Saturday, September 13, 2008

MIRLN 24 August – 13 September 2008 (v11.12)

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by http://www.knowconnect.com.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln.

**************End of Introductory Note***************

VA. PRIVACY ADVOCATE GETS PARTIAL WIN IN SSN POSTINGS CASE (AP, 22 August 2008) - A privacy advocate who challenged a Virginia law against posting Social Security numbers on the Internet won a partial victory Friday when a federal judge ruled her Internet postings are protected by the Constitution. U.S. District Judge Robert Payne ruled that the law barring such postings is unconstitutional as applied to B.J. Ostergren’s current and past Web site postings, but he stopped short of overturning the law. Payne said he would need further briefing on whether to issue a more far-reaching injunction concerning future postings of Social Security numbers by Ostergren or others. On her site, Ostergren has posted public documents — primarily land records — containing the Social Security numbers of prominent people and court officials. Her purpose is to demonstrate that government has failed to protect individuals’ privacy. She claimed in her lawsuit that government can’t publish the information and then punish citizens for distributing it. Payne agreed, saying Ostergren’s activities were protected by the First Amendment. “It is difficult to imagine a more archetypal instance of the press informing the public of government operations through government records than Ostergren’s posting of public records to demonstrate the lack of care being taken by the government to protect the private information of individuals,” Payne wrote. http://ap.google.com/article/ALeqM5jiGOcctpSb22Nw59ozzMFCW2hv7gD92NM65G0

- and -

JONES DAY SUES OVER WEBSITE POSTING ATTORNEY HOME PURCHASE INFO (ABA Journal, 11 Sept 2008) - Jones Day has sued a website that highlights lawyers—even posting their photos and linking to firm biographies—and other professionals who buy and sell their homes in Chicago, Las Vegas, St. Louis and South Florida. After two Jones Day associates were featured on the BlockShopper site, the Cleveland-based BigLaw firm sued, reports the National Law Journal in an article reprinted in New York Lawyer (reg. req.). It is alleging service mark infringement in the federal lawsuit, which was filed in U.S. District Court for the Northern District of Illinois and also asserts claims for federal false designation of origin and unfair business practices under the Illinois Uniform Deceptive Trade Practices Act, among other issues, the legal publication reports. The suit seeks an injunction, damages and attorney fees. After a Neal Gerber & Eisenberg associate’s home purchase was featured on BlockShopper, managing partner Jerry Biederman says, the law firm is looking into whether the posting violates privacy rights as well as intellectual property rights. http://www.abajournal.com/weekly/law_firm_sues_over_website_posting_attorney_home_purchase_info

- and -

SHEBOYGAN WOMEN FILES LANDMARK CASE OVER WEB LINKS (Milwaukee Journal, 23 August 2008) - Can a city stop people from posting a link to its Web site? That’s the question at the center of a federal lawsuit brought by a Sheboygan woman against the mayor and other officials there, in what appears to be a first-of-its-kind case, according to an Internet law expert. Jennifer Reisinger says the Sheboygan city attorney ordered her to remove from her Web site a link to the city’s police department, in what she believes was retaliation for her support of recalling Mayor Juan Perez, according to the suit filed last week. Bruce Boyden, an assistant law professor at Marquette University who specializes in Internet law and copyright, called the case novel. “If this goes all the way to trial and produces a decision, I believe this would be a first in United States,” he said. Boyden said some companies require other Web sites to get permission to link to them, but he knew of no companies, much less a government body, that have tried to enforce violations of that condition if the links didn’t infringe on a copyright or trademark. http://www.jsonline.com/story/index.aspx?id=786584

ABA ETHICS COMMITTEE ISSUES OPINION DETAILING LAWYER RESPONSIBILITIES WHEN OUTSOURCING LEGAL WORK DOMESTICALLY OR INTERNATIONALLY (ABA, 25 August 2008) - U.S. lawyers are free to outsource legal work, including to lawyers or nonlawyers outside the country, if they adhere to ethics rules requiring competence, supervision, protection of confidential information, reasonable fees and not assisting unauthorized practice of law. Those are the conclusions of the American Bar Association Standing Committee on Ethics and Professional Responsibility, which describes outsourcing as a salutary trend in a global economy. Many lawyers do outsource work, using lawyers or nonlawyers as independent contractors, hiring them directly or through intermediaries and on temporary or ongoing bases, says the committee. Outsourcing can reduce client costs and enable small firms to provide labor intensive services such as large, discovery intense litigation, even though the firms might not maintain sufficient ongoing staff to handle the work, according to a new ethics opinion issued today. Ethics Opinion 08-451 details ethics obligations of lawyers and firms that do elect to outsource legal work. http://www.abanet.org/abanet/media/release/news_release.cfm?releaseid=435 Opinion at http://www.abanet.org/cpr/08-451.pdf

RESEARCHER MINES BLOGS, SOCIAL NETWORKS TO ACCESS BANK ACCOUNTS (ComputerWorld, 25 August 2008) - A recent Google search of MySpace Inc.’s popular social networking site for several variations of terms describing a person’s maternal grandparents returned more than 11,000 search results. The search by security researcher and author Herbert Thompson illustrates the growing security threat posed by the massive amount of personal information posted on social networks, forums, blogs and other Web 2.0 destinations. Thompson sent the search results to Computerworld. Posting seemingly innocuous information -- like a mother’s maiden name or a pet’s name -- could help a crook access personal data stored by banks, financial services firms and other companies, Thompson said. Many companies typically ask for such information from clients to reset a password on an account, he noted. With her permission, Thompson accessed a friend’s bank account in an hour and a half after mining her personal blog personal for details like her birth date, birthplace, father’s middle name and pet’s name. He used the data to reset her e-mail password and gain access to an e-mail from her bank with instructions on how to reset her account password. Thompson said in an interview that cybercriminals are increasingly mining personal data splashed throughout the Web 2.0 world. He noted that the questions that banks have long used to reset or recover passwords were typically seen as difficult for thieves to answer. Now, however, the answers to the questions are often readily available to crooks because so many people are now blogging about their personal lives or are creating personal profiles that are rife with this type of information, he noted. As proof, Thompson pointed to the fact that thieves on underground forums typically charge 10 to 12 times more for stolen credit card numbers with the mother’s maiden name or a pet’s name of the owner than for the credit card alone. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9113405&source=NLT_AM&nlid=1 Scientific American article here: http://www.sciam.com/article.cfm?id=anatomy-of-a-social-hack

- and (older article) -

MAPPING COMPUTER TECHNIQUES TO THE REAL WORLD (NewSmart, 18 May 2008) - As a recent Times article describes, shopping plazas are now using cell-phone tracking technology to map shoppers’ activities and movement patterns. The “Path Intelligence” hardware used to track the movements works like this:
* A cell-phone-wielding shopper enters the shopping plaza.
* Path Intelligence monitors mounted throughout the plaza detect that a new mobile phone is in the vicinity and log its IMEI code.
* As the shopper moves around the mall, his or her movements are continuously triangulated by the multiple Path Intelligence units, allowing movements to be mapped and saved for later analysis.
The good news: it’s totally private, there isn’t any (automated) way to map a particular record in the Path Intelligence logs to an actual person. The resulting logs can be analyzed for shopping patterns (where people go after visiting a certain store, peak hours of traffic, most popular regions, etc.) later on, providing valuable intelligence and allowing for improvements.
The bad news: The Path Intelligence logs -- in-conjunction with other monitoring techniques such as cashier timestamps, credit card log, video surveillance, etc. -- can result in the identification of the persons associated with logged behavior in the system; posing a real and tangible privacy/Big Brother concern.
The weird news: Everything in the above scenario can be directly mapped to an exact counterpart in the current web-tracking solutions in use:
* Shopper - Visitor to a site
* Mall/Shopping Plaza - Website
* IMEI code - IP Address (unique, but not personally identifying on its own)
* Path Intelligence - One of the many web-statistics companies http://neosmart.net/blog/2008/mapping-computer-techniques-to-the-real-world/

DATA BREACHES HAVE SURPASSED LEVEL FOR ALL OF ‘07, REPORT FINDS (Washington Post, 26 August 2008) - More data breaches have been reported so far this year than in all of 2007, according to a report released yesterday by a nonprofit group that works to prevent fraud. Identity Theft Resource Center of San Diego found that 449 U.S. businesses, government agencies and universities have reported a loss or theft of consumer data this year. Last year, the center tallied 446 breaches involving 127 million consumer records. About 90 million of those records were attributed to a single retail chain, TJX, which operates T.J. Maxx stores. Officials said they do not know whether there have been more breaches this year or if there is better reporting of the incidents. So far this year, at least 22 million consumer records have been the target of data breaches, according to the report. But resource center founder Linda Foley cautioned that the true number of records affected is likely far higher, noting that in 41 percent of the cases the number of consumer records affected was not disclosed. What’s more, Foley said, many businesses are not reporting data breaches or are not aware of them. In addition, she said, a single breach report often involves data belonging to multiple businesses. http://www.washingtonpost.com/wp-dyn/content/article/2008/08/25/AR2008082502496.html

REPORT: RIAA WINS CASE OVER ERASED HARD DRIVE (CNET, 26 August 2008) - The recording industry appears to have won a closely watched copyright infringement case over charges of evidence tampering. Judge Neil Wake ruled on Monday that Jeffery Howell, a defendant in Atlantic v. Howell, had willfully and intentionally destroyed evidence related to his peer-to-peer activities after being notified of pending legal action by the RIAA, according to a Tuesday report by Ars Technica. Furthermore, since it was done in bad faith, it “therefore warrants appropriate sanctions,” the site reported. The RIAA sued Pamela and Jeffrey Howell for copyright infringement in 2006, claiming that the husband and wife had used Kazaa to make copyrighted files available for download. In a deposition, Jeffrey Howell admitted to loading the file-sharing software onto his computer. He said, however, that the songs listed in the complaint were for personal use and that he had not placed the files in the program’s shared folder. He said the recordings were copies made from CDs he owned placed on the computer for personal use, not copies downloaded from Kazaa. RIAA accused Howell of destroying evidence on four occasions after being served with the lawsuit, the site reported. RIAA experts found that Howell uninstalled Kazaa and reformatted his hard drive, Ars Technica reported. “Defendant’s intentional spoliation of computer evidence significantly prejudices plaintiffs because it puts the most relevant evidence of their claim permanently beyond their reach,” the RIAA reportedly argued. “The deliberate destruction...by itself, compels the conclusion that such evidence supported plaintiffs’ case.” http://news.cnet.com/8301-1023_3-10026694-93.html

BIGLAW FIRM RECRUITS ON FACEBOOK (ABA Journal, 26 August 2008) - Screen shot of firm’s Facebook page. Looking for a way to better promote itself to the next generation of lawyers, Curtis, Mallet-Prevost, Colt & Mosle has launched a Facebook page as part of its broader law school recruiting efforts. “We are pleased to be capitalizing on the popularity of the most widely used social networking site,” Nancy Delaney, a Curtis partner who is a member of the firm’s personnel committee, says in a release (PDF) about the page. “As a Firm, we recognized the power of this format of communication and the wide use being made of it by future lawyers.” As of this posting, the page had 32 fans. The page promotes the 178-year-old firm with historical information and the benefits of starting a career in New York. It also includes links to news, awards, policies and questions and answers about other office locations and on-campus schedules. On his LawSites blog, Robert Ambrogi posits that Curtis may be the first Am Law 200 firm to feature Facebook as a central recruiting tool. http://www.abajournal.com/weekly/biglaw_firm_recruits_on_facebook

PUBLIC, PRIVATE SECTORS AT ODDS OVER CYBER SECURITY (LA Times, 26 August 2008) - Three very big and very different computer security breaches that have dominated recent headlines did more than show how badly the Internet needs major repairs. They also exposed the huge rift between corporate America and the federal government over who should fix it, cyber-security experts say. In the last few months, law enforcement officials cracked an international ring that tapped customer databases and trafficked in tens of millions of credit card numbers; a researcher uncovered a major flaw that permits hackers to steer some Web surfers to fake versions of popular websites filled with malicious software; and computer assaults, which some researchers said they had traced back to Russia’s state-run telecommunications firms, crippled websites belonging to the country of Georgia. Yet the episodes did little to boost cyber security higher on the agendas of the federal government or the two major presidential candidates. “Nothing is happening,” said Jerry Dixon, the former director of the National Cyber Security Division at the Department of Homeland Security. “This has got to be in the top five national security priorities.” Dixon is just one of hundreds of technology executives and experts who have been saying for years that Washington needs to do much more to protect consumers, businesses and the government itself from attacks by criminal hackers and those supported by rival nations. The government has largely argued that the private sector is better suited to tackle the broader problem. But big corporations say it’s too big for them to handle. They say the Internet’s technical underpinnings, which are loosely administered by the Commerce Department, need a major overhaul to eliminate vulnerabilities. Why such a persistent disconnect? It’s partly because cyber security crosses so many lines in the executive branch. Homeland Security oversees protection of government networks, and the Federal Bureau of Investigation and Secret Service pursue cyber crimes. When those cases lead to other countries, the State Department must get involved. More important, most of the Internet’s infrastructure -- the big computers and data pipes through which our bits travel -- is in private hands. http://www.latimes.com/business/la-fi-security26-2008aug26,0,2021258.story

SPANNING THE GLOBE TO BRING YOU THE CONSTANT VARIETY OF ... DATA PROTECTION LAWS (Steptoe & Johnson’s E-Commerce Law Week, 28 August 2008) - New data protection requirements are being considered all over, including in Australia, Mexico, Turkey, South Korea, Peru, and Vietnam. The Australian Law Reform Commission has recommended several amendments to that country’s Privacy Act, including mandatory notification to individuals affected by data breaches that pose a “real risk of serious harm” and a reworking of the rules governing cross-border data flows. Meanwhile, Mexican lawmakers are drafting a data protection law based loosely on Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). The Turkish government is also reportedly ready to get on the data protection bandwagon, stating that it hopes to enact an EU-ready data protection law sometime this fall. And South Korea, Peru, and Vietnam have announced that they are considering data protection measures that would be consistent with privacy principles promoted by the Asia-Pacific Economic Cooperation forum. South Korea’s draft legislation would also require businesses to notify individuals whose personal data has been breached. If adopted, these data protection measures could cause headaches for international companies, which might be required to comply with different rules for the handling of personal information in the various countries where they do business. All these measures therefore bear close watching. http://www.steptoe.com/publications-5495.html

ANOTHER COURT PROTECTS ANONYMOUS SPEECH ONLINE (Steptoe & Johnson’s E-Commerce Law Week, 28 August 2008) - Many courts have held that plaintiffs must meet a heightened evidentiary standard before they can compel ISPs or others to identify someone who has posted allegedly illegal or tortious material online. But there has been disagreement over what the standard should be. In Quixtar Inc. v. Signature Management Team, LLC, another federal court called the “summary judgment standard” first articulated by the Delaware Supreme Court in Doe v. Cahill the “correct standard.” As we have previously reported, the Cahill standard requires plaintiffs to make out a prima facie case before courts will compel discovery of an anonymous individual’s identity. The Quixtar court ruled that persons challenging the unmasking of anonymous third-party bloggers should be given an opportunity to notify the bloggers, so that they can contest the discovery of their identities. The court also held that the bloggers could raise their objections under pseudonyms, and noted that it would assess any objections under the Cahill summary judgment standard. http://www.steptoe.com/publications-5495.html

MUCH ADO ABOUT TEXT SEARCHING (Law.com, 28 August 2008) - The biggest cost of litigation today is the cost of discovery. And the biggest cost of discovery is the cost of retrieving, reviewing and producing responsive documents stored electronically, while not producing those responsive documents that are privileged or contain work product. Since many cases involve amounts at issue that e-discovery costs could easily dwarf -- and since almost all cases settle -- the challenge is to select a search and review methodology that is rational and proportionate to the amount at issue and, most importantly, that will provide parties and counsel with reasonable assurance that they are meeting their discovery obligations and containing their costs. From the earliest stages of e-discovery, parties and counsel yearn for predictability. With the marketplace awash in e-discovery technology and service vendors, and with commentators and conferences daily promoting “cutting-edge” e-discovery strategies, surprisingly, fundamental issues relating to search methodology can be overlooked. Two recent decisions by Magistrate Judge John M. Facciola and Magistrate Judge Paul W. Grimm, knowledgeable and active jurists in the area of e-discovery, address these fundamentals. Facciola’s decision in Equity Analytics LLC v. Lundin, 248 F.R.D. 331 (D.D.C. 2008), and Grimm’s in Victor Stanley Inc. v. Creative Pipe Inc., No. MJG-06-2662, 2008 WL 2221841 (D. Md. May 29, 2008), teach that, whatever position lawyers advocate concerning search and review methodology, they must demonstrate with robust record evidence why the methodology is appropriate, how it will achieve the proper objective and why it should be ordered instead of the methodology advocated by the other side. http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202424101819&rss=newswire

SETTLEMENT OVER TARGET’S WEB SITE MARKS A WIN FOR ADA PLAINTIFFS (Law.com, 28 August 2008) - Resolving a lawsuit that caught the attention of online retailers across the United States, Target Corp. will pay out $6 million in damages and make its Web site fully accessible to blind customers as part of a class action settlement filed on Wednesday. The National Federation of the Blind, which sued the Minneapolis-based corporation in 2006 in San Francisco federal court for maintaining a site that blind people said they couldn’t use, will also be paid to oversee the changes and train the coders responsible for reprogramming the site. The case will “send a message to the entire Internet industry that access for people with disabilities is not only good business sense but an absolutely legal civil right; it’s mandatory,” said Laurence Paradis, a lawyer at Berkeley, Calif.-based Disability Rights Advocates who worked on the case. Target released a statement saying it was “pleased to have resolved the matter” and has made changes to its Web site “to improve the experience for guests who require assistive technology.” Stanley Jaskiewicz, a Philadelphia-based e-commerce attorney who has written about the Target case, said the suit has been on the business world’s radar since 2006 and that Wednesday’s settlement will send a signal. http://www.law.com/jsp/article.jsp?id=1202424114568&rss=newswire

LINES AND BUBBLES AND BARS, OH MY! NEW WAYS TO SIFT DATA (Int’l Herald Tribune, 31 August 2008) - People share their videos on YouTube and their photos at Flickr. Now they can share more technical types of displays: graphs, charts and other visuals they create to help them analyze data buried in spreadsheets, tables or text. At an experimental Web site, Many Eyes, (www.many-eyes.com), users can upload the data they want to visualize, then try sophisticated tools to generate interactive displays. These might range from maps of relationships in the New Testament to a display of the comparative frequency of words used in speeches by Senators Hillary Rodham Clinton and Barack Obama. The site was created by scientists at the Watson Research Center of IBM in Cambridge, Massachusetts, to help people publish and discuss graphics in a group. Those who register at the site can comment on one another’s work, perhaps visualizing the same information with different tools and discovering unexpected patterns in the data. Collaboration like this can be an effective way to spur insight, said Pat Hanrahan, a professor of computer science at Stanford whose research includes scientific visualization. “When analyzing information, no single person knows it all,” he said. “When you have a group look at data, you protect against bias. You get more perspectives, and this can lead to more reliable decisions.” http://www.iht.com/articles/2008/08/31/technology/31novel.php

MAN WHO POSTED UNRELEASED GUNS N’ ROSES SONGS ONLINE IS CHARGED (SiliconValley.com, 1 Sept 2008) - When five FBI agents arrested Kevin Cogill at his Culver City apartment, it marked the newest weapon in the entertainment industry’s war on piracy: felony charges against small-time bootleggers. Cogill posted nine leaked songs from an unreleased Guns N’ Roses album that has been in the works for more than a decade on his music blog in June. The site crashed under the traffic, and he removed the songs after a few hours when the Los Angeles-based rock band’s lawyers complained. Now he faces up to three years in prison and $250,000 in fines. Last week he became the first Californian charged under a 3-year-old federal anti-piracy law that makes it a felony to distribute a copyrighted work on computer networks before its release. “In the past, these may have been viewed as victimless crimes,” said Craig Missakian, an assistant U.S. attorney in Los Angeles who built the case with the FBI and recording industry investigators. “But in reality, there’s significant damage. This law allows us to prosecute these cases.” http://www.siliconvalley.com/news/ci_10358404?nclick_check=1

ABA SAYS RIAA FILE SHARING WATCHERS SHOULDN’T NEED PRIVATE INVESTIGATORS’ LICENSES (TechDirt, 28 August 2008) - We’ve seen a few cases against the RIAA in which either state officials or defendants will point out that the RIAA’s hired hands in tracking down file sharers -- companies like MediaSentry -- are violating state laws requiring private investigators’ licenses for certain activities. Now, the American Bar Association (ABA) has put out a report suggesting that this is silly, and that states and judges shouldn’t require such companies to have a PI’s license. While I’m a bit surprised at myself, I actually agree with the ABA. As distasteful as the RIAA’s legal strategy is, and as flimsy as the evidence is that these company’s collect, going after them for not having a PI’s license is focusing on a loophole, not the actual merits. And, honestly, most of these requirements for PI licenses are really just a way to create artificial scarcity in the PI business, not actually a way to ensure safety or quality. http://techdirt.com/articles/20080827/2143312115.shtml Related Wired story: http://blog.wired.com/27bstroke6/2008/08/do-riaa-snoops.html ABA report: http://blog.wired.com/27bstroke6/files/aba_report_and_resolution.pdf

- but -

MICHIGAN LAW PASSED REQUIRING MEDIASENTRY TO HAVE PI LICENSE (ArsTechnica, 5 Sept 2008) - The RIAA’s campaign against filesharers follows a standard procedure: find a computer offering files for download, get a court to force the ISP or organization that provided the computer’s IP address to reveal the computer’s owner, and then sue the owner. The group has contracted with MediaSentry to do the work of identifying the infringing computers, but that company’s methods have been called into question in a number of states that have licensing requirements for private investigators that include the computer-based snooping required to gather the data. Michigan was one such state and, if there was any doubt about the licensing issue there, it’s gone now: the state passed a law that specifically calls for computer forensics groups to be licensed. To an extent, the law is somewhat redundant. Michigan’s Department of Labor and Economic Growth is responsible for licensing private investigators and, in February, it determined that the company was acting as an unlicensed private investigator. The Department recommended that the anonymous state resident that filed the complaint contact his local prosecutor if he/she wanted to press the matter. Despite this ominous warning flag, the RIAA’s lawsuits in the state have continued apace. But, if MediaSentry felt it could successfully challenge the Department of Labor’s decision if called on it, its chances of doing so dropped precipitously. In May, with no one in the press apparently noticing, Michigan enacted a revision to its licensing requirements, entitled “An act to license and regulate professional investigators.” A reader of Recording Industry vs The People apparently did notice, and tipped off the blog; a copy of the legislation is being hosted by intellectual property attorney Ray Beckerman. http://arstechnica.com/news.ars/post/20080905-michigan-law-passed-requiring-mediasentry-to-have-pi-license.html Statute here: http://beckermanlegal.com/Documents/MichiganStatute_080528.pdf

WASHINGTON STATE COURT DEALS A BLOW TO ONE-SIDED EULAS (Ars Technica, 1 Sept 2008) - Anyone who has even a cursory familiarity with modern technology is undoubtedly familiar with one-sided terms of service agreements. Everything from bank accounts to phone service now requires consumers to accept that any contract disputes will be handled on the service provider’s terms, which typically specify arbitration in a venue of the corporation’s choosing. But the Supreme Court of Washington has now provided consumers in that state with some relief, ruling that the state’s Consumer Protection Act makes lopsided service agreements void. The case started when one Michael McKee signed up for AT&T long distance service in 2002. Although McKee lives outside of the city of Wenatchee, he wound up being assessed a monthly utility tax specific to that city. McKee was finally able to determine that the company assessed these taxes based on ZIP codes, regardless of whether the ZIP fell entirely within the city limits. He responded by filing a class-action lawsuit; AT&T responded by attempting to compel binding arbitration, per its customer service agreement. The appeals ultimately made their way to the Washington Supreme Court. That court has now returned a unanimous ruling that reaffirms the decisions of lower courts: AT&T’s service terms are, in legal terms, “unconscionable,” meaning that no reasonable individual would have agreed to them had he or she realized their full scope. The specific issues, however, only apply to Washington State. The ruling was based in part on which state laws apply. AT&T’s contract stipulated New York, where it is incorporated, while McKee alleged violations of Washington’s robust consumer-protection laws. http://arstechnica.com/news.ars/post/20080901-washington-court-deals-a-blow-to-unconscionable-eulas.html Decision here: http://www.courts.wa.gov/opinions/pdf/810061.opn.pdf

APPEALS COURT SMACKS DOWN JUDGE FOR RELYING ON WIKIPEDIA (ArsTechnica, 2 Sept 2008) - References to information at Wikipedia have shown up in various inappropriate places, from homework assignments to college term papers. But there’s one place that it seems everyone can agree that it doesn’t belong: the US court system. The US Court of Appeals for the 8th Circuit, ruling in an immigration case, has agreed with the Board of Immigration Appeals in finding that a reliance on information in Wikipedia is insufficient grounds for a ruling. Nevertheless, it sent the case back to the Board, requesting that it clarify its decision. The decision, filed late last week, stems from a case where an individual entered the country using a forged passport, and then applied for asylum based on the threat of torture if she were returned to her place of origin. Her application for asylum, and the processing of her case by the immigration courts, hinge on a personal identification document called a laissez-passer issued by the Ethiopian government. The Department of Homeland Security, wishing to deny the asylum claim, argued that the laissez-passer was insufficient as a form of identification. Excerpts from Wikipedia apparently provided at least some of the information used by the DHS position to support its position. An immigration judge ruled in favor of the DHS, finding that the individual, Lamilem Badasa, had not established her identity, and could not be granted asylum. http://arstechnica.com/news.ars/post/20080902-appeals-court-smacks-down-judge-for-relying-on-wikipedia.html

LAW FIRM WEBSITES LAG: SPEND MORE, BUT THINK FIRST, EXPERTS SAY (ABA Journal, 4 Sept 2008) - Although law firms are far more focused on the Internet than they were a few years ago, experts say many still have a lot to learn about marketing themselves online, and that their websites could use improvement. Some law firms, for instance, feature streaming video, podcasts, RSS feeds and law blogs on their websites as a matter of course. But a surprising number of major players don’t, lagging considerably behind the marketing efforts of their corporate counterparts, reports the Am Law Daily. And it’s not just the medium but the message that often presents a problem: “Most law firm sites are like law firm brochures—they’re all about the law firm, they’re not very client-sensitive,” says Charles “Biff” Maddock of the Altman Weil legal consulting firm. “In most cases, they’re pretty boring. And they really don’t give you a reason to come back over and over again.” Part of the issue may be the money involved. Forget about expecting to spend a mere $50,000 to create an appealing law firm website, Jeff Yerkey, a founding partner at Charette Communication Design tells Am Law. A reasonable price range is $80,000 to $1 million, depending on the size of the firm and the scope of its marketing efforts, he says. But Stephen Roussan, president of the Web development firm ICVM, puts the price tag at a more modest $10,000 to $200,000. He says that the first step, before spending a lot of money, should be figuring out what message the firm is trying to convey. Otherwise, the firm runs the risk of winding up with an expensive, visually impressive site that looks much like other such sites. “The single most important exercise,” he says, “is to have an introspective discussion about what your firm is about and what makes your firm different from other firms, and really present that as part of your brand.” http://www.abajournal.com/weekly/law_firm_websites_lag_spend_more_but_think_first_experts_say [Editor: Amen to the brand-analysis recommendations. I profited from that at KnowConnect, and highly recommend the process (if you can find creative, law-oriented professionals to help, as I did).]

BRINGING HISTORY ONLINE, ONE NEWSPAPER AT A TIME (Google, 8 Sept 2008) - For more than 200 years, matters of local and national significance have been conveyed in newsprint -- from revolutions and politics to fashion to local weather or high school football scores. Around the globe, we estimate that there are billions of news pages containing every story ever written. And it’s our goal to help readers find all of them, from the smallest local weekly paper up to the largest national daily. The problem is that most of these newspapers are not available online. We want to change that. Today, we’re launching an initiative to make more old newspapers accessible and searchable online by partnering with newspaper publishers to digitize millions of pages of news archives. Let’s say you want to learn more about the landing on the Moon. Try a search for [Americans walk on moon] on Google News Archive Search, and you’ll be able to find and read an original article from a 1969 edition of the Pittsburgh Post-Gazette. Not only will you be able to search these newspapers, you’ll also be able to browse through them exactly as they were printed -- photographs, headlines, articles, advertisements and all. This effort expands on the contributions of others who’ve already begun digitizing historical newspapers. In 2006, we started working with publications like the New York Times and the Washington Post to index existing digital archives and make them searchable via the Google News Archive. Now, this effort will enable us to help you find an even greater range of material from newspapers large and small, in conjunction with partners such as ProQuest and Heritage, who’ve joined in this initiative. One of our partners, the Quebec Chronicle-Telegraph, is actually the oldest newspaper in North America—history buffs, take note: it has been publishing continuously for more than 244 years. You’ll be able to explore this historical treasure trove by searching the Google News Archive or by using the timeline feature after searching Google News. Not every search will trigger this new content, but you can start by trying queries like [Nixon space shuttle] or [Titanic located]. Stories we’ve scanned under this initiative will appear alongside already-digitized material from publications like the New York Times as well as from archive aggregators, and are marked “Google News Archive.” Over time, as we scan more articles and our index grows, we’ll also start blending these archives into our main search results so that when you search Google.com, you’ll be searching the full text of these newspapers as well. This effort is just the beginning. As we work with more and more publishers, we’ll move closer towards our goal of making those billions of pages of newsprint from around the world searchable, discoverable, and accessible online. http://googleblog.blogspot.com/2008/09/bringing-history-online-one-newspaper.html

- and -

TRIBUNE BLAMES GOOGLE FOR UAL BANKRUPTCY STORY (Washington Post, 10 Sept 2008) - Tribune Co on Wednesday blamed technology owned by search engine company Google Inc for treating an outdated story about UAL Corp’s bankruptcy as current, breaking news. Tribune said in a press release it had identified problems with Google’s “Googlebot” technology months ago and asked the company to stop using it to “crawl” for stories on its website. The Chicago-based publisher said it believes Google continued using the technology to identify stories and make them available as search results on its Google News site, and that Google continues to misclassify stories. A 2002 Chicago Tribune story about the airline UAL declaring bankruptcy caused the company’s stock to lose nearly all of its value after an investment firm posted it on the Bloomberg financial news service on Monday. The story appeared over the weekend on an inner page of the website of Tribune’s South Florida Sun-Sentinel newspaper in Fort Lauderdale. Google News then featured it in its search results, where it was discovered by Miami Lakes, Florida,-based investment firm Income Securities Advisers. http://www.washingtonpost.com/wp-dyn/content/article/2008/09/10/AR2008091003087.html

FEDS FINALLY PUT TEETH INTO HIPAA ENFORCEMENT (Computerworld, 8 Sept 2008) - A data security audit that the U.S. Department of Health and Human Services conducted at Piedmont Hospital in Atlanta last year was widely viewed within the health care industry as a harbinger of further actions by the federal government to enforce HIPAA’s security and privacy rules. Eighteen months after HHS quietly began the Piedmont audit, there hasn’t been much evidence of stepped-up enforcement. But now a stringent “resolution agreement” signed in July by the agency and Seattle-based Providence Health & Services is generating the same kind of buzz among health care providers that the Piedmont audit did. On July 15, Providence agreed to adopt a so-called corrective action plan (CAP) and pay $100,000 to settle what HHS described as “potential violations” of the Health Insurance Portability and Accountability Act’s requirements for safeguarding electronic patient data. The resolution agreement — the first of its kind under HIPAA — stemmed from the loss or theft of laptops, optical discs and backup tapes containing the unencrypted medical records of more than 386,000 Providence patients. On several occasions in 2005 and 2006, equipment was reported missing after workers took it out of the office with them. Under the CAP, Providence has to revamp its security policies to include physical protections for portable devices and for the off-site transport and storage of backup media. It also is required to implement technical safeguards, such as encryption and password protection. And the not-for-profit health system, which has operations in five western states, must conduct random compliance audits and submit compliance reports to HHS for the next three years. In addition, the agreement calls for Providence’s chief information security officer to personally validate that all required policies have been put in place and that all employees have been trained on adhering to them. The CISO also has to attest that all backup media and portable devices containing health information protected by HIPAA are properly secured. Significantly, the CAP precludes Providence Health from contesting the validity of or appealing any of its obligations under the agreement. The settlement is getting considerable attention within the health care industry because of the tough terms and conditions that the deal imposed on the provider. http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=Security&articleId=325376&taxonomyId=17&pageNumber=1 Provident CAP here: http://www.dhhs.gov/ocr/privacy/enforcement/agreement.pdf

MARK USE IN META TAGS, HIDDEN ON WEB SITE IS ‘WILLFUL’ MISUSE VIOLATING LANHAM ACT (BNA’s Internet Law News, 11 Sept 2008) - BNA’s Electronic Commerce & Law Report reports that the First Circuit Court of Appeals has ruled that an online business that used a competitor’s trademark in its Web site meta tags and elsewhere hidden on the Web page content “willfully” infringed the mark under the Lanham Act. Case name is Venture Tape Corp. v. McGills Glass Warehouse.

NEW COURT DECISION AFFIRMS THAT 4TH AMENDMENT PROTECTS LOCATION INFORMATION (EFF, 11 Sept 2008) - In an unprecedented victory for cell phone privacy, a federal court has affirmed that cell phone location information stored by a mobile phone provider is protected by the Fourth Amendment and that the government must obtain a warrant based on probable cause before seizing such records. The Department of Justice (DOJ) had asked the federal court in the Western District of Pennsylvania to overturn a magistrate judge’s decision requiring the government to obtain a warrant for stored location data, arguing that the government could obtain such information without probable cause. The Electronic Frontier Foundation (EFF), at the invitation of the court, filed a friend-of-the-court brief opposing the government’s appeal and arguing that the magistrate was correct to require a warrant. Wednesday, the court agreed with EFF and issued an order affirming the magistrate’s decision. EFF has successfully argued before other courts that the government needs a warrant before it can track a cell phone’s location in real-time. However, this is the first known case where a court has found that the government must also obtain a warrant when obtaining stored records about a cell phone’s location from the mobile phone provider. http://www.eff.org/press/archives/2008/09/11

ONE IN FIVE BOSSES SCREEN APPLICANTS’ WEB LIVES (Washington Post, 11 Sept 2008) - Written references could become old hat for hiring managers with one in five saying they use social networking sites to research job candidates -- and a third of them dismissing the candidate after what they discover. A survey by online job site CareerBuilder.com of 3,169 hiring managers found 22 percent of them screened potential staff via social networking profiles, up from 11 percent in 2006. An additional nine percent said they don’t currently use social networking sites like Facebook or MySpace to screen potential employees but they do plan to start. The survey found that 34 percent of the managers who do screen candidates on the Internet found content that made them drop the candidate from any short list. The top area for concern among the hiring managers with 41 percent citing this as a downfall were candidates posting information about drinking or using drugs. The second area with 40 percent of concern were candidates posting provocative or inappropriate photographs or information. Other areas of concern to arise from social network sites were poor communication skills, lying about qualifications, candidates using discriminatory remarks related to race, gender or religion, and an unprofessional screen name. But the survey found hiring managers scouring social network pages was not all bad with 24 percent of these managers saying they found content to help them solidify their decision to hire that candidate. http://www.washingtonpost.com/wp-dyn/content/article/2008/09/11/AR2008091101374.html

U.N. AGENCY EYES CURBS ON INTERNET ANONYMITY (CNET, 12 Sept 2008) - A United Nations agency is quietly drafting technical standards, proposed by the Chinese government, to define methods of tracing the original source of Internet communications and potentially curbing the ability of users to remain anonymous. The U.S. National Security Agency is also participating in the “IP Traceback” drafting group, named Q6/17, which is meeting next week in Geneva to work on the traceback proposal. Members of Q6/17 have declined to release key documents, and meetings are closed to the public. The potential for eroding Internet users’ right to remain anonymous, which is protected by law in the United States and recognized in international law by groups such as the Council of Europe, has alarmed some technologists and privacy advocates. Also affected may be services such as the Tor anonymizing network. “What’s distressing is that it doesn’t appear that there’s been any real consideration of how this type of capability could be misused,” said Marc Rotenberg, director of the Electronic Privacy Information Center in Washington, D.C. “That’s really a human rights concern.” Nearly everyone agrees that there are, at least in some circumstances, legitimate security reasons to uncover the source of Internet communications. The most common justification for tracebacks is to counter distributed denial of service, or DDoS, attacks. But implementation details are important, and governments participating in the process -- organized by the International Telecommunication Union, a U.N. agency -- may have their own agendas. A document submitted by China this spring and obtained by CNET News said the “IP traceback mechanism is required to be adapted to various network environments, such as different addressing (IPv4 and IPv6), different access methods (wire and wireless) and different access technologies (ADSL, cable, Ethernet) and etc.” It adds: “To ensure traceability, essential information of the originator should be logged.” Adding to speculation about where the U.N. agency is heading are indications that some members would like to curb Internet anonymity more broadly:
• An ITU network security meeting a few years ago concluded that anonymity should not be permitted. The summary said: “Anonymity was considered as an important problem on the Internet (may lead to criminality). Privacy is required but we should make sure that it is provided by pseudonymity rather than anonymity.”
• A presentation in July from Korea’s Heung-youl Youm said that groups such as the IETF should be “required to develop standards or guidelines” that could “facilitate tracing the source of an attacker including IP-level traceback, application-level traceback, user-level traceback.” Another Korean proposal -- which has not been made public -- says all Internet providers “should have procedures to assist in the lawful traceback of security incidents.”
• An early ITU proposal from RAD Data Communications in Israel said: “Traceability means that all future networks should enable source trace-back, while accountability signifies the responsibility of account providers to demand some reasonable form of identification before granting access to network resources (similar to what banks do before opening a bank accounts).” http://news.cnet.com/8301-13578_3-10040152-38.html

VA. BAN ON SPAM IS RULED UNLAWFUL (Washington Post, 13 Sept 2008) - The Virginia Supreme Court yesterday ruled that the state’s anti-spam law, designed to prevent the sending of masses of unwanted e-mail, violates the First Amendment right to freedom of speech. Virginia Attorney General Robert F. McDonnell (R) promptly said he would appeal the case to the U.S. Supreme Court. The law was one of the first enacted in the United States to stem the overwhelming tide of unwanted e-mail. The 2004 trial in Loudoun County of mass e-mailer Jeremy Jaynes resulted in the first felony conviction in the country for spamming. But the state Supreme Court said the law doesn’t make any distinction between types of e-mail or types of speech, and so it was unconstitutional. The ruling came on an appeal of Jaynes’s conviction. Jaynes had sent the mass e-mails anonymously by using false Internet addresses, and the court said that speech is also protected by the First Amendment. Justice G. Steven Agee, who has since moved to the U.S. Court of Appeals for the 4th Circuit, wrote the unanimous opinion for the court. “The right to engage in anonymous speech, particularly anonymous political or religious speech, is ‘an aspect of the freedom of speech protected by the First Amendment,’ “ Agee wrote, citing a 1995 U.S. Supreme Court case. “By prohibiting false routing information in the dissemination of e-mails,” the court ruled, Virginia’s anti-spam law “infringes on that protected right.” Agee noted that “were the ‘Federalist Papers’ just being published today via e-mail, that transmission by ‘Publius’ would violate the [Virginia] statute.” The court determined that the law does not limit its restrictions on spam to commercial or fraudulent e-mail or to such unprotected speech as obscenity or defamation. Many other states and the federal government drafted anti-spam laws after Virginia, but often specifically restricted the regulations to commercial e-mails, the court found. The ruling affects only the Virginia statute. http://www.washingtonpost.com/wp-dyn/content/article/2008/09/12/AR2008091201211.html?nav=rss_technology Opinion here: http://www.courts.state.va.us/opinions/opnscvwp/1062388.pdf

**** NOTED PODCASTS ****
LAWRENCE LESSIG - CODING AGAINST CORRUPTION (IT Conversations) - Government corruption affects all aspects of society. At the 2008 O’Reilly ETech Conference, Lawrence Lessig discusses government corruption, especially in the United States Congress. What does government get right, wrong, and where does dependence compromise effective government? Also, Lessig announces a new project designed to signal congress’ support for reform, called Change Congress. http://itc.conversationsnetwork.org/shows/detail3772.html

**** RESOURCES ****
U.S. ARMY FIELD MANUAL SECTION ON KNOWLEDGE MANAGEMENT (DoD, 30 August 2008) - This manual [FM 6.01-1] provides doctrine for the organization and operations of the knowledge management (KM) section. It establishes the doctrinal principles, tactics, techniques, and procedures necessary to effectively integrate KM into the operations of brigades, divisions, and corps. http://www.fas.org/irp/doddir/army/fm6-01-1.pdf

**** BOOK REVIEW ****
IN-HOUSE COUNSEL’S ESSENTIAL TOOLKIT (ABA press) – This boxed set of seven paperback volumes (and accompanying CD-ROM with forms and policies) is a terrific desk reference for the in-house practitioner. (I had such a job for 20 years.) Produced by the Corporate Counsel committee in the ABA’s Business Law Section, this 2007 publication is a practical guide for in-house counsel in small to medium-sized law departments, covering matters that frequently arise. The toolkit is divided into individual volumes addressing:
* Training outside counsel
* Litigation
* IP
* Employment law
* Corporate compliance and ethics
* Corporate governance
* General business contracts
Each volume contains introductory discussion, annotated form agreements and policies, alternative provisions, and practice tips. Available through the ABA Web Store at http://www.abanet.org/abastore/productpage/5070553

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. BNA’s Internet Law News, http://ecommercecenter.bna.com.
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
7. McGuire Wood’s Technology & Business Articles of Note, http://tinyurl.com/ywsusp
8. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/.
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.