep his identity secret employing the latest encryption and obfuscation methods in his communications. Despite these efforts (according to my source at the DHS) Satoshi Nakamoto gave investigators the only tool they needed to find him -  his own words . Using stylometry one is able to compare texts to determine authorship of a particular work. Throughout the years Satoshi wrote thousands of posts and emails and most of which are publicly available. According to my source, the NSA was able to the use the 'writer invariant' method of stylometry to compare Satoshi's 'known' writings with trillions of writing samples from people across the globe. By taking Satoshi's texts and finding the 50 most common words, the NSA was able to break down his text into 5,000 word chunks and analyse each to find the frequency of those 50 words. This would result in a unique 50-number identifier for each chunk. The NSA then placed each of these numbers into a 50-dimensional space and flatten them into a plane using principal components analysis. The result is a 'fingerprint' for anything written by Satoshi that could easily be compared to any other writing. The NSA then took bulk emails and texts collected from their mass surveillance efforts. First through PRISM (a court-approved front-door access to Google and Yahoo user accounts) and then through MUSCULAR (where the NSA copies the data flows across fiber optic cables that carry information among the data centers of Google, Yahoo, Amazon, and Facebook) the NSA was able to place trillions of writings from more than a billion people in the same plane as Satoshi's writings to find his true identity. The effort took less than a month and resulted in positive match. Why go to so much trouble to identify Satoshi? My source tells me that the Obama administration was concerned that Satoshi was an agent of Russia or China - that Bitcoin might be weaponized against us in the future. Knowing the source would help the administration understand their motives. top

Cyber crime now targeting law firms (Law Journal Newsletters, August 2017) - Cyber attacks and theft are on the rise around the country, and law firms are becoming prime targets. Similar to healthcare providers, a law firm's data ( i.e. , client files) can be the gold standard. Unlike manufacturers, banks and retailers, law firms are unique organizations that result in them being highly vulnerable. * * * Once firms recognize they are targets, and all are, they must be proactive in addressing the situation. Where to start? A comprehensive cyber risk assessment is critical to structuring a strong, multi-pronged defense. Think enterprise risk management - not to mention ethical concerns if breached. The American Bar Association just re-visited the issue of cybersecurity as an ethical consideration for attorneys and sets out some limited guidance. (See the ABA's Cybersecurity Legal Task Force .) An assessment becomes the guide to building a robust cybersecurity defense for any law firm. However, once a firm's security is implemented and verified, the process cannot stop there. Just like malpractice insurance, cybersecurity insurance is a must these days. For many firms, a breach exposing large amounts of clients' private information can quickly escalate into a bet-the-firm proposition to survive. The average cost for responding to a breach is approximately $221 per client. Do the math. And that does not even begin to address a firm's costs to re-secure their network, public relations expenses, lost income, and the likely lawsuits from unhappy clients. * * * [ Polley : Nice to see the reference to the ABA's Task Force, which I'm co-chairing with Ruth Bro. Otherwise, the story is unremarkable.] top

Meet the sometime-streamer: TV watchers who sign up for one show - then cancel (WaPo. 28 Aug 2017) - Winter has finally come for "Game of Thrones," whose latest season finale, which aired Sunday, left the land of Westeros in as deep a crisis as it's seen in thousands of years. But with the HBO fantasy series now on hiatus until at least the end of 2018, some viewers say they're taking a break from HBO entirely - highlighting a challenge facing many entertainment companies in an era of constant stimulation and on-demand digital services. Colleen Morrison, a "Game of Thrones" fan in New Jersey, signed up for HBO's online streaming app in June. Now, Morrison says, it's going to be an easy decision to cancel her subscription this week after she re-watches the season finale a second time. "I didn't mind paying the $15 each month because it's the kind of show where I wanted an immediate viewing to avoid spoilers, but I'm also not interested in keeping the service since I'm not invested in anything else," she said. Morrison is part of a small but savvy crowd of consumers who know exactly what they want out of their TV experience. Cost-conscious and empowered by the Internet's convenience-at-a-click mentality, these consumers take advantage of free trials, no-contract commitments and the media industry's own struggle in the face of technological change to help guard their wallets. Ignoring the barrage of in-house teasers and promos for other related content, these viewers resist the siren song of TV networks that, more than ever, are being forced to battle one another for attention dominance. An abundance of high-quality television shows from Netflix, Hulu and old-school cable programmers like AMC, HBO and Showtime are helping some consumers become more discerning in their tastes - and less loyal. Abandoning one series or channel for another has never been more convenient or less risky, particularly when many cable channels offer streaming apps directly to the public instead of through cable companies or other traditional TV providers. "In a world where you can turn anything on and off whenever you want, you're always fighting for my wallet," said Rich Greenfield, a media analyst at BTIG. "I can cancel Hulu or Sling TV or HBO or DirecTV Now - any of these things have become 'point at a button and click.'" top

- and -

AT&T expands free HBO to both its unlimited wireless plans (TechCrunch, 12 Sept 2017) - AT&T announced this morning it's adding free HBO to all customers on its unlimited wireless plans, including both Unlimited Plus and Unlimited Choice. The carrier in April had offered free HBO only to those on Unlimited Plus - its premium tier - but today's move brings the network to the Unlimited Choice plan as well. Currently, AT&T's Unlimited Choice plan offers unlimited data, talk and text for $60 per month, or 4 lines for under $40 per line. The option will become available to both new and existing AT&T Unlimited Choice customers starting on Friday, September 15th, says AT&T. As before when it rolled out free HBO to Unlimited Plus customers, AT&T is also sweetening this new deal by offering a $25 monthly video credit for Unlimited Choice customers that can be used towards any applicable AT&T video service, including its streaming service for cord cutters, DirecTV Now, as well as DirecTV and U-Verse TV. With the $25 credit, that means AT&T customers can basically add on over-the-top streaming TV for $10 per month, as DirecTV Now's plans begin at $35 per month. The fine print, however, notes that the credit starts within three billing cycles, so don't expect it right away. Customers with an existing AT&T video service will have HBO added for no extra charge to their existing plan, while current HBO subscribers will just no longer have to pay, the announcement explains. For those who don't subscribe to HBO through an AT&T video service, they'll be able to access HBO through the DirecTV Now and HBO GO applications. top

To tackle robocalls from illegally spoofed numbers, FCC proposes whopping $82m fine (CommLawBlog, 29 Aug 2017) - Earlier this month, in its war against illegal robocalling campaigns the Federal Communications Commission (FCC) proposed another hefty fine . That is, a fine of 82 million dollars. The target of the FCC's wrath? Mr. Philip Roesel, who wasn't just calling a la Adele style . Instead, Mr. Roesel is accused of both illegal robocalling in violation of the Telephone Consumer Protection Act (TCPA) (for a refresher on the TCPA and robocalls, take a look here ) and illegal spoofing, which the FCC claims violated the Truth in Caller ID Act of 2009 (TCIA). For his 21 million illegal robocalls, Mr. Roesel received merely a sternly worded citation from the FCC (more on why later). Following a recent trend, the FCC's massive $82 million fine proposed against Roesel relied primarily on the TCIA's prohibition against the transmission of misleading or inaccurate caller ID information, commonly referred to as spoofing, "with the intent to defraud, cause harm or wrongfully obtain anything of value." What's unique about this proposed fine is two-fold. First, the monetary value of the fine itself is one to write home about. While it doesn't match the record $120 million fine issued earlier this year in another TCIA case, $82 million isn't chump change. As with past TCIA penalties, the FCC set the base fine for each spoofed call at $1,000, which quickly adds up when there are millions of calls being made each month - though the FCC calculated the proposed fine on only the 82,000 calls verified to have come from spoofed numbers. Second, this fine is yet another instance where the TCIA has been used by the FCC to issue a penalty against illegal robocallers. It's a trend that the FCC started not too long ago but is likely to continue into the future for several reasons. [ Polley : see also Phone industry turns to James Bond for answer to robocall villainy (LA Times, 1 Sept 2017)] top

Watchdog pressed to probe post-data breach services (The Hill, 30 Aug 2017) - Democratic members of the House Energy and Commerce Committee are pressing a government watchdog to further investigate whether existing credit monitoring services do enough to protect consumers affected by data breaches. The Government Accountability Office (GAO) released a report in March on identity theft services offered by the federal government and private companies to consumers who have had their information exposed. While the watchdog concluded that services like credit monitoring offer some benefits, auditors said that they are "limited" in preventing some types of fraud. Democratic Reps. Frank Pallone Jr. (N.J.), Diana DeGette (Colo.) and Jan Schakowsky (Ill.) are now asking the GAO to explore a number of questions raised by the audit, including looking into whether certain credit monitoring services are more effective than others. They also want the watchdog to examine additional options that aren't currently used by private or public companies to protect consumers in the wake of breaches and to divulge "the recent trends in breaches or information theft." top

16 colleges, 1 law firm (InsideHigherEd, 31 Aug 2017) - Collaboration is hard -- so much so that while a majority of campus business officials think their college or university should share back-office functions with other institutions, fewer than one in four say their leaders have seriously considered doing so, according to Inside Higher Ed 's recent survey of business officers . The Associated Colleges of the South is a well-established consortium of 16 private liberal arts colleges that have a history of working together on international programs, teaching workshops and digital learning initiatives, as well as some joint purchasing agreements. But in an environment that the group's leader, R. Owen Williams, believes increasingly requires the colleges to drive down their internal costs (and hence their tuition prices), the coalition is taking collaboration to a new level: a seemingly unprecedented agreement for the 16 independent ACS colleges to share one national law firm, Steptoe & Johnson PLLC, based in West Virginia. Under the arrangement, in which the members are expected to participate to varying degrees, the colleges will continue to use their in-house legal teams (which half of them have) and local law firms for legal work involving the nuances of state law and transactions such as zoning or real estate. But Steptoe will offer both preventative educational advice designed to help keep the 16 colleges out of legal trouble, by better navigating the increasingly complex regulatory environment they face, and project-based legal services at a sharply reduced rate on issues such as federal regulatory compliance, academic freedom, domestic and international admissions, and nonprofit governance. top

Justice Dept implores FCC to combat prison cellphone problem (AP, 31 Aug 2017) - The U.S. Department of Justice is pressing federal regulators to come up with a way of keeping inmates from using cellphones in the nation's prisons. In a letter obtained Thursday by The Associated Press, Assistant Attorney General Beth Williams told the Federal Communications Commission that addressing the security threat posed by contraband cellphones "should be a chief priority" of both the FCC and Justice, which oversees the federal Bureau of Prisons. The letter follows an appeal from South Carolina's prisons director to Attorney General Jeff Sessions in June, beseeching the top prosecutor for help pursuing FCC permission to jam cell signals of the phones, which are thrown over fences, smuggled by errant employees, even delivered by drone. A decades-old law says federal officials can grant permission to jam the public airwaves only to federal agencies, not state or local ones. Telecommunications companies are opposed, saying jamming cell signals could set a bad precedent and interfere with legal cell users nearby. top

You can now download information from every congressional session since 1973 (Motherboard, 31 Aug 2017) - Since 2009, developers have been able to use the ProPublica Congress API (first developed by The New York Times ) to retrieve data about the thousands of bills introduced during every two-year session in the House of Representatives. Until now though, you had to download each piece of information separately, and you needed to know how to write API calls. For example, if you wanted to discover who sponsored a bill and also how members of Congress voted on it, you would need to download those pieces of data individually, and know how to call for them in the software code. That's no longer the case. Wednesday, ProPublica announced that you can now download all the information about all of the bills in each legislative session using its new bulk bill data set . You can get all of the data for free in the ProPublica data store. There's also a data dictionary that can be used to decipher the bills here , and you can download them in either JSON or XML formats. Two times a day, ProPublica will generate a single zip file containing metadata for every bill introduced in the current congress. That way, if you're interested in learning about legislation currently being considered, you'll be able to get info about it quickly. The tool also lets you download archived sessions-dating back to 1973. Want to know how the war on drugs progressed through the 1980s, and how each member of Congress voted on related legislation? No problem, just download the bulk data for the corresponding time period, and start poking around. ProPublica hopes the new data will "be useful to researchers, journalists and any other citizen trying to better understand our country's legislature," Jeremy B. Merrill, a news apps developer at the organization, wrote in a post announcing the new tool. top

Russian election hacking efforts, wider than previously known, draw little scrutiny (NYT, 1 Sept 2017) - The calls started flooding in from hundreds of irate North Carolina voters just after 7 a.m. on Election Day last November. Dozens were told they were ineligible to vote and were turned away at the polls, even when they displayed current registration cards. Others were sent from one polling place to another, only to be rejected. Scores of voters were incorrectly told they had cast ballots days earlier. In one precinct, voting halted for two hours. Susan Greenhalgh, a troubleshooter at a nonpartisan election monitoring group, was alarmed. Most of the complaints came from Durham, a blue-leaning county in a swing state. The problems involved electronic poll books - tablets and laptops, loaded with check-in software, that have increasingly replaced the thick binders of paper used to verify voters' identities and registration status. She knew that the company that provided Durham's software, VR Systems, had been penetrated by Russian hackers months before. "It felt like tampering, or some kind of cyberattack," Ms. Greenhalgh said about the voting troubles in Durham. There are plenty of other reasons for such breakdowns - local officials blamed human error and software malfunctions - and no clear-cut evidence of digital sabotage has emerged, much less a Russian role in it. Despite the disruptions, a record number of votes were cast in Durham, following a pattern there of overwhelming support for Democratic presidential candidates, this time Hillary Clinton . But months later, for Ms. Greenhalgh, other election security experts and some state officials, questions still linger about what happened that day in Durham as well as other counties in North Carolina, Virginia, Georgia and Arizona. After a presidential campaign scarred by Russian meddling, local, state and federal agencies have conducted little of the type of digital forensic investigation required to assess the impact, if any, on voting in at least 21 states whose election systems were targeted by Russian hackers, according to interviews with nearly two dozen national security and state officials and election technology specialists. The assaults on the vast back-end election apparatus - voter-registration operations, state and local election databases, e-poll books and other equipment - have received far less attention than other aspects of the Russian interference, such as the hacking of Democratic emails and spreading of false or damaging information about Mrs. Clinton. Yet the hacking of electoral systems was more extensive than previously disclosed, The New York Times found. Beyond VR Systems, hackers breached at least two other providers of critical election services well ahead of the 2016 voting, said current and former intelligence officials, speaking on condition of anonymity because the information is classified. The officials would not disclose the names of the companies. Intelligence officials in January reassured Americans that there was no indication that Russian hackers had altered the vote count on Election Day, the bottom-line outcome. But the assurances stopped there. Government officials said that they intentionally did not address the security of the back-end election systems, whose disruption could prevent voters from even casting ballots. That's partly because states control elections; they have fewer resources than the federal government but have long been loath to allow even cursory federal intrusions into the voting process. * * * top

Harvard professor tells students they should come to class (InsideHigherEd, 5 Sept 2017) - This year's FAQ for CS50, Harvard University's largest course, featured this statement: "Unlike last year, students are encouraged to attend all lectures in person this year." Encouraging the 800-plus students enrolled in the introductory computer programming course may sound typical. But it's a reversal for the course, which is regularly described as one of the most popular and rigorous at Harvard, and a model of effective teaching . Last year David J. Malan, the Gordon McKay Professor of the Practice of Computer Science, made attending lectures optional. In a very public version of flipping the classroom, Malan said it would be fine for students to watch videos that are made of each lecture. In an essay a year ago , Malan wrote that he was requiring students to attend only the first and last lectures of the course. And he questioned the value of saying everyone should attend every lecture. * * * In an email to Inside Higher Ed, Malan said that there was no decline in learning outcomes in the course, even as the number of students who attended lectures in person was not as high as in past years. Malan also said that he realizes there will still be students who have scheduling conflicts with other courses such that they may rely on the recordings, which will be produced live this year. And other students may benefit from watching the recordings after attending the lectures in person. So why revert to telling students they are expected in class? "Enough former students reported that something was missing, not just the students themselves but the energy of an audience, that we decided to bring [encouraging students to attend] live lectures back this fall," Malan said. One of Harvard's satire websites has suggested that -- following Malan's shift -- another course should do the opposite. top

Military appeals court says demands to unlock phones may violate the Fifth Amendment (TechDirt, 6 Sept 2017) - A decision [PDF] handed down by the Appeals Court presiding over military cases that almost affirms Fifth Amendment protections against being forced unlock devices and/or hand over passwords. Almost. The CAAF (Court of Appeals for the Armed Forces) doesn't quite connect the final dot, but does at least discuss the issue, rather than dismiss the Fifth Amendment question out of hand. (h/t FourthAmendment.com ] The case stems from a harassment case against a soldier who violated (apparently repeatedly) a no-contact order separating him from his wife. After being taken into custody, Sgt. Edward Mitchell demanded to speak to a lawyer. Rather than provide him with a lawyer, investigators asked him to unlock his phone instead. * * * top

Another state adopts duty of technology competence, bringing total to 28 (Bob Ambrogi, 6 Sept 2017) - In my continuing effort to keep a tally of the states that have adopted the duty of technology competence, I've discovered another, Nebraska, which brings the total to 28 states. The Nebraska Supreme Court adopted the amendment on June 28, 2017. It amends comment 6 to Nebraska Rule of Professional Conduct § 3-501.1 - the corollary to ABA Model Rule 1.1 on competence - to read as follows: To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject. The italicized phrase is the same as the language that the ABA recommended in 2012 when it approved a change to the Model Rules of Professional Conduct to make clear that lawyers have a duty to be competent not only in the law and its practice, but also in technology. top

Gender analytics: Using litigation data to evaluate law firm diversity (PatentlyO, 6 Sept 2017) - More women are entering the legal profession than ever -women now make up about half of all law students and 36% of all licensed attorneys - but these ratios are not reflected at the highest levels of firm positions. Judges anecdotally report that women rarely act as lead counsel in litigation, and the percentage of female partners at firms hovers around 22% . Corporate clients are aware of the gender imbalance and actively seek out firms that reflect their own commitment to gender diversity. Clients now regularly request firm diversity statistics as part of law firm pitches, putting pressure on firms to support female attorneys at the highest ranks. Law firms typically measure diversity by tracking headcount; the number of male and female associates and partners in their ranks. These metrics can ignore the often more meaningful metric of how often female attorneys actually appear in court-room litigation. Modern legal analytics can play an important role in increasing transparency in law firm gender diversity. Traditional legal analytics show how often parties or law firms win cases, or the likelihood of winning legal relief in front of a particular judge. However, they can also be used to rank and analyze more general litigation trends, including gender diversity. To identify firms with the most balanced male-female attorney ratio, Docket Alarm scours the litigation record, looking at the names of attorneys and their law firm. The gender of each attorney in a case is identified based on the attorney's first name and other factors. The result is that we can now measure firm gender diversity based on attorneys actually staffed on cases, i.e. , those that most substantively participate in litigation, not just by firm head-count. The analysis began with the Patent Trial and Appeal Board ("PTAB"), a specialized court focused on patent validity. The analysis shows that patent litigation is dominated by male attorneys. Of the top 100 law firms, 55 have less than 10% female attorneys on cases, and 8 firms have never had a single female attorney work on their PTAB AIA-Trial cases. On average, attorney appearances are only 12% female. When representing patent owners, the percentage of female attorneys drops further to 9.8%. * * * top

News use across social media platforms 2017 (Pew, 7 Sept 2017) - As of August 2017, two-thirds (67%) of Americans report that they get at least some of their news on social media - with two-in-ten doing so often, according to a new survey from Pew Research Center. This is a modest increase since early 2016, when (during the height of the presidential primaries) 62% of U.S. adults reported getting news from social media. While a small increase overall, this growth is driven by more substantial increases among Americans who are older, less educated, and nonwhite. This study is based on a survey conducted August 8-21, 2017, with 4,971 U.S. adults who are members of Pew Research Center's nationally representative American Trends Panel. For the first time in the Center's surveys, more than half (55%) of Americans ages 50 or older report getting news on social media sites. That is 10 percentage points higher than the 45% who said so in 2016. Those under 50, meanwhile, remain more likely than their elders to get news from these sites (78% do, unchanged from 2016). Furthermore, about three-quarters of nonwhites (74%) get news on social media sites, up from 64% in 2016. This growth means that nonwhites are now more likely than whites to get news while on social media. And social media news use also increased among those with less than a bachelor's degree, up nine percentage points from 60% in 2016 to 69% in 2017. Alternatively, among those with at least a college degree, social media news use declined slightly. top

EU ministers test responses in first computer war game (Reuters, 7 Sept 2017) - European Union defense ministers tested their ability to respond to a potential attack by computer hackers in their first cyber war game on Thursday, based on a simulated attack on one of the bloc's military missions abroad. In the simulation, hackers sabotaged the EU's naval mission in the Mediterranean and launched a campaign on social media to discredit the EU operations and provoke protests. Each of the defense ministers tried to contain the crisis over the course of the 90-minute, closed-door exercise in Tallinn that officials sought to make real by creating mock news videos giving updates on an escalating situation. * * * NATO last year recognized cyberspace as a domain of warfare and said it justified activating the alliance's collective defense clause. The European Union has broadened its information-sharing between governments and is expected to present a new cyber defense plan. The EU exercise made ministers consider how to work more closely with NATO, whose Secretary-General Jens Stoltenberg was there as an observer, diplomats present said. "Over the last year, we saw a 60 percent increase in the number of cyber attacks against NATO networks," Stoltenberg told reporters. "A timely exchange of information (with the EU) is key to responding to any cyber attacks." top

Virginia halts use of voting machines considered vulnerable to hacking (Reuters, 8 Sept 2017) - Virginia on Friday agreed to stop using paperless touchscreen voting machines that had been flagged by cyber security experts as potentially vulnerable to hackers and lacking sufficient vote auditing capabilities. The action represented one of the most concrete steps taken by a U.S. state to bolster the cyber security of election systems since the 2016 presidential race, when U.S. intelligence agencies say Russia waged a digital influence campaign to help President Donald Trump win. Virginia's board of elections voted to accept a recommendation from its state election director, Edgardo Cortes, to decertify so-called direct-recording electronic machines, which count votes digitally and do not produce paper trails that can be checked against a final result. Five states still rely solely on direct record electronic machines, according to Verified Voting. They include New Jersey, which will also elect a new governor this year. Eight other states rely on a mix of paper ballots and paperless direct recording electronic machines, the group said. top

'Big tech' companies such as Facebook are skating on thin ice (Roger Cochetti in The Hill, 9 Sept 2017) - Internet sex trafficking issues exploded recently when Sens. Rob Portman (R-Ohio) and Claire McCaskill (D-Mo.) introduced S.1693, which could expose internet companies to liability for enabling sex trafficking. Nearly the entire internet industry opposes the legislation, but more than a quarter of both chambers have nonetheless co-sponsored the legislation. It's worth understanding how Section 230 came about and affected the internet ecosystem, and how recent efforts may now be putting it at risk. The world was a very different place in 1995. There were probably 15-20 million internet users and Prodigy, CompuServe and America Online dominated the online industry. Dial-up computer bulletin boards were popular, although many courts had held that their operators were publishers and responsible for the content they displayed. People increasingly believed that making any effort to curate content posted on one's internet service would make the operator responsible for all displayed content. The Senate had actually gone so far as to approve language declaring that online operators were subject to the same obscenity regulations as television broadcasters. The internet looked like it was headed for a life of endless lawsuits and regulations. Then-Reps. Chris Cox (R-Calif.) Ron Wyden (D-Ore.) originally introduced Section 230 to prevent online service providers from being treated as if they were either publishers or TV broadcasters. It introduced the critically important concept of very limited or no intermediary liability for the content created by others. It was approved in the House as a part of the 1996 Telecom Act. * * * Internationally, at the time, few governments had much of an idea of how the internet fit into existing regulations. The internet wasn't a computer bulletin board, a magazine, a bookstore, a telephone service, a closed computer network, broadcast TV, or cable TV. This is why 230 became important: It provided a simple explanation of the internet. The internet has some characteristics of a private computer service and some of a telephone service. Like a telephone service, the intermediaries couldn't be responsible for the content that flows over their network and like a private computer service, operators have a right to get rid of dangerous content. This explanation of how a then-unimportant medium should be viewed caught on internationally; and it's no exaggeration to say that it allowed the Internet as we know it to come into existence. That was then and this is now. Over the last 22 years, a lot has changed. Billions use the internet and virtually every policy-maker knows something about how it works. Big data and AI enable content monitoring that was considered science fiction in 1995 and nudity is far from the top concern about internet content. * * * top

Turks detained for using encrypted app 'had human rights breached' (The Guardian, 11 Sept 2017) - Tens of thousands of Turkish citizens detained or dismissed from their jobs on the basis of downloading an encrypted messaging app have had their human rights breached, a legal opinion published in London has found. The study , commissioned by opponents of the Turkish president, Recep Tayyip Erdoğan, argues that the arrest of 75,000 suspects primarily because they downloaded the ByLock app is arbitrary and illegal. It reflects growing concern about the legality of the Turkish government's crackdown in the aftermath of last year's failed coup . The legal opinion was commissioned by a pro-Gülen organisation based in Europe. The two British lawyers involved, William Clegg QC and Simon Baker, are experienced barristers. The report examines transcripts of recent trials of alleged Gülenists in Turkey as well as Turkish intelligence reports on ByLock. It concludes that the cases presented so far breach the European convention on human rights, which Turkey is signed up to. top

Tesla remotely extended the range of drivers in Florida for free... and that's NOT a good thing (TechDirt, 11 Sept 2017) - In the lead up to Hurricane Irma hitting Florida over the weekend, Tesla did something kind of interesting: it gave a "free" upgrade to a bunch of Tesla drivers in Florida , extending the range of those vehicles, to make it easier for them to evacuate the state. Now, as an initial response, this may seem praiseworthy. The company did something (at no cost to car-owners) to help them evacuate from a serious danger zone. In a complete vacuum, that sounds like a good idea. But there are a variety of problems with it when put back into context. The first thing you need to understand is that while Tesla sells different version of its Model S, with different ranges, the range is actually entirely software-dependent. That is, it uses the same batteries in different cars -- it just limits how much they'll charge via software. Thus, spend more on a "nicer" model and more of the battery is used. So all that happened here was that Tesla "upgraded" these cars with an over the air update. In some ways, this feels kind of neat -- it means that a Tesla owner could "purchase" an upgrade to extend the range of the car. But it should also be somewhat terrifying. In some areas, this has led to discussions about the possibility of hacking the software on the cheaper version to unlock the greater battery power -- and I, for one, can't wait to see the CFAA lawsuit that eventually comes out of that should it ever happen (at least some people are hacking into the Tesla's battery management system, but just to determine how much capacity is really available). But this brings us back to the same old discussion of whether or not you really own what you've bought. When a company can automagically update the physical product you bought from them, it at least raises some serious questions. Yes, in this case, it's being used for a good purpose: to hopefully make it easier for Tesla owners to get the hell out of Florida. But it works the other way too, as law professor Elizabeth Jo points out * * * top

The next Yik Yak? (InsideHigherEd, 12 Sept 2017) - As thousands of students armed with smartphones start the new school year, they'll have plenty of social media options to choose from to find friends and connect with their peers. But at a select group of college campuses, a new player has entered the scene -- a student-centered networking app called Islands . Billed as "Slack for college students," Islands is a location-based app designed specifically with college students, rather than business colleagues, in mind. In an interview, Greg Isenberg, CEO of Islands, said that he wanted to create an experience that will "delight people" and help "connect the disconnected." Of course, students already have a lot of ways to connect with each other on campus, but Isenberg believes that a lot of students use apps like GroupMe out of necessity rather than by choice. "Ask any college kid what they think of GroupMe, and at least 75 percent will have had a negative experience with it," said Isenberg. "It's crazy, because if you ask them what are the three biggest apps they use on campus, they'll tell you Instagram, Snapchat and GroupMe. You have millions of daily active users using a product, and they're not even loving the experience." The premise of the Islands app is simple. If you're within range of a college campus with access to the app, you'll be able to log in with your Facebook account or email. Inside the app you'll find a number of different group chats, or "islands." Some are public, meaning anyone can join. Some are private, and you must request to join the group. Example public islands available when you log into the app include Buy & Sell, Pickup Basketball and Undergraduate Library. The aim of the app is to connect students to groups of people "they might never have found" otherwise -- whether that is a new best friend, a study partner or someone to play sports with. The way that you choose to communicate when you start a private island is customizable, Isenberg explains. "We give people the Lego building blocks to create a space however they want. If they want to have a room that is anonymous, they could. If they want to have a room where all the messages disappear after an hour, great. If they want the room to just be for sharing photos, they can do that." * * * top

RESOURCES

Algorithms in the Criminal Justice System: Assessing the Use of Risk Assessments in Sentencing (Harvard, 25 Aug 2017) - In the summer of 2016, some unusual headlines began appearing in news outlets across the United States. "Secret Algorithms That Predict Future Criminals Get a Thumbs Up From the Wisconsin Supreme Court," read one. Another declared: "There's software used across the country to predict future criminals. And it's biased against blacks." These news stories (and others like them) drew attention to a previously obscure but fast-growing area in the field of criminal justice: the use of risk assessment software, powered by sophisticated and sometimes proprietary algorithms, to predict whether individual criminals are likely candidates for recidivism. In recent years, these programs have spread like wildfire throughout the American judicial system. They are now being used in a broad capacity, in areas ranging from pre-trial risk assessment to sentencing and probation hearings. This paper focuses on the latest-and perhaps most concerning-use of these risk assessment tools: their incorporation into the criminal sentencing process, a development which raises fundamental legal and ethical questions about fairness, accountability, and transparency. The goal is to provide an overview of these issues and offer a set of key considerations and questions for further research that can help local policymakers who are currently implementing or considering implementing similar systems. We start by putting this trend in context: the history of actuarial risk in the American legal system and the evolution of algorithmic risk assessments as the latest incarnation of a much broader trend. We go on to discuss how these tools are used in sentencing specifically and how that differs from other contexts like pre-trial risk assessment. We then delve into the legal and policy questions raised by the use of risk assessment software in sentencing decisions, including the potential for constitutional challenges under the Due Process and Equal Protection clauses of the Fourteenth Amendment. Finally, we summarize the challenges that these systems create for law and policymakers in the United States, and outline a series of possible best practices to ensure that these systems are deployed in a manner that promotes fairness, transparency, and accountability in the criminal justice system. This is a paper of the Responsive Communities project produced by Harvard students Priscilla Guo, Danielle Kehl, and Sam Kessler. This paper is a product of the students' work in the HLS Responsive Communities Lab course, co-led by Susan Crawford and Waide Warner. top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Tech firms, rights groups to form Web conduct code (CNET, 18 Feb 2007) -- Technology companies Microsoft, Google, Yahoo and Vodafone are in talks with human rights and press freedom groups to draw up an Internet code of conduct to protect free speech and privacy of Web users. The parties said in a statement Friday that they aim to produce a code by the end of this year that would counter such trends as the increased jailing of Internet journalists, monitoring of legitimate online activity, and censorship. Talks are being led by the Washington-based Center for Democracy and Technology and San Francisco nonprofit Business for Social Responsibility. They are trying to craft a code to hold companies accountable if they cooperate with governments to suppress free speech or violate human rights. "Technology companies have played a vital role building the economy and providing tools important for democratic reform in developing countries," said Leslie Harris, executive director of the Center for Democracy and Technology. "But some governments have found ways to turn technology against their citizens--monitoring legitimate online activities and censoring democratic material," Harris said. top

TJX data breach: at 45.6m card numbers, it's the biggest ever (Computerworld, 29 March 2007) -- After more than two months of refusing to reveal the size and scope of its data breach, TJX Companies Inc. is finally offering more details about the extent of the compromise. In filings with the U.S. Securities and Exchange Commission yesterday, the company said 45.6 million credit and debit card numbers were stolen from one of its systems over a period of more than 18 months by an unknown number of intruders. That number eclipses the 40 million records compromised in the mid-2005 breach at CardSystems Solutions and makes the TJX compromise the worst ever involving the loss of personal data. In addition, personal data provided in connection with the return of merchandise without receipts by about 451,000 individuals in 2003 was also stolen. The company is in the process of contacting individuals affected by the breach, TJX said in its filings. "Given the scale and geographic scope of our business and computer systems and the time frames involved in the computer intrusion, our investigation has required a substantial period of time to date and is not completed," the company said. Framingham, Mass.-based TJX is the owner of a number of retail brands, including T.J.Maxx, Marshalls and Bob's Stores. In January, the company announced that someone had illegally accessed one of its payment systems and made off with card data belonging to an unspecified number of customers in the U.S., Canada, Puerto Rico and potentially the U.K. and Ireland. top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Klein Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. Aon's Technology & Professional Risks Newsletter

5. Crypto-Gram, http://www.schneier.com/crypto-gram.html

6. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

7. The Benton Foundation's Communications Headlines

8. Gate15 Situational Update Notifications, http://www.gate15.us/services.html

9. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top