Saturday, December 19, 2009

MIRLN --- 29 November – 19 December 2009 (v12.17)

• Cyber breaches are a closely kept secret
• Obama Wants Computer Privacy Ruling Overturned
• Facebook’s Claim of Ownership of Posted Content Does Not Destroy CDA Immunity
• EFF sues feds for info on social-network surveillance
• Protecting Trademarks In Web 2.0
• Many More Government Records Compromised in 2009 than Year Ago, Report Claims
• My K-12 Blind Spot
• Google allows publishers to limit free content
• Web ad group launches privacy education campaign
• Google Wants to Speed Up the Web: Launches Its Own DNS Service
o Redirecting DNS Requests Can Harm the Internet, Says ICANN
• Risk Avoidance May Explain Why Big Firm Blogs Are Boring, Blogger Says
• Yahoo Issues Takedown Notice for Spying Price List
• Law profs say e-marriages expand couple’s rights
• Local Governments Offer Data to Software Tinkerers
• With Lure of Cash, M.I.T. Group Builds a Balloon-Finding Team to Take Pentagon Prize
• See That Funny 2D Barcode In The Store Window? It Might Pull Up A Google Listing
• New Smithsonian Collection Search
• Florida: Judges Cannot be Facebook Friends with Litigants
• TSA accidentally reveals airport security secrets
• France to Digitize Its Own Literary Works
• Amazon Auctions Cloud Computation
• Court Finds Personal E-Mail Privileged Even if Sent From Work
o Supreme Court to Review Employer Access to Worker Text Messages
o Prosecutor’s E-Mail Sent to His Lawyer on a Work Account is Privileged, Court Says
• Free App Offers iPhone CLE Courses With Built-In Verification
• Ohio justices: Cell phone searches require warrant
• App of the Week: Google’s Eyes on the Ground
o Privacy fears force search giant to block facial recognition application on Google Goggles
• Not Just Drones: Militants Can Snoop on Most U.S. Warplanes
• EU Data Protection Meets U.S. Discovery


Cyber breaches are a closely kept secret (Reuters, 24 Nov 2009) - Cybercriminals regularly breach computer security systems, stealing millions of dollars and credit card numbers in cases that companies keep secret, said the FBI’s top Internet crimes investigator on Tuesday. For every break-in like the highly publicized attacks against TJX Co (TJX.N) and Heartland Payment (HPY.N), where hacker rings stole millions of credit card numbers, there are many more that never make the news. “Of the thousands of cases that we’ve investigated, the public knows about a handful,” said Shawn Henry, assistant director for the Federal Bureau of Investigation’s Cyber Division. “There are million-dollar cases that nobody knows about.” Companies that are victims of cybercrime are reluctant to come forward out of fear the publicity will hurt their reputations, scare away customers and hurt profits. Sometimes they don’t report the crimes to the FBI at all. In other cases they wait so long that it is tough to track down evidence. “Keeping your head in the sand on filing a report means that the bad guys are out there hitting the next guy, and the next guy after that,” Henry said. He said the cybercrime problem has gotten bigger over the past three years because hackers have changed their attack methods as companies have tightened up security. “It’s absolutely gotten bigger, yes, absolutely,” he said.

Obama Wants Computer Privacy Ruling Overturned (Wired, 25 Nov 2009) - The Obama administration is seeking to reverse a federal appeals court decision that dramatically narrows the government’s search-and-seizure powers in the digital age. Solicitor General Elena Kagan and Justice Department officials are asking the 9th U.S. Circuit Court of Appeals to reconsider its August ruling that federal prosecutors went too far when seizing 104 professional baseball players’ drug results when they had a warrant for just 10. The 9th U.S. Circuit Court of Appeals’ 9-2 decision offered Miranda-style guidelines to prosecutors and judges on how to protect Fourth Amendment privacy rights while conducting computer searches. Kagan, appointed solicitor general by President Barack Obama, joined several U.S. attorneys in telling the San Francisco-based court Monday that the guidelines are complicating federal prosecutions in the West. The circuit, the nation’s largest, covers nine states: Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Oregon and Washington. “In some districts, computer searches have ground to a complete halt,” the authorities wrote. “Many United States Attorney’s Offices have been chilled from seeking any new warrants to search computers.” (.pdf) The government is asking the court to review the case with all of its 27 judges, which it has never done. If the court agrees to a rehearing, a new decision is not expected for years, and the August decision would be set aside pending a new ruling. Either way, the U.S. Supreme Court has the final say. The controversial decision, which the government said was contrary to Supreme Court precedent, outlined new rules on how the government may search computers. (.pdf)

Facebook’s Claim of Ownership of Posted Content Does Not Destroy CDA Immunity (Winston & Strawn, 30 Nov 2009) - The New York Supreme Court recently granted Facebook, Inc.’s motion to dismiss a pending defamation action because the court concluded that Facebook was immune from liability under the Communications Decency Act (“CDA”) as an interactive computer service. The plaintiff had alleged that four of her high school classmates created a Facebook group in which her classmates posted defamatory statements regarding the plaintiff. After Facebook moved to dismiss the case based upon CDA immunity, the plaintiff argued that because Facebook’s Terms of Use grant Facebook an ownership interest in the alleged defamatory content, CDA immunity is unavailable to Facebook. The court disagreed and concluded that ownership of posted content is irrelevant to a determination of whether CDA immunity should apply. The court held that as long as the defendant is an interactive computer service and the allegedly defamatory content is provided by a third party, the defendant is immune from liability under the CDA.

EFF sues feds for info on social-network surveillance (CNET, 1 Dec 2009) - The Electronic Frontier Foundation sued the CIA, the U.S. Department of Defense, Department of Justice, and three other government agencies on Tuesday for allegedly refusing to release information about how they are using social networks in surveillance and investigations. The nonprofit Internet rights watchdog group formally asked more than a dozen agencies or departments in early October to provide records about federal guidelines on the use of sites like Facebook, Twitter, and Flickr for investigative or data gathering purposes, according to the lawsuit. The requests were prompted by published news reports about how authorities are using social networks to monitor citizen activities and aid in investigations. For example, according to the lawsuit, government officials have: used Facebook to hunt for fugitives and search for evidence of underage drinking; researched the activities of an activist on Facebook and LinkedIn; watched YouTube to identify riot suspects; searched the home of a social worker because of Twitter messages regarding police actions he sent during the G-20 summit; and used fake identities to trick Facebook users into accepting friend requests.

Protecting Trademarks In Web 2.0 (, 1 Dec 2009) - During the past decade and a half, the internet has grown from a small array of just a few thousand websites to a vast network of hundreds of millions of distinct sites, containing billions of web pages. Although the internet has presented a new frontier for both trademark use and infringement, the growth of social media sites during the past few years has posed particular challenges for brand owners. These sites, which include blogs, virtual worlds, marketplaces, image networks and relative newcomers such as Facebook and Twitter, allow users to interact with each other, effectively building a community. With this landscape changing so rapidly, the first challenge for brand owners is simply to keep up with the evolving technologies and platforms. After all, five years ago, Facebook was a small private network for students at educational institutions and Twitter did not even exist; today, these platforms are a part of the daily lives of millions of users. In order to properly protect their brands and trademarks, brand owners should first plan to conduct regular assessments of the available social networking and Web 2.0 sites, with an eye to determining how popular these sites may be with the brand’s target consumers and the ease of using these sites for infringement purposes. Whether or not brand owners plan to become active in these spaces in the short term, they should keep in mind that their employees and customers may already be avid users of social media. Therefore, brand owners should take care to develop detailed use policies, both for employees and for third parties who may become a part of the user community. These policies should address in what context (if any) employees and third parties are permitted to mention the company and brand name, and, especially, who is authorized to speak on behalf of the company or brand and what internal reviews must take place before content is posted that mentions or concerns a brand (i.e., a review by the company’s legal department or outside counsel). These policies should extend to affiliates and licensees, and should be an element of any legal agreements between the company and third parties regarding brand and trademark use. Although social media can provide many excellent marketing and promotional opportunities for brand owners, entering these spaces can require a large time and financial investment. Thus, brand owners should take care to ensure that they are using the optimal platforms that will build their brands and reach the desired community of users. First, an assessment of the consumer demographic is a critical element of this process. Brand owners should choose the platforms that will reach their target customers and should not feel the need to build a presence on every single available platform. In addition, before committing to a social media initiative, brand owners should keep in mind that users of social media expect regular content updates, and that setting up social media sites and profiles and then neglecting them may do more harm than not using these platforms at all. Any budget for social media should take into account the costs and human capital necessary to maintain and update the content.

Many More Government Records Compromised in 2009 than Year Ago, Report Claims (Gov’t Technology, 2 Dec 2009) - If you’re bummed about the data in your department that just got breached, you have some cold comfort. Although the combined number of reported data breaches in the government and the military has dropped in 2009 compared to last year, many more records were compromised in those breaches, according to recent figures compiled by a California nonprofit. As of Tuesday, Dec. 1., the Identity Theft Resource Center (ITRC) reported 82 breaches in U.S. government and military organizations. Although the year isn’t over, that’s fewer than the 110 that occurred in 2008. But here’s the catch: The breaches so far in 2009 have compromised more than 79 million records, whereas fewer than 3 million were hacked in 2008.

My K-12 Blind Spot (InsideHigherEd, 2 Dec 2009) - We are a mixed LMS household. My 7th grader uses Moodle, I use Blackboard. Watching her use of Moodle to hand in her assignments, watch linked videos, download readings, participate in discussions and check her grades is a nightly reminder that utilization of educational technology is not restricted to the post-secondary world. Some of my daughter’s teachers make the sort of use of Moodle that would be a great model faculty members wanting to leverage their campus LMS. Embarrassingly, my knowledge of K-12 utilization of learning technology basically starts and ends from whatever my daughter does while at home. The primary/secondary and post-secondary educational technology communities don’t seem to overlap very much. I get my news from Inside Higher Ed and the Chronicle of Higher Education. EDUCAUSE, my professional organization, defines its mission in part “to advance higher education by promoting the intelligent use of information technology”. The blogs I read tend to be written by people working in higher ed. But in looking at how my daughter’s teachers use Moodle I can’t help to wonder what I’m missing. Is there a great deal of innovation around pedagogy and technology occurring in the K-12 world? What is the penetration of the Learning Management System (LMS) at the secondary level of education? What is the adoption curve? Are there practices in teacher training and support in learning technology that we can learn from and adopt at the college/university level? Does anyone know any good publications that cross the secondary / post-secondary divide? Are there a whole bunch of innovative and disruptive thinkers, writers, and bloggers in middle and high-schools that I don’t know about?

Google allows publishers to limit free content (AP, 2 Dec 2009) - Google Inc. is allowing publishers of paid content to limit the number of free news articles accessed by people using its Internet search engine, a concession to an increasingly disgruntled media industry. There has been mounting criticism of Google’s practices from media publishers — most notably News Corp. chairman and chief executive Rupert Murdoch — that argue the company is profiting from online news pages. In an official blog posted late Tuesday, Josh Cohen, Google’s senior business product manager, said the company had updated its so-called First Click Free program so publishers can limit users to viewing no more than five articles a day without registering or subscribing. Previously, each click from a user of Google’s search engine would be treated as free. “If you’re a Google user, this means that you may start to see a registration page after you’ve clicked through to more than five articles on the website of a publisher using First Click Free in a day ... while allowing publishers to focus on potential subscribers who are accessing a lot of their content on a regular basis,” Cohen said in the post. Cohen said that Google will also begin crawling, indexing and treating as “free” any preview pages — usually the headline and first few paragraphs of a story — from subscription websites. People using Google would then see the same content that would be shown free to a user of the media site and the stories labelled as “subscription” in Google News.

Web ad group launches privacy education campaign (Washington Post, 3 Dec 2009) - A group of leading Internet publishers and digital marketing services on Thursday launched an online campaign to educate consumers about how they are tracked and targeted for pitches on the Web. The Interactive Advertising Bureau, based in New York, unveiled its “Privacy Matters” Web site. The site explains how Internet marketers track where people go and what they do online and then mine that data to serve up targeted ads. The practice, known as behavioral advertising, has raised concerns among privacy watchdogs and lawmakers in Congress. A number of IAB members plan to run banner spots on their Web pages linking back to the Privacy Matters site. Those include Internet-only players such as Yahoo Inc. and Google Inc. and traditional media outlets such as Walt Disney Co. and The New York Times Co. The goal of the program, explained IAB Senior Vice President David Doty, is to describe “in plain English” how online advertising works. Among other things, the Privacy Matters Web site offers explanations of demographic targeting, interest group targeting and data-tracking files known as cookies. The site also informs consumers how they can control the information collected about them by changing their cookies settings. The new campaign is part of a broader self-regulatory push by the Interactive Advertising Bureau and other advertising trade groups that want to head off federal regulation.

Google Wants to Speed Up the Web: Launches Its Own DNS Service (ReadWriteWeb, 3 Dec 2009) - Google just launched the Google Public DNS. Just like OpenDNS, Google Public DNS will allow users to bypass their ISPs Domain Name Servers (DNS). DNS servers are, in many respects, the backbone of the Internet. DNS allows you to type a domain name like into a browser instead of a machine-readable IP number like Google’s argues that it wants to give consumers an alternative to their ISPs’ DNS services in order to market the Internet “faster, safer and more reliable.” According to Google product manager Prem Ramaswami, the company’s engineers have been working to improve DNS over the last few months. Instead of performing DNS lookups on an ISP’s DNS server, Google will use its data-center and caching infrastructure to resolve these domain names. [COMMENTARY: Michael Fleming, of Larkin Hoffman, comments: “I’ve been using OpenDNS for years. I like it for a number of reasons, including speed, reliability, as well as a sense that it’s less likely to get polluted by a hacker that might gain access to my ISP’s DNS (which, for most ISPs, is rather minimally monitored since they consider it automated, and hence a security risk for its users). If Google upholds those same principles, it’s OK by me. But... One concern is what happens when I type in a non-existent domain. It might just go blank or show a 404 error message. It might try to direct me to something that benefits Google (much akin to the highly complained about thing that NSI did a couple of years ago). It could be something in between, with a little bit of ads and some reasonable suggestions on what I might have meant to type in (which is what OpenDNS does now). Another concern is whether Google may try to influence the DNS by editing out domains it doesn’t like. OpenDNS, as well as most typical DNS providers, will not censor the DNS. Google could choose another policy. It might do so for admirable reasons (such as disabling access to known phishing sites), but that same thought could lead to less admirable reasons (such as disabling access to anonymous communication sites, or sites that a particular government doesn’t like, or the ability to go to, for example). * * * Done faithfully DNS is innocuous, but since it can be dangerous if misused we should not make decisions to switch lightly.” Another expert comments: “Another worry... DNS provides a centralized and low-bandwidth place for monitoring user behaviour. If you wanted to compile a database of IP addresses and the websites they visit, the DNS server is the best place to do it. Google openly engages in consumer monitoring via their ad and search services. I see no reason why they wouldn’t also retain DNS data.”]

- and -

Redirecting DNS Requests Can Harm the Internet, Says ICANN (PC World, 25 Nov 2009) - ICANN (Internet Corporation for Assigned Names and Numbers) on Tuesday condemned the practice of redirecting Internet users to a third-party Web site or portal when they misspell a Web address and type a domain name that does not exist. Rather than return an error message for DNS (Domain Name System) requests for nonexistent domains, some DNS operators send back the IP (Internet Protocol) address of another domain, a process known as NXDOMAIN substitution.

Risk Avoidance May Explain Why Big Firm Blogs Are Boring, Blogger Says (ABA Journal, 3 Dec 2009) - An inquiring blogger wants to know: Why are blogs associated with large law firms sometimes so boring, and why did so few appear in the ABA Journal’s Blawg 100? Blogger Mark Herrmann is a partner with Jones Day’s Chicago office who writes for the Drug and Device Law blog. He identified only two blogs on the ABA Journal list that are affiliated with large firms: his blog and SCOTUSblog. Herrmann says successful legal blogs can succeed in three ways: They can be the first source of news, such as the Wall Street Journal’s Law Blog. They can be written by extremely smart people who are paid to “sit around thinking great thoughts,” such as the law professors writing for the Volokh Conspiracy, Concurring Opinions or Prawfs Blog. Or they can have a voice, such as the blog Simple Justice. The voice thing can be a problem for law firm blogs, according to Herrmann, because it’s so risky. Blogging solo practitioners may have to field complaints about their posts, but no one can complain to their colleagues. “Not so for those of us in the AmLaw 200.” The result of risk avoidance: “You strip all humor and provocation out of your posts. You lose your voice. The posts are good. They’re informative. They’re lawyerly. But they’re boring; no one’s drawn to them.”

Yahoo Issues Takedown Notice for Spying Price List (Wired, 4 Dec 2009) - Yahoo isn’t happy that a detailed menu of the spying services it provides law enforcement agencies has leaked onto the web. Shortly after Threat Level reported this week that Yahoo had blocked the FOIA release of its law enforcement and intelligence price list, someone provided a copy of the company’s spying guide to the whistleblower site Cryptome. The 17-page guide describes Yahoo’s data retention policies and the surveillance capabilities it can provide law enforcement, with a pricing list for these services. Cryptome also published lawful data-interception guides for Cox Communications, SBC, Cingular, Nextel, GTE and other telecoms and service providers. But of all those companies, it appears to be Yahoo’s lawyers alone who have issued a DMCA takedown notice to Cryptome demanding the document be removed. Yahoo claims that publication of the document is a copyright violation, and gave Cryptome owner John Young a Thursday deadline for removing the document. So far, Young has refused. Yahoo’s letter was sent on Wednesday, within hours of the posting of Yahoo’s Compliance Guide for Law Enforcement at Cryptome. In addition to copyright infringement, the letter accuses the site of revealing Yahoo’s trade secrets and engaging in “business interference.” According to the letter, disclosure of its surveillance services (.pdf) would help criminals evade surveillance.

Law profs say e-marriages expand couple’s rights (, 6 Dec 2009) - A Boston couple wanting to wed under Louisiana’s covenant marriage law, or two New Orleans women seeking to wed in Massachusetts should be able to do so without leaving home, two law professors say. Michigan State University’s Adam Candeub and Mae Kuykendall have started the Legal E-Marriage Project, a clearinghouse for legislative proposals to establish “e-marriages.” “According to the team, the proposal refutes suggestions the state should get out of the marriage business and has the potential to alter the landscape of marriage culture wars,” Michigan State law school spokeswoman Katie Gallagher wrote on the school’s Web site. Candeub and Kuykendall said states should let couples marry under the laws of whatever place they chose. A couple’s physical presence in the state authorizing a marriage has never been a universal rule, the professors said. Couples long have married by proxy, mail and telephone. “The state needs to fight marital fraud, harness modern technology to make marriage more accessible and open its symbolic value to a variety of communities both online and off line,” Kuykendall said. At San Diego’s Thomas Jefferson Law School, professor Bryan Wildenthal called it a “groundbreaking, an innovative approach to the entire issue of how law should regulate family relationships.” Same-sex couples could marry in California under the laws of Massachusetts or Vermont, if the states enacted e-marriage provisions, Candeub and Kuykendall said. A couple’s home state would not necessarily have to recognize the marriage.

Local Governments Offer Data to Software Tinkerers (New York Times, 6 Dec 2009) - A big pile of city crime reports is not all that useful. But what if you could combine that data with information on bars, sidewalks and subway stations to find the safest route home after a night out? Stamen Design put together the San Francisco Crimespotting site using information from the city’s police department. DC Bikes, which shows bike paths in the Washington area, and Stumble Safely, which shows the safest way to get home from bars at night there, were both developed using government data. In Washington, a Web site called Stumble Safely makes that possible. It is one example of the kind of creativity that cities are hoping to mobilize by turning over big chunks of data to programmers and the public. Many local governments are figuring out how to use the Internet to make government data more accessible. The goal is to spawn useful Web sites and mobile applications — and perhaps even have people think differently about their city and its government. “It will change the way citizens and government interact, but perhaps most important, it’s going to change the way elected officials and civil servants deliver programs, services and promises,” said Gavin Newsom, the mayor of San Francisco, which is one of the cities leading the way in releasing government data to Web developers. “I can’t wait until it challenges and infuriates the bureaucracy.” Advocates of these open-data efforts say they can help citizens figure out what is going on in their backyards and judge how their government is performing. But programmers have had trouble getting their hands on some data. And some activists and software developers wonder whether historically reticent governments will release data that exposes problems or only information that makes them look good. It is too early to say whether releasing city data will actually make civil servants more accountable, but it can clearly be useful. Even data about mundane things like public transit and traffic can improve people’s lives when it is packaged and customized in an accessible way — a situation that governments themselves may not be equipped to realize. A Web site called CleanScores, for instance, tracks restaurant inspection scores in various cities and explains each violation. After School Special combines data from San Francisco schools, libraries and restaurants so parents can plan after-school activities and see how children’s nutritional options compare by neighborhood. And Trees Near You, available for the iPhone, lets people identify trees on New York streets. By releasing data in easy-to-use formats, cities and states hope that people will create sites or applications that use it in ways City Hall never would have considered.

With Lure of Cash, M.I.T. Group Builds a Balloon-Finding Team to Take Pentagon Prize (New York Times, 6 Dec 2009) - A group of researchers at the Massachusetts Institute of Technology edged out about 4,300 other teams on Saturday in a Pentagon-sponsored contest to correctly identify the location of 10 red balloons distributed around the United States. The contest, which featured a $40,000 prize, was organized by the Defense Advanced Research Projects Agency, in an effort to develop new ways to understand how information is disseminated through social networks. The winning group, a small team at the M.I.T. Media Laboratory Human Dynamics Group led by a physicist, Riley Crane, took just eight hours and 56 minutes to complete the challenge. The balloons, which were 8 feet in diameter, were arrayed around the country. Some were in highly trafficked locations like Union Square in San Francisco; others were in more obscure places, like Katy Park, a baseball field in the Houston suburbs. The winning researchers, who specialize in studying human interactions that emerge from computer networks, set up a Web site asking people to join their team. They relied on visitors to the Web site to invite their friends. They also sent e-mail messages inviting people to participate and sent a small number of advertisements to mobile phones. They said that they would dole out the prize money both to chains of individuals who referred people who had correct information on the balloons’ locations and to charities. They described their method as a “recursive incentive structure.”

See That Funny 2D Barcode In The Store Window? It Might Pull Up A Google Listing (TechCrunch, 6 Dec 2009) - What if every store had a bar-code sticker on its window so that you could pull out your iPhone, wave it in front of the bar code and get all sorts of information about that business—the telephone number, photos, customer reviews? Starting on Monday, you’ll be able to do that at up to 190,000 local businesses throughout the U.S. Google has mailed out window stickers with two-dimensional bar codes (aka, QR codes) to the most-searched for or clicked-on businesses in its local business directory. Anyone with a QR code reader in their phone can scan it to call up a Google Mobile local directory page for one of these “Favorite Places,” which generally includes a map, phone number, directions, address, reviews, and a link to the store’s website. (It’s a mobile version of Google Places). Local businesses can also set up coupon offers through their Google directory page, which would turn the QR code into a mobile coupon, and help entice someone standing outside a store to come in: “If you found us on Google, you get 20% off.” Japan is already QR-crazy. Google wants the U.S. to be next. In conjunction with the QR code sticker roll-out, Google is also giving away 40,000 Quickmark QR Code Reader apps for the iPhone, which normally cost $1.99 apiece. But you can use any QR code reader. There are a bunch of free ones, some on Android phones as well. There are now over a million local businesses which have claimed their Google local listing, up from a few hundred thousand last summer. If these QR code stickers become popular in the U.S., it could encourage more small businesses to claim their listings and give Google cleaner data.

New Smithsonian Collection Search (BeSpacific, 7 Dec 2009) - The Collections Search Center provides easy “one-stop searching” of more than 2 million of the Smithsonian’s museum, archives, library and research holdings and collections. The access to more Smithsonian collections via this Search Center is increasing over time. Collections currently available include: 265,900 images, video and sound files, electronic journals and other resources from the Smithsonian’s museums, archives & libraries.”

Florida: Judges Cannot be Facebook Friends with Litigants (Social Media Law Student, 9 Dec 2009) - Florida’s Judicial Ethics Advisory Committee responded to a few questions from one Florida judge about the use of social networking sites. The Committee found that judges cannot accept friend requests from litigants in their court. They take special care to note: “This opinion should not be interpreted to mean that the inquiring judge is prohibited from identifying any person as a “friend” on a social networking site. Instead, it is limited to the facts presented by the inquiring judge, related to lawyers who may appear before the judge. Therefore, this opinion does not apply to the practice of listing as “friends” persons other than lawyers, or to listing as “friends” lawyers who do not appear before the judge, either because they do not practice in the judge’s area or court or because the judge has listed them on the judge’s recusal list so that their cases are not assigned to the judge.” It’s pretty clear from this opinion that accepting a request on Facebook, LinkedIn and Myspace from a litigant in the judge’s court are out. The opinion does not just apply to those sites though: “Although Facebook has been used as an example in this opinion, the holding of the opinion would apply to any social networking site which requires the member of the site to approve the listing of a “friend” or contact on the member’s site, if (1) that person is a lawyer who appears before the judge, and (2) identification of the lawyer as the judge’s “friend” is thereafter displayed to the public or the judge’s or lawyer’s other “friends” on the judge’s or the lawyer’s page.” Any sites with a Facebook-like approach will obviously meet the criteria of this opinion. My question is: what about Twitter? If someone is protected on Twitter, they have to approve all followers. However, anybody can see which followers have been approved. So, does that constitute identification as a “friend” on the judge’s page? I think it very well might. You can read the full committee opinion, which also discusses campaign committees, here.

TSA accidentally reveals airport security secrets (Washington Post, 9 Dec 2009) - The Transportation Security Administration inadvertently revealed closely guarded secrets related to airport passenger screening practices when it posted online this spring a document as part of a contract solicitation, the agency confirmed Tuesday. The 93-page TSA operating manual details procedures for screening passengers and checked baggage, such as technical settings used by X-ray machines and explosives detectors. It also includes pictures of credentials used by members of Congress, CIA employees and federal air marshals, and it identifies 12 countries whose passport holders are automatically subjected to added scrutiny. TSA officials said that the manual was posted online in a redacted form on a federal procurement Web site, but that the digital redactions were inadequate. They allowed computer users to recover blacked-out passages by copying and pasting them into a new document or an e-mail. Current and former security officials called the breach troubling, saying it exposed TSA practices that were implemented after the Sept. 11, 2001, terrorist attacks and expanded after the August 2006 disruption of a plot to down transatlantic airliners using liquid explosives. Checkpoint screening has been a fixture of the TSA’s operations -- as well as a lightning rod for public criticism of the agency’s practices. Stewart A. Baker, a former assistant secretary at the Department of Homeland Security, said that the manual will become a textbook for those seeking to penetrate aviation security and that its leaking was serious. “It increases the risk that terrorists will find a way through the defenses,” Baker said. “The problem is there are so many different holes that while [the TSA] can fix any one of them by changing procedures and making adjustments in the process . . . they can’t change everything about the way they operate.” Another former DHS official, however, called the loss a public relations blunder but not a major risk, because TSA manuals are shared widely with airlines and airports and are available in the aviation community.

France to Digitize Its Own Literary Works (New York Times, 14 Dec 2009) - President Nicolas Sarkozy pledged nearly $1.1 billion on Monday toward the computer scanning of French literary works, audiovisual archives and historical documents, an announcement that underscored his government’s desire to maintain control over France’s cultural heritage in an era of digitization. The French National Library announced in August that it was engaged in discussions with Google over the digitization of its collections, part of a global effort by Google to digitize the world’s literary works. This provoked an uproar among French officials and the publishing community here, and the discussions were suspended. “We won’t let ourselves be stripped of our heritage to the benefit of a big company, no matter how friendly, big or American it is,” Mr. Sarkozy said last week, apparently in a reference to Google. The money pledged Monday will finance a public-private partnership that will digitize the nation’s cultural works, Mr. Sarkozy said. Yet that partnership might well involve Google. “The question remains open,” said Bruno Racine, president of the National Library, in a telephone interview. He emphasized the “necessity of a partnership with the private sector” in order to secure the capital needed for vast digitization projects. He put the cost of digitizing the National Library’s collections, which include over 14 million books and several million other documents, at more than $1.5 billion. Those who opposed the National Library’s discussions with Google were concerned primarily with its “dominant place” in the digital market, he said, noting, “It’s not so much that it is a private company.” The French culture minister, Frédéric Mitterrand, met last week with David C. Drummond, a senior vice president and chief legal officer at Google, to express his concerns about a potential collaboration with the company. France has long regarded Google warily. In 2005, French and German leaders announced plans, since abandoned, to develop a multimedia search engine to be called Quaero — “I seek,” in Latin — seen by many as a direct challenge to the company. The French government has also urged the European Union to undertake its own book digitization project.

Amazon Auctions Cloud Computation (Information Week, 14 Dec 2009) - Amazon on Monday began offering its Amazon Elastic Compute Cloud (EC2) customers the chance to bid on unused computing capacity. The new purchasing model, called Spot Instances, allows Amazon Web Services (AWS) customers to place bids for computing power and have their jobs processed if their bid exceeds the fluctuating “Spot Price.” “The central concept in this new option is that of the Spot Price, which we determine based on current supply and demand and will fluctuate periodically,” explained Amazon CTO Werner Vogels in a blog post. “If the maximum price a customer has bid exceeds the current Spot Price then their instances will be run, priced at the current Spot Price. If the Spot Price rises above the customer’s bid, their instances will be terminated and restarted (if the customer wants it restarted at all) when the Spot Price falls below the customer’s bid. This gives customers exact control over the maximum cost they are incurring for their workloads, and often will provide them with substantial savings.” Vogels said that bids higher than the Spot Price are only charged at Spot Price rate. Jeff Barr, Amazon Web Services evangelist, explains in a blog post that Spot Instances can be particularly useful for low-priority work that can be deferred until computing demand and price are low. EC2 continues to offer two other pricing methods: On-Demand Instances, which are charged at a published rate, and Reserved Instances, pre-paid at a discounted rate for use up to three years later. Typical jobs for EC2 involve analyzing data sets, media file format conversion, or Web crawling for a search index, for example. Pharmaceutical giant Pfizer has been using AWS -- EC2 and other services like S3, SQS, and SimpleDB -- to model antibody behavior.

Court Finds Personal E-Mail Privileged Even if Sent From Work (NLJ, 14 Dec 2009) - A federal prosecutor has won his fight to conceal e-mails he sent to his attorney over the government’s computers, contradicting a popular belief that employees have no expectation of privacy on work computers. The U.S. District Court for the District of Columbia ruled on Thursday that Assistant U.S. Attorney Jonathan Tukel had a reasonable expectation of privacy in those e-mails because federal prosecutors were allowed to use work e-mail for personal matters. Therefore, Tukel’s messages to his private lawyer sent from work are covered by the attorney-client privilege and can remain confidential. The party trying to get the e-mails is former federal prosecutor Richard Convertino, who lost his job after his convictions in a high-profile terrorism trial in Detroit were overturned in 2004 due to prosecutorial misconduct. Convertino, who believes he was retaliated against for blowing the whistle on incompetence in the Bush administration’s war on terror, is trying to find out who leaked confidential information about an investigation into his conduct to the Detroit Free Press. Convertino believes Tukel’s e-mails to his lawyer may shed some light on the matter. According to court documents, Tukel was the prosecutor in Detroit who reviewed Convertino’s cases, and he was “one of the original parties that initiated confidential personal matters” related to Convertino. Tukel has denied in an affidavit that he’s the source of the leak. But Convertino still wants the e-mails. He argued that Tukel had no privacy expectations in e-mails sent over a government computer. The court disagreed. “The DOJ maintains a policy that does not ban personal use of the company email. Although the DOJ does have access to personal emails sent through this account, Mr. Tukel was unaware that they would be regularly accessing and saving emails sent from his account. Because his expectations were reasonable, Mr. Tukel’s private emails will remain protected by the attorney-client privilege,” wrote Chief Judge Royce Lamberth. Tukel’s lawyer, James K. Robinson, a partner in the Washington office of Cadwalader, Wickersham & Taft, said the judge got it right -- “Where someone who uses their company e-mail, whether with the Justice Department or someone else, intends the communication to be confidential and takes reasonable steps to ensure the confidentiality ... there is no waiver of the attorney-client privilege.”

- and -

Supreme Court to Review Employer Access to Worker Text Messages (, 15 Dec 2009) - The U.S. Supreme Court said Monday it will decide how much privacy workers have when they send text messages from company accounts. The justices said they will review a federal appeals court ruling that sided with California police officers who complained that the department improperly snooped on their electronic exchanges. The 9th U.S. Circuit Court of Appeals in San Francisco also faulted the text-messaging service for turning over transcripts of the messages without the officers’ consent. Users of text-messaging services “have a reasonable expectation of privacy” regarding messages stored on the service provider’s network, 9th Circuit Judge Kim Wardlaw said. Both the city and USA Mobility Wireless, Inc., which bought the text-messaging service involved in the case, appealed the 9th Circuit ruling. The justices turned down the company’s appeal, but said they would hear arguments next year in the city’s case. The appeals court ruling came in a lawsuit filed by Ontario police Sgt. Jeff Quon and three others after Arch Wireless gave their department transcripts of Quon’s text messages in 2002. Police officials read the messages to determine whether department-issued pagers were being used solely for work purposes. The city said it discovered that Quon sent and received hundreds of personal messages, including many that were sexually explicit. Quon and the others said the police force had an informal policy of not monitoring the usage as long as employees paid for messages in excess of monthly character limits.

- and -

Prosecutor’s E-Mail Sent to His Lawyer on a Work Account is Privileged, Court Says (ABA Journal, 15 Dec 2009) - A federal prosecutor’s e-mail to his own lawyer is privileged, even though he sent it from work on a government computer, a federal court has ruled. Because he is allowed to use his work e-mail account for personal communications, assistant U.S. Attorney Jonathan Tukel had a reasonable expectation of privacy in those personal communications, explains the U.S. District Court for the District of Columbia in a written opinion. And because there was a reasonable expectation of privacy, they are confidential attorney-client privileged documents. Another factor in the decision, according to the National Law Journal, is that Tukel wasn’t aware that the government had access to his account and might be looking at his personal e-mail. However, partner James Robinson of Cadwalader Wickersham & Taft, who represents Tukel, called for confidentiality of work e-mail communications to be generally recognized, when they are intended to be confidential.

Free App Offers iPhone CLE Courses With Built-In Verification (ABA Journal, 15 Dec 2009) - Lawyers looking for continuing legal education credit can download a new app that allows them to find courses, listen to audio programs and access materials on their iPhone and iPod touch. Users can set up a free account at West LegalEdcenter to buy programs that can be downloaded using the free app, known as CLE Mobile, according to a Thomson Reuters press release. More than 2,000 audio courses are available. But don’t think that you can get credit just by downloading CLE programs. The app tracks and ensures that the program has played, and randomly verifies interaction in states that require the feature, according to West LegalEdcenter accreditation manager Gina Roers, writing at the center’s CLE Mobile blog. To verify attendance, a bell sounds during the program, and the lawyer has to tap “verify,” according to a CLE Mobile reference guide. When lawyers complete the programs, they can use the app to request CLE credit. A YouTube video shows a lawyer using the program while riding a train, at a coffeeshop and while taking a walk. The app is available from the App Store.

Ohio justices: Cell phone searches require warrant (Washington Post, 15 Dec 2009) - The Ohio Supreme Court said Tuesday police officers must obtain a search warrant before scouring the contents of a suspect’s cell phone, unless their safety is in danger. The American Civil Liberties Union of Ohio described the ruling as a landmark case. The issue appears never to have reached another state high court or the U.S. Supreme Court. The Ohio high court ruled 5-4 in favor of Antwaun Smith, who was arrested on drug charges after he answered a cell phone call from a crack cocaine user acting as a police informant. Officers took Smith’s cell phone when he was arrested and, acting without a warrant and without his consent, searched it. They found a call history and stored numbers that showed Smith had previously been in contact with the drug user.

App of the Week: Google’s Eyes on the Ground (New York Times, 16 Dec 2009) - Google Goggles is a new free app for smartphones using the Android operating system. With its grab bag of features, the app is a bit hard to define. Goggles uses a phone’s camera for data entry, Web searching and shopping, with a little bit of augmented reality thrown in. Here’s how it works. You use your phone to take a photo of a building, artwork, a bar code or some text and Goggles identifies it and brings back Google search results. A photo of a book cover brought back links to where the book is sold online, reviews, a Wikipedia entry on the author and more. A picture of the exterior of a restaurant brings back reviews, links to the restaurant’s Web site and a link to call the place with one click. When the phone is held parallel to the ground, nearby points of interest, like businesses and restaurants, float by on the bottom of the screen in what is called augmented reality. [Artwork? From museums or galleries? How cool would that be!]

- but -

Privacy fears force search giant to block facial recognition application on Google Goggles (Daily Mail, 14 Dec 2009) - Privacy concerns have forced Google to delay an expansion of its Goggles service which would have enabled camera-phone users to identify strangers on the street. The experimental Google Goggles application, which was launched last week, allows smart-phone users to search for subjects simply by snapping a picture of them. Users can focus their phone’s camera on an object and Google will try to match portions of the picture with the tens of millions of images in its database. But privacy campaigners have raised fears over the ‘ facial recognition’ potential of the service, which would allow users to track strangers through a photograph. Google, which has confirmed the technology is available but has yet to decide if it will be rolled-out as part of Goggles, has now confirmed that it is blocking aspects of the application until privacy implications have been fully explored.

Not Just Drones: Militants Can Snoop on Most U.S. Warplanes (DangerRoom, 17 Dec 2009) - Tapping into drones’ video feeds was just the start. The U.S. military’s primary system for bringing overhead surveillance down to soldiers and Marines on the ground is also vulnerable to electronic interception, multiple military sources tell Danger Room. That means militants have the ability to see through the eyes of all kinds of combat aircraft — from traditional fighters and bombers to unmanned spy planes. The problem is in the process of being addressed. But for now, an enormous security breach is even larger than previously thought. The military initially developed the Remotely Operated Video Enhanced Receiver, or ROVER, in 2002. The idea was let troops on the ground download footage from Predator drones and AC-130 gunships as it was being taken. Since then, nearly every airplane in the American fleet — from F-16 and F/A-18 fighters to A-10 attack planes to Harrier jump jets to B-1B bombers has been outfitted with equipment that lets them transmit to ROVERs. Thousands of ROVER terminals have been distributed to troops in Afghanistan and Iraq. But those early units were “fielded so fast that it was done with an unencrypted signal. It could be both intercepted (e.g. hacked into) and jammed,” e-mails an Air Force officer with knowledge of the program. In a presentation last month before a conference of the Army Aviation Association of America, a military official noted that the current ROVER terminal “receives only unencrypted L, C, S, Ku [satellite] bands.” So the same security breach that allowed insurgent to use satellite dishes and $26 software to intercept drone feeds can be used the tap into the video transmissions of any plane. The military is working to plug the hole — introducing new ROVER models that communicate without spilling its secrets. “Recognizing the potential for future exploitation the Air Force has been working aggressively to encrypt these ROVER downlink signals. It is my understanding that we have already developed the technical encryption solutions and are fielding them,” the Air Force officer notes. But it won’t be easy. An unnamed Pentagon official tells reporters that “this is an old issue that’s been addressed.” Air Force officers contacted by Danger Room disagree, strongly. “This is not a trivial solution,” one officer observes. “Almost every fighter/bomber/ISR [intelligence surveillance reconnaissance] platform we have in theater has a ROVER downlink. All of our Tactical Air Control Parties and most ground TOCs [tactical operations centers] have ROVER receivers. We need to essentially fix all of the capabilities before a full transition can occur and in the transition most capabilities need to be dual-capable (encrypted and unencrypted).”

EU Data Protection Meets U.S. Discovery (, 18 Dec 2009) - As a result of an increase in U.S. lawsuits requiring the transfer of personal data from France to the United States, the French Data Protection Agency (CNIL) published a recommendation in August 2009, which is designed to offer guidance on data transfers in connection with U.S. civil discovery proceedings.[FOOTNOTE 1] The CNIL’s recommendation expands on the guidelines adopted by the body of European data protection agencies (the Article 29 Data Protection Working Party) in February 2009.[FOOTNOTE 2] EU member states increasingly enforce their data protection laws. For instance, in 2008, the Spanish data protection agency imposed fines amounting in total to €22.6 million. In France and other EU countries, companies are under pressure to comply with U.S. discovery requests, which frequently call for the production of personal data about employees, clients, or customers. The CNIL’s recommendation reflects a tension between a company’s obligation to respond to U.S. discovery requests and its obligation to comply with EU data protection laws. Because data protection laws pursue a legitimate interest and are increasingly enforced in Europe, courts and litigants in the U.S. should take them into account when ordering discovery abroad. * * * The CNIL indicates that, where a person in France engages in a “single and non-massive transfer” of data to the US, which is necessary or legally required for the establishment, exercise, or defense of legal claims, the company responding to the U.S. discovery request does not need to request the CNIL’s prior authorization, but should simply provide advance notice. By contrast, “massive and repeated” transfers of data require the CNIL’s authorization and are only lawful where (i) the recipient of personal data is an entity established in the U.S. that has subscribed to the Safe Harbor Scheme; (ii) the parties have adopted standard contract clauses issued by the European Commission; or (iii) the recipient has a set of strict and binding corporate rules in place providing an adequate level of protection of personal data. The CNIL does not provide guidance regarding the volume of data that would trigger the need for CNIL authorization.