Saturday, May 23, 2009

MIRLN --- 3-23 May 2009 (v12.07)

• Wiki Operator Sues Apple Over Bogus Legal Threats
• Ottawa Courtroom Joins Twitter Age for Mayor’s Trial
• Mini-Links to Web Sites are Multiplying
• Owned? Legal Terms of Video Hosting Services Compared
• HHS Guidance Could Set Encryption Standard
• $12.6 Million Spent so far to Respond to Heartland Breach
• Hackers Want Millions for Data on Prescriptions
o UC Berkeley Computers Hacked, 160,000 at Risk
• EC Wants Software Makers Held Liable for Code
• A Twitter Code of Conduct
• Linden Labs Gets Zapped in Lawsuit by Taser for Hosting the Sale of “Virtual Goods” that Look Like the Real Thing
• Flickr Creates New License for White House Photos
• Dell Bans E-Waste Export to Developing Countries
• Google Unveils New Search Products
• Up to 24 Percent of Software Purchases Now Open Source
• Google Re-Shoots Japan Scenes after Privacy Complaints
• Financial Industry Regulator Fines Firm for Data Security Failings
• FTC Drops Antitrust Claim Against Rambus
• New iPhone App Helps You Keep Tabs on Politicians’ Voting Records
o A Million Downloads: Free Stanford Course on Creating iPhone Apps Takes off at a Furious Pace
• GM Stakes Virtual Property on Case of Bankruptcy
• Fourth Circuit Limits SCA Statutory Damages
• Crackho.Com DNS Prank Ruffles Sarah Palin’s Feathers
o Six Simple Steps You Can Take to Protect Your Gripe or Parody Site
• Google Liberalizes US Trademark Policy: “What, Me Worry?” Part 2
• Olympic Blogs Get Go-Ahead for Vancouver
• Safety Act Offers both Liability Protection and Liability Avoidance for Companies, Directors and Officers, and Preservation of Stockholders’ Value
• Track Business Executives’ Tweets with Exectweets
• Who Owns Your Name on Twitter?
o Newt Gingrich’s Lawyer Displays Ignorance of Both Twitter and the Law in Sending C&D
• UMICH First to Sign Up Under Google Books Settlement Terms
• IT Managers Under Pressure to Weaken Web Security Policy
• FTC Reaches Data Security Settlement with Mortgage Company
• Bloggers, Beware: What You Write Can Get You Sued


**** NEWS ****

WIKI OPERATOR SUES APPLE OVER BOGUS LEGAL THREATS (EFF, 27 April 2009) - The Electronic Frontier Foundation (EFF) filed suit against Apple Inc. today to defend the First Amendment rights of an operator of a noncommercial, public Internet “wiki” site known as BluWiki. Late last year, after BluWiki users began a discussion about making some Apple iPods and iPhones interoperate with software other than Apple’s own iTunes, Apple lawyers demanded removal of the content. In a letter to OdioWorks, the attorneys alleged that the discussions constituted copyright infringement and a violation of the Digital Millennium Copyright Act’s (DMCA’s) prohibition on circumventing copy protection measures. Fearing legal action by Apple, OdioWorks took down the discussions from the BluWiki site. Filed in federal court in San Francisco, the suit seeks a declaratory judgment that the discussions do not violate any of the DMCA’s anti-circumvention provisions, and do not infringe any copyrights owned by Apple. The discussions on the BluWiki site focused on how hobbyists might enable iPods and iPhones to work with desktop media management software other than Apple’s own iTunes software. The discussions were apparently spurred by Apple’s efforts prevent the iPod Touch and iPhone from working with competing media management software such as WinAmp and Songbird. “Apple’s legal threats against BluWiki are about censorship, not about protecting their legitimate copyright interests,” said Senior Staff Attorney Fred von Lohmann. “Wikis and other community sites are home to many vibrant discussions among hobbyists and tinkerers. It’s legal to engage in reverse engineering in order to create a competing product, it’s legal to talk about reverse engineering, and it’s legal for a public wiki to host those discussions.” EFF’s complaint here:

OTTAWA COURTROOM JOINS TWITTER AGE FOR MAYOR’S TRIAL (Ottawa Citizen, 4 May 2009) - Television cameras are barred from the criminal trial of Ottawa Mayor Larry O’Brien, but observers are free to use BlackBerrys, laptops and other forms of electronic text messaging to report live on the proceedings. In a small breakthrough for new media technologies, Judge J. Douglas Cunningham rejected concerns about “putting the genie back in the bottle” and said he would allow journalists to send messages from his courtroom directly to the Internet. Cunningham, who is associate chief justice of the Ontario Superior Court, cautioned that the ruling applies only to this particular trial. The new technologies could raise other concerns in a jury trial, he said. The ruling will allow Canwest News Service and other news organizations to provide moment-by-moment coverage of the trial via the popular Internet messaging service Twitter. It applies to anyone who attends, not just journalists.

MINI-LINKS TO WEB SITES ARE MULTIPLYING (New York Times, 4 May 2009) - If you have spent any time on the Internet in the last few months, chances are you have clicked on a shortened link Web address. URL shorteners, which abbreviate unwieldy Web addresses into bite-size links, have been around for years. The most popular service,, was started in 2002 by a unicyclist named Kevin Gilbertson. But the tools have soared in popularity recently, in part because of microblogging sites like Twitter and Facebook, where messages are limited in length and every character counts. URL shorteners are easy to build, and dozens of competitors have proliferated, with minimalist, character-conserving names like, and Most of them are simple tools created as a labor of love with no real business model behind them. Shorteners, however, could have real value beyond making Web addresses more manageable, said Danny Sullivan, editor of the blog Search Engine Land. They have the ability to keep track of use — how many times a particular link was clicked and the geographic location of the clickers — which could be valuable to marketers, news outlets and companies looking to measure the impact of a link, tweet or mention online. “The tracking element is very important,” said Mr. Sullivan. Some tools even highlight comments posted to Facebook or FriendFeed about a particular link — features that standard tools like Google Analytics may not be able to provide. One popular link shortening service,, is trying to build a business around that kind of data. Betaworks Studios is a New York technology incubator that has invested in Tumblr, a microblogging tool; OMGPOP, a social gaming site; and, a hyperlocal news aggregator. It developed as an internal tool for its portfolio of companies to use. Because tracks its clipped URLs in real time, no matter where they are posted — instant messages, Twitter, Facebook, blogs or e-mail — the service could become “a real source for extracting information about how people are using the Web,” Mr. Sacca said. In addition to tracking links, uses a service called Calais, developed by Thomson Reuters, that can extract semantic terms from the Web pages that users are redirected to. This allows track the most popular topics being shared across the Web, as well as zero in on a specific category like finance or health care and retrieve the most popular Web sites shared on that subject in the last 24 hours. The company hopes that being able to track the “social distribution of information in real-time,” as Mr. Borthwick describes it, could potentially be relevant to the future of Web search. Although is not yet sure how to make money from all this data, “there’s a business model here,” Mr. Borthwick said. “We can smell it.” For all the convenience of short URLs, some Internet security experts worry that they could be used to camouflage spam and phishing attacks and redirect people to malicious Web sites. “People have no way to know where they’re going,” said Patrik Runald, chief security advisor at F-Secure Security Labs, a maker of security software. “These services are great and they serve a purpose, but at the same time, there is a darker side.” And if a shortening site shuts down, any links funneled through it would be lost forever, Mr. Runald said.

OWNED? LEGAL TERMS OF VIDEO HOSTING SERVICES COMPARED (Markus Weiland, 6 May 2009) - For the Air Canada article I was researching a video hosting service that would match my requirements of:
• Which rights of my work I would have to give away,
• What usage rights I could assign to my viewers,
• What level of privacy I could expect in terms of disclosure of my data, and
• Where a service had its legal residence in case of a dispute.
I’ve decided to collect and extend my findings in this post in the hope that it can help others in choosing their preferred video hosting service. A summary is provided at the end of this post, based on my understanding of the legal terms as a non-lawyer. All excerpts were made on April 25, 2009 unless otherwise stated. Emphasis and comments mine. [Referenced in Larry Lessig’s blog on 13 May 2009]

HHS GUIDANCE COULD SET ENCRYPTION STANDARD (Steptoe & Johnson’s E-Commerce Law Week, 7 May 2009) - New Department of Health and Human Services guidance on “render[ing] protected health information unusable, unreadable, or indecipherable to unauthorized individuals” could help establish a national standard for the use of encryption to protect sensitive information. As we previously reported, the guidance applies to two sets of notification requirements for breaches of electronic health records that were created by the American Recovery and Reinvestment Act of 2009. One set is administered by HHS (for entities covered by the Health Insurance Portability and Accountability Act, or HIPAA, and their business associates), while the other is administered by the Federal Trade Commission (for non-HIPAA entities). But both sets state that covered entities will not be required to notify individuals if the breached information was secured using “technologies and methodologies” specified in the HHS guidance. This guidance sets forth two approved methods of security -- encryption and destruction. This is in line with breach notification laws already in force in many states, which often provide safe harbor if the information that has been accessed has been encrypted or otherwise rendered unreadable. However, the HHS guidance goes further by limiting the encryption methods that may be used to claim safe harbor to specified “encryption processes” that have been tested and approved by the National Institute of Standards and Technology.

$12.6 MILLION SPENT SO FAR TO RESPOND TO HEARTLAND BREACH (SC Magazine, 8 May 2009) - The chief executive of Heartland Payment Systems said Thursday that the payment processor so far has spent $12.6 million in responding to the massive data breach that was announced in January. But additional fines, legal fees and the cost of repairing a reputation potentially tarnished by the break-in will cost Heartland millions more, experts told on Friday. More than half of the $12.6 million cost is related to a MasterCard fine levied against Heartland’s sponsor banks, Chairman and CEO Robert Carr said Thursday during a conference call announcing the company’s first-quarter earnings. The fine, which is passed by the sponsor banks to Heartland, was issued because MasterCard alleged that Heartland failed to take proper actions after it learned of a possible breach and after it disclosed the incident to the public, Carr said, according to a transcript of the call. Heartland already is defending itself against at least two lawsuits, including a suit filed in New Jersey that accuses Heartland of failing to protect consumer data. The processor also will face continued costs of retaining or gaining new merchant clientele, Spinney said. “If they want to regain the trust of their customers, that’s going to cost some money, not only in PR and marketing, but also in increasing their investment in security technologies, procedures and training,” Spinney said. To the technology point, Heartland is “on schedule” to deploy its end-to-end encryption solution, Carr said.

HACKERS WANT MILLIONS FOR DATA ON PRESCRIPTIONS (Washington Post, 8 May 2009) - The FBI and Virginia State Police are searching for hackers who demanded that the state pay them a $10 million ransom by Thursday for the return of millions of personal pharmaceutical records they say they stole from the state’s prescription drug database. “This was an intentional criminal act against the commonwealth by somebody who was trying to harm others,” Gov. Timothy M. Kaine (D) said. “There are breaches that happen by accident or glitches that you try to work out. It’s difficult to foil every criminal that may want to do something against you.” State officials say it is unclear whether the hackers were able to view the patient records, as they have claimed. If the theft is real, it would be the most serious cybercrime the state has faced in recent history. State officials learned April 30 that hackers had replaced the site’s home page with a ransom note demanding the payment in exchange for a password needed to retrieve the records, according to a posting on, an online clearinghouse for leaked documents. “For $10 million, I will gladly send along the password,” the ransom note read. “You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I’ll go ahead and put this baby out on the market and accept the highest bid.” The program’s computer system has been shut down since last week’s breach, but all data were backed up and those files have been secured, Whitley Ryals said. Virginians are still able to get prescriptions filled. The data were backed up:

- and -

UC BERKELEY COMPUTERS HACKED, 160,000 AT RISK (CNET, 8 May 2009) - Hackers broke into the University of California at Berkeley’s health services center computer and potentially stole the personal information of more than 160,000 students, alumni, and others, the university announced Friday. At particular risk of identity theft are some 97,000 individuals whose Social Security numbers were accessed in the breach, but it’s still unclear whether hackers were able to match up those SSNs with individual names, Shelton Waggener, UCB’s chief technology officer, said in a press conference Friday afternoon. The attackers accessed a public Web site and then bypassed additional secured databases stored on the same server. In addition to SSNs, the databases contained health insurance information and non-treatment medical information, such as immunization records and names of doctors patients had seen. No medical records (i.e. patient diagnoses, treatments, and therapies) were taken, as they are stored in a separate system, emphasized Steve Lustig, associate vice chancellor for health and human services. “Their ID has not been stolen,” he added. “Some data has been stolen.” The server breach began on October 9, 2008, and continued through April 9, when a campus computer administrator doing routine maintenance discovered messages left by the attackers.

EC WANTS SOFTWARE MAKERS HELD LIABLE FOR CODE (ZDnet, 8 May2009) - Software companies could be held responsible for the security and efficacy of their products, if a new European Commission consumer protection proposal becomes law. Commissioners Viviane Reding and Meglena Kuneva have proposed that EU consumer protections for physical products be extended to software. The suggested change in the law is part of an EU action agenda put forward by the commissioners after identifying gaps in EU consumer protection rules. A priority area for possible EU action is “extending the principles of consumer protection rules to cover licensing agreements of products like software downloaded for virus protection, games or other licensed content”, according to the commissioners’ agenda. “Licensing should guarantee consumers the same basic rights as when they purchase a good: the right to get a product that works with fair commercial conditions.” EU consumer commissioner Kuneva said that more accountability for software makers, and for companies providing digital services, would lead to greater consumer choice.,1000000121,39649689,00.htm

A TWITTER CODE OF CONDUCT (Business Week, 8 May 2009) - During a recent tour of interactive ad agency Tocquigny’s Austin (Tex.) headquarters, Chief Executive Yvonne Tocquigny was confronted by her guest, an executive from a large energy company who was a potential client. The visitor had recently learned that Tocquigny was wooing one of his company’s competitors—by seeing a message that one of Tocquigny’s employees had posted to Twitter “It took me by surprise,” says Tocquigny. “I realized that we needed to be more cautious about what we throw out there in to the universe.” Twitter can be a great business tool. But as use of the Web site for 140-character messages spreads to workplaces around the world, companies are also discovering the risks. Now, instead of just worrying about a dubious blog post or an embarrassing photo of the boss being posted to Facebook, employers have to contend with staffers shooting off frequent blasts of personal insight into a public and traceable sphere. “The concept of [workers] posting inappropriate material that could be harmful has been around for a while, but Twitter accelerates the problem because of its immediacy and volume,” says Mark Rasch, a former head of the U.S. Justice Dept.’s computer crime unit who now consults with companies on creating policies to address employees’ use of technology. To prevent sensitive information leaks, blemishes on a reputation, and other potential liabilities of a Twittering workforce, companies are drafting new employee codes of conduct and educating workers about what they should and shouldn’t say on the site. The basic rule: Don’t be stupid.

LINDEN LABS GETS ZAPPED IN LAWSUIT BY TASER FOR HOSTING THE SALE OF “VIRTUAL GOODS” THAT LOOK LIKE THE REAL THING (Cobalt Law, 11 May 2009) - Linden Labs, the host of the immensely popular site Second Life, an online virtual world, has been sued in an Arizona district court for trademark infringement and unfair competition. The complaint, filed by Taser International, makers of non-lethal (and sometimes lethal) weapons, claims Linden Labs allows third parties to sell TASER guns inside the virtual world. Just so we’re clear, no one on Second Life is actively selling real TASER guns; rather Taser is suing Linden (who doesn’t sell anything), for letting people sell virtual (digitally created) guns that look like TASER weapons, and that use the TASER brand. The suit also alleges unfair competition, trade dress infringement, and false designation of origin, among other claims. It’s not the first time a company has sued Linden; neither is it the first time a company has sued a hosting site for trademark infringement by third parties (think: Google). It may, however, be the first time a company has sued another company for hosting a site where third parties selling products that aren’t even real. Is it time for a Digital Millennium Trademark Act? Practice Note: Notwithstanding the fact that there is no DMTMA, companies may want to consider adopting a policy that allows them to stay an arms length away from disputes between users when it comes to trademarks. It’s not a fail-safe method of safe harbor protection, but it may make would-be plaintiffs feel they have an option short of filing a lawsuit, for getting hard-to-find users to stop using their marks.”virtual-goods”-that-look-like-the-real-thing

FLICKR CREATES NEW LICENSE FOR WHITE HOUSE PHOTOS (Wired, 11 May 2009) - Official White House photos are now officially in the public domain, thanks to a licensing change made quietly over the weekend by the Obama administration and the photo-sharing site Flickr. The White House began posting striking photos of President Barack Obama from its official photographer Pete Souza to the Web 2.0 site in early May. The White House chose to license them using the ultra-liberal Creative Commons Attribution license that lets people reuse, reprint and remix the photos just as long as they credit the original photographers. But as Creative Commons, the Electronic Frontier Foundation and other online commenters noted, that license won’t work — even for Obama’s official photographer — because government works can’t be copyright. Someone must have been listening, because sometime over the weekend, the licenses changed, and now the photos are labeled “United States Government Work” and link to an explanation on The White House, however, continues to use the Creative Commons Attribution 3.0 license for all third-party content published on the site. The change marks a first for Flickr, which to date has not had a license for government works, other than a “No Known Copyright Restriction” license that is used on photos from its Commons project, which includes photos from some of the world’s greatest museums and libraries. Those photos include ones from the Library of Congress, for instance, that never were copyright since they were made or paid for by the federal government. and

DELL BANS E-WASTE EXPORT TO DEVELOPING COUNTRIES (, 12 May 2009) - PC maker Dell on Tuesday formally banned the export of broken computers, monitors and parts to developing countries amid complaints that lax enforcement of environmental and worker-safety regulations have allowed an informal and often hazardous electronic-waste recycling industry to emerge. Although Dell’s announcement does not mark a significant change in the PC maker’s behavior, environmental groups hope that by making its standards public, Dell will raise the bar for other electronics makers. In the absence of U.S. regulations, those groups are banking on competitive pressure to make companies improve their e-waste practices. Environmental groups like Greenpeace and the Basel Action Network have tracked shipments of e-waste intended for recycling to countries such as China, Ghana and Nigeria and found computers, TVs and other electronics being dismantled by smashing or burning, exposing people to mercury, lead and other toxic chemicals. No one knows exactly how much of the electronics turned over to recyclers ends up in such conditions, but Greenpeace and others say it could be 50 percent to 80 percent of the items collected in the U.S. for recycling. That’s despite broad acceptance of the Basel Convention, an international treaty that controls the movement of hazardous waste across borders. The U.S. has yet to ratify the Basel Convention.

GOOGLE UNVEILS NEW SEARCH PRODUCTS (PC Magazine, 12 May 2009) - Days before the planned launch of the Wolfram Alpha search engine, Google on Tuesday announced a series of new search products intended to provide more relevant results. The new offerings include Google Search Options, Google Squared, Rich Snippets, and an astrology-related Android app. Google Search Options is a “rich set of tools that let you slice and dice your results,” Marissa Mayer, vice president of search products and user experience, said during a presentation at Google’s Mountain View headquarters. Specifically, once you conduct a normal Web search, you can drill down with different genres, including elements of time, visualization tools, recently added, blogs, or images, combining a variety of Google search products into one. The idea is to combine relevancy and “recentcy”, she said. Doing a normal search for “shuttle launch” could turn up results from any number of shuttle launches in countries around the world. Using Search Options, you can choose to search Web sites or blogs that were updated in the past 24 hours or week, increasing the chance that it will include results pertinent to this week’s launch. Choosing “images from the page”, meanwhile, will display pictures pulled from the site alongside search results. During the demo, Mayer and her team also searched for “solar oven” to demonstrate another feature of Search Options, dubbed sentiment analysis. If you are searching for reviews of solar ovens, for example, the program will try to determine if a particular review is positive, negative, or neutral and display that in the search results. Search Options also includes a timeline that displays the popularity of the topic searched over time. Search Options also includes a feature known as the Wonder Wheel. The term “solar oven” would be displayed in the middle of this wheel, with related searches branching out from it in a circle. In the same way that you might weave your way from a Wikipedia page on Google to a page about tropical fish thanks to the hundreds of links within Wikipedia posts, you can click on the various Wonder Wheel “arms” and crawl into a nice little search wormhole. Next up was Google Squared, a Labs project set to debut later this month. It is similar to Search Options in that you can drill down your search results, but Squared lets you add or delete results to produce the most useful “square” of information that you can save to your Google account and refer back to later. [To invoke, click “Show Options” at top-left of a search results page]

UP TO 24 PERCENT OF SOFTWARE PURCHASES NOW OPEN SOURCE (CNET, 12 May 2009) - Open source has become big business, suggests an article in the Investors Business Daily, but it has done so by becoming more like the proprietary-software world it purports to leave behind. The article cites recent research from IDC indicating that CIOs allocated up to 24 percent of their budgets to open-source software in 2008, up from 10 percent in 2007--a finding that jibes with recent data from Forrester. This open-source growth is propelling Red Hat to grow “at two to three times the rate of the broader software industry over a multiyear horizon,” according to research from Piper Jaffray.

GOOGLE RE-SHOOTS JAPAN SCENES AFTER PRIVACY COMPLAINTS (Globe & Mail, 13 May 2009) - Internet search engine Google said it would re-shoot all Japanese pictures for its online photo map service, Street View, using lower camera angles after complaints about invasion of privacy. Google’s Street View, which offers 360-degree views of streets around the world using photos taken by cruising Google vehicles, has already run into privacy complaints in other countries and activists have tried to halt the service in Japan. Google said in a statement today it would lower the cameras on its cars by 40 cm after complaints they were capturing images over fences in private homes. But it said it would continue filming in Japan, where it has so far covered 12 cities. Google said it has also blurred car number plates in the pictures, as it has done in Europe, but the new steps did not convince Japanese campaigners. Britain’s privacy watchdog has rejected calls to shut Street View down there, where concerns have ranged from images such as someone throwing up outside a pub to media reports that a woman filed for divorce after her husband’s car was pictured outside another woman’s house.

FINANCIAL INDUSTRY REGULATOR FINES FIRM FOR DATA SECURITY FAILINGS (Steptoe & Johnson’s E-Commerce Law Week, 14 May 2009) - As if financial institutions don’t have enough to worry about these days, now they’ve got another regulator interested in enforcing its own notions of adequate data security practices. The Financial Industry Regulatory Authority (FINRA) recently announced that it has fined Centaurus Financial, Inc., $175,000 for failing to protect confidential customer information. FINRA is a non-governmental entity thata regulates securities firms doing business in the United States . It was established pursuant to the Securities Exchange Act of 1934, which gives FINRA the authority as a “self-regulatory organization” to sanction firms and individuals that violate its rules. FINRA found that Centaurus’ “improperly configured … firewall” and “ineffective username and password” systems allowed unauthorized persons to gain access to a server that “stored images of faxes that included confidential customer information, such as social security numbers, account numbers, dates of birth and other sensitive, personal and confidential data.” The hackers then commandeered the Centaurus server and used it to host a phishing scam. FINRA also found that Centaurus’ investigation into the breach was “inadequate,” and concluded that the breach notification letter that Centaurus sent to affected customers was “misleading.” FINRA announcement:

FTC DROPS ANTITRUST CLAIM AGAINST RAMBUS (, 14 Amy 2009) - The Federal Trade Commission has dropped its antitrust action against Rambus following the U.S. Supreme Court’s decision earlier this year not to review the agency’s 2006 claim that the Los Altos company had acted deceptively to obtain patents for its memory-chip technology. The FTC had contended that Rambus, whose technology improves the performance of computer memory chips, had acted to monopolize the market by failing to disclose that it was patenting technology adopted as an industry standard by the Joint Electron Device Engineering Council. That is a big victory for Rambus because the claim that it had acted anti-competitively is one of the major defenses that chip makers Hynix Semiconductor, Micron Technology, Nanya Technology and Samsung have used in battling Rambus’ ongoing patent claims against them.

NEW IPHONE APP HELPS YOU KEEP TABS ON POLITICIANS’ VOTING RECORDS (NY Daily News, 14 May 2009) - A brand new application - called Visible Vote, made for iPhone, Blackberry and Facebook - allows users to track their representatives’ voting records, find out where they stand on the issues - and even send an e-mail to let them know exactly how they’re doing. Here’s how the app works: After downloading Visible Vote, the app will ask you to enter your e-mail address, state and zip code (no GPS support in version 1.0, apparently). It will then retrieve your local Senators and Representatives and a list of issues they’ve voted on recently. For each issue - everything from taxing AIG bonuses to alternative energy incentives - the app provides more detail and then asks for YOUR vote - Yes, No, or Don’t Care. It then takes your stance and compares it to the members of Congress - showing you how much their votes match with your interests. Don’t like the results? Wanna praise your favorite politician for sticking to his or her guns? The app lets you write them directly, with a simple interface that allows you to e-mail any combination of your Senators or Representatives - from one at a time to all at once. The app also promises to provide elected officials with weekly reports on how users are voting - and to send users an overview of the candidates when the next election rolls around.

- and -

A MILLION DOWNLOADS: FREE STANFORD COURSE ON CREATING IPHONE APPS TAKES OFF AT A FURIOUS PACE (Stanford, 20 May 2009) - Free videos of Stanford’s wildly popular course on creating applications for the iPhone and iPod touch have now been downloaded a remarkable million times from Stanford’s site on iTunes U in the iTunes Store. And all of the million downloads have come in just seven weeks, since the course began on April 1. The way the downloads have taken off like a rocket makes the iPhone Application Programming videos the fastest to reach the 1 million milestone in the history of iTunes U, which hosts offerings from hundreds of colleges and universities around the world.

GM STAKES VIRTUAL PROPERTY IN CASE OF BANKRUPTCY (Reuters, 15 May 2009) - General Motors has quietly roped off a bit of virtual real estate with an address similar to one used by Chrysler, that could serve as an information clearinghouse if GM seeks bankruptcy protection. GM registered and in early April. Chrysler LLC filed for bankruptcy last month and Epiq Systems Inc, a claims agent that processes court documents for the company’s bankruptcy case, registered and set up for free access to certain court documents and details in that case. Other large cases with public dockets include, also registered by Epiq, and, registered by Kurtzman Carson Consultants, according to domain registry information from Network Solutions. GM has not put any information on the sites. Others have scooped up sites related to automakers. has been registered since 2005 by Jon Jerman of Hackensack, New Jersey, and was registered to an Italian address last week.

FOURTH CIRCUIT LIMITS SCA STATUTORY DAMAGES (Wiley Rein, 15 May 2009) - The Stored Communications Act (SCA) authorizes criminal and private civil actions against a person who “intentionally accesses without authorization a facility through which an electronic communications service is provided” and obtains “access to a wire or electronic communication while it is in electronic storage.” 18 U.S.C. § 2701(a). This offense encompasses intentionally accessing other people’s stored email without permission. On March 18, the Fourth Circuit announced a potentially important decision construing the SCA’s civil remedies. Van Alstyne v. Electronic Scriptorium, Ltd., 2009 WL 692512; 2009 U.S. App. Lexis 5548, although it oddly designated the case as non-precedential. Rejecting broader interpretations previously applied by several U.S. District Courts, the Fourth Circuit panel held that statutory damages may be awarded only where a plaintiff has suffered “actual damages.” Thus, statutory damages may not be awarded when the plaintiff does not allege or does not prove that he or she suffered actual damages from the violation. This ruling could limit the amount of civil litigation under the SCA, but additional judicial analysis of the SCA’s punitive damages remedy, in light of the Fourth Circuit’s construction of it, will be needed before the picture becomes clear.

CRACKHO.COM DNS PRANK RUFFLES SARAH PALIN’S FEATHERS (Ars Technica, 15 May 2009) - A simple DNS prank against former GOP VP nominee and current Alaska Governor Sarah Palin has finally come to the attention of Alaskan authorities, resulting in a cease-and-desist order as well as somewhat misdirected copyright claims. The owner of the site in question has caved to legal pressure, although one has to admit that the whole series of events was worth a chuckle. Houston-based DJ Shu Latif registered ages ago (according to a Whois search, 1998), but decided to give the site a fresh face in 2008 after Governor Palin was chosen as the Republican Vice President nominee. She changed the DNS settings so that all traffic to would go directly to Sarah Palin’s official website. The change apparently flew under the radar until earlier this month, when Alaska’s Attorney General Michael Barnhill sent a letter to Latif demanding that she knock it off. Clearly, Barnhill and gang have no real understanding of DNS and URL redirects in general, because the letter asserts that made illegal use of the official seal of the State of Alaska without permission, and that Latif was in violation of the federal Copyright Act. Nevermind that the seal was on Palin’s own site. Latif must have been feeling especially kind, because she has since changed so that it does not redirect to the governor’s website. Instead, she merely uses an illustration of Palin and a link to the site instead. However, we can’t help but wonder what would happen if she chose to push back—she wasn’t misusing any copyrighted images or even hosting anything herself, though it’s possible that Palin’s lawyers might argue that she somehow “misrepresented” the site and its trademarks by directing traffic through The AG’s demand letter is here:

- and -

SIX SIMPLE STEPS YOU CAN TAKE TO PROTECT YOUR GRIPE OR PARODY SITE (EFF, 15 May 2009) - Here’s a story we hear a lot at EFF: You think BadCo, Inc. is a bad actor and you’ve developed a really cool site to tell the world why. Maybe just by griping about them or maybe through a bit of parody. Fast forward two weeks: you’re basking in the pleasure of calling BadCo out when bam! You find out your site’s been shut down. You call your internet service provider to find out what’s going on. After way too much time climbing phone trees and sitting on hold you get an answer—Badco has claimed that your site violates its intellectual property rights. All too often, the targets of critics and parodists try to strike back with accusations of copyright or trademark infringement. While such accusations may be something of a badge of honor--after all, at the very least, it means you’ve got your target’s attention--they can also be frustrating and intimidating. And, if you rely on a service provider with little interest in protecting free speech, allegations of infringement can result in your site being shut down with little or no warning. Fortunately, there are several steps you can take to either preempt or significantly dilute gripes about your gripe (or parody) site. We lay out those steps in a new white-paper, Avoiding Gripes About Your Gripe (or Parody) Site. To be clear, you don’t have to follow any of these suggestions to have a perfectly legal site, and following them won’t guarantee you won’t get complaints. But taking these steps should help minimize your legal risk, so you can focus on the primary task of raising public awareness about the issues that are important to you. And if you get hit with improper legal threats anyway? Well, you know where to find us. Guide here:

GOOGLE LIBERALIZES US TRADEMARK POLICY: “WHAT, ME WORRY?” PART 2 (Eric Goldman, 15 May 2009) - In my Deregulating Relevancy article from a few years ago, I explained how trademark law was having pernicious consequences for online conversations. Among other unwanted effects, trademark law hinders online discussions about trademarks even when both conversationalists found the discussion relevant. I don’t think things have gotten better since I wrote the article in 2005. Perhaps we have a better understanding of trademark law’s capacity for harm, but we continue to see misguided lawsuits from trademark owners and mixed results from judges. While the courts do not automatically support online trademark-mediated discourse, the bigger practical threat to online trademark law comes from extrajudicial privately enforced trademark policies, such as the search engines’ “voluntarily” adopted trademark policies. These policies minimize search engines’ exposure to trademark liability for their ad sales, but they effectively resolve a huge percentage of trademark owners’ “problems,” almost always in the trademark owner’s favor, without any judicial oversight at all. Thus, I was delighted to see Google’s announcement that it was liberalizing its trademark policy to allow a group of “special” advertisers to reference third party trademarks in the advertisers’ ad copy, even if the trademark owner objects. See Google’s official announcement. The “special advertisers” includes resellers, review sites, and sellers of compatible/complementary/replacement products. In practice, this means that these advertisers and consumers can now use the same trademark to speak with each other. In contrast, today, the advertiser can purchase the trademark as the triggering keyword but can’t use the trademark to explain why the consumer was seeing the ad. Personally, I had always thought the “blind” nature of the ad copy had the potential to confuse consumers, and Google has taken a big step forward in solving that apparent problem. Having said that, I wish Google had gone further. There are two obvious groups of advertisers who should be able to reference the trademark in the ad copy but still will not be able to do so: (1) competitors making comparative claims, and (2) gripers who wish to complain about a trademark owner’s practices. These two advertiser groups can still buy third party trademarks, but they will still be forced to speak in code in the ad copy to explain why they did so. Nevertheless, we shouldn’t let these omissions detract from what is otherwise very good news from Google.

OLYMPIC BLOGS GET GO-AHEAD FOR VANCOUVER (Sports Journalists Assn, 19 May 2009) - The International Olympic Committee has issued a four-page guide to competitors which acknowledges the realities of 21st century communications by allowing “athletes’ blogs” at the 2010 Vancouver Winter Games, in a move which could make athlete-authored columns much easier to arrange for newspaper websites than at previous Olympics. The new guidelines will be scrutinised closely during the Winter Olympics, and are sure to form the basis for the rules to be applied at the 2012 London Games. “The IOC considers blogging, in accordance with these guidelines, as a legitimate form of personal expression and not as a form of journalism,” the new guidelines say. According to a report on the subscription website, those who break the rules could lose their Olympic accreditation cards and may face legal action for damages. The restrictions were approved by the IOC’s Executive Board earlier this year. They will come into effect with the opening of the Vancouver Olympic Village next February. The guidelines are the latest development in IOC rules which have had to evolve rapidly, reflecting the growing appetite for first-hand accounts from Olympic competitors, and they mark a sea-change from the rules issued from Lausanne ahead of the 2000 Sydney Olympics, where athletes were banned from blogging altogether.

SAFETY ACT OFFERS BOTH LIABILITY PROTECTION AND LIABILITY AVOIDANCE FOR COMPANIES, DIRECTORS AND OFFICERS, AND PRESERVATION OF STOCKHOLDERS’ VALUE (Duane Morris Client Alert, 19 May 2009) - Although the SAFETY Act1 can cap a company’s liability exposure at a predetermined amount of insurance, and even eliminate a company’s liability exposure altogether, “it remains one of the most underreported and underutilized”2 risk management and litigation management tools for companies in any industry that uses security products, services, software, shopping center security guards, professional security certification programs, assessments and emergency response plans. Passed in response to the massive liability encountered in lawsuits stemming from September 11, 2001,3 as well as those lawsuits that held the Port Authority of New York and New Jersey liable for the 1993 World Trade Center attacks,4 the SAFETY Act provides two classifications designed to incentivize companies to develop and deploy anti-terrorism products and services by limiting or eliminating liability should an act of terrorism occur involving those products and services. By submitting an application to the U.S. Department of Homeland Security (DHS), a company’s products, services, threat-assessment best-practices, threat response plans and control center operations, among others, can gain “designation.” A designation of “Qualified Anti-Terrorism Technology” provides a company the following significant benefits:
• No punitive damage exposure;
• Claims against the seller are capped at an amount no greater than the limits of liability insurance coverage required to be maintained by the seller through DHS;
• Exclusive federal court jurisdiction;
• Plaintiff’s recovery is reduced by amounts from collateral sources; and
• No joint and several liability for noneconomic damages.
• A company may obtain additional protections by simultaneously seeking the second classification of DHS “certification.”

TRACK BUSINESS EXECUTIVES’ TWEETS WITH EXECTWEETS (CNET, 19 May 2009) - Are you trying to climb the corporate ladder? Hard work helps, but it couldn’t hurt to have some insight from those who have reached the top. ExecTweets for iPhone aggregates the Twitter feeds of nearly 100 top executives. Those execs include top brass from companies such as Best Buy, Digg, Microsoft, and Zappos. Following them nets you nuggets of business wisdom, links to stories they consider important, random thoughts (this is Twitter, after all), and even notable quotables (not sure why, but execs are really into quoting). The application makes it a snap to browse the tweets, with separate views for All, Featured, and Most Popular. You can also peruse “hot topics” (which lets you sort by selected keywords) and browse broad categories like government, health care, and technology.;title

WHO OWNS YOUR NAME ON TWITTER? (Wall Street Journal, 19 May 2009) - Social networks can be friendly places, but they are not democracies. Nor are they free markets. They are authoritarian regimes with whimsical and arbitrary rules. Nowhere is this fact more evident than in the doling out of domain names. On the Web, domain names are available for sale on a first-come, first-serve basis. If someone else buys your name first, you can try to buy it from them. If you’ve trademarked a name, you can fight for the name in the Internet Corporation for Assigned Names and Numbers’ domain-name court system. This makes sense: money and the law are acceptable remedies in our capitalist democracy. But social media domain names – such as – are a whole different ballgame. They can be doled out arbitrarily. Even if you get a name first on a social network, you are not allowed to sell it and it can be reclaimed by the social network at any time. Legal remedies for dealing with imposters or trademark issues range from murky to nonexistent. Since domain names are free on social media sites, it makes sense to grab yours quickly, even if you don’t plan to use it immediately. Many sites dole out domain names on a first-come, first-serve basis. The most democratic is LinkedIn, which hands out “vanity URLs,” such as, to the first person who asks for it. As long as the URL is really your name, you can keep it. Even celebrities can’t jump the line at LinkedIn. During the presidential campaign, Sen. John McCain wanted his LinkedIn URL but it was already taken by another person named John McCain – so the senator was out of luck, according to LinkedIn spokeswoman Kay Luo. MySpace and Twitter are similarly democratic in doling out names – but they offer few assurances about preventing celebrities from cutting in line. Twitter reserves the right to reclaim names that are trademarked or are “non-parody impersonations.” MySpace generally honors the first person to claim a name – but reserves the right to reclaim URLs on behalf of advertisers or celebrities with just 72 hours notice.

- and -

NEWT GINGRICH’S LAWYER DISPLAYS IGNORANCE OF BOTH TWITTER AND THE LAW IN SENDING C&D (TechDirt, 20 May 2009) - It really was just a few weeks ago that we were told that lawyers knew better than to send a clueless cease-and-desist letter... and then we get this story. Apparently a group that is in favor of a certain law that Newt Gingrich opposes sent out a Twitter message that included the @newtgingrich username to stir up some interest in a petition they were working on. This is part of how you use Twitter to communicate with others and get attention from certain people. But apparently Gingrich’s lawyer was upset that Gingrich’s name was being “used” in a message in favor of a law Gingrich opposes, and sent a ridiculously bad cease-and-desist letter that the folks at the Citizen Media Law Project dubbed: “How to Make Your Client Look Bad, in Three Easy Steps.” First, the lawyer clearly didn’t understand Twitter and how it works since using @newtgingrich is the equivalent of sending a public letter “Dear Newt Gingrich” -- which certainly wouldn’t be an abuse of his name. Second, the lawyer not only didn’t understand Section 230, but insisted that Tucows, the registrar behind the site that hosted the petition (and also republished the tweet) was somehow responsible for the content of the Twitter message: “continued display of the offending tweet ‘can expose any and all involved parties (including Twitter, and/or TuCows) to substantial ongoing, and even personal liability.’” Of course, that’s not even close to true. Then, on top of that, the lawyer basically tried to throw in claims on every law he could think up: “trademark infringement, violation of Gingrich’s and Anuzis’ publicity rights, false advertising, false designation of origin, tortious interference with prospective economic advantage and contractual relations, common law and computer trespass (could Twitter trespass upon its own computer?), conversion, traditional fraud and wire fraud, breach of contract (i.e., Twitter’s terms of service), violation of the Computer Fraud and Abuse Act, and even RICO violations.” C&D letter here:

UMICH FIRST TO SIGN UP UNDER GOOGLE BOOKS SETTLEMENT TERMS (CNET, 20 May 2009) - The University of Michigan has signed up as the first library to participate in Google’s book-scanning project under the terms of Google’s proposed settlement with library groups. Google and UM have been working together since 2004 on digitizing the university’s library collection, but the Google Book Search settlement would allow Michigan to offer its books online as part of a subscription, or in some cases for free. The settlement has drawn reported attention from the government as well as library groups worried over the costs associated with access to such a large digital library amassed by a single company. In exchange for participating in the project, however, Google plans to subsidize the cost of the university’s subscription to the digital library. Michigan was also able to negotiate the right for future participants to review the cost of the institutional subscriptions from time to time. “If they determine that prices are too high, University of Michigan and other participating libraries who sign these collective terms can challenge the prices through arbitration, and Google will be required to work with the (Book Rights) Registry to adjust the pricing accordingly,” the university said on its Web site. Authors have until September to decide if they want to opt out of the settlement and withhold their works from the digital library. The settlement would have Google install a free public terminal in libraries around the country for access to digital copies of public domain works, copyright works that Google is authorized to reproduce, and out-of-print titles. Other libraries would then be offered a subscription to the digital library for their own patrons.

IT MANAGERS UNDER PRESSURE TO WEAKEN WEB SECURITY POLICY (Search Security, 20 May 2009) - IT professionals are under pressure from upper level executives to open the floodgates to the latest Web-based platforms, relaxing Web security policy, according to a new survey of 1,300 IT managers. Nearly all those surveyed said they allow access to some Web-based services, such as webmail, mashups and wikis. But more employees are turning to online collaboration platforms; some are turning to Google Apps, which are integrated with Google’s Gmail platform, and others are turning to popular social networking sites, such as Twitter and Facebook. Some users are bypassing Web security policy to access the services, according to 47% of those surveyed. Pressure to relax Web security policy is increasing as well. The survey found that 86% of IT managers reported feeling pressure to allow more access to social networking websites, online collaboration tools and other cloud-based technologies. The pressure is coming from multiple sources, including C-level executives, marketing departments and sales. Despite the pressures, 80% are confident in their organizations Web security practices. However, the survey found many organizations lack Web application firewalls and other tools for defending against Web-based attacks. Sixty-eight percent said they lacked the ability to conduct real-time analysis of Web content to prevent data leakage, nearly 60% lacked the ability to prevent URL redirects and more than half had no tools to detect embedded malicious code on trusted websites.,289142,sid14_gci1356896,00.html#

FTC REACHES DATA SECURITY SETTLEMENT WITH MORTGAGE COMPANY (Steptoe & Johnson’s E-Commerce Law Week, 21 May 2009) - The Federal Trade Commission has reached another settlement with a company that allegedly failed to provide “reasonable” security for personal information. In an agreement announced in early May, home mortgage firm James B. Nutter & Company (JBN) agreed to establish and maintain “a comprehensive information security program” and submit to ten years of biennial assessments of its data security in order to settle charges that its lax data security practices had violated the Privacy and Safeguards Rules promulgated under the Gramm-Leach-Bliley Act. Among other things, the FTC’s complaint stressed JBN’s storage of personal information “in clear readable text,” suggesting once again that encrypting can help a company avoid the long arm of the FTC’s data security cops.

BLOGGERS, BEWARE: WHAT YOU WRITE CAN GET YOU SUED (Wall Street Journal, 21 May 2009) - Be careful what you post online. You could get sued. In March 2008, Shellee Hale of Bellevue, Wash., posted in several online forums about a hacker attack on a company that makes software used to track sales for adult-entertainment Web sites. She claimed that the personal information of the sites’ customers was compromised. About three months later, the software company -- which contends that no consumer data were compromised -- sued Ms. Hale in state court in New Jersey, accusing her of embarking “on a campaign to defame and malign the plaintiffs” in chat-room posts. In her legal response, Ms. Hale, 46 years old, claims she is covered by so-called shield laws that protect reporters from suits, because she was acting as a journalist and was investigating the hacker attack while researching a story on adult-oriented spam. Bloggers are increasingly getting sued or threatened with legal action for everything from defamation to invasion of privacy to copyright infringement. In 2007 -- the most recent data available -- 106 civil lawsuits against bloggers and others in social networks and online forums were tallied by the Citizen Media Law Project at the Berkman Center for Internet & Society at Harvard University, up from just 12 in 2003. There have been about $17.4 million in trial awards against bloggers to date, according to the Media Law Resource Center in New York, a nonprofit clearinghouse that tracks free-speech cases. Many lawsuits are thrown out of court or settled before trial, but not before causing headaches for the accused. Though the likelihood of a plaintiff winning a lawsuit is not high, “you could go bankrupt” just from defending against them, says Miriam Wugmeister, a partner at Morrison & Foerster LLP and a privacy and data-security law expert. The number of blogger lawsuits is likely to keep rising as the number of people who post online continues to grow, says Sandra Baron, executive director of the Media Law Resource Center and a media-law attorney. Social-networking sites such as LinkedIn, Facebook and MySpace -- which is owned by News Corp., the parent company of The Wall Street Journal -- and microblogging services like Twitter are making it easy for impetuous remarks to reach thousands of users in a matter of minutes. In March, fashion designer Dawn Simorangkir sued rocker Courtney Love for libel in Los Angeles Superior Court, accusing Ms. Love of posting disparaging remarks about the designer on Twitter and MySpace.

RICHARD SUSSKIND ON “THE END OF LAWYERS?” (Berkman Center, 22 April 2009) - Richard Susskind, author of The End of Lawyers? Rethinking the Nature of Legal Services predicts that the legal profession will be driven by two forces in the coming decade: by a market pull towards the commoditization of legal services, and by the pervasive development and uptake of new and disruptive legal technologies. But this could result in quite different law jobs emerging which may be highly rewarding, even if very different from those of today. 2 STARS.**** RESOURCES ****
Two 2006 ethics opinions essentially laying the ground work for lawyers’ use of “cloud” storage tools… NJ: NV:

FREE EBOOK: ‘IDENTITY IN THE AGE OF CLOUD COMPUTING’ (Aspen Institute, 8 May 2009) – The next-generation Internet’s impact on business, governance and social interaction (image above), 110 pages, May 2009: a look at the next-generation Internet and how it will impact all facets of society.

PROMOTING PRIVACY AND FREE SPEECH IS GOOD BUSINESS (ACLU, May 2009) - This Guide will help you make smart, proactive decisions about privacy and free speech so you can protect your customers’ rights while bolstering the bottom line. Failing to take privacy and free speech into proper account can easily lead to negative press, government investigations and fines, costly lawsuits, and loss of customers and business partners. By making privacy and free speech a priority when developing a new product or business plan, your company can save time and money while enhancing its reputation and building customer loyalty and trust.’s_good_for_business.pdf

PRIVACY GROUP SUES NSA OVER SPY NET (ZDNet -- 4 December 1999) -- Americans could learn more about the degree to which the secretive National Security Agency -- the government body charged with cracking codes and protecting critical information -- has been spying on U.S. citizens, if a suit filed on Friday by the Electronics Privacy Information Center garners results. “The charter of the National Security Agency does not authorize domestic intelligence gathering,” said Marc Rotenberg, director of EPIC, in a statement on Friday. “Yet we have reason to believe that the NSA is engaged in the indiscriminate acquisition and interception of domestic communications taking place all over the Internet.” The questions arose from reports to the European Union last year that the United Kingdom and Australia, among other countries, had cooperated with the United States to collect electronic communications across national borders. In the report, the spy network was dubbed “Echelon.” “We are concerned less with Echelon in particular and more with the NSA’s eavesdropping practices in particular,” said David Sobel, general counsel for EPIC. ‘Interesting questions’ On Friday, EPIC filed a suit in federal court to free up documents regarding the legal justification for any surveillance that NSA had performed regarding U.S. citizens. These same documents were requested earlier this year by the House Intelligence Subcommittee, but the NSA refused to provide them.

************** NOTES **********************
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley ( with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
6. Crypto-Gram,
7. McGuire Wood’s Technology & Business Articles of Note,
8. Steptoe & Johnson’s E-Commerce Law Week,
9. Eric Goldman’s Technology and Marketing Law Blog,
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

Friday, May 01, 2009

MIRLN --- 12 April – 2 May 2009 (v12.06)

• Goldman Sachs Hires Law Firm to Shut Blogger’s Site
• NIST Issues Guidelines for E-Voting Machines
• Officials Say U.S. Wiretaps Exceeded Law
• Organized Crime Behind a Majority of Data Breaches
• Video Prank at Domino’s Taints Brand
• Ford Bets the Fiesta on Social Networking
• Fair Use Bolstered by Student-Cheating Detection Service
• U.N. Launches Library of World’s Knowledge
• HHS Releases Guidance on Securing Electronic Health Data
• Scholars Reject Obama’s Stance on Warrantless Cell-Phone Records
• Second Life Cracks Whip on Adult Content
• Digital Archives that Disappear
• Typical Lost or Stolen Laptop Costs Companies Nearly $50,000, Study Finds
o US Companies Still Underestimate Impact of Data Breaches, Says Hiscox Report
• Site Terms with Unilateral Right to Modify by One Party Declared Illusory, Unenforceable
• Employers Watching Workers Online Spurs Privacy Debate
o Facebook Surfing While Sick Costs Swiss Woman Job
• Wilson Sonsini Offers Free Document Assembly Tool
• Black’s Law Dictionary Now in iTunes
• Facebook Use Outstrips E-Mail
• Why Google Wants You to Google Yourself
• Corporate Blogs and ‘Tweets’ Must Keep SEC in Mind
• Report Reveals Why Lawyers Ok’d Chiquita Payments to Colombian Terrorists
• Analysis of Flickr Photos Could Lead to Online Travel Books
• FTC Publishes Report Surveying the Mobile Marketplace
• EU: Article 29 Working Party Adopts Opinion on New Standard Contractual Clauses
• Warner Music Issues DMCA Takedown on Larry Lessig Presentation
• Justice Dept. Opens Antitrust Inquiry into Google Books Deal
• Google Unveils New Tool to Dig for Public Data
• Fordham Law Class Collects Personal Info About Scalia; Supreme Ct. Justice is Steamed
• Wiped Out: Along With Jobs, Laid-Off Lose Photos, Email
• Pentagon Uses Facebook, Twitter to Spread Message
• MN Supreme Court Oks Breathalyzer Source Code Requests


**** NEWS ****

GOLDMAN SACHS HIRES LAW FIRM TO SHUT BLOGGER’S SITE (The Telegraph, 11 April 2009) - Goldman Sachs is attempting to shut down a dissident blogger who is extremely critical of the investment bank, its board members and its practices. The bank has instructed Wall Street law firm Chadbourne & Parke to pursue blogger Mike Morgan, warning him in a recent cease-and-desist letter that he may face legal action if he does not close down his website. Florida-based Mr Morgan began a blog entitled “Facts about Goldman Sachs” – the web address for which is – just a few weeks ago. In that time Mr Morgan, a registered investment adviser, has added a number of posts to the site, including one entitled “Does Goldman Sachs run the world?”. However, many of the posts relate to other Wall Street firms and issues. According to Chadbourne & Parke’s letter, dated April 8, the bank is rattled because the site “violates several of Goldman Sachs’ intellectual property rights” and also “implies a relationship” with the bank itself. Unsurprisingly for a man who has conjoined the bank’s name with the Number of the Beast – although he jokingly points out that 666 was also the S&P500’s bear-market bottom – Mr Morgan is unlikely to go down without a fight. He claims he has followed all legal requirements to own and operate the website – and that the header of the site clearly states that the content has not been approved by the bank.

NIST ISSUES GUIDELINES FOR E-VOTING MACHINES (TechWeb, 13 April 2009) - The National Institute of Standards and Technology has released a new draft of voluntary federal standards for electronic voting machines. NIST announced last week that it will take public comment on the new methods until July 1. Once the standards are adopted, state and local governments will decide whether their voting machine manufacturers will be required to meet the guidelines. Manufacturers currently use various proprietary laboratory testing techniques. NIST said that one transparent set of tests will improve government and voter confidence, while also giving manufacturers an improved understanding of how to ensure that their systems comply with federal standards. The current guidelines are known as VVSG 2005. The latest draft guidelines are called VVSG Next Iteration (VVSG-NI). They address hardware, usability, and security issues.§ion=News Guidelines here:

OFFICIALS SAY U.S. WIRETAPS EXCEEDED LAW (New York Times, 15 April 2009) - The National Security Agency intercepted private e-mail messages and phone calls of Americans in recent months on a scale that went beyond the broad legal limits established by Congress last year, government officials said in recent interviews. Several intelligence officials, as well as lawyers briefed about the matter, said the N.S.A. had been engaged in “overcollection” of domestic communications of Americans. They described the practice as significant and systemic, although one official said it was believed to have been unintentional. The legal and operational problems surrounding the N.S.A.’s surveillance activities have come under scrutiny from the Obama administration, Congressional intelligence committees and a secret national security court, said the intelligence officials, who spoke only on the condition of anonymity because N.S.A. activities are classified. Classified government briefings have been held in recent weeks in response to a brewing controversy that some officials worry could damage the credibility of legitimate intelligence-gathering efforts. The Justice Department, in response to inquiries from The New York Times, acknowledged Wednesday night that there had been problems with the N.S.A. surveillance operation, but said they had been resolved. [Editor: this is the story that also alluded to the interception of Re. Jane Harmon’s phone calls regarding the AIPAC prosecutions.]

ORGANIZED CRIME BEHIND A MAJORITY OF DATA BREACHES (Washington Post, 15 April 2009) - A string of data breaches orchestrated principally by a handful of organized cyber-crime gangs translated into the loss of hundreds of millions of consumer records last year, security experts say. The size and scope of the breaches, some of which have previously not been disclosed, illustrate the extent that organized cyber thieves are methodically targeting computer systems connected to the global financial network. Forensics investigators at Verizon Business, a firm hired by major companies to investigate breaches, responded to roughly 100 confirmed data breaches last year involving roughly 285 million consumer records. That staggering number -- nearly one breached record for every American -- exceeds the combined total breached from break-ins the company investigated from 2004 to 2007. In all, breaches at financial institutions were responsible for 93 percent of all such records compromised last year, Verizon reported. Unlike attacks studied between 2004 and 2007 -- which were characterized by hackers seeking out companies that used computer software and hardware that harbored known security flaws -- more than 90 percent of the records compromised in the breaches Verizon investigated in 2008 came from targeted attacks where the hackers carefully picked their targets first and then figured out a way to exploit them later. Bryan Sartin, director of investigative response at Verizon Business, said criminals in Eastern Europe played a major role in breaches throughout 2008. “About 50 percent of the confirmed breach cases we investigated shared perpetrators,” Sartin said. “Organized crime is playing a much larger part of the caseload we’re seeing. We’ve seen that both [the FBI] and the Secret Service have initiatives underway to go back through their cyber crime case histories over the past several years, to start tying together all of the common characteristics of the attacks to individuals, to really try and get a firm handle on the individuals responsible for these attacks.”

VIDEO PRANK AT DOMINO’S TAINTS BRAND (New York Times, 16 April 2009) - When two Domino’s Pizza employees filmed a prank in the restaurant’s kitchen, they decided to post it online. In a few days, thanks to the power of social media, they ended up with felony charges, more than a million disgusted viewers, and a major company facing a public relations crisis. In videos posted on YouTube and elsewhere this week, a Domino’s employee in Conover, N.C., prepared sandwiches for delivery while putting cheese up his nose, nasal mucus on the sandwiches, and violating other health-code standards while a fellow employee provided narration. The two were charged with delivering prohibited foods. By Wednesday afternoon, the video had been viewed more than a million times on YouTube. References to it were in five of the 12 results on the first page of Google search for “Dominos,” and discussions about Domino’s had spread throughout Twitter. As Domino’s is realizing, social media has the reach and speed to turn tiny incidents into marketing crises. In November, Motrin posted an ad suggesting that carrying babies in slings was a painful new fad. Unhappy mothers posted Twitter complaints about it, and bloggers followed; within days, Motrin had removed the ad and apologized. “We got blindsided by two idiots with a video camera and an awful idea,” said a Domino’s spokesman, Tim McIntyre, who added that the company was preparing a civil lawsuit. “Even people who’ve been with us as loyal customers for 10, 15, 20 years, people are second-guessing their relationship with Domino’s, and that’s not fair.” In just a few days, Domino’s reputation was damaged. The perception of its quality among consumers went from positive to negative since Monday, according to the research firm YouGov, which holds online surveys of about 1,000 consumers every day regarding hundreds of brands.

FORD BETS THE FIESTA ON SOCIAL NETWORKING (Wired, 17 April 2009) - Ford is betting the success of the Fiesta subcompact on the blogs, tweets and Facebook updates of 100 people who will live with the cars and share their experiences online. It’s a hell of a gamble, but if it pays off, Ford just might recast itself as a cool company with a great product -- no small feat for an American automaker. Ford wants to generate buzz for the Fiesta, which will bring Europe’s “small cars can be cool” ethos to America when it arrives next year. But rather than hand a bunch of them over to mainstream journalists, Ford broke with tradition by inviting dozens of 20-somethings to live with the car for six months and tell the world about it. “While were trying to build excitement and awareness for the vehicle with the Fiesta Movement campaign, there’s something bigger happening here,” Scott Monty, Ford’s social media boss, told “We’re also going to be building broader awareness of Ford.” Social networking sites sell everything from soda to singers these days, but the auto industry has been slow to catch on. It might seem like a big risk -- what if someone’s car craps out? But Ford, and the entire industry, for that matter, desperately needs to embrace the message it sends, said Ian Shafer, CEO of the marketing firm Deep Focus. Ford recently handed 100 Fiestas to 100 people selected from 4,000 applicants. These “agents” -- that’s what Ford calls them -- get to use the cars for six months in exchange for completing monthly “missions” with different themes. They’ll share their experiences through YouTube, Flickr, Facebook and Twitter accounts Ford created for the campaign.

FAIR USE BOLSTERED BY STUDENT-CHEATING DETECTION SERVICE (Wired, 17 April 2009) - A federal appeals court granted a boost to fair use advocates Friday when it ruled that an online cheating-detection service storing thousands of student essays did not violate the intellectual property rights of the essayists. Students who claimed breached their copyrights because it placed their works in its database brought the lawsuit. The site compares new essays submitted by teachers with a database of other essays to determine whether plagiarism was at work. The E-Commerce and Tech Law Blog eloquently provides the nuts and bolts of the decision by the 4th U.S. Circuit Court of Appeals: “The court stepped through the fair use analysis, dropping positive notes here (commercial uses can be fair uses), here (a use can be transformative ‘in function or purpose without altering or actually adding to the original work,’ citing Perfect 10 Inc. v. Inc.), and here (fact that used the entirety of the plaintiff’s work did not preclude finding of fair use). And it turned back a lot of other, small-bore challenges to the district court’s fair use finding.” Some 6,000 educational institutions in about 90 countries use the California-based cheating-detection service. and

U.N. LAUNCHES LIBRARY OF WORLD’S KNOWLEDGE (Washington Post, 21 April 2009) - A globe-spanning U.N. digital library seeking to display and explain the wealth of all human cultures has gone into operation on the Internet, serving up mankind’s accumulated knowledge in seven languages for students around the world. James H. Billington, the librarian of Congress who launched the project four years ago, said the ambition was to make available on an easy-to-navigate site, free for scholars and other curious people anywhere, a collection of primary documents and authoritative explanations from the planet’s leading libraries. The site ( has put up the Japanese work that is considered the first novel in history, for instance, along with the Aztecs’ first mention of the Christ child in the New World and the works of ancient Arab scholars piercing the mysteries of algebra, each entry flanked by learned commentary. “There are many one-of-a-kind documents,” Billington said in an interview. The World Digital Library, which officially will be inaugurated Tuesday at the Paris headquarters of UNESCO, the U.N. Educational, Scientific and Cultural Organization, has started small, with about 1,200 documents and their explanations from scholars in Arabic, Chinese, English, French, Portuguese, Spanish and Russian. But it is designed to accommodate an unlimited number of such texts, charts and illustrations from as many countries and libraries as want to contribute. “There is no limit,” Billington said. “Everybody is welcome.”

HHS RELEASES GUIDANCE ON SECURING ELECTRONIC HEALTH DATA (FCW, 20 April 2009) - To expand the use of electronic health records (EHRs), the Health and Human Services Department (HHS) has issued guidance on technologies and methods to protect personal electronic health care data. This 20-page guidance document released April 17 by HHS describes encryption and destruction as the means to protect personal health data by making the data “unusable, unreadable or indecipherable” to unauthorized individuals. Entities that comply with the guidance will not be subjected to upcoming breach notification provisions for unsecured data. “The specified technologies and methodologies, if used, create the functional equivalent of a safe harbor,” the document states. The guidelines were developed through a joint effort by the HHS Office for Civil Rights, Office of the National Coordinator for Health Information Technology, and the Centers for Medicare and Medicaid Services. This guidance is linked to two sets of breach notification regulations required by Congress as part of the economic stimulus law. HHS will release a breach notification regulation for hospitals, physicians, health plans, health providers and other covered entities under the Health Insurance Portability and Accountability Act of 1996. The Federal Trade Commission will release another breach regulation for vendors of personal health records and other non-HIPAA-covered entities. Guidance here:

SCHOLARS REJECT OBAMA’S STANCE ON WARRANTLESS CELL-PHONE RECORDS (Wired, 20 April 2009) - The Obama administration’s position that the government can force mobile carriers to hand over cellphone tower location information on their customers without a warrant is wrong, two legal scholars say. “Because CSLI acquisition is hidden, indiscriminate and intrusive, and because it reveals information over a period of time, it should be subject to the highest level of Fourth Amendment oversight (the same procedures used for wiretapping and video surveillance),” the scholars wrote late Friday. The scholars are Susan Freiwald, of the USF School of Law, and Peter Swire, of Ohio State University. Their words, published by the American Constitution Society, came a month after the Justice Department made its claim in a little-noticed case that the Fourth Amendment right to be free from unreasonable searches and seizures did not apply. Most Americans have or will carry a mobile phone in their lifespan, so the outcome could have wide-ranging privacy ramifications. Smartphones, like the iPhone, use cell-tower information to power geo-location applications like Google Maps. In a case pending before the 3rd U.S. Circuit Court of Appeals, the government maintains it can require federal judges to order mobile phone companies to release historical cell-tower information of a phone number without probable cause — the standard required for a search warrant. [Editor: apropos this, see “They Know Where You Are: Location Privacy In A Mobile World”, the podcast cited in MIRLN 12.05]

SECOND LIFE CRACKS WHIP ON ADULT CONTENT (CNET, 21 April 2009) - Virtual world Second Life has put in effect some new measures to keep adult content away from users who might not want to run into it. Or fly into it, as avatars might do. Later this year, parent company Linden Lab will create a standalone “continent” for adult content, and members who don’t purchase private “land” will be asked to migrate there if they wish to partake in adult-related activities. Second Life is an 18+ environment already, but stricter age verification policies will be put in place. You’ll need a “verified” account, either through credit card information or through Linden Labs’ filtering system, to get into the adult “continent.” Members will be asked to start flagging content as adults-only as part of a new content rating system, which will start to roll out in an update to the downloadable Second Life client that will be available next week. “The people that are on our mainland and in our estate, if they are going to engage with adult content, are being asked to do that in the adult content area,” said Cyn Skyberg, vice president of customer relations at Linden Lab. “Private land owners will be asked to tag their searches for adult-related listings so that it goes into the adult filter.” So what does this mean for Second Life, which was briefly a marketers’ paradise before swiftly falling from grace in the Silicon Valley pecking order? Well, it’ll help make it a friendlier environment for some of the new “residents” whom Linden Lab hopes to woo. The company is profitable, due largely in part to the sheer volume of virtual goods and transactions made on the platform by loyal users, and Linden Lab sees corporate and academic institutions as an area for future growth. [Editor: there’s a related symposium “Federal Consortium for Virtual Worlds: Imagine the Future” on 23-24 April 2009 at the National Defense University in D.C. streams/blogs/Tweets probably will be available here:; search Twitter for #FCVW09 tags]

DIGITAL ARCHIVES THAT DISAPPEAR (InsideHigherEd, 22 April 2009) - As digital archives have become more important and more popular, there are varying schools of thought among scholars about how best to guarantee that they will be around for good. Some think that the best possibility is for the creators of the archives -- people generally with some passion for the topic -- to keep control. Others favor acquisition, thinking that larger entities provide more security and resources for the long run. The fate of “Paper of Record,” a digital archive of early newspapers with a particularly strong collection of Mexican newspapers, may be cited in the years ahead as an example of the dangers of purchase by a large entity. Paper of Record was purchased (secretly) by Google in 2006, and shortly after Google took over management of the site, late last year, the archive disappeared from view. After weeks in which historians have complained to Google and others about the loss of their ability to work, the previous owner of the archive has received permission to bring the archive back for some period of time, and resumption of service could start as early next week. While the imminent return of the site will please scholars, many are worried about what the incident says about the availability and accessibility of key resources. Writing on the blog of the American Historical Association, Robert B. Townsend quoted the late Roy Rosenzweig, a George Mason University professor who was a pioneer in digital history, on the “fragility of evidence in the digital era.”

TYPICAL LOST OR STOLEN LAPTOP COSTS COMPANIES NEARLY $50,000, STUDY FINDS (, 22 April 2009) - A typical lost or stolen laptop costs employers $49,246, mostly due to the value of the missing intellectual property or other sensitive data, according to an Intel-commissioned study made public Wednesday. “It is the information age, and employees are carrying more information on their laptops than ever before,” according to an analysis done for Intel by the Michigan-based Ponemon Institute, which studies organizational data-management practices. “With each lost laptop there is the risk that sensitive data about customers, employees and business operations will end up in the wrong hands.” The five-month study examined 138 laptop-loss cases suffered over a recent 12-month period by 29 organizations, mostly businesses but also a few government agencies. It said laptops frequently are lost or stolen at airports, conferences and in taxis, rental cars and hotels. About 80 percent of the typical cost — or a little more than $39,000 — was attributed to what the report called a data breach, which can involve everything from hard-to-replace company information to data on individuals. Companies then often incur major expenses to prevent others from misusing the data. Lost intellectual property added nearly $5,000 more to the average cost. The rest of the estimated expense was associated with such things as investigative costs, lost productivity and replacing the laptop.

- and -

US COMPANIES STILL UNDERESTIMATE IMPACT OF DATA BREACHES, SAYS HISCOX REPORT (Hiscox, 22 April 2009) - Thirty-eight percent of Fortune 500 companies surveyed in a new report from Hiscox (LSE: HSX), the international specialist insurer, fail to acknowledge the threat of a data breach in the Risk Factors section of their SEC 10-K filing. Additionally, of the companies that do include the risk of a data breach in their 10-K, 26 percent fail to mention the consequential financial impact while a further 49 percent failed to identify the reputational impact. The research, which focused on the most recent 10-K filings of nearly 250 companies within the Fortune 500 in those industry sectors such as air travel, banking, healthcare, retail and utilities that would be expected to handle significant amounts of personal data, also found that:
• Less than half (48 percent) of the specialty retailers in the Fortune 500 mention privacy or data security in the Risk Factors section of their 10-K;
• while only 20 percent of companies in the gas and electric utilities sector make similar mention.
“Criminals today know that the real money is no longer to be found in bank safes but on company computers where access to one system could net the confidential information of millions of individuals, leading to fraud on a grand scale,” said Jim Whetstone, Senior Vice President, Hiscox. “Our research shows that corporate America appears to still be far more concerned with identifying the conventional risks such as fire and flood to their business and has not yet fully accepted the extensive financial and reputational damage that a data breach and loss of confidential information can cause.” “As cyber criminals become more adept at circumventing security technology and security breaches grow in scope and scale, it is key that US companies recognize the risk and do everything practical to protect sensitive company and customer information.”

SITE TERMS WITH UNILATERAL RIGHT TO MODIFY BY ONE PARTY DECLARED ILLUSORY, UNENFORCEABLE (BNA’s Internet Law News, 23 April 2009) - BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the Northern District of Texas has ruled that an online terms of use agreement that reserved to the Web site operator the right to unilaterally modify the agreement was an unenforceable “illusory contract.” With this view of the law in mind, the court denied the Web site’s motion to compel contractually required individual arbitration of the plaintiff’s privacy claims. Case name is Harris v. Blockbuster Inc. Decision here:

EMPLOYERS WATCHING WORKERS ONLINE SPURS PRIVACY DEBATE (Wall Street Journal, 23 April 2009) - By now, many employees are uncomfortably aware that their every keystroke at work, from email on office computers to text messages on company phones, can be monitored legally by their employers. What employees typically don’t expect is for the company to spy on them while on password-protected sites using nonwork computers. But even that privacy could be in jeopardy. A case brewing in federal court in New Jersey pits bosses against two employees who were complaining about their workplace on an invite-only discussion group on, a social-networking site owned by News Corp., publisher of The Wall Street Journal. The case tests whether a supervisor who managed to log into the forum -- and then fired employees who badmouthed supervisors and customers there -- had the right to do so. The case has some legal and privacy experts concerned that companies are intruding into areas that their employees had considered off limits. “The question is whether employees have a right to privacy in their non-work-created communications with each other. And I would think the answer is that they do,” said Floyd Abrams, a First Amendment expert and partner at Cahill Gordon & Reindel LLP in New York. The legal landscape is murky. For the most part, employers don’t need a reason to fire nonunion workers. But state laws in California, New York and Connecticut protect employees who engage in lawful, off-duty activities from being fired or disciplined, according to a report prepared by attorneys at the firm Proskauer Rose LLP. While private conversations might be covered under those laws, none of the statutes specifically addresses social networking or blogging. Thus, privacy advocates expect to see more of these legal challenges. [Editor: with this MIRLN I’m beginning to carry WSJ articles because there’s a free iPhone App that accesses WSJ content for-free; I use it to harvest URLs—like this one—which later can be used in a browser.]

- and -

FACEBOOK SURFING WHILE SICK COSTS SWISS WOMAN JOB (Reuters, 24 April 2009) - A Swiss insurance worker lost her job after surfing popular social network site Facebook while off sick, her employer said on Friday. The woman said she could not work in front of a computer as she needed to lie in the dark but was then seen to be active on Facebook, which insurer Nationale Suisse said in a statement had destroyed its trust in the employee. “This abuse of trust, rather than the activity on Facebook, led to the ending of the work contract,” it said. The unnamed woman told the 20 Minuten daily she had been surfing Facebook in bed on her iPhone and accused her employer of spying on her and other employees by sending a mysterious friend request which allows access to personal online activity.

WILSON SONSINI OFFERS FREE DOCUMENT ASSEMBLY TOOL (ABA Journal, 23 April 2009) - Palo Alto, Calif.-based Wilson Sonsini Goodrich & Rosati launched a free online tool that drafts term sheets—documents that outline the terms and conditions of a business contract—for preferred stock financing. According to Wilson Sonsini’s website, the tool is a modified version of one its lawyers use internally. Users answer a series of questions and then generate the term sheet, “which is intended to be useful in deal discussions between entrepreneurs and investors and in crafting a final, customized term sheet with the help of attorneys,” according to a firm statement. Legal bloggers can’t help but question whether a law firm will lose billables with a move like this one. “Where I’d have concerns are those situations in which other lawyers are using the tool, then billing their own clients for work they created for free,” Carolyn Elefant writes on Legal Blog Watch. But consultant and law professor Ken Adams writes on his blog, AdamsDrafting, that he thinks those who use the term sheet generator will be inclined to hire Wilson Sonsini, and points out that London-based Linklaters has offered a similar tool for a number of years. Commentary on the generator here:

BLACK’S LAW DICTIONARY NOW IN ITUNES (ABA Journal, 24 April 2009) - Adding to the ever-expanding toolbox for the wired lawyer who needs to work while on the go, West has launched a Black’s Law Dictionary in iTunes. This is the first iPhone/iPod Touch app for the legal publisher and features the most recent edition of the dictionary. “The idea that you can have a very full, elaborate, complex and richly-textured book like Black’s available at your fingertips is fantastic,” the dictionary’s editor Bryan A. Garner said in a statement. Before heading to the app store, be forewarned that the price is a bit steep compared to most of the freebies or less-than-a-dollar applications many are used to seeing. The Federal Rules of Evidence are available on The Law Pod app for 99 cents. And the U.S. Constitution is available in a number of apps for free or for a nominal price. So what’s West’s price for the Black’s Law Dictionary? $49.99. That’s still a break off the Amazon price for print, which is listed at more than $52 ($195 for a second edition reprint) and the digital version, which is going for $80.

FACEBOOK USE OUTSTRIPS E-MAIL (The Deal, 24 April 2009) - In the last year, people somehow found a way to spend 73% more time on Facebook Inc. and other social networking sites, if that were possible. The stat comes from Nielsen Co.’s The Global Online Media Landscape, released Wednesday. In February, Nielsen found, people used social network sites more than they used Web-based e-mail for the first time ever. Neilsen report here:

WHY GOOGLE WANTS YOU TO GOOGLE YOURSELF (Time, 25 April 2009) - The act of Googling oneself has become the digital age’s premiere guilty pleasure — an activity enjoyed by all and admitted by few. The phenomenon has even been the subject of scholarly research. Last year, a team of Swiss and Australian social scientists published a study concluding that the practice of self-Googling (or “ego-surfing,” as it’s sometimes called) can partly be traced to a rise in narcissism in society, but that it is also an attempt by people to identify and shape their personal online “brand.” The authors of the survey no doubt returned to their cubicles and Googled themselves to see if the study was posted online. The folks at Google are well aware that their site handles millions of vanity searches every day, and that users aren’t always thrilled about the results that pop up when they Google themselves. “The reason people search for themselves is that they’re curious about what other people see when they search for their name,” says Joe Kraus, Google’s director of product management. “One problem is they don’t have any control over the search results. Either they don’t like the search results, or what happens most of the time is, they’re not listed on the first page. If your name is Brian Jones and you’re not the deceased Rolling Stones guitarist, you don’t exist.” To give people a bit more control over search results, Google introduced a feature this week it calls a “Google profile,” which users can create so that a thumbnail of personal information appears at the bottom of U.S. name-query search pages. Once users create a Google profile, their name, occupation and location (and photo if they choose) appears in a box on the first page of the search results for their name. Next to the thumbnail info, there’s a link to a full Google profile page that in many ways resembles a Facebook page.,8599,1893965,00.html?xid=rss-topstories Profile page here:

CORPORATE BLOGS AND ‘TWEETS’ MUST KEEP SEC IN MIND (Wall Street Journal, 27 April 2009) - An eBay Inc. effort to broaden communication through the popular Twitter Web-messaging service highlights the hurdles facing corporate users of online social media. The online auctioneer launched a corporate blog in April 2008. Two months later, blogger Richard Brewer-Hay began “tweeting” -- posting updates on Twitter -- about Silicon Valley technology conferences, eBay’s quarterly earnings calls and other topics. The growing Twitter audience also attracted the attention of eBay’s lawyers, who last month required Mr. Brewer-Hay to include regulatory disclaimers with certain posts. Some followers think the tougher oversight is squelching Mr. Brewer-Hay’s spontaneous, informal style. His experience shows the tension that can arise as more companies tap social media to reach investors, customers and others. Eighty-one Fortune 500 companies sponsor public blogs, including Wal-Mart Stores Inc., Chevron Corp. and General Motors Corp., according to the Society for New Communications Research. Of those blogs, 23 link to corporate Twitter accounts. On Thursday, a Johnson & Johnson executive reported for the first time on the health-care giant’s annual meeting via Twitter, which allows users to post “tweets” of as many as 140 characters via text messages and the Web. Such efforts raise thorny questions. Blogs and tweets can run afoul of Securities and Exchange Commission regulations on corporate communications. But sanitizing such posts risks hurting credibility with online audiences. The SEC boasts its own Twitter account, and encourages companies to communicate to investors via the Web. In July, the commission said companies could disseminate certain information on the Web without issuing a news release. But even some tech-savvy companies remain wary. Intel Corp. in May will be among the first companies to allow shareholders to ask questions via the Web and vote online during its annual meeting. But the chip maker avoids blogs and Twitter for investor issues, because it fears violating SEC disclosure rules or inviting public criticism in a company-hosted forum, says Kevin Sellers, vice president of investor relations.

REPORT REVEALS WHY LAWYERS OK’D CHIQUITA PAYMENTS TO COLOMBIAN TERRORISTS (, 28 April 2009) - A new 269-page report by an independent special litigation committee reveals why Chiquita Brands International paid extortion money to Colombian terrorists for 15 years, reports the Cincinnati Business Courier. Cincinnati-based Chiquita, one of the world’s top banana producers, admitted in March 2007 that it had paid millions to several Colombian terrorist groups in order to protect its workers and business interests in the South American country. Chiquita subsequently paid $25 million to settle a Justice Department investigation into the payments, making the company the first in the U.S. to be convicted of financial dealings with designated terrorist organizations. Former Covington & Burling partner and current U.S. Attorney General Eric Holder Jr., was tapped by Chiquita to handle the Justice Department inquiry. The ensuing legal proceedings raised questions about the legal advice Chiquita had received about the payments from its outside counsel at Kirkland & Ellis and touched off a turf war between Main Justice’s criminal division and the U.S. attorney’s office for the District of Columbia over how the investigation should proceed. Since settling the criminal case, Chiquita has sought to clear itself of civil liability in consolidated litigation before U.S. district court judge Kenneth Marra in West Palm Beach, Fla. According to the Courier, a special litigation committee report was filed along with a motion to dismiss the shareholder litigation, a fairly common occurrence. The massive report delves into how the $10,000 payments that Chiquita doled out in the 1980s soon multiplied into multimillion dollar payments to right-wing paramilitaries and left-wing guerrillas a little more than a decade later. (The report also states that Chiquita chose to settle the Justice Department case rather than face as much as $180 million in potential litigation costs.) Report here:

ANALYSIS OF FLICKR PHOTOS COULD LEAD TO ONLINE TRAVEL BOOKS (, 28 April 2009) - Cornell scientists have downloaded and analyzed nearly 35 million Flickr photos taken by more than 300,000 photographers from around the globe, using a supercomputer at the Cornell Center for Advanced Computing (CAC). Their research, which was presented at the International World Wide Web Conference in Madrid, April 20-24, provides a new and practical way to automatically organize, label and summarize large-scale collections of digital images. The scalability of the method allows for mining information latent in very large sets of images, raising the intriguing possibility of an online travel guidebook that could automatically identify the best sites to visit on a vacation, as judged by the collective wisdom of the world’s photographers. The research also generated statistics on the world’s most photographed cities and landmarks, gleaned from the analysis of the multi-terabyte photo collection:
• The top 25 most photographed cities in the Flickr data are (in order): New York City, London, San Francisco, Paris, Los Angeles, Chicago, Washington, D.C., Seattle, Rome, Amsterdam, Boston, Barcelona, San Diego, Berlin, Las Vegas, Florence, Toronto, Milan, Vancouver, Madrid, Venice, Philadelphia, Austin, Dublin and Portland.
• The top seven most photographed landmarks are (in order): Eiffel Tower, Paris; Trafalgar Square, London; Tate Modern museum, London; Big Ben, London; Notre Dame, Paris; The Eye, London; and the Empire State Building, New York City. Interestingly, the Apple Store in midtown Manhattan was the fifth-most photographed place in New York City -- and the 28th-most photographed place in the world. The researchers developed techniques to identify places that people find interesting to photograph, showing results for thousands of locations at both city and landmark scales.

FTC PUBLISHES REPORT SURVEYING THE MOBILE MARKETPLACE (Hogan & Hartson, 28 April 2009) - On April 22, 2009, the Federal Trade Commission (FTC) issued a report on recent and upcoming developments in the mobile commerce market, summarizing discussions from nine public town hall sessions on topics ranging from mobile security and location-based services to best practices for billing, complaints, and customer dispute resolution. Although the report generally praised the innovation by participants in the mobile marketplace, the FTC noted three areas of potential concern and future regulation: 1) cost disclosures for mobile services, 2) unwanted or harmful mobile text messages, and 3) privacy challenges related to children’s use of smartphones to access the mobile web. The FTC also announced a plan to expedite its review of the Children’s Online Privacy Protection Rule to 2010, rather than 2015 as originally planned. In light of the FTC’s report, mobile service providers, equipment manufacturers, and application developers should review their policies to ensure compliance with industry best practices and should continue to monitor regulatory and legislative developments at both the state and federal levels.

EU: ARTICLE 29 WORKING PARTY ADOPTS OPINION ON NEW STANDARD CONTRACTUAL CLAUSES (Hunton & Williams, 28 April 2009) - On March 17, 2009, the Article 29 Working Party released Opinion 3/2009 on the Commission’s draft decision for standard contractual clauses (SCCs), which discusses proposed updates of the clauses allowing the transfer of personal data to sub-processors established in third-world countries, in light of increased global outsourcing practices. Opinion here:

WARNER MUSIC ISSUES DMCA TAKEDOWN ON LARRY LESSIG PRESENTATION (TechDirt, 28 April 2009) - If there were anyone out there to whom you would not want to send a random takedown notice for an online video, it would probably be Larry Lessig. Given that Lessig has become the public face for those who feel that copyright has been stretched too far, as well as being a founder of Stanford’s Fair Use Project, and who’s written multiple books on these issues, you would think (just maybe) that any copyright holder would at least think twice before sending a DMCA takedown on a Larry Lessig presentation. Apparently, you’d be wrong. Lessig has announced that Warner Music issued a DMCA takedown on one of Lessig’s own presentations, in which his use is almost certainly fair use. Lessig, of course, is a lawyer, and a big supporter of fair use, so it’s no surprise that he’s also said he’s going to be fighting this.

JUSTICE DEPT. OPENS ANTITRUST INQUIRY INTO GOOGLE BOOKS DEAL (New York Times, 29 April 2009) - The Justice Department has begun an inquiry into the antitrust implications of Google’s settlement with authors and publishers over its Google Book Search service, two people briefed on the matter said Tuesday. Lawyers for the Justice Department have been in conversations in recent weeks with various groups opposed to the settlement, including the Internet Archive and Consumer Watchdog. More recently, Justice Department lawyers notified the parties to the settlement, including Google, and representatives for the Association of American Publishers and the Authors Guild, that they were looking into various antitrust issues related to the far-reaching agreement. The inquiry does not necessarily mean that the department will oppose the settlement, which is subject to a court review. But it suggests that some of the concerns raised by critics, who say the settlement would unfairly give Google an exclusive license to profit from millions of books, have resonated with the Justice Department. The settlement, announced in October, gives Google the right to display the books online and to profit from them by selling access to individual texts and selling subscriptions to its entire collection to libraries and other institutions. Revenue would be shared among Google, authors and publishers. But critics say that Google alone would have a license that covers millions of so-called orphan books, whose authors cannot be found or whose rights holders are unknown. Some librarians fear that with no competition, Google will be free to raise prices for access to the collection.

GOOGLE UNVEILS NEW TOOL TO DIG FOR PUBLIC DATA (Washington Post, 29 April 2009) - Google launched a new search tool yesterday designed to help Web users find public data that is often buried in hard-to-navigate government Web sites. The tool, called Google Public Data, is the latest in the company’s efforts to make information from federal, state and local governments accessible to citizens. It’s a goal that many Washington public interest groups and government watchdogs share with President Obama, whose technology advisers are pushing to open up federal data to the public. The company plans to initially make available U.S. population and unemployment data from the Census Bureau and the Bureau of Labor Statistics, respectively. Other data sets, such as emissions statistics from the Environmental Protection Agency, will roll out in the coming months. Google’s Washington employees have spent the past two years visiting government agencies to urge them to make their Web sites, records and databases more searchable. The E-Government Act of 2002 required government agencies to make information more accessible electronically, but users have complained that many agencies do not organize their Web sites so they can be easily indexed by search engines. And some agencies, Google has said, embed codes in their sites that make certain pages invisible to search engines.

FORDHAM LAW CLASS COLLECTS PERSONAL INFO ABOUT SCALIA; SUPREME CT. JUSTICE IS STEAMED (ABA Journal, 29 April 2009) - Last year, when law professor Joel Reidenberg wanted to show his Fordham University class how readily private information is available on the Internet, he assigned a group project. It was collecting personal information from the Web about himself. This year, after U.S. Supreme Court Justice Antonin Scalia made public comments that seemingly may have questioned the need for more protection of private information, Reidenberg assigned the same project. Except this time Scalia was the subject, the prof explains to the ABA Journal in a telephone interview. His class turned in a 15-page dossier that included not only Scalia’s home address, home phone number and home value, but his food and movie preferences, his wife’s personal e-mail address and photos of his grandchildren, reports Above the Law. And, as Scalia himself made clear in a statement to Above the Law, he isn’t happy about the invasion of his privacy: “Professor Reidenberg’s exercise is an example of perfectly legal, abominably poor judgment. Since he was not teaching a course in judgment, I presume he felt no responsibility to display any,” the justice says, among other comments. In response, Reidenberg tells the ABA Journal that the information gathered by his class about Scalia was all “publicly available, for free,” and wasn’t posted on the Internet by the class or otherwise further publicized. He views the dossier-gathering about a public figure as a legitimate classroom exercise intended to spark discussion about privacy law, and says he and the class didn’t intend to offend Scalia. The availability of such information on the Web makes it possible for the government to conduct surveillance that otherwise would be much more difficult or even impossible to pursue through court orders and other official mechanisms, Reidenberg contends. And aggregation of various bits of information also can lead to more troubling use of the compiled information, he says. “When there are so few privacy protections for secondary use of personal information, that information can be used in many troubling ways,” he writes in an e-mail to the ABA Journal. “A class assignment that illustrates this point is not one of them. Indeed, the very fact that Justice Scalia found it objectionable and felt compelled to comment underscores the value and legitimacy of the exercise.”

WIPED OUT: ALONG WITH JOBS, LAID-OFF LOSE PHOTOS, EMAIL (Wall Street Journal, 30 April 2009) - Michele Wallace had worked for Medialink Worldwide Inc. for 18 years when the New York video-distribution company laid her off last May. When the company’s information-technology staff quickly shut down her computer and her BlackBerry, the senior vice president of client services lost family photos and every personal and business contact on her cellphone and computer. “I couldn’t even call my sister because I don’t know her number off the top of my head,” says Ms. Wallace, now a 47-year-old managing director at Mega Media Worldwide and living in Asbury Park, N.J. “I know you shouldn’t even have that stuff on the computer,” she says. But in the course of working 10- to 12-hour days for several years, “you don’t pay as much attention as to how much is personal on your computer.” She’s still piecing together her contacts on Facebook and LinkedIn. (Medialink did not return calls for comment.) As layoffs sweep across industries, employees’ personal information is winding up in the dustbin, as well. Most workers know better than to store personal files on their office computer. But employees who spend the majority of their time at the office often treat the company PC as their personal gadget, filling it with music, photos, personal contacts -- even using the computer’s calendar to track a child’s soccer schedule. That makes it all the more distressing when a newly laid-off worker learns that his digital belongings are company property.

PENTAGON USES FACEBOOK, TWITTER TO SPREAD MESSAGE (AP, 1 May 2009) - You don’t often hear a three-star general using the word “friend” as a verb. But for Lt. Gen. Benjamin Freakley and other Army brass, a new era has brought a new language — and new tools like online social networks Twitter and Facebook — for seeking out young recruits and spreading the military’s message. Freakley, who heads the Army command that oversees recruiting, says social networking sites offer another way to reach tomorrow’s soldiers. “They live in the virtual world,” Freakley said. He cited Facebook as a key component in targeting 18-to 24-year-olds. “You could friend your recruiter, and then he could talk to your friends.” Even Gen. Raymond Odierno, the top U.S. commander in Iraq, has a new Facebook page to answer questions about the mission in Iraq and spread the word about what the troops are accomplishing there. The Army isn’t the only branch of the military with Facebook friends or that has a following on Twitter. The Air Force has also established a Facebook page, Twitter feeds and a blog, while the Marine Corps is using various networking sites mainly for recruiting purposes. The Navy is “experimenting” with several forms of online media, and some of its commands are using Twitter, a spokesman said. Even the Coast Guard commandant regularly updates his Facebook status while traveling. The Army has also added to its Web site video games, a virtual recruiter and clips that answer commonly asked questions about life in uniform.

MN SUPREME COURT OKS BREATHALYZER SOURCE CODE REQUESTS (ArsTechnica, 1 May 2009) - The Minnesota Supreme Court has finally ruled on the contentious issue of giving drunk driving defendants access to the Intoxilyer 500EN source code. Defendants have repeatedly claimed that the devices are (or might be) flawed; since the machine's breath test results are one of the main bits of evidence against them, justice demands that they have the right to examine the device firmware for accuracy. The justices have agreed—but only for defendants who have a reason for looking. Fishing expeditions don't qualify. Two defendants, Dale Underdahl and Timothy Brunner, were both arrested on suspicion of drunk driving. Field breath tests using the Intoxilyzer 5000EN showed that both men had far more than the legal limit for alcohol in their systems, and they were subsequently charged. Both men demanded access to the Intoxilyzer source code, but with one key difference: Underdahl gave no reason for thinking that the code might contain errors, while Brunner turned in a memo and nine exhibits. Brunner's documents included testimony from a computer science prof and a report from a New Jersey court case showing "a variety of defects" in breath test source code. That proved to be a key difference for the Supreme Court, which noted that Underdahl "advanced no theories on how the source code" could help him. According to the majority of the justices, "even under a lenient showing requirement, Underdahl failed to make a showing that the source code may relate to his guilt or innocence." So—no source code for Underdahl. But Brunner's extra effort paid off. Because he provided the court with some reason for questioning the validity of the source code, the Supreme Court found that the code was discoverable in his case. The state is required to produce it, though this poses another problem: the device's maker, CMI, has long refused to turn over the code in such cases. (It claims "trade secrets" in the 50,000 lines of assembly language code that runs on the Intoxilyzer's Z80 microchips.) Ruling here:

SIFTABLES, THE TOY BLOCKS THAT THINK (TED Talk, by MIT’s David Merrill) – 7minute video demonstration of cookie-sized, computerized tiles you can stack and shuffle in your hands. These future-toys can do math, play music, and talk to their friends, too. Is this the next thing in hands-on learning?

**** RESOURCES ****
FACEBOOK ETHICS (Philadelphia Bar Association Opinion, March 2009) -- Lawyer can’t use a strawman to send a friend request to adverse witness, in a search for possibly-impeaching evidence on witness’ private Facebook page. Rationale: the friend-request is deceptive conduct.

COMMERCE WANTS TO CLOSE NTIS, PUT INFO ONLINE -- U.S. Commerce Secretary William Daley says he supports shutting down the nearly 50-year-old National Technical Information Service (NTIS) and transferring its extensive archives of government reports and documents to the Library of Congress. “This way, the American people can find the documents they want via search engines that currently exist - and the more powerful ones being created - and download them for free. We will propose legislation to Congress next month to achieve these ends,” says a Commerce Department statement. NTIS, which was charged with becoming self-funding during the Reagan administration, often charged what some felt were exorbitant prices for publicly funded information. “We think this is great news,” says a policy analyst at the Center for Democracy and Technology. “We think it shows that the Commerce Department is really looking at the Internet and realizes what it can mean for public access to government information.” (New York Times 17 Aug 99)

************** NOTES **********************
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley ( with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
6. Crypto-Gram,
7. McGuire Wood’s Technology & Business Articles of Note,
8. Steptoe & Johnson’s E-Commerce Law Week,
9. Eric Goldman’s Technology and Marketing Law Blog,
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.