Saturday, September 05, 2009

MIRLN --- 16 August – 5 September 2009 (v12.12)

• Internet Materials in Opinions: Citations and Hyperlinking
• Judge Strikes Down La. Restrictions on Lawyer Internet Ads
• Firefox Plug-In Frees Court Records, Threatens Judiciary Profits
• Second Life’s Economy Nearly Doubles
• U.C. Professors Seek Changes to Google Books Deal
• FCC Launches a Blog, Joins Twitter Stream
• FTC Finalizes Rules on Health Care Breach Disclosure
• E-Discovery Fears May Explain Why Recession Didn’t Spur Litigation
• Teaching the Quarantined
• Massachusetts Modifies its New Information Security Rules for Businesses and Extends the Compliance Deadline Again
• 45% of Employers Now Screen Social Media Profiles
• D.C. Appeals Court Adopts Five-Step Inquiry for Unmasking Anonymous Internet Speakers
• Forcing Employee to Provide Access to Password-Protected Website Violates SCA
• Judge: Defunct Airport Fast Pass Company Can’t Sell Customer Data
• Federal Agencies Pursue Cybersecurity Common Ground
o DHS and Information Technology Sector Coordinating Council Release Information Technology Sector Baseline Risk
• Cyber-Attack Strategy: Part of Russian Attack on Georgian Pipelines, Report Finds
• Court Rules U.S. Seized 2003 Tests Improperly
• Dozens of Judges are Getting LinkedIn, Blogger Notes
• Tighter Oversight on Border Laptop Searches
o Protect Your Laptop Data from Everyone, Even Yourself
• For Intelligence Officers, a Wiki Way to Connect Dots
• Augmented Reality Comes to the iPhone
• The Government Domain: Tracking Congress 2.0
• Harvard's Dash for Open Access
• Online Terms Presented with Three Blue Hyperlinks are Conspicuous, Conscionable
• Fox Adds On-Air Tweets to `Fringe' Reruns


**** NEWS ****
INTERNET MATERIALS IN OPINIONS: CITATIONS AND HYPERLINKING (U.S. Courts, July 2009) - The Judicial Conference has issued a series of “suggested practices” to assist courts in the use of Internet materials in opinions. The recommendations follow a pilot project conducted by circuit librarians who captured and preserved webpages cited in opinions over a six-month period. The Internet often seems to pervade everyday life, giving us answers, matches, recommendations, definitions, and citations. But the information on the Internet can be as ephemeral as yesterday’s blog entry. Websites can change or disappear altogether. “Judges are citing to and using Internet-based information in their opinions with increasing frequency,” Judicial Conference Secretary Jim Duff wrote recently to chief judges. “Unlike printed authority, Internet information is often not maintained at a permanent location, and a cited webpage can be changed or deleted at any time. Obviously, this has significant implications for the reliability of citations in court opinions.” The Judicial Conference Committee on Court Administration and Case Management (CACM) began the pilot project, conducted by circuit libraries, and received and endorsed the recommendations of an ad hoc working group of circuit librarians. In approving those recommendations in March 2009, the Judicial Conference agreed that all Internet materials cited in final opinions be considered for preservation, while each judge should retain the discretion to decide whether the specific cited resource should be captured and preserved. The Conference directed the Administrative Office to work with the CACM Committee to develop guidelines “to assist judges in making the determination of which citations to preserve.” The guidelines suggest that, if a webpage is cited, chambers staff preserve the citation by downloading a copy of the site’s page and filing it as an attachment to the judicial opinion in the Judiciary’s Case Management/Electronic Case Files System. The attachment, like the opinion, would be retrievable on a non-fee basis through the Public Access to Court Electronic Records system. When considering whether to cite Internet sources, judges are reminded that some litigants, particularly pro se litigants, may not have access to a computer. [Editor: There are two interesting studies/projects that speak to link rot and the need for preservation. One is the Chesapeake Project: The other was a study done by a librarian in Washington: Ching, Tina. “The Next Generation of Legal Citations: A Survey of Internet Citations in the Opinions of the Washington Supreme Court and Washington Appellate Courts, 1999-2005″ The ABA’s Catherine Sanders Reach participated in a related program discussion earlier this month --]

JUDGE STRIKES DOWN LA. RESTRICTIONS ON LAWYER INTERNET ADS (ABA Journal, 4 August 2009) - A federal judge has upheld most of the new restrictions on advertising by Louisiana lawyers, but struck down two rules regulating Internet advertising. U.S. District Judge Martin Feldman said Louisana’s Internet restrictions don’t account for differences between ads online and those in traditional media such as television, the Associated Press reports. “The Internet presents unique issues related to advertising, which the state simply failed to consider in formulating this rule,” Feldman wrote in his opinion. As a result, the Internet ad restrictions violate the First Amendment, he ruled. Feldman upheld most other restrictions, saying the state can regulate ads that promise results, portray a judge or jury, or use client testimonials, according to AP. The Wolfe Law Group had challenged the Internet rules, claiming they would restrict the firm’s right to comment on Twitter, Facebook, online bulletin boards and blogs. The firm also argued the rules would subject each of the firm’s online posts to a cost-prohibitive evaluation and $175 fee. The law firm had provided an example: It spent $160 on 12 different Google pay-per-click ads over a three-month period; the cost of the ad review would have been about $2,100. Name partner Scott Wolfe Jr. said in a press release that Feldman’s ruling is important to lawyers who advertise online. “The court not only noted that states must have a reason to regulate Internet speech, but it also recognized that the Internet media is different from broadcast media, and is entitled to unique protection,” he said.

FIREFOX PLUG-IN FREES COURT RECORDS, THREATENS JUDICIARY PROFITS (Wired, 14 August 2009) - Access to the nation’s federal law proceedings just got a public interest hack, thanks to programmers from Princeton, Harvard and the Internet Archive, who released a Firefox plug-in designed to make millions of pages of legal documents free. Free as in beer and free as in speech. The Problem: Federal courts use an archaic, document-tracking system known as PACER as their official repository for complaints, court motions, case scheduling and decisions. The system design resembles a DMV computer system, circa 1988 — and lacks even the most basic functionality, such as notifications when a case gets a new filing. But what’s worse is that PACER charges 8 cents per page (capped at $2.40 per doc) and even charges for searches — an embarrassing limitation on public access to information, especially when the documents are copyright-free. The Solution: RECAP, a Firefox-only plugin, that rides along as one usually uses PACER — but it automatically checks if the document you want is already in its own database. The plug-in’s tagline, ‘Turning PACER around,’ alludes to the fact that its name comes from spelling PACER backwards. RECAP’s database is being seeded with millions of bankruptcy and Federal District Court documents, which have been donated, bought or gotten for free by open-government advocate Carl Malamud and fellow travelers such as Justia. And if the document you request isn’t already in the public archive, then RECAP adds the ones you purchase to the public repository. The plug-in was released by Princeton’s Center for Information Technology Policy, coded by Harlan Yu and Tim Lee, under the direction of noted computer science professor Ed Felten.

SECOND LIFE’S ECONOMY NEARLY DOUBLES (NPR, 14 August 2009) - I don’t know how I missed this key, crucial and totally critical piece of news: The economy in Second Life has grown by 94 percent over the past 12 months, with activity that equates to $144 million in the second quarter. Granted, the real people and their groovy avatars in the 3D virtual reality world are trading in Linden dollars, except when they’re not, like the woman who made a million U.S. dollars selling virtual real estate. Beam me up, I guess. Oh, wait -- wrong world.

U.C. PROFESSORS SEEK CHANGES TO GOOGLE BOOKS DEAL (New York Times, 17 August 2009) - A group of prominent faculty representatives from the University of California, one of Google’s earliest and closest allies in its plan to digitize books from major libraries, is the latest to raise concerns about important aspects of a high-profile class-action settlement between Google and groups representing authors and publishers. The professors include members of the university’s Academic Council (the executive committee of the much larger Academic Senate) as well as the chair of the Academic Senate’s Committee on Libraries and Scholarly Communication. Their views suggest something of a break between representatives of the university’s faculty and its administration, which has endorsed the settlement. But the group also suggests that the Authors Guild, which sued Google for copyright infringement over its scanning project and played a central role in negotiating the settlement, did not appropriately represent the interests of academic authors, many of whom want their works to be widely accessible. “We are concerned that the Authors Guild negotiators likely prioritized maximizing profits over maximizing public access to knowledge, while academic authors would have reversed those priorities,” the group wrote. “We note that the scholarly books written by academic authors constitute a much more substantial part of the Book Search corpus than the Authors Guild members’ books.” However, the group does not oppose the settlement, but rather suggests a number of changes to address its concerns.

FCC LAUNCHES A BLOG, JOINS TWITTER STREAM (GigaOm, 18 August 2009) - The Federal Communications Commission is looking to overhaul itself, hiring more technically astute people and entrepreneurs. It’s also trying to become an agency for the people, and as part of that attitude change, has launched a blog: Blogband. In a press release (and the first blog post) FCC Chairman Julius Genachowski wrote: “To foster public dialogue about the National Broadband Plan, we’re tapping the power of the Internet to launch a new FCC blog…Blogband will keep people up-to-date about the work the FCC is doing and the progress we’re making. But we want it to be a two-way conversation. The feedback, ideas, and discussions generated on this blog be critical in developing the best possible National Broadband Plan.”

FTC FINALIZES RULES ON HEALTH CARE BREACH DISCLOSURE (DarkReading, 18 August 2009) - The Federal Trade Commission yesterday issued a final rule that will require Web-based businesses to notify consumers when the security of their electronic health information has been breached. The new rule was put into place by Congress as part of the American Recovery and Reinvestment Act of 2009. The rule applies to both vendors of personal health records “ which provide online repositories that people can use to keep track of their health information “ and entities that offer third-party applications for personal health records. Many organizations that offer these types of services are not subject to the privacy and security requirements of the Health Insurance Portability and Accountability Act (HIPAA), the FTC explained. Under the Recovery Act, the Department of Health and Human Services has been assigned to conduct a study and report by February 2010 on potential privacy, security, and breach-notification requirements for vendors of personal health records and related entities that are not subject to HIPAA. In the meantime, the Recovery Act requires the FTC to issue a rule requiring these entities to notify consumers if the security of their health information is breached. The Commission announced a proposed rule in April 2009, collected public comments until June 1, and issued the final rule yesterday. The Final Rule requires vendors of personal health records and related entities to notify consumers following a breach involving unsecured information. In addition, if a service provider to one of these entities has a breach, it must notify the entity, which in turn must notify consumers.

E-DISCOVERY FEARS MAY EXPLAIN WHY RECESSION DIDN’T SPUR LITIGATION (ABA Journal, 18 August 2009) - Litigation usually increases during recessions, but this one appears to be different. Several surveys show that litigation is flat or declining, the National Law Journal reports. One of the major reasons, the story says, is that general counsel don’t want to spend money on litigation, partly because they fear the increasing cost of electronic discovery. “Right now, general counsel are trying to operate in zero-risk mode, and this is something we have not seen in many, many years,” said Michael Rynowecer, president of the BTI Consulting Group, in an interview with the publication. A survey of general counsel at Fortune 1000 companies by BTI found that legal departments spent an average of 1 percent less on litigation during the first half of this year. Elizabeth Scully, a partner at Baker Hostetler experienced in e-discovery, told the NLJ that the discovery process is much more expensive than just a few years ago. “It makes logical sense that the cost associated with e-discovery may be one of the things changing the numbers.” The article cited this evidence of a declining appetite for litigation. story here:

TEACHING THE QUARANTINED (InsideHigherEd, 19 August 2009) - H1N1 flu may have two surprising symptoms: innovation and empathy. At least that’s the hope of University of Michigan officials, who are encouraging faculty to make broader use of technology to help sick students keep up with class work. As faculty create syllabuses for the coming semester, Michigan officials want them to consider the possibility of an outbreak infecting large numbers of students in the coming months. That means finding ways to work with students who may be absent for days by putting greater emphasis on distance learning tools like listservs, e-mail and Web-based teaching platforms. To that end, the university’s Center for Research on Learning and Teaching has laid out a series of guidelines to help faculty prepare for what could be a challenging year of illness. “[The guidelines] may or may not be helpful, but what we’re trying to do is encourage them to think about it in advance of the school year so it doesn’t take them by surprise,” said Constance Cook, vice provost for academic affairs and executive director of the learning and teaching center. “Then we rely on their good judgment to make accommodations that make sense for them.” The guidelines reflect growing concerns that the fall semester will be a season of H1N1, commonly called swine flu, on college campuses. Michigan is also working to address the somewhat counter-intuitive medical advice being provided by the Centers for Disease Control, which suggests those with the flu stay home an extra day, even if they feel well enough to work. To avoid spreading the flu, the CDC has advised people with influenza-like illness stay isolated until at least 24 hours after they are free of fever without the aid of fever-reducing medications. As such, there may be students who feel able to do work but who really shouldn’t be in class. Guidelines here:

MASSACHUSETTS MODIFIES ITS NEW INFORMATION SECURITY RULES FOR BUSINESSES AND EXTENDS THE COMPLIANCE DEADLINE AGAIN (Duane Morris, 19 August 2009) - The Massachusetts Office of Consumer Affairs and Business Regulation issued a press release on August 17, 2009, extending the deadline for compliance with the state’s new information security regulations from January 1, 2010, to March 1, 2010, and updating the regulations to implement a more risk-based approach. The regulations had required all businesses, regardless of size, that own, license, store or maintain personal information about a resident of Massachusetts to encrypt that information when stored on portable devices or transmitted wirelessly or on public networks, and adopt a comprehensive, written information security program. New language in the regulations now recognizes that the size of a business and the amount of personal information it handles is a factor in the data security plan the business creates. Hence, the regulations were modified so that the safeguards are appropriate to the size, scope and type of business handling the information; the amount of resources available to the business; the amount of stored data; and the need for security and confidentiality of both consumer and employee information.

45% OF EMPLOYERS NOW SCREEN SOCIAL MEDIA PROFILES (Mashable, 19 August 2009) - We all know that employers are getting savvy to social networking sites and the information we share online. But what you may not know is that a recently conducted survey shows that nearly 1 in 2 companies are doing their online due diligence for prospective job candidates. This according to research firm Harris Interactive, who was commissioned by and surveyed 2,667 HR professionals, finding that 45% of them use social networking sites to research job candidates, with an additional 11% planning to implement social media screening in the very near future. According to the study, “thirty-five percent of employers reported they have found content on social networking sites that caused them not to hire the candidate.”

D.C. APPEALS COURT ADOPTS FIVE-STEP INQUIRY FOR UNMASKING ANONYMOUS INTERNET SPEAKERS (BNA’s Internet Law News, 20 August 2009) - BNA’s Electronic Commerce & Law Report reports that the District of Columbia Court of Appeals held that a defamation plaintiff seeking to identify an anonymous defendant must first submit sufficient evidence to establish a genuine issue of material fact for all claim elements within its control. The court ultimately adopted a five-part test it said was similar to the summary judgment standard set forth in Doe v. Cahill. Case name is Solers Inc. v. Doe.

FORCING EMPLOYEE TO PROVIDE ACCESS TO PASSWORD-PROTECTED WEBSITE VIOLATES SCA (Steptoe & Johnson’s E-Commerce Law Week, 20 August 2009) - A recent jury verdict suggests that an employer that gains access to an employee’s social networking site by pressuring the employee to provide it with credentials for access may thereby violate the Stored Communications Act. In Pietrylo v. Hillstone Restaurant Group, several former employees of Houston’s restaurants in New Jersey alleged that Houston’s owner, the Hillstone Restaurant Group, accessed without authorization the employees’ private and password-protected MySpace group website -- used to make comments and jokes about Houston’s management, customers, and customer service standards. The employees were subsequently fired, and they then brought a wrongful termination suit claiming violations of their right to privacy, the Stored Communications Act (SCA) and a similar New Jersey statute, and other laws. Last July, a federal court in New Jersey denied defendants’ motion for summary judgment on the claims for violations of the SCA, the parallel state statute, and two invasion of privacy claims, finding that “testimony regarding whether [] consent was voluntary demonstrate[d] a material issue of disputed fact.” Notably, however, the court also concluded that if “consent was only given under duress, then the Defendants were not ‘authorized’ under the terms of the statute.” Last month, a jury found that Houston’s “knowingly or intentionally or purposefully access[ed] [the site] without authorization” on five occasions, in violation of the SCA and the parallel New Jersey statute. The jury also found the violations to be “malicious.”

JUDGE: DEFUNCT AIRPORT FAST PASS COMPANY CAN’T SELL CUSTOMER DATA (ComputerWorld, 20 August 2009) - A federal judge in New York has issued an order banning the operator of a now-defunct registered air traveler program from selling any of the highly personal data it collected on tens of thousands of people who signed up for the program. The order enjoins Verified Identity Pass Inc. (VIP) of New York from selling, transferring or disclosing to any third-party the data it collected while operating the Clear service, which was designed to help air travelers get through airport security checks faster. The judge noted that the Clear program’s membership agreement expressly forbade VIP from selling the information to third parties. As a result, the court found an immediate need for “preliminary injunctive relief” preventing the transfer or disclosure of the information. The ruling noted the circumstances under which the program closed and said there was a risk of the data being disclosed because of a lack of accountability and oversight over how the data is stored.

FEDERAL AGENCIES PURSUE CYBERSECURITY COMMON GROUND (Information Week, 24 August 2009) - The National Institute of Standards and Technology’s recently released recommendations for cybersecurity are the first step in a plan to create a common security framework for civilian, military, and intelligence agencies. The 237-page final version of NIST’s Special Publication 800-53, “Recommended Security Controls for Federal Information Systems and Organizations,” was released earlier this month. In parallel with that, NIST has been working with defense and intelligence agencies on certification and accreditation, enterprise-wide risk management, procedures to assess cybersecurity controls, and risk assessment. Documents addressing those areas are due over the next few months. NIST only has a mandate to create security standards for civilian federal agencies, but the intelligence and defense communities have been working with civilian agencies in recent years. In doing so, they’re collaborating to create a common set of cybersecurity controls that, among other things, would provide a more consistent market for the industry. “This way we can work off a single playbook,” says NIST senior computer scientist and information security researcher Ron Ross, who drives cybersecurity standards as the lead of NIST’s Federal Information Security Management Act implementation project. Coordination among NIST and the intelligence and defense communities began three years ago when former Department of Defense CIO John Grimes and former Office of the Director of National Intelligence CIO Dale Meyerrose worked together on transforming the certification and accreditation processes for technology products. NIST got involved and suggested that the three constituencies broaden the scope of their work to include higher-level security controls. Prior to that, the Department of Defense, the federal intelligence community, and NIST were accustomed to developing their own security control recommendations. In pursuing common standards, Ross says, the government can create standard ways to share information and partner on IT projects, including cybersecurity. He sees standardization as a potential catalyst for developing new cybersecurity products and services for the government market, as vendors would be working from one set of requirements. The next document NIST will release with help from the intelligence and defense communities will be a revision of Special Publication 800-37, certification and accreditation guidelines published in 2004. A draft of that revision was published 12 months ago. The new document makes certification and accreditation of IT systems more of a continuous process than a one-time activity. Ross expects a final draft of 800-37 in September. After that, NIST will release what Ross calls a “capstone document” that defines and requires enterprise risk management at various levels within government agencies, including information systems. The document will require that agencies have an individual or board that carries out risk management. A draft of that document will likely be out by the end of the year.

- and -

DHS AND INFORMATION TECHNOLOGY SECTOR COORDINATING COUNCIL RELEASE INFORMATION TECHNOLOGY SECTOR BASELINE RISK ASSESSMENT (DHS, 25 August 2009) - The Department of Homeland Security (DHS) and the Information Technology Sector Coordinating Council (IT SCC) today released the IT Sector Baseline Risk Assessment (ITSRA) to identify and prioritize national-level risks to critical sector-wide IT functions while outlining strategies to mitigate those risks and enhance national and economic security...The ITSRA validates the resiliency of key elements of IT sector infrastructure while providing a process by which public and private sector owners and operators can continually update their risk management programs. The assessment links security measures to concrete data to provide a basis for meaningful infrastructure protection metrics. Report here:

CYBER-ATTACK STRATEGY: PART OF RUSSIAN ATTACK ON GEORGIAN PIPELINES, REPORT FINDS (Energy Bulletin, 24 August 2009) - John Bumgarner, a former cyber-security expert for the CIA and other U.S. intelligence agencies, is attracting much attention for his report concluding that Russia’s military offensive in Georgia last year was coordinated with a pre-arranged civilian cyber-attack on the country. What appears to have gone unreported is Bumgarner’s conclusion that the region’s oil apparatus was a strategic target of the overall conventional-and-cyber offensive. The 100-page report, conducted for the U.S. Cyber-Consequences Unit, where Bumgarner is director of research, was distributed to U.S. officials and security experts. Its chief takeaway is that the Russian cyberattack -- which disabled 54 Georgian websites in banking, communications and media with the apparent aim of reducing Georgia’s capability of responding to the Russian offensive -- was prepared well in advance. Bumgarner writes: “Many of the cyber attacks were so close in time to the corresponding military operations that there had to be close cooperation between people in the Russian military and the civilian cyber attackers. When the cyber attacks began, they did not involve any reconnaissance or mapping stage, but jumped directly to the sort of packets that were best suited to jamming the websites under attack. This indicates that the necessary reconnaissance and the writing of attack scripts had to have been done in advance. Many of the actions the attackers carried out, such as registering new domain names and putting up new Web sites, were accomplished so quickly that all of the steps had to be prepared earlier.” Report here:

COURT RULES U.S. SEIZED 2003 TESTS IMPROPERLY (New York Times, 26 August 2009) - A federal appeals court in California ruled Wednesday that prosecutors improperly seized the drug tests for the roughly 100 major league baseball players who tested positive for performance-enhancing drugs in 2003. “This was an obvious case of deliberate overreaching by the government in an effort to seize data as to which it lacked probable cause,” Chief Judge Alex Kozinski wrote in support of a 9-to-2 decision by the United States Court of Appeals for the Ninth Circuit, in San Francisco. The ruling is a significant victory for the Major League Baseball Players Association, which has been fighting in the courts since 2004, when authorities from the United States attorney’s office for the Northern District of California seized the tests as part of a wider investigation into the distribution of performance-enhancing drugs. The tests were supposed to be conducted as an anonymous survey. Not even the players were supposed to know the results. If more than 5 percent tested positive, the program would continue the following season with penalties imposed for those who tested positive. Ultimately, more than 5 percent tested positive, and players began facing suspensions for steroids in 2004. But for reasons never made clear, the test results were not immediately destroyed after the 2003 season. The prosecutors wanted the test results to determine whether 10 players — the most prominent being Barry Bonds, Jason Giambi and Gary Sheffield — had been truthful when they testified before a grand jury investigating the Bay Area Laboratory Co-operative. The prosecutors secured search warrants to seize the 10 tests, and when agents raided the companies overseeing the testing, they found the results for the 10 players on a computer mixed with the results of the roughly 100 players who tested positive. The agents took all the drug-testing information, and the union filed court papers challenging the seizure. At issue in the case is what prosecutors can legally take from a computer when they use a warrant to search it. [Some commentators observe that this essentially is a ruling that the so-called “plain view
doctrine,” under which evidence may be seized if it is within plain view
during a legitimate search, does not apply to electronic searches. – see]

DOZENS OF JUDGES ARE GETTING LINKEDIN, BLOGGER NOTES (ABA Journal, 26 August 2009) - Dozens of judges have posted profiles on the professional networking site LinkedIn, including seven federal appeals judges. Blogger Robert Ambrogi found the judges through his own search, and wrote about them on Legal Blog Watch. Among the federal appeals judges with public profiles are Richard Clifton of the 9th Circuit, Deborah Cook of the 6th Circuit, Jennifer Elrod of the 5th Circuit, John Ferren of the D.C. Circuit and Edith Jones of the 5th Circuit. Two others kept their profiles private. Ambrogi also found two federal district judges, two bankruptcy judges and one U.S. magistrate judge, as well as 16 state appeals judges and several more state trial judges. The judge with the most connections was Milwaukee Municipal Court Judge Derek Mosley, who had 419 connections. Ambrogi considers whether there are ethical pitfalls for judges who post online profiles. Online comments could draw fire, he notes. He also wonders whether the identity of connections could pose a problem. “Could a judge’s connections on LinkedIn or Facebook create the potential for conflicts of interest?” Ambrogi writes. “Should litigants routinely vet a judge’s social-networking profile in advance of a trial? Should judges be required to make public disclosures of the individuals and groups they connect to online?” He also wonders if it is appropriate for judges to list that they are open to “career opportunities” and “business deals.”

TIGHTER OVERSIGHT ON BORDER LAPTOP SEARCHES (AP, 27 August 2009)) - The Obama administration on Thursday put new restrictions on searches of laptops at U.S. borders to address concerns that federal agents have been rummaging through travelers’ personal information. The long-criticized practice of searching travelers’ electronic devices will continue, but a supervisor now would need to approve holding a device for more than five days. Any copies of information taken from travelers’ machines would be destroyed within days if there were no legal reason to hold the information. The new directive, effective immediately, put more restrictions on the searches:
• A supervisor must be present during these searches.
• As before, Customs and Border Protection officials can keep the electronic device or information on it only if they have probable cause to believe it is connected to a crime. But now if there is no legal reason to hold the information, it must be destroyed within seven days.
• Officers must consult agency lawyers if they want to view a traveler’s sensitive legal material, medical records or a journalist’s work-related information.
• Immigration and Customs Enforcement agents cannot keep property for more than 30 days, depending on the circumstances of each case.
Marcia Hofmann, a lawyer with the Electronic Frontier Foundation, a ditigal civil rights advocacy group, said in an interview the new rules are an improvement. But they don’t go far enough, she said. She said travelers should be told if information is copied from their devices. The new directive states that federal agents must tell travelers if they are looking at their property. But if officials copy the hard drive during this search, the traveler will not know.

- and -

PROTECT YOUR LAPTOP DATA FROM EVERYONE, EVEN YOURSELF (Wired essay by Bruce Schneier, 15 July 2009) - Last year, I wrote about the increasing propensity for governments, including the U.S. and Great Britain, to search the contents of people’s laptops at customs. What we know is still based on anecdote, as no country has clarified the rules about what their customs officers are and are not allowed to do, and what rights people have. Companies and individuals have dealt with this problem in several ways, from keeping sensitive data off laptops traveling internationally, to storing the data -- encrypted, of course -- on websites and then downloading it at the destination. I have never liked either solution. I do a lot of work on the road, and need to carry all sorts of data with me all the time. It’s a lot of data, and downloading it can take a long time. Also, I like to work on long international flights. There’s another solution, one that works with whole-disk encryption products like PGP Disk (I’m on PGP’s advisory board), TrueCrypt, and BitLocker: Encrypt the data to a key you don’t know. [Editor: fairly extreme technique, but it should work.]

FOR INTELLIGENCE OFFICERS, A WIKI WAY TO CONNECT DOTS (Washington Post, 27 August 2009) - Intellipedia, the intelligence community’s version of Wikipedia, hummed in the aftermath of the Iranian presidential election in June, with personnel at myriad government agencies updating a page dedicated to tracking the disputed results. Similarly, a page established in November immediately after the terrorist attack in Mumbai provided intelligence analysts with a better understanding of the scope of the incident, as well as a forum to speculate on possible perpetrators. “There were a number of things posted that were ahead of what was being reported in the press,” said Sean Dennehy, a CIA officer who helped establish the site. Intellipedia is a collaborative online intelligence repository, and it runs counter to traditional reluctance in the intelligence community to the sharing of classified information. Indeed, it still meets with formidable resistance from many quarters of the 16 agencies that have access to the system. But the site, which is available only to users with proper government clearance, has grown markedly since its formal launch in 2006 and now averages more than 15,000 edits per day. It’s home to 900,000 pages and 100,000 user accounts. “About everything that happens of significance, there’s an Intellipedia page on,” Dennehy said. Intellipedia sprung from a 2004 paper by CIA employee Calvin Andrus titled “The Wiki and the Blog: Toward a Complex Adaptive Intelligence Community.”

AUGMENTED REALITY COMES TO THE IPHONE (Macworld, 31 August 2009) - If you’re traveling to Paris, France anytime soon, consider taking Metro Paris Subway 3.0 along for the trip. This 99-cent iPhone app integrates an augmented reality feature (called Your New Eye) that will show you where the closest Paris subway stations are, relative to your current location, as an overlay atop a live video feed from the iPhone’s built-in camera. The app’s developer, Presselite, posted a video demo of its new app. The video is in French, but it’s visual enough that you should get the idea of how the app works. A pair of upcoming apps from iPhone developer Acrossair for navigating the New York City Subway and London Underground will use augmented reality in a similar manner. [Editor: fabulous, if it works well.]

THE GOVERNMENT DOMAIN: TRACKING CONGRESS 2.0 (, 31 August 2009) - The 111th Congress of the United States reconvenes on September 8th. Get ready with these new tools and sources for following the action., a free and independent legislative database, has just released a number of new features:
• Pages for individual bills now show industry supporters and opponents as determined by, another free and independent site. (New to MAPLight? See the MAPLight FAQ.)
• Bills affected by a cloture vote link to yet another free website,, which specializes in explaining and tracking Senate filibusters.
• Pages for members of Congress now show their latest tweets if they are on Twitter.
• The login accepts your existing GovTrack ID or--recommended for new users--your account ID for Google, Yahoo, AOL, or OpenID. (Logging in allows you to establish “trackers,” email or RSS alerts for action on a bill, or new information on a member of Congress or committee.)
• GovTrack also has upgraded hardware to handle its growing popularity.
For information on all of the changes at Govtrack, see the blog posting Summer Site Updates. This is not new, but Govtrack also has a few widgets allowing you to embed content such as a bill’s status or a congressional district map on your web page; for details, see the Widgets page. Others have developed Facebook apps based on Govtrack’s database; for these, see the Tracking and Sharing Tools page. [There’s much more here.]

HARVARD'S DASH FOR OPEN ACCESS (Harvard, 1 Sept 2009) - Harvard's leadership in open access to scholarship took a significant step forward this week with the public launch of DASH—or Digital Access to Scholarship at Harvard—a University-wide, open-access repository. More than 350 members of the Harvard research community, including over a third of the Faculty of Arts and Sciences, have jointly deposited hundreds of scholarly works in DASH. "DASH is meant to promote openness in general," stated Robert Darnton, Carl H. Pforzheimer University Professor and Director of the University Library. "It will make the current scholarship of Harvard's faculty freely available everywhere in the world, just as the digitization of the books in Harvard's library will make learning accumulated since 1638 accessible worldwide. Taken together, these and other projects represent a commitment by Harvard to share its intellectual wealth." Dash is here:

ONLINE TERMS PRESENTED WITH THREE BLUE HYPERLINKS ARE CONSPICUOUS, CONSCIONABLE (BNA’s Internet Law News, 3 Sept 2009) – BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the Central District of Illinois held Aug. 25 that blue underlined hyperlinks to additional contract terms appearing three times during an online ordering process were sufficiently conspicuous to become part of the sale contract, turning back an unconscionability argument. The court upheld the validity of what it called a “hyperwrap” contract on finding that a combination of three hyperlinks and a specific reference to the contract before checkout rendered it binding. Case name is PDC Laboratories Inc. v. Hach Company.

FOX ADDS ON-AIR TWEETS TO `FRINGE' RERUNS (AP, 4 Sept 2009) - Summer reruns are ho-hum television, but Fox is trying out a possible solution: Add Twitter. On the network's repeat broadcast of its supernatural drama "Fringe" on Thursday night, tweets were added on-screen to the show. The tweets (messages of 140 characters or less from the microblogging Web site Twitter) ran throughout the show on the bottom third of the screen. The tweets were from executive producers Jeff Pinkner (whose handle on Twitter is JPFringe) and J.H. Wyman (JWFringe), and cast members Peter Bishop (peterbishop2) and John Noble (labdad1).

ETHICS AND CLOUD COMPUTING (August 2, 2009) – At the ABA annual meeting, I moderated a panel on lawyer-ethics issues associated with cloud computing: Head in the Cloud - Feet in the Code of Professional Responsibility -- Managing the Ethical Risks to Lawyers from Web 2.0 Technologies, Portable Devices and Wireless Access”. We had excellent panelists, including Chris Kelly (on leave as CPO for Facebook and candidate for California Attorney General). The podcast of this event is here:

BIG BLUE OFFERS LINUX SUPPORT... -- IBM has announced it will offer the same level of customer support for Linux as it now offers for Microsoft NT on certain models of IBM servers. “This is not a flash in the pan,” says an executive in IBM’s NetFinity-server unit. “For us, Linux is a long-term plan that’s constantly building.” Support for Linux software is generally considered somewhat problematic, because there are several different versions that are popular today, making it both tricky and expensive for computer makers. “If they support them all, it’s a mess,” says an analyst with Dataquest. “There needs to be a de facto standard, because supporting all of them is crazy.” (Investor’s Business Daily 28 Jul 99)

************** NOTES **********************
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley ( with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
6. Crypto-Gram,
7. McGuire Wood’s Technology & Business Articles of Note,
8. Steptoe & Johnson’s E-Commerce Law Week,
9. Eric Goldman’s Technology and Marketing Law Blog,
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: