Saturday, August 13, 2016

MIRLN --- 24 July - 13 August 2016 (v19.11)

MIRLN --- 24 July - 13 August 2016 (v19.11) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | PODCASTS/MOOCS | LOOKING BACK | NOTES

Blockchain buzz: How the blockchain stands to change legal tech (LegalTechNews, 20 July 2016) - At times in legal tech, technologies don't live up to the hype surrounding them. However, this isn't the case with blockchains , and according to Tom Brooke, partner at Brooke & Brooke, the technology is where "we really are hacking the law." In "Legal Tooklit for the 21st Century: Smart Contracts and the Blockchain," a session at the 2016 Legal Hackers International Summit in Brooklyn, New York, a panel of legal tech experts convened to clear up what Brooke referred to as "buzz and hype" that blockchain is "going to take over the law." Blockchains aren't "really smart" or "contracts," Brooke explained, but instead are "akin to a database," the "key idea" that is whatever content is uploaded to the blockchain is shared, a concept he likened to Napster. "The innovation with the blockchain was the ability to keep all those distributed computers in sync." "What you put on the blockchain, you can always see it there," Brooke said. This has "basically created a revolution, and I think it's going to have a profound effect on law and change everything." Under the guidance of scientist and lecturer Dazza Greenwood, the MIT Media Lab has released lawchain.org, a prototype effort for testing whether "blockchain's immutable record capability can be used for legal requirements" for collecting and distributing records currently met by archivists, Greenwood said. Doing so provides "a copy ledger of the blockchain in every running instance" of user upload, and because it's a text file, "it's not that big to have a record of every transaction." Many are interested in putting the authoritative versions of statutes and regulations online, "but having an authoritative version requires the ability to demonstrate" that the record was enacted by legislators, Greenwood explained. While websites provided by city, state and federal agencies can provide text copies of the law, the information has no authoritative value, and thus couldn't be entered as evidence into a case. "It's just not real. You can't depend on it." To this end, Greenwood's team hopes to "test a hash or a record of the law" and mandates for upload to a blockchain, which would in theory provide "an archive system that anyone can demonstrate at no cost" that a statute was enacted at a certain time.

top

- and -

Steptoe & Johnson to expand blockchain practice, accept bitcoin payments (LegalTechNews, 10 August 2016) - Law firm Steptoe & Johnson announced the expansion of its blockchain practice to assist clients looking to develop and deploy blockchain-empowered applications . Blockchains, which use an algorithm-based security mechanism called cryptographic hashing to "time stamp" and validate transactions, are the technology behind the digital currency bitcoin. Alan Cohn, of counsel at Steptoe & Johnson, noted that with the expansion, the firm is "taking the step from being counsel to the bitcoin and blockchain industry , to being counsel to companies across all industries who will be affected by the many applications for blockchain and distributed ledger technology." The firm's expansion comes less than a year after Steptoe co-launched the Blockchain Alliance, which brings together blockchain companies, law enforcement and regulatory agencies to promote the application of digital currency and blockchain technology. Cohn explained that blockchain applications can include "smart contracts, digital rights management, payment processing, and other applications across a range of industries including financial services and insurance, transportation, energy and government services, just to name a few." Alongside the expansion of its practice, Steptoe & Johnson also announced it will soon accept bitcoin as payment for fees, in a move to more deeply immerse itself in the technology.

top

The Scope of edX (InsideHigherEd, 21 July 2016) - My college is a member of the edX Consortium , so I pay attention to who is on the edX platform. Thankfully for all of us, MOOCs no longer suck up the higher ed change oxygen. Those of us participating in the open online education movement never bought into the hype. We never thought that MOOCs would disrupt higher ed. We create open online courses because offering educational opportunities to the world's learners is both aligned with our missions, and because we think that participating in this movement is a good way to learn about learning. Even though we may hear less about MOOCs than we once did, that does not mean that we should not pay attention to where this movement is going. Let me share some edX numbers that blew my mind: * * *

top

FCC selects Swedish firm to run sensitive national database routing phone calls (WaPo, 22 July 2016) - The Federal Communications Commission this week selected a Swedish-owned firm to run a sensitive national database that routes billions of phone calls across the country, apparently satisfied that the award would not jeopardize national security. The vote by the five commissioners clears the way for Telcordia, owned by Ericcson and based in New Jersey, to proceed with the challenging task of building a system that can track calls and text messages by nearly every phone number in North America while ensuring the data remains secure. The database handles the intercarrier routing of calls and texts for more than 650 million U.S. phone numbers and for more than 2,000 carriers. If numbers are scrambled or deleted, a massive communications breakdown could occur. The database is particularly important for the FBI and other law enforcement agencies that query the database every day, several million times a year, in the course of criminal and intelligence investigations to track which phone company provides service for a particular number. Security experts say that if a foreign spy agency wants to know which of its agents the United States has under surveillance, it could attempt to hack the system to see what numbers the FBI has wiretaps on. The system includes the phone number, database and the platform that tells law enforcement which carrier owns which number.

top

A hackable election? 5 things to know about e-voting (Computer World, 22 July 2016) - As the U.S. heads toward an especially contentious national election in November, 15 states are still clinging to outdated electronic voting machines that don't support paper printouts used to audit their internal vote counts. E-voting machines without attached printers are still being used in a handful of presidential swing states, leading some voting security advocates to worry about the potential of a hacked election. Some makers of e-voting machines, often called direct-recording electronic machines or DREs, are now focusing on other sorts of voting technology, including optical scanners. They seem reluctant to talk about DREs; three major DRE vendors didn't respond to questions about security. Here are five things to know about DREs: * * *

top

Social media property rights (Norton Rose, 25 July 2016) - The number of people using social media these days is staggering. For instance, Facebook has 1.65 billion monthly active users as of March 31, 2016. As such, the ability to reach such a broad consumer base through social media is becoming increasingly important to businesses. Companies are no doubt eager to create social media pages that generate "followers" and "likes" that may, in turn, generate profits. As the number of "followers" and "likes" of a page increase, so do potential issues surrounding ownership of these aspects of social media pages. The current state of the law regarding social media and property rights is unsettled, so companies must be vigilant and keep up-to-date with any new developments in order to protect themselves in the event of a potential dispute. Recent cases shed some light on the current legal landscape regarding property rights and social media, which may provide some guidance for companies operating social media pages. * * *

top

Justices show how disclosing revisions offers (confers?) benefits (NYT, 25 July 2016) - Supreme Court opinions are not set in stone. Justices keep editing them after they are issued, correcting factual errors and even misstatements of law. For decades, those changes were made largely out of sight. But in October, on the first day of the term, the court announced that it would start disclosing after-the-fact changes to its decisions. As of this month, the court's website had flagged revisions to seven of them. The most extensive changes came on the last day of the term, in a blockbuster ruling that struck down two parts of a Texas abortion law . In the version of the majority opinion released on the morning of June 27, Justice Stephen G. Breyer wrote that "neither of these provisions offers medical benefits sufficient to justify the burdens upon access that each imposes." A little after 6 p.m., according to the court's website, Justice Breyer revised the sentence, choosing a different verb : "confers" instead of "offers." "Neither of these provisions," he now said, "confers medical benefits sufficient to justify the burdens upon access that each imposes." He changed four other passages, too, expanding here and clarifying there. The same-day revisions suggested that the editing of the opinion had gone down to the wire, and then across it. A couple of years ago, Richard J. Lazarus, a law professor at Harvard, revealed that the court had routinely been revising its decisions , altering them without public notice weeks, months and sometimes years after they were first issued. Professor Lazarus urged the justices to disclose the changes. "The court can both make mistakes and admit mistakes without placing its institutional integrity at risk," he wrote in The Harvard Law Review . To its credit, the court - never one for rapid change - listened. Justice Breyer's revisions appeared to be stylistic. Others during the term corrected legal and factual errors. On the last day of June, for instance, a deputy solicitor general Michael R. Dreeben, wrote a letter to the court saying there had been a mistake in a decision issued a few weeks before . He asked the court to fix the error, and, a week later, it did .

top

Overview and analysis of PPD-41: US Cyber Incident Coordination (Lawfare, 27 July 2016) - Hot on the heels of the DNC hack, the White House today released Presidential Policy Directive/PPD-41 : United States Cyber Incident Coordination. The Directive clarifies and codifies lines of responsibility as they apply to "significant" cyber incidents, which are defined as a "3" or more on a spectrum of consequences that runs from 0 (e.g., "inconsequential") through 5 (e.g., "imminent threat to national…stability"). The framework and architecture specified in the PDD, which will apply irrespective of whether the targeted entity lies in the public or private sector, assigns lead response roles as follows: the Department of Justice will lead the investigative component, the Department of Homeland Security will lead on asset protection, and the Office of the Director of National Intelligence will lead intelligence support activities. In addition, the NSC's Cyber Response Group will drive national policy coordination, while national operations coordination is to be achieved through a (Cyber) Unified Coordination Group, composed at minimum of "Federal lead agencies for threat response, asset response, and intelligence support." * * *

top

FTC fires warning shot on international privacy rules (Steptoe, 28 July 2016) - The Federal Trade Commission issued warning letters to 28 companies that claim certified participation in the Asia-Pacific Economic Cooperative Cross-Border Privacy Rules system on their websites but do not appear to have met the requirements, such as undergoing a review by an APEC-recognized Accountability Agent, to make that claim. The APEC privacy system is a regulatory initiative designed to facilitate the protection of consumer data transferred across the APEC region, consisting of 21 Pacific Rim member states, including the United States. The warning letters came the same week that the United States and European Union finalized the Privacy Shield, which assumes an active role by the FTC in enforcing U.S. companies' claims that they comply with the Shield's requirements for protecting personal data concerning EU residents.

top

Judge blasts FBI for bugging courthouse, throws out 200 hours of recordings (ArsTechnica, 2 August 2016) - The FBI violated the Fourth Amendment by recording more than 200 hours of conversation at the entrance to a county courthouse in the Bay Area, a federal judge has ruled. Federal agents planted the concealed microphones around the San Mateo County Courthouse in 2009 and 2010 as part of an investigation into alleged bid-rigging at public auctions for foreclosed homes. In November, lawyers representing five defendants filed a motion arguing that the tactic was unconstitutional, since the Fourth Amendment bans unreasonable searches. "[T]he government utterly failed to justify a warrantless electronic surveillance that recorded private conversations spoken in hushed tones by judges, attorneys, and court staff entering and exiting a courthouse," US District Judge Charles Breyer wrote in an order (PDF) published yesterday. "Even putting aside the sensitive nature of the location here, Defendants have established that they believed their conversations were private and they took reasonable steps to thwart eavesdroppers." Breyer concluded that the disputed evidence must be suppressed.

top

Judge declines to enforce Uber's terms of service (Venkat Balasubramani, 3 August 2016) - This is an antitrust case against Travis Kalanick, the founder of Uber, alleging that Mr. Kalanick "orchestrated and participated in an antitrust conspiracy." Uber moved successfully to intervene, and then moved to force arbitration (Mr. Kalanick joined in this motion). The court denies the motion to compel arbitration, finding fault with Uber's contract formation process. If the parties did not form an enforceable agreement, then there is no basis to compel arbitration. Uber's contracting process at the time required someone to input their payment details, and then "register" to form an account. The text under the "register" button said: By creating an Uber account, you agree to the Terms of Service and Privacy Policy. The terms of service and privacy policy were links, and if a user clicked on the links, he or she is taken to a screen where they must press another button to access the terms. Plaintiff said he does not recall the hyperlink or clicking it, and Uber did not contest this. The court starts by noting the familiar labels ascribed to these agreements ("clickwrap" or "click-through" and "browsewrap") and says clickwrap agreements "are more readily enforceable" because the user is on inquiry notice of the agreement. The court says that Uber's is not a clickwrap agreement: * * *

top

How Brazil is trying (and failing) to keep drones away from the Olympics (The Verge, 8 August 2016) - On Friday, more than 60,000 people packed into Rio's Maracanã stadium for the opening ceremony of the 2016 Olympic Games - but above their heads, something disconcerting was happening. Observers reported as many as three drones hovering above the stadium, triggering a security panic that reached all the way to the teams providing protection for visiting heads of state. It was the exact scenario Brazilian security had hoped to avoid - but despite the latest equipment and months of preparation, keeping drones out of an open-air stadium is still an extremely difficult job. Behind the scenes, Brazilian authorities have taken bold new steps to keep drones away from designated Olympic areas, but not all of the new measures are effective. The country has partnered with drone manufacturers like DJI to update the onboard software with Olympic geofences, preventing drones from flying in the forbidden areas. But not every manufacturer has taken up the self-imposed limits, so to stop other drones, the Brazilian military has purchased new devices to jam drone-control signals in mid-flight. These jamming devices required the telecom regulators to grant the military new legal authorities over the civilian airwaves. It's an aggressive step, and one that many observers worry could lay the groundwork for cell-service blackouts after the games have finished. Ultimately, the drones above the stadium dispersed on their own, but the military had other systems in place if they didn't. A recent Vice report found the Brazilian military has purchased eight DroneBlocker devices from a company called IACT, motivated by concerns from the 2014 World Cup in which one team was accused of spying on practice sessions with a drone . The DroneBlocker devices work by blasting incoming drones with radio signals, effectively jamming the signal from the controller. The army also obtained new legal powers in order to use the devices, which has raised significantly more controversy. On February 1st, Brazil's national telecom agency officially authorized the armed forces to jam radio signals during the Olympic games. Crucially, the authorization made no reference to drones specifically, leading many observers to worry the same authorization could be used to stifle the anti-Olympic protests that occurred in advance of the games.

top

- and -

Unsporting rule? Olympic policy bars companies from tweeting about the Games (LA Times, 11 August 2016) - At the Olympics in Rio de Janiero, athletes from around the world are posting tweets, photos and observations between training and competing. Missing from their social media updates: any mention of companies that are not part of the exclusive club of official Olympic sponsors. That's because of Rule 40, a section of the Olympic Charter that bars such businesses from mentioning the Olympics or the athletes they sponsor in any way from July 27 to August 24. Athletes are likewise not allowed to acknowledge their sponsors during that period. The rule extends to social media, where banned words include the wholly expected (such as "Olympics," "medal" and "Rio") and the vague (including "performance, "challenge" and effort"). Companies aren't even allowed to retweet news stories about the Olympics. It's an effort to protect official sponsors, such as McDonald's, Coca-Cola and Nike, which pay handsomely for the privilege of exclusive marketing during the Olympics. Official sponsorships can reportedly cost as much as $200 million, and such deals amount to more than 40% of Olympic revenues, according to the International Olympic Committee. But comparatively few Olympic athletes hold contracts with official sponsors. Many afford a lifestyle of training and competing through deals with smaller brands, which are shut out from even mentioning the athletes during the few weeks when casual sports fans might care about hurdlers or modern pentathletes. This year, however, companies and athletes are harnessing social media to fight back. Some Olympians have tried to highlight the silliness of barring athletes from digital free speech. "How amazing is this!" tweeted Jade Lally, a British discus thrower, after posting a photo of a good luck card. "It's for that thing [winking face emoji] I'm doing this summer [winking face] in South America [winking face] #Rule40". Brooks Running Co., which sponsors a dozen athletes competing in the Summer Games in Rio, kicked off a stealth war against Rule 40 this summer on Instagram and Twitter. The Seattle sportswear company also created a website, rule40.com, that sought to educate people, along with providing slogans that can be posted to social media to mock the rule. During the Olympic track and field trials in July, Brooks hired trucks that drove around Eugene, Ore., with similar messages. "good luck, you know who you are, on making it you know where," one reads. Instead of the Olympics, the ad refers to a "generic worldwide quadrennial sporting event." Jesse Williams, Brooks' senior sports marketing manager, said the company came up with the idea last winter after kicking around ways to spotlight how Rule 40 unfairly penalizes athletes who are not famous.

top

Smaller firms may risk losing clients over cybersecurity (NY Law Journal, 9 August 2016) - The price of effective cybersecurity can be daunting for small and midsized law firms. But the cost of inaction could be even greater, as more clients threaten to abandon firms that don't meet their data-privacy standards. Cybersecurity fears are not new, but clients have begun to look far more closely at their outside law firms' data policies, said Dan Safran, president and CEO of the legal project management and technology company Legal Shift. For small and midsize firms that have neglected the issue due to the price tag, that could be a problem. "Four to five years ago … you could essentially get away with, 'yeah, we're working on it,'" Safran said. "I do know of firms that are not necessarily being completely truthful. They know now that they just can't fake it." Lawyers and consultants said clients are taking notice of law firm breaches that made headlines in recent years. But they said many firms don't act unless they feel their business is truly in danger. "What's happened now is that clients are basically going to law firms and saying, 'we expect you to be as security conscious as we are,' " Safran said. "If they don't comply, they can lose the work." He was working with a law firm where one client brought in about 10 percent of the firm's revenue, he said. That client hired a third-party auditor to examine the firm's data privacy policies, but the firm didn't take the audit seriously. A year later, when the auditor came back, Safran said the client found that the firm didn't meet its standards. "They realize that the firm had done nothing, and they went back to the partner at the firm and said basically, 'you're going to lose all of our business,' " he said. The lawyer who represented that client, who also had the firm's biggest book of business, threatened to leave as well, Safran said. Quickly thrown into "emergency mode," the firm took measures to comply with the client's policies.

top

Tenth Circuit: Accessing email is a 'search' under the Jones trespass test (Orin Kerr, 9 August 2016) - Judge Neil Gorsuch is one of my favorite judges, and I don't lightly or often take issue with his opinions. But on Friday, Gorsuch handed down an important Fourth Amendment case that has a somewhat puzzling section with far-reaching implications. The case, United States v. Ackerman , considers how the Fourth Amendment applies to a child pornography detection system set up by Internet service providers and the National Center for Missing and Exploited Children (NCMEC). The opinion holds that NCMEC is governed by the Fourth Amendment and that it cannot open emails that providers did not themselves open without triggering the Fourth Amendment. I don't have a difficulty with that conclusion. On the other hand, I was puzzled by the panel's alternative holding that reached the latter result a second time under the United States v. Jones trespass test. That alternative holding isn't necessarily wrong, but it takes a lot of non-obvious steps without much explanation. With my apologies for writing a post that may be of interest only to the serious Fourth Amendment nerds among the readership, I thought I would say more about why that second holding matters and why I'm puzzled by it. * * *

top

American Bar Association votes to DRM the law, put it behind a EULA (BoingBoing, 10 August 2016) - Rogue archivist Carl Malamud writes, "I just got back from the big debate on is free law like free beer that has been brewing for months at the American Bar Association over the question of who gets to read public safety codes and on what terms." I was granted what is known as the "privilege of the floor" to speak before the House of Delegates at their Annual Meeting. The ABA Journal has a summary of the floor debate. With a couple dozen resolutions on the table and some really inspirational speeches by all sorts of pretty amazing folks (the presidents of the ABA are pretty inspirational!), this was the only resolution that had any significant debate. We went at it for over 30 minutes. In my remarks I made the point that this resolution was perhaps well-intentioned, but bought into a really dangerous idea that somehow DRM-based access to the law from an exclusive private provider is "good enough." I was actually joined by the standards establishment in arguing strenuously that "read only access" simply doesn't exist and DRM is futile. A law is either public or it isn't. (And if a law isn't public, it isn't a law!) The other side argued that DRM-based access is good enough for ordinary people, and felt that setting that as a minimum floor for access was a good thing. Today, many public safety standards have no access at all for the general public (although I'm proud to have 980 of the laws in question on my web site for access with no restriction and with significant transformation in your ability to use them), so Resolution 112 is sort of a step forward. For that I'm pleased. In a 146-210 vote, we lost our motion to take a deep breath and ask ourselves if maybe the current "split the baby" solution wasn't settling for something pretty bad and maybe we could do better. Although there were 6 ABA Sections that were the sponsors of the resolution (including, believe it or not, Civil Rights and Social Justice!), I suspect that very few of the task force members that did this thing has ever looked at a "read only access" standard, let alone our transformed version. What struck me the most was the continual mention by the American Bar Association speakers of two things: "rule of law" and "we must embrace technology." I think the question of who gets to read the law is at the very heart of those two important themes, and I got to make my case before 550 of the top lawyers in the country, most of whom had not heard of this issue before. It was worth it. [ Polley : A sorry day and Solomon-like "compromise"; very disappointing. See also After debate, ABA House calls for publication of privately drafted standards used in legislation (ABA Journal, 9 August 2016)]

top

- and -

A speech code for lawyers, banning viewpoints that express 'bias,' including in law-related social activities (Eugene Volokh, 10 August 2016) - The American Bar Association has adopted a new provision in its Model Rules of Professional Conduct - an influential document that many states have adopted as binding on lawyers in their state. I blogged about it when it was just proposed, in slightly different form, but I thought it was worth repeating my analysis now that the ABA is formally recommending it to state bars and state courts. Here is the relevant text (emphasis added): * * * So say that some lawyers put on a Continuing Legal Education event that included a debate on same-sex marriage, or on whether there should be limits on immigration from Muslim countries, or on whether people should be allowed to use the bathrooms that correspond to their gender identity rather than their biological sex. In the process, unsurprisingly, the debater on one side said something that was critical of gays, Muslims or transgender people. If the rule is adopted, the debater could well be disciplined by the state bar: * * * Or say that you're at a lawyer social activity, such as a local bar dinner, and say that you get into a discussion with people around the table about such matters - Islam, evangelical Christianity, black-on-black crime, illegal immigration, differences between the sexes, same-sex marriage, restrictions on the use of bathrooms, the alleged misdeeds of the 1 percent, the cultural causes of poverty in many households, and so on. One of the people is offended and files a bar complaint. Again, you've engaged in "verbal . . . conduct" that the bar may see as "manifest[ing] bias or prejudice" and thus as "harmful." This was at a "social activit[y] in connection with the practice of law." The state bar, if it adopts this rule, might thus discipline you for your "harassment." And, of course, the speech restrictions are overtly viewpoint-based: If you express pro-equality viewpoints, you're fine; if you express the contrary viewpoints, you're risking disciplinary action.

top

Publishers association sends whiny complaint letter to dean after academic librarian discusses Sci-Hub (TechCrunch, 10 August 2016) - It's no secret that big publishing companies (especially academic publishing companies) really really dislike Sci-Hub. Sci-Hub, of course, is the quite interesting site that enables academics to access and share PDFs of published scientific research. We've written about it a bunch, including Elsevier's ridiculous legal crusade against the site, which has only served to act as a huge advertisement for the site. As we noted, using copyright to shut down Sci-Hub seemed to go entirely against the purpose of copyright, which was officially designed to promote "learning" and scientific knowledge. Nonetheless, the publishers really, really hate it. But even so, it seems pretty ridiculous for the Association of American Publishers (AAP) to freak out so much about an academic librarian just mentioning Sci-Hub while on a panel discussion, that it would send an angry letter to that librarian's dean. But, that's exactly what AAP did, in complaining about comments by librarian Gabriel Gardner to his dean, Roman Kochan, at the University Library for California State University. The letter, signed by AAP President Thomas Allen seems to suggest that any moderately positive comment about Sci-Hub should be banished from any academic discussion: I am disappointed to learn that a librarian from California State University, Long Beach, Gabriel Gardner, recently praised the notorious pirate site Sci-Hub and recommended that attendees at a session use the site. Mr. Gardner was a panelist at the American Library Association's session "Resource Sharing in Tomorrowland - a Panel Discussion About the Future of interlibrary Loan" at the association's annual conference in Orlando. On the panel he said, essentially, "Try it, you'll like it." Sci-Hub has been enjoined from further operation as an unlawful enterprise that has committed mass theft of copyrighted material. Sci-Hub should not be equated with any legitimate interlibrary loan or open access publishing practices.

top

ECJ limits applicability of data protection rules to websites (Steptoe, 11 August 2016) - Last month, the European Court of Justice ruled, in Verein für Konsumenteninformation v. Amazon EU Sàrl, that a country's data protection laws do not apply to an ecommerce company simply because the company's website is accessible to consumers in that country. Rather, those laws apply only if the company processes data "in the context of the activities of an establishment situated in that Member State." The decision bolsters the ECJ's previous decision in Weltimmo s.r.o. v. Nemzeti Adatvédelmi és Információszabadság Hatóság and is a win for ecommerce companies, allowing them to operate across EU borders without worrying about being bound by the varying laws of every jurisdiction in which their websites are accessible.

top

For AVVO, bad ethics news but good litigation news (Robert Ambrogi, 11 August 2016) - Recent legal developments have brought both good news and bad news for Avvo. Let's start with the bad news. Earlier this year, Avvo launched Avvo Legal Services , a service offering fixed-fee, limited-scope legal help through a network of attorneys. Some commentators and readers expressed concern that this arrangement could constitute inappropriate fee sharing. Avvo's CEO Mark Britton and General Counsel Josh King dismissed that, maintaining that the arrangement is OK because the marketing fee is paid as a separate transaction. Now, one ethics panel says otherwise. The South Carolina Bar's Ethics Advisory Committee issued an opinion last month ( Ethics Advisory Opinion 16-06 ) concluding that Avvo Legal Services violates the prohibition of sharing fees with a non-lawyer. * * * Now On to Avvo's Good News: A California attorney has dropped his putative class action against Avvo in which he claimed that by using attorneys' names and likenesses on its website, Avvo was violating California's laws on rights of publicity and unfair competition. Aaron H. Darsky, a San Francisco litigator, agreed to dismiss the case after Avvo brought a motion to strike the complaint under California's anti-SLAPP law, according to Avvo's press release. Courthouse News Service, quoting Avvo GC Josh King, reports that Darsky agreed to dismiss the case to avoid paying Avvo's attorneys' fees after a judge indicated his claims couldn't hold up. U.S. District Judge Haywood Gilliam made "very, very clear" that he would rule in Avvo's favor, King told Courthouse News. The order of dismissal was entered by Judge Gilliam on Aug. 2. A similar class action remains pending in Illinois, according to Courthouse News.

top

The next frontier of online activism is 'woke' chatbots (WaPo, 11 August 2016) - A Twitter bot, by its very nature, cannot actually be "woke." The term refers to an awareness of social injustice - and bots, well, they're just lines of code. But since early June, an account called @StayWokeBot has been doing its best to help keep others aware. The bot, a collaboration between activists DeRay Mckesson and Sam Sinyangwe and the tech cooperative Feel Train, is intended to protect and maintain morale among the black protest community. As of this writing, the bot does two things, though it may do more in the future: When a Twitter user initially follows @StayWokeBot, it auto-tweets them a singsong affirmation; when a follower tweets at the bot with his or her state, it responds with contact information for that state's senators and a prompt to ask them to vote in favor of two gun-control measures. These sorts of repetitive, exhausting social media tasks - rallying the community, calling for action, facing down the angry @-replies of haters and critics - have long been the undertaking of activists themselves. But there's a growing understanding that this work takes a lot of time, not to mention a profound emotional and psychological toll. And bots, of all things, could be the ones to absorb that kind of emotional labor. This idea, that bots could serve as a sort of proxy or extension of human activists, is a subtle shift from the activist and protest bots of the past. Historically, the best-known and most-publicized ones have focused on one of two tasks: inserting themselves into strangers' conversation to correct "bad" speech, or alerting followers to the latest occurrence of some repetitive, ongoing event. Those bots @congressedits , @NRA_tally , @droptheIbot , the list goes on - are all about getting the word out to as many people as possible. @StayWokeBot is still interested in awareness, of course - but it's far more focused on the needs of the activist. Kazemi and his Feel Train partner, Courtney Stanton, made the bot according to Mckesson and Sinyangwe's specifications. Thanks to their collaboration, encouraging people to call their senators on an issue is now as easy as updating a Google spreadsheet . In theory, that should cut down on the sheer amount of time activists need to spend cheerleading (and shield them from at least some of their inevitable hate tweets). The big question, of course, is whether these bots actually work - and the jury's still out on that. @StayWokeBot has only 3,000 followers after more than two months, and few of them seem interested in the bot's current call to action. In April 2015, a team at Microsoft created a project very similar to @StayWokeBot, which tweeted at users in Latin America and asked them to brainstorm solutions to government corruption. Overall, 45 percent of the bots' tweets got a reply - which is good, but not quite good enough to replace humans. * * *

top

NOTED PODCASTS/MOOCS

Steve Budiansky on "Code Warriors: NSA's Codebreakers and the Secret Intelligence War Against the Soviet Union" (Lawfare, 23 July 2016; 63 minutes) - Steve Budiansky is the author of Code Warriors: NSA's Codebreakers and the Secret Intelligence War Against the Soviet Union . He joined Ben at the Hoover Book Soiree recently for a live conversation about his new book, which studies the National Security Agency's origins in World War II codebreaking and its development throughout the Cold War. Budiansky goes deep into how the organization's history has shaped its mission and culture. It's a fascinating discussion of the NSA's past, present, and future, from the Cold War to the Age of Snowden.

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Three of four financial institutions suffered external breach in past year (SC Magazine, 14 June 2006) -- More than three out of every four of the world's largest financial institutions experienced an external security breach in the past year, a dramatic increase over 2005, a new survey has revealed. The fourth annual poll, released today by Deloitte Touche Tohmatsu, found that 78 percent of the world's top 100 financial services organizations that responded to the survey confirmed a security breach from outside the organization, up from just 26 percent in 2005. The survey also learned that nearly half of the organizations experienced at least one internal breach, up from 35 percent in 2005. Phishing and pharming were responsible for 51 percent of the external attacks, while spyware and malware accounted for 48 percent. Meanwhile, insider fraud was responsible for 28 percent of the internal breaches and customer data leaks were to blame for 18 percent. "The extent and nature of these security breaches signal a new reality for the global financial services industry," said Ted DeZabala, principal in Deloitte's security services group. "Executing these types of attacks requires significant resources and coordination…Organizations not only face more sophisticated and hard-to-track attacks but are also challenged by increased risk and potential loss." The survey did reveal some good news: Almost 88 percent of organizations said they have implemented a business continuity plan, and 49 percent placed disaster recovery as a top five security initiative. Ninety-five percent of enterprises said their information security budgets have increased in the past year.

top

Lawyers receiving electronic documents are free to examine 'hidden' metadata: ABA Ethics Opinion (ABA Press Release, 9 Nov 2006) -- Lawyers who receive electronic documents are free to look for and use information hidden in metadata - information embedded in electronically produced documents - even if the documents were provided by an opposing lawyer, according to a new ethics opinion from the American Bar Association. The opinion is contrary to the view of some legal ethics authorities, which have found it ethically impermissible as a matter of honesty for lawyers to search documents they receive from other lawyers for metadata or to use what they find, according to the ABA Standing Committee on Ethics and Professional Responsibility. But the ABA committee said the only provision in the ABA Model Rules of Professional Conduct relevant to the issue merely requires a lawyer to notify the sender when the lawyer receives what the lawyer should reasonably know were inadvertently sent documents. It does not require the recipient to return those documents unread. The committee also made clear that it was not addressing situations in which documents are obtained through criminal, fraudulent, deceitful or otherwise improper conduct. The ABA committee noted metadata is ubiquitous in electronic documents, and includes such information as the last date and time that a document was saved and by whom, data on when it was accessed, the name of the owner of the computer that created the document and the date and time it was created, and a record of any changes made to the document or comments written into it.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. Aon's Technology & Professional Risks Newsletter

5. Crypto-Gram, http://www.schneier.com/crypto-gram.html

6. Steptoe & Johnson's E-Commerce Law Week

7. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

8. The Benton Foundation's Communications Headlines

9. Gate15 Situational Update Notifications, http://www.gate15.us/services.html

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

Saturday, July 23, 2016

MIRLN --- 26 June – 23 July 2016 (v19.10)

MIRLN --- 26 June - 23 July 2016 (v19.10) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | PODCASTS/MOOCS | RESOURCES | LOOKING BACK | NOTES

Lawyers prepare for 'driverless M&A' as smart contract era dawns (Australia Financial Review, 19 June 2016) - The nation's top law firms are braced for disruption as "smart contract" technology threatens thousands of legal jobs and lawyers' role intermediating commercial negotiations and disputes is automated by computers. One of the country's biggest law firms, Allens, sent a report to its clients on Friday afternoon admitting that lawyers' business model of profiting from an absence of trust in companies transacting with each is under threat from trust being coded into computers via distributed ledger technology, also known as blockchain . "Smart contracts" are an application on the blockchain, referring to computer protocols which verify and execute the terms of a contract, removing the need for humans to monitor compliance and enforcement. "For almost 200 years, our own business has been built on the basis that people need to transact but often lack the trust to rely on a handshake alone," Allens said. "In essence, we help organisations do business in the absence of trust - we design governance structures, we draft and negotiate contracts, and sometimes, if things go pear-shaped, we litigate. So when a new technology comes along that creates trust through computers - distributed ledger technology, also known as blockchain - is it going to be potentially disruptive." Gilbert+Tobin managing partner Danny Gilbert said disruptive change to law firms is inevitable and they will get smaller as lawyers are put out of jobs by automation of their role as a trusted adviser. "Legal services and legal products have been driven by the human mind and the human hand, and we're about to see a fundamental change in that. We have driverless cars, we have robots doing surgery and we will have driverless M&A," he said.

top

New Mexico top court overturns conviction due to Skype testimony, warns judges about social media (ABA Journal, 23 June 2016) - The New Mexico Supreme Court is warning judges about the perils of social media in an opinion that nonetheless sidesteps whether the trial judge's Facebook posts indicated bias. The New Mexico Supreme Court ruled (PDF) on June 20 that Truett Thomas was entitled to a new trial on a murder charge because the judge improperly allowed Skype testimony of a prosecution witness, the New Mexico Appellate Law Blog and the Santa Fe New Mexican report. The court said the Skype testimony violated Thomas' right to "physical face-to-face confrontation" of the witness, who did not appear because of inconvenience. As a result of the Skype reversal, the court didn't consider whether reversal was required because of the trial judge's Facebook post. The judge had posted on his campaign website that a guilty verdict had been returned and, "Justice was served. Thank you for your prayers." The opinion nonetheless cautioned judges "to avoid both impropriety and its appearance in their use of social media." "While we make no bright-line ban prohibiting judicial use of social media," the opinion said, "we caution that 'friending,' online postings, and other activity can easily be misconstrued and create an appearance of impropriety. Online comments are public comments, and a connection via an online social network is a visible relationship, regardless of the strength of the personal connection." The court said it agreed with an ABA ethics opinion that judicial campaign websites be maintained by campaign committees rather than the candidates. "We clarify that a judge who is a candidate should post no personal messages on the pages of these campaign sites other than a statement regarding qualifications" the court said. The judge should not allow public comments to be posted on the campaign website, the court said, "and should engage in no dialogue, especially regarding any pending matters that could either be interpreted as ex parte communications or give the appearance of impropriety." Judges should also use privacy settings to protect their online presence and should consider any statements posted online to be a public statement, the court said. Concerns raised by social media include the inability to truly delete a posted message, the public perception that friendships exist between people who are not actually acquainted, and the ease with which posts can be widely disseminated.

top

- and -

Social media endorsements: Undue flattery will get you nowhere (ABA's Peter Geraghty, July 2016) - It goes without saying, but I'll say it again: social media has a way of raising ethical issues that filter into the day-to-day practice of law in ways that may not have been fully anticipated, but at the same time raise familiar themes that the profession has addressed in different nonelectronic contexts over the past 100 years. Take for example the subject of endorsements that lawyers receive either from clients or from other lawyers on their social media websites. What if a lawyer who concentrates his practice in real estate transactions and who never engages in litigation receives an endorsement from a former client lauding his ability as a litigator? Or where a lawyer who has a Social Security disability practice gets an endorsement from another lawyer touting his abilities as an estate planner? Does a lawyer have an obligation to monitor his social media page to ensure that the endorsements he receives are accurate? We at ETHICSearch have produced a variety of columns on social media over the past few years, some of which touch on some of the issues addressed in this month's column. See, e.g., Facebook follies (April 2016), Privacy settings and postings on social media: Etched in plastic or carved in stone? (February 2015), Client reviews: Your thumbs down may come back around (September 2014) and May 2009 entitled, Ringing or stinging endorsements? * * * [ Polley : Excellent and thorough.]

top

- and -

This week in legal tech: Ethics and technology competence (Robert Ambrogi, 11 July 2016) - I had a call last week from two partners at a 25-lawyer firm. Their secretary arranged the call so I had no idea what it was about. At the appointed hour, they got quickly to the point. "When it comes to technology, we are still in the dark ages," they said. They realized that, to remain competitive, their firm needs to change. But not all their partners are on board. They wanted outside help to better understand the benefits and risks. They are no anomaly. My sense is that a lot of firms are still in the dark ages about technology. As these two partners correctly perceived, that is a competitive risk. What many lawyers fail to perceive, however, is that it is also an ethical risk. The very goal these two partners described - to better understand the benefits and risks of technology - is in fact an ethical duty in a growing number of U.S. states. Four years ago next month, the American Bar Association formally approved a change to the Model Rules of Professional Conduct to make clear that lawyers have a duty to be competent not only in the law and its practice, but also in technology. More specifically, the ABA's House of Delegates voted to amend Comment 8 to Model Rule 1.1, which pertains to competence, to read (emphasis added): * * * This being a model rule, it must be adopted in a state for it to apply there. I've been keeping a tally of the states that have adopted the duty of technology competence. So far, 21 states have done so. No doubt, there will be more to come. But what exactly does it mean for a lawyer to be competent in technology? Unfortunately, we do not yet have a lot of guidance to help us answer that question. But we do have some. One of the most detailed discussions of this issue came in the form of an ethics opinion last year from the State Bar of California. Part of the reason that Formal Opinion No. 2015-193 was so striking was that it dealt with technology competence in the context of e-discovery. Many attorneys still think of e-discovery as an esoteric specialty - an area of practice better left to others to understand. But this ethics opinion makes clear that, in an age when any case can involve electronic evidence, every attorney who steps foot in a courtroom has a basic duty of competence with regard to e-discovery. * * *

top

Law firms increasingly joining information sharing centers for cyber threat info (LegalTech News, 24 June 2016) - Law firms have different options to gain information on cyber risks. One option that many are currently undertaking is joining a regional consortium or an information sharing center to gain the most up-to-date threat information. It is true, according to Mark Sangster, vice president and industry security strategist at eSentire, that "many law firms still learn about cyber threats from the headlines, when the FBI shows up to report a breach or when illegal use of stolen data is used to front run trades." Also, "firms of all scale are quickly mobilizing mechanisms to detect and block threats. However, he told Legaltech News, "Many of the technologies adopted by resource-strapped firms produce automated reports that report on threats after the fact," when in actuality, "real-time detection and response is mission critical to stay on top of emerging threats." "Heightened cybersecurity awareness at all levels has helped to make cybersecurity a priority. It's impossible to ignore the incredible number of breach cases impacting organizations today," he added. "This year in particular has been a difficult one for the industry, which has seen a significant rise in the number of successful law firm cyberattacks." Moreover, Sangster pointed out that law firms "are recognizing the value in threat sharing organizations. … Actionable intelligence has become integral to every law firm as the number of cyberattacks targeting law firms continues to rise." For instance, he noted how the Financial Services Information Sharing and Analysis Center (FS-ISAC) recently launched the Information Sharing & Analysis Organization (LS-ISAO). It provides real-time alerts, access to analysts, curated intelligence, and crisis notifications. The center says such sharing communities are "recognized as one of the best defenses against cyber threats and attacks." The LS-ISAO launched after officials talked to close to 180 firms that may be interested in joining, Legaltech News reported last year. "Firms are no longer alone in this hostile environment - members are trust-sourcing threat indicators for analysts to research, scrub and anonymize, yielding actionable intelligence for dissemination in real-time," according to a center statement. There are other kinds of organizations that law firms are joining as well, some of which are more broad-based. For instance, the Massachusetts-based Advanced Cyber Security Center (ACSC) is a consortium, founded some five years ago, that brings together business, university and government organizations to address the most advanced cyber threats. It focuses on sharing cyber threat information, engaging in cybersecurity research and development, creating education programs to address the shortfall in cyber talent, and advancing policies that will enhance security. Current members include the Foley Hoag law firm, which also provides the center legal advice. The firm's chair of its privacy and data security practice group, Colin Zick, called the ACSC "unique," given its diverse membership, and such regional assets as major research universities, military resources and businesses. In this way, Foley Hoag can partner with a "broad cross-section of organizations" to improve its knowledge on advanced persistent threats and what may be coming. Other threat sharing organizations are often built around a specific industry or have members from a single state.

top

- and -

DHS issues final procedures for cybersecurity threat information sharing (Steptoe, 30 June 2016) - On June 15, the Department of Homeland Security, jointly with the Department of Justice, issued its final procedures and final guidelines for cybersecurity threat information sharing, which were required by the Cybersecurity Act of 2015. DHS also released updated guidance for non-federal entities sharing information with the government under the Act. The procedures and guidelines relate to Title I of the Act, entitled the Cybersecurity Information Sharing Act of 2015 (CISA), which provides processes and protections for sharing cybersecurity threat information between government and private sector entities. DHS had issued interim versions of the procedures and guidelines, along with two other guidance documents in February 2016. It was required by CISA to issue the final versions of the procedures and guidelines, and also opted to release updated guidance based on feedback from industry.

top

Mining sector has faced 17 major cyber-incidents in the past six years (Softpedia, 29 June 2016) - A comprehensive report published yesterday by security firm Trend Micro revealed that threat groups are intensifying their efforts against companies activating in the mining sector. The reasons behind these attacks can be geo-political, but related to also financial gains. Threat groups are targeting these companies to gain insights on state-operated mining firms in order to understand or subvert local politics but also to steal intellectual property and other proprietary information. This information usually reaches the black market or is passed on to local mining corporations in case of state-powered cyber-attacks. Since 2010, cyber-security firms have been called in to investigate 17 incidents involving cyber-attacks on 22 entities activating in the mining sector. The first attack took place in April 2010 and targeted the Rio Tinto Group, BHP Billiton Ltd., and Fortescue Metal Groups. Experts believe the hackers were from Asia and sought information for commercial espionage. The second attack occurred in February 2011, again against BHP Billiton. The company's boss suspected that the main reason behind the cyber-attack was for nation states and competitors to get their hands on market pricing for key commodities. In April 2011, hackers broke into the Australian Federal Parliament email accounts to gain access to email conversations between ministers and executives of Australian mining companies operating in China. Later that year, in October and November, hackers attacked law firms and the Government of Canada's Finance Department and Treasury Board to obtain insight on bids to take over Canadian mining firm Potash Corporation of Saskatchewan. * * *A more in-depth read is available via Trend Micro's Cyber Threats to the Mining Industry 50-page report.

top

What media companies don't want you to know about ad blockers (Columbia Journalism Review, 29 June 2016) - New York Times CEO Mark Thompson caused a minor stir a couple weeks ago when he gave a speech at an advertising conference declaring that "No one who refuses to contribute to the creation of high quality journalism has the right to consume it." He went on to say that while the Times is "not there yet," the company may soon prevent users with ad blockers from accessing its site. But newspaper executives like Thompson often focus exclusively on the drawbacks of ad blockers, leaving a big part of the story untold. Thompson did not say one word in his keynote address about the significant security benefits of ad blockers, which is ironic, because his paper was one of several news organizations that served its users ransomware-a particularly vicious form of malware that encrypts the contents of your computer and forces you to pay the perpetrators a ransom in bitcoin to unlock it-through its ad networks just a few months ago. Several major news sites-including the Times , the BBC, and AOL-had their ad networks hijacked by criminal hackers who attempted to install ransomware on readers' computers. Advertising networks have served malware onto the computers of unwitting news readers over and over in the past couple years. Ads on Forbes , for example, attacked their readers in January, right after the magazine forced readers to disable ad-blocking software to view its popular annual "30 Under 30" feature. As Engadget reported , "visitors were immediately served with pop-under malware, primed to infect their computers, and likely silently steal passwords, personal data and banking information." It wasn't the first time this had happened at Forbes , either. And it's not just in the US. A couple months ago, almost every major news site in the Netherlands served malware through its ads to its users.

top

Keeper and Ponemon Institute study finds more than 50% of SMBs breached in past year (MarketWired, 30 June 2016) - Keeper Security, Inc., the world's leading password manager and secure digital vault, today announced the results of a North American study analyzing the state of cybersecurity in small and medium-sized businesses (SMBs). Sponsored by Keeper Security and conducted by the Ponemon Institute, the study found that more than 50% of SMBs have been breached in the last 12 months. No business is too small to evade a cyber attack or data breach and businesses across all industries are impacted by this threat. Only 14% of the companies surveyed rated their ability to mitigate cyber attacks as highly effective. Confidence in SMB cybersecurity posture is so low primarily because personnel, budget and technologies aren't sufficient. Additionally, IT security priority determination is not centralized to one specific function in a company, therefore reducing accountability and resulting in less informed decision making. [ Polley : There's no reason to suspect that law firms don't have the same exposure.]

top

Evidence from the Wayback machine is admissible (at least in Kansas) (Lawyerist, 1 July 2016) - Although the internet is well-entrenched in every aspect of our lives, the legal profession still struggles with how it is to be used as a source of information, connectedness, and admissible evidence. Heck, states even differ wildly on whether or not you can friend a judge on Facebook. No one is entirely sure what to do about sitting jurors and use of social media. With all of that confusing (and sometimes downright Luddite ) thinking about the virtual world, it is gratifying when there are decisions that reflect that a judge understands how the internet works. Recently, the United States District Court for the District of Kansas issued an opinion which held that evidence obtained from the Wayback Machine was admissible. The plaintiff, a trucking company, brought a trademark infringement suit against the defendant, a truck driver job posting website, alleging unauthorized use of the plaintiff's trademark on the defendant's website. To prove the defendant's use of the trademark, the plaintiff intended to introduce at trial screenshots of defendant's website taken from the Wayback Machine, along with authenticating deposition testimony from an employee of the Internet Archive.

top

Bulgaria got a law requiring open source (Slash-Dot, 4 July 2016) - All software written for the government in Bulgaria are now required to be open-source. The amendments to put such laws in motion were voted in domestic parliament and are now in effect , announced software engineer Bozhidar Bozhanov, who is also an adviser to the Deputy Prime Minister at Council of Ministers of the Republic of Bulgaria. All such software will also be required by law to be developed in a public repository. Bozhanov writes in a blog post: That does not mean that the whole country is moving to Linux and LibreOffice, neither does it mean the government demands Microsoft and Oracle to give the source to their products. Existing solutions are purchased on licensing terms and they remain unaffected (although we strongly encourage the use of open source solutions for that as well). It means that whatever custom software the government procures will be visible and accessible to everyone. After all, it's paid by tax-payers money and they should both be able to see it and benefit from it. As for security -- in the past "security through obscurity" was the main approach, and it didn't quite work -- numerous vulnerabilities were found in government websites that went unpatched for years, simply because a contract had expired. With opening the source we hope to reduce those incidents, and to detect bad information security practices in the development process, rather than when it's too late.

top

European Union's first cybersecurity law gets green light (Bloomberg, 6 July 2016) - The European Union approved its first rules on cybersecurity, forcing businesses to strengthen defenses and companies such as Google Inc. and Amazon.com Inc. to report attacks. The European Parliament endorsed legislation that will impose security and reporting obligations on service operators in industries such as banking, energy, transport and health and on digital operators like search engines and online marketplaces. The law, voted through on Wednesday in Strasbourg, France, also requires EU national governments to cooperate among themselves in the field of network security. The rules "will help prevent cyberattacks on Europe's important interconnected infrastructures," said Andreas Schwab, a German member of the 28-nation EU Parliament who steered the measures through the assembly. EU governments have already supported the legislation.

top

Standards body whines that people who want free access to the law probably also want 'free sex' (TechDirt, 7 July 2016) - You would think that "the law" is obviously part of the public domain. It seems particularly crazy to think that any part of the law itself might be covered by copyright, or (worse) locked up behind some sort of paywall where you cannot read it. Carl Malamud has spent many years working to make sure the law is freely accessible... and he's been sued a bunch of times and is still in the middle of many lawsuits, including one from the State of Georgia for publishing its official annotated code (the state claims the annotations are covered by copyright). But there's another area that he's fought over for many years: the idea that standards that are "incorporated by reference" into the law should also be public. The issue is that many lawmakers, when creating regulations will often cite private industry "standards" as part of the regulations. So, things like building codes may cite standards for, say, sheet metal and air conditioning that were put together by the Sheet Metal and Air Conditioning Contractors National Association (SMACNA), and say that buildings need to follow SMACNA's standards. And those standards may be great -- but if you can't actually read the standards, how can you obey the law. At one point SMACNA went after Malamud for publishing its standards. And while they eventually backed down, others are still in court against Malamud -- including the American Society for Testing & Materials (ASTM), whose case against Malamud is set to go to trial in the fall. In the midst of all of this, various standards making bodies, along with the American National Standards Institute (ANSI), have been working over time to get the American Bar Association to adopt a proposal that limits publication of standards that are incorporated by reference. ANSI has pushed for a solution it prefers called "reasonable availability," in which the standard-makers decide by themselves how best to make the standards "available." ANSI, for example, hosts a bunch of incorporated by reference standards on its website -- but the only way to read them is to install a special kind of DRM (Windows and Mac only) that makes the documents purely read only. You are not allowed to save them. You are not allowed to download them permanently. You are not allowed to print them. And it's not all standards that are incorporated by reference. Why do they do this? Well, most of them sell their standards to professionals who need to buy them, and they don't want to give up on that revenue source (especially once those standards are incorporated by reference because at that point they become mandatory). [ Polley : The pending ABA policy is in Resolution 112, to be taken up by the House of Delegates on August 8 or 9. It's less-than-transparent and pernicious - see bolded language above . If you're in the House, look carefully at this language, and hear out Carl Malamud, who'll be in the audience.]

top

Appeals court says government email stored on private servers is still subject to FOIA requests (TechDirt, 8 July 2016) - There were indications that Clinton's use of a private email address was an attempt to route around FOIA requests. As her server was being set up, communications from both her staff and the State Department's noted that an account in her name existed already, but would be subject to FOIA requests. This has been a problem elsewhere. Several government officials have conducted an inordinate amount of government business using private email accounts or personal devices in hopes of skirting public records requests. The DC Circuit Court's case deals with a little-known government agency, but an all-too-familiar dodge by public officials . In a decision Tuesday in a case not involving Clinton directly, the U.S. Court of Appeals for the D.C. Circuit held that messages contained in a personal email account can sometimes be considered government records subject to Freedom of Information Act requests. The case ruled on by the D.C. Circuit focused on a relatively obscure White House unit: the Office of Science and Technology Policy. * * *

top

- and -

Is the DOJ using obsolete software to subvert FOIA requests? (Slash-Dot, 17 July 2016) - A new lawsuit alleges that the U.S. Department of Justice intentionally conducts inadequate searches of its records using a decades-old computer system when queried by citizens looking for records that should be available to the public," reports The Guardian. Slashdot reader Bruce66423 writes: An MIT PhD student has filed a suit in Federal court alleging that the use of a 21-year-old, IBM green screen controlled search software to search the Department of Justice databases...constitutes a deliberate failure to provide the data that should be being produced. Ryan Shapiro's lawsuit alleges "failure by design," saying that the Justice Department records are inadequately indexed -- and that they fail to search the full text of their records when responding to requests "When few or no records are returned, Shapiro said, the FBI effectively responds 'sorry, we tried' without making use of the much more sophisticated search tools at the disposal of internal requestors." The FBI has a $425 million software system to handle FOIA requests, but refuses to use it, saying that would be "needlessly duplicative...and wasteful of Bureau resources."

top

Does the First Amendment protect citizen journalists who film police? (MLPB, 8 July 2016) - Does the First Amendment protect a citizen's right to film police officers while they perform their duties? The Supreme Court hasn't ruled, but some lower courts have. See Gericke v. Weare (1st Circuit) and Glik v. Cunliffe (1st Circuit), Smith v. City of Cumming (11th Circuit), ACLU v. Alvarez (7th Circuit), generally upholding the right of the public to film officers who are in public, discharging their duties, and when the activities are of public interest and the individual filming is not interfering with the officer's activities. In the wake of police shootings in Baton Rouge, LA, and Falcon Heights, MN, and shootings of officers in Dallas, TX, here's a short discussion of the issue from the National Coalition Against Censorship (NCAC). See also this article in the New York Times, reporting that Ruben An has filed a lawsuit against the New York Police Department, claiming that the NYPD violated his rights by interfering with him while he filmed officers interacting with another person in 2014. Police arrested Mr. An; some charges were later dropped, and he was acquitted on the remaining counts.

top

9th Circuit: It's a federal crime to visit a website after being told not to visit it (Orin Kerr on Volokh, 12 July 2016) - The U.S. Court of Appeals for the 9th Circuit has handed down a very important decision on the Computer Fraud and Abuse Act, Facebook v. Vachani , which I flagged just last week. For those of us worried about broad readings of the Computer Fraud and Abuse Act , the decision is quite troubling. Its reasoning appears to be very broad. If I'm reading it correctly, it says that if you tell people not to visit your website, and they do it anyway knowing you disapprove, they're committing a federal crime of accessing your computer without authorization. I think this decision is wrong, and that it has big implications going forward. Here's a rundown of the case and why it matters. I'll conclude with a thought about a possible way to read the case more narrowly, as well as why I'm not convinced that narrow reading is correct. * * * [ Polley : Orin Kerr is my designated go-to authority on conservative readings of internet-related 4th Amendment jurisprudence; I often don't like what he writes, but it's always compelling.]

top

- and -

Second Circuit: Warrants cannot be used to compel disclosure of emails stored outside the United States (Orin Kerr on Volokh, 14 July 2016) - The Second Circuit has handed down its long-awaited decision in the Ireland warrant case, In the Matter of a Warrant to Search a Certain E ‐Mail Account Controlled and Maintained by Microsoft Corporation . The holding: If a U.S. company stores customer email outside the United States, whether of U.S. or foreign customers, the government cannot use a domestic search warrant to compel the disclosure of the email. If the data is stored outside the United States, the government has to find some other way to compel the email other than a traditional search warrant. This post will cover the reasoning of the opinion, and in another post I'll address its implications and what happens next. * * * [ Polley: see also Microsoft just won a big victory against government surveillance -- why it matters (Dan Solove, 15 July 2016)]

top

Pokémon Go: Who owns the virtual space around your home? (The Guardian, 13 July 2016) - When a virtual space overlaps a real-world space, then whose space is it, and who controls what is created as a result? The success of augmented-reality game Pokémon Go has forced this question into focus. Since its launch less than a week ago, groups worldwide have struggled with the game's unforeseen ramifications. Washington DC's Holocaust Museum has asked Pokémon Go players to stay away : the museum was designated a Pokéstop, where players can pick up items like Pokéballs and revives, forcing its communications director to point out that playing a game inside a memorial to victims of Nazism is "extremely inappropriate". In the Sydney suburb of Rhodes, a chance confluence of Pokéstops has led to "hundreds" of players milling around a small outdoor area . "The place is in complete chaos with crowds of well over 1,000 per night. There is a massive level of noise after midnight, uncontrollable traffic, excessive rubbish, smokers, drunk people, people who are 'camping' in the site, and even people peddling mobile phone chargers," a resident told Buzzfeed. Boon Sheridan, a Massachusetts man who lives in a converted church, has found his house has been designated a Pokémon Gym , the most important category of locations in the game. For days, people have been loitering outside his house, leaving him concerned it "could easily make this place look like a dealer's house". Ingress, a science fiction-tinged game developed back when the company was still a subsidiary of Google, has been running for six and half years. In July 2015, the company faced an almost identical controversy, after the German magazine Zeit reported that concentration and death camps including Dachau, Buchenwald and Auschwitz-Birkenau were all set up as in-game "portals". Some were deleted the day after Zeit contacted Google; others remained, including a portal specifically located at the notorious "Arbeit Macht Frei" gates in Auschwitz. * * * [ Polley : Interesting; I watched oblivious Pokemon-Go players bumping into visitors in Stockholm's Kungstradgarden park last week.]

top

- and -

Pokémon Go players in Bosnia warned to avoid minefields (Mashable, 20 Jul 2016) - Bosnian players of the popular Pokémon Go app have been told to avoid areas still littered with landmines from the war in the 1990s. A charity which deals with demining in the Balkan country, Posavina bez mina, has issued a warning after receiving reports of gamers hunting for Pokémon in risky areas. "Today we received information that some users of the Pokémon Go app in Bosnia were going to places which are a risk for [unexploded] mines, in search of a Pokémon. Citizens are urged not to do so, to respect demarcation signs of dangerous minefields and not to go into unknown areas," the NGO said. About 120,000 mines are still to be found in Bosnia, according to another demining group. As the popularity of Pokémon Go increases around the world, several incidents have been reported, from people falling into a pond to a car crash . Two men were rescued in California after falling off a seaside cliff while playing the game.

top

- and -

Augmented Reality - Technology & Policy Primer (University of Washington's Tech Policy Lab, October 2015) - This whitepaper is aimed at identifying some of the major legal and policy issues augmented reality (AR) may present as a novel technology, and outlines some conditional recommendations to help address those issues. Our key findings include: (1) AR exists in a variety of configurations, but in general, AR is a mobile or embedded technology that senses, processes, and outputs data in real-time, recognizes and tracks real-world objects, and provides contextual information by supplementing or replacing human senses; (2) AR systems will raise legal and policy issues in roughly two categories: collection and display. Issues tend to include privacy, free speech, and intellectual property as well as novel forms of distraction and discrimination; (3) We recommend that policymakers-broadly defined-engage in diverse stakeholder analysis, threat modeling, and risk assessment processes. We recommend that they pay particular attention to: a) the fact that adversaries succeed when systems fail to anticipate behaviors; and that, b) not all stakeholders experience AR the same way; and (4) Architectural/design decisions-such as whether AR systems are open or closed, whether data is ephemeral or stored, where data is processed, and so on-will each have policy consequences that vary by stakeholder.

top

HHS: Healthcare groups must report all ransomware attacks (SC Magazine, 14 July 2016) - The Federal Health and Human Services Department (HHS) issued guidelines this week that could require hospitals and doctor offices to notify HHS if they are victimized by a ransomware attack. The HHS guidance has several stipulations for if and when health providers would be required to make a notification. The primary trigger would be if the electronic protected health information (ePHI) is not protected in accordance with HHS regulations or if the ePHI is properly encrypted making it impervious to a criminal enterprise. However, if neither of these thresholds are met than the affected organization would have to notify HHS if a ransomware incident takes place. This differs from the current standard which only required healthcare providers report incidents in which the personal information of more than 500 people was compromised through a data breach. A ransomware attack did not fall under these guidelines. One example provided by HHS states, "if a laptop encrypted with a full disk encryption solution in a manner consistent with HHS guidance is properly shut down and powered off and then lost or stolen, the data on the laptop would be unreadable, unusable and indecipherable to anyone other than the authenticated user. Because the PHI on the laptop is not "unsecured PHI", a covered entity or business associate need not perform a risk assessment to determine a low probability of compromise or provide breach notification." The HHS guidance stated that entities that comply with HIPAA security rules will be more secure from ransomware and other cyberattacks as they require the implementation of cybersecurity measures, conducting a risk analysis to identify threats and vulnerabilities and taking measures to remediate those risks.

top

DHS looking to link to the blockchain (ReadWrite, 15 July 2016) - The Department of Homeland Security has stepped up its research and investment into blockchain technologies, as it searches for ways to make the government more secure, accountable, and autonomous. Public interest in the blockchain from the DHS started in December last year, when it called for small business proposals to research the advantages and disadvantages of the emerging technology. Six months later, it awarded the $200,000 grant to Factom. Factom is not the only startup working with the DHS on blockchain, Solarity Solutions, Respect Network and Digital Bazaar have also received funding, according to CoinDesk , to research the blockchain. The DHS also has a Silicon Valley office looking into authentication advantages using the tech pioneered by Bitcoin. Most of the research seems preliminary: separate the fact from fiction, research the technology's capabilities, report back. But in the near future we may see the DHS move from inquiry into active adoption of the blockchain for all sorts of privacy and security interests.

top

Just as open competitor to Elsevier's SSRN launches, SSRN accused of copyright crackdown (TechDirt, 18 July 2016) - A couple of months ago, we wrote about how publishing giant Elsevier had purchased the open access pre-publisher SSRN. SSRN is basically the place where lots of research that we regularly report on is published. Legal and economics academics quite frequently post their journal articles there. Of course, Elsevier has a well-known reputation for being extreme copyright maximalists in dangerous ways. Having Elsevier take over SSRN concerned a lot of academics, and even led to calls for alternatives, including many asking the famed arXiv to open a social science research operation as well. Indeed, it appears that arXiv was paying attention, because just about a week ago, SocArXiv was announced , and it already has a temporary home hosted by Open Science Framework. And perhaps this came just in time, because just as that happened, Stephen Henderson, a law professor, noted that SSRN took down his paper saying that they didn't think he retained the copyright to it. When I posted a final PDF of an article for which not only do my co-author and I retain the copyright, but for which the contract also includes _explicit_ permission to post on SSRN, I received the typical happy "SSRN Revision Email" saying all was well. Only when I went to take a look, I found there was no longer any PDF to download at all-merely the abstract. So, download counts are gone, and no article. Not the former working version nor the final version. And then in the revision comments, I found this: "It appears that you do not retain copyright to the paper, and the PDF has been removed from public view. Please provide us with the copyright holder's written permission to post. Alternatively, you may replace this version with a working paper or preprint version, if you so desire. Questions and/or written permissions may be emailed to support@ssrn.com, or call 1-877-SSRNHELP (877-777-6435 toll free) or 1-585-442-8170 outside the US." So, not only have they completely changed their model, but-at least to me-they gave no effective notice, and they pull papers without asking. Nobody bothered to _ask_ whether I had permission; they simply took down every version of the article and said nothing. Alas. And when I called customer support and someone called back, I pointed out that some profs have hundreds of articles posted for which SSRN doesn't hold the copyright agreements. "Are you going to take all those down too?," I asked. The answer, in essence, "Those were posted in error." Unbelievable.

top

Legalist is making it easier for lawyers to find state court records (TechCrunch, 19 July 2016) - Imagine a lawyer with a client who lives in one county and works in another. Or even a lawyer who litigates in multiple states. Both common occurrences, but situations that make it very hard to keep track of legal documents. Essentially, it should be easy to keep track of court records from multiple counties and states - but it's not. In fact, it's pretty awful. Most are hosted online, but each county could have different databases and even different databases providers, making it a huge hassle to constantly search for court records and updates. For example, Ohio has 88 counties, and you have to search each one separately for legal records. It's such a mess that some lawyers have found it easier to have employees just drive from county to county tracking down records in person. Enter Legalist - a startup launching in Y Combinator's Summer '16 batch. Founded by Eva Shang and Christian Haigh, two current Harvard undergrads, the startup is trying to become a Google for state court records. They are doing this by scraping these databases and aggregating the documents into one main searchable database. This takes a while - most counties and states have records going back to 1989. For example, the startup is currently scraping 10 different states - a process that is providing them with 400,000 new documents a day. Besides searchable records, the startup also offers email updates for cases. This means that the site will scrape databases each day for updates to flagged cases and automatically email lawyers with the new documents so they don't have to manually check every day for case updates. So far the site is live for users in Massachusetts, Ohio, and Maryland - with more to come soon. These three states have provided the databases with documents for over 7 million cases and 110,000 different lawyers. The service is also free for any licensed attorney registered with their state's bar association. However the startup plans on charging for additional features in the future. These include an option to see cases sorted by outcome based on a certain judge - this will help lawyers choose the best litigation strategy in a specific case. Another future paid feature is "predicted timeline", which uses their millions of archived cases to provide an estimate on how long a certain case will take. The startup says that lawyers find this feature especially helpful because the first question a client often asks their lawyer is how long the entire legal process will take. For now, the startup is just focused on state and county records. This is because the vast majority of court cases happen on the state level. Out of an approximately 95 million cases filed each year nationwide, only about 1 million happen in federal court. Plus, federal court records are already organized in a central database called PACER . So while Legalist eventually plans on adding federal records to their database, it isn't an immediate need.

top

After errant Melania tweet, DOJ rethinks social media policy (NextGov, 20 July 2016) - The Justice Department is adjusting its social media policy after a staffer posted a personal message to DOJ's more than 1 million Twitter followers. The gaffe occurred Tuesday, in apparent response to allegations that Melania Trump's speech at the Republican National Convention lifted chunks of a speech delivered by Michelle Obama during the 2008 Democratic National Convention. "CNN is the biggest troll of them all lmao #Petty," DOJ's official account tweeted, posting a link to a CNN news story headlined, "Campaign denies Melania Trump's speech plagiarizes parts of Michelle Obama's." The tweet, since deleted, was posted "erroneously" and "was meant for a personal account," said a DOJ statement provided to Nextgov. The staffer's access to the account has been revoked. This incident prompted DOJ to make "procedural changes to the way we use our social media accounts," the statement said. The department also plans to "provide additional social media training for employees." DOJ didn't respond to multiple requests for more detail about what those procedural changes, or additional training, entail. The General Services Administration's DigitalGov team, which encourages other agencies to use social media in a controlled manner, has outlined several suggestions for safe use, including using two-step verification for access from mobile devices.

top

WSJ reporter: Homeland Security tried to take my phones at the border (Motherboard, 21 July 2016) - On Thursday, a Wall Street Journal (WSJ) reporter claimed that the Department of Homeland Security demanded access to her mobile phones when she was crossing the border at the Los Angeles airport. The case highlights the powers that border agents purport to have, and how vulnerable sensitive information can be when taken through airports in particular. "I wanted to share a troubling experience I had with the Department of Homeland Security (DHS), in the hopes it may help you protect your private information," Maria Abi-Habib, a WSJ journalist focused on ISIS and Al Qaeda wrote in a post on Facebook . (Abi-Habib confirmed to Motherboard that the Facebook account was hers, but declined to comment further.) Abi-Habib says she had arrived in town for a wedding, when an immigration officer approached her, and took her aside from the main queue. This by itself was not unusual, Abi-Habib writes: because of her job, she has reportedly been put on a list that allows her to bypass the usual questioning someone with her travel profile may encounter. But things changed quickly, and Abi-Habib was escorted to another part of the airport. "Another customs agent joined her at that point and they grilled me for an hour-asking me about the years I lived in the US, when I moved to Beirut and why, who lives at my in-laws' house in LA and numbers for the groom and bride whose wedding I was attending. The first DHS agent then asked Abi-Habib for her two cell phones, in order "to collect information," Abi-Habib reports the officer as saying. "And that is where I drew the line," Abi-Habib writes. "I told her I had First Amendment rights as a journalist she couldn't violate and I was protected under. I explained I had to protect my government and military sources-over the last month, I have broken two stories that deeply irked the US government, in addition to other stories before I went on maternity leave, including one in Kabul that sparked a Congressional investigation into US military corruption, all stories leaked by American officials speaking to me in confidence." The agent passed over a document, which Abi-Habib later photographed and posted to Facebook, purportedly showing that the agent has the right to seize those devices. Abi-Habib instead said that the border agents would need to contact WSJ's lawyers. After some back and forth, the agent went to see her supervisor, and eventually said Abi-Habib is free to go. Abi-Habib said she reported the incident to a WSJ lawyer, encryption expert and the outlet's in-house security. From those conversations, Abi-Habib says, "My rights as a journalist or US citizen do not apply at the border, as explained above, since legislation was quietly passed in 2013 giving DHS very broad powers (I researched this since the incident). This legislation also circumvents the Fourth Amendment that protects Americans' privacy and prevents searches and seizures without a proper warrant."

top

NOTED PODCASTS/MOOCS

Steptoe Cyberlaw Podcast: An Interview with Jamie Smith (Steptoe, 24 June 2016; 46 minutes) - With Stewart on vacation, the blockchain takes over the podcast! In episode 121, Jason Weinstein and Alan Cohn talk all things bitcoin, blockchain, and distributed ledger technology, and interview Jamie Smith, Global Chief Communications Officer for the BitFury Group, one of the largest full-service blockchain technology companies. [ Polley : very interesting, with discussion ranging across the Atlantic and describing the DAO "hack".]

top

RESOURCES

The Future of Transatlantic Data Flows: Privacy Shield or Bust? (Prof Greg Voss, 1 May 2016) - Abstract: This article starts by providing background for the recently announced EU-US Privacy Shield, beginning with the adoption of the European Union's 1995 Data Protection Directive that limited cross border transfers of personal data to countries with "an adequate level of protection" of such data. The resulting "Safe Harbor" negotiated between the EU and the U.S. in order to allow continuing data flows between the two blocs is described, together with the Schrems decision invalidating it, with the consequences for transatlantic data flows being highlighted. The need for a "Safe Harbor 2.0," and details of the same, relabelled as the "Privacy Shield," are provided. Finally, the current legal uncertainty surrounding the Privacy Shield and potential alternatives to it are evoked.

top

Digital Searches and Seizures: Overview of Proposed Amendments to Rule 41 of the Rules of Criminal Procedure (CRS, 29 June 2016) - With the Rules Enabling Act, Congress granted to the Supreme Court the authority to write federal rules of procedure, including the rules of criminal procedure. After several years of evaluation by the Judicial Conference, the policy-making arm of the federal judiciary, on April 28, 2016, the Supreme Court transmitted to Congress proposed changes to Rule 41 of the Federal Rules of Criminal Procedure. These proposed changes would amend the federal search and seizure rules to permit the government to remotely access electronic devices although the location of the device may be unknown. This issue has become more pressing in recent years with an increasing number of users anonymizing their communications, hindering the government's ability to pinpoint the location of the target, and thus making it difficult to discern the appropriate federal court to apply for a search warrant. In recent years, a tension has arisen between Rule 41 as currently drafted and the Department of Justice's (DOJ's) desired use of the rule for digital searches. This issue arose recently in a 2012 magistrate judge's ruling from the Southern District of Texas, in which the court denied DOJ's application to conduct remote searches of a computer believed to have been part of a fraudulent scheme, because the government could not establish the location of the target, thereby placing it outside the scope of Rule 41 and in violation of the Fourth Amendment particularity requirement. There have been at least two lines of argument against the proposed rule change, one based on the substance of the proposed amendment and the other grounded in the process by which the rule is being changed. The substantive arguments pertain to the actual substance of the rule and include for example, an argument that the new rule would breach the particularity requirement of the Fourth Amendment. The procedural arguments pertain to how this potential authorization should be made law: through the rulemaking process by the courts or through enacted legislation by Congress. While federal law enforcement has been supportive of the proposed change, some advocacy groups have argued that the proposed rule change "would have significant legal and technical implications" and thus "merit[s] open consideration by Congress, rather than a rulemaking proceeding of the Judicial Conference." This report provides a brief overview of the proposed amendment to Rule 41. First, it provides a background on the origin of, and rationale underlying, the proposed amendment and a description of the rule as currently written. Second, it reviews the potential changes made by the proposed amendment and will survey various concerns commenters have raised with the proposal. Lastly, this report addresses efforts being made in Congress to alter, delay, or stop this rule change.

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Senators caught rewriting Wikipedia (NewsFactor.com, 9 Feb 2006) -- Online reference compendium Wikipedia has found that employees working in the U.S. Congress have made several changes to political biographies, removing facts considered negative and tweaking language to portray politicians in a better light. Wikipedia began an investigation after a Democratic representative, Marty Meehan, admitted that he had spiffed up his online biography page. It was found that articles on other senators had been changed, sometimes significantly, and that the edits could be traced to computers on Capitol Hill. Although Wikipedia is a collectively run reference, and can be edited by any of its users, those who run the site attempt to police changes to make sure they adhere to fact and not opinion or prejudice. In its investigation, Wikipedia examined the public edit history on the political biography pages in question. Researchers discovered the links to the U.S. Senate and began checking the biographies that had been visited. Half a dozen pages were changed, according to Wikipedia, including those of California Senator Dianne Feinstein, Iowa Senator Tom Harkin, and Minnesota Senator Norm Coleman. Senator's Coleman staff confirmed the changes, noting that they had made several changes, such as a description of the senator in college. Where he had once been described as a "liberal," the staff edited the listing to dub him an "activist." Staff members of Senator Harkin removed a paragraph noting that Harkin had claimed falsely to have been in combat in North Vietnam, a claim he later recanted.

top

British law goes online (ComputerActive, 20 Dec 2006) -- The British government has made the entirety of the country's law statutes available online. The Statute Law website contains the 'official revised edition' of the UK's primary legislation - that is, any acts passed by parliament. The database includes details of how laws have changed over time, as well as how existing laws will be amended by future legislation that is not yet in force. The content - all 30,000 items - is available for free for private use. In addition to acts of parliament, the website also contains secondary legislation - laws passed directly by the government of the day - that has come into effect since 1991. In addition to national law, the database also contains acts of the Scottish parliament and the Northern Ireland assembly.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. Aon's Technology & Professional Risks Newsletter

5. Crypto-Gram, http://www.schneier.com/crypto-gram.html

6. Steptoe & Johnson's E-Commerce Law Week

7. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

8. The Benton Foundation's Communications Headlines

9. Gate15 Situational Update Notifications, http://www.gate15.us/services.html

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top