Saturday, December 19, 2009

MIRLN --- 29 November – 19 December 2009 (v12.17)

• Cyber breaches are a closely kept secret
• Obama Wants Computer Privacy Ruling Overturned
• Facebook’s Claim of Ownership of Posted Content Does Not Destroy CDA Immunity
• EFF sues feds for info on social-network surveillance
• Protecting Trademarks In Web 2.0
• Many More Government Records Compromised in 2009 than Year Ago, Report Claims
• My K-12 Blind Spot
• Google allows publishers to limit free content
• Web ad group launches privacy education campaign
• Google Wants to Speed Up the Web: Launches Its Own DNS Service
o Redirecting DNS Requests Can Harm the Internet, Says ICANN
• Risk Avoidance May Explain Why Big Firm Blogs Are Boring, Blogger Says
• Yahoo Issues Takedown Notice for Spying Price List
• Law profs say e-marriages expand couple’s rights
• Local Governments Offer Data to Software Tinkerers
• With Lure of Cash, M.I.T. Group Builds a Balloon-Finding Team to Take Pentagon Prize
• See That Funny 2D Barcode In The Store Window? It Might Pull Up A Google Listing
• New Smithsonian Collection Search
• Florida: Judges Cannot be Facebook Friends with Litigants
• TSA accidentally reveals airport security secrets
• France to Digitize Its Own Literary Works
• Amazon Auctions Cloud Computation
• Court Finds Personal E-Mail Privileged Even if Sent From Work
o Supreme Court to Review Employer Access to Worker Text Messages
o Prosecutor’s E-Mail Sent to His Lawyer on a Work Account is Privileged, Court Says
• Free App Offers iPhone CLE Courses With Built-In Verification
• Ohio justices: Cell phone searches require warrant
• App of the Week: Google’s Eyes on the Ground
o Privacy fears force search giant to block facial recognition application on Google Goggles
• Not Just Drones: Militants Can Snoop on Most U.S. Warplanes
• EU Data Protection Meets U.S. Discovery


Cyber breaches are a closely kept secret (Reuters, 24 Nov 2009) - Cybercriminals regularly breach computer security systems, stealing millions of dollars and credit card numbers in cases that companies keep secret, said the FBI’s top Internet crimes investigator on Tuesday. For every break-in like the highly publicized attacks against TJX Co (TJX.N) and Heartland Payment (HPY.N), where hacker rings stole millions of credit card numbers, there are many more that never make the news. “Of the thousands of cases that we’ve investigated, the public knows about a handful,” said Shawn Henry, assistant director for the Federal Bureau of Investigation’s Cyber Division. “There are million-dollar cases that nobody knows about.” Companies that are victims of cybercrime are reluctant to come forward out of fear the publicity will hurt their reputations, scare away customers and hurt profits. Sometimes they don’t report the crimes to the FBI at all. In other cases they wait so long that it is tough to track down evidence. “Keeping your head in the sand on filing a report means that the bad guys are out there hitting the next guy, and the next guy after that,” Henry said. He said the cybercrime problem has gotten bigger over the past three years because hackers have changed their attack methods as companies have tightened up security. “It’s absolutely gotten bigger, yes, absolutely,” he said.

Obama Wants Computer Privacy Ruling Overturned (Wired, 25 Nov 2009) - The Obama administration is seeking to reverse a federal appeals court decision that dramatically narrows the government’s search-and-seizure powers in the digital age. Solicitor General Elena Kagan and Justice Department officials are asking the 9th U.S. Circuit Court of Appeals to reconsider its August ruling that federal prosecutors went too far when seizing 104 professional baseball players’ drug results when they had a warrant for just 10. The 9th U.S. Circuit Court of Appeals’ 9-2 decision offered Miranda-style guidelines to prosecutors and judges on how to protect Fourth Amendment privacy rights while conducting computer searches. Kagan, appointed solicitor general by President Barack Obama, joined several U.S. attorneys in telling the San Francisco-based court Monday that the guidelines are complicating federal prosecutions in the West. The circuit, the nation’s largest, covers nine states: Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Oregon and Washington. “In some districts, computer searches have ground to a complete halt,” the authorities wrote. “Many United States Attorney’s Offices have been chilled from seeking any new warrants to search computers.” (.pdf) The government is asking the court to review the case with all of its 27 judges, which it has never done. If the court agrees to a rehearing, a new decision is not expected for years, and the August decision would be set aside pending a new ruling. Either way, the U.S. Supreme Court has the final say. The controversial decision, which the government said was contrary to Supreme Court precedent, outlined new rules on how the government may search computers. (.pdf)

Facebook’s Claim of Ownership of Posted Content Does Not Destroy CDA Immunity (Winston & Strawn, 30 Nov 2009) - The New York Supreme Court recently granted Facebook, Inc.’s motion to dismiss a pending defamation action because the court concluded that Facebook was immune from liability under the Communications Decency Act (“CDA”) as an interactive computer service. The plaintiff had alleged that four of her high school classmates created a Facebook group in which her classmates posted defamatory statements regarding the plaintiff. After Facebook moved to dismiss the case based upon CDA immunity, the plaintiff argued that because Facebook’s Terms of Use grant Facebook an ownership interest in the alleged defamatory content, CDA immunity is unavailable to Facebook. The court disagreed and concluded that ownership of posted content is irrelevant to a determination of whether CDA immunity should apply. The court held that as long as the defendant is an interactive computer service and the allegedly defamatory content is provided by a third party, the defendant is immune from liability under the CDA.

EFF sues feds for info on social-network surveillance (CNET, 1 Dec 2009) - The Electronic Frontier Foundation sued the CIA, the U.S. Department of Defense, Department of Justice, and three other government agencies on Tuesday for allegedly refusing to release information about how they are using social networks in surveillance and investigations. The nonprofit Internet rights watchdog group formally asked more than a dozen agencies or departments in early October to provide records about federal guidelines on the use of sites like Facebook, Twitter, and Flickr for investigative or data gathering purposes, according to the lawsuit. The requests were prompted by published news reports about how authorities are using social networks to monitor citizen activities and aid in investigations. For example, according to the lawsuit, government officials have: used Facebook to hunt for fugitives and search for evidence of underage drinking; researched the activities of an activist on Facebook and LinkedIn; watched YouTube to identify riot suspects; searched the home of a social worker because of Twitter messages regarding police actions he sent during the G-20 summit; and used fake identities to trick Facebook users into accepting friend requests.

Protecting Trademarks In Web 2.0 (, 1 Dec 2009) - During the past decade and a half, the internet has grown from a small array of just a few thousand websites to a vast network of hundreds of millions of distinct sites, containing billions of web pages. Although the internet has presented a new frontier for both trademark use and infringement, the growth of social media sites during the past few years has posed particular challenges for brand owners. These sites, which include blogs, virtual worlds, marketplaces, image networks and relative newcomers such as Facebook and Twitter, allow users to interact with each other, effectively building a community. With this landscape changing so rapidly, the first challenge for brand owners is simply to keep up with the evolving technologies and platforms. After all, five years ago, Facebook was a small private network for students at educational institutions and Twitter did not even exist; today, these platforms are a part of the daily lives of millions of users. In order to properly protect their brands and trademarks, brand owners should first plan to conduct regular assessments of the available social networking and Web 2.0 sites, with an eye to determining how popular these sites may be with the brand’s target consumers and the ease of using these sites for infringement purposes. Whether or not brand owners plan to become active in these spaces in the short term, they should keep in mind that their employees and customers may already be avid users of social media. Therefore, brand owners should take care to develop detailed use policies, both for employees and for third parties who may become a part of the user community. These policies should address in what context (if any) employees and third parties are permitted to mention the company and brand name, and, especially, who is authorized to speak on behalf of the company or brand and what internal reviews must take place before content is posted that mentions or concerns a brand (i.e., a review by the company’s legal department or outside counsel). These policies should extend to affiliates and licensees, and should be an element of any legal agreements between the company and third parties regarding brand and trademark use. Although social media can provide many excellent marketing and promotional opportunities for brand owners, entering these spaces can require a large time and financial investment. Thus, brand owners should take care to ensure that they are using the optimal platforms that will build their brands and reach the desired community of users. First, an assessment of the consumer demographic is a critical element of this process. Brand owners should choose the platforms that will reach their target customers and should not feel the need to build a presence on every single available platform. In addition, before committing to a social media initiative, brand owners should keep in mind that users of social media expect regular content updates, and that setting up social media sites and profiles and then neglecting them may do more harm than not using these platforms at all. Any budget for social media should take into account the costs and human capital necessary to maintain and update the content.

Many More Government Records Compromised in 2009 than Year Ago, Report Claims (Gov’t Technology, 2 Dec 2009) - If you’re bummed about the data in your department that just got breached, you have some cold comfort. Although the combined number of reported data breaches in the government and the military has dropped in 2009 compared to last year, many more records were compromised in those breaches, according to recent figures compiled by a California nonprofit. As of Tuesday, Dec. 1., the Identity Theft Resource Center (ITRC) reported 82 breaches in U.S. government and military organizations. Although the year isn’t over, that’s fewer than the 110 that occurred in 2008. But here’s the catch: The breaches so far in 2009 have compromised more than 79 million records, whereas fewer than 3 million were hacked in 2008.

My K-12 Blind Spot (InsideHigherEd, 2 Dec 2009) - We are a mixed LMS household. My 7th grader uses Moodle, I use Blackboard. Watching her use of Moodle to hand in her assignments, watch linked videos, download readings, participate in discussions and check her grades is a nightly reminder that utilization of educational technology is not restricted to the post-secondary world. Some of my daughter’s teachers make the sort of use of Moodle that would be a great model faculty members wanting to leverage their campus LMS. Embarrassingly, my knowledge of K-12 utilization of learning technology basically starts and ends from whatever my daughter does while at home. The primary/secondary and post-secondary educational technology communities don’t seem to overlap very much. I get my news from Inside Higher Ed and the Chronicle of Higher Education. EDUCAUSE, my professional organization, defines its mission in part “to advance higher education by promoting the intelligent use of information technology”. The blogs I read tend to be written by people working in higher ed. But in looking at how my daughter’s teachers use Moodle I can’t help to wonder what I’m missing. Is there a great deal of innovation around pedagogy and technology occurring in the K-12 world? What is the penetration of the Learning Management System (LMS) at the secondary level of education? What is the adoption curve? Are there practices in teacher training and support in learning technology that we can learn from and adopt at the college/university level? Does anyone know any good publications that cross the secondary / post-secondary divide? Are there a whole bunch of innovative and disruptive thinkers, writers, and bloggers in middle and high-schools that I don’t know about?

Google allows publishers to limit free content (AP, 2 Dec 2009) - Google Inc. is allowing publishers of paid content to limit the number of free news articles accessed by people using its Internet search engine, a concession to an increasingly disgruntled media industry. There has been mounting criticism of Google’s practices from media publishers — most notably News Corp. chairman and chief executive Rupert Murdoch — that argue the company is profiting from online news pages. In an official blog posted late Tuesday, Josh Cohen, Google’s senior business product manager, said the company had updated its so-called First Click Free program so publishers can limit users to viewing no more than five articles a day without registering or subscribing. Previously, each click from a user of Google’s search engine would be treated as free. “If you’re a Google user, this means that you may start to see a registration page after you’ve clicked through to more than five articles on the website of a publisher using First Click Free in a day ... while allowing publishers to focus on potential subscribers who are accessing a lot of their content on a regular basis,” Cohen said in the post. Cohen said that Google will also begin crawling, indexing and treating as “free” any preview pages — usually the headline and first few paragraphs of a story — from subscription websites. People using Google would then see the same content that would be shown free to a user of the media site and the stories labelled as “subscription” in Google News.

