Saturday, November 07, 2009

MIRLN --- 18 October – 7 November 2009 (v12.15)

NEWS | PODCASTS | RESOURCES | FUN | LOOKING BACK | NOTES

• Heartland Breach: Inside Look at the Plaintiffs’ Case
• Site Lets Investors See and Copy Experts’ Trades
• Check E-Mail Hourly, Quinn Partner Says, Unless in Court, in Tunnel or Asleep
• Baited and Duped on Facebook
• Court Rules that Phones Ringing in Public Don’t Infringe Copyright
o Apology for Singing Shop Worker
• CIA Invests in Firm that Datamines Social Networks
o U.S. Navy CIO: Social Media Should Be Part of Military IT Standard
o US Department of Defense Embraces Open Source
• Web Store Offering New Jersey Shipments Avails Itself of Forum Even Absent Any Sales
o Hosting Sponsored Ad Links Targeting New York Not Enough for Jurisdiction There
• Data Breach Notification Spreads South of The Border -- Way South
• SEC Proposes Amending Rules for Internet Availability of Proxy Materials
• Microsoft Wants ISO Security Certification for its Cloud Services
• Obama’s Ethics Counsel Faces Tough Crowd at ABA Conference
• Obama Family Portrait Posted to Flickr
• MI5 Comes Out Against Cutting Off Internet Pirates
• Privacy Coalition Seeks Investigation of DHS Chief Privacy Office
• Social Media and Ed. Tech. Companies
• FBI: Cyber Crooks Stole $40m from U.S. Small, Mid-Sized Firms
• Study: Facebook, Twitter Use at Work Costs Big Bucks
• In Industry First, Voting Machine Company to Publish Source Code
• Learning by Degrees
• ACC to GCS: Eliminate Software Costs
• Survey: Few Companies Addressing Cyberterrorism
• Educause Core Data Service Fiscal Year 2008 Summary Report
• Ct Rules Facebook Terms Claiming Ownership of User Info Did Not Destroy CDA Protections
• Lawyerese Goes Galactic as Contracts Try to Master the Universe
• Judge Rules Metadata is Public Record
o PA Bar Committee Examines Metadata
o Want to Update Your Avvo Listing? If So, Start Policing Client Comments, Opinion Says
• EU Sends Conflicting Messages on Keyword Advertising
• Amazon Lets Shoppers Pay with a Phrase
• Does Cloud Computing Need Malpractice Safeguards?
• Lawyers in Discovery Scandal Say Qualcomm Lied
• Attorney-Client Privilege in Work E-Mails
• Judge Spanks Lawyer for Leaking Personal Details in Brief

**** NEWS ****
HEARTLAND BREACH: INSIDE LOOK AT THE PLAINTIFFS’ CASE (BankInfoSecurity, 8 Oct 2009) - Prior to the Heartland Payment Systems (HPY) data breach, company executives misrepresented their “state of the art” security measures, says a new document filed in the class action suit against the payments processor. Heartland publicly touted its “multiple layers of security,” and said it placed “significant emphasis on maintaining a high level of security in order to protect the information of our merchants and their customers,” according to the master complaint filed last month in U.S. Southern District Court in Houston. In January, Heartland announced it had been the victim of a data breach that is now recognized as the largest ever reported, impacting more than 130 million consumer credit/debit card accounts. The complaint represents “everything we know about the Heartland data breach so far,” says attorney Richard Coffman, representing the financial institutions suing Heartland for damages. This document lays out for the first time a sequence of events and statements made by Heartland executives about security measures and actions before, during and after the breach. http://www.bankinfosecurity.com/articles.php?art_id=1844 Complaint filing here: http://www.bankinfosecurity.com/external/HEARTLAND-FILING-9_2_09.pdf

SITE LETS INVESTORS SEE AND COPY EXPERTS’ TRADES (New York Times, 19 Oct 2009) - The trouble with mutual funds is that investors can feel as though they have put their money in a black box. The 90 million Americans with money in funds know little about fees, what securities their money is invested in and who is in charge. Daniel Carroll, who started investing when he was 15, thinks he has a way to let average investors learn about investing while experts manage the money. In 2008, he started KaChing, a Web site where 400,000 amateur and professional investors manage virtual portfolios. Others have logged on to see what the investors on the site are doing and make the same trades in their own real portfolios. On Monday, KaChing is to add a new twist. Customers can set up brokerage accounts that automatically mirror the trades of a money manager, some of them professionals. “The idea of an asset manager showing all his research, his holdings — it’s unheard-of,” said Mr. Carroll, now 27 and the vice president for business development at KaChing. “In the financial industry, the idea is that information is currency; they protect it with their lives.” KaChing has attracted a roster of prominent early investors from Silicon Valley who have financed the company with $3 million. They include Marc Andreessen, co-founder of Netscape; Kevin Compton of Kleiner Perkins Caufield & Byers; and Jeffrey Jordan, chief executive of OpenTable, the online reservation service. The angel investors have also been investing their own money through KaChing during the pilot period. “The concept is great — the ability to tap into not just the wisdom of the crowd, but to be able to identify and invest with the particular geniuses in the crowd that stand out,” said Mr. Andreessen, who has invested $100,000 using the site. Customers will be able to open a brokerage account with Interactive Brokers and link their account with their choice of investors on KaChing. KaChing charges customers a single management fee of 0.25 percent to 3 percent, set by each investor. KaChing keeps a quarter of the fee, and the investors get the rest. Each time the investors make a trade, KaChing will automatically make the same trades for the customer. Customers can log on whenever they want to check their portfolio’s performance. They can send the investor private messages and receive alerts if the investor does something unusual. With the click of a mouse, customers can stop mirroring an investor. http://www.nytimes.com/2009/10/19/technology/start-ups/19kaching.html?_r=2&scp=1&sq=kaching&st=cse

CHECK E-MAIL HOURLY, QUINN PARTNER SAYS, UNLESS IN COURT, IN TUNNEL OR ASLEEP (ABA Journal, 19 Oct 2009) - After doing a great job on a rush project, a relatively new associate at Quinn Emanuel Urquhart Oliver & Hedges made a mistake. He didn’t check his e-mail. As a result, he missed a senior partner’s instruction that he should send out a draft document for client review before calling it a day. Partner A. William Urquhart notes the mistake in an e-mail he sent the next morning to firm attorneys, which is reprinted in Above the Law, and exhorts the troops to pick up the pace as far as electronic message review is concerned. Lawyers should be checking their e-mail hourly, unless they have a very good excuse for not doing so, Urquhart says, such as being in court, in a tunnel or asleep. “One of the last things you should do before you retire for the night is to check your e-mail. That is why we give you BlackBerries,” he writes. http://www.abajournal.com/weekly/check_e-mail_hourly_quinn_partner_says_unless_in_court_in_tunnel_or_asleep [Editor: Law firms have been talking about the need for immediate response—i.e., within 15 minutes—to client emails for years. This (and this story) is nuts. Clients will let you know their response requirements, and one size doesn’t fit all.]

BAITED AND DUPED ON FACEBOOK (ComputerWorld, 19 Oct 2009) - When CIO Will Weider encouraged employees at Ministry Health Care and Affinity Health System in Wisconsin to use Facebook to spread the word about new programs and successful projects, he was surprised at the result: Few did so. “I went in there thinking, ‘We’ve turned these people loose; we’ll have 10,000 marketers out there,’ “ Weider says. But the Ministry Health workforce, it turned out, had been well trained to protect sensitive data, and without explicit guidance on what they could say, their first reaction was to share nothing. “We’ve stressed the importance of data security with our employees, particularly when it comes to patient privacy, and it’s kept them from sharing all the great things about work on Facebook,” Weider says. That’s a good problem to have. Many fear that the popularity of social networking -- among individuals as well as organizations -- will precipitate an increase in social engineering attacks that could result in security breaches that expose corporate data or damage a company’s reputation. But while executives seem to grasp the potential threats of social networking, only a slim majority of organizations seem to feel the need to do something about it. In an exclusive September 2009 Computerworld survey, 53% of the 120 IT professionals polled reported that their organizations have a social media usage policy, while 41% said they don’t and 6% said they weren’t aware of such a policy. And in a July 2009 poll by advertising agency Russell Herder and law firm Ethos Business Law, both based in Minneapolis, 81% of the 438 respondents said they have concerns about social media and its implications for both corporate security and reputation management. However, only one in three said that they have implemented social media guidelines, and only 10% said that they have undertaken related employee training. http://www.computerworld.com/s/article/343908/Baited_and_Duped_on_Facebook?source=CTWNLE_nlt_pm_2009-10-19

COURT RULES THAT PHONES RINGING IN PUBLIC DON’T INFRINGE COPYRIGHT (EFF, 21 Oct 2009) - In June, we reported on ASCAP’s claim that when your cell phone’s musical ringtone sounds in a public place, you are infringing copyright. A federal court firmly rejected that argument last week, ruling that “when a ringtone plays on a cellular telephone, even when that occurs in public, the user is exempt from copyright liability, and the [cellular carrier] is not liable either secondarily or directly.” This is exactly the outcome urged by EFF, Public Knowledge, and the Center of Democracy & Technology in an amicus brief filed in the case. https://www.eff.org/deeplinks/2009/10/court-rules-phones-ringing-public-dont-infringe-co

- and -

APOLOGY FOR SINGING SHOP WORKER (BBC, 21 Oct 2009) - A shop assistant who was told she could not sing while she stacked shelves without a performance licence has been given an apology. Sandra Burt, 56, who works at A&T Food store in Clackmannanshire, was warned she could be fined for her singing by the Performing Right Society (PRS). However the organisation that collects royalties on behalf of the music industry has now reversed its stance. They have sent Mrs Burt a bouquet of flowers and letter of apology. Mrs Burt, who describes herself as a Rolling Stones fan, said that despite the initial warning from the PRS, she had been unable to stop herself singing at work. The village store where Mrs Burt works was contacted by the PRS earlier this year to warn them that a licence was needed to play a radio within earshot of customers. When the shop owner decided to get rid of the radio as a result, Mrs Burt said she began singing as she worked. http://news.bbc.co.uk/2/hi/uk_news/scotland/tayside_and_central/8317952.stm

CIA INVESTS IN FIRM THAT DATAMINES SOCIAL NETWORKS (SlashDot, 20 Oct 2009) - “In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using ‘open source intelligence’ — information that’s publicly available... Visible Technologies crawls over half a million web 2.0 sites a day, scraping more than a million posts and conversations taking place on blogs, online forums, Flickr, YouTube, Twitter and Amazon. (It doesn’t touch closed social networks, like Facebook, at the moment.) Customers get customized, real-time feeds of what’s being said on these sites, based on a series of keywords. ‘That’s kind of the basic step — get in and monitor,’ says company senior vice president Blake Cahill. Then Visible ‘scores’ each post, labeling it as positive or negative, mixed or neutral. It examines how influential a conversation or an author is. (‘Trying to determine who really matters,’ as Cahill puts it.) Finally, Visible gives users a chance to tag posts, forward them to colleagues and allow them to response through a web interface.” http://yro.slashdot.org/story/09/10/20/1444256/CIA-Invests-In-Firm-That-Datamines-Social-Networks?from=rss

- and -

U.S. NAVY CIO: SOCIAL MEDIA SHOULD BE PART OF MILITARY IT STANDARD (ReadWriteWeb, 21 Oct 2009) – In a blog post this week, U.S. Navy CIO Rob Carey wrote that social media is a resource for the American military that should be used to build trust and collaboration, both within and outside the organization. In attempts to balance communication, transparency, and operational security, the military has encountered both practical obstacles and general criticism. In a recent podcast, Carey said, “Most social networking tools come with no rules of the road. As the Internet moves towards user-generated content, we thought there was a void we could fill... to mitigate some of the security risks associated with social media.” Beyond risk management, Carey said, “Social media has a powerful collaboration engine associated with it.” Generally, military organizations have the options to reach out directly to large IT companies to configure customized security profiles and inherent OPSEC protection for personnel; traditionally, however, social networks such as Facebook and Twitter have not been particularly receptive to working within that type of culture or framework. From the sharing-and-access social media pole to the security/military pole, both sides are resistant to different approaches to shared and social information. Still, Carey is an advocate for the usefulness of these tools, even behind a military firewall. “We must remain a learning organization. As the Internet evolves, so must our workforce and its associated skills. To that end, we must be able to embrace change,” Carey wrote in his blog post. “Many of our processes are rooted in the Industrial Age and will need to move toward the Information Age to remain relevant in the coming years.” With specific regard to social media and the American military, Carey stated, “Social media is an inherent part of the toolbox for members of the millennial workforce, while baby boomers are just adopting it. Social media tools should become the standard by which we can share and collaborate on information inside and outside the network boundaries.” He also highlighted green initiatives, mobile working, and the use of modern technological tools in recruitment efforts. To see Carey’s office’s Policy and Guidelines for Secure Use of Social Media by Federal Departments and Agencies, click here for a full PDF. http://www.readwriteweb.com/archives/us_navy_cio_social_media_should_be_part_of_militar.php

- and -

US DEPARTMENT OF DEFENSE EMBRACES OPEN SOURCE (ReadWriteWeb, 28 Oct 2009) - At the US Department of Defense, open source and proprietary software are now on equal footing. According to Defense Department guidance issued yesterday (PDF), open-source software (OSS) should be treated just like any other software product. The document also specifies some of the advantages of OSS for the Department of Defense (DoD). These include the ability to quickly alter the code as situations and missions change, the stability of the software because of the broad peer-review, as well as the absence of per-seat licensing costs. The document also stresses that OSS is “particularly suitable for rapid prototyping and experimentation, where the ability to ‘test drive’ the software with minimal costs and administrative delays can be important.” The DoD already uses some open-source products. This new memorandum is meant to provide guidance on the use of OSS and to clarify some misconceptions. According to the DoD, these misconceptions have hampered “effective DoD use and development of OSS.” One of these misconceptions is that the DoD would have to distribute any changes made to the OSS code. In reality, most open-source licenses permit users to modify code for internal use and these organizations only have to make the changes public if they distribute the code outside of their organizations. http://www.readwriteweb.com/archives/us_department_of_defense_embraces_open_source.php

WEB STORE OFFERING NEW JERSEY SHIPMENTS AVAILS ITSELF OF FORUM EVEN ABSENT ANY SALES (BNA’s Internet Law News, 22 Oct 2009) - BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the District of New Jersey has ruled that an interactive website that gives visitors the option of selecting New Jersey as the ship-to destination is evidence of purposeful availment of the new Jersey forum enough to support jurisdiction there, even absent evidence of actual New Jersey sales. The court said that a website offering allegedly counterfeit goods for sale specifically to New Jersey residents was a meaningful contact with the forum that would satisfy the due process clause’s purposeful availment requirement. Case name is Tristar Products Inc. v. SAS Group Inc.

- but -

HOSTING SPONSORED AD LINKS TARGETING NEW YORK NOT ENOUGH FOR JURISDICTION THERE (BNA’s Internet Law News, 5 Nov 2009) - BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the Southern District of New York has ruled that although some ads on a site sponsoring pay-per-click links may resolve to New York web addresses and companies, that contact will not, without more evidence of direct New York soliciting, support jurisdiction over the website owner there. The court said that simply claiming that sponsored links meant direct solicitation was not convincing.

DATA BREACH NOTIFICATION SPREADS SOUTH OF THE BORDER -- WAY SOUTH (Steptoe & Johnson’s E-Commerce Law Week, 22 Oct 2009) - Uruguay recently issued mandatory data breach notification provisions as part of regulations implementing its Personal Data Protection Act (Law 18331). Article 8 of the Act (Decree No. 414/009) requires that “[w]henever those responsible for or in charge of a database … learn of security breaches at any stage of the (data) treatment process that have the potential of affecting the rights of the injured parties in a significant way, they must inform them of this incident.” The Act and regulations were adopted as part of Uruguay’s effort to satisfy the EU Directive on Data Protection, No. 95/46/EC, and to become a premiere Latin American outsourcing point for banking, call-center operations, airplane ticket sales, and other international financial and administrative services. Few other countries currently require notification of individuals affected by a data breach; Japan, Norway, and Germany, are among the few that do so, along with 45 U.S. states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands. Mandatory notification is, however, likely to come to the EU in the next year or two as part of proposed revisions to the EU electronic communications framework. And South Africa’s Protection of Personal Information Bill, which was approved by the Cabinet and is now before Parliament, would make notification mandatory. The spread of such laws makes it all the more imperative for multinational companies to put in place effective data security measures and a response plan to deal with any breaches that do occur. http://www.steptoe.com/publications-6402.html

SEC PROPOSES AMENDING RULES FOR INTERNET AVAILABILITY OF PROXY MATERIALS (Duane Morris, 22 Oct 2009) - On October 14, 2009, the U.S. Securities and Exchange Commission (the “SEC”) proposed amendments to the proxy rules under the Securities Exchange Act of 1934 that are intended to provide additional flexibility for issuers and other soliciting persons on the content and format of the Notice of Internet Availability of Proxy Materials (the “Notice”). In an effort to improve the clarity of the Notice and to better educate shareholders about the notice and access model, the SEC has proposed a new rule allowing issuers and other soliciting persons to accompany the Notice with an explanation of the process of reviewing and receiving proxy materials and voting. In addition, SEC Release No. 34-60825 (the “Release”) provides guidance about the current requirement for the Notice to identify matters to be voted upon at the shareholders’ meeting. Furthermore, the SEC has proposed revisions to the Notice delivery deadlines for soliciting persons other than issuers…. http://www.duanemorris.com/alerts/SEC_Internet_Proxy_Materials_3452.html

MICROSOFT WANTS ISO SECURITY CERTIFICATION FOR ITS CLOUD SERVICES (ComputerWorld, 23 Oct 2009) - Microsoft Corp. wants to get its suite of hosted messaging and collaboration products certified to the ISO 27001 international information security standard in an effort to reassure customers about the security of its cloud computing services. The move comes at a time of broad and continuing doubts about the ability of cloud vendors in general to properly secure their services. Google Inc., which has made no secret of its ambitions in the cloud computing arena, is currently working on getting its services certified to the government’s Federal Information Security Management Act (FISMA) standards for much the same reason. It’s unclear how much value customers of either company will attach to the certifications, particularly because the specifications were not designed specifically to audit cloud computing environments. Even so, the external validation offered by the standards is likely to put both companies in a better position to sell to the U.S. government market. Speaking with Computerworld this week, Bill Billings, chief security officer of Microsoft Federal, said the company is currently in the process of putting Microsoft’s Business Productivity Online Suite through the ISO 27001 certification process. The hosted service includes Exchange Online, SharePoint Online, Office Live Meeting and Office Communications Online. Billings declined to say just when Microsoft hopes to achieve the certification. The goal is to offer customers, particularly those in the public sector, a higher level of confidence about Microsoft’s cloud services than FISMA certification alone provides, said Teresa Carlson, vice president of Microsoft Federal. “FISMA is outdated. It is largely a paper-based exercise. We want to take it up a notch” by getting ISO 27001 certification, Carlson said. At the same time, Microsoft is also working to get its cloud services certified to the standards prescribed under FISMA; it hopes to complete that task by the end of the year, Carlson said. http://www.computerworld.com/s/article/9139820/Microsoft_wants_ISO_security_certification_for_its_cloud_services?source=CTWNLE_nlt_dailyam_2009-10-23

OBAMA’S ETHICS COUNSEL FACES TOUGH CROWD AT ABA CONFERENCE (NLJ, 23 Oct 2009) - President Barack Obama’s special counsel for ethics and government regulation Thursday afternoon gave an American Bar Association crowd an insider’s perspective into the administration’s thought path as it first embarked on, and now continues to pursue, lobbying reform in Washington. But his remarks did not go unchallenged. Many thought Obama’s promise of reform was just empty campaign rhetoric, said Norman Eisen, but the president in fact has “a deeply held personal view that political systems are susceptible to special interests” and he “speaks of it often.” “The president will hold every government servant to the highest standard of fidelity to the public interest,” Eisen told a crowd of about 40 at the ABA Administrative Law Conference luncheon. “We think it is no accident that we have had one of the most scandal-free starts of any administration in modern history.” Still, critics like Thomas Susman, the ABA’s government affairs office director, who joked when introducing Eisen to the crowd that he was responsible for “vilifying and emasculating” lobbyists, questioned Eisen as to why, if indeed these regulations are intended for the public interest, no distinction is made between corporate lobbyists and those who lobby for public interest causes. Eisen responded by saying that the administration did consider parsing types of lobbying, but in the end, “felt that as a matter of principle, we needed to be consistent in that regulation to have credibility.” Sharing the stage Eisen and Susman, William Luneburg Jr., chair of the ABA’s administrative law and regulatory practice section, which sponsored the event, told Eisen that the definition of, “lobbyist,” should be more consistent because some who don’t register as lobbyists still fit the role and slip through the cracks into government positions. Eisen responded, saying: “We thought it would be too burdensome to establish another regulatory regime” and “we felt that as a matter of workability, that was just too tough.” An audience member also harangued Eisen for not consulting with lobbyists before undertaking reform. Eisen said that in fact the administration did, though only with those whose contribution would have had a valuable impact. The criticism didn’t stop at lunch. Immediately after Eisen’s remarks, a panel discussion assembled down the hall in the Walter E. Washington Convention Center. Panelist Nick Allard, of Patton Boggs, quipped that he was “shocked” to hear Obama’s “fig-leaf counsel” complain about lobbyists because shutting lobbyists out of government is forcing them to cut corners, including unregistering. “Right now it’s popular to make a show of turning lobbyists away from the front door while sending them around the back,” he said. “The dirty little secret is the wink-wink policy toward lobbying encourages people to do things the wrong way.” He urged the lobbying community to self-regulate and hold itself to a higher standard of conduct so the government wouldn’t feel the need to intrude. Melanie Sloan, Executive Director of Citizens for Responsibility and Ethics in Washington (a group that Eisen co-founded), contended that the administration wasn’t doing enough to take the money out of politics. She advocated publicly financed elections, but admitted it seems a political impossibility right now. But small measures, like restricting bundling or forcing disclosure in so-called “Astroturf” lobbying groups would help, she said. Finally, former U.S. Solicitor General and current Harvard Professor Charles Fried addressed the constitutional implications of shutting lobbyists out from government: He said there are none. “The constitutional issue about the Obama executive order that we keep hearing about seems to me a true nothing burger,” he said. “You have the right to petition, you don’t have the right to be heard.” http://www.law.com/jsp/article.jsp?id=1202434891673&rss=newswire&hbxlogin=1

OBAMA FAMILY PORTRAIT POSTED TO FLICKR (Mashable, 23 Oct 2009) - Much was made of Barack Obama’s use of social media in his successful 2008 Presidential campaign. Although it’s now been nearly a year since he was elected, the President and his team continue to make use of the tools that helped him land the job. The latest example: the official Obama family portrait, posted to Flickr on Thursday. The photo is part of the White House Flickr stream, which includes hundreds of sets from the President’s day-to-day engagements around the world. As with all photos posted to the stream, however, users should be aware of the restrictions placed on their use: “This official White House photograph is being made available only for publication by news organizations and/or for personal use printing by the subject(s) of the photograph. The photograph may not be manipulated in any way and may not be used in commercial or political materials, advertisements, emails, products, promotions that in any way suggests approval or endorsement of the President, the First Family, or the White House.” http://mashable.com/2009/10/23/obama-family-portrait/

MI5 COMES OUT AGAINST CUTTING OFF INTERNET PIRATES (The Times, 23 Oct 2009) - The police and intelligence services are calling on the Government to drop plans to disconnect persistent internet pirates because they fear that this would make it harder to track criminals online. Lord Mandelson, the Business Secretary, has vowed to use the Government’s forthcoming Digital Economy Bill to introduce new measures to fight illegal file-sharing of music and films. He has also proposed that persistent pirates should have their internet connections suspended temporarily. But The Times understands that both the security services and police are concerned about the plans, believing that threatening to cut off pirates will increase the likelihood that they will escape detection by turning to encryption. http://www.timesonline.co.uk/tol/news/uk/crime/article6885923.ece

PRIVACY COALITION SEEKS INVESTIGATION OF DHS CHIEF PRIVACY OFFICE (BeSpacific, 24 Oct 2009) - “EPIC joined the Privacy Coalition letter sent to the House Committee on Homeland Security urging them to investigate the Department of Homeland Security’s (DHS) Chief Privacy Office. DHS is unrivaled in its authority to develop and deploy new systems of surveillance. The letter cited DHS use of Fusion Center, Whole Body Imaging, funding of CCTV Surveillance, and Suspicionless Electronic Border Searches as examples of where the agency is eroding privacy protections.” http://www.bespacific.com/mt/archives/022652.html#022652

SOCIAL MEDIA AND ED. TECH. COMPANIES (InsideHigherEd, 26 Oct 2009) - Where social media make sense to me are as a method of exposing the fact that organizations are made up of people. I don’t want to read blog posts or Facebook status updates or tweets from Microsoft, Google, Blackboard, Adobe, Apple etc.... But I do want to hear from the people who work at these companies. Particularly the people who work in the education divisions of these companies. The NYTimes has now has a social media editor named Jennifer Preston. In an interview on NYTimes Tech Talk, Preston makes the point that NYTimes reporters can use social media to engage in two-way conversations with a highly motivated community. Part of her job is to encourage this conversation. I think the time has come for companies to bring in their own social media editors. I know some of the people who work in ed. tech companies that we do business with, but I don’t know nearly enough of you. Who are the education leaders, decision makers, program managers, developers, designers, and sales folks at Microsoft? (to pick on one). What do you guys care about? What is driving you crazy? What are you working on? What articles and blogs are you reading right now? What products and services do you use? How did you get into educational technology? What do you hope to leave as your legacy? http://www.insidehighered.com/blogs/technology_and_learning/social_media_and_ed_tech_companies

FBI: CYBER CROOKS STOLE $40M FROM U.S. SMALL, MID-SIZED FIRMS (Washington Post, 26 Oct 2009) - Cyber criminals have stolen at least $40 million from small to mid-sized companies across America in a sophisticated but increasingly common form of online banking fraud, the FBI said this week. According to the FBI and other fraud experts, the perpetrators have stuck to the same basic tactics in each attack. They steal the victim’s online banking credentials with the help of malicious software distributed through spam. The intruders then initiate a series of unauthorized bank transfers out of the company’s online account in sub-$10,000 chunks to avoid banks’ anti-money-laundering reporting requirements. From there, the funds are sent to so-called “money mules,” willing or unwitting individuals recruited over the Internet through work-at-home job scams. When the mules pull the cash out of their accounts, they are instructed to wire it (minus a small commission) via services such as MoneyGram and Western Union, typically to organized criminal groups operating in countries like Moldova, Russia and Ukraine. Steve Chabinsky, deputy assistant director of the FBI’s Cyber Division, said criminals involved in these online account takeovers have attempted to steal at least $85 million from mostly small and medium-sized businesses, and have successfully made off with about $40 million of that money. http://voices.washingtonpost.com/securityfix/2009/10/fbi_cyber_gangs_stole_40mi.html

STUDY: FACEBOOK, TWITTER USE AT WORK COSTS BIG BUCKS (ComputerWorld, 26 Oct 2009) - A U.K. firm today released a study showing that people who use Facebook, Twitter and other social networks while at work extract a heavy cost on their employers. Employees who use Twitter and other social networks in the office are costing U.K. businesses about 1.38 billion pounds, or more than $2.25 billion a year, according to London-based Morse PLC, an IT services and technology company. Morse surveyed 1,460 office workers and found that 57% browse social networking sites for personal use while in the office. Those workers use social networks an average of 40 minutes a day at work, which adds up to a lost week each year, the survey found. Morse, which commissioned research firm TNS Group to do the study, isn’t alone in its findings. In July, Nucleus Research, an IT research company in Boston, released a study showing that companies where users are free to access Facebook in the workplace lose an average of 1.5% in total employee productivity. The survey also showed that 77% of workers who have a personal Facebook account use it during work hours. Earlier this month, a study commissioned by Robert Half Technology, an IT staffing firm, showed that companies are starting to take on social networkers in their offices. This study found that 54% of U.S. companies had banned office use of social networking sites like Twitter, Facebook, LinkedIn and MySpace while on the job. http://www.computerworld.com/s/article/9139902/Study_Facebook_Twitter_use_at_work_costs_big_bucks?source=CTWNLE_nlt_pm_2009-10-26

IN INDUSTRY FIRST, VOTING MACHINE COMPANY TO PUBLISH SOURCE CODE (Wired, 27 Oct 2009) - Sequoia Voting Systems plans to publicly release the source code for its new optical scan voting system, the company announced Tuesday — a remarkable reversal for a voting machine maker long criticized for resisting public examination of its proprietary systems. The company’s new public source optical-scan voting system, called Frontier Election System, will be submitted for federal certification and testing in the first quarter of next year. The code will be released for public review in November, the company said, on its web site. Sequoia’s proprietary, closed systems are currently used in 16 states and the District of Columbia. The announcement comes five days after a non-profit foundation announced the release of its open-source election software for public review. Sequoia spokeswoman Michelle Shafer says the timing of its release is unrelated to the foundation’s announcement. In the press release announcing the public-source system, a Sequoia vice president is quoted saying that “Security through obfuscation and secrecy is not security.” “Fully disclosed source code is the path to true transparency and confidence in the voting process for all involved,” said Eric Coomer, vice president of research and product development for Sequoia, in the press release. “Sequoia is proud to be the leader in providing the first publicly disclosed source code for a complete end-to-end election system from a leading supplier of voting systems and software.” Sequoia in fact has been a champion of security through obscurity since it’s been selling voting systems. The company has long had a reputation for vigorously fighting any efforts by academics, voting activists and others to examine the source code in its proprietary systems, and even threatened to sue Princeton University computer scientists if they disclosed anything learned from a court-ordered review of its software. http://www.wired.com/threatlevel/2009/10/sequoia/

LEARNING BY DEGREES (Harvard Magazine, Nov/Dec 2009) - the image is grim: “binge and purge” learning. It’s what students do when they cram for a test: consume subject matter in a large lump (binge) and then spit it back on the exam (purge). This mode of study doesn’t seem to produce durable learning. During the past four years, associate professor of surgery B. Price Kerfoot, M.D. ‘96, Ed.M. ‘00, has developed a scheme that’s more like grazing: “spaced education.” More than 10 rigorous studies on medical students and residents using randomized trials have shown its efficacy: it can increase knowledge by up to 50 percent, and strengthen retention for up to two years. Furthermore, students report enjoying spaced education; its website (www.spaceded.com) even calls it “addictive.” The website offers, online, the first courses structured in this mode. (Harvard has applied for a patent on the technology, and already licenses it to an Internet start-up company, SpacedEd.) The methodology, which Kerfoot, a urological surgeon, invented, breaks information down into discrete packages and then applies two learning principles that he gleaned from the psychological literature on learning and memory. The first principle is the spacing effect—”When you present and repeat information over intervals of time [as opposed to “binges”], you can increase the uptake of knowledge,” he explains. “And it’s encoded in ways that cause it to be preferentially retained.” The second principle is the testing effect: “When you present information in a ‘test’ format, rather than just reading it, long-term retention is dramatically improved.” http://harvardmagazine.com/2009/11/spaced-education-boosts-learning

ACC TO GCS: ELIMINATE SOFTWARE COSTS (Law.com, 27 Oct 2009) - In a market where in-house legal teams must control cost, many are seeking to eliminate it completely, at least with respect to their technology budgets. Despite its placement on the last day of the Association of Corporate Counsel’s annual conference this month, the “InExpensive/Free Applications for Your Law Department” session captivated an audience of more than 100 people for over an hour. Mark Donald, associate general counsel of Baltimore-based Vertis Communications, offered attendees a variety of ideas for leveraging open-source technology to streamline operations and eliminate unnecessary expenses. For example, he encouraged audience members seeking a full-feature, Web-based enterprise document management system to consider the open-source version of KnowledgeTree or the community edition of Alfresco. He similarly recommended that those interested in designing workflow use ProcessMaker and directed audience members to the company’s YouTube channel to see Processmaker in action. Eager to experiment with ProcessMaker “to interface with the sales effort to prepare contracts,” Atlanta-based Polysius Corp. GC Lori Ann Haydu attended this particular session because “I wanted to see how we could do more with less.” That was certainly a theme and Donald provided his peers with options for addressing routine activities with free tools like Open Office, an open-source suite of products for word processing, spreadsheets, presentations and other functions, noting that the program provides “baseline Microsoft Office compatibility and supports redlining very well in instances where one may need to quickly review a document on a computer without Microsoft Word.” And the creation of PDF documents using open-source Cute PDF Writer intrigued audience members. The discussion of PDF Creator, a program that enables users to create and manipulate PDF documents, generated enthusiastic questions from the audience, although the program is not exactly free (a one-year license costs $29.95). Co-presenter Joel Green, GC of Beverly, Mass.-based Altova, offered Web-based resources for finding answers to specific issues, documents and general guidance. He encouraged use of the ACC’s various listservs. In addition, he recommended regional and local meetings of in-house counsel, Legal OnRamp and ABA resources. However, he alerted attendees: “Your competitors or outside counsel may be on those boards as well” and advised them to be circumspect. Green also instructed audience members to read blogs, including The Wall Street Journal’s Law Blog, Patently-O and others written by law firms, including Sheppard Mullin’s blog on government contracts. “Blogs can be useful because they do provide valuable information on a variety of topics.” Another law firm resource included Wilson Sonsini Goodrich & Rosati’s Term Sheet Generator. http://www.law.com/jsp/article.jsp?id=1202434943463&rss=newswire

SURVEY: FEW COMPANIES ADDRESSING CYBERTERRORISM (CNET, 28 Oct 2009) - Cyberterrorism is on the rise around the world. But only one-third of companies are tackling it in their disaster recovery plans, says a survey released Tuesday by data center association AFCOM. Although the majority (60.9 percent) of companies questioned see cyberterrorism as a threat to be addressed, “AFCOM’s 2009/2010 Data Center Trends” survey found that only 24.8 percent have adopted it in their policies and procedures manuals. Further, only 19.7 percent provide cyberterrorism training to their employees. Around 82 percent do run background checks on new hires. But that still leaves almost 20 percent of all data centers that don’t perform security checks on new employees, even those working directly with personal, financial, and even military records, noted AFCOM. The U.S. power grid has been especially vulnerable as utility companies rely more on network-based smart-grid technology to manage it. A Wall Street Journal report said spies from Russia and China have already hacked into the grid, leaving behind traces of their activity. In an interview with “60 Minutes” in April, Defense Secretary Robert Gates said that the U.S. is “under cyberattack virtually all the time, every day.” Beyond the AFCOM survey, other reports have also noted flaws among organizations in their approach toward cyberterrorism. http://news.cnet.com/8301-1009_3-10385230-83.html

EDUCAUSE CORE DATA SERVICE FISCAL YEAR 2008 SUMMARY REPORT (Educause, 28 Oct 2009) - EDUCAUSE Core Data Service Fiscal Year 2008 Summary Report summarizes much of the data collected through the 2008 EDUCAUSE core data survey about campus information technology (IT) environments at colleges and universities in the U.S. and abroad. The report presents aggregated data and time trends through more than 100 figures and tables and accompanying descriptive text in five areas relevant to planning and managing IT in higher education: IT Organization, Staffing, and Planning; IT Financing and Management; Faculty and Student Computing; Networking and Security; and Information Systems. Appendices include a brief historical context, a list of participating campuses, the 2008 survey instrument, a glossary of terms from the survey, and a crosswalk between survey questions and figures and tables in the report. http://net.educause.edu/coredata/reports/2008/index.asp?bhcp=1 Report here: http://net.educause.edu/ir/library/pdf/PUB8006.pdf

CT RULES FACEBOOK TERMS CLAIMING OWNERSHIP OF USER INFO DID NOT DESTROY CDA PROTECTIONS (BNA’s Internet Law News, 29 Oct 2009) - BNA’s Electronic Commerce & Law Report reports that the New York Supreme Court, New York County has ruled that as an interactive computer service, Facebook was immune to defamation claims arising from content posted by its users, regardless of what its terms of service said about it owning user-generated data posted there. Judge Debra A. James said that data ownership does not factor into the analysis of whether an online service qualifies for protections granted to interactive computer services under the Communications Decency Act. Case name is Finkel v. Facebook Inc.

