Saturday, December 29, 2007

MIRLN - Misc. IT Related Legal News [9-29 December 2007; v10.17]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (vpolley@REMOVETHISSTRINGvip-law.com) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at www.vip-law.com and blogged at http://mirln.blogspot.com/.

**************End of Introductory Note***************

**** ABA CYBERSPACE MEETING ****
The Cyberspace Law Committee will hold its Winter Working Meeting in a real winter venue this time: Minneapolis, 25-26 January 2008. Come and bask with old and new friends in the Twin Cities for the most concentrated and productive cyberlaw discussions anywhere. Information at http://www.abanet.org/buslaw/committees/CL320000pub/meetings.shtml

TECH SMART TEEN MEANS PERJURY RAP FOR COP (ABC News, 7 Dec 2007) - A teen suspect’s snap decision to secretly record his interrogation with an MP3 player has resulted in a perjury case against a veteran detective and a plea deal for the teen. Unaware of the recording, Detective Christopher Perino insisted under oath at a trial in April that suspect Erik Crespo wasn’t questioned about a shooting in the Bronx. But the defense confronted the detective with a transcript it said proved he had spent more than an hour unsuccessfully trying to persuade Crespo to confess. Perino was arraigned today on 12 counts of first-degree perjury and freed on bail. http://abcnews.go.com/TheLaw/wireStory?id=3968795

BLOG NAMES YEAR’S TOP 10 (MAKE THAT 11) LEGAL ETHICS STORIES (ABA Journal, 10 Dec 2007) - The blog Legal Ethics Forum picked its top 10 ethics stories of the year, then made it the top 11 ethics stories at the suggestion from a reader. (The addition is No. 11 below.)The top stories named by the blog: 1. The case against former Durham County, N.C., District Attorney Michael Nifong, who was disbarred after admitting there was no credible evidence that three former Duke lacrosse players had committed rape. 2. Judges and lawyers in Pakistan who protested after President Pervez Musharraf suspended the country’s constitution and removed numerous appellate judges from office. 3. Maj. Michael Mori’s aggressive representation of Guantanamo detainee David Hicks, which may have hurt the lawyer’s military career. 4. Former Milberg Weiss lawyer William Lerach’s guilty plea, which acknowledges he paid kickbacks to lead plaintiffs. 5. The resignation of Pentagon official Cully Stimson after he tried to shame law firms into stopping pro bono representation of Guantanamo detainees. 6. They sanctions case against Qualcomm for failing to produce more than 200,000 electronic documents in a patent infringement suit against rival chip-maker Broadcom. 7. New York’s adoption of many of the ABA model ethics rules and the state’s attempt to adopt new rules clamping down on lawyer advertising. 8. Law firms whose “guild behaviors continued to give way to market behaviors.” These include Howrey, which is abandoning lockstep compensation, and McDermott, Will & Emery, which is creating a second tier of associates. 9. Dueling ethics opinions by the ABA and the Colorado Bar Association on the propriety of collaborative law. 10. The dismissal of an indictment against 13 former employees of KPMG in a tax shelter case because the government pressured the accounting firm not to pay defense costs. http://www.abajournal.com/weekly/blog_names_years_top_10_make_that_11_legal_ethics_stories

LEGAL WEB SITES SHAKE UP CONDO MARKET (Law.com, 10 Dec 2007) - South Florida lawyers are increasingly tapping into the cyber world to capture a share of the growing business of helping buyers recover deposits from pre-construction and condo conversion projects. Web sites such as recovermydeposit.com and depositrecoveryservices.com are popping up across the Web. The lawyer-run sites inform buyers of their rights under Florida law and possible remedies and offer them help. But to be able to offer this service, lawyers said, they have had to relearn specific state and federal laws that were little used in the past. Attorneys are digging deep but barely finding case law to shed light on possible remedies for their clients, Miami Beach real estate attorney Aaron Resnick said. Resnick launched recovermydeposit.com last month in response to the poor information on the subject, he said. “This is so new,” said Resnick, who left Gunster Yoakley & Stewart in 2005 to start his own firm. “People don’t know where to go for help. I saw a lot of people asking family members and friends for advice and referrals.” http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1197021873156&rss=newswire

FERC SEEKS INDUSTRY CYBER-SECURITY PLANS (Washington Post, 10 Dec 2007) - Federal energy regulators said Monday they have asked the White House to approve a rule that requires the electric industry to submit detailed reports about its progress in addressing potential cyber-security vulnerabilities. In its order asking the Office of Management and Budget to approve the new requirement, the Federal Energy Regulatory Commission cited the ability of government scientists earlier this year to hack into a simulated power-plant control system and cause an electric generator to destroy itself. ‘The commission intends to immediately issue a directive that requires all generator owners, generator operators, transmission owners and transmission operators that are registered by the North American Electric Reliability Corp. and located in the United States to provide to NERC certain information related to actions they have taken or intend to take to protect against’ similar cyber vulnerabilities, according to the notice. The commission will require NERC, which oversees North America’s electricity grid, to make the information available for review, and expects about 1,150 responses at a total cost of more than $1.2 million to the industry. The power grid, generating plants and refineries face increasing threats from hackers who could cause major disruptions and economic chaos in the U.S., according to congressional investigators. The Government Accountability Office in October said control systems at those critical facilities ‘are more vulnerable (today) to cyberattacks than in the past.’ Greg Garcia, assistant secretary for cybersecurity at the Department of Homeland Security, told lawmakers his agency was working with others on standards and guidance to protect critical control systems, but that it was the Federal Energy Regulatory Commission’s responsibility to get more stringent standards to industry. http://money.cnn.com/news/newsfeeds/articles/newstex/AFX-0013-21569682.htm

RIAA: THOSE CD RIPS OF YOURS ARE STILL “UNAUTHORIZED” (ArsTechnica, 11 Dec 2007) - Those MP3 and AAC files that you’ve ripped from your CD collection are still “unauthorized copies” in the eyes of the recording industry. In a brief filed late last week, the RIAA said that the MP3 files on a PC owned by a file-sharing defendant who had admitted to ripping them himself were “unauthorized copies.” Atlantic v. Howell is a bit unusual because the defendants, husband and wife Jeffrey and Pamela Howell, are defending themselves against the recording industry’s lawsuit without the benefit of a lawyer. They were sued by the RIAA in August 2006 after an investigator from SafeNet discovered evidence of file-sharing over the KaZaA network. The Howells have denied any copyright infringement on their part. In their response to the RIAA’s lawsuit, they said that the MP3 files on their PC are and “always have been” for private use. “The files in question are for transfer to portable devices, that is legal for ‘fair use,’” reads their response. After several years of litigation and nearly 30,000 lawsuits, making a copy of a CD you bought for your own personal usage is still a concept that the recording industry is apparently uncomfortable with. During the Jammie Thomas trial this fall, the head of litigation from Sony BMG testified that she believed that ripping your own CDs is stealing. http://arstechnica.com/news.ars/post/20071211-riaa-those-cd-rips-of-yours-are-still-unauthorized.html

CHAT BOTS LATEST RUSSIAN MALWARE THREAT (CNET, 12 Dec 2007) - A program that can mimic online flirtation and then extract personal information from its unsuspecting conversation partners is making the rounds in Russian chat forums, according to security software firm PC Tools. The artificial intelligence of CyberLover’s automated chats is good enough that victims have a tough time distinguishing the “bot” from a real potential suitor, PC Tools said. The software can work quickly too, establishing up to 10 relationships in 30 minutes, the company revealed. It compiles a report on every person it meets complete with name, contact information, and photographs. Among CyberLover’s creepy features is its ability to offer a range of different profiles from “romantic lover” to “sexual predator”. It can also lead victims to a “personal” Web site, which could be used to deliver malware, PC Tools said. Although the program is currently targeting Russian Web sites, PC Tools is urging people in chat rooms and social networks elsewhere to be on the alert for such attacks. Their recommendations amount to just good sense in general, such as avoiding giving out personal information and using an alias when chatting online. The software company believes that CyberLover’s creators plan to make it available worldwide in February. Robot chatters are just one type of social-engineering attack that uses trickery rather than a software flaw to access victim’s valuable information. Such attacks have been on the rise and are predicted to continue to grow. http://www.zdnetasia.com/news/security/printfriendly.htm?AT=62035388-39000005c

SYMANTEC, ADOBE SUE LAW FIRM OVER SOFTWARE COPYING CLAIM SOFTWARE (SiliconValley.com, 12 Dec 2007) - Symantec has sued Philadelphia law firm Fox Rothschild for allegedly copying its Norton anti-virus products without a license. Cupertino-base Symantec was joined in the suit by software makers Adobe Systems and Corel Sonic Solutions. They accuse the law firm of copying 19 software products over the past six years. The suit was filed Dec. 5 in San Francisco federal court. San Jose-based Adobe claims its Acrobat product was infringed by the firm. Ottawa, Canada-based Corel and Novato-based Sonic also claim their products were infringed. Fox Rothschild has yet to comment on the suit. http://www.siliconvalley.com/news/ci_7698986

JUDGE: MAN CAN’T BE FORCED TO DIVULGE ENCRYPTION PASSPHRASE (Wired, 14 Dec 2007) - A federal judge in Vermont has ruled that prosecutors can’t force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase. U.S. Magistrate Judge Jerome Niedermeier ruled that a man charged with transporting child pornography on his laptop across the Canadian border has a Fifth Amendment right not to turn over the passphrase to prosecutors. The Fifth Amendment protects the right to avoid self-incrimination. Niedermeier tossed out a grand jury’s subpoena that directed Sebastien Boucher to provide “any passwords” used with his Alienware laptop. “Compelling Boucher to enter the password forces him to produce evidence that could be used to incriminate him,” the judge wrote in an order dated November 29 that went unnoticed until this week. “Producing the password, as if it were a key to a locked container, forces Boucher to produce the contents of his laptop.” Especially if this ruling is appealed, U.S. v. Boucher could become a landmark case. The question of whether a criminal defendant can be legally compelled to cough up his encryption passphrase remains an unsettled one, with law review articles for the last decade arguing the merits of either approach. (A U.S. Justice Department attorney wrote an article in 1996, for instance, titled “Compelled Production of Plaintext and Keys.”) This debate has been one of analogy and metaphor. Prosecutors tend to view PGP passphrases as akin to someone possessing a key to a safe filled with incriminating documents. That person can, in general, be legally compelled to hand over the key. Other examples include the U.S. Supreme Court saying that defendants can be forced to provide fingerprints, blood samples, or voice recordings. Orin Kerr, a former Justice Department prosecutor who’s now a law professor at George Washington University, shares this view. Kerr acknowledges that it’s a tough call, but says, “I tend to think Judge Niedermeier was wrong given the specific facts of this case.” http://www.news.com/8301-13578_3-9834495-38.html?tag=recentPosts Ruling at http://www.volokh.com/files/Boucher.pdf More at http://www.news.com/8300-13578_3-38-0.html?categoryId=9750513 See also “Commanding Decryption and the Privilege Against Self-Incrimination” (Bert-Jaap Koops, 2000) at http://arno.uvt.nl/show.cgi?fid=5724

FOUNDATION TESTING POTENTIAL OF PHILANTHROPY VIA INTERNET (New York Times, 13 Dec 2007) - The Case Foundation is embarking on an effort to test the potential of citizen-led philanthropy via the Internet. Starting at 3 p.m. on Thursday, readers of Parade magazine and members of the Causes section of the Facebook Web site can enter a contest to win a total of $500,000 and $250,000, for their favorite charities, provided by Case. The prizes will go to the charities and causes that attract the greatest numbers of unique donors, rather than the one that raises the most money. “Philanthropy shouldn’t be defined as a bunch of rich people writing big checks,” said Jean Case, who founded the Case Foundation with her husband, Steve, founder of America Online. “Small amounts of money given by large numbers of individuals can be combined to do great things.” Randy Siegel, publisher of Parade, said he saw the program as “a wonderful way to give our 70 million readers a firsthand look at how the Internet and technology have revolutionized charitable giving.” The contest is one of a string of efforts by Case to determine what role online technologies can have in the charity field. The amounts raised through new technologies and online networks have been modest. The top “cause” listed on Causes, support for breast cancer research, has attracted 2.8 million members, raising an average of 2 cents a member, or a total of $52,240, for Brigham and Women’s Hospital. Proponents say the Internet has been useful in attracting people to sign petitions and attend rallies and demonstrations, if not in generating big donations. “The tools and technologies are still evolving, and we’re still trying to figure out how it works,” said Beth Kanter, an expert on nonprofits and technology. http://www.nytimes.com/2007/12/13/us/13foundation.html?ex=1355202000&en=4e79cf13264a4f7f&ei=5090&partner=rssuserland&emc=rss

THE TOP 10 DATA BREACHES OF 2007 (CSO Online, 14 Dec 2007) - If there’s only one thing you’ll remember from 2007, it will be Britney Spears’ meltdown. But if there are two things you remember, it will be Britney and the thousands of data breaches that were reported in 2007, right? Right? Well, it’s what we’ll remember, and since we don’t necessarily do celeb gossip (unless you’ve got a good security angle…) we decided to offer up a review of the best and worst of Disclosure ‘07. Each breach gets rated on our nifty, unscientific “Class-Action Outrage Scale,” judging the likelihood that ambulance-chasing lawyers could have a field day. Look out Monster.com: We estimate nine of 10 lawyers are outraged on behalf of your 1.3 million victims. Our “D’oh! Factor” (thank you, Homer Simpson) reflects just how egregious and goofy the breach was. Take a look at how Swedish Urology Group earned itself five out of five Homers. Ick. Some breaches on our list are serious. Some are funny. And some are just plain sad. But all of them were probably preventable. http://www2.csoonline.com/exclusives/column.html?CID=33366

INSURER GETS RECORD FINE FOR ID THEFT DISASTER (Computer World, 17 Dec 2007) - A U.K. insurance house has been slapped with a record fine by the Financial Services Authority (FSA) watchdog for incompetent customer account security. The latest offender is Norwich Union, which allowed fraudsters to impersonate customers when phoning its call centers, cashing in policies on an astonishing 74 occasions out of a total of recorded 632 attempts. The social engineers - 11 suspects have now been arrested - were able to steal a total of $6.6 million during the scam, which took place in 2006. The FSA has hit the company with a $2.5 million fine, a record for the U.K., and even larger than that levied on The Nationwide Building Society earlier this year for losing a laptop full of unspecified customer data in August 2006. The Norwich Union only avoided an even larger fine of $3.6 million by promptly settling the charges with the industry regulator, and agreeing to tighten up its procedures. One of the most serious charges was that the company failed to react to the pattern of fraud, allegedly initially only informing customers who had been or were current directors of the company. In other words, the company realized fraud was happening but was unable to put in place extra security to stop further occurrences of fraud from happening. “Norwich Union Life let down its customers by not taking reasonable steps to keep their personal and financial information safe and secure,” said the FSA’s Margaret Cole. “It is vital that firms have robust systems and controls in place to make sure that customers’ details do not fall into the wrong hands. Firms must also frequently review their controls to tackle the growing threat of identity theft.”This fine is a clear message that the FSA takes information security seriously and requires that firms do so too,” she added. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9053298&source=NLT_PM&nlid=8

BELGIUM ADOPTS RULES ALLOWING ELECTRONIC EMPLOYMENT CONTRACTS (Bird & Bird, 17 Dec 2007) - Belgium has adopted new rules permitting the conclusion of employment contracts electronically, provided secure electronic signature and archiving systems are used. This highlights both the growing comfort with digital contracting and the increased role that trusted third parties, providing electronic signature systems and archiving, play in this expanding digital environment. One of the objectives of the E-commerce Directive 2003/31/EC was to remove obstacles to the use of electronic contracts. Member States were to amend their legislation to remove any requirements which were likely to curb the use of contracts by electronic means or which would deprive electronic contracts of legal effectiveness and validity. The Directive provided four explicit exceptions to this principle where Member States may provide that contracts cannot be entered into by electronic means. These exceptions covered contracts related to real estate (except for rental rights), contracts requiring the involvement of courts or public authorities, certain contracts of suretyship and collateral securities, and contracts governed by family law or the law of succession. The four exceptions listed by the Directive were incorporated into Belgian law by Article 17 of the E-commerce Act of 11 March 2003. Employment contracts were not included in the list of exceptions but the Directive provides that the contractual relationships between employees and employers is not an information society service and are therefore outside the scope of the Directive. Legal writers have therefore regarded employment contracts as an implicit exception. The E-commerce Act remains silent on employment contracts. On 3 June 2007, a new Article 3bis was inserted into the Employment Contracts Act of 3 July 1978. The new Article provides that an employment contract which is signed by means of the electronic signature created by the Belgian electronic identity card (eID), or by any other electronic signature which meets the same security standards as the eID signature, has the same force as a signed hardcopy contract. A further Royal Decree will establish the security standards for the creation of electronic signatures (other than the eID). Providers of electronic signature systems will be able to register with the Crossroads Bank for Social Security who will draw up a list of accepted systems. This list will be approved by the Minister of Employment Affairs and published on the website of the Crossroads Bank for Social Security. The new law explicitly provides that neither the employer nor the employee can be forced to conclude an employment contract electronically. This reiterates the principle in the Electronic Signatures Act of 9 July 2001 which stipulates that, unless provided otherwise by law, no person can be obliged to commit a legal act by electronic means. http://www.twobirds.com/english/publications/articles/Belgium_rules_electronic_employment_contracts.cfm

CUTTING OUT PRIVACY IN THE OFFICE (Law.com, 19 Dec 2007) - Private communications at work may be a thing of the past, even if the communications are personal matters conveyed via a personal e-mail account. Kelly Talcott examines recent court decisions that weighed whether an employee has a reasonable expectation of privacy regarding electronic communications. Story at: http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1198010085253&rss=newswire

MORE TEENS MOVE THEIR SOCIAL LIVES ONLINE (SiliconValley.com, 19 Dec 2007) - The Internet is becoming ever more central to the social life of America’s teenagers, especially girls, with greater numbers communicating with friends and creating content on sites like Facebook, MySpace and YouTube, a new survey shows. And when not online, they are gabbing more on cellphones and exchanging text messages. Pew’s “Teens an Social Media” study, released Wednesday, showed marked increase in Internet use between 2004 and 2006. The findings may already be considered a year out of date - a very long time considering the rapid acceleration of Web culture. All considered, Pew’s findings should comfort Silicon Valley’s bustling Web enterprises that are relying on the medium as a source of revenue, through advertising and sales. “The use of social media - from blogging to online social networking to creation of all kinds of digital material - is central to many teenagers lives,” Pew declared. The report may add to the worry of parents who think their teens may be spending too much time socializing via the Advertisement Web. Among the more striking trends:
• Nearly two-thirds of teens - 63 percent - have a cell phone. Among teens with cell phones, 55 percent say they use them to talk with friends every day. - More girls than boys said they wrote blogs and kept up with friends via MySpace and Facebook, sites that came into existence only a few years ago. This conformed to one of Pew’s findings: “Girls continue to lead the charge as the teen blogosphere grows.” Pew found that 35 percent of all online teen girls blog, compared with 20 percent of online teen boys. “Virtually all of the growth in teen blogging between 2004 and 2006 is due to the increased activity of girls,” the study found. “Older teen girls are still far more likely to blog when compared with older boys, but younger girl bloggers have grown at such a fast clip that they are now outpacing even the older boys.” The survey found that 32 percent of girls ages 12 to 14 blog, compared to 18 percent of boys age 15 to 17.
• But YouTube and other video sharing sites tend to be the domain of boys. Online teen boys are “twice as likely” as girls to post video files online, by a 19 percent to 10 percent margin. “Not even older girls - a highly-wired and active segment of the teen population - can compete with boys in this instance; 21 percent of older boys post videos, while just 10 percent of older girls do so,” PEW said.
http://www.siliconvalley.com/news/ci_7761620 Pew Study here: http://www.bayareanewsgroup.com/multimedia/mn/biz/pipteens.pdf

CLINTON-OBAMA FEUD MOVES TO DOMAIN NAMES (Wired, 20 Dec 2007) - It’s come to this: a Democratic primary race so close and heated that a fierce battle of rhetoric has begun playing out in domain-name registrations. Hillary Clinton’s campaign quietly registered VotingPresent.com and VotingPresent.org in early December. Though no websites have gone up on the domains (which were first reported by ABC News), it’s a fair bet the sites won’t be promoting election-themed Christmas gifts: “Voting present” refers to a parliamentary maneuver in the Illinois Legislature that allows a lawmaker to abstain from voting on a particular measure. The obscure procedural move became national election news Thursday, when The New York Times ran a front-page story reporting that Clinton rival and former Illinois state senator Barack Obama voted “present” nearly 130 times in his eight years in the post, sometimes on key issues like abortion. The Times story marks the zenith of a rhetorical arc Clinton launched Dec. 3, when she first slammed Obama’s non-votes in a speech in Iowa. We now know her campaign registered and squirreled away the domain names the next day - a move that signals candidates’ growing use of highly focused microsites to buff their own images and to throw mud at opponents, from a safe distance. “When you go to VotingPresent.com, you’d be immersed in the information, but you’re also distanced from HillaryClinton.com,” said Peter Leyden, director of the New Politics Institute. “It’s where you’re going to see things go.” Obama’s campaign started the trend when he responded to Clinton attacks on his voting record by launching a “Hillary Attacks” website. And candidate John Edwards briefly ran a sarcastic “Plants for Hillary” website, referring to a Clinton staffer’s planting of a question for the candidate at a local Iowa forum. The site has since been dismantled. http://www.wired.com/politics/law/news/2007/12/clinton_domains

CHINA COURT REJECTS YAHOO CHINA’S ‘DEEP LINKING’ APPEAL (Billboard.biz, 20 Dec 2007) - The Beijing No. 2 Intermediate People’s Court on Dec. 20 rejected an appeal by Yahoo China against an April ruling that found it guilty of copyright violation due to its practice of providing “deep links” to Web sites offering unauthorized content such as mp3 downloads, lyrics and ringtones. “The ruling against Yahoo China is extremely significant in clarifying copyright rules for Internet music services in China,” said IFPI chairman/CEO John Kennedy in a statement. “By confirming that Yahoo China’s service violates copyright under new Chinese laws, the court has effectively set the standard for Internet companies throughout the country.” http://www.billboard.biz/bbbiz/content_display/industry/e3i3ed206b8d3c0733b23120a461b4581f2

LEGAL BLOG PICKS TOP ODD-BUT-TRUE STORIES (ABA Journal, 20 Dec 2007) - A legal blog called Blogonaut—with the tagline “We don’t make this stuff up—really”—has listed its top stories of the year. The posts tend to be wacky rather than weighty. Here’s a sampling of some of the headlines:
—Brawling TN Lawyer Entangled in Hilarious McDonald’s Dustup—But Fast Food Imbroglio is ‘Tip of the Iceberg’ for Court Room Pugilist
—Slain Attorney’s First Wife Also Tried to Shoot Him
—Lawyer’s Defense to Meth Charge—’I Did it for My Dog’—Wins Acquittal
Blogonaut readers are being invited to vote for the top story or to nominate their own. In early voting, a post about controversial Las Vegas Judge Elizabeth Halverson was garnering some support. More on Halverson in the ABA Journal’s “You’re NOT the Boss of Me,” August 2007. http://www.abajournal.com/weekly/legal_blog_picks_top_odd_but_true_stories Top-10 at http://blogonaut-blogonaut.blogspot.com/2007/12/blogonauts-top-posts-for-2007.html

10-RATED LAWYER WINS DISMISSAL OF SUIT AGAINST LAWYER-RANKING WEBSITE (ABA Journal, 20 Dec 2007) - A federal judge in Seattle has dismissed a lawsuit against a website that rates lawyers, saying the posted opinions are protected by the First Amendment. This site is called Avvo after avvocato, the Italian word for lawyer. It permits lawyers who want to improve their ratings to add information and allows consumers to post critiques. Two Seattle lawyers had contended in their suit that the website engaged in unfair and deceptive practices by falsely claiming to be objective, reliable and factual, the Seattle Times reports. One of the lawyers, John Henry Browne, also claimed damage to his reputation when the site rated him only a 5.7 out of 10. The plaintiffs had contended the ratings were easily manipulated and seriously flawed, asserting that one lawyer in prison for conspiracy got a higher rating than Justices Ruth Bader Ginsburg and Samuel A. Alito Jr., the Seattle Post-Intelligencer reports. But U.S. District Judge Robert Lasnik agreed with Avvo that opinions expressed in attorney ratings “are absolutely protected by the First Amendment and cannot serve as the basis for liability under state law.” Avvo was represented by lawyer Bruce E.H. Johnson of Davis Wright Tremaine, who has a rating of 10 out of 10 on the Avvo site. “To the extent that [the plaintiffs’] lawsuit has focused a spotlight on how ludicrous the rating of attorneys (and judges) has become, more power to them,” the opinion said (PDF posted by the Seattle Post-Intelligencer). “To the extent that they seek to prevent the dissemination of opinions regarding attorneys and judges, however, the First Amendment precludes their cause of action.” http://www.abajournal.com/weekly/10_rated_lawyer_wins_dismissal_of_suit_against_lawyer_ranking_website

FTC ISSUES ONLINE AD PRIVACY GUIDELINES (Business Week, 20 Dec 2007) - On the same day they cleared Google Inc.’s purchase of online advertiser DoubleClick, federal regulators said industry needs to be more transparent about how consumers’ Web-surfing habits are tracked. The Federal Trade Commission on Thursday proposed guidelines by which advertisers would voluntarily fess up to Web surfers about whether their online behaviors are monitored and used to personalize ads. Privacy experts said the guidelines could be helpful, but only if industry enforces them. Consumers are largely in the dark about companies tracking them through these ads, the agency said, adding that companies should give people a realistic choice in whether they want to be tracked or not. “You shouldn’t have to be a computer geek to protect your privacy,” said Peter Swire, an Ohio State University law professor and senior fellow at the Center for American Progress, a liberal think tank. http://www.businessweek.com/ap/financialnews/D8TLCGVO2.htm FTC release at http://ftc.gov/opa/2007/12/principles.shtm

COURTS PONDER THE SCOPE OF JURISDICTION IN INTERNET DEFAMATION CASES (Steptoe & Johnson’s E-Commerce Law Week, 20 Dec 2007) - In two recent cases involving online defamation, federal courts reached different conclusions about when purportedly libelous statements posted to a website may support personal jurisdiction. In McVea v. Crisp, a federal court in Texas found that it could assert jurisdiction over James Crisp, a non-resident defendant who had posted an allegedly defamatory statement to a message board dedicated to amateur discussion of Texas history. Since Texas was the “focus” of the website’s content and McVea had indicated in a prior posting that she lived in Texas and had also had a “prior working relationship” with Crisp, the court found it likely that Crisp “knew the brunt of the injury, if any, would be felt in Texas.” On the other hand, in Oxford Round Table, Inc. v. Mahone, a federal court in Kentucky found no jurisdiction over Sloan Mahone, a resident of England who called the business operations of plaintiff Oxford Round Table (ORT) “a fraud and misrepresentation” in postings to the Chronicle of Higher Education’s website, emails to an individual at Oxford University in England, and an email to an ORT seminar participant in Illinois. Noting that none of Mahone’s allegedly libelous statements directly affected Kentucky or took place within the state, the court found that Mahone did not “purposefully avail” herself of the forum. http://www.steptoe.com/publications-5053.html

THE DEEMED EXPORT RULE IN THE ERA OF GLOBALIZATION (US DoC, 20 Dec 2007) - Secretary of Commerce Carlos M. Gutierrez today welcomed the final report of the Deemed Export Advisory Committee, a distinguished group of Americans commissioned by the Secretary in September 2006 to examine the complex issue of deemed exports. Deemed exports are the transfer of sensitive dual-use technology to foreign nationals working or studying in the United States. “I appreciate the Committee’s efforts to address how to effectively protect U.S. national security interests and preserve U.S. leadership in scientific and commercial technology innovation,” said Secretary Gutierrez. “We intend to carefully review the Committee’s findings as we move forward to strike the right balance of protecting national security while continuing to attract the world’s best and brightest.” Advisory Committee Chairman Norman Augustine, retired Chairman & CEO of Lockheed Martin Corporation, delivered the report, entitled The Deemed Export Rule in the Era of Globalization. The Secretary has asked the Bureau of Industry and Security (BIS), the Commerce agency with jurisdiction over global dual-use policy to review the Committee’s recommendations. The full text of the report can be found at: http://tac.bis.doc.gov/2007/deacreport.pdf http://www.commerce.gov/NewsRoom/PressReleases_FactSheets/PROD01_004964

MICROSOFT OKS OPEN-SOURCE LICENSE (MercuryNews.com, 21 Dec 2007) - Microsoft, whose software powers about 95 percent of the world’s personal computers, reached an agreement on licensing terms that will allow open-source products to connect to the Windows operating system. Microsoft will license proprietary information on how Windows shares files and printers with the non-profit Protocol Freedom Information Foundation, which will make the data available to open-source developers working on a file and printing system called Samba. The agreement will “allow Samba to create, use and distribute implementations of all the protocols” to allow so- called workgroup servers to connect with Windows, Redmond, Wash.-based Microsoft said in a statement Thursday. The accord furthers Microsoft’s bid to resolve legal disputes worldwide that have been weighing on its shares. The company in October gave in to European Union demands to license the protocol data. In the past, Microsoft refused to license its technology to open-source software makers. Programs such as the free operating system Linux and the Samba system are distributed under terms requiring access to the source code, or underlying operating instructions. Samba said in a statement that the agreement involves a one-time fee of 10,000 euros ($14,350). The protocol data will be held “in confidence” by Samba. The agreement allows source code to be published “without further restrictions,” Samba said. http://www.mercurynews.com/business/ci_7776956?nclick_check=1

NCAA TO BLOGGERS: DON’T POST TOO OFTEN (CNET, 21 Dec 2007) - The NCAA this week announced a formal program limiting how often bloggers with media credentials can update their blog while attending championship college events. The sports governing body set blogging limits for each sport. For example, those at football games can update their blogs three times per quarter and once at halftime. For basketball, bloggers can post five times per half, once at halftime and twice per overtime period. The policy even sets rules for water polo (three per quarter, once at halftime), bowling (10 blog posts per session) and fencing (10 per session). The move is already garnering the predicted outrage. It reminds me of the music industry trying to hold on desperately to old business models in a fundamentally new era. This isn’t the first time the NCAA has butted heads with the blogosphere. In June, a sportswriter from the Louisville, Ky. Courier-Journal was ejected from a college baseball game for, you guessed it, blogging. Indeed, I’m sure there are folks at the NCAA that see its latest efforts as a reasoned compromise, but I think it just shows how out of touch they are. http://www.news.com/beyond-binary/8301-13860_3-9837182-56.html?tag=nefd.top NCAA rules at http://www2.ncaa.org/portal/media_and_events/press_room/media_kit/credentials/2008_blogging_policy.pdf

IN TRADE RULING, ANTIGUA WINS A RIGHT TO PIRACY (New York Times, 22 Dec 2007) - In an unusual ruling on Friday at the World Trade Organization, the Caribbean nation of Antigua won the right to violate copyright protections on goods like films and music from the United States — an award worth up to $21 million — as part of a dispute between the countries over online gambling. The award follows a W.T.O. ruling that Washington had wrongly blocked online gambling operators on the island from the American market at the same time it allowed online wagering on horse racing. Antigua and Barbuda had claimed damages of $3.44 billion a year. That makes the relatively small amount awarded Friday, $21 million, something of a setback for Antigua, which had been struggling to preserve its gambling industry. The United States argued that its behavior had caused $500,000 damage. Yet the ruling is significant in that it grants a rare form of compensation: the right of one country, in this case Antigua, to violate intellectual property laws of another — the United States — by allowing it to distribute copies of American music, movie and software products. http://www.nytimes.com/2007/12/22/business/worldbusiness/22gambling.html?_r=1&ref=business&oref=slogin

FBI PREPARES VAST DATABASE OF BIOMETRICS (Washington Post, 22 Dec 2007) - The FBI is embarking on a $1 billion effort to build the world’s largest computer database of peoples’ physical characteristics, a project that would give the government unprecedented abilities to identify individuals in the United States and abroad. Digital images of faces, fingerprints and palm patterns are already flowing into FBI systems in a climate-controlled, secure basement here. Next month, the FBI intends to award a 10-year contract that would significantly expand the amount and kinds of biometric information it receives. And in the coming years, law enforcement authorities around the world will be able to rely on iris patterns, face-shape data, scars and perhaps even the unique ways people walk and talk, to solve crimes and identify criminals and terrorists. The FBI will also retain, upon request by employers, the fingerprints of employees who have undergone criminal background checks so the employers can be notified if employees have brushes with the law. http://www.washingtonpost.com/wp-dyn/content/article/2007/12/21/AR2007122102544_pf.html

LABOR BOARD RESTRICTS UNION USE OF E-MAIL (New York Times, 23 Dec 2007) - The National Labor Relations Board has ruled that employers have the right to prohibit workers from using the company’s e-mail system to send out union-related messages, a decision that could hamper communications between labor unions and their membership. In a 3-to-2 ruling released on Friday, the board held that it was legal for employers to prohibit union-related e-mail so long as employers had a policy barring employees from sending e-mail for “non-job-related solicitations” for outside organizations. The ruling is a significant setback to the nation’s labor unions, which argued that e-mail systems have become a modern-day gathering place where employees should be able to communicate freely with co-workers to discuss work-related matters of mutual concern. The ruling involved The Register-Guard, a newspaper in Eugene, Ore., and e-mail messages sent in 2000 by Suzi Prozanski, a newspaper employee who was president of the Newspaper Guild’s unit there. She sent three e-mail messages about marching in a town parade and urging employees to wear green to show support for the union in contract negotiations. “An employer has a ‘basic property right’ to regulate and restrict employee use of company property,” the board’s majority wrote. “The respondent’s communications system, including its e-mail system, is the respondent’s property.” The board overturned several decisions it had made in ruling that an employer does not illegally discriminate against pro-union speech if it lets employees use e-mail for personal communications but bars them from using e-mail for solicitations for outside organizations. Adopting the reasoning of the United States Court of Appeals for the Seventh Circuit, involving two cases concerning the use of employer bulletin boards, the labor board distinguished between personal non-work-related postings like for-sale notices and wedding announcements, on the one hand, and group or organizational postings like union materials on the other. In its new ruling, the board’s majority wrote that employers can allow workers to use e-mail for personal communications while barring them from organizational-related communications. The majority redefined the meaning of discrimination and wrote that the Seventh Circuit’s approach “better reflects the principle that discrimination means the unequal treatment of equals.” Adopting another new policy, the board appeared to allow employers to bar e-mail for certain organizational activities, like promoting a union or Avon products, but not organizational activities related to charities. The dissenters said the majority’s decision, in allowing employers to bar solicitation with regard to some activities and not others, “would allow employees to solicit on behalf of virtually anything except a union.” http://www.nytimes.com/2007/12/23/us/23labor.html?ex=1356066000&en=27bcf28aa626f3f7&ei=5090&partner=rssuserland&emc=rss

NIST RELEASES FINAL DRAFT OF FISMA GUIDANCE (GCN, 27 Dec 2007) - The National Institute of Standards and Technology has released the final public draft of a framework that will assist agencies create the security assessments mandated by the Federal Information Security Management Act (FISMA). Copies of Draft Special Publication 800-53A, “Guide for Assessing the Security Controls in Federal Information Systems,” can be downloaded from the NIST site. NIST expects to publish the final edition in March. SP 800-53A is an addendum to NIST SP 800-53, “Recommended Security Controls for Federal Information Systems.” This addendum establishes a framework for assessing security controls. Both publications are extensions of Federal Information Processing Standard 200, the core document NIST produced to help agencies with FISMA. This draft incorporates comments from the previous public drafts. Changes include updated assessment procedures, clarification of some chapters and a new set of assessment cases. The agency is seeking comments until January 31, 2008. http://www.gcn.com/online/vol1_no1/45593-1.html?topic=security&CMP=OTC-RSS NIST draft at http://csrc.nist.gov/publications/drafts/800-53A/draft-SP800-53A-fpd-sz.pdf

**** RESOURCES ****

THE IT LAW WIKI (launched December 2007) -- This wiki is an encyclopedia of the legal issues, cases, statutes, events, people, organizations and publications that make up the global field of information technology law (often referred to as “computer law”). To learn more about this wiki, click on the "About this Wiki" link. To find an article, simply type the name in the "Search The IT Law Wiki" box in the upper right hand corner of [the referenced] page, click the "Content (A-Z)" button to the right or click the "Random page" button above or to the right. To write a new The IT Law Wiki article, enter the page title in the box. http://itlaw.wikia.com/wiki/The_IT_Law_Wiki [Editor: see also the EFF’s similar wiki: http://ilt.eff.org/index.php/Table_of_Contents]

THE DIGITAL ECONOMY FACT BOOK (Progress & Freedom Foundation, 14 Dec 2007) - The digital revolution has changed the way we make goods and provide services, transforming virtually every industry and creating whole new categories of products and businesses—all at breathtaking speed. Simply keeping track of what is happening, let alone comprehending it, often seems an overwhelming task. The Ninth Edition of The Digital Economy Fact Book provides a factual basis from which analysis of the digital economy can begin. In seven key sections, it presents the best available information on: • The Growth of the Internet • The Hardware Sector • The Communications Sector • Digital Media • Electronic Commerce • Threats to the Digital Economy • The Worldwide Digital Economy http://www.pff.org/issues-pubs/books/factbook_2007.pdf

SECURITY BREACH NOTIFICATION LAWS: VIEWS FROM CHIEF SECURITY OFFICERS (UC Berkeley, Dec 2007) - This pilot study compliments work by Professors Deirdre K. Mulligan and Kenneth A. Bamberger of UC-Berkeley Law, who are studying the factors that contribute to decision-making by chief privacy officers. It was supervised by Chris Jay Hoofnagle of the Samuelson Law, Technology & Public Policy Clinic. It is part of a comprehensive research initiative regarding Chief Security Officers now underway at the Samuelson Clinic led by Aaron J. Burstein and Professor Mulligan. This study surveys the literature on changes in the information security world and significantly expands upon it with qualitative data from seven in-depth discussions with information security officers. These interviews focused on the most important factors driving security investment at their organizations and how security breach notification laws fit into that list. Often missing from the debate is that, regardless of the risk of identity theft and alleged consumer apathy towards notices, the simple fact of having to publicly notify causes organizations to implement stronger security standards that protect personal information. The interviews showed that security breaches drive information exchange among security professionals, causing them to engage in discussions about information security issues that may arise at their and others’ organizations. For example, we found that some CSOs summarize news reports from breaches at other organizations and circulate them to staff with “lessons learned” from each incident. In some cases, organizations have a “that could have been us” moment, and patch systems with similar vulnerabilities to the entity that had a breach. Breach notification laws have significantly contributed to heightened awareness of the importance of information security throughout all levels of a business organization and to development of a level of cooperation among different departments within an organization that resulted from the need to monitor data access for the purposes of detecting, investigating, and reporting breaches. CSOs reported that breach notification duties empowered them to implement new access controls, auditing measures, and encryption. Aside from the organization’s own efforts at complying with notification laws, reports of breaches at other organizations help information officers maintain that sense of awareness. Though security breach notification laws rarely top the list of security professionals’ priorities, organizations keenly understand that reputational harm may result from a breach. http://www.law.berkeley.edu/clinics/samuelson/cso_study.pdf EPIC writes: “The findings of the report are that breach notification laws raise awareness of the importance of information security; facilitate better cooperation among departments within organizations; and that as a result companies are requiring better security practices of their own suppliers or contractors. The study recommends the establishment of uniform standards for: public notice of security breaches; notification to a centralized organization in addition to customers; clarification and broadening technology safe harbor provisions; create a safe harbor period for notifications; and collection of more information on the type of notification trigger language that should be used. The Federal government has failed to enact legislation related to breach notification.”

TRESPASS, NUISANCE, AND SPAM: 11TH CENTURY COMMON LAW MEETS THE INTERNET (Communications of the ACM, 2007; by Robert J. Aalberts, Percy Poon, and Paul Thistle) - The English common law legal system has succeeded and thrived for over 900 years due to its functional and adaptive nature. This article will explore how the common law’s old but still practicable doctrines are being applied to problems on the Internet and where it will likely evolve. In particular, we will examine the viability of two common law actions— trespass to chattels and nuisance. http://www.brendablake.ca/arleigh/spamandcommonlaw.html

**** RECOMMENDED PODCASTS ****
TECH NATION INTERVIEW WITH JEFF TOOBIN (17 Oct 2007) - Dr. Moira Gunn speaks with Jeffrey Toobin about the Supreme Court Justices and how tech-savvy they are... or aren’t, as the case might be. http://itc.conversationsnetwork.org/shows/detail3393.html Please send along your own recommendations and I’ll include them in future MIRLN issues.

**** ART? ****
BIC PENS IN EBAY - CUSTOMERS’ REVIEWS - This is excellent - read ALL of the reviews. I’d guess that this is a collective, coordinated effort. It rises, I think, to art. http://www.amazon.co.uk/Bic-Crystal-ballpoint-medium-point/dp/customer-reviews/B000JTOYLS/ref=cm_cr_dp_all_recent/202-7085760-3565410?ie=UTF8&customer-reviews.sort%5Fby=-SubmissionDate&coliid=&showViewpoints=1&customer-reviews.start=1&colid=#customerReviews

Happy New Year!

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
8. McGuire Wood’s Technology & Business Articles of Note, http://tinyurl.com/ywsusp
9. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: