Saturday, August 15, 2009

MIRLN --- 26 July – 15 August 2009 (v12.11)

• NYT Co.’s Top Lawyer Doubts that Aggregation is a Copyright Issue
• Will Bloggers be at Risk in AP Content Crackdown?
• 15 Top Privacy Policies, Analyzed
• Expert: iPhone 3GS Crypto is Easily Crackable
• Great .GOV Web Sites
• Study: Who’s On Which Social Nets
• Eleven-Word Snippets can Infringe Copyright, Rules ECJ
• Monitoring Employees’ Personal Emails? Not So Fast, Says New Jersey Court
• Finding Accurate Law Text Online Nearly Impossible, Panelists Say
• Serendipity, Lost in the Digital Deluge
• NIST Releases ‘Historic’ Final Version of Special Publication 800-53
o NIST Lab Director Tackles Cybersecurity, Cloud Computing
• Legal Ethics of Facebook, Twitter & Cloud Computing
o Facebooking Judge Catches Lawyer in Lie, Sees Ethical Breaches
o Study Reveals High Levels of Twitter Use at Conferences
o UK Government Advice Urges Tweeting
o NSO to Try Beethoven’s Tweet Suite
o The N.F.L. Has Identified the Enemy and it is Twitter
o DOD Rethinking Social-Media Access
• Data Security Breach Notification Law Update
• Heartland Says Breach has Cost it $32 Million this Year
• Cyber Attackers Empty Business Accounts in Minute
• Publicis Groupe to Buy Microsoft’s Razorfish
• Bank Will Allow Customers to Deposit Checks by iPhone
• Care to Write Army Doctrine? With ID, Log On


**** NEWS ****
NYT CO.’S TOP LAWYER DOUBTS THAT AGGREGATION IS A COPYRIGHT ISSUE (Nieman Journalism Lab, 22 July 2009) - It’s been four months since Josh predicted that a news organization would sue The Huffington Post for copyright violation over its aggregation of headlines, ledes, and article summaries. The interim has been marked by saber-rattling, settlements, and dubious proposals for changes to federal law. But I’m still hoping to see that lawsuit — not because I think The Huffington Post is necessarily in the wrong but because a major case of that sort could begin to clarify the increasingly muddled issues of copyright on the Internet. For instance, how do you apply a 91-year-old legal doctrine known as “hot news” to a website that never heard of news that isn’t sizzling? Well, I’m no copyright lawyer, but UCLA professor Doug Lichtman is, and he just released a wonderful, hourlong podcast on what intellectual property means in the context of news reporting. Most of the program focuses on the dueling lawsuits over Shepard Fairey’s use of an Associated Press photograph in his iconic Obama “Hope” poster. Lichtman interviews lawyers from both sides and offers a more thoughtful discussion of the case than I’ve seen anywhere else. But my interest was really piqued by his chat with The New York Times Co.’s general counsel, Ken Richieri, who considers whether news aggregators are protected by “fair use,” the legal standard that permits reproduction of copyrighted material under guidelines that, as Richieri says, “work a lot better in the analog world than they do in a digital world.”

- and -

WILL BLOGGERS BE AT RISK IN AP CONTENT CRACKDOWN? (ABA Journal, 24 July 2009) - The Associated Press plans to add software to its articles to track how they are used online. The aim is for those who use AP articles to pay for them, AP president and chief executive Tom Curley told the New York Times. AP maintains that just publishing an article headline and a link requires a licensing agreement, the story says. The Times notes that headlines and links are often used by search engines like Google, news aggregators and blogs. Google has argued in the past that its use of AP articles is protected by the doctrine of fair use, according to the blog Today @ PC World. But Curley apparently expects payment. “If someone can build multibillion-dollar businesses out of keywords, we can build multihundred-million businesses out of headlines, and we’re going to do that,” he told the Times. Today @ PC World questions whether bloggers will be targeted. Jane Seagrave, senior vice president for global product development at AP, told Information Week that the intent was to deter those who engage in large-scale copying of AP content rather than bloggers who use too many paragraphs from an AP story. “It’s not aimed at people who use part of stories periodically,” Seagrave told Information Week. “It’s aimed at being affirmative about how we allow our content to be used.”

15 TOP PRIVACY POLICIES, ANALYZED (ReadWriteWeb, 23 July 2009) - We all know no one reads privacy policies. What do the top websites really include in them? In its mission to get anonymous public data, The Common Data Project a New York City-based non-profit, is on a mission to eliminate the barriers that privacy policies pose. In a new report, they analyzed ten of the most popular Web properties on the Internet, and several more emerging ones. Here’s how what they put in their policies affects your privacy, and how other enterprises can imitate their best practices. Regardless of any similarities or differences within policies, one thing is absolutely clear: tons of data is being collected about you, though some of it may already be incidental enough to be private (such as the popularity of search terms). Privacy is certainly not an issue limited to the Web, but it facilitates the nearly limitless ability to gather data by the boatload. The question at this point isn’t if companies will acquire your data. It’s what they’ll do with it. The 15 privacy policies studied encompasses both some of the biggest online portals and retailers, non-profits, and scrappy startups. The full list includes: Google, Yahoo!, Wikipedia, Microsoft, AOL, Amazon, eBay, Facebook, Craigslist, Photobucket, NYT, WebMD, Ask, Cuil, and Ixquick. Out of the analysis, Common Data Project asked seven pointed questions about what companies will or won’t do. Here are some of the red flags found in existing privacy policies.

EXPERT: IPHONE 3GS CRYPTO IS EASILY CRACKABLE (CNET, 24 July 2009) - The encryption functionality of the iPhone 3GS is so easy to crack that it is essentially “broken” as far as protecting sensitive personal data like credit card and social security numbers, according to a forensics expert and iPhone developer. “I don’t think any of us [developers] have ever seen encryption implemented so poorly before, which is why it’s hard to describe why it’s such a big threat to security,” Jonathan Zdziarski told Wired. With physical access to a 3GS iPhone and some free software data can be extracted within two minutes and an image of the entire raw disk in about 45 minutes, he said. The iPhone decrypts the data on its own once the extraction has begun, he explains in a video demonstration. Apple has been touting the encryption and other features to entice corporate users to the device. And it seems to be working. Nearly 20 percent of Fortune 100 companies have purchased 10,000 or more iPhones per company.

GREAT .GOV WEB SITES (GCN, 27 July 2009) - Anyone who doubts the central role that the Web has taken in government life should consider all the attention paid to The General Services Administration created the site earlier this year to show the public how federal economic stimulus money was being disbursed. But the first iteration of the site proved to be too inscrutable for the public. So the agency contracted with a company to redesign the site — to the tune of $18 million over the next five years. The days of a Web presence being an optional component for agencies are long gone. For most citizens, the primary way of interacting with their government is through Web sites. By and large, agencies have responded to that demand by creating richer, more interactive sites. What follows is a compendium of 10 government Web sites that are meeting and exceeding those goals. This is not a definitive list of the 10 best government sites. The field is way too broad for any such superlatives. But they are sites that embrace the Web’s full potential, and they can offer ideas for other agencies seeking to improve their own sites:
• Data.Gov sets the tone for transparent government
• brings net-centric speed to software development
• Transit511 combines public transportation systems in the Bay Area
• State puts social networking to diplomatic use
• FDsys makes America’s documents current and permanent
• Utah takes its site to higher ground
• breaks down stovepipes of research
• USPS extends its virtual post office
• HHS delivers health info users can trust
• The Web site on building better Web sites

STUDY: WHO’S ON WHICH SOCIAL NETS (MediaPost, 27 July 2009) - Marketers that are frustrated with targeting specific age groups or demographics in Facebook, MySpace, Twitter and LinkedIn could glean insight from a recent study by Anderson Analytics. The study suggests that Twitter has become more popular than LinkedIn, more than half of U.S. consumers who tap social networks belong to more than one, and that those who belong to a social net are four times more vocal about products and services than those who don’t. Anderson Analytics CEO Tom Anderson says the biggest surprise from the study reveals that Twitter has become more popular than LinkedIn among social network users in the United States. Aside from posting tweets, Twitter users tend to blog frequently. In fact, more than 20% have their own blog, many of which trumpet social causes. These consumers make good evangelists for brands, he says. Anderson’s study aims to help marketers understand the type of people who frequent each social network. For example, it debunks the myth that Facebook attracts only kids. In fact, the Anderson study suggests that the ideal age group for Facebook spans from 15 to 34, but 44% of 35- to 44-year-olds and 30% of 45- to-54-year-olds say they have profiles, too. And while more people are experimenting on social networks, only 10% of users report having ever created a duplicate or experimental profile. More than half of social network users have associated their profiles with a brand, company or product. While much has been written about negative nature of Web 2.0 and blog posts, social network users are more likely to say positive things about brands, companies or products. The average user logs into a social network account about four times daily, five days a week, and spends about one hour per day on the network. About 31.8% are business users; followed by 26.3%, fun seekers; 21.8%, social media mavens; and 10.1%, leisure followers.

ELEVEN-WORD SNIPPETS CAN INFRINGE COPYRIGHT, RULES ECJ (, 27 July 2009) - The copying and reproduction of just 11 words of a news article can be copyright infringement, the European Court of Justice (ECJ) has ruled. Europe’s highest court has said that a clippings service’s copying could be unlawful. Danish clippings service Infopaq was taken to court by Danish newspaper industry body Danske Dagblades Forening (DDF) over its reproduction of 11-word snippets of news for sale to clients. The agency would scan in newspaper pages and use software to turn the image of the page into text. If pre-determined keywords that clients wanted monitored appeared in text then that word and the five words on either side of it were kept and the rest of the text thrown away. Clients were then sent the 11 words and the details of what page of what publication on what date the words appeared as well as an indication of how far into the article the words came. Infopaq conceded that acts of copying and reproduction took place in the process, but said that the use was legal because of exceptions in the European Union’s Copyright Directive for ‘transient’ copying of material and lawful copying. The ECJ said that while some parts of Infopaq’s processing could be called transient, as soon as it had printed out the 11 words on to paper the copying became too permanent to qualify for the law’s exception. “The possibility cannot be ruled out at the outset that in the first two acts of reproduction at issue in those proceedings, namely the creation of [image] files and text files resulting from the conversion of [image] files, may be held to be transient as long as they are deleted automatically from the computer memory,” said the ECJ ruling. “By the last act of reproduction in the data capture process, Infopaq is making a reproduction outside the sphere of computer technology. It is printing out files containing the extracts of 11 words and thus reproduces those extracts on a paper medium,” it said. “Once the reproduction has been affixed onto such a medium, it disappears only when the paper itself is destroyed.” “Since the data capture process is apparently not likely itself to destroy that medium, the deletion of that reproduction is entirely dependent on the will of the user of that process. It is not at all certain that he will want to dispose of the reproduction, which means that there is a risk that the reproduction will remain in existence for a longer period, according to the user’s needs,” said the judgment. Though the Court conceded that “words as such do not…constitute elements covered by the protection”, it said that copyright law would apply to extracts even if they contained just 11 words. “The possibility may not be ruled out that certain isolated sentences, or even certain parts of sentences in the text in question, may be suitable for conveying to the reader the originality of a publication such as a newspaper article, by communicating to that reader an element which is, in itself, the expression of the intellectual creation of the author of that article,” it said. “Such sentences or parts of sentences are, therefore, liable to come within the scope of the protection provided for in Article 2(a) of that directive.”

MONITORING EMPLOYEES’ PERSONAL EMAILS? NOT SO FAST, SAYS NEW JERSEY COURT (Steptoe & Johnson’s E-Commerce Law Week, 30 July 2009) - A New Jersey appellate court recently ruled that although a company may examine an employee’s personal emails where necessary to serve “a legitimate business interest,” such a policy cannot permit “an intrusion into communications otherwise shielded by the attorney-client privilege.” In Stengart v. Loving Care Agency, Inc., Marina Stengart brought an employment discrimination claim against her former employer, the Loving Care Agency (LCA). While still employed at LCA, Stengart used her work-issued laptop to send several emails pertaining to her anticipated suit to her attorneys through her “personal, web-based, password-protected Yahoo email account.” After she filed suit, attorneys for LCA obtained access to these emails and produced some of them in response to her interrogatories. Stengart’s attorneys requested that LCA’s attorneys return all such emails. They refused, prompting Stengart to apply for a temporary restraining order. The trial judge denied the motion, finding that “the emails were not protected by the attorney-client privilege because the company’s electronic communications policy put plaintiff on sufficient notice that her emails would be viewed as company property.” On appeal, the Superior Court of New Jersey, Appellate Division, reversed, finding that “[a] policy imposed by an employer, purporting to transform all private communications into company property -- merely because the company owned the computer used to make private communications or used to access such private information during work hours -- furthers no legitimate business interest.” Significantly, the court’s rationale was not limited to emails concerning the attorney-client privilege. In reaching its decision, the court announced an extremely privacy-protective rule, holding that, regardless of the wording of a company’s monitoring policy, “an employer’s rules and policies must be reasonable to be enforced,” and that the policy may be enforced by courts only if “the regulated conduct … concern[s] the terms of employment” and the policy “reasonably further[s] the legitimate business interests of the employer.” Ruling here: Stengart v. Loving Care Agency -- [Editor: The decision is an odd one, but distinguishable on the facts. All in all, not the end of the story for permitted employer monitoring, especially if the policy is well written and communicated.]

FINDING ACCURATE LAW TEXT ONLINE NEARLY IMPOSSIBLE, PANELISTS SAY (ABA Journal, 31 July 2009) - Federal Reserve Bank of New York’s counsel, Denley Chew, slapped down some $2 bills and challenged a room of lawyers and legal researchers with laptops and iPhones to find the authoritative text of the landmark Fugitive Slave Act online. “Authoritative” was the catch. The money remained untouched. Panelists declared that finding accurate text of a law—on government websites, LexisNexis, Westlaw—is almost impossible. The recession forced state and federal governments to post laws online rather than print them. But Mary Alice Baish, government relations director for the American Association of Law Libraries, says there is no national or international body that ensures those online postings are accurate or updated with amendments. The AALL conducted a 2007 survey that discovered that eight states and the District of Columbia refer lawyers and judges seeking the text of a law to official sources so different that the versions conflict. States that posted laws online only had no consistent way of maintaining older versions of an amended law or showing errors had been corrected. “The history of law is disappearing; older versions of a law, amendments, show the thought process of a people and how they evolved,” observed ABA Legal Technology Research Center director Catherine Reach. Global Legal Information Network at the Law Library of Congress provided the hopeful glimmer. Trusted officers of the court in dozens of jurisdictions, from the Congo to Canada, authenticate legal documents from their countries with an encrypted certificate. GLIN director Janice Hyde proudly said over 170,000 legal instruments have been authenticated.

SERENDIPITY, LOST IN THE DIGITAL DELUGE (New York Times, 1 August 2009) – We’ve gained so much in the digital age. We get more entertainment choices, and finding what we’re looking for is certainly fast. Best of all, much of it is free. But we’ve lost something as well: the fortunate discovery of something we never knew we wanted to find. In other words, the digital age is stamping out serendipity. When we walk into other people’s houses, we peruse their bookshelves, look at their CD cases and sneak a peek at their video collections (better that than their medicine cabinets). It gives us a measure of the owner’s quirky tastes and, more often than not, we find a singer, a musician or a documentary we’d never known before. But CDs have disappeared inside the iPod. And shelves of videos are rarely seen as we get discs in the mail from Netflix or downloaded from Vudu. And, one day soon, book collections may end up inside a Kindle. With an e-book reader, the person on the subway seat across from you will never know what you are reading. Ah, the techies say, no worries. We have Facebook and Twitter, spewing a stream of suggestions about what to read, hear, see and do. We come to depend on it to lead us to the funny article on or the roving food cart serving goat curry. It’s useful. But that isn’t serendipity. It’s really group-think. Everything we need to know comes filtered and vetted. We are discovering what everyone else is learning, and usually from people we have selected because they share our tastes. It won’t deliver that magic moment of discovery that we imagine occurred when Elvis Presley first heard the blues, or when Michael Jackson followed Fred Astaire’s white spats across the dance floor. Many software developers are trying to recreate serendipity. StumbleUpon is a Web service that steers users toward content they are likely to find interesting. Readers tell the service about their professional interests or hobbies, and it serves up sites to match them. It’s a good try, but it is still telling readers what they want to know.

NIST RELEASES ‘HISTORIC’ FINAL VERSION OF SPECIAL PUBLICATION 800-53 (GCN, 3 August 2009) - The National Institute of Standards and Technology has collaborated with the military and intelligence communities to produce the first set of security controls for all government information systems, including national security systems. The controls are included in the final version of Special Publication 800-53, Revision 3 “Recommended Security Controls for Federal Information Systems and Organizations,” released Friday. NIST called the document historic. “For the first time, and as part of the ongoing initiative to develop a unified information security framework for the federal government and its contractors, NIST has included security controls in its catalog for both national security and non-national security systems,” the agency said. “The updated security control catalog incorporates best practices in information security from the United States Department of Defense, Intelligence Community and Civil agencies, to produce the most broad-based and comprehensive set of safeguards and countermeasures ever developed for information systems.” A draft version of the document was released in June for public comment. This is the final version of the guidelines. NIST also has released a draft of SP 800-126, “The Technical Specification for the Security Content Automation Protocol (SCAP),” for public comment. SCAP comprises specifications for the standardized organization and expression of security-related information. SP 800-126 provides an overview of SCAP, focusing on how software developers can integrate SCAP technology into their product offerings and interfaces. SP 800-53 is part of a series of documents setting out standards, recommendations and specifications for implementing the Federal Information Security Management Act. This revision is the first major update of these guidelines since its initial publication in December 2005. It specifies the baseline security controls needed to meet the mandatory requirements of Federal Information Processing Standards 199, “Standards for Security Categorization of Federal Information and Information Systems,” and FIPS 200, “Minimum Security Requirements for Federal Information and Information Systems.” 800-53 here:

- and -

NIST LAB DIRECTOR TACKLES CYBERSECURITY, CLOUD COMPUTING (Information Week, 7 August 2009) - The National Institute of Standards and Technology’s IT Laboratory plays a key role in government cybersecurity, setting standards that federal agencies are required to follow. InformationWeek discussed NIST’s role, including the fine line between setting standards and setting policy, with Cita Furlani, director of NIST’s IT Lab. [Editor: Interesting Q&A.]

Editor: Earlier this month I moderated an ABA panel in Chicago on lawyer-ethics issues associated with Cloud Computing. We had excellent panelists, including Chris Kelly (on leave as CPO for Facebook and candidate for California Attorney General). Here’s the ABA Journal’s blurb on the session:
LEGAL ETHICS OF FACEBOOK, TWITTER & CLOUD COMPUTING (ABA Journal, 2 August 2009) - The legal ethics challenges that will be posed by lawyer use of Facebook, Twitter and other forms of “cloud computing” services are almost as revolutionary as the services themselves, according to experts speaking at a discussion hosted Sunday by the Cyberspace Law Committee of the ABA Business Law Section. Cloud computing services store a user’s data–messages, photos, documents or any other kind of information–on a computer that is not under the user’s control. Facebook, Twitter, Flickr, YouTube, and Google Docs are all examples of the growing trend, which is sometimes also referred to as “software as a service.” The services allow users to access information from any computer connected to the Internet and to share that information either with a limited number of people or the public at large. They are quickly gaining popularity among lawyers and the clients they serve, both for their technological benefits and low cost, as reported in the August issue of the ABA Journal. But lawyers should carefully consider the legal ethics implications of that trend, according to Roland L. Trope, a partner in New York’s Trope and Schramm. He noted there’s a dramatic difference between what Google Docs–a service for creating and sharing text documents, spreadsheets and slide presentations–says in its marketing materials, and what is in its legally binding terms of service. When promoting the service, Google says it backs up users’ information almost as fast as they create it, so users always have access to their saved content. But the terms of service say Google does not guarantee any defects in the product will be fixed, and the company reserves the right to disable a user’s account without providing copies of the data the user has stored on Google’s computers. And because many cloud computer companies don’t store a user’s data in one location, or even in one country, what will happen when information from a client that is subject to U.S. export control restrictions is stored on a computer in a foreign country, Trope asked. Firms ought to disclose to clients how their data will be stored, so issues like this can be dealt with before they become a crisis, he said.

- and -

FACEBOOKING JUDGE CATCHES LAWYER IN LIE, SEES ETHICAL BREACHES (ABA Journal, 31 July 2009) - Galveston, Texas-area lawyers on Facebook may want to double-check their friends list, especially if they’re about to appear before Judge Susan Criss. That’s because Criss, a state court judge who is learning to adapt to social media as a way to connect with long-lost friends and is leveraging Facebook as a judicial campaign tool, has also learned a few things she didn’t expect. Biggest surprise: Even lawyers don’t fully grasp how public social media is, even when privacy controls are in place. “Anyone can cut and paste,” said Criss, who was part of a Friday ABA Annual Meeting program “Courts and Media in the 21st Century: Twitterers, Bloggers, the New Media, the Old Media, and What’s a Judge to Do?” sponsored by the ABA’s Judicial Division. Criss recalled one time that a lawyer asked for a continuance because of the death of her father. The lawyer had earlier posted a string of status updates on Facebook, detailing her week of drinking, going out and partying. But in court, in front of Criss, she told a completely different story. Then there was the lawyer who complained about having to handle a motion in Criss’s court. Criss playfully zinged her, too—on Facebook, of course. Criss has seen lawyers on the verge of crossing, if not entirely crossing, ethical lines when they complain about clients and opposing counsel. And she admonished one family member who jeopardized her own tort case by bragging online about how much money she would get from a lawsuit.

- and -

(ReadWriteWeb, 27 July 2009) - A group of scholars from Germany, Austria, and the U.K. recently put together a case study about the tweeting habits of conference attendees. Entitled “How People are using Twitter during Conferences,” this research report (available on, reveals some interesting, although not altogether shocking, insights into the role the microblogging service plays during major events. Most notable of their findings is the number of individuals who actively use the service during conferences - a figure showing high participation levels among attendees. According to the report, the researchers were motivated to find out if using Twitter could actually help improve the interactions among the learners and enhance their learning experience when attending presentations in large groups. They looked into the motives of Twitter users, contents of tweets, and how this impacted the user’s network. The researchers found that the majority of conference attendees already had a Twitter account (95.1%) and many of those who did actively used it to tweet during the conference (67.5%). 74.1% of the attendees send between 11 and 20 messages per day and 51.2% discussed topics via @ replies and DMs. [N]early half the tweets were simple plain text messages while tweets with links to web sites only accounted for 10% of the messages. In other words, the Twitterers were using the medium to share the information they were learning at the present moment as opposed to posting links to information already available on the web. The participants were also asked open-ended questions like “Why do you think Twitter encouraged the discussion about topics?” and what the added value of Twitter at conferences was. In response, the survey participants answered that Twitter gave conference goers a greater sense of community and encouraged discussion in the backchannel, often allowing them to discuss things in more detail than the “guys on the stage.” Other participants noted that Twitter helps you connect with people who have similar interests, provides networking potential, and allows those who could not attend to gain value from your experience. Unfortunately, the data collected comes from only five conferences and forty-one different attendees, so the sample size isn’t what we would consider to be large enough to draw any definite conclusions. Study here:

- and -

UK GOVERNMENT ADVICE URGES TWEETING (BBC, 27 July 2009) - New government guidance has been published urging civil servants to use the micro-blogging site Twitter. Launched on the Cabinet Office website, the 20-page document is calling on departments to “tweet” on “issues of relevance or upcoming events”. The website is already used by Downing Street, the Foreign Office and many individual MPs. Neil Williams, of the Department for Business, Innovation and Skills (BIS), published the “template” strategy. Writing on the Cabinet Office’s digital engagement blog, Mr Williams - who is BIS’s head of corporate digital channels - conceded that 20 pages was a “a bit over the top for a tool like Twitter” but added: “I was surprised by just how much there is to say - and quite how worth saying it is.” The template had been written for BIS to consider using Twitter but could be used by other departments, he said. Publishing tweets, replying to incoming messages and monitoring the account would take less than an hour a day, according to the strategy. There would be an “add-on” to “business as usual” activity due to quick discussions of potential tweets at daily meetings, as well as e-mails between officials and digital media staff about potential content for tweets.

- and -

NSO TO TRY BEETHOVEN’S TWEET SUITE (Washington Post, 30 July 2009) - The National Symphony Orchestra is trying an experiment. It’s tweeting Beethoven’s “Pastoral” Symphony, Thursday night at Wolf Trap. For a healthy portion of the classical music audience, Internet-related words such as “tweet” or “Twitter” cause parts of the brain to shut down. Deep breaths. Here’s what will happen: The orchestra will use the micro-blogging site Twitter to send text messages of 140 characters or fewer from conductor Emil de Cou during the performance. (Example: “In my score Beethoven has printed Nightingale = flute Quail = oboe Cuckoo = clarinet -- a mini concerto for woodwind/birds.”) The idea is that those interested will sit in a designated area on the Wolf Trap lawn with their BlackBerrys, iPhones or other mobile devices and, by following the Twitter user NSOatWolfTrap, gain a new perspective on the score. Of course, you can also follow along without actually being at Wolf Trap at all.

- and -

THE N.F.L. HAS IDENTIFIED THE ENEMY AND IT IS TWITTER (New York Times, 4 August 2009) - To the list of universal threats to football success — injury and indiscretion, a Tom Brady-led offense marching against your defense — the N.F.L. has added another: Twitter. As training camps opened last week, players were told that the same standard — read: paranoia — that applied to the flow of information to reporters also applied to Twitter. In Green Bay, players were told they would be fined if they texted or tweeted from team meetings or coaching sessions. When Coach Tony Sparano met with the Miami Dolphins before Sunday’s first practice, he effectively outlawed Twitter, nose tackle Jason Ferguson said. Football coaches are a password-protected lot, preferring to dispense so little information that most days, they would struggle to fill 140 characters. They worry that the casual nature of Twitter could inspire the budding bloggers in their locker rooms to inadvertently disclose more than they should about injuries, game plans and what is said behind closed doors. The N.F.L. does not have a policy about social media, although it warns players about the risks of someone impersonating them on one of the sites. Cellphones, computers and P.D.A.’s cannot be used by players, coaches or other club personnel on the sideline, in coaches’ booths or locker rooms from pregame warm-ups through the end of the game. But N.F.L. officials are working on a policy that would apply to the use of social media sites on the day of the game.

- and -

DOD RETHINKING SOCIAL-MEDIA ACCESS (FCW, 3 August 2009) - With concerns mounting over security and management, the Defense Department is reevaluating its policies on use of social media tools. Sites such as Facebook, MySpace and Twitter, once banned from DOD use, now play a major role for government and military public relations and recruiting. However, the threat of security breaches stemming from wide-open access could lessen Web 2.0’s appeal. U.S. Strategic Command, which oversees the use of the dot-mil network, has launched a review of the safety of the sites. The command acknowledged in media reports last week that it was doing so, but has otherwise remained mum on the topic. “There certainly are security concerns associated with social networking. But it would be a step back to ban social networks completely,” said information technology security expert Rohyt Belani, a consultant and instructor at Carnegie-Mellon University. “I think there is a middle ground that can be reached.” Security fears largely center on the familiar possibility of hackers infiltrating networks with sensitive information, particularly via phishing scams that dupe computer users into downloading viruses, clicking links to malware or entering secure information. But Web 2.0 brings an additional concern: People sharing too much information online, such as the case of incoming British intelligence chief John Sawers, whose wife posted personal information and photos on Facebook that have landed Sawers in serious hot water.

DATA SECURITY BREACH NOTIFICATION LAW UPDATE (Hunton & Williams, 5 August 2009) - July saw a flurry of activity involving data security breach notification laws.
• On July 1, breach notification laws in Alaska and South Carolina went into effect.
• On July 9, Missouri became the 45th state to enact a data breach notification law. [Editor: But the Missouri law also includes health insurance and medical data in its definition of personal information.]
• On July 22, Senator Patrick Leahy reintroduced a comprehensive federal data security bill calling it one of his “highest legislative priorities.”
• On July 27, North Carolina amended its breach notification law to require notification of the state attorney general any time consumers are notified of a breach involving their personal information. The amendment also included content requirements for the attorney general’s notice.

HEARTLAND SAYS BREACH HAS COST IT $32 MILLION THIS YEAR (StorefrontBacktalk, 6 August 2009) - Heartland Payment Systems on Aug. 4 said it spent $32 million this year paying for costs related to the major data breach it disclosed in January, including $22.1 million to cover fines from key payment card brands and a settlement offer. Heartland did not say how the $22.1 million was split between the fines and the settlement offer, but it did provide clues.

CYBER ATTACKERS EMPTY BUSINESS ACCOUNTS IN MINUTE (Network World, 6 August 2009) - The criminals knew what they were doing when they hit the Western Beaver County School District. They waited until school administrators were away on holiday, and then during a four-day period between Dec. 29 and Jan. 2, siphoned US$704,610.35 out of two of the school district’s bank accounts. Western Beaver’s financial institution, ESB Bank, managed to reverse some of the transfers, but the Pennsylvania school district was out more than $441,000. On July 9, Western Beaver sued ESB to try and recover the money, but security experts say that it’s just one of many organizations that have been hit in recent months by a disturbing new type of financial fraud that can often leave the victim holding the bag. Fraudsters are taking advantage of the widely used but obscure Automated Clearing House (ACH) Network in order to pull off their attacks. This financial network is used by financial institutions to handle direct deposits, checks, bill payments and cash transfers between businesses and individuals. Criminals can make millions of dollars per day with ACH fraud, investigators say. And while consumers are protected from this type of fraud, the rules for corporations and organizations are not as clear-cut, so sometimes victims like Western Beaver find themselves having to pay. The fraud typically starts with a targeted phishing e-mail, aimed at whomever is in charge of the company’s checkbook. By tricking the victim into running software, opening a harmful attachment or visiting a malicious Web site, the criminals are able to install keylogging software and steal bank account passwords.

PUBLICIS GROUPE TO BUY MICROSOFT’S RAZORFISH (CNET, 9 August 2009) - French advertising group Publicis Groupe SA has agreed to acquire Internet ad agency Razorfish from Microsoft for $530 million in cash and stock. Razorfish will continue to operate under its own brand name and continue to serve as Microsoft’s “preferred provider” for Internet advertising, the companies announced Sunday in a joint statement. The deal includes a strategic alliance agreement in which Publicis Groupe will purchase display and search advertising from Microsoft over a five-year period. “The purchase of Razorfish is a new step in our strategic plan to be the unquestionable leader in digital communication,” Publicis Groupe Chief Executive Officer Maurice Levy said in the statement. “Once this acquisition is complete, about a quarter of our revenue will come from digital communication and our ability to grow and conquer will be reinforced.” Publicis Groupe is one of the world’s largest media companies, employing about 44,000 people at advertising networks Leo Burnett and Saatchi & Saatchi, as well as media buyers Starcom MediaVest Group and ZenithOptimedia. Microsoft had reportedly been shopping Razorfish around for the past few months, with top ad firms WPP, Omnicom Group, and Publicis Groupe all expressing interest in Razorfish. Talks were also held between Microsoft and agencies Interpublic Group and Dentsu.

BANK WILL ALLOW CUSTOMERS TO DEPOSIT CHECKS BY IPHONE (New York Times, 10 August 2009) - The Internet has taken a lot of the paperwork out of banking, but there is no avoiding paper when someone gives you a check. Now one bank wants to let customers deposit checks immediately — through their phones. USAA, a privately held bank and insurance company, plans to update its iPhone application this week to introduce the check deposit feature, which requires a customer to photograph both sides of the check with the phone’s camera. “We’re essentially taking an image of the check, and once you hit the send button, that image is going into our deposit-taking system as any other check would,” said Wayne Peacock, a USAA executive vice president. Customers will not have to mail the check to the bank later; the deposit will be handled entirely electronically, and the bank suggests voiding the check and filing or discarding it. But to reduce the potential for fraud, only customers who are eligible for credit and have some type of insurance through USAA will be permitted to use the deposit feature. Mr. Peacock said that about 60 percent of the bank’s customers qualify. Three years ago, it introduced the option of depositing a check from home using a scanner. That laid the groundwork for the phone deposit feature, which USAA plans to offer on other phones this year. The deposit feature, which USAA previewed in an online video in June, puts the bank in the vanguard of the effort to turn cellphones into portable branches.

CARE TO WRITE ARMY DOCTRINE? WITH ID, LOG ON (New York Times, 14 August 2009) - In July, in a sharp break from tradition, the Army began encouraging its personnel — from the privates to the generals — to go online and collaboratively rewrite seven of the field manuals that give instructions on all aspects of Army life. The program uses the same software behind the online encyclopedia Wikipedia and could potentially lead to hundreds of Army guides being “wikified.” The goal, say the officers behind the effort, is to tap more experience and advice from battle-tested soldiers rather than relying on the specialists within the Army’s array of colleges and research centers who have traditionally written the manuals. “For a couple hundred years, the Army has been writing doctrine in a particular way, and for a couple months, we have been doing it online in this wiki,” said Col. Charles J. Burnett, the director of the Army’s Battle Command Knowledge System. “The only ones who could write doctrine were the select few. Now, imagine the challenge in accepting that anybody can go on the wiki and make a change — that is a big challenge, culturally.” Under the three-month pilot program, the current version of each guide can be edited by anyone around the world who has been issued the ID card that allows access to the Army Internet system. About 200 other highly practical field manuals that will be renamed Army Tactics, Techniques and Procedures, or A.T.T.P., will be candidates for wikification. As is true with Wikipedia, those changes will appear immediately on the site, though there is a team assigned to each manual to review new edits. Unlike Wikipedia, however, there will be no anonymous contributors.

GOOGLE BOOK SEARCH SETTLEMENT (Google’s Alex Macgillivray at Berkman, 21 July 2009) - The proposed Google Book Search settlement creates the opportunity for unprecedented access by the public, scholars, libraries and others to a digital library containing millions of books assembled by major research libraries. But the settlement is controversial, in large part because this access is limited in major ways: instead of being truly open, this new digital library will be controlled by a single company, Google, and a newly created Book Rights Registry consisting of representatives of authors and publishers; it will include millions of so-called “orphan works” that cannot legally be included in any competing digitization and access effort, and it will be available to readers only in the United States. Alexander Macgillivray, Deputy General Counsel for Products and Intellectual Property at Google (and soon to be General Counsel of Twitter) chats about the Google Book Search Settlement, its intricacies, pros, and cons, and responds to provocative questions and comments. [Editor: ONE STAR]

**** DIFFERENT ****
WHAT’S IN A WORD? (Newsweek, 9 July 2009) - When the Viaduct de Millau opened in the south of France in 2004, this tallest bridge in the world won worldwide accolades. German newspapers described how it “floated above the clouds” with “elegance and lightness” and “breathtaking” beauty. In France, papers praised the “immense” “concrete giant.” Was it mere coincidence that the Germans saw beauty where the French saw heft and power? Lera Boroditsky thinks not. A psychologist at Stanford University, she has long been intrigued by an age-old question whose modern form dates to 1956, when linguist Benjamin Lee Whorf asked whether the language we speak shapes the way we think and see the world. If so, then language is not merely a means of expressing thought, but a constraint on it, too. Although philosophers, anthropologists, and others have weighed in, with most concluding that language does not shape thought in any significant way, the field has been notable for a distressing lack of empiricism—as in testable hypotheses and actual data. That’s where Boroditsky comes in. In a series of clever experiments guided by pointed questions, she is amassing evidence that, yes, language shapes thought. The effect is powerful enough, she says, that “the private mental lives of speakers of different languages may differ dramatically,” not only when they are thinking in order to speak, “but in all manner of cognitive tasks,” including basic sensory perception. “Even a small fluke of grammar”—the gender of nouns—”can have an effect on how people think about things in the world,” she says. [Editor: fascinating; I’ve often thought that language might channel thought.]

A PIECE OF SOFTWARE IS A JOY FOREVER: LINUX WINS ART PRIZE -- The top prize in the “.net” category of the prestigious international electronic-art competition Prix Ars Electronica has been awarded not to a beautiful Web page but to the Linux operating system created by Finnish programmer Linus Torvalds in 1991 and developed by scores of volunteer software developers contributing refinements to the code. Torvalds will receive the $8,260 prize. The judge says the selection of Linux was intended to send a message that “that the real material of the Web is the code” and to emphasize the Internet’s essential ability to establish online communities.” (New York Times 1 Jun 99)

************** NOTES **********************
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley ( with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
6. Crypto-Gram,
7. McGuire Wood’s Technology & Business Articles of Note,
8. Steptoe & Johnson’s E-Commerce Law Week,
9. Eric Goldman’s Technology and Marketing Law Blog,
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.