Saturday, May 23, 2009

MIRLN --- 3-23 May 2009 (v12.07)

• Wiki Operator Sues Apple Over Bogus Legal Threats
• Ottawa Courtroom Joins Twitter Age for Mayor’s Trial
• Mini-Links to Web Sites are Multiplying
• Owned? Legal Terms of Video Hosting Services Compared
• HHS Guidance Could Set Encryption Standard
• $12.6 Million Spent so far to Respond to Heartland Breach
• Hackers Want Millions for Data on Prescriptions
o UC Berkeley Computers Hacked, 160,000 at Risk
• EC Wants Software Makers Held Liable for Code
• A Twitter Code of Conduct
• Linden Labs Gets Zapped in Lawsuit by Taser for Hosting the Sale of “Virtual Goods” that Look Like the Real Thing
• Flickr Creates New License for White House Photos
• Dell Bans E-Waste Export to Developing Countries
• Google Unveils New Search Products
• Up to 24 Percent of Software Purchases Now Open Source
• Google Re-Shoots Japan Scenes after Privacy Complaints
• Financial Industry Regulator Fines Firm for Data Security Failings
• FTC Drops Antitrust Claim Against Rambus
• New iPhone App Helps You Keep Tabs on Politicians’ Voting Records
o A Million Downloads: Free Stanford Course on Creating iPhone Apps Takes off at a Furious Pace
• GM Stakes Virtual Property on Case of Bankruptcy
• Fourth Circuit Limits SCA Statutory Damages
• Crackho.Com DNS Prank Ruffles Sarah Palin’s Feathers
o Six Simple Steps You Can Take to Protect Your Gripe or Parody Site
• Google Liberalizes US Trademark Policy: “What, Me Worry?” Part 2
• Olympic Blogs Get Go-Ahead for Vancouver
• Safety Act Offers both Liability Protection and Liability Avoidance for Companies, Directors and Officers, and Preservation of Stockholders’ Value
• Track Business Executives’ Tweets with Exectweets
• Who Owns Your Name on Twitter?
o Newt Gingrich’s Lawyer Displays Ignorance of Both Twitter and the Law in Sending C&D
• UMICH First to Sign Up Under Google Books Settlement Terms
• IT Managers Under Pressure to Weaken Web Security Policy
• FTC Reaches Data Security Settlement with Mortgage Company
• Bloggers, Beware: What You Write Can Get You Sued


**** NEWS ****

WIKI OPERATOR SUES APPLE OVER BOGUS LEGAL THREATS (EFF, 27 April 2009) - The Electronic Frontier Foundation (EFF) filed suit against Apple Inc. today to defend the First Amendment rights of an operator of a noncommercial, public Internet “wiki” site known as BluWiki. Late last year, after BluWiki users began a discussion about making some Apple iPods and iPhones interoperate with software other than Apple’s own iTunes, Apple lawyers demanded removal of the content. In a letter to OdioWorks, the attorneys alleged that the discussions constituted copyright infringement and a violation of the Digital Millennium Copyright Act’s (DMCA’s) prohibition on circumventing copy protection measures. Fearing legal action by Apple, OdioWorks took down the discussions from the BluWiki site. Filed in federal court in San Francisco, the suit seeks a declaratory judgment that the discussions do not violate any of the DMCA’s anti-circumvention provisions, and do not infringe any copyrights owned by Apple. The discussions on the BluWiki site focused on how hobbyists might enable iPods and iPhones to work with desktop media management software other than Apple’s own iTunes software. The discussions were apparently spurred by Apple’s efforts prevent the iPod Touch and iPhone from working with competing media management software such as WinAmp and Songbird. “Apple’s legal threats against BluWiki are about censorship, not about protecting their legitimate copyright interests,” said Senior Staff Attorney Fred von Lohmann. “Wikis and other community sites are home to many vibrant discussions among hobbyists and tinkerers. It’s legal to engage in reverse engineering in order to create a competing product, it’s legal to talk about reverse engineering, and it’s legal for a public wiki to host those discussions.” EFF’s complaint here:

OTTAWA COURTROOM JOINS TWITTER AGE FOR MAYOR’S TRIAL (Ottawa Citizen, 4 May 2009) - Television cameras are barred from the criminal trial of Ottawa Mayor Larry O’Brien, but observers are free to use BlackBerrys, laptops and other forms of electronic text messaging to report live on the proceedings. In a small breakthrough for new media technologies, Judge J. Douglas Cunningham rejected concerns about “putting the genie back in the bottle” and said he would allow journalists to send messages from his courtroom directly to the Internet. Cunningham, who is associate chief justice of the Ontario Superior Court, cautioned that the ruling applies only to this particular trial. The new technologies could raise other concerns in a jury trial, he said. The ruling will allow Canwest News Service and other news organizations to provide moment-by-moment coverage of the trial via the popular Internet messaging service Twitter. It applies to anyone who attends, not just journalists.

MINI-LINKS TO WEB SITES ARE MULTIPLYING (New York Times, 4 May 2009) - If you have spent any time on the Internet in the last few months, chances are you have clicked on a shortened link Web address. URL shorteners, which abbreviate unwieldy Web addresses into bite-size links, have been around for years. The most popular service,, was started in 2002 by a unicyclist named Kevin Gilbertson. But the tools have soared in popularity recently, in part because of microblogging sites like Twitter and Facebook, where messages are limited in length and every character counts. URL shorteners are easy to build, and dozens of competitors have proliferated, with minimalist, character-conserving names like, and Most of them are simple tools created as a labor of love with no real business model behind them. Shorteners, however, could have real value beyond making Web addresses more manageable, said Danny Sullivan, editor of the blog Search Engine Land. They have the ability to keep track of use — how many times a particular link was clicked and the geographic location of the clickers — which could be valuable to marketers, news outlets and companies looking to measure the impact of a link, tweet or mention online. “The tracking element is very important,” said Mr. Sullivan. Some tools even highlight comments posted to Facebook or FriendFeed about a particular link — features that standard tools like Google Analytics may not be able to provide. One popular link shortening service,, is trying to build a business around that kind of data. Betaworks Studios is a New York technology incubator that has invested in Tumblr, a microblogging tool; OMGPOP, a social gaming site; and, a hyperlocal news aggregator. It developed as an internal tool for its portfolio of companies to use. Because tracks its clipped URLs in real time, no matter where they are posted — instant messages, Twitter, Facebook, blogs or e-mail — the service could become “a real source for extracting information about how people are using the Web,” Mr. Sacca said. In addition to tracking links, uses a service called Calais, developed by Thomson Reuters, that can extract semantic terms from the Web pages that users are redirected to. This allows track the most popular topics being shared across the Web, as well as zero in on a specific category like finance or health care and retrieve the most popular Web sites shared on that subject in the last 24 hours. The company hopes that being able to track the “social distribution of information in real-time,” as Mr. Borthwick describes it, could potentially be relevant to the future of Web search. Although is not yet sure how to make money from all this data, “there’s a business model here,” Mr. Borthwick said. “We can smell it.” For all the convenience of short URLs, some Internet security experts worry that they could be used to camouflage spam and phishing attacks and redirect people to malicious Web sites. “People have no way to know where they’re going,” said Patrik Runald, chief security advisor at F-Secure Security Labs, a maker of security software. “These services are great and they serve a purpose, but at the same time, there is a darker side.” And if a shortening site shuts down, any links funneled through it would be lost forever, Mr. Runald said.

OWNED? LEGAL TERMS OF VIDEO HOSTING SERVICES COMPARED (Markus Weiland, 6 May 2009) - For the Air Canada article I was researching a video hosting service that would match my requirements of:
• Which rights of my work I would have to give away,
• What usage rights I could assign to my viewers,
• What level of privacy I could expect in terms of disclosure of my data, and
• Where a service had its legal residence in case of a dispute.
I’ve decided to collect and extend my findings in this post in the hope that it can help others in choosing their preferred video hosting service. A summary is provided at the end of this post, based on my understanding of the legal terms as a non-lawyer. All excerpts were made on April 25, 2009 unless otherwise stated. Emphasis and comments mine. [Referenced in Larry Lessig’s blog on 13 May 2009]

HHS GUIDANCE COULD SET ENCRYPTION STANDARD (Steptoe & Johnson’s E-Commerce Law Week, 7 May 2009) - New Department of Health and Human Services guidance on “render[ing] protected health information unusable, unreadable, or indecipherable to unauthorized individuals” could help establish a national standard for the use of encryption to protect sensitive information. As we previously reported, the guidance applies to two sets of notification requirements for breaches of electronic health records that were created by the American Recovery and Reinvestment Act of 2009. One set is administered by HHS (for entities covered by the Health Insurance Portability and Accountability Act, or HIPAA, and their business associates), while the other is administered by the Federal Trade Commission (for non-HIPAA entities). But both sets state that covered entities will not be required to notify individuals if the breached information was secured using “technologies and methodologies” specified in the HHS guidance. This guidance sets forth two approved methods of security -- encryption and destruction. This is in line with breach notification laws already in force in many states, which often provide safe harbor if the information that has been accessed has been encrypted or otherwise rendered unreadable. However, the HHS guidance goes further by limiting the encryption methods that may be used to claim safe harbor to specified “encryption processes” that have been tested and approved by the National Institute of Standards and Technology.

$12.6 MILLION SPENT SO FAR TO RESPOND TO HEARTLAND BREACH (SC Magazine, 8 May 2009) - The chief executive of Heartland Payment Systems said Thursday that the payment processor so far has spent $12.6 million in responding to the massive data breach that was announced in January. But additional fines, legal fees and the cost of repairing a reputation potentially tarnished by the break-in will cost Heartland millions more, experts told on Friday. More than half of the $12.6 million cost is related to a MasterCard fine levied against Heartland’s sponsor banks, Chairman and CEO Robert Carr said Thursday during a conference call announcing the company’s first-quarter earnings. The fine, which is passed by the sponsor banks to Heartland, was issued because MasterCard alleged that Heartland failed to take proper actions after it learned of a possible breach and after it disclosed the incident to the public, Carr said, according to a transcript of the call. Heartland already is defending itself against at least two lawsuits, including a suit filed in New Jersey that accuses Heartland of failing to protect consumer data. The processor also will face continued costs of retaining or gaining new merchant clientele, Spinney said. “If they want to regain the trust of their customers, that’s going to cost some money, not only in PR and marketing, but also in increasing their investment in security technologies, procedures and training,” Spinney said. To the technology point, Heartland is “on schedule” to deploy its end-to-end encryption solution, Carr said.

HACKERS WANT MILLIONS FOR DATA ON PRESCRIPTIONS (Washington Post, 8 May 2009) - The FBI and Virginia State Police are searching for hackers who demanded that the state pay them a $10 million ransom by Thursday for the return of millions of personal pharmaceutical records they say they stole from the state’s prescription drug database. “This was an intentional criminal act against the commonwealth by somebody who was trying to harm others,” Gov. Timothy M. Kaine (D) said. “There are breaches that happen by accident or glitches that you try to work out. It’s difficult to foil every criminal that may want to do something against you.” State officials say it is unclear whether the hackers were able to view the patient records, as they have claimed. If the theft is real, it would be the most serious cybercrime the state has faced in recent history. State officials learned April 30 that hackers had replaced the site’s home page with a ransom note demanding the payment in exchange for a password needed to retrieve the records, according to a posting on, an online clearinghouse for leaked documents. “For $10 million, I will gladly send along the password,” the ransom note read. “You have 7 days to decide. If by the end of 7 days, you decide not to pony up, I’ll go ahead and put this baby out on the market and accept the highest bid.” The program’s computer system has been shut down since last week’s breach, but all data were backed up and those files have been secured, Whitley Ryals said. Virginians are still able to get prescriptions filled. The data were backed up:

- and -

UC BERKELEY COMPUTERS HACKED, 160,000 AT RISK (CNET, 8 May 2009) - Hackers broke into the University of California at Berkeley’s health services center computer and potentially stole the personal information of more than 160,000 students, alumni, and others, the university announced Friday. At particular risk of identity theft are some 97,000 individuals whose Social Security numbers were accessed in the breach, but it’s still unclear whether hackers were able to match up those SSNs with individual names, Shelton Waggener, UCB’s chief technology officer, said in a press conference Friday afternoon. The attackers accessed a public Web site and then bypassed additional secured databases stored on the same server. In addition to SSNs, the databases contained health insurance information and non-treatment medical information, such as immunization records and names of doctors patients had seen. No medical records (i.e. patient diagnoses, treatments, and therapies) were taken, as they are stored in a separate system, emphasized Steve Lustig, associate vice chancellor for health and human services. “Their ID has not been stolen,” he added. “Some data has been stolen.” The server breach began on October 9, 2008, and continued through April 9, when a campus computer administrator doing routine maintenance discovered messages left by the attackers.

EC WANTS SOFTWARE MAKERS HELD LIABLE FOR CODE (ZDnet, 8 May2009) - Software companies could be held responsible for the security and efficacy of their products, if a new European Commission consumer protection proposal becomes law. Commissioners Viviane Reding and Meglena Kuneva have proposed that EU consumer protections for physical products be extended to software. The suggested change in the law is part of an EU action agenda put forward by the commissioners after identifying gaps in EU consumer protection rules. A priority area for possible EU action is “extending the principles of consumer protection rules to cover licensing agreements of products like software downloaded for virus protection, games or other licensed content”, according to the commissioners’ agenda. “Licensing should guarantee consumers the same basic rights as when they purchase a good: the right to get a product that works with fair commercial conditions.” EU consumer commissioner Kuneva said that more accountability for software makers, and for companies providing digital services, would lead to greater consumer choice.,1000000121,39649689,00.htm

A TWITTER CODE OF CONDUCT (Business Week, 8 May 2009) - During a recent tour of interactive ad agency Tocquigny’s Austin (Tex.) headquarters, Chief Executive Yvonne Tocquigny was confronted by her guest, an executive from a large energy company who was a potential client. The visitor had recently learned that Tocquigny was wooing one of his company’s competitors—by seeing a message that one of Tocquigny’s employees had posted to Twitter “It took me by surprise,” says Tocquigny. “I realized that we needed to be more cautious about what we throw out there in to the universe.” Twitter can be a great business tool. But as use of the Web site for 140-character messages spreads to workplaces around the world, companies are also discovering the risks. Now, instead of just worrying about a dubious blog post or an embarrassing photo of the boss being posted to Facebook, employers have to contend with staffers shooting off frequent blasts of personal insight into a public and traceable sphere. “The concept of [workers] posting inappropriate material that could be harmful has been around for a while, but Twitter accelerates the problem because of its immediacy and volume,” says Mark Rasch, a former head of the U.S. Justice Dept.’s computer crime unit who now consults with companies on creating policies to address employees’ use of technology. To prevent sensitive information leaks, blemishes on a reputation, and other potential liabilities of a Twittering workforce, companies are drafting new employee codes of conduct and educating workers about what they should and shouldn’t say on the site. The basic rule: Don’t be stupid.

LINDEN LABS GETS ZAPPED IN LAWSUIT BY TASER FOR HOSTING THE SALE OF “VIRTUAL GOODS” THAT LOOK LIKE THE REAL THING (Cobalt Law, 11 May 2009) - Linden Labs, the host of the immensely popular site Second Life, an online virtual world, has been sued in an Arizona district court for trademark infringement and unfair competition. The complaint, filed by Taser International, makers of non-lethal (and sometimes lethal) weapons, claims Linden Labs allows third parties to sell TASER guns inside the virtual world. Just so we’re clear, no one on Second Life is actively selling real TASER guns; rather Taser is suing Linden (who doesn’t sell anything), for letting people sell virtual (digitally created) guns that look like TASER weapons, and that use the TASER brand. The suit also alleges unfair competition, trade dress infringement, and false designation of origin, among other claims. It’s not the first time a company has sued Linden; neither is it the first time a company has sued a hosting site for trademark infringement by third parties (think: Google). It may, however, be the first time a company has sued another company for hosting a site where third parties selling products that aren’t even real. Is it time for a Digital Millennium Trademark Act? Practice Note: Notwithstanding the fact that there is no DMTMA, companies may want to consider adopting a policy that allows them to stay an arms length away from disputes between users when it comes to trademarks. It’s not a fail-safe method of safe harbor protection, but it may make would-be plaintiffs feel they have an option short of filing a lawsuit, for getting hard-to-find users to stop using their marks.”virtual-goods”-that-look-like-the-real-thing

FLICKR CREATES NEW LICENSE FOR WHITE HOUSE PHOTOS (Wired, 11 May 2009) - Official White House photos are now officially in the public domain, thanks to a licensing change made quietly over the weekend by the Obama administration and the photo-sharing site Flickr. The White House began posting striking photos of President Barack Obama from its official photographer Pete Souza to the Web 2.0 site in early May. The White House chose to license them using the ultra-liberal Creative Commons Attribution license that lets people reuse, reprint and remix the photos just as long as they credit the original photographers. But as Creative Commons, the Electronic Frontier Foundation and other online commenters noted, that license won’t work — even for Obama’s official photographer — because government works can’t be copyright. Someone must have been listening, because sometime over the weekend, the licenses changed, and now the photos are labeled “United States Government Work” and link to an explanation on The White House, however, continues to use the Creative Commons Attribution 3.0 license for all third-party content published on the site. The change marks a first for Flickr, which to date has not had a license for government works, other than a “No Known Copyright Restriction” license that is used on photos from its Commons project, which includes photos from some of the world’s greatest museums and libraries. Those photos include ones from the Library of Congress, for instance, that never were copyright since they were made or paid for by the federal government. and

DELL BANS E-WASTE EXPORT TO DEVELOPING COUNTRIES (, 12 May 2009) - PC maker Dell on Tuesday formally banned the export of broken computers, monitors and parts to developing countries amid complaints that lax enforcement of environmental and worker-safety regulations have allowed an informal and often hazardous electronic-waste recycling industry to emerge. Although Dell’s announcement does not mark a significant change in the PC maker’s behavior, environmental groups hope that by making its standards public, Dell will raise the bar for other electronics makers. In the absence of U.S. regulations, those groups are banking on competitive pressure to make companies improve their e-waste practices. Environmental groups like Greenpeace and the Basel Action Network have tracked shipments of e-waste intended for recycling to countries such as China, Ghana and Nigeria and found computers, TVs and other electronics being dismantled by smashing or burning, exposing people to mercury, lead and other toxic chemicals. No one knows exactly how much of the electronics turned over to recyclers ends up in such conditions, but Greenpeace and others say it could be 50 percent to 80 percent of the items collected in the U.S. for recycling. That’s despite broad acceptance of the Basel Convention, an international treaty that controls the movement of hazardous waste across borders. The U.S. has yet to ratify the Basel Convention.

GOOGLE UNVEILS NEW SEARCH PRODUCTS (PC Magazine, 12 May 2009) - Days before the planned launch of the Wolfram Alpha search engine, Google on Tuesday announced a series of new search products intended to provide more relevant results. The new offerings include Google Search Options, Google Squared, Rich Snippets, and an astrology-related Android app. Google Search Options is a “rich set of tools that let you slice and dice your results,” Marissa Mayer, vice president of search products and user experience, said during a presentation at Google’s Mountain View headquarters. Specifically, once you conduct a normal Web search, you can drill down with different genres, including elements of time, visualization tools, recently added, blogs, or images, combining a variety of Google search products into one. The idea is to combine relevancy and “recentcy”, she said. Doing a normal search for “shuttle launch” could turn up results from any number of shuttle launches in countries around the world. Using Search Options, you can choose to search Web sites or blogs that were updated in the past 24 hours or week, increasing the chance that it will include results pertinent to this week’s launch. Choosing “images from the page”, meanwhile, will display pictures pulled from the site alongside search results. During the demo, Mayer and her team also searched for “solar oven” to demonstrate another feature of Search Options, dubbed sentiment analysis. If you are searching for reviews of solar ovens, for example, the program will try to determine if a particular review is positive, negative, or neutral and display that in the search results. Search Options also includes a timeline that displays the popularity of the topic searched over time. Search Options also includes a feature known as the Wonder Wheel. The term “solar oven” would be displayed in the middle of this wheel, with related searches branching out from it in a circle. In the same way that you might weave your way from a Wikipedia page on Google to a page about tropical fish thanks to the hundreds of links within Wikipedia posts, you can click on the various Wonder Wheel “arms” and crawl into a nice little search wormhole. Next up was Google Squared, a Labs project set to debut later this month. It is similar to Search Options in that you can drill down your search results, but Squared lets you add or delete results to produce the most useful “square” of information that you can save to your Google account and refer back to later. [To invoke, click “Show Options” at top-left of a search results page]

UP TO 24 PERCENT OF SOFTWARE PURCHASES NOW OPEN SOURCE (CNET, 12 May 2009) - Open source has become big business, suggests an article in the Investors Business Daily, but it has done so by becoming more like the proprietary-software world it purports to leave behind. The article cites recent research from IDC indicating that CIOs allocated up to 24 percent of their budgets to open-source software in 2008, up from 10 percent in 2007--a finding that jibes with recent data from Forrester. This open-source growth is propelling Red Hat to grow “at two to three times the rate of the broader software industry over a multiyear horizon,” according to research from Piper Jaffray.

GOOGLE RE-SHOOTS JAPAN SCENES AFTER PRIVACY COMPLAINTS (Globe & Mail, 13 May 2009) - Internet search engine Google said it would re-shoot all Japanese pictures for its online photo map service, Street View, using lower camera angles after complaints about invasion of privacy. Google’s Street View, which offers 360-degree views of streets around the world using photos taken by cruising Google vehicles, has already run into privacy complaints in other countries and activists have tried to halt the service in Japan. Google said in a statement today it would lower the cameras on its cars by 40 cm after complaints they were capturing images over fences in private homes. But it said it would continue filming in Japan, where it has so far covered 12 cities. Google said it has also blurred car number plates in the pictures, as it has done in Europe, but the new steps did not convince Japanese campaigners. Britain’s privacy watchdog has rejected calls to shut Street View down there, where concerns have ranged from images such as someone throwing up outside a pub to media reports that a woman filed for divorce after her husband’s car was pictured outside another woman’s house.

FINANCIAL INDUSTRY REGULATOR FINES FIRM FOR DATA SECURITY FAILINGS (Steptoe & Johnson’s E-Commerce Law Week, 14 May 2009) - As if financial institutions don’t have enough to worry about these days, now they’ve got another regulator interested in enforcing its own notions of adequate data security practices. The Financial Industry Regulatory Authority (FINRA) recently announced that it has fined Centaurus Financial, Inc., $175,000 for failing to protect confidential customer information. FINRA is a non-governmental entity thata regulates securities firms doing business in the United States . It was established pursuant to the Securities Exchange Act of 1934, which gives FINRA the authority as a “self-regulatory organization” to sanction firms and individuals that violate its rules. FINRA found that Centaurus’ “improperly configured … firewall” and “ineffective username and password” systems allowed unauthorized persons to gain access to a server that “stored images of faxes that included confidential customer information, such as social security numbers, account numbers, dates of birth and other sensitive, personal and confidential data.” The hackers then commandeered the Centaurus server and used it to host a phishing scam. FINRA also found that Centaurus’ investigation into the breach was “inadequate,” and concluded that the breach notification letter that Centaurus sent to affected customers was “misleading.” FINRA announcement:

FTC DROPS ANTITRUST CLAIM AGAINST RAMBUS (, 14 Amy 2009) - The Federal Trade Commission has dropped its antitrust action against Rambus following the U.S. Supreme Court’s decision earlier this year not to review the agency’s 2006 claim that the Los Altos company had acted deceptively to obtain patents for its memory-chip technology. The FTC had contended that Rambus, whose technology improves the performance of computer memory chips, had acted to monopolize the market by failing to disclose that it was patenting technology adopted as an industry standard by the Joint Electron Device Engineering Council. That is a big victory for Rambus because the claim that it had acted anti-competitively is one of the major defenses that chip makers Hynix Semiconductor, Micron Technology, Nanya Technology and Samsung have used in battling Rambus’ ongoing patent claims against them.

NEW IPHONE APP HELPS YOU KEEP TABS ON POLITICIANS’ VOTING RECORDS (NY Daily News, 14 May 2009) - A brand new application - called Visible Vote, made for iPhone, Blackberry and Facebook - allows users to track their representatives’ voting records, find out where they stand on the issues - and even send an e-mail to let them know exactly how they’re doing. Here’s how the app works: After downloading Visible Vote, the app will ask you to enter your e-mail address, state and zip code (no GPS support in version 1.0, apparently). It will then retrieve your local Senators and Representatives and a list of issues they’ve voted on recently. For each issue - everything from taxing AIG bonuses to alternative energy incentives - the app provides more detail and then asks for YOUR vote - Yes, No, or Don’t Care. It then takes your stance and compares it to the members of Congress - showing you how much their votes match with your interests. Don’t like the results? Wanna praise your favorite politician for sticking to his or her guns? The app lets you write them directly, with a simple interface that allows you to e-mail any combination of your Senators or Representatives - from one at a time to all at once. The app also promises to provide elected officials with weekly reports on how users are voting - and to send users an overview of the candidates when the next election rolls around.

- and -

A MILLION DOWNLOADS: FREE STANFORD COURSE ON CREATING IPHONE APPS TAKES OFF AT A FURIOUS PACE (Stanford, 20 May 2009) - Free videos of Stanford’s wildly popular course on creating applications for the iPhone and iPod touch have now been downloaded a remarkable million times from Stanford’s site on iTunes U in the iTunes Store. And all of the million downloads have come in just seven weeks, since the course began on April 1. The way the downloads have taken off like a rocket makes the iPhone Application Programming videos the fastest to reach the 1 million milestone in the history of iTunes U, which hosts offerings from hundreds of colleges and universities around the world.

GM STAKES VIRTUAL PROPERTY IN CASE OF BANKRUPTCY (Reuters, 15 May 2009) - General Motors has quietly roped off a bit of virtual real estate with an address similar to one used by Chrysler, that could serve as an information clearinghouse if GM seeks bankruptcy protection. GM registered and in early April. Chrysler LLC filed for bankruptcy last month and Epiq Systems Inc, a claims agent that processes court documents for the company’s bankruptcy case, registered and set up for free access to certain court documents and details in that case. Other large cases with public dockets include, also registered by Epiq, and, registered by Kurtzman Carson Consultants, according to domain registry information from Network Solutions. GM has not put any information on the sites. Others have scooped up sites related to automakers. has been registered since 2005 by Jon Jerman of Hackensack, New Jersey, and was registered to an Italian address last week.

FOURTH CIRCUIT LIMITS SCA STATUTORY DAMAGES (Wiley Rein, 15 May 2009) - The Stored Communications Act (SCA) authorizes criminal and private civil actions against a person who “intentionally accesses without authorization a facility through which an electronic communications service is provided” and obtains “access to a wire or electronic communication while it is in electronic storage.” 18 U.S.C. § 2701(a). This offense encompasses intentionally accessing other people’s stored email without permission. On March 18, the Fourth Circuit announced a potentially important decision construing the SCA’s civil remedies. Van Alstyne v. Electronic Scriptorium, Ltd., 2009 WL 692512; 2009 U.S. App. Lexis 5548, although it oddly designated the case as non-precedential. Rejecting broader interpretations previously applied by several U.S. District Courts, the Fourth Circuit panel held that statutory damages may be awarded only where a plaintiff has suffered “actual damages.” Thus, statutory damages may not be awarded when the plaintiff does not allege or does not prove that he or she suffered actual damages from the violation. This ruling could limit the amount of civil litigation under the SCA, but additional judicial analysis of the SCA’s punitive damages remedy, in light of the Fourth Circuit’s construction of it, will be needed before the picture becomes clear.

CRACKHO.COM DNS PRANK RUFFLES SARAH PALIN’S FEATHERS (Ars Technica, 15 May 2009) - A simple DNS prank against former GOP VP nominee and current Alaska Governor Sarah Palin has finally come to the attention of Alaskan authorities, resulting in a cease-and-desist order as well as somewhat misdirected copyright claims. The owner of the site in question has caved to legal pressure, although one has to admit that the whole series of events was worth a chuckle. Houston-based DJ Shu Latif registered ages ago (according to a Whois search, 1998), but decided to give the site a fresh face in 2008 after Governor Palin was chosen as the Republican Vice President nominee. She changed the DNS settings so that all traffic to would go directly to Sarah Palin’s official website. The change apparently flew under the radar until earlier this month, when Alaska’s Attorney General Michael Barnhill sent a letter to Latif demanding that she knock it off. Clearly, Barnhill and gang have no real understanding of DNS and URL redirects in general, because the letter asserts that made illegal use of the official seal of the State of Alaska without permission, and that Latif was in violation of the federal Copyright Act. Nevermind that the seal was on Palin’s own site. Latif must have been feeling especially kind, because she has since changed so that it does not redirect to the governor’s website. Instead, she merely uses an illustration of Palin and a link to the site instead. However, we can’t help but wonder what would happen if she chose to push back—she wasn’t misusing any copyrighted images or even hosting anything herself, though it’s possible that Palin’s lawyers might argue that she somehow “misrepresented” the site and its trademarks by directing traffic through The AG’s demand letter is here:

- and -

SIX SIMPLE STEPS YOU CAN TAKE TO PROTECT YOUR GRIPE OR PARODY SITE (EFF, 15 May 2009) - Here’s a story we hear a lot at EFF: You think BadCo, Inc. is a bad actor and you’ve developed a really cool site to tell the world why. Maybe just by griping about them or maybe through a bit of parody. Fast forward two weeks: you’re basking in the pleasure of calling BadCo out when bam! You find out your site’s been shut down. You call your internet service provider to find out what’s going on. After way too much time climbing phone trees and sitting on hold you get an answer—Badco has claimed that your site violates its intellectual property rights. All too often, the targets of critics and parodists try to strike back with accusations of copyright or trademark infringement. While such accusations may be something of a badge of honor--after all, at the very least, it means you’ve got your target’s attention--they can also be frustrating and intimidating. And, if you rely on a service provider with little interest in protecting free speech, allegations of infringement can result in your site being shut down with little or no warning. Fortunately, there are several steps you can take to either preempt or significantly dilute gripes about your gripe (or parody) site. We lay out those steps in a new white-paper, Avoiding Gripes About Your Gripe (or Parody) Site. To be clear, you don’t have to follow any of these suggestions to have a perfectly legal site, and following them won’t guarantee you won’t get complaints. But taking these steps should help minimize your legal risk, so you can focus on the primary task of raising public awareness about the issues that are important to you. And if you get hit with improper legal threats anyway? Well, you know where to find us. Guide here:

GOOGLE LIBERALIZES US TRADEMARK POLICY: “WHAT, ME WORRY?” PART 2 (Eric Goldman, 15 May 2009) - In my Deregulating Relevancy article from a few years ago, I explained how trademark law was having pernicious consequences for online conversations. Among other unwanted effects, trademark law hinders online discussions about trademarks even when both conversationalists found the discussion relevant. I don’t think things have gotten better since I wrote the article in 2005. Perhaps we have a better understanding of trademark law’s capacity for harm, but we continue to see misguided lawsuits from trademark owners and mixed results from judges. While the courts do not automatically support online trademark-mediated discourse, the bigger practical threat to online trademark law comes from extrajudicial privately enforced trademark policies, such as the search engines’ “voluntarily” adopted trademark policies. These policies minimize search engines’ exposure to trademark liability for their ad sales, but they effectively resolve a huge percentage of trademark owners’ “problems,” almost always in the trademark owner’s favor, without any judicial oversight at all. Thus, I was delighted to see Google’s announcement that it was liberalizing its trademark policy to allow a group of “special” advertisers to reference third party trademarks in the advertisers’ ad copy, even if the trademark owner objects. See Google’s official announcement. The “special advertisers” includes resellers, review sites, and sellers of compatible/complementary/replacement products. In practice, this means that these advertisers and consumers can now use the same trademark to speak with each other. In contrast, today, the advertiser can purchase the trademark as the triggering keyword but can’t use the trademark to explain why the consumer was seeing the ad. Personally, I had always thought the “blind” nature of the ad copy had the potential to confuse consumers, and Google has taken a big step forward in solving that apparent problem. Having said that, I wish Google had gone further. There are two obvious groups of advertisers who should be able to reference the trademark in the ad copy but still will not be able to do so: (1) competitors making comparative claims, and (2) gripers who wish to complain about a trademark owner’s practices. These two advertiser groups can still buy third party trademarks, but they will still be forced to speak in code in the ad copy to explain why they did so. Nevertheless, we shouldn’t let these omissions detract from what is otherwise very good news from Google.

OLYMPIC BLOGS GET GO-AHEAD FOR VANCOUVER (Sports Journalists Assn, 19 May 2009) - The International Olympic Committee has issued a four-page guide to competitors which acknowledges the realities of 21st century communications by allowing “athletes’ blogs” at the 2010 Vancouver Winter Games, in a move which could make athlete-authored columns much easier to arrange for newspaper websites than at previous Olympics. The new guidelines will be scrutinised closely during the Winter Olympics, and are sure to form the basis for the rules to be applied at the 2012 London Games. “The IOC considers blogging, in accordance with these guidelines, as a legitimate form of personal expression and not as a form of journalism,” the new guidelines say. According to a report on the subscription website, those who break the rules could lose their Olympic accreditation cards and may face legal action for damages. The restrictions were approved by the IOC’s Executive Board earlier this year. They will come into effect with the opening of the Vancouver Olympic Village next February. The guidelines are the latest development in IOC rules which have had to evolve rapidly, reflecting the growing appetite for first-hand accounts from Olympic competitors, and they mark a sea-change from the rules issued from Lausanne ahead of the 2000 Sydney Olympics, where athletes were banned from blogging altogether.

SAFETY ACT OFFERS BOTH LIABILITY PROTECTION AND LIABILITY AVOIDANCE FOR COMPANIES, DIRECTORS AND OFFICERS, AND PRESERVATION OF STOCKHOLDERS’ VALUE (Duane Morris Client Alert, 19 May 2009) - Although the SAFETY Act1 can cap a company’s liability exposure at a predetermined amount of insurance, and even eliminate a company’s liability exposure altogether, “it remains one of the most underreported and underutilized”2 risk management and litigation management tools for companies in any industry that uses security products, services, software, shopping center security guards, professional security certification programs, assessments and emergency response plans. Passed in response to the massive liability encountered in lawsuits stemming from September 11, 2001,3 as well as those lawsuits that held the Port Authority of New York and New Jersey liable for the 1993 World Trade Center attacks,4 the SAFETY Act provides two classifications designed to incentivize companies to develop and deploy anti-terrorism products and services by limiting or eliminating liability should an act of terrorism occur involving those products and services. By submitting an application to the U.S. Department of Homeland Security (DHS), a company’s products, services, threat-assessment best-practices, threat response plans and control center operations, among others, can gain “designation.” A designation of “Qualified Anti-Terrorism Technology” provides a company the following significant benefits:
• No punitive damage exposure;
• Claims against the seller are capped at an amount no greater than the limits of liability insurance coverage required to be maintained by the seller through DHS;
• Exclusive federal court jurisdiction;
• Plaintiff’s recovery is reduced by amounts from collateral sources; and
• No joint and several liability for noneconomic damages.
• A company may obtain additional protections by simultaneously seeking the second classification of DHS “certification.”

TRACK BUSINESS EXECUTIVES’ TWEETS WITH EXECTWEETS (CNET, 19 May 2009) - Are you trying to climb the corporate ladder? Hard work helps, but it couldn’t hurt to have some insight from those who have reached the top. ExecTweets for iPhone aggregates the Twitter feeds of nearly 100 top executives. Those execs include top brass from companies such as Best Buy, Digg, Microsoft, and Zappos. Following them nets you nuggets of business wisdom, links to stories they consider important, random thoughts (this is Twitter, after all), and even notable quotables (not sure why, but execs are really into quoting). The application makes it a snap to browse the tweets, with separate views for All, Featured, and Most Popular. You can also peruse “hot topics” (which lets you sort by selected keywords) and browse broad categories like government, health care, and technology.;title

WHO OWNS YOUR NAME ON TWITTER? (Wall Street Journal, 19 May 2009) - Social networks can be friendly places, but they are not democracies. Nor are they free markets. They are authoritarian regimes with whimsical and arbitrary rules. Nowhere is this fact more evident than in the doling out of domain names. On the Web, domain names are available for sale on a first-come, first-serve basis. If someone else buys your name first, you can try to buy it from them. If you’ve trademarked a name, you can fight for the name in the Internet Corporation for Assigned Names and Numbers’ domain-name court system. This makes sense: money and the law are acceptable remedies in our capitalist democracy. But social media domain names – such as – are a whole different ballgame. They can be doled out arbitrarily. Even if you get a name first on a social network, you are not allowed to sell it and it can be reclaimed by the social network at any time. Legal remedies for dealing with imposters or trademark issues range from murky to nonexistent. Since domain names are free on social media sites, it makes sense to grab yours quickly, even if you don’t plan to use it immediately. Many sites dole out domain names on a first-come, first-serve basis. The most democratic is LinkedIn, which hands out “vanity URLs,” such as, to the first person who asks for it. As long as the URL is really your name, you can keep it. Even celebrities can’t jump the line at LinkedIn. During the presidential campaign, Sen. John McCain wanted his LinkedIn URL but it was already taken by another person named John McCain – so the senator was out of luck, according to LinkedIn spokeswoman Kay Luo. MySpace and Twitter are similarly democratic in doling out names – but they offer few assurances about preventing celebrities from cutting in line. Twitter reserves the right to reclaim names that are trademarked or are “non-parody impersonations.” MySpace generally honors the first person to claim a name – but reserves the right to reclaim URLs on behalf of advertisers or celebrities with just 72 hours notice.

- and -

NEWT GINGRICH’S LAWYER DISPLAYS IGNORANCE OF BOTH TWITTER AND THE LAW IN SENDING C&D (TechDirt, 20 May 2009) - It really was just a few weeks ago that we were told that lawyers knew better than to send a clueless cease-and-desist letter... and then we get this story. Apparently a group that is in favor of a certain law that Newt Gingrich opposes sent out a Twitter message that included the @newtgingrich username to stir up some interest in a petition they were working on. This is part of how you use Twitter to communicate with others and get attention from certain people. But apparently Gingrich’s lawyer was upset that Gingrich’s name was being “used” in a message in favor of a law Gingrich opposes, and sent a ridiculously bad cease-and-desist letter that the folks at the Citizen Media Law Project dubbed: “How to Make Your Client Look Bad, in Three Easy Steps.” First, the lawyer clearly didn’t understand Twitter and how it works since using @newtgingrich is the equivalent of sending a public letter “Dear Newt Gingrich” -- which certainly wouldn’t be an abuse of his name. Second, the lawyer not only didn’t understand Section 230, but insisted that Tucows, the registrar behind the site that hosted the petition (and also republished the tweet) was somehow responsible for the content of the Twitter message: “continued display of the offending tweet ‘can expose any and all involved parties (including Twitter, and/or TuCows) to substantial ongoing, and even personal liability.’” Of course, that’s not even close to true. Then, on top of that, the lawyer basically tried to throw in claims on every law he could think up: “trademark infringement, violation of Gingrich’s and Anuzis’ publicity rights, false advertising, false designation of origin, tortious interference with prospective economic advantage and contractual relations, common law and computer trespass (could Twitter trespass upon its own computer?), conversion, traditional fraud and wire fraud, breach of contract (i.e., Twitter’s terms of service), violation of the Computer Fraud and Abuse Act, and even RICO violations.” C&D letter here:

UMICH FIRST TO SIGN UP UNDER GOOGLE BOOKS SETTLEMENT TERMS (CNET, 20 May 2009) - The University of Michigan has signed up as the first library to participate in Google’s book-scanning project under the terms of Google’s proposed settlement with library groups. Google and UM have been working together since 2004 on digitizing the university’s library collection, but the Google Book Search settlement would allow Michigan to offer its books online as part of a subscription, or in some cases for free. The settlement has drawn reported attention from the government as well as library groups worried over the costs associated with access to such a large digital library amassed by a single company. In exchange for participating in the project, however, Google plans to subsidize the cost of the university’s subscription to the digital library. Michigan was also able to negotiate the right for future participants to review the cost of the institutional subscriptions from time to time. “If they determine that prices are too high, University of Michigan and other participating libraries who sign these collective terms can challenge the prices through arbitration, and Google will be required to work with the (Book Rights) Registry to adjust the pricing accordingly,” the university said on its Web site. Authors have until September to decide if they want to opt out of the settlement and withhold their works from the digital library. The settlement would have Google install a free public terminal in libraries around the country for access to digital copies of public domain works, copyright works that Google is authorized to reproduce, and out-of-print titles. Other libraries would then be offered a subscription to the digital library for their own patrons.

IT MANAGERS UNDER PRESSURE TO WEAKEN WEB SECURITY POLICY (Search Security, 20 May 2009) - IT professionals are under pressure from upper level executives to open the floodgates to the latest Web-based platforms, relaxing Web security policy, according to a new survey of 1,300 IT managers. Nearly all those surveyed said they allow access to some Web-based services, such as webmail, mashups and wikis. But more employees are turning to online collaboration platforms; some are turning to Google Apps, which are integrated with Google’s Gmail platform, and others are turning to popular social networking sites, such as Twitter and Facebook. Some users are bypassing Web security policy to access the services, according to 47% of those surveyed. Pressure to relax Web security policy is increasing as well. The survey found that 86% of IT managers reported feeling pressure to allow more access to social networking websites, online collaboration tools and other cloud-based technologies. The pressure is coming from multiple sources, including C-level executives, marketing departments and sales. Despite the pressures, 80% are confident in their organizations Web security practices. However, the survey found many organizations lack Web application firewalls and other tools for defending against Web-based attacks. Sixty-eight percent said they lacked the ability to conduct real-time analysis of Web content to prevent data leakage, nearly 60% lacked the ability to prevent URL redirects and more than half had no tools to detect embedded malicious code on trusted websites.,289142,sid14_gci1356896,00.html#

FTC REACHES DATA SECURITY SETTLEMENT WITH MORTGAGE COMPANY (Steptoe & Johnson’s E-Commerce Law Week, 21 May 2009) - The Federal Trade Commission has reached another settlement with a company that allegedly failed to provide “reasonable” security for personal information. In an agreement announced in early May, home mortgage firm James B. Nutter & Company (JBN) agreed to establish and maintain “a comprehensive information security program” and submit to ten years of biennial assessments of its data security in order to settle charges that its lax data security practices had violated the Privacy and Safeguards Rules promulgated under the Gramm-Leach-Bliley Act. Among other things, the FTC’s complaint stressed JBN’s storage of personal information “in clear readable text,” suggesting once again that encrypting can help a company avoid the long arm of the FTC’s data security cops.

BLOGGERS, BEWARE: WHAT YOU WRITE CAN GET YOU SUED (Wall Street Journal, 21 May 2009) - Be careful what you post online. You could get sued. In March 2008, Shellee Hale of Bellevue, Wash., posted in several online forums about a hacker attack on a company that makes software used to track sales for adult-entertainment Web sites. She claimed that the personal information of the sites’ customers was compromised. About three months later, the software company -- which contends that no consumer data were compromised -- sued Ms. Hale in state court in New Jersey, accusing her of embarking “on a campaign to defame and malign the plaintiffs” in chat-room posts. In her legal response, Ms. Hale, 46 years old, claims she is covered by so-called shield laws that protect reporters from suits, because she was acting as a journalist and was investigating the hacker attack while researching a story on adult-oriented spam. Bloggers are increasingly getting sued or threatened with legal action for everything from defamation to invasion of privacy to copyright infringement. In 2007 -- the most recent data available -- 106 civil lawsuits against bloggers and others in social networks and online forums were tallied by the Citizen Media Law Project at the Berkman Center for Internet & Society at Harvard University, up from just 12 in 2003. There have been about $17.4 million in trial awards against bloggers to date, according to the Media Law Resource Center in New York, a nonprofit clearinghouse that tracks free-speech cases. Many lawsuits are thrown out of court or settled before trial, but not before causing headaches for the accused. Though the likelihood of a plaintiff winning a lawsuit is not high, “you could go bankrupt” just from defending against them, says Miriam Wugmeister, a partner at Morrison & Foerster LLP and a privacy and data-security law expert. The number of blogger lawsuits is likely to keep rising as the number of people who post online continues to grow, says Sandra Baron, executive director of the Media Law Resource Center and a media-law attorney. Social-networking sites such as LinkedIn, Facebook and MySpace -- which is owned by News Corp., the parent company of The Wall Street Journal -- and microblogging services like Twitter are making it easy for impetuous remarks to reach thousands of users in a matter of minutes. In March, fashion designer Dawn Simorangkir sued rocker Courtney Love for libel in Los Angeles Superior Court, accusing Ms. Love of posting disparaging remarks about the designer on Twitter and MySpace.

RICHARD SUSSKIND ON “THE END OF LAWYERS?” (Berkman Center, 22 April 2009) - Richard Susskind, author of The End of Lawyers? Rethinking the Nature of Legal Services predicts that the legal profession will be driven by two forces in the coming decade: by a market pull towards the commoditization of legal services, and by the pervasive development and uptake of new and disruptive legal technologies. But this could result in quite different law jobs emerging which may be highly rewarding, even if very different from those of today. 2 STARS.**** RESOURCES ****
Two 2006 ethics opinions essentially laying the ground work for lawyers’ use of “cloud” storage tools… NJ: NV:

FREE EBOOK: ‘IDENTITY IN THE AGE OF CLOUD COMPUTING’ (Aspen Institute, 8 May 2009) – The next-generation Internet’s impact on business, governance and social interaction (image above), 110 pages, May 2009: a look at the next-generation Internet and how it will impact all facets of society.

PROMOTING PRIVACY AND FREE SPEECH IS GOOD BUSINESS (ACLU, May 2009) - This Guide will help you make smart, proactive decisions about privacy and free speech so you can protect your customers’ rights while bolstering the bottom line. Failing to take privacy and free speech into proper account can easily lead to negative press, government investigations and fines, costly lawsuits, and loss of customers and business partners. By making privacy and free speech a priority when developing a new product or business plan, your company can save time and money while enhancing its reputation and building customer loyalty and trust.’s_good_for_business.pdf

PRIVACY GROUP SUES NSA OVER SPY NET (ZDNet -- 4 December 1999) -- Americans could learn more about the degree to which the secretive National Security Agency -- the government body charged with cracking codes and protecting critical information -- has been spying on U.S. citizens, if a suit filed on Friday by the Electronics Privacy Information Center garners results. “The charter of the National Security Agency does not authorize domestic intelligence gathering,” said Marc Rotenberg, director of EPIC, in a statement on Friday. “Yet we have reason to believe that the NSA is engaged in the indiscriminate acquisition and interception of domestic communications taking place all over the Internet.” The questions arose from reports to the European Union last year that the United Kingdom and Australia, among other countries, had cooperated with the United States to collect electronic communications across national borders. In the report, the spy network was dubbed “Echelon.” “We are concerned less with Echelon in particular and more with the NSA’s eavesdropping practices in particular,” said David Sobel, general counsel for EPIC. ‘Interesting questions’ On Friday, EPIC filed a suit in federal court to free up documents regarding the legal justification for any surveillance that NSA had performed regarding U.S. citizens. These same documents were requested earlier this year by the House Intelligence Subcommittee, but the NSA refused to provide them.

************** NOTES **********************
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley ( with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
6. Crypto-Gram,
7. McGuire Wood’s Technology & Business Articles of Note,
8. Steptoe & Johnson’s E-Commerce Law Week,
9. Eric Goldman’s Technology and Marketing Law Blog,
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: