Saturday, October 17, 2009

MIRLN --- 27 September – 17 October 2009 (v12.14)

• PCI More of a ‘Check-Box’ than Security for Most Retailers
• DHS Privacy Report: Laptop Searches at Airports Infrequent
• The Mortgage Machine Backfires
• Virtual Town not Like Company Town for Purposes of First Amendment Protection
• New Hires to Monitor Outbound E-Mail
• Hawaii Supreme Court Disputes Laser Gun Test in Speeding Case
• Court Order Served Over Twitter
• Amazon Settles Kindle Deletion Lawsuit for $150,000
• Child-Porn Arrests: `Shooting Fish in a Barrel’
• Soon, Bloggers Must Give Full Disclosure
• AT&T to Allow Expanded Internet Calling Services on Apple’s iPhone
• Post-Breach Fear of Identity Theft Satisfies Standing Requirements, but Fails to Support Negligence and Other Claims
o Autumn Brings Amendments to Data Breach Notification Laws
o Germany Broaches the Breach Question in the EU
• Companies Say No to Friending or Tweeting
• E-Discovery Issues with Digital Voicemail
• Sidekick Outage Casts Cloud over Microsoft
• FBI Uses Facial-Recognition Technology on DMV Photos
• Gov’t Unveils New Short URLS
o White House Confronts Barriers to Gov 2.0
• Web Content Posted Abroad not Simultaneously Published in America
• Libraries and Readers Wade into Digital Lending
• Proposes Open-Source Stash of all Primary US Legal Materials


**** NEWS ****
PCI MORE OF A ‘CHECK-BOX’ THAN SECURITY FOR MOST RETAILERS (Darkreading, 23 Sept 2009) - Nearly 80 percent of retailers and organizations that handle credit card transactions have been hit with a data breach, but more than 70 percent still don’t consider security strategic to their operations, according to a new report released today. This apparent incongruity has more to do with organizations accepting a certain level of risk with doing business on the Internet, says Brian Contos, chief security strategist at Imperva, which commissioned the 2009 PCI DSS Compliance Survey conducted by the Ponemon Institute. “Roughly 30 percent take [PCI security] seriously,” Contos says. “And the others see it as a check box.” But Contos says the 30 percent figure is actually promising: “It’s encouraging to see that many are saying this is not just about compliance, and, ‘I have to make this investment now, anyhow, so I’ll make the best of it.’ That’s reassuring.” The Ponemon study also found 55 percent of organizations focus only on protecting credit card data and don’t bother securing other sensitive customer data, such as Social Security numbers, driver’s license numbers, and bank account information. “We like to think wherever our information is, people are securing it, but that’s not necessarily the case,” Imperva’s Contos says. “Small companies with a limited budget and resources simply don’t generally secure credit card and other supporting information.” Only 28 percent of small businesses in the survey (501 to 1,000 employees) are PCI-compliant, according to the survey, while 70 percent of companies with 75,000 or more employees are. But even the PCI-compliant ones aren’t necessarily more secure if they only treat it as a check-box item to appease the auditors, Contos says.;?articleID=220100919&subSection=Attacks/breaches

DHS PRIVACY REPORT: LAPTOP SEARCHES AT AIRPORTS INFREQUENT (NetworkWorld, 25 Sept 2009) - The U.S. Department of Homeland Security’s annual privacy report card revealed more details on the agency’s controversial policy involving searches of electronic devices at U.S. borders. The 99-page report, which was released Thursday, also offered details on the agency’s efforts to address privacy risks in social media and the use of imaging technologies that produce whole-body scans at airport security checkpoints. The report is the first DHS privacy assessment released to Congress since the new administration took office. It covers the activities of the DHS Privacy Office between July 2008 and June 2009. Of the more than 144 million travelers that arrived at U.S. ports of entry between Oct. 1, 2008 and May 5, 2009, searches of electronic media were conducted on 1,947 of them, the DHS said. Of this number, 696 searches were performed on laptop computers, the DHS said. Even here, not all of the laptops received an “in-depth” search of the device, the report states. A search sometimes may have been as simple as turning on a device to ensure that it was what it purported to be. U.S. Customs and Border Protection agents conducted “in-depth” searches on 40 laptops, but the report did not describe what an in-depth search entailed. DHS’s privacy report here:

THE MORTGAGE MACHINE BACKFIRES (New York Times, 26 Sept 2009) – With the mortgage bust approaching Year Three, it is increasingly up to the nation’s courts to examine the dubious practices that guided the mania. A ruling that the Kansas Supreme Court issued last month has done precisely that, and it has significant implications for both the mortgage industry and troubled borrowers. The opinion spotlights a crucial but obscure cog in the nation’s lending machinery: a privately owned loan tracking service known as the Mortgage Electronic Registration System. This registry, created in 1997 to improve profits and efficiency among lenders, eliminates the need to record changes in property ownership in local land records. “MERS is basically an electronic phone book for mortgages,” said Kevin Byers, an expert on mortgage securities and a principal at Parkside Associates, a consulting firm in Atlanta. In January 2007, [a Court] found that Sovereign’s failure to register its interest with the county clerk barred it from asserting rights to the mortgage after the judgment had been entered. The court also said that even though MERS was named as mortgagee on the second loan, it didn’t have an interest in the underlying property. By letting the sale stand and by rejecting Sovereign’s argument, the lower court, in essence, rejected MERS’s business model. Although the Kansas court’s ruling applies only to cases in its jurisdiction, foreclosure experts said it could encourage judges elsewhere to question MERS’s standing in their cases.

VIRTUAL TOWN NOT LIKE COMPANY TOWN FOR PURPOSES OF FIRST AMENDMENT PROTECTION (BNA’s Internet Law News, 1 Oct 2009) – BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the Northern District of California has ruled that virtual world that includes homes, offices, and shops is simply an entertainment space, not a „company town‰ that would liken the operator to the government for purposes of the First Amendment. The court dismissed a First Amendment claim brought against Sony on finding that Sony was not acting as the government in its virtual world, and was thus not obligated to allow participants the free speech guaranteed by the Constitution. Case name is Estavillo v. Sony Computer Entertainment America.

NEW HIRES TO MONITOR OUTBOUND E-MAIL (, 30 Sept 2009) - The economy has employers extra jittery about company secrets getting out, so nervous that they’re hiring staff just to monitor outbound e-mails. That’s the conclusion of a recent study by Proofpoint, an Internet security and data loss prevention company, which found that 38 percent of large U.S. employers are monitoring outbound e-mail to prevent data leaks, up from 29 percent in 2008. And it’s not just inappropriate use of e-mail that has employers scrutinizing employees. Social networking sites like Twitter and Facebook are also compounding data leak fears, companies reported, with 8 percent saying they had fired an employee for misuse of social networks in the past 12 months. Another 17 percent had disciplined an employee for violating blog or message board policies, up from 11 percent the year before. No surprise, say some employment attorneys, noting the ease with which employees can swipe confidential information or taint a company’s image has Corporate America on edge. “It’s almost impossible to keep up with what might be walking out of the door or sliding out the door,” said Anthony Oncidi, chairman of the labor and employment department in the Los Angeles office of New York-based Proskauer Rose.

HAWAII SUPREME COURT DISPUTES LASER GUN TEST IN SPEEDING CASE (Honolulu Advertiser, 1 Oct 2009) - The Hawai’i Supreme Court has thrown out a man’s conviction for excessive speeding, a ruling that could put in jeopardy dozens of cases in which drivers have been pulled over by police officers armed with a laser gun. In a ruling released yesterday involving a man accused of exceeding the speed limit by more than 30 mph, the court wrote that prosecutors could not show that the way Honolulu police tested the laser gun used to nab drivers conformed with standards of the device’s manufacturer. HPD does conduct tests on the device, but the court said that without proof that the speed guns were functioning properly, police had no way of proving that the laser was accurately recording speeds of vehicles. At trial, HPD motorcycle Officer Jeremy Franks testified that he was certified to use the laser gun and that he tested the equipment before going on duty on the day of the incident. He testified that the tests were standard and done according to HPD procedures. But the defense argued that there was no evidence to show that the testing practice conformed with the manufacturer’s operating manual. Without this proof that the machine met established standards, the evidence should be thrown out, the defense argued. The justices agreed and said the laser gun reading should not have been admitted in court.

COURT ORDER SERVED OVER TWITTER (BBC, 1 Oct 2009) - The High Court has given permission for an injunction to be served via social-networking site Twitter. The order is to be served against an unknown Twitter user who anonymously posts to the site using the same name as a right-wing political blogger. The order demands the anonymous Twitter user reveal their identity and stop posing as Donal Blaney, who blogs at a site called Blaney’s Blarney. The order says the Twitter user is breaching the copyright of Mr Blaney. He told BBC News that the content being posted to Twitter in his name was “mildly objectionable”. Mr Blaney turned to Twitter to serve the injunction rather than go through the potentially lengthy process of contacting Twitter headquarters in California and asking it to deal with the matter. UK law states that an injunction does not have to be served in person and can be delivered by several different means including fax or e-mail. Danvers Baillieu, a solicitor specialising in technology, said it was possible for anyone to approach the court about any method of serving an injunction if the traditional methods are unavailable. “The rules already allow for electronic service of some documents, so that they can be sent by e-mail, and it should also be possible to use social networks,” he said. Mr Blaney decided to use Twitter after a recent case in Australia where Facebook was used to serve a court order.

AMAZON SETTLES KINDLE DELETION LAWSUIT FOR $150,000 (Information Week, 2 Oct 2009) - has agreed to pay $150,000 to the student who sued the company for deleting his digital copy of George Orwell’s 1984 from his Kindle e-book reading device. In June, Amazon received a demand to remove unauthorized copies of George Orwell’s 1984 and Animal Farm from its Kindle Store. The company then refunded the $0.99 purchase price to customers who had bought the e-books for their Kindle devices and deleted copies of the e-book files for almost 2000 customers. The deletion prompted widespread criticism from Amazon customers, rights advocates, and bloggers, on whom the Orwellian nature of Amazon’s actions were not lost. Two days later, one of the customers stripped of his Kindle copy of 1984, Justin D. Gawronski, sued, in part because the deletion affected annotations about the book he had made using his Kindle. Amazon’s Kindle license agreement makes it clear that e-books bought for the Kindle are licensed rather than owned. The document also claims rights to alter the service. However, lawyers have argued that it’s not clear from the Kindle license agreement that Amazon has the right delete purchased content. As part of the settlement terms, Amazon has agreed not to delete Kindle e-books purchased and used in the US in the future, unless (a) the user consents; (b) the user seeks a refund or an electronic payment fails to clear; (c) a court orders the deletion; or (d) deletion is necessary to protect against malware. This does not apply, however, to software code, “transient content such as blogs,” or “content that the publisher intends to be updated and replaced with newer content as newer content becomes available.” In the case of Kindle newspaper and magazine content subscriptions, content is designed to be deleted, unless the user takes steps to save the content.

CHILD-PORN ARRESTS: `SHOOTING FISH IN A BARREL’ (Washington Post, 5 Oct 2009) - When a single Florida county arrested 45 men and boys from all walks of life last June on charges of downloading child pornography, some people worried the place had become a haven for deviants. But top law enforcement officials and child welfare experts say the only thing unusual about Polk County is that its sheriff, Grady Judd, happens to pursue child-porn enthusiasts with more fervor and resources than most. Child porn has grown so pervasive on the Internet, they say, that police agencies all over the country, using the latest file-tracking technology, could easily spend every day finding and arresting offenders. “Today, it’s truly like shooting fish in a barrel,” said Judd, who has directed four child pornography roundups since 2006, resulting in at least 176 arrests in Polk County, a patchwork of orange groves, phosphate mines, modest towns and a half-million people between Tampa and Orlando. The biggest city is Lakeland, population 90,000. Mike Phillips, chief of the computer crimes section at the Florida Department of Law Enforcement, said Polk’s sheer number of child pornography arrests in recent years is almost unheard of nationally for a single agency.

SOON, BLOGGERS MUST GIVE FULL DISCLOSURE (New York Times, 6 Oct 2009) - For nearly three decades, the Federal Trade Commission’s rules regarding the relationships between advertisers and product reviewers and endorsers were deemed adequate. Then came the age of blogging and social media. On Monday, the F.T.C. said it would revise rules about endorsements and testimonials in advertising that had been in place since 1980. The new regulations are aimed at the rapidly shifting new-media world and how advertisers are using bloggers and social media sites like Facebook and Twitter to pitch their wares. The F.T.C. said that beginning on Dec. 1, bloggers who review products must disclose any connection with advertisers, including, in most cases, the receipt of free products and whether or not they were paid in any way by advertisers, as occurs frequently. The new rules also take aim at celebrities, who will now need to disclose any ties to companies, should they promote products on a talk show or on Twitter. A second major change, which was not aimed specifically at bloggers or social media, was to eliminate the ability of advertisers to gush about results that differ from what is typical — for instance, from a weight loss supplement. For bloggers who review products, this means that the days of an unimpeded flow of giveaways may be over. More broadly, the move suggests that the government is intent on bringing to bear on the Internet the same sorts of regulations that have governed other forms of media, like television or print. “It crushes the idea that the Internet is separate from the kinds of concerns that have been attached to previous media,” said Clay Shirky, a professor at New York University. Jonathan Zittrain, a professor at Harvard Law School and co-founder of the Berkman Center for Internet and Society, said, “the rules are looking ahead to a quite possible future when there is a market to buy ‘authentic’ public endorsements.” Some marketing groups fought the changes. “If a product is provided to bloggers, the F.T.C. will consider that, in most cases, to be a material connection even if the advertiser has no control over the content of the blogs,” said Linda Goldstein, a partner at Manatt Phelps & Phillips, a law firm that represents three marketing groups, the Electronic Retailing Association, the Promotion Marketing Association and the Word of Mouth Marketing Association. “In terms of the real world blogging community, that’s a seismic shift.” FTC guide here: [Interesting spin on this by Eric Goldman, in the context of 47 USC 230:]

AT&T TO ALLOW EXPANDED INTERNET CALLING SERVICES ON APPLE’S IPHONE (, 6 Oct 2009) - AT&T said Tuesday that it will begin allowing iPhone owners to use Internet calling services such as Skype on its wireless network. The move represents a big reversal for the carrier, which had previously barred iPhones from using such services on its network. It comes as AT&T and other carriers are under scrutiny from the Federal Communications Commission for the control they exert over what types of devices and applications are allowed on their networks. As a result of the policy change, iPhone owners will soon be able to use programs such as Skype to make Voice over Internet Protocol (VoIP) phone calls using AT&T’s 3G data network. Such programs route calls largely over the Internet rather than through the traditional phone systems. Because they use a data connection rather than a voice connection, calls placed over such programs won’t eat into a customer’s limited number of voice minutes. Previously, iPhone owners could use such programs only to make calls over Wi-Fi hot spots, such as those in homes or at Internet cafes. Although AT&T barred the iPhone from making VoIP calls on its network, it did allow certain phones running the Windows Mobile operating system to make such calls, Balmoris said. In its August letter to the FCC, AT&T said it was worried that allowing iPhone users to place voice calls over its data network would decrease the amount of money it makes from those users. Allowing such services might mean AT&T and Apple would have to raise the price of the iPhone, the company warned.

POST-BREACH FEAR OF IDENTITY THEFT SATISFIES STANDING REQUIREMENTS, BUT FAILS TO SUPPORT NEGLIGENCE AND OTHER CLAIMS (Steptoe & Johnson’s E-Commerce Law Week, 8 Oct 2009) - A federal court in Connecticut has ruled in McLoughlin v. People’s United Bank, Inc., that fear of identity theft following a data breach qualifies as injury-in-fact for Article III standing, but that such fear alone cannot support claims of unfair trade practices, negligence, or breach of fiduciary duty. Courts have split over whether fear of identity theft alone satisfies standing requirements. But courts have been fairly consistent in holding that fear of future harm alone is insufficient to establish damages and therefore to state a tort claim or any other sort of claim commonly raised by plaintiffs in data breach cases. Ruling here:

- and -

AUTUMN BRINGS AMENDMENTS TO DATA BREACH NOTIFICATION LAWS (Steptoe & Johnson’s E-Commerce Law Week, 8 Oct 2009) - Four states have amended their existing data breach notification laws. Montana and Texas have extended their notification requirement to the public sector. Maine has limited the amount of time businesses can delay notification after law enforcement gives a green light. And North Carolina now requires businesses to notify the state attorney general of breaches and to provide free security freezes to data breach victims. The amendments are all now in effect. Alabama, Kentucky, Mississippi, New Mexico, and South Dakota remain the only states without any breach notification requirement on the books.

- and -

GERMANY BROACHES THE BREACH QUESTION IN THE EU (Steptoe & Johnson’s E-Commerce Law Week, 15 Oct 2009) - With amendments to the German Federal Data Protection Law (Bundesdatenschutzgesetz) that took effect last month, Germany has become an early adopter of data breach notification obligations in the European Union. Data breach notification laws are widespread in the United States (now in force in 45 states, plus the District of Columbia, Puerto Rico, and the U.S. Virgin Islands ), but the EU has lagged in this area of regulation. That will almost certainly change, because proposed revisions to the EU electronic communications framework are expected to require all EU member states to introduce data breach notification legislation. However, those revisions stalled this summer due to conflicting views of the European Parliament and Council over other aspects of an overall electronic communications reform package, and it is likely to be at least a year before EU-wide data breach obligations take effect. In the meantime, Germany has taken the lead (although EU neighbor Norway has had such legislation on the books for some time). One upshot of these developments is that companies that suffer a breach involving the data of U.S. as well as EU residents will face an even broader patchwork of differing notification obligations.

COMPANIES SAY NO TO FRIENDING OR TWEETING (Nat’l Law Journal, 8 Oct 2009) - Lawyers are calling it social networking burnout. Back-to-back studies, the most recent issued Tuesday, show a big chunk of corporate America is banning communication wonders like Twitter and Facebook from the workplace. According to the latest survey of more than 1,400 U.S. companies, more than half (54 percent) said they prohibit employees from visiting sites such as Twitter, Facebook and MySpace while on the clock. The survey, by Robert Half Technology, a provider of information technology staffing services, was based on telephone interviews with U.S. companies of 100 or more employees. Another recent survey delivered even graver news for the social media world. According to an August survey by ScanSafe, a Web security provider, 76 percent of companies are now choosing to block employees’ use of social networking -- up 20 percent from February -- which is now a more popular category of sites to block than those involving shopping, weapons, sports or alcohol. Law firms have also joined in the trend. Indianapolis-based Barnes & Thornburg has blocked all access to Facebook. Twitter is still available, however. Gunster Yoakley & Stewart of West Palm Beach, Fla., blocks Facebook and Twitter for all its support staff, including secretaries and legal assistants, but lets lawyers use the social media tools. London’s Allen & Overy tried to ban Facebook in 2007, but then lifted the ban after associate backlash.

E-DISCOVERY ISSUES WITH DIGITAL VOICEMAIL (, 9 Oct 2009) - Modern companies are presented with many options for generating, receiving, storing, retrieving and disposing of electronic business communications. Perhaps nowhere is the progression of technology more evident than in the context of voicemail. Where voicemail messages were once stored on analog tapes, many organizations now utilize digital technology, and some opt for “unified” technology in which a company’s telephone and computer systems are integrated. Not surprisingly, such advances raise a number of e-discovery issues. Businesses considering implementation of new voicemail technology should evaluate the effect, if any, that implementation will have on the company’s obligations to preserve, search for and disclose relevant voicemail messages. The purpose of this article is to provide an overview of various digital voicemail arrangements, from very basic to fully unified, and to identify and discuss related e-discovery issues and practical considerations. [Editor: Good, useful survey of technology and legal issues.]

SIDEKICK OUTAGE CASTS CLOUD OVER MICROSOFT (CNET, 10 Oct 2009) - The massive data failure at Microsoft’s Danger subsidiary threatens to put a dark cloud over the company’s broader “software plus services” strategy. A key tenet of that approach is that businesses and consumers can trust Microsoft to reliably store valuable data on their servers. A week ago, though, Microsoft’s Danger unit experienced a huge outage that left many T-Mobile Sidekick users without access to their calendar, address book, and other key data. That’s because the Sidekick keeps nearly all its data in the cloud as opposed to keeping the primary copy on the devices themselves. Things got even worse on Saturday, as Microsoft said in a statement that data not recovered thus far may be permanently lost. It’s not immediately clear how many people lost their data. The outage earlier in the week affected a broad swath of Sidekick users, though many had data return during the week. While outages in the cloud computing world are common (one need only look at recent issues with Twitter or Gmail), data losses are another story. And this one stands as one of the more stunning ones in recent memory. The Danger outage comes just a month before Microsoft is expected to launch its operating system in the cloud--Windows Azure. That announcement is expected at November’s Professional Developer Conference. One of the characteristics of Azure is that programs written for it can be run only via Microsoft’s data centers and not on a company’s own servers. [Editor: Now Microsoft says it’s going to be able to recover most lost sidekick data. This doesn’t change the fundamental point.]

FBI USES FACIAL-RECOGNITION TECHNOLOGY ON DMV PHOTOS (USA Today, 13 Oct 2009) - In its search for fugitives, the FBI has begun using facial-recognition technology on millions of motorists, comparing driver’s license photos with pictures of convicts in a high-tech analysis of chin widths and nose sizes. The project in North Carolina has already helped nab at least one suspect. Agents are eager to look for more criminals and possibly to expand the effort nationwide. But privacy advocates worry that the method allows authorities to track people who have done nothing wrong. “Everybody’s participating, essentially, in a virtual lineup by getting a driver’s license,” said Christopher Calabrese, an attorney who focuses on privacy issues at the American Civil Liberties Union. Earlier this year, investigators learned that a double-homicide suspect named Rodolfo Corrales had moved to North Carolina. The FBI took a 1991 booking photo from California and compared it with 30 million photos stored by the motor vehicle agency in Raleigh. In seconds, the search returned dozens of drivers who resembled Corrales, and an FBI analyst reviewed a gallery of images before zeroing in on a man who called himself Jose Solis. A week later, after corroborating Corrales’ identity, agents arrested him in High Point, southwest of Greensboro, where they believe he had built a new life under the assumed name. Corrales is scheduled for a preliminary hearing in Los Angeles later this month. “Running facial recognition is not very labor-intensive at all,” analyst Michael Garcia said. “If I can probe a hundred fugitives and get one or two, that’s a home run.” Calabrese said Americans should be concerned about how their driver’s licenses are being used. Licenses “started as a permission to drive,” he said. “Now you need them to open a bank account. You need them to be identified everywhere. And suddenly they’re becoming the de facto law enforcement database.” State and federal laws allow driver’s license agencies to release records for law enforcement, and local agencies have access to North Carolina’s database, too. But the FBI is not authorized to collect and store the photos. That means the facial-recognition analysis must be done at the North Carolina Division of Motor Vehicles.

GOV’T UNVEILS NEW SHORT URLS (, 13 Oct 2009) - The General Services Administration on Tuesday announced a new application that allows government employees to shorten their Web addresses. lets officials create short .gov URLs out of any .gov, .mil, or URLs. As of 5:30 p.m., has shortened 249 URLs that have been clicked 14,299 times. In related Web news, the White House unveiled a new Spanish site and Twitter feed.

- and -

WHITE HOUSE CONFRONTS BARRIERS TO GOV 2.0 (Information Week, 14 Oct 2009) - Regulations and technical limitations pose challenges in the federal government’s move to “Government 2.0,” the trend of Web-enabling government data and processes, Andrew McLaughlin, deputy CTO for Internet policy, said in a speech today in Washington, D.C. Several issues come into play as the government increasingly uses popular Web sites such as YouTube, Facebook and Flickr to share information and interact with the public. Advertising on commercial sites is one of them. The U.S. government doesn’t run ads on Web sites because it doesn’t want to be seen as endorsing commercial products, but sites like Flickr and YouTube want to run ads on sites the government uses to host photos and videos. As of now, some sites offer ad-free pages as a public service, but it’s unclear how long they will continue to do so. “Do they offer their sites for free to the government forever?” McLaughlin asked rhetorically. “That’s not a good business model.” The terms-of-use policies of some sites present other concerns for the federal government. Many sites use language that binds their use to the laws of certain states, but the federal government isn’t bound by any one state law, McLaughlin noted. Often such language has to be tweaked for federal use. A third challenge is Section 508, the regulation that requires any technology used by the government to be accessible by the disabled. New technologies often make compliance with Section 508 difficult, McLaughlin said. For example, if a Web site is using Ajax and automatically adds new information to a page, it’s difficult for page readers for the blind or Braille readers to interpret and convey that information. There’s a similar problem with archiving. The government is required to save much information as a matter of public record, but it doesn’t have a good way of digitally archiving things like Facebook comments. For now, the costly work-around is to manually print and store paper copies. In addition, the White House continues to work on a new policy around its use of Web cookies, though it’s unclear when that will come out. McLaughlin noted the government is still assessing the best way to deal with public concerns about what it will do with the Web usage data that cookies collect.

WEB CONTENT POSTED ABROAD NOT SIMULTANEOUSLY PUBLISHED IN AMERICA (BNA’s Internet Law News, 15 Oct 2009) – BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the District of Delaware has ruled that posting content to a foreign website, although instantly accessible in the United States, does not amount to simultaneous publication in the United States such that registration is required to pursue an infringement action under the federal Copyright Act. In a case of first impression, the court ruled that the mere act of posting content to the internet does not mean that the content is simultaneously published in every country where it is accessible. Case name is Moberg v. 33T LLC.

LIBRARIES AND READERS WADE INTO DIGITAL LENDING (New York Times, 15 Oct 2009) - Kate Lambert recalls using her library card just once or twice throughout her childhood. Now, she uses it several times a month. The lure? Electronic books she can download to her laptop. Beginning earlier this year, Ms. Lambert, a 19-year-old community college student in New Port Richey, Fla., borrowed volumes in the “Hitchhiker’s Guide to the Galaxy” series, “The Lovely Bones” by Alice Sebold and a vampire novel by Laurell K. Hamilton, without ever visiting an actual branch. Eager to attract digitally savvy patrons and capitalize on the growing popularity of electronic readers, public libraries across the country are expanding collections of books that reside on servers rather than shelves. The idea is to capture borrowers who might not otherwise use the library, as well as to give existing customers the opportunity to try new formats. About 5,400 public libraries now offer e-books, as well as digitally downloadable audio books. The collections are still tiny compared with print troves. The New York Public Library, for example, has about 18,300 e-book titles, compared with 860,500 in circulating print titles, and purchases of digital books represent less than 1 percent of the library’s overall acquisition budget. Most digital books in libraries are treated like printed ones: only one borrower can check out an e-book at a time, and for popular titles, patrons must wait in line just as they do for physical books. After two to three weeks, the e-book automatically expires from a reader’s account. Simon & Schuster, whose authors include Stephen King and Bob Woodward, has also refrained from distributing its e-books to public libraries. “We have not found a business model that works for us and our authors,” said Adam Rothberg, a spokesman.

LAW.GOV PROPOSES OPEN-SOURCE STASH OF ALL PRIMARY US LEGAL MATERIALS (ABA Journal, 15 Oct 2009) - An ambitious project to create an open-source authenticated repository of all primary legal materials in the United States is being proposed by Law.Gov. Detailed by Law.Gov, the project is presently in a planning stage. A growing group of individuals and organizations including a number of well-known law schools and law professors expect to meet to discuss how it might be pursued and potentially develop a proposal for doing so. “By primary legal materials,” Law.Gov explains, “we mean all materials that have the force of law and are part of the law-making process, including: briefs and opinions from the judiciary; reports, hearings, and laws from the legislative branch; and regulations, audits, grants, and other materials from the executive branch. Creating the system from open source software building blocks will allow states and municipalities to make their materials available as well.”

**** RESOURCES ****
PRIVACY IN ELECTRONIC COMMUNICATIONS: THE REGULATION OF VOIP IN THE EU AND THE UNITED STATES (SSRN Paper, 1 Sept 2009; by Rebecca Wong and Daniel Garrie) - The growth of internet telephony or Voice over Internet Protocol (VoIP) services has led to questions by policymakers and legislators over the regulation of VoIP. In this article, the authors consider the extent to which VoIP services are protected from an EU/US perspective and the concerns arising from the current legislative framework, mainly from privacy perspective. The second part considers VoIP services in general. The third part examines the European framework and in particular, the current categorisation of VoIP services, before considering the privacy perspective, taking into account the Directive on Privacy and Electronic Communications 2002/58 and the general Data Protection Directive 95/46. The fourth part will consider the US framework in protecting the privacy of communications, asserting that the federal courts and legislatures should act to explicitly protect VoIP oral internet communications. The final part will conclude by discussing the principal areas that still need to be addressed.

**** BOOK REVIEW ****
BOOK REVIEW: ‘7 STEPS FOR LEGAL HOLDS’ (, 14 Oct 2009) - I have not applied a legal hold in a corporate or large law firm setting, but John J. Isaza and John J. Jablonski told me how to go about it -- and why -- in “7 Steps for Legal Holds of ESI and Other Documents.” The book explains how to implement a legal hold in seven easy steps and provides the legal and business drivers behind the holds that can be used to create more efficient business processes for an organization of any size. When I first picked up the book, I thought: “What’s the big deal?” Isaza and Jablonski made it clear. Federal and state courts are focusing on the legal duty to preserve potential evidence in litigation or government investigations, especially evidence stored in electronic form. Increasingly, cases are settling during the discovery phase because of the conspicuous absence or abundant presence of relevant electronic evidence. If evidence is absent, there is the chance your organization may face costly sanctions; if evidence is abundant, your organization may face a costly production that will require an expensive preproduction review of documents for privilege. Isaza and Jablonski are honest and cut to the chase in plain English. They readily admit that the legal hold, although a relatively new legal term, incorporates a legal duty to preserve evidence, which is not new. In fact, the legal hold reflects a time-honored public policy that is embedded into law: it is wrong to destroy evidence. They also bring the legal hold down to earth and instantiate it with fundamental concepts that operate on our daily lives, e.g., when implementing a legal hold, “timing is everything.” Although the book is a monograph, it is bound in a tabbed format that makes for an easy reference book to review material at any of the seven steps to the legal hold. It includes appendices loaded with examples of how misunderstandings of ESI lead to large spoliation sanctions, sample legal hold notices, policies and procedures. One index combines both case names and keywords. Isaza and Jablonski don’t have the last word on legal holds, but they certainly have the right ones, in seven, digestible steps, to get your organization started in fashioning a legal hold policy and procedure to respond to an event that triggers the duty to preserve evidence. In the end, you will want to get out there and put a legal hold on something.

**** DIFFERENT **** PEACETONES WEBSITE - PeaceTones is an InternetBar project created to build peace, and create opportunities for all members of the global community. The selected project participants are artists from developing economies, remote areas, and conflict zones. After selection InternetBar works with students and participants to digitalize their art. This can mean photographing paintings, recording music, capturing local nature sounds, folk tales, etc. Once digitalized the art is then organized into the form of albums which are then sold online. The proceeds are sent back to the participants in their respective countries in intervals, creating revenues for project participants and their communities. During this process participants learn about technology, the internet, rights, and their intellectual property rights in a global market. If you would like more information, the “PeaceTones Overview” link will take you to a page with an in detail explanation of the entire process. [Editor: search iTunes for “Peacetones”; the music is rather wonderful.]

RINGING IN THE NEW YEAR WITH GREENWICH NET TIME -- January 1 marks the debut of a new time standard that supporters hope will become the online equivalent of the venerable Greenwich Mean Time. Greenwich Net Time will offer ISPs and Internet users a new way to time-stamp electronic documents. Companies involved in the deployment of GNT clocks include the London Internet Exchange (LINX), a nonprofit group of ISPs that share data centers in order to speed Internet traffic within the U.K.; Datum, which is supplying three atomic clocks that will deliver GNT from Greenwich’s zero meridian line; and Enron Communications, an energy and communications firm. LINX members who will support GNT include AT&T, BT Internet Services, France Telecom and Level 3. (Computer Reseller News 29 Dec 99)

************** NOTES **********************
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley ( with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
6. Crypto-Gram,
7. McGuire Wood’s Technology & Business Articles of Note,
8. Steptoe & Johnson’s E-Commerce Law Week,
9. Eric Goldman’s Technology and Marketing Law Blog,
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.