MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by http://www.knowconnect.com.
Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:email@example.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.
Recent MIRLN issues are archived at www.knowconnect.com/mirln.
**************End of Introductory Note***************
CLARIFICATIONS SOUGHT ON DATA MINING (FCW, 24 July 2008) - Clarification is needed for the definition of data mining and the rules governing it, civil libertarians and academics said today. Several experts at a Homeland Security Department conference on implementing privacy protections in government data mining expressed concerns that the meaning of data mining was misunderstood, or had not been fully explained, thus leading to confusion or potential violations of privacy rights. In the legislation that established DHS, Congress required the department to “establish and utilize…a secure communications and information technology infrastructure, including data mining and other advanced analytical tools, in order to access, receive and analyze data.” However, according to some experts, there’s confusion over what constitutes data mining, causing misperceptions. Some experts were worried that the lack of an agreed-upon definition and specific rules governing different types of data mining, including the use of commercial data, increases the risk of privacy violations. “What’s important here is that we not reflexively say that data mining is bad…but we need to have in place the rules of the road here…about when data can be collected, how it can be used,” said Barry Steinhardt, director of the Technology and Liberty Project at the American Civil Liberties Union. “We have not really had that discussion about what the rules of the road are.” In its 2007 annual report to Congress on the department’s data mining activities, DHS’ privacy office said that “it is important to note that no consensus exists on what constitutes ‘data mining.” http://www.fcw.com/online/news/153267-1.html
OUTSOURCE YOUR CHORES — AND FEEL GOOD WHILE YOU’RE AT IT (New York Times, 30 July 2008) - Ted Moorhouse wants you to outsource your next Excel mail merge or graphic design chore — and in the process give students in developing countries the chance to improve their lives. Mr. Moorhouse’s new project, Serebra Connect, is an auction site for services. Buyers post a task and sellers bid to complete the job. It’s a similar model to the popular freelance marketplace Elance — but with a feel-good twist. Most of the people bidding on the jobs are students in developing countries who have taken a course from the Serebra Learning Corporation, the e-learning company where Mr. Moorhouse is chairman and chief executive. He started Serebra Connect in October to help these students use their new skills. Sample tasks posted on the site: creating a logo for a dental practice, translating e-books from Arabic to English and building a Web site with Flash. The average price is $200. It is free to post or bid on a task. The buyer sends the payment to Serebra to hold until the task is completed. Serebra then takes a 10 percent to 15 percent cut and sends the money to the seller via PayPal or MasterCard’s Payoneer. Sellers on the site are rated on a five-star scale based on reviews from buyers as well as how many Serebra courses they have completed. Serebra Connect is still tiny. It has 6,500 sellers: 4,000 in developing countries and the rest from the United States, Canada and Europe. Only 65 tasks have so far been completed and 40 more are in the queue. When a Madison, Wis., company posted a PowerPoint project that would have cost $2,000 in Madison, a woman in the Philippines offered to do it for $200, 10 times her $22-a-month pay as a teacher. Serebra itself posted a task to the site when it needed a new logo, after getting a local quote of $7,500. Someone in Mozambique designed it for $200, and Serebra was so happy with the finished product that the company is continuing to work with the designer. http://bits.blogs.nytimes.com/2008/07/30/outsource-your-chores-and-feel-good-while-youre-at-it/
LAWYERS TO NAME DEFENDANTS IN AUTOADMIT CASE (Yale Daily News, 31 July 2008) - Anonymous commenting may have just gotten a little less anonymous. With the help of a subpoena issued six months ago, attorneys for two Yale Law School students have succeeded in unmasking several anonymous users of the Web forum AutoAdmit whom the women are suing for defamation. Some of the defendants will finally be named when the students soon file an amended complaint, said their attorney, Stanford Law Professor Mark Lemley, who declined to comment further. While this development does not break any new legal ground, several experts interviewed said, it is one of the few, and certainly one of the highest-profile, examples of defamation lawsuits that have successfully pierced the veil of online anonymity. In 2005, sexually explicit and derogatory posts targeting three female Yale Law students appeared on AutoAdmit, an online community where law students can discuss law-school admissions and law-firm life. Two of the students, who remain unnamed in the suit, filed against the 39 authors of the allegedly defamatory posts. Since a federal judge in New Haven granted subpoenas of Internet service providers last January, several of those comments have been successfully traced through their electronic footprints. One of those authors was “AK47,” who, in 2007, posted that women with one of the Yale Law students’ names “should be raped” and said that he and that student were “gay lovers.” John Williams, a court-appointed lawyer who represented AK-47, whom he has never met and whose identity he does not know, said he was disappointed by the judge’s decision to sustain the subpoena, which he said went beyond where any other court has gone. http://www.yaledailynews.com/articles/view/24842
COMPANIES STRUGGLE TO PROTECT DATA (PW World, 3 August 2008) - A staggering 94 percent of companies admit that they are powerless to prevent confidential data from leaving their company by e-mail, according to a new study from Mimecast. The survey was carried out by Emedia on behalf of the e-mail management provider, and interviewed 125 IT managers in the United Kingdom. It found that only 6 percent of respondents were confident that anyone attempting to send confidential information by e-mail out of the organization, would be prevented from doing so. The study also showed that 32 percent of companies would not even be aware that confidential information had been leaked, and therefore would be unable to take steps to minimize the damage or track down the source of the information. However 62 percent said they would be able to retrospectively identify the e-mail leak once the information had been sent, but they did confess to being unable to prevent its disclosure. http://www.pcworld.com/article/149327/2008/08/.html?tk=rss_news
WHAT HAVE THEY GOT AGAINST OWLS? (Nat’l Law Journal, 4 August 2008) - This might be the best part of the Department of Justice’s report of its probe into its improper hiring practices: Jan Williams, who preceded Monica Goodling as the White House liaison to the department, was asked about the LexisNexis search string she and possibly others used to plumb the political leanings of potential hires. Williams denied ever using the “search string” herself, but her handing-the-reins-over e-mail to Goodling said: “This is the lexis nexis search string that I use for AG appointments.” The string, which summarizes (neatly if depressingly) our recent political history, reads as follows: [first name of a candidate] and pre/2 [last name of a candidate] w/7 bush or gore or republican! or democrat! or charg! or accus! or criticiz! or blam! or defend! or iran contra or clinton or spotted owl or florida recount or sex! or controvers! or racis! or fraud! or investigat! or bankrupt! or layoff! or downsiz! or PNTR or NAFTA or outsourc! or indict! or enron or kerry or iraq or wmd! or arrest! or intox! or fired or sex! or racis! or intox! or slur! or arrest! or fired or controvers! or abortion! or gay! or homosexual! or gun! or firearm! The report concluded, among other things, that Goodling and Williams violated federal law, that Williams lied to investigators, and that Goodling committed misconduct. http://www.law.com/jsp/nlj/PubArticleNLJ.jsp?id=1202423465060 [Editor: a search-string as an attribute… BTW, I’d fail this one, and I don’t know owls from awl.]
2ND CIRCUIT BACKS CABLEVISION’S REMOTE RECORDER AGAINST PROGRAMMERS’ LAWSUIT (Law.com, 5 August 2008) - Cablevision’s proposed remote storage digital video recorder system does not violate the Copyright Act, a federal appeals court ruled Monday. The 2nd U.S. Circuit Court of Appeals overturned a grant of summary judgment to film and TV producers who claimed Cablevision’s system would directly infringe their copyrights by making unauthorized reproductions and by engaging in public performances. Judges John M. Walker Jr., Robert D. Sack and Debra Ann Livingston decided the appeal in The Cartoon Network v. CSC Holdings Inc., 07-1480-cv. Walker wrote for the court. Unlike TiVo and other digital video recorder systems that are run through boxes attached to televisions, Cablevision’s remote storage system, RS-DVR, would allow customers without a set-top box to record programming on hard drives maintained by the company at a remote location. Programming copyright holders sued in the Southern District of New York, where Judge Denny Chin granted them summary judgment and enjoined Cablevision from operating the system unless it obtained the necessary licenses from content providers. Chin agreed with the plaintiffs that Cablevision would commit direct infringement by copying at two points in the process -- first by briefly storing data on what is called a primary ingest buffer and, second, by sending the programs onto its Arroyo Server hard disks. The judge also agreed that by transmitting the data from the hard disks to customers, who are armed only with a remote, the company would directly infringe on the copyright holders’ exclusive right of public performance. But the circuit was persuaded there was no copying because of the short time the data reside in the buffers. “Given that the data reside in no buffer for more than 1.2 seconds before being automatically overwritten ... . we believe that the copyrighted works here are not ‘embodied’ in the buffers for a period of more than transitory duration, and therefore are not ‘fixed’ in the buffers,” he said. The circuit then turned to the question of whether the data stored on the Arroyo Server hard disks triggered direct liability for Cablevision, with the key question being who is actually making the copy -- Cablevision or the consumer. Walker cautioned that the court’s holding “does not generally permit content delivery networks to avoid all copyright liability by making copies of each item of its content and associating one unique copy with each subscriber to the network, or by giving their subscribers the capacity to make their own individual copies. http://www.law.com/jsp/article.jsp?id=1202423528890
- and -
NEW MAGAZINE-SHARING SITE MAY VIOLATE COPYRIGHTS (AP, 15 August 2008) - The magazine industry, already facing a decline in newsstand sales and falling ad revenue, is being besieged by a new foe: digital piracy. A fledgling Web site called Mygazines.com encourages people to copy and upload popular magazines that are currently on newsstands. Visitors can read high-quality digital copies of dozens of current titles, including People, Men’s Health and The Economist, in their entirety. The site, with some 16,000 registered users as of Friday, is a “flagrant” violation of copyright laws, according to legal experts — but it is run by an offshore company of specious origin, making it difficult to shut down. “It’s pretty hard to see how it’s anything other than a straightforward set of copyright violations,” said Jeffrey Cunard, an intellectual property lawyer with Debevoise & Plimpton LLP in Washington. “There are entire magazines with no commentary, no criticism — clearly not a case of classic fair use.” The Mygazines site said in a July 29 press release announcing its launch that its copies are no different from magazines shared in a doctor’s office or salon. Cunard rejected that argument because the site makes available copies of paid-for content — not the actual product. “The first-sale doctrine says that once I buy a physical copy of something, I can do whatever I want with it — except copy it,” he said. Several magazine publishers said they are aware of the site and are considering legal action. “We take our intellectual property seriously and are considering appropriate action on this matter,” The Economist said in an e-mail statement. Dawn Bridges, a spokeswoman for Time Warner Inc.’s Time division, said the publisher of People, Sports Illustrated and other titles is investigating its options, including ways to have the site shut down. The challenge for the magazine publishers is that Mygazines’s domain name is registered in the Caribbean island nation of Anguilla, which is a British overseas territory, and thus outside of the jurisdiction of U.S. copyright law. Publishers could have recourse if the company uses servers physically in the United States. They also could sue the company in U.S. courts because content is available to Americans, but they would not be able to force Mygazines representatives to show up — nor collect any damages for any ruling made in absentia. Repeated attempts to contact representatives of Mygazines.com went unanswered. Registration records show the domain name is owned by “John Smith” of Salveo Ltd., based in The Valley, Anguilla. The address listed is a post office box, and the phone number rang unanswered. Registration companies require that domain buyers use their actual names and contact information, but the submitted information is rarely checked. http://news.yahoo.com/s/ap/20080815/ap_on_hi_te/magazines_online_piracy Related CNET story discussion: “There is a hitch in the case against Mygazines, however. Mygazines is registered in the Caribbean island of Anguilla and hosted in Sweden, by the notorious PRQ. The Stockholm-based PRQ is owned by the founders of BitTorrent tracker site Pirate Bay and is known for hosting other dubious sites. With its domain name registered abroad and its servers beyond U.S. borders as well, Mygazines seems to have slipped around the jurisdiction of U.S. copyright law. Even though publishers could pursue legal action against the site for material available in the U.S., there’d be no way to get representatives for the company to court or to collect damages.” - http://news.cnet.com/8301-13578_3-10018462-38.html
WHO CAN YOU SUE? CLICK HERE (Time, 6 August 2008) - As if there weren’t enough people out there suing each other, now a Florida attorney has come up with a way to make the process even easier. Beginning next month, anyone with access to the Internet should be able to log onto WhoCanISue.com. The new website plans to help consumers determine whether they actually have a case and help them find an attorney from a list of lawyers who advertise their expertise on the website. The attorneys will pay an annual fee of $1,000 to appear on the site, plus an additional amount of their own choosing that will determine how prominently they appear in the listings on the site. The website will vet the attorneys to make sure they are in good standing with their state bar associations. Curtis A. Wolfe, formerly general counsel for Fort Lauderdale-based private equity firm Ener1 Group and the founder of WhoCanISue.com, plans to unveil the new website in September. But he will begin signing up attorneys to advertise on the site when the American Bar Association convenes it annual meeting in New York City on Thursday. Wolfe’s website is not the first of its kind. His most direct competition includes SueEasy.com and LegalMatch.com, among others. But Wolfe says his service — which is free to the consumer — differs from the others in that he will provide real-time access to attorneys. After consumers answer a set of general questions about their grievances, they will be given some guidance about whether they might have a case worth pursuing; if they do, they will be immediately put in touch with an interested attorney. http://www.time.com/time/nation/article/0,8599,1829725,00.html
THIRD CIRCUIT REVIVES BREACH OF CONTRACT CLAIMS IN DATA BREACH CASE (Steptoe & Johnson’s E-Commerce Law Week, 7 August 2008) - Another decision last month by the Third Circuit held that two banks that issued Visa credit cards to consumers whose card information was compromised by a data breach at BJ’s Wholesale Club can pursue breach of contract claims against Fifth Third Bank, which processed BJ’s Visa transactions. The court reversed a district court decision that the two issuing banks were not third-party beneficiaries of an agreement between Visa and Fifth Third that required Fifth Third to ensure that BJ’s not retain cardholder information. However, the court also held that the “economic loss rule” barred the issuing banks’ negligence claims. While the Third Circuit’s rulings on the breach of contract claims mark a win for Sovereign and the Pennsylvania State Employees Credit Union, they will likely do little to improve other plaintiffs’ odds of recovering in similar cases involving credit and debit card information. As the court noted, the Visa Operating Regulations have been amended since the BJ’s breach to explicitly preclude third-party beneficiary claims. This revision to the Operating Regulations led a federal court in Massachusetts to rule in 2007 that a putative class of Visa card issuers could not claim third party beneficiary status in a case arising from the breach of credit card information stored by retailer The TJX Companies, Inc. http://www.steptoe.com/publications-5463.html Third Circuit opinion here: http://www.ca3.uscourts.gov/opinarch/063392p.pdf
OHIO OFFICIAL SUES E-VOTING VENDOR FOR LOST VOTES (Computerworld, 8 August 2008) - Ohio Secretary of State Jennifer Brunner has filed a lawsuit against an electronic-voting machine vendor, saying the vendor should pay damages for dropped votes in the state’s March primary election. E-voting machines from Premier Election Solutions, formerly known as Diebold Election Systems, dropped hundreds of votes in 11 Ohio counties during the primary election, as the machine’s memory cards were uploaded to vote-counting servers, Brunner’s office said. Officials in Brunner’s office later discovered the dropped votes in other counties after voting officials in Butler County discovered about 150 dropped votes, said Jeff Ortega, Brunner’s assistant director of communications. Brunner’s lawsuit, filed in Franklin County Common Pleas Court in Ohio on Wednesday, is a counter claim to an earlier lawsuit filed by Premier. In May, Premier filed a lawsuit against Brunner’s office and Cuyahoga County, Ohio, seeking a judgment that Premier did not violate any contracts or warranties. Brunner’s lawsuit accuses Premier of not fulfilling its contracts with election officials. The lawsuit also alleges breach of warranty and fraud. Premier e-voting machines are used in half of Ohio’s 88 counties. Butler County officials discovered the dropped votes in post-election checks. That set off a statewide investigation, which found dropped votes in 11 other counties, according to information from Brunner’s office. Butler County officials sent letters to Premier on April 4 and 9, seeking an explanation for the dropped votes, and on May 16, Premier issued a report, suggesting human error or conflicts with antivirus software were to blame. Brunner and Butler County officials have suggested that the May report and a follow-up issued by Premier lacked evidence that antivirus software caused the problems. A Premier report on May 29 suggested counties disable antivirus software on vote-tabulation servers, but the servers had been certified in Ohio with the antivirus software installed, Brunner said. In December, Brunner’s office issued a report questioning the security of touch-screen e-voting machines like those sold by Premier. Machines from Premier and two other vendors had “critical security failures,” the report said. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9112041&source=rss_topic17
US WARNS OLYMPIC TRAVELLERS ABOUT ELECTRONIC ESPIONAGE (VUnet, 11 August 2008) - In a strongly worded warning, the US government advised people visiting Beijing for the start of the Olympic Games that they should trust no-one with their electronic devices. The National Counterintelligence Executive warning was issued on Thursday and warns that while government officials and senior business executives are most at risk, no-one should consider themselves too small a target. “Security services and criminals can track your movements using your mobile phone or PDA and can turn on the microphone in your device even when you think it’s off. To prevent this, remove the battery,” the warning reads. “Security services and criminals can also insert malicious software into your device through any connection they control.” Travellers are advised to not take electronic devices into the country unless absolutely necessary. They should also assume that their hard drive has been copied if the device is examined by customs or in their hotel room if it is searched. It also warns about the use of USB thumb drives in China, saying they may have malware installed on them. Travellers are also advised to change all passwords immediately on their return home. http://www.vnunet.com/vnunet/news/2223619/warns-olympic-travellers-us-china Warning here: http://www.ncix.gov/publications/reports/traveltips.pdf
COURT DISMISSES L’OREAL CLAIMS AGAINST EBAY (Reuters, 12 August 2008) - A Belgian court on Tuesday dismissed all of the claims of cosmetics maker L’Oreal brought against eBay over the sale of fake fragrances and cosmetic products on online auction sites, eBay said in a statement. L’Oreal started legal action in France, Belgium, Germany, Britain and Spain in September 2007, alleging the online auctioneer did not do enough to combat the sale of counterfeits. None of the other courts have ruled on the case yet. The Belgian court ruled that eBay was not obliged to take action to fight counterfeiting, but eBay spokeswoman Sravanthi Agrawal stressed that the company cooperated with rights owners to tackle the sale of fake goods. She added that the company clamped down on all cases of counterfeiting notified to it by the firms concerned, even though it did not have a legal obligation to do so. L’Oreal said in a statement it would appeal against the decision. http://uk.news.yahoo.com/rtrs/20080812/tot-uk-belgium-loreal-ebay-566e283.html
MINNESOTA COURT SAYS KEYWORD ADVERTISING IS TM USE IN COMMERCE--HYSITRON V. MTS (Eric Goldman blog, 11 August 2008) - Hysitron Inc. v. MTS Systems Corp., 2008 WL 3161969 (D. Minn. Aug. 1, 2008). In a brief and pedestrian opinion, another court outside the Second Circuit said that buying a trademarked keyword is “use in commerce” under the Lanham Act even if the trademark doesn’t appear in the ad copy. The court says: “This Court adopts the majority view that using a trademark to generate advertising constitutes a “use in commerce” under the Lanham Act. This approach adheres to the plain meaning of the Lanham Act’s definition of “use in commerce.” The language used in the definition suggests that a “use in commerce” is not limited to affixing another’s mark to one’s own goods but also encompasses any use of another’s mark to advertise or sell one’s own goods and services.” The court is right about the majority vote, but it’s hardly a strong majority. According to my count, the vote was 7-to-6 before this ruling. However, all 6 no votes are in the 2d Circuit, so geographically there is a stronger basis to characterize the rule as the majority rule. The court also denied the defense SJ motion because more discovery is required to determine consumer confusion. http://blog.ericgoldman.org/archives/2008/08/minnesota_court.htm
WEB PRIVACY ON THE RADAR IN CONGRESS (New York Times, 11 August 2008) - Here are some things Internet users can discover about Kiyoshi Martinez, a 24-year-old man from Mokena, Ill., from some of his recent posts online. He watched “The Colbert Report” on Tuesday night, he likes the musician Lenlow and he received bottles of olive oil and vinegar for his birthday. Mr. Martinez has Facebook and LinkedIn pages, a Twitter account and a Web site that includes his résumé. So it is surprising to learn that Mr. Martinez, an aide in the Illinois Senate, is also vigilant about his privacy online. “I’m pretty aware of the fact that anything you do on the Internet pretty much should just be considered public,” Mr. Martinez said. While he knows that companies are collecting his data and often tracking his online habits so they can show him more relevant ads, he said, he would like to see more transparency “about what the company intends to do with your data and your information.” Those same questions of data collection and privacy policies are attracting the attention of Congress, too. There is no broad privacy legislation governing advertising on the Internet. And even some in the government admit that they do not have a clear grasp of what companies are able to do with the wealth of data now available to them. http://www.nytimes.com/2008/08/11/technology/11privacy.html?_r=1&ref=technology&oref=slogin
AIR FORCE SUSPENDS ‘CYBER COMMAND’ PROGRAM (Information Week, 13 August 2008) - Putting on hold a major cyberwarfare initiative less than two months before it was scheduled to become operational, the Pentagon this week said it is delaying and reviewing the future of the Air Force’s controversial “Cyber Command” program. Provisionally created last year to coordinate and initiate the defense of U.S. military computer networks and to launch offensive attacks on enemy IT systems, the Cyber Command has been based at Barksdale Air Force Base in Louisiana. The command’s Web site says its mission is “To secure our nation by employing world-class cyberspace capabilities to control cyberspace, create integrated global effects, and deliver sovereign options.” The Army, Navy, and Air Force have been engaged in a tug-of-war over the leadership role in the U.S. military’s cyberwarfare initiatives. The Navy has created both the Network Warfare Command and the Space and Naval Warfare Systems Center to develop technology and policies for confronting adversaries in cyberspace. The Defense Advanced Research Projects Agency, or DARPA, has also announced plans to develop a “National Cyber Range,” a virtual network environment for cyberwar simulation. In March, the U.S. Department of Homeland Security hosted Cyber Storm II, a networking war game involving about 40 private-sector companies including Cisco, Juniper Networks, and Dow Chemical. The exercise came shortly after the Pentagon reported that China’s People’s Liberation Army was intent on expanding its capabilities for cyberwarfare. Reports from the Caucasus indicate that the Russian began its assault on neighboring Georgia with a cyberattack intended to disable the smaller country’s computer networks. http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=210003721&cid=RSSfeed_IWK_News
FREE LICENSES UPHELD (Lessig Blog, 13 August 2008) - So for non-lawgeeks, this won’t seem important. But trust me, this is huge. I am very proud to report today that the Court of Appeals for the Federal Circuit (THE “IP” court in the US) has upheld a free (ok, they call them “open source”) copyright license, explicitly pointing to the work of Creative Commons and others. (The specific license at issue was the Artistic License.) This is a very important victory, and I am very very happy that the Stanford Center for Internet and Society played a key role in securing it. In non-technical terms, the Court has held that free licenses such as the CC licenses set conditions (rather than covenants) on the use of copyrighted work. When you violate the condition, the license disappears, meaning you’re simply a copyright infringer. This is the theory of the GPL and all CC licenses. Put precisely, whether or not they are also contracts, they are copyright licenses which expire if you fail to abide by the terms of the license. Important clarity and certainty by a critically important US Court. http://lessig.org/blog/2008/08/huge_and_important_news_free_l.html and http://www.nytimes.com/2008/08/14/technology/14commons.html Opinion here: http://www.cafc.uscourts.gov/opinions/08-1001.pdf
COURT RULES SENDING EMAILS TO FORUM SATISFIES JURISDICTION TEST (BNA’s Internet Law News, 14 August 2008) - BNA’s Electronic Commerce & Law Report reports that an Idaho federal court has ruled that sending over 100 e-mails to individuals known to be located in Idaho is enough to satisfy the due process “purposeful availment” requirement for finding jurisdiction there. The court said that Idaho jurisdiction was proper over an individual accused of intentionally sending bulk e-mails to Idaho residents when the sender knew of the recipients’ location, and when the harm the recipients suffered was directly related to the e-mails. Case name is Melaleuca v. Hansen.
COURTS JUST CAN’T AGREE ON WHEN EMPLOYEE ACCESS TO COMPUTER IS “AUTHORIZED” UNDER CFAA (Steptoe & Johnson’s E-Commerce Law Week, 14 August 2008) - Courts continue to disagree over whether an employee violates the Computer Fraud and Abuse Act (CFAA) when he accesses a company computer with authorization but then steals information for some nefarious purpose. In Black & Decker (US), Inc. v. Smith, a federal court in Tennessee ruled that a disloyal employee who allegedly copied confidential Black & Decker (B&D) information before being terminated did not access this information “without authorization” or “exceed” his authorized access within the meaning of the CFAA, since he was permitted access to the information while employed. But, in Mintel International Group, Ltd. v. Neergheen, a federal court in Illinois held that an employee might have “exceeded authorized access” by sending confidential information from his workplace computer to his personal email address before leaving the company. http://www.steptoe.com/publications-5479.html
AT&T MULLS WATCHING YOU SURF (New York Times, 14 August 2008) - AT&T is “carefully considering” monitoring the Web-surfing activities of customers who use its Internet service, the company said in a letter in response to an inquiry from the House Committee on Energy and Commerce. While the company said it hadn’t tested such a system for monitoring display advertising viewing habits or committed to a particular technology, it expressed much more interest in the approach than the other big Internet providers who also responded to the committee’s letter. AT&T did however promise that if it does decide to start tracking its customers online, it will “do so the right way.” In particular, the advertising system will require customers to affirmatively agree to have their surfing monitored. This sort of “opt-in” approach is preferred by privacy experts to the “opt-out” method, practiced by most ad targeting companies today, which records the behavior of anyone who doesn’t explicitly ask to not to be tracked. http://bits.blogs.nytimes.com/2008/08/14/att-wants-to-watch-you-read-ads/
- and -
VERIZON: WE NEED FREEDOM TO DELAY P2P TRAFFIC WHEN NECESSARY (ArsTechnica, 21 August 2008) - There has “always been a requirement for network management,” said Verizon CTO Richard Lynch Tuesday at the Progress & Freedom Foundation’s annual Aspen conference on tech policy, even in the analog age. In the wake of the FCC’s recent Comcast decision, debates over “network management” have escaped the engineers’ offices and now take place even among skeptical consumers who worry about what such management will do to their Internet connections. Lynch laid out Verizon’s view on the matter: time-sensitive packets like VoIP should be prioritized over less-sensitive packets like P2P, but the company remains committed to “deliver any and all data requested by our customers.” Thanks to its fiber-to-the-home commitment, Verizon doesn’t face the same congestion issues that plague many cable operators. While current cable networks may share a single uplink between several hundred homes, Verizon’s fiber nodes serve an average of only 32 homes—and the uplink has more bandwidth to begin with. Verizon can currently offer 50Mbps symmetric connections, with 100Mbps connections already in trials, and it can add capacity on lit fiber simply by turning on additional wavelengths. But Lynch rejects the idea that the only acceptable form of network management is none at all—that is, that Verizon and other ISPs should all commit to delivering all packets, all the time, with zero delay. http://arstechnica.com/news.ars/post/20080821-verizon-we-need-freedom-to-delay-p2p-traffic-when-necessary.html
FEC ELATES STRANGE BEDFELLOWS WITH POLITICAL BLOGGING RULING (ArsTechnica, 15 August 2008) - The arch-conservative Heritage Foundation and a pro–Barack Obama blogger found common cause for celebration this week when the Federal Election Commission ruled that former Iowa Democratic Party Chairman Gordon Fischer, author of Iowa True Blue, is not subject to campaign finance restrictions, however partisan his posts. The FEC has repeatedly held that ordinary bloggers are subject to the “media exemption” that permits journalists and editorial writers to support or oppose candidates without tallying their expenses as campaign contributions. But late last year, Hillary Clinton supporter Kirk Tofte nevertheless filed a complaint against Fischer, arguing that his site was no longer a mere political blog, but a “direct arm of the Obama for President campaign.” The FEC rejected Tofte’s argument wholesale, noting that there was no hard evidence of coordination, but that even if there had been, Fischer’s speech would remain protected. Paid ads run by a campaign are still covered, of course, but it would be difficult to do online journalism if bloggers were barred from contacting campaigns or quoting their materials. http://arstechnica.com/news.ars/post/20080815-fec-elates-strange-bedfellows-with-political-blogging-ruling.html
SEC PROVIDES GUIDANCE REGARDING USE OF COMPANY WEBSITES TO DISCLOSE INFORMATION FOR INVESTORS (Duane Morris advisory, 15 August 2008) - The Securities and Exchange Commission (the “SEC”) has published an interpretive release, Commission Guidance on the Use of Company Web Sites, Release No. 34-58288 (the “Release”), providing guidance to companies and issuers of securities on the use of company websites to disclose information to investors. The Release, which became effective August 7, 2008, is intended to encourage companies to develop their websites in compliance with the federal securities laws so that such websites can serve as effective analytical tools for investors by being a vital source of information about a company’s business, financial condition and operations. The Release is intended to provide guidance to those companies that are utilizing websites to supplement their required SEC filings. Since the adoption of the Securities Act of 1933 and the Securities Exchange Act of 1934 (the “Exchange Act”), the foundation of securities regulation in the United States has rested upon timely disclosure of relevant information to investors and the securities markets. Historically, companies have disclosed information to investors and the markets by mailing reports to stockholders, filing periodic reports with the SEC and issuing press releases. As technology has advanced, the Internet, the SEC’s Electronic Data Gathering, Analysis and Retrieval (“EDGAR”) system, and electronic communications have modernized the disclosure system. More and more investors are turning to the Internet and company websites as their main source of information before making investment decisions. The Release provides guidance to companies posting information on their websites, including (1) when information posted on their website is considered “public” for purposes of the “fair disclosure” requirements of Regulation FD; (2) the application of the antifraud provisions of the federal securities laws to information posted on company websites; (3) the types of controls and procedures advisable with respect to posting information; and (4) the appropriate format of the information presented on the website. Full Duane Morris analysis here: http://www.duanemorris.com/alerts/alert2948.html; SEC Release here: http://www.sec.gov/rules/interp/2008/34-58288.pdf ; Earlier MIRLN post on the subject here: http://www.knowconnect.com/mirln/article/mirln_13_july_2_august_2008_v1110/]
WOMAN CAN SUE OVER YOUTUBE CLIP DE-POSTING (SF Gate, 20 August 2008) - In a victory for small-time music copiers over the entertainment industry, a federal judge ruled Wednesday that copyright holders can’t order one of their songs removed from the Web without first checking to see if the excerpt was so small and innocuous that it was legal. The ruling by U.S. District Judge Jeremy Fogel of San Jose was the first in the nation to require the owner of the rights to a creative work to consider whether an online copy was a “fair use” - a small or insignificant replication that couldn’t have affected the market for the original - before ordering the Web host to take it down. A 1998 federal law authorized copyright holders to issue takedown orders whenever they see an unauthorized version of their work on the Internet without having to sue and prove a case of infringement. Some advocates of Internet users’ rights - including the Electronic Frontier Foundation, which represented the individual user in this case - contend the procedure has been abused. The case dates from February 2007, when Stephanie Lenz, a writer and editor from Gallitzin, Pa., made a video of her 13-month-old son cavorting to Prince’s song “Let’s Go Crazy” and posted the 29-second clip on YouTube. Four months later, Universal Music Corp., which owns the rights to the song, ordered YouTube to remove the video and nearly 200 others involving Prince compositions. Lenz, exercising her rights under the same 1998 law, notified YouTube several weeks later that her video was legal and ordered it restored. YouTube complied after waiting two weeks, as required by law, to see whether Universal would sue Lenz for infringement. Lenz then sued Universal in Northern California, YouTube’s home district, for her costs, claiming the music company had acted in bad faith by ordering removal of a video that - she contended - was obviously a fair use of the song and had no commercial value. http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/08/20/BAU412FKRL.DTL Earlier MIRLN post on the subject here: http://www.knowconnect.com/mirln/article/mirln_13_july_2_august_2008_v1110/ ; Eric Goldman has an analysis of this case here: http://blog.ericgoldman.org/archives/2008/08/fair_use_its_th.htm
BAIDU CACHE OFFERS MORE EVIDENCE OF UNDERAGE CHINESE GYMNASTS (ArsTechnica, 20 August 2008) - One of the controversies that’s been swirling around the Chinese Olympic Games since they began is the age of several of China’s gymnasts. According to Chinese officials (and, of course, official passports and ID cards), both He Kexin and Jiang Yuyuan are 16, and therefore old enough to compete in the Olympic Games. Unfortunately for China, there’s a growing body of evidence pointing in the opposite direction, including online evidence a gumshoe hacker discovered lurking in the cache of Baidu, China’s equivalent of Google. If these allegations prove true, it would scarcely be the first time China has lied about the age of an athlete. In 2000—three years after the minimum qualifying age for Olympic Gymnastic competition was raised to 16—Chinese gymnast Yang Yun won a bronze medal for her performance on the uneven bars. Yang’s passport showed her as 16 years old at the time, but the gymnast herself later admitted on Chinese national television that she and her coaches had lied about her age, and that she had been just 14 at the time. There’s also evidence that Chinese gymnast Li Ya was just 13 when she competed at the World Championships in Anaheim back in 2003. A story that ran Beijing Evening News on December 2, 2007, reported that He Kexin was 13, while the New York Times turned up evidence in other Chinese papers that cited her age as 14, with a birth date of January 1, 1994. Currently, He’s passport lists her date of birth as January 1, 1992. Similarly, Jiang Yuyuan’s own national identification card lists her birth date as October 1, 1993. Now, new information gathered from Baidu’s cache further confirms these allegations. Over at Stryde Hax, the anonymous author describes his search for official information on He Kexin’s real birth date. Google, rather suspiciously, has been scrubbed clean—searching the engine’s cache reveals references to He Kexin, but He’s name and data have been removed. As for Baidu, the main search function returns only government-approved data—a spreadsheet that purports to show information on Kexin has also been deleted—but checking the engine’s cache proves that a copy of the document is still preserved. He Kexin’s age, as listed in the preserved copy of an official Chinese document? 14. http://arstechnica.com/news.ars/post/20080820-evidence-of-age-fraud-mounts-china-insists-gymnasts-are-16.html Washington Post calls it cheating and credits the caching discovery: http://www.washingtonpost.com/wp-dyn/content/article/2008/08/22/AR2008082201782.html?nav=rss_email/components
FRENCH HIGH COURT UPHOLDS MONITORING OF EMPLOYEE’S INTERNET USE (Steptoe & Johnson’s E-Commerce Law Week, 21 August 2008) - French workers recently lost their cherished right to work only 35 hours per week. And as a result of a recent ruling by France’s highest court, they may have to spend those hours actually working rather than playing solitaire online. Last month, the Cour de Cassation Chamber Sociale ruled that employers can monitor their employees’ workplace Internet use. Past rulings had suggested that an employer may not access information that an employee stored on his or her workplace computer and clearly marked as personal, unless the employee is present and consents to the search. However, in Franck L. v. Entreprise Martin, the court ruled that an employer may generally access an employee’s computer hard drive without the employee’s knowledge or presence for the purpose of monitoring the employee’s Internet use. The court reasoned that any websites accessed using a workplace computer during business hours are “presumed to be of a professional character,” and that employers may therefore review records of the employee’s Internet use without the employee present. Accordingly, it upheld defendant Entreprise Martin’s firing of former IT manager Franck L., who was let go after Entreprise Martin’s review of his web browsing revealed that he had spent large amounts of work time browsing non-work-related websites. http://www.steptoe.com/publications-5488.html
COURT SAYS EBAY IS A CRIMINAL ENTERPRISE. SERIOUSLY. (Steptoe & Johnson’s E-Commerce Law Week, 21 August 2008) - A federal court in California recently held that eBay’s allegedly false statements about the safety of its “Live Auction” service can support a claim against the company under section 1962(c) of the Racketeer Influenced and Corrupt Organizations Act (RICO), a statute originally designed to go after organized crime. Although the case involves a civil suit, the court’s ruling in Mazur v. eBay Inc. amounts to a remarkable statement that eBay’s description of its auction service constitutes criminal behavior. While the Federal Trade Commission has brought actions for “unfair” or “deceptive” acts in commerce against companies whose actual privacy practices did not live up to their stated policies, allowing RICO actions to be brought on the basis of similar misstatements is a giant leap -- and could have enormous negative ramifications for websites. http://www.steptoe.com/publications-5488.html Opinion here: http://www.steptoe.com/assets/attachments/3504.pdf
**** NOTED PODCASTS ****
CLOUD COMPUTING AND THE PRIVACY OF REMOTELY STORED INFORMATION (State of the Net West 2008; Santa Clara University podcast, 67 minutes; 11 August 2008) -- Panelists including SalesForce.com’s David Schellhase discuss the extant legal framework implicated by some cloud computing applications. File is named “Third Panel and Closing.MP3” and resides here: http://deimos.apple.com/WebObjects/Core.woa/Browse/scu.edu.1423301783.01423301792.1623272573?i=1912410655 Related 6 minute NPR broadcast on 21 August is here: http://www.npr.org/templates/story/story.php?storyId=93841182
DON’T TALK TO THE POLICE (Prof. James Duane, 31 May 2008; 27 minute video podcast) - recommended by Bruce Schneier: “This is an engaging and fascinating video presentation by Professor James Duane of the Regent University School of Law, explaining why -- in a criminal matter -- you should never, ever, ever talk to the police or any other government agent. It doesn’t matter if you’re guilty or innocent, if you have an alibi or not -- it isn’t possible for anything you say to help you, and it’s very possible that innocuous things you say will hurt you. Definitely worth half an hour of your time. http://video.google.com/videoplay?docid=-4097602514885833865 And this is a video of Virginia Beach Police Department Officer George Bruch, who basically says that Duane is right. http://video.google.com/videoplay?docid=6014022229458915912&q=&hl=en“. Editor: Entertaining; his demonstration is convincing, and he doesn’t even touch on the old “it’s the lie that’ll get you, especially with a federal agent.” His closing Justice Jackson quote is telling. The police officer’s presentation also is good.]
SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, firstname.lastname@example.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. BNA’s Internet Law News, http://ecommercecenter.bna.com.
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
7. McGuire Wood’s Technology & Business Articles of Note, http://tinyurl.com/ywsusp
8. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
9. Readers’ submissions, and the editor’s discoveries.
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.