Friday, April 03, 2015

MIRLN --- 15 March – 4 April 2015 (v18.05)

MIRLN --- 15 March - 4 April 2015 (v18.05) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | LOOKING BACK | NOTES

Turning data into powerful visualizations of Detroit (Zuckerman @ Berkman, 11 March 2015) - What's a "holy shit visualization?" It's a way of looking at data that turns a statistic you might have flipped past in a book or skimmed by on a web page into something that you can't forget. It's a visceral reminder of the power of images and the power of looking at dry numbers in human terms. For Mike Evans , the map below was a holy shit visualization. Properties in yellow are in tax distress. Those in orange are under tax foreclosure. Those in red have been foreclosed. In 2014, 50 percent of properties in the city of Detroit were in danger of foreclosure, being foreclosed, or owned by the city. That's a frightening statistic. But seeing what it looks like on the map makes the scale of the problem more visceral. * * * [ graphic ] Evans knew this was a powerful visualization when he took the map to the county treasurer, who had his own "holy shit" moment seeing the data. Mike asks, "What does it mean when the county treasurer doesn't know this? What does this mean for a homeowner who's far more removed from this information?" Evans is senior developer with Loveland Technologies , a for-profit technology consultancy in Detroit, Mich., that focuses on mapping land ownership in cities, especially in Detroit. He visited Center for Civic Media at the MIT Media Lab to talk about the community mapping work he and his team have taken on in Detroit and around the U.S. Loveland is a project started by Jerry Paffendorf, who had the clever idea of selling distressed properties in Detroit one square inch at a time. Detroit auctions thousands of properties at a time, and properties that don't sell for outstanding taxes begin auctioning for $500 apiece. Paffendorf bought some of these properties and started selling them off via Kickstarter for a dollar per square inch (one of the first Kickstarters ever started), and Loveland Technologies got its start building a map that let people see their property ownership, much as the Million Dollar Homepage allowed advertisers to see their online presence purchased a pixel at a time.

top

To satisfy clients, law firms submit to cybersecurity scrutiny (American Lawyer, 12 March 2015) - In an effort to satisfy clients concerned about possible security breaches, at least 10 Am Law 200 firms and two Magic Circle firms have attained a special certification to demonstrate they're taking steps toward protecting their documents and communication systems, and at least 21 more are in the process of seeking certification, with some consultants speculating that even more will be certified by the end of the year. Businesses of all types can receive the certification, called ISO 27001, if they meet an international cybersecurity standard, but consultants who help companies get certified say that in the past year they've been inundated with inquiries from law firms. "What ISO 27001 represents is the only baseline that corporate trading partners- any business entities exchanging information-have as a reference for what they expect in security execution," says Jeffrey Ritter, a former practicing lawyer who now teaches courses on information technology at the University of Oxford, the University of Georgetown Law Center and Johns Hopkins University Whiting School of Engineering. According to a post on the International Legal Technology Association's website , at least 18 law firms have been certified as of last December, including Magic Circle firms Allen & Overy and Clifford Chance. Ten are Am Law 200 firms, including Paul, Weiss, Rifkind, Wharton & Garrison, Sullivan & Cromwell, Simpson Thacher & Bartlett and White & Case, as well as Milbank, Tweed, Hadley & McCloy and Ropes & Gray, which were expected to be certified by February. Another 23 firms are listed as working towards or investigating certification, 21 of which are Am Law 200 firms, including Cleary Gottlieb Steen & Hamilton, Skadden, Arps, Slate, Meagher & Flom, Debevoise & Plimpton and Davis Polk & Wardwell.

top

- and -

Law firm infected by Cryptolocker variant (Ride the Lightning, 16 March 2015) - California law firm Ziprick and Cramer sent a letter to clients on February 27th advising them that on or around January 25, 2015, the firm was infected by a new variant of the Cryptolocker virus which infected one of their workstations (encrypting its data) and then traveled to the server where data was encrypted on shared folders. The firm indicated that its backup was intact. Though a ransom demand had not yet been made, the firm said it would not pay any ransom "which would only encourage and fund such criminals in their illegal activities." The firm reported the cyberattack to the FBI and offered clients one year of free credit monitoring.

top

- and -

New York Fed forms team focused on cybersecurity threats (Bloomberg, 24 March 2015) - The Federal Reserve Bank of New York has formed a team dedicated to cybersecurity threats, according to the bank's top regulator. "We have elevated our efforts in recent months and have formed a dedicated team focused on further strengthening our overall supervisory approach to cybersecurity," Sarah Dahlgren, the New York Fed's head of supervision, said in prepared remarks delivered to a conference in New York today.

top

- and -

Citigroup report chides law firms for silence on hackings (NYT, 26 March 2015) - Every month it seems another American company reports being a victim of a hacking that results in the theft of internal or customer information. But the legal profession almost never publicly discloses a breach. The unwillingness of most big United States law firms to discuss or even acknowledge breaches has frustrated law enforcement and corporate clients for several years. That frustration bubbled over in a recent internal report from Citigroup 's cyberintelligence center that warned bank employees of the threat of attacks on the networks and websites of big law firms. "Due to the reluctance of most law firms to publicly discuss cyberintrusions and the lack of data breach reporting requirements in general in the legal industry, it is not possible to determine whether cyberattacks against law firms are on the rise," according to the report, a copy of which was reviewed by The New York Times. The report, issued last month, said it was reasonable to expect law firms to be targets of attacks by foreign governments and hackers because they are repositories for confidential data on corporate deals and business strategies. The report said bank employees should be mindful that digital security at many law firms, despite improvements, generally remains below the standards for other industries. It said law firms were at "high risk for cyberintrusions" and would "continue to be targeted by malicious actors looking to steal information on highly sensitive matters such as mergers and acquisitions and patent applications." The Citigroup team issued the report as other Wall Street banks are putting pressure on the legal profession to do more to prevent the theft of confidential client information. For nearly a year, banks and law firms have talked about forging a closer partnership to share some information about hacking incidents. Banks are also demanding more documentation from law firms about online security measures as a condition of retaining them for assignments. In the last several months, Mandiant, the security firm that is a division of the security consultant FireEye, has been advising a half-dozen unidentified law firms that were victims of a breach or other attack, said a person briefed on the matter who spoke on the condition of anonymity.

top

IU Media School professor's paper was influential in FCC net neutrality decision (Indiana U, 16 March 2015) - After months of public and political debate, the Federal Communications Commission voted on Feb. 26 to regulate the Internet in the same way as it does "telecommunications services" under Title II of the 1934 Communications Act . * * * The FCC's declaratory ruling frequently cites and relies on the analysis of Cherry and Jon Peha, a professor in the departments of engineering and public policy and of electrical and computer engineering at Carnegie Mellon University. This is significant when you consider that more than 4 million comments were filed in this proceeding - the most in the history of the FCC. Cherry and Peha co-authored an influential paper, " The Telecom Act of 1996 Requires the FCC to Classify Commercial Internet Access as a Telecommunications Service ," which was filed with the FCC in late December. The paper was cited and directly quoted 10 times in the ruling. Importantly, Cherry and Peha's analysis integrates technical and legal perspectives to explain how providers offer broadband Internet access services with the commercial and technical functionalities of telecommunications services. Cherry formerly worked for the FCC as senior counsel in the Office of Strategic Planning and Policy Analysis. Peha is a former chief technologist for the FCC. Also actively researching the issue have been Julien Mailland , an assistant professor of telecommunications, and Matt Pierce , a lecturer in The Media School who also serves as state representative.

top

Measuring innovation (Patently-O, 16 March 2015) - A new business article on "measuring innovation" notes that 50% of firms investing in R&D are not patenting the results of their research. The main thrust of the article is that, because so many firms are avoiding the patent system, that patents do not make sense as a broad measure of innovation. Their solution is to use the Research Quotient (Prof Knott's measure of optimal research output based upon various financial outputs) as a better measure. See Cooper, Knott, and Yang, Measuring Innovation (March 2, 2015). Available at SSRN: http://ssrn.com/abstract=2572815 or http://dx.doi.org/10.2139/ssrn.2572815 .

top

The Righthaven debacle, 5 years later (Eric Goldman, 17 March 2015) - You probably recall Righthaven, the now-defunct copyright enforcement entity (some might call it a copyright troll) that purchased newspapers' copyrights so it could sue small-time bloggers who republished articles; after suing, it would demand financial settlements the bloggers couldn't afford. Steve Green, a reporter at the Las Vegas Sun newspaper, tirelessly chronicled Righthaven's waxing and waning. To "celebrate" the five year anniversary of Righthaven's launch, Green has posted a lengthy retrospective (with his now-employer, the Orange County Register). Some of the best tidbits from the article:

(1) Everyone associated with Righthaven avoided discipline by the Nevada bar regulators. Say what? I don't have all of the facts, but based on what I saw, this is incredible. Numerous judges harshly criticized Righthaven's litigation tactics (see, e.g., this benchslap using words like "flagrantly false," "disingenuous," "deceitful," "brazen" and "egregious"), and I thought there was a chance some lawyers would lose their licenses for their involvement in this scheme. Instead, not even a single public reprimand. Wow. Exactly what does it take to violate Nevada's ethics rules? (2) the purported class action of Righthaven victims fizzled out with Righthaven's demise. (3) Steve Gibson, Righthaven's principal, is still practicing law in Nevada. Indeed, he self-describes himself as "one of the premier business and intellectual property attorneys practicing in Las Vegas." This makes me wonder: do his prospective clients not Google him??? (4) The mom of Colleen Lynn, an anti-Righthaven activist, called Righthaven's campaign "legal terrorism."

* * * [Polley : As usual, the rest of Eric's posting is worth reading.]

top

You can now see analytics for US government websites (Mashable, 19 March 2015) - The White House on Thursday introduced a publicly available analytics dashboard that keeps tabs on traffic stats from 3,800 government websites. In the dashboard , website analytics for some of the most-trafficked government sites are available in real time. At any given moment, you can see which websites are most popular - right now the IRS' "Where's My Refund?" page tops the list - and how many people are visiting these pages. The project is open source, and the code for the site and its reporting tool , is available to those who want to take advantage of the data for their own projects. While open-source data may sound like an unexpected move for Uncle Sam, it will be an increasing area of focus for Digital Services as the Obama administration looks to expand the team in 2016, according to Charles Worthington, a developer with the agency.

top

"Open Well-Tempered Clavier" project complete; score and recording online (Slashdot, 19 March 2015) - Open source music notation software MuseScore, and pianist Kimiko Ishizaka, have completed the Open Well-Tempered Clavier project and released a new studio recording and digital score online, under the Creative Commons Zero (CC0, public domain) license. Their previous project, the Open Goldberg Variations (2012) , has shown its cultural significance by greatly enhancing the Wikipedia.org article on J.S. Bach's work , and by making great progress in supplying musical scores that are accessible to the visually impaired and the blind . The recording has also received very positive early reviews by music critics . Over 900 fans of J.S. Bach financed this project on Kickstarter.com , where a total of $44,083 was raised.

top

Corporate culture hinders cyber insurance buy-in (CSO Online, 20 March 2015) - The relatively new field of cyber insurance offers a potentially valuable shield from the financial toll that a data breach can visit on a company, but that market is held back by a lack of information about the threat landscape and a culture in many firms that too often marginalizes cyber issues, a senior government official warns. Tom Finan, senior cybersecurity strategist and counsel at the Department of Homeland Security, has been heading up a review of the cybersecurity insurance industry, looking at ways that the government could help advance the market. In remarks at a recent government IT conference , he suggested that insurance carriers would be more generous in their coverage options with more concrete data about the risks that applicants face. "Perhaps unsurprisingly, companies are not publicly disclosing their own damages from the cyber incidents that they're experiencing. Consequently there's just not enough actuarial data -- yet -- to make these additional categories of first-party coverage more successful," Finan said. "Several of the carriers joining us have told us that big data about cyber incidents could be a potential treasure trove that would aid their efforts immensely." As a result, insurance carriers are commonly underwriting policies based on an assessment of the security culture at the applying company, finding that, despite the steady diet of high-profile breaches, cyber issues remain marginalized within the IT department, rather than being incorporated into a broader enterprise risk management (ERM) framework. And that's a problem, according to Finan. "For many companies, the business case for investing against cyber risk still has not been made. With some exceptions, corporate leaders continue to treat cybersecurity as an IT problem separate and apart from the other business risks that they're addressing as part of their overall corporate risk management strategies," he said.

top

Medical data has become the next cybersecurity target (NextGov, 20 March 2015) - Hackers often carry out massive cyberattacks to gain access to financial data through banks and retail companies , but this week's cybercrime hit a seemingly new target: medical data, taken from the health insurance company Premera Blue Cross. The attack affected 11 million patients, making it the largest cyberattack involving medical information to date . The healthcare industry has been catching hackers' attention lately. In February, the health insurance company Anthem reported a breach in which hackers accessed to about 80 million records , and in 2014, the Tennessee-based hospital operator Community Health Systems saw 4.5 million records accessed, though both companies said no medical data was exposed. Even so, as Pat Calhoun, the senior vice president of network security at Intel Security, puts it, the healthcare industry is just beginning to find itself in cyber-criminals' crosshairs, making it slow to shield people's records. Calhoun points out that healthcare breaches aren't unheard of: In fact, according to Intel Security and the Atlantic Council's latest report on cyber risks , about 44 percent of all registered data breaches in 2013 targeted medical companies, with the number of breaches increasing 60 percent between 2013 and 2014. Medical data is also becoming a highly lucrative target. "Financial data has always been a priority, because it's low-hanging fruit," Calhoun says. "But over the past couple of years, we've identified that medical information has a higher value on the black market than credit card information."

top

The curious (and vital) power of print (NYT's Public Editor, 21 March 2015) - WHO buys the print edition of the newspaper? Just a few Luddites who wouldn't know a smartphone if their horse-drawn buggy crushed it on the cobblestones? Octogenarians and their older brothers? That seems to be the conventional wisdom. On Twitter, Chris Boutet had a funny line recently. "The following is a list of people who still subscribe to newspapers: Journalists, their parents." There's no doubt about the downward trajectory of print. But where, exactly, are we on that path? And how do younger people fit into that picture? I thought it would be worthwhile to find out, since it's bound to affect The Times and its readers. And some of the answers may be surprising. More than 70 percent of all revenue at The Times came from print last year. The biggest share of that is "consumer revenue" from print - almost exclusively, that's from people who buy the newspaper either with a home-delivery subscription or on the newsstand. But print advertising revenue is very important, too. More than a million people still buy the Sunday paper each week. The number has declined to about 1.1 million from 1.8 million at its height in 1993. And about 645,000 people still pay for the daily paper, which has taken the biggest hit. (The daily numbers fell by about 6 percent last year; on Sunday, the number fell by about 3.5 percent.) A lot of younger people buy and read the paper in print. Of all subscribers, 23 percent are in their 20s, 30s and 40s - that's hundreds of thousands each week. And on the opposite side of the spectrum, the typical digital Times subscriber is decidedly not a millennial, wielding her selfie stick and heading off to Coachella. No, the median age of the digital subscriber is a graying (but no doubt Pilates-practicing) 54, not much younger than the median age of the print subscriber, which is 60. What's more, this substantial print crowd, young and old, loves its Times passionately. Roland Caputo, the Times executive in charge of print ("It's important that somebody carry the torch for the unsexy part of the operation"), describes the readers' passion in simple terms. "Print readers love print," he told me. "The affinity they have for it is astronomical." A major Times research project on readership last summer made that clear. [ Polley : I love the NYT in print, but only read The New Yorker on my iPad and cancelled my 25-year Atlantic subscription because of their mangled e-reader implementation. Color me ambivalent.]

top

- and -

Publishers a la New York Times to publish on Facebook directly (Kevin O'Keefe, 23 March 2015) - The New Times reports today that publishers, including the New York Times itself, are on the verge of publishing directly on Facebook. Rather than users clicking from Facebook to content on third party sites, such as the Times, Facebook would host the content directly on its social network site. Though such a plan may improve the Facebook user's experience with speed to the content (no click through), the idea is not without its problems for publishers. Such a plan would represent a leap of faith for news organizations accustomed to keeping their readers within their own ecosystems, as well as accumulating valuable data on them. Historically, Facebook has not shared advertising revenue with publishers. "We'll send you traffic and you, as the publisher, sell ads based on increased website traffic." With this new plan, Facebook has expressed a willingness to share ad revenue. They'd have to as Facebook would control the entire atmosphere, no one would be leaving Facebook to go to the publisher's site. The whole idea of Facebook doing your publishing has to be scary as heck for publishers. As The New York Times' David Carr (now deceased), wrote on this subject last fall: For publishers, Facebook is a bit like that big dog galloping toward you in the park. More often than not, it's hard to tell whether he wants to play with you or eat you.

top

US customs testing facial recognition at Dulles airport (PCmag, 22 March 2015) - If you're a frequent international traveler, and you find yourself flying into Washington, D.C.'s Dulles airport a lot, then your headshot might start showing up in a government database. You haven't done anything wrong-at least, we hope not-but odds are good that you might be randomly selected for a quick picture. According to Motherboard , U.S. Customs and Border Protection rolled out a new initiative starting March 11, whereby random Americans entering the U.S. might get their headshots taken as part of a new program designed to ferret out potential imposters. "The operational goals of this pilot are to determine the viability of facial recognition as a technology to assist CBPOs in identifying possible imposters using U.S. e-passports to enter the United States and determine if facial recognition technology can be incorporated into current CBP entry processing with acceptable impacts to processing time and the traveling public while effectively providing CBPOs with a tool to counter imposters using valid U.S. travel documents," reads U.S. Customs and Border Protection's official " Privacy Impact Assessment " document. If you're the lucky recipient of a free headshot, a customs officer will run a software analysis of your picture and compare it against the picture of you that's stored on your e-passport's data chip. A score will be generated based on the similarities (and differences)-if you don't match, that might clue in the customs officer that some additional steps could be necessary to confirm that you're really you. It won't give you a green flag through customs if you pass, and it's not necessarily going to be a red flag if your new look doesn't match your passport photo.

top

- and -

The rise of the Cryptopticon (Siva Vaidhyanathan in The Hedgehog Review, Spring 2015) - Consider two American films, twenty-four years apart, both starring Gene Hackman as a reclusive surveillance expert. The difference between the work done by Harry Caul, the naive, emotionally stunted private investigator played by Hackman in Francis Ford Coppola's 1974 film The Conversation , and the work done by Edward Lyle, the disaffected, cynical former spy Hackman portrays in the 1998 Tony Scott film Enemy of the State , is more than a matter of the tools they use. Caul uses audio and video surveillance to investigate private citizens, while Lyle deftly deploys the digital tools and techniques that have come to characterize our era of total surveillance. We learn that before choosing to go "off the grid," Lyle did high-level work for either a government organization like the National Security Agency or a private contractor working for the NSA. (The exact truth is never fully revealed.) Lyle seems to be Caul a quarter century later, with a new name, a deeper sense of nihilism, but the same aversion to sharing information with others. * * * [ Polley : Nice compare-and-contrast use of the 2 films to illuminate the current condition, and the surveillance state. We're so past "1984" , and when these tools are misused we'll be helpless.]

top

QVC can't stop web scraping (Eric Goldman, 24 March 2015) - Although scraping is ubiquitous, it's not clearly legal. A variety of laws may apply to unauthorized scraping, including contract, copyright and trespass to chattels laws. ("Trespass to chattels" protects against unauthorized use of someone's personal property, such as computer servers). The fact that so many laws restrict scraping means it is legally dubious, which makes a scraper's recent courtroom win especially noteworthy. QVC is the well-known TV retailer. Resultly is a start-up shopping app self-described as "Your stylist, personal shopper and inspiration board!" Resultly builds a catalog of items for sale by scraping many online retailers, including QVC. Scraping of retailers' websites isn't unusual; as the court say, "QVC allows many of Resultly's competitors, e.g., Google, Pinterest, The Find, and Wanelo, to crawl its website." Resultly cashes in when users click on affiliate links to QVC products (although Resultly's affiliate arrangement is mediated through two layers of business partners, each of whom takes their own cut of the proceeds). In May 2014, Resultly's automated scraper overloaded QVC's servers, causing outages that allegedly cost QVC $2M in revenue. QVC eventually blocked access to Resultly's scraper. Subsequent discussions were irresolute, and QVC sought a preliminary injunction based on the Computer Fraud & Abuse Act (18 USC 1030(a)(5)(A)). The court concludes that QVC hasn't shown a likelihood of success because Resultly lacked the required intent to damage QVC's system: * * *

top

How the NYCLA's ethics opinion on LinkedIn forces lawyers to act deceptively and violate LinkedIn's user agreement (Carolyn Elefant, 24 March 2015) - By now, in 2015, most of the general public over the age of 21 have been using Google, Facebook and LinkedIn for nearly a decade. During that time, they've acclimated to the culture of each of these online universes, and grown as adept in distinguishing casual informational websites and biographical profiles and chatty personal exchanges from paid advertising as a seasoned world traveler in recognizing an American tourist. Yet while the majority of online users with an IQ over 80 understand the prevailing online social order, apparently bar regulators do not. So like imperialists swooping in to "civilize" native colonies, comes now the 100-year old New York County Bar Association (NYCLA) to inflict its ethics rules on LinkedIn through the issuance of Formal Opinion 748 . As summarized by Allison Shields and Nicole Black , Formal Opinion 748 purports to offer lawyers guidance on when a LinkedIn profile constitutes advertising and when it doesn't. Not surprisingly, this devolves into an exercise in hair-splitting: pure biographical information consisting only of one's education and employment history isn't advertising, but a description of practice areas, skills, endorsements - and even a detailed description of work performed for a former employer is. And of course, as we all know, once the regulators classify something as advertising, we can't disseminate it to the public without first marking it with a big scarlet A, er - disclaimer. And therein lies the problem. Because slapping the phrase "this constitutes lawyer advertising" in the context of the LinkedIn universe causes MORE confusion for the public. When potential clients see a scarlet "A" on a lawyer profile, they're going to assume that the lawyer paid for the ad and that it's inherently less truthful than the other non-advertorial profiles on LinkedIn. Worse, users are likely to draw inaccurate conclusions - either that the lawyer is doing well enough to pay for a spendy ad on LinkedIn, or is so desperate that he can't find clients without paying for social media exposure. Either way, requiring lawyers to include an advertising disclaimer on an otherwise ordinary LinkedIn listing has the effect of "misleading by creating a false appearance" and therefore, is deceptive.

top

Court might enforce a contract ban on consumer reviews (Eric Goldman, 27 March 2015) - Claude and Violaine Galland own an apartment in Paris, France. They offer it for rental through VRBO , an online service for vacation rentals. The Gallands' rental agreement include the following language: "The tenants agree not to use blogs or websites for complaints, anonymously or not." Though clumsily worded, this clause is similar to prior attempts to restrict consumer reviews, such as the provisions used by doctors and dentists , hotels , apartment owners and other vacation rental services . As far as I know, no court has ever enforced any of these clauses purporting to suppress consumer reviews. Two different renters, the Johnstons and Bowdens, rented the Gallands' apartment and subsequently posted critical reviews on VRBO. Mr. Galland allegedly offered $300-unsuccessfully-to the Bowdens to remove their post. Instead, the Gallands sued the Johnstons and Bowdens for defamation, breach of contract and other claims. The judge dismissed the defamation claims-but refused to dismiss the breach of contract claim… Surprisingly, the judge didn't discuss the illegality of the contract clause. In 2003, a New York court instructed a software vendor to stop banning consumer reviews in its contract (the exact restriction: "The customer will not publish reviews of this product without prior consent from Network Associates, Inc."). The court held that using such a clause may be a deceptive practice under New York's consumer protection law. I can't see any reason why the Gallands' clause wouldn't violate the same law. (The Gallands' case is being litigated in a New York federal court applying New York law). Irrespective of the New York law, the contract restriction should be void as a matter of public policy. I'm hoping the court will come to its senses and realize that no trial is needed because the clause should be condemned, not enforced. It's remarkable that anyone had the confidence to litigate such a clause at all. We have seen relatively few courtroom battles over contractual bans on consumer reviews, and we aren't likely to see many such disputes in the future. The Gallands' contract provision clearly violates California's new law against consumer review bans , and I believe a new federal bill will be introduced to make such bans nationwide. Eventually vendors will get the message and stop trying. Until they do, we need more tools to discourage such clauses in the future-and to discourage wasteful litigation intended to suppress renters' rights to express themselves.

top

FCC vs. FTC - a new privacy turf war (Katy on the Hill, 30 March 2015) - The FCC is about to muscle in on the FTC's privacy turf and the FTC is pushing back. Since the 1999 Geocities case, the Federal Trade Commission has been the nation's defacto privacy cop, bringing more than 150 privacy and data security cases. But the net neutrality order could make the Federal Communications Commission a much bigger player in privacy enforcement. When the FCC last month reclassified the Internet as a common carrier service, it expanded Title II's strict privacy regulations that currently govern telephone services to ISPs and mobile providers. A little known provision in FTC law called the common carrier exemption gives the FCC exclusive authority over telephone services. Now that ISPs and mobile providers are common carriers, the FTC could be cut out of a broad swath of privacy enforcement, especially since much of the privacy and data security agita today stems from online and mobile practices. The FTC most recent enforcement actions - TracFone, AT&T, and T-Mobile - may be now out of bounds for the FTC, but fair game for the FCC. The only solution for the FTC is for Congress to change the common carrier exemption and the FTC is advocating that course. Although the details of how the FCC will apply its expanded privacy authority to Internet services need to be worked out, it's high on chairman Wheeler's list. Wheeler said earlier this month during DC's annual Tech Prom, that the commission would hold workshops beginning next month "to deal with broadband privacy issues for the newly classified telecommunications service providers." Depending on how far the FCC goes, the commission's new privacy authority could reach to Do Not Track, data collection and mobile app privacy. "It could divest the FTC of a lot of authority. It's sort of a blank check," said Bob Corn Revere, a partner with Davis Wright Tremaine, who represents the Association of National Advertisers.

top

Pentagon personnel now talking on 'NSA-proof' smartphones (NextGov, 30 March 2015) - The Defense Department has rolled out supersecret smartphones for work and maybe play, made by anti-government-surveillance firm Silent Circle, according to company officials. Silent Circle, founded by a former Navy Seal and the inventor of privacy-minded PGP encryption, is known for decrying federal efforts to bug smartphones . And for its spy-resistant "blackphone. Apparently, troops don't like busybodies either. As part of limited trials, U.S. military personnel are using the device, encrypted with secret code down to its hardware, to communicate "for both unclassified and classified" work, Silent Circle chairman Mike Janke told Nextgov . In 2012, Janke, who served in the Navy's elite special operations force, and Phil Zimmermann, creator of Pretty Good Privacy (PGP, in short), started Silent Circle as a California-based secure communications firm. The company is no longer based in the United States, ostensibly to deter U.S. law enforcement from seeking access to user records. The blackphone's operating system and software options enable customers to essentially log in to the same phone under multiple personas, each with separate security restrictions. Specifically, a feature called "Spaces" insulates data activity in one profile from the actions happening in other compartments. An undisclosed number of blackphones are "out in the field," Janke said. DOD receives a discount off the $629 retail device by purchasing in bulk, just like Silent Circle's corporate customer base, which includes at least one major U.S. oil company, Janke said.

top

PCI Council updates penetration testing guidance for merchants (SC Magazine, 30 March 2015) - The PCI Security Standards Council has released guidance to help merchants improve their system for regularly testing security controls and processes impacting payment card security. On Thursday, the 43-page informational supplement ( PDF ) was published, offering best practices for penetration testing components, qualifications for penetration testers, penetration testing methodology and reporting guidelines, a release from the Council said. "An update to PCI guidance published in 2008, the document also includes three case studies which illustrate the various concepts presented within the document, as well as a quick-reference guide to assist in navigating the penetration testing requirements," the release added. The updated guidance comes after Verizon published its 2015 PCI Compliance Report this month, revealing that Requirement 11 of PCI DSS was a compliance weak point for organizations. Requirement 11 states that organizations should regularly test security systems and processes.

top

Progress on the police-filming front (Lowering the Bar, 2 April 2015) - Two or three pieces of good news here. First, the Texas bill that would have made it illegal for you to film a cop beating you ( see " Texas Bill Would Make It Illegal for You to Film a Cop Beating You " (Mar. 26)) seems to have been withdrawn by its sponsor, the probably-well-meaning-but-not-too-thoughtful Rep. Jason Villella. The legislature's site just says " no action taken in committee " on HB 2918 (the bill was scheduled for a hearing on March 26), but there are reports that Villella decided to drop it completely after the state's largest union of police officers said it would oppose the bill. Villella reportedly insisted that he had only withdrawn the bill temporarily because "it's being amended and the hearing [was going to] run very late," but some (specifically, me) are suggesting that in fact he pulled it because pretty much everybody hates it. Turns out there was already a competing proposal in Texas, HB 1035 , which would not only state that recording officers is legal, it would make it illegal for law enforcement to alter, destroy, or conceal a recording of police operations without the owner's written consent. I don't know what that bill's chances are, but would guess they are approximately infinitely better than those of HB 2918. Second, as Courthouse News reports (also PINAC ), lawmakers in both California and Colorado have also introduced bills aimed at protecting the right to film public servants in public.

top

9th Circuit rules Netflix isn't subject to disability law (Ares Technica, 2 April 2015) - A federal appeals court ruled (PDF) yesterday that the Americans with Disabilities Act (ADA) doesn't apply to Netflix, since the online video provider is "not connected to any actual, physical place." Donald Cullen sued Netflix in March 2011, attempting to kick off a class-action lawsuit on behalf of disabled people who didn't have full use of the videos because they aren't all captioned. A district court judge threw out his lawsuit in 2013, and yesterday's ruling by the US Court of Appeals for the 9th Circuit upholds that decision. The decision is "unpublished," meaning it isn't intended to be used as precedent in other cases. However, it certainly doesn't bode well for any plaintiff thinking about filing a similar case in the 9th Circuit, which covers most of the Western US. At least one other court has come out the other way on this issue. Three months after Cullen filed suit, the National Association for the Deaf (NAD) filed an ADA lawsuit against Netflix in Massachusetts over the same issue. In that case, the judge found that Netflix was a "place of public accommodation" and would have to face the lawsuit against the disability rights group. After the company lost the initial motion, Netflix settled the case with NAD , agreeing to pay $750,000 in legal fees and caption all of its videos by the year 2014. While online captioning may be a done deal for Netflix, NAD has continued to litigate the matter. In February, the group sued Harvard and MIT over their free online course offerings, saying the lack of captions constitutes an ADA violation.

top

RESOURCES

A comparative look at copyright law and fair use exemptions (MLPB, 24 March 2015) - Susanna Monsieur, College of New Jersey, has published Copyright and the Digital Economy: Is It Necessary to Adopt Fair Use? Here is the abstract: This paper reviews recent recommendations for and against the introduction of an open-ended fair use exception for the digital age in the EU, the UK, Ireland and Australia. Law Commissions in Ireland and Australia both recommended introducing an open-ended fair use exception, as well or instead of the list of limited fair dealing exceptions, while reviews of the law in the UK and EU have not recommended such sweeping changes. The paper argues that while the "fair use" exception has many advantages for the digital age, a major legislative overhaul of copyright law is unnecessary to adapt a copyright regime to the digital realm. Balancing technological innovation and content creation depends less on the distinctions between the fair use and fair dealing exemptions and more on ensuring that the law, through both legislation and judicial interpretation, in fact acts to promote the main purpose of copyright law, the benefit of the public. This can be achieved through a focus on fairness and the harmonization of exceptions to be found in the Berne three step test.

top

Adapting copyright law for mashups (MLPB, 25 March 2015) - Peter S. Men ell, University of California, Berkeley, School of Law, is publishing Adapting Copyright for the Mashups Generation in the University of Pennsylvania Law Review. Here is the abstract: Growing out of the rap and hip hop genres as well as advances in digital editing tools, music mashups have emerged as a defining genre for post-Napster generations. Yet the uncertain contours of copyright liability as well as prohibitive transaction costs have pushed this genre underground, stunting its development, limiting remix artists' commercial channels, depriving sampled artists of fair compensation, and further alienating bedizens and new artists from the copyright system. In the real world of transaction costs, subjective legal standards, and market power, no solution to the mashups problem will achieve perfection across all dimensions. The appropriate inquiry is whether an allocation mechanism achieves the best overall resolution of the trade-offs among authors' rights, cumulative creativity, freedom of expression, and overall functioning of the copyright system. By adapting the long-standing cover license for the mashups genre, Congress can support a charismatic new genre while affording fairer compensation to owners of sampled works, engaging the next generations, and channeling disaffected music fans into authorized markets.

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Google wins in Glico trademark lawsuit (SiliconValley.com, 15 Dec 2004) -- Google Inc. won a major legal victory Wednesday when a federal judge ruled that the search engine's advertising policy does not violate federal trademark laws. U.S. District Judge Leonie Brinkman rejected a claim by auto insurance giant Glico Corp., which argued that Google should not be allowed to sell ads to rival insurance companies that appear whenever Glico's name is typed into the Google search box. Google derives a major portion of its revenues from selling ad space to businesses that bid on search terms -- both generic words and names protected by trademark -- used by people looking for information online about products and services. Glico, a unit of billionaire Warren Buffett's Berkshire Hathaway Inc., claimed that Google's Ad Words program, which displays the rival ads under a ``Sponsored Links" heading next to a user's search results, confuses consumers and illegally exploits Glico's investment of hundreds of millions of dollars in its brand. ``There is no evidence that that activity alone causes confusion," Brinkman said, in granting Google's motion for summary judgment on that issue. The ruling, on what the parties considered the seminal issue in the case, came just three days after the trial had begun. David Drummond, Google's vice president and general counsel, called the decision a victory for consumers. ``It confirms that our policy complies with the law, particularly the use of trademarks as keywords," Drummond said. ``This is a clear signal to other litigants that our keyword policy is lawful."

top

Momentum is gaining for cellphones as credit cards (New York Times, 10 Jan 2005) - People already use their cellphones to read e-mail messages, take pictures and play video games. Before long, they may use them in place of their wallets. By embedding in the cellphone a computer chip or other type of memory device, a phone can double as a credit card. The chip performs the same function as the magnetic strip on the back of a credit card, storing account information and other data necessary to make a purchase. In Asia, phone makers are already selling phones that users can swipe against credit or debit card readers, in much the same way they would swipe plastic MasterCard or Visa cards. Trials are now under way to bring the technology to America, industry executives said. Ron Brown, executive director of the Infrared Data Association, a trade group representing companies pushing the technology for cellphone credit cards, said that the new handsets could become "a major form of payment, because cellphones are the most ubiquitous device in the world." He added, though, that "cash will never go away." Advocates say that consumers will readily embrace the technology as a way to pay for even small purchases, because it is less bother than taking a credit card out of a purse or parting with cash. The impending changes to the cellphone happen to coincide with major shifts taking place in the banking industry. Since credit cards are still considered somewhat inconvenient, particularly for quick, small purchases, major credit card companies have developed "contactless payment" technologies for checkout counters that allow customers to wave their cards near an electronic reader without having to swipe the card or sign their name. MasterCard, for example, has introduced a system called Pay Pass that lets cardholders wave a card in front of a reader to initiate a payment, much as motorists use E-Zaps and similar systems to pay tolls and ExxonMobil customers use Speed Pass to buy gas. Several major credit card companies issue Pay Pass cards; McDonald's has agreed to accept them at some restaurants. And American Express announced late last year that it would have its system, Express Pay, in more than 5,000 CVS drugstores by the middle of this year. Judy Tenser, a spokeswoman for American Express, said the technology made it more likely that customers would use credit cards to pay for small items.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. Steptoe & Johnson's E-Commerce Law Week

8. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

9. The Benton Foundation's Communications Headlines

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose.

top

Saturday, March 14, 2015

MIRLN --- 22 Feb - 14 March 2015 (v18.04)

MIRLN --- 22 Feb - 14 March 2015 (v18.04) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | LOOKING BACK | NOTES

Lawsuits' lurid details draw an online crowd (NYT, 22 Feb 2015) - Intimate, often painful allegations in lawsuits - intended for the scrutiny of judges and juries - are increasingly drawing in mass online audiences far from the courthouses where they are filed. When a former saleswoman at Zillow sued the real estate website in December, describing X-rated messages from male colleagues, her court filing drew hundreds of thousands of readers, causing an instant public relations crisis for the company. The papers in a sexual harassment suit filed last summer against Tinder , the dating app, circulated in a popular Buzzfeed post . And a lawyer for a fired University of Minnesota-Duluth women's hockey coach who is planning a lawsuit knows what the initial complaint will need: a clear narrative and damning details. More and more, the first court filings in gender-related suits, often allegations that inspire indignation, are winning wide readerships online before anyone steps foot in a courtroom. As a result, plaintiffs are finding themselves with unexpected support - and greater-than-ever power to ruin reputations. Panicky defendants are left trying to clear their names from accusations that sometimes are unsubstantiated. Judges and law professors, watching the explosion of documents online, fear such broad exposure is throwing court proceedings off track and changing the nature of how civil suits are meant to unfold. "It's not clear that lighting a match and dropping it in the public sphere is going to be a reliable way to bring closure," said Jonathan Zittrain, a Harvard professor of Internet law who compared the practice to the old campus tactic of scrawling the names of alleged rapists on women's bathroom walls. Though all sorts of legal records circulate online - the document website Scribd has more than six million - those involving gender or claims of sexual misconduct tend to resonate more widely than complex corporate litigation or low-level disputes. Lawsuit papers are generally public, but before the advent of electronic filing, most of them remained stuffed inside folders and filing cabinets at courthouses. Now some plaintiffs' lawyers, calculating that they will be protected from defamation suits when making charges in civil complaints, distribute the first filings online as a way of controlling the narrative. But more often, electronic case databases, blogs and social media propel a case into the spotlight even when the parties are not public figures.

top

Wall St. and law firms plan cooperative body to bolster online security (NYT, 23 Feb 2015) - The threat of ever-larger online attacks is bringing together Wall Street banks and the big law firms that do work for them in an alliance that could result in some sharing of basic information about digital security issues. For nearly a year, banks and law firms have discussed setting up a legal group that would be affiliated with the banking industry's main forum for sharing information about threats from hackers, online criminals and even nation states - the Financial Services Information Sharing and Analysis Center . Several people briefed on those discussions said those talks would most likely lead to the establishment of such a group by the end of the year, a recognition that hackers are increasingly focusing on big law firms to glean information about their corporate clients. Law enforcement agencies have long been concerned about the vulnerability of United States law firms to online attacks because they are seen by hackers and nations bent on corporate espionage as a rich repository of company secrets, business strategies and intellectual property. But attacks on law firms often go unreported because the firms are private and not subject to the same kind of data-breach reporting requirements as public companies that handle sensitive consumer information. Over the last several months, Mandiant, the security firm that is a division of FireEye, has been advising a half-dozen law firms that were the subject of a breach, said a person briefed on the matter who spoke on the condition of anonymity. Mandiant, during a recent presentation at a legal conference, said many of the bigger hackings of law firms had ties to the Chinese government, which was seeking information on patent applications, trade secrets, military weapons systems and contract negotiations. The law firm group under consideration would be set up as an organization to share and analyze information and would permit firms to share anonymously information about hackings and threats on computer networks in much the same way that bank and brokerage firms share similar information with the financial services group. And while the two groups would not necessarily share information with each other, the law firms would have access to some of the resources of the financial center, which has existed since 1999 and is one of the better-funded industry threat-sharing organizations. [ Polley : I'm helping the ABA assess whether/how it might facilitate similar ISAC-like activities; we fear that most firms (other than the very largest) wouldn't grok the value-proposition. Reactions?]

top

- and -

Law firms to share info about cyber threats (The Hill, 5 March 2015) - Leading international law firms are moving to share information on hacking threats, a step that could revolutionize how the legal industry copes with attempted cyberespionage. The threat-sharing forum, which is expected to launch in late spring, will mimic the system used by banks and financial institutions to help each other guard against cyberattacks. The legal group is expected to have between six and 12 initial members, according to The American Lawyer , which reported the news on Thursday. Five founding members were named: Sullivan & Cromwell, Debevoise & Plimpton, Paul Weiss Rifkind Wharton & Garrison, Allen & Overy and Linklaters. The decision to move forward on a threat-sharing forum highlights the pressure facing law firms to protect clients' secrets. Hackers, including teams sponsored by the Chinese government, have found law firms to be a less-guarded "back door" for gathering information on major U.S. companies. While banks and financial institutions have hardened cybersecurity, law firms' protections are typically less sophisticated. In the new forum, law firm leaders will be able to anonymously share information about hacking attempts and cyber vulnerabilities for an annual membership fee. The group will be organized as an offshoot of the Financial Services Information Sharing and Analysis Center, the threat-sharing forum for the banking industry, and will have access to some of its data.

top

- and -

Most big firms have had some hacking (Bloomberg, 10 March 2015) - Data breaches don't just affect retailers and banks. Most big law firms have been hacked, too. While cybercrime has plagued U.S.-based law firms quietly for close to a decade, the frequency of attempts and attacks has been increasing substantially. Numbers aren't available, since unlike hacking at financial institutions law firms have no legal obligations to disclose cybercrimes to the public. But experts say that these crimes have increased, particularly at firms whose practices involve government contracts or mergers and acquisitions, especially when non-U.S. companies or countries are involved. "Law firms are very attractive targets. They have information from clients on deal negotiations which adversaries have a keen interest in," according to Harvey Rishikof, co-chair of the American Bar Association's Cybersecurity Legal Task Force. "They're a treasure trove that is extremely attractive to criminals, foreign governments, adversaries and intelligence entities." While Cisco Systems Inc. ranks law firms as the seventh most-vulnerable industry to "malware encounters" in its 2015 "Annual Security Report," other statistics are more striking. At least 80 percent of the biggest 100 law firms have had some sort of breach, Peter Tyrrell, the chief operating officer of Digital Guardian, a data security software company, said in a telephone interview. Stewart Baker, a partner at Steptoe & Johnson LLP, said the number may be even higher. In an interview Tuesday he recounted what an agent from the Federal Bureau of Investigation told him: Virtually all of the biggest firms have faced some sort of data breach. [ Polley : This is all hearsay; aside from the Tyrrell quote, there's zero new here, and his quote is bare. I don't think Bloomberg should have run this, but I'm including it here anyway - grain of salt.]

top

New study provides cybersecurity insights for corporate counsel (Hogan Lovells, 24 Feb 2015) - A recently-released research study published by Indiana University's Bloomington School of Law highlights the rising importance of cybersecurity law and provides current insights on the role lawyers are playing to help protect companies from cyber threats. The study, entitled " The Emergence of Cybersecurity Law ," is based on a survey of corporate law departments as well as interviews conducted with lawyers, consultants, and academic experts. The report finds that although companies increasingly recognize the importance of cybersecurity, few are fully prepared to face the challenge. Substantial numbers of corporate leaders lack confidence in their organizations' level of preparedness-in part the result of a shortfall of cybersecurity literacy within organizations. While cybersecurity may once have been the domain of IT professionals, companies now recognize that having legal and other disciplines engaged is also necessary. The implication is that lawyers must master the patchwork of legal issues and regulations relevant to cybersecurity risk management, while developing sufficient technical vocabulary to ask the right questions of their IT counterparts. Despite the accelerating frequency of cybersecurity incidents, the report finds that companies still too often turn to lawyers only as a reactive measure rather than as part of a proactive process. To help companies protect their employees and customers from cyber threats, the report recommends that corporate counsel follow a 10-point cybersecurity agenda first proposed in 2012 by Hogan Lovells Partner Harriet Pearson: * * *

top

The "browsewrap"/"clickwrap" distinction is falling apart (Eric Goldman, 24 Feb 2015) - It is somewhat surprising that, in 2015, courts are still hashing out online consumer contract formation issues. After all, the seminal case, Specht v. Netscape , was decided over a dozen years ago. Yet, a few recent cases show that companies often don't get the contracting process right. In all or most of these cases, the companies are trying to push the disputes into arbitration (on an individual, rather than a class-wide basis). So the result of a flawed contract formation often means that a company has to litigate a claim in court rather than a more convenient and less expensive forum. * * * {case discussion and analysis}

top

Fair Use and MOOCs (InsideHigherEd, 24 Feb 2015) - As Fair Use Week begins , Francesca Giannetti and David Hunter considers the use of readily and legally available digital media for MOOCs. Their experience stems from assisting a University of Texas professor with an online jazz appreciation course. In helping University of Texas at Austin professor Jeff Hellmer identify and include audio and video recordings as he set up his jazz appreciation course, first offered January 2014, Francesca Giannetti and I considered numerous streaming or downloading possibilities. To rely on fair use in the context of an open educational resource, where the course audiovisuals would be posted on YouTube, was untested legal ground. In our view Professor Hellmer's uses were fair, such as 7-10 seconds of a song, embedded in a lecture, to illustrate a point. But a potential problem existed inasmuch as a challenge by a content owner would require removal of specific material, which would ruin the lecture, unless the institution was ready to be sued or file a declaratory judgment action against the accuser. At that time we had not witnessed the example of Lawrence Lessig, who, when served in August 2013 with a take-down request by Liberation Music Pty Ltd., countered with a declaratory judgment request, and was successful. We knew that Sony BMG, for example, tolerates nothing as fair, even if we were to utilize DMCA Section 512's provision to counterclaim fair use, with a full explanation. When the question becomes "is it worth engaging in a lawsuit to prove that 7 seconds of a song, used transformatively to illustrate a point is fair, or do we take down that audiovisual?", most of us don't enjoy the luxury of the resources to file the lawsuit. During course development the MOOC platform's technicians highlighted the audio and video that was available through YouTube, and agreed to make the links inactive after a relatively short period. Of course, the files were still available on YouTube itself after that time, so it remained possible for students to return to them directly. This illustrates a balance of practicality and limitation of risk in the ever-changing and challenging environment of information provision of recorded sound and video. This provision remains the property of multi-national businesses that have very little interest in encouraging the educational use of their property, and even less in admitting that fair use principles apply to current modes of delivery.

top

Target data breach price tag: $252 million and counting (Mintz Levin, 26 Feb 2015) - In a recently-released Form 8-K filing announcing fourth quarter and year-end financial results , Target Corporation reported that expenses incurred in 2014 relating to its 2013 data breach totaled over $191 million. Those expenses were offset by $46 million in insurance proceeds, resulting in a $145 million charge against Target's 2014 operating results. The expenses incurred in 2014 were in addition to $61 million in breach-related expenses incurred in 2013 which, after receipt of $44 million in insurance proceeds, yielded $17 million in net breach-related expenses for Target in 2013. In all, Target has incurred $252 million in costs arising from the data breach through the end of 2014 which, after receipt of $90 million in insurance proceeds, has resulted in total net expenses to Target in 2013 and 2014 of about $162 million.

top

Data security is becoming the sparkle in Bitcoin (NYT, 1 March 2015) - Some couples opt for a traditional wedding, while others go for the Elvis impersonator in Las Vegas. But David Mondrus and Joyce Bayo may be the first to have incorporated Bitcoin. Before about 50 guests at a Walt Disney World hotel in Florida recently, the couple used a Bitcoin automated teller machine to record their written vows on the currency's so-called block chain - an open ledger that permanently stores information. "A diamond is forever, a marriage is forever, but when was the last time anyone looked at their wedding vows?" Mr. Mondrus said. "This technology allows us to get that data and store it in a way that is retrievable and noncorruptible." As Bitcoin's price has declined over the last year, critics have been quick to declare the virtual currency dead. Bitcoin's true value, though, might be not in the currency itself but in the engine that makes it possible. Underlying Bitcoin - created as a way to make payments directly, anonymously and outside government control - is the block chain, a decentralized database that is driven by cryptography. Explaining how the block chain works can tangle the tongues of even those who are most enthusiastic about Bitcoin. Most resort to metaphors or diagrams. At a basic level, the block chain is a searchable ledger where all transactions are confirmed, in a matter of minutes, by a network of computers working to perform complex algorithms. Each part of the network maintains a copy of the ledger. About six times an hour, a new group of accepted transactions - a block - is created, added to the chain and broadcast to the other parts of the network. In this manner, all transactions are recorded and linked and thus can be traced. It is nearly impossible to modify past blocks in the chain. By simply downloading the Bitcoin software, anyone can gain access to the block chain, search it and submit transactions to the network. Entrepreneurs worldwide are now working to harness that technology for use beyond Bitcoin transactions. The block chain, they say, could ultimately upend not only the traditional financial system but also the way people transfer and record financial assets like stocks, contracts, property titles, patents and marriage licenses - essentially anything that requires a trusted middleman for verification. * * * [ Polley : also see IBM reported to be developing blockchain-based currency transaction system (Slashdot, 13 March 2015)]

top

NYPD to conduct "virtual stakeouts," get alerts on wanted cars nationwide (ArsTechnica, 2 March 2015) - The New York Police Department (NYPD) will soon have the ability to track stolen or wanted cars even if they are well outside of the five boroughs. The NYPD is set to sign a $442,500 deal over three years with Vigilant Solutions to subscribe to the company's massive private automated license plate reader (ALPR or LPR) database, according to a recent contract awards hearing . The database reportedly contains 2.2 billion records. Neither the NYPD nor Vigilant Solutions immediately responded to Ars' request for comment. The company already makes its database available to other law enforcement agencies across the country, but the NYPD is likely the largest local client agency. "Vigilant Video is compiling a vast database tracking Americans' movements, and it's no surprise that one of the most prolific users of surveillance, the NYPD, would seek to access it," Catherine Crump , a law professor at the University of California, Berkeley, told Ars. "But this data raises profound privacy issues, for the first time enabling the mass tracking of Americans, and we haven't even begun to have a meaningful conversation about what the appropriate uses are for this type of data."

top

Judge halts movie industry-backed probe against Google (GigaOM, 2 March 2015) - A federal judge has agreed to put the brakes on an investigation into Google by Mississippi Attorney General Jim Hood after the company complained that Hood's inquiry was an illegal censorship campaign cooked up by Hollywood. In a Monday ruling, U.S. District Judge Henry T. Wingate issued an order that will temporarily bar Hood from forcing Google to comply with the terms of a 79-page subpoena. "Today, a federal court entered a preliminary injunction against a subpoena issued by the Mississippi Attorney General. We're pleased with the court's ruling, which recognizes that the MPAA's long-running campaign to censor the web-which started with SOPA-is contrary to federal law," Google wrote in an update to an earlier blog post describing the case. The ruling by Judge Wingate came from the bench, and a written version is expected to follow in the next week or two. The ruling is a major victory for Google, which filed a lawsuit challenging Hood's 79-page subpoena in December. The ostensible goal of the subpoena is to help Hood discover if Google is violating Mississippi laws by exposing internet users to drugs and pornography. Google, however, filed a court challenge on the ground Hood overstepped federal laws that shield internet companies from liability for what others post online. The case has also taken on an air of intrigue in light of a secret scheme, known as " Project Goliath ," that came to light as a result of the massive hack on Sony in December 2014. Documents disclosed by the hack suggested that the Attorney General's campaign against Google was being underwritten by the Motion Picture Association of American, and even involved movie industry lawyers drafting legal papers for the state. The company has characterized the state investigation as a dirty-tricks campaign by the movie industry to promote the goals of a failed anti-piracy law known as SOPA.

top

Hillary's emails 'not technically illegal' (The Hill, 3 March 2015) - Hillary Clinton's exclusive use of a personal email account to conduct official business as secretary of State caused seems to have stayed within the law, experts say. "What she did was not technically illegal," said Patrice McDermott, a former National Archives staffer and the head of the Open The Government coalition, a transparency group. However, "it was highly inappropriate and it was inappropriate for the State Department to let this happen," she said. A Clinton spokesman defended the practice as routine and said that the former first lady obeyed "both the letter and spirit of the rules." "Like secretaries of State before her, she used her own email account when engaging with any department officials," spokesman Nick Merrill said in a statement. "For government business, she emailed them on their department accounts, with every expectation they would be retained." White House spokesman Josh Earnest said that the Obama administration had given "very specific guidance" telling all agencies that staffers should use their official email accounts when conducting official business, and that any business conducted through personal email accounts be "preserved consistent with the Federal Records Act." Last November, Obama signed into law a bill requiring government emails dealing with an official matter sent from a personal account to be forwarded to an official email account within 20 days. That law and previous guidance issued by the National Archives have attempted to clarify the rules, but it was never expressly mandated that top-level officials use government-issued accounts. "There was no prohibition on using a non-State.gov account for official business as long as it was preserved," State Department spokeswoman Marie Harf said on Tuesday.

top

Law firms clash over laptops taken by departing lawyers (ABA Journal, 3 March 2015) - A battle over laptops taken by lawyers to a new law firm failed to reach a settlement last week during a three-hour session before a magistrate judge. The suit by Pennsylvania insurance boutique Nelson Brown Hamilton & Krekstein initially sought the return of laptops taken by 14 departing lawyers to Lewis, Brisbois, Bisgaard & Smith, the National Law Journal (sub. req.) reports. The suit seeks damages under the Computer Fraud and Abuse Act. After the suit was filed last May, Lewis Brisbois returned the laptops, but erased and preserved the information they held, the story says. Now both law firms have hired computer experts to determine what information was on the devices. The departing lawyers had represented hacked companies, and Nelson Brown says sensitive information such as Social Security numbers may have been saved on the laptops. The firm also says the devices may have contained confidential client lists and legal strategies. Lewis Brisbois contends the lawyers needed to use the laptops to complete client matters after Nelson Brown fired the chair of its data privacy practice. Jana Lubert, general counsel at Lewis Brisbois, told the National Law Journal that the laptops weren't stolen. "It is important to note that at no time before or after the lawyers left Nelson Levine, which occurred over a year ago, was the data itself ever viewed by anyone who was not privileged and authorized to see it," Lubert said.

top

Feds say they finally have a database of every cyber job in government (NextGov, 3 March 2015) - The federal government is finally getting a sense of the size, shape and skills of its cybersecurity workforce. "Preliminary analysis" of a new database of all cyber jobs governmentwide, which went live in January, indicates employees doing cybersecurity work hail from more than 100 different job categories scattered across agencies. In other words, it just might take a village to do cybersecurity in the federal government. The new information about the cyber database comes from a Feb. 27 report to Congress from the White House on the implementation of the 2002 E-Government Act. The report did not provide specifics on the total size of the federal cyber workforce. It's also unclear if the cyber database, which is hosted by the Office of Personnel Management, will be open to public view. It's not readily visible on OPM's website, and an agency spokesman did not immediately respond to Nextgov's request for more information. It remains to be seen just how reliable the database's information will be. About one-fourth of agencies missed a deadline last September to report information about their cyber workers because of software problems, officials said at the time.

top

Google's quest to make art available to everyone was foiled by copyright concerns (Washington Post, 4 March 2015) - When Google launched its "Art Project" four years ago, it touted it as a huge boon for freedom of information and cultural connectivity. But if you peek into any of the museums on Google Street View now, you'll notice lots of big, blurred rectangles where paintings should be - the result of a copyright system that keeps even important artworks from being viewed publicly. Since 2013, the Spanish artist Mario Santamaría has been documenting these blurred works in a series he calls "Righted Museum." He's spotted them in L.A.'s Getty Center and Madrid's Thyssen Museum; in the National Gallery of Denmark, the National Gallery of Art in the U.S., the Art Institute of Chicago, the Indianapolis Museum. And he posts his new finds daily to Tumblr , where several have recently bubbled up to semi-viral fame - an oddly evocative record of every time the noble quest to free the world's cultural artifacts couldn't quite be maintained. * * * Museums [] can definitely make bank off these paintings: first by charging admission to see them, and then by demanding hefty licensing fees of people who want to reprint them in studies or books. So for years, many museums have had what Techdirt once called an " ownership mentality " - the attitude that no one should be allowed to photograph, or even sketch , any valuable piece the museum owns. [ Polley : very interesting piece.]

top

Canadian bloke refuses to hand over phone password, gets cuffed (The Register, 5 March 2015) - A 38-year-old Canadian citizen has been arrested for refusing to hand over his smartphone's password to border agents. Alain Philippon, of Sainte-Anne-des-Plaines in Quebec, arrived at Halifax international airport in Canada from the Dominican Republic on Wednesday - and was selected by the Canada Border Services Agency for further screening. In the course of that search he was asked to provide the password for his phone but refused. He was charged with "hindering or preventing border officers from performing their role," according to CBC . If found guilty, Philippon could face a fine of anywhere between CAN$1,000 and CAN$25,000 (US$19,900, £13,000) as well as a possible one-year jail sentence. * * * In the United States, where the same issue has received some attention, the law allows Homeland Security to search electronic devices. Senior staff attorney at the ACLU in Northern California, Michael Risher, told The Register that there is an important distinction between the right of the authorities to search your possessions, and the ability to force someone to provide their password to gain access to an electronic device. The former comes under Fourth Amendment rights (unreasonable searches and seizures) and the latter under the Fifth Amendment (not be compelled to be a witness against yourself). At the border, the authorities have significant leeway over fourth amendment rights, i.e. they are allowed to search your possessions, but not over fifth amendments rights, so, in Risher's eyes at least, they cannot compel you to hand over your password. [ Polley : It's not that simple, I think.]

top

Now corporate drones are spying on cell phones (Bruce Schneier, 5 March 2015) - The marketing firm Adnear is using drones to track cell phone users : The capture does not involve conversations or personally identifiable information, according to director of marketing and research Smriti Kataria. It uses signal strength, cell tower triangulation, and other indicators to determine where the device is, and that information is then used to map the user's travel patterns. "Let's say someone is walking near a coffee shop," Kataria said by way of example. The coffee shop may want to offer in-app ads or discount coupons to people who often walk by but don't enter, as well as to frequent patrons when they are elsewhere. Adnear's client would be the coffee shop or other retailers who want to entice passersby. The system identifies a given user through the device ID, and the location info is used to flesh out the user's physical traffic pattern in his profile. Although anonymous, the user is "identified" as a code. The company says that no name, phone number, router ID, or other personally identifiable information is captured, and there is no photography or video. Does anyone except this company believe that device ID is not personally identifiable information?

top

Investigator admits guilt in hiring of a hacker (NYT, 6 March 2015) - A private investigator who has done work for small New York City law firms that specialize in personal injury and medical malpractice litigation pleaded guilty on Friday in federal court in Manhattan to one charge of conspiracy in hiring a hacker to help with his investigation. The guilty plea, by Eric Saldarriaga, an investigator from Queens, stems from an inquiry by federal prosecutors and the Federal Bureau of Investigation into the so-called hacker-for-hire business. Mr. Saldarriaga entered his plea before Judge Richard J. Sullivan of Federal District Court in Manhattan. In the court proceeding and a five-page "criminal information" charge, the clients of Mr. Saldarriaga were not identified. The charge said Mr. Saldarriaga, 41, operated under the alias "Emmanuela Gelpi" in seeking out the services of hackers to help him gain "unauthorized access" to at least 60 email accounts. The investigation of Mr. Saldarriaga and his company, Iona Research and Security Services, could now turn attention onto some of his clients, assuming they were aware he was hiring hackers to break into email accounts. In a posting on an older Yahoo message board used by private investigators, Mr. Saldarriaga said his company did work for about 20 law firms. Last month, federal prosecutors in San Francisco, in an unrelated case, announced the indictment of two private investigators and two computer hackers on charges that they had illegally entered email and Skype accounts to gather information for matters they were working on for clients. Some of the illegally gathered information was intended to support a lawsuit, authorities said. In that case, there has been no indication that the private investigators were working on behalf of a particular law firm.

top

How 2 legal cases may decide the future of Open Source software (CIO, 6 March 2015) - The days of open source software free lunches are rapidly coming to an end, and that means enterprises that fail to stick to the terms of open source licenses can expect to be sued. That's the stark warning from Mark Radcliffe, a licensing expert and partner at law firm DLA Piper. "We are entering a different era for open source, shifting from a special universe where people were cooperative and collaborative to a more hard-nosed commercial one," he explains. "Now people are applying the same criteria for the enforcement of their open source software rights as for proprietary software, and looking at how they can use them strategically in their business." Radcliffe says this shift is only just beginning, but for evidence he points to the case of Versata v. Ameriprise. In summary, Versata's proprietary software product, Distribution Channel Management (DCM), used an open source XML parsing utility that was licensed under GPLv2 from a company called XimpleWare. (XimpleWare also offers its utility with a commercial license to companies that don't want to be subject to an open source license, but Versata did not use that commercial license.) The problem came when Versata licensed its DCM software to financial services company Ameriprise, and subsequently sued Ameriprise for allowing a subcontractor to decompile Versata's software -- a move Versata contended was a breach of license. Ameriprise then countersued. Because Versata's software included open source software licensed under the GPLv2 and was a derivative work, Ameriprise alleged, the whole of Versata's DCM product came under the GPLv2 license, and therefore Ameriprise or its subcontractor could decompile and modify the software at will. It turns out that the text of the GPLv2 license, the required copyright notices and a copy of the source code -- all of which should normally be included with GPLv2 software -- had been stripped out of the open source portion of DCM somewhere along the line, Radcliffe says. It is not clear who did it or why, or whether it was done inadvertently. "The point is that Versata did not appear to have a process for managing open source software. They ignored it, and their contracts were not set up for it," he says. Radcliffe recommends that companies have an internal process for managing open source software -- not just from internal developers, but also from software that comes with acquisitions or from consultants.

top

PreCheck expansion plan raises privacy concerns (NYT, 9 March 2015) - The idea raised alarms among privacy advocates: Social media postings would be fair game for private companies doing background checks on people applying for the PreCheck security program, under a government request made in December. Not long after, the Transportation Security Administration last month abruptly withdrew that request for proposals. Among those concerned was Thomas P. Bossert, a security consultant and a former Homeland Security aide to President George W. Bush, who said it represented a "massive expansion and outsourcing of the government's data-mining." That doesn't mean the idea has gone away, however. The T.S.A. said in a filing that it had sent the request for proposals back for revisions because of "some difficulties" with the language, as the agency proceeds with its plan to hire private companies to get more travelers into PreCheck, which now has about 950,000 members. The request for proposals was posted Dec. 22 on a government website for businesses seeking federal contracts, and withdrawn on Feb. 7. A section of it described the scope of personal data that private companies could use to evaluate PreCheck applicants, who pay $85 for the enrollment process. Besides criminal and other governmental records, companies could also use "other publicly available information such as directories, press reports, location data and information that individuals post on blogs and social media sites" for background checks, the guidelines said. Data about retail purchases could also be considered.

top

Tech blog GigaOM abruptly shuts down (NYT, 9 March 2015) - GigaOM , a pioneering technology blog that became a fixture in Silicon Valley and claimed 6.4 million monthly readers, abruptly announced on Monday that it would shut down. The site, which was founded in 2006, seemed to have been stopped dead in its tracks - earlier Monday, it had been posting articles, most recently on Apple. News of its closure was first broken on Twitter by those connected with it, but was confirmed shortly afterward by its founder, the tech journalist and venture capitalist Om Malik. "GigaOM is winding down and its assets are now controlled by the company's lenders," he said. "It is not how you want the story of a company you founded to end." Mr. Malik did not specify a reason for the publication's closing. But a separate statement, attributed to its management, said that it "recently became unable to pay its creditors in full at this time." The site, long known for both its business and consumer-facing technology posts, had been open to experimentation in its business model. Like other media start-ups, GigaOM hosted a series of technology conferences that charged high prices for admission. The company offered a white-paper research business, and also sold advertising. [ Polley : Too bad - GigaOM has long been a good source for MIRLN material.]

top

CCC on rights and licensing for Open Access publishing (Publishing Perspectives, 11 March 2015) - Open Access (OA) publishing and licensing models for academic, scientific, medical and other research based journal publishing can be a baffling topic for many. And "if you are confused, then you are only beginning to understand the problem," says Christopher Kenneally, Director, Business Development, for Copyright Clearance Center . Ultimately, it all depends on what you mean by "open." "There are a multitude of definitions," says Kenneally. "It varies by what funder mandates apply. In the UK, the Wellcome Trust, which is a significant funder of research in the UK and around the world, has issued mandates stating that if you receive money, the published results of that research much be published on what is the 'Gold Road' of Open Access - free and available publicly online, for example." In the US, the federal government has different policies regarding research it has funded, as does the government of China, which has recently issued some requirements for articles published through open access. But don't confuse "open" with "free," as there are fees involves. Once the article has been accepted via peer review journal, the author can make the article available typically through Open Access by paying an Author Processing Charge (APC) and fees that can range from hundreds or thousands of dollars. Typically this is paid by the author or the author's institution. Furthermore, "Policies of the publishers apply as well…and anything to do with copyright and licensing can get really complicated, really fast. We are trying to offer as much information about this as possible at Copyright Clearance Center, as we see education as part of our mandate." To this end, CCC has partnered with ALPSP - the Association of Learned and Professional Society Publishers - to offer OpenAccessResources.org , a free site with information on OA and it offers information by region.

top

New iPhone app for Capitol Hill insiders hopes to be the digital smoke-filled room (Washington Post, 11 March 2015) - In today's digital age, it's almost impossible to keep conversations private. Every thought shared, even under the auspices of privacy - a personal e-mail, a friends-only Facebook status - could easily become public. That pressure keeps people on Capitol Hill from connecting in any real way. Or at least that's the rationale behind former Hill staffer Ted Henderson's latest smartphone app. Henderson, who created Capitol Bells, an iPhone app that tracks floor votes taken in real time , has a new toy called Cloakroom that allows anyone with a congressional e-mail address or who is physically on Capitol Hill (lobbyist, reporters, tourists) to anonymously join conversations to see what Hill people are buzzing about. In its infancy, it appears users are primarily using it to joke in a safe space. One person under the alias "senmenendez" posted, "Anyone have a good lawyer? Asking for a friend." Then "schock" responds: "I've got a guy," and "govmcdonnell" writes, "Don't look at me." Another user wants the best war stories on "SJL" - Rep. Sheila Jackson Lee (D-Tex.). Someone responds about the one with the tequila in the House gallery. Another says an intern dumped a huge stack of constituent mail in the trash in front of visitors from their district. Another wants to know if anyone got sick from the "grill special at the Dirksen cafeteria." Henderson hopes Hill types will eventually use it for more serious debates on policy, but generally he just wants it to create a community.

top

Court awards first-ever damages for false copyright infringement takedown notice (Steptoe, 12 March 2015) - The U.S. District Court for the Northern District of California, in Automattic Inc. v. Nick Steiner , has awarded total damages of $25,084 to a blogger and the operator of blogging platform Wordpress.com for "lost work and time" spent responding to a fraudulent takedown notice for copyright infringement. This appears to be the first time a court has awarded such damages under the Digital Millennium Copyright Act, given the difficulty of demonstrating that such false claims are knowingly made.

top

RESOURCES

Cybersecurity (new "Hub" by K&L Gates) - Cyberattacks are on the rise with unprecedented frequency, sophistication, and scale and are pervasive across industries and geographical boundaries. In the wake of more frequent and severe incidents, regulators around the world have implemented changes to address these heightened risks. Here, we present ways to address and mitigate cyberrisks. [ Polley : Do any MIRLN readers have experience with these K&L Gates " hubs "? Feedback, please.]

top

2014 state of the law regarding internet intermediary liability for user-generated content (Cathy Gellis in The Business Lawyer, Winter 2014-2015) - Summary of recent case law and legislative efforts regarding Internet intermediaries hosting user-generated content. Covers 47 U.S.C. Section 230 and 17 U.S.C. Section 512, as well as other peripheral issues.

top

An analysis of the Right to be Forgotten ruling (MLPB, 3 March 2015) - W. Gregory Voss, Toulouse Business School, has published The Right to Be Forgotten in the European Union: Enforcement in the Court of Justice and Amendment to the Proposed General Data Protection Regulation at 18 Journal of Internet Business Law (July 2014). Here is the abstract: This article analyzes the famous Google Spain case (May 13, 2014) of the Court of Justice of the European Union and its recognition of a form of "the right to be forgotten", allowing individuals to request the delisting of their personal data from search engines if certain conditions are met. In doing so, it puts the right to be forgotten into the context of ongoing discussions on reform of the European Union's data protection Framework and amendments in the European Parliament to the Proposed General Data Protection Regulation.

top

The TSA'S FAST personality screening program violates the Fourth Amendment (Bruce Schneier, 6 March 2015) - New law journal article: " A Slow March Towards Thought Crime: How the Department of Homeland Security's FAST Program Violates the Fourth Amendment ," by Christopher A. Rogers. From the abstract: FAST is currently designed for deployment at airports, where heightened security threats justify warrantless searches under the administrative search exception to the Fourth Amendment. FAST scans, however, exceed the scope of the administrative search exception. Under this exception, the courts would employ a balancing test, weighing the governmental need for the search versus the invasion of personal privacy of the search, to determine whether FAST scans violate the Fourth Amendment. Although the government has an acute interest in protecting the nation's air transportation system against terrorism, FAST is not narrowly tailored to that interest because it cannot detect the presence or absence of weapons but instead detects merely a person's frame of mind. Further, the system is capable of detecting an enormous amount of the scannee's highly sensitive personal medical information, ranging from detection of arrhythmias and cardiovascular disease, to asthma and respiratory failures, physiological abnormalities, psychiatric conditions, or even a woman's stage in her ovulation cycle. This personal information warrants heightened protection under the Fourth Amendment. Rather than target all persons who fly on commercial airplanes, the Department of Homeland Security should limit the use of FAST to where it has credible intelligence that a terrorist act may occur and should place those people scanned on prior notice that they will be scanned using FAST.

top

Better sharing through licenses? Measuring the influence of Creative Commons licenses on the usage of Open Access monographs (JLSC, 10 March 2015) - Abstract: Open Access and licenses are closely intertwined. Both Creative Commons (CC) and Open Access seek to restore the balance between the owners of creative works and prospective users. Apart from the legal issues around CC licenses, we could look at role of intermediaries whose work is enabled through CC licenses. Does licensing documents under Creative Commons increase access and reuse in a direct way, or is access and reuse amplified by intermediaries?

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Controversial terror database matrix shuts down (AP, 18 April 2005) -- A three-year-old crime and terrorism database that came under fire for sharing and collecting personal information was closed down Friday because a federal grant ran out. Elements of the Multistate Anti-Terrorism Information Exchange - Matrix - may live on if individual states decide to fund it on their own, said Bob Cummings, executive vice president for the Institute for Intergovernmental Research in Tallahassee, which helped coordinate the Matrix network. "We're winding up the project today. The system that the federal government has basically paid for, the application itself to the users and the states, will either be assumed by the states or will no longer exist," he said. Matrix was down to four participants - Pennsylvania, Florida, Ohio and Connecticut - after several states opted out due to privacy concerns, legal issues or cost. It operated with grant money from the departments of Justice and Homeland Security, but that funding expired Friday. "They can put a good face on it, saying that the grant ran out, but frankly if there wasn't growing opposition to this kind of intrusive, investigatory technique, the funding wouldn't have run out," said Howard Simon, executive director for the Florida American Civil Liberties Union.

top

Legal online music stores make some gains (Reuters, 7 June 2005) -- Legal online music stores have gained a solid foothold against free file-sharing networks, according to new data released on Tuesday. The beleaguered music industry has been pursuing a carrot and stick strategy of supporting legal alternatives such as Apple's iTunes, RealNetworks's Rhapsody and Napster, while filing a barrage of lawsuits against people and services that share music illicitly online. According to data from market research firm NPD Group Inc, the efforts are bearing fruit: iTunes has surged to a tie for second place as the most popular online music source, with 1.7 million U.S. households downloading at least one song in March. That put it neck and neck with the peer-to-peer service LimeWire and slightly behind another P2P service, WinMX, which has 2.1 million households. "Legal services offer some obvious advantages: they're spyware free, and it's very quick and easy to get what you want," said NPD's Isaac Josephson. "The older, more affluent demographics are already a bit more inclined to go for convenience over free, and when you raise the legal issues that's an important tipping point." About 4 percent of Internet-enabled U.S. households used a legal online music store in March, according to NPD.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. Steptoe & Johnson's E-Commerce Law Week

8. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

9. The Benton Foundation's Communications Headlines

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top