Saturday, April 11, 2009

MIRLN --- 22 March – 11 April 2009 (v12.05)

• Heartland Fearless: Sets Aside No Reserve for Breach
• Nothing to Lose (Or Risk Tolerance is a Competitive Weapon)
• Farewell to the Printed Monograph
o MIT Will Provide Open Access to Articles
o College Too Expensive? Try YouTube
o Law Profs, Beware: Videotaped Lectures Can Be Embarrassing YouTube Moments
• One in Four UK Government Databases Illegal
• Most Electronic Voting Isn’t Secure, CIA Expert Says
• AT&T to Start Sending Copyright Warnings
• California Rules to Amend Inaccessible ESI
o In Search of the Perfect Search
o How Far is Too Far in E-Discovery?
• Vast Spy System Loots Computers in 103 Countries
• In Britain, Web Leaves Courts Playing Catch-Up
• Cheating Husband Said Caught Via Google Street View
• Verizon May Cut Number of Mobile Systems
• Court Invalidates Contract Made Through Insecure Corporate Network
• iPods, First Sale, President Obama, and the Queen of England
• Second Circuit Says Google’s Keyword Ad Sales May Be Use in Commerce
• AP, News Industry Tout New Effort to Fight Web News Piracy
• Yelp Will Let Businesses Respond to Web Reviews
• Hackers Reportedly Have Embedded Code in Power Grid
• House of Lords Rules That UK Surveillance Law Trumps Attorney-Client Privilege

BOOK REVIEW | PODCASTS | APRIL FOOLS | LOOKING BACK | NOTES

**** NEWS ****

HEARTLAND FEARLESS: SETS ASIDE NO RESERVE FOR BREACH (StorefrontBalktalk, 19 March 2009) - Facing dozens of civil lawsuits and almost as many government probes because of a major data breach, Heartland remained Stoic with the SEC this week, telling the financial agency that it had decided to set aside zero funds as a contingency. “While we have determined that the Processing System Intrusion has triggered a loss contingency, to date an unfavorable outcome is not believed by us to be probable on those claims that are pending or have been threatened against us, or that we consider to be probable of assertion against us, and we do not have sufficient information to reasonably estimate the loss we would incur in the event of an unfavorable outcome on,” Heartland reported. “As more information becomes available, if we should determine that an unfavorable outcome is probable on such a claim and that the amount of such unfavorable outcome is reasonably estimable, we will record a reserve for the claim in question any such claim.” The Form 10-K also listed a wide range of agencies probing the breach, including quite a few whose Heartland probes had not been public. The list now includes the Federal Financial Institutions Examination Council, the Federal Trade Commission, the Louisiana Department of Justice Office of the Attorney General, the Canadian Privacy Commission and quite a few state Attorneys General. Heartland also referenced Visa’s decision last week to remove Heartland from the PCI compliant list. http://www.storefrontbacktalk.com/securityfraud/heartland-fearless-sets-aside-no-reserve-for-breach/

NOTHING TO LOSE (OR RISK TOLERANCE IS A COMPETITIVE WEAPON) (Redeye VC, 22 March 2009) - I’ve been thinking a lot about the market/economy lately, and what the economic downturn means for startups. And I’ve come to the conclusion that while the economic crisis does present serious challenges to startups, it it might also offer a real opportunity to attack large entrenched players. Back in 2000, after I sold Half.com to eBay, I remained with eBay for a few years. And while I was there I was a witness to their battle with (and ultimate defeat by/acquisition of) PayPal. There are many reasons why PayPal won -- but I think it really came down to the differences in “risk tolerance” between a startup and a large public company. Let me give two examples: * * * http://redeye.firstround.com/2009/03/nothing-to-lose-or-risk-tolerance-is-a-competitive-weapon.html [Editor: Interesting and insightful.]

FAREWELL TO THE PRINTED MONOGRAPH (InsideHigherEd, 23 March 2009) - The University of Michigan Press is announcing today that it will shift its scholarly publishing from being primarily a traditional print operation to one that is primarily digital. Within two years, press officials expect well over 50 of the 60-plus monographs that the press publishes each year -- currently in book form -- to be released only in digital editions. Readers will still be able to use print-on-demand systems to produce versions that can be held in their hands, but the press will consider the digital monograph the norm. Many university presses are experimenting with digital publishing, but the Michigan announcement may be the most dramatic to date by a major university press. The shift by Michigan comes at a time that university presses are struggling. With libraries’ budgets constrained, many presses have for years been struggling to sell significant numbers of monographs -- which many junior professors need to publish to earn tenure -- and those difficulties have only been exacerbated by the economic downturn. http://www.insidehighered.com/news/2009/03/23/michigan

- and -

MIT WILL PROVIDE OPEN ACCESS TO ARTICLES (InsideHigherEd, 24 March 2009) - Faculty members at the Massachusetts Institute of Technology have voted to make all of their scholarly articles available to the public, free and online. MIT and faculty members will let others use the articles in any way except to make a profit. Individual authors may opt out on an article-by-article basis. “The vote is a signal to the world that we speak in a unified voice; that what we value is the free flow of ideas,” said Bish Sinyal, chair of the MIT Faculty and the Ford International Professor of Urban Development and Planning. http://www.insidehighered.com/news/2009/03/24/qt#194793

- and -

COLLEGE TOO EXPENSIVE? TRY YOUTUBE (AP, 9 April 2009) - It might seem counterintuitive to look for higher education alongside Avril Lavigne music videos, but the video-sharing site has become a major reservoir of college content. The Google Inc.-owned YouTube has for the last few years been forging partnerships with universities and colleges. The site recently gathered these video channels under the banner YouTube EDU (http://www.youtube.com/edu). More than 100 schools have partnered with YouTube to make an official channel, including Stanford, MIT, Harvard, Yale and the first university to join YouTube: UC Berkeley. There are promotional videos like campus tours, but the more interesting content is straight from the classroom or lecture hall. Many schools have posted videos of guest lecturers, introductory classes and even a full semester’s course. In 2002, the Massachusetts Institute of Technology launched the MIT OpenCourseWare (http://ocw.mit.edu) with the plan to make virtually all the school’s courses available for free online. As a visitor, one almost feels like you’ve somehow sneaked through a firewall. There’s no registration and within a minute, you can be watching Prof. Walter Lewin demonstrate the physics of a pendulum by being one himself. Last December, MIT announced that OCW had been visited by more than 50 million people worldwide. http://tech.yahoo.com/news/ap/20090409/ap_on_hi_te/on_the_net_youtube_edu_2

- but -

LAW PROFS, BEWARE: VIDEOTAPED LECTURES CAN BE EMBARRASSING YOUTUBE MOMENTS (ABA Journal, 3 April 2009) - Law professors who tape and post their lectures online would likely want to avoid the plight of a college professor at the University of Alabama. He left his wireless microphone on during a bathroom break, recording “watery sounds” that could be heard on a classroom recording until the section was removed, according to the Chronicle of Higher Education (sub req.). Another professor at George Washington University made a frantic call to make sure a private conversation with a student worried about failing grades was cut from the tape. Officials complied, avoiding online dissemination of a conversation that would have violated federal law, according to the story. Yet another professor was placed on leave at the University of Florida’s business school after he appeared disoriented in a videotaped lecture posted to YouTube that was originally titled “apparently baked professor.” Nova Southeastern law professor James Levy noted the article in a post at the Legal Writing Prof Blog. He says several law professors videotape their classes and make the videos available on school websites or through iTunes. Levy began taping his classes in the fall as an experiment, and so far he’s pleased with the results. He likes the idea that students who miss a class or who have trouble understanding a difficult concept can watch the tapes to get up to speed. Fortunately, Levy says, his school uses a platform called Apresso that uses streaming technology to post lectures that are password-protected on the school’s website. “Streaming technology allows students to view the tapes as often as they wish, but videos can’t be saved, stored or forwarded to a third party like YouTube,” he told the ABA Journal in an e-mail. http://www.abajournal.com/weekly/law_profs_beware_videotaped_lectures_can_be_embarrassing_youtube_moments

ONE IN FOUR UK GOVERNMENT DATABASES ILLEGAL (The Telegraph, 23 March 2009) - One in four Government databases are illegal under human rights or data protection and should be scrapped immediately, a panel of experts have warned. Another six in ten have “significant problems and may be unlawful” while just one in eight are given a clean bill of health. The UK has become the “most invasive surveillance state, and the worst at protecting privacy, of any Western democracy”, the most detailed study yet on data collection reveals. Systems including the DNA database, National Identity Register, the children’s ContactPoint index and the NHS Detailed Care Record are “fundamentally flawed”, they conclude. The scathing report says a quarter of public sector databases are either disproportionate, run without consent, have no legal basis or have major privacy or operational problems. In a wide-ranging attack, it warns children are most at risk from “Britain’s Database State” and that data sharing is now creating a barrier to socially responsible activities. The report, commissioned by the Joseph Rowntree Reform Trust, is the first comprehensive review of Britain’s major databases. It will fuel fresh accusations that the Government is marching Britain headfirst in to a surveillance society and personal data being readily shared between public bodies or help snoop on the public with virtually no control. But the experts, specialists in information policy, revealed senior civil servants and politicians now also see the personal data issue as “career threatening and toxic”. One author, Professor Ross Anderson of Cambridge University, said: “Britain’s database state has become a financial, ethical and administrative disaster which is penalising some of the most vulnerable members of our society. It also wastes billions of pounds a year and often damages service delivery rather than improving it. http://www.telegraph.co.uk/news/newstopics/politics/5032994/One-in-four-government-databases-illegal.html

MOST ELECTRONIC VOTING ISN’T SECURE, CIA EXPERT SAYS (McClatchy Newspapers, 24 March 2009) - The CIA, which has been monitoring foreign countries’ use of electronic voting systems, has reported apparent vote-rigging schemes in Venezuela, Macedonia and Ukraine and a raft of concerns about the machines’ vulnerability to tampering. Appearing last month before a U.S. Election Assistance Commission field hearing in Orlando, Fla., a CIA cybersecurity expert suggested that Venezuelan President Hugo Chavez and his allies fixed a 2004 election recount, an assertion that could further roil U.S. relations with the Latin leader. In a presentation that could provide disturbing lessons for the United States, where electronic voting is becoming universal, Steve Stigall summarized what he described as attempts to use computers to undermine democratic elections in developing nations. His remarks have received no news media attention until now. Stigall told the Election Assistance Commission, a tiny agency that Congress created in 2002 to modernize U.S. voting, that computerized electoral systems can be manipulated at five stages, from altering voter registration lists to posting results. “You heard the old adage ‘follow the money,’ “ Stigall said, according to a transcript of his hour-long presentation that McClatchy obtained. “I follow the vote. And wherever the vote becomes an electron and touches a computer, that’s an opportunity for a malicious actor potentially to . . . make bad things happen.” The CIA got interested in electronic systems a few years ago, Stigall said, after concluding that foreigners might try to hack U.S. election systems. He said he couldn’t elaborate “in an open, unclassified forum,” but that any concerns would be relayed to U.S. election officials. http://www.mcclatchydc.com/226/story/64711.html

AT&T TO START SENDING COPYRIGHT WARNINGS (AP, 27 March 2009) - AT&T Inc., the nation’s largest Internet service provider, will start sending warnings to its subscribers when music labels and movie studios allege that they are trafficking in pirated material, according to an executive. The phone company thus joins other major ISPs that either go beyond legal requirements or interpret their duties under the law to mean that they have to forward such notices. Jim Cicconi, AT&T’s top executive in Washington, confirmed this week that the company is looking to expand a trial program it ran late last year with movie studios. It is currently testing a system with the Recording Industry Association of America and will expand the program with other rights organizations. Comcast Corp., Cox Communications Inc. and Verizon Communications Inc. already forward such notices, but the approaches differ, and the legal situation is muddled. Copyright holders like movie studios can, in many cases, identify Internet users who download or provide pirated material by their numerical Internet address, but cannot match it up with a subscriber name without the cooperation of the Internet service provider. ISPs have previously identified their customers to copyright holders who bring court orders. The copyright holders and their representatives, like the RIAA, have then been able to sue the customers. But that strategy had been widely criticized, and the RIAA said late last year it was abandoning its policy of filing lawsuits, opting instead to work with ISPs to cut abusers’ access if they ignore repeated warnings. At the time, the RIAA said it agreed with several leading ISPs, without naming which ones, to notify alleged illegal file-sharers and cut off service if they failed to stop. Under the new system at AT&T, copyright holders would send a notice to the ISP that a certain numerical Internet address is associated with piracy. The ISP would then automatically forward the notice to the customer via e-mail, without telling the copyright holder who the customer is, Cicconi said. AT&T and other participating ISPs are doing more for copyright owners than they are legally obliged to, according to Fred von Lohmann, a senior staff attorney at the Electronic Frontier Foundation. However, they do have an obligation to have a policy in place to kick off repeat offenders, he said. http://tech.yahoo.com/news/ap/20090327/ap_on_hi_te/tec_at_t_internet_piracy_2 [Editor: copy of the GhostNet report here: http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network; Information Warfare Monitor here: http://www.infowar-monitor.net/]

CALIFORNIA RULES TO AMEND INACCESSIBLE ESI (Law.com, 27 March 2009) – In 2003, in an attempt to address the growing concerns regarding electronic discovery, the U.S. District Court for the Southern District of New York, in Zubulake v. UBS Warburg LLC, 217 F.R.D. 309, set forth what was, at the time, a ground-breaking rule regarding electronically stored information. The first in the series of cases on the issue, Zubulake I, assessed whether costs of production should be shifted to the requesting party. The Zubulake court found that there were certain types of information that were inaccessible, such as backup tapes and erased or fragmented data. The court in Zubulake I reasoned that the restoration process for backup tapes was lengthy, with each tape taking approximately five days to restore. The cost and time to the responding party therefore, would appear to be extreme. Zubulake IV, 220 F.R.D. 212, expanded on this idea of accessibility, seemingly finding that disaster recovery tapes are per se inaccessible. Today, nearly six years after Zubulake, these concerns are not nearly as prevalent. It no longer takes days to restore a single backup tape. Rather, given the vast advances in technology since the days of Zubulake, or even the 2006 amendments to the Federal Rules of Civil Procedure, many companies now have disaster recovery systems from which data can be completely restored within a matter of hours. As such, data that was once deemed per se inaccessible, is now, in fact, readily accessible. The Dec. 1, 2006 amendments to the federal rules regarding e-discovery were written in broad enough terms to encompass these advances in technology -- potentially opening the door for production of documents from disaster recovery systems, despite Zubulake’s holding otherwise. California has now followed suit with its own proposed rule changes. These rule changes make it even more likely that a court will find that backup data is accessible. On Sept. 27, 2008, Gov. Arnold Schwarzenegger vetoed Assembly Bill 926 that would have amended California’s Civil Discovery Act to address e-discovery issues. The amendments have been reintroduced to the Assembly as Assembly Bill 5, unchanged except for the addition of a statement regarding the urgency of its passage, which would make the bill effective immediately once signed. On March 3, 2009, the bill passed the Assembly Judiciary Committee and has since been read in the Senate and referred to the Committee on Rules. Generally, California’s proposed e-discovery rules parallel the federal amendments. Both broadly define “electronically stored information.” Both require the parties to meet and confer regarding discovery of ESI, 21 days prior to a Rule 16(b) scheduling conference or order under the federal rules and 45 days prior to the case management conference regarding discovery in California state court. The federal rules and California’s proposed rules both permit a requesting party to inspect, copy, test or sample ESI, although the federal rules caution that courts should guard against undue intrusiveness that may result from providing direct access to a party’s ESI system. Acknowledging the inherent difficulty of mining through potentially voluminous electronic documents for privileged information, both amendments also provide parties with similar mechanisms for handling inadvertently produced documents. Finally, both sets of rules are nearly identical with regard to the form of production, allowing the requesting party to specify a form and the responding party to object to the requested form. The only noteworthy difference between the federal amendments and the California amendments is their differing treatment of “inaccessible” ESI. When the California amendments were circulated for public comment last year, they included a presumption that all ESI was accessible. In sum, the proposed amendments required a responding party who deems ESI inaccessible (and is unable to resolve the issue during the meet and confer) to move for a protective order. In the version of the California rules that is currently awaiting enactment, responding parties may still move for a protective order; however, responding parties have the additional option of objecting to a request on the basis that the information is not accessible, at which point the requesting party may move to compel production. In essence, the previous version of California’s e-discovery amendments appears to presume that all ESI is accessible by requiring the responding party to file a motion for a protective order. The current version of the amendments moves away from this slightly but still places the burden on the responding party to assert the inaccessibility of documents. Thus, the revision still implies an underlying notion that all ESI is accessible. This rule stands in stark contrast -- if not technically, then at least in theory and perspective -- to the corresponding federal rule. Under the federal rules, if ESI is inaccessible, the responding party simply doesn’t need to produce such documents. http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202429426048&rss=newswire

- and -

IN SEARCH OF THE PERFECT SEARCH (ABA Journal, April 2009) - It would be the ultimate discovery for e-discovery: a perfect method to turn terabytes of digital data into a collection of case-relevant documents. Three years ago, a handful of lawyers and scientists started the quest, a project to save litigation from being bur ied in an avalanche of electronic documents. Since then, the Text Retrieval Confer ence Legal Track has been using different types of computer searches to wade through huge piles of digital in formation, hoping to get closer to a complete picture of what is issue-important in a computer’s data stores. The good news: The TREC Legal Track team believes it is close to finding a protocol that can work. The bad: The project also found disturbing problems with the way lawyers work today. And the harshest conclusion: Key word searching—what most law yers use to find litigation documents—misses the majority of relevant documents. Or as Jason Baron, one of the Legal Track study coordinators, puts it, “Lawyers need to understand that the way they have been searching for electronic documents has some serious flaws.” http://www.abajournal.com/magazine/in_search_of_the_perfect_search

- and -

HOW FAR IS TOO FAR IN E-DISCOVERY? (Law.com, 7 April 2009) - In oral arguments last week, the Texas Supreme Court wrestled with how far courts should go in allowing electronic discovery. In Re: Weekley Homes LP raises an issue of first impression for this state’s Supreme Court: Can a trial court order one litigant in a civil suit to provide a court-appointed computer forensic expert access to its computer hard drives for mirror imaging and searching, if the opposing side pays the costs? During arguments in the writ of mandamus action, the justices grilled the attorneys for Weekley Homes, a defendant in the underlying suit, and HFG Enclave Land Interests, the plaintiff in that suit. Former state Supreme Court Justice Craig Enoch, Weekley’s appellate attorney, had barely begun his argument on March 31 when the questions began. The first question led to a discussion of the Texas Rules of Civil Procedure before circling back to the issue of first impression. “Can you envision a type of case where an entire hard drive would be required to be produced?” Justice David Medina asked. Enoch said no -- because he doesn’t believe the state’s discovery rules allow it. http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202429700313&rss=newswire

VAST SPY SYSTEM LOOTS COMPUTERS IN 103 COUNTRIES (New York Times, 28 March 2009) - A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded. In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved. The researchers, who are based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malicious software, or malware. Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama’s Tibetan exile centers in India, Brussels, London and New York. The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries. The newly reported spying operation is by far the largest to come to light in terms of countries affected. Still going strong, the operation continues to invade and monitor more than a dozen new computers a week, the researchers said in their report, “Tracking ‘GhostNet’: Investigating a Cyber Espionage Network.” They said they had found no evidence that United States government offices had been infiltrated, although a NATO computer was monitored by the spies for half a day and computers of the Indian Embassy in Washington were infiltrated. The malware is remarkable both for its sweep — in computer jargon, it has not been merely “phishing” for random consumers’ information, but “whaling” for particular important targets — and for its Big Brother-style capacities. It can, for example, turn on the camera and audio-recording functions of an infected computer, enabling monitors to see and hear what goes on in a room. The investigators say they do not know if this facet has been employed. http://www.nytimes.com/2009/03/29/technology/29spy.html?hp Report here: http://www.infowar-monitor.net/ghostnet

IN BRITAIN, WEB LEAVES COURTS PLAYING CATCH-UP (New York Times, 29 March 2009) – On March 17, hours after publishing leaked documents on its Web site showing the lengths Barclays had gone to in order to reduce the taxes it paid in Britain, The Guardian newspaper was ordered by a judge to take the material down. His reasoning was that the bank had a right to confidentiality. In the ruling, the judge in London, Nicholas Blake, also added a peculiar twist: The Guardian must not tell readers how easy it is to locate the documents at Web sites outside of Britain. It was only the latest example of British courts trying to preserve what it saw as litigants’ rights even in the face of an onslaught of information on the Internet. To some, this may be a final, futile effort. In November, a court order prevented British newspapers from printing a leaked list of members of the far-right British National Party. Unfortunately for the court, that material was available at, among other sites, wikileaks.org, which also hosts the Barclays documents. In that earlier case, British newspapers, including The Guardian, took great pleasure in (wink, wink, nudge, nudge) directing its online audience to the list they had been forbidden to publish. The height of absurdity came when those papers published blog posts from reporters describing the experience of reading the list at wikileaks. “The Internet is throwing sharp relief to the illogical nature of our system,” said Alan Rusbridger, the editor of The Guardian. “Technology is way ahead of the law, and the law is limping along trying to make sense of it.” http://www.nytimes.com/2009/03/30/technology/internet/30link.html?_r=1&ref=business

CHEATING HUSBAND SAID CAUGHT VIA GOOGLE STREET VIEW (ValleyWag, 30 March 2009) - A woman, checking out a female friend’s house on Google Maps, was surprised to see her husband’s Range Rover parked out front, complete with blingy hubcaps, reports The Sun. A divorce is underway. It’s a story so tidy, one almost doesn’t want the British tabloid to bother fact-checking it. The paper’s initial (and thus far only) source is a “top media lawyer” named Mark Stephens. Presumably, then, the anecdote will be confirmed as the case winds its way through the British courts. It’s worth noting that the Sun doesn’t yet know so much as the name of the husband, much less possess the “Street View” image in question. But there have been enough examples of unexpected and embarrassing Street View pictures that [t]he point of the story stands regardless of whether it’s fact or fiction: Google is happy to provide you with enough privacy — say, via GMail and GChat — to get yourself involved in some illicit scandal. Then it will happily bust you as that scandal unfolds in the real world. http://gawker.com/5191459/cheating-husband-said-caught-via-google-street-view

VERIZON MAY CUT NUMBER OF MOBILE SYSTEMS (Reuters, 1 April 2009) - Verizon Wireless hopes to roughly halve the number of cellphone operating systems that it needs to support in the next few years to help improve the time it takes to bring new technologies to customers. The company, owned by Verizon Communications and Vodafone Group Plc, said on Wednesday it has teamed up with China Mobile, Vodafone and Japan’s Softbank Corp to create a single platform to make it easier for developers to create mobile data applications for cellphones. Verizon Wireless CEO Lowell McAdam said the company didn’t want to shun particular operating systems but was looking for ways to make it easier to bring new applications to consumers. “We probably have, literally, eight or nine different operating systems ... What we hope over the next few years is to land on about three to four,” McAdam told reporters at the CTIA annual wireless technology showcase. There are already several widely used operating systems from companies such as Nokia, Microsoft, Research In Motion, Palm Inc, Apple Inc and Google Inc. Verizon will hold its first conference for application developers this summer, suggesting the company could join its device suppliers in the race to build application stores. McAdam ruled out network-sharing agreements with rival providers and network management outsourcing as ways for Verizon to save money as it gears up to build a new network in one of the weakest economies in years. http://www.reuters.com/article/idUSN0149694820090401

COURT INVALIDATES CONTRACT MADE THROUGH INSECURE CORPORATE NETWORK (Steptoe & Johnson’s E-Commerce Law Week, 2 April 2009) - A recent ruling suggests that a company’s data security failings can not only lead to investigations by the Federal Trade Commission, lawsuits, and loss of customers’ good will -- they can also invalidate electronic contracts. In Kerr v. Dillard Store Services, Inc., a federal district court refused to enforce an arbitration agreement on the ground that the company’s inadequate security prevented the company from proving that its former employee had genuinely executed the arbitration agreement electronically. The company therefore had to litigate the former employee’s discrimination claim in court. Kerr thus offers a new way inadequate security can add to a company’s legal risks. http://www.steptoe.com/publications-6030.html Court’s ruling here: http://www.steptoe.com/assets/attachments/3760.pdf [Editor: the ruling looks to be ill-advised; Dillard’s processes appear to be fairly comprehensive (and exceed many organizations’), and not unduly open to unauthorized access.]

IPODS, FIRST SALE, PRESIDENT OBAMA, AND THE QUEEN OF ENGLAND (EFF’s Fred von Lohmann, 2 April 2009) - President Obama reportedly gave an iPod, loaded with 40 show tunes, to England’s Queen Elizabeth II as a gift. Did he violate the law when he did so? You know your copyright laws are broken when there is no easy answer to this question. Traditionally, it has been the job of the “first sale” doctrine to enable gift giving -- that’s the provision of copyright law that entitles the owner of a CD, book, or other copyrighted work, to give it away (or resell it, for that matter), notwithstanding the copyright owner’s exclusive right of distribution. In the digital era, however, first sale has been under siege, with copyright owners (and even the Copyright Office) arguing that it has no place in a world where “ownership” has been replaced by “licenses” and hand-to-hand exchanges have been replaced by computer-mediated exchanges that necessarily make copies. But it’s precisely because first sale is central to everyday activities like giving an iPod to a friend, selling a used CD on eBay, or borrowing a DVD from a library, that EFF and others have been fighting for it in case after case. So, how does President Obama fare in this? It’s nearly impossible to figure out. If he’d simply purchased a “greatest hits” CD of show tunes and given it to the Queen, the first sale doctrine would have taken care of it. But because digital technology is involved here, suddenly it’s a legal quagmire. (And, for the remainder of this discussion, I am going to set aside the Presidential immunity issues and the UK copyright law issues, which make it even more of a quagmire.) First, let’s imagine that the President (or his staff) bought the 40 show tunes from the iTunes music store. Do you “own” the music that you buy from iTunes? The nearly 9,000 words of legalese to which you agree before buying don’t answer that question (an oversight? I doubt it). Copyright owners have consistently argued in court that many digital products (even physical “promo” CDs!) are “licensed,” not “owned,” and therefore you’re not entitled to resell them or give them away. (And the Amazon MP3 Store terms of service are even worse for consumers than iTunes -- those terms specifically purport to strip you of “ownership” and forbid any “redistribution.”) Second, even if the first sale doctrine applies to iTunes downloads, what about the additional copies made on the iPod? iTunes does not download directly to an iPod. So President Obama’s staff made an additional copy onto the Queen’s intended iPod. How are those copies excused? The iTunes terms of service say that downloads are “only for personal, noncommercial use.” Is giving a copy to a head of state a “personal” use? Seems more like a “diplomatic use,” doesn’t it? So copyright owners could argue that the copy on the iPod was not authorized, because it was beyond the scope of the iTunes “license.” And according to the typical rightsholder argument, any use beyond the scope of the “license” is a copyright infringement. http://www.eff.org/deeplinks/2009/04/first-sale-president-obama-and-queen-england

SECOND CIRCUIT SAYS GOOGLE’S KEYWORD AD SALES MAY BE USE IN COMMERCE--RESCUECOM V. GOOGLE (Eric Goldman’s blog, 3 April 2009) - The Second Circuit has issued its long-anticipated opinion in Rescuecom v. Google over Google’s sale of trademarked keywords as ad triggers. In a disappointing but not surprising conclusion, the Second Circuit reversed the lower court and says that Rescuecom properly alleged that Google’s keyword ad practices constituted a “use in commerce.” This ruling merely reverses the 12b6 dismissal for Google, but it raises some important questions--including whether this ruling effectively eliminates any future “use in commerce” defense in keyword advertising cases and whether Google and other search engines could reform their practices so that they are no longer deemed uses in commerce. http://blog.ericgoldman.org/archives/2009/04/second_circuit.htm [Editor: interesting parsing of the decision and its implications. Follow-up analysis by Prof. Margreth Barrett here: http://blog.ericgoldman.org/archives/2009/04/margreth_barret.htm]

AP, NEWS INDUSTRY TOUT NEW EFFORT TO FIGHT WEB NEWS PIRACY (SiliconValley.com, 6 April 2009) - The Associated Press and the newspaper industry plan an aggressive effort to track down copyright violators on the Internet and try to divert traffic from Web sites that don’t properly license news content, the AP board announced today. “We can no longer stand by and watch others walk off with our work under misguided legal theories,” said Dean Singleton, the AP’s chairman and the chief executive of newspaper publisher MediaNews Group, parent company of the Mercury News. “We are mad as hell, and we are not going to take it any more.” Specifics behind the initiative are still being worked out. One idea under development would be to create a system that can help track whether news content is being legally distributed online. The AP also said it will work with newspapers and broadcasters to direct readers to “landing pages” that could offer news from the AP and its members, rather than unauthorized sites. The AP has tangled with bloggers over the extent to which “fair use” principles should allow them to post AP text on their sites. The cooperative also has sued online news aggregators over copyright and is embroiled in a closely watched lawsuit with artist Shepard Fairey, who made iconic Barack Obama campaign posters out of an image that originated with an AP photo. http://www.siliconvalley.com/news/ci_12083563?nclick_check=1

YELP WILL LET BUSINESSES RESPOND TO WEB REVIEWS (New York Times, 9 April 2009) - Small businesses will soon feel a little more love in their love-hate relationship with Yelp, the Web site whose users post reviews of restaurants, dry cleaners and other local businesses. Starting next week, Yelp will let small-business owners publicly respond to reviews. This is a big change for the site, which has until now steadfastly refused to give businesses significant access to its pages. As Yelp has become more important in major American cities, its relationship with small businesses has become more contentious. Particularly in San Francisco, where the company started in 2004, Yelp has angered some small businesses because it has not allowed them to respond to reviews, as TripAdvisor and other review sites do. As the site matures, though, it has been taking steps to appease small-business owners. A year ago, Yelp started allowing business owners to update their businesses’ profile pages and privately contact reviewers. Yelp requests that business owners use the public comments to correct inaccuracies, provide their side of a story or explain how they have fixed a problem. They are not supposed to use comments to advertise or make personal attacks. Yelp will not screen comments before they are published, but users will be able to flag inappropriate comments for review by Yelp’s customer service team. http://www.nytimes.com/2009/04/10/technology/internet/10yelp.html?_r=1&ref=business

HACKERS REPORTEDLY HAVE EMBEDDED CODE IN POWER GRID (CNN, 9 April 2009) - Computer hackers have embedded software in the United States’ electricity grid and other infrastructure that could potentially disrupt service or damage equipment, two former federal officials told CNN. The ex-officials say code also has been found in computer systems of oil and gas distributors. The code in the power grid was discovered in 2006 or 2007, according to one of the officials, who called it “the 21st century version of Cold War spying.” Department of Homeland Security Director Janet Napolitano would not confirm such a breach, but said Wednesday that there has been no known damage caused by one. “There have been, to my knowledge, no disruptions of power on any grid caused by a deliberate cyberattack on our infrastructure -- on the grid,” Napolitano said. “Nonetheless, we remain in constant protection, prevention, education, resiliency mode and we work with the utility sector particularly on that.” The U.S. power grid isn’t the only system at risk. The former officials said malicious code has been found in the computer systems of oil and gas distributors, telecommunications companies and financial services industries. Napolitano said the vulnerability of the nation’s power grid to cyberattacks “has been something that the Department of Homeland Security and the energy sector have known about for years,” and that the department has programs in place to fight such attacks. Security experts say such computer hacking could be the work of a foreign government -- possibly Russia or China -- seeking to compromise U.S. security in the event of a future military conflict. http://edition.cnn.com/2009/TECH/04/08/grid.threat/index.html

HOUSE OF LORDS RULES THAT UK SURVEILLANCE LAW TRUMPS ATTORNEY-CLIENT PRIVILEGE (Steptoe & Johnson’s E-Commerce Law Week, 10 April 2009) - The UK House of Lords ruled that Part II of the Regulation of Investigatory Powers Act 2000 (RIPA) permits UK authorities to covertly monitor communications protected by the attorney-client privilege. RIPA Part II authorizes the interception of communications and covert surveillance. The question of the applicability of RIPA to attorney-client communications arose after the media reported that a criminal case against solicitor Manmohan Sandhu was based on evidence that the police obtained by covertly monitoring his conversations with clients at a police station. In light of this news, four individuals who were refused assurances that their police station conversations with counsel would not be monitored (and one individual who was refused a similar assurance with regard to his consultations with a psychiatrist) sought declarations that such covert surveillance of consultations would be unlawful. A divided Divisional Court found that Parliament had intended RIPA to authorize surveillance of such consultations between legal advisers and their clients. But it also ruled that, because any surveillance of the petitioners was not subject to “an enhanced authorising regime” (such as that which RIPA prescribes for “intrusive surveillance” in private places), this surveillance would have violated Article 8(2) of the European Convention on Human Rights, which requires that any intrusion into private life or correspondence be “in accordance with the law” and carried out for one of several specified purposes. Despite this favorable ruling, the petitioners asked the House of Lords to review both RIPA’s general impact on the attorney-client privilege, and its particular effect on detainees’ right to private consultation with a lawyer at a police station. http://www.steptoe.com/publications-6049.html

**** BOOK REVIEW ****
RESPONDING TO NATIONAL SECURITY LETTERS: A PRACTICAL GUIDE FOR LEGAL COUNSEL (ABA Press, March 2009) – Forward by Deal Elizabeth Parker: [This] is the product of Professors David Fidler and Sarah Jane Hughes of the Indiana University Maurer School of Law—Bloomington, with the assistance of Jonathan Wilson, vice president and general counsel of EasyLink Services International Corporation. Easy to read and understand for legal professionals and company officials alike, the Guide is a primer for those who need to understand the legal and practical features of an unusual, but increasingly prevalent, form of administrative subpoena—the national security letter. Now authorized by several federal statutes, national security letters obligate private parties, typically service providers such as telecommunication companies, banks, and others in possession of third-party information, to provide the government with access to the information under their control, but without disclosing this fact to the owners of the information or the public. Recent statutory amendments permit recipients of national security letters to disclose receipt to legal counsel and to challenge such letters in court. Thus, the Guide is all the more timely because it discusses the numerous legal questions yet to be answered about how private and public responsibilities in the area of national security will be harmonized under our constitutional system. http://www.abanet.org/abastore/index.cfm?section=main&fm=Product.AddToCart&pid=5070610 [Editor: an absolutely indispensible resource if you’ve ever received such a letter, or have clients who might – in the telecommunications, banking, transportation, or similar businesses.]

- and -

**** NOTED PODCASTS ****
THEY KNOW WHERE YOU ARE: LOCATION PRIVACY IN A MOBILE WORLD (Berkman presentation by Al Gidari, 10 March 2009) - Your mobile phone is a tracking device, and they know where you are, where you’ve been, and easily can figure out where you are going. They are the government, and they don’t believe probable cause need be shown to track you. But “they” increasing include civil litigants and private application providers, and there are few standards for tracking on the civil side. This is Mobility Law 101. http://cyber.law.harvard.edu/interactive/events/luncheons/2009/03/gidari [Editor: cogent discussion and analysis, with good Q&A. Only the paranoid would wonder if some of this explains why your cellphone carrier keeps dropping your calls. The discussion on prospective location determination invokes William Gibson’s “Spook Country“. ONE STAR.]

**** APRIL FOOLS ****
Priceless compendium from the Electronic Frontier Foundation at http://w2.eff.org/effector/22/09.php. I particularly liked the “FBI Liar Liar” story, the Google move into kitchen appliances, the changes to EFF’s privacy policy, and their EULA.

**** LOOKING BACK - MIRLN TEN YEARS AGO ****
UTAH DAILY STOPS THE PRESSES AND GOES ELECTRONIC -- With the added declaration that “Clearly, the future of newspapers is on the Web,” the publisher of The Orem Daily Journal announced the Utah daily’s final print edition July 30, adding that the publication begins exclusive online production Aug. 5. While numerous U.S. weeklies have moved to exclusive Web production, The Journal may be the first daily to make the leap. The decision may have been prompted in part by a trend recently published by a Progressive Policy Institute survey that ranked Utah -- at 46% -- fourth nationally in the percentage of residents with Internet access. Journal Publications intends to cross-promote The Journal and its two remaining paper publications. Some employees, notably those involved in distribution, are expected to be laid off as a result of the move. (The Salt Lake Tribune 30 Jul 99) http://www.sltrib.com/

************** NOTES **********************
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln.

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. BNA’s Internet Law News, http://ecommercecenter.bna.com.
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
7. McGuire Wood’s Technology & Business Articles of Note, http://tinyurl.com/ywsusp
8. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/.
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.