Saturday, November 28, 2009

MIRLN --- 8-28 November 2009 (v12.16)

• Leaked ACTA Internet Provisions: Three Strikes and a Global DMCA
• Federal Judge Calls Courtroom Tweets Banned Broadcasts Under Rule 53
• Consent Will be Required for Cookies in Europe
o French Senate Issues New Legislation to Amend Data Protection Act: Provisions Include Breach Notice Obligation and Consent for Use of Cookies
• Towards a “Privacy Privilege” to Oppose Discovery Requests?
• Sticks and Stones – More about Online Reputation Management
• Department of Interior Fails Cybersecurity Audit
o NIST Drafts Cybersecurity Guidance
• World Justice Project Rule of Law Index
• Ninth Circuit Ruling Leads to Spike in Class Actions Over Text Messages from Retailers
• Employers Win a Round in the Fight over whether Disloyal Employees are “Authorized” to Access Company Computers
• Two German Killers Demanding Anonymity Sue Wikipedia’s Parent
• W.Va. Supreme Court Opts for E-Mail Secrecy
• International Activists Launch New Website to Gather and Share Copyright Knowledge
• A Rush to Learn English by Cell
• Twitter and the Learning Technology Stream
• More Hackers Target Law Firms, Often ‘Spear Fishing’ in Spam E-Mail
• Goal of New ABA Website: All the Federal Decisions that are Fit to Print
o Bridging the Digital Divide: a New Vendor in Town? Google Scholar Now Includes Case Law
o Google Scholar Legal Opinion and Journal Search, ABA LTRC Free Full-Text Law Review/Law Journal Search
• Wow! Top Execs Say they are Influenced by Social Networks
• In-Q-Tel Invests in Cybersecurity Company
• DHS Critical Infrastructure Protection Website Launched
• India Establishes Broad Interception, Data Retention, Cyber Security, and Website Blocking Requirements
• Some Courts Raise Bar on Reading Employee Email
• 200 Web Sites Spread al-Qaida’s Message in English
• Military Video System is Like YouTube with Artillery
• Memento: Protocol-Based Time Travel for the Web
• A Look at Twitter’s Updated Privacy Policy
• Law Firm Invokes Privacy Laws in Suing Rival over Search Engine Keywords
• Levi’s is Paying Orrick a Flat Fee to Handle all but its IP Work
• Wikileaks Releases over Half a Million Pager Messages from 9/11
• Google Profiles turn into OpenIds

NEWS | RESOURCES | FUN | LOOKING BACK | NOTES

LEAKED ACTA INTERNET PROVISIONS: THREE STRIKES AND A GLOBAL DMCA (EFF, 9 Nov 2009) - Negotiations on the highly controversial Anti-Counterfeiting Trade Agreement (ACTA) began last week in Seoul, Korea. The closed negotiations focused on “enforcement in the digital environment.” Negotiators discussed the Internet provisions drafted by the US government. No text has been officially released, but as Professor Michael Geist and IDG are reporting, leaks have surfaced. The leaks confirm everything we have feared about the secret ACTA negotiations. The Internet provisions have nothing to do with addressing counterfeit products but are all aimed at imposing a set of copyright industry demands on the global Internet, including obligations on ISPs to adopt Three Strikes Internet disconnection policies and a global expansion of DMCA-style TPM laws. For the leaked commission memo: http://www.michaelgeist.ca/content/view/4516/125/ https://www.eff.org/deeplinks/2009/11/leaked-acta-internet-provisions-three-strikes-and-

FEDERAL JUDGE CALLS COURTROOM TWEETS BANNED BROADCASTS UNDER RULE 53 (ABA Journal, 9 Nov 2009) - A federal judge in Georgia has banned reporters from sending live-action tweets from his courtroom, saying that Twitter is a form of broadcasting and hence prohibited under Rule 53 of the Federal Rules of Criminal Procedure. But the ruling by U.S. District Judge Clay Land only extends as far as the courtroom door, suggests the Taking Liberties blog of CBS News: “All an intrepid spectator in Judge Clay Land’s courtroom apparently needs to do is write something inside the courtroom, and then step outside before pressing ‘send,’ “ the blog states. The Volokh Conspiracy provides a link to the judge’s four-page order (PDF), which was made last week in response to a request by a Columbus Ledger-Enquirer reporter to tweet about an upcoming trial. http://www.abajournal.com/news/federal_judge_calls_courtroom_tweets_banned_broadcasts_under_rule_53/

CONSENT WILL BE REQUIRED FOR COOKIES IN EUROPE (Out-Law.com, 9 Nov 2009) - A law that demands consent to internet cookies has been approved and will be in force across the EU within 18 months. It is so breathtakingly stupid that the normally law-abiding business may be tempted to bend the rules to breaking point. The fate of Europe’s cookie law became improbably entwined with a debate over file-sharing. To cut a long story short, it broke free. On 26th October, it was voted through by the Council of the EU. It cannot be stopped and awaits only the rubber-stamp formalities of signature and publication. The vote’s result was announced by way of a whisper. It featured at the tail end of an 18-page Council press release (PDF) that first had to address fishing quotas, train driving licences and a maritime treaty with China. I’m afraid we missed it. There was no attempt to bury this news – but the hushed tones of its reporting were consistent with the media attention it has received to date. There has been almost no fuss about this little law, despite the harm it could do to advertising, the lifeblood of online publishing. It also threatens to irritate all web users by appearing at every new destination like an over-zealous security guard. Here’s what’s coming. The now-finalised text says that a cookie can be stored on a user’s computer, or accessed from that computer, only if the user “has given his or her consent, having been provided with clear and comprehensive information”. An exception exists where the cookie is “strictly necessary” for the provision of a service “explicitly requested” by the user – so cookies can take a user from a product page to a checkout without the need for consent. Other cookies will require prior consent, though. So almost every site that carries advertising should be seeking its visitors’ consent to the serving of cookies. It also catches sites that count visitors – so if your site uses Google Analytics or WebTrends, you’re caught. You could seek consent with pop-ups, if you’re happy to ignore accessibility guidelines that discourage pop-ups – though users’ browsers may block pop-ups by default, which risks confusion. Or you could do it with a landing page that contains a load of information and some choices. The choices for users could be: * * * http://www.out-law.com/page-10510 [Spotted by MIRLN reader Michael Fleming of Larkin Hoffman.]

- and -

FRENCH SENATE ISSUES NEW LEGISLATION TO AMEND DATA PROTECTION ACT: PROVISIONS INCLUDE BREACH NOTICE OBLIGATION AND CONSENT FOR USE OF COOKIES (Hunton & Williams, 17 Nov 2009) - On November 6, 2009, the French Senate proposed a new draft law to reinforce the right to privacy in the digital age (“Proposition de loi visant à garantir le droit à la vie privée à l’heure du numérique”) (the “Draft Law”). Following a Report on the same topic issued last spring, the Senate made concrete proposals with this Draft Law to amend the Data Protection Act. The Draft Law requires that data controllers provide information on their data processing activities to their data subjects in a clear, specific and easily accessible manner. The data subjects would be able to exercise their right of access more easily, including by email. The Draft Law also distinguishes between the data subject’s right to object to the use of his/her personal data for commercial purposes and his/her right to delete his personal data after it has been processed. The Draft Law also proposes an increase in the obligations of data controllers. Organizations with more than fifty employees that either access or process the personal data are required to appoint a data protection officer. In addition to his obligation to inform the data subjects about a data processing activity, a data controller would have to obtain a data subject’s consent to process data (including for the use of cookies), except if a legal exception applies. Data controllers would also have to implement stronger security measures to preserve the security and confidentiality of personal data. In particular, in case of a data security breach, a data controller would have to notify the French data protection authority (“CNIL”), which would then decide whether to inform the data subjects concerned by this breach. Finally, passage of the law would increase the CNIL’s enforcement authority. Fines imposed by the CNIL for violations of the law would be increased to a maximum €600,000 (instead of the current €300,000). http://www.huntonprivacyblog.com/2009/11/articles/enforcement-1/french-senate-issues-new-legislation-to-amend-data-protection-act-provisions-include-breach-notice-obligation-and-consent-for-use-of-cookies/#page=1

TOWARDS A “PRIVACY PRIVILEGE” TO OPPOSE DISCOVERY REQUESTS? (White & Case, 10 Nov 2009) - On July 23, 2009, the French Data Protection Authority [Commission nationale de l’informatique et des libertés (“CNIL”)] released its Deliberation No. 2009-474 concerning recommendations for the transfer of personal data in the context of discovery in US litigation (the “Recommendation”). This Recommendation must be taken into account by all parties that find themselves in the position of transferring documents or other information containing personal data from France to the United States in the discovery or litigation context. In the Recommendation, the CNIL, a governmental agency whose stated goal is in particular to protect individuals with regard to the processing of their personal data in France, has wrestled with the threats posed to personal data privacy by discovery requests served in US civil and commercial litigation. The Recommendation was issued in response to “an increase in the number of matters concerning the transfer of personal data to the United States, filed principally either by French subsidiaries of American companies or by French companies that have commercial ties with the United States, in the context of ‘Discovery’ proceedings before American courts.” For those familiar with the CNIL’s prior Recommendations and privacy-friendly positions, this one will not come as a complete surprise; nonetheless, the Recommendation represents an important new authoritative statement regarding the defense of privacy rights in the discovery context. (The Recommendation does not apply to US criminal litigation or the investigations by governmental agencies.) http://www.whitecase.com/files/Publication/bb6e0abd-1b64-4110-8d9e-90262a7dc057/Presentation/PublicationAttachment/fb2a0260-3ad1-4f93-a550-966d2bb69a4b/alert_paris_IP_english.pdf#page=1

STICKS AND STONES – MORE ABOUT ONLINE REPUTATION MANAGEMENT (ABA’s LTRC, 10 Nov 2009) - When people are searching for information they are most likely to be using Google. According to Experian Hitwise, a global online competitive intelligence service, Google accounted for 71.08 percent of all U.S. searches conducted in September 2009. Therefore, Google’s Reputation Management Advice carries considerable weight. A lawyer’s reputation is his or her stock in trade; making this topic particularly relevant to the legal profession. Following is a collection of resources for lawyers regarding online reputation management: * * * http://new.abanet.org/sitetation/Lists/Posts/Post.aspx?ID=577

DEPARTMENT OF INTERIOR FAILS CYBERSECURITY AUDIT (Information Week, 10 Nov 2009) - The Department of the Interior inspector general has issued a report that’s sharply critical of the agency’s cybersecurity performance, concluding that its efforts fall short of federal government requirements. The recently issued report points to broad problems at the agency, from a decentralized IT organization to “fragmented governance processes.” It says that the agency has “substantially under-qualified” cybersecurity personnel and that its IT leadership hasn’t been as involved in cybersecurity as it should be. “Personnel responsible for management of the IT programs are not accountable for results, and existing investments are not leveraged to their full potential,” the report says. Interior has budgeted $182 million for cybersecurity this year and has 677 employees and contractors devoted to information security and another 3,531 with “significant” responsibilities in that area. The Department of Interior has CIOs for each of its large bureaus, and those CIOs are supposed to have responsibility for their organizations’ IT and cybersecurity. However, the inspector general found that responsibilities were delegated to smaller offices, resulting in inefficiencies and higher costs. The report describes IT and cybersecurity governance at the department as being inefficient, wasteful, and lacking accountability. It says that Interior has been cited for similar problems in the past by the inspector general and by the Government Accountability Office, but that recommendations for fixing the situation haven’t been applied. http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=221601054&cid=RSSfeed_IWK_News [Editor: anybody remember Corbell v. Norton? Fiduciary duty to protect information security?]

- and -

NIST DRAFTS CYBERSECURITY GUIDANCE (Information Week, 23 Nov 2009) - Draft guidance from the National Institute of Standards and Technology issued last week, pushes government agencies to adopt a comprehensive, continuous approach to cybersecurity, tackling criticism that federal cybersecurity regulations have placed too much weight on periodic compliance audits. The guidance, encapsulated in a draft revision to NIST Special Publication 800-37, will likely be finalized early next year. While federal agencies aren’t required to follow all of its recommendations, NIST is officially charged with creating standards for compliance with the Federal Information Systems Management Act, (FISMA), which sets cybersecurity requirements in government, so this guidance should at the very least be influential. The new document puts more onus on applying risk management throughout the lifecycle of IT systems. “This is part of a larger strategy to try to do more on the front end of security as opposed to just on the back end,” says NIST’s Ron Ross, who is in charge of FISMA guidance at the agency. “We don’t think of security as a separate undertaking, but as a consideration we make in our normal lifecycle processes.” Special Publication 800-37 fleshes out six steps federal agencies should take to tackle cybersecurity: categorization, selection of controls, implementation, assessment, authorization, and continuous monitoring. It improves on earlier guidance by emphasizing making rigorous cybersecurity part and parcel of the deployment and operation of IT systems. The document breaks out its cybersecurity guidance in several steps. http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=221900722&cid=RSSfeed_IWK_News

WORLD JUSTICE PROJECT RULE OF LAW INDEX (BeSpacific, 11 Nov 2009) - “The Rule of Law Index is a new tool, created by the WJP [World Justice Project Rule], which measures countries’ adherence to the rule of law...The Rule of Law Index is the first index that examines the rule of law comprehensively. Other indices cover only aspects of the rule of law, such as human rights, commercial law, and corruption. Because the Index looks at the rule of law in practice and not solely as it exists on the books, the Index will be able to guide governments, civil society, NGOs and business leaders in targeting efforts to strengthen the rule of law.” http://www.bespacific.com/mt/archives/022774.html Index materials here: http://www.worldjusticeproject.org/rule-of-law-index

NINTH CIRCUIT RULING LEADS TO SPIKE IN CLASS ACTIONS OVER TEXT MESSAGES FROM RETAILERS (Pillsbury, 11 Nov 2009) - In Satterfield v. Simon & Schuster, Inc., 569 F.3d 946 (9th Cir. 2009), the Ninth Circuit held that unsolicited text messages to mobile phones sent by a retailer may constitute a “call” in violation of the Telephone Consumer Protection Act (the “TCPA”). This decision has sparked an increase in consumer class actions filed against retailers who send advertisements to consumers by text message. http://www.pillsburylaw.com/siteFiles/Publications/C6477E2271CD58A3DA7F5B3CED5F6CF3.pdf#page=1

EMPLOYERS WIN A ROUND IN THE FIGHT OVER WHETHER DISLOYAL EMPLOYEES ARE “AUTHORIZED” TO ACCESS COMPANY COMPUTERS (Steptoe & Johnson’s E-Commerce Law Week, 12 Nov 2009) - A federal court in Missouri has weighed in on whether a disloyal employee’s use of his employer’s computer system is acting “without authorization” or “exceed[ing] authorized access,” in violation of the Computer Fraud and Abuse Act. As we’ve previously reported, courts have split on the issue, with many courts (notably the Ninth Circuit) holding that an employee who is permitted to access the system is not acting “without authorization” or in excess of authorization even if he is accessing the system for an illegitimate purpose, such as taking proprietary information to give to a competing firm. The court in Missouri, however, followed the Seventh Circuit’s decision in International Airport Centers, L.L.C., v. Citrin, which held that an employee loses authorization to access company computers when he acts to benefit his own interests, and not those of the company. http://www.steptoe.com/publications-6472.html

TWO GERMAN KILLERS DEMANDING ANONYMITY SUE WIKIPEDIA’S PARENT (New York Times, 12 Nov 2009) - Wolfgang Werlé and Manfred Lauber became infamous for killing a German actor in 1990. Now they are suing to force Wikipedia to forget them. The legal fight pits German privacy law against the American First Amendment. German courts allow the suppression of a criminal’s name in news accounts once he has paid his debt to society, noted Alexander H. Stopp, the lawyer for the two men, who are now out of prison. Mr. Stopp has already successfully pressured German publications to remove the killers’ names from their online coverage. German editors of Wikipedia have scrubbed the names from the German-language version of the article about the victim, Walter Sedlmayr. Now Mr. Stopp, in suits in German courts, is demanding that the Wikimedia Foundation, the American organization that runs Wikipedia, do the same with the English-language version of the article. That has free-speech advocates quoting George Orwell. Floyd Abrams, a prominent First Amendment lawyer who has represented The New York Times, said every justice on the United States Supreme Court would agree that the Wikipedia article “is easily, comfortably protected by the First Amendment.” But Germany’s courts have come up with a different balance between the right to privacy and the public’s right to know, Mr. Abrams said, and “once you’re in the business of suppressing speech, the quest for more speech to suppress is endless.” The German law springs from a decision of Germany’s highest court in 1973, said Julian Höppner, a lawyer with the Berlin law firm JBB who has represented the Wikimedia Foundation, though not in this case. Publications generally comply with the law, Mr. Höppner said, by referring to “the perpetrator — or, Mr. L.” But with such a well-known case, he said, expunging the record “is difficult to accomplish — and, morally speaking, rightly so.” http://www.nytimes.com/2009/11/13/us/13wiki.html?_r=1

W.VA. SUPREME COURT OPTS FOR E-MAIL SECRECY (AP, 12 Nov 2009) - The state Supreme Court has ruled that public officials and public employees can keep their personal e-mails secret. The court ruled 4-1 Thursday that none of the 13 e-mails between former Supreme Court Chief Justice Elliott “Spike” Maynard and Massey Energy Chief Executive Don Blankenship are public records. The Associated Press had sued to gain access to the correspondence last year, when Massey had several cases pending before the high court. Kanawha County Circuit Court Judge Duke Bloom ruled that five of the e-mails were public, but that eight were not. Bloom reasoned that the five e-mails were public records because they touched on Maynard’s ultimately unsuccessful campaign in the Democratic primary, in which he ran against two of the justices now sitting on the court. The five e-mails were released after that ruling. But the Supreme Court ruled that Bloom was wrong to release those e-mails, and sent the case back to his court. Justice Margaret Workman was the lone dissenter. In writing for the majority, Justice Robin Davis said “None of the e-mails’ contents involved the official duties, responsibilities or obligations of Justice Maynard as a duly elected member of the court.” Davis’ opinion says that 12 of the e-mails “simply provided URL links to privately operated Internet Web sites that carried news articles,” while the 13th was an “agenda for a meeting being held by a private organization.” This description is not accurate. Of the five e-mails released by Bloom’s order, two contained links not to news articles, but to pages on the Web site of a Huntington law firm, along with comments Maynard wrote about the firm. One e-mail mocked the firm’s advertisements as “unbelievable,” while another slammed the firm for claiming that a fire at Massey’s Aracoma Alma Mine No. 1 that killed two miners could have been prevented. http://www.phillyburbs.com/news/news_details/article/92/2009/november/12/wva-supreme-court-opts-for-e-mail-secrecy.html

INTERNATIONAL ACTIVISTS LAUNCH NEW WEBSITE TO GATHER AND SHARE COPYRIGHT KNOWLEDGE (EFF, 13 Nov 2009) - The Electronic Frontier Foundation (EFF), Electronic Information for Libraries (eIFL.net), and other international copyright experts joined together today to launch Copyright Watch -- a public website created to centralize resources on national copyright laws at www.copyright-watch.org. “Copyright laws are changing across the world, and it’s hard to keep track of these changes, even for those whose daily work is affected by them,” said Teresa Hackett, Program Manager at eIFL.net. “A law that is passed in one nation can quickly be taken up by others, bilateral trade agreements, regional policy initiatives, or international treaties. With Copyright Watch, people can learn about the similarities and differences in national copyright laws, and they can use that information to more easily spot patterns and emerging trends.” Copyright Watch is the first comprehensive and up-to-date online repository of national copyright laws. To find links to national and regional copyright laws, users can choose a continent or search using a country name. The site will be updated over time to include proposed amendments to laws, as well as commentary and context from national copyright experts. Copyright Watch will help document how legislators around the world are coping with the challenges of new technology and new business models. https://www.eff.org/press/archives/2009/11/13

A RUSH TO LEARN ENGLISH BY CELL (Washington Post, 14 Nov 2009) - More than 300,000 people in Bangladesh, one of Asia’s poorest but fastest-growing economies, have rushed to sign up to learn English over their cellphones, threatening to swamp the service even before its official launch Thursday. The project, which costs users less than the price of a cup of tea for each three-minute lesson, is being run by the BBC World Service Trust, the international charity arm of the broadcaster. Part of a British government initiative to help develop English skills in Bangladesh, it marks the first time that cellphones have been used as an educational tool on this scale. Since cellphone services began in Bangladesh just over a decade ago, more than 50 million Bangladeshis have acquired phone connections, including many in remote rural areas. That far outnumbers the 4 million who have Internet access. English is increasingly seen as a key to economic mobility, especially as ever larger numbers of Bangladeshis go abroad to find work unavailable to them at home. An estimated 6.2 million Bangladeshis work overseas, and their nearly $10 billion in annual remittances represent the country’s second-largest source of foreign exchange. However, English is also important for securing jobs at home, where about 70 percent of employers look for workers with “communicative English.” Through its Janala service, the BBC offers 250 audio and text-message lessons at different levels -- from basic English conversation to grammar and comprehension of simple news stories. Each lesson is a three-minute phone call, costing about 4 cents. http://www.washingtonpost.com/wp-dyn/content/article/2009/11/13/AR2009111304245.html

TWITTER AND THE LEARNING TECHNOLOGY STREAM (InsideHigherEd, 15 Nov 2009) - Twitter is changing how I keep up with the educational technology world. I’m moving from relying on an RSS reader (I use Google Reader) to relying on Twitter subscriptions and hashtags. For the first time I’m wondering if Google should be worried about their core business model, as if my experience is any guide on how we use the Web to understand the world, may be moving away from search and more towards microblogging Twitter clients (I use Twhirl by Seesmic). At EDUCAUSE 09 Twitter was much debated (go watch the fabulous Campbell/Maas point/counterpoint) and extravagantly utilized for sharing and communication (see the #EDUCAUSE09 transcript). I’m pretty certain that Course Management Systems will start to build in Twitter capabilities and that hashtags will automatically be generated for each course. Tweeting will become a standard way for students and instructors to share information, thoughts and links around the course material. Many instructors will become comfortable incorporating and leveraging a Twitter-enabled backchannel to both in-class and out-of-class communication. Scanning the educational technology news stream via a Twitter client vs. relying on an RSS reader means that I look at content that has been recommended by a person. The learning technology community is small enough that I can pretty quickly begin to filter by reputation. If one person consistently links to material that I find useful and interesting then I’m more likely to click on her links. Rather then going to particular blogs, or presentations, or videos, or articles based on the title or site (as I do with an RSS reader), I go because of a colleague’s recommendation. This is a big change, and I’m still getting my head around this shift. My apologies for all those folks like Clay Shriky (and perhaps) you who understood (and blogged about) the implications of microblogging and social media a long time ago. I feel like I’m sort of coming late to this bandwagon. My conversion to information gathering by Twitter client has me wondering about the need to explore this method in course design, faculty training, and student information literacy.http://www.insidehighered.com/blogs/technology_and_learning/twitter_and_the_learning_technology_stream

MORE HACKERS TARGET LAW FIRMS, OFTEN ‘SPEAR FISHING’ IN SPAM E-MAIL (ABA Journal, 16 Nov 2009) - Computer hackers are targeting law firms as a potential motherlode of confidential information, often relying on “spear fishing” attacks in which personalized spam e-mail appears to come from a trusted individual. While the e-mail itself doesn’t pose a danger, clicking on a link within the e-mail can invite malicious software into the law firm’s computer system. The trend of focusing hack attacks on law firms began two years ago, according to a FBI advisory, but there has been a “noticeable increase” recently, reports the Associated Press. Law firms representing client corporations that are negotiating major international deals are particularly inviting targets. “Law firms have a tremendous concentration of really critical, private information,” says Bradford Bleier of the FBI’s cyber division. Hence, sneaking into their computer systems “is a really optimal way to obtain economic, personal and personal security-related information.” http://www.abajournal.com/news/more_hackers_target_law_firms_often_spear-fishing_in_spam_e-mail/?utm_source=feedburner&utm_medium=feed&utm_campaign=ABA+Journal+Daily+News&utm_content=Twitter [The FBI advisory is here: http://files.knowconnect.com/public/cyber_advisory.pdf; it was published by the FBI on November 1 entirely without fanfare, and only picked up by the AP after Mr. Bleier talked about it at an ABA meeting on November 13.]

GOAL OF NEW ABA WEBSITE: ALL THE FEDERAL DECISIONS THAT ARE FIT TO PRINT (ABA Journal, 17 Nov 2009) - Want to know more about a 9th Circuit opinion on the First Amendment rights of a citizen ejected from a city council meeting for giving a Nazi salute? Or the 5th Circuit opinion allowing a Halliburton employee to sue over her alleged rape in Iraq? You can find those opinions summarized on the new Media Alerts on Federal Courts of Appeals website. Students and professors at four law schools are choosing the opinions most likely to be of interest to journalists and the public for the pilot project, sponsored by the ABA Standing Committee on Federal Judicial Improvements. The website, which officially launches on Wednesday, now covers the U.S. Courts of Appeals for the 3rd, 5th and 9th Circuits. The plan is to add eventually all of the circuits. Judge M. Margaret McKeown of the 9th Circuit, a special adviser to the project, says the idea for the website grew out of some discussions between judges and journalists at a meeting at the First Amendment Center earlier this year. About 60,000 cases are filed every year in the federal courts of appeals, McKeown told the ABA Journal. “Most courts have very good websites, but there is a lot of information out there, so this provides a special niche,” she says. “There is a certain needle-in-the-haystack element for someone to go through them every day in every jurisdiction of interest to find cases.” “Our view is that fair and accurate reporting about the courts is important, both for the public and also in order to emphasize judicial independence,” says McKeown, whose three-year term as chair of the ABA Standing Committee on Federal Judicial Improvements ended in August. Law schools working on the project are the University of Texas School of Law, Temple University Beasley School of Law, the University of Arizona James E. Rogers College of Law, and the University of San Diego School of Law. http://www.abajournal.com/news/goal_of_new_aba_website_all_the_federal_decisions_that_are_fit_to_print/?utm_source=feedburner&utm_medium=feed&utm_campaign=ABA+Journal+Daily+News

- and -

BRIDGING THE DIGITAL DIVIDE: A NEW VENDOR IN TOWN? GOOGLE SCHOLAR NOW INCLUDES CASE LAW (LLRX, 18 Nov 2009) - An unexpected salvo was fired in the battle to bring case law to the consumer today by none other than Web search giant, Google. The announcement that Google Scholar would now allow for precedent searches set the internet and legal world a buzz. With law firms still being battered by the struggling economy, Google’s move is opportune. Legal researchers are hungry for low cost alternatives to the industry’s major players. Just how Google’s new case offerings and functionality will stack up remains to be seen. Will it be a revolution in the world of case research or just another case of getting for what we pay (or don’t pay, as it may be)? Google is taking on the old adage that ignorance of the law is not a defense when running afoul of it. Its announcement clearly targeted the average person, promising to enable “people everywhere to find and read full text legal opinions from U.S. federal and state district, appellate and supreme courts.” What it may lack in the wide breadth of coverage we have come to expect from major vendors like Westlaw and Lexis, Google makes up for with the simple, popular, and widely-used power of its search engine. Folks who have never touched the other major vendors have almost certainly “googled” something. Thus, though new to the law scene, Google’s brand and familiarity could make it a formidable foe to the industry elite. Searching for case law on Google is simple and versatile. You can search by case name, topic, or even phrase (“separate but equal” is the example they use). All you need to do is go to Google Scholar (http://scholar.google.com) and click the new radio button for “Legal opinions and journals”. It is just that easy. But what of the results? How do they compare to what we in the legal community are accustomed? A simple test of the new search might just surprise you. Take a case like Bowers v. Hardwick, for example - seminal, controversial, and heavily cited. Run it’s name through the Google Scholar search. What you get is almost overwhelming. Yes your search results will return the text of the decision. But that is not all. Decisions, in this case Bowers, can come with official citations and pagination. Key factors for anyone writing and citing to the case. The cases cited in the body of the decision, if Google has them, actually show up as clickable links. That should give the major vendors pause! But this is STILL not all Google Scholar has to offer. If there are legal journals that cite the case you have searched and Google has them, you will see them in your search. By clicking the “How Cited” link next to the case name on the results page, you can see how the document has been cited, where it has been cited, and other related cases. Searching for Bowers brings up a list of cases that have been seminal in the area of privacy rights, for example. Even the footnotes are clickable links! Suffice it to say that Google is on to something really good here. http://www.llrx.com/featres/googlescholarcaselaw

- and -

GOOGLE SCHOLAR LEGAL OPINION AND JOURNAL SEARCH, ABA LTRC FREE FULL-TEXT LAW REVIEW/LAW JOURNAL SEARCH (ABA’s LTRC, 19 Nov 2009) - Google officially announced adding legal opinion and journal search features to Google Scholar this week, following the ABA Legal Technology Resource Center’s announcement of the release of a free full-text online law review/law journal search engine created using Google Custom Search. What are some differences between the two search engines? Google Scholar legal searches often return a large number of fee-based journal sites and cannot currently be limited to searching free sources only; the LTRC search engine is designed to search free full-text sites. Google Scholar legal searches often return a mix of legal opinions and journal articles and cannot currently be limited to searching journals only; the LTRC search engine is designed to search only law review, law journal, and related article sites. Google Scholar’s options for searching legal opinions are more developed than those for searching legal journals. Searches can be limited to legal opinions and by jurisdiction through the Google Scholar Advanced Search interface. The legal opinions linked to in the search results are free full-text and include pagination. Google Scholar includes a citator feature for legal opinions: clicking on a “How cited” link appearing next to an opinion in the search results leads to a page which displays text snippets from citing paragraphs in citing opinions (no editorial analysis such as treatment is given). “Cited by” and “Related documents” links display lists of citing and related opinions and articles. Information regarding coverage of Google Scholar’s legal opinion database can be found at http://scholar.google.com/intl/en/scholar/help.html under the heading “Which court opinions do you include?” For more legal opinion-related information on the web, also see the ABA Standing Committee on Federal Judicial Improvements’ new Media Alerts on Federal Courts of Appeals website, which features case summaries and information on selected Federal Courts of Appeals cases. http://new.abanet.org/sitetation/Lists/Posts/Post.aspx?ID=581

WOW! TOP EXECS SAY THEY ARE INFLUENCED BY SOCIAL NETWORKS (ZDnet, 18 Nov 2009) - This new research study from the Society for New Communications Research (SNCR) is important because it shows that company executives are influenced by their online networks. And the trend is growing. The influence on business decisions by online communities is at its highest in three years. The research was conducted by Don Bulmer from SAP and Vanessa DiMauro. Here are some key findings from this survey 365 business professionals:
Professional decision-making is becoming more social - enter the era of Social Media Peer Groups (SMPG)
• Traditional influence cycles are being disrupted by Social Media as decision makers utilize social networks to inform and validate decisions
• Professionals want to be collaborative in the decision-cycle but not be marketed or sold to online; however online marketing is a preferred activity by companies.
Professional networks are emerging as decision-support tools
• Decision-makers are broadening reach to gather information especially among active users
Professionals trust online information almost as much as information gotten from in-person
• Information obtained from offline networks still have highest levels of trust with slight advantage over online (offline: 92% - combined strongly/somewhat trust; online: 83% combined strongly/somewhat trust)
Reliance on web-based professional networks and online communities has increased significantly over the past 3 years
• Three quarters of respondents rely on professional networks to support business decisions
• Reliance has increased for essentially all respondents over the past three years
Social Media use patterns are not pre-determined by age or organizational affiliation
• Younger (20-35) and older professionals (55+) are more active users of social tools than middle aged professionals.
• There are more people collaborating outside their company wall than within their organizational intranet.
http://blogs.zdnet.com/Foremski/?p=953

IN-Q-TEL INVESTS IN CYBERSECURITY COMPANY (Information Week, 18 Nov 2009) - The independent venture arm of the U.S. intelligence community, In-Q-Tel, has invested in cybersecurity company FireEye, the company announced Wednesday. In-Q-Tel and FireEye didn’t disclose terms of the agreement, or which intelligence agencies are particularly interested in the technology. However, in a release, they said that the investment “will extend FireEye’s cyber security product development and stealth malware technical capabilities to protect against cyber threats.” The intelligence community has a clear interest in cybersecurity investment. At a conference earlier this month, deputy secretary of defense William Lynn said that more than 100 foreign intelligence agencies are actively trying to hack into federal government systems. The NSA recently announced plans to build a $1.5 billion cybersecurity data center in Utah. California-based FireEye sells an out-of-band security appliance that monitors all inbound network traffic, employing a blend of signatures and heuristics to analyze traffic for evidence of suspicious behavior. After identifying suspicious traffic, the appliance captures and replays the traffic on virtual machines running in the appliance, which imitate real PCs. If those PCs are compromised, FireEye alerts administrators. By routing the traffic to a virtual machine, FireEye claims it is able to mitigate false positives. The virtual machines are invisible to the customer’s production network. FireEye claims that its products are especially useful for protection against zero-day malware attacks and botnets. http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=221900133&cid=RSSfeed_IWK_News

DHS CRITICAL INFRASTRUCTURE PROTECTION WEBSITE LAUNCHED (BeSpacific, 18 Nov 2009) - The nation’s critical infrastructure and key resources (CIKR) include systems and assets, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating impact on national security, national economic vitality, or public health and safety. Ensuring CIKR resiliency and protection is essential to our security and way of life. The Department’s Office of Infrastructure Protection leads the coordinated national effort to build resiliency and reduce and mitigate risk across the 18 CIKR Sectors, which include such key areas as food and water, energy, communications and transportation systems, and emergency services. Since the vast majority of the nation’s critical infrastructure is privately owned and operated, strong partnerships between government and private industry are essential to achieve these shared goals.” See also the new CIKR Resource Center, “which includes information about how to sign up for free Web-based seminars on the tools, trends, issues, and best practices for infrastructure protection and resilience; resources concerning potential vulnerabilities for chemical facilities; and details about the National Response Framework, which outlines guidance for all response partners to prepare for and provide a unified response to disasters and emergencies.” http://www.bespacific.com/mt/archives/022838.html and http://training.fema.gov/EMIWeb/IS/IS860a/CIKR/CIKRintro.htm

INDIA ESTABLISHES BROAD INTERCEPTION, DATA RETENTION, CYBER SECURITY, AND WEBSITE BLOCKING REQUIREMENTS (Steptoe & Johnson’s E-Commerce Law Week, 19 Nov 2009) - India’s Information Technology (Amendment) Act, 2008, came into effect at the end of last month, instituting significant new requirements governing the interception and decryption of communications, access to stored data, data retention, cyber security, and website blocking. The law also appears to authorize the government to restrict what encryption may be used in India. Regulations implementing many of these requirements have already been “notified,” while other key regulations remain to be issued. Communications providers and other companies that do business in India thus will have to satisfy burdensome new requirements, and may be faced with even more significant restrictions in the near future. http://www.steptoe.com/publications-6482.html

SOME COURTS RAISE BAR ON READING EMPLOYEE EMAIL (WSJ, 19 Nov 2009) -Big Brother is watching. That is the message corporations routinely send their employees about using email. But recent cases have shown that employees sometimes have more privacy rights than they might expect when it comes to the corporate email server. Legal experts say that courts in some instances are showing more consideration for employees who feel their employer has violated their privacy electronically. Driving the change in how these cases are treated is a growing national concern about privacy issues in the age of the Internet, where acquiring someone else’s personal and financial information is easier than ever. “Courts are more inclined to rule based on arguments presented to them that privacy issues need to be carefully considered,” said Katharine Parker, a lawyer at Proskauer Rose who specializes in employment issues. In past years, courts showed sympathy for corporations that monitored personal email accounts accessed over corporate computer networks. Generally, judges treated corporate computers, and anything on them, as company property. Now, courts are increasingly taking into account whether employers have explicitly described how email is monitored to their employees. That was what happened in a case earlier this year in New Jersey, when an appeals court ruled that an employee of a home health-care company had a reasonable expectation that email sent on a personal account wouldn’t be read. And last year, a federal appeals court in San Francisco came down on the side of employee privacy, ruling employers that contract with an outside business to transmit text messages can’t read them unless the worker agrees. The ruling came in a lawsuit filed by Ontario, Calif., police officers who sued after a wireless provider gave their department transcripts of an officer’s text messages in 2002. The case is on appeal to the U.S. Supreme Court. Lawyers for corporations argue that employers are entitled to take ownership of the keystrokes that occur on work property. In addition, employers fear productivity drops when workers spend too much time crafting personal email messages. http://online.wsj.com/article/SB125859862658454923.html?mod=article-outset-box [Spotted by MIRLN reader Mathew Lodge of Symantec.]

200 WEB SITES SPREAD AL-QAIDA’S MESSAGE IN ENGLISH (Washington Post, 20 Nov 2009) - Increasing numbers of English-language Web sites are spreading al-Qaida’s message to Muslims in the West. They translate writings and sermons once largely out of reach of English readers and often feature charismatic clerics like Anwar al-Awlaki, who exchanged dozens of e-mails with the Army psychiatrist accused of the Fort Hood shootings. “If you look at the most influential documents in terms of homegrown terrorism cases, it’s not training manuals on building bombs,” Kohlmann said. “The most influential documents are the ones that are written by theological advisers, some of whom are not even official al-Qaida members.” Most of the radical Islamic sites are not run or directed by al-Qaida, but they provide a powerful tool for recruiting sympathizers to its cause of jihad, or holy war, against the United States, experts who track the activity said. The number of English-language sites sympathetic to al-Qaida has risen from about 30 seven years ago to more than 200 recently, said Abdulmanam Almushawah, head of a Saudi government program called Assakeena, which works to combat militant Islamic Web sites. In contrast, Arabic-language radical sites have dropped to around 50, down from 1,000 seven years ago, because of efforts by governments around the world to shut them down, he said. http://www.washingtonpost.com/wp-dyn/content/article/2009/11/19/AR2009111903570.html

MILITARY VIDEO SYSTEM IS LIKE YOUTUBE WITH ARTILLERY (Wired, 20 Nov 2009) - Making footage shareable and searchable online has sparked a revolution in the cute animal, stupid human, and delicious tamale communities. New software just might mean a similar upgrade for military video intelligence: Think of it as a real-time YouTube with heavy artillery. The release of the new version has just been announced. The U.S. military’s Task Force ODIN demonstrated the effectiveness of combining the video inputs from networked drones, aircraft and helicopters. When a roadside bomb went off, the team could wind back the video to see who planted it — and where they went. ODIN allegedly assisted in the takedown of thousands of insurgents in Iraq; their counterparts are starting work in Afghanistan. The process of handling, archiving and then searching through a large number of video feeds is a challenging one. That’s one of the reasons why something like YouTube can be so helpful: Instead of having to search through a pile of videotapes, you can just type in a few keywords. Even better, you can search all your friends’ video collections and they can search yours. And this is where a system like adLib produced by EchoStorm Worldwide LLC comes in. It does the same sort of thing for the military by automatically archiving video feeds along with the associated telemetry data. For example, suppose you want to find out what happened at point X at 8:30 yesterday. You don’t even have to know which platforms were in the area at the time. “You can ask for video that matches a specific location using latitude and longitude or the MGRS (Military Grid Reference System) or by clicking and dragging on a map,” David Barton of EchoStorm told Danger Room. http://www.wired.com/dangerroom/2009/11/military-video-system-is-like-youtube-with-artillery/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29

MEMENTO: PROTOCOL-BASED TIME TRAVEL FOR THE WEB (ReadWriteWeb, 20 Nov 2009) - The Web constantly changes and evolves. That, of course, is what makes the Internet so exciting, but it also means that finding older versions of a website is hard. The current push towards the real-time web is making this problem even more apparent. Memento, a project based at Old Dominion University, wants to make it easier to access older versions of a web page without having to go to the Internet Archive. To do this, the project is using a relatively obscure feature of the hypertext transfer protocol (HTTP). The Memento project wants to give browsers a ‘time-travel’ mode. Currently, the only way to find these pages is the Wayback Machine. According to an interview with Memento’s Herbert Van de Sompel, the mission of this project is to make it far easier for users to find older pages without having to go through the hassle of putting the right URL into the Wayback Machine’s search engine. To do this, Van de Sompel and his colleagues are exploiting a feature in the HTTP content negotiation specs that allows them to add date-and-time negotiation to the standard negotiations that already happen whenever your browser connects to a web server. Instead of just asking for the current page, a Memento-enabled browser can also ask for an older version of that page. Some servers and content management systems already offer this feature and the Memento project has developed a demo that shows how this feature would look. According to Van de Sompel, it only takes four extra lines of codes in Apache to make this work. http://www.readwriteweb.com/archives/memento_protocol-based_time_travel_for_the_web.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+readwriteweb+%28ReadWriteWeb%29

A LOOK AT TWITTER’S UPDATED PRIVACY POLICY (Eric Goldman’s blog, 20 Nov 2009) - As noted on Twitter’s blog, Twitter refreshed its privacy policy yesterday. Given that virtually everything Twitter does is placed under the microscope, I’m sure the policy will be pored over in detail. (Here’s a link to the updated policy and a link to the old policy.) General thoughts on the policy: The policy is short, easy to understand, and in plain English. The thrust of the policy is that most users typically use Twitter to publicly disseminate information, and users should expect any of this information to be broadly disseminated. This includes dissemination by Twitter, third party applications, search engines, etc. To the extent you want to restrict use of this information, Twitter gives you the tools to do so in your profile settings. Much of what’s in the policy is very typical of what you would find in the privacy policy of any other website or social network. However, a few things are worth mentioning:
1. Geolocation: The policy provides that you can turn geolocation on and off, and if you have it turned on, your location information is obviously broadcast and also used by Twitter. Geolocation is opt-in and this makes sense.
2. Cookies: The policy also mentions that Twitter places cookies on your computer. Virtually all privacy policies contain this, since most websites use cookies. But for some reason this part of the privacy policy jumped out at me. I guess it’s a reminder of the tremendous advertising power that Twitter could wield. Everyone who uses Twitter expresses their preferences through Twitter, by clicking on links, using applications, and just through general usage. Most people probably do more, such as expressing their food, drink, entertainment, political, and other preferences. (Some more than others.) By being able to identify the computer of someone who expresses those preferences, Twitter can build a valuable network that would be useful to advertisers. I’m not only talking about advertising on Twitter.com (the web client), but also advertising on other websites or networks as well. This is pretty common in the industry, and subject to attack by privacy advocates, some of whom are pushing for an opt-in system for this type of tracking. Thus far Twitter has been free of advertising, but this is likely to change, as indicated by Twitter’s own statements. (See Scoble’s link below.)
3. Metadata: Interestingly, the policy also treats tweet metadata as public information (“information you are asking us to make public”). This seems to create some grey area between information which you broadcast and is truly public, and information which is available to Twitter (but not to your followers) from your use of Twitter. Robert Scoble has a post with comments from Twitter’s COO signaling Twitter’s turn to advertising and possible use of metadata in this context. I didn’t pick up on this at first, but I think this is significant. http://blog.ericgoldman.org/archives/2009/11/a_look_at_twitt_1.htm

LAW FIRM INVOKES PRIVACY LAWS IN SUING RIVAL OVER SEARCH ENGINE KEYWORDS (Law.com, 20 Nov 2009) - A lawsuit in Wisconsin is bringing a fresh challenge to the practice of paying for keywords on Google and other search engines to boost one company’s link over a rival’s. The practice has occasionally prompted a rival to file legal challenges alleging trademark infringement. Now a Wisconsin law firm is trying a new angle -- accusing its competitor of violating privacy laws. Habush Habush & Rottier is one of Wisconsin’s largest law firms, specializing in personal injury cases. But search for iterations of “Habush” and “Rottier” and a sponsored link for Cannon & Dunphy attorneys often shows up, just above the link for the Habush site. Habush alleges that Cannon paid for the keywords “Habush” and “Rottier,” in effect hijacking the names and reputation of Habush attorneys. Cannon acknowledged paying for the keywords but denied wrongdoing, saying it was following a clearly legal business strategy. The lawsuit was filed Thursday in Milwaukee, where Habush is headquartered. Cannon is based in nearby Brookfield. Habush based its lawsuit on a Wisconsin right-to-privacy statute that prohibits the use of any living person’s name for advertising purposes without the person’s consent. “We believe this is deceptive, confusing and misleading,” firm president Robert Habush said of Cannon’s strategy. “If Bill Cannon thinks this is a correct way to do business he needs to have his moral compass taken to the repair shop.” William Cannon, the founding partner of Cannon & Dunphy, said every business uses the same tactic to remind consumers of their choices. “This is equally available to Habush if he weren’t so cheap to bid on his own name,” Cannon said. One legal expert said it wasn’t clear how successful Habush’s lawsuit would be. Ryan Calo, a fellow at the Center for Internet and Society at Stanford Law School, said the statute seemingly was meant to protect people from having their names and images misused to suggest they endorse or represent something. That’s not the case here, he said. http://www.law.com/jsp/article.jsp?id=1202435677621&rss=newswire

LEVI’S IS PAYING ORRICK A FLAT FEE TO HANDLE ALL BUT ITS IP WORK (ABA Journal, 23 Nov 2009) - Orrick, Herrington & Sutcliffe is earning a flat fee to handle all of the legal work worldwide for Levi Strauss & Co., with just one exception. Levi’s is paying Orrick an annual fee in monthly increments for all but its brand protection work, the Recorder (sub. req.) reports. Townsend and Townsend and Crew is handling that aspect of Levi’s legal business. If work needs to be done where Orrick doesn’t have an office, it will hire an outside law firm at its own expense. The arrangement is unusual because it is so all-encompassing, according to Frederick Krebs, president of the Association of Corporate Counsel. “It is still news when a big firm and a big company do a significant amount of work or transactions in that way,” Krebs told the Recorder. Orrick wouldn’t disclose how much the Levi’s deal is worth, but the story calls the deal a “multimillion-dollar arrangement.” Twenty-five percent of revenue comes from alternative billing. Orrick partner Karen Johnson-McKewan worked out the details of the deal. “The core principle that we’re operating with here is that we’re trusting each other,” she told the Recorder. “We all are committed to doing whatever we can to make it work. We know there will be bits and pieces where it may not.” http://www.abajournal.com/weekly/article/levis_is_paying_orrick_a_flat_fee_to_handle_all_but_its_ip_work

WIKILEAKS RELEASES OVER HALF A MILLION PAGER MESSAGES FROM 9/11 (ReadWriteWeb, 25 Nov 2009) - Earlier this morning, Wikileaks began to post pager messages that were sent on September 11, 2001. According to Wikileaks, these messages were intercepted by an “organization which has been intercepting and archiving US national telecommunications since prior to 9/11.” Some of these messages are from officials in police and fire departments, though a large number of messages are also from businesses. Others are automated messages to engineers that were sent by computers about network and hardware issues. Wikileaks is posting these messages semi-live - in sync with the events of 9/11. It’s not clear how Wikileaks got this data or who intercepted these messages. This archive is likely to become an invaluable source for anybody who wants to study the events and the public’s reaction on this day. Chances are that conspiracy theorists are already wading through this data looking for an official page that authorized the destruction of Building 7. As is to be expected, the archive includes many Twitter-like messages like “Bush calls World Trade Center crashes apparent terrorist attack.” Others are internal messages from unknown businesses or government departments (“please due to the incidents taking place and with trying to close centers Please do not tie up aol today unless it is business. Thanks”) or personal message (“Things are getting worse....fear is rampid...please call me. HISD are advising to come get children etc.-sm”). This thread on Reddit highlights some of the most interesting (and often shocking) messages. We don’t know the nature of Wikileaks this source yet, so it’s only prudent to treat this data with some skepticism. Wikileaks, however, has a track record of releasing authentic information and it seems unlikely (but not impossible) that somebody would go through the trouble of writing 500,000 pager messages just to be featured on Wikileaks. http://www.readwriteweb.com/archives/wikileaks_releases_over_half_a_million_pager_messages_from_911.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+readwriteweb+%28ReadWriteWeb%29

GOOGLE PROFILES TURN INTO OPENIDS (TechCrunch, 25 Nov 2009) - As part of its push to go more social, Google has been attempting to unify its various account profiles into one Google Profile. And now it’s more useful. Google’s Brad Fitzpatrick has just tweeted out that Google Profiles can now be used as OpenIDs. What this means is that you can sign into any site that accepts OpenID simply by using your Google Profile domain. Luckily, a few months ago Google started allowing these profiles to have vanity URLs, like /mgsiegler, instead of the previous /32090329039402903. Chris Messina, a huge proponent of the open web movement, has just sent out a picture of what signing in with OpenID via your Google Profile looks like. http://www.techcrunch.com/2009/11/25/google-profile-openid/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29

**** RESOURCES ****
8 THINGS TO REMEMBER WHEN IMPLEMENTING AN E-MAIL POLICY (Digital Landfill, 12 Nov 2009) – [useful checklist and explication]: http://aiim.typepad.com/aiim_blog/2009/11/8-things-to-remember-when-implementing-an-email-policy.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+EcmIndustryWatch+%28Digital+Landfill%29 [Spotted by MIRLN-reader Claude Baudoin of Cebe KM and IT.]

**** FUN ****
WIFI BODY SCALE AUTO-TWEETS EACH TIME YOU STEP ON IT (Mashable, 10 Nov 2009) - This sounds like our worst nightmare, but a WiFi Body Scale has hit the market, and it’s designed to auto-tweet your every weigh-in along with the number of pounds you need to gain or lose to reach your goal. The enhanced $159.99 scale is available for purchase from the manufacturer’s website. Previously able to record weight data and track it via an iPhone app, the addition of auto-tweeting is apparently a motivational feature to keep you focused on your weight-loss (or gain) goals. Should this seemingly outlandish functionality appeal to you, you can configure your Twitter account for auto-posting on a per weigh-in, daily, weekly, or monthly basis after the initial Twitter activation process. The scale records your body weight, lean & fat mass (ouch), and body mass index, all of which is posted to your personal webpage and/or the iPhone application. http://mashable.com/2009/11/10/wifi-body-scale/ [Editor: Clearly moves Web 2.0 into the TMI space.]

**** LOOKING BACK ****
FORMER VOLUNTEERS SUE AOL, SEEKING BACK PAY FOR WORK (New York Times, 26 May 1999) - Two former volunteers for America Online have filed a lawsuit in Federal Court in Manhattan in an attempt to obtain back wages, saying that they and thousands of other volunteers should have been compensated for their work. The plaintiffs, Kelly Hallisey of Nassau County and Brian Williams of Dallas, allege that AOL violated the Fair Labor Standards Act, a Federal law that mandates a minimum hourly wage for employees, by using volunteers to perform work for the on-line service. They and their lawyer, Leon Greenberg, said they were hoping other volunteers for the on-line service would join the suit, which was filed Monday. The amount of damages sought was not specified. The volunteers, called community leaders, perform a variety of tasks for the service, like moderating on-line discussions and overseeing other volunteers. http://www.nytimes.com/1999/05/26/nyregion/former-volunteers-sue-aol-seeking-back-pay-for-work.html [Editor: today, could the analogue be crowd-sourcing volunteers?]

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln.

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. BNA’s Internet Law News, http://ecommercecenter.bna.com.
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
7. McGuire Wood’s Technology & Business Articles of Note,
8. Steptoe & Johnson’s E-Commerce Law Week,
9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/.
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

Saturday, November 07, 2009

MIRLN --- 18 October – 7 November 2009 (v12.15)

NEWS | PODCASTS | RESOURCES | FUN | LOOKING BACK | NOTES

• Heartland Breach: Inside Look at the Plaintiffs’ Case
• Site Lets Investors See and Copy Experts’ Trades
• Check E-Mail Hourly, Quinn Partner Says, Unless in Court, in Tunnel or Asleep
• Baited and Duped on Facebook
• Court Rules that Phones Ringing in Public Don’t Infringe Copyright
o Apology for Singing Shop Worker
• CIA Invests in Firm that Datamines Social Networks
o U.S. Navy CIO: Social Media Should Be Part of Military IT Standard
o US Department of Defense Embraces Open Source
• Web Store Offering New Jersey Shipments Avails Itself of Forum Even Absent Any Sales
o Hosting Sponsored Ad Links Targeting New York Not Enough for Jurisdiction There
• Data Breach Notification Spreads South of The Border -- Way South
• SEC Proposes Amending Rules for Internet Availability of Proxy Materials
• Microsoft Wants ISO Security Certification for its Cloud Services
• Obama’s Ethics Counsel Faces Tough Crowd at ABA Conference
• Obama Family Portrait Posted to Flickr
• MI5 Comes Out Against Cutting Off Internet Pirates
• Privacy Coalition Seeks Investigation of DHS Chief Privacy Office
• Social Media and Ed. Tech. Companies
• FBI: Cyber Crooks Stole $40m from U.S. Small, Mid-Sized Firms
• Study: Facebook, Twitter Use at Work Costs Big Bucks
• In Industry First, Voting Machine Company to Publish Source Code
• Learning by Degrees
• ACC to GCS: Eliminate Software Costs
• Survey: Few Companies Addressing Cyberterrorism
• Educause Core Data Service Fiscal Year 2008 Summary Report
• Ct Rules Facebook Terms Claiming Ownership of User Info Did Not Destroy CDA Protections
• Lawyerese Goes Galactic as Contracts Try to Master the Universe
• Judge Rules Metadata is Public Record
o PA Bar Committee Examines Metadata
o Want to Update Your Avvo Listing? If So, Start Policing Client Comments, Opinion Says
• EU Sends Conflicting Messages on Keyword Advertising
• Amazon Lets Shoppers Pay with a Phrase
• Does Cloud Computing Need Malpractice Safeguards?
• Lawyers in Discovery Scandal Say Qualcomm Lied
• Attorney-Client Privilege in Work E-Mails
• Judge Spanks Lawyer for Leaking Personal Details in Brief

**** NEWS ****
HEARTLAND BREACH: INSIDE LOOK AT THE PLAINTIFFS’ CASE (BankInfoSecurity, 8 Oct 2009) - Prior to the Heartland Payment Systems (HPY) data breach, company executives misrepresented their “state of the art” security measures, says a new document filed in the class action suit against the payments processor. Heartland publicly touted its “multiple layers of security,” and said it placed “significant emphasis on maintaining a high level of security in order to protect the information of our merchants and their customers,” according to the master complaint filed last month in U.S. Southern District Court in Houston. In January, Heartland announced it had been the victim of a data breach that is now recognized as the largest ever reported, impacting more than 130 million consumer credit/debit card accounts. The complaint represents “everything we know about the Heartland data breach so far,” says attorney Richard Coffman, representing the financial institutions suing Heartland for damages. This document lays out for the first time a sequence of events and statements made by Heartland executives about security measures and actions before, during and after the breach. http://www.bankinfosecurity.com/articles.php?art_id=1844 Complaint filing here: http://www.bankinfosecurity.com/external/HEARTLAND-FILING-9_2_09.pdf

SITE LETS INVESTORS SEE AND COPY EXPERTS’ TRADES (New York Times, 19 Oct 2009) - The trouble with mutual funds is that investors can feel as though they have put their money in a black box. The 90 million Americans with money in funds know little about fees, what securities their money is invested in and who is in charge. Daniel Carroll, who started investing when he was 15, thinks he has a way to let average investors learn about investing while experts manage the money. In 2008, he started KaChing, a Web site where 400,000 amateur and professional investors manage virtual portfolios. Others have logged on to see what the investors on the site are doing and make the same trades in their own real portfolios. On Monday, KaChing is to add a new twist. Customers can set up brokerage accounts that automatically mirror the trades of a money manager, some of them professionals. “The idea of an asset manager showing all his research, his holdings — it’s unheard-of,” said Mr. Carroll, now 27 and the vice president for business development at KaChing. “In the financial industry, the idea is that information is currency; they protect it with their lives.” KaChing has attracted a roster of prominent early investors from Silicon Valley who have financed the company with $3 million. They include Marc Andreessen, co-founder of Netscape; Kevin Compton of Kleiner Perkins Caufield & Byers; and Jeffrey Jordan, chief executive of OpenTable, the online reservation service. The angel investors have also been investing their own money through KaChing during the pilot period. “The concept is great — the ability to tap into not just the wisdom of the crowd, but to be able to identify and invest with the particular geniuses in the crowd that stand out,” said Mr. Andreessen, who has invested $100,000 using the site. Customers will be able to open a brokerage account with Interactive Brokers and link their account with their choice of investors on KaChing. KaChing charges customers a single management fee of 0.25 percent to 3 percent, set by each investor. KaChing keeps a quarter of the fee, and the investors get the rest. Each time the investors make a trade, KaChing will automatically make the same trades for the customer. Customers can log on whenever they want to check their portfolio’s performance. They can send the investor private messages and receive alerts if the investor does something unusual. With the click of a mouse, customers can stop mirroring an investor. http://www.nytimes.com/2009/10/19/technology/start-ups/19kaching.html?_r=2&scp=1&sq=kaching&st=cse

CHECK E-MAIL HOURLY, QUINN PARTNER SAYS, UNLESS IN COURT, IN TUNNEL OR ASLEEP (ABA Journal, 19 Oct 2009) - After doing a great job on a rush project, a relatively new associate at Quinn Emanuel Urquhart Oliver & Hedges made a mistake. He didn’t check his e-mail. As a result, he missed a senior partner’s instruction that he should send out a draft document for client review before calling it a day. Partner A. William Urquhart notes the mistake in an e-mail he sent the next morning to firm attorneys, which is reprinted in Above the Law, and exhorts the troops to pick up the pace as far as electronic message review is concerned. Lawyers should be checking their e-mail hourly, unless they have a very good excuse for not doing so, Urquhart says, such as being in court, in a tunnel or asleep. “One of the last things you should do before you retire for the night is to check your e-mail. That is why we give you BlackBerries,” he writes. http://www.abajournal.com/weekly/check_e-mail_hourly_quinn_partner_says_unless_in_court_in_tunnel_or_asleep [Editor: Law firms have been talking about the need for immediate response—i.e., within 15 minutes—to client emails for years. This (and this story) is nuts. Clients will let you know their response requirements, and one size doesn’t fit all.]

BAITED AND DUPED ON FACEBOOK (ComputerWorld, 19 Oct 2009) - When CIO Will Weider encouraged employees at Ministry Health Care and Affinity Health System in Wisconsin to use Facebook to spread the word about new programs and successful projects, he was surprised at the result: Few did so. “I went in there thinking, ‘We’ve turned these people loose; we’ll have 10,000 marketers out there,’ “ Weider says. But the Ministry Health workforce, it turned out, had been well trained to protect sensitive data, and without explicit guidance on what they could say, their first reaction was to share nothing. “We’ve stressed the importance of data security with our employees, particularly when it comes to patient privacy, and it’s kept them from sharing all the great things about work on Facebook,” Weider says. That’s a good problem to have. Many fear that the popularity of social networking -- among individuals as well as organizations -- will precipitate an increase in social engineering attacks that could result in security breaches that expose corporate data or damage a company’s reputation. But while executives seem to grasp the potential threats of social networking, only a slim majority of organizations seem to feel the need to do something about it. In an exclusive September 2009 Computerworld survey, 53% of the 120 IT professionals polled reported that their organizations have a social media usage policy, while 41% said they don’t and 6% said they weren’t aware of such a policy. And in a July 2009 poll by advertising agency Russell Herder and law firm Ethos Business Law, both based in Minneapolis, 81% of the 438 respondents said they have concerns about social media and its implications for both corporate security and reputation management. However, only one in three said that they have implemented social media guidelines, and only 10% said that they have undertaken related employee training. http://www.computerworld.com/s/article/343908/Baited_and_Duped_on_Facebook?source=CTWNLE_nlt_pm_2009-10-19

COURT RULES THAT PHONES RINGING IN PUBLIC DON’T INFRINGE COPYRIGHT (EFF, 21 Oct 2009) - In June, we reported on ASCAP’s claim that when your cell phone’s musical ringtone sounds in a public place, you are infringing copyright. A federal court firmly rejected that argument last week, ruling that “when a ringtone plays on a cellular telephone, even when that occurs in public, the user is exempt from copyright liability, and the [cellular carrier] is not liable either secondarily or directly.” This is exactly the outcome urged by EFF, Public Knowledge, and the Center of Democracy & Technology in an amicus brief filed in the case. https://www.eff.org/deeplinks/2009/10/court-rules-phones-ringing-public-dont-infringe-co

- and -

APOLOGY FOR SINGING SHOP WORKER (BBC, 21 Oct 2009) - A shop assistant who was told she could not sing while she stacked shelves without a performance licence has been given an apology. Sandra Burt, 56, who works at A&T Food store in Clackmannanshire, was warned she could be fined for her singing by the Performing Right Society (PRS). However the organisation that collects royalties on behalf of the music industry has now reversed its stance. They have sent Mrs Burt a bouquet of flowers and letter of apology. Mrs Burt, who describes herself as a Rolling Stones fan, said that despite the initial warning from the PRS, she had been unable to stop herself singing at work. The village store where Mrs Burt works was contacted by the PRS earlier this year to warn them that a licence was needed to play a radio within earshot of customers. When the shop owner decided to get rid of the radio as a result, Mrs Burt said she began singing as she worked. http://news.bbc.co.uk/2/hi/uk_news/scotland/tayside_and_central/8317952.stm

CIA INVESTS IN FIRM THAT DATAMINES SOCIAL NETWORKS (SlashDot, 20 Oct 2009) - “In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using ‘open source intelligence’ — information that’s publicly available... Visible Technologies crawls over half a million web 2.0 sites a day, scraping more than a million posts and conversations taking place on blogs, online forums, Flickr, YouTube, Twitter and Amazon. (It doesn’t touch closed social networks, like Facebook, at the moment.) Customers get customized, real-time feeds of what’s being said on these sites, based on a series of keywords. ‘That’s kind of the basic step — get in and monitor,’ says company senior vice president Blake Cahill. Then Visible ‘scores’ each post, labeling it as positive or negative, mixed or neutral. It examines how influential a conversation or an author is. (‘Trying to determine who really matters,’ as Cahill puts it.) Finally, Visible gives users a chance to tag posts, forward them to colleagues and allow them to response through a web interface.” http://yro.slashdot.org/story/09/10/20/1444256/CIA-Invests-In-Firm-That-Datamines-Social-Networks?from=rss

- and -

U.S. NAVY CIO: SOCIAL MEDIA SHOULD BE PART OF MILITARY IT STANDARD (ReadWriteWeb, 21 Oct 2009) – In a blog post this week, U.S. Navy CIO Rob Carey wrote that social media is a resource for the American military that should be used to build trust and collaboration, both within and outside the organization. In attempts to balance communication, transparency, and operational security, the military has encountered both practical obstacles and general criticism. In a recent podcast, Carey said, “Most social networking tools come with no rules of the road. As the Internet moves towards user-generated content, we thought there was a void we could fill... to mitigate some of the security risks associated with social media.” Beyond risk management, Carey said, “Social media has a powerful collaboration engine associated with it.” Generally, military organizations have the options to reach out directly to large IT companies to configure customized security profiles and inherent OPSEC protection for personnel; traditionally, however, social networks such as Facebook and Twitter have not been particularly receptive to working within that type of culture or framework. From the sharing-and-access social media pole to the security/military pole, both sides are resistant to different approaches to shared and social information. Still, Carey is an advocate for the usefulness of these tools, even behind a military firewall. “We must remain a learning organization. As the Internet evolves, so must our workforce and its associated skills. To that end, we must be able to embrace change,” Carey wrote in his blog post. “Many of our processes are rooted in the Industrial Age and will need to move toward the Information Age to remain relevant in the coming years.” With specific regard to social media and the American military, Carey stated, “Social media is an inherent part of the toolbox for members of the millennial workforce, while baby boomers are just adopting it. Social media tools should become the standard by which we can share and collaborate on information inside and outside the network boundaries.” He also highlighted green initiatives, mobile working, and the use of modern technological tools in recruitment efforts. To see Carey’s office’s Policy and Guidelines for Secure Use of Social Media by Federal Departments and Agencies, click here for a full PDF. http://www.readwriteweb.com/archives/us_navy_cio_social_media_should_be_part_of_militar.php

- and -

US DEPARTMENT OF DEFENSE EMBRACES OPEN SOURCE (ReadWriteWeb, 28 Oct 2009) - At the US Department of Defense, open source and proprietary software are now on equal footing. According to Defense Department guidance issued yesterday (PDF), open-source software (OSS) should be treated just like any other software product. The document also specifies some of the advantages of OSS for the Department of Defense (DoD). These include the ability to quickly alter the code as situations and missions change, the stability of the software because of the broad peer-review, as well as the absence of per-seat licensing costs. The document also stresses that OSS is “particularly suitable for rapid prototyping and experimentation, where the ability to ‘test drive’ the software with minimal costs and administrative delays can be important.” The DoD already uses some open-source products. This new memorandum is meant to provide guidance on the use of OSS and to clarify some misconceptions. According to the DoD, these misconceptions have hampered “effective DoD use and development of OSS.” One of these misconceptions is that the DoD would have to distribute any changes made to the OSS code. In reality, most open-source licenses permit users to modify code for internal use and these organizations only have to make the changes public if they distribute the code outside of their organizations. http://www.readwriteweb.com/archives/us_department_of_defense_embraces_open_source.php

WEB STORE OFFERING NEW JERSEY SHIPMENTS AVAILS ITSELF OF FORUM EVEN ABSENT ANY SALES (BNA’s Internet Law News, 22 Oct 2009) - BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the District of New Jersey has ruled that an interactive website that gives visitors the option of selecting New Jersey as the ship-to destination is evidence of purposeful availment of the new Jersey forum enough to support jurisdiction there, even absent evidence of actual New Jersey sales. The court said that a website offering allegedly counterfeit goods for sale specifically to New Jersey residents was a meaningful contact with the forum that would satisfy the due process clause’s purposeful availment requirement. Case name is Tristar Products Inc. v. SAS Group Inc.

- but -

HOSTING SPONSORED AD LINKS TARGETING NEW YORK NOT ENOUGH FOR JURISDICTION THERE (BNA’s Internet Law News, 5 Nov 2009) - BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the Southern District of New York has ruled that although some ads on a site sponsoring pay-per-click links may resolve to New York web addresses and companies, that contact will not, without more evidence of direct New York soliciting, support jurisdiction over the website owner there. The court said that simply claiming that sponsored links meant direct solicitation was not convincing.

DATA BREACH NOTIFICATION SPREADS SOUTH OF THE BORDER -- WAY SOUTH (Steptoe & Johnson’s E-Commerce Law Week, 22 Oct 2009) - Uruguay recently issued mandatory data breach notification provisions as part of regulations implementing its Personal Data Protection Act (Law 18331). Article 8 of the Act (Decree No. 414/009) requires that “[w]henever those responsible for or in charge of a database … learn of security breaches at any stage of the (data) treatment process that have the potential of affecting the rights of the injured parties in a significant way, they must inform them of this incident.” The Act and regulations were adopted as part of Uruguay’s effort to satisfy the EU Directive on Data Protection, No. 95/46/EC, and to become a premiere Latin American outsourcing point for banking, call-center operations, airplane ticket sales, and other international financial and administrative services. Few other countries currently require notification of individuals affected by a data breach; Japan, Norway, and Germany, are among the few that do so, along with 45 U.S. states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands. Mandatory notification is, however, likely to come to the EU in the next year or two as part of proposed revisions to the EU electronic communications framework. And South Africa’s Protection of Personal Information Bill, which was approved by the Cabinet and is now before Parliament, would make notification mandatory. The spread of such laws makes it all the more imperative for multinational companies to put in place effective data security measures and a response plan to deal with any breaches that do occur. http://www.steptoe.com/publications-6402.html

SEC PROPOSES AMENDING RULES FOR INTERNET AVAILABILITY OF PROXY MATERIALS (Duane Morris, 22 Oct 2009) - On October 14, 2009, the U.S. Securities and Exchange Commission (the “SEC”) proposed amendments to the proxy rules under the Securities Exchange Act of 1934 that are intended to provide additional flexibility for issuers and other soliciting persons on the content and format of the Notice of Internet Availability of Proxy Materials (the “Notice”). In an effort to improve the clarity of the Notice and to better educate shareholders about the notice and access model, the SEC has proposed a new rule allowing issuers and other soliciting persons to accompany the Notice with an explanation of the process of reviewing and receiving proxy materials and voting. In addition, SEC Release No. 34-60825 (the “Release”) provides guidance about the current requirement for the Notice to identify matters to be voted upon at the shareholders’ meeting. Furthermore, the SEC has proposed revisions to the Notice delivery deadlines for soliciting persons other than issuers…. http://www.duanemorris.com/alerts/SEC_Internet_Proxy_Materials_3452.html

MICROSOFT WANTS ISO SECURITY CERTIFICATION FOR ITS CLOUD SERVICES (ComputerWorld, 23 Oct 2009) - Microsoft Corp. wants to get its suite of hosted messaging and collaboration products certified to the ISO 27001 international information security standard in an effort to reassure customers about the security of its cloud computing services. The move comes at a time of broad and continuing doubts about the ability of cloud vendors in general to properly secure their services. Google Inc., which has made no secret of its ambitions in the cloud computing arena, is currently working on getting its services certified to the government’s Federal Information Security Management Act (FISMA) standards for much the same reason. It’s unclear how much value customers of either company will attach to the certifications, particularly because the specifications were not designed specifically to audit cloud computing environments. Even so, the external validation offered by the standards is likely to put both companies in a better position to sell to the U.S. government market. Speaking with Computerworld this week, Bill Billings, chief security officer of Microsoft Federal, said the company is currently in the process of putting Microsoft’s Business Productivity Online Suite through the ISO 27001 certification process. The hosted service includes Exchange Online, SharePoint Online, Office Live Meeting and Office Communications Online. Billings declined to say just when Microsoft hopes to achieve the certification. The goal is to offer customers, particularly those in the public sector, a higher level of confidence about Microsoft’s cloud services than FISMA certification alone provides, said Teresa Carlson, vice president of Microsoft Federal. “FISMA is outdated. It is largely a paper-based exercise. We want to take it up a notch” by getting ISO 27001 certification, Carlson said. At the same time, Microsoft is also working to get its cloud services certified to the standards prescribed under FISMA; it hopes to complete that task by the end of the year, Carlson said. http://www.computerworld.com/s/article/9139820/Microsoft_wants_ISO_security_certification_for_its_cloud_services?source=CTWNLE_nlt_dailyam_2009-10-23

OBAMA’S ETHICS COUNSEL FACES TOUGH CROWD AT ABA CONFERENCE (NLJ, 23 Oct 2009) - President Barack Obama’s special counsel for ethics and government regulation Thursday afternoon gave an American Bar Association crowd an insider’s perspective into the administration’s thought path as it first embarked on, and now continues to pursue, lobbying reform in Washington. But his remarks did not go unchallenged. Many thought Obama’s promise of reform was just empty campaign rhetoric, said Norman Eisen, but the president in fact has “a deeply held personal view that political systems are susceptible to special interests” and he “speaks of it often.” “The president will hold every government servant to the highest standard of fidelity to the public interest,” Eisen told a crowd of about 40 at the ABA Administrative Law Conference luncheon. “We think it is no accident that we have had one of the most scandal-free starts of any administration in modern history.” Still, critics like Thomas Susman, the ABA’s government affairs office director, who joked when introducing Eisen to the crowd that he was responsible for “vilifying and emasculating” lobbyists, questioned Eisen as to why, if indeed these regulations are intended for the public interest, no distinction is made between corporate lobbyists and those who lobby for public interest causes. Eisen responded by saying that the administration did consider parsing types of lobbying, but in the end, “felt that as a matter of principle, we needed to be consistent in that regulation to have credibility.” Sharing the stage Eisen and Susman, William Luneburg Jr., chair of the ABA’s administrative law and regulatory practice section, which sponsored the event, told Eisen that the definition of, “lobbyist,” should be more consistent because some who don’t register as lobbyists still fit the role and slip through the cracks into government positions. Eisen responded, saying: “We thought it would be too burdensome to establish another regulatory regime” and “we felt that as a matter of workability, that was just too tough.” An audience member also harangued Eisen for not consulting with lobbyists before undertaking reform. Eisen said that in fact the administration did, though only with those whose contribution would have had a valuable impact. The criticism didn’t stop at lunch. Immediately after Eisen’s remarks, a panel discussion assembled down the hall in the Walter E. Washington Convention Center. Panelist Nick Allard, of Patton Boggs, quipped that he was “shocked” to hear Obama’s “fig-leaf counsel” complain about lobbyists because shutting lobbyists out of government is forcing them to cut corners, including unregistering. “Right now it’s popular to make a show of turning lobbyists away from the front door while sending them around the back,” he said. “The dirty little secret is the wink-wink policy toward lobbying encourages people to do things the wrong way.” He urged the lobbying community to self-regulate and hold itself to a higher standard of conduct so the government wouldn’t feel the need to intrude. Melanie Sloan, Executive Director of Citizens for Responsibility and Ethics in Washington (a group that Eisen co-founded), contended that the administration wasn’t doing enough to take the money out of politics. She advocated publicly financed elections, but admitted it seems a political impossibility right now. But small measures, like restricting bundling or forcing disclosure in so-called “Astroturf” lobbying groups would help, she said. Finally, former U.S. Solicitor General and current Harvard Professor Charles Fried addressed the constitutional implications of shutting lobbyists out from government: He said there are none. “The constitutional issue about the Obama executive order that we keep hearing about seems to me a true nothing burger,” he said. “You have the right to petition, you don’t have the right to be heard.” http://www.law.com/jsp/article.jsp?id=1202434891673&rss=newswire&hbxlogin=1

OBAMA FAMILY PORTRAIT POSTED TO FLICKR (Mashable, 23 Oct 2009) - Much was made of Barack Obama’s use of social media in his successful 2008 Presidential campaign. Although it’s now been nearly a year since he was elected, the President and his team continue to make use of the tools that helped him land the job. The latest example: the official Obama family portrait, posted to Flickr on Thursday. The photo is part of the White House Flickr stream, which includes hundreds of sets from the President’s day-to-day engagements around the world. As with all photos posted to the stream, however, users should be aware of the restrictions placed on their use: “This official White House photograph is being made available only for publication by news organizations and/or for personal use printing by the subject(s) of the photograph. The photograph may not be manipulated in any way and may not be used in commercial or political materials, advertisements, emails, products, promotions that in any way suggests approval or endorsement of the President, the First Family, or the White House.” http://mashable.com/2009/10/23/obama-family-portrait/

MI5 COMES OUT AGAINST CUTTING OFF INTERNET PIRATES (The Times, 23 Oct 2009) - The police and intelligence services are calling on the Government to drop plans to disconnect persistent internet pirates because they fear that this would make it harder to track criminals online. Lord Mandelson, the Business Secretary, has vowed to use the Government’s forthcoming Digital Economy Bill to introduce new measures to fight illegal file-sharing of music and films. He has also proposed that persistent pirates should have their internet connections suspended temporarily. But The Times understands that both the security services and police are concerned about the plans, believing that threatening to cut off pirates will increase the likelihood that they will escape detection by turning to encryption. http://www.timesonline.co.uk/tol/news/uk/crime/article6885923.ece

PRIVACY COALITION SEEKS INVESTIGATION OF DHS CHIEF PRIVACY OFFICE (BeSpacific, 24 Oct 2009) - “EPIC joined the Privacy Coalition letter sent to the House Committee on Homeland Security urging them to investigate the Department of Homeland Security’s (DHS) Chief Privacy Office. DHS is unrivaled in its authority to develop and deploy new systems of surveillance. The letter cited DHS use of Fusion Center, Whole Body Imaging, funding of CCTV Surveillance, and Suspicionless Electronic Border Searches as examples of where the agency is eroding privacy protections.” http://www.bespacific.com/mt/archives/022652.html#022652

SOCIAL MEDIA AND ED. TECH. COMPANIES (InsideHigherEd, 26 Oct 2009) - Where social media make sense to me are as a method of exposing the fact that organizations are made up of people. I don’t want to read blog posts or Facebook status updates or tweets from Microsoft, Google, Blackboard, Adobe, Apple etc.... But I do want to hear from the people who work at these companies. Particularly the people who work in the education divisions of these companies. The NYTimes has now has a social media editor named Jennifer Preston. In an interview on NYTimes Tech Talk, Preston makes the point that NYTimes reporters can use social media to engage in two-way conversations with a highly motivated community. Part of her job is to encourage this conversation. I think the time has come for companies to bring in their own social media editors. I know some of the people who work in ed. tech companies that we do business with, but I don’t know nearly enough of you. Who are the education leaders, decision makers, program managers, developers, designers, and sales folks at Microsoft? (to pick on one). What do you guys care about? What is driving you crazy? What are you working on? What articles and blogs are you reading right now? What products and services do you use? How did you get into educational technology? What do you hope to leave as your legacy? http://www.insidehighered.com/blogs/technology_and_learning/social_media_and_ed_tech_companies

FBI: CYBER CROOKS STOLE $40M FROM U.S. SMALL, MID-SIZED FIRMS (Washington Post, 26 Oct 2009) - Cyber criminals have stolen at least $40 million from small to mid-sized companies across America in a sophisticated but increasingly common form of online banking fraud, the FBI said this week. According to the FBI and other fraud experts, the perpetrators have stuck to the same basic tactics in each attack. They steal the victim’s online banking credentials with the help of malicious software distributed through spam. The intruders then initiate a series of unauthorized bank transfers out of the company’s online account in sub-$10,000 chunks to avoid banks’ anti-money-laundering reporting requirements. From there, the funds are sent to so-called “money mules,” willing or unwitting individuals recruited over the Internet through work-at-home job scams. When the mules pull the cash out of their accounts, they are instructed to wire it (minus a small commission) via services such as MoneyGram and Western Union, typically to organized criminal groups operating in countries like Moldova, Russia and Ukraine. Steve Chabinsky, deputy assistant director of the FBI’s Cyber Division, said criminals involved in these online account takeovers have attempted to steal at least $85 million from mostly small and medium-sized businesses, and have successfully made off with about $40 million of that money. http://voices.washingtonpost.com/securityfix/2009/10/fbi_cyber_gangs_stole_40mi.html

STUDY: FACEBOOK, TWITTER USE AT WORK COSTS BIG BUCKS (ComputerWorld, 26 Oct 2009) - A U.K. firm today released a study showing that people who use Facebook, Twitter and other social networks while at work extract a heavy cost on their employers. Employees who use Twitter and other social networks in the office are costing U.K. businesses about 1.38 billion pounds, or more than $2.25 billion a year, according to London-based Morse PLC, an IT services and technology company. Morse surveyed 1,460 office workers and found that 57% browse social networking sites for personal use while in the office. Those workers use social networks an average of 40 minutes a day at work, which adds up to a lost week each year, the survey found. Morse, which commissioned research firm TNS Group to do the study, isn’t alone in its findings. In July, Nucleus Research, an IT research company in Boston, released a study showing that companies where users are free to access Facebook in the workplace lose an average of 1.5% in total employee productivity. The survey also showed that 77% of workers who have a personal Facebook account use it during work hours. Earlier this month, a study commissioned by Robert Half Technology, an IT staffing firm, showed that companies are starting to take on social networkers in their offices. This study found that 54% of U.S. companies had banned office use of social networking sites like Twitter, Facebook, LinkedIn and MySpace while on the job. http://www.computerworld.com/s/article/9139902/Study_Facebook_Twitter_use_at_work_costs_big_bucks?source=CTWNLE_nlt_pm_2009-10-26

IN INDUSTRY FIRST, VOTING MACHINE COMPANY TO PUBLISH SOURCE CODE (Wired, 27 Oct 2009) - Sequoia Voting Systems plans to publicly release the source code for its new optical scan voting system, the company announced Tuesday — a remarkable reversal for a voting machine maker long criticized for resisting public examination of its proprietary systems. The company’s new public source optical-scan voting system, called Frontier Election System, will be submitted for federal certification and testing in the first quarter of next year. The code will be released for public review in November, the company said, on its web site. Sequoia’s proprietary, closed systems are currently used in 16 states and the District of Columbia. The announcement comes five days after a non-profit foundation announced the release of its open-source election software for public review. Sequoia spokeswoman Michelle Shafer says the timing of its release is unrelated to the foundation’s announcement. In the press release announcing the public-source system, a Sequoia vice president is quoted saying that “Security through obfuscation and secrecy is not security.” “Fully disclosed source code is the path to true transparency and confidence in the voting process for all involved,” said Eric Coomer, vice president of research and product development for Sequoia, in the press release. “Sequoia is proud to be the leader in providing the first publicly disclosed source code for a complete end-to-end election system from a leading supplier of voting systems and software.” Sequoia in fact has been a champion of security through obscurity since it’s been selling voting systems. The company has long had a reputation for vigorously fighting any efforts by academics, voting activists and others to examine the source code in its proprietary systems, and even threatened to sue Princeton University computer scientists if they disclosed anything learned from a court-ordered review of its software. http://www.wired.com/threatlevel/2009/10/sequoia/

LEARNING BY DEGREES (Harvard Magazine, Nov/Dec 2009) - the image is grim: “binge and purge” learning. It’s what students do when they cram for a test: consume subject matter in a large lump (binge) and then spit it back on the exam (purge). This mode of study doesn’t seem to produce durable learning. During the past four years, associate professor of surgery B. Price Kerfoot, M.D. ‘96, Ed.M. ‘00, has developed a scheme that’s more like grazing: “spaced education.” More than 10 rigorous studies on medical students and residents using randomized trials have shown its efficacy: it can increase knowledge by up to 50 percent, and strengthen retention for up to two years. Furthermore, students report enjoying spaced education; its website (www.spaceded.com) even calls it “addictive.” The website offers, online, the first courses structured in this mode. (Harvard has applied for a patent on the technology, and already licenses it to an Internet start-up company, SpacedEd.) The methodology, which Kerfoot, a urological surgeon, invented, breaks information down into discrete packages and then applies two learning principles that he gleaned from the psychological literature on learning and memory. The first principle is the spacing effect—”When you present and repeat information over intervals of time [as opposed to “binges”], you can increase the uptake of knowledge,” he explains. “And it’s encoded in ways that cause it to be preferentially retained.” The second principle is the testing effect: “When you present information in a ‘test’ format, rather than just reading it, long-term retention is dramatically improved.” http://harvardmagazine.com/2009/11/spaced-education-boosts-learning

ACC TO GCS: ELIMINATE SOFTWARE COSTS (Law.com, 27 Oct 2009) - In a market where in-house legal teams must control cost, many are seeking to eliminate it completely, at least with respect to their technology budgets. Despite its placement on the last day of the Association of Corporate Counsel’s annual conference this month, the “InExpensive/Free Applications for Your Law Department” session captivated an audience of more than 100 people for over an hour. Mark Donald, associate general counsel of Baltimore-based Vertis Communications, offered attendees a variety of ideas for leveraging open-source technology to streamline operations and eliminate unnecessary expenses. For example, he encouraged audience members seeking a full-feature, Web-based enterprise document management system to consider the open-source version of KnowledgeTree or the community edition of Alfresco. He similarly recommended that those interested in designing workflow use ProcessMaker and directed audience members to the company’s YouTube channel to see Processmaker in action. Eager to experiment with ProcessMaker “to interface with the sales effort to prepare contracts,” Atlanta-based Polysius Corp. GC Lori Ann Haydu attended this particular session because “I wanted to see how we could do more with less.” That was certainly a theme and Donald provided his peers with options for addressing routine activities with free tools like Open Office, an open-source suite of products for word processing, spreadsheets, presentations and other functions, noting that the program provides “baseline Microsoft Office compatibility and supports redlining very well in instances where one may need to quickly review a document on a computer without Microsoft Word.” And the creation of PDF documents using open-source Cute PDF Writer intrigued audience members. The discussion of PDF Creator, a program that enables users to create and manipulate PDF documents, generated enthusiastic questions from the audience, although the program is not exactly free (a one-year license costs $29.95). Co-presenter Joel Green, GC of Beverly, Mass.-based Altova, offered Web-based resources for finding answers to specific issues, documents and general guidance. He encouraged use of the ACC’s various listservs. In addition, he recommended regional and local meetings of in-house counsel, Legal OnRamp and ABA resources. However, he alerted attendees: “Your competitors or outside counsel may be on those boards as well” and advised them to be circumspect. Green also instructed audience members to read blogs, including The Wall Street Journal’s Law Blog, Patently-O and others written by law firms, including Sheppard Mullin’s blog on government contracts. “Blogs can be useful because they do provide valuable information on a variety of topics.” Another law firm resource included Wilson Sonsini Goodrich & Rosati’s Term Sheet Generator. http://www.law.com/jsp/article.jsp?id=1202434943463&rss=newswire

SURVEY: FEW COMPANIES ADDRESSING CYBERTERRORISM (CNET, 28 Oct 2009) - Cyberterrorism is on the rise around the world. But only one-third of companies are tackling it in their disaster recovery plans, says a survey released Tuesday by data center association AFCOM. Although the majority (60.9 percent) of companies questioned see cyberterrorism as a threat to be addressed, “AFCOM’s 2009/2010 Data Center Trends” survey found that only 24.8 percent have adopted it in their policies and procedures manuals. Further, only 19.7 percent provide cyberterrorism training to their employees. Around 82 percent do run background checks on new hires. But that still leaves almost 20 percent of all data centers that don’t perform security checks on new employees, even those working directly with personal, financial, and even military records, noted AFCOM. The U.S. power grid has been especially vulnerable as utility companies rely more on network-based smart-grid technology to manage it. A Wall Street Journal report said spies from Russia and China have already hacked into the grid, leaving behind traces of their activity. In an interview with “60 Minutes” in April, Defense Secretary Robert Gates said that the U.S. is “under cyberattack virtually all the time, every day.” Beyond the AFCOM survey, other reports have also noted flaws among organizations in their approach toward cyberterrorism. http://news.cnet.com/8301-1009_3-10385230-83.html

EDUCAUSE CORE DATA SERVICE FISCAL YEAR 2008 SUMMARY REPORT (Educause, 28 Oct 2009) - EDUCAUSE Core Data Service Fiscal Year 2008 Summary Report summarizes much of the data collected through the 2008 EDUCAUSE core data survey about campus information technology (IT) environments at colleges and universities in the U.S. and abroad. The report presents aggregated data and time trends through more than 100 figures and tables and accompanying descriptive text in five areas relevant to planning and managing IT in higher education: IT Organization, Staffing, and Planning; IT Financing and Management; Faculty and Student Computing; Networking and Security; and Information Systems. Appendices include a brief historical context, a list of participating campuses, the 2008 survey instrument, a glossary of terms from the survey, and a crosswalk between survey questions and figures and tables in the report. http://net.educause.edu/coredata/reports/2008/index.asp?bhcp=1 Report here: http://net.educause.edu/ir/library/pdf/PUB8006.pdf

CT RULES FACEBOOK TERMS CLAIMING OWNERSHIP OF USER INFO DID NOT DESTROY CDA PROTECTIONS (BNA’s Internet Law News, 29 Oct 2009) - BNA’s Electronic Commerce & Law Report reports that the New York Supreme Court, New York County has ruled that as an interactive computer service, Facebook was immune to defamation claims arising from content posted by its users, regardless of what its terms of service said about it owning user-generated data posted there. Judge Debra A. James said that data ownership does not factor into the analysis of whether an online service qualifies for protections granted to interactive computer services under the Communications Decency Act. Case name is Finkel v. Facebook Inc.

LAWYERESE GOES GALACTIC AS CONTRACTS TRY TO MASTER THE UNIVERSE (WSJ, 29 Oct 2009) - Decked out in sequined black and gold dresses, Anne Harrison and the other women in her Bulgarian folk-singing group were lined up to try out for NBC’s “America’s Got Talent” TV show when they noticed peculiar wording in the release papers they were asked to sign. Any of their actions that day last February, the contract said, could be “edited, in all media, throughout the universe, in perpetuity.” She and the other singers, many of whom are librarians in the Washington, D.C., area, briefly contemplated whether they should give away the rights to hurtling their images and voices across the galaxies forever. Then, like thousands of other contestants, they signed their names. Ms. Harrison figured the lawyers for the show were trying to hammer home the point that contestants have no rights to their performances, “but I think they’re just lazy and don’t want to write a real contract,” she says. Lawyers for years have added language to some contracts that stretches beyond the Earth’s atmosphere. But more and more people are encountering such everywhere-and-forever language as entertainment companies tap into amateur talent and try to anticipate every possible future stream of revenue. Experts in contract drafting say lawyers are trying to ensure that with the proliferation of new outlets -- including mobile-phone screens, Twitter, online video sites and the like -- they cover all possible venues from which their clients can derive income, even those in outer space. FremantleMedia, one of the producers of NBC’s “America’s Got Talent,” declined to comment on its contracts. The space and time continuum has extended to other realms outside the arts, including pickles. A 189-word sentence in a September agreement between Denver-based Spicy Pickle Franchising Inc. and investment bank Midtown Partners & Co. -- which has helped raise capital for the sandwich and pickle shops dotted across the region -- unconditionally releases Spicy Pickle from all claims “from the beginning of time” until the date of the agreement. “We’re trying to figure out how to cover every possible base as quickly as possible,” says Marc Geman, chief executive officer of Spicy Pickle. “When you start at the beginning of time, that is pretty clear.” As for the wordy language, he says, “the length of the paragraph is only limited by the creativity of the attorney.” [Doesn’t he have this inverted? Creative lawyers write concisely.] http://online.wsj.com/article/SB125658217507308619.html

JUDGE RULES METADATA IS PUBLIC RECORD (ArsTechnica, 29 Oct 2009) - The Arizona state Supreme Court has ruled that the metadata attached to public records is itself public, and cannot be withheld in response to a public records request. In the Arizona case, a police officer had been demoted in 2006 after reporting “serious police misconduct” to his superiors. He suspected that the demotion was done in retaliation for his blowing the whistle on his fellow officers, so he requested and obtained copies of his performance reports from the department. Thinking that perhaps the negative performance reports had been created after the fact and then backdated, he then demanded access to the file metadata for those reports, in order to find out who had written them and when. The department refused to grant him access to the metadata, and the matter went to court. After working its way through the court system in a series of rulings and appeals, this past January an Arizona appeals ruled that even though the reports themselves were public records, the metadata was not. It turned out that Arizona state law doesn’t actually define “public record” anywhere, so the appeals court relied on various common law definitions to determine that the metadata, as a mere byproduct of the act of producing a public record on a computer, was not a public record itself. The case was then appealed to the Arizona state Supreme Court, which has now ruled that the metadata is, in fact, a public record just like the document that it’s attached to. http://arstechnica.com/tech-policy/news/2009/10/lobbyists-beware-arizona-rules-metadata-is-public-record.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss and http://www.law.com/jsp/article.jsp?id=1202435052835&rss=newswire

- and -

PA BAR COMMITTEE EXAMINES METADATA (Sup. Ct. Penn, Oct 2009) - The Committee on Legal Ethics and Professional Responsibility has addressed the issue of lawyer’s responsibilities regarding metadata in Formal Opinion 2009-100, “Ethical Obligations on the Transmission and Receipt of Metadata.” Formal Opinion 2009-100 addresses the responsibilities of both sending and receiving lawyers. The opinion puts particular emphasis on the duties of the sending lawyer to take reasonably diligent steps to prevent the transmission of potentially confidential information. This duty is grounded in Rules 1.1 (Competence) and 1.6 (Confidentiality) of the Rules of Professional Conduct. Comment 4 to Rule 1.6 states, “This prohibition also applies to disclosures by a lawyer that do not in themselves reveal protected information but could reasonably lead to the discovery of such information by a third person.” http://www.padisciplinaryboard.org/newsletters/index.php#story3 Opinion 2009-100 here: http://www.padisciplinaryboard.org/newsletters/2009/pdfs/f2009-100.pdf [Thanks to MIRLN reader Tom Laudise at RCG Information Technology for spotting this story.]

- and -

WANT TO UPDATE YOUR AVVO LISTING? IF SO, START POLICING CLIENT COMMENTS, OPINION SAYS (ABA Journal, 28 Oct 2009) - South Carolina lawyers tempted to update their listings on websites such as LinkedIn and Avvo should consider a new ethics opinion by the state bar’s Ethics Advisory Committee. The advisory opinion says lawyers who “claim” the website listing by clicking on an “update this listing” link or otherwise adopting the posted information must make sure the material conforms with ethics rules—even information that is posted by others, including clients. The opinion says websites such as Martindale-Hubbell, SuperLawyers, LinkedIn and Avvo may post informational listings about lawyers without their knowledge or consent. Once a lawyer participates in the listing, the rules change. “By claiming a website listing, a lawyer takes responsibility for its content and is then ethically required to conform the listing to all applicable rules,” the opinion says. “The language employed by the website for claiming a listing is irrelevant. (Martindale.com, for example, uses an ‘update this listing’ link for lawyers to claim their listings). Regardless of the terminology, by requesting access to and updating any website listing (beyond merely making corrections to directory information), a lawyer assumes responsibility for the content of the listing.” The content must not be false, misleading, deceptive or unfair, the opinion says. Client testimonials, barred by state ethics rules, should not be solicited or allowed. More general recommendations or statements of approval—client endorsements—may be allowed if they aren’t misleading and don’t create unjustified expectations. “If any part of the listing cannot be conformed to the rules (e.g., if an improper comment cannot be removed), the lawyer should remove his or her entire listing and discontinue participation in the service,” the opinion counsels. Mercer University law professor David Hricik noted the opinion at the blog Legal Ethics Forum. “Frankly, this one baffles me,” Hricik wrote. “I can understand why you can’t ask someone to say something about you that you can’t yourself say, … but am I really under an obligation to make sure nonclients comply with the lawyer advertising rules? Stay tuned, but in the meanwhile, you South Carolina lawyers better go read your various listings, I suppose including Facebook!” http://www.abajournal.com/news/want_to_update_your_avvo_listing_if_so_start_policing_client_comments_opini

EU SENDS CONFLICTING MESSAGES ON KEYWORD ADVERTISING (Steptoe & Johnson’s E-Commerce Law Week, 29 Oct 2009) - Two legal opinions in the European Union have reached conflicting conclusions about whether the use of trademarked terms in keyword advertising constitutes trademark infringement. The Paris Tribunal de Grande Instance (TGI) found eBay, Inc., and eBay International AG liable for “counterfeiting” the trademarks of four LVMH Moët Hennessy Louis Vuitton, S.A. (“LVMH”) subsidiaries by purchasing those companies’ trademarked phrases to use as keywords on search engines to draw users to eBay’s auction site. But a few days after the TGI ruling, an Advocate General (AG) of the European Court of Justice (ECJ) issued an advisory opinion in a similar case LVMH had brought in France against Google, Inc., and Google France regarding Google’s AdWords program. The AG opined that Google had not committed trademark infringement by selling trademarked terms as keywords to websites selling counterfeit products, and also that Google should not be considered a “contributory” infringer for facilitating third-party infringement. The AG also stated that advertisers do not infringe trademarks by purchasing those marks as keywords. Should the ECJ follow the advisory opinion, its ruling would likely contradict the TGI ruling against eBay and give eBay strong arguments in its appeal of that ruling. More broadly, the conflicting opinions highlight the opposing views that exist globally on how to regard use of trademarked terms as keywords. http://www.steptoe.com/publications-6433.html

AMAZON LETS SHOPPERS PAY WITH A PHRASE (CNET, 29 Oct 2009) - A simple phrase and pin code may be all you need the next time you pay for that book or CD at Amazon. The online retailer on Thursday debuted a new feature called Amazon PayPhrase, designed to let busy shoppers store their name, address, and payment information in a single phrase and pin code. Instead of entering all that data at the online checkout counter, you type your phrase and pin number when it’s time to cough up the cash. PayPhrase doesn’t just work at Amazon--it can be used at any online retailer that lets you pay via Amazon Payments. That covers a range of cyberstores, including Buy.com, J&R Electronics, DKNY, and Car Toys. PayPhrase also omits the need for a user name and password to store your personal info on every shopping site that uses Amazon Payments. However, you will need an Amazon.com account to set up and maintain your phrase. Amazon sees PayPhrase as a benefit to consumers trying to juggle different accounts at different retail sites. “PayPhrase solves the headache of trying to keep track of all the different user names and passwords people use to shop on various sites across the Web,” said Matt Williams, general manager of Amazon PayPhrase, in a statement. “With PayPhrase all you need is one phrase and one PIN to pay online.” http://news.cnet.com/8301-10797_3-10386056-235.html 30-second video explanation: http://www.amazon.com/gp/mpd/permalink/m1L3CVL0TEWNNT

DOES CLOUD COMPUTING NEED MALPRACTICE SAFEGUARDS? (CNET, 1 Nov 2009) - Recent failures to protect consumer data stored on the Internet (aka “the cloud”) point to an alarming gap between the value of that data and the care with which some vendors treat that data. Microsoft subsidiary Danger failed to put in even adequate safeguards for its customers’ data. Amazon Web Services failed to discover an obvious problem that kept a loyal customer down for 20 hours. The truth is that cloud computing means that now, more than ever, IT operations is a profession that has a very real economic and quality-of-life effect on its consumers--in very many ways much like health care or the law. I think it’s time we hold ourselves as individual and organizations to similar standards that we expect from doctors, lawyers, and law enforcement. Our ethics must reflect an understanding of the responsibility we are being granted by the rest of society. The instances above are examples of companies failing to follow well-known professional protocols, or putting the needs of the business ahead of the needs of the client. Heck, look at just about any cloud operator’s terms of service, and you see paragraph after paragraph of text that basically states, “If something goes wrong, you can’t blame us.” I think its time to change this attitude. I see a couple of options: http://news.cnet.com/8301-19413_3-10387879-240.html?part=rss&subj=news&tag=2547-1_3-0-5

LAWYERS IN DISCOVERY SCANDAL SAY QUALCOMM LIED (Law.com, 3 Nov 2009) - Lawyers in the Qualcomm discovery scandal claim that the company misled and stonewalled them, ultimately leading to the failure to turn over a mountain of relevant evidence and harsh sanctions from the court. The allegations were made in briefs filed Monday by lawyers from the now-defunct Day Casebeer Batchelder & Madrid, who for the first time are telling their side of what has become the most infamous discovery fiasco in recent times. Qualcomm Inc. was sanctioned by San Diego Magistrate Judge Barbara Major in January 2008 for intentionally withholding “tens of thousands of e-mails” in an infringement case against Broadcom Corp. involving video compression technology patents. The company’s lawyers -- six from Day Casebeer and one from Heller Ehrman -- were also sanctioned for assisting “Qualcomm in committing this incredible discovery violation,” either knowingly or recklessly, Major wrote at the time. The sanctions were later lifted while the lawyers got a chance to defend themselves. The lawyers argue they shouldn’t be penalized -- they were misled by their client. The Day Casebeer lawyers claim that they repeatedly prodded Qualcomm about whether the company had participated in industry meetings at which video compression standards were discussed. The upshot being that if the company had, then Qualcomm may have had no rights to enforce its patents against Broadcom. “Qualcomm’s failure to disclose was not limited to two or three people: Numerous individuals, including engineers in Qualcomm’s Digital Cinema group, managers of Qualcomm’s Standardization Group, and even attorneys in Qualcomm’s legal department, received inquiries from responding attorneys or Qualcomm paralegals about JVT participation and related subjects, but failed to provide critical information they had,” wrote Joel Zeldin, the Shartsis Friese partner who represents three of the Day Casebeer lawyers: partners James Batchelder and Christian Mammen and associate Kevin Leung. H. Sinclair Kerr Jr., a Kerr & Wagstaffe lawyer for former Day Casebeer lawyer Lee Patch, put it more succinctly. “Mr. Patch asked the right people the right questions at the right time and got wrong -- no, false -- answers.” http://www.law.com/jsp/article.jsp?id=1202435137932&rss=newswire&hbxlogin=1

ATTORNEY-CLIENT PRIVILEGE IN WORK E-MAILS (Law.com, 5 Nov 2009) - There are now several decisions determining whether employees can retain attorney-client privilege for e-mails sent to their lawyers using their employer-provided e-mail addresses and computers -- reaching apparently inconsistent conclusions. This article compares and seeks to reconcile the cases, and to assist lawyers in advising clients on how to avoid the risks that such communications pose. The first of these cases, Scott v. Beth Israel Medical Center Inc., 2007 WL 3053351 (N.Y. Sup. Oct. 17, 2007), was previously featured in an article in this column (“Abusive Litigation Tactics and Loss of Privilege,” March 3, 2008), but is revisited here because a New Jersey court recently reached a diametrically opposite conclusion on quite similar facts, in Stengart v. Loving Care Agency Inc., 973 A.2d 390 (N.J. Super. A.D. July 29, 2009). The article also reviews other recent decisions in the same general subject area. http://www.law.com/jsp/article.jsp?id=1202435191463&rss=newswire

JUDGE SPANKS LAWYER FOR LEAKING PERSONAL DETAILS IN BRIEF (The Register, 5 Nov 2009) - A judge has chastised a lawyer for including the social security numbers and birthdays of 179 individuals in an electronic court brief, ordering him to pay a $5,000 sanction and provide credit monitoring. US District Judge Michael J. Davis said he was meting out the penalty under his “inherent power,” meaning no one in the court case had filed a motion requesting he do so. In an order issued late last month, he said the move was designed to prevent attorney Vincent J. Moccio from repeating the carelessness again. “The court is deeply concerned with the harmful and widespread ramifications associated with negligent and inattentive electronic filing of court documents,” he wrote. “Although electronic filing significantly improves the efficiency and accessibility of our court system, it also elevates the likelihood of identity theft and damage to personal privacy when lawyers fail to follow federal and local rules.” Davis ordered Moccio to send the individuals a letter informing them that their private information had been made public and that unless they objected within seven days, they would automatically begin receiving a year’s worth of credit monitoring services free of charge. He also ordered the attorney to pay $5,000 to a Saint Paul, Minnesota, food bank. http://www.theregister.co.uk/2009/11/05/judge_sanctions_attorney/

**** PODCASTS ****
I BOUGHT THE LAW (Harvard’s Berkman Center, 4 Sept 2009) - Steve Schultze is a busy fellow. He is a fellow at the Berkman Center for Internet and Society. He recently joined the Princeton Center for Information Technology Policy as Associate Director. He also is one of the developers behind RECAP – an ambitious and provocative project that seeks to bring publicly available digital court records out from behind a costly paywall. [Interesting 22 minute podcast, delving into the technology and legal issues of PACER’s semi-controversial RECAP pug-in. Original story in MIRNL 12.12 here; related working paper by Schultze here.] http://blogs.law.harvard.edu/mediaberkman/2009/09/04/radio-berkman-129-i-bought-the-law/

LAWYER2LAWYER: E-MAIL AND THE 4TH AMENDMENT (Robert Ambrogi’s LawSites, 5 Nov 2009) - Does the Fourth Amendment’s protection against unreasonable searches and seizures extend to e-mail and data stored in “the cloud”? Surprisingly, the question remains unsettled in the courts. On this week’s legal-affairs podcast Lawyer2Lawyer, we discuss the extent to which e-mail and other online data are protected in both the criminal and civil contexts. Joining us are two experts on the topic: Orin S. Kerr, professor of criminal law at the George Washington University Law School and author of a number of law review articles on the application of the Fourth Amendment to Internet and computer data. Jason Paroff, director of computer forensics operations with the ESI Consulting practice at Kroll Ontrack. http://www.legaline.com/2009/11/lawyer2lawyer-e-mail-and-4th-amendment.html

**** RESOURCES ****
RECORD AND POST WEBCAM INTERVIEWS Wetoku, a Korean startup, has launched the public beta phase of its offering, so you and I can use it. Actually, you and I can use it together, that’s the point: Wetoku lets you record a webcam conversation and post the resulting video, with the two webcam images side by side, on your blog (it may only work with WordPress, at least for now). http://archive.constantcontact.com/fs092/1102594616158/archive/1102654849540.html

- and -

SOCIAL SEARCH (CeBe, 2 Nov 2009) - Aardvark is an experiment in social search: instead of asking a system to search through Web pages or documents, you ask the community, and an automated broker routes the search to people whose profile suggests that they may have an answer. The novelty of Aardvark is that you interact with it via instant messaging. So it pops up like a chatty friend (but you can define the frequency) and tells you, “Jane in Sacramento is asking: ...” and you reply in IM. You can pass, refer the question to someone else, etc. One interesting social aspect is whether people will give honest answers, or admit it when they don’t know. If you get ten replies, you can sort the wheat from the chaff, but if you receive just one, how do you know that you can trust it? Another question is whether we really need one more stream of interruptions... http://archive.constantcontact.com/fs092/1102594616158/archive/1102654849540.html

SHEPARDIZE? THERE’S AN APP FOR THAT (Robert Ambrogi’s LawSites, 5 Nov 2009) - It’s true. LexisNexis today announced the release of its application for the iPhone. It is called “Get Cases and Shepardize” and it lets you, well, get cases and Shepardize them simply by entering a citation. The good news is that the app is free to download from Apple’s iTunes store. The bad news is that you will need a LexisNexis subscription to use the app. http://www.legaline.com/2009/11/shepardize-theres-app-for-that.html

**** FUN ****
FAKE AP STYLEBOOK STEERS YOU COMPLETELY WRONG — WITH STYLE (Wired, 22 Oct 2009) - Like many proper news organizations, we at Wired.com use the venerable Associated Press Stylebook as an arbiter to determine whether we write “one” or “1″ or whether it’s “Calif.” or “CA.” But the trouble with venerable is that it gets old and boring. So we were delighted to learn of a disruptive newcomer to the writing style game. And the best part is that it’s on Twitter. The Fake AP Stylebook (I can just see the AP lawyers falling out of their Aero chairs) tells us that we should “Precede basic statements of fact with ‘allegedly’ to avoid accusations of bias: ‘the allegedly wet water,’ ‘the allegedly poisonous poison’” — well, that rule tracks pretty good (or is it “well?”) with that other style guide. But I bet you didn’t know that, “If you start a sentence with an action, place the actor immediately after or you will anger Christian Bale.” Or that “‘f***head’ should only be capitalized at the start of sentence. When referring to a talk radio host it is hyphenated.” The guide is very current, too. For example, be sure that you “Refer to him as ‘President Obama’ when he first appears in an article, ‘Soul Brother Number 1’ in subsequent mentions.” Other important rules:
• “Use the quintuple vowel to transcribe the utterances of small children, ‘Daaaaaddy, I waaaant a Pooooony!’”
• “The plural of Blackberry is ‘Blackberries.’ The plural of Blackberry users is “Dingleberries.’”
• “If you do not have an interviewees’ full title, use their most defining physical trait (e.g. ‘Alan Hayes, fat guy, said…’)”
• “Avoid using the letter ‘G’ as it is unlucky.”
Actually, knowing when to use words or numerals to describe numbers is one of the most vexing rules in professional journalism writing. The AP Stylebook instructs good writers to spell out one through nine, and to use numerals from 10 on. But from now on we’re following this fantastic bit of advice: “The numbers one through ten should be spelled out while numbers greater than ten are products of the Illuminati and should be avoided.” http://www.wired.com/epicenter/2009/10/fake-ap-style-book/ Related: http://www.abajournal.com/weekly/justice_scalia_delivers_lesson_on_word_usage

PSYCHIC SPIES, ACID GUINEA PIGS, NEW AGE SOLDIERS: THE TRUE MEN WHO STARE AT GOATS (DangerRoom, 6 Nov 2009) - “More of this is true than you would believe,” we’re told, just a few minutes into the movie version of The Men Who Stare At Goats, which opens today. But how many of the film’s outlandish military research projects really happened? Turns out there’s plenty of material in the movie which sticks quite close to the truth — though reality is a bit more complicated. (Warning: minor spoilers ahead.) http://www.wired.com/dangerroom/2009/11/psychic-spies-acid-guinea-pigs-new-age-gis-the-true-men-who-stare-at-goats/

**** LOOKING BACK ****
BORDERS TRIES ON-DEMAND PRINTING (WSJ, 1 June 1999) - In a deal aimed to deflate Web-based competitors Amazon.com and BarnesandNoble.com, Borders Group is planning to offer on-demand printing of out-of-print or obscure titles that it otherwise would not carry. The deal includes an investment in Atlanta startup Sprout Inc., and eventually will enable Borders stores to print high-quality paperbacks in the store in about 15 minutes. “Making a book will be no more difficult than making a latte at Starbucks,” says Sprout co-founder Henry Topping. When a customer wants a book that’s not in stock, Borders employees will be able to check Sprout’s database of titles licensed from publishers. If the title is available, they can download a digital file of the book from Sprout’s central server, and use in-store equipment to print and bind the book. Print-on-demand “is another way for a Borders or Barnes & Noble to take advantage of retail-store assets rather than let Amazon.com eviscerate them,” says a Forrester Research analyst. (Wall Street Journal 1 Jun 99) http:wsj.com/ http://scout.wisc.edu/Projects/PastProjects/net-news/99-06/99-06-01/0007.html

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln.

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. BNA’s Internet Law News, http://ecommercecenter.bna.com.
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
7. McGuire Wood’s Technology & Business Articles of Note,
8. Steptoe & Johnson’s E-Commerce Law Week,
9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/.
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.