Saturday, April 05, 2014

MIRLN --- 16 March – 5 April 2014 (v17.05)

MIRLN --- 16 March - 5 April 2014 (v17.05) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | LOOKING BACK | NOTES

SeyfarthLean consulting unveils Disclosure Dragon software to "jumpstart" crowdfunding offerings (Seyfarth, 25 Feb 2014) - SeyfarthLean Consulting LLC, a subsidiary of law firm Seyfarth Shaw LLP, announced today its Disclosure Dragon software, designed specifically for the crowdfunding industry. Disclosure Dragon is the first advanced document automation solution that helps companies and online portals efficiently and effectively prepare the necessary legal and financial disclosure to conduct crowdfunding offerings. For small businesses and early stage companies, Disclosure Dragon automates, expedites and standardizes the development of a private placement memorandum (PPM) (or other required disclosure documents depending on the type of offering) and supporting exhibits required to satisfy the U.S. Securities & Exchange Commission's regulations pursuant to the Jumpstart Our Business Startups (JOBS) Act of 2012. Traditionally handled by lawyers, consultants and other advisers, PPM development is typically an expensive and arduous process that proves insurmountable for many small companies. With its advanced user-populated engine, Disclosure Dragon's interactive and adaptive framework auto-generates a draft PPM at a fraction of the cost and time, guiding users step by step through a detailed series of questions related to their businesses. PPM's produced by Disclosure Dragon are expected to reduce the time and cost of preparing legal documentation by up to 80%. Importantly, further legal review will be required by the issuer's counsel to finalize the PPM and is not provided by Disclosure Dragon. Disclosure Dragon will debut on Poliwogg, the leading life sciences funding platform, which expects that many of its funding clients will be attracted to Disclosure Dragon's time and cost savings, as well as the standardization it provides. For these reasons, one such client, Insero Health, a clinical stage healthcare company developing novel therapeutics for the treatment of epilepsy, is already adopting Disclosure Dragon. This also marks one of first collaborations between Poliwogg and the Epilepsy Foundation, which announced in January their partnership to encourage investment and support for new therapies to help people living with recurrent seizures.

top

A harvest of company details, all in one basket (NYT, 15 March 2014) - Trolling government records for juicy details about companies and their executives can be a ponderous task. I often find myself querying the websites of multiple federal agencies, each using its own particular terminology and data forms, just for a glimpse of one company's business. But a few new services aim to reduce that friction not just for reporters, but also for investors and companies that might use the information in making business decisions. One site, rankandfiled.com , is designed to make company filings with the Securities and Exchange Commission more intelligible. It also offers visitors an instant snapshot of industry relationships, in a multicolored "influence" graph that charts the various companies in which a business's officers and directors own shares. According to the site, pooh-bahs at Google, for example, have held shares in Apple, Netflix, LinkedIn, Zynga, Cisco, Amazon and Pixar. Another site, Enigma.io , has obtained, standardized and collated thousands of data sets - including information on companies' lobbying activities and their contributions to state election campaigns - made public by federal and state agencies. Starting this weekend, the public will be able to use it, at no charge, to seek information about a single company across dozens of government sources at once. Five years ago, to encourage research studies and app development, the Obama administration introduced data.gov, a site that catalogs data held by federal agencies. Last May, President Obama issued an executive order requiring agencies to make the information they generate available in computer-readable formats. Publishing and analytics start-ups are now tapping those resources to develop products for consumers and businesses. Among them, Enigma hopes to become what Mr. DaCosta describes as "a Google for public data." Ask Enigma for facts about Lockheed Martin , for example, and here are some of the disparate details that surface: Last year, this military contractor entered into agreements with the government worth about $40.7 billion. Another interesting tidbit about the company is that in 2013, Marillyn A. Hewson , the chief executive, visited the White House five times; on two of those occasions the "visitee" was "POTUS," meaning the president of the United States, the logs indicate. And company employees reported giving about $51,000 to the presidential campaign committees Obama for America and the Obama Victory Fund. Although these details may be unrelated, together they depict a politically influential and connected contractor. In fact, that kind of serendipitous information amalgam is one of Enigma's aims. Mr. DaCosta says he believes that "there's a huge amount you can learn about the world by putting these data sources in conversation with one another."

top

Can you sue a robot for defamation? (Ryan Calo at Forbes, 17 March 2014) - Life moves pretty fast. Especially for journalists. When an earthquake aftershock shakes America's second largest city, news outlets scramble to be the first to cover the story. Today the news itself made news when various outlets picked up on a curious byline over at the Los Angeles Times : "this post was created by an algorithm written by the author." The rise of algorithmically generated content is a great example of a growing reliance on "emergence." Steven Johnson in his book by this title sees the essence of emergence as the movement of low-level rules to tasks of apparently high sophistication. Johnson gives a number of examples, from insects to software programs. As I see it, the text of the earthquake story likewise "emerged" from a set of simple rules and inputs; the "author" in question at the Los Angeles Times, Ken Schwencke, did not simply write the story in advance and cut and paste it. I imagine Schwencke had a pretty good sense of what story the algorithm would come up with were there an earthquake. This is not always the case. Even simple algorithms can create wildly unforeseeable and unwanted results. Thus, for instance, a bidding war between two algorithms led to a $23.6 million dollar book listing on Amazon. And who can forget the sudden "flash crash" of the market caused by high speed trading algorithms in 2010. I explore the challenges emergence can pose for law in my draft article Robotics and the New Cyberlaw . I hope you read it and let me know what you think. I'll give you one example: Imagine that Schwencke's algorithm covered arrests instead of earthquakes and his program "created" a story suggesting a politician had been arrested when in fact she had not been. Can the politician sue Schwencke for defamation? Recall that, in order to overcome the First Amendment, the politician would have to show "actual malice" on the part of the defendant. Which is missing. But, in that case, are we left with a victim with no perpetrator? If this seems far fetched, recall that Stephen Colbert's algorithm @RealHumanPraise -which combines the names of Fox News anchors and shows with movie reviews on Rotten Tomatoes-periodically refers to Sarah Palin as " a party girl for the ages " or has her " wandering the nighttime streets trying to find her lover ." To the initiated, this is obviously satire. But one could readily imagine an autonomously generated statement that, were it said by a human, would be libel per se .

top

Support for Khan Academy's effectiveness in new study (InsideHigherEd, 17 March 2014) - A two-year-long study of Khan Academy's effect on K-12 students' math skills suggests the online lessons may help boost performance and confidence, even if the materials play only a supplemental role. The study , funded by the Bill & Melinda Gates Foundation and developed by SRI International, involved 2,000 students in grades 5 through 10 between 2011 and 2013. The students were scattered across nine different schools, all of which used the materials from Khan Academy to varying degrees. At the end of the study, 85 percent of teachers said they thought Khan Academy had a positive impact on students' learning. Among students, 71 percent said they liked the Khan Academy lessons, while 32 percent said they liked math more as a result of using the materials.

top

New French law authorizes the CNIL to conduct online inspections (Hunton & Williams, 18 March 2014) - On March 18, 2014, a new French consumer law (Law No. 2014-344) was published in the Journal Officiel de la République Franҫaise. The new law strengthens the investigative powers of the French Data Protection Authority (the "CNIL") by giving the CNIL the ability to conduct online inspections. Currently, the CNIL may conduct three types of investigations: (1) On-site inspections - the CNIL may visit a company's facilities and access anything that stores personal data ( e.g. , servers, computers, applications). On-site inspections currently represent the vast majority of the inspections conducted by the CNIL; (2) Document reviews - these inspections allow the CNIL to require an entity to disclose documents or files (upon written request); and (3) Hearings - the CNIL may summon representatives of organizations to appear for questioning and to provide other necessary information. Further to its new online inspection authority, now the CNIL also may identify violations of the French Data Protection Act through remote investigations. For example, this new investigative power will enable the CNIL to check whether online privacy notices comply with French data protection law, and to verify whether entities obtain users' prior consent before sending electronic marketing communications. The CNIL emphasized that the new online investigations will concern only publicly available data, and that the law does not give the CNIL the right to circumvent security measures to gain access to information systems.

top

When MOOC profs move (InsideHigherEd, 18 March 2014) - When faculty members move from one institution to the next, so do their courses, but after having spent hundreds of thousands of dollars to prepare those courses to a massive audience, are universities entitled to a share of the rights? The question has so far gone unanswered (though not undiscussed) even at some of the earliest entrants into the massive open online course market, including Harvard University and the Massachusetts Institute of Technology. Since MOOC providers have gotten out of the intellectual property rights debate by saying they will honor whatever policy their institutional partners have in place, it falls on the universities to settle the matter. Almost two years after Harvard and MIT jointly launched the MOOC provider edX, Sanjay E. Sarma, director of digital learning at MIT, said his institution has "figured it out." "Faculty have always had certain expectations and rights, and we want to respect them," Sarma said. "In other words, we don't want any new policy to change any rights they have right now." Instead, Sarma said, MIT will introduce an interpretation of its intellectual property policy -- which appears to support both the faculty members' and the institution's position -- in the coming months.

top

Los Angeles cops argue all cars in LA are under investigation (EFF, 19 March 2014) - Do you drive a car in the greater Los Angeles Metropolitan area? According to the L.A. Police Department and L.A. Sheriff's Department, your car is part of a vast criminal investigation. The agencies took a novel approach in the briefs they filed in EFF and the ACLU of Southern California's California Public Records Act lawsuit seeking a week's worth of Automatic License Plate Reader (ALPR) data. They have argued that " All [license plate] data is investigatory ." The fact that it may never be associated with a specific crime doesn't matter.

top

Illinois Supreme Court strikes down broad ban on audiorecording conversations (Eugene Volokh, 20 March 2014) - Under Illinois law, any person who "knowingly and intentionally uses an eavesdropping device for the purpose of hearing or recording all or any part of any conversation" is committing a crime "unless he does so … with the consent of all of the parties to such conversation or electronic communication." This isn't limited to conversations that the parties reasonably intend to be private: "conversation" is defined as "any oral communication between 2 or more persons regardless of whether one or more of the parties intended their communication to be of a private nature under circumstances justifying that expectation." DeForest Clark was indicted for violating this law; here's how the ACLU of Illinois amicus brief describes the facts: [The] charges arose from a September 17, 2010 child support hearing before Judge Robert Janes in Kane County Circuit Court. Mr. Clark represented himself pro se at the hearing. The hearing was conducted in open court and no court reporter was present. Mr. Clark recorded the hearing in order to preserve a true and accurate record of public proceedings in which he was representing himself without the assistance of counsel and without the benefit of a court reporter. For the same reason, Mr. Clark also allegedly recorded a conversation between himself and opposing counsel, Colleen Thomas, prior to the hearing in a public hallway in the Kane County Judicial Center. Thursday, the Illinois Supreme Court held that the statute violates the First Amendment ( People v. Clark (Ill. Mar. 20, 2014) )

top

Treasury Dept. issues license on exchange with Iran (InsideHigherEd, 21 March 2014) - The U.S. Department of Treasury on Thursday issued a general license allowing accredited U.S. universities to enter into academic exchange agreements with Iranian universities and permitting the export of some educational services, including university entrance examinations. The guidance also permits American universities and their contractors to enroll Iranian students in certain online undergraduate-level courses, including massive open online courses, or MOOCs. In January, Inside Higher Ed reported that the U.S. government had blocked access to the MOOC provider Coursera for individuals in Iran and other economically sanctioned nations.

top

Revelations of NSA spying cost US tech companies (NYT, 21 March 2014) - Microsoft has lost customers, including the government of Brazil. IBM is spending more than a billion dollars to build data centers overseas to reassure foreign customers that their information is safe from prying eyes in the United States government. And tech companies abroad, from Europe to South America, say they are gaining customers that are shunning United States providers, suspicious because of the revelations by Edward J. Snowden that tied these providers to the National Security Agency 's vast surveillance program. Even as Washington grapples with the diplomatic and political fallout of Mr. Snowden's leaks, the more urgent issue, companies and analysts say, is economic. Tech executives, including Eric E. Schmidt of Google and Mark Zuckerberg of Facebook, are expected to raise the issue when they return to the White House on Friday for a meeting with President Obama. It is impossible to see now the full economic ramifications of the spying revelations - in part because most companies are locked in multiyear contracts - but the pieces are beginning to add up as businesses question the trustworthiness of American technology products. Despite the tech companies' assertions that they provide information on their customers only when required under law - and not knowingly through a back door - the perception that they enabled the spying program has lingered. "It's clear to every single tech company that this is affecting their bottom line," said Daniel Castro, a senior analyst at the Information Technology and Innovation Foundation, who predicted that the United States cloud computing industry could lose $35 billion by 2016 . Forrester Research, a technology research firm, said the losses could be as high as $180 billion , or 25 percent of industry revenue, based on the size of the cloud computing, web hosting and outsourcing markets and the worst-case scenario for damages.

top

Law firm notifies employees after vendor's server accessed (Databreaches.net, 21 March 2014) - So here's another case where a vendor's database was accessed by someone who was able to acquire a client's login credentials. The international law firm of McKenna Long & Aldridge notified the Maryland Attorney General's Office on February 26 that 441 current and former employees' W-2 information and other information were involved: As a result of that investigation and further information provided by the vendor, it appears that some information related to current and former employees was accessed on November 28, 2013 (Thanksgiving Day), December 11, 2013, and December 12, 2013 and that such access was obtained through the malicious and unauthorized access to the user identification and password of an account administrator. MLA has since reset all passwords for each user and asked all users to establish a new password. We are also working with our vendor to ensure that this does not occur again. Regrettably, our investigation appears to show that your personal information was accessed without authorization during this incident, including Federal Wage and Tax Statement Form W-2 name, address, wages, taxes and Social Security number information; date of birth, age, gender, ethnicity; and Visa, Passport or Federal Form I 9 documents numbers.

top

The tepid NSA-American Bar Association "dialogue" around spying on lawyers (EFF, 21 March 2014) - It's another troubling example in a frustrating trend: despite repeated and pointed calls for answers, the NSA is still relying on word games and equivocation to avoid answering recent questions surrounding potential surveillance of privileged attorney-client communications. The New York Times reported in late February that an American law firm's privileged attorney-client communications were monitored by the Australian Signals Directorate and potentially shared with the NSA. A few weeks ago, we wrote about the legal community's response to this issue, highlighting a February 20 letter from the president of the American Bar Association (ABA), James Silkenat, to outgoing NSA director General Keith Alexander and NSA General Counsel Raj De. On March 10, General Alexander wrote back, but the NSA's letter can hardly be called a response. We hope that the conversation is not over, because experience has shown that when the NSA has the last word, civil liberties lose. The ABA has been deferential to the NSA's authority to conduct surveillance, and its letter requested only the information necessary to be able to effectively represent clients. Mr. Silkenat underscored that the ability to communicate without fear of surveillance is essential to the attorney-client relationship, and that without it our legal system cannot function. In order to help avoid this, he asked the NSA to "further clarify the principles and policies" regarding the NSA's handling of potentially privileged information. The NSA's response was underwhelming; of course they're collecting privileged communications but, trust them, they're not peeking (except when they need to). The entire legal community should view the NSA's response as an insult. When the ABA asked for clarification on what procedures are undertaken to uphold the attorney-client privilege, the NSA's answer was the following: Such steps could include requesting that certain collection or reporting be limited; that intelligence reports be written so as to prevent or limit the inclusion of privileged material and to exclude U.S. identities, and that dissemination of such reports be limited and subject to appropriate warnings or restrictions on their use. More disappointing than the NSA's letter, however, is the ABA's response. Mr. Silkenat released a paragraph long response on March 11, in which he stated: The American Bar Association appreciates the NSA's expression of respect for the attorney-client privilege and looks forward to continuing a constructive dialogue with the NSA to ensure that American lawyers and their clients have confidence that their privileged communications are appropriately protected. The attorney-client privilege is fundamental to our system of justice and critical to the work of lawyers, who rely on the candor of their clients. The NSA's letter to the ABA was not an expression of respect, nor was it the beginning of a constructive dialogue. Instead, the ABA meekly accepted the NSA's nonchalant non-denial of unconstitutional behavior by that aggressively unconstitutional spy agency. Mr. Silkenat may look forward to continuing a constructive dialogue, but the rest of us are left asking, "What dialogue?" Will the ABA and Mr. Silkenat be content to quietly accept the NSA's assurances, or will the ABA make a follow-up statement that the NSA must provide more information?

top

- and -

Lawyer sues to learn whether the FBI accessed his law firm's computers (ABA Journal, 26 March 2014) - A Virginia lawyer wants to know whether the FBI obtained access to his law firm's computers as part of an investigation into his possession of three classified documents. Kel McClanahan filed a federal suit last Friday in Washington, D.C., seeking records under the Freedom of Information Act that would answer his questions, McClatchy News reports. McClanahan says his computer and email accounts developed technical problems shortly after he met with FBI agents who asked permission to search his office and to take possession of his computer. McClanahan refused, though he did agree to delete the documents in the presence of FBI officials. The FBI accepted the offer last year. At issue were three documents, the story says. Two were articles in a CIA in-house journal about another FOIA case McClanahan had filed against the CIA. McClanahan says the articles were faxed to him, and he contacted a Justice Department official involved in the case when he realized the articles were not public. The third document was an FBI account of an interview with an American citizen jailed in Yemen for alleged links to al-Qaida. McClanahan is handling FOIA litigation in that case, and he got the unredacted document, filed in a Yemeni court, from lawyers for the suspect in Yemen. McClanahan says he compared the unredacted document with a redacted version he received from the FBI, and he believes information was blacked out to hide FBI misconduct. McClanahan emailed a Justice Department lawyer to ask if he could use the unredacted version in court. "I don't have definitive proof that the FBI read my emails," McClanahn told McClatchy. "I have, however, a large stack of circumstantial evidence that they did, . . . specifically, unexplained problems with my email accounts only days before they showed up unannounced at my door to try to strong-arm me into giving them unrestricted access to my records. … It could be a huge coincidence . . . but it would be a huge coincidence."

top

US notified 3,000 companies in 2013 about cyberattacks (Washington Post, 24 March 2013) - Federal agents notified more than 3,000 U.S. companies last year that their computer systems had been hacked, White House officials have told industry executives, marking the first time the government has revealed how often it tipped off the private sector to cyberintrusions. The alerts went to firms large and small, from local banks to major defense contractors to national retailers such as Target, which suffered a breach last fall that led to the theft of tens of millions of Americans' credit card and personal data, according to government and industry officials. "Three thousand companies is astounding," said James A. Lewis, a senior fellow and cyberpolicy expert at the Center for Strategic and International Studies. "The problem is as big or bigger than we thought." The number reflects only a fraction of the true scale of cyberintrusions into the private sector by criminal groups and foreign governments and their proxies, particularly in China and Eastern Europe. The estimated cost to U.S. companies and consumers is up to $100 billion annually, analysts say. In most cases, the company had no idea it had been breached, officials say. According to Verizon, which compiles an annual data-breach survey, in seven out of 10 cases, companies learn from an external party - usually a government agency - that they've been victimized.

top

- and -

Law firms are pressed on security for data (NYT, 26 March 2014) - A growing number of big corporate clients are demanding that their law firms take more steps to guard against online intrusions that could compromise sensitive information as global concerns about hacker threats mount. Wall Street banks are pressing outside law firms to demonstrate that their computer systems are employing top-tier technologies to detect and deter attacks from hackers bent on getting their hands on corporate secrets either for their own use or sale to others, said people briefed on the matter who spoke on the condition of anonymity. Some financial institutions are asking law firms to fill out lengthy 60-page questionnaires detailing their cybersecurity measures, while others are doing on-site inspections. In some cases, banks and companies are threatening to withhold legal work from law firms that balk at the increased scrutiny or requesting that firms add insurance coverage for data breaches to their malpractice policies. The vulnerability of American law firms to online attacks is a particular concern to law enforcement agencies because the firms are a rich repository of corporate secrets, business strategies and intellectual property. One concern is the potential for hackers to access information about potential corporate deals before they get announced. Law enforcement has long worried that law firms are not doing enough to guard against intrusions by hackers. Despite the concern, it's hard to gauge just how vulnerable law firms are to attacks from hackers. There are few rules requiring firms to make public any breaches, and because the firms have little direct interaction with consumers, there is no need for them to publicly report a hacking incident the way a bank or a retailer would. In 2012, Mandiant, a security consulting firm, put out a report estimating that 80 percent of the 100 largest American law firms had some malicious computer breach in 2011. Actual reports of confidential information hacked from a law firm computer system and later winding up on some overseas server are rare, however. Representatives for several large law firms, all of whom declined to discuss the topic publicly, said privately that the threat assessments from the F.B.I. and consulting firms were overstated. The law firm representatives said hacker attacks were usually email "phishing" schemes seeking to access personal information or account passwords, the kind of intrusions that have become commonplace and are easily contained. But Vincent I. Polley, a lawyer and co-author of recent book for the American Bar Association on cybersecurity, said many law firms were not even aware they had been hacked. He said a lot of law firm managers were in denial about the potential threat. "A lot of firms have been hacked, and like most entities that are hacked, they don't know that for some period of time," said Mr. Polley. "Sometimes, it may not be discovered for a minute or months and even years." [ Polley : The referenced book is "The ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms and Business Professionals", available here .]

top

Cities reluctant to reveal whether they're using fake cell tower devices (ArsTechnica, 25 March 2014) - For some time now, the American Civil Liberties Union (ACLU) has been on a quest to better understand the use and legality of "stingrays." These devices, which are also known as international mobile subscriber identity (IMSI) catchers, or fake cell towers, can be used to track phones or, in some cases, intercept calls and text messages. The "Stingray" itself is a trademarked product manufactured by a Florida-based company, the Harris Corporation. (It has since come to be used as a generic term, like Xerox or Kleenex.) Harris is notoriously secretive about the capabilities of its devices and generally won't talk to the press about their capabilities or deployments. Earlier in March, the ACLU filed a motion for public access request , requesting documents and information related to stingray use by nearly 30 Florida police and sheriff's departments. Among the responses published for the first time on Tuesday was the curious reply from the city of Sunrise, Florida, a town of about 88,000 people, just northwest of Miami. Through its lawyers, Sunrise officially denied the request , noting that the city would neither confirm nor deny "whether any records responsive to the Request exist and, if any responsive records do exist, cannot and will not public disclose those records." (In a footnote, the lawyers also cited this Ars story from September 2013 detailing stingrays and other related surveillance devices.) The ACLU published its response to the city's denial on Tuesday. As the ACLU points out in a Tuesday blog post , the city of Sunrise has already published an invoice from Harris on its own website dated March 13, 2013, showing that the city paid over $65,000 for a stingray. That document clearly states, in all-caps on each page, that "disclosure of this document and the information it contains are strictly prohibited by Federal Law."

top

Target missed many warning signs leading to breach: US Senate report (Reuters, 25 March 2014) - Target Corp missed multiple opportunities to thwart the hackers responsible for the unprecedented holiday shopping season data breach, U.S. Senate staffers charged in a committee report released on Tuesday. There was no indication the No. 3 U.S. retailer responded to warnings that malware was being installed on Target's system. Other automated warnings the company ignored revealed how the attackers would carry data out of Target's network, according to the report. "This analysis suggests that Target missed a number of opportunities along the kill chain to stop the attackers and prevent the massive data breach," according to the Commerce, Science and Transportation Committee report. The staff report, "A 'Kill Chain' Analysis of the 2013 Target Data Breach," looked at previously reported information and used an analytical tool called an "intrusion kill chain" framework used widely by information security field. The staff report said Target "failed to respond to multiple automated warnings from the company's anti-intrusion software" that 1) the attackers were installing malicious software and 2) they were planning escape routes for the information they planned to steal from the retailer's network. It also said Target gave access to its network to a third-party vendor that did not follow accepted information security practices. The report is here .

top

Cloud-based e-discovery can mean big savings for smaller firms (ABA Journal, 26 March 2014) - Smaller law firms may be able to save a significant amount of money by 'renting' e-discovery applications in the cloud rather than bringing a full-fledged hardware and software solution in-house. "Only a few years ago, e-discovery in the cloud wasn't even available," said Gareth Evans, an Irvine, Calif.-based partner at Gibson, Dunn & Crutcher, adding that these days, even the smallest law firms have a wide variety of e-discovery firms they can source. Evans spoke as part of a panel at LegalTech New York 2014 in February. Panelist Alan Winchester, a partner at the New York City firm Harris Beach, agreed: "For firms without robust IT departments, it grants them the experts to manage the technology operations and security." While renting e-discovery services a sliver at a time may cause some firms to worry about the security of their data offsite, the panelists advised that with a good contract, those concerns can be minimized. [ Polley : Interesting story that sounds about right. This might just be a first step.]

top

Pitfalls and complications in running a new-media promotion (Information Law Group, 26 March 2014) - Administering a sweepstakes or contest online can be a great way to attract traffic and engage with consumers. Not surprisingly, many companies routinely utilize sweepstakes and contests (which are referenced collectively in this article as "promotions") as part of their overall online marketing push. Administering promotions, however, can get complicated when operating them on third-party platforms, such as social media sites. Many of you are no doubt familiar with the basic laws applicable to running an online promotion. This article does not discuss those laws, but rather describes some of the more detailed or latent issues and complications that need to be considered and addressed when running a promotion on certain social-media platforms. * * *

top

Ethics rulings tell lawyers to seek security when in the cloud (ABA Journal, 28 March 2014) - New ethics rules require lawyers to be technologically competent and aware of the ethical implications of cloud computing. But what exactly constitutes technological competence? And how far must a lawyer who stores date in the cloud go to protect client confidences from inadvertent or unauthorized access or disclosure? Those two questions were at the heart of an ABA Techshow presentation Thursday on "Ethics 20/20, Security and Cloud Computing." Co-presenters Catherine Sanders Reach, director of law practice management and technology for the Chicago Bar Association, and Kevin A. Thompson, who practices trademark, copyright and Internet law at the Chicago firm Davis McGrath, walked attendees through recent changes in the ethics rules and what state ethics authorities have had to say so far about lawyers' use of the cloud. To date, 18 states have weighed in with ethics opinions on the use of cloud computing by lawyers, either directly or indirectly, according to Reach. And all 18 have said it is OK, as long as the lawyer investigates the products and methods he or she uses and keeps up with any changes made by the provider. A list of those opinions, maintained by the ABA Legal Technology Resource Center, can be found at www.lawtechnology.org .

top

Death to "link rot": here's where the Internet goes to live forever (Fast Company, 28 March 2014) - The phrase "link rot" probably summons many images for you--none of them good. And while clicking on a dead link isn't quite as physically unpleasant as, say, touching a piece of slimy, disintegrating wood, bad links are weakening the web as surely as bad beams can compromise a building. When websites disappear or change, any piece of work--be it a blog post, book, or scholarly dissertation--that linked to those resources no longer makes quite as much sense. And some of these now-moldering links are structurally important to the fragile, enduring edifice of human knowledge: in fact, according to one recent study , half of the links in Supreme Court decisions either lead to pages with substantially altered content or no longer go anywhere, at all. In the face of this decay, the authors of that paper, the legal scholars Jonathan Zittrain, Kendra Albert, and Lawrence Lessig, floated one possible fix: create "a caching solution" that would help worthy links last forever. Now, this idea is being in practice by Perma.cc, a startup based out of the Harvard Law Library. Old-school institutions like law school libraries, it turns out, may be perfectly positioned to fight against the new-school problem of link rot. Libraries, after all, are "really good at archiving things," as Perma's lead developer, Matt Phillips, puts it. "We have quite a history of storing things safely that are important to people for a really long time," says Phillips, a member of Harvard's Library Innovation Lab. "It's a failure if we're not preserving what's being created online." To start with, Perma.cc's small team of developers, librarians, and lawyers has designed an archiving tool that's as easy to use as any link shortener. Stick in a link, and you'll get a new Perma-link--along with an archive of all the information on the page that link leads to. Anyone can sign up as a user, and create links with a shelf life of two years, with an option to renew. A select group of users, though, can "vest" links--committing Perma.cc to store their contents indefinitely. Since launching last fall, the project has grown rapidly, signing up a couple thousand users and recruiting 45 libraries and dozens of law journals as partners. But only a fourth of Perma.cc's users--472 "vesting members" and 113 "vesting managers," at current count--have the power to grant links immortality (or as close to it as Perma.cc can manage). "The problem is, in practice, it's a very serious commitment to say this will be kept forever," says Jack Cushman, who started contributing to Perma.cc as volunteer, before joining formally as a Harvard Law School Library fellow. "It's not something that we can promise to everyone in the world to begin with."

top

Nature publishing group requires faculty authors to waive 'moral rights' (Chronicle of Higher Ed, 31 March 2014) - Faculty authors who contract to write for the publisher of Nature, Scientific American, and many other journals should know that they could be signing away more than just the economic rights to their work, according to the director of the Office of Copyright and Scholarly Communication at Duke University. Kevin Smith, the Duke official, said he stumbled across a clause in the Nature Publishing Group's license agreement last week that states that authors waive or agree not to assert "any and all moral rights they may now or in the future hold" related to their work. In the context of scholarly publishing, "moral rights" include the right of the author always to have his or her name associated with the work and the right to have the integrity of the work protected such that it is not changed in a way that could result in reputational harm. "In many countries, you can't waive them as an author," Mr. Smith said. "But in the Nature publishing agreement you are required to waive them, and if you are in a country where a waiver is not allowed, you have to assert in the contract you won't insist on those rights." Mr. Smith first questioned the details of the Nature Publishing Group's license agreement on his blog on Thursday. Calling the moral-rights stipulation "bizarre" and an attack "on core academic values," he wrote that in some countries authors are forbidden to waive those rights. "The United States is something of an outlier in that we do not have a formal recognition of moral rights in our copyright law, although we always assert that these values are protected by other laws," he wrote. His comments were part of a longer post noting that the powerful scholarly publisher has apparently begun enforcing at Duke a requirement that authors at institutions with open-access policies secure waivers exempting their work from those policies.

top

Back in business (InsideHigherEd, 1 April 2014) - Arizona covers less than 1 percent of the budget for the Maricopa Community College District. The 10-college system, which enrolls 265,000 students, now receives an annual state contribution of $8 million. One upside to Arizona's near-complete disinvestment in its community colleges, Maricopa's leaders say, is that the years of budget cuts have forced the two-year system to get more entrepreneurial. They are particularly excited about the money-making potential of the new Maricopa Corporate College, which landed Marriott International as a client in its first year of existence. One reason for the college's early success, said Rufus Glasper, the district's chancellor, is that corporate CEOs have picked up on a shift at Maricopa. "We're starting to market ourselves as a business," he said. Corporate colleges cater to the training needs of companies, including recent hires and workers who need to learn new skills. Programs are typically non-credit and customized based on the employer's needs. They can be online or in person, and taught either on a college campus or taken directly to a company. Some of the most common programs are in management training, English as a second language, information technology, advanced manufacturing and welding. The training centers can be lucrative, with companies typically footing the bill rather than students. As a result, the corporate-college field is getting more crowded. For-profit chains have long done job training. And Udacity, an online course provider, now wants to get in the game . Several community colleges also have a solid track record with corporate training. Experts said Cuyahoga Community College (Tri-C), located in Ohio, North Carolina's Central Piedmont College and the Lone Star College System in Texas are pioneers of corporate colleges.

top

Court rules that kids can be bound by Facebook's member agreement (Venkat Balasubramani, 4 April 2014) - The status of kids' ability to form contracts via online terms of service was somewhat uncertain over the last several years, with a few Facebook-related rulings raising questions. A group of minor plaintiffs who opted out of the Fraley v. Facebook Sponsored Stories settlement brought suit for violation of their publicity rights under an Illinois statute. A recent ruling shuts out their claims, and gives some clarity to the online contracting landscape for minors. The key question in front of Judge Seeborg was whether the contract at issue between minors and Facebook - essentially granting a publicity rights release -- was one of the narrow types of contracts with minors that were void, or if the contract was merely voidable under California Family Code 6701, et seq. * * * With the caveat that this is just a district court ruling, and plaintiffs will continue to attack these terms in far-flung jurisdictions, this is a very helpful ruling for Facebook in that it removes some uncertainty as to a big category of potentially lucrative users: users who are old enough to not pose COPPA-problems but those who haven't yet reached the age of majority. Networks for the most part took a don't-ask/don't-tell type of approach with this group, but were hesitant to enter into deeper economic and legally uncertain relationships.

top

RESOURCES

Before rolling blackouts begin: briefing Boards on cyber attacks that target and degrade the Grid (by Roland Trope and Stephen Humes, in Wm Mitchell L.R.; April 2014) - "The Electric Power grid makes an attractive target because it is the foundational critical infrastructure that underlies all others. A successful attack on the power grid causing a wide-area long-term outage would have significant national security . . . consequences."

top

Governments and cloud computing: roles, approaches, and policy considerations (Harvard's Berkman Center, 17 March 2014) - Abstract: Governments from Bogota to Beijing are engaging with emerging cloud computing technologies and its industry in a variety of overlapping contexts. Based on a review of a representative number of advanced cloud computing strategies developed by governments from around the world, including the United States, United Kingdom, the European Union, and Japan, we observed that these governments - mostly implicitly - have taken on several different "roles" with respect to their approaches to cloud computing. In particular, we identify six distinguishable but overlapping roles assumed by governments: users, regulators, coordinators, promoters, researchers, and service providers. In this paper, we describe and discuss each of these roles in detail using examples from our review of cloud strategies, and share high-level observations about the roles as well as the contexts in which they arise. The paper concludes with a set of considerations for policymakers to take into account when developing approaches to the rapidly evolving cloud computing technologies and industry.

top

Cloud innovation and the law: issues, approaches, and interplay (Harvard's Berkman Center, 17 March 2014) - Abstract: We live in a quicksilver technological environment where one innovation in information and communication technology (ICT) follows the other. From a user's perspective, the speed of innovation in the Internet age becomes particularly visible when looking at ever-changing hardware devices that enable instant access to information, knowledge, and entertainment, or when navigating the rapidly evolving social media space where new platforms and powerful services emerge periodically, like Instagram, Pinterest, and Quora. Many of today's trends and developments in the ICT space are powered by a less visible and arguably more evolutionary innovation at the lower layers of the ICT infrastructure: cloud computing. It describes a multi-faceted technological phenomenon in which important aspects of computing (such as information processing, communication, networking, data acquisition, storage, and analysis) move from local systems to more efficient, outsourced systems where third parties provide aggregated computational resources and services on an as-needed basis from remote locations. Cloud computing is arguably responsible, at least in part, for the speed at which new social platforms are being developed and brought to market. This paper starts with a brief introduction to and framing of cloud computing as both a technological innovation and innovation-enabling technology - in short: cloud innovation. It then focuses on one particular aspect of the emerging cloud computing ecosystem by describing and discussing the legal and regulatory responses to cloud technology. It ends with general observations regarding the design of interfaces between cloud innovation as an example of an innovative and innovation-enabling technology and the legal and regulatory system. The paper builds upon and aims to synthesize previous contributions by the author and his collaborators on cloud law and policy issues on the one hand and pattern recognition in ICT regulation on the other hand. Against this backdrop, the paper seeks not only to distill and share insights about the interplay between cloud computing technology and the legal and regulatory system, but also contribute to a broader understanding of and emerging analytical framework for technology regulation in digitally networked environments.

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

UN wants to slam spam (SiliconValley.com, 6 July 2004) -- The United Nations is aiming to bring a ``modern day epidemic" of junk e-mail under control within two years by standardizing legislation to make it easier to prosecute offenders, a leading expert said Tuesday. ``(We have) an epidemic on our hands that we need to learn how to control," Robert Horton, the acting chief of the Australian communications authority, told reporters. ``International cooperation is the ultimate goal." The International Telecommunications Union is hosting a meeting on spam in Geneva this week that brings together regulators from 60 countries as well as various international organizations, including the Council of Europe and the World Trade Organization. The U.N. agency said it would put forward examples of anti-spam legislation which countries can adopt to make cross-border cooperation easier. Many states currently have no anti-spamming laws in place, making it difficult to prosecute the international phenomenon. Top priority is ``pornographic material ... that may come to the attention of children," said Horton, who is running the meeting. ``I think it's time we did something formally about this. We will have to come to some sort of general understanding." As much as 85 percent of all e-mail may be categorized as spam, the ITU said, compared to an estimated 35 percent just one year ago. The vast majority is generated by a few hundred people, but authorities are not able to prosecute many of them under current legislation. Spam and anti-spam protection cost computer users some $25 billion last year, according to the United Nations.

top

Google unveils service for academics (NewsFactor.com, 18 Nov 2004) -- Google has unveiled a new search service designed specifically for scientists and academic researchers. Currently in beta release, Google Scholar allows users to search specifically for scholarly literature, including peer-reviewed papers, books, technical reports, theses, abstracts and preprints. The resource spans a wide variety of academic disciplines, and includes a large number of professional societies and publishers, according to Google. The search tool also finds scholarly articles that are scattered across the Web. Unique to the Scholar service is a way to handle search of academic citations. The tool automatically analyzes and extracts citations and presents them as separate results, even if the documents they refer to are not online. This gives academics and researchers the ability to peruse citations of older articles that appear only in books or print-only publications. Because the site is in beta, it is likely that other additions and changes will be made as scholars use the service. Google has requested that users send in suggestions, questions and comments. In its information pages, Google notes that additions to its index will be forthcoming, and urges authors to contact their publishers and scholarly societies to expand the available content.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. The Benton Foundation's Communications Headlines

11. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

Saturday, March 15, 2014

MIRLN --- 23 Feb – 15 March 2014 (v17.04)

MIRLN --- 23 Feb - 15 March 2014 (v17.04) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | PODCASTS | LOOKING BACK | NOTES

Data governance plans: many companies don't have one (Information Week, 3 Feb 2014) - Forty-four percent of companies don't have a formal data governance policy, and 22% of firms without a data policy have no plans to implement one. That's one of the key findings of a newly released data governance survey conducted by Rand Secure Data, a division of Rand Worldwide. Rand's 2013 Data Governance Survey included responses from 454 organizations regarding the state of their in-house data governance policies. Survey respondents included representatives from well-known private and public-sector enterprises, including Disney, Motorola, Shell, the City of Los Angeles, and the University of Virginia. The report makes it clear that data governance, such as a set of enterprise-wide processes for managing data archiving, backup, and e-discovery, isn't new to large organizations. But the number of respondents who said their company lacks a formal data governance policy is surprisingly high. Some survey respondents said this lack of planning could have unwanted consequences. "If we don't get a decent data governance strategy and acceptable data governance statutes in place over the next two years, we will face the risk of losing data, losing control and track of data, and lawsuits," one respondent wrote. The survey also found a strong link between the participation of C-level executives in creating a data governance policy and the success of data management within the enterprise. In fact, when the C-suite is either "very" or "extremely" involved, the organization is three times less likely to "experience complete data loss or a data audit failure," the survey found. The report concludes with four recommendations: * * *

top

US takes the gold in doling out privacy fines (Computerworld, 17 Feb 2014) - The European Union is threatening to suspend the U.S.-EU Safe Harbor agreement that U.S. companies depend on to do business with Europe, claiming that America doesn't enforce its side of the bargain. Any way you cut the data, however, the U.S. dwarfs Europe and every other jurisdiction in doling out fines for data privacy violations. If privacy is measured by its weight in gold, America is the safest place on earth for personal data.

top

SEC pays close attention to cybersecurity issues (Blank Rome, 19 Feb 2014) - On February 14, 2014, the SEC announced that it will hold a cybersecurity roundtable on March 26 to discuss the issues and challenges cybersecurity raises for investors and public companies. The SEC's roundtable comes on the heels of recent widely publicized security breaches at Target and Neiman Marcus. As the SEC stated in its press release, "[c]ybersecurity breaches have focused public attention on how public companies disclose cybersecurity threats and incidents." The most recent SEC guidance on cybersecurity disclosures was issued in October 2011 ( CF Disclosure Guidance: Topic No. 2, Cybersecurity ). Without creating new obligations, the SEC clarified how its existing rules and regulations provided framework for public company's disclosure relating to cybersecurity risks and cyber incidents. After this guidance, cybersecurity related disclosures became mainstream in an annual report on Form 10-K, especially a cybersecurity risk factor. For example, last year's Annual Report on Form 10-K of Target Corporation included the following risk factor disclosures: "… if Target.com and our other guest-facing technology systems do not reliably function as designed, we may experience a loss of guest confidence, data security breaches, lost sales or be exposed to fraudulent purchases, which, if significant, could adversely affect our reputation and results of operations."

top

Traditional insurance policies may cover cyber risks (Hunton & Williams, 19 Feb 2014) - Insurers often contend that traditional policies do not cover cyber risks, such as malware attacks and data breach events. They argue that these risks are not "physical risks" or "physical injury to tangible property." A recent cyber attack involving ATMs, however, calls this line of reasoning into question. The attack involved breaking open ATMs and inserting USB sticks containing a dynamic-link library ("DLL") exploit. These types of attacks generally work by "tricking" a Windows application to load a malicious file with the same name as a required DLL . In this case, when the ATMs were rebooted they loaded the malicious code onto the machines. The perpetrators later entered a code into the ATMs that triggered the malware and enabled the withdrawal of all cash in the ATM. These attacks demonstrate how a cyber risk can, in fact, be a risk of physical injury. To upload the malware, the attackers had to physically break open the ATMs to insert a foreign device (the USB stick), plainly causing a physical injury to tangible property. Indeed, injecting malware generally requires physical access to a device, whether over a wireless or wired network or through actual contact, and a physical rearrangement of memory. That said, the risk of physical injury associated with cyber crimes does not mean that policyholders should not buy appropriate cyber insurance. Insurers have incorporated exclusions in many traditional policies that may exclude coverage for damage caused by malicious code. But where those exclusions are limited, or absent, policyholders should check their traditional policies for coverage. Those polices may offer protection, even without a separate cyber insurance policy.

top

- OTOH -

First Judicial ruling says no CGL coverage for data breaches (Wiley Rein, 26 Feb 2014) - Policyholder efforts to shoehorn coverage for data breach liability into the personal and advertising liability coverage of Commercial General Liability (CGL) policies suffered a setback this week. A New York trial court has held that the theft of information by third-party hackers breaking into a computer system does not qualify as "oral or written publication in any manner of material that violates a person's right of privacy" for purposes of personal and advertising injury coverage (Coverage B) in a CGL policy. Zurich Am. Ins. Co. v. Sony Corp. of Am. , 651982/2011 (N.Y. Sup. Ct., N.Y. Cnty. Feb. 21, 2014). Describing the case before it as the only "data breach case of this magnitude involving" CGL policies, the court agreed with insurer arguments concerning the scope and intent of coverage for "oral or written publication in any manner of material that violates a person's right to privacy." This provision, the court concluded, requires "an act by or some kind of act or conduct by the policyholder in order for coverage to be present."

top

Fair Use may be headed down under (EFF, 19 Feb 2014) - The Australian government may soon introduce major copyright reforms, including the possibility of adding a fair use doctrine similar to that of the United States. Fair use was central among the 30 recommendations to come out of a nearly two-year study by the Australian Law Reform Commission published late last week. As the report states, "Australia is ready for, and needs, a fair use exception now." Australia, like most Commonwealth countries, has a list of specific copyright exceptions known as "fair dealing." While fair use provides a general set of factors to consider when evaluating a use-and can thus accommodate new uses that haven't yet been imagined-fair dealing provisions in each country outline an exhaustive list of acceptable uses. Australia's fair dealing laws currently allow research or study, review or criticism, news reporting, legal advice, and since 2006 , parody or satire.

top

ABA asks NSA how it handles attorney-client privileged information in intelligence work (ABA Journal, 21 Feb 2014) - The American Bar Association sent a letter to the National Security Agency on Feb. 20 expressing concerns over recent allegations of possible foreign government surveillance of American lawyers' confidential communications with their overseas clients and the subsequent sharing of the privileged information with the NSA. The ABA also requested clarification on the agency's current policies and practices designed to protect the attorney-client privileged information that it intercepts or receives and whether those directives were followed in connection with the alleged incident. An article in The New York Times alleges that the Australian Signals Directorate intercepted privileged communications between the government of Indonesia and an American law firm and then shared the information with the NSA. Citing that allegation, ABA President James R. Silkenat expressed concern that if confidential information was intercepted and shared with the NSA, it could be improperly utilized by the U.S. government or third parties.

"The attorney-client privilege is a bedrock legal principle of our free society and is important in both the civil and criminal contexts," Silkenat wrote. "It enables both individual and organizational clients to communicate with their lawyers in confidence, which is essential to preserving all clients' fundamental rights to effective counsel."

The ABA further urged the NSA not to actively seek confidential communications between U.S. law firms and their clients. If confidential information is obtained by the NSA inadvertently or from a foreign intelligence service, Silkenat wrote that the NSA should respect attorney-client privilege and take all appropriate steps to ensure that any such information is not further disseminated to other agencies or third parties. Silkenat's letter to NSA Director Gen. Keith B. Alexander and NSA General Counsel Rajesh De is available here . [ Polley : thorough EFF posting on the subject is here: Legal community disturbed about recent allegations of spying on privileged communications (EFF, 22 Feb 2014). The ABA receives an essentially contentless response from the NSA on March 10 - NSA tells ABA it is 'firmly committed' to rule of law and 'bedrock' attorney-client privilege (ABA Journal, 11 March 2014).]

top

- and -

FBI alerts judges and prosecutors that their courthouse calls and texts were monitored (ABA Journal, 24 Feb 2014) - Judges, prosecutors, defense lawyers and others in Texas who conduct business at the Bexar County Courthouse got letters from the FBI recently telling them that their phone calls and text conversations had been monitored. At the center of the eavesdropping is a lawyer who is cooperating in a judicial corruption investigation. He told Fox 29 News that he has worn a wire but is not facing any charges. The San Antonio Express-News provides details about the letters, at least one of which was shown to the newspaper.

top

- and -

International Court of Justice bans Australian spying on East Timor and its lawyers (Lawfare, Benjamin Wittes, 4 March 2014) - Speaking of Australian spying on its regional neighbors and its lawyers, which we were the other day , the International Court of Justice has handed down a decision in a dispute between Australia and East Timor. Here's the Brisbane Times on the decision , which I have not read yet: Australia has been ordered to cease spying on East Timor and its legal advisers, in a landmark decision by the International Court of Justice relating to a bitter dispute between the two countries over $40 billion of oil and gas reserves in the Timor Sea. The court also ruled that the Australian government must seal documents and data seized in an ASIO raid in December. The ICJ is the United Nations' top court, and its decisions are binding on members. The decision is a major setback for Attorney-General George Brandis, who authorised the raid on East Timor's Australian lawyer Bernard Collaery, where about a dozen agents swooped on his office and took reams of material, including legal documents, electronic files and a statement by a former Australian Secret Intelligence Service agent alleging an eavesdropping operation on the tiny half island nation by Australia.

top

- and -

Canadians beat US hockey teams; NSA next (Steptoe, 6 March 2014) - After defeating the U.S. men's and women's hockey teams in Sochi, Canada is now setting its sight on the NSA. Last month, in In the Matter of the Extradition Act, the Supreme Court of British Columbia ordered a hearing on assertions that the NSA spied on participants in the Canadian legal system, and on whether Canadian intelligence has any evidence regarding such actions. The case highlights the concrete problems that NSA revelations could cause for U.S. interests abroad.

top

HHS wants to mine social media during health emergencies (NextGov, 21 Feb 2014) - The Health and Human Services Department's emergency management office is considering buying a social media mining tool to help it assess public health threats during natural disasters, terrorist attacks and other health emergencies, contracting documents show. The proposed tool would complement traditional data analysis the office already uses to spot, analyze and respond to health emergencies, according to the sources sought notice posted on Tuesday. The department is asking possible vendors to show their tools' value by demonstrating how they could have alerted officials to which hospitals were being evacuated during Superstorm Sandy or how they could spot a change in the social media conversation that might suggest an outbreak of Avian Flu or Middle East Respiratory Syndrome, known as MERS . Academic researchers have used Twitter mining to produce more timely data on flu outbreaks and the spread of flu than the Centers for Disease Control's flu reports. "Social media and open source data analytics play an important role in filling gaps in traditional data collection and help our office provide insights to decision makers to aid them in making informed decisions to protect the health and welfare of impacted populations during emergencies," the document states. A sources sought notice means the department is merely assessing the quality of available technology and hasn't committed to buying any new technology or services. The proposed tool would include access to Twitter's full "firehose," meaning the department would have near-real time access to 100 percent of tweets that fall into certain pre-selected categories. It would also include five years of historical tweets and the ability to monitor tweets about selected public health issues and be alerted to any changes in their tone or frequency. It would also include the ability to parse tweets geographically to at least the state level and to export analysis into graphs and charts.

top

Cool or creepy? A clip-on camera can capture every moment (NPR, 24 Feb 2014) - With digital cameras and camera phones everywhere, there are few moments we don't document. But some designers still think we're missing the opportunity to capture some important, simple moments. The solution: the Narrative Clip, a wearable camera that automatically and silently snaps an image every 30 seconds. "The dream of a photographic memory has come true," reads the box. The Narrative is now on the market and sells for $279 . The Narrative Clip is a lightweight square only a smidge larger than a postage stamp. A tiny lens is in the corner, capable of shooting 5-megapixel images. You clip it to your lapel and it starts shooting two photos a minute. Later, you can simply connect it to your computer to store the photo stream. A Narrative app then organizes what it thinks are the best shots of the day. "I don't even have to try to remember anything. Great. I'm just gonna turn my brain off now. This is crazy," Claire said. Or is it? Narrative's founder, a Swedish designer named Martin Kallstrom, says his wearable camera reacts to a real need: We don't often capture simple or serendipitous moments because we don't know they're significant until later.

top

A simpler [university] IP process (InsideHigherEd, 25 Feb 2014) - In an attempt to make it easier for researchers to commercialize their work, officials at Cornell University's New York City campus are reconsidering how they make money off intellectual property. Instead of going through a laborious revenue-sharing negotiation with researchers who believe they have a valuable idea, an institute at Cornell Tech is going to let a set of postdocs keep exclusive license to their IP and take a fixed dollar amount of equity if the researchers create a spinoff company. Officials believe this simple deal will cut through red tape that discourages both inventors and investors from working with academic software developers. The institution's experiment comes at a time of much debate about how universities take new technologies from collegiate laboratories to the commercial marketplace. The Joan and Irwin Jacobs Technion-Cornell Innovation Institute -- a joint nonprofit created by Cornell and Technion, an Israeli-based technology institute, and temporarily housed in Google's Manhattan office -- is modeling its role after that of angel investors, which typically invest up to $200,000 in companies just getting off the ground. The institute is considering postdocs' salary and time on campus as an angel investment worth $150,000. If the postdoc decides to create a spinoff, that $150,000 would be converted to equity in the resulting startup company -- roughly 5 percent for a startup that got a few million dollars in initial funding. But unlike other universities that ask for equity, the institute's stake would automatically shrink as new investors put in money, said the institute's director, Adam Shwartz.

top

Netflix deal shows peril of Comcast-Time Warner plan (San Jose Mercury News editorial, 25 Feb 2014) - Netflix's agreement to pay Comcast for smoother streaming of movies and TV shows marks the end of an era for the Internet. It should send shivers down the spines of anybody who relies on online information. It also should galvanize the FCC and Department of Justice to reject the $45 billion merger of Comcast and Time Warner, which would compound the potential for limiting the flow of knowledge. The deal marks the first time an Internet content provider has agreed to pay for direct access to a broadband provider's customers. It's a direct hit on the concept of an open, free Internet, a principle that helped unleash the Information Age and transformed the world. * * * The FCC and advocates of a free, open Internet have a huge challenge ahead. Access suffered a big setback last month when a federal appellate court threw out regulations aimed at keeping Internet providers from playing favorites with traffic on their networks. Many believe the Comcast-Netflix deal means that net neutrality is officially dead. [ Polley : Susan Crawford writes a related piece in Introducing the Comcast tax (Bloomberg, 24 Feb 2014)]

top

Energy firm cyber-defence is 'too weak', insurers say (BBC, 26 Feb 2014) - Power companies are being refused insurance cover for cyber-attacks because their defences are perceived as weak, the BBC has learned. Underwriters at Lloyd's of London say they have seen a "huge increase" in demand for cover from energy firms. But surveyor assessments of the cyber-defences in place concluded that protections were inadequate. Energy industry veterans said they were "not surprised" the companies were being refused cover.

top

- and -

Power grid preparedness falls short, report says (NYT, 12 March 2014) - Nearly all the utilities that participated in two-day exercise last November to test the preparedness of the power grid for online and physical attacks said that their planning was not good enough, according to a report by the North American Electric Reliability Corporation, which organized the drill. But the participants, more than 2,000 of them from across the United States, Canada and Mexico, said the exercise taught them lessons about whom they would need to communicate with in an attack, and where their vulnerabilities were. The report had few details, because organizers said they did not want to provide a road map about the shortcomings and because they had promised to limit the scope of their evaluation to induce utilities to participate. But the reliability group is communicating with the utilities individually about their performances.

top

US government seeks to hold phone data beyond five-year limit (IT World, 27 Feb 2014) - The U.S. government has asked a secret surveillance court to allow it to hold telephone metadata for a period beyond the current five-year limit, for use as potential evidence in civil lawsuits regarding the collection of the data. In June last year, former National Security Agency contractor, Edward Snowden, revealed that the agency was collecting bulk phone records of Verizon customers in the U.S. The government subsequently confirmed that it had a program for the bulk collection of phone metadata, which triggered a number of privacy law suits in various courts challenging the legality of the NSA program under section 215 of the Patriot Act. When litigation is pending against a party, or is reasonably anticipated, the party has a duty to preserve relevant information that may be evidence in the case, the Department of Justice stated in a filing Tuesday before the Foreign Intelligence Surveillance Court that was made public Wednesday. "A party may be exposed to a range of sanctions not only for violating a preservation order, but also for failing to produce relevant evidence when ordered to do so because it destroyed information that it had a duty to preserve," it wrote, while pointing out that it hasn't received a specific preservation order so far in any of the civil lawsuits. The American Civil Liberties Union, U.S. Senator Rand Paul and the First Unitarian Church of Los Angeles are among those who have filed lawsuits challenging the phone records program.

top

- and -

District Court in California contradicts FISC, orders government to preserve metadata (Lawfare, 10 March 2014) - Earlier today, U.S. District Judge Jeffrey S. White of the Northern District of California issued a temporary restraining order prohibiting the government from destroying call record metadata in the 215 program. "It is undisputed," he wrote, "that the Court would be unable to afford effective relief once the records are destroyed, and therefore the harm to Plaintiffs would be irreparable." Judge White's brief order-as well as its underlying logic-directly conflicts with FISC Judge Reggie B. Walton's March 7 order which required that the government destroy the telephony metadata. The government had requested that it be permitted not to destroy data after the normal five year period to preserve it for evidence in civil litigation. Judge Walton, as we reported the other day, had refused. In other words, at least for now, the government is under order both to destroy the data and to preserve the very same data.

top

- and -

New FISC order on retention of metadata (Lawfare, 12 March 2014) - On Monday, we reported on the temporary restraining order (TRO) issued by Judge Jeffrey S. White of the Northern District of California, which prohibited the government from destroying telephone metadata collected by the NSA, pursuant to Section 215 of the Patriot Act. The idea was to preserve the metadata, as evidence for potential use in pending civil suits against the government. That TRO conflicted with a March 7 Foreign Intelligence Surveillance Court (FISC) order , the minimization provisions of which had required disposal of metadata after five years. Consequently, the government approached the FISC yesterday , both to notify the FISC of the TRO and to again seek relief-FISC Presiding Judge Reggie B. Walton had refused an earlier request in this respect-=from the metadata destruction requirement. The government explained that it desired to retain the metadata "solely for non-analytic purposes pending resolution of [evidence] preservation issues." Shortly after receiving this most recent request, Judge Walton granted it . By issuing the TRO, he wrote, "the District Court [in California] has directly prohibited NSA from doing what the FISC has ordered it to do;" the incompatible directives "put the government in an untenable position and are likely to lead to uncertainty and confusion among all concerned." The FISC therefore authorized the government to retain the metadata pending resolution of the evidence preservation issues currently being litigated in the Northern District of California. [ Polley : this is a VERY interesting jurisdictional tennis match, and probably isn't over.]

top

Protester's hidden camera captures Supreme Court for first time (Mashable, 27 Feb 2014) - In an unprecedented act, a protester appears to have smuggled a video camera into the U.S. Supreme Court, captured footage of proceedings and posted it to YouTube. The two-minute video ends with a plug for the website of a campaign finance reform activist group called 99Rise. The video's climactic moment shows a man rising and shouting at the court before being grabbed by guards. * * * The hidden camera video seems to show two separate hearings. First, it shows oral arguments in the McCutcheon case from last October. Then, it shows a Wednesday hearing in patent case unrelated to campaign finance, during which Newkirk stages his protest. Spectators are required to check all electronic devices at the door before entering the Supreme Court. It's unclear how the person who filmed the hearings was able to smuggle his camera into the court.

top

Texas appeals court says police can't search your phone after you're jailed (ArsTechnica, 27 Feb 2014) - On Wednesday, the Texas Court of Criminal Appeals ruled that law enforcement officials do need a warrant to search an arrested person's cell phone after they've been jailed. The ruling did not decide whether it is legal or not for police to search a suspect's phone at the incidence of arrest, which is currently a hotly contested subject. The Supreme Court is set to decide that matter later this year. For now, however, seven Texas appeals court judges have ruled that a person has a legitimate expectation of privacy over the contents of their cell phone while the phone is being stored in the jail property room. An eighth judge wrote a dissenting opinion. The case, Texas v. Granville , involved Anthony Granville, a student who was arrested for causing a disturbance on a school bus. After Granville was arrested, his cell phone was placed in the booking room. Later, a "School Resources Officer" was told that Granville had taken a photo of another student urinating in the boys' bathroom prior to his arrest. The officer, who had not been involved in the arrest of Granville, went down to the booking room, obtained Granville's phone, turned it on, found the photo, and printed out a copy of it. The officer then kept the phone as evidence and charged Granville with Improper Photography, a state felony. Granville's lawyers moved to suppress the evidence against him, but the prosecution maintained that an officer can search anything in the jail's booking room if there is probable cause. The trial judge disagreed, and the state appealed. But Texas authorities did not find much more support in the Court of Appeals either. Although the ruling does not prohibit all warrantless searches of cell phones, the ruling is still very important, perhaps for less obvious reasons. "[T]he court recognizes that just because you've surrendered something to someone else (especially when that surrender is involuntary), that you can still maintain an expectation of privacy in the data and the item," wrote Hanni Fakhoury, an attorney for the Electronic Frontier Foundation. "That has implications beyond this case and really is the heart of the issue in the NSA litigation (which the court itself acknowledges toward the end of the opinion, even citing from Klayman v. Obama) as well as other issues surrounding law enforcement use of new technologies like cell site data."

top

- and -

Washington state text message privacy cases (EFF, February 2014) - EFF urged the Washington State Supreme Court to recognize that text messages are "the 21st Century phone call" and require that law enforcement obtain a warrant before reading texts on someone's phone. In this case, police seized a cell phone during a drug investigation, and monitored incoming messages. Officers responded to several texts, setting up meetings that resulted in two arrests. Prosecutors have argued that there should be no expectation of privacy in text messages, as anyone can pick up someone else's phone and read what's stored there. But in two related amicus briefs, EFF argues that searching the phone for the texts clearly violates the Constitution. In February 2014, the Washington Supreme Court agreed with us in both cases, ruling the search of the text messages was unlawful.

top

Optic Nerve: millions of Yahoo webcam images intercepted by GCHQ (Guardian, 28 Feb 2014) - Britain's surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal. GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not. In one six-month period in 2008 alone, the agency collected webcam imagery - including substantial quantities of sexually explicit communications - from more than 1.8 million Yahoo user accounts globally. Yahoo reacted furiously to the webcam interception when approached by the Guardian. The company denied any prior knowledge of the program, accusing the agencies of "a whole new level of violation of our users' privacy". GCHQ does not have the technical means to make sure no images of UK or US citizens are collected and stored by the system, and there are no restrictions under UK law to prevent Americans' images being accessed by British analysts without an individual warrant.

top

California appellate court allows looking at your smartphone while driving (Volokh Conspiracy, Orin Kerr, 28 Feb 2014) - Last year , I blogged about a California trial court opinion holding that a driver who looked at his cell phone's map application while on the road violated a California law against driving while "using a wireless telephone." I didn't find the decision persuasive. Fortunately, reason has prevailed: In a decision handed down Thursday, the Court of Appeals reversed the trial court in People v. Spriggs . From the introduction: Spriggs contends he did not violate the statute because he was not talking on the telephone. We agree. Based on the statute's language, its legislative history, and subsequent legislative enactments, we conclude that the statute means what it says - it prohibits a driver only from holding a wireless telephone while conversing on it. Consequently, we reverse his conviction.

top

Florida cops' secret weapon: warrantless cellphone tracking (Wired, 3 March 2014) - Police in Florida have offered a startling excuse for having used a controversial "stingray" cellphone tracking gadget 200 times without ever telling a judge: the device's manufacturer made them sign a non-disclosure agreement that they say prevented them from telling the courts. The shocking revelation came during an appeal over a 2008 sexual battery case in Tallahassee in which the suspect also stole the victim's cellphone. Using the stingray - which simulates a cellphone tower in order to trick nearby mobile devices into connecting to it and revealing their location - police were able to track him to an apartment. During recent proceedings in the case, authorities revealed that they had used the equipment at least 200 additional times since 2010 without disclosing this to courts and obtaining a warrant. Although the specific device and manufacturer are identified in neither the one court document available for the 2008 case, nor in a video of a court proceeding, the ACLU says in a blog post today that the device is "likely a stingray made by the Florida-based Harris Corporation."

top

A vast hidden surveillance network runs across America, powered by the repo industry (BetaBoston, 4 March 2014) - Few notice the "spotter car" from Manny Sousa's repo company as it scours Massachusetts parking lots, looking for vehicles whose owners have defaulted on their loans. Sousa's unmarked car is part of a technological revolution that goes well beyond the repossession business, transforming any ­industry that wants to check on the whereabouts of ordinary people. An automated reader attached to the spotter car takes a picture of every license plate it passes and sends it to a company in Texas that already has more than 1.8 billion plate scans from vehicles across the country. These scans mean big money for Sousa - typically $200 to $400 every time the spotter finds a vehicle that's stolen or in default - so he runs his spotter around the clock, typically adding 8,000 plate scans to the database in Texas each day. "Honestly, we've found random apartment complexes and shopping ­plazas that are sweet spots" where the company can impound multiple vehicles, explains Sousa, the president of New England Associates Inc. in Bridgewater. But the most significant impact of Sousa's business is far bigger than locating cars whose owners have defaulted on loans: It is the growing database of snapshots showing where Americans were at specific times, information that everyone from private detectives to ­insurers are willing to pay for. While public debate about the license reading technology has centered on how police should use it, business has eagerly adopted the $10,000 to $17,000 scanners with remarkably few limits. At least 10 repossession companies in Massachusetts say they mount the scanners on spotter cars or tow trucks, and Digital Recognition Network of Fort Worth, Texas, claims to collect plate scans of 40 percent of all US vehicles annually.

top

Target CIO resigns following massive data breach (TechCrunch, 5 March 2014) -Target Corp.'s Chief Information Officer Beth Jacob is resigning, effective immediately, in the wake of the massive data breach during the holiday 2013 shopping season during which as many as 70 million customers had their personal information stolen, including 40 million debit and credit card accounts. The retailer also said it would be overhauling its information security practices and compliance division, and would be looking for external candidates to serve as interim CIO. "While we are still in the process of an ongoing investigation, we recognize that the information-security environment is evolving rapidly," Target Chairman, President and CEO Gregg Steinhafel said in a brief statement released this morning. "To ensure that Target is well positioned following the data breach we suffered last year, we are undertaking an overhaul of our information-security and compliance structure and practices at Target." This also includes elevating the role of the Chief Information Security Officer - another position that Target will hire externally, along with a Chief Compliance Officer. [ Polley : Data security & governance are appropriate subjects for C-level attention, everywhere. This is what happens when they are given short shrift.]

top

4 accused in law firm fraud ignored a maxim: don't email (NYT, 6 March 2014) - Several former leaders of the once-high-flying law firm Dewey & LeBoeuf apparently violated a cardinal rule that lawyers always tell their clients: Don't put anything incriminating into an email. Four men, who were charged by New York prosecutors on Thursday with orchestrating a nearly four-year scheme to manipulate the firm's books to keep it afloat during the financial crisis, talked openly in emails about "fake income," "accounting tricks" and their ability to fool the firm's "clueless auditor," the prosecutors said. One of the men even used the phrase "cooking the books" to describe what they were doing to mislead the firm's lenders and creditors in setting the stage for a $150 million debt offering that was supposed to solve the firm's financial woes, according to the messages.

top

Navy hacking blamed on Iran tied to HP contract (WSJ, 6 March 2014) - A major infiltration of a military network blamed on Iran was facilitated by a poorly written contract with computer-services provider Hewlett-Packard Co., said people familiar with the matter. H-P's contract with the military didn't require it to provide specific security for a set of Navy Department databases, and as a result, no one regularly maintained security for them. That eased access for hackers, who used the opening to penetrate deep into the Navy Marine Corps Intranet network, said people familiar with the matter. The findings of the Navy's investigation are being closely watched by lawmakers on Capitol Hill, who next week are set to evaluate the nomination of Vice Adm. Michael Rogers as National Security Agency director. Adm. Rogers was the Navy cyber chief who oversaw the response. The intrusion, which officials said didn't compromise classified information or email, took about four months to clean up. The Navy has been working to address lapses revealed by the hack and other security efforts under what it calls Operation Rolling Tide. The infiltration is the only publicly known penetration of a military network blamed on Iranian hackers. The hacking "is a contracting failure and not a technology failure," said one cybersecurity specialist familiar with the situation. "This is a Dilbert cartoon." One of the biggest flaws uncovered, said the cybersecurity specialist, was the absence of provisions to maintain security for a set of Microsoft Corp. databases that use Structured Query Language, which help store and retrieve data. With no security provision in the contract, no one was charged with making sure the database security systems were up-to-date. [ Polley : Spotted by MIRLN reader Roland Trope .]

top

Court blesses Instagram's right to unilaterally amend its user agreement (Eric Goldman, 6 March 2014) - Instagram revised its terms of service in December 2012. The revisions (1) stated that Instagram was disclaiming "ownership of content" posted by users, as opposed to disclaiming "any ownership rights in content" posted by users; (2) broadened the scope of the license granted by users to allow Instagram to sublicense user content and do so without restrictions; (3) added a liability waiver; and (4) added an arbitration provision. Instagram provided users with advance notice of the changes, letting users know on December 18, 2012 that the new terms would go into effect in a month (on January 19, 2013). Rodriguez (the plaintiff), continued to use Instagram following January 2013, although she opted out of the arbitration provision. Her predecessor plaintiff (for whom she later substituted in) filed a lawsuit in federal court, but Judge Alsup dismissed that lawsuit for lack of federal jurisdiction. Judge Alsup's dismissal was without prejudice to plaintiff's attempt to file in state court, and Ms. Rodriguez pursued that avenue. She asserted claims for breach of the duty of good faith and fair dealing and violations of California's unfair competition law. Her claims failed. Instagram's unilateral change does not violate the duty of good faith: In resolving Rodriguez's breach of duty of good faith claim, the court and the parties focused on a case involving a bank's attempt to add an arbitration clause into a customer agreement by providing notice in a mailer with the monthly bill. A California appeals court held (in Badie v. Bank of America) that because the bank tried to exercise a unilateral right to modify an agreement on a topic that wasn't addressed in the original agreement, its attempt to modify the contract breached the duty of good faith. That court also held that waivers by the bank's customers of the right to a jury trial were ambiguous, and therefore ineffective, because the bank did not provide conspicuous notice. Citing to other federal courts that distinguished Badie on the basis of customers' realistic ability to review the revised agreement and exercise a meaningful opt-out, the court says that the revised Instagram terms were not foisted on plaintiff. In fact, Rodriguez could have simply stopped using the service but chose to continue to use it. (Although the court does not mention it, I think her act of opting-out of the arbitration clause was also persuasive evidence of her choice in the matter.) * * *

top

Do you have this declassified document? Give it back! (MLPB, 12 March 2014) - Jonathan Abel, Stanford Law School Constitutional Law Center, is publishing o You Have to Keep the Government's Secrets?: Retroactively Classified Documents, the First Amendment, and the Power To Make Secrets Out of the Public Record in volume 163 (2015) of the University of Pennsylvania Law Review. Here is the abstract: Retroactive classification is a little-known national security power that allows the government to declassify a document, release it to the public, and then classify it later on - even if the document remains accessible in the public domain. This means you could receive a document today and be prosecuted tomorrow for not giving it back. Drawing on original interviews, historical documents, and other primary sources, this Article provides the first in-depth account of this phenomenon, which threatens the freedom of speech, the freedom of the press, and the separation of powers, but has received only glancing scholarly attention. The Article begins with examples of retroactive classification, which has targeted material ranging from congressional testimony on the missile-defense system to half-century-old documents at the National Archives. It then examines how the rules that are supposed to limit retroactive classification's sweep are incapable of doing so in the Internet Age. The Article next asks: Can the government punish someone for disregarding a retroactive classification order? Despite significant statutory and First Amendment concerns, the Article concludes that the answer is yes. Retroactive classification can be enforced by criminal prosecution. The Article also situates the phenomenon of retroactive classification in the broader debate about the government's ability to control information in the public domain. As the Article shows, retroactive classification of sorts occurs in many contexts outside of national security law, such as when the government attempts to prevent the publication of social security numbers, police officers' home addresses, and other sensitive information it has made available in the public record.

top

The history of eBooks from 1930′s "readies" to today's GPO ebook services (Government BookTalk, 13 March 2014) - To some it might seem strange that the Government Printing Office, the printer of Federal publications for over 150 years, is blogging about eBooks for "Read an eBook" Week and the 25th anniversary of the World Wide Web . However, GPO has been working with digital publications for years and is fully immersed in eBooks. While many know that the paperback book came to us in the 1930s, few know that the concept for electronic books arose at the same time. According to Wikipedia, the idea of the e-reader came to writer and impresario Bob Brown after watching his first "talkie" (movies with sound). In 1930, he wrote an entire book on this invention and titled it "The Readies" [/reed-eeze/] playing off the name of the "talkie." (Read about Brown in this New York Times article .)

top

Court gives legal "Oscar" to actors, rotten tomatoes to Google (Steptoe, 13 March 2014) - Last month, in Garcia v. Google, Inc., the U.S. Court of Appeals for the Ninth Circuit issued a preliminary injunction ordering Google to take down an anti-Islamic film from YouTube and to prevent further uploads of the film. The court concluded that the plaintiff, an actress who appears in the film, likely has a valid copyright interest in her performance in the film and that leaving the film on YouTube could cause the most irreparable sort of harm - the plaintiff's death. The key part of the decision is the court's conclusion that an actor can retain an independent copyright interest in her performance in a film, even if she is not a "joint author" of the entire film. This is an issue that is of concern not just to Google and other operators of video platforms - since it will broaden the range of parties entitled to require such operators to remove videos based on alleged copyright infringement - but also to the producers and other "joint authors" of films, who might have thought that they had the exclusive copyright interests in their work. Google has indicated it will petition for rehearing en banc. [ Polley : This is such an odd result that there's been some outcry, and may be a rehearing. Still Judge Kozinski seems intent.]

top

NOTED PODCASTS

Steptoe Cyberblog (begun 2014) - The Steptoe Cyberblog, with its sometimes contrasting insights, serves up opinionated and provocative thoughts on the issues - especially cybersecurity and privacy - that arise at the intersection of law, information technology, and security. This weekly podcast includes commentary on recent developments, followed by a 20-30 minute interview with a prominent player in the field. [ Polley : worthwhile; usually has commentary from Michael Vatis and Stewart Baker, et al.]

top

Margot Kaminski on robotic surveillance: authorship or intrusion? (Berkman, 28 Jan 2014; 76 minutes) - As the use of robotic technology expands private third-party surveillance will also expand to new locations and scenarios. Is it possible - or desirable - to craft meaningful laws or guidelines before widespread private adoption of robots? In this talk Margot E. Kaminski - Research Scholar in Law, Executive Director of the Information Society Project, and Lecturer in Law at Yale Law School - explores how the pending increase in robotic surveillance poses new questions for U.S. privacy law, and the extents to which robotic surveillance will be necessary, superfluous, or deliberately intrusive. [ Polley : I follow Margot on Twitter: @MargotKaminski]

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Big Four accounting firms join in cyber-risk index to gauge firms' preparedness (Computerworld, 22 March 2004) -- A consortium of companies that includes the Big Four accounting firms and at least one large insurer is quietly working on a cybersecurity risk measurement framework for large enterprises, Computerworld has learned. The Risk Preparedness Index is being developed by the newly formed Global Security Consortium, which so far includes PricewaterhouseCoopers, Ernst & Young LLP, Deloitte & Touche LLP, KPMG International and insurance giant AIG International Inc. The RPI was originally being developed to provide a risk measurement model for use within the insurance and accounting industries. But the goal now is for the index to provide the basis for a much more broadly applicable system for measuring and rating organizational risk preparedness, according to a source close to the GSC. The GSC has been in active discussions with several industry groups, including The Open Group standards body, for several months in a bid to gain endorsements and wider support for the effort to build the framework. "[The RPI] will allow third-party auditors to come in and make a judgment as to whether or not you are complying with established cybersecurity practices," explained Larry Clinton, chief operating officer at the Internet Security Alliance. ISA members that score above a certain level on the RPI could qualify for lower insurance rates.

top

College facebook mugs go online (Wired, 9 June 2004) -- Maya Chard-Yaron, 19, was poked about 10 times last week. But rather than getting annoyed at the unsolicited jabs, Chard-Yaron kind of enjoyed it -- especially since friends and acquaintances were doing the poking through a social-networking website, Thefacebook. On Thefacebook, poking is a way of saying "hi" to would-be contacts, a method to strike up a conversation without adding the person as a friend. And there's quite a bit of poking going on. Chard-Yaron, a Southern Californian who will be a junior at Columbia University in the fall, is one of about 250,000 students at 34 colleges across the United States intrigued by Thefacebook. Unlike social websites like Friendster and orkut, Thefacebook is meant only for college students and alums. "I know it sounds stupid but when I log onto Thefacebook and I see this person poked me I think, 'Aww,' 'cause I miss them," she said. Thefacebook is modeled after schools' traditional facebooks -- booklets with names, photos, interests and other information about students. The site started in February and is expanding rapidly. Engineered and initially intended just for students at Harvard University, Thefacebook's creators -- all five of them Harvard students -- hope to have their site available to about 200 American colleges by fall. By registering on Thefacebook, students can compile lists of friends, send messages, list their classes and summer vacation plans, and divulge as much -- or as little -- personal contact information as they like.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. The Benton Foundation's Communications Headlines

11. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top