Saturday, March 03, 2018

MIRLN --- 11 Feb - 3 March 2018 (v21.03)

MIRLN --- 11 Feb - 3 March 2018 (v21.03) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)



How the government controls sensitive satellite data (Wired, 8 Feb 2018) - During the cold War, on the vast, barren flatland around Area 51's dried-up Groom Lake, the military developed a stealth spy plane code-named Project Oxcart. Project personnel were sworn to secrecy, but still, US officials worried that the Soviets would find out what they were up to. With good reason: Up above, USSR satellites were ready to spy with their on-board cameras. While Area 51 employees couldn't stop these satellites from swinging by, they did come up with a low-tech solution: moving the classified planes into sheds when they knew the satellites would pass over. Today, that's not a feasible stealth solution. Earth orbit doesn't just host a few Soviet spysats: More than a thousand working orbiters are out there, hundreds of those equipped with Earth-observing cameras. They are American, European, African, South American, Japanese, Indian, Chinese, Russian. And nothing stops many of them from taking pictures of supersecret areas. But the government has other ways of restricting information. The feds can limit how good commercially available images can be when taken by US companies. And it can issue a directive barring imaging over a given location. The law regulating that imaging, though, was first passed before satellite imaging really existed as an industry. And according to insiders, it's been keeping satellites down-even as thousands more of them are set to launch in the next decade. When the Land Remote Sensing Policy Act passed, the world was a younger, more naïve place. Aladdin was about to come out. George Sr. was president. Oh, and also the satellite-imaging industry was way different. "The biggest way that it was different was that there wasn't really one," says Walter Scott, the founder of DigitalGlobe and CTO of Maxar Technologies, which bought DigitalGlobe last year. The law allowed fully private companies to get a license to take data on Earth from space-and so, when it passed in 1992, Scott did. The law-since added to, amended, and restated -still forms the legal basis for commercial remote sensing. But regulations have also accomplished the opposite, allowing the government to exercise so-called "shutter control": If the government says to close your satellite's eye, you have to do it. The government has never put shutter control into effect-at least not exactly. It's gotten around it, though. After 9/11, the feds didn't legislate the high-resolution Ikonos satellite out of taking or releasing images of Afghanistan. They simply bought exclusive rights to all of its images of the area, the only high-res ones available on the US market, making it functionally impossible for anyone else to use commercial US imagery surveil the area. Insiders call this "checkbook shutter control." That kind of limitation also happens on a smaller scale. "US government customers have the ability-as, actually, do some of our other customers-to say, 'We would like you to take this image and not make this image available publicly,'" explains Scott. "It's an exclusivity arrangement." Then, there are the things that aren't shutter control but do place cuffs around satellite operators. Take the Kyl-Bingaman Amendment , which bans US companies from releasing their high-resolution images of Israel and the Occupied Territories. In addition, "certain licensees have some area imaging restrictions," says Tahara Dawkins, the director of the NOAA Commercial Remote Sensing Regulatory Affairs Office. "The details are proprietary." [ Polley : fascinating] top

CISOs wary of threat intelligence accuracy, quality: Study (CXO Today, 8 Feb 2018) - In a world where cyber criminals are becoming increasingly stealthy and sophisticated-with new threats on the rise ranging from ransomware to DNS hijacking-it is ineffective and costly for companies to defend themselves against cybersecurity threats alone. According to a new report conducted by Ponemon Institute , the consumption and exchange of threat intelligence has increased significantly since 2015. Yet despite the increase in the exchange and use of threat intelligence, CISOs are not satisfied with the current quality of the data. [Read the full study here ] The report titled " Exchanging Cyber Threat Intelligence: There Has to Be a Better Way ," found that while security professionals are increasingly recognizing the importance of threat intelligence, the majority remain dissatisfied with its accuracy and quality. Meanwhile, because many security teams still execute threat investigations solo rather than pooling intelligence, their ability to quickly act on threats is limited. The report found 67 percent of IT and security professionals spend more than 50 hours per week on threat investigations, instead of efficiently using security resources and sharing threat intelligence. Lack of accuracy and timeliness is among the top complaints about threat intelligence, which in turn hinders its effectiveness and security teams' ability to quickly mitigate threats, the report noted. In fact, only 31 percent of respondents cited threat intelligence as actionable. But exchanging threat intelligence amongst peers, industry groups, IT vendors and government bodies can result in more holistic, accurate and timely threat intelligence and a stronger security posture. Two-thirds of respondents (66 percent) reported that threat intelligence could have prevented or minimized the consequence of a data breach or cyber attack, indicating that more infosecurity professionals are realizing the importance of threat intelligence. The vast majority of respondents are focused on threat sharing, with 84 percent of organizations fully participating or partially participating in an initiative or program for exchanging threat intelligence with peers and/or industry groups. But, most of these organizations are only participating in peer-to-peer exchange of threat intelligence (65 percent) instead of a more formal approach such as threat intelligence exchange services or consortium, which contributes to the dissatisfaction with the quality of the threat intelligence obtained. Other key findings from the survey include: Most respondents believe threat intelligence improves situational awareness, with an increase from 54 percent of respondents in 2014 to 61 percent of respondents in this year's study. Sixty-six percent of respondents say shared information is not timely, and 41 percent say it is too complicated. Potential liability and lack of trust in intelligence providers prevent some organizations from fully participating in threat intelligence exchange programs, with 58 percent and 60 percent respectively citing these concerns. Twenty-four percent of organizations would rather exchange threat intelligence via a threat intelligence exchange service and 21 percent via a trusted intermediary, with only four percent preferring to share intelligence directly with other organizations- indicating a need for an exchange platform that enables such sharing because it is trusted and neutral. While the value of threat intelligence declines within minutes, only 24 percent of respondents say they receive threat intelligence in real time (nine percent) or hourly (15 percent). Seventy-three percent of respondents say they use threat indicators and the most valuable types of information are indicators of malicious IP addresses and malicious URLs. top

New Orleans eyes bars and restaurants as new focus of surveillance (Citylab, 9 Feb 2018) - New Orleans Police Superintendent Michael Harrison has a message for New Orleans bar-goers: Be good-you're being watched. The city council is considering an unprecedented proposal to require any business with a liquor license to install video cameras that feed into a real-time surveillance "command center" monitored 24/7 by law enforcement. "We want to be able to send a message that if you're in public spaces, we're going to be able to catch you if you commit a crime," Harrison told CityLab. "We have to have the ability to demonstrate to would-be criminals, to would-be terrorists, if you will, that in public spaces we're going to find them and know who you are." To that end, New Orleans is pioneering what appears to be the most expansive surveillance of bars and restaurants in the country. As currently written, the ordinance requires proprietors to purchase and install street-facing cameras that connect to the city's command center and store the footage for at least two weeks. Businesses found violating any conditions of the liquor license could be required to install the cameras inside as well. In a survey of other municipal laws , MaCCNO found that no other cities in the U.S. require all businesses with a liquor license to participate in a real-time surveillance network. Still, this unique proposal follows a broader trend of cities increasingly expanding the geographic scope of local video surveillance in the name of public safety. Cities from New York to Fresno have developed software that merges city camera networks with predictive policing software to try to ascertain the likelihood individuals will commit a crime. New Orleans plans to eventually expand the monitoring center to "include an intelligent threat analytics platform that looks for specific kinds of threats and integrates remote-sensing technology," according to the mayor's public safety plan . top

ABA House of Delegates approves novel virtual currency draft legislation (ABA Journal, 9 Feb 2018) - The American Bar Association's House of Delegates approved a draft uniform law regarding virtual currency businesses for states to adopt. Drafted by the National Conference of Commissioners on Uniform State Laws, the Uniform Regulation of Virtual-Currency Business Act is draft legislation intended to create a statutory structure for regulating "virtual currency business activity," according to the act's prefatory note . The vote took place during the ABA Midyear Meeting in Vancouver, British Columbia. Many involved with cryptocurrency "are not enamored much in the way of regulation," according to Fred Miller, the chair of the committee that drafted the legislation. He says, however, that there was near unanimity from advocates, business people and lawyers regarding the need for this type of legislation. Miller notes that the bill does not regulate the underlying technology of virtual currency, called blockchain, often described as a distributed ledger. Instead, the draft law focuses on licensing businesses associated with virtual currencies, like money transmitters and money services. In that regard, the draft law is similar to the Uniform Money Services Act, which deals with traditional currency businesses. To date, state governments have had mixed responses to cryptocurrencies and related businesses. While some have taken a hands-off approach, others have created elaborate licensing schemes. In one example, New York created the BitLicense regulatory scheme in 2015. It has received broad criticism for being over the top, according to Miller. As of last month, only three companies had received BitLicenses. Miller says that the criticism of the New York law was one reason the draft legislation did something novel: it created tiered regulation. The system will trigger certain levels of regulation depending on a company's earnings. Entities with under $5,000 of business activity will be exempt from regulatory oversight. Those operating between $5,000 and $35,000 will require a "light license", explains Miller. The full regulatory scheme is triggered once a business breaches the $35,000 threshold. "We wanted to allow some regulation and allow some experimentation and innovation as well," says Miller. To date, the draft legislation has been introduced in Hawaii and Nebraska, according to the Uniform Law Commission's website . top

German court says Facebook's real name policy is illegal (The Verge, 12 Feb 2018) - A German court ruled that Facebook's real name policy is illegal and that users must be allowed to sign up for the service under pseudonyms to comply with a decade-old privacy law. The ruling, made last month but only now being announced, comes from the Berlin Regional Court and was detailed today by the Federation of German Consumer Organizations (abbreviated from German as VZBV), which filed the lawsuit against Facebook. Facebook says it will appeal the ruling, but also that it will make changes to comply with European Union privacy laws coming into effect in June, according to Reuters . "We are working hard to ensure that our guidelines are clear and easy to understand, and that the services offered by Facebook are in full accordance with the law," a Facebook spokesperson said. According to the VZBV, the court found that Facebook's real name policy was "a covert way" of obtaining users' consent to share their names, which are one of many pieces of information the court said Facebook did not properly obtain users' permission for. The court also said that Facebook did not provide a clear choice to users for other default settings, such as to share their location in chats, and it ruled against clauses that allowed Facebook to use information such as profile pictures for "commercial, sponsored, or related content." VZBV notes that it didn't win on all counts, though. Facebook prevailed on a complaint that it was misleading to say the service was free, because as VZBV put it, consumers pay "with their data." Given that the ruling comes from a regional court and that both parties intend to appeal, it's unlikely that some of these decisions are going to be final. But it's still bad news for Facebook - and good news for users - that a consumer advocacy group is finding success as it pushes back against the social network's generous data sharing policies, which are often more a benefit to the company than to people using the service. top

97% of cybersecurity leaders are evaluating vendor security, including law firms, says new survey (ABA Journal, 12 Feb 2018) - Released Feb. 8, the report, titled "The Shifting Cybersecurity Landscape: How CISOs and Security Leaders Are Managing Evolving Global Risks to Safeguard Data," explores the role of chief information security officers, the adoption of cloud technology and how businesses are auditing their vendors. While the report did not focus on the legal industry, formal evaluation of legal vendors was touched on. Seventeen percent of respondents said these evaluations were driven by regulatory requirements. Even with this level of scrutiny, only 53 percent said they were confident in the security of their data being managed by third parties, like law firms. Fifty-seven percent of respondents said they were periodically involved in litigation or investigations. And the level of concern regarding sharing data with these companies "depends on the case and litigation, as well as what disclosure of information is required," said an unnamed technology CISO in the report. Looking at cloud storage, the report found that 87 percent of respondents were using third-party cloud providers to "host non-critical information" to save money and streamline business processes. Nearly one-fifth said that moving to the cloud was spurred by using Microsoft Office 365. The 30-person survey, conducted last August by Ari Kaplan Advisors and Ankura, a consultancy, included chief information security officers, chief technology officers and director-level positions related to information security from primarily the U.S. Sixty-seven percent of respondents were from highly regulated financial- and healthcare-related industries, which skewed results towards stronger levels of awareness of these issues, according to the report. top

- and -

Memo to law firms: Raise cybersecurity bar or risk client losses (Bloomberg, 23 Feb 2018) - Law firms may not be the safe repository of client confidences-such as trade secrets and merger plans-that they once were, as hackers recognize firms as prized vaults of proprietary corporate data. "Law firms are ideal targets for hackers because of the sensitive nature and variety of information they collect and store," Dore said. Clients, for their part, view law firm data breaches or lax security as serious business considerations, Lucian T. Pera, legal ethics partner at Adam and Reese LLP in Memphis, Tenn. and former treasurer of the American Bar Association, told Bloomberg Law. "Cybersecurity protections are becoming a serious factor in client decision-making," at law firms, and large firms stand to lose business if they don't take care of cybersecurity, he said. [ Polley : Again, see ABA Cybersecurity Handbook (which Lucian Pera helped write). More than a thousand copies have sold in its 3 months. See also , the ABA Journal's ongoing 2018 " Digital Dangers " series/resources.] top

Tech's ethical 'dark side': Harvard, Stanford and others want to address it (NYT, 12 Feb 2018) - The medical profession has an ethic: First, do no harm . Silicon Valley has an ethos: Build it first and ask for forgiveness later . Now, in the wake of fake news and other troubles at tech companies, universities that helped produce some of Silicon Valley's top technologists are hustling to bring a more medicine-like morality to computer science. This semester, Harvard University and the Massachusetts Institute of Technology are jointly offering a new course on the ethics and regulation of artificial intelligence. The University of Texas at Austin just introduced a course titled " Ethical Foundations of Computer Science " - with the idea of eventually requiring it for all computer science majors. And at Stanford University, the academic heart of the industry, three professors and a research fellow are developing a computer science ethics course for next year. They hope several hundred students will enroll. The idea is to train the next generation of technologists and policymakers to consider the ramifications of innovations - like autonomous weapons or self-driving cars - before those products go on sale. "It's about finding or identifying issues that we know in the next two, three, five, 10 years, the students who graduate from here are going to have to grapple with," said Mehran Sahami , a popular computer science professor at Stanford who is helping to develop the course. He is renowned on campus for bringing Mark Zuckerberg to class . "Technology is not neutral," said Professor Sahami, who formerly worked at Google as a senior research scientist. "The choices that get made in building technology then have social ramifications." top

Porsche is 3d printing hard-to-find parts for the 959 and other classics (, 13 Feb 2018) - Porsche Classic, Porsche's classic cars division, has turned to 3D printing obscure parts that people might need on occasion. They already have about 52,000 parts available, but for the truly arcane ones, it's cheaper to 3D print them than make the specialized tools to create them over again. top

We don't need new laws for faked videos, we already have them (EFF, 13 Feb 2018) - Video editing technology hit a milestone this month. The new tech is being used to make porn. With easy-to-use software, pretty much anyone can seamlessly take the face of one real person (like a celebrity) and splice it onto the body of another (like a porn star), creating videos that lack the consent of multiple parties. People have already picked up the technology, creating and uploading dozens of videos on the Internet that purport to involve famous Hollywood actresses in pornography films that they had no part in whatsoever. While many specific uses of the technology (like specific uses of any technology) may be illegal or create liability, there is nothing inherently illegal about the technology itself. And existing legal restrictions should be enough to set right any injuries caused by malicious uses. * * * [ Polley : Useful article, as usual.] top

- and -

Deep Fakes: A looming crisis for national security, democracy and privacy? (Bobby Chesney on Lawfare, 21 Feb 2018) - "We are truly fucked." That was Motherboard's spot-on reaction to deep fake sex videos (realistic-looking videos that swap a person's face into sex scenes actually involving other people). And that sleazy application is just the tip of the iceberg. As Julian Sanchez tweeted, "The prospect of any Internet rando being able to swap anyone's face into porn is incredibly creepy. But my first thought is that we have not even scratched the surface of how bad 'fake news' is going to get." Indeed. Recent events amply demonstrate that false claims-even preposterous ones-can be peddled with unprecedented success today thanks to a combination of social media ubiquity and virality, cognitive biases, filter bubbles, and group polarization. The resulting harms are significant for individuals, businesses, and democracy. Belated recognition of the problem has spurred a variety of efforts to address this most recent illustration of truth decay, and at first blush there seems to be reason for optimism. Alas, the problem may soon take a significant turn for the worse thanks to deep fakes. Get used to hearing that phrase. It refers to digital manipulation of sound, images, or video to impersonate someone or make it appear that a person did something-and to do so in a manner that is increasingly realistic, to the point that the unaided observer cannot detect the fake. Think of it as a destructive variation of the Turing test: imitation designed to mislead and deceive rather than to emulate and iterate. * * * [ see also , The danger of deep fakes: responding to Bobby Chesney and Danielle Citron (Stanford's Herb Lin on Lawfare, 27 Feb 2013)] top

Iterating on (Defense Digital Service, 13 Feb 2018) - In February 2017, the Defense Digital Service (DDS) decided it was time to take a more involved approach within the Department of Defense in the government-wide movement to open source code. This was spurred by the release of the new Federal Source Code Policy by the Office of Management and Budget in August, 2016 and in November, 2016. We spent a lot of time talking with people in the DoD, across the federal government, and leaders in the Free / Open Source Software (F/OSS) community. Thus we formed a new project called and created a repository providing guidance on how to open source code at the DoD. It's been a long time coming, but that guidance - and its organization and presentation - has received a well-needed refresh with today's (re)launch of , an experiment in open source at the Department of Defense. Our guidance has been reorganized into an easy to digest website and we're investing in further improvements. The DoD faces many challenges in open sourcing code. Unlike most software projects, code written by U.S. Federal government employees typically does not have copyright protections under U.S. and some international laws. Often times this makes people think that our code can't use an OSS license, but this is far from true! It does, however, require a little more effort to define our intent. The complexity of national security policy adds another point of difficulty when individual program offices look to open source their work. Even with approval to release code publicly, government employees can be hindered by lack of access to modern source control and developer operations processes. Those barriers are precisely what DDS is good at tackling. The guidance we're providing at will help many projects across the Department by giving developers and product owners a template to start from and the necessary background information to share with people in their organization who may not be familiar with open source software. The site also highlights the policy and laws that affect custom-developed code written by U.S. government employees - or contractors working with us - so that people are informed about the requirements placed on them. * * * top

Project revives old software, preserves 'born-digital' data (Yale News, 13 Feb 2018) - Digital preservationists at Yale University Library are building a shareable "emulation as a service" infrastructure to resurrect thousands of obsolete software programs and ensure that the information produced on them will be kept intact and made easily available for future access, study, and use. Funded through a pair of $1 million grants from The Andrew W. Mellon Foundation and the Alfred P. Sloan Foundation, the project will enable access to at least 3,000 applications, including operating systems, scientific software, office and email applications, design and engineering software, and software for creative pursuits like video editing or music composition. "Material across subjects and fields increasingly is created only in digital form, making it vital for research libraries to develop ways to preserve digital information and make it readily accessible to the public," said Susan Gibbons, university librarian and deputy provost for collections and scholarly communication. "Thanks to the generous support and foresight of the Sloan and Mellon Foundations, Yale University Library is helping both to establish best practices in this emerging and critically important field and to ensure that future generations of students and scholars can examine a word-processing file or electronic spreadsheet as easily as they study a book or manuscript." The project will establish a shareable infrastructure that provides on-demand access to old software, recreating the original software environment on a current-day device, said Euan Cochrane, the library's digital preservation manager and the project's principle investigator. top