Web ad group launches privacy education campaign (Washington Post, 3 Dec 2009) - A group of leading Internet publishers and digital marketing services on Thursday launched an online campaign to educate consumers about how they are tracked and targeted for pitches on the Web. The Interactive Advertising Bureau, based in New York, unveiled its “Privacy Matters” Web site. The site explains how Internet marketers track where people go and what they do online and then mine that data to serve up targeted ads. The practice, known as behavioral advertising, has raised concerns among privacy watchdogs and lawmakers in Congress. A number of IAB members plan to run banner spots on their Web pages linking back to the Privacy Matters site. Those include Internet-only players such as Yahoo Inc. and Google Inc. and traditional media outlets such as Walt Disney Co. and The New York Times Co. The goal of the program, explained IAB Senior Vice President David Doty, is to describe “in plain English” how online advertising works. Among other things, the Privacy Matters Web site offers explanations of demographic targeting, interest group targeting and data-tracking files known as cookies. The site also informs consumers how they can control the information collected about them by changing their cookies settings. The new campaign is part of a broader self-regulatory push by the Interactive Advertising Bureau and other advertising trade groups that want to head off federal regulation.

Google Wants to Speed Up the Web: Launches Its Own DNS Service (ReadWriteWeb, 3 Dec 2009) - Google just launched the Google Public DNS. Just like OpenDNS, Google Public DNS will allow users to bypass their ISPs Domain Name Servers (DNS). DNS servers are, in many respects, the backbone of the Internet. DNS allows you to type a domain name like into a browser instead of a machine-readable IP number like Google’s argues that it wants to give consumers an alternative to their ISPs’ DNS services in order to market the Internet “faster, safer and more reliable.” According to Google product manager Prem Ramaswami, the company’s engineers have been working to improve DNS over the last few months. Instead of performing DNS lookups on an ISP’s DNS server, Google will use its data-center and caching infrastructure to resolve these domain names. [COMMENTARY: Michael Fleming, of Larkin Hoffman, comments: “I’ve been using OpenDNS for years. I like it for a number of reasons, including speed, reliability, as well as a sense that it’s less likely to get polluted by a hacker that might gain access to my ISP’s DNS (which, for most ISPs, is rather minimally monitored since they consider it automated, and hence a security risk for its users). If Google upholds those same principles, it’s OK by me. But... One concern is what happens when I type in a non-existent domain. It might just go blank or show a 404 error message. It might try to direct me to something that benefits Google (much akin to the highly complained about thing that NSI did a couple of years ago). It could be something in between, with a little bit of ads and some reasonable suggestions on what I might have meant to type in (which is what OpenDNS does now). Another concern is whether Google may try to influence the DNS by editing out domains it doesn’t like. OpenDNS, as well as most typical DNS providers, will not censor the DNS. Google could choose another policy. It might do so for admirable reasons (such as disabling access to known phishing sites), but that same thought could lead to less admirable reasons (such as disabling access to anonymous communication sites, or sites that a particular government doesn’t like, or the ability to go to, for example). * * * Done faithfully DNS is innocuous, but since it can be dangerous if misused we should not make decisions to switch lightly.” Another expert comments: “Another worry... DNS provides a centralized and low-bandwidth place for monitoring user behaviour. If you wanted to compile a database of IP addresses and the websites they visit, the DNS server is the best place to do it. Google openly engages in consumer monitoring via their ad and search services. I see no reason why they wouldn’t also retain DNS data.”]

- and -

Redirecting DNS Requests Can Harm the Internet, Says ICANN (PC World, 25 Nov 2009) - ICANN (Internet Corporation for Assigned Names and Numbers) on Tuesday condemned the practice of redirecting Internet users to a third-party Web site or portal when they misspell a Web address and type a domain name that does not exist. Rather than return an error message for DNS (Domain Name System) requests for nonexistent domains, some DNS operators send back the IP (Internet Protocol) address of another domain, a process known as NXDOMAIN substitution.

Risk Avoidance May Explain Why Big Firm Blogs Are Boring, Blogger Says (ABA Journal, 3 Dec 2009) - An inquiring blogger wants to know: Why are blogs associated with large law firms sometimes so boring, and why did so few appear in the ABA Journal’s Blawg 100? Blogger Mark Herrmann is a partner with Jones Day’s Chicago office who writes for the Drug and Device Law blog. He identified only two blogs on the ABA Journal list that are affiliated with large firms: his blog and SCOTUSblog. Herrmann says successful legal blogs can succeed in three ways: They can be the first source of news, such as the Wall Street Journal’s Law Blog. They can be written by extremely smart people who are paid to “sit around thinking great thoughts,” such as the law professors writing for the Volokh Conspiracy, Concurring Opinions or Prawfs Blog. Or they can have a voice, such as the blog Simple Justice. The voice thing can be a problem for law firm blogs, according to Herrmann, because it’s so risky. Blogging solo practitioners may have to field complaints about their posts, but no one can complain to their colleagues. “Not so for those of us in the AmLaw 200.” The result of risk avoidance: “You strip all humor and provocation out of your posts. You lose your voice. The posts are good. They’re informative. They’re lawyerly. But they’re boring; no one’s drawn to them.”

Yahoo Issues Takedown Notice for Spying Price List (Wired, 4 Dec 2009) - Yahoo isn’t happy that a detailed menu of the spying services it provides law enforcement agencies has leaked onto the web. Shortly after Threat Level reported this week that Yahoo had blocked the FOIA release of its law enforcement and intelligence price list, someone provided a copy of the company’s spying guide to the whistleblower site Cryptome. The 17-page guide describes Yahoo’s data retention policies and the surveillance capabilities it can provide law enforcement, with a pricing list for these services. Cryptome also published lawful data-interception guides for Cox Communications, SBC, Cingular, Nextel, GTE and other telecoms and service providers. But of all those companies, it appears to be Yahoo’s lawyers alone who have issued a DMCA takedown notice to Cryptome demanding the document be removed. Yahoo claims that publication of the document is a copyright violation, and gave Cryptome owner John Young a Thursday deadline for removing the document. So far, Young has refused. Yahoo’s letter was sent on Wednesday, within hours of the posting of Yahoo’s Compliance Guide for Law Enforcement at Cryptome. In addition to copyright infringement, the letter accuses the site of revealing Yahoo’s trade secrets and engaging in “business interference.” According to the letter, disclosure of its surveillance services (.pdf) would help criminals evade surveillance.

Law profs say e-marriages expand couple’s rights (, 6 Dec 2009) - A Boston couple wanting to wed under Louisiana’s covenant marriage law, or two New Orleans women seeking to wed in Massachusetts should be able to do so without leaving home, two law professors say. Michigan State University’s Adam Candeub and Mae Kuykendall have started the Legal E-Marriage Project, a clearinghouse for legislative proposals to establish “e-marriages.” “According to the team, the proposal refutes suggestions the state should get out of the marriage business and has the potential to alter the landscape of marriage culture wars,” Michigan State law school spokeswoman Katie Gallagher wrote on the school’s Web site. Candeub and Kuykendall said states should let couples marry under the laws of whatever place they chose. A couple’s physical presence in the state authorizing a marriage has never been a universal rule, the professors said. Couples long have married by proxy, mail and telephone. “The state needs to fight marital fraud, harness modern technology to make marriage more accessible and open its symbolic value to a variety of communities both online and off line,” Kuykendall said. At San Diego’s Thomas Jefferson Law School, professor Bryan Wildenthal called it a “groundbreaking, an innovative approach to the entire issue of how law should regulate family relationships.” Same-sex couples could marry in California under the laws of Massachusetts or Vermont, if the states enacted e-marriage provisions, Candeub and Kuykendall said. A couple’s home state would not necessarily have to recognize the marriage.

Local Governments Offer Data to Software Tinkerers (New York Times, 6 Dec 2009) - A big pile of city crime reports is not all that useful. But what if you could combine that data with information on bars, sidewalks and subway stations to find the safest route home after a night out? Stamen Design put together the San Francisco Crimespotting site using information from the city’s police department. DC Bikes, which shows bike paths in the Washington area, and Stumble Safely, which shows the safest way to get home from bars at night there, were both developed using government data. In Washington, a Web site called Stumble Safely makes that possible. It is one example of the kind of creativity that cities are hoping to mobilize by turning over big chunks of data to programmers and the public. Many local governments are figuring out how to use the Internet to make government data more accessible. The goal is to spawn useful Web sites and mobile applications — and perhaps even have people think differently about their city and its government. “It will change the way citizens and government interact, but perhaps most important, it’s going to change the way elected officials and civil servants deliver programs, services and promises,” said Gavin Newsom, the mayor of San Francisco, which is one of the cities leading the way in releasing government data to Web developers. “I can’t wait until it challenges and infuriates the bureaucracy.” Advocates of these open-data efforts say they can help citizens figure out what is going on in their backyards and judge how their government is performing. But programmers have had trouble getting their hands on some data. And some activists and software developers wonder whether historically reticent governments will release data that exposes problems or only information that makes them look good. It is too early to say whether releasing city data will actually make civil servants more accountable, but it can clearly be useful. Even data about mundane things like public transit and traffic can improve people’s lives when it is packaged and customized in an accessible way — a situation that governments themselves may not be equipped to realize. A Web site called CleanScores, for instance, tracks restaurant inspection scores in various cities and explains each violation. After School Special combines data from San Francisco schools, libraries and restaurants so parents can plan after-school activities and see how children’s nutritional options compare by neighborhood. And Trees Near You, available for the iPhone, lets people identify trees on New York streets. By releasing data in easy-to-use formats, cities and states hope that people will create sites or applications that use it in ways City Hall never would have considered.

With Lure of Cash, M.I.T. Group Builds a Balloon-Finding Team to Take Pentagon Prize (New York Times, 6 Dec 2009) - A group of researchers at the Massachusetts Institute of Technology edged out about 4,300 other teams on Saturday in a Pentagon-sponsored contest to correctly identify the location of 10 red balloons distributed around the United States. The contest, which featured a $40,000 prize, was organized by the Defense Advanced Research Projects Agency, in an effort to develop new ways to understand how information is disseminated through social networks. The winning group, a small team at the M.I.T. Media Laboratory Human Dynamics Group led by a physicist, Riley Crane, took just eight hours and 56 minutes to complete the challenge. The balloons, which were 8 feet in diameter, were arrayed around the country. Some were in highly trafficked locations like Union Square in San Francisco; others were in more obscure places, like Katy Park, a baseball field in the Houston suburbs. The winning researchers, who specialize in studying human interactions that emerge from computer networks, set up a Web site asking people to join their team. They relied on visitors to the Web site to invite their friends. They also sent e-mail messages inviting people to participate and sent a small number of advertisements to mobile phones. They said that they would dole out the prize money both to chains of individuals who referred people who had correct information on the balloons’ locations and to charities. They described their method as a “recursive incentive structure.”

See That Funny 2D Barcode In The Store Window? It Might Pull Up A Google Listing (TechCrunch, 6 Dec 2009) - What if every store had a bar-code sticker on its window so that you could pull out your iPhone, wave it in front of the bar code and get all sorts of information about that business—the telephone number, photos, customer reviews? Starting on Monday, you’ll be able to do that at up to 190,000 local businesses throughout the U.S. Google has mailed out window stickers with two-dimensional bar codes (aka, QR codes) to the most-searched for or clicked-on businesses in its local business directory. Anyone with a QR code reader in their phone can scan it to call up a Google Mobile local directory page for one of these “Favorite Places,” which generally includes a map, phone number, directions, address, reviews, and a link to the store’s website. (It’s a mobile version of Google Places). Local businesses can also set up coupon offers through their Google directory page, which would turn the QR code into a mobile coupon, and help entice someone standing outside a store to come in: “If you found us on Google, you get 20% off.” Japan is already QR-crazy. Google wants the U.S. to be next. In conjunction with the QR code sticker roll-out, Google is also giving away 40,000 Quickmark QR Code Reader apps for the iPhone, which normally cost $1.99 apiece. But you can use any QR code reader. There are a bunch of free ones, some on Android phones as well. There are now over a million local businesses which have claimed their Google local listing, up from a few hundred thousand last summer. If these QR code stickers become popular in the U.S., it could encourage more small businesses to claim their listings and give Google cleaner data.

New Smithsonian Collection Search (BeSpacific, 7 Dec 2009) - The Collections Search Center provides easy “one-stop searching” of more than 2 million of the Smithsonian’s museum, archives, library and research holdings and collections. The access to more Smithsonian collections via this Search Center is increasing over time. Collections currently available include: 265,900 images, video and sound files, electronic journals and other resources from the Smithsonian’s museums, archives & libraries.”

Florida: Judges Cannot be Facebook Friends with Litigants (Social Media Law Student, 9 Dec 2009) - Florida’s Judicial Ethics Advisory Committee responded to a few questions from one Florida judge about the use of social networking sites. The Committee found that judges cannot accept friend requests from litigants in their court. They take special care to note: “This opinion should not be interpreted to mean that the inquiring judge is prohibited from identifying any person as a “friend” on a social networking site. Instead, it is limited to the facts presented by the inquiring judge, related to lawyers who may appear before the judge. Therefore, this opinion does not apply to the practice of listing as “friends” persons other than lawyers, or to listing as “friends” lawyers who do not appear before the judge, either because they do not practice in the judge’s area or court or because the judge has listed them on the judge’s recusal list so that their cases are not assigned to the judge.” It’s pretty clear from this opinion that accepting a request on Facebook, LinkedIn and Myspace from a litigant in the judge’s court are out. The opinion does not just apply to those sites though: “Although Facebook has been used as an example in this opinion, the holding of the opinion would apply to any social networking site which requires the member of the site to approve the listing of a “friend” or contact on the member’s site, if (1) that person is a lawyer who appears before the judge, and (2) identification of the lawyer as the judge’s “friend” is thereafter displayed to the public or the judge’s or lawyer’s other “friends” on the judge’s or the lawyer’s page.” Any sites with a Facebook-like approach will obviously meet the criteria of this opinion. My question is: what about Twitter? If someone is protected on Twitter, they have to approve all followers. However, anybody can see which followers have been approved. So, does that constitute identification as a “friend” on the judge’s page? I think it very well might. You can read the full committee opinion, which also discusses campaign committees, here.

TSA accidentally reveals airport security secrets (Washington Post, 9 Dec 2009) - The Transportation Security Administration inadvertently revealed closely guarded secrets related to airport passenger screening practices when it posted online this spring a document as part of a contract solicitation, the agency confirmed Tuesday. The 93-page TSA operating manual details procedures for screening passengers and checked baggage, such as technical settings used by X-ray machines and explosives detectors. It also includes pictures of credentials used by members of Congress, CIA employees and federal air marshals, and it identifies 12 countries whose passport holders are automatically subjected to added scrutiny. TSA officials said that the manual was posted online in a redacted form on a federal procurement Web site, but that the digital redactions were inadequate. They allowed computer users to recover blacked-out passages by copying and pasting them into a new document or an e-mail. Current and former security officials called the breach troubling, saying it exposed TSA practices that were implemented after the Sept. 11, 2001, terrorist attacks and expanded after the August 2006 disruption of a plot to down transatlantic airliners using liquid explosives. Checkpoint screening has been a fixture of the TSA’s operations -- as well as a lightning rod for public criticism of the agency’s practices. Stewart A. Baker, a former assistant secretary at the Department of Homeland Security, said that the manual will become a textbook for those seeking to penetrate aviation security and that its leaking was serious. “It increases the risk that terrorists will find a way through the defenses,” Baker said. “The problem is there are so many different holes that while [the TSA] can fix any one of them by changing procedures and making adjustments in the process . . . they can’t change everything about the way they operate.” Another former DHS official, however, called the loss a public relations blunder but not a major risk, because TSA manuals are shared widely with airlines and airports and are available in the aviation community.

France to Digitize Its Own Literary Works (New York Times, 14 Dec 2009) - President Nicolas Sarkozy pledged nearly $1.1 billion on Monday toward the computer scanning of French literary works, audiovisual archives and historical documents, an announcement that underscored his government’s desire to maintain control over France’s cultural heritage in an era of digitization. The French National Library announced in August that it was engaged in discussions with Google over the digitization of its collections, part of a global effort by Google to digitize the world’s literary works. This provoked an uproar among French officials and the publishing community here, and the discussions were suspended. “We won’t let ourselves be stripped of our heritage to the benefit of a big company, no matter how friendly, big or American it is,” Mr. Sarkozy said last week, apparently in a reference to Google. The money pledged Monday will finance a public-private partnership that will digitize the nation’s cultural works, Mr. Sarkozy said. Yet that partnership might well involve Google. “The question remains open,” said Bruno Racine, president of the National Library, in a telephone interview. He emphasized the “necessity of a partnership with the private sector” in order to secure the capital needed for vast digitization projects. He put the cost of digitizing the National Library’s collections, which include over 14 million books and several million other documents, at more than $1.5 billion. Those who opposed the National Library’s discussions with Google were concerned primarily with its “dominant place” in the digital market, he said, noting, “It’s not so much that it is a private company.” The French culture minister, Frédéric Mitterrand, met last week with David C. Drummond, a senior vice president and chief legal officer at Google, to express his concerns about a potential collaboration with the company. France has long regarded Google warily. In 2005, French and German leaders announced plans, since abandoned, to develop a multimedia search engine to be called Quaero — “I seek,” in Latin — seen by many as a direct challenge to the company. The French government has also urged the European Union to undertake its own book digitization project.

Amazon Auctions Cloud Computation (Information Week, 14 Dec 2009) - Amazon on Monday began offering its Amazon Elastic Compute Cloud (EC2) customers the chance to bid on unused computing capacity. The new purchasing model, called Spot Instances, allows Amazon Web Services (AWS) customers to place bids for computing power and have their jobs processed if their bid exceeds the fluctuating “Spot Price.” “The central concept in this new option is that of the Spot Price, which we determine based on current supply and demand and will fluctuate periodically,” explained Amazon CTO Werner Vogels in a blog post. “If the maximum price a customer has bid exceeds the current Spot Price then their instances will be run, priced at the current Spot Price. If the Spot Price rises above the customer’s bid, their instances will be terminated and restarted (if the customer wants it restarted at all) when the Spot Price falls below the customer’s bid. This gives customers exact control over the maximum cost they are incurring for their workloads, and often will provide them with substantial savings.” Vogels said that bids higher than the Spot Price are only charged at Spot Price rate. Jeff Barr, Amazon Web Services evangelist, explains in a blog post that Spot Instances can be particularly useful for low-priority work that can be deferred until computing demand and price are low. EC2 continues to offer two other pricing methods: On-Demand Instances, which are charged at a published rate, and Reserved Instances, pre-paid at a discounted rate for use up to three years later. Typical jobs for EC2 involve analyzing data sets, media file format conversion, or Web crawling for a search index, for example. Pharmaceutical giant Pfizer has been using AWS -- EC2 and other services like S3, SQS, and SimpleDB -- to model antibody behavior.

Court Finds Personal E-Mail Privileged Even if Sent From Work (NLJ, 14 Dec 2009) - A federal prosecutor has won his fight to conceal e-mails he sent to his attorney over the government’s computers, contradicting a popular belief that employees have no expectation of privacy on work computers. The U.S. District Court for the District of Columbia ruled on Thursday that Assistant U.S. Attorney Jonathan Tukel had a reasonable expectation of privacy in those e-mails because federal prosecutors were allowed to use work e-mail for personal matters. Therefore, Tukel’s messages to his private lawyer sent from work are covered by the attorney-client privilege and can remain confidential. The party trying to get the e-mails is former federal prosecutor Richard Convertino, who lost his job after his convictions in a high-profile terrorism trial in Detroit were overturned in 2004 due to prosecutorial misconduct. Convertino, who believes he was retaliated against for blowing the whistle on incompetence in the Bush administration’s war on terror, is trying to find out who leaked confidential information about an investigation into his conduct to the Detroit Free Press. Convertino believes Tukel’s e-mails to his lawyer may shed some light on the matter. According to court documents, Tukel was the prosecutor in Detroit who reviewed Convertino’s cases, and he was “one of the original parties that initiated confidential personal matters” related to Convertino. Tukel has denied in an affidavit that he’s the source of the leak. But Convertino still wants the e-mails. He argued that Tukel had no privacy expectations in e-mails sent over a government computer. The court disagreed. “The DOJ maintains a policy that does not ban personal use of the company email. Although the DOJ does have access to personal emails sent through this account, Mr. Tukel was unaware that they would be regularly accessing and saving emails sent from his account. Because his expectations were reasonable, Mr. Tukel’s private emails will remain protected by the attorney-client privilege,” wrote Chief Judge Royce Lamberth. Tukel’s lawyer, James K. Robinson, a partner in the Washington office of Cadwalader, Wickersham & Taft, said the judge got it right -- “Where someone who uses their company e-mail, whether with the Justice Department or someone else, intends the communication to be confidential and takes reasonable steps to ensure the confidentiality ... there is no waiver of the attorney-client privilege.”

- and -

Supreme Court to Review Employer Access to Worker Text Messages (, 15 Dec 2009) - The U.S. Supreme Court said Monday it will decide how much privacy workers have when they send text messages from company accounts. The justices said they will review a federal appeals court ruling that sided with California police officers who complained that the department improperly snooped on their electronic exchanges. The 9th U.S. Circuit Court of Appeals in San Francisco also faulted the text-messaging service for turning over transcripts of the messages without the officers’ consent. Users of text-messaging services “have a reasonable expectation of privacy” regarding messages stored on the service provider’s network, 9th Circuit Judge Kim Wardlaw said. Both the city and USA Mobility Wireless, Inc., which bought the text-messaging service involved in the case, appealed the 9th Circuit ruling. The justices turned down the company’s appeal, but said they would hear arguments next year in the city’s case. The appeals court ruling came in a lawsuit filed by Ontario police Sgt. Jeff Quon and three others after Arch Wireless gave their department transcripts of Quon’s text messages in 2002. Police officials read the messages to determine whether department-issued pagers were being used solely for work purposes. The city said it discovered that Quon sent and received hundreds of personal messages, including many that were sexually explicit. Quon and the others said the police force had an informal policy of not monitoring the usage as long as employees paid for messages in excess of monthly character limits.

- and -

Prosecutor’s E-Mail Sent to His Lawyer on a Work Account is Privileged, Court Says (ABA Journal, 15 Dec 2009) - A federal prosecutor’s e-mail to his own lawyer is privileged, even though he sent it from work on a government computer, a federal court has ruled. Because he is allowed to use his work e-mail account for personal communications, assistant U.S. Attorney Jonathan Tukel had a reasonable expectation of privacy in those personal communications, explains the U.S. District Court for the District of Columbia in a written opinion. And because there was a reasonable expectation of privacy, they are confidential attorney-client privileged documents. Another factor in the decision, according to the National Law Journal, is that Tukel wasn’t aware that the government had access to his account and might be looking at his personal e-mail. However, partner James Robinson of Cadwalader Wickersham & Taft, who represents Tukel, called for confidentiality of work e-mail communications to be generally recognized, when they are intended to be confidential.

Free App Offers iPhone CLE Courses With Built-In Verification (ABA Journal, 15 Dec 2009) - Lawyers looking for continuing legal education credit can download a new app that allows them to find courses, listen to audio programs and access materials on their iPhone and iPod touch. Users can set up a free account at West LegalEdcenter to buy programs that can be downloaded using the free app, known as CLE Mobile, according to a Thomson Reuters press release. More than 2,000 audio courses are available. But don’t think that you can get credit just by downloading CLE programs. The app tracks and ensures that the program has played, and randomly verifies interaction in states that require the feature, according to West LegalEdcenter accreditation manager Gina Roers, writing at the center’s CLE Mobile blog. To verify attendance, a bell sounds during the program, and the lawyer has to tap “verify,” according to a CLE Mobile reference guide. When lawyers complete the programs, they can use the app to request CLE credit. A YouTube video shows a lawyer using the program while riding a train, at a coffeeshop and while taking a walk. The app is available from the App Store.

Ohio justices: Cell phone searches require warrant (Washington Post, 15 Dec 2009) - The Ohio Supreme Court said Tuesday police officers must obtain a search warrant before scouring the contents of a suspect’s cell phone, unless their safety is in danger. The American Civil Liberties Union of Ohio described the ruling as a landmark case. The issue appears never to have reached another state high court or the U.S. Supreme Court. The Ohio high court ruled 5-4 in favor of Antwaun Smith, who was arrested on drug charges after he answered a cell phone call from a crack cocaine user acting as a police informant. Officers took Smith’s cell phone when he was arrested and, acting without a warrant and without his consent, searched it. They found a call history and stored numbers that showed Smith had previously been in contact with the drug user.

App of the Week: Google’s Eyes on the Ground (New York Times, 16 Dec 2009) - Google Goggles is a new free app for smartphones using the Android operating system. With its grab bag of features, the app is a bit hard to define. Goggles uses a phone’s camera for data entry, Web searching and shopping, with a little bit of augmented reality thrown in. Here’s how it works. You use your phone to take a photo of a building, artwork, a bar code or some text and Goggles identifies it and brings back Google search results. A photo of a book cover brought back links to where the book is sold online, reviews, a Wikipedia entry on the author and more. A picture of the exterior of a restaurant brings back reviews, links to the restaurant’s Web site and a link to call the place with one click. When the phone is held parallel to the ground, nearby points of interest, like businesses and restaurants, float by on the bottom of the screen in what is called augmented reality. [Artwork? From museums or galleries? How cool would that be!]

- but -

Privacy fears force search giant to block facial recognition application on Google Goggles (Daily Mail, 14 Dec 2009) - Privacy concerns have forced Google to delay an expansion of its Goggles service which would have enabled camera-phone users to identify strangers on the street. The experimental Google Goggles application, which was launched last week, allows smart-phone users to search for subjects simply by snapping a picture of them. Users can focus their phone’s camera on an object and Google will try to match portions of the picture with the tens of millions of images in its database. But privacy campaigners have raised fears over the ‘ facial recognition’ potential of the service, which would allow users to track strangers through a photograph. Google, which has confirmed the technology is available but has yet to decide if it will be rolled-out as part of Goggles, has now confirmed that it is blocking aspects of the application until privacy implications have been fully explored.

Not Just Drones: Militants Can Snoop on Most U.S. Warplanes (DangerRoom, 17 Dec 2009) - Tapping into drones’ video feeds was just the start. The U.S. military’s primary system for bringing overhead surveillance down to soldiers and Marines on the ground is also vulnerable to electronic interception, multiple military sources tell Danger Room. That means militants have the ability to see through the eyes of all kinds of combat aircraft — from traditional fighters and bombers to unmanned spy planes. The problem is in the process of being addressed. But for now, an enormous security breach is even larger than previously thought. The military initially developed the Remotely Operated Video Enhanced Receiver, or ROVER, in 2002. The idea was let troops on the ground download footage from Predator drones and AC-130 gunships as it was being taken. Since then, nearly every airplane in the American fleet — from F-16 and F/A-18 fighters to A-10 attack planes to Harrier jump jets to B-1B bombers has been outfitted with equipment that lets them transmit to ROVERs. Thousands of ROVER terminals have been distributed to troops in Afghanistan and Iraq. But those early units were “fielded so fast that it was done with an unencrypted signal. It could be both intercepted (e.g. hacked into) and jammed,” e-mails an Air Force officer with knowledge of the program. In a presentation last month before a conference of the Army Aviation Association of America, a military official noted that the current ROVER terminal “receives only unencrypted L, C, S, Ku [satellite] bands.” So the same security breach that allowed insurgent to use satellite dishes and $26 software to intercept drone feeds can be used the tap into the video transmissions of any plane. The military is working to plug the hole — introducing new ROVER models that communicate without spilling its secrets. “Recognizing the potential for future exploitation the Air Force has been working aggressively to encrypt these ROVER downlink signals. It is my understanding that we have already developed the technical encryption solutions and are fielding them,” the Air Force officer notes. But it won’t be easy. An unnamed Pentagon official tells reporters that “this is an old issue that’s been addressed.” Air Force officers contacted by Danger Room disagree, strongly. “This is not a trivial solution,” one officer observes. “Almost every fighter/bomber/ISR [intelligence surveillance reconnaissance] platform we have in theater has a ROVER downlink. All of our Tactical Air Control Parties and most ground TOCs [tactical operations centers] have ROVER receivers. We need to essentially fix all of the capabilities before a full transition can occur and in the transition most capabilities need to be dual-capable (encrypted and unencrypted).”

EU Data Protection Meets U.S. Discovery (, 18 Dec 2009) - As a result of an increase in U.S. lawsuits requiring the transfer of personal data from France to the United States, the French Data Protection Agency (CNIL) published a recommendation in August 2009, which is designed to offer guidance on data transfers in connection with U.S. civil discovery proceedings.[FOOTNOTE 1] The CNIL’s recommendation expands on the guidelines adopted by the body of European data protection agencies (the Article 29 Data Protection Working Party) in February 2009.[FOOTNOTE 2] EU member states increasingly enforce their data protection laws. For instance, in 2008, the Spanish data protection agency imposed fines amounting in total to €22.6 million. In France and other EU countries, companies are under pressure to comply with U.S. discovery requests, which frequently call for the production of personal data about employees, clients, or customers. The CNIL’s recommendation reflects a tension between a company’s obligation to respond to U.S. discovery requests and its obligation to comply with EU data protection laws. Because data protection laws pursue a legitimate interest and are increasingly enforced in Europe, courts and litigants in the U.S. should take them into account when ordering discovery abroad. * * * The CNIL indicates that, where a person in France engages in a “single and non-massive transfer” of data to the US, which is necessary or legally required for the establishment, exercise, or defense of legal claims, the company responding to the U.S. discovery request does not need to request the CNIL’s prior authorization, but should simply provide advance notice. By contrast, “massive and repeated” transfers of data require the CNIL’s authorization and are only lawful where (i) the recipient of personal data is an entity established in the U.S. that has subscribed to the Safe Harbor Scheme; (ii) the parties have adopted standard contract clauses issued by the European Commission; or (iii) the recipient has a set of strict and binding corporate rules in place providing an adequate level of protection of personal data. The CNIL does not provide guidance regarding the volume of data that would trigger the need for CNIL authorization.

Rethinking Green (Stewart Brand, 9 Oct 2009) - Brand builds his case for rethinking environmental goals and methods on two major changes going on in the world. The one that most people still don’t take into consideration is that power is shifting to the developing world, where 5 out of 6 people live, where the bulk of humanity is getting out of poverty by moving to cities and creating their own jobs and communities (slums, for now). He noted that history has always been driven by the world’s largest cities, and these years they are places like Mumbai, Lagos, Dhaka, Sao Paulo, Karachi, and Mexico City, which are growing 3 times faster and 9 times bigger than cities in the currently developed world ever did. The people in those cities are unstoppably moving up the “energy ladder” to high quality grid electricity and up the “food ladder” toward better nutrition, including meat. As soon as they can afford it, everyone in the global South is going to get air conditioning. The second dominant global fact is climate change. Brand emphasized that climate is a severely nonlinear system packed with tipping points and positive feedbacks such as the unpredicted rapid melting of Arctic ice. Warming causes droughts, which lowers carrying capacity for humans, and they fight over the diminishing resources, as in Darfur. It also is melting the glaciers of the Himalayan plateau, which feed the rivers on which 40% of humanity depends for water in the dry season—the Indus, Ganges, Brahmaputra, Mekong, Irrawaddy, Yangtze, and Yellow. [Editor: This is fascinating, especially given that Brand is extremely thoughtful and credible. Has nothing to do with IT law, but worth your time anyway. 90-minute podcast; ONE-STAR]

**** RESOURCES ****
Disclosure, Deception and Deep-Packet Inspection: The Role of the Federal Trade Commision Act’s Deceptive Conduct Prohibitions in the Net Neutrality Debate (SSRN paper by Prof. Catherine Sandoval) - This Article examines a largely unexplored frontier in the “Net Neutrality” debate: the Federal Trade Commission (FTC) Act’s proscriptions against deceptive conduct as a legal limit on Internet Service Provider (ISP) discrimination against Internet traffic. ISP discrimination against certain types of Internet traffic has blossomed since 2005 when the Federal Communications Commission (FCC), with the Supreme Court’s blessing in NCTA v. Brand X and FCC, relieved ISPs from common-carrier regulations that prohibited discrimination and reclassified ISPs as “information service providers.” This Article argues that the Internet’s architecture and codes presumed common carriage, indicating that the Internet’s design and industry “self-regulation” cannot alone prevent ISPs who control access to the Internet’s physical layer from becoming its gatekeepers. The FTC and FCC must use their respective authority to police the gulf between ISP promises and practices, protect Internet users and competition, and safeguard the Internet itself as a source for innovation and a wide range of speech.

**** FUN ****
Most Awesomely Bad Military Acronyms 7 (Danger Room, 1 Dec 2009) - It’s the most wonderful time of the year. Not because of some lame holiday. Because it’s time again for our Most Awesomely bad Military Acronyms (MAMAs).
The defense and intelligence establishment is famous for stirring words into an insane alphabet soup of acronyms, abbreviations, and neologisms. For over a year, we’ve been on a quest to find the silliest, most agonizing MAMAs out there. Our latest batch has a heroic bent - the champions of mil-jargon, if you will. Behold!
* Communications Electronic Attack with Surveillance And Reconnaissance. (CEASAR)
* Game-theoretic Optimal Deformable Zone including Inertia with Local Approach (GODZILA)
* Applied Research reGarding Operationally Novel And Unique Technologies (ARGONAUT)
* Automated Low-Level Analysis and Description of Diverse Intelligence Video (ALADDIN)
* Joint Counter Radio Controlled Improvised Explosive Device Electronic (JCREW)
* Bioterrorism Operations Policy for Public Emergency/Chemoterrorism Operations Policy for Public Emergency (BOPPER/COPPER)

HAS GOVERNMENT ENCRYPTION EXPORT POLICY FAILED? -- Researchers at George Washington University’s Cyberspace Policy Institute are telling the Senate Commerce Committee that the most powerful encryption software is now widely accessible internationally, despite the Clinton Administration’s efforts to restrict the spread of “strong encryption” technology for fear it would be used by terrorists and criminals. But the U.S. has lost its monopoly on the mathematical algorithms underlying advanced encryption techniques, and 167 products now available internationally use algorithms that can not be decoded by even the largest and most sophisticated computers. (New York Times 10 Jun 99)

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley ( with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
6. Crypto-Gram,
7. McGuire Wood’s Technology & Business Articles of Note,
8. Steptoe & Johnson’s E-Commerce Law Week,
9. Eric Goldman’s Technology and Marketing Law Blog,
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

Saturday, November 28, 2009

MIRLN --- 8-28 November 2009 (v12.16)

• Leaked ACTA Internet Provisions: Three Strikes and a Global DMCA
• Federal Judge Calls Courtroom Tweets Banned Broadcasts Under Rule 53
• Consent Will be Required for Cookies in Europe
o French Senate Issues New Legislation to Amend Data Protection Act: Provisions Include Breach Notice Obligation and Consent for Use of Cookies
• Towards a “Privacy Privilege” to Oppose Discovery Requests?
• Sticks and Stones – More about Online Reputation Management
• Department of Interior Fails Cybersecurity Audit
o NIST Drafts Cybersecurity Guidance
• World Justice Project Rule of Law Index
• Ninth Circuit Ruling Leads to Spike in Class Actions Over Text Messages from Retailers
• Employers Win a Round in the Fight over whether Disloyal Employees are “Authorized” to Access Company Computers
• Two German Killers Demanding Anonymity Sue Wikipedia’s Parent
• W.Va. Supreme Court Opts for E-Mail Secrecy
• International Activists Launch New Website to Gather and Share Copyright Knowledge
• A Rush to Learn English by Cell
• Twitter and the Learning Technology Stream
• More Hackers Target Law Firms, Often ‘Spear Fishing’ in Spam E-Mail
• Goal of New ABA Website: All the Federal Decisions that are Fit to Print
o Bridging the Digital Divide: a New Vendor in Town? Google Scholar Now Includes Case Law
o Google Scholar Legal Opinion and Journal Search, ABA LTRC Free Full-Text Law Review/Law Journal Search
• Wow! Top Execs Say they are Influenced by Social Networks
• In-Q-Tel Invests in Cybersecurity Company
• DHS Critical Infrastructure Protection Website Launched
• India Establishes Broad Interception, Data Retention, Cyber Security, and Website Blocking Requirements
• Some Courts Raise Bar on Reading Employee Email
• 200 Web Sites Spread al-Qaida’s Message in English
• Military Video System is Like YouTube with Artillery
• Memento: Protocol-Based Time Travel for the Web
• A Look at Twitter’s Updated Privacy Policy
• Law Firm Invokes Privacy Laws in Suing Rival over Search Engine Keywords
• Levi’s is Paying Orrick a Flat Fee to Handle all but its IP Work
• Wikileaks Releases over Half a Million Pager Messages from 9/11
• Google Profiles turn into OpenIds


LEAKED ACTA INTERNET PROVISIONS: THREE STRIKES AND A GLOBAL DMCA (EFF, 9 Nov 2009) - Negotiations on the highly controversial Anti-Counterfeiting Trade Agreement (ACTA) began last week in Seoul, Korea. The closed negotiations focused on “enforcement in the digital environment.” Negotiators discussed the Internet provisions drafted by the US government. No text has been officially released, but as Professor Michael Geist and IDG are reporting, leaks have surfaced. The leaks confirm everything we have feared about the secret ACTA negotiations. The Internet provisions have nothing to do with addressing counterfeit products but are all aimed at imposing a set of copyright industry demands on the global Internet, including obligations on ISPs to adopt Three Strikes Internet disconnection policies and a global expansion of DMCA-style TPM laws. For the leaked commission memo:

FEDERAL JUDGE CALLS COURTROOM TWEETS BANNED BROADCASTS UNDER RULE 53 (ABA Journal, 9 Nov 2009) - A federal judge in Georgia has banned reporters from sending live-action tweets from his courtroom, saying that Twitter is a form of broadcasting and hence prohibited under Rule 53 of the Federal Rules of Criminal Procedure. But the ruling by U.S. District Judge Clay Land only extends as far as the courtroom door, suggests the Taking Liberties blog of CBS News: “All an intrepid spectator in Judge Clay Land’s courtroom apparently needs to do is write something inside the courtroom, and then step outside before pressing ‘send,’ “ the blog states. The Volokh Conspiracy provides a link to the judge’s four-page order (PDF), which was made last week in response to a request by a Columbus Ledger-Enquirer reporter to tweet about an upcoming trial.

CONSENT WILL BE REQUIRED FOR COOKIES IN EUROPE (, 9 Nov 2009) - A law that demands consent to internet cookies has been approved and will be in force across the EU within 18 months. It is so breathtakingly stupid that the normally law-abiding business may be tempted to bend the rules to breaking point. The fate of Europe’s cookie law became improbably entwined with a debate over file-sharing. To cut a long story short, it broke free. On 26th October, it was voted through by the Council of the EU. It cannot be stopped and awaits only the rubber-stamp formalities of signature and publication. The vote’s result was announced by way of a whisper. It featured at the tail end of an 18-page Council press release (PDF) that first had to address fishing quotas, train driving licences and a maritime treaty with China. I’m afraid we missed it. There was no attempt to bury this news – but the hushed tones of its reporting were consistent with the media attention it has received to date. There has been almost no fuss about this little law, despite the harm it could do to advertising, the lifeblood of online publishing. It also threatens to irritate all web users by appearing at every new destination like an over-zealous security guard. Here’s what’s coming. The now-finalised text says that a cookie can be stored on a user’s computer, or accessed from that computer, only if the user “has given his or her consent, having been provided with clear and comprehensive information”. An exception exists where the cookie is “strictly necessary” for the provision of a service “explicitly requested” by the user – so cookies can take a user from a product page to a checkout without the need for consent. Other cookies will require prior consent, though. So almost every site that carries advertising should be seeking its visitors’ consent to the serving of cookies. It also catches sites that count visitors – so if your site uses Google Analytics or WebTrends, you’re caught. You could seek consent with pop-ups, if you’re happy to ignore accessibility guidelines that discourage pop-ups – though users’ browsers may block pop-ups by default, which risks confusion. Or you could do it with a landing page that contains a load of information and some choices. The choices for users could be: * * * [Spotted by MIRLN reader Michael Fleming of Larkin Hoffman.]

- and -

FRENCH SENATE ISSUES NEW LEGISLATION TO AMEND DATA PROTECTION ACT: PROVISIONS INCLUDE BREACH NOTICE OBLIGATION AND CONSENT FOR USE OF COOKIES (Hunton & Williams, 17 Nov 2009) - On November 6, 2009, the French Senate proposed a new draft law to reinforce the right to privacy in the digital age (“Proposition de loi visant à garantir le droit à la vie privée à l’heure du numérique”) (the “Draft Law”). Following a Report on the same topic issued last spring, the Senate made concrete proposals with this Draft Law to amend the Data Protection Act. The Draft Law requires that data controllers provide information on their data processing activities to their data subjects in a clear, specific and easily accessible manner. The data subjects would be able to exercise their right of access more easily, including by email. The Draft Law also distinguishes between the data subject’s right to object to the use of his/her personal data for commercial purposes and his/her right to delete his personal data after it has been processed. The Draft Law also proposes an increase in the obligations of data controllers. Organizations with more than fifty employees that either access or process the personal data are required to appoint a data protection officer. In addition to his obligation to inform the data subjects about a data processing activity, a data controller would have to obtain a data subject’s consent to process data (including for the use of cookies), except if a legal exception applies. Data controllers would also have to implement stronger security measures to preserve the security and confidentiality of personal data. In particular, in case of a data security breach, a data controller would have to notify the French data protection authority (“CNIL”), which would then decide whether to inform the data subjects concerned by this breach. Finally, passage of the law would increase the CNIL’s enforcement authority. Fines imposed by the CNIL for violations of the law would be increased to a maximum €600,000 (instead of the current €300,000).

TOWARDS A “PRIVACY PRIVILEGE” TO OPPOSE DISCOVERY REQUESTS? (White & Case, 10 Nov 2009) - On July 23, 2009, the French Data Protection Authority [Commission nationale de l’informatique et des libertés (“CNIL”)] released its Deliberation No. 2009-474 concerning recommendations for the transfer of personal data in the context of discovery in US litigation (the “Recommendation”). This Recommendation must be taken into account by all parties that find themselves in the position of transferring documents or other information containing personal data from France to the United States in the discovery or litigation context. In the Recommendation, the CNIL, a governmental agency whose stated goal is in particular to protect individuals with regard to the processing of their personal data in France, has wrestled with the threats posed to personal data privacy by discovery requests served in US civil and commercial litigation. The Recommendation was issued in response to “an increase in the number of matters concerning the transfer of personal data to the United States, filed principally either by French subsidiaries of American companies or by French companies that have commercial ties with the United States, in the context of ‘Discovery’ proceedings before American courts.” For those familiar with the CNIL’s prior Recommendations and privacy-friendly positions, this one will not come as a complete surprise; nonetheless, the Recommendation represents an important new authoritative statement regarding the defense of privacy rights in the discovery context. (The Recommendation does not apply to US criminal litigation or the investigations by governmental agencies.)

STICKS AND STONES – MORE ABOUT ONLINE REPUTATION MANAGEMENT (ABA’s LTRC, 10 Nov 2009) - When people are searching for information they are most likely to be using Google. According to Experian Hitwise, a global online competitive intelligence service, Google accounted for 71.08 percent of all U.S. searches conducted in September 2009. Therefore, Google’s Reputation Management Advice carries considerable weight. A lawyer’s reputation is his or her stock in trade; making this topic particularly relevant to the legal profession. Following is a collection of resources for lawyers regarding online reputation management: * * *

DEPARTMENT OF INTERIOR FAILS CYBERSECURITY AUDIT (Information Week, 10 Nov 2009) - The Department of the Interior inspector general has issued a report that’s sharply critical of the agency’s cybersecurity performance, concluding that its efforts fall short of federal government requirements. The recently issued report points to broad problems at the agency, from a decentralized IT organization to “fragmented governance processes.” It says that the agency has “substantially under-qualified” cybersecurity personnel and that its IT leadership hasn’t been as involved in cybersecurity as it should be. “Personnel responsible for management of the IT programs are not accountable for results, and existing investments are not leveraged to their full potential,” the report says. Interior has budgeted $182 million for cybersecurity this year and has 677 employees and contractors devoted to information security and another 3,531 with “significant” responsibilities in that area. The Department of Interior has CIOs for each of its large bureaus, and those CIOs are supposed to have responsibility for their organizations’ IT and cybersecurity. However, the inspector general found that responsibilities were delegated to smaller offices, resulting in inefficiencies and higher costs. The report describes IT and cybersecurity governance at the department as being inefficient, wasteful, and lacking accountability. It says that Interior has been cited for similar problems in the past by the inspector general and by the Government Accountability Office, but that recommendations for fixing the situation haven’t been applied. [Editor: anybody remember Corbell v. Norton? Fiduciary duty to protect information security?]

- and -

NIST DRAFTS CYBERSECURITY GUIDANCE (Information Week, 23 Nov 2009) - Draft guidance from the National Institute of Standards and Technology issued last week, pushes government agencies to adopt a comprehensive, continuous approach to cybersecurity, tackling criticism that federal cybersecurity regulations have placed too much weight on periodic compliance audits. The guidance, encapsulated in a draft revision to NIST Special Publication 800-37, will likely be finalized early next year. While federal agencies aren’t required to follow all of its recommendations, NIST is officially charged with creating standards for compliance with the Federal Information Systems Management Act, (FISMA), which sets cybersecurity requirements in government, so this guidance should at the very least be influential. The new document puts more onus on applying risk management throughout the lifecycle of IT systems. “This is part of a larger strategy to try to do more on the front end of security as opposed to just on the back end,” says NIST’s Ron Ross, who is in charge of FISMA guidance at the agency. “We don’t think of security as a separate undertaking, but as a consideration we make in our normal lifecycle processes.” Special Publication 800-37 fleshes out six steps federal agencies should take to tackle cybersecurity: categorization, selection of controls, implementation, assessment, authorization, and continuous monitoring. It improves on earlier guidance by emphasizing making rigorous cybersecurity part and parcel of the deployment and operation of IT systems. The document breaks out its cybersecurity guidance in several steps.

WORLD JUSTICE PROJECT RULE OF LAW INDEX (BeSpacific, 11 Nov 2009) - “The Rule of Law Index is a new tool, created by the WJP [World Justice Project Rule], which measures countries’ adherence to the rule of law...The Rule of Law Index is the first index that examines the rule of law comprehensively. Other indices cover only aspects of the rule of law, such as human rights, commercial law, and corruption. Because the Index looks at the rule of law in practice and not solely as it exists on the books, the Index will be able to guide governments, civil society, NGOs and business leaders in targeting efforts to strengthen the rule of law.” Index materials here:

NINTH CIRCUIT RULING LEADS TO SPIKE IN CLASS ACTIONS OVER TEXT MESSAGES FROM RETAILERS (Pillsbury, 11 Nov 2009) - In Satterfield v. Simon & Schuster, Inc., 569 F.3d 946 (9th Cir. 2009), the Ninth Circuit held that unsolicited text messages to mobile phones sent by a retailer may constitute a “call” in violation of the Telephone Consumer Protection Act (the “TCPA”). This decision has sparked an increase in consumer class actions filed against retailers who send advertisements to consumers by text message.

EMPLOYERS WIN A ROUND IN THE FIGHT OVER WHETHER DISLOYAL EMPLOYEES ARE “AUTHORIZED” TO ACCESS COMPANY COMPUTERS (Steptoe & Johnson’s E-Commerce Law Week, 12 Nov 2009) - A federal court in Missouri has weighed in on whether a disloyal employee’s use of his employer’s computer system is acting “without authorization” or “exceed[ing] authorized access,” in violation of the Computer Fraud and Abuse Act. As we’ve previously reported, courts have split on the issue, with many courts (notably the Ninth Circuit) holding that an employee who is permitted to access the system is not acting “without authorization” or in excess of authorization even if he is accessing the system for an illegitimate purpose, such as taking proprietary information to give to a competing firm. The court in Missouri, however, followed the Seventh Circuit’s decision in International Airport Centers, L.L.C., v. Citrin, which held that an employee loses authorization to access company computers when he acts to benefit his own interests, and not those of the company.

TWO GERMAN KILLERS DEMANDING ANONYMITY SUE WIKIPEDIA’S PARENT (New York Times, 12 Nov 2009) - Wolfgang Werlé and Manfred Lauber became infamous for killing a German actor in 1990. Now they are suing to force Wikipedia to forget them. The legal fight pits German privacy law against the American First Amendment. German courts allow the suppression of a criminal’s name in news accounts once he has paid his debt to society, noted Alexander H. Stopp, the lawyer for the two men, who are now out of prison. Mr. Stopp has already successfully pressured German publications to remove the killers’ names from their online coverage. German editors of Wikipedia have scrubbed the names from the German-language version of the article about the victim, Walter Sedlmayr. Now Mr. Stopp, in suits in German courts, is demanding that the Wikimedia Foundation, the American organization that runs Wikipedia, do the same with the English-language version of the article. That has free-speech advocates quoting George Orwell. Floyd Abrams, a prominent First Amendment lawyer who has represented The New York Times, said every justice on the United States Supreme Court would agree that the Wikipedia article “is easily, comfortably protected by the First Amendment.” But Germany’s courts have come up with a different balance between the right to privacy and the public’s right to know, Mr. Abrams said, and “once you’re in the business of suppressing speech, the quest for more speech to suppress is endless.” The German law springs from a decision of Germany’s highest court in 1973, said Julian Höppner, a lawyer with the Berlin law firm JBB who has represented the Wikimedia Foundation, though not in this case. Publications generally comply with the law, Mr. Höppner said, by referring to “the perpetrator — or, Mr. L.” But with such a well-known case, he said, expunging the record “is difficult to accomplish — and, morally speaking, rightly so.”

W.VA. SUPREME COURT OPTS FOR E-MAIL SECRECY (AP, 12 Nov 2009) - The state Supreme Court has ruled that public officials and public employees can keep their personal e-mails secret. The court ruled 4-1 Thursday that none of the 13 e-mails between former Supreme Court Chief Justice Elliott “Spike” Maynard and Massey Energy Chief Executive Don Blankenship are public records. The Associated Press had sued to gain access to the correspondence last year, when Massey had several cases pending before the high court. Kanawha County Circuit Court Judge Duke Bloom ruled that five of the e-mails were public, but that eight were not. Bloom reasoned that the five e-mails were public records because they touched on Maynard’s ultimately unsuccessful campaign in the Democratic primary, in which he ran against two of the justices now sitting on the court. The five e-mails were released after that ruling. But the Supreme Court ruled that Bloom was wrong to release those e-mails, and sent the case back to his court. Justice Margaret Workman was the lone dissenter. In writing for the majority, Justice Robin Davis said “None of the e-mails’ contents involved the official duties, responsibilities or obligations of Justice Maynard as a duly elected member of the court.” Davis’ opinion says that 12 of the e-mails “simply provided URL links to privately operated Internet Web sites that carried news articles,” while the 13th was an “agenda for a meeting being held by a private organization.” This description is not accurate. Of the five e-mails released by Bloom’s order, two contained links not to news articles, but to pages on the Web site of a Huntington law firm, along with comments Maynard wrote about the firm. One e-mail mocked the firm’s advertisements as “unbelievable,” while another slammed the firm for claiming that a fire at Massey’s Aracoma Alma Mine No. 1 that killed two miners could have been prevented.

INTERNATIONAL ACTIVISTS LAUNCH NEW WEBSITE TO GATHER AND SHARE COPYRIGHT KNOWLEDGE (EFF, 13 Nov 2009) - The Electronic Frontier Foundation (EFF), Electronic Information for Libraries (, and other international copyright experts joined together today to launch Copyright Watch -- a public website created to centralize resources on national copyright laws at “Copyright laws are changing across the world, and it’s hard to keep track of these changes, even for those whose daily work is affected by them,” said Teresa Hackett, Program Manager at “A law that is passed in one nation can quickly be taken up by others, bilateral trade agreements, regional policy initiatives, or international treaties. With Copyright Watch, people can learn about the similarities and differences in national copyright laws, and they can use that information to more easily spot patterns and emerging trends.” Copyright Watch is the first comprehensive and up-to-date online repository of national copyright laws. To find links to national and regional copyright laws, users can choose a continent or search using a country name. The site will be updated over time to include proposed amendments to laws, as well as commentary and context from national copyright experts. Copyright Watch will help document how legislators around the world are coping with the challenges of new technology and new business models.

A RUSH TO LEARN ENGLISH BY CELL (Washington Post, 14 Nov 2009) - More than 300,000 people in Bangladesh, one of Asia’s poorest but fastest-growing economies, have rushed to sign up to learn English over their cellphones, threatening to swamp the service even before its official launch Thursday. The project, which costs users less than the price of a cup of tea for each three-minute lesson, is being run by the BBC World Service Trust, the international charity arm of the broadcaster. Part of a British government initiative to help develop English skills in Bangladesh, it marks the first time that cellphones have been used as an educational tool on this scale. Since cellphone services began in Bangladesh just over a decade ago, more than 50 million Bangladeshis have acquired phone connections, including many in remote rural areas. That far outnumbers the 4 million who have Internet access. English is increasingly seen as a key to economic mobility, especially as ever larger numbers of Bangladeshis go abroad to find work unavailable to them at home. An estimated 6.2 million Bangladeshis work overseas, and their nearly $10 billion in annual remittances represent the country’s second-largest source of foreign exchange. However, English is also important for securing jobs at home, where about 70 percent of employers look for workers with “communicative English.” Through its Janala service, the BBC offers 250 audio and text-message lessons at different levels -- from basic English conversation to grammar and comprehension of simple news stories. Each lesson is a three-minute phone call, costing about 4 cents.

TWITTER AND THE LEARNING TECHNOLOGY STREAM (InsideHigherEd, 15 Nov 2009) - Twitter is changing how I keep up with the educational technology world. I’m moving from relying on an RSS reader (I use Google Reader) to relying on Twitter subscriptions and hashtags. For the first time I’m wondering if Google should be worried about their core business model, as if my experience is any guide on how we use the Web to understand the world, may be moving away from search and more towards microblogging Twitter clients (I use Twhirl by Seesmic). At EDUCAUSE 09 Twitter was much debated (go watch the fabulous Campbell/Maas point/counterpoint) and extravagantly utilized for sharing and communication (see the #EDUCAUSE09 transcript). I’m pretty certain that Course Management Systems will start to build in Twitter capabilities and that hashtags will automatically be generated for each course. Tweeting will become a standard way for students and instructors to share information, thoughts and links around the course material. Many instructors will become comfortable incorporating and leveraging a Twitter-enabled backchannel to both in-class and out-of-class communication. Scanning the educational technology news stream via a Twitter client vs. relying on an RSS reader means that I look at content that has been recommended by a person. The learning technology community is small enough that I can pretty quickly begin to filter by reputation. If one person consistently links to material that I find useful and interesting then I’m more likely to click on her links. Rather then going to particular blogs, or presentations, or videos, or articles based on the title or site (as I do with an RSS reader), I go because of a colleague’s recommendation. This is a big change, and I’m still getting my head around this shift. My apologies for all those folks like Clay Shriky (and perhaps) you who understood (and blogged about) the implications of microblogging and social media a long time ago. I feel like I’m sort of coming late to this bandwagon. My conversion to information gathering by Twitter client has me wondering about the need to explore this method in course design, faculty training, and student information literacy.

MORE HACKERS TARGET LAW FIRMS, OFTEN ‘SPEAR FISHING’ IN SPAM E-MAIL (ABA Journal, 16 Nov 2009) - Computer hackers are targeting law firms as a potential motherlode of confidential information, often relying on “spear fishing” attacks in which personalized spam e-mail appears to come from a trusted individual. While the e-mail itself doesn’t pose a danger, clicking on a link within the e-mail can invite malicious software into the law firm’s computer system. The trend of focusing hack attacks on law firms began two years ago, according to a FBI advisory, but there has been a “noticeable increase” recently, reports the Associated Press. Law firms representing client corporations that are negotiating major international deals are particularly inviting targets. “Law firms have a tremendous concentration of really critical, private information,” says Bradford Bleier of the FBI’s cyber division. Hence, sneaking into their computer systems “is a really optimal way to obtain economic, personal and personal security-related information.” [The FBI advisory is here:; it was published by the FBI on November 1 entirely without fanfare, and only picked up by the AP after Mr. Bleier talked about it at an ABA meeting on November 13.]

GOAL OF NEW ABA WEBSITE: ALL THE FEDERAL DECISIONS THAT ARE FIT TO PRINT (ABA Journal, 17 Nov 2009) - Want to know more about a 9th Circuit opinion on the First Amendment rights of a citizen ejected from a city council meeting for giving a Nazi salute? Or the 5th Circuit opinion allowing a Halliburton employee to sue over her alleged rape in Iraq? You can find those opinions summarized on the new Media Alerts on Federal Courts of Appeals website. Students and professors at four law schools are choosing the opinions most likely to be of interest to journalists and the public for the pilot project, sponsored by the ABA Standing Committee on Federal Judicial Improvements. The website, which officially launches on Wednesday, now covers the U.S. Courts of Appeals for the 3rd, 5th and 9th Circuits. The plan is to add eventually all of the circuits. Judge M. Margaret McKeown of the 9th Circuit, a special adviser to the project, says the idea for the website grew out of some discussions between judges and journalists at a meeting at the First Amendment Center earlier this year. About 60,000 cases are filed every year in the federal courts of appeals, McKeown told the ABA Journal. “Most courts have very good websites, but there is a lot of information out there, so this provides a special niche,” she says. “There is a certain needle-in-the-haystack element for someone to go through them every day in every jurisdiction of interest to find cases.” “Our view is that fair and accurate reporting about the courts is important, both for the public and also in order to emphasize judicial independence,” says McKeown, whose three-year term as chair of the ABA Standing Committee on Federal Judicial Improvements ended in August. Law schools working on the project are the University of Texas School of Law, Temple University Beasley School of Law, the University of Arizona James E. Rogers College of Law, and the University of San Diego School of Law.

- and -

BRIDGING THE DIGITAL DIVIDE: A NEW VENDOR IN TOWN? GOOGLE SCHOLAR NOW INCLUDES CASE LAW (LLRX, 18 Nov 2009) - An unexpected salvo was fired in the battle to bring case law to the consumer today by none other than Web search giant, Google. The announcement that Google Scholar would now allow for precedent searches set the internet and legal world a buzz. With law firms still being battered by the struggling economy, Google’s move is opportune. Legal researchers are hungry for low cost alternatives to the industry’s major players. Just how Google’s new case offerings and functionality will stack up remains to be seen. Will it be a revolution in the world of case research or just another case of getting for what we pay (or don’t pay, as it may be)? Google is taking on the old adage that ignorance of the law is not a defense when running afoul of it. Its announcement clearly targeted the average person, promising to enable “people everywhere to find and read full text legal opinions from U.S. federal and state district, appellate and supreme courts.” What it may lack in the wide breadth of coverage we have come to expect from major vendors like Westlaw and Lexis, Google makes up for with the simple, popular, and widely-used power of its search engine. Folks who have never touched the other major vendors have almost certainly “googled” something. Thus, though new to the law scene, Google’s brand and familiarity could make it a formidable foe to the industry elite. Searching for case law on Google is simple and versatile. You can search by case name, topic, or even phrase (“separate but equal” is the example they use). All you need to do is go to Google Scholar ( and click the new radio button for “Legal opinions and journals”. It is just that easy. But what of the results? How do they compare to what we in the legal community are accustomed? A simple test of the new search might just surprise you. Take a case like Bowers v. Hardwick, for example - seminal, controversial, and heavily cited. Run it’s name through the Google Scholar search. What you get is almost overwhelming. Yes your search results will return the text of the decision. But that is not all. Decisions, in this case Bowers, can come with official citations and pagination. Key factors for anyone writing and citing to the case. The cases cited in the body of the decision, if Google has them, actually show up as clickable links. That should give the major vendors pause! But this is STILL not all Google Scholar has to offer. If there are legal journals that cite the case you have searched and Google has them, you will see them in your search. By clicking the “How Cited” link next to the case name on the results page, you can see how the document has been cited, where it has been cited, and other related cases. Searching for Bowers brings up a list of cases that have been seminal in the area of privacy rights, for example. Even the footnotes are clickable links! Suffice it to say that Google is on to something really good here.

- and -

GOOGLE SCHOLAR LEGAL OPINION AND JOURNAL SEARCH, ABA LTRC FREE FULL-TEXT LAW REVIEW/LAW JOURNAL SEARCH (ABA’s LTRC, 19 Nov 2009) - Google officially announced adding legal opinion and journal search features to Google Scholar this week, following the ABA Legal Technology Resource Center’s announcement of the release of a free full-text online law review/law journal search engine created using Google Custom Search. What are some differences between the two search engines? Google Scholar legal searches often return a large number of fee-based journal sites and cannot currently be limited to searching free sources only; the LTRC search engine is designed to search free full-text sites. Google Scholar legal searches often return a mix of legal opinions and journal articles and cannot currently be limited to searching journals only; the LTRC search engine is designed to search only law review, law journal, and related article sites. Google Scholar’s options for searching legal opinions are more developed than those for searching legal journals. Searches can be limited to legal opinions and by jurisdiction through the Google Scholar Advanced Search interface. The legal opinions linked to in the search results are free full-text and include pagination. Google Scholar includes a citator feature for legal opinions: clicking on a “How cited” link appearing next to an opinion in the search results leads to a page which displays text snippets from citing paragraphs in citing opinions (no editorial analysis such as treatment is given). “Cited by” and “Related documents” links display lists of citing and related opinions and articles. Information regarding coverage of Google Scholar’s legal opinion database can be found at under the heading “Which court opinions do you include?” For more legal opinion-related information on the web, also see the ABA Standing Committee on Federal Judicial Improvements’ new Media Alerts on Federal Courts of Appeals website, which features case summaries and information on selected Federal Courts of Appeals cases.

WOW! TOP EXECS SAY THEY ARE INFLUENCED BY SOCIAL NETWORKS (ZDnet, 18 Nov 2009) - This new research study from the Society for New Communications Research (SNCR) is important because it shows that company executives are influenced by their online networks. And the trend is growing. The influence on business decisions by online communities is at its highest in three years. The research was conducted by Don Bulmer from SAP and Vanessa DiMauro. Here are some key findings from this survey 365 business professionals:
Professional decision-making is becoming more social - enter the era of Social Media Peer Groups (SMPG)
• Traditional influence cycles are being disrupted by Social Media as decision makers utilize social networks to inform and validate decisions
• Professionals want to be collaborative in the decision-cycle but not be marketed or sold to online; however online marketing is a preferred activity by companies.
Professional networks are emerging as decision-support tools
• Decision-makers are broadening reach to gather information especially among active users
Professionals trust online information almost as much as information gotten from in-person
• Information obtained from offline networks still have highest levels of trust with slight advantage over online (offline: 92% - combined strongly/somewhat trust; online: 83% combined strongly/somewhat trust)
Reliance on web-based professional networks and online communities has increased significantly over the past 3 years
• Three quarters of respondents rely on professional networks to support business decisions
• Reliance has increased for essentially all respondents over the past three years
Social Media use patterns are not pre-determined by age or organizational affiliation
• Younger (20-35) and older professionals (55+) are more active users of social tools than middle aged professionals.
• There are more people collaborating outside their company wall than within their organizational intranet.

IN-Q-TEL INVESTS IN CYBERSECURITY COMPANY (Information Week, 18 Nov 2009) - The independent venture arm of the U.S. intelligence community, In-Q-Tel, has invested in cybersecurity company FireEye, the company announced Wednesday. In-Q-Tel and FireEye didn’t disclose terms of the agreement, or which intelligence agencies are particularly interested in the technology. However, in a release, they said that the investment “will extend FireEye’s cyber security product development and stealth malware technical capabilities to protect against cyber threats.” The intelligence community has a clear interest in cybersecurity investment. At a conference earlier this month, deputy secretary of defense William Lynn said that more than 100 foreign intelligence agencies are actively trying to hack into federal government systems. The NSA recently announced plans to build a $1.5 billion cybersecurity data center in Utah. California-based FireEye sells an out-of-band security appliance that monitors all inbound network traffic, employing a blend of signatures and heuristics to analyze traffic for evidence of suspicious behavior. After identifying suspicious traffic, the appliance captures and replays the traffic on virtual machines running in the appliance, which imitate real PCs. If those PCs are compromised, FireEye alerts administrators. By routing the traffic to a virtual machine, FireEye claims it is able to mitigate false positives. The virtual machines are invisible to the customer’s production network. FireEye claims that its products are especially useful for protection against zero-day malware attacks and botnets.

DHS CRITICAL INFRASTRUCTURE PROTECTION WEBSITE LAUNCHED (BeSpacific, 18 Nov 2009) - The nation’s critical infrastructure and key resources (CIKR) include systems and assets, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating impact on national security, national economic vitality, or public health and safety. Ensuring CIKR resiliency and protection is essential to our security and way of life. The Department’s Office of Infrastructure Protection leads the coordinated national effort to build resiliency and reduce and mitigate risk across the 18 CIKR Sectors, which include such key areas as food and water, energy, communications and transportation systems, and emergency services. Since the vast majority of the nation’s critical infrastructure is privately owned and operated, strong partnerships between government and private industry are essential to achieve these shared goals.” See also the new CIKR Resource Center, “which includes information about how to sign up for free Web-based seminars on the tools, trends, issues, and best practices for infrastructure protection and resilience; resources concerning potential vulnerabilities for chemical facilities; and details about the National Response Framework, which outlines guidance for all response partners to prepare for and provide a unified response to disasters and emergencies.” and

INDIA ESTABLISHES BROAD INTERCEPTION, DATA RETENTION, CYBER SECURITY, AND WEBSITE BLOCKING REQUIREMENTS (Steptoe & Johnson’s E-Commerce Law Week, 19 Nov 2009) - India’s Information Technology (Amendment) Act, 2008, came into effect at the end of last month, instituting significant new requirements governing the interception and decryption of communications, access to stored data, data retention, cyber security, and website blocking. The law also appears to authorize the government to restrict what encryption may be used in India. Regulations implementing many of these requirements have already been “notified,” while other key regulations remain to be issued. Communications providers and other companies that do business in India thus will have to satisfy burdensome new requirements, and may be faced with even more significant restrictions in the near future.

SOME COURTS RAISE BAR ON READING EMPLOYEE EMAIL (WSJ, 19 Nov 2009) -Big Brother is watching. That is the message corporations routinely send their employees about using email. But recent cases have shown that employees sometimes have more privacy rights than they might expect when it comes to the corporate email server. Legal experts say that courts in some instances are showing more consideration for employees who feel their employer has violated their privacy electronically. Driving the change in how these cases are treated is a growing national concern about privacy issues in the age of the Internet, where acquiring someone else’s personal and financial information is easier than ever. “Courts are more inclined to rule based on arguments presented to them that privacy issues need to be carefully considered,” said Katharine Parker, a lawyer at Proskauer Rose who specializes in employment issues. In past years, courts showed sympathy for corporations that monitored personal email accounts accessed over corporate computer networks. Generally, judges treated corporate computers, and anything on them, as company property. Now, courts are increasingly taking into account whether employers have explicitly described how email is monitored to their employees. That was what happened in a case earlier this year in New Jersey, when an appeals court ruled that an employee of a home health-care company had a reasonable expectation that email sent on a personal account wouldn’t be read. And last year, a federal appeals court in San Francisco came down on the side of employee privacy, ruling employers that contract with an outside business to transmit text messages can’t read them unless the worker agrees. The ruling came in a lawsuit filed by Ontario, Calif., police officers who sued after a wireless provider gave their department transcripts of an officer’s text messages in 2002. The case is on appeal to the U.S. Supreme Court. Lawyers for corporations argue that employers are entitled to take ownership of the keystrokes that occur on work property. In addition, employers fear productivity drops when workers spend too much time crafting personal email messages. [Spotted by MIRLN reader Mathew Lodge of Symantec.]

200 WEB SITES SPREAD AL-QAIDA’S MESSAGE IN ENGLISH (Washington Post, 20 Nov 2009) - Increasing numbers of English-language Web sites are spreading al-Qaida’s message to Muslims in the West. They translate writings and sermons once largely out of reach of English readers and often feature charismatic clerics like Anwar al-Awlaki, who exchanged dozens of e-mails with the Army psychiatrist accused of the Fort Hood shootings. “If you look at the most influential documents in terms of homegrown terrorism cases, it’s not training manuals on building bombs,” Kohlmann said. “The most influential documents are the ones that are written by theological advisers, some of whom are not even official al-Qaida members.” Most of the radical Islamic sites are not run or directed by al-Qaida, but they provide a powerful tool for recruiting sympathizers to its cause of jihad, or holy war, against the United States, experts who track the activity said. The number of English-language sites sympathetic to al-Qaida has risen from about 30 seven years ago to more than 200 recently, said Abdulmanam Almushawah, head of a Saudi government program called Assakeena, which works to combat militant Islamic Web sites. In contrast, Arabic-language radical sites have dropped to around 50, down from 1,000 seven years ago, because of efforts by governments around the world to shut them down, he said.

MILITARY VIDEO SYSTEM IS LIKE YOUTUBE WITH ARTILLERY (Wired, 20 Nov 2009) - Making footage shareable and searchable online has sparked a revolution in the cute animal, stupid human, and delicious tamale communities. New software just might mean a similar upgrade for military video intelligence: Think of it as a real-time YouTube with heavy artillery. The release of the new version has just been announced. The U.S. military’s Task Force ODIN demonstrated the effectiveness of combining the video inputs from networked drones, aircraft and helicopters. When a roadside bomb went off, the team could wind back the video to see who planted it — and where they went. ODIN allegedly assisted in the takedown of thousands of insurgents in Iraq; their counterparts are starting work in Afghanistan. The process of handling, archiving and then searching through a large number of video feeds is a challenging one. That’s one of the reasons why something like YouTube can be so helpful: Instead of having to search through a pile of videotapes, you can just type in a few keywords. Even better, you can search all your friends’ video collections and they can search yours. And this is where a system like adLib produced by EchoStorm Worldwide LLC comes in. It does the same sort of thing for the military by automatically archiving video feeds along with the associated telemetry data. For example, suppose you want to find out what happened at point X at 8:30 yesterday. You don’t even have to know which platforms were in the area at the time. “You can ask for video that matches a specific location using latitude and longitude or the MGRS (Military Grid Reference System) or by clicking and dragging on a map,” David Barton of EchoStorm told Danger Room.

MEMENTO: PROTOCOL-BASED TIME TRAVEL FOR THE WEB (ReadWriteWeb, 20 Nov 2009) - The Web constantly changes and evolves. That, of course, is what makes the Internet so exciting, but it also means that finding older versions of a website is hard. The current push towards the real-time web is making this problem even more apparent. Memento, a project based at Old Dominion University, wants to make it easier to access older versions of a web page without having to go to the Internet Archive. To do this, the project is using a relatively obscure feature of the hypertext transfer protocol (HTTP). The Memento project wants to give browsers a ‘time-travel’ mode. Currently, the only way to find these pages is the Wayback Machine. According to an interview with Memento’s Herbert Van de Sompel, the mission of this project is to make it far easier for users to find older pages without having to go through the hassle of putting the right URL into the Wayback Machine’s search engine. To do this, Van de Sompel and his colleagues are exploiting a feature in the HTTP content negotiation specs that allows them to add date-and-time negotiation to the standard negotiations that already happen whenever your browser connects to a web server. Instead of just asking for the current page, a Memento-enabled browser can also ask for an older version of that page. Some servers and content management systems already offer this feature and the Memento project has developed a demo that shows how this feature would look. According to Van de Sompel, it only takes four extra lines of codes in Apache to make this work.

A LOOK AT TWITTER’S UPDATED PRIVACY POLICY (Eric Goldman’s blog, 20 Nov 2009) - As noted on Twitter’s blog, Twitter refreshed its privacy policy yesterday. Given that virtually everything Twitter does is placed under the microscope, I’m sure the policy will be pored over in detail. (Here’s a link to the updated policy and a link to the old policy.) General thoughts on the policy: The policy is short, easy to understand, and in plain English. The thrust of the policy is that most users typically use Twitter to publicly disseminate information, and users should expect any of this information to be broadly disseminated. This includes dissemination by Twitter, third party applications, search engines, etc. To the extent you want to restrict use of this information, Twitter gives you the tools to do so in your profile settings. Much of what’s in the policy is very typical of what you would find in the privacy policy of any other website or social network. However, a few things are worth mentioning:
1. Geolocation: The policy provides that you can turn geolocation on and off, and if you have it turned on, your location information is obviously broadcast and also used by Twitter. Geolocation is opt-in and this makes sense.
2. Cookies: The policy also mentions that Twitter places cookies on your computer. Virtually all privacy policies contain this, since most websites use cookies. But for some reason this part of the privacy policy jumped out at me. I guess it’s a reminder of the tremendous advertising power that Twitter could wield. Everyone who uses Twitter expresses their preferences through Twitter, by clicking on links, using applications, and just through general usage. Most people probably do more, such as expressing their food, drink, entertainment, political, and other preferences. (Some more than others.) By being able to identify the computer of someone who expresses those preferences, Twitter can build a valuable network that would be useful to advertisers. I’m not only talking about advertising on (the web client), but also advertising on other websites or networks as well. This is pretty common in the industry, and subject to attack by privacy advocates, some of whom are pushing for an opt-in system for this type of tracking. Thus far Twitter has been free of advertising, but this is likely to change, as indicated by Twitter’s own statements. (See Scoble’s link below.)
3. Metadata: Interestingly, the policy also treats tweet metadata as public information (“information you are asking us to make public”). This seems to create some grey area between information which you broadcast and is truly public, and information which is available to Twitter (but not to your followers) from your use of Twitter. Robert Scoble has a post with comments from Twitter’s COO signaling Twitter’s turn to advertising and possible use of metadata in this context. I didn’t pick up on this at first, but I think this is significant.

LAW FIRM INVOKES PRIVACY LAWS IN SUING RIVAL OVER SEARCH ENGINE KEYWORDS (, 20 Nov 2009) - A lawsuit in Wisconsin is bringing a fresh challenge to the practice of paying for keywords on Google and other search engines to boost one company’s link over a rival’s. The practice has occasionally prompted a rival to file legal challenges alleging trademark infringement. Now a Wisconsin law firm is trying a new angle -- accusing its competitor of violating privacy laws. Habush Habush & Rottier is one of Wisconsin’s largest law firms, specializing in personal injury cases. But search for iterations of “Habush” and “Rottier” and a sponsored link for Cannon & Dunphy attorneys often shows up, just above the link for the Habush site. Habush alleges that Cannon paid for the keywords “Habush” and “Rottier,” in effect hijacking the names and reputation of Habush attorneys. Cannon acknowledged paying for the keywords but denied wrongdoing, saying it was following a clearly legal business strategy. The lawsuit was filed Thursday in Milwaukee, where Habush is headquartered. Cannon is based in nearby Brookfield. Habush based its lawsuit on a Wisconsin right-to-privacy statute that prohibits the use of any living person’s name for advertising purposes without the person’s consent. “We believe this is deceptive, confusing and misleading,” firm president Robert Habush said of Cannon’s strategy. “If Bill Cannon thinks this is a correct way to do business he needs to have his moral compass taken to the repair shop.” William Cannon, the founding partner of Cannon & Dunphy, said every business uses the same tactic to remind consumers of their choices. “This is equally available to Habush if he weren’t so cheap to bid on his own name,” Cannon said. One legal expert said it wasn’t clear how successful Habush’s lawsuit would be. Ryan Calo, a fellow at the Center for Internet and Society at Stanford Law School, said the statute seemingly was meant to protect people from having their names and images misused to suggest they endorse or represent something. That’s not the case here, he said.

LEVI’S IS PAYING ORRICK A FLAT FEE TO HANDLE ALL BUT ITS IP WORK (ABA Journal, 23 Nov 2009) - Orrick, Herrington & Sutcliffe is earning a flat fee to handle all of the legal work worldwide for Levi Strauss & Co., with just one exception. Levi’s is paying Orrick an annual fee in monthly increments for all but its brand protection work, the Recorder (sub. req.) reports. Townsend and Townsend and Crew is handling that aspect of Levi’s legal business. If work needs to be done where Orrick doesn’t have an office, it will hire an outside law firm at its own expense. The arrangement is unusual because it is so all-encompassing, according to Frederick Krebs, president of the Association of Corporate Counsel. “It is still news when a big firm and a big company do a significant amount of work or transactions in that way,” Krebs told the Recorder. Orrick wouldn’t disclose how much the Levi’s deal is worth, but the story calls the deal a “multimillion-dollar arrangement.” Twenty-five percent of revenue comes from alternative billing. Orrick partner Karen Johnson-McKewan worked out the details of the deal. “The core principle that we’re operating with here is that we’re trusting each other,” she told the Recorder. “We all are committed to doing whatever we can to make it work. We know there will be bits and pieces where it may not.”

WIKILEAKS RELEASES OVER HALF A MILLION PAGER MESSAGES FROM 9/11 (ReadWriteWeb, 25 Nov 2009) - Earlier this morning, Wikileaks began to post pager messages that were sent on September 11, 2001. According to Wikileaks, these messages were intercepted by an “organization which has been intercepting and archiving US national telecommunications since prior to 9/11.” Some of these messages are from officials in police and fire departments, though a large number of messages are also from businesses. Others are automated messages to engineers that were sent by computers about network and hardware issues. Wikileaks is posting these messages semi-live - in sync with the events of 9/11. It’s not clear how Wikileaks got this data or who intercepted these messages. This archive is likely to become an invaluable source for anybody who wants to study the events and the public’s reaction on this day. Chances are that conspiracy theorists are already wading through this data looking for an official page that authorized the destruction of Building 7. As is to be expected, the archive includes many Twitter-like messages like “Bush calls World Trade Center crashes apparent terrorist attack.” Others are internal messages from unknown businesses or government departments (“please due to the incidents taking place and with trying to close centers Please do not tie up aol today unless it is business. Thanks”) or personal message (“Things are getting worse....fear is rampid...please call me. HISD are advising to come get children etc.-sm”). This thread on Reddit highlights some of the most interesting (and often shocking) messages. We don’t know the nature of Wikileaks this source yet, so it’s only prudent to treat this data with some skepticism. Wikileaks, however, has a track record of releasing authentic information and it seems unlikely (but not impossible) that somebody would go through the trouble of writing 500,000 pager messages just to be featured on Wikileaks.

GOOGLE PROFILES TURN INTO OPENIDS (TechCrunch, 25 Nov 2009) - As part of its push to go more social, Google has been attempting to unify its various account profiles into one Google Profile. And now it’s more useful. Google’s Brad Fitzpatrick has just tweeted out that Google Profiles can now be used as OpenIDs. What this means is that you can sign into any site that accepts OpenID simply by using your Google Profile domain. Luckily, a few months ago Google started allowing these profiles to have vanity URLs, like /mgsiegler, instead of the previous /32090329039402903. Chris Messina, a huge proponent of the open web movement, has just sent out a picture of what signing in with OpenID via your Google Profile looks like.

**** RESOURCES ****
8 THINGS TO REMEMBER WHEN IMPLEMENTING AN E-MAIL POLICY (Digital Landfill, 12 Nov 2009) – [useful checklist and explication]: [Spotted by MIRLN-reader Claude Baudoin of Cebe KM and IT.]

**** FUN ****
WIFI BODY SCALE AUTO-TWEETS EACH TIME YOU STEP ON IT (Mashable, 10 Nov 2009) - This sounds like our worst nightmare, but a WiFi Body Scale has hit the market, and it’s designed to auto-tweet your every weigh-in along with the number of pounds you need to gain or lose to reach your goal. The enhanced $159.99 scale is available for purchase from the manufacturer’s website. Previously able to record weight data and track it via an iPhone app, the addition of auto-tweeting is apparently a motivational feature to keep you focused on your weight-loss (or gain) goals. Should this seemingly outlandish functionality appeal to you, you can configure your Twitter account for auto-posting on a per weigh-in, daily, weekly, or monthly basis after the initial Twitter activation process. The scale records your body weight, lean & fat mass (ouch), and body mass index, all of which is posted to your personal webpage and/or the iPhone application. [Editor: Clearly moves Web 2.0 into the TMI space.]

**** LOOKING BACK ****
FORMER VOLUNTEERS SUE AOL, SEEKING BACK PAY FOR WORK (New York Times, 26 May 1999) - Two former volunteers for America Online have filed a lawsuit in Federal Court in Manhattan in an attempt to obtain back wages, saying that they and thousands of other volunteers should have been compensated for their work. The plaintiffs, Kelly Hallisey of Nassau County and Brian Williams of Dallas, allege that AOL violated the Fair Labor Standards Act, a Federal law that mandates a minimum hourly wage for employees, by using volunteers to perform work for the on-line service. They and their lawyer, Leon Greenberg, said they were hoping other volunteers for the on-line service would join the suit, which was filed Monday. The amount of damages sought was not specified. The volunteers, called community leaders, perform a variety of tasks for the service, like moderating on-line discussions and overseeing other volunteers. [Editor: today, could the analogue be crowd-sourcing volunteers?]

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley ( with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
6. Crypto-Gram,
7. McGuire Wood’s Technology & Business Articles of Note,
8. Steptoe & Johnson’s E-Commerce Law Week,
9. Eric Goldman’s Technology and Marketing Law Blog,
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.