Saturday, July 15, 2017

MIRLN --- 25 June - 15 July 2017 (v20.10)

MIRLN --- 25 June - 15 July 2017 (v20.10) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | DIFFERENT | LOOKING BACK | NOTES

US Government wants to permanently legalize the right to repair (Motherboard, 22 June 2017) - In one of the biggest wins for the right to repair movement yet, the US Copyright Office suggested Thursday that the US government should take actions to make it legal to repair anything you own, forever-even if it requires hacking into the product's software. Manufacturers-including John Deere, Ford, various printer companies, and a host of consumer electronics companies-have argued that it should be illegal to bypass the software locks that they put into their products, claiming that such circumvention violated copyright law. This means that for the last several years, consumer rights groups have had to repeatedly engage in an "exemption" process to Section 1201 of the Digital Millennium Copyright Act. Essentially, the Librarian of Congress decides which circumventions of copyright should be lawful-for example, unlocking your cell phone or hacking your tractor to be able to repair the transmission. But these exemptions expire every three years, and require going through a protracted legal process to earn. Additionally, a separate exemption is required for each product category-right now it's legal to hack software to repair a car, but not to repair a video game console. top

Under pressure, Western tech firms bow to Russian demands to share cyber secrets (Reuters , 23 June 2017) - Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found. Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country. The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any "backdoors" that would allow them to burrow into Russian systems. But those inspections also provide the Russians an opportunity to find vulnerabilities in the products' source code - instructions that control the basic operations of computer equipment - current and former U.S. officials and security experts said. top

Police get broad phone and computer hacking powers in Germany (ZDnet, 23 June 2017) - Germany's coalition government has significantly increased police hacking powers by slipping a last-minute amendment into a law that's nominally supposed to deal with driving bans. While the police have so far only been allowed to hack into people's phones and computers in extreme cases, such as those involving terrorist plots, the change allows them to use such techniques when investigating dozens of less serious offences. In Germany, the authorities' hacking tools are widely known as Staatstrojanern , or state trojans. This term essentially refers to malware that the police can use to infect targets' devices, to give them the access they need to monitor communications and conduct searches. The types of crime where investigators can now use this malware are all of the variety where existing law would allow them to tap a suspect's phone. These range from murder and handling stolen goods to computer fraud and tax evasion. According to the government, the spread of encrypted communications makes traditional wiretapping impossible, so the authorities need to be able to bypass encryption by directly hacking into the communications device. top

U.S. cyber insurance continues to grow, according to Fitch Ratings (Property Casualty 360, 23 June 2017) - Cyber insurance direct written premium volume for the property & casualty (P&C) industry grew by 35% in 2016 to $1.35 billion, according to "Cyber Insurance Market Share and Performance," a new report from Fitch Ratings . "Take-up rates for cyber insurance are increasing with frequent reports of computer hacking incidents, including: network intrusions and data theft, as well as high-profile ransomware attacks that are leading corporations to search for broader insurance protection against cyber threats," said Jim Auden, managing director, Fitch Ratings. The largest cyber insurance writers are American International Group, Inc., XL Group Ltd, and Chubb Limited. These companies had a combined market share of approximately 40% at year-end 2016. The top 15 writers of cyber held approximately 83% of the market in 2016. However, over 130 distinct insurance organizations reported writing cyber premiums for the year. The industry statutory direct loss ratio for stand-alone cyber insurance improved in 2016 to 45% from 50% a year earlier. However, the ultimate profitability of the P&C industry's cyber insurance efforts will take some time to assess as the market matures and future cyber-related loss events emerge. top

Regulators enlist corporate lawyers in joint response to cyberattacks (ABA Journal, 26 June 2017) - Responding quickly to an identity theft, ransomware or other computer attack means having a plan in place. And as participants in the National Institute on Cybersecurity Law learned, that includes a plan to send in the feds. "Figure out if you have to report that breach to my office or other regulators, state and federal," was the advice from Iliana Peters, who's responsible for health care data privacy at the U.S. Department of Health and Human Services. Peters was on a panel of six current and former regulators assembled by the ABA Section of Litigation on Thursday in Chicago. "We want to be sure that entities are prepared to implement these kind of response plans," Peters said. "As it's happening is not the time to be doing that, to be figuring out how you're going to respond." Reporting an incident can bring in experts to evict cyber squatters, said Lucia Ziobro, the head of an FBI internet crime unit. One company's general counsel turned FBI agents away after a security breach, she recalled. For the next week, the lawyer traded messages online with the chief executive and technology executives about what to do next. Meanwhile, hackers monitored the discussion, and covered their tracks. When the feds returned, Ziobro said, "all the evidence we could have collected was gone." Regulators, for their part, are more focused on prevention than prosecution. But they don't like surprises. "If we see a news report and we don't have a breach report from you, it is very likely that we will open an investigation proactively," Peters said. Travis LeBlanc, a former chief enforcer for the Federal Communications Commission and the high-tech crime unit of the California Attorney General's Office , stressed that there's little downside to calling in federal or state regulators, who are constrained by law in what information they can share. "So often we hear from companies that they are afraid to report to the FBI or to the Secret Service or the eCrime unit in California," LeBlanc said. "Not one time did we ever on the civil side receive information about a criminal incident from a criminal law authority that resulted in an investigation. "It's very important that when a company is a victim of a crime, it should feel that it can go to the appropriate governmental authority without being chilled by the possibility of regulatory action." top

Detecting riots with Twitter (Cardiff Univ, 26 June 2017) - Social media can be an invaluable source of information for police when managing major disruptive events, new research from Cardiff University has shown. An analysis of data taken from the London riots in 2011 showed that computer systems could automatically scan through Twitter and detect serious incidents, such as shops being broken in to and cars being set alight, before they were reported to the Metropolitan Police Service. The computer system could also discern information about where the riots were rumoured to take place and where groups of youths were gathering. The new research, published in the peer-review journal ACM Transactions on Internet Technology, showed that on average the computer systems could pick up on disruptive events several minutes before officials and over an hour in some cases. * * * The researchers used a series of machine-learning algorithms to analyse each of the tweets from the dataset, taking into account a number of key features such as the time they were posted, the location where they were posted and the content of the tweet itself. Results showed that the machine-learning algorithms were quicker than police sources in all but two of the disruptive events reported. top

Defense contractors will be held to higher cyber standards (GoveconWire, 26 June 2017) - Defense contractors will soon be held to the same cybersecurity standards that the Defense Department has implemented in recent years, according to a top IT official at the Pentagon. "The cyberthreat is not going away; we have to defend our networks and systems, and you're part of that defense," acting DOD CIO John Zangardi said Friday. "DOD is facing the same threats that you are. And with these regulations, we are asking to implement some of the same defenses as we are implementing for the department's networks." Reporting," a new DOD regulation, will go into effect for how contractors respond to and report cyber incidents., and defense contractors have until the end of calendar year 2017 to begin complying. top

- and -

The Pentagon says it will start encrypting soldiers' emails next year (Motherboard, 6 July 2017) - For years, major online email providers such as Google and Microsoft have used encryption to protect your emails as they travel across the internet. That technology, technically known as STARTTLS , isn't a cutting edge development-it's been around since 2002. But since that time the Pentagon never implemented it. As a Motherboard investigation revealed in 2015 , the lack of encryption potentially left some soldiers' emails open to being intercepted by enemies as they travel across the internet. The US military uses its own internal service, mail.mil , which is hosted on the cloud for 4.5 million users. But now the Defense Information Systems Agency or DISA, the Pentagon's branch that oversees email, says it will finally start using STARTTLS within the year, according to a letter from DISA. top

DLA Piper hit by cyber attack, phones and computers down across the firm (Law.com, 27 June 2017) - DLA Piper has been hit by a major cyber attack, which has knocked out phones and computers across the firm. The shutdown appears to have been caused by a ransomware attack, similar to the WannaCry attack that hit organizations such as the NHS last month. DLA's phone system has not been working for much of the day and partners say they have been instructed to turn off their computers as a precaution. Offices in the UK, Europe, the Middle East and the US called by Legal Week all seem to have been affected, with some inside the firm saying email and phone systems have been affected with other systems then locked down as a precaution. top

- and -

66% of US law firms reported a breach in 2016 (HelpNetSecurity, 6 July 2017) - The majority of US-based law firms are not only exposed in a wide variety of areas, but in many cases, unaware of intrusion attempts. These findings were based on Logicforce survey data from over 200 law firms, anonymous system monitoring data and results from their on-site assessments. Approximately 40% of law firms in the study underwent at least one client data security audit, and Logicforce predicts this will rise to 60% by the end of 2018. Key findings: (1) An average of 10,000 intrusions occur every day at law firms; (2) Both large and small firms are equally at risk of being hacked; (3) 95% of assessed law firms were not compliant with their own data security policies and 100% were not compliant with those of their clients; and (4) 40% of firms were breached without knowing it in 2016. top

Digital field trip (InsideHigherEd, 28 June 2017) - For the 24 students in Virginia Miller's Principles of Chemistry 1 class at Montgomery College last fall, almost every lesson featured a "trip" to a world-class museum. Miller transformed her traditional, face-to-face course through the use of an expansive digital collection from the Smithsonian Institution in Washington, D.C. "It almost looks like a digital museum exhibit," the associate professor said of the five "collections" of chemistry-related space imagery that she curated from Smithsonian's online archives and turned into homework assignments for her students. "These objects jump out at you. You think, 'Let me click on this; this looks worth exploring.' … [Students] enjoyed the visual nature of it." Miller is one of approximately a dozen faculty members and instructors from the suburban Washington, D.C. community college who are using the Smithsonian's 19-month-old digital Learning Lab to enhance classes they have taught, lecture- or lab-style, for years. The lab features exhibits, documents, videos, blogs, podcasts and photographs from the Smithsonian's collections. Miller and her colleagues, who are participating in beta testing of the Learning Lab along with a group of high school teachers, teach science, math, nutrition, journalism, art history, music, mythology, developmental English and other subjects. They were tasked with centering at least one assignment on Smithsonian research or exhibits available through the digital lab relevant to classroom lessons. top

Google's DeepMind and UK hospitals made illegal deal for health data, says watchdog (The Verge, 3 July 2017) - A deal between UK hospitals and Google's AI subsidiary DeepMind "failed to comply with data protection law," according to the UK's data watchdog. The Information Commissioner's Office (ICO) made its ruling today after a year-long investigation into the agreement, which saw DeepMind process 1.6 million patient records belonging to UK citizens for the Royal Free Trust - a group of three London hospitals. The deal was originally struck in 2015, and has since been superseded by a new agreement. At the time, DeepMind and the Royal Free said the data was being shared to develop an app named Streams, which would alert doctors if patients were at risk from a condition called acute kidney injury. An investigation by the New Scientist revealed that the terms of the agreement were more broad than hand been originally implied. DeepMind has since made new deals to deploy Streams in other UK hospitals. top

Supreme Court unanimously overturns North Carolina's ban on social-media use by sex offenders (David Post/WaPo, 3 July 2017) - A few weeks ago, the Supreme Court released its opinion in Packingham v. North Carolina , holding 8-0 that a North Carolina law prohibiting previously convicted sex offenders from accessing or using "social networking" websites violates the First Amendment. The law in question made it a felony for a registered sex offender "to access a commercial social networking Web site* where the sex offender knows that the site permits minor children to become members or to create or maintain personal Web pages." The statute was purportedly designed to prevent ex-offenders from "gathering information about minors on the Internet" and using that information to make inappropriate or unlawful contact with them. All eight Justices agreed (with us) that the statute was not sufficiently "narrowly tailored" to serve that purpose. It wasn't even a close call. The court (Justice Anthony M. Kennedy writing for himself and Justices Ruth Bader Ginsburg, Stephen G. Breyer, Elena Kagan and Sonia Sotomayor, with Justice Samuel A. Alito Jr. concurring joined by Chief Justice John G. Roberts Jr. and Justice Clarence Thomas) described the statutory prohibition as "unprecedented in the scope of First Amendment speech it burdens.": [S]ocial media users employ these websites to engage in a wide array of protected First Amendment activity on topics "as diverse as human thought." … Social media allows users to gain access to information and communicate with one another about it on any subject that might come to mind. By prohibiting sex offenders from using those websites, North Carolina with one broad stroke bars access to what for many are the principal sources for knowing current events, checking ads for employment, speaking and listening in the modern public square, and otherwise exploring the vast realms of human thought and knowledge. These websites can provide perhaps the most powerful mechanisms available to a private citizen to make his or her voice heard. They allow a person with an Internet connection to "become a town crier with a voice that resonates farther than it could from any soapbox." … [T]o foreclose access to social media altogether is to prevent the user from engaging in the legitimate exercise of First Amendment rights. [ Polley : Sweeping and important language.] top

Veterans get a legal checkup with new online tool (Law.com, 5 July 2017) - "Checkups" are obviously common in health care, but the idea of doing a preventive screening for potential issues has applications in law as well, especially in access to justice efforts. A new legal "checkup" tool for veterans, a collaborative project between the American Bar Association (ABA), legal insurance group ARAG Legal and legal innovation group CuroLegal, aims to help veterans "check up" some of the legal issues they may be facing. Nicole Bradick, chief strategy officer at CuroLegal, said the tool, called Veterans Legal Checkup , was designed in alignment with current ABA president Linda Klein's institution of the ABA Veterans Legal Services Initiative. The tool, as its name plainly suggests, is designed for veterans, but Bradick explained that it looks at a few different service areas in particular. "We spoke with a lot of veterans' legal experts, and they highlighted employment, family law and housing as the three biggies," Bradick said. Accordingly, the tool's questionnaire steps users through questions that could bring to light issues veterans face in these areas, like eviction, emergency housing, fair pay, and spousal support. Veterans Legal Checkup is essentially a guided interview; users who access the tool are taken through a number of potential legal issues one question at a time to see if they may have an outstanding legal matter. If the tool can identify a potential claim, it provides a step-by-step walkthrough of the actions users can take to remedy the matter, including useful resources on how to prepare documents and scaffolding for what to say if you call a local legal aid organization. If the tool is unable to identify a particular legal concern, it provides some contact information for a local legal aid agency, paired for some suggestions for what to say when you call. * * * top

Wall Street Journal shuts down its law blog (Bob Ambrogi, 5 July 2017) - Sad news in the legal blogging world, as the Wall Street Journal on Monday shut down its Law Blog , which has regularly covered and broke legal news since its launch in 2006. The closing came as part of the news organization's shut down of eight blogs on Monday covering a range of topics, according to the NiemanLab . top

Why all federal agencies should break and inspect secure traffic (NextGov, 5 July 2017) - The data breach that rocked the Office of Personnel Management in 2015 resulted in the theft of an estimated 21.5 million records, including personally identifiable information such as Social Security numbers, names, dates, places of birth, addresses, fingerprint images and background check data. It's billed as the cyberattack that shocked the U.S. government , and it was discovered when a security engineer decrypted and inspected a portion of the SSL traffic that traverses the agency's network and noticed some odd outbound traffic. Hackers had used SSL encryption to shield their activity and to cloak a piece of malware designed to give them access to the agency's servers. They used that malware to steal mountains of data. Had that engineer not decrypted and inspected the network's SSL traffic, that malware may have continued to go unnoticed, making the already monstrous breach more catastrophic. As evidenced by the OPM data breach, one attack method modern hackers use to infiltrate federal networks is encrypted streams. Essentially, they use secure, encrypted traffic to obfuscate malware. Advanced adversaries don't want to something that jumps out at security engineers. There are no shiny, blinking lights that say they're performing a malicious activity. They want to hide among the noise and use SSL encryption for camouflage. SSL traffic has become the largest network blind spot for government and federal agencies. A Ponemon Institute survey titled "Hidden Threats in Encrypted Traffic" found 50 percent of malware attacks are expected to be delivered via encrypted channels and 80 percent of organizations are not inspecting their SSL traffic. And of the public-sector respondents indicating they had been attacked, 43 percent of those attacks are believed to have used encryption to evade detection. top

- but -

As elites switch to texting, watchdogs fear loss of transparency (NYT, 6 July 2017) - Secure messaging apps like WhatsApp, Signal and Confide are making inroads among lawmakers, corporate executives and other prominent communicators. Spooked by surveillance and wary of being exposed by hackers, they are switching from phone calls and emails to apps that allow them to send encrypted and self-destructing texts. These apps have obvious benefits, but their use is causing problems in heavily regulated industries, where careful record-keeping is standard procedure. "By and large, email is still used for formal conversations," said Juleanna Glover, a corporate consultant based in Washington. "But for quick shots, texting is the medium of choice." Texting apps are already creating headaches on Wall Street, where financial regulations require firms to preserve emails, instant messages and other business-related correspondence. * * * For now, America's elites seem to be using secure apps mostly for one-on-one conversations, but the days of governance by group text might not be far-off. Last year, a group affiliated with Britain's Conservative Party was discovered to be using a secret WhatsApp conversation to coordinate a pro-"Brexit" messaging campaign, while a separate WhatsApp group was being used by politicians backing the Remain effort. Steve Baker, the Conservative member of Parliament who led the pro-"Brexit" group, told The Telegraph that WhatsApp was "extremely effective" as a tool for political coordination. top