CDT launching effort to improve trust in VPNs (CDT, 14 Feb 2018) - As more internet users strive to take more control of their online privacy, Virtual Private Networks or VPNs have surged in popularity. VPNs work by creating an encrypted connections tunnel between a browser or device and the VPN provider's network, protecting traffic from through potentially hostile local network conditions. They assist in obscuring oneself from ISPs and shielding personal information flowing through non-secure public WiFi found in airports, coffee shops, conferences, and hotels. Advocates, including CDT, and regulators routinely advise individuals to consider using a VPN if they are particularly concerned about protecting their online privacy. But the basic security, privacy, and usability of VPNs vary widely and it can be extremely difficult for users to assess the reliability of any given VPN provider's privacy and security practices, as evidenced by CDT's complaint last summer against AnchorFree's Hotspot Shield VPN . While there have been several well-meaning efforts to develop best practices for VPNs, it remains difficult for privacy advocates and technical experts to recommend a specific commercial VPN service. It is also hard for responsible VPN providers to differentiate themselves on their privacy and security bonafides in the marketplace. To address these challenges, CDT will bring together VPN providers, privacy and consumer advocates, technical experts, and other stakeholders focused on internet infrastructure to create best practices and an enforceable code of conduct for protecting user data with VPNs. CDT believes any successful guidance on privacy and security in VPNs will address the following five issues: * * * [ Polley : This is great; all VPNs are not created equal; CDT is a credible entity to shine some light on this. See also In the market for a VPN app? (FTC, 22 Feb 2018)] top

Salon to use readers' computers to mine cryptocurrency (The Hill, 13 Feb 2018) - Media company is asking readers to allow them to use their computers to mine cryptocurrencies as a new source of revenue. The left-leaning company launched the test program on Monday and is targeting readers who use ad blockers, which it blames for declining revenues, the Financial Times reports. Readers who suppress ads with a blocker now see a pop-up that asks them if they will give Salon access to their computers' unused processing power to mine digital currencies. The pop-up is powered by Coinhive, which allows companies to run a program on users' web browsers to mine the cryptocurrency Monero, known for its privacy features and popularity on the black market. [ Polley : I use ad-blockers for security purposes, and there's no chance that I'd let somebody borrow computer cycles from me either. Forbes and Salon have thus lost me as a reader; Talking Points Memo left enough outside the paywall to keep me engaged, and I've just signed up for their "prime" service ($50/year).] top

How Russian bots spread fear at university in the US (InsideHigherEd, 15 Feb 2018) - Numerous reports in the last year have documented how Russian bots manipulated social media during the 2016 presidential campaign. A new journal article in Strategic Studies Quarterly reveals that the Russian bots had another target in the fall of 2015: students at the University of Missouri at Columbia. The bots created false impressions about some threats against black students and faculty members at the university, which resulted in some campus leaders calling for people to stay home and many students to say that they were terrified. The false reports also contributed to a negative image of the university -- particularly with regard to its support for minority students -- that the university continues to fight. Complicating the situation is that racial tensions were quite real at Mizzou that fall, and real threats did exist. But the article documents how the false reports contributed to considerable fear on campus. In fact, the Russian bots avoided detection in part because the hashtag #PrayforMizzou was used by real people who were at the university or were concerned about it, as well as by those forwarding the bot-created tweets. * * * The author of the journal article is Lieutenant Colonel Jarred Prier of the United States Air Force. Prier writes that there was plenty of evidence -- for those looking -- that the tweets that spread were false. He cites the tweeting and retweeting patterns, consistent with other Russian bot efforts. "The plot was smoothly executed and evaded the algorithms Twitter designed to catch bot tweeting, mainly because the Mizzou hashtag was being used outside of that attack," he writes. "The narrative was set as the trend was hijacked, and the hoax was underway." top

New York's cybersecurity requirements for financial services companies: Certification of compliance due (Ride The Lightning, 21 Feb 2018) - Lexology reported last week that the first certification of compliance was due under a new law in New York. The New York State Department of Financial Services enacted Cybersecurity Requirements for Financial Services Companies, 23 NYCRR 500, on March 1, 2017. The first certification of compliance with this regulation was due February 15, 2018. The regulation requires "covered entities"-meaning any person or non-governmental entity operating under or required to operate under authorization under the Banking Law, Insurance Law, or Financial Services law, to maintain a strong cybersecurity program that includes monitoring, testing, and training, as well as written cybersecurity policies that include periodic risk assessments. The regulation also requires covered entities to designate a qualified "Chief Information Security Officer" and require that the entity establish a written incident response plan to promptly respond to and recover from a cybersecurity incident. The regulation requires a covered entity to provide notice of a breach or cybersecurity event to the superintendent within 72 hours of determination that a cyber event has occurred and empowers the superintendent to enforce the provisions of the regulation. [ see also New York cybersecurity deadline highlights importance of a comprehensive insurance coverage for cyber risks (Hunton, 15 Feb 2018)] top

Facebook inks music licensing deal with ICE covering 160 territories, 290K rightsholders on FB, Insta, Oculus and Messenger (TechCrunch, 21 Feb 2018) - Facebook today took its latest step towards making good on paying out royalties to music rightsholders around tracks that are used across its multiple platforms and networks. The company has signed a deal with ICE Services - a licensing group and copyright database of some 31 million works that represents PRS in the UK, STIM in Sweden and GEMA in Germany - to provide music licensing and royalty collection for works and artists represented by the group, when their music is used on Facebook, Instagram, Oculus and Messenger. WhatsApp is not included because "We understand that WhatsApp is currently used as a pure communication tool akin to private email / messaging," a spokesperson for ICE told TechCrunch. "This will be kept under review." The deal is significant because, as ICE describes it, it's the first multi-territorial license Facebook has signed with an online licensing hub: it will cover 160 territories and 290,000 rightsholders. So what will this be used for? Facebook has moved into a lot of different services over the years, but a streaming music operation to compete with the likes of (soon-to-be public) Spotify, Pandora and Apple Music has not been one of them. However, in recent times it has been laying the groundwork to do more in music. And specifically, it has been signing deals with record labels and others to make sure that the music that is used in videos and other items posted to its sites is legit and paid for to avoid lawsuits, takedown requests, and - yes - potentially the creation of new music-based services down the road, as it starts to tap into the opportunities that music affords it. top

Tech-savvy attorneys in heavy demand amid emerging tech (Bloomberg, 22 Feb 2018) - Memo to lawyers: free your inner computer nerd if you want to represent today's clients. Take Patrick Berarducci, a lawyer whose resume also includes a background in computer science and software engineering. He was quickly snatched up by the blockchain company ConsenSys to make sure the developing technology complies with existing laws and regulations. "There's a real shortage" of lawyers like him, John Wolpert, ConsenSys' product executive, told Bloomberg Law. "We need a lot more code-y lawyers, as I say." Emerging and fast-evolving technologies, such as blockchain, artificial intelligence and cybersecurity, have law firms scrambling for legal talent that understands technology. Law firms are scouring for attorneys with expertise in computer science or cryptography to advise corporate and government clients implementing technology and navigate nascent case law in these areas, executives and attorneys told Bloomberg Law. Law firms trailing in tech know-how risk losing business from all sectors of the economy, attorneys told Bloomberg Law. More states, in their attorney competence standards, are telling firms to boost their lawyers' tech expertise, or run the risk of possible sanctions or penalties. * * * [ Polley : look for fluent lawyers - conversant in the technology, international issues, business, and the law. As a Venn-diagram, you want to engage with those in the center.] top

Court destroys future public art installations by holding building owner liable for destroying this one (TechDirt, 22 Feb 2018) - Last week was a big week for dramatically bad copyright rulings from the New York federal courts: the one finding people liable for infringement if they embed others' content in their own webpages , and this one about 5Pointz , where a court has found a building owner liable for substantial monetary damages for having painted his own building . While many have hailed this decision , including those who have mistakenly viewed it as a win for artists , this post explains why it is actually bad for everyone. The facts in this case are basically this: the owner of a run-down, formerly industrial building in a run-down neighborhood aspired to do something to redevelop his property, but it would be a few years before the time would be right. So in the meantime he let some graffiti artists use the building for their aerosol paintings. The building became known as 5Pointz, and the artwork on it soon began to attract attention. The neighborhood also began to change, and with the improvement the prospects for redeveloping the property into residences became more promising. From the outset everyone knew that redevelopment would happen eventually, and that it would put an end to the arrangement since the redevelopment would likely necessitate tearing down the building, and with it the art on the walls. As the date of demolition grew closer, the artists considered buying the building from the owner in order to prevent it from being torn down and thus preserve the art. However the owner had received a variance that suddenly made the value of the property skyrocket from $40 million to $200 million, which made the buyout impossible. So the artists instead sued to halt the destruction of their art and asked for a preliminary injunction, which would ensure that nothing happened to the art while the case was litigated. But in late 2013 the court denied the preliminary injunction , and so a few days later the building owner went ahead and painted over the walls. The painting-over didn't end the litigation, which then became focused on whether this painting-over broke the law. In 2017 the court issued a ruling allowing the case to proceed to trial on this question . Then last week came the results of that trial, with the court finding this painting-over a "willfully" "infringing" act and assessing a $6.7 million damages award against the owner for it. It may be tempting to cheer the news that an apparently wealthy man has been ordered to pay $6.7 million to poorer artists for damaging their art. True -- the building owner, with his valuable property, seems to be someone who potentially could afford to share some of that wealth with artists who are presumably of lesser means. But we can't assume that a defendant building owner, who wants to be able to do with his property what he is normally legally allowed to do, will always be the one with all the money, and the plaintiff artist will always be the one without those resources. The law applies to all cases, no matter which party is richer, and the judicial reasoning at play in this case could just as easily apply if Banksy happened to paint the side of your house and you no longer wanted what he had painted to remain there. Per this decision, removing it could turn into an expensive proposition. The decision presents several interrelated reasons for concern. * * * top

SEC expands guidance on cybersecurity disclosure obligations (Wiley Rein, 22 Feb 2018) - On February 21, 2018, the Securities and Exchange Commission (SEC) announced much-anticipated guidance which updates previous guidance on disclosing cybersecurity risk. The Commission stated it was "reinforcing and expanding upon the staff's 2011 guidance," while continuing to consider other means of promoting appropriate disclosure of cyber incidents. One takeaway from this guidance is that some uncertainty will remain as to what is material. That said, the SEC is sending clear signals. Companies must pay more attention to the quality and nature of their disclosures and Board management is top of mind at the Commission. Companies should double down on efforts to ensure they have solid policies and procedures, and consider SEC risk when handling a cyber incident. This update comes against the backdrop of other executive branch activity on market transparency and disclosure in response to President Trump's 2017 Executive Order, as well as statements by senior government officials signaling increasing expectations about private sector efforts on cybersecurity. The government is also looking at measurement and metrics for cyber risk management, in other venues. top

A new, democratic tool for mapping city streets (The Atlantic, 23 Feb 2018) - Let's say you're throwing a block party. You and your neighbor both draw your own maps of where the street will be closed, and how to get there. How would you do it? Just label some points on a line, or draw all the intersections? Do you indicate nearby parking spots? Does your map look exactly like your neighbor's? Would partygoers looking at both get confused? Now take that concept to the city level, where mismatched maps can have truly high stakes. Using giant GIS databases, cities from Boston to San Diego maintain master street maps to guide their transportation and safety decisions. But there's no standard format for that data. Where are the intersections? How long are the curbs? Where's the median? It varies from city to city, and map to map. That's a problem as more private transportation services flood the roads. If a city needs to communicate street closures or parking regulations to Uber drivers, or Google Maps users, or new dockless bike-sharing services-which all use proprietary digital maps of their own-any confusion could mean the difference between smooth traffic and carpocalypse. And, perhaps more importantly, it goes the other way too: Cities struggle to obtain and translate the trip data they get from private companies ( if they can get their hands on it, which isn't always the case) when their map formats don't match up. A team of street-design and transportation-data experts believes it has a solution. On Thursday, the National Association of City Transportation Officials and the nonprofit Open Transport Partnership launched a new open data standard and digital platform for mapping and sharing city streets. It might sound wonky, but the implications are big: SharedStreets brings public agencies, private companies, and civic hackers onto the same page, with the collective goal of creating safer, more efficient, and democratic transportation networks. top

How a fight over Star Wars download codes could reshape copyright law (ArsTechnica, 23 Feb 2018) - A federal judge in California has rejected Disney's effort to stop Redbox from reselling download codes of popular Disney titles like Frozen , Beauty and the Beast , and the latest Star Wars movies. Judge Dean Pregerson's Tuesday ruling invoked the little-used doctrine of copyright misuse, which holds that a copyright holder loses the right to enforce a copyright if the copyright is being abused. Pregerson faulted Disney for tying digital download codes to physical ownership of discs, a practice that he argued ran afoul of copyright's first sale doctrine, which guarantees customers the right to resell used DVDs. If the ruling were upheld on appeal, it would have sweeping implications. It could potentially force Hollywood studios to stop bundling digital download codes with physical DVDs and force video game companies to rethink their own practices. But James Grimmelmann, a copyright scholar at Cornell Law School, is skeptical that the ruling will survive an inevitable appeal from Disney. When you buy a Disney DVD or Blu-ray disc, it will often come bundled with a special code that can be used at one of two Disney-sponsored websites, RedeemDigitalMovies and Disney Movies Anywhere (recently superceded by the multi-studio Movies Anywhere ), to obtain a digital copy that can be viewed on PCs and mobile devices. Disney didn't view the DVD and the download code as two separate products. Instead, Disney views them as a customer convenience-a way to allow a single customer to watch the one movie they've purchased on a wide range of devices. But Redbox had a different interpretation. Redbox is in the business of buying DVDs and renting them out to customers. And it saw an opportunity to make some extra money from Disney's download codes. The company started buying DVD-plus-download-code bundles at ordinary retail locations and breaking the bundles apart. Redbox rented out the DVDs and Blu-Ray discs as it always has. But it also began selling the download codes to customers, allowing them to gain a digital copy of a movie for a fraction of the cost of purchasing a digital download directly from Disney. Disney sued, arguing that Redbox was violating the licensing terms that came with the bundle. The Disney DVDs came bundled with a notice that says "codes are not for sale or transfer." Disney argued that Redbox had to accept this condition in order to open the package and gain access to the download code. [ Polley : I've got a lot of respect for Grimmelmann, and this is a weird case.] top

2nd Circuit contributes to fair use week with an odd and problematic ruling on TVEyes (TechDirt, 2 March 2018) - For years, we've quoted a copyright lawyer/law professor who once noted that the standards for fair use are an almost total crapshoot: nearly any case can have almost any result, depending on the judge (and sometimes jury) in the case. Even though there are "four factors" that must be evaluated, judges will often bend over backwards to twist those four factors to get to their desired result. Some might argue that this is a good thing in giving judges discretion in coming up with the "right" solution. But, it also means that there's little real "guidance" on fair use for people who wish to make use of it. And that's a huge problem, as it discourages and suppresses many innovations that might otherwise be quite useful. Case in point: earlier this week the 2nd Circuit rejected a lower court decision in the Fox News v. TVEyes case. If you don't recall, TVEyes provides a useful media monitoring service that records basically all TV and radio, and makes the collections searchable and accessible. It's a useful tool for other media companies (which want to use clips), for large PR firms tracking mentions, and for a variety of other uses as well. The initial ruling was a big win for fair use (even when done for profit) and against Fox News' assertion of the obsolete doctrine of "Hot News" misappropriation. That was good. However, that initial ruling only covered some aspects of TVEyes' operations -- mainly the searching and indexing. A second ruling was more of a mixed bag , saying that archiving the content was fair use, but allowing downloading the content and "date and time search" (as opposed to content search) was not fair use. Some of this was appealed up to the 2nd circuit -- specifically that second ruling saying parts of the service were not fair use. Thankfully, Fox didn't even bother appealing the "hot news" ruling or the "fair use on index search" ruling. As you'd expect, the court runs through a four factors test, and as noted above, the analysis is... weird. Once again, it seems clear that the court decided Fox should win and then bent its four factors analysis to make that happen. The court separates out TVEyes operations into two things: "Search" and "Watch." Whereas the lower court separated out "Watch" into various components, here the court decides that the entire "Watch" part is not fair use, and thus there's no need to examine the components (the "Search" part remains covered by fair use -- which, again, Fox did not challenge). * * * top


Self-Destruct Apps: Spoliation by Design? (Agnieszka McPeak, U Toledo, 19 Feb 2018) - Abstract: The Federal Rules of Civil Procedure are at risk of being out of sync with current technology trends. Privacy policy in the US and Europe encourages "privacy by design," the idea that privacy-enhancing features should be built into the very design of new technology. Self-destruct apps, like Snapchat, Confide, and Vaporstream, embody privacy by design by offering ephemeral communication tools that mimic live conversation and avoid permanent records. At the same time, the Federal Rules of Civil Procedure contemplate broad access to relevant information, including electronically stored information, and impose potentially serious consequences in litigation when relevant information is not preserved. This essay analyzes the impact self-destruct apps, like Snapchat, will have on civil discovery and explores the tension between privacy policy and preservation duties. It cautions against characterizing self-destruct apps as spoliation by design: onerous or overly expansive preservation duties for self-destructing content are not warranted or desirable. In some contexts, ephemeral messaging may be more akin to live conversation than email, and the Federal Rules need not assume spoliation by their mere use by individuals and businesses. top

A Call To Cyberarms: The International Arbitrator's Duty To Avoid Digital Intrusion (Fordham Int'l Law Journal, 2017) - International commercial arbitration rests on certain fundamental attributes that cut across the different rule sets and cultural and legal systems in which it operates. There is common ground that any international commercial arbitration regime must encompass integrity and fairness, uphold the legitimate expectations of commercial parties, and respect essential elements of due process such as equal treatment of the parties, a fair opportunity for each party to present its case and neutral adjudicatory proceedings, untainted by illegal conduct. The system and its integrity depend substantially on the role of the arbitrator. As Professor Rogers has stated: [T]he authoritative nature of adjudicatory outcomes, as well as their existence within a larger system, imposes on adjudicators an obligation to preserve the integrity and legitimacy of the adjudicatory system in which they operate. Cyberbreaches of the arbitral process, including intrusion into arbitration-related data and transmissions, pose a direct and serious threat to the integrity and legitimacy of the process. This article posits that the arbitrator, as the presiding actor, has an important, front-line duty to avoid intrusion into the process. The focus here on cyberintrusion into the arbitral process does not imply that international arbitration is uniquely vulnerable to data breaches, but only that international arbitration proceedings are not immune to increasingly pervasive cyberattacks against corporations, law firms, government agencies and officials and other custodians of large electronic data sets of sensitive information. Similarly, our focus on the role and responsibilities of the arbitrator should not obscure that cybersecurity is a shared responsibility and that other actors have independent obligations. Arbitrators are not uniquely vulnerable to data breaches and are not guarantors of cybersecurity. In the highly interdependent landscape of international commercial arbitration, data associated with any arbitration matter will only be as secure as the weakest link. Since data security ultimately depends on the responsible conduct and vigilance of individuals, any individual actor can be that weak link, whatever their practice setting, whatever the infrastructure they rely upon, and whatever role they play in an arbitration. * * * [ Polley : Spotted by MIRLN reader Phil Ray @philray66.] top


(note: link-rot has affected about 50% of these original URLs)

Egypt 'to copyright antiquities' (BBC, 25 Dec 2007) - Egypt's MPs are expected to pass a law requiring royalties be paid whenever copies are made of museum pieces or ancient monuments such as the pyramids. Zahi Hawass, who chairs Egypt's Supreme Council of Antiquities, told the BBC the law would apply in all countries. The money was needed to maintain thousands of pharaonic sites, he said. Correspondents say the law will deal a blow to themed resorts across the world where large-scale copies of Egyptian artefacts are a crowd-puller. Mr Hawass said the law would apply to full-scale replicas of any object in any museum in Egypt. "Commercial use" of ancient monuments like the pyramids or the sphinx would also be controlled, he said. "Even if it is for private use, they must have permission from the Egyptian government," he added. But he said the law would not stop local and international artists reproducing monuments as long as they were not exact replicas. top

Laura Berg's letter (New York Times Editorial, 27 April 2008) - The PEN American Center, the literary organization committed to free expression, is honoring an American most people in this country have never read or even heard of: Laura Berg. She is a psychiatric nurse at a Veterans Affairs hospital who was threatened with a sedition investigation after she wrote a letter to the editor denouncing the Bush administration's bungling of Hurricane Katrina and the Iraq war. That's right, sedition: inciting rebellion against the government. We suppose nothing should surprise us in these days of government zealotry. But the horror and the shame of that witch hunt should shock everyone. Ms. Berg identified herself as a V.A. nurse when, soon after Katrina's horrors, she sent her impassioned letter to The Alibi, a paper in Albuquerque. "I am furious with the tragically misplaced priorities and criminal negligence of this government," she wrote. "We need to wake up and get real here, and act forcefully to remove a government administration playing games of smoke and mirrors and vicious deceit." Her superiors at the hospital soon alerted the Federal Bureau of Investigation and impounded her office computer, where she keeps the case files of war-scarred veterans she treats. Then she received an official warning in which a Veterans Affairs investigator intoned that her letter "potentially represents sedition." It took civil rights litigators and Senator Jeff Bingaman of New Mexico to "act forcefully" in reminding the government of the Constitution and her right to free speech. The Department of Veterans Affairs retreated then finally apologized to the shaken Ms. Berg. Even then, she noted, one superior told her it was preferred that she not identify herself as a V.A. nurse in any future letter writing. "And so I am saying I am a V.A. nurse," Ms. Berg soon boomed out in a radio broadcast. "And some of my fire in writing this about Katrina and Iraq is from my experience as a V.A. nurse." Thus declared Ms. Berg, well chosen to receive the new PEN/Katherine Anne Porter First Amendment Award. top

Saturday, February 10, 2018

MIRLN --- 21 Jan - 10 Feb 2018 (v21.02)

MIRLN --- 21 Jan - 10 Feb 2018 (v21.02) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)



The NSA knows who you are just by the sound of your voice-and their tech predates Apple and Amazon (CNBC, 20 Jan 2018) - For technology users who have marveled at the ability of Siri or Alexa to recognize their voice, consider this: The National Security Agency has apparently been way ahead of Apple or Amazon . The agency has at its disposal voice recognition technology that it employs to identify terrorists, government spies, or anyone they choose - with just a phone call, according to a report by T he Intercept . The disclosure was revealed in a recently published article, part of a trove of documents leaked by former NSA contractor Edward Snowden. The publication wrote that by using recorded audio, the NSA is able to create a "voiceprint," or a map of qualities that mark a voice as singular, and identify the person speaking. The documents also suggest the agency is continuously improving its speech recognition capabilities, the publication noted. According to a classified memo obtained by The Intercept , the agency has employed this technology since at least 2006, with the document referencing technology "that identifies people by the sound of their voices." In fact, the NSA used such technology during Operation Iraqi Freedom, when analysts were able to verify audio thought to be of Saddam Hussein speaking. It suggests that national security operatives had access to high-level voice technology long before Amazon, Apple and Google's solutions became cultural touchstones. A "voiceprint" is "a dynamic computer model of the individual's vocal characteristics," the publication explained, created by an algorithm analyzing features like pitch and mouth shape. Then, using the NSA's formidable bank of recorded audio files, the agency is able to match the speaker to an identity. top

From public Wi-Fi to encrypted emails, NY panel probes security of lawyer communications (NY Law Journal, 233 Jan 2018) - What happens when a lawyer connects a laptop containing sensitive client information to a public Wi-Fi network or prints out documents from a hotel printer? Those scenarios could put lawyers-and their clients-at an increased risk for data leaks and hacking, said panelists at a Tuesday discussion at the New York State Bar Association's annual conference in Manhattan. One takeaway from the discussion, which was centered around data security in an attorney's day-to-day-practice and related ethical obligations, is the importance of using an encrypted communication device in transmitting client information. Encryption is often "client dictated," not law firm-driven, said panelist James Bernard , a partner at Stroock & Stroock & Lavan who also serves as general counsel to his firm. Many clients, particularly financial services companies that are concerned about unauthorized access to personally identifiable information in their customer base, will use encrypted email, sometimes exclusively, in communications with law firms, Bernard said. * * * Another panelist, Karen Peters , a former presiding justice of the Appellate Division, Third Department, said an attorney's ethical obligations vary depending on the firm. "Are you talking about a large law firm with hundreds of lawyers that has an international presence? Then I would think their obligation to ensure confidentially to client data is a much higher obligation," said Peters, noting that such a firm's clients have information that hackers are looking to acquire, unlike a small firm in Plattsburgh, New York, handling family law or Surrogate's Court work. top

Your sloppy Bitcoin drug deals will haunt you for years (Wired, 26 Jan 2018) - Perhaps you bought some illegal narcotics on the Silk Road half a decade ago, back when that digital black market for every contraband imaginable was still online and bustling. You might already regret that decision, for any number of reasons. After all, the four bitcoins you spent on that bag of hallucinogenic mushrooms would now be worth about as much as an Alfa Romeo. But one group of researchers wants to remind you of yet another reason to rue that transaction: If you weren't particularly careful in how you spent your cryptocurrency, the evidence of that drug deal may still be hanging around in plain view of law enforcement, even years after the Silk Road was torn off the dark web. Researchers at Qatar University and the country's Hamad Bin Khalifa University earlier this week published findings that show just how easy it may be to dredge up evidence of years-old bitcoin transactions when spenders didn't carefully launder their payments. In well over 100 cases, they could connect someone's bitcoin payment on a dark web site to that person's public account. In more than 20 instances, they say, they could easily link those public accounts to transactions specifically on the Silk Road, finding even some purchasers' specific names and locations. top

ICE is about to start tracking license plates across the US (The Verge, 26 Jan 2018) - The Immigration and Customs Enforcement (ICE) agency has officially gained agency-wide access to a nationwide license plate recognition database, according to a contract finalized earlier this month . The system gives the agency access to billions of license plate records and new powers of real-time location tracking, raising significant concerns from civil libertarians. The source of the data is not named in the contract, but an ICE representative said the data came from Vigilant Solutions, the leading network for license plate recognition data. "Like most other law enforcement agencies, ICE uses information obtained from license plate readers as one tool in support of its investigations," spokesperson Dani Bennett said in a statement. "ICE is not seeking to build a license plate reader database, and will not collect nor contribute any data to a national public or private database through this contract." While it collects few photos itself, Vigilant Solutions has amassed a database of more than 2 billion license plate photos by ingesting data from partners like vehicle repossession agencies and other private groups. Vigilant also partners with local law enforcement agencies , often collecting even more data from camera-equipped police cars. The result is a massive vehicle-tracking network generating as many as 100 million sightings per month, each tagged with a date, time, and GPS coordinates of the sighting. top

First 'Jackpotting' attacks hit US ATMs (Krebs on Security, 27 Jan 2018) - ATM "jackpotting" - a sophisticated crime in which thieves install malicious software and/or hardware at ATMs that forces the machines to spit out huge volumes of cash on demand - has long been a threat for banks in Europe and Asia, yet these attacks somehow have eluded U.S. ATM operators. But all that changed this week after the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United States. To carry out a jackpotting attack, thieves first must gain physical access to the cash machine. From there they can use malware or specialized electronics - often a combination of both - to control the operations of the ATM. The Secret Service alert explains that the attackers typically use an endoscope - a slender, flexible instrument traditionally used in medicine to give physicians a look inside the human body - to locate the internal portion of the cash machine where they can attach a cord that allows them to sync their laptop with the ATM's computer. "Once this is complete, the ATM is controlled by the fraudsters and the ATM will appear Out of Service to potential customers," reads the confidential Secret Service alert. At this point, the crook(s) installing the malware will contact co-conspirators who can remotely control the ATMs and force the machines to dispense cash. "In previous Ploutus.D attacks, the ATM continuously dispensed at a rate of 40 bills every 23 seconds," the alert continues. Once the dispense cycle starts, the only way to stop it is to press cancel on the keypad. Otherwise, the machine is completely emptied of cash, according to the alert. top

Arizona bar accuses libel lawyers of suing fake defendants (Volokh Conspiracy, 29 Jan 2018) - Friday, the Arizona State Bar filed a disciplinary complaint accusing two lawyers of filing libel lawsuits against fake defendants. Why would anyone do such thing, you might ask? How can you get real money (or real compliance with an injunction) from a fake defendant? Well, say you think some people are libeling you online. You try to get them to take down the libelous material, but you can't find them, or they refuse. You try to get the hosting site to delete the material, but it refuses. (Under the federal 47 U.S.C. § 230 statute, such intermediaries can refuse without fear of liability.) So you e-mail Google, and ask it to remove the page from Google's indexes, so that Google users won't see it. "We don't know whether it's actually libelous," Google responds, "and we aren't equipped to figure that out. But tell you what: You get a court order against the author that concludes the material is libelous, and then maybe we'll consider deindexing it." Now you, or the reputation management company you hired, can get a lawyer and bring that lawsuit. Many people do -- but it's time-consuming and very expensive. And maybe you'll lose: Maybe the defendant will defend, and will point out that the statement is just nonactionable opinion, or is factually accurate, or (what often happens) was written long enough ago that the statute of limitations runs. So you might be out the money, and without a remedy. That's where the fake-defendant lawsuits come in. Someone -- the plaintiff, the reputation management company, or the lawyer -- decides to file suit against a nonexistent defendant. The complaint is filed in court together with a stipulation from the "defendant" (actually filed by whoever is engineering this on the plaintiff's behalf) agreeing that the statement was false and defamatory, and agreeing to the entry of an injunction ordering the "defendant" to remove the statement. The court sees what appears to be agreement between the parties, and issues the injunction. In one such case, I saw the injunction issued a blazingly fast four days after the filing. Lovely! The only problem, of course, is that it's a fraud on the court. top

Pentagon reviews GPS policies after soldiers' Strava tracks are seemingly exposed (NPR, 29 Jan 2018) - Locations and activity of U.S. military bases; jogging and patrol routes of American soldiers - experts say those details are among the GPS data shared by the exercise tracking company Strava, whose Heat Map reflects more than a billion exercise activities globally. The Pentagon says it's looking at adding new training and policies to address security concerns. "Recent data releases emphasize the need for situational awareness when members of the military share personal information," Pentagon spokesman Major Adrian J.T. Rankine-Galloway of the U.S. Marine Corps said in a statement about the implications of the Strava data that has made international headlines. Strava - which includes an option for keeping users' workout data private - published the updated Heat Map late last year. The California-based company calls itself "the social network for athletes," saying that its mobile apps and website connect millions of people every day. * * * Describing what he calls "a security nightmare for governments around the world," foreign policy columnist Jeffrey Lewis describes for The Daily Beast about how he used the Strava data to explore a missile command center in Taiwan whose location is meant to be secret. top

UK gov will fine infrastructure firms up to £17m for lax cybersecurity safeguards (The Inquirer, 29 Jan 2018) - The UK government has announced that it will fine critical infrastructure organisations to £17m if they fail to implement appropriate cybersecurity safeguards. UK gov issued the warning over the weekend, telling bosses of energy, transport, water and health firms to boost their cyber security defences or risk being slapped with hefty fines under the incoming Network and Information Systems (NIS) directive . It said that, in the future, a regulator will be able to assess the cybersecurity infrastructure of the country's critical industries to ensure they're as robust "as possible". This regulator will have the power to issue legally-binding instructions to improve security, and - if appropriate - impose financial penalties, the government warned. The system will be aimed at ensuring that UK electricity, transport, water, energy, transport, health and digital infrastructure firms are able to deal with cybersecurity threats. It will cover IT threats including power outages, hardware failures and environmental hazards. Under these measures, cybersecurity breaches and system failures such as WannaCry will fall under the NIS directive. top

The shrinking half-life of knowledge, and what that means for KM (KnoCo, 30 Jan 2018) - When John Browne was CEO at BP, he talked about "the shrinking half-life of ideas". This always struck me as a very interesting concept; one which was fundamental to Browne's approach to corporate KM. I have since found that he was quoting an older idea from 1962 concerning the shrinking half-life of Knowledge, which has now been popularised and explored by Sam Arbesman (see video) among others. The idea of a half-life comes from nuclear physics, and originally applied to the decay of radioactive nucleii. In knowledge terms it refers to the observation that, as this article tells us: "What we think we know changes over time. Things once accepted as true are shown to be plain wrong. .... But what's really interesting is that studies of the frequency of citations of scientific papers show they become obsolete at a predictable rate. Just as with radioactive decay, you can't tell when any one 'fact' will reach its expiry date, but you can predict how long it will take for half the facts in any discipline to do so. In medicine, for example, 'truth' seems to have a 45-year half-life. Some medical schools teach students that, within a few years, half of what they've been taught will be wrong - they just don't know which half. In mathematics, the rate of decay is much slower: very few accepted mathematical proofs get disproved." Not all knowledge has a short half-life - sometimes the knowledge is linked to the technology, and if you are running a nuclear power station using 1960s control software, then the half-life of the knowledge of the software has to exceed the life of the power station. However in most other areas, where knowledge is evolving and changing, and your competitive advantage lies (at least partly) in having the best and most valid knowledge, then hanging on to old knowledge which is past it's half-life can be competitively dangerous. And the faster the speed of change, the shorter the half-life of knowledge and the greater the danger of using obsolete knowledge. Where knowledge has a short half-life, Knowledge Management is not so much about documenting and protecting "what you know", it is about how fast you can know something new, and how easily you can let go of the old. top

Inserting people into porn movies: The First Amendment textbook problem (2005) (Eugene Volokh, 31 Jan 2018) - I added this problem to the second edition of my First Amendment textbook back in 2005, and accounts suggest that it's now quite timely: Within ten or twenty years [of 2005], there will probably be consumer-usable software that can easily overlay people's photographs and voices onto movies that depict someone else. The program would automatically and seamlessly alter multiple scenes in which the character is shown from different angles, with different facial expressions, doing different things. (Of course, one can already do this in some measure with photos, but this hypothetical program would be much more sophisticated.) Naturally, many people, famous or not, will be unhappy knowing that they are depicted without their permission in others' home sex movies. Imagine that Congress therefore decides to prohibit the distribution and use of the computer program that allows such movies to be made. How would such a law be different for First Amendment purposes from normal obscenity legislation? Do you think the law should be upheld (even if that means changing First Amendment law), and on what grounds? If you think the law should be struck down, what about laws that: (1) prohibit the use of the software to make such pornographic movies without the photographed person's consent; (2) prohibit the noncommercial distribution of the movies, whether to a small group of friends or on the Internet, or; (3) prohibit the commercial distribution of the movies? Don't limit yourself to considering whether such laws are constitutional under existing obscenity doctrine. Consider also whether you think there should be an obscenity exception at all, and whether you think it should be broader or narrower than it now is. top

- and -

Personalized fake porn videos are now for sale on Reddit (Motherboard, 6 Feb 2018) - Until last week, people in Reddit's deepfakes community, which creates fake porn videos of celebrities using a machine learning algorithm, have been content to post their work for free, framing it as their hobby. But increasingly, they're taking the opportunity to make a buck off of nonconsenting women's likenesses, by selling face-swapped fake porn creations for cryptocurrency. In the weeks since we first reported on it, the r/deepfakes subreddit-home base for AI-generated fake porn videos, mostly of unconsenting celebrities-has exploded to more than 85,000 subscribers. One of those subreddits, r/deepfakeservice, is dedicated to commissioning deepfake videos from other users. The pinned rules post includes guidelines for formatting requests and service offers: For requests, the seller would ask for a description of the video, price, what they need to work with (images of the celebrity needed to create the fake video), and how much time it will take. Where there's demand, there are people waiting to turn a profit. The subreddit has been up for about a week and has over 200 subscribers and a handful of requests. It raises the question: If trading fake porn videos for free exists in a legal gray area as we've reported , does putting a price tag on these videos change the game? [See also , Reddit bans 'involuntary porn' communities that trade AI-generated celebrity videos (Tech Crunch, 7 Feb 2018)] top

Get to know the city of Detroit's propaganda arm (Metro Times, 31 Jan 2018) - Early this month, in the days after Detroit Mayor Mike Duggan said he'd be moving forward with a plan to require thousands of Detroit businesses to buy into a costly surveillance program intended to reduce crime, a sponsored post that looked favorably upon the program appeared at the top of our Facebook timeline. The linked content - "Inside the Real Time Crime Center, DPD's 24-hour monitoring station" - had all of the trappings of a news story. There was a headline, a byline, a mix of quotes and information. It was published at a site called " ," suggesting it may have been the work of a community news nonprofit. But the story was not journalism. It was written by the Detroit city government - more specifically, its "Storytelling" department. The department created by Duggan last year is believed to be the first of its kind in the nation. Staffed by six people, some of them former journalists, its primary objective is to populate a website and cable channel called "The Neighborhoods," which launched as Duggan was in the midst of a re-election effort that hinged on his ability to thwart perceptions he'd let the city's neighborhoods languish during his first term. The company line at the time was that the site would "give Detroiters and their neighborhoods a stronger voice," filling a void department head and "chief storyteller" Aaron Foley claimed traditional media hadn't. Five months in, the website appears to be fulfilling that mission - in part. The Neighborhoods' story grid is primarily comprised of features on local businesses, notices on city services, and "things-to-do" listicles that include some neighborhood happenings. But the story posted Jan. 10 did not give Detroiters a "stronger voice" - it omitted their voices almost entirely. In covering the controversial and costly Project Green Light surveillance program following word of a possible mandate, the piece did not include the voices of Detroit business owners who might oppose being forced to buy the technology, nor did it provide quotes from any residents concerned about being filmed - it featured only voices from the law enforcement and counterterrorism intelligence communities. To the undiscerning reader, the report may have seemed innocuous. Project Green Light, a program in which businesses pay for cameras that stream video footage directly into Detroit police headquarters, is generally known for helping drive down crime where it's present. The Neighborhoods' story gave readers a glimpse into the Real Time Crime Center where the footage is streamed, and it supplied an anecdote in which police were able to quickly find and arrest a shooting suspect who was caught on tape. The story also did offer a few words about privacy concerns - though only to quickly shoot them down via an officer who said that if people were made to choose between protection and privacy, they'd choose protection. But the program has drawn criticism from the American Civil Liberties Union of Michigan, and business owners have questioned its benefits . Earlier this month we reported that the expensive technology doesn't appear to be helping stop crimes in progress, and that some business owners feel they benefit only from the perks of the system , which include "priority 1" police response times of 14 minutes. "It's more of a 'pay and we'll come or don't pay and we're not coming,'" Billy Jawad, who runs a gas station on 7 Mile and Meyers, told us. The Neighborhoods story overlooked these dynamics, but it also neglected to mention a glaring news peg. Just days earlier, Duggan had said "the votes in council are there" to pass a law that would require any business open past 10 p.m. to buy the technology - at a cost of at least $4,000, plus monthly fees of $140 and up. The proposal, which the city later said would not come for about a year, could impact up to 4,000 businesses , according to Crain's Detroit Business . top

Google Search results to give 'diverse' answers (BBC, 31 Jan 2018) - Google says it will soon alter its Search tool to provide "diverse perspectives" where appropriate. The change will affect the boxed text that often appears at the top of results pages - known as a Snippet - which contains a response sourced from a third-party site. At present, Google provides only a single box but it will sometimes show multiple Snippets in the future. The change could help Google tackle claims it sometimes spreads lies. But one expert warned the move introduced fresh risks of its own. Google introduced Snippets into its search results in 2014, placing the boxed text below paid listings but above other links. The idea is to provide information that users want without them having to click through to another page. Google acknowledged at the time that "fact quality" would vary depending on the request. But it has been accused of providing "shockingly bad" information in some cases. Google offered a less controversial example of a problem, in a blog detailing its new approach. It said that when users asked if reptiles made "good pets" they were given several reasons why the answer was yes, but if they asked if the animals made "bad pets" they were given contradictory advice. It said this happened because its system was designed to favour content that aligned with the posed question, and suggested that offering different viewpoints would therefore be a better option. "There are often legitimate diverse perspectives offered by publishers, and we want to provide users visibility and access into those perspective from multiple sources," wrote Matthew Gray, Google's Snippets chief. top

Opinion warns against judges doing online research on facts related to cases (ABA Journal, Feb 2018) - In Formal Opinion 478 , the ABA Standing Committee on Ethics and Professional Responsibility addresses the restrictions imposed by the 2007 ABA Model Code of Judicial Conduct on a judge searching the internet for information helpful in deciding a case. The ABA opinion concludes that Rule 2.9(C) of the Model Code prohibits a judge from researching adjudicative facts on the internet unless a fact is subject to judicial notice. Rule 2.9(C) clearly and definitively declares that "a judge shall not investigate facts in a matter independently, and shall consider only the evidence presented and any facts that may properly be judicially noticed." Acknowledging the integral part that search engines play in everyday life, Comment 6 to Rule 2.9 bluntly tells judges that the prohibition "extends to information available in all mediums, including electronic." While recognizing that the internet, including social networking sites, provides immediate access to a limitless amount of information potentially useful to a judge laboring over difficult case-specific factual issues, the recent ABA opinion highlights two important justifications for the prohibition against electronic factual research. First, information found on the web may be fleeting, biased, misleading and sometimes downright false. Second, unless the narrow judicial-notice exception applies, gathering even trustworthy information from the internet compromises the division of responsibility between the judge and the parties so essential to the proper functioning of the adversarial system. The committee emphasizes this point by describing the "defining feature" of the judicial role as a judge's duty to base decisions only on evidence presented in court and available to the parties. The limitations on independent factual research by judges are not solely a matter of judicial ethics. Rule 2.9(C) is one of the few provisions of the Model Code that integrates an evidentiary rule into an ethical standard. Rule 2.9(C) permits a judge to consider a fact from sources other than the evidence submitted by the parties as long as the judge abides by his or her jurisdiction's requirements for taking judicial notice of the fact. Incorporating a rule of evidence into an ethical rule complicates the analysis because, as noted by the committee, judicial notice standards and procedures vary significantly from jurisdiction to jurisdiction. To illustrate how Rule 2.9(C) and the doctrine of judicial notice interface, the committee examines Federal Rule of Evidence 201, which governs judicial notice. * * * top

Freedom of the Press Foundation will preserve Gawker's archives (Tech Crunch, 1 Feb 2018) - Gawker's posts will be captured and saved by the non-profit Freedom of the Press Foundation , following a report that venture capitalist Peter Thiel wants to buy its remaining assets, including archived content and domain names. Thiel bankrolled the lawsuit that led to Gawker's bankruptcy and eventual shutdown in 2016. In a blog post , Parker Higgins, the Freedom of the Press Foundation's director of special projects, said it is launching an online archive collection with Archive-It , a service developed by the Internet Archive (the non-profit that runs the Wayback Machine). The archive will focus on preserving the entire sites of "news outlets we deem to be especially vulnerable to the 'billionaire problem,'" Higgins wrote. Higgins wrote that by archiving news sites, the Freedom of the Press Foundation "seek[s] to reduce the 'upside' for wealthy individuals and organizations who would eliminate embarrassing or unflattering coverage by purchasing outlets outright. In other words, we hope that sites that can't simply be made to disappear will show some immunity to the billionaire problem." Archive-It takes screenshots of webpages at specific times and is used by universities, libraries, museums and other organizations to preserve sites they consider important historic documents. For example, UCLA used it to archive sites related to the Occupy Wall Street protests , while the Internet Archive made a collection of sites, news coverage, blog entries and documents about the Wikileaks releases . The Freedom of the Press Foundation has already used Archive-It to capture the LA Weekly after it was acquired by Semenal Media , which originally tried to keep the identity of its owners secret, and then fired most of the newspaper's editorial staff . Preserved content from Gawker will appear in the Freedom of the Press Foundation's collection, as well as on the Wayback Machine. [ See also, Archiving the alternative press threatened by wealthy buyers (Freedom of the Press Foundation, 31 Jan 2018)] top

A cybersecurity tip sheet for U.S. campaign officials is gaining traction, usage in field (CyberScoop, 1 Feb 2018) - A prominent nonprofit research organization has begun distributing tip sheets to campaign officials in an effort to safeguard the 2018 midterm elections from hackers. Alison Lundergan, Kentucky's secretary of state, and Mac Warner, West Virginia's secretary of state, are now sharing the " Cybersecurity Campaign Playbook " with candidates seeking office in their states. Kentucky and West Virginia represent the first two states in the country to distribute and leverage these guidelines. The playbook was created by Defending Digital Democracy (DDD) - a bipartisan initiative focused on providing tools and strategies to protect the democratic process from cyberattacks. The initiative was launched last summer at the Belfer Center for Science and International Affairs at Harvard Kennedy School. It is led by two former campaign managers who were involved in leading failed presidential campaigns for 2016 democratic candidate Hillary Clinton and 2012 republican candidate Mitt Romney, respectively. The DDD playbook is intended for campaigns that don't have the means to hire professional cybersecurity staff. The recommendations are supposed to be easily digestible for people without technical training. The document was created with the goal of providing political campaigns, candidates and their staff with the basic information to prevent digital attacks. It will be used to "provide campaign operatives with bipartisan and commonsense steps on cybersecurity," Colin Reed, senior vice presidents of public affairs at DDD told CyberScoop. top

3 million Americans live in higher education deserts (InsideHigherEd, 2 Feb 2018) - Roughly three million Americans live more than 25 miles from a broad-access public college and do not have the sort of high-speed internet connection necessary for online college programs, according to a report from the Urban Institute's education policy program. The institute used data from the U.S. Department of Education and the Federal Communications Commission to identify these education "deserts," cross-referencing that information with data from the Census Bureau to determine who lives in them. The report found that 17.6 million adults live in a physical higher education desert, with 3.1 million (1.3 percent of adults in the U.S.) lacking access to online and physical college programs. The report also tracked the demographics of people who live in education deserts. "This study demonstrates what many Native Americans, rural Americans and other Americans living in education deserts already know: the internet has not untethered all of us from our geographic locations," said the report. "As long as broadband access depends on geography, place still plays an important role in access to higher education." top

NIST issues "Blockchain Technology Overview" (Ride The Lightning, 5 Feb 2018) - The National Institute of Standards and Technology (NIST) has issued a report titled " Blockchain Technology Overview ." The report is intended to provide a high-level technical overview and discusses the application of blockchain technology to electronic currency in depth as well as broader applications. "We want to help people understand how blockchains work so that they can appropriately and usefully apply them to technology problems," said NIST computer scientist Dylan Yaga, who is one of the authors of the report. "It's an introduction to the things you should understand and think about if you want to use blockchain." According to Yaga, blockchain technology is a powerful new paradigm for business. "Because the market is growing so rapidly, several stakeholders, customers and agencies asked NIST to create a straightforward description of blockchain so that newcomers to the marketplace could enter with the same knowledge about the technology," according to the NIST press release. The NIST draft report is open to public comments from January 24 to February 23, 2018. top

Businesses with Apple and Cisco products may now pay less for cybersecurity insurance (Tech Crunch, 5 Feb 2018) - Apple and Cisco announced this morning a new deal with insurer Allianz that will allow businesses with their technology products to receive better terms on their cyber insurance coverage, including lower deductibles - or even no deductibles, in some cases. Allianz said it made the decision to offer these better terms after evaluating the technical foundation of Apple and Cisco's products, like Cisco's Ransomware Defense and Apple's iPhone, iPad and Mac. Allianz found Apple and Cisco's products offered businesses a "superior level of security," Apple said in its own announcement about the new deal. The new cyber security insurance solution will involve Aon's cyber security professionals assessing potential customers' current cyber security situation and recommendations on how to improve their defenses. And participating organizations will have access to Cisco and Aon's Incident Response teams in the event of a malware attack. top

An 'iceberg' of unseen crimes: Many cyber offenses go unreported (NYT, 5 Feb 2018) - Utah's chief law enforcement officer was deep in the fight against opioids when he realized that a lack of data on internet sales of fentanyl was hindering investigations. So the officer, Keith D. Squires, the state's public safety commissioner, created a team of analysts to track and chronicle online distribution patterns of the drug. In Philadelphia, hidebound ways of confronting iPhone thefts let thrive illicit networks to distribute stolen cellphones. Detectives treated each robbery as an unrelated street crime - known as "apple picking" - rather than a vast scheme with connected channels used by thieves to sell the stolen phones. And in Nashville, investigators had no meaningful statistics on a nasty new swindle of the digital age: the "cheating husband" email scheme. In it, anonymous extortionists mass-email large numbers of men, threatening to unmask their infidelities. The extortionists have no idea if the men have done anything wrong, but enough of them are guilty, it turns out, that some pay up, sometimes with Bitcoin. Each case demonstrates how the tools used to fight crime and measure crime trends in the United States are outdated. Even as certain kinds of crimes are declining, others are increasing - yet because so many occur online and have no geographic borders, local police departments face new challenges not only fighting them, but also keeping track of them. Politicians often promote crime declines without acknowledging the rise of new cybercrimes. Many of the offenses are not even counted when major crimes around the nation are tallied. Among them: identity theft; sexual exploitation; ransomware attacks ; fentanyl purchases over the dark web; human trafficking for sex or labor; revenge porn; credit card fraud; child exploitation; and gift or credit card schemes that gangs use to raise cash for their traditional operations or vendettas. In a sense, technology has created an extraordinary moment for industrious criminals, increasing profits without the risk of street violence. Digital villainy can be launched from faraway states, or countries, eliminating physical threats the police traditionally confront. Cyberperpetrators remain unknown. Law enforcement officials, meanwhile, ask themselves: Who owns their crimes? Who must investigate them? What are the specific violations? Who are the victims? How can we prevent it? top

The NYT debuts its first augmented reality-enhanced story on iOS (Tech Crunch, 6 Feb 2018) - Apple's investment in AR technologies has been ushering in a new wave of apps , from those that let you perform more practical tasks - like visualizing furniture placement in rooms - to those with mass consumer appeal - like AR gaming, including Niantic's upcoming Harry Potter: Wizards Unite . But AR can also be used to create unique experiences within more traditional apps, too, as The New York Times is showcasing with today's launch of its first-ever AR experiment for storytelling . In The NYT's iOS app for iPhone and iPad, the company is debuting its first AR-enabled article, offering a preview of the Winter Olympics . The article focuses on top Olympic athletes, including figure skater Nathan Chen, snowboarder Anna Gasser, short track speed skater J.R. Celski, and hockey goalie Alex Rigsby. In the app, NYT readers can view the athletes appear in the room beside them, zoom in and out, and walk around in 360 degrees to see them from every side. This lets you get up close and personal with the Olympians, where you're able to see things like how high Chen's skates are off the ice when performing a jump, the offset of Celski's skates, or how far open Alex Rigsby's glove is when making a save. * * * [ Polley : quite impressive - the athletes appear in high-def, right in the middle of my living room; they're frozen in time, and I can walk entirely around them, and approach/back-away to see more detail, close-up. Impressive.] top

An AI that reads privacy policies so that you don't have to (Wired, 9 Feb 2018) - You don't read privacy policies. And of course, that's because they're not actually written for you, or any of the other billions of people who click to agree to their inscrutable legalese. Instead, like bad poetry and teenagers' diaries, those millions upon millions of words are produced for the benefit of their authors, not readers-the lawyers who wrote those get-out clauses to protect their Silicon Valley employers. But one group of academics has proposed a way to make those virtually illegible privacy policies into the actual tool of consumer protection they pretend to be: an artificial intelligence that's fluent in fine print. Today, researchers at Switzerland's Federal Institute of Technology at Lausanne (EPFL), the University of Wisconsin and the University of Michigan announced the release of Polisis -short for "privacy policy analysis"-a new website and browser extension that uses their machine-learning-trained app to automatically read and make sense of any online service's privacy policy , so you don't have to. In about 30 seconds, Polisis can read a privacy policy it's never seen before and extract a readable summary, displayed in a graphic flow chart, of what kind of data a service collects, where that data could be sent, and whether a user can opt out of that collection or sharing. Polisis' creators have also built a chat interface they call Pribot that's designed to answer questions about any privacy policy, intended as a sort of privacy-focused paralegal advisor. Together, the researchers hope those tools can unlock the secrets of how tech firms use your data that have long been hidden in plain sight. "What if we visualize what's in the policy for the user?" asks Hamza Harkous, an EPFL researcher who led the work, describing the thoughts that led the group to their work on Polisis and Pribot. "Not to give every piece of the policy, but just the interesting stuff... What if we turned privacy policies into a conversation?" Plug in the website for Pokemon Go, for instance, and Polisis will immediately find its privacy policy and show you the vast panoply of information that the game collects, from IP addresses and device IDs to location and demographics, as well as how those data sources are split between advertising, marketing, and use by the game itself. It also shows that only a small sliver of that data is subject to a clear opt-in consent. (See how Polisis lays out those data flows in the chart below.) Feed it the website for DNA analysis app Helix, and Polisis shows that health and demographic information is collected for analytics and basic services, but, reassuringly, none of it is used for advertising and marketing, and most of the sensitive data collection is opt-in. top


SEC Cybersecurity Guidelines: Insights Into the Utility of Risk Factor Disclosures for Investors (ABA Business Law Section, Jan 2018) - In October 2011, the SEC issued new guidelines for disclosure of cybersecurity risks. Some firms responded to these guidelines by issuing new risk factor disclosures. This article examines the guidelines and cybersecurity disclosures in the context of existing laws governing securities regulation. It then examines empirical results from firm disclosures following the new guidelines. Evidence shows a relatively small proportion of firms chose to modify their risk factor disclosures, with most firms choosing not to disclose any specific cybersecurity risk. Moreover, disclosing firms generally experienced significant negative stock market price effects on account of making new disclosures. Rather than viewing disclosure as a positive signal of management attentiveness, investors apparently viewed it as a cautionary sign. top

The Cyberlaw Guide to Protest Art: Roadmap (Harvard Berkman/Klein, 22 Jan 2018) - Art plays a significant role in American democracy. Across the political spectrum, protest art - posters, songs, poems, memes, and more -inspires us, gives us a sense of community, and provides insight into how others think and feel about important and often controversial issues. While protest art has been part of our culture for a very long time, the Internet and social media have changed the available media and the visibility of protest artists. Digital technologies make it easy to find existing works and incorporate them into your own, and art that goes viral online spreads faster than was ever possible in the analog world. Many artists find the law that governs all of this unclear in the physical world, and even murkier online. The authors of this guide are a collection of lawyers and creative folks. We have seen how the law can undermine artists, writers, and musicians when they're caught unaware, and distract them from the work they want to do. But we've also observed how savvy creators use the law to enhance their work and broaden their audiences. This guide is intended to ensure that you, the reader, can be one of the savvy ones. top


(note: link-rot has affected about 50% of these original URLs)

Sharper aerial pictures spark privacy fears (The Guardian, 24 Jan 2008) - If you were up to no good in the London open air last winter, start working up excuses: you might be on the web. This week, a company launches an online map of central London which includes aerial photography at four times the resolution of existing online maps: the equivalent of looking down from the 10th floor. The map, from, publishes aerial photography at a resolution of 4cm for London and 12.5cm for the rest of the UK. In the right conditions, images at this resolution are enough to identify individuals - a step that existing online mapping ventures such as Google Earth and Microsoft's Virtual Earth have so far been careful to avoid. Alastair Crawford, 192's chief executive, makes no apologies for the possibilities: "We're considering holding a competition. We want to challenge people to find out how much naughty stuff is happening. If you're having an affair in London, you'd better be careful!" The mapping venture is likely to heat up the debate about the extent to which information about individuals is available on the web - especially as, which specialises in providing data about individuals gleaned from official sources has announced plans to attach estimated ages to every person in its database of 27 million Britons. top

GOP halts effort to retrieve White House e-mails (Washington Post, 27 Feb 2008) - After promising last year to search its computers for tens of thousands of e-mails sent by White House officials, the Republican National Committee has informed a House committee that it no longer plans to retrieve the communications by restoring computer backup tapes, the panel's chairman said yesterday. The move increases the likelihood that an untold number of RNC e-mails dealing with official White House business during the first term of the Bush administration - including many sent or received by former presidential adviser Karl Rove - will never be recovered, said House Democrats and public records advocates. The RNC had previously told the House Oversight and Government Reform Committee that it was attempting to restore e-mails from 2001 to 2003, when the RNC had a policy of purging all e-mails, including those to and from White House officials, after 30 days. But Chairman Henry A. Waxman (D-Calif.) disclosed during a hearing yesterday that the RNC has now said it "has no intention of trying to restore the missing White House e-mails." "The result is a potentially enormous gap in the historical record," Waxman said, including the buildup to the Iraq war. Spokesman Danny Diaz said in a statement that the RNC "is fully compliant with the spirit and letter of the law." He declined further comment. top


MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at . Get supplemental information through Twitter: #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Klein Center for Internet & Society at Harvard Law School,

2. InsideHigherEd -

3. SANS Newsbites,

4. Aon's Technology & Professional Risks Newsletter

5. Crypto-Gram,

6. Eric Goldman's Technology and Marketing Law Blog,

7. The Benton Foundation's Communications Headlines

8. Gate15 Situational Update Notifications,

9. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top