LAWYERESE GOES GALACTIC AS CONTRACTS TRY TO MASTER THE UNIVERSE (WSJ, 29 Oct 2009) - Decked out in sequined black and gold dresses, Anne Harrison and the other women in her Bulgarian folk-singing group were lined up to try out for NBC’s “America’s Got Talent” TV show when they noticed peculiar wording in the release papers they were asked to sign. Any of their actions that day last February, the contract said, could be “edited, in all media, throughout the universe, in perpetuity.” She and the other singers, many of whom are librarians in the Washington, D.C., area, briefly contemplated whether they should give away the rights to hurtling their images and voices across the galaxies forever. Then, like thousands of other contestants, they signed their names. Ms. Harrison figured the lawyers for the show were trying to hammer home the point that contestants have no rights to their performances, “but I think they’re just lazy and don’t want to write a real contract,” she says. Lawyers for years have added language to some contracts that stretches beyond the Earth’s atmosphere. But more and more people are encountering such everywhere-and-forever language as entertainment companies tap into amateur talent and try to anticipate every possible future stream of revenue. Experts in contract drafting say lawyers are trying to ensure that with the proliferation of new outlets -- including mobile-phone screens, Twitter, online video sites and the like -- they cover all possible venues from which their clients can derive income, even those in outer space. FremantleMedia, one of the producers of NBC’s “America’s Got Talent,” declined to comment on its contracts. The space and time continuum has extended to other realms outside the arts, including pickles. A 189-word sentence in a September agreement between Denver-based Spicy Pickle Franchising Inc. and investment bank Midtown Partners & Co. -- which has helped raise capital for the sandwich and pickle shops dotted across the region -- unconditionally releases Spicy Pickle from all claims “from the beginning of time” until the date of the agreement. “We’re trying to figure out how to cover every possible base as quickly as possible,” says Marc Geman, chief executive officer of Spicy Pickle. “When you start at the beginning of time, that is pretty clear.” As for the wordy language, he says, “the length of the paragraph is only limited by the creativity of the attorney.” [Doesn’t he have this inverted? Creative lawyers write concisely.] http://online.wsj.com/article/SB125658217507308619.html

JUDGE RULES METADATA IS PUBLIC RECORD (ArsTechnica, 29 Oct 2009) - The Arizona state Supreme Court has ruled that the metadata attached to public records is itself public, and cannot be withheld in response to a public records request. In the Arizona case, a police officer had been demoted in 2006 after reporting “serious police misconduct” to his superiors. He suspected that the demotion was done in retaliation for his blowing the whistle on his fellow officers, so he requested and obtained copies of his performance reports from the department. Thinking that perhaps the negative performance reports had been created after the fact and then backdated, he then demanded access to the file metadata for those reports, in order to find out who had written them and when. The department refused to grant him access to the metadata, and the matter went to court. After working its way through the court system in a series of rulings and appeals, this past January an Arizona appeals ruled that even though the reports themselves were public records, the metadata was not. It turned out that Arizona state law doesn’t actually define “public record” anywhere, so the appeals court relied on various common law definitions to determine that the metadata, as a mere byproduct of the act of producing a public record on a computer, was not a public record itself. The case was then appealed to the Arizona state Supreme Court, which has now ruled that the metadata is, in fact, a public record just like the document that it’s attached to. http://arstechnica.com/tech-policy/news/2009/10/lobbyists-beware-arizona-rules-metadata-is-public-record.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss and http://www.law.com/jsp/article.jsp?id=1202435052835&rss=newswire

- and -

PA BAR COMMITTEE EXAMINES METADATA (Sup. Ct. Penn, Oct 2009) - The Committee on Legal Ethics and Professional Responsibility has addressed the issue of lawyer’s responsibilities regarding metadata in Formal Opinion 2009-100, “Ethical Obligations on the Transmission and Receipt of Metadata.” Formal Opinion 2009-100 addresses the responsibilities of both sending and receiving lawyers. The opinion puts particular emphasis on the duties of the sending lawyer to take reasonably diligent steps to prevent the transmission of potentially confidential information. This duty is grounded in Rules 1.1 (Competence) and 1.6 (Confidentiality) of the Rules of Professional Conduct. Comment 4 to Rule 1.6 states, “This prohibition also applies to disclosures by a lawyer that do not in themselves reveal protected information but could reasonably lead to the discovery of such information by a third person.” http://www.padisciplinaryboard.org/newsletters/index.php#story3 Opinion 2009-100 here: http://www.padisciplinaryboard.org/newsletters/2009/pdfs/f2009-100.pdf [Thanks to MIRLN reader Tom Laudise at RCG Information Technology for spotting this story.]

- and -

WANT TO UPDATE YOUR AVVO LISTING? IF SO, START POLICING CLIENT COMMENTS, OPINION SAYS (ABA Journal, 28 Oct 2009) - South Carolina lawyers tempted to update their listings on websites such as LinkedIn and Avvo should consider a new ethics opinion by the state bar’s Ethics Advisory Committee. The advisory opinion says lawyers who “claim” the website listing by clicking on an “update this listing” link or otherwise adopting the posted information must make sure the material conforms with ethics rules—even information that is posted by others, including clients. The opinion says websites such as Martindale-Hubbell, SuperLawyers, LinkedIn and Avvo may post informational listings about lawyers without their knowledge or consent. Once a lawyer participates in the listing, the rules change. “By claiming a website listing, a lawyer takes responsibility for its content and is then ethically required to conform the listing to all applicable rules,” the opinion says. “The language employed by the website for claiming a listing is irrelevant. (Martindale.com, for example, uses an ‘update this listing’ link for lawyers to claim their listings). Regardless of the terminology, by requesting access to and updating any website listing (beyond merely making corrections to directory information), a lawyer assumes responsibility for the content of the listing.” The content must not be false, misleading, deceptive or unfair, the opinion says. Client testimonials, barred by state ethics rules, should not be solicited or allowed. More general recommendations or statements of approval—client endorsements—may be allowed if they aren’t misleading and don’t create unjustified expectations. “If any part of the listing cannot be conformed to the rules (e.g., if an improper comment cannot be removed), the lawyer should remove his or her entire listing and discontinue participation in the service,” the opinion counsels. Mercer University law professor David Hricik noted the opinion at the blog Legal Ethics Forum. “Frankly, this one baffles me,” Hricik wrote. “I can understand why you can’t ask someone to say something about you that you can’t yourself say, … but am I really under an obligation to make sure nonclients comply with the lawyer advertising rules? Stay tuned, but in the meanwhile, you South Carolina lawyers better go read your various listings, I suppose including Facebook!” http://www.abajournal.com/news/want_to_update_your_avvo_listing_if_so_start_policing_client_comments_opini

EU SENDS CONFLICTING MESSAGES ON KEYWORD ADVERTISING (Steptoe & Johnson’s E-Commerce Law Week, 29 Oct 2009) - Two legal opinions in the European Union have reached conflicting conclusions about whether the use of trademarked terms in keyword advertising constitutes trademark infringement. The Paris Tribunal de Grande Instance (TGI) found eBay, Inc., and eBay International AG liable for “counterfeiting” the trademarks of four LVMH Moët Hennessy Louis Vuitton, S.A. (“LVMH”) subsidiaries by purchasing those companies’ trademarked phrases to use as keywords on search engines to draw users to eBay’s auction site. But a few days after the TGI ruling, an Advocate General (AG) of the European Court of Justice (ECJ) issued an advisory opinion in a similar case LVMH had brought in France against Google, Inc., and Google France regarding Google’s AdWords program. The AG opined that Google had not committed trademark infringement by selling trademarked terms as keywords to websites selling counterfeit products, and also that Google should not be considered a “contributory” infringer for facilitating third-party infringement. The AG also stated that advertisers do not infringe trademarks by purchasing those marks as keywords. Should the ECJ follow the advisory opinion, its ruling would likely contradict the TGI ruling against eBay and give eBay strong arguments in its appeal of that ruling. More broadly, the conflicting opinions highlight the opposing views that exist globally on how to regard use of trademarked terms as keywords. http://www.steptoe.com/publications-6433.html

AMAZON LETS SHOPPERS PAY WITH A PHRASE (CNET, 29 Oct 2009) - A simple phrase and pin code may be all you need the next time you pay for that book or CD at Amazon. The online retailer on Thursday debuted a new feature called Amazon PayPhrase, designed to let busy shoppers store their name, address, and payment information in a single phrase and pin code. Instead of entering all that data at the online checkout counter, you type your phrase and pin number when it’s time to cough up the cash. PayPhrase doesn’t just work at Amazon--it can be used at any online retailer that lets you pay via Amazon Payments. That covers a range of cyberstores, including Buy.com, J&R Electronics, DKNY, and Car Toys. PayPhrase also omits the need for a user name and password to store your personal info on every shopping site that uses Amazon Payments. However, you will need an Amazon.com account to set up and maintain your phrase. Amazon sees PayPhrase as a benefit to consumers trying to juggle different accounts at different retail sites. “PayPhrase solves the headache of trying to keep track of all the different user names and passwords people use to shop on various sites across the Web,” said Matt Williams, general manager of Amazon PayPhrase, in a statement. “With PayPhrase all you need is one phrase and one PIN to pay online.” http://news.cnet.com/8301-10797_3-10386056-235.html 30-second video explanation: http://www.amazon.com/gp/mpd/permalink/m1L3CVL0TEWNNT

DOES CLOUD COMPUTING NEED MALPRACTICE SAFEGUARDS? (CNET, 1 Nov 2009) - Recent failures to protect consumer data stored on the Internet (aka “the cloud”) point to an alarming gap between the value of that data and the care with which some vendors treat that data. Microsoft subsidiary Danger failed to put in even adequate safeguards for its customers’ data. Amazon Web Services failed to discover an obvious problem that kept a loyal customer down for 20 hours. The truth is that cloud computing means that now, more than ever, IT operations is a profession that has a very real economic and quality-of-life effect on its consumers--in very many ways much like health care or the law. I think it’s time we hold ourselves as individual and organizations to similar standards that we expect from doctors, lawyers, and law enforcement. Our ethics must reflect an understanding of the responsibility we are being granted by the rest of society. The instances above are examples of companies failing to follow well-known professional protocols, or putting the needs of the business ahead of the needs of the client. Heck, look at just about any cloud operator’s terms of service, and you see paragraph after paragraph of text that basically states, “If something goes wrong, you can’t blame us.” I think its time to change this attitude. I see a couple of options: http://news.cnet.com/8301-19413_3-10387879-240.html?part=rss&subj=news&tag=2547-1_3-0-5

LAWYERS IN DISCOVERY SCANDAL SAY QUALCOMM LIED (Law.com, 3 Nov 2009) - Lawyers in the Qualcomm discovery scandal claim that the company misled and stonewalled them, ultimately leading to the failure to turn over a mountain of relevant evidence and harsh sanctions from the court. The allegations were made in briefs filed Monday by lawyers from the now-defunct Day Casebeer Batchelder & Madrid, who for the first time are telling their side of what has become the most infamous discovery fiasco in recent times. Qualcomm Inc. was sanctioned by San Diego Magistrate Judge Barbara Major in January 2008 for intentionally withholding “tens of thousands of e-mails” in an infringement case against Broadcom Corp. involving video compression technology patents. The company’s lawyers -- six from Day Casebeer and one from Heller Ehrman -- were also sanctioned for assisting “Qualcomm in committing this incredible discovery violation,” either knowingly or recklessly, Major wrote at the time. The sanctions were later lifted while the lawyers got a chance to defend themselves. The lawyers argue they shouldn’t be penalized -- they were misled by their client. The Day Casebeer lawyers claim that they repeatedly prodded Qualcomm about whether the company had participated in industry meetings at which video compression standards were discussed. The upshot being that if the company had, then Qualcomm may have had no rights to enforce its patents against Broadcom. “Qualcomm’s failure to disclose was not limited to two or three people: Numerous individuals, including engineers in Qualcomm’s Digital Cinema group, managers of Qualcomm’s Standardization Group, and even attorneys in Qualcomm’s legal department, received inquiries from responding attorneys or Qualcomm paralegals about JVT participation and related subjects, but failed to provide critical information they had,” wrote Joel Zeldin, the Shartsis Friese partner who represents three of the Day Casebeer lawyers: partners James Batchelder and Christian Mammen and associate Kevin Leung. H. Sinclair Kerr Jr., a Kerr & Wagstaffe lawyer for former Day Casebeer lawyer Lee Patch, put it more succinctly. “Mr. Patch asked the right people the right questions at the right time and got wrong -- no, false -- answers.” http://www.law.com/jsp/article.jsp?id=1202435137932&rss=newswire&hbxlogin=1

ATTORNEY-CLIENT PRIVILEGE IN WORK E-MAILS (Law.com, 5 Nov 2009) - There are now several decisions determining whether employees can retain attorney-client privilege for e-mails sent to their lawyers using their employer-provided e-mail addresses and computers -- reaching apparently inconsistent conclusions. This article compares and seeks to reconcile the cases, and to assist lawyers in advising clients on how to avoid the risks that such communications pose. The first of these cases, Scott v. Beth Israel Medical Center Inc., 2007 WL 3053351 (N.Y. Sup. Oct. 17, 2007), was previously featured in an article in this column (“Abusive Litigation Tactics and Loss of Privilege,” March 3, 2008), but is revisited here because a New Jersey court recently reached a diametrically opposite conclusion on quite similar facts, in Stengart v. Loving Care Agency Inc., 973 A.2d 390 (N.J. Super. A.D. July 29, 2009). The article also reviews other recent decisions in the same general subject area. http://www.law.com/jsp/article.jsp?id=1202435191463&rss=newswire

JUDGE SPANKS LAWYER FOR LEAKING PERSONAL DETAILS IN BRIEF (The Register, 5 Nov 2009) - A judge has chastised a lawyer for including the social security numbers and birthdays of 179 individuals in an electronic court brief, ordering him to pay a $5,000 sanction and provide credit monitoring. US District Judge Michael J. Davis said he was meting out the penalty under his “inherent power,” meaning no one in the court case had filed a motion requesting he do so. In an order issued late last month, he said the move was designed to prevent attorney Vincent J. Moccio from repeating the carelessness again. “The court is deeply concerned with the harmful and widespread ramifications associated with negligent and inattentive electronic filing of court documents,” he wrote. “Although electronic filing significantly improves the efficiency and accessibility of our court system, it also elevates the likelihood of identity theft and damage to personal privacy when lawyers fail to follow federal and local rules.” Davis ordered Moccio to send the individuals a letter informing them that their private information had been made public and that unless they objected within seven days, they would automatically begin receiving a year’s worth of credit monitoring services free of charge. He also ordered the attorney to pay $5,000 to a Saint Paul, Minnesota, food bank. http://www.theregister.co.uk/2009/11/05/judge_sanctions_attorney/

**** PODCASTS ****
I BOUGHT THE LAW (Harvard’s Berkman Center, 4 Sept 2009) - Steve Schultze is a busy fellow. He is a fellow at the Berkman Center for Internet and Society. He recently joined the Princeton Center for Information Technology Policy as Associate Director. He also is one of the developers behind RECAP – an ambitious and provocative project that seeks to bring publicly available digital court records out from behind a costly paywall. [Interesting 22 minute podcast, delving into the technology and legal issues of PACER’s semi-controversial RECAP pug-in. Original story in MIRNL 12.12 here; related working paper by Schultze here.] http://blogs.law.harvard.edu/mediaberkman/2009/09/04/radio-berkman-129-i-bought-the-law/

LAWYER2LAWYER: E-MAIL AND THE 4TH AMENDMENT (Robert Ambrogi’s LawSites, 5 Nov 2009) - Does the Fourth Amendment’s protection against unreasonable searches and seizures extend to e-mail and data stored in “the cloud”? Surprisingly, the question remains unsettled in the courts. On this week’s legal-affairs podcast Lawyer2Lawyer, we discuss the extent to which e-mail and other online data are protected in both the criminal and civil contexts. Joining us are two experts on the topic: Orin S. Kerr, professor of criminal law at the George Washington University Law School and author of a number of law review articles on the application of the Fourth Amendment to Internet and computer data. Jason Paroff, director of computer forensics operations with the ESI Consulting practice at Kroll Ontrack. http://www.legaline.com/2009/11/lawyer2lawyer-e-mail-and-4th-amendment.html

**** RESOURCES ****
RECORD AND POST WEBCAM INTERVIEWS Wetoku, a Korean startup, has launched the public beta phase of its offering, so you and I can use it. Actually, you and I can use it together, that’s the point: Wetoku lets you record a webcam conversation and post the resulting video, with the two webcam images side by side, on your blog (it may only work with WordPress, at least for now). http://archive.constantcontact.com/fs092/1102594616158/archive/1102654849540.html

- and -

SOCIAL SEARCH (CeBe, 2 Nov 2009) - Aardvark is an experiment in social search: instead of asking a system to search through Web pages or documents, you ask the community, and an automated broker routes the search to people whose profile suggests that they may have an answer. The novelty of Aardvark is that you interact with it via instant messaging. So it pops up like a chatty friend (but you can define the frequency) and tells you, “Jane in Sacramento is asking: ...” and you reply in IM. You can pass, refer the question to someone else, etc. One interesting social aspect is whether people will give honest answers, or admit it when they don’t know. If you get ten replies, you can sort the wheat from the chaff, but if you receive just one, how do you know that you can trust it? Another question is whether we really need one more stream of interruptions... http://archive.constantcontact.com/fs092/1102594616158/archive/1102654849540.html

SHEPARDIZE? THERE’S AN APP FOR THAT (Robert Ambrogi’s LawSites, 5 Nov 2009) - It’s true. LexisNexis today announced the release of its application for the iPhone. It is called “Get Cases and Shepardize” and it lets you, well, get cases and Shepardize them simply by entering a citation. The good news is that the app is free to download from Apple’s iTunes store. The bad news is that you will need a LexisNexis subscription to use the app. http://www.legaline.com/2009/11/shepardize-theres-app-for-that.html

**** FUN ****
FAKE AP STYLEBOOK STEERS YOU COMPLETELY WRONG — WITH STYLE (Wired, 22 Oct 2009) - Like many proper news organizations, we at Wired.com use the venerable Associated Press Stylebook as an arbiter to determine whether we write “one” or “1″ or whether it’s “Calif.” or “CA.” But the trouble with venerable is that it gets old and boring. So we were delighted to learn of a disruptive newcomer to the writing style game. And the best part is that it’s on Twitter. The Fake AP Stylebook (I can just see the AP lawyers falling out of their Aero chairs) tells us that we should “Precede basic statements of fact with ‘allegedly’ to avoid accusations of bias: ‘the allegedly wet water,’ ‘the allegedly poisonous poison’” — well, that rule tracks pretty good (or is it “well?”) with that other style guide. But I bet you didn’t know that, “If you start a sentence with an action, place the actor immediately after or you will anger Christian Bale.” Or that “‘f***head’ should only be capitalized at the start of sentence. When referring to a talk radio host it is hyphenated.” The guide is very current, too. For example, be sure that you “Refer to him as ‘President Obama’ when he first appears in an article, ‘Soul Brother Number 1’ in subsequent mentions.” Other important rules:
• “Use the quintuple vowel to transcribe the utterances of small children, ‘Daaaaaddy, I waaaant a Pooooony!’”
• “The plural of Blackberry is ‘Blackberries.’ The plural of Blackberry users is “Dingleberries.’”
• “If you do not have an interviewees’ full title, use their most defining physical trait (e.g. ‘Alan Hayes, fat guy, said…’)”
• “Avoid using the letter ‘G’ as it is unlucky.”
Actually, knowing when to use words or numerals to describe numbers is one of the most vexing rules in professional journalism writing. The AP Stylebook instructs good writers to spell out one through nine, and to use numerals from 10 on. But from now on we’re following this fantastic bit of advice: “The numbers one through ten should be spelled out while numbers greater than ten are products of the Illuminati and should be avoided.” http://www.wired.com/epicenter/2009/10/fake-ap-style-book/ Related: http://www.abajournal.com/weekly/justice_scalia_delivers_lesson_on_word_usage

PSYCHIC SPIES, ACID GUINEA PIGS, NEW AGE SOLDIERS: THE TRUE MEN WHO STARE AT GOATS (DangerRoom, 6 Nov 2009) - “More of this is true than you would believe,” we’re told, just a few minutes into the movie version of The Men Who Stare At Goats, which opens today. But how many of the film’s outlandish military research projects really happened? Turns out there’s plenty of material in the movie which sticks quite close to the truth — though reality is a bit more complicated. (Warning: minor spoilers ahead.) http://www.wired.com/dangerroom/2009/11/psychic-spies-acid-guinea-pigs-new-age-gis-the-true-men-who-stare-at-goats/

**** LOOKING BACK ****
BORDERS TRIES ON-DEMAND PRINTING (WSJ, 1 June 1999) - In a deal aimed to deflate Web-based competitors Amazon.com and BarnesandNoble.com, Borders Group is planning to offer on-demand printing of out-of-print or obscure titles that it otherwise would not carry. The deal includes an investment in Atlanta startup Sprout Inc., and eventually will enable Borders stores to print high-quality paperbacks in the store in about 15 minutes. “Making a book will be no more difficult than making a latte at Starbucks,” says Sprout co-founder Henry Topping. When a customer wants a book that’s not in stock, Borders employees will be able to check Sprout’s database of titles licensed from publishers. If the title is available, they can download a digital file of the book from Sprout’s central server, and use in-store equipment to print and bind the book. Print-on-demand “is another way for a Borders or Barnes & Noble to take advantage of retail-store assets rather than let Amazon.com eviscerate them,” says a Forrester Research analyst. (Wall Street Journal 1 Jun 99) http:wsj.com/ http://scout.wisc.edu/Projects/PastProjects/net-news/99-06/99-06-01/0007.html

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln.

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. BNA’s Internet Law News, http://ecommercecenter.bna.com.
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
7. McGuire Wood’s Technology & Business Articles of Note,
8. Steptoe & Johnson’s E-Commerce Law Week,
9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/.
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: