Saturday, December 27, 2008

MIRLN --- 7-27 December 2008 (v11.17)

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln.

**************End of Introductory Note***************

**** ANNOUNCEMENTS & MEETINGS ****
ABA CYBERSPACE COMMITTEE WINTER WORKING MEETING - The Committee on Cyberspace Law invites you to its annual Winter Working Meeting, January 30th through the 31st, 2009 on the campus of Santa Clara University in Santa Clara, California (just adjacent to San Jose). Don’t miss this great opportunity to exchange views, explore issues, identify emerging practices and interact with other Committee members. The “WWM” is meant just as much for persons new to the Committee as it is for those of long-standing membership, so please do not hesitate to join us if you are looking for a place and project to get involved with the Committee’s work! Information here: http://www.abanet.org/buslaw/committees/CL320000pub/meetings.shtml

INTERNETBAR.ORG IS PLEASED TO ANNOUNCE THE RECEIPT OF A GRANT FROM THE AMERICAN BAR ASSOCIATION FUND FOR JUSTICE AND EDUCATION, through the World Justice Project for its Peacetones Initiative. The PeaceTones Initiative addresses the isolation of individuals in conflict zones and zones recently freed from conflict. Prolonged conflict serves as an anchor, holding back populations that are vandalized and deprived of resources, populations living at or below the international poverty line, and populations that are overlooked or exploited by local governments. PeaceTones aims to assist musicians and their communities in conflict and post-conflict zones with access to Internet technology, legal assistance in establishing and maintaining intellectual property rights, alternative dispute resolution assistance to ensure successful ongoing development, and business assistance to bring remote market prices to local developing markets. The legal community’s role in PeaceTones is design and build-out an international legal empowerment network, including a user interface, comprised of lawyers from all over the world who donate their time and expertise to help advise individuals who otherwise would not have access to rule of law due to monetary or location based restriction; The Liberty Alliance, a standards organization with a global membership that provides a holistic approach to identity, is collaborating with the legal community to develop a system of legal assurance for identity within the legal empowerment network. The launch of the legal empowerment network will take place at the Winter Working Meeting of the Cyberspace Law Committee of the ABA Business Law Section from January 30-31, 2009 at Santa Clara University. For more information, see www.internetbar.org, www.peacetones.org, and www.projectliberty.org.

**** NEWS ****
OFFSHORE HOSTING FIRM HAVENCO LOST AT SEA (The Register, 25 Nov 2008) - Controversial hosting provider HavenCo - which operated from the ‘nation’ of Sealand, an old naval fort off the coast of Suffolk which was declared a ‘sovereign principality’ by its quirky owner Roy Bates - has finally gone offline. As of last week, the HavenCo website is gone and the domain is now hosted outside the Sealand subnet. Founded in 2000 by Bates’ son and Michael with $1m in seed money, the company initially offered an everything goes-policy along with an offshore fat-pipe data haven. Child pornography, spamming and malicious hacking were strictly prohibited, but with no restrictions on copyright or intellectual property for data hosted on its servers, file-sharing certainly looked like a possibility. Many existing customers had left by 2003. With no investment backing bandwidth never materialised, and the location was vulnerable to DoS attacks. However, what probably scared most potential customers was the fact all internet connectivity went through the UK and that the UK claimed the platform was within its territorial waters. HavenCo was one of many failed business ventures in an attempt to profit from the world’s smallest country. A scheme to build a hotel and gambling complex never materalised. Since last year, the principality has been put up for sale. Last year, Swedish bittorrent search site The Pirate Bay said it was in negotiations with Prince Michael of Sealand about purchasing the principality to use it as a base for its own operations, but Bates declared he would never sell the micronation - currently priced at €750m - to a BitTorrent tracker. http://www.theregister.co.uk/2008/11/25/havenco/

MICHIGAN STATE TO STUDENT: POLITICAL E-MAIL IS SPAM (CNET, 5 Dec 2008) - Most schools encourage students to become active in campus politics. Not Michigan State University, which has filed disciplinary charges against a student leader who sent e-mail criticizing an abbreviated fall semester. Kara Spencer’s encounter with MSU’s disciplinary apparatus started in September, when the student government member began discussing the shortened fall 2009 schedule with a small group of faculty members and administrators. She followed up by contacting 391 faculty members by e-mail, saying that professors should be aware of the “burden for class schedules and syllabi” the change would involve. The e-mail irked a single faculty member, Katherine Gross, who teaches plant biology. Gross complained to the university administrators, who summoned Spencer to a mandatory meeting and informed her that she would face disciplinary charges. A formal letter listing Gross as a “possible witness” to the offense said that the e-mail violated university policies saying that students can use the network only for “authorized purposes.” “Students on campus have been supportive,” Spencer told CNET News. So has the Foundation for Individual Rights in Education, or FIRE, a nonpartisan group in Philadelphia that urged MSU President Lou Anna Simon to halt the disciplinary process in advance of a hearing that was scheduled to take place on Tuesday. It didn’t work: The president rebuffed FIRE and the hearing took place as scheduled. http://news.cnet.com/8301-13578_3-10114646-38.html

PROSECUTOR’S BAN ON E-MAIL FROM ADVERSARY TRIGGERS LEGAL SKIRMISH (Law.com, 5 Dec 2008) - Lawyers, like the rest of the world, have embraced the ease of electronic communication. With a press of a button or a click of the mouse, they can shoot each other messages and file documents with courts and agencies, more quickly and cheaply than before. So it came as a bit of a shock to Steven Kern to encounter an adversary who refused to communicate with him by e-mail, insisting that any papers he wants to send her be faxed and sent by overnight mail. She went so far as to block his e-mails and, when he sent her a motion by e-mail and regular mail, complained to the judge about him. No, Kern’s adversary is not some elderly barrister who has fallen behind the times technologically. Rather, Siobhan Krier is a [New Jersey] deputy attorney general, admitted to the Bar in 2000, with a computer at her desk that she uses to send e-mail -- just not to opposing counsel. Krier may not be an oddball. David Wald, a spokesman for the Attorney General’s Office, says DAGs and other lawyers there have the option of deciding to forgo e-mail and exchange information “the old way,” by fax, telephone and mail. Wald, however, says, he is not aware of anyone other than Krier who has chosen that option. http://www.law.com/jsp/article.jsp?id=1202426504130

PANEL PRESSES TO BOLSTER SECURITY IN CYBERSPACE (New York Times, 8 Dec 2008) - License plates may be coming to cyberspace. A government and technology industry panel on cyber-security is recommending that the federal government end its reliance on passwords and enforce what the industry describes as “strong authentication.” Such an approach would probably mean that all government computer users would have to hold a device to gain access to a network computer or online service. The commission is also encouraging all nongovernmental commercial services use such a device. “We need to move away from passwords,” said Tom Kellermann, vice president for security awareness at Core Security Technologies and a member of the commission that created the report. The report, which offers guidance to the Obama administration, is a strong indictment of government and private industry efforts to secure cyberspace to date. “The laissez-faire approach to cyber-security has failed,” Mr. Kellermann said. Restricting Internet access is one of a series of recommendations that a group of more than 60 government and business computer security specialists will make in a public presentation, “Securing Cyberspace in the 44th Presidency,” on Monday. The report has been prepared during the last 18 months under the auspices of the Center for Strategic and International Studies, a Washington policy group, after a number of break-ins into government computer systems. “The damage from cyber attack is real,” the report states. “Last year, the Departments of Defense, State, Homeland Security, and Commerce, NASA and the National Defense University all suffered major intrusions by unknown foreign entities.” The report describes a laundry list of serious break-ins ranging from the hacking of the secretary of Defense’s unclassified e-mail to the loss of “terabytes” of data at the State Department. The group recommends the creation of a White House cyber-security czar reporting to the president and the consolidation of the powers that have largely been held by the Homeland Security Department under the Bush administration. The report argues that cyber-security is one of the most significant national security threats and that it can no longer be relegated to information technology offices and chief information officers. http://www.nytimes.com/2008/12/09/technology/09security.html

PEER-TO-PEER LENDING ALTERNATIVE RUNS INTO REGULATORY WALL (SiliconValley.com, 9 Dec 2008) - Peer-to-peer lending promised to be an alternative to traditional banks and credit cards for small borrowers. But this fledgling industry, which has been operating freely on the Internet, recently has come into regulators’ sights. Regulators argue that some lending sites essentially are selling investments that need to be registered. This has sidelined the largest peer-to-peer lending site, Prosper.com. The timing couldn’t be worse for consumers, with many banks tightening their standards and making it difficult for even some good credit risks to get a loan. But as much of a headache as regulation can be, it might be what the industry needs to take it to a higher level. Regulation can bring greater transparency and protections for investors who provide the money for loans. And if these investors feel more comfortable, they are more likely to pour money into new loans. Peer-to-peer lending is only a few years old. These Internet sites match people who need a loan for, say, $1,000 to $25,000, with dozens or hundreds of strangers willing to lend amounts as small as $50. Lending sites act as the go-between, collecting borrowers’ payments and forwarding them, along with interest, to the various lenders. http://www.siliconvalley.com/news/ci_11180911

LIMEWIRE ADDS PRIVATE FILE SHARING (Wired, 10 Dec 2008) - File sharing doesn’t have to be about indiscriminate trading with anonymous strangers. LimeWire served up a major upgrade to its file sharing client Wednesday with a simpler interface and powerful private sharing features. Using the new version, you could potentially share music with your friends, download NSFW videos from wherever and share photos with your family — all without anyone being the wiser. This may sound risky, but LimeWire’s new sharing features allow a level of control over what you’re sharing with whom that makes it a feasible scenario. You can still use it just like the old version, to share and download from strangers, but the socially networked sharing feature could become the main way many people use the program. The alpha version of LimeWire was made public for Windows, Mac and Linux on Wednesday at around noon. The program installs easily, importing files from your library and letting you search and download music, video, images, documents and other files from the gnutella P2P network. It can also act as your bit torrent client. But the main improvement here is the way it lets you set up easy, private file sharing networks on a file-by-file, user-by-user basis. “I have a 65-year-old mother in Scotland, and the idea of asking her to sign up with Snapfish and to log in, and the upload process, it’s still a very complicated thing for ordinary people,” said LimeWire COO Kevin Bradshaw when he first told us of the plan. “Imagine a situation where she would have an installation of LimeWire ... I could just drop pictures into a folder on my hard drive and they would automatically appear on her drive.” Indeed, the free private sharing feature (instructions below) is the strongest selling point of the new LimeWire. But you can also use it as before to download stuff from strangers and share content with the gnutella network at large. But in it’s default mode, LimeWire is only set to share files you downloaded from the network; all other content in the library must be intentionally shared, either with specific users or the network in general. http://blog.wired.com/business/2008/12/lime-wire-adds.html

SONY SUED FOR COLLECTING DATA ON CHILDREN UNDER 13 (SiliconValley.com, 10 Dec 2008) - Sony BMG Music Entertainment, the recording company of Justin Timberlake and Bruce Springsteen, has been sued by the U.S. for collecting and disclosing personal data about 30,000 young children without informing their parents. The Federal Trade Commission filed a civil lawsuit Wednesday in Manhattan federal court. The suit, which alleges violations of the Children’s Online Privacy Protection Act, seeks unspecified money damages and an injunction. The FTC claims Sony Music, a Sony unit that operates more than 1,100 music-related Web sites, collected information from more than 30,000 children under age 13 since 2004, despite claiming on its sites that visitors that young wouldn’t be allowed to register. Sony agreed to pay a $1 million fine and hire a compliance officer who will put a screening process in place to prevent the collection of such data, according to two people close to the agreement who declined to be identified. The settlement may be announced as early as today, they said. The sites collected information such as names, addresses, mobile phone numbers, e-mail addresses, dates of birth, ZIP codes, usernames and gender, the FTC said. http://www.siliconvalley.com/news/ci_11190787?nclick_check=1

CDA SHIELDS WEBSITE FROM LIABILITY FOR SUGGESTING LABELS FOR USERS’ POSTS (Steptoe & Johnson’s E-Commerce Law Week, 11 Dec 2008) - Websites that want to evaluate the legal risks involved in publishing third-party content must consult a veritable library of court rulings interpreting section 230 of the Communications Decency Act. Although section 230 generally immunizes websites from claims stemming from information posted by third parties, websites can lose this immunity if they are responsible, in whole or in part, for the development of the information. But determining whether a website is responsible for the development of information is not so easy, judging by recent court decisions. As we previously reported, the en banc Ninth Circuit ruled this April in Housing Council of San Fernando Valley v. Roommate.com, LLC that a company that operated an online roommate matching service could not claim section 230 immunity for allegedly discriminatory profiles created by its members, since it contributed to the development of the profiles by requiring members to choose from a small set of answers to specific profile-creation questions. But, last month, a federal magistrate ruled in GW Equity, LLC, v. Xcentric Ventures, LLC, that section 230 shielded Xcentric Ventures and its manager from liability for providing a list of descriptive phrases that visitors to the defendants’ “Ripoff Report” website used to categorize their allegedly defamatory posts. The judge explained that while the website in Roommate “directly participated in developing the alleged illegality,” the websites in Xcentric Ventures merely presented users with a “broad choice of categories” that were not solely “negative and/or defamatory in nature.” http://www.steptoe.com/publications-5761.html
RESELLING MP3S: THE MUSIC INDUSTRY’S NEW BATTLEGROUND? (CNET, 11 Dec 2008) - A new digital music service is getting lots of attention for proposing to help consumers sell their used MP3s in much the same way people once unloaded second-hand albums. Bopaboo has generated splashy headlines recently for coming up with what on the surface seems like a good idea. Music fans have always exercised their first-sale rights, which under copyright law, allows them to sell their unwanted CDs, tapes, and albums without permission from the copyright owner. Why can’t they do the same with digital music? But there are dramatic differences between physical and digital music. For this reason, Washington, D.C.-based Bopaboo appears to be careening toward a head-on collision with the recording industry. According to Bopaboo CEO Alex Meshkin, he will soon meet with executives from the major labels and execs there will no doubt ask why they shouldn’t set their attorneys loose on the service. They may also inquire about the controversy that dogged a then 23-year-old Meshkin when he was owner of Toyota’s NASCAR team. As for the legal questions involved with MP3 resales, Meshkin, 28, argues that the law allows consumers to sell digital media files in the same way they do physical media. That’s not all together accurate. Fred von Lohmann, senior staff attorney for the Electronic Frontier Foundation, an advocacy group that supports Internet-user rights, says to the best of his knowledge, the issue has never been addressed in court. Even von Lohmann, a well-known champion of the technology sector, sees potential problems with Bopaboo’s legal argument. He says while its true that under the first-sale law people are allowed to sell CDs and other physical goods, it hasn’t been established whether the law covers digital media. The good news says von Lohmann is that Bopaboo could raise the public’s awareness about what may one day be an important issue for digital music. http://news.cnet.com/8301-1023_3-10120951-93.html?tag=nl.e703

FIRMS PUSH FOR A MORE SEARCHABLE FEDERAL WEB (Washington Post, 11 Dec 2008) - Google’s professed corporate mission is “to organize the world’s information.” But for years, the U.S. government, one of the world’s largest depositories of data, has been unwilling or unable to make millions of its Web pages accessible. “The vast majority of information is still not searchable or findable either because it’s not published or it’s on Web sites which the government has put up which no one can index,” Google chief executive Eric Schmidt said during a recent presentation at the New America Foundation. Now Schmidt has a unique opportunity to change that as an informal adviser to President-elect Barack Obama, a tech booster who dubbed his first Senate law “Google for government” because it aimed to make federal information more accessible. Today, a wide array of public information remains largely invisible to the search engines, and therefore to the general public, because it is held in such a way that the Web search engines of Google, Yahoo and Microsoft can’t find it and index it. Not surprisingly, Yahoo and Microsoft officials agree that people would be better served if more public information became accessible to their search engines. A person using one of the search engines, for example, can’t find Environmental Protection Agency enforcement actions against a given company, can’t discover the picture of a specific ancient Egyptian artifact at the Smithsonian and can’t search by name for the details of a Vietnam War casualty. Needham estimates that 1,000 federal government Web sites are inaccessible to search engine “crawlers,” the programs that are run to discover what information is available on the Web. Much of the inaccessibility stems from the fact that so much federal government data, while public, can be accessed only after users fill out an online form. The search engines’ crawlers generally can’t look into such databases. For example, Google notes that a user seeking details on an Environmental Protection Agency enforcement action against Anheuser-Busch can’t be found by entering a simple search query such as “EPA enforcement Anheuser-Busch.” Instead, a person needs to know to go to a particular EPA enforcement Web site and enter “Anheuser-Busch.” To make those databases visible to search engines would require the federal government to make each item into a Web page and then to provide a list of those Web page addresses to the search engines. Microsoft is working with more than 25 federal agencies to make their Web sites “crawlable” by search engines. http://www.washingtonpost.com/wp-dyn/content/article/2008/12/10/AR2008121003241.html

AUSSIE COURT SAYS DEFAULT JUDGMENT CAN BE SERVED ON FACEBOOK (ABA Journal, 15 Dec 2008) - In an apparent first in Australia and, possibly, the world, a judge has OK’d a plan to serve a default judgment on a non-appearing defendant via a social networking website. Although service previously has been allowed by e-mail and text message, a master of the Supreme Court of the Australian Capital Territory has gone a step further into the Internet world by allowing a default judgment to be served on Facebook, reports the Sydney Morning Herald. The court okayed the Facebook approach, a Herald Sun article explains, after all other efforts failed, according to attorney Mark McCormack, who represented the creditor side in the mortgage foreclosure case. “The Facebook profiles showed the defendants’ dates of birth, email addresses and friend lists--and the co-defendants were friends with one another,” he tells the Herald Sun. “This information was enough to satisfy the court that Facebook was a sufficient method of communicating with the defendant.” To convince the court to try Facebook, the plaintiffs had to show that no other method of service would work, and that the Facebook effort was reasonably likely to succeed, he says. http://www.abajournal.com/news/in_seeming_first_aussie_court_says_default_judgment_can_be_served_on_facebo/

GOOGLE OFF LIST OF 20 MOST TRUSTED COMPANIES (San Francisco Chronicle, 15 Dec 2008) - Facebook, Apple, Yahoo, Verizon and FedEx for the first time have made an annual ranking of the top 20 most trusted companies in the United States. Google, however, dropped off the list, released today by the Ponemon Institute and TRUSTe in San Francisco, as did Countrywide Financial, Bank of America (which acquired Countrywide) and Weight Watchers. Financial companies were tarred by the subprime mortgage crisis and the subsequent meltdown of investment banks on Wall Street, said Dr. Larry Ponemon, who conducted the survey, but not all financial companies were equally hit. Nationwide retained its place as the ninth most trusted company, and U.S. Bank and eLoan managed to stay in the top 20, although both dropped a few places. At No. 1, for the fourth year in a row, was American Express, followed by eBay, IBM, Amazon and Johnson & Johnson. This is the fifth year the survey has been conducted. The Ponemon Institute got 6,500 people - weighted by age, gender and household income to match the U.S. census - to name the five companies they trusted most and least. Concern about privacy is higher than ever, the survey showed. Less than half of consumers - 45 percent - feel they have control over their personal information. That’s down from 48 percent last year and 56 percent in 2006. More than 60 percent said identity theft negatively affects how they think about a company, and more than half get concerned when a company sends notifications of data breaches. “Consumers are getting more astute about” privacy, said Fran Maier, the CEO of TRUSTe, which evaluates online privacy practices. Ponemon said some companies, like IBM, might be trusted because they have big brands; others, like Apple, because consumers like their products. http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/12/15/BU7F14N56T.DTL

CRITIQUE OF U.S. PRIVACY RULES (InsideHigherEd, 16 Dec 2008) - The U.S. Education Department’s rewrite of federal rules governing student privacy will “make it much more difficult for journalists and parents to investigate the performance of schools and colleges,” the Student Press Law Center said Monday. The center, which advocates on behalf of student journalists, said the department’s revamped regulations for the Family Educational Rights and Privacy Act, which were released last week, would “greatly expand the definition of what qualifies as a confidential ‘education record’ to include even records with all names, Social Security numbers and other individually identifying information” redacted. http://www.insidehighered.com/news/2008/12/16/qt

- and -

NEW PRIVACY GUIDELINES FOR E-HEALTH RECORDS ANNOUNCED (CNET, 17 Dec 2008) - The Department of Health and Human Services this week released new privacy guidelines (PDF) for electronic health records, the use of which President-elect Barack Obama has promised to support as part of his plan to jump-start the economy. The use of electronic medical records could reduce costs and medical errors while potentially improving the quality of care patients receive, advocates say, but the level of new privacy standards needed for e-health records has been a matter of debate. “Consumers need an easy-to-read, standard notice about how their personal health information is protected, confidence that those who misuse information will be held accountable, and the ability to choose the degree to which they want to participate in information sharing,” HHS Secretary Mike Leavitt said Monday. The eight principles established in the guidelines are intended to facilitate the adoption of e-health records by providing a consistent approach to questions of privacy and defining the responsibilities of those who have access to e-health records and share them through a network. The principles address issues of patient access; correction of records; openness and transparency; patient choice; limitations to the collection, use, and disclosure of personal health information; data integrity; safeguards; and accountability. The HHS Office for Civil Rights also published new guidance documents explaining how the Health Insurance Portability and Accountability (HIPAA) Act can facilitate the exchange of information through e-records. http://news.cnet.com/8301-13578_3-10123549-38.html


MOZILLA FIREFOX 3.05 UPDATES USER RIGHTS (Information Week, 17 Dec 2008) - Mozilla on Tuesday released Firefox 3.05, a browser update that fixes several security issues and offers a few other changes, including a clearer way to communicate to users about their rights. Perhaps the most interesting change in Firefox 3.05 is that it does away with the End User License Agreement (EULA) and replaces it with a “Know Your Rights” info bar that gets loaded when the browser is first installed. The info bar text can be displayed by typing “about:rights” (without quotation marks) into the location/address bar. The many Firefox users who never bother to read legalese won’t care. But the change addresses criticism from the free open source software community that Mozilla was asserting rights through the Firefox EULA that were incompatible with those outlined in the GNU General Public License (GPL), which governs most open source software. The issue was that while the Firefox code was covered by the GPL, Mozilla’s trademarked Firefox name, related artwork, and its proprietary TalkBack crash reporter were not. This raises the possibility of legal entanglements that Mozilla’s partners and users of Firefox were eager to avoid. In September, Mitchell Baker, chairperson of Mozilla, acknowledged in a blog post that “yes, the content of the license agreement is wrong.” She said Mozilla was committed to fixing both the language in question and the presentation of the information. And now it is done. Mike Beltzner, director of Firefox at Mozilla, said in an e-mail that the organization wanted to provide a better user experience and a clearer explanation of users’ rights. “The EULA that we used to use actually said very similar things, but the presentation was less friendly -- you had to ‘accept’ it to continue -- and the language wasn’t easy to read or expressed in terms of what your rights were as a user,” he said. “The new page uses clear language to inform users about what they are allowed to do with our software, which is pretty much anything other than infringe on our trademarks and logos. We also break out the terms and limitations of the software services (such as SafeBrowsing) that we ship with Firefox, including instructions on how users can disable these services.” Beltzner said that while the specific legal rights of users haven’t been altered with this release, the new presentation makes them friendlier and easier to understand, which he characterizes as a change for the better. http://www.informationweek.com/news/internet/browsers/showArticle.jhtml?articleID=212501028&subSection=All+Stories See also http://kev.deadsquid.com/?p=716 http://lockshot.wordpress.com/2008/09/17/licensing-proposal/ and http://lockshot.wordpress.com/2008/09/15/firefox-eula-in-linux-distributions/#comments. [A MIRLN reader writes: “Firefox is pointedly rejecting the concept of a click-through upon installation of their software, effective immediately. They view this as ‘killing the EULA’ and replacing it with a ‘know your rights’ statement. [They make] no attempt to force a click or the like. Note that they aren’t seeming to forego a license -- Know Your Rights makes clear they still view their software to be subject to the Mozilla Public License. I’ve just got no idea where that license gets agreed upon.”]

MYST ONLINE GOES OPEN SOURCE, FANS TO MAKE THEIR OWN WORLDS (ArsTechnica, 17 Dec 2008) - When GameTap shut down the servers for MystOnline: UruLive earlier this year, it was a major disappointment for the small, but dedicated, fan base the game had acquired over the years. Those fans will now have a chance to shape the future of the game, as developer Cyan Worlds has announced that the source code for the title will soon be released, giving fans the ability to mold and update the now-open source game as they see fit. “Cyan has decided to... make MystOnline available to the fans by releasing the source code for the servers, client and tools for MystOnline as an open source project,” Cyan Worlds CEO Tony Fryman told Spokane, WA paper Spokesman Review. “We will also host a data server with the data for MystOnline. More is still possible, but only with the help from fans.” http://arstechnica.com/news.ars/post/20081217-myst-online-goes-open-source-fans-to-make-their-own-worlds.html

YAHOO OUTDOES GOOGLE, WILL SCRUB SEARCH LOGS AFTER 90 DAYS (ArsTechnica, 17 Dec 2008) - It’s a race to the bottom, but in a good way. Yahoo today announced an “industry-leading approach” to online privacy under which it will anonymize its log data after 90 days. The move comes only months after Google cut its own retention period for personal data by 50 percent, and it gives Yahoo by far the strongest anonymization policy of the big three search engines. The announcement also scored points with Congress. Rep. Ed Markey (D-MA), a powerful voice on tech issues, this morning applauded the company, essentially placing the privacy crown atop its corporate head. “Today, Yahoo voluntarily sets a new standard for such privacy protection, a standard against which Microsoft, Google, and others will now be compared,” he said. “I urge other leading online companies to match or beat the commitments announced by Yahoo.” That’s exactly the message Yahoo wants to convey. In its announcement, the company stressed that it had just made the TRUSTe/Ponemon Institute Top 20 list of “Most Trusted Companies for Privacy.” Yahoo came in 14th after previously being off the list; Google and Microsoft did not make it. Under the new policy, log data can be retained, but IP addresses will be anonymized after 90 days. The data affected isn’t just search logs, either, but “page views, page clicks, ad views, and ad clicks.” Yahoo makes exceptions to the policy for “fraud, security, and legal obligations,” so if any jurisdiction in which it operates passes mandatory data retention laws, the 90-day guarantee is overridden there. http://arstechnica.com/news.ars/post/20081217-yahoo-outdoes-google-will-scrub-search-logs-after-90-days.html

COURT RULES THAT USE OF TRADEMARK IN DOMAIN NAMES IS INFRINGING (Steptoe & Johnson’s E-Commerce Law Week, 18 Dec 2008) - A federal court in Washington State recently ruled that Earthwise Innovations, Inc., infringed upon the trademarks of Suarez Corporation Industries (SCI) by using them in domain names and on websites. Earthwise registered domain names containing SCI’s “edenpure” mark and used websites with these domain names to sell SCI space heaters bearing the marks “edenpure” and “sun-twin.” Although Earthwise was at one time an authorized Internet distributor of SCI’s space heaters, the relationship soured, leading Earthwise to terminate its distribution agreement with SCI. In response, SCI brought trademark infringement claims against Earthwise under the Lanham Act and sought to hold Earthwise liable for registering domain names containing SCI’s marks under the Anticybersquatting Consumer Protection Act (ACPA). The court ruled that Earthwise’s use of the SCI’s marks in domain names and on websites was infringing; however, it denied SCI’s motion for summary judgment on the ACPA claims, since SCI had not established that Earthwise “acted in bad faith” in obtaining and retaining possession of the infringing domain names. As we have previously reported, most courts agree that the use of a competitor’s mark in an Internet domain name is infringing. http://www.steptoe.com/publications-5777.html

MUSIC INDUSTRY DROPS EFFORT TO SUE SONG SWAPPERS (AP, 19 Dec 2008) - The group representing the U.S. recording industry said Friday it has abandoned its policy of suing people for sharing songs protected by copyright and will work with Internet service providers to cut abusers’ access if they ignore repeated warnings. The move ends a controversial program that saw the Recording Industry Association of America sue about 35,000 people since 2003 for swapping songs online. Because of high legal costs for defenders, virtually all of those hit with lawsuits settled, on average for around $3,500. The association’s legal costs, in the meantime, exceeded the settlement money it brought in. The association said Friday that it stopped sending out new lawsuits and warnings in August, and then agreed with several leading U.S. Internet service providers, without naming which ones, to notify alleged illegal file-sharers and cut off service if they failed to stop. It credited the lawsuit campaign with raising awareness of piracy and keeping the number of illegal file-sharers in check while the legal market for digital music took off. With two weeks left in the year, legitimate sales of digital music tracks soared for the first time past the 1 billion mark, up 28 percent over all of last year, according to Nielsen Soundscan. “We’re at a point where there’s a sense of comfort that we can replace one form of deterrent with another form of deterrent,” said RIAA Chairman and Chief Executive Mitch Bainwol. “Filing lawsuits as a strategy to deal with a big problem was not our first choice five years ago.” http://tech.yahoo.com/news/ap/20081220/ap_on_hi_te/music_downloading_lawsuits_4

JUDGE BACKS STATE, SAYS LOCATIONS OF COMPUTERS ARE OFF LIMITS TO THE AP (Arkansas Democrat Gazette, 19 Dec 2008) - A Pulaski County Circuit judge on Thursday derailed efforts by The Associated Press to determine which state employees changed information about former Gov. Mike Huckabee and other state officials on the Internet encyclopedia Wikipedia. The judge sided with the state’s attorneys who said the information sought by the reporters would jeopardize the security of the state’s computer network. Judge Marion Humphrey concluded a five-hour hearing by ruling that the location of specific state computers is exempt from public disclosure. “It’s kind of a difficult issue that’s presented to the court,” Humphrey said. “For reasons of security, this information should not be obtained under the Arkansas Freedom of Information Act.” The reporters found five Internet protocol addresses for state-owned computers that were used to change the Wikipedia entries, but the state Department of Information Systems, which manages the state’s computer network, rejected their Freedom of Information request to learn which state agency had the computers. http://www.nwanews.com/adg/News/247038/print/

THE INTERNET’S 100 OLDEST DOT-COM DOMAINS (PC World, 21 Dec 2008) - The Internet’s been around in some form for decades. It wasn’t until the mid-80s, though, that the Web as we know it started coming together -- and those precious dot-com domains started getting snatched up. As we finish out the tech-centric year of 2008, we thought we’d take a look back at the Internet’s oldest commercial Web sites -- the ones registered back when chatting about “the Net” was as socially acceptable as wearing Jedi garb into a crowded nightclub. So grab your light sabers, dear friends -- we’re boarding the Millennium Falcon and heading back to a virtual galaxy far, far away. http://www.pcworld.com/article/155743/domain.html?tk=rss_news [Editor: Schlumberger was number 75 on May 20, 1987.]

SANTA MUST BE REAL, HE’S ON GOOGLE EARTH (CNET, 23 Dec 2008) - As it has for the past four years, Google will be mapping Santa Claus’ trek from the icy North Pole to rooftops around the globe on Christmas Eve. But this year, good girls and boys can track their gifts via mobile phones and Twitter, too. Starting at 3 a.m. PST on Wednesday, a Google Map with Santa’s current location will be displayed on the NORAD Santa Web site, operated by Google and the North American Aerospace Defense Command. Santa fans can also track his movements in 3D in Google Earth by downloading a special NORAD Tracks Santa KML. iGoogle users can add a NORAD Tracks Santa gadget to their iGoogle page. Google will be displaying high-resolution “Santa Cam” video of the gift-laden airborne sleigh. For locations without video, photos from Panoramio will be displayed in Google Maps. And for the first time, people can track Santa’s journey on mobile phones with Google Maps for Mobile and follow him on Twitter by adding “@noradsanta.” http://news.cnet.com/8301-17939_109-10128642-2.html?tag=newsEditorsPicksArea.0 [Editor: the “Santa-CAM” videos are a hoot!]

**** NOTED PODCASTS ****
DATA GOVERNANCE (Technometria; podcast with IBM’s Steven Adler; 56 minutes) - Since data is the raw material of the information economy, it is increasingly important that it is properly controlled by organizations. Data governance is a quality control discipline for assessing, managing, using, improving, monitoring, maintaining, and protecting organizational information. Steven Adler, Program Director of IBM Data Governance, joins Phil and Scott to discuss the increasingly important issue. He first talks about the overall importance of data governance and how organizations must build data accountability. He discusses IBM’s work to protect data as a business priority. He reviews the Data Governance Maturity Model, giving useful details about how organizations can better protect their valuable commodity. http://itc.conversationsnetwork.org/shows/detail3589.html [Editor: This is an extremely useful discussion about “Data Governance” systematic methodologies to assess and manage the data-management process. Discusses the evolution of a formal “Data Governance Maturity Model”, benchmarking and self-assessment processes, and integrating data-governance with measurable business objectives. The discussion knits e-policy processes with knowledge-management processes; see related resources here. THREE STARS.]

**** RESOURCES ****
2008 TOP TEN DEVELOPMENTS IN COMPUTER AND TECHNOLOGY LAW (Michael Fleming, Michael McGuire; Oct 2008) - “The Year in Review -- Top 10 Computer & Tech Law Developments for 2008.” From Hannah Montana to Virtual Reality, from Counterfeit Tiffany to Misused Flickr Pictures, computer and technology developments range over a wide and interesting scope. http://www.larkinhoffman.com/news/article_detail.cfm?ARTICLE_ID=255

**** AND NOW FOR SOMETHING COMPLETELY DIFFERENT ****
THE INDISPENSABLE MUSICIAN: BARENBOIM BACKSTAGE (OpenSource, 25 Nov 2008) – 30 minute interview with Daniel Barenboim, ranging from Tristan & Isolde, to Israel and the Palestinians, the Holocaust, and back to Wagner. “Tell me another profession where you know more than yesterday but you have to start from scratch? This is the great privilege of being a musician. It’s exactly that: to combine more and more because you’ll never get to the bottom of it, but you always have the freshness of starting from scratch… There are some pieces I play on the piano that I played when I was 7 years old, you know, I was 66 last week–that is a long time… There are pieces I have played one hundred, two hundred times. Yet when I start, there is nothing there because sound is ephemeral, and therefore you start from scratch.” http://www.radioopensource.org/the-indispensable-musician-barenboim-backstage/

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. BNA’s Internet Law News, http://ecommercecenter.bna.com.
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
7. McGuire Wood’s Technology & Business Articles of Note, http://tinyurl.com/ywsusp
8. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/.
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

Saturday, December 06, 2008

MIRLN --- 6 November – 6 December 2008 (v11.16)

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln.

**************End of Introductory Note***************

**** MEETINGS ****
ABA CYBERSPACE COMMITTEE WINTER WORKING MEETING - The Committee on Cyberspace Law invites you to join all of your fellow members for its annual Winter Working Meeting, January 30th through the 31st, 2009 on the campus of Santa Clara University in Santa Clara, California (just adjacent to San Jose). Don’t miss this great opportunity to exchange views, explore issues, identify emerging practices and interact with other Committee members. The “WWM” is meant just as much for persons new to the Committee as it is for those of long-standing membership, so please do not hesitate to join us if you are looking for a place and project to get involved with the Committee’s work! Information here: http://www.abanet.org/buslaw/committees/CL320000pub/meetings.shtml

**** NEWS ****
U.S. COURT RULES THAT HASHING = SEARCHING (Schneier on Security, 5 Nov 2008) - Really interesting post by Orin Kerr on whether, by taking hash values of someone’s hard drive, the police conducted a “search”: District Court Holds that Running Hash Values on Computer Is A Search: The case is United States v. Crist, 2008 WL 4682806 (M.D.Pa. October 22 2008) (Kane, C.J.). It’s a child pornography case involving a warrantless search that raises a very interesting and important question of first impression: Is running a hash a Fourth Amendment search? First, the facts. Crist is behind on his rent payments, and his landlord starts to evict him by hiring Sell to remove Crist’s belongings and throw them away. Sell comes a cross Crist’s computer, and he hands over the computer to his friend Hipple who he knows is looking for a computer. Hipple starts to look through the files, and he comes across child pornography: Hipple freaks out and calls the police. The police then conduct a warrantless forensic examination of the computer. In the forensic examination, Agent Buckwash used the following procedure. First, Agent Buckwash created an “MD5 hash value” of Crist’s hard drive. An MD5 hash value is a unique alphanumeric representation of the data, a sort of “fingerprint” or “digital DNA.” When creating the hash value, Agent Buckwash used a “software write protect” in order to ensure that “nothing can be written to that hard drive.” [Then] Agent Buckwash ran a “hash value and signature analysis on all of the files on the hard drive.” Supp. Tr. 89. In doing so, he was able to “[f]ingerprint” each file in the computer. Once he generated hash values of the files, he compared those hash values to the hash values of files that are known or suspected to contain child pornography. Agent Buckwash discovered five videos containing known child pornography. The Court concluded that [running the file hash was a Fourth Amendment search], and that the evidence of child pornography discovered had to be suppressed. http://www.schneier.com/blog/archives/2008/11/us_court_rules.html

FOIA DOCS SHOW FEDS CAN LOJACK MOBILES WITHOUT TELCO HELP (ArsTechnica, 16 Nov 2008) - Courts in recent years have been raising the evidentiary bar law enforcement agents must meet in order to obtain historical cell phone records that reveal information about a target’s location. But documents obtained by civil liberties groups under a Freedom of Information Act request suggest that “triggerfish” technology can be used to pinpoint cell phones without involving cell phone providers at all. Triggerfish, also known as cell-site simulators or digital analyzers, are nothing new: the technology was used in the 1990s to hunt down renowned hacker Kevin Mitnick. By posing as a cell tower, triggerfish trick nearby cell phones into transmitting their serial numbers, phone numbers, and other data to law enforcement. Most previous descriptions of the technology, however, suggested that because of range limitations, triggerfish were only useful for zeroing in on a phone’s precise location once cooperative cell providers had given a general location. This summer, however, the American Civil Liberties Union and Electronic Frontier Foundation sued the Justice Department, seeking documents related to the FBI’s cell-phone tracking practices. Since August, they’ve received a stream of documents—the most recent batch on November 6—that were posted on the Internet last week. In a post on the progressive blog Daily Kos, ACLU spokesperson Rachel Myers drew attention to language in several of those documents implying that triggerfish have broader application than previously believed. As one of the documents intended to provide guidance for DOJ employees explains, triggerfish can be deployed “without the user knowing about it, and without involving the cell phone provider.” That may be significant because the legal rulings requiring law enforcement to meet a high “probable cause” standard before acquiring cell location records have, thus far, pertained to requests for information from providers, pursuant to statutes such as the Communications Assistance for Law Enforcement Act (CALEA) and the Stored Communications Act. The Justice Department’s electronic surveillance manual explicitly suggests that triggerfish may be used to avoid restrictions in statutes like CALEA that bar the use of pen register or trap-and-trace devices—which allow tracking of incoming and outgoing calls from a phone subject to much less stringent evidentiary standards—to gather location data. “By its very terms,” according to the manual, “this prohibition applies only to information collected by a provider and not to information collected directly by law enforcement authorities.Thus, CALEA does not bar the use of pen/trap orders to authorize the use of cell phone tracking devices used to locate targeted cell phones.” http://arstechnica.com/news.ars/post/20081116-foia-docs-show-feds-can-lojack-mobiles-without-telco-help.html

GARTNER: 85 PERCENT OF COMPANIES USING OPEN SOURCE (ZDNet, 17 Nov 2008) - Eighty-five percent of companies are already using open-source software, with most of the remaining 15 percent expecting to do so within the next year, according to analysts at Gartner. However, only 31 percent of companies surveyed by the analyst house had formal policies for evaluating and procuring open-source software (OSS). Gartner conducted its survey of 274 end-user organizations across the Asia/Pacific, Europe and North American markets in May and June, and announced the results on Monday. Respondents to the survey consistently pointed to cost as a prime motivator for their adoption of open source, with some also suggesting OSS provided some protection against single-vendor lock-in. Other reasons for adoption included fast time to market and the avoidance of complex procurement rules and procedures, Gartner said. However, according to Gartner, a lack of formal policies could open companies up to intellectual-property violations. The analyst house’s survey put governance issues at the top of the list for barriers to OSS adoption. http://news.zdnet.com/2424-9595_22-249842.html

A NEW VOICE IN ONLINE PRIVACY (Washington Post, 17 Nov 2008) - A group of privacy scholars, lawyers and corporate officials are launching an advocacy group today designed to help shape standards around how companies collect, store and use consumer data for business and advertising. The group, the Future of Privacy Forum, will be led by Jules Polonetsky, who until this month was in charge of AOL’s privacy policy, and Chris Wolf, a privacy lawyer for law firm Proskauer Rose. They say the organization, which is sponsored by AT&T, aims to develop ways to give consumers more control over how personal information is used for behavioral-targeted advertising. http://www.washingtonpost.com/wp-dyn/content/article/2008/11/16/AR2008111601624.html

DISTRICT COURT HALTS KEYLOGGER SPYWARE SALES (CNET, 17 Nov 2008) - A U.S. District Court has temporarily halted the sale of RemoteSpy keylogger spyware at the request of the Federal Trade Commission, which claims the software violates the FTC Act. The FTC filed a complaint (PDF) against Florida-based CyberSpy Software on November 5, alleging the company has violated the FTC Act by selling software that can be deployed remotely by someone other than the owner or authorized user of a computer, can be installed without the owner’s knowledge, and can used to surreptitiously collect and disclose personal information. The FTC also claims CyberSpy unfairly collected and stored personal information gathered with RemoteSpy. In its complaint, the FTC asked the U.S. District Court for the Middle District of Florida, Orlando Division, to issue a temporary restraining order halting the sale of RemoteSpy while its case is pending, permanently ban the sale of RemoteSpy, and require CyberSpy to pay restitution for any injury to consumers resulting from its violations of the FTC Act. The court, in its temporary restraining order filed November 6 against CyberSpy, said there is a “substantial likelihood” that the FTC will be able to prove the spyware maker violated the FTC Act. http://news.cnet.com/8301-13578_3-10099123-38.html [Editor: EPIC was instrumental in the FTC’s decision to bring this case; see EPIC’s filing with the FTC here: http://epic.org/privacy/dv/spy_software.pdf]

RIAA WIN: TENNESSEE TO POLICE CAMPUS NETWORKS (CNET, 18 Nov 2008) - Tennessee has agreed to filter computer networks for unauthorized music downloads at the state’s colleges and universities. Tennessee Gov. Phil Bredesen signed into law a bill designed to thwart music piracy at the state’s campuses, the Recording Industry Association of America said on its Web site. The bill requires Tennessee public and private schools exercise “appropriate means” to ensure that campus computer networks aren’t being used to download copyright material via peer-to-peer file-sharing programs, the RIAA said. “Upon a proper analysis of the network,” the RIAA continued, “those institutions are required to implement technological support and develop and enforce a computer network usage policy to effectively limit the number of unauthorized transmissions of copyrighted works.” The Electronic Frontier Foundation, an Internet-user advocacy group, called the law “ridiculous,” and said the costs of enforcing it would top $9 million. “The entertainment industry lobby seems to be succeeding, bit-by-bit in persuading legislators to coerce universities into buying ‘infringement suppression’ technologies,” the EFF said in a blog post, adding that these technologies are expensive and “won’t stop file sharing on campus networks.” The RIAA said that a 2007 Student Monitor survey found that more than half of college students download music and movies illegally. http://news.cnet.com/8301-1023_3-10101840-93.html

NEW STUDY FINDS TIME SPENT ONLINE IMPORTANT FOR TEEN DEVELOPMENT (MacArthur Foundation, 18 Nov 2008) - The most extensive U.S. study on teens and their use of digital media finds that America’s youth are developing important social and technical skills online – often in ways adults do not understand or value. “It might surprise parents to learn that it is not a waste of time for their teens to hang out online,” said Mizuko Ito, University of California, Irvine researcher and the report’s lead author. “There are myths about kids spending time online – that it is dangerous or making them lazy. But we found that spending time online is essential for young people to pick up the social and technical skills they need to be competent citizens in the digital age.” The study was supported by the MacArthur Foundation’s $50-million digital media and learning initiative, which is exploring how digital media are changing how young people learn, play, socialize, and participate in civic life. Over three years, Ito’s team of 28 researchers interviewed over 800 young people and their parents, both one-on-one and in focus groups; spent more than 5,000 hours observing teens on sites such as MySpace, Facebook, YouTube, and other networked communities; and conducted diary studies to document how, and to what end, young people engage with digital media. The researchers identified two distinct categories of teen engagement with digital media: friendship-driven and interest-driven. While friendship-driven participation centered on “hanging out” with existing friends, interest-driven participation involved accessing online information and communities that may not be present in the teen’s local peer group. The study also finds that young people are learning basic social and technical skills through their use of digital media that they need to participate fully in contemporary society. The social worlds that youth are negotiating offer new dynamics, as online socializing is permanent and public, involves managing elaborate networks of friends and acquaintances, and is always on. http://www.macfound.org/site/apps/nlnet/content2.aspx?c=lkLXJ8MQKrH&b=2024163&content_id=%7B3A699BFD-3FA0-4793-8328-9E542E5280C9%7D¬oc=1 White paper here: http://digitalyouth.ischool.berkeley.edu/files/report/digitalyouth-WhitePaper.pdf New York Times story: http://www.nytimes.com/2008/11/20/us/20internet.html?_r=1&partner=rss&emc=rss

HOW MUCH DOES SPAM COST YOU? GOOGLE WILL CALCULATE (Computerworld, 19 Nov 2008) - How much is spam costing your company? Google Inc. unveiled a nifty little calculator on Wednesday to help you add it up. It’s part of a marketing campaign for Google Message Security, the online spam-filtering service based on the Postini technology Google acquired last year. “We know in these tougher economic times that companies are trying to figure out how they can save,” said Adam Dawes, a Google product manager. To figure out the cost of spam, you enter things like the number of workers at your company, how much you pay them and how much spam they have to deal with, and presto: Google figures out how many days (and dollars) in lost productivity this represents. Of course, it also tells you how long it would take for Google’s service to pay for itself at your shop. For companies doing their spam-fighting in-house, there’s also a “total cost of ownership” calculator to show how inexpensive Google thinks its service really is. Last year, Nucleus Research Inc. reported that spam costs U.S. companies $712 per employee each year. A $31,000-per-year employee spending 16 seconds each on 21 spam messages per day would cost about this much, according to Google’s calculator. That adds up to about $70 billion per year in lost productivity, Nucleus said. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9120872&source=NLT_SEC&nlid=38

MANY WORKING MILLENNIALS ARE UNAWARE OF OR IGNORING CORPORATE IT RULES (Computerworld, 19 Nov 2008) - More than half of the working millennials polled for an Accenture Ltd. study said that they were either unaware of their companies’ IT policies or unwilling to follow them. Accenture surveyed 400 members of the millennial generation - those aged 14 to 27 - to determine their technology needs and desires. Of the 169 college graduates who were working full- or part-time, 40% said that their employer has detailed policies on posting work or client information online. Of those, 6% said that they post such information despite rules prohibiting it. About 31% of working millennials said they are unaware whether their companies have policies prohibiting the posting of such information, and 17% said their employer has no such policy. Accenture noted that both working and student members of the millennial generation said that they expect to use their personal technology and mobile devices for work assignments. Many said that a company’s willingness to accommodate those desires is a key factor in accepting a job offer, Accenture noted. The large number of respondents who are either unaware of or unwilling to follow their companies’ IT policies has “profound implications,” noted Gary Curtis, Accenture’s chief technology strategist. Many of the working millennials listed several unsupported technologies that they use for job-related activities, such as mobile phones (39%), social networking sites (28%), instant messaging products (27%), open-source technology (19%) and online applications (12%), according to Accenture. In addition, many of those surveyed reported that they regularly download nonstandard technology from free public Web sites, like open-source communities and mashup and widget providers. Three quarters of those surveyed said that they have accessed online collaborative tools, and 71% said they have accessed online applications from free public Web sites when those technologies were not available at work, Accenture said. In almost every category of technology in the workplace, at least 20% of millennials said that products provided by their companies did not meet their needs. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9120871&source=NLT_AM&nlid=1

- and -

MOST EMPLOYERS RESTRICT STAFF TIME ON INTERNET, SAYS SURVEY (The Guardian, 2 Dec 2008) - Two-thirds of employers monitor staff use of the internet during working hours and block access to sites deemed irrelevant to the job, a survey of managers revealed yesterday. The Chartered Management Institute said the censoring of employees’ web browsing was an example of old-fashioned thinking in boardrooms where senior executives have not caught up with the business benefits of exploiting new technology. The institute interviewed 1,000 managers aged 35 and under, working in industry, commerce, local government and the police. Their most common complaint was that older bosses regarded the internet as “a massive timewaster”. Half said their organisations did not take up web-based technology until it was tried and tested, and 16% described their employers as “dinosaurs”. The survey found most young managers wanted to use the internet for research, professional development and other aspects of getting the job done. But employers treated it with suspicion. The survey found 65% of organisations monitored usage, rising to 86% in local government and 88% in the police. This led 65% of employers to block access to “inappropriate” sites, rising to 89% in local government and 90% in the utilities. Eighteen per cent of employers limited internet access to certain times of day, rising to 38% in the insurance industry. The survey, published in association with Ordnance Survey, found a generation gap in the use of internet technology. Jan Hutchinson, human resources director at Ordnance Survey, said: “The low-level adoption of new technology runs in tandem with employers’ belief that internet usage is a timewaster. The longer this situation is allowed to remain unchallenged, the greater the likelihood UK employers will fall behind their international competitors.” http://www.guardian.co.uk/technology/2008/dec/02/workplace-internet-monitoring-blocked-access

- and -

YOUNG WORKERS’ USE OF SOCIAL NETWORKING SITES CONCERNS IT STAFFS (SiliconValley.com, 4 Dec 2008) - Social-networking sites such as Facebook and MySpace are being targeted so often by cybercrooks and other mischief-makers that half of the information-technology specialists surveyed recently by Intel expressed concern about workers under 30, who disproportionately use such sites. Of the 200 corporate and government IT professionals in the United States and Canada who were surveyed, 13 percent said they regard so-called Generation Y employees as “a major security concern,” and 37 percent tagged them as “somewhat of a security concern.” The biggest worry they mentioned was the tendency of many Gen Yers to frequent social-networking sites like Facebook and MySpace. Among other problems, the IT executives said employees using such sites may download viruses that wind up on their employer’s computers or reveal information about themselves on the networking sites that compromises their employer’s business secrets. To prevent such problems, some companies, including Intel, ban their workers’ access to social networking sites. “Their wide-ranging use of the Internet can expose the company to malicious software attacks,” said Mike Ferron-Jones, who directs an Intel program that monitors new computing trends. “This is a big deal now, and it’s going to get bigger as more Gen Yers come into the workforce.” On the positive side, the IT executives noted that Gen Yers tend to be computer savvy and are brimming with new ideas, which are highly desirable corporate qualities. http://www.siliconvalley.com/news/ci_11138550?nclick_check=1

UNDER WORM ASSAULT, MILITARY BANS DISKS, USB DRIVES (Wired, 19 Nov 2008) - The Defense Department’s geeks are spooked by a rapidly spreading worm crawling across their networks. So they’ve suspended the use of so-called thumb drives, CDs, flash media cards, and all other removable data storage devices from their nets, to try to keep the worm from multiplying any further. The ban comes from the commander of U.S. Strategic Command, according to an internal Army e-mail. It applies to both the secret SIPR and unclassified NIPR nets. The suspension, which includes everything from external hard drives to “floppy disks,” is supposed to take effect “immediately.” Similar notices went out to the other military services. In some organizations, the ban would be only a minor inconvenience. But the military relies heavily on such drives to store information. Bandwidth is often scarce out in the field. Networks are often considered unreliable. Takeaway storage is used constantly as a substitute. The problem, according to a second Army e-mail, was prompted by a “virus called Agent.btz.” That’s a variation of the “SillyFDC” worm, which spreads by copying itself to thumb drives and the like. When that drive or disk is plugged into a second computer, the worm replicates itself again — this time on the PC. “From there, it automatically downloads code from another location. And that code could be pretty much anything,” says Ryan Olson, director of rapid response for the iDefense computer security firm. SillyFDC has been around, in various forms, since July 2005. Worms that use a similar method of infection go back even further — to the early ‘90s. “But at that time they relied on infecting floppy disks rather than USB drives,” Olson adds. Servicemembers are supposed to “cease usage of all USB storage media until the USB devices are properly scanned and determined to be free of malware,” one e-mail notes. Eventually, some government-approved drives will be allowed back under certain “mission-critical,” but unclassified, circumstances. “Personally owned or non-authorized devices” are “prohibited” from here on out. To make sure troops and military civilians are observing the suspension, government security teams “will be conducting daily scans and running custom scripts on NIPRNET and SIPRNET to ensure the commercial malware has not been introduced,” an e-mail says. “Any discovery of malware will result in the opening of a security incident report and will be referred to the appropriate security officer for action.” http://blog.wired.com/defense/2008/11/army-bans-usb-d.html NASA’s policy isn’t as strict: http://www.nextgov.com/nextgov/ng_20081124_5509.php

- and -

CLASSIFIED US SYSTEMS BREACHED: ATTACKS ON US WAR ZONE COMPUTERS PROMPTS SECURITY CRACKDOWN (SANS Newsbytes, 2 December 2008) - The Los Angeles Times is reporting that the US Department of Defense’s decision to ban the use of USB drives and other removable data storage devices was prompted by a significant attack on combat zone computers and the US Central Command that oversees Iraq and Afghanistan. The attack is believed to have originated in Russia. While no specific details about the attack were provided, it is known that at least one highly protected classified network was affected.
http://www.latimes.com/news/nationworld/nation/la-na-cyberattack28-2008nov28,0,6441140.story

FTC SLAMS COMPANY FOR ITS BUSINESS PARTNER’S POOR SECURITY (Steptoe & Johnson’s E-Commerce Law Week, 20 Nov 2008) - The Federal Trade Commission announced earlier this month that mortgage lender Premier Capital Lending, Inc., has agreed to settle charges stemming from a breach of its online system for requesting and viewing consumer reports. Most notably, the FTC alleged that Premier’s failure to ensure that a business partner provided “reasonable and appropriate” protections for consumer reports accessible through Premier’s system violated the Commission’s Safeguards Rule (issued under the Gramm-Leach-Bliley Act). The FTC also alleged that Premier’s privacy policy contained “false or misleading” statements about its data security practices, in violation of both the Commission’s Rule on Privacy of Consumer Financial Information and the “unfair or deceptive acts or practices“ prong of the FTC Act. According to the settlement, Premier must: implement and maintain “a comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of consumers’ personal information”; obtain independent, third party audits of this information security program 180 days after it is implemented and every two years thereafter for 20 years; retain certain compliance-related documents for three to five years; and ensure that all its statements concerning the security of personal information are truthful. Companies that wish to avoid similarly onerous settlement terms should make sure that any business partners with access to their systems have policies and procedures in place to keep this access secure. http://www.steptoe.com/publications-5727.html

MICROSOFT LETS ZUNE MUSIC SUBSCRIBERS KEEP TUNES (AP, 20 Nov 2008) - Microsoft Corp. is giving an early holiday gift to people who pay for all-you-can-listen access to the Zune digital music store: 10 songs to keep each month, included in the $14.99 monthly subscription fee. The decision may appeal to people who have been reluctant to test out the subscription model, preferring to own their music instead of rent it. Microsoft’s Zune Pass, RealNetworks Inc.’s Rhapsody and others give users unlimited access to millions of songs in exchange for a monthly fee. But as soon as the user stops paying, the music stops playing unless he or she forks over extra money to buy each track. With the new Zune Pass perk, subscribers can use the Zune desktop software as usual to buy individual songs, and the service keeps track of how many free ones remain for the month. In most cases, the song will come in the MP3 format, which can be freely copied to multiple devices and computers. “I think the 10 free tracks is going to be a huge accelerant” to subscriber numbers, said Adam Sohn, Zune’s marketing director. “People will enjoy owning that music, and I think they’ll be more apt to transact more in the store.” The company did not disclose how many subscribers it has. http://www.myfoxchicago.com/myfox/pages/Business/Detail?contentId=7913207&version=1&locale=EN-US&layoutCode=TSTY&pageId=4.8.1

CANADIAN REGULATORS OK BELL CANADA’S P2P THROTTLING (PC Magazine, 20 Nov 2008) - Though U.S. regulators cracked down on Comcast several months ago for what they considered to be unreasonable network management practices, Canadian regulators this week found that similar practices employed by Bell Canada are perfectly acceptable. In April, the Canadian Association of Internet Providers (CAIP) filed a complaint with the Canadian Radio-television and Telecommunications Commission (CRTC) that asked CRTC to stop Bell Canada from throttling traffic generated by P2P file-sharing sites. Bell Canada admitted to using deep-packet inspection, a technique that allows for the detailed inspection of data as it travels across the Internet. ISPs can use it to filter out the illegal transfer of copyrighted material or harmful viruses and spam, but detractors argue that it can be used to block certain file-sharing applications. When network traffic is heavy, usually between 4:30pm and 2am on any given night, Bell Canada admitted to delaying traffic on file-sharing sites, a practice that did not raise any concerns at the CRTC. “CAIP has not demonstrated that Bell Canada’s methodology for determining congestion in the network is inappropriate,” according to the CRTC decision. http://www.pcmag.com/article2/0,2817,2335133,00.asp [Editor: see EPIC’s page on deep packet inspection: http://epic.org/privacy/dpi/]

EHARMONY TO OFFER SAME-SEX MATCHES AFTER NEW JERSEY SETTLEMENT (LA Times, 20 Nov 2008) - The Pasadena-based dating website, heavily promoted by Christian evangelical leaders when it was founded, has agreed in a civil rights settlement to give up its heterosexuals-only policy and offer same-sex matches. EHarmony - known for the mild-mannered television and radio advertisements by its founder, psychologist Neil Clark Warren - not only must implement the new policy by March 31 but also must give the first 10,000 same-sex registrants a free six-month subscription. The company said that Warren wasn’t giving interviews on the settlement. But attorney Theodore Olson, who issued a statement on EHarmony’s behalf, made clear that the company didn’t agree to offer gay matches willingly. “Even though we believed that the complaint resulted from an unfair characterization of our business,” Olson said, “we ultimately decided it was best to settle this case with the attorney general since litigation outcomes can be unpredictable.” The settlement, which didn’t find that EHarmony broke any laws, called for the company to either offer the gay matches on its current venue or create a new site for them. EHarmony has opted to create a site called Compatible Partners. http://www.latimes.com/business/la-fi-eharmony20-2008nov20,0,1772906.story

GOOGLE EMPOWERS USERS TO EDIT SEARCH RESULTS (AP, 20 Nov 2008) - If Google delivers useless search results, just erase them and you won’t see them again. That’s possible under a new system Google Inc. unveiled Thursday. Hoping to give its search engine a more personal touch, Google now lets users reshuffle results so their favorite Web sites get top billing and disliked destinations get discarded the next time they enter the same request. It marks the first time that the Internet’s most popular search engine has allowed its audience to alter the order of search results. Although the revisions won’t affect Google’s closely guarded formulas for ranking Web sites, the Mountain View-based company isn’t ruling out eventually tapping into collective wisdom of the crowds to tweak its Internet-searching algorithms. For now, Google simply wants to make specific sets of results more useful to each individual that comes to its search engine, said Marissa Mayer, who oversees the company’s search products. Users will have to have a personal login to take advantage of the editing feature. http://tech.yahoo.com/news/ap/20081121/ap_on_hi_te/tec_editing_google_1

BUSH’S EXIT TO PUT NEW E-RECORDS SYSTEM TO THE TEST (Computerworld, 21 Nov 2008) - For members of the Bush administration, Jan. 20, 2009, marks the end of a job. However, for the staff of the National Archives and Records Administration (NARA), it’s just the beginning of a project unprecedented in size and scope: sorting, indexing, preserving and ensuring access to all the records, both paper and electronic, created by the administration over the past eight years. In some ways, this is nothing new. Since 1978, when the Presidential Records Act was established, NARA has been tasked with taking custody of, controlling, preserving and providing access to all presidential and vice presidential records that have administrative, historical, informational or evidentiary value. The act requires that the day the president leaves office, presidential records become the legal responsibility of the archivist of the U.S. However, given the rise in electronic communications, the volume of electronic records has exploded. Consider that NARA received only a few hundred thousand e-mail messages from the first Bush presidency and 32 million from the Clinton White House, according to Ken Thibodeau, director of NARA’s Electronic Records Archives (ERA) Program, whose mission is to meet the many challenges stemming from increasing use of computers in government, including building a new archiving system, scheduled for completion in 2011. In comparison, it expects a whopping 140TB of data from the current Bush administration, more than 50 times what it received from the Clinton years. About 20TB of that is e-mail, Thibodeau says. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9120859&source=rss_news

MICROSOFT TO AID IN WAR ON TERROR, BUILDS SOFTWARE FOR DHS (ArsTechnica, 21 Nov 2008) - Microsoft and GIS vendor ESRI have announced that they are constructing a suite of collaboration tools for intelligence gathering and processing, intended for deployment at the Department of Homeland Security’s national fusion centers. The software is built on top of Microsoft’s SharePoint server platform and ESRI’s ArcGIS Advanced Enterprise server. The software will include a “situational awareness portal” with location-based RSS feeds and XML map overlay data. The information that is managed by the system will be made accessible to intelligence analysts through SharePoint. Microsoft says that the framework will be extensible and can be customized to meet additional, unforeseen needs. The bundle also includes terabytes of prerendered satellite imagery that can be used with mapping software. Microsoft plans to expand the scope of the system and use its components to provide a broader and more comprehensive technology solution for security applications. http://arstechnica.com/news.ars/post/20081121-microsoft-to-aid-in-war-on-terror-builds-software-for-dhs.html

NEW IPHONE APPS HELP DRIVERS BEAT SPEED TRAPS (New York Times, 21 Nov 2008) - Apple’s iPhone has been used for everything from following the 2008 election to deciding where to grab a bite on the go. Now, it’s helping lead-footed drivers avoid costly speeding tickets. NMobile and Trapster are two mobile applications that provide up-to-date, detailed maps of speed-enforcement zones with live police traps, speed cameras or red-light cameras. After launching, each application pulls up a map pinpointing the locations of speed traps within driving distance. An audio alert will sound as vehicles approach an area tagged as harboring a speed trap. Both applications rely on the wisdom of the crowds for their data. Users can report camera-rigged stop lights and areas heavily populated with radar-toting police officers through the application or on each company’s Web site. Eagle-eyed motorists using either application can also contribute information on the location of newly spotted speed traps from the road with a couple of taps on the iPhone. Then, using the iPhone’s GPS location detection, the applications warn drivers when they are approaching known or reported traps. http://bits.blogs.nytimes.com/2008/11/20/new-iphone-apps-help-drivers-beat-speed-traps/

ONLINE PUSH IN MINNESOTA (InsideHigherEd, 21 Nov 2008) - Minnesota Gov. Tim Pawlenty and leaders of the Minnesota State Colleges and Universities on Thursday announced a goal of shifting 25 percent of credits to online courses by 2015. In the last academic year, just over 9 percent of credits were delivered online. But about 66,000 credit students — or 26 percent of all credit students — took at least one online course. The plan includes a mix of incentives for students (such as a scholarship bonus) and improvements in student services for online courses. http://www.insidehighered.com/news/2008/11/21/qt

UK JUROR SHARES TRIAL DETAILS ON FACEBOOK (The Guardian, 24 Nov 2008) - A female juror was dismissed from a trial after posting details of the case on Facebook and asking friends whether they thought the defendants were guilty. The woman went against strict rules forbidding jurors from discussing cases with family and friends by posting details of the sexual assault and child abduction trial on the social networking site. http://www.guardian.co.uk/uk/2008/nov/24/ukcrime1

SYMANTEC: UNDERGROUND CYBERCRIME ECONOMY BOOMING (ArsTechnica, 25 Nov 2008) - The underground cybercrime economy is a self-sustaining market that is thriving despite the current economic downturn, according to security company Symantec. The company published an extensive 99-page whitepaper on its findings yesterday; it discusses activity on underground economy servers between July of 2007 and the end of June 2008. Symantec estimates that the total value of advertised goods in this economy added up to $276 million over the 12-month period. Credit card information was by far the most popular advertised and requested “product” during the study’s time period. Symantec notes that credit cards are popular due to the many different ways they can be obtained and used for fraud, and because it’s difficult for merchants to identify fraudulent transactions before a sale is completed. Bank account data was the second-most popular category of advertised goods; Symantec says this is popular because of the potential for high payouts and the speed at which money can be transferred. The company pointed out one example in which the balances of certain accounts were transferred online to “untraceable locations” less than 15 minutes after the information was obtained. Unsurprisingly, all of this information is obtained and distributed through the use of phishing services, keyloggers, bank exploits, and botnets. Symantec noted that botnets were one of the most expensive attack tools during the observation period, where their services went for an average of $225. Phishing scam hosting services were pretty affordable, with prices ranging from $2 to $80, and the average price of a keylogger was $23. However, bank vulnerabilities at financial websites were definitely the “highest-ranked,” with the services ranging from $100 to $2,999. Of course, this is also the highest risk, so it comes as no surprise that this method is expensive. http://arstechnica.com/news.ars/post/20081125-symantec-underground-cybercrime-economy-booming.html Symantec white paper here: http://www.symantec.com/business/theme.jsp?themeid=threatreport

REUTERS BAILS ON SECOND LIFE AFTER FIGURING OUT IT’S REALLY NOT THAT INTERESTING (TechDirt, 25 Nov 2008) - One of the sillier attempts by businesses to look cool by setting up shop in Second Life was that of Reuters, which assigned a reporter to hang out in the virtual world full-time and report on it as if it were any other economy. While we noted at the time there might be some interesting stories in Second Life, that seemed to be taking a back seat to the publicity value of the stunt. It was surprising to learn that the Reuters reporter was still there until recently, when he finally gave up the beat, calling it “about as fun as watching paint dry.” With 9 out of 10 efforts by businesses going into Second Life ending in failure, perhaps there wasn’t much for a business reporter to cover any longer. For what it’s worth, the reporter says Linden Labs should give up on the idea that Second Life is a business application - not because of its shaky in-game economics, or because there’s no value for there for most businesses, but because of technical problems. http://techdirt.com/articles/20081125/0750352944.shtml

LAWYER AD RULES MAY BAR BLOGGING, LA. LAW FIRM SAYS IN SUIT AND BLOG (ABA Journal, 25 Nov 2008) – A law firm contends new Louisiana lawyer advertising rules slated to take effect in April will restrict its right to comment on Twitter, Facebook, online bulletin boards and blogs. The Wolfe Law Group filed a federal suit today challenging the rules, claiming they would subject each of the firm’s online posts to an evaluation and a $175 fee, according to a press release. The construction law firm says in the suit that its own blog may qualify for an exemption for law firm websites, but its comments on other blogs would not. The firm claims the rules would restrict its First Amendment right to speak freely about its trade. To make its point, the law firm has launched a blog called Blog No Evil: Blogging is Speaking. The suit also says the requirements for online ads would restrict the firm’s ability to advertise on Google and other online outfits that often limit size and character count of ads. “Businesses that do not advertise through online medias will be at a competitive disadvantage,” the suit says. The suit is the second that seeks to overturn the rules. Public Citizen and two personal injury lawyers have also challenged the rules as a First Amendment violation, the Associated Press reports. The lawyers say the new rules are considered the most restrictive in the nation, the New Orleans Times-Picayune reports. They bar lawyers from referring to “past successes” and from using nicknames or mottos that imply an ability to get results. They also ban client testimonials, actors’ endorsements and re-enactments. http://www.abajournal.com/weekly/la._lawyer_ad_rules_may_bar_blogging_law_firm_says_in_suit_and_blog; Complaint here: http://images.wolfelaw.com/files/complaint.pdf

GUILTY VERDICT IN CYBERBULLYING CASE PROVOKES MANY QUESTIONS OVER ONLINE IDENTITY (New York Times, 27 Nov 2008) - Is lying about one’s identity on the Internet now a crime? The verdict Wednesday in the MySpace cyberbullying case raised a variety of questions about the terms that users agree to when they log on to Web sites. The defendant in the case, a Missouri woman, was convicted by a federal jury in Los Angeles on three misdemeanor counts of computer fraud for having misrepresented herself on the popular social network MySpace. The woman, Lori Drew, posed as a teenage boy in using the account to send first friendly and then menacing messages to Megan Meier, 13, who killed herself shortly after receiving a message in October 2006 that said in part, “The world would be a better place without you.” MySpace’s terms of service require users to submit “truthful and accurate” registration information. Ms. Drew’s creation of a phony profile amounted to “unauthorized access” to the site, prosecutors said, a violation of the Computer Fraud and Abuse Act of 1986, which until now has been used almost exclusively to prosecute hacker crimes. While the Internet’s anonymity was used in this case as a cloak to bully Megan, other users say they have perfectly good reasons to construct false identities online, if only to help protect against the theft of personal information, for example. Andrew M. Grossman, senior legal policy analyst for the Heritage Foundation, said the possibility of being prosecuted for online misrepresentation, while remote, should worry users nonetheless. “If this verdict stands,” Mr. Grossman said, “it means that every site on the Internet gets to define the criminal law. That’s a radical change. What used to be small-stakes contracts become high-stakes criminal prohibitions.” http://www.nytimes.com/2008/11/28/us/28internet.html?_r=1&scp=1&sq=cyberbullying&st=cse [Editor: Eric Goldman has a thoughtful posting about this case and faulty factual underpinnings—e.g., the defendant did *NOT* accept the MySpace terms/conditions—here: http://blog.ericgoldman.org/archives/2008/11/lori_drew_guilt.htm]

IN LEAN TIMES, ONLINE COUPONS ARE CATCHING ON (New York Times, 27 Nov 2008) - On the Internet, nothing travels faster than a tip on how to score a bargain. Especially in an economic downturn. With online retail sales falling this month for the first time, Internet merchants are offering steep discounts to anyone willing to punch in a secret coupon code or visit a rebate site for a “referral” before loading up their virtual cart. Shoppers obsessed with finding these bargains share the latest intelligence on dozens of sites with quirky names like RetailMeNot.com, FatWallet.com and the Budget Fashionista. And more consumers than ever are scanning the listings before making a purchase at their favorite Web site. Some online shoppers are so good at this game that they almost never buy anything at full price, making them the digital era’s version of bargain hunters who used to spend hours clipping coupons to shrink their grocery bills. Tavon Ferguson, a 25-year-old graduate student in Atlanta, became obsessed with finding online deals last spring, while planning her July wedding. She scoured the Web for coupons and got free save-the-date cards, $8 bracelets for her bridesmaids and free shipping on flash-frozen steaks for the rehearsal dinner. In October, 27 million people visited a coupon site, according to comScore Media Metrix, up 33 percent from a year earlier. “Coupons had never been a big factor online the way they are offline. This is something new,” said Gian Fulgoni, chairman of comScore. “It’s taken pricing power away from the retailers and given it to the consumers, because the consumer is totally up to speed on what the prices are.” Retailers have mixed feelings about this shift. Generally, companies prefer limited discounts, e-mailed to a select group of customers or sent inside packages with a purchase. When the coupons get wider exposure, retailers lose control, potentially costing them more money than they expected. Two years ago, Sierra Trading Post, a site that sells overstock outdoor gear, sent a coupon code with 1,000 of its 50 million catalogs, expecting to generate $2,000 in sales. Instead, it led to $300,000 in sales after a customer posted it online. Some retailers try to battle the coupon sites. Harry & David, a seller of fruit baskets, threatened legal action against RetailMeNot.com this spring for publishing its discounts, prompting the coupon site to steer visitors to other gift-basket companies. William Ihle, a spokesman for Harry & David, said that all of its deals were available on its own site and the coupon sites “disingenuously mislead the consumer” by posting expired or unverified discounts. http://www.nytimes.com/2008/11/27/technology/internet/27coupon.html?partner=rss&emc=rss

BLACK FRIDAY TRAFFIC TAKES DOWN SEARS.COM (AP, 28 Nov 2008) - Sears.com was inaccessible to U.S. shoppers for two hours on Friday in what was the most notable Web hiccup of the holiday gift-buying season’s official start.
Other sites, including Amazon.com Inc., experienced minor slowdowns, according to Shawn White, director of external operations at Keynote Systems Inc., a San Mateo, Calif.-based research group. Starting a week and a half ago, Keynote began tracking the performance of about 30 big online retailers, logging the time it took to find a product and start checking out. Keynote’s list includes Wal-Mart Stores Inc., Macy’s Inc., Circuit City and others; the system takes measurements every 15 minutes from computers in 10 major U.S. cities. Sears Holdings Corp.’s site started to crawl at around 9:30 a.m. Eastern time on Friday, when loading a page on the site topped one minute. From about 10:30 to 12:30, Sears posted a message asking shoppers to try again in a few minutes.
White said Sears was among the retailers that stumbled last year on Black Friday.
But while Sears’ problems returned this year, others including Neiman Marcus and Buy.com Inc. seem to have resolved past issues. Amazon and Target Inc., which uses Amazon’s e-commerce technology, were slower Friday than in recent days, but not unbearably so, White said. At the slowest point, a transaction that took 25 seconds last week required about 40 seconds Friday morning. Kohl’s Corp. and Saks Inc. also had performance problems, according to Keynote data. White said he expects some sites will slow down or shut down on Monday, too, as workers, back in the office after the holiday weekend, start clicking. http://tech.yahoo.com/news/ap/20081128/ap_on_hi_te/tec_holiday_shopping_web_sites_1 [Editor: this kind of site-responsiveness-measurement technique is interesting.]

YOU’RE LEAVING A DIGITAL TRAIL (New York Times, 30 Nov 2008) – Harrison Brown, an 18-year-old freshman majoring in mathematics at M.I.T., didn’t need to do complex calculations to figure out he liked this deal: in exchange for letting researchers track his every move, he receives a free smartphone. Now, when he dials another student, researchers know. When he sends an e-mail or text message, they also know. When he listens to music, they know the song. Every moment he has his Windows Mobile smartphone with him, they know where he is, and who’s nearby. Mr. Brown and about 100 other students living in Random Hall at M.I.T. have agreed to swap their privacy for smartphones that generate digital trails to be beamed to a central computer. Beyond individual actions, the devices capture a moving picture of the dorm’s social network. The students’ data is but a bubble in a vast sea of digital information being recorded by an ever thicker web of sensors, from phones to GPS units to the tags in office ID badges, that capture our movements and interactions. Coupled with information already gathered from sources like Web surfing and credit cards, the data is the basis for an emerging field called collective intelligence. Propelled by new technologies and the Internet’s steady incursion into every nook and cranny of life, collective intelligence offers powerful capabilities, from improving the efficiency of advertising to giving community groups new ways to organize. Collective intelligence could make it possible for insurance companies, for example, to use behavioral data to covertly identify people suffering from a particular disease and deny them insurance coverage. Similarly, the government or law enforcement agencies could identify members of a protest group by tracking social networks revealed by the new technology. “There are so many uses for this technology — from marketing to war fighting — that I can’t imagine it not pervading our lives in just the next few years,” says Steve Steinberg, a computer scientist who works for an investment firm in New York. In 2006, Sense Networks, based in New York, proved that there was a wealth of useful information hidden in a digital archive of GPS data generated by tens of thousands of taxi rides in San Francisco. It could see, for example, that people who worked in the city’s financial district would tend to go to work early when the market was booming, but later when it was down. It also noticed that middle-income people — as determined by ZIP code data — tended to order cabs more often just before market downturns. Sense has developed two applications, one for consumers to use on smartphones like the BlackBerry and the iPhone, and the other for companies interested in forecasting social trends and financial behavior. The consumer application, Citysense, identifies entertainment hot spots in a city. It connects information from Yelp and Google about nightclubs and music clubs with data generated by tracking locations of anonymous cellphone users. The second application, Macrosense, is intended to give businesses insight into human activities. It uses a vast database that merges GPS, Wi-Fi positioning, cell-tower triangulation, radio frequency identification chips and other sensors. “There is a whole new set of metrics that no one has ever measured,” said Greg Skibiski, chief executive of Sense. “We were able to look at people moving around stores” and other locations. Such travel patterns, coupled with data on incomes, can give retailers early insights into sales levels and who is shopping at competitors’ stores. The [MIT] Media Lab researchers have worked with Hitachi Data Systems, the Japanese technology company, to use some of the lab’s technologies to improve businesses’ efficiency. For example, by equipping employees with sensor badges that generate the same kinds of data provided by the students’ smartphones, the researchers determined that face-to-face communication was far more important to an organization’s work than was generally believed. Productivity improved 30 percent with an incremental increase in face-to-face communication, Dr. Pentland said. The results were so promising that Hitachi has established a consulting business that overhauls organizations via the researchers’ techniques. Dr. Pentland calls his research “reality mining” to differentiate it from an earlier generation of data mining conducted through more traditional methods. http://www.nytimes.com/2008/11/30/business/30privacy.html?scp=1&sq=youre%20leaving%20a%20digital%20trail&st=cse

OBAMA TEAM CHANGES CHANGE.GOV COPYRIGHT POLICY (CNET, 1 Dec 2008) - President-elect Barack Obama’s transition team has licensed the site Change.gov under the Creative Commons Attribution 3.0 License, giving visitors more freedom to use content from the site. Change.gov was previously was copyrighted under an “All Rights Reserved” notice. Stanford Law Professor Larry Lessig, who noted the change on his blog Monday, called the move “consistent with (Obama’s) values of any ‘open government’ and with his strong leadership on ‘free debates.’” The license under which the site is copyrighted allows visitors to copy, distribute, display, and perform material from the site, as well as to remix it, as long as the work is attributed to its source. The site says the transition team has adopted “a policy of terminating, in appropriate circumstances and at our sole discretion, subscribers or account holders who are deemed to be repeat infringers.” http://news.cnet.com/8301-13578_3-10110822-38.html

MASSACHUSETTS EXTENDS DEADLINE FOR COMPLIANCE WITH NEW PRIVACY AND SECURITY REGULATIONS (Wilmer Hale, 2 Dec 2008) - The Massachusetts Department of Consumer Affairs and Business Regulation (OCABR) extended the compliance deadline for its recently adopted regulations establishing rigorous standards for safeguarding personal information, 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth, “in light of intervening economic circumstances [and] the financial challenges brought on by national and international economic conditions.” This extension parallels the Federal Trade Commission’s extension of the compliance deadline for its Red Flags Rule for certain financial institutions. Among other things, the Massachusetts regulations require businesses handling personal information about Massachusetts residents to encrypt documents sent over the Internet, saved on laptops or other portable devices, or wirelessly transmitted. The regulations also require companies to adopt contractual provisions requiring third-party service providers to protect personal information, and to obtain certification that third-party service providers are in compliance with the Massachusetts regulations. The regulations were initially set to become effective on January 1, 2009. OCABR extended until May 1, 2009: (1) the general compliance deadline, (2) the deadline for requiring encryption of laptops, and (3) the deadline for ensuring that third-party service providers are capable of protecting personal information and contractually requiring them to do so. The agency further extended until January 1, 2010, the deadline for requiring third-party service providers to certify that they are in compliance with the Massachusetts regulations and for ensuring encryption of other portable devices, such as memory sticks, DVDs and PDAs. http://wilmerhaleupdates.com/ve/ZZ780028VMM61E6927t

THINGS YOU SHOULD NEVER PUT IN AN E-MAIL (ABA Journal, 3 Dec 2008) - Over at the Wichita Eagle blog What the Judge Ate for Breakfast, there’s a caution about e-mail during office hours on office computers. Courts reporter Ron Sylvester quips, “My wife says you should never put anything in a company e-mail that you don’t want to be shown to 12 strangers on a big movie screen.” His wife’s an employment lawyer, so she should know. The post notes that lawyers are increasingly searching company e-mail and files during e-discovery. So what are they looking for? Roger Matus, over at the blog Death by E-mail, reproduces a top 10 list. Here are a few that will likely raise red flags for e-discovery sleuths:
• “Delete this email immediately.”
• “I really shouldn’t put this in writing.”
• “We’re going to do this differently than normal.”
• “I don’t want to discuss this in e-mail. Please give me a call.”
• “Don’t ask. You don’t want to know.”
Matus then advises, “If you find yourself typing one of these phrases, perhaps you should delete the entire e-mail.” http://www.abajournal.com/weekly/things_you_should_never_put_in_an_e-mail

SEARCH ENGINES LEARN TO TANGO (Steptoe & Johnson’s E-Commerce Law Week, 4 Dec 2008) - Not so long ago, search engines put up a big fight against efforts to censor their search results. But it has gradually become clearer that even search engines must - and can - comply with different jurisdictions’ laws or court orders restricting certain content, whether that content is allegedly defamatory, invasive of privacy, politically subversive, or in some other way offensive or illegal under local law. Most of the attention has been on China and other “Internet restricting” regimes’ efforts to censor search results. But China is hardly alone in its effort to enforce its rules in cyberspace. Now comes Argentina, which appears to have forced Google and Yahoo! to learn to dance to yet another rhythm. According to news reports, Argentinean judges have served both companies with temporary restraining orders barring the Argentinean versions of their websites from displaying search results for certain keywords related to famous individuals. These individuals - who reportedly include former footballer Diego Maradona, fashion models, public officials, and actors - alleged that searches for their names and related terms contained links to websites that defamed them or otherwise caused them harm, and requested that the search engines refrain from displaying these results. The search engines have reportedly been unsuccessful in appealing the restraining orders so far, and are complying with the orders while the underlying litigation continues. Whether they will succeed in escaping the grasp of this latest would-be dance partner remains to be seen. http://www.steptoe.com/publications-5750.html

WHAT CONSTITUTES “REASONABLE” DATA SECURITY? WELL, SINCE YOU ASKED... (Steptoe & Johnson’s E-Commerce Law Week, 4 Dec 2008) - Three more authorities have weighed in on what constitutes “reasonable” data security. In a “Business Privacy Guide,” the New York State Consumer Protection Board recently advised companies to include “reasonable” safeguards for personal information - including the use of encryption - in their written policies for protecting the personal information of employees and customers. North of the border, the Canadian Privacy Commissioner has released a Privacy Breach Handbook that lays out steps for responding to a data breach and notes that organizations must “protect personal information with safeguards appropriate to its sensitivity.” Meanwhile, the California Office of Information Security and Privacy Protection has released a Management Memo reminding California agencies of their duty to use encryption and other means to protect personal information. While none of these sources offers anything radically new, they add three new tiles to the emerging mosaic of what constitutes “reasonable” security measures for personal information and other sensitive data. http://www.steptoe.com/publications-5750.html

**** RESOURCES ****
NEW YORK TIMES SEARCHABLE OBAMA APPOINTENTS TOOL - As he prepares to take office, President-elect Barack Obama is relying on a small team of advisers who will lead his transition operation and help choose the members of a new Obama administration. Below is a series of profiles of potential members of the administration. http://topics.nytimes.com:80/top/news/us/series/the_new_team/index.html

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. BNA’s Internet Law News, http://ecommercecenter.bna.com.
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
7. McGuire Wood’s Technology & Business Articles of Note, http://tinyurl.com/ywsusp
8. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/.
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.