Saturday, September 26, 2009

MIRLN --- 6-26 September 2009 (v12.13)

• Court Says Court Reporters do not Retain Copyright on Transcripts they Prepare
o Twitter Confirms User Ownership of Tweets
• Court Allows Suit against Bank for Lax Security
o How to Measure Security? NIST Maps out the Emerging Field of IT Metrology
• Web-Monitoring Software Gathers Data on Kid Chats
• “Anonymized” Data Really Isn’t—And Here’s Why Not
• New Jersey Courts Employ Social Media
o A Legal Battle: Online Attitude vs. Rules of the Bar
o Jurors Required to Sign Promises not to Google Details of Case
o Substantial Growth in Online Social Networking by Lawyers over the Past Year
o New Jersey Appellate Court Provides Guidance on How Company Email Policies Should Be Crafted
o Employers Grappling with Social Network Use
• The Sunlight Foundation Names Apps-For-America2 Winners
o White House Takes a Big Step into the Cloud with Apps.Gov
• HHS and FTC Issue Rulemakings on HITECH Breach Notification Provisions
• Times Reporter Blogs His Own Kidnapping
• US Court of Appeals for the Ninth Circuit Establishes Protocols for Searches of Electronically Stored Information
• Court Rules Overstock Can’t Enforce ‘Browsewrap’ Agreement
• Seyfarth Shaw Says Six Sigma Method has Cut Client Fees by up to 50%
• Five Major Research Universities Endorse Open-Access Journals
o Higher Ed. And TED
o From Ivory Tower to Iron Bars: Scientists Risk Jail Time for Violating Export Laws
o The Mobile Campus
o A Library Address
• Airplane Liquid Bombers
• Sears Told to Destroy Data Gathered by Online Tracking Software
• Govt Review: No Privacy Problems in Cyber Security
• National Security Threats in Cyberspace - ABA Workshop Report
• Google Confirms that Keyword Metatags Don’t Matter
o EU Adviser: Google Ads Don’t Infringe Trademarks
• Federal Courts now Offer Hearings Online as Mp3 Files
• If The Army Can Put its Doctrine up on a WiKi, You’ve Got No Excuse
• 3rd Circuit Says Corporations May Take Info Requests ‘Personally’

NEWS | DIFFERENT | COMMENTARY | LOOKING BACK | NOTES

**** NEWS ****
COURT SAYS COURT REPORTERS DO NOT RETAIN COPYRIGHT ON TRANSCRIPTS THEY PREPARE (TechDirt, 27 August 2009) - In a world where almost every new expression is automatically covered by copyright once set in fixed form, you get some really odd situations -- highlighted by a recent ruling pointed out by Michael Scott. Apparently, in a lawsuit between bunch of plaintiffs and the city of Albuquerque, the city paid for a court reporter to record transcripts of some hearings. An attorney for the plaintiffs who wanted to use the transcripts did the smart thing and used New Mexico’s Inspection of Public Records Act to gain access to the transcripts. The problem? The city and the court reporter who recorded the transcripts would have charged a much higher fee for a copy of the transcripts, and felt that the lawyer’s use of the law to gain access was somehow unfair. The court then ordered the lawyer to pay the court reporter over $4,000 to make up the “difference.” The lawyer, however, appealed, and the appeals court has thrown out the lower court ruling, saying that forcing the lawyer to pay the higher fee would mean that the court reporter effectively was given a copyright to the transcripts: “In broad terms, [the court reporter’s] fee claim rests on the tacit premise that court reporters in some legal sense own the content of the transcripts they prepare, such that they are entitled to remuneration whenever a copy of a transcript is made (even if they played no role in making the copy). To accept this premise would effectively give court reporters a “copyright” in a mere transcription of others’ statements, contrary to black letter copyright law. See 2 William F. Patry, Patry on Copyright, Ch. 4 Noncopyrightable Material, § 4.88 (Updated Sept. 2008) (court reporters are not “authors of what they transcribe and therefore cannot be copyright owners of the transcript of court proceedings”).” http://techdirt.com/articles/20090827/0231116015.shtml

- and -

TWITTER CONFIRMS USER OWNERSHIP OF TWEETS (Information Week, 11 Sept 2009) - Twitter co-founder Biz Stone on Thursday said that the popular online messaging site had updated its Terms of Service to clarify what users can expect from the service, though the announcement appears to be more about reassuring users than delineating substantive rights. The move suggests a desire not to repeat the controversy that Facebook found itself in when, in February, the social network altered its Terms of Service and users read the language as a claim of ownership over all user-submitted content. “The revisions [of Twitter’s Terms of Service] more appropriately reflect the nature of Twitter and convey key issues such as ownership,” said Stone in a blog post. “For example, your tweets belong to you, not to Twitter.” This does not appear to be much of a change, however. Twitter’s Terms of Service from October 2007 state, “We claim no intellectual property rights over the material you provide to the Twitter service. Your profile and materials uploaded remain yours.” Such assurances may mollify twittering authors of note but they’re not particularly meaningful. “The vast majority of tweets are likely to be too short and lacking in creativity to qualify for copyright,” said Fred von Lohmann, senior staff attorney for the Electronic Frontier Foundation, in an e-mail. “So they are not ‘owned’ by anyone, much like your idle chatter while walking down the street isn’t ‘owned’ by anyone.” Lohmann however grants that there are exceptions, such as a carefully-crafted haiku that was tweeted. http://www.informationweek.com/news/internet/social_network/showArticle.jhtml?articleID=220000033&cid=RSSfeed_IWK_News

COURT ALLOWS SUIT AGAINST BANK FOR LAX SECURITY (ComputerWorld, 2 Sept 2009) - A couple whose bank account was breached can sue their bank for its alleged failure to implement the latest security measures designed to prevent such compromises. In a ruling issued last month, Judge Rebecca Pallmeyer, of the District Court for the Northern District of Illinois, denied a request by Citizens Financial Bank to dismiss a negligence claim brought against it by Marsha and Michael Shames-Yeakel. The Crown Point, Ind. couple -- customers of the bank -- alleged that Citizens’ failure to implement up-to-date user authentication measures resulted in the theft of more than $26,000 from their home equity line of credit. The negligence claim was one of several claims brought against Citizens by the couple. Although, Pallmeyer dismissed several of the other claims, she allowed the negligence claim against Citizens to stand. She noted that the couple had shown that a “reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs’ account against fraudulent access.” The ruling highlights an issue that security analysts have been talking about for a long time: the need by companies to show due diligence in protecting customer data against malicious and accidental compromise. Security analysts have warned that companies that can’t prove they took adequate measures to protect data could find themselves exposed to legal liability after a data breach. http://www.computerworld.com/s/article/9137451/Court_allows_suit_against_bank_for_lax_security?source=CTWNLE_nlt_dailyam_2009-09-03

- and -

HOW TO MEASURE SECURITY? NIST MAPS OUT THE EMERGING FIELD OF IT METROLOGY (GCN, 10 Sept 2009) - Information technology security is a hot topic, but attention usually focuses on the lack of it. What is missing is an objective, quantifiable way to effectively measure it. “Security can be looked at in different ways by different people,” said Wayne Jansen, a computer scientist at the National Institute of Standards and Technology’s IT Laboratory. There is quality control for code developers, the process of deploying a system, and its maintenance by users. “These are all different aspects,” and they do not lend themselves to traditional methods of measurement used in physical science, he said. Jansen has examined the status of efforts to develop security metrics, identified challenges and suggested a course for future research in a recent NIST report, “Directions in Security Metrics Research.” There have been a number of efforts to establish metric systems for security, including the international Common Criteria, the Defense Department’s Trusted Computer System Evaluation Criteria, the European Communities’ Information Technology Security Evaluation Criteria, and the International Systems Security Engineering Association’s Systems Security Engineering Capability Maturity Model. http://gcn.com/Articles/2009/09/14/Update-1-Security-metrics-lacking-for-IT-systems.aspx?s=gcndaily_110909&Page=1

WEB-MONITORING SOFTWARE GATHERS DATA ON KID CHATS (AP, 4 Sept 2009) - Parents who install a leading brand of software to monitor their kids’ online activities may be unwittingly allowing the company to read their children’s chat messages — and sell the marketing data gathered. Software sold under the Sentry and FamilySafe brands can read private chats conducted through Yahoo, MSN, AOL and other services, and send back data on what kids are saying about such things as movies, music or video games. The information is then offered to businesses seeking ways to tailor their marketing messages to kids. “This scares me more than anything I have seen using monitoring technology,” said Parry Aftab, a child-safety advocate. “You don’t put children’s personal information at risk.” The company that sells the software insists it is not putting kids’ information at risk, since the program does not record children’s names or addresses. But the software knows how old they are because parents customize its features to be more or less permissive, depending on age. Five other makers of parental-control software contacted by The Associated Press, including McAfee Inc. and Symantec Corp., said they do not sell chat data to advertisers. http://tech.yahoo.com/news/ap/20090904/ap_on_hi_te/us_tec_internet_monitoring_kids_3

“ANONYMIZED” DATA REALLY ISN’T—AND HERE’S WHY NOT (ArsTechnica, 8 Sept 2009) - The Massachusetts Group Insurance Commission had a bright idea back in the mid-1990s—it decided to release “anonymized” data on state employees that showed every single hospital visit. The goal was to help researchers, and the state spent time removing all obvious identifiers such as name, address, and Social Security number. But a graduate student in computer science saw a chance to make a point about the limits of anonymization. Latanya Sweeney requested a copy of the data and went to work on her “reidentification” quest. It didn’t prove difficult. Law professor Paul Ohm describes Sweeney’s work: “At the time GIC released the data, William Weld, then Governor of Massachusetts, assured the public that GIC had protected patient privacy by deleting identifiers. In response, then-graduate student Sweeney started hunting for the Governor’s hospital records in the GIC data. She knew that Governor Weld resided in Cambridge, Massachusetts, a city of 54,000 residents and seven ZIP codes. For twenty dollars, she purchased the complete voter rolls from the city of Cambridge, a database containing, among other things, the name, address, ZIP code, birth date, and sex of every voter. By combining this data with the GIC records, Sweeney found Governor Weld with ease. Only six people in Cambridge shared his birth date, only three of them men, and of them, only he lived in his ZIP code. In a theatrical flourish, Dr. Sweeney sent the Governor’s health records (which included diagnoses and prescriptions) to his office.” Boom! But it was only an early mile marker in Sweeney’s career; in 2000, she showed that 87 percent of all Americans could be uniquely identified using only three bits of information: ZIP code, birthdate, and sex. http://arstechnica.com/tech-policy/news/2009/09/your-secrets-live-online-in-databases-of-ruin.ars [Editor: Paul Ohm has a coming article tentatively titled “The Probability of Privacy”; early drafts are provoking. See also https://www.eff.org/deeplinks/2009/09/what-information-personally-identifiable]

NEW JERSEY COURTS EMPLOY SOCIAL MEDIA (Robert Ambrogi, 8 Sept 2009) - Thanks to the blog Social Media Law Student for the heads-up about the announcement from the New Jersey judiciary that it is adopting an array of social-media tools to keep lawyers, litigants and the public better informed of court developments. The court system now has a Twitter feed and uses text messages to send out breaking news alerts. These cover unscheduled court closings and other high priority information. The courts also now have three RSS feeds -- one for news releases, one for notices to the bar, and a third for Supreme and Appellate Court opinions. In addition, the court system has set up a Facebook page, where it will post press releases, court information and photos of court events, and a YouTube page, where it will post videos that offer lessons in using the courts. http://www.legaline.com/2009/09/new-jersey-courts-employ-social-media.html

- and -

A LEGAL BATTLE: ONLINE ATTITUDE VS. RULES OF THE BAR (New York Times, 13 Sept 2009) - Sean Conway was steamed at a Fort Lauderdale judge, so he did what millions of angry people do these days: he blogged about her, saying she was an “Evil, Unfair Witch.” But Mr. Conway is a lawyer. And unlike millions of other online hotheads, he found himself hauled up before the Florida bar, which in April issued a reprimand and a fine for his intemperate blog post. Mr. Conway is hardly the only lawyer to have taken to online social media like Facebook, Twitter and blogs, but as officers of the court they face special risks. Their freedom to gripe is limited by codes of conduct. “When you become an officer of the court, you lose the full ability to criticize the court,” said Michael Downey, who teaches legal ethics at the Washington University law school. And with thousands of blogs and so many lawyers online, legal ethics experts say that collisions between the freewheeling ways of the Internet and the tight boundaries of legal discourse are inevitable — whether they result in damaged careers or simply raise eyebrows. Mr. Conway initially consented to a reprimand from the bar last year, but the State Supreme Court, which reviews such cases, demanded briefs on First Amendment issues. The American Civil Liberties Union of Florida argued that Mr. Conway’s statements were protected speech that raised issues of legitimate public concern. Ultimately the court affirmed the disciplinary agreement and Mr. Conway paid $1,200. That penalty is light compared with the price paid by Kristine A. Peshek, a lawyer in Illinois who lost her job as an assistant public defender after 19 years of service over blog postings and who now faces disciplinary hearings as well. http://www.nytimes.com/2009/09/13/us/13lawyers.html?_r=1&hp

- and -

JURORS REQUIRED TO SIGN PROMISES NOT TO GOOGLE DETAILS OF CASE (TechDirt, 16 Sept 2009) - There have been plenty of stories concerning judges warning jurors not to research any additional items about a case online, but JJ points us to what is apparently a first (at least in California). A judge has ordered the jury to sign a document that they will not use the internet to research the case, and they can face perjury charges if they’re caught doing so. http://techdirt.com/articles/20090915/0412536196.shtml

- and -

NEW JERSEY APPELLATE COURT PROVIDES GUIDANCE ON HOW COMPANY EMAIL POLICIES SHOULD BE CRAFTED (Duane Morris, 21 Sept 2009) - In light of a recent New Jersey appellate court decision, employers may want to review and update company email policies to ensure that employees are properly made aware that employers have the right to access and review certain private emails that may be generated through a company-sponsored computer system. In Stengart v. Loving Care Agency, Inc.,1 the New Jersey Superior Court, Appellate Division, clarified how an employer should craft email policies to ensure that employees understand that, while they may consider certain emails to be private, the employer nonetheless retains the right to access the materials by virtue of the employee’s use of company technology. http://www.duanemorris.com/alerts/NJ_Employment_Email_Stengart_3408.html

- and -

SUBSTANTIAL GROWTH IN ONLINE SOCIAL NETWORKING BY LAWYERS OVER THE PAST YEAR (BeSpacific, 20 Sept 2009) - 2009 Networks for Counsel Study - A Global Study of the Legal Industry’s Adoption of Online Professional Networking, Preferences, Usage and Future Predictions - Sample Composition: “The survey was administered to 1,474 counsel – 764 private practice lawyers and 710 corporate counsel –in May and June of 2009; 33 countries were represented. Financial Services, Manufacturing and Healthcare were the top three industries represented.” Key Findings: “Networking remains critical to the legal industry, yet resource constraints make it more difficult than ever; Use of social networking sites has grown significantly over the past year, with three‐quarters of all counsel now reporting they are members of a social or professional network..” http://www.bespacific.com/mt/archives/022366.html#022366 Study here: http://www.leadernetworks.com/documents/Networks_for_Counsel_2009.pdf

- and -

EMPLOYERS GRAPPLING WITH SOCIAL NETWORK USE (CNET, 24 Sept 2009) - Social networking is on the rise, both on and off the job, leaving companies uncertain how to monitor their use by employees, reports new survey. More than 50 percent of companies questioned said they have no policy to address the use of social networking by employees outside the workplace, according to a survey released Wednesday by the Society of Corporate Compliance and Ethics and the Health Care Compliance Association. Typically, companies shy away from restricting an employee’s actions off the job. But businesses are concerned about employees who use social networking and reveal private details or post inappropriate pictures that could embarrass the company. Some organizations, such as the U.S. Marines, have already banned their recruits from using Facebook and Twitter. But the survey found that many businesses aren’t sure what to do to restrict or monitor such usage. Of the companies questioned in the survey, 34 percent said they have a general employee policy that addresses all online activity, including the use of social networking, both on and off the job. Only 10 percent said they have a policy specifically geared toward social networks. http://news.cnet.com/8301-10797_3-10360849-235.html [Editor: This is my area of concentration – see http://www.knowconnect.com/policies/ and the various articles and presentations available there.]

THE SUNLIGHT FOUNDATION NAMES APPS FOR AMERICA2 WINNERS (press release, 9 Sept 2009) - The Sunlight Foundation awarded Datamasher.org with the grand prize of $10,000 for Sunlight’s Apps for America 2: The Data.gov Challenge. Datamasher.org is a Web application designed by Forum One Communications that lets anyone—no programming background required—choose different government data sets and mash them up to create visualizations and compare results on a state by state basis. Clay Johnson, director of Sunlight Labs, announced the winners and distributed over $25,000 in awards late yesterday at the Gov 2.0 Expo hosted by O’Reilly Media and TechWeb. Sunlight created the Apps for America 2: The Data.gov Challenge to solicit creative Web applications based on the information available at Data.gov, the new central depository for government data created by Federal Chief Information Officer Vivek Kundra. It was inspired by the Sunlight’s commitment to use new tools to make the work of the federal government more transparent. The $5,000 second prize went to GovPulse, which allows viewers to quickly search the Federal Register in a variety of ways, including by agency or date. Sunlight awarded the third place award of $2,500 to ThisWeKnow.org, which lets users type in their zip code and get back a wealth of information about their neighborhood drawn from different agencies. Additionally, QuakeSpotter.org won the bonus prize of $2,500 for best data visualization. QuakeSpotter.org, a cross-platform desktop application shows where earthquakes are happening and matches that to mentions of the earthquake on the popular social network, Twitter. http://sunlightfoundation.com/presscenter/releases/2009/09/09/sunlight-names-apps-america2-winners/

- and -

WHITE HOUSE TAKES A BIG STEP INTO THE CLOUD WITH APPS.GOV (ArsTechnica, 21 Sept 2009) - “The Cloud” may not mean what you think it means, but the White House is hitching a ride on this fluffy bandwagon with Apps.gov. The site is essentially a White House-sanctioned App Store of social media services approved for government agencies, made possible largely because of some unique TOS amendments. Run by the US General Services Administration (GSA), Apps.gov arranges quite a few social media services under categories like Business, Productivity, Social Media, and Cloud IT, with the latter listing services like storage, Web hosting, and virtualization as “coming soon.” Almost every commercial and free service that you have (and have not) heard of is here, ranging from Facebook, Scribd, Vimeo, and Google Apps. The site also offers a market-speak crash course in the cloud’s advantages of reduced cost, less overhead, going green, and adopting modern technologies and trends more quickly. Agency representatives can learn about each service and, once logged in, submit a department request or purchase order. The entire process seems deceptively App Store-simple (at least the publicly accessible portion), especially since most of the red tape around adopting such services is summarized in the FAQs. In a way, the GSA is treating Apps.gov like high schools now treat Wikipedia: it’s OK to use as research springboard, but agencies should consult their respective higher powers before diving into the deep end. http://arstechnica.com/web/news/2009/09/white-house-takes-a-big-step-into-the-cloud-with-appsgov.ars?utm_source=microblogging&utm_medium=arstch&utm_term=Main%20Account&utm_campaign=microblogging

HHS AND FTC ISSUE RULEMAKINGS ON HITECH BREACH NOTIFICATION PROVISIONS (Sidley Austin, 9 Sept 2009) - The U.S. Department of Health and Human Services (“HHS”) and Federal Trade Commission (“FTC”) recently issued separate rules implementing the groundbreaking breach notification provisions of the Health Information Technology for Economic and Clinical Health Act (“HITECH”). HHS’ breach notification interim final rule applies to entities that meet the definition of “covered entity” or “business associate” under the privacy and security regulations promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). FTC’s breach notification final rule applies to entities – other than covered entities or business associates – that offer or maintain personal health records (“PHR vendors”), certain entities offering products or services through PHR Web sites or providing services to PHR vendors, and third-party service providers of such entities. Although HHS and FTC each stated that they consulted closely to harmonize the two rules, the agencies’ regulations contain at least two major differences. Under the HHS interim final rule, a reportable breach occurs only if there is a significant risk of harm to the individual. In contrast, the FTC final rule presumes unauthorized acquisition when there is unauthorized access to data unless the entity that discovers the incident can rebut the presumption with “reliable evidence” showing there has not been, or could not reasonably have been, unauthorized acquisition of such data. Additionally, the HHS interim final rule applies to protected health information (“PHI”) in any form (paper or electronic) whereas the FTC rule applies only to electronic information. The HHS and FTC rules take effect 30 days after publication in the Federal Register (September 23, 2009, for the HHS interim final rule with request for comments, and September 24, 2009, for the FTC final rule). Significantly, however, HHS and FTC have stated that they will not enforce the notification requirements for breaches that are discovered within 180 days from the date of publication in the Federal Register (February 22, 2010). http://www.sidley.com/files/News/7a96572a-07f5-4b1f-a20c-82d59fc159ce/Presentation/NewsAttachment/546dc18d-8ed9-4bf0-a4dc-8601afae4653/Healthcare_Privacy_Update_09.09.09.pdf#page=1 See also: http://www.steptoe.com/publications-6321.html

TIMES REPORTER BLOGS HIS OWN KIDNAPPING (Danger Room, 10 Sept 2009) - If you haven’t read it yet, go read New York Times At War blogger Stephen Farrell’s first-person account of his kidnapping by the Taliban — and the death of his Afghan colleague, Sultan Munadi. It’s heartbreaking stuff. But equally important, Farrell’s involuntary “embed” provides a glimpse of the insurgent organization in northern Afghanistan. With a keen eye for detail, Farrell notes everything from the Taliban’s operational security (abysmal), their equipment and financing (marginal) and their control of parts of Kunduz Province (near absolute). http://www.wired.com/dangerroom/2009/09/ny-times-reporter-blogs-his-own-kidnapping/

US COURT OF APPEALS FOR THE NINTH CIRCUIT ESTABLISHES PROTOCOLS FOR SEARCHES OF ELECTRONICALLY STORED INFORMATION (Mayer Brown, 10 Sept 2009) - The long-running BALCO steroid investigation that led to the indictment of Major League Baseball (MLB) star Barry Bonds has resulted in a potentially landmark decision related to the manner in which government agents apply for and execute search warrants for electronically stored information (ESI). In United States v. Comprehensive Drug Testing, Inc., No. 15-10067 (9th Cir. Aug. 26, 2009), the en banc Ninth Circuit affirmed a lower court ruling ordering the government to return an overbroad set of electronic data seized under a search warrant. This decision will force the Department of Justice to adjust its procedures for using ESI search warrants—a common tool for gathering evidence—in the midst of the government’s recent efforts to step up enforcement of federal laws. http://www.mayerbrown.com/publications/article.asp?id=7498&nid=6

COURT RULES OVERSTOCK CAN’T ENFORCE ‘BROWSEWRAP’ AGREEMENT (OnlineMediaDaily, 14 Sept 2009) - A federal judge has ruled that Internet retailer Overstock can’t enforce the mandatory arbitration agreement set out in its online terms and conditions because there is no evidence that consumers read the policy. The ruling, issued last week by U.S. District Court Judge Sterling Johnson, Jr., grew out of a dispute about a restocking fee between customer Cynthia Hines and the online retailer. Hines sued Overstock for charging her a $30 fee after she returned a vacuum cleaner. Overstock countered that the case should not be in court because the site’s terms and conditions provided for mandatory arbitration. A link at the bottom of Overstock’s home page took visitors to a page that spelled out those terms. But Johnson found that the “browsewrap” agreement did not adequately notify Hines about the provision. Hines “lacked notice of the terms and conditions because the website did not prompt her to review the terms and conditions and because the link to the terms and conditions was not prominently displayed,” he wrote. “When courts think something is so important that a consumer might not have purchased if the details of the deal were more visible, they will impose a higher bar to ensure users are informed,” Jules Polonetsky, co-chair and director of the think tank Future of Privacy Forum, said in an email to Online Media Daily. Polonetsky adds that the Overstock ruling is “in sync with thinking at the FTC and on the Hill, where increasingly the view is that behavioral advertising matters enough to users that sites need to be truly up front about it.” http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=113404 See also http://newmedialaw.proskauer.com/2009/09/articles/contracts/arbitration-provision-unenforceable-where-online-retailers-link-to-browsewrap-terms-and-conditions-was-not-prominently-displayed/

SEYFARTH SHAW SAYS SIX SIGMA METHOD HAS CUT CLIENT FEES BY UP TO 50% (ABA Journal, 14 Sept 2009) - Seyfarth Shaw has embraced Six Sigma to such an extent that press releases announcing lawyer promotions or additions extol its virtues. The law firm even has a name for its Six Sigma approach: SeyfarthLean. Six Sigma emphasizes rigorous measuring and perfecting of processes, but also can squelch innovation, according to critics. Many companies that can’t afford to cut any more employees are embracing Six Sigma in an effort to improve the bottom line, Business Week reports. Seyfarth managing partner Stephen Poor is a believer, as is Robert Reynolds Jr., a lawyer joining the firm from Alston & Bird who labeled the firm’s Six Sigma accomplishments “extraordinary” in a press release. Poor called Six Sigma Poor “a very powerful tool” in a Business Week interview. Seyfarth says on its website that it is using Six Sigma to eliminate inefficiencies that can push legal bills higher, resulting in cost savings to clients ranging from 13 percent to 50 percent. In an e-mail interview with the ABA Journal, Poor didn’t name a specific client that has saved 50 percent on legal bills. Instead, he mentioned a “summary judgment project” at the law firm that eliminated inefficiencies and bottlenecks, “resulting in a 50 percent savings from the usual costs.” Poor told the ABA Journal that Seyfarth uses its tailor-made version of Six Sigma to set prices for legal work in a collaborative process with clients. As an example of Six Sigma in action, he points to the law firm’s efforts to work with 7-Eleven in its quest to ramp up store openings. Seyfarth helped by developing processes to “reduce cycle time” for store leases. Using Six Sigma, the law firm introduced “consistency, standardization, quality control [and] efficiency” into the process. http://www.abajournal.com/weekly/seyfarth_shaw_says_six_sigma_has_cut_client_fees_by_up_to_50_percent [Editor: Bah! This seems like simple process-control, such as practiced by most real businesses for 15 years. For example, BP did something similar in routinizing the creation of retail service stations in Asia in the middle 1990s. Knowledge Management processes yield even better results, but are nearly impossible to deploy in law firm cultures. The “news” here is that it’s taken law firms so long to take such baby-steps.]

FIVE MAJOR RESEARCH UNIVERSITIES ENDORSE OPEN-ACCESS JOURNALS (Chronicle of Higher Ed, 14 Sept 2009) - In an effort to support alternatives to traditional scholarly publishing, five major research universities announced their joint commitment to open-access journals on Monday. The institutions—Cornell University, Dartmouth College, Harvard University, the Massachusetts Institute of Technology, and the University of California at Berkeley—signed a compact agreeing to the “timely establishment” of mechanisms for providing financial support for free open-access journals. While conventional journals require institutions to pay subscription fees to access articles, open-access publications make their material free to the public, thus aiding libraries forced to cut back during difficult financial times, officials at the universities believe. John M. Saylor, associate university librarian for scholarly resources and special collections at Cornell, says it is a much healthier research environment when the financial burden is taken off the reader and everyone has access to the same research. Mr. Saylor says, however, that the challenge now is to develop a system that pays for the operation of journals that give away the store. “We just don’t know if it’s going to be too expensive,” he said. http://chronicle.com/blogPost/5-Major-Research-Universities/8042/

- and -

HIGHER ED. AND TED (InsideHigherEd, 16 Sept 2009) - TED talks pose all sorts of challenges and opportunities for those of us in higher education. The quality of the freely available content gives lie to the notion that the best lectures occur within the gates of academe. The format of the talks can teach us a thing or two about the optimal length, timing, pace and content of the lecture. And the conversations around the online lectures remind us that the degree to which learning is social. Perhaps the biggest lesson from http://www.ted.com/ for learning technology is the method in which TED makes its videos available to the world. Two characteristics of the TED media strategy stand out:
1. TED talks are released under the Creative Commons license. http://www.ted.com/index.php/help#talks5 The Creative Commons variant that TED chooses allows the videos to be freely shared and reposted. The license does not allow TED talks to be remixed. This strategy strikes a good balance between facilitating the diffusion of the content while protecting the integrity of the narrative. Institutions of higher education should follow this strategy for as much of the content produced on campus as possible, with Creative Commons permissions included in all (taped) speaker release forms.
2. TED talks are made available in multiple formats, including a streaming version, video to desktop (MP4) and video to ITunes (MP4). Embed code is always provided to allow the reposting of the talks. The multiple formats encourage the audience to download and consume the media on the device that is most convenient. I download TED talks to iTunes and copy them over to my iPod touch. Having TED talks on a mobile platform allows the viewing of these talks when I have a few free moments and in small chunks. http://www.insidehighered.com/blogs/technology_and_learning/higher_ed_and_ted [Editor: the TED talks are generally quite good: http://www.ted.com/]

- and -

FROM IVORY TOWER TO IRON BARS: SCIENTISTS RISK JAIL TIME FOR VIOLATING EXPORT LAWS (Danger Room, 17 Sept 2009) - John Reece Roth never thought he’d be going to prison for his research on plasma physics. But that’s precisely where the 72-year old University of Tennessee professor will likely spend the next four years. Roth was sentenced last month for sharing his research with foreign graduate students and taking a laptop with his research to China. Along with his university research, he was working on an unclassified contract from the U.S. Force looking at ways to reduce drag on drones using plasma actuators. The case has been closely watched by university professors working in areas that deal with controlled technical information, particularly satellite technology, which is classified as a munition. As I write in a recent article for Nature (apologies, behind a paywall): “Concerns over prosecution have even led some academics to self-censor when teaching, particularly in the area of satellites, which have been under the control of the state department since 1999. That shift, which was prompted by a satellite manufacturer illegally sharing technical data with China about the failure of a Long March rocket, had an immediate effect on university work in the area. “There are things I was once comfortable talking about in class, and I’m not comfortable with anymore,” says Thomas Zurbuchen, a professor of space science and aerospace engineering at the University of Michigan in Ann Arbor.” It’s a difficult subject: many people I interviewed felt Roth showed blatant disregard for the law — he was warned his work fell under the State Department’s munitions list — but they expressed deep frustration with the ambiguity of the laws. Clif Burns, a lawyer at Bryan Cave, who contributes to the equally amusing and educational Export Law Blog, believes the Roth case is an anomaly — at least so far. Burns also told me that part of Roth’s particular problem was that he was sharing research with graduate students from the two countries of most concern to the United States: China and Iran. http://www.wired.com/dangerroom/2009/09/from-ivory-tower-to-iron-bars-academics-risk-jail-time-for-violating-export-laws/

- and -

THE MOBILE CAMPUS (InsideHigherEd, 21 Sept 2009) - Last fall, Abilene Christian University gave out free iPhones or iPod Touches to its first-year undergraduates as part of an attempt by the Texas college to transform its campus into a 200-acre Petri dish for studying the intersection of mobile technology and higher education. Now, the reviews from the first year of the experiment are in — and they are glowing. In the university’s 2008-2009 Mobile-Learning Report — a 24-page glossy prepared for the university’s board of trustees — Scott Perkins, a psychology professor and director of research for the mobile initiative, writes that “iPhones present a more attractive platform for learning” than current classroom tools, and “learning activities can be successfully transitioned to mobile-device platforms.” Furthermore, 89 percent of students and 87 percent of faculty polled called the program successful. The Abilene Christian project has been viewed by some as a gimmick, similar to Duke University’s widely publicized 2004 decision to give each member of its incoming class an iPod -- a program it quickly changed to encompass only certain students, then changed again to a partially subsidized purchase opportunity. Although Rankin said he thinks the Duke experiment was a success, it left many stones unturned. “Duke gave out the devices like they were sowing seeds in a field,” Rankin said, “saying, ‘Let’s see who does something with them.’” Abilene Christian’s approach is more active: Give students the mobile devices, then have professors integrate the machines and their tools into the way courses are taught, and measure the changes. Chemistry instructor Cynthia Powell, for example, created a special section of 25 iPhone users to whom she delivered laboratory preparation and safety lectures via podcast, rather than giving them in the classroom. Then she tracked the performance of that section relative to her 109 other students in the five categories she uses to determine grades. While the higher scores of the mobile group were not outside the substantial margin of error, Perkins said the mere fact that there was no decrease in score was evidence that such instruction “can transition to a mobile platform with no loss in student mastery of content.” http://www.insidehighered.com/news/2009/09/21/iphones

- and -

A LIBRARY ADDRESS (InsideHigherEd, 24 Sept 2009) - One of the best things about my job in learning technology is that I get to work in a library. How many of you have your physical offices inside your campus library? The future, I believe, will be the intermingling and merging of the academic library and academic technology disciplines. Even if academic technology and academic library services remain organizationally independent, our daily work and strategic goals will become increasingly intertwined. EDUCAUSE has a great page of resources on IT-Library Mergers -- and I’d appreciate any pointers folks have around best practices in collaboration. 5 of the best things about having an office inside the college library: * * * http://www.insidehighered.com/blogs/technology_and_learning/a_library_address

AIRPLANE LIQUID BOMBERS (CryptoGram, 15 Sept 2009) - Perfectly legal (obtained with a FISA warrant) NSA intercepts used to convict liquid bombers.
http://www.schneier.com/blog/archives/2009/09/nsa_intercepts.html
The BBC has a video demonstration of a 16-ounce bottle of liquid blowing a hole in the side of a plane. I know no more details than what’s in the video.
http://news.bbc.co.uk/2/hi/uk_news/7536167.stm [Editor: very, very impressive detonation. I’m convinced.]

SEARS TOLD TO DESTROY DATA GATHERED BY ONLINE TRACKING SOFTWARE (The Register, 16 Sept 2009) - US retailer Sears has been ordered to destroy all the customer data it collected from a piece of online tracking software that consumer regulator the Federal Trade Commission (FTC) said was unfairly used. The FTC said that while customers had been warned that, once downloaded, software would track their browsing, it had in fact tracked browsing on third party websites, secure browsing including banking and transactions and even some non-internet computer activity. “The FTC charged… that the software also monitored consumers’ online secure sessions – including sessions on third parties’ Web sites – and collected consumers’ personal information transmitted in those sessions, such as the contents of shopping carts, online bank statements, drug prescription records, video rental records, library borrowing histories, and the sender, recipient, subject, and size for web-based e-mails,” said an FTC statement. Sears has been ordered to make notification of any future tracking clearer, and to delete all the information gathered through the use of the software. “Only in a lengthy user license agreement, available to consumers at the end of a multi-step registration process, did Sears disclose the full extent of the information the software tracked,” said an FTC statement. “The [FTC] complaint charged that Sears’s failure to adequately disclose the scope of the tracking software’s data collection was deceptive and violates the FTC Act.” Sears, which owns KMart, has settled the case with the FTC, the regulator said. Sears paid some visitors to sears.com and kmart.com $10 to participate in a scheme to monitor their browsing via “research software”. The full extent of the monitoring was only made clear in a long user agreement visible after the downloading of the software. Sears has agreed to tell users more clearly and prominently what activity will be recorded, and to do so before any software is downloaded. The case resulted from an administrative complaint from the FTC itself. http://www.theregister.co.uk/2009/09/16/sears_to_destroy_tracking_software_data/ FTC’s Order here: http://www.ftc.gov/os/caselist/0823099/090604searsdo.pdf

GOVT REVIEW: NO PRIVACY PROBLEMS IN CYBER SECURITY (Washington Post, 18 Sept 2009) - The Justice Department has concluded that a beefed-up surveillance program that monitors federal employees’ Internet traffic does not violate their rights or those of private citizens who communicate with them. But the review of the Einstein 2 program was limited and leaves important questions unanswered, said the vice president of an Internet freedom watchdog group. Einstein 2 is a second-generation automated program designed to detect cyber attacks on government computer networks. The review, completed last month and released Friday, said the system addresses potential privacy concerns by warning employees when they log in that their communications may be monitored. Such warnings “eliminate federal employees’ legitimate expectations of privacy” on government computers, acting Assistant Attorney General David J. Barron wrote. http://www.washingtonpost.com/wp-dyn/content/article/2009/09/18/AR2009091802905.html

NATIONAL SECURITY THREATS IN CYBERSPACE - A WORKSHOP REPORT (ABA’s Standing Committee on Law & National Security, 21 Sept 2009) - The last few years have seen a remarkable surge in the degree of concern publicly expressed by government officials regarding “national security threats” in cyberspace. The Bush Administration began development of a Comprehensive National Cybersecurity Initiative (CNCI) in January 2008. The Obama Administration has followed with a Cyberspace Policy Review and a promise to appoint a “Cyber Czar” to coordinate a federal government response. Funding for initiatives to protect the cyber domain is likely to increase significantly. The ferment of ideas is substantial, even by Washington “crisis” standards. Some question whether a threat exists at all while others deem the threat existential. Novel issues of policy and law surface on an almost daily basis as technological innovation runs headlong forward, leaving policy‐makers and concerned legislators trailing in its wake. As the United States continues the development of its cybersecurity policy, the time is ripe for reflection and an examination of first principles. To that end the American Bar Association Standing Committee on Law and National Security, the McCormick Foundation, and the National Strategy Forum sponsored a two‐day workshop in Annapolis, Maryland on June 4‐5, 2009. The workshop brought together more than two dozen experts with diverse backgrounds: physicists; telecommunications executives; Silicon Valley entrepreneurs; Federal law enforcement, military, homeland security, and intelligence officials; Congressional staffers; and civil liberties advocates. For those two days they engaged in an open‐ended discussion of cyber policy as it relates to national security. The discussion was under Chatham House Rules – their comments were for the public record, but they were not for attribution. Full report here: http://www.abanet.org/natsecurity/threats_%20in_cyberspace.pdf [Compare, good article on the exaggerated fears of cyberwar: http://bostonreview.net/BR34.4/morozov.php]

GOOGLE CONFIRMS THAT KEYWORD METATAGS DON’T MATTER (Eric Goldman’s blog, 22 Sept 2009) - Few Internet technologies have horked [sic] cyberlaw as much as keyword metatags. Back in the 1990s, some search engines indexed keyword metatags, which encouraged some websites to stuff their keyword metatags as a way of gaming the rankings. Judges took a dim view of this practice, largely because the surreptitious nature of keyword metatags seemed inherently sinister, regardless of their efficacy. In the interim, search engines wizened up. Some search engines stopped indexing keyword metatags, and others greatly diminished the credit they assigned to keyword metatags. As a result, for the better part of this century, keyword metatags have had either zero or de minimis effect on search engine placement. However, the anti-keyword metatag legal doctrines developed in the 1990s have persisted, even as the technology changed. Although occasionally judges have gotten it right (see, e.g., Standard Process v. Banks). most courts still treat the presence of a third party trademark in keyword metatags as essentially a per se trademark infringement--even if the keyword metatags didn’t (and couldn’t) change the search results ordering or any consumer’s behavior. For a quick sense of the ridiculous state of keyword metatag jurisprudence, take a look at my recent blog posts on the topic. The current state of nature has put keyword metatag defendants in a bind. On the one hand, the law treats the inclusion of third party trademarks as per se trademark infringement. On the other hand, everyone in the industry knows they are irrelevant but search engines have been less than forthcoming about the components of their search engine algorithms, leaving scanty citable material to support that proposition. And judges, deciding between the weight of a dozen years of anti-keyword metatag legal precedence and not-from-the-horse’s-mouth assessments of keyword metatag efficacy, not surprisingly continue to stick with the outdated legal precedent. This makes Google’s announcement yesterday so exciting. Google’s star techie Matt Cutts says in plain language that Google’s core search algorithm ignores keyword metatags. This isn’t news in the sense that we’ve known this about Google for years, but I believe this is Google’s first public confirmation of keyword metatag’s irrelevancy. Matt’s short video clip goes so far to tell trademark owners to quit suing over keyword metatags. Amen! http://blog.ericgoldman.org/archives/2009/09/google_confirms.htm

- and -

EU ADVISER: GOOGLE ADS DON’T INFRINGE TRADEMARKS (SiliconValley.com, 22 Sept 2009) - A European Union court adviser said Tuesday that Google does not violate luxury goods makers’ trademarks when it sells brand names as search keywords that trigger its lucrative advertisements. The adviser’s legal opinion will now be studied by judges at the European Court of Justice, which has been asked to tell a French appeals court how to apply EU trademark law in a dispute between Google and several French luxury goods companies over the Internet search engine’s ad system. Although Maduro’s recommendation is nonbinding, legal adviser opinions are followed by the court in about 80 percent of cases. Google has been repeatedly sued for trademark violations in courts around the world, and it generally prevails or settles cases without changing its practices. In the United States and most other countries, Google typically accepts trademarks used as those keyword triggers, but it places limits on what can appear in ads themselves. But in many European countries, including France, Italy and the Netherlands, Google does restrict the use of trademarks as keywords. It will typically strike ads, however, only after receiving a complaint from the trademark owner and conducting a review. The EU court adviser said neither Google nor advertisers are at fault for initially placing or accepting an ad using a brand keyword. Google isn’t to blame either for displaying the keyword ads because Maduro said a keyword linking to a site isn’t likely to lead customers into mistaking a brand name item for a counterfeit. But users are likely to make decisions when they see the content of the ad or visit the advertised sites — and the adviser warns that Google may be held liable for the ad content. That could potentially lead to Google facing legal action in national courts if brand owners could prove that such an ad damaged sales of genuine goods. http://www.siliconvalley.com/news/ci_13393205?nclick_check=1

FEDERAL COURTS NOW OFFER HEARINGS ONLINE AS MP3 FILES (ArsTechnica, 23 Sept 2009) – US federal courts are in the midst of a fascinating pilot program that could eventually bring MP3 digital audio recordings of court proceedings in a Montana federal building to an investigative journalist working in Boca Raton. The courts already run the PACER system, which offers Public Access to Court Electronic Records. Theses are generally PDF copies of all documents (except those under seal) filed in federal courts across the country. As a tool, it’s an amazing time and money saver for lawyers, journalists, and the public, despite the 8¢ per page charge for most documents which has proved controversial. These documents include the complaints that launch lawsuits and the procedural motions along the way, but what actually happens when lawyers get in front of the judge? If you want to know, you generally have to get yourself down to a particular courtroom in a particular courthouse in a particular state at a particular time. Quite a primitive system, especially when one considers that many such proceedings are already recorded digitally and made available (on audio CD) to anyone who treks down to a courthouse and hands over $26. The pilot program, run by the Administrative Office of the federal courts, began in late 2007 and has been extended through the end of 2009. It allows judges, at their sole discretion, to upload these audio files into the PACER system, where they can be downloaded for... 16 cents each. The files generally go up within 24 hours, so lawyers and journalists who truly need to follow a case as it happens still need to get themselves down to court. But for everyone else, these trial recordings are a fantastically convenient, cheap way to follow legal proceedings across the country. Nine courts are currently testing the technology, including US District Courts in Nebraska and the Eastern District of Pennsylvania. While the availability of such recordings sounds like an incredible step forward, problems have arisen. Criminal hearings are not covered by the pilot program at the moment, due to worries that it could expose sensitive witnesses, and judges have to make sure that private information such as Social Security numbers, dates of birth, and the names of children are not said aloud in court. Also, all-day court proceedings simply generate files that are too large; the Administrative Office has decided to break such recordings into morning and afternoon sessions. http://arstechnica.com/tech-policy/news/2009/09/federal-courts-now-offer-hearings-online-as-mp3-files.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

- and -

IF THE ARMY CAN PUT ITS DOCTRINE UP ON A WIKI, YOU’VE GOT NO EXCUSE (Nancy Dixon, 23 Sept 2009) - A few weeks ago I had the privilege of watching an astounding event - a room full of Soldiers typing Army doctrine onto a wiki so that Soldiers in the field could make changes as they were discovering new and better tactics in the midst of fighting a war. There were a couple of amazing things about this event. One was that it was happening at all, because to the Army, doctrine is close to sacred. It is written by doctrine specialists and then verified and authenticated at many levels within the hierarchy. So opening doctrine up to Soldiers is a very big deal. The second amazing thing was how quickly it happened – just three weeks after the General said, “Make it happen.” the first eight manuals went up. A hierarchical organization, of one million plus employees, just shouldn’t be able to move that fast! But let me begin at the beginning of the story… http://www.nancydixonblog.com/2009/09/if-the-army-can-put-its-doctrine-up-on-a-wiki-youve-got-no-excuse.html

3RD CIRCUIT SAYS CORPORATIONS MAY TAKE INFO REQUESTS ‘PERSONALLY’ (Law.com, 24 Sept 2009) - Lawyers for AT&T have won a court battle with the Federal Communications Commission that turned on a question largely of semantics -- whether corporations are entitled to assert claims of “personal” privacy. In an appeal before the 3rd U.S. Circuit Court of Appeals, the FCC argued that when Congress crafted the exemptions clauses of the Freedom of Information Act, it intended the phrase “personal privacy” to extend only to human beings. But AT&T begged to differ, arguing that the FOIA specifically defines the term “person” to include corporations, and therefore that “Congress’s choice of the adjectival form of that word -- ‘personal’ -- should be understood to refer to that definition.” By contrast, AT&T argued, “where Congress intends to refer to natural persons and to exclude corporations -- both in the FOIA itself and in the closely related Privacy Act of 1974 -- it uses the term ‘individual.’” Now the 3rd Circuit has ruled that AT&T’s lawyer, Colin S. Stretch of Kellogg Huber Hansen Todd Evans & Figel in Washington, D.C., had the better argument, and that the FCC was therefore wrong to block AT&T from invoking the personal privacy protections in FOIA Exemption 7(C). http://www.law.com/jsp/article.jsp?id=1202434019429&rss=newswire&hbxlogin=1

**** DIFFERENT ****
HORRIFICALLY BAD SOFTWARE DEMO BECOMES PERFORMANCE ART (ArsTechnica, 23 Sept 2009) - For software developers, live product demonstrations are a way of life, and that means that “live product demos gone horribly awry” are also a fact of life. But what if the world’s most disastrous software demo was faked, foisted on a set of unsuspecting computer science students as a piece of performance art? That thought is what led University of California-San Diego student Tristan Newcomb to produce a half-hour of surreptitious theater that he calls “The Last Lecture.” Students stare at the stage in disbelief, amusement, and horror as a software developer comes to class with his two assistants and proceeds to demonstrate a new videogame in spectacular fashion—software crashes, lag problems, puppet videos, and falling computers all coincide with the presenter’s personal breakdown in which he questions his life’s work and worries ceaselessly about his death (a death in which no Kermit the Frog will welcome him to the afterlife). Only after 30 minutes of increasingly bizarre personal confessions and technical glitches is the gag revealed; credits suddenly begin to scroll up the gigantic demonstration screen at the front of the classroom. The audience slowly realizes that it has been watching not a software demonstration, but a half-hour prerecorded video fronted by three actors. http://arstechnica.com/web/news/2009/09/horrifically-bad-software-demos-become-performance-art.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss This “Last Lecture” is here: http://www.lumalin.com/lumalin_films/last_lecture.php [Editor: at least he’s not using a Macintosh. The first 5 minutes are painful, but the guy falling off the cliff at 15m10s is priceless; what a wonderful waste of time.]

**** COMMENTARY ****
FROM MAC PORTABLE TO MACBOOK PRO: 20 YEARS OF APPLE LAPTOPS (ArsTechnica, 21 Sept 2009) - 20 years ago, Apple introduced its first portable Mac—we hesitate to say laptop because of its size—the Macintosh Portable. Ars looks back at some of the best Mac laptops to come out of Cupertino over the past two decades—and a couple of clunkers. http://arstechnica.com/apple/news/2009/09/from-portable-to-pro-best-mac-laptops-of-the-past-20-years.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss [Editor: looking at these is a trip down memory lane (with some nightmares) – I’ve owned most of the machines pictures (plus a half-dozen PCs).]

**** LOOKING BACK - MIRLN TEN YEARS AGO ****
READING THE FINE PRINT: YAHOO INADVERTENTLY THREATENS CONTENT COPYRIGHT -- The fine print in the terms of service agreement Yahoo posted to GeoCities (a web page hosting service) members last week seemed to indicate that Yahoo held the copyright for all their site content. Angry members emailed Yahoo. The company issued a clarifying statement saying it never intended to usurp content copyright. Other web page hosting services have similar clauses in their terms of service agreements. Yahoo purchased GeoCities in January of this year. http://www.sjmercury.com/svtech/news/breaking/merc/docs/083171.htm

************** NOTES **********************
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln.

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. BNA’s Internet Law News, http://ecommercecenter.bna.com.
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
7. McGuire Wood’s Technology & Business Articles of Note, http://tinyurl.com/ywsusp
8. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/.
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

Saturday, September 05, 2009

MIRLN --- 16 August – 5 September 2009 (v12.12)

• Internet Materials in Opinions: Citations and Hyperlinking
• Judge Strikes Down La. Restrictions on Lawyer Internet Ads
• Firefox Plug-In Frees Court Records, Threatens Judiciary Profits
• Second Life’s Economy Nearly Doubles
• U.C. Professors Seek Changes to Google Books Deal
• FCC Launches a Blog, Joins Twitter Stream
• FTC Finalizes Rules on Health Care Breach Disclosure
• E-Discovery Fears May Explain Why Recession Didn’t Spur Litigation
• Teaching the Quarantined
• Massachusetts Modifies its New Information Security Rules for Businesses and Extends the Compliance Deadline Again
• 45% of Employers Now Screen Social Media Profiles
• D.C. Appeals Court Adopts Five-Step Inquiry for Unmasking Anonymous Internet Speakers
• Forcing Employee to Provide Access to Password-Protected Website Violates SCA
• Judge: Defunct Airport Fast Pass Company Can’t Sell Customer Data
• Federal Agencies Pursue Cybersecurity Common Ground
o DHS and Information Technology Sector Coordinating Council Release Information Technology Sector Baseline Risk
• Cyber-Attack Strategy: Part of Russian Attack on Georgian Pipelines, Report Finds
• Court Rules U.S. Seized 2003 Tests Improperly
• Dozens of Judges are Getting LinkedIn, Blogger Notes
• Tighter Oversight on Border Laptop Searches
o Protect Your Laptop Data from Everyone, Even Yourself
• For Intelligence Officers, a Wiki Way to Connect Dots
• Augmented Reality Comes to the iPhone
• The Government Domain: Tracking Congress 2.0
• Harvard's Dash for Open Access
• Online Terms Presented with Three Blue Hyperlinks are Conspicuous, Conscionable
• Fox Adds On-Air Tweets to `Fringe' Reruns

NEWS | PODCASTS | LOOKING BACK | NOTES

**** NEWS ****
INTERNET MATERIALS IN OPINIONS: CITATIONS AND HYPERLINKING (U.S. Courts, July 2009) - The Judicial Conference has issued a series of “suggested practices” to assist courts in the use of Internet materials in opinions. The recommendations follow a pilot project conducted by circuit librarians who captured and preserved webpages cited in opinions over a six-month period. The Internet often seems to pervade everyday life, giving us answers, matches, recommendations, definitions, and citations. But the information on the Internet can be as ephemeral as yesterday’s blog entry. Websites can change or disappear altogether. “Judges are citing to and using Internet-based information in their opinions with increasing frequency,” Judicial Conference Secretary Jim Duff wrote recently to chief judges. “Unlike printed authority, Internet information is often not maintained at a permanent location, and a cited webpage can be changed or deleted at any time. Obviously, this has significant implications for the reliability of citations in court opinions.” The Judicial Conference Committee on Court Administration and Case Management (CACM) began the pilot project, conducted by circuit libraries, and received and endorsed the recommendations of an ad hoc working group of circuit librarians. In approving those recommendations in March 2009, the Judicial Conference agreed that all Internet materials cited in final opinions be considered for preservation, while each judge should retain the discretion to decide whether the specific cited resource should be captured and preserved. The Conference directed the Administrative Office to work with the CACM Committee to develop guidelines “to assist judges in making the determination of which citations to preserve.” The guidelines suggest that, if a webpage is cited, chambers staff preserve the citation by downloading a copy of the site’s page and filing it as an attachment to the judicial opinion in the Judiciary’s Case Management/Electronic Case Files System. The attachment, like the opinion, would be retrievable on a non-fee basis through the Public Access to Court Electronic Records system. When considering whether to cite Internet sources, judges are reminded that some litigants, particularly pro se litigants, may not have access to a computer. http://www.uscourts.gov/ttb/2009-07/article09.cfm?WT.cg_n=TTB&WT.cg_s=July09_article09_newsroom [Editor: There are two interesting studies/projects that speak to link rot and the need for preservation. One is the Chesapeake Project:
http://www.legalinfoarchive.org/. The other was a study done by a librarian in Washington: Ching, Tina. “The Next Generation of Legal Citations: A Survey of Internet Citations in the Opinions of the Washington Supreme Court and Washington Appellate Courts, 1999-2005″ http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1305277. The ABA’s Catherine Sanders Reach participated in a related program discussion earlier this month -- http://www.abanet.org/tech/ltrc/presentations/authentication.pdf]

JUDGE STRIKES DOWN LA. RESTRICTIONS ON LAWYER INTERNET ADS (ABA Journal, 4 August 2009) - A federal judge has upheld most of the new restrictions on advertising by Louisiana lawyers, but struck down two rules regulating Internet advertising. U.S. District Judge Martin Feldman said Louisana’s Internet restrictions don’t account for differences between ads online and those in traditional media such as television, the Associated Press reports. “The Internet presents unique issues related to advertising, which the state simply failed to consider in formulating this rule,” Feldman wrote in his opinion. As a result, the Internet ad restrictions violate the First Amendment, he ruled. Feldman upheld most other restrictions, saying the state can regulate ads that promise results, portray a judge or jury, or use client testimonials, according to AP. The Wolfe Law Group had challenged the Internet rules, claiming they would restrict the firm’s right to comment on Twitter, Facebook, online bulletin boards and blogs. The firm also argued the rules would subject each of the firm’s online posts to a cost-prohibitive evaluation and $175 fee. The law firm had provided an example: It spent $160 on 12 different Google pay-per-click ads over a three-month period; the cost of the ad review would have been about $2,100. Name partner Scott Wolfe Jr. said in a press release that Feldman’s ruling is important to lawyers who advertise online. “The court not only noted that states must have a reason to regulate Internet speech, but it also recognized that the Internet media is different from broadcast media, and is entitled to unique protection,” he said. http://www.abajournal.com/news/judge_strikes_down_la._restrictions_on_lawyer_internet_ads

FIREFOX PLUG-IN FREES COURT RECORDS, THREATENS JUDICIARY PROFITS (Wired, 14 August 2009) - Access to the nation’s federal law proceedings just got a public interest hack, thanks to programmers from Princeton, Harvard and the Internet Archive, who released a Firefox plug-in designed to make millions of pages of legal documents free. Free as in beer and free as in speech. The Problem: Federal courts use an archaic, document-tracking system known as PACER as their official repository for complaints, court motions, case scheduling and decisions. The system design resembles a DMV computer system, circa 1988 — and lacks even the most basic functionality, such as notifications when a case gets a new filing. But what’s worse is that PACER charges 8 cents per page (capped at $2.40 per doc) and even charges for searches — an embarrassing limitation on public access to information, especially when the documents are copyright-free. The Solution: RECAP, a Firefox-only plugin, that rides along as one usually uses PACER — but it automatically checks if the document you want is already in its own database. The plug-in’s tagline, ‘Turning PACER around,’ alludes to the fact that its name comes from spelling PACER backwards. RECAP’s database is being seeded with millions of bankruptcy and Federal District Court documents, which have been donated, bought or gotten for free by open-government advocate Carl Malamud and fellow travelers such as Justia. And if the document you request isn’t already in the public archive, then RECAP adds the ones you purchase to the public repository. The plug-in was released by Princeton’s Center for Information Technology Policy, coded by Harlan Yu and Tim Lee, under the direction of noted computer science professor Ed Felten. http://www.wired.com/threatlevel/2009/08/firefox-plug-in-frees-court-records-threatens-judiciary-profits/

SECOND LIFE’S ECONOMY NEARLY DOUBLES (NPR, 14 August 2009) - I don’t know how I missed this key, crucial and totally critical piece of news: The economy in Second Life has grown by 94 percent over the past 12 months, with activity that equates to $144 million in the second quarter. Granted, the real people and their groovy avatars in the 3D virtual reality world are trading in Linden dollars, except when they’re not, like the woman who made a million U.S. dollars selling virtual real estate. Beam me up, I guess. Oh, wait -- wrong world. http://www.npr.org/blogs/money/2009/08/second_lifes_virtual_economy_g.html?sc=nl&cc=pmb-20090814

U.C. PROFESSORS SEEK CHANGES TO GOOGLE BOOKS DEAL (New York Times, 17 August 2009) - A group of prominent faculty representatives from the University of California, one of Google’s earliest and closest allies in its plan to digitize books from major libraries, is the latest to raise concerns about important aspects of a high-profile class-action settlement between Google and groups representing authors and publishers. The professors include members of the university’s Academic Council (the executive committee of the much larger Academic Senate) as well as the chair of the Academic Senate’s Committee on Libraries and Scholarly Communication. Their views suggest something of a break between representatives of the university’s faculty and its administration, which has endorsed the settlement. But the group also suggests that the Authors Guild, which sued Google for copyright infringement over its scanning project and played a central role in negotiating the settlement, did not appropriately represent the interests of academic authors, many of whom want their works to be widely accessible. “We are concerned that the Authors Guild negotiators likely prioritized maximizing profits over maximizing public access to knowledge, while academic authors would have reversed those priorities,” the group wrote. “We note that the scholarly books written by academic authors constitute a much more substantial part of the Book Search corpus than the Authors Guild members’ books.” However, the group does not oppose the settlement, but rather suggests a number of changes to address its concerns. http://bits.blogs.nytimes.com/2009/08/17/uc-professors-seek-changes-to-google-books-deal/

FCC LAUNCHES A BLOG, JOINS TWITTER STREAM (GigaOm, 18 August 2009) - The Federal Communications Commission is looking to overhaul itself, hiring more technically astute people and entrepreneurs. It’s also trying to become an agency for the people, and as part of that attitude change, has launched a blog: Blogband. In a press release (and the first blog post) FCC Chairman Julius Genachowski wrote: “To foster public dialogue about the National Broadband Plan, we’re tapping the power of the Internet to launch a new FCC blog…Blogband will keep people up-to-date about the work the FCC is doing and the progress we’re making. But we want it to be a two-way conversation. The feedback, ideas, and discussions generated on this blog be critical in developing the best possible National Broadband Plan.” http://gigaom.com/2009/08/18/fcc-blog-twitter-fccdotgov/

FTC FINALIZES RULES ON HEALTH CARE BREACH DISCLOSURE (DarkReading, 18 August 2009) - The Federal Trade Commission yesterday issued a final rule that will require Web-based businesses to notify consumers when the security of their electronic health information has been breached. The new rule was put into place by Congress as part of the American Recovery and Reinvestment Act of 2009. The rule applies to both vendors of personal health records “ which provide online repositories that people can use to keep track of their health information “ and entities that offer third-party applications for personal health records. Many organizations that offer these types of services are not subject to the privacy and security requirements of the Health Insurance Portability and Accountability Act (HIPAA), the FTC explained. Under the Recovery Act, the Department of Health and Human Services has been assigned to conduct a study and report by February 2010 on potential privacy, security, and breach-notification requirements for vendors of personal health records and related entities that are not subject to HIPAA. In the meantime, the Recovery Act requires the FTC to issue a rule requiring these entities to notify consumers if the security of their health information is breached. The Commission announced a proposed rule in April 2009, collected public comments until June 1, and issued the final rule yesterday. The Final Rule requires vendors of personal health records and related entities to notify consumers following a breach involving unsecured information. In addition, if a service provider to one of these entities has a breach, it must notify the entity, which in turn must notify consumers. http://www.darkreading.com/security/government/showArticle.jhtml?articleID=219400484

E-DISCOVERY FEARS MAY EXPLAIN WHY RECESSION DIDN’T SPUR LITIGATION (ABA Journal, 18 August 2009) - Litigation usually increases during recessions, but this one appears to be different. Several surveys show that litigation is flat or declining, the National Law Journal reports. One of the major reasons, the story says, is that general counsel don’t want to spend money on litigation, partly because they fear the increasing cost of electronic discovery. “Right now, general counsel are trying to operate in zero-risk mode, and this is something we have not seen in many, many years,” said Michael Rynowecer, president of the BTI Consulting Group, in an interview with the publication. A survey of general counsel at Fortune 1000 companies by BTI found that legal departments spent an average of 1 percent less on litigation during the first half of this year. Elizabeth Scully, a partner at Baker Hostetler experienced in e-discovery, told the NLJ that the discovery process is much more expensive than just a few years ago. “It makes logical sense that the cost associated with e-discovery may be one of the things changing the numbers.” The article cited this evidence of a declining appetite for litigation. http://www.abajournal.com/news/e-discovery_fears_may_explain_why_recession_didnt_spur_litigation Law.com story here: http://www.law.com/jsp/ihc/PubArticleIHC.jsp?id=1202433112312&hbxlogin=1

TEACHING THE QUARANTINED (InsideHigherEd, 19 August 2009) - H1N1 flu may have two surprising symptoms: innovation and empathy. At least that’s the hope of University of Michigan officials, who are encouraging faculty to make broader use of technology to help sick students keep up with class work. As faculty create syllabuses for the coming semester, Michigan officials want them to consider the possibility of an outbreak infecting large numbers of students in the coming months. That means finding ways to work with students who may be absent for days by putting greater emphasis on distance learning tools like listservs, e-mail and Web-based teaching platforms. To that end, the university’s Center for Research on Learning and Teaching has laid out a series of guidelines to help faculty prepare for what could be a challenging year of illness. “[The guidelines] may or may not be helpful, but what we’re trying to do is encourage them to think about it in advance of the school year so it doesn’t take them by surprise,” said Constance Cook, vice provost for academic affairs and executive director of the learning and teaching center. “Then we rely on their good judgment to make accommodations that make sense for them.” The guidelines reflect growing concerns that the fall semester will be a season of H1N1, commonly called swine flu, on college campuses. Michigan is also working to address the somewhat counter-intuitive medical advice being provided by the Centers for Disease Control, which suggests those with the flu stay home an extra day, even if they feel well enough to work. To avoid spreading the flu, the CDC has advised people with influenza-like illness stay isolated until at least 24 hours after they are free of fever without the aid of fever-reducing medications. As such, there may be students who feel able to do work but who really shouldn’t be in class. http://www.insidehighered.com/news/2009/08/19/flu Guidelines here: http://www.crlt.umich.edu/flu/index.php

MASSACHUSETTS MODIFIES ITS NEW INFORMATION SECURITY RULES FOR BUSINESSES AND EXTENDS THE COMPLIANCE DEADLINE AGAIN (Duane Morris, 19 August 2009) - The Massachusetts Office of Consumer Affairs and Business Regulation issued a press release on August 17, 2009, extending the deadline for compliance with the state’s new information security regulations from January 1, 2010, to March 1, 2010, and updating the regulations to implement a more risk-based approach. The regulations had required all businesses, regardless of size, that own, license, store or maintain personal information about a resident of Massachusetts to encrypt that information when stored on portable devices or transmitted wirelessly or on public networks, and adopt a comprehensive, written information security program. New language in the regulations now recognizes that the size of a business and the amount of personal information it handles is a factor in the data security plan the business creates. Hence, the regulations were modified so that the safeguards are appropriate to the size, scope and type of business handling the information; the amount of resources available to the business; the amount of stored data; and the need for security and confidentiality of both consumer and employee information. http://www.duanemorris.com/alerts/alert3378.html

45% OF EMPLOYERS NOW SCREEN SOCIAL MEDIA PROFILES (Mashable, 19 August 2009) - We all know that employers are getting savvy to social networking sites and the information we share online. But what you may not know is that a recently conducted survey shows that nearly 1 in 2 companies are doing their online due diligence for prospective job candidates. This according to research firm Harris Interactive, who was commissioned by CareerBuilder.com and surveyed 2,667 HR professionals, finding that 45% of them use social networking sites to research job candidates, with an additional 11% planning to implement social media screening in the very near future. According to the study, “thirty-five percent of employers reported they have found content on social networking sites that caused them not to hire the candidate.” http://mashable.com/2009/08/19/social-media-screening/

D.C. APPEALS COURT ADOPTS FIVE-STEP INQUIRY FOR UNMASKING ANONYMOUS INTERNET SPEAKERS (BNA’s Internet Law News, 20 August 2009) - BNA’s Electronic Commerce & Law Report reports that the District of Columbia Court of Appeals held that a defamation plaintiff seeking to identify an anonymous defendant must first submit sufficient evidence to establish a genuine issue of material fact for all claim elements within its control. The court ultimately adopted a five-part test it said was similar to the summary judgment standard set forth in Doe v. Cahill. Case name is Solers Inc. v. Doe.

FORCING EMPLOYEE TO PROVIDE ACCESS TO PASSWORD-PROTECTED WEBSITE VIOLATES SCA (Steptoe & Johnson’s E-Commerce Law Week, 20 August 2009) - A recent jury verdict suggests that an employer that gains access to an employee’s social networking site by pressuring the employee to provide it with credentials for access may thereby violate the Stored Communications Act. In Pietrylo v. Hillstone Restaurant Group, several former employees of Houston’s restaurants in New Jersey alleged that Houston’s owner, the Hillstone Restaurant Group, accessed without authorization the employees’ private and password-protected MySpace group website -- used to make comments and jokes about Houston’s management, customers, and customer service standards. The employees were subsequently fired, and they then brought a wrongful termination suit claiming violations of their right to privacy, the Stored Communications Act (SCA) and a similar New Jersey statute, and other laws. Last July, a federal court in New Jersey denied defendants’ motion for summary judgment on the claims for violations of the SCA, the parallel state statute, and two invasion of privacy claims, finding that “testimony regarding whether [] consent was voluntary demonstrate[d] a material issue of disputed fact.” Notably, however, the court also concluded that if “consent was only given under duress, then the Defendants were not ‘authorized’ under the terms of the statute.” Last month, a jury found that Houston’s “knowingly or intentionally or purposefully access[ed] [the site] without authorization” on five occasions, in violation of the SCA and the parallel New Jersey statute. The jury also found the violations to be “malicious.” http://www.steptoe.com/publications-6300.html

JUDGE: DEFUNCT AIRPORT FAST PASS COMPANY CAN’T SELL CUSTOMER DATA (ComputerWorld, 20 August 2009) - A federal judge in New York has issued an order banning the operator of a now-defunct registered air traveler program from selling any of the highly personal data it collected on tens of thousands of people who signed up for the program. The order enjoins Verified Identity Pass Inc. (VIP) of New York from selling, transferring or disclosing to any third-party the data it collected while operating the Clear service, which was designed to help air travelers get through airport security checks faster. The judge noted that the Clear program’s membership agreement expressly forbade VIP from selling the information to third parties. As a result, the court found an immediate need for “preliminary injunctive relief” preventing the transfer or disclosure of the information. The ruling noted the circumstances under which the program closed and said there was a risk of the data being disclosed because of a lack of accountability and oversight over how the data is stored. http://www.computerworld.com/s/article/9136878/Judge_Defunct_airport_fast_pass_company_can_t_sell_customer_data?source=CTWNLE_nlt_dailyam_2009-08-20

FEDERAL AGENCIES PURSUE CYBERSECURITY COMMON GROUND (Information Week, 24 August 2009) - The National Institute of Standards and Technology’s recently released recommendations for cybersecurity are the first step in a plan to create a common security framework for civilian, military, and intelligence agencies. The 237-page final version of NIST’s Special Publication 800-53, “Recommended Security Controls for Federal Information Systems and Organizations,” was released earlier this month. In parallel with that, NIST has been working with defense and intelligence agencies on certification and accreditation, enterprise-wide risk management, procedures to assess cybersecurity controls, and risk assessment. Documents addressing those areas are due over the next few months. NIST only has a mandate to create security standards for civilian federal agencies, but the intelligence and defense communities have been working with civilian agencies in recent years. In doing so, they’re collaborating to create a common set of cybersecurity controls that, among other things, would provide a more consistent market for the industry. “This way we can work off a single playbook,” says NIST senior computer scientist and information security researcher Ron Ross, who drives cybersecurity standards as the lead of NIST’s Federal Information Security Management Act implementation project. Coordination among NIST and the intelligence and defense communities began three years ago when former Department of Defense CIO John Grimes and former Office of the Director of National Intelligence CIO Dale Meyerrose worked together on transforming the certification and accreditation processes for technology products. NIST got involved and suggested that the three constituencies broaden the scope of their work to include higher-level security controls. Prior to that, the Department of Defense, the federal intelligence community, and NIST were accustomed to developing their own security control recommendations. In pursuing common standards, Ross says, the government can create standard ways to share information and partner on IT projects, including cybersecurity. He sees standardization as a potential catalyst for developing new cybersecurity products and services for the government market, as vendors would be working from one set of requirements. The next document NIST will release with help from the intelligence and defense communities will be a revision of Special Publication 800-37, certification and accreditation guidelines published in 2004. A draft of that revision was published 12 months ago. The new document makes certification and accreditation of IT systems more of a continuous process than a one-time activity. Ross expects a final draft of 800-37 in September. After that, NIST will release what Ross calls a “capstone document” that defines and requires enterprise risk management at various levels within government agencies, including information systems. The document will require that agencies have an individual or board that carries out risk management. A draft of that document will likely be out by the end of the year. http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=219401209&cid=RSSfeed_IWK_News

- and -

DHS AND INFORMATION TECHNOLOGY SECTOR COORDINATING COUNCIL RELEASE INFORMATION TECHNOLOGY SECTOR BASELINE RISK ASSESSMENT (DHS, 25 August 2009) - The Department of Homeland Security (DHS) and the Information Technology Sector Coordinating Council (IT SCC) today released the IT Sector Baseline Risk Assessment (ITSRA) to identify and prioritize national-level risks to critical sector-wide IT functions while outlining strategies to mitigate those risks and enhance national and economic security...The ITSRA validates the resiliency of key elements of IT sector infrastructure while providing a process by which public and private sector owners and operators can continually update their risk management programs. The assessment links security measures to concrete data to provide a basis for meaningful infrastructure protection metrics. http://www.dhs.gov/ynews/releases/pr_1251249275263.shtm Report here: http://www.dhs.gov/xlibrary/assets/nipp_it_baseline_risk_assessment.pdf

CYBER-ATTACK STRATEGY: PART OF RUSSIAN ATTACK ON GEORGIAN PIPELINES, REPORT FINDS (Energy Bulletin, 24 August 2009) - John Bumgarner, a former cyber-security expert for the CIA and other U.S. intelligence agencies, is attracting much attention for his report concluding that Russia’s military offensive in Georgia last year was coordinated with a pre-arranged civilian cyber-attack on the country. What appears to have gone unreported is Bumgarner’s conclusion that the region’s oil apparatus was a strategic target of the overall conventional-and-cyber offensive. The 100-page report, conducted for the U.S. Cyber-Consequences Unit, where Bumgarner is director of research, was distributed to U.S. officials and security experts. Its chief takeaway is that the Russian cyberattack -- which disabled 54 Georgian websites in banking, communications and media with the apparent aim of reducing Georgia’s capability of responding to the Russian offensive -- was prepared well in advance. Bumgarner writes: “Many of the cyber attacks were so close in time to the corresponding military operations that there had to be close cooperation between people in the Russian military and the civilian cyber attackers. When the cyber attacks began, they did not involve any reconnaissance or mapping stage, but jumped directly to the sort of packets that were best suited to jamming the websites under attack. This indicates that the necessary reconnaissance and the writing of attack scripts had to have been done in advance. Many of the actions the attackers carried out, such as registering new domain names and putting up new Web sites, were accomplished so quickly that all of the steps had to be prepared earlier.” http://www.energybulletin.net/node/49938 Report here: http://www.registan.net/wp-content/uploads/2009/08/US-CCU-Georgia-Cyber-Campaign-Overview.pdf

COURT RULES U.S. SEIZED 2003 TESTS IMPROPERLY (New York Times, 26 August 2009) - A federal appeals court in California ruled Wednesday that prosecutors improperly seized the drug tests for the roughly 100 major league baseball players who tested positive for performance-enhancing drugs in 2003. “This was an obvious case of deliberate overreaching by the government in an effort to seize data as to which it lacked probable cause,” Chief Judge Alex Kozinski wrote in support of a 9-to-2 decision by the United States Court of Appeals for the Ninth Circuit, in San Francisco. The ruling is a significant victory for the Major League Baseball Players Association, which has been fighting in the courts since 2004, when authorities from the United States attorney’s office for the Northern District of California seized the tests as part of a wider investigation into the distribution of performance-enhancing drugs. The tests were supposed to be conducted as an anonymous survey. Not even the players were supposed to know the results. If more than 5 percent tested positive, the program would continue the following season with penalties imposed for those who tested positive. Ultimately, more than 5 percent tested positive, and players began facing suspensions for steroids in 2004. But for reasons never made clear, the test results were not immediately destroyed after the 2003 season. The prosecutors wanted the test results to determine whether 10 players — the most prominent being Barry Bonds, Jason Giambi and Gary Sheffield — had been truthful when they testified before a grand jury investigating the Bay Area Laboratory Co-operative. The prosecutors secured search warrants to seize the 10 tests, and when agents raided the companies overseeing the testing, they found the results for the 10 players on a computer mixed with the results of the roughly 100 players who tested positive. The agents took all the drug-testing information, and the union filed court papers challenging the seizure. At issue in the case is what prosecutors can legally take from a computer when they use a warrant to search it.
http://www.nytimes.com/2009/08/27/sports/baseball/27doping.html?_r=1&hp [Some commentators observe that this essentially is a ruling that the so-called “plain view
doctrine,” under which evidence may be seized if it is within plain view
during a legitimate search, does not apply to electronic searches. – see http://www.computerworld.com/s/article/9137209/Court_ruling_limits_electronic_searches?source=rss_security]

DOZENS OF JUDGES ARE GETTING LINKEDIN, BLOGGER NOTES (ABA Journal, 26 August 2009) - Dozens of judges have posted profiles on the professional networking site LinkedIn, including seven federal appeals judges. Blogger Robert Ambrogi found the judges through his own search, and wrote about them on Legal Blog Watch. Among the federal appeals judges with public profiles are Richard Clifton of the 9th Circuit, Deborah Cook of the 6th Circuit, Jennifer Elrod of the 5th Circuit, John Ferren of the D.C. Circuit and Edith Jones of the 5th Circuit. Two others kept their profiles private. Ambrogi also found two federal district judges, two bankruptcy judges and one U.S. magistrate judge, as well as 16 state appeals judges and several more state trial judges. The judge with the most connections was Milwaukee Municipal Court Judge Derek Mosley, who had 419 connections. Ambrogi considers whether there are ethical pitfalls for judges who post online profiles. Online comments could draw fire, he notes. He also wonders whether the identity of connections could pose a problem. “Could a judge’s connections on LinkedIn or Facebook create the potential for conflicts of interest?” Ambrogi writes. “Should litigants routinely vet a judge’s social-networking profile in advance of a trial? Should judges be required to make public disclosures of the individuals and groups they connect to online?” He also wonders if it is appropriate for judges to list that they are open to “career opportunities” and “business deals.” http://www.abajournal.com/news/blogger_finds_dozens_of_judges_with_linkedin_profiles

TIGHTER OVERSIGHT ON BORDER LAPTOP SEARCHES (AP, 27 August 2009)) - The Obama administration on Thursday put new restrictions on searches of laptops at U.S. borders to address concerns that federal agents have been rummaging through travelers’ personal information. The long-criticized practice of searching travelers’ electronic devices will continue, but a supervisor now would need to approve holding a device for more than five days. Any copies of information taken from travelers’ machines would be destroyed within days if there were no legal reason to hold the information. The new directive, effective immediately, put more restrictions on the searches:
• A supervisor must be present during these searches.
• As before, Customs and Border Protection officials can keep the electronic device or information on it only if they have probable cause to believe it is connected to a crime. But now if there is no legal reason to hold the information, it must be destroyed within seven days.
• Officers must consult agency lawyers if they want to view a traveler’s sensitive legal material, medical records or a journalist’s work-related information.
• Immigration and Customs Enforcement agents cannot keep property for more than 30 days, depending on the circumstances of each case.
Marcia Hofmann, a lawyer with the Electronic Frontier Foundation, a ditigal civil rights advocacy group, said in an interview the new rules are an improvement. But they don’t go far enough, she said. She said travelers should be told if information is copied from their devices. The new directive states that federal agents must tell travelers if they are looking at their property. But if officials copy the hard drive during this search, the traveler will not know. http://news.yahoo.com/s/ap/20090828/ap_on_go_ca_st_pe/us_laptop_searches_3

- and -

PROTECT YOUR LAPTOP DATA FROM EVERYONE, EVEN YOURSELF (Wired essay by Bruce Schneier, 15 July 2009) - Last year, I wrote about the increasing propensity for governments, including the U.S. and Great Britain, to search the contents of people’s laptops at customs. What we know is still based on anecdote, as no country has clarified the rules about what their customs officers are and are not allowed to do, and what rights people have. Companies and individuals have dealt with this problem in several ways, from keeping sensitive data off laptops traveling internationally, to storing the data -- encrypted, of course -- on websites and then downloading it at the destination. I have never liked either solution. I do a lot of work on the road, and need to carry all sorts of data with me all the time. It’s a lot of data, and downloading it can take a long time. Also, I like to work on long international flights. There’s another solution, one that works with whole-disk encryption products like PGP Disk (I’m on PGP’s advisory board), TrueCrypt, and BitLocker: Encrypt the data to a key you don’t know. http://www.wired.com/politics/security/commentary/securitymatters/2009/07/securitymatters_0715 [Editor: fairly extreme technique, but it should work.]

FOR INTELLIGENCE OFFICERS, A WIKI WAY TO CONNECT DOTS (Washington Post, 27 August 2009) - Intellipedia, the intelligence community’s version of Wikipedia, hummed in the aftermath of the Iranian presidential election in June, with personnel at myriad government agencies updating a page dedicated to tracking the disputed results. Similarly, a page established in November immediately after the terrorist attack in Mumbai provided intelligence analysts with a better understanding of the scope of the incident, as well as a forum to speculate on possible perpetrators. “There were a number of things posted that were ahead of what was being reported in the press,” said Sean Dennehy, a CIA officer who helped establish the site. Intellipedia is a collaborative online intelligence repository, and it runs counter to traditional reluctance in the intelligence community to the sharing of classified information. Indeed, it still meets with formidable resistance from many quarters of the 16 agencies that have access to the system. But the site, which is available only to users with proper government clearance, has grown markedly since its formal launch in 2006 and now averages more than 15,000 edits per day. It’s home to 900,000 pages and 100,000 user accounts. “About everything that happens of significance, there’s an Intellipedia page on,” Dennehy said. Intellipedia sprung from a 2004 paper by CIA employee Calvin Andrus titled “The Wiki and the Blog: Toward a Complex Adaptive Intelligence Community.” http://www.washingtonpost.com/wp-dyn/content/article/2009/08/26/AR2009082603606.html?wprss=rss_technology

AUGMENTED REALITY COMES TO THE IPHONE (Macworld, 31 August 2009) - If you’re traveling to Paris, France anytime soon, consider taking Metro Paris Subway 3.0 along for the trip. This 99-cent iPhone app integrates an augmented reality feature (called Your New Eye) that will show you where the closest Paris subway stations are, relative to your current location, as an overlay atop a live video feed from the iPhone’s built-in camera. The app’s developer, Presselite, posted a video demo of its new app. The video is in French, but it’s visual enough that you should get the idea of how the app works. A pair of upcoming apps from iPhone developer Acrossair for navigating the New York City Subway and London Underground will use augmented reality in a similar manner. http://www.macworld.com/article/142503/2009/08/augmented_reality.html?lsrc=rss_main [Editor: fabulous, if it works well.]

THE GOVERNMENT DOMAIN: TRACKING CONGRESS 2.0 (LLRX.com, 31 August 2009) - The 111th Congress of the United States reconvenes on September 8th. Get ready with these new tools and sources for following the action. GovTrack.us, a free and independent legislative database, has just released a number of new features:
• Pages for individual bills now show industry supporters and opponents as determined by MAPLight.org, another free and independent site. (New to MAPLight? See the MAPLight FAQ.)
• Bills affected by a cloture vote link to yet another free website, Filibusted.us, which specializes in explaining and tracking Senate filibusters.
• Pages for members of Congress now show their latest tweets if they are on Twitter.
• The login accepts your existing GovTrack ID or--recommended for new users--your account ID for Google, Yahoo, AOL, or OpenID. (Logging in allows you to establish “trackers,” email or RSS alerts for action on a bill, or new information on a member of Congress or committee.)
• GovTrack also has upgraded hardware to handle its growing popularity.
For information on all of the changes at Govtrack, see the blog posting Summer Site Updates. This is not new, but Govtrack also has a few widgets allowing you to embed content such as a bill’s status or a congressional district map on your web page; for details, see the Widgets page. Others have developed Facebook apps based on Govtrack’s database; for these, see the Tracking and Sharing Tools page. http://www.llrx.com/columns/govdomain42.htm [There’s much more here.]

HARVARD'S DASH FOR OPEN ACCESS (Harvard, 1 Sept 2009) - Harvard's leadership in open access to scholarship took a significant step forward this week with the public launch of DASH—or Digital Access to Scholarship at Harvard—a University-wide, open-access repository. More than 350 members of the Harvard research community, including over a third of the Faculty of Arts and Sciences, have jointly deposited hundreds of scholarly works in DASH. "DASH is meant to promote openness in general," stated Robert Darnton, Carl H. Pforzheimer University Professor and Director of the University Library. "It will make the current scholarship of Harvard's faculty freely available everywhere in the world, just as the digitization of the books in Harvard's library will make learning accumulated since 1638 accessible worldwide. Taken together, these and other projects represent a commitment by Harvard to share its intellectual wealth." http://hul.harvard.edu/news/2009_0901.html Dash is here: http://dash.harvard.edu/

ONLINE TERMS PRESENTED WITH THREE BLUE HYPERLINKS ARE CONSPICUOUS, CONSCIONABLE (BNA’s Internet Law News, 3 Sept 2009) – BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the Central District of Illinois held Aug. 25 that blue underlined hyperlinks to additional contract terms appearing three times during an online ordering process were sufficiently conspicuous to become part of the sale contract, turning back an unconscionability argument. The court upheld the validity of what it called a “hyperwrap” contract on finding that a combination of three hyperlinks and a specific reference to the contract before checkout rendered it binding. Case name is PDC Laboratories Inc. v. Hach Company.

FOX ADDS ON-AIR TWEETS TO `FRINGE' RERUNS (AP, 4 Sept 2009) - Summer reruns are ho-hum television, but Fox is trying out a possible solution: Add Twitter. On the network's repeat broadcast of its supernatural drama "Fringe" on Thursday night, tweets were added on-screen to the show. The tweets (messages of 140 characters or less from the microblogging Web site Twitter) ran throughout the show on the bottom third of the screen. The tweets were from executive producers Jeff Pinkner (whose handle on Twitter is JPFringe) and J.H. Wyman (JWFringe), and cast members Peter Bishop (peterbishop2) and John Noble (labdad1). http://tech.yahoo.com/news/ap/20090904/ap_on_hi_te/us_tv_twittering_tube_3

**** NOTED PODCASTS ****
ETHICS AND CLOUD COMPUTING (August 2, 2009) – At the ABA annual meeting, I moderated a panel on lawyer-ethics issues associated with cloud computing: Head in the Cloud - Feet in the Code of Professional Responsibility -- Managing the Ethical Risks to Lawyers from Web 2.0 Technologies, Portable Devices and Wireless Access”. We had excellent panelists, including Chris Kelly (on leave as CPO for Facebook and candidate for California Attorney General). The podcast of this event is here: http://files.knowconnect.com/public/Head_in_the_Cloud_Feet_in_the_Code.mp3

**** LOOKING BACK - MIRLN TEN YEARS AGO ****
BIG BLUE OFFERS LINUX SUPPORT... -- IBM has announced it will offer the same level of customer support for Linux as it now offers for Microsoft NT on certain models of IBM servers. “This is not a flash in the pan,” says an executive in IBM’s NetFinity-server unit. “For us, Linux is a long-term plan that’s constantly building.” Support for Linux software is generally considered somewhat problematic, because there are several different versions that are popular today, making it both tricky and expensive for computer makers. “If they support them all, it’s a mess,” says an analyst with Dataquest. “There needs to be a de facto standard, because supporting all of them is crazy.” (Investor’s Business Daily 28 Jul 99) http://www.investors.com/

************** NOTES **********************
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln.

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. BNA’s Internet Law News, http://ecommercecenter.bna.com.
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
7. McGuire Wood’s Technology & Business Articles of Note, http://tinyurl.com/ywsusp
8. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/.
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.