BakerHostetler forms swat team to help clients deal with active ransomware attacks (Ride the Lightning, 10 July 2017) - I am not usually interested in the semi-spammy press releases that flood my Inbox, but one did catch my attention, announcing that BakerHostetler, in the wake of the NotPetya and WannaCry assaults, has established a SWAT team to help clients deal with active ransomware attacks. According to the release, this team is different from a typical incident response team. The SWAT team is comprised of members of several practice groups which have handled thousands of cybersecurity incidents, including hundreds of ransomware matters over the last few years. SWAT Team members address issues that go along with ransomware attacks - like whether or not to pay ransom and how, preserving crucial evidence when systems are down, engagement of law enforcement at the highest levels for support, establishing compliant offline communications because systems are down, leveraging downtime processes from business continuity plans and disaster recovery plans, working with company Boards to remain focused on restoration of services and legal obligations, and developing communications for internal and external parties. I suspect other law firms are forming similar teams - for a need that is now very pressing and didn't exist at all several years ago. Like one of my labs sniffing the air for interesting scents, the firm made a smart move by scanning the horizon for a new legal services opportunity. And that is an essential part of future-proofing firms and keeping legal services relevant. top

NYU releases the largest LiDAR dataset ever to help urban development (TechCrunch, 12 July 2017) - New York University has made available the largest public LiDAR data set ever collected, via its Center for Urban Science and Progress. The laser scanned data, collected using aerial LiDAR instruments, is about 30 times as dense as a typical data set at a resolution of around 300 points per square meter, and covers a 1.5km square region of Dublin's city center. The data was collected by Professor Debra F. Laefer and her NYU CUSP research team, and includes both a top-down view of the roofs and distribution of buildings, as well as info about their vertical surfaces, making it possible to build 3D models of the urban landscape with detail around building measurements, tress, power lines and poles and even curb height, CUSP says. Open access to this scale and quality of data has big implications for researchers working on urban planning and development, and for engineering teams tackling everything from autonomous vehicles, to drone fleet operation, to infectious disease transmission tracking and more. It's something that would understandably be of use if captured for other cities, too - and that's exactly what CUSP hopes to do, with discussions underway to tackle New York City with a similar data imaging project next. If you think you can do something cool with the dataset, go ahead and grab it here - complete with both LiDAR info and related imagery . top

Six major US airports now scan Americans' faces when they leave country (ArsTechnica, 12 July 2017) - The Department of Homeland Security has been pushing a plan that if enacted would require all Americans submit to a facial-recognition scan when departing the country. This step would be a way to expand a 2004 biometric-tracking law meant to target foreigners. According to the Associated Press, which first reported the plan on Wednesday, facial-scanning pilot programs are already underway at six American airports-Boston, Chicago, Houston, Atlanta, New York City, and Washington DC. More are set to expand next year. In a recent privacy assessment, DHS noted that the "only way for an individual to ensure he or she is not subject to collection of biometric information when traveling internationally is to refrain from traveling." In recent years, facial recognition has become more common amongst federal and local law enforcement: a 2016 Georgetown study found that half of adult Americans are already in such biometric databases. "Americans expect when they fly overseas that their luggage is going to be looked into," Harrison Rudolph , a Georgetown legal fellow, told Ars. "What they don't expect is their face is going to be scanned. This is an expansion of a program that was never authorized for US citizens." John Wagner, the Customs and Border Protection official in charge of the program, said that the agency will delete such scans within 14 days. But he also said that the agency may keep scans longer after it goes "through the appropriate privacy reviews and approvals." top

Border Patrol says it's barred from searching cloud data on phones (NBC, 12 July 2017) - U.S. border officers aren't allowed to look at any data stored only in the "cloud" - including social media data - when they search U.S. travelers' phones, Customs and Border Protection acknowledged in a letter obtained Wednesday by NBC News. The letter (PDF), sent in response to inquiries by Sen. Ron Wyden, D-Ore., and verified by Wyden's office, not only states that CBP doesn't search data stored only with remote cloud services, but also - apparently for the first time - declares that it doesn't have that authority in the first place. In April, Wyden and Sen. Rand Paul, R-Ky., introduced legislation to make it illegal for border officers to search or seize cellphones without probable cause. Privacy advocates and former Homeland Security lawyers have said they are alarmed by how many phones are being searched. The CBP letter, which is attributed to Kevin McAleenan, the agency's acting commissioner, is dated June 20, four months after Wyden asked the Department of Homeland Security (PDF) , CBP's parent agency, to clarify what he called the "deeply troubling" practice of border agents' pressuring Americans into providing passwords and access to their social media accounts. McAleenan's letter cites several laws that he contends allow officers to search any traveler's phone without probable cause when the traveler enters or leaves the United States. The agency says the practice protects against child pornography, drug trafficking, terrorism and other threats. But the question of whether that broad authority extends to data linked to on remote servers but not physically stored on a phone had remained unclear, according to privacy advocates like the American Civil Liberties Union and the Electronic Frontier Foundation . McAleenan's letter says officers can search a phone without consent and, except in very limited cases, without a warrant or even suspicion - but only for content that is saved directly to the device, like call histories, text messages, contacts, photos and videos. top

RESOURCES

Big data, data science, and civil rights (Computing Community Consortium, 27 June 2017) - The Computing Community Consortium (CCC) has been working hard on various white papers over the past couple of months and slowly releasing them. You can see all of them here . Today, we highlight another paper, called Big Data, Data Science, and Civil Rights by Solon Barocas, Elizabeth Bradley, Vasant Honavar, and Foster Provost. Government, academia, and the private sector have increasingly recognized that the use of big data and data science in decisions has important implications for civil rights. However, a coherent research agenda for addressing these topics is only beginning to emerge and the need for such an agenda is critical and timely. Big data and data science have begun to profoundly affect decision making because the modern world is more broadly instrumented to gather data-from financial transactions, mobile phone calls, web and app interactions, emails, chats, Facebook posts, Tweets, cars, Fitbits, and on and on. According to this paper, the necessary research agenda should include: * * * [ Polley : Spotted by MIRLN reader Claude Baudoin ] top

A primer on debates over law and ethics of autonomous weapon systems (Lawfare, 5 July 2017) - For Lawfare readers interested in law and regulation of autonomous weapon systems (AWS), we're pleased to note our new essay, recently posted to SSRN , "Debating Autonomous Weapon Systems, Their Ethics, and Their Regulation Under International Law." It appears as a chapter in a just-published volume, The Oxford Handbook of Law, Regulation, and Technology , edited by Roger Brownsword, Eloise Scotfield, and Karen Yeung (Oxford University Press, July 2017). Our chapter can be read on its own as a non-technical and relatively short primer on normative debates over AWS. The book in which it appears addresses emerging technologies and regulation more generally. Some readers might find it interesting to see how debates over the law, regulation, and ethics of AWS compare and contrast with those of other emerging technologies ( Table of Contents tab here ). Although our chapter expresses a point of view on these normative debates (a point of view we've previously conveyed here , here , and elsewhere), it is intended to present, as fairly as we could in a limited space and in non-technical language, the leading positions in the debate. It's not a brief for one side or the other. Teachers looking for a basic introduction to the AWS topic for use in law, international relations, ethics, armed conflict or military studies, etc., might find it useful. top

DIFFERENT

Text this number anything you want and it will text you back art depicting it (Gothamist, 10 July 2017) - There are 34,678 pieces of artwork in SFMOMA's collection, with only about 5% on view at any given time. To get more eyes on the art, they've created a way to discover some of it. Their highly addictive "Send Me" feature allows you to text them what you want to see, and they'll send you back an image of a piece of art depicting that thing, along with some information on the piece. Here's how to make the magic happen: text "send me [x]" to 572-51, and within seconds SFMOMA will text you back a piece of art that, in some way, shows you that thing. X can = a keyword, a color, and even an emoji. In their announcement of the text service, they noted that "studies have shown that the average museum visitor spends approximately seven seconds in front of any artwork," asking, "In a world oversaturated with information... how can we generate personal connections between a diverse cross section of people and the artworks in our collection? How can we provide a more comprehensive experience of our collection?" In the first four days of the project, they received over 12,000 texts. [ Polley : Spotted by MIRLN reader Elizabeth Polley = @ebpolley] top

Specific laws that governs katana/samurai sword ownership (Case Clothesed, July 2017) - In japan, there are certain laws you have to comply with for you to have swords or katana. During the old period in japan, carrying swords in the road is prohibited unless you're a public servant or police. In these days it is hard to find someone who owns a sword. Only those who are associated with the sport Hombu Dojo, or a type of Samurai Sports. Yakuza and other members of the elite community may have access to these swords too. But there are certain laws that restrict the use of this traditional weapon. * * * top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Company will monitor phone calls to tailor ads (New York Times, 24 Sept 2007) - Companies like Google scan their e-mail users' in-boxes to deliver ads related to those messages. Will people be as willing to let a company listen in on their phone conversations to do the same? Pudding Media, a start-up based in San Jose, Calif., is introducing an Internet phone service today that will be supported by advertising related to what people are talking about in their calls. The Web-based phone service is similar to Skype's online service - consumers plug a headset and a microphone into their computers, dial any phone number and chat away. But unlike Internet phone services that charge by the length of the calls, Pudding Media offers calling without any toll charges. The trade-off is that Pudding Media is eavesdropping on phone calls in order to display ads on the screen that are related to the conversation. Voice recognition software monitors the calls, selects ads based on what it hears and pushes the ads to the subscriber's computer screen while he or she is still talking. A conversation about movies, for example, will elicit movie reviews and ads for new films that the caller will see during the conversation. Pudding Media is working on a way to e-mail the ads and other content to the person on the other end of the call, or to show it on that person's cellphone screen. "We saw that when people are speaking on the phone, typically they were doing something else," said Ariel Maislos, chief executive of Pudding Media. "They had a lot of other action, either doodling or surfing or something else like that. So we said, 'Let's use that' and actually present them with things that are relevant to the conversation while it's happening." top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Klein Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. Aon's Technology & Professional Risks Newsletter

5. Crypto-Gram, http://www.schneier.com/crypto-gram.html

6. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

7. The Benton Foundation's Communications Headlines

8. Gate15 Situational Update Notifications, http://www.gate15.us/services.html

9. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

Saturday, June 24, 2017

MIRLN --- 4-24 June 2017 (v20.09)

MIRLN --- 4-24 June 2017 (v20.09) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | LOOKING BACK | NOTES

Governments may be big backers of the blockchain (The Economist, 1 June 2017) - In the hills overlooking Tbilisi, Georgia's capital, sits a nondescript building housing rows of humming computer servers. The data centre, operated by the BitFury Group, a technology company, was built to "mine" (cryptographically generate) bitcoin, the digital currency. But now it also uses the technology underlying bitcoin, called the "blockchain", to help secure Georgian government records. Experts are eyeing the experiment for proof of whether blockchain technology could alter the infrastructure of government everywhere. While the blockchain originally sought a foothold in financial services, and digital currencies attracted early attention from investors, now interest in using the technology in the public sector is growing. Brian Forde, a blockchain expert at the Massachusetts Institute of Technology, argues that governments will drive its adoption-an ironic twist for something that began as a libertarian counter model to centralised authority. Backers say it can be used for land registries, identity-management systems, health-care records and even elections. Fans argue that, if properly implemented, distributed ledgers can bring improvements in transparency, efficiency and trust. Naysayers respond that wider adoption may reveal security flaws. It is certainly early days for the blockchain: some compare it to the internet in the early 1990s, so growing pains are sure to follow. And blockchains can always be only part of the solution: no technology can turn crooked leaders straight and keep them, for instance, from feeding in spurious data. Creating robust standards will also take time. And integrating databases across vast and complex bureaucracies will need huge investment. Yet governments do not seem fazed. According to a recent IBM survey of government leaders (conducted by the Economist Intelligence Unit, our sister company), nine in ten government organisations say they plan to invest in blockchain technology to help manage financial transactions, assets, contracts and regulatory compliance by next year. top

- and -

The world's largest CSDs are forming a new Blockchain consortium (Coindesk, 5 June 2017) - Some of the world's biggest central securities depositories (CSDs) are uniting to build their own blockchain consortium. Informally called the CSD Working Group on DLT, and comprised of institutions tasked with holding vast amounts of the world's financial instruments, the fledgling consortium is emerging from talks that have been ongoing since last year. While the formal membership of the group has yet to be revealed, CoinDesk has learned that early participants of the exploratory effort met last month in London and that the work is ongoing. Hosted by 'Big Four' consulting firm EY, the meeting was designed to give the companies, including the DTCC, Canada's CDS, the Moscow Exchange Group and South Africa's Strate, a better understanding of how blockchain technology might change their roles in the future. What started as informal conversations last October have since evolved into the more formal working group, with members including Russia's National Securities Depository, Switzerland's SIX Securities Services, the Nordic subsidiary of Nasdaq and Chile's DCV. Last week, members of the group published the first results of its partnership: a document describing the product requirements for a proxy voting solution for general meetings, built using distributed ledger technology and 'synchronized' with Swift's messaging standard. Using an unspecified technology, the proposal requires that the platform should accommodate up to 100,000 voting parties and conduct at least 50 transactions per second. While the official stated objective of the working group is to demonstrate the business value of the technology, Duvanov and Strate CEO Monica Singer revealed to CoinDesk that that is only part of the minimum viable product being tested. And, though not every member of the working group appears to have been involved in the London meeting, a second objective of the group is to show the value of collaboration in its own right. [ Polley : Spotted by MIRLN reader John Muller ] top

- and -

Accenture, Microsoft team up on blockchain-based digital ID network (Reuters, 19 June 2017) - Accenture Plc and Microsoft Corp are teaming up to build a digital ID network using blockchain technology, as part of a United Nations-supported project to provide legal identification to 1.1 billion people worldwide with no official documents. The companies unveiled a prototype of the network on Monday at the UN headquarters in New York during the second summit of ID2020, a public-private consortium promoting the UN 2030 Sustainable Development Goal of providing legal identity for everyone on the planet. The project aims to help individuals such as refugees prove who they are in order to gain access to basic services such as education and healthcare. * * * The new platform will connect existing record-keeping systems of commercial and public entities through blockchain, allowing users to access to their personal information wherever they are. For example, refugees who have fled their country leaving behind birth or education paper certificates would still be able to provide proof of those credentials through the system. One of the main advantages of blockchain is that it allows systems of different organizations to communicate with each other, Yorke Rhodes, global business strategist at Microsoft, said in an interview. The prototype was built on top of an existing Accenture platform, which powers the biometric identity management system used by the UN High Commissioner for Refugees. top

Grad students as peer reviewers: the pros and cons (Chronicle of Higher Ed, 1 June 2017) - A good peer reviewer is hard to find. Does it make sense to expand the search to graduate students? At some journals, editors say, that idea is an absolute nonstarter. But at others, with the number of article submissions on the rise, editors are increasingly asking graduate students to act as referees. A discussion about the value of that practice cropped up Wednesday on the philosophy blog Daily Nous, where Jc Beall, a professor of philosophy at the University of Connecticut, posed the question and listed some pros and cons. On the one hand, he wrote, there's a supply-and-demand argument for enlisting graduate students: There is "so much publishing that there's no alternative but to enlist as many recruits as possible." Beyond that, peer review offers the potential to "expose the grad students to cutting-edge ideas in the latest submitted drafts." But Mr. Beall found more "strong reasons" to question the practice. Graduate students "already have too little time for their own work," he wrote. "Why should they be given work that few want in the profession?" What's more, they have not yet been fully accepted into the faculty, "but are being asked to serve anyhow." Mr. Beall said the use of graduate students as peer reviewers "appears to be gaining the feel of normalcy." Is it becoming more widespread? The Chronicle reached out to some editors to see how common the practice is. * * * top

Researchers use ridesharing cars to sniff out a secret spying tool (Wired, 2 June 2017) - Law enforcement's use of the surveillance devices known as stingrays, fake cell towers that can intercept communications and track phones, remains as murky as it is controversial, hidden in non-disclosure agreements and cloak-and-dagger secrecy. But a group of Seattle researchers has found a new method to track those trackers: by recruiting ridesharing vehicles as surveillance devices of their own. For two months last year, researchers at the University of Washington paid drivers of an unidentified ridesharing service to keep custom-made sensors in the trunks of their cars, converting those vehicles into mobile cellular data collectors. They used the results to map out practically every cell tower in the cities of Seattle and Milwaukee-along with at least two anomalous transmitters they believe were likely stingrays, located at the Seattle office of the US Customs and Immigration Service, and the Seattle-Tacoma Airport. Beyond identifying those two potential surveillance operations, the researchers say their ridesharing data-collection technique could represent a relatively cheap new way to shed more light on the use of stingrays in urban settings around the world. "We wondered, how can we scale this up to cover an entire city?" says Peter Ney, one of the University of Washington researchers who will present study at the Privacy Enhancing Technology Symposium in July. He says they were inspired in part by the notion of "wardriving," the old hacker trick of driving around with a laptop to sniff out insecure Wi-Fi networks. "Actually, cars are a really good mechanism to distribute our sensors around and cast a wide net." top

Whose authorization matters-the third-party accounts of former employees (Lawfare, 5 June 2017) - Two district courts in Virginia have parsed out a distinction regarding email access to the third-party accounts of former employees: following the employee's termination, who is allowed to access the account and whose permission is required? The answer depends on how personal the account was. [ Polley : quite interesting, with detailed case descriptions and compare-and-contrast analysis.] top

A guide to the ethics of cloud computing for lawyers (Ride the Lightning, 6 June 2013) - It remains astonishing to us that so many lawyers fear the cloud. While we understand the desire to control your own data, as a rule, most clouds will protect law firm data better than the law firms would. By a lot! That is particularly true of solo, small and mid-sized law firms. One of the questions we hear most often is "What does my state say about the ethics of cloud computing?" Actually, we are surprised that a number of states have not spoken on that issue, especially given the prevalence of cloud computing and attorneys' concerns about it. One good resource comes from the ABA's Legal Technology Resource Center, which maintains a map showing you which states have spoken about the ethics of cloud computing, accompanied by a quick reference guide to those states that have spoken on the issue. Check out this page on Cloud Ethics Opinions if you are unsure about your state's position on the ethics cloud computing. top

Coursera closes $64 million round of funding (InsideHigherEd, 8 June 2017) - Online education provider Coursera said Wednesday that it had raised another $64 million, bringing its total equity funding to more $210 million. The company said in a blog post that intends to use the funding to "accelerate our product innovation efforts, grow our high-quality and stackable degree portfolio, and build business and government partnerships in order to address the needs of a global work force." In addition to expanding in the corporate education market, Coursera this spring signaled that it plans to partner with member universities to launch more fully online degree programs. top

The secret social media lives of teenagers (NYT, 7 June 2017) - Earlier this week, Harvard University revealed that it had rescinded admissions offers to at least 10 students who shared offensive images within what they thought was a private Facebook group chat. The students posted memes and images that mocked minority groups, child abuse, sexual assault and the Holocaust, among other things. Sharing videos, images and memes creates the opportunity for an instantaneous positive feedback loop that can perpetuate poor decision making. In an environment where teens spend around nine hours using some form of online media every day, it doesn't take long for them to be influenced by an "all-about-the-likes" sense of values that can potentially lead to life-altering decisions. I've spent nearly two decades working with teens on organization and time-management in the heart of the Silicon Valley, and many teen girls tell me they have a real Instagram account ("rinsta") for a wider audience and then keep a "finsta" (friends-only or "fake" Instagram) for their closest friends. Many teens use shortened versions of their names or aliases for finsta accounts, which they often see as an opportunity to share a less edited, less filtered version of their lives. They might spend a lot of time trying to capture the perfect Instagram photo for the "rinsta," which reaches a wider general audience, while a finsta might reveal, as one high school sophomore girl declared, "my innermost thoughts." Like the teens in the Harvard Facebook group chat, those using finsta accounts can have a false sense of confidence to say and do things they might not want a wider audience to see. And because so much of today's teen social media use is rooted in a fear of getting caught, many teens have detoured their online activity to different ways of cloaked communication. Closed and secret Facebook groups are one way teens (and adults!) privatize communication to a select group - a closed group feels more private because it allows an administrator to approve new users and monitor content. Secret Facebook groups remain unsearchable, and members can only be added or invited by another member. Another trick is to use hidden apps like Calculator% and Calculator+ that look like regular calculators, but require users to enter their passcodes to reveal a back storage area containing private photos. Also popular with secretive teens are storage apps like Vaulty, which allows users to hide photos and videos, and also has a "mug shot" feature, which takes a photo of anyone who tries to access the app using an incorrect password. Vaulty's most clever trick? Users can create two passwords for one vault, with each password tied to specific levels of access. So, a parent who insists that a teen hand over the password still might be getting limited access. Some teens just hide apps within folders on their phones. Parents wondering if their children are hiding something might look for a cleared search history and an unexplainable spike in data usage as potential red flags. * * * top

Facebook knows what you're doing during commercial breaks (Recode, 8 June 2017) - You know how sometimes you still watch live TV? And how if you're watching live TV, sometimes a commercial comes on? Well, guess what happens then? If you're reading this, you know. But now Facebook wants to spell it out for you: You ignore the commercials and you look at your phone. Here's the graphic version of this story: Facebook says it tracked the behavior of 537 people who told the company they watched "the season premiere of a popular TV show" last fall. This bar chart measures Facebook usage over time. See the spikes? Those are commercial breaks: * * * And just to beat it into the ground, Facebook tracked usage for people who didn't watch the show. No spikes, just steady liking and sharing. Yes, it's a small survey, conducted by Facebook, about a single show last year. On the other hand, since it's only measuring Facebook usage, it probably understates the case. If you factor in Twitter, texting, Clash of Clans and everything else you can do with your phone when a commercial comes on, those spikes would likely be much sharper. Those graphs come via a longer blog post/op-ed from Facebook today, which is theoretically about the state of video advertising, and which offers advice about how to make effective ads. It also includes some new video stats from the company. Among them: On average, Facebook users watch autoplay video for 16.7 seconds per clip; they watch autoplay video ads for 5.7 seconds. But Facebook's big takeaway here is clear, and it's the same takeaway Facebook has been offering for years: Advertisers should move their spending away from TV, because consumers have moved their attention away from TV. And if advertisers are going to move their dollars away from TV, Facebook is ready to take those dollars. top

Lawmakers want notice when Pentagon uses cyber weapons (NextGov, 8 June 2017) - Defense Department officials would be required to notify congressional overseers within 48 hours of launching any sensitive cyber operation under legislation introduced Thursday by top lawmakers on the House Armed Services Committee. The law would apply to both offensive and defensive cyber operations that leave DOD networks and produce effects outside locations where the U.S. is engaged in a hot war. The law would not apply to covert actions, which are typically conducted by intelligence agencies rather than the uniformed military. That means the Stuxnet attack against Iran's nuclear capability, which is among the best-known offensive cyber operations and widely believed to have been launched, in part, by U.S. intelligence agencies, would not fall under the law's requirements. The law would also require the Pentagon to notify the House and Senate Armed Services Committees about any reviews of cyber weapons to determine if they can be used under international law. top

How tech sleuths cracked the mysterious code that turns your printer into a spying tool (WaPo, 9 June 2017) - You wouldn't have noticed it unless you knew where - and how - to look, but the top-secret National Security Agency document leaked to the Intercept and published Monday contained a clue that may have led authorities to its source. Spread throughout the pages were barely visible yellow dots, each less than a millimeter in diameter, repeated over and over in the same rectangular pattern. You could see them by zooming in on the pages and adjusting the color. Or, if you had the original printed papers, you could have inspected them with a magnifying glass and a blue LED light. They're called tracking dots or microdots. Nearly every color printer on the market is equipped with a feature that covertly prints them. They encode any page that comes out of a printer with a serial number, date and time that can be interpreted using a simple cipher. Printer manufacturers are not required to tell customers the feature exists. Although the FBI has signaled otherwise, some experts have speculated that such dots may have helped investigators track down and arrest Reality Leigh Winner, the government contractor who was charged this week with leaking the NSA's highly classified report. Printer manufacturers have used the dots in some form or another for decades, but they were only revealed to the public fairly recently, when privacy advocates and cybersecurity researchers took notice. PC World was among the first publications to bring them to light. In a 2004 article in the magazine, a senior researcher at Xerox named Peter Crean described the hidden markings in detail. The technology had been developed about 20 years before, he said, to allay government officials' fears that copy machines could be used to counterfeit money or forge documents. Xerox created an in-house encoding system and agreed to share information about it with authorities. Other companies followed suit. * * * [ Polley : B&W printers?] top

In Watergate, one set of facts. In Trump era, take your pick. (NYT, 11 June 2017) - Forget Deep Throat, the anonymous senior F.B.I. official whom history so fondly remembers for guiding Carl Bernstein and Bob Woodward through the corruption scandal and cover-up that began with a break-in at the Democratic National Committee and ended with President Richard M. Nixon's resignation. We now have "the deep state," the scheming coterie in the intelligence community supposedly seeking to take down the president to protect its own power, as the viral Web conspiracy goes. Watergate unfolded in a much simpler time in the media industry. There were three major news networks and PBS; a major paper or three in every city; and a political dynamic in which leaders duked it out by day and dined together at night. They did so on a solid foundation of agreed-upon facts and a sense of right and wrong that was shared if not always followed. The Trump-Russia scandal is breaking during a time of informational chaos, when rival versions of reality are fighting for narrative supremacy. The causes are legion: The advent of right-wing talk radio and Fox News; the influence of social sites like Facebook, Twitter, Reddit; and the mainstreaming of conspiracy sites like InfoWars, which had almost five million visitors in the last month. By allowing partisans to live in their separate informational and misinformational bubbles, and, in some cases, to allow real news to be rendered as false - and false news to be rendered as true - they have all contributed to the calcification of the national divide. Mainstream journalism, a shiny and ascendant conveyor of truth during Watergate, is in a battered state after decades of economic erosion, its own mistakes and the efforts of partisan wrecking crews to discredit its work, the most recent one led by the president himself. All of it gives the Trump White House something Nixon never had: a loyal media armada ready to attack inconvenient truths and the credibility of potentially damning witnesses and news reports while trumpeting the presidential counternarrative, at times with counterfactual versions of events. Review papers from the Nixon White House and you can see just how much Nixon and his team pined for a media environment resembling the one today. "Nixon was always complaining that he had no defenders," John Dean, the former Nixon White House counsel, and current CNN contributor, told me Friday. As a memo from one adviser read in 1970: "The lens through which our message gets through is a distorted lens," therefore "we ought to give consideration to ways and means if necessary to acquire either a government or other network through which we can tell our story." When a separate memo presented a more detailed plan for a pro-administration news service, White House records show, another adviser, Roger E. Ailes, raised his hand to start it . The plan fizzled, but Mr. Ailes, who died last month, would start the Fox News Channel some 25 years later. top

Belonging online and in the library (InsideHigherEd, 12 June 2017) - Librarians have been thinking quite a bit about their library as a place in the last decade or so. They also try to make their digital spaces convenient for users to orient themselves and get to the information they seek (while also placating the marketing folks who decide what the institutional website should look like). Though we try to make the library where I work a hospitable place with a user-friendly website, I wonder what it looks like to students who are new to the place. When I was an undergraduate I made a nest in my university library. I actually liked writing papers and when I needed a break I'd browse some random part of the stacks: Hakluyt's Voyages - that looks cool. Huh, An Elementary Welsh Grammar. Wonder if I could learn Welsh? I didn't like it when a uniformed guard busted me for having food in my carrel, yet I never felt like I didn't belong there. He was the one who seemed out of place. But I was a weird kid, and privileged, growing up with the unquestioned expectation that I would have a university library in my future and it would feel like home. Kate Bowles, who writes elegantly about higher education at Music for Deckchairs , recently posted essay on "kith," the sense of place and belonging that goes along with kin, our family relationships. (I'd never actually thought about the meaning of the first half of "kith and kin.") She quotes Susan Beal: "Kith is not only the place you know and love, but the place that knows and loves you back." In the essay Bowles examines what that means in terms of "digital citizenship" from her perspective in Australia where actual citizenship has become a fraught subject, a category of exclusion, as perhaps it always has been though not necessarily recognized as such. I'm thinking about this as I start to plan a course that will use digital humanities tools to explore identity and the internet. I know from experience that what seems obvious and comfortable to me is a matter of familiarity. It's hard work for many students who would rather not be doing it anyway, and thinking about what happens to their data when they use social media is deeply uncomfortable, as is discussing their multiple social media identities. Those are private except for their close friends and the numerous invisible data-mining companies that exploit those identities and relationships. * * * [ Polley : Resonated with me.] top

Legal analytics vs. legal research: What's the difference? (ABA's Law Tech Today, 12 June 2017) - For hundreds of years, litigators have served their clients by applying facts to law using legal reasoning. To identify relevant law-statutes, cases, rules-to apply to the facts of a case, lawyers conduct legal research. Performing accurate legal research remains a core skill of successful lawyering. But over the past few years a new tool has appeared in litigators' toolkits: legal analytics. Legal analytics involves mining data contained in case documents and docket entries, and then aggregating that data to provide previously unknowable insights into the behavior of the individuals (judges and lawyers), organizations (parties, courts, law firms), and the subjects of lawsuits (such as patents) that populate the litigation ecosystem. Litigators use legal analytics to reveal trends and patterns in past litigation that inform legal strategy and anticipate outcomes in current cases. While every litigator learns how to conduct legal research in law school, performs legal research on the job (or reviews research conducted by associates or staff), and applies the fruits of legal research to the facts of their cases, many may not yet have encountered legal analytics. Data-driven insights from legal analytics do not replace legal research or reasoning, or lawyers themselves. They are a supplement, both prior to and during litigation. Think of legal analytics as Moneyball for lawyers. Just as a Moneyball approach to managing a baseball team supplements the hard-earned wisdom of managers, scouts, and team executives with data-driven insights, legal analytics supplements a lawyer's legal wisdom. * * * top

Modria, innovator of online dispute resolution, is acquired by Tyler Technologies (Bob Ambrogi, 12 June 2017) - Modria , a pioneering company in the field of online dispute resolution, has been acquired by Tyler Technologies , a company that develops software products for local governments. Modria will become part of Tyler's Courts and Justice Division, where Modria's technology will be used to help courts more efficiently handle large volumes of disputes. Modria was founded in 2011 by Colin Rule, who earlier designed and ran eBay's ODR system, considered the most successful ODR system in the world, and Chittu Nagarajan, the woman who formerly ran the largest ODR system in Asia. Modria's ODR platform has been used by a number of e-commerce sites as well as by innovative sites designed to provide alternatives to litigation, such as the Rechtwijzer site in the Netherlands, developed by HiiL and the Dutch Legal Aid Board to provide dispute resolution for divorce and separation, landlord-tenant and employment disputes. Modria's platform has also been adopted by various tax assessors in the United States and Canada to resolve property tax appeals. Rule will remain with Tyler as vice president of online dispute resolution. Modria will be shutting down its e-commerce customers and focusing entirely on courts and ADR organizations, Rule told me. top

Schools tap secret spectrum to beam free internet to students (Wired, 12 June 2017) - In places like Albemarle County, where school officials estimate up to 20 percent of students lack home broadband, all the latest education-technology tools meant to narrow opportunity and achievement gaps can widen them instead. So, rather than wait for reluctant commercial internet providers to expand their reach, the district is trying an audacious solution. They're building their own countywide broadband network. Still in its early stages, this ambitious project relies on a little-known public resource - a slice of electromagnetic spectrum the federal government long ago set aside for schools - called the Educational Broadband Service (EBS). Some internet-access advocates say EBS is underutilized at best, and wasted at worst, because loose regulatory oversight by the FCC has allowed most of the spectrum to fall into the hands of commercial internet companies. The resulting spectrum scarcity may be the most daunting of the legal, technical and monetary challenges faced by any district hoping to create its own broadband network. But a few pioneering districts have shown that it's possible, and Albemarle County has joined a nascent trend of districts trying to build their own bridges across the digital divide. top

Homeland Dems seek answers about Trump officials and encrypted app (NextGov, 1 June 2017) - Top Democrats on the Homeland Security Committee are asking inspectors general at 24 federal agencies to investigate whether Trump administration officials are skirting federal records laws by using encrypted and vanishing messaging apps. The committee's current and former ranking members, Sens. Claire McCaskill, D-Mo., and Tom Carper, D-Del., also want the IGs to investigate whether top agency officials are barring staffers from responding to information requests from congressional Democrats. That request follows a Politico report that Trump administration lawyers advised agencies to ignore Democratic requests. The senators collected the requests into a single, alphabetically arranged document that runs to 120 pages, beginning with the Agriculture Department IG and ending with Veterans Affairs. top

US internet company refused to participate in NSA surveillance, documents reveal (ZDnet, 14 June 2017) - A US company refused to comply with a top-secret order that compelled it to facilitate government surveillance, according to newly declassified documents. It's thought to be only the second instance of an American company refusing to comply with a government surveillance order. The first was Yahoo in 2008 . It was threatened with hefty daily fines if it didn't hand over customer data to the National Security Agency. While the company was not named in the 2014-dated document, released Wednesday, it's thought that it may be an internet provider or a tech company -- rather than a telecoms provider. The news comes from a collection of documents that were declassified and released as part of a Freedom of Information lawsuit filed by the Electronic Frontier Foundation and the American Civil Liberties Union. All of the documents relate to the government's use of the so-called Section 702 statute , named after its place in the law books, a provision of the Foreign Intelligence Surveillance Act. The statute authorizes the collection of data on foreign persons overseas who use US tech and telecoms services. According to the document , the unnamed company's refusal to participate in the surveillance program was tied to an apparent expansion of the foreign surveillance law, details of which were redacted by the government prior to its release, as it likely remains classified. While tech companies and internet providers are required to provide the government access to customer data when requested, they have the right to push back on the government's demands by bringing a challenge before the Foreign Intelligence Surveillance Court, which oversees and authorizes the government's surveillance activities. But despite the company's efforts to argue that the surveillance order was unlawful, the company was later forced to comply by the court. [ Polley : Spotted by MIRLN reader Gordon Housworth ] top

Pirate Bay may finally be sunk after EU copyright ruling (ArsTechnica, 14 June 2017) - Infamous BitTorrent tracker site The Pirate Bay can be found liable of copyright violations even if it doesn't host any infringing content, Europe's top court has ruled. "Making available and managing an online platform for sharing copyright-protected works, such as 'The Pirate Bay,' may constitute an infringement of copyright," the Court of Justice of the European Union (CJEU) said in its judgment on Wednesday. "Even if the works in question are placed online by the users of the online sharing platform, the operators of that platform play an essential role in making those works available." The ruling isn't only good news for copyright lawyers, but it also paves the way for ISPs across Europe to choke access to The Pirate Bay, which started life in Sweden in 2003 and has undergone a number of high-profile legal battles-including prison time for its founders, after they were found guilty of being accessories to breaching copyright laws in 2009. The CJEU's ruling appears to be suggesting that TPB operators offer functions that go beyond a search engine such as Google. Observers have already been wondering if the judgment will spill over into areas where sites might fall under the court's definition, which states: "the making available and management of an online sharing platform must be considered to be an act of communication for the purposes of the directive." top

Reed Smith releases data breach notification app (Ride the Lightning, 15 June 2017) - On June 12 th , global law firm Reed Smith announced the release of a free app to help companies apply complex state laws to basic data breach facts. The app is call Breach RespondeRS. Nearly every state in the United States has a data security breach law, requiring notice when certain personal information is lost, stolen, or misused. But the many laws differ in small but crucial respects, making it difficult to get to a bottom line. According to Reed Smith, Breach RespondeRS is the first app of its kind prompting companies to answer basic fact questions and immediately get a response as to the likelihood that notification is required. The app's release was accompanied by an animated video short showing how Breach RespondeRS can aid in both post-incident response as well as pre-incident assessment for identifying risks under different scenarios to help companies prepare accordingly. top

- and -

Cooley is updating its packet of startup tips and financing documents (TechCrunch, 20 June 2017) - Cooley is putting out a new package of seed investment documents for public viewing on its " GO" microsite, the firm said today. It's a way for entrepreneurs and early-stage investors and business owners to access what the firm considers to be best practices for early-stage investment and to streamline the process for committing capital at the seed stage. The firm said its new release was prompted by the increase in convertible notes for early-stage financing. Because the investment structure is so popular, and relatively uncomplicated, it's quickly becoming a default structure for early-stage financing. The documents that Cooley is making public are the same ones it uses in the hundreds of transactions the firm has completed for startups. The new documents also will be available on GitHub, where Cooley's documents have received several comments from the community. The company said that the new documents will act as a "fork" of the original GitHub repository under open source licenses and on the Cooley GO website. Other documents that support signing agreements for seed-stage deals also are available on the Cooley site. Any new business owner who wants can access and amend the Series Seed "Notes" and equity financing documents directly through Cooley GO's document generators. top

European Parliament committee recommends end-to-end encryption for all electronic communications (Tom's Hardware, 16 June 2017) - The European Parliament's (EP's) Committee on Civil Liberties, Justice, and Home Affairs released a draft proposal for a new Regulation on Privacy and Electronic Communications. The draft recommends a regulation that will enforce end-to-end encryption on all communications to protect European Union citizens' fundamental privacy rights. The committee also recommended a ban on backdoors. * * * top

A GOP voter-targeting firm was doing massive data analysis on Reddit (The Verge, 19 June 2017) - A conservative analytics firm apparently scraped a huge trove of Reddit data as part of its voter-targeting efforts. As reported by Gizmodo , GOP-contracted company Deep Root Analytics accidentally put a folder titled "reddit" on a publicly accessible web server along with other internal records, which cyber risk analyst Chris Vickery discovered last week. It contains 170GB of data from several subreddits, but no indication of how Deep Root might be using the information. The subreddits in question range from innocuous to controversial. One was the banned subreddit r/fatpeoplehate, which Gizmodo speculates was picked for its connection to Trump fans - a FiveThirtyEight analysis of r/The_Donald members found that outside explicitly political subreddits, these users overlapped most strongly with r/fatpeoplehate members. But Deep Root also collected information from mountain-biking and Spanish-speaking subreddits, which have no such connection. Deep Root leaked profiles of nearly 200 million potential voters as well, and it's possible that it was trying to match names to Reddit profiles - which would give them a deep look at the preferences of specific voters. Gizmodo notes that the Obama campaign matched voter records with Facebook profiles, but it's unclear that someone could do the same with Reddit, where few people operate under their real names. The company could also simply be looking for correlations in Reddit users' interests, which could help predict which messages will resonate with specific categories of voters. All we can say for sure from this leak is that political analysts are watching Reddit - which, given its prominence during the election, isn't a surprise. top

NSA opens GitHub account, lists 32 projects developed by the agency (Hacker News, 20 June 2017) - The National Security Agency (NSA) - the United States intelligence agency which is known for its secrecy and working in the dark - has finally joined GitHub and launched an official GitHub page. The NSA employs genius-level coders and brightest mathematicians, who continually work to break codes, gather intelligence on everyone, and develop hacking tools like EternalBlu e that was leaked by the Shadow Brokers in April and abused by the WannaCry ransomware last month to wreak havoc worldwide. The intelligence agency mostly works in secret, but after Edward Snowden leaks in 2013, the NSA has started (slowly) opening itself to the world. It joined Twitter in the same year after Snowden leaks and now opened a Github account. GitHub is an online service designed for sharing code amongst programmers and open source community, and so far, the NSA is sharing 32 different projects as part of the NSA Technology Transfer Program ( TTP ), while some of these are 'coming soon.' " The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace," the agency wrote on the program's page . top

Know the odds: The cost of a data breach in 2017 (Security Intelligence, 20 June 2017) - We've all heard that when it comes to experiencing a data breach, the question is not if it will happen, but when . You may be wondering about the actual odds of it happening to your organization. Think about it this way: The chances of being struck by lightning this year are 1 in 960,000. When it comes to experiencing a data breach, according to the Ponemon Institute's " 2017 Cost of Data Breach Study: Global Overview ," the odds are as high as 1 in 4. Therefore, organizations must understand the probability of being attacked, how it affects them and, even more importantly, which factors can reduce or increase the impact and cost of a data breach. Sponsored by IBM Security and independently conducted by the Ponemon Institute, the 12th annual "Cost of Data Breach Study" is out. The findings revealed that the average total cost of a data breach is $3.62 million in 2017, a decrease of 10 percent over last year. Additionally, the global average cost per record for this year's report is $141, which represents a decrease of 11.4 percent over last year. Despite the reduction in cost, the average size of a data breach increased by 1.8 percent to 24,089 records. The influencers that impact the cost of a data breach are driven by the country and the IT initiatives underway. The good news is that organizations can take measures to minimize cost and impact. The 2017 "Cost of Data Breach Study" found that having access to an internal or outsourced incident response team has been the top cost-reducing factor for three years running. An incident response team typically accelerates the time frame in which security events can be contained, which is a significant factor in reducing the overall cost of a breach. top

The Supreme Court establishes a First Amendment framework for social media (Benton Foundation, 21 June 2017) - On June 19, 2017, the Supreme Court of the United States used an unlikely vehicle to expand the scope of First Amendment protection for Internet users. In Peckingham v. North Carolina , speaking for five members of the Court, Justice Anthony Kennedy started with the general principle that the Court has always recognized the "fundamental principle of the First Amendment ... that all persons have access to places where they can speak and listen, and then, after reflection, speak and listen once more." Then, using soaring language that will surely be widely quoted in future cases, he said: While in the past there may have been difficulty in identifying the most important places (in a spatial sense) for the exchange of views, today the answer is clear. It is cyberspace--the "vast democratic forums of the Internet" in general, and social media in particular. The case arose as a challenge to a North Carolina statute that prohibits registered sex offenders from accessing social media sites. In 2002, Lester Peckingham, who was 21 years years-old at the time, pleaded guilty to taking indecent liberties with a 13 year-old girl. He received a suspended jail sentence and completed a term of probation. Eight years later, Peckingham was convicted of violating the social media statute after a police officer saw Peckingham's Facebook post joyfully announcing dismissal of a speeding ticket. The Court unanimously found North Carolina's law to be unconstitutional. This is the second important Supreme Court opinion addressing the role of the Internet in American life. The first, Reno v. ACLU , was issued in 1997, during the Internet's dial-up era. Its depiction of the Internet as a medium deserving the same high degree of First Amendment protection as traditional print media played an essential role in the legal framework for the Internet's evolution over the last two decades. Justice Kennedy's Peckingham decision consciously builds upon Reno 's recognition of the Internet as offering "relatively unlimited low-cost capacity for communication of all kinds," specifically citing how people use Facebook ("users can debate religion and politics with close friends ... or share vacation photos"), LinkedIn ("users can look for work [or] advertise for employees") and Twitter ("users can petition their elected representatives and otherwise engage with them in a direct manner") as examples. Justice Kennedy stressed the importance of insuring that the law leave ample room for the further evolution of the Internet's platform for free expression. top

Remember when you called someone and heard a song? (Motherboard, 21 June 2017) - Liam Paris, a 21-year-old who lives in Brooklyn, NY, was in eighth grade when he bought "Can't Tell Me Nothing" by Kanye West as his first ringback tone-the song that played when someone called him. If you were youngish in the early 2000s, you probably remember this phenomenon-calling a friend's cell phone, and instead of hearing the standard ring, you heard a pop song. Called ringback tones, this digital music fad allowed cell phone owners to subject callers to their own musical preference. Ringback tones were incredibly trendy in the early and mid-2000's, but have since tapered off nearly to oblivion. Though almost nobody is buying ringbacks anymore, plenty of people still have them from back in the day. The first ringtones debuted in the 1960s on landline phones (remember those?), and became a big money-maker for wireless carriers and the music industry. Ringback tones piggy-backed on this idea several decades later, and would also come to be a cash cow. A patent for contemporary ringback tone technology was filed in the US in 2001 , though earlier ringback technology had been used previously in the US and abroad. Verizon Wireless became the first US national carrier to offer ringback tones in 2004, when ringtones were a multi-billion dollar -a-year industry. Ringback tone sales grew quickly in the early 2000's, holding strong until 2008, when sales plummeted dramatically as cell phone users began taking advantage of other new products, according to a statement emailed to Motherboard. By 2014, ringback sales got so low that AT&T, the nation's second largest wireless provider, stopped selling ringback tones. Verizon, the largest wireless provider in the US, did not respond to request for comment for this story, but still sells ringback tones for $1.99. top

FBI agent shares cybersecurity tips for big law (Bloomberg, 22 June 2017) - Corporate clients are now checking to ensure their law firms are taking steps to secure valuable information. In April, the Association of Corporate Counsel issued its first-ever guidance on what data security measures in-house counsel should expect from their firms, Bloomberg BNA reported . Aristedes Mahairas, special agent-in-charge in the cyber division of the New York City's FBI field office, has spoken with many Big Law firms about their security vulnerabilities and believes the reported cases are just the tip of the iceberg. "A lot of this takes place without a lot of public scrutiny, but there's no doubt that someone out there is compromised and in pretty bad shape," he told Big law Business during a recent interview at the FBI's downtown Manhattan office. "They should be concerned because there's nothing saying a law firm can't be sued either for breach of fiduciary duty." Though law firms haven't dominated cybersecurity headlines, recent data breaches against Mossack Fonseca, Cravath, and Weil Gotshal have sent a clear signal that lawyers - and the client data they possess - are real targets. Mahairas, who earned his J.D. from New York Law School, began working at the FBI in 1996 as an undercover field officer in New York City. After stints in Bulgaria and Greece and on the Joint Terrorism Task Force, he was appointed special agent in charge of the Special Operations/Cyber Division of the New York Field Office in 2015. The following interview has been edited for length and clarity. * * * top

Avvo, LegalZoom, Rocket Lawyer declared off-limits (Law.com, 2 June 2017) - A joint opinion by three New Jersey Supreme Court committees has blacklisted three web-based services that match litigants with attorneys because of concerns over illicit fee-sharing and referral fees. Avvo facilitates improper fee-splitting, while LegalZoom and Rocket Lawyer operate legal service plans that aren't registered with the judiciary, according to the June 21 opinion, issued by the Advisory Committee on Professional Ethics, the Committee on Attorney Advertising and the Committee on the Unauthorized Practice of Law. The opinion decrees that "New Jersey lawyers may not participate in the Avvo legal service programs because the programs improperly require the lawyer to share a legal fee with a nonlawyer in violation of Rule of Professional Conduct 5.4(a), and pay an impermissible referral fee in violation of Rule of Professional Conduct 7.2(c) and 7.3(d)." It adds: "The Committees further find that LegalZoom and Rocket Lawyer appear to operate legal service plans through their websites but New Jersey lawyers may not participate in these plans because they are not registered with the Administrative Office of the Courts in accordance with Rule of Professional Conduct 7.3(e)(4)(vii)." top

RESOURCES

Surveillance Intermediaries ( Alan Z. Rozenshtein in the Stanford Law Review, forthcoming 2018) - Abstract: Apple's 2016 fight against a court order commanding it to help the FBI unlock the iPhone of one of the San Bernardino terrorists exemplifies how central the question of regulating government surveillance has become in American politics and law. But scholarly attempts to answer this question have suffered from a serious omission: scholars have ignored how government surveillance is checked by "surveillance intermediaries," the companies like Apple, Google, and Facebook that dominate digital communications and data storage, and on whose cooperation government surveillance relies. This Article fills this gap in the scholarly literature, providing the first comprehensive analysis of how surveillance intermediaries constrain the surveillance executive. In so doing, it enhances our conceptual understanding of, and thus our ability to improve, the institutional design of government surveillance. Surveillance intermediaries have the financial and ideological incentives to resist government requests for user data. Their techniques of resistance are: proceduralism and litigiousness that reject voluntary cooperation in favor of minimal compliance and aggressive litigation; technological unilateralism that designs products and services to make surveillance harder; and policy mobilization that rallies legislative and public opinion to limit surveillance. Surveillance intermediaries also enhance the "surveillance separation of powers"; they make the surveillance executive more subject to inter-branch constraints from Congress and the courts, and to intra-branch constraints from foreign-relations and economics agencies as well as the surveillance executive's own surveillance-limiting components. The normative implications of this descriptive account are important and cross-cutting. Surveillance intermediaries can both improve and worsen the "surveillance frontier": the set of tradeoffs - between public safety, privacy, and economic growth - from which we choose surveillance policy. And while intermediaries enhance surveillance self-government when they mobilize public opinion and strengthen the surveillance separation of powers, they undermine it when their unilateral technological changes prevent the government from exercising its lawful surveillance authorities. top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Michigan man dodges prison in theft of Wi-Fi (CNET, 22 May 2007) -- A Michigan man who used a coffee shop's unsecured Wi-Fi to check his e-mail from his car could have faced up to five years in prison, according to local TV station WOOD. But it seems few in the village of Sparta, Mich., were aware that using an unsecured Wi-Fi connection without the owner's permission--a practice known as piggybacking--was a felony. Each day around lunch time, Sam Peterson would drive to the Union Street Cafe, park his car and--without actually entering the coffee shop--check his e-mail and surf the Net. His ritual raised the suspicions of Police Chief Andrew Milanowski, who approached him and asked what he was doing. Peterson, probably not realizing that his actions constituted a crime, freely admitted what he was doing. "I knew that the Union Street had Wi-Fi. I just went down and checked my e-mail and didn't see a problem with that," Peterson told a WOOD reporter. Milanowski didn't immediately cite or arrest Peterson, mostly because he wasn't certain a crime had been committed. "I had a feeling a law was being broken," the chief said. Milanowski did some research and found Michigan's "Fraudulent access to computers, computer systems, and computer networks" law, a felony punishable by five years in prison and a $10,000 fine. Milanowski, who eventually swore out a warrant for Peterson, doesn't believe Milanowski knew he was breaking the law. "In my opinion, probably not. Most people probably don't." Indeed, neither did Donna May, the owner of the Union Street Cafe. "I didn't know it was really illegal, either," she told the TV station. "If he would have come in (to the coffee shop), it would have been fine." But apparently prosecutors were more than aware of the 1979 law, which was revised in 2000 to include protections for Wi-Fi networks. "This is the first time that we've actually charged it," Kent County Assistant Prosecutor Lynn Hopkins said, adding that "we'd been hoping to dodge this bullet for a while." top

Whole Foods CEO panned Wild Oats on web (Reuters, 12 July 2007) - The chief executive of Whole Foods Market Inc. posted messages on a Yahoo! chat forum under an alias for years, talking up his own company while predicting a bleak future for Wild Oats Markets Inc., the rival it has since sought to acquire. Company CEO John Mackey posted messages on a Yahoo! financial forum under the user name "rahodeb," according to a court document filed by the U.S. Federal Trade Commission and postings on Yahoo! Mackey's messages painted a bright future for Whole Foods, the largest U.S. natural and organic grocer, and downplayed the threat posed by competitors. "The writing is on the wall. The end game is now underway for (Wild Oats) .... Whole Foods is systematically destroying their viability as a business - market by market, city by city," Mackey wrote in a March 28, 2006 posting. It was cited by the FTC as part of a lawsuit aimed at blocking Whole Foods' planned $565 million (278 million pounds) acquisition of Wild Oats on grounds the deal would hobble competition and increase prices to consumers. "Bankruptcy remains a distinct possibility (for Wild Oats) IMO if the business isn't sold within the next few years," rahodeb said in another March 29, 2006 posting on Yahoo! Whole Foods confirmed Mackey had made the "rahodeb" postings between 1999 and 2006. It said references to those comments were among millions of documents the company provided to the FTC as part of the agency's antitrust lawsuit. In a statement, the company said Mackey posted comments under an alias "to avoid having his comments associated with the company and to avoid others placing too much emphasis on his remarks." top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. Aon's Technology & Professional Risks Newsletter

5. Crypto-Gram, http://www.schneier.com/crypto-gram.html

6. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

7. The Benton Foundation's Communications Headlines

8. Gate15 Situational Update Notifications, http://www.gate15.us/services.html

9. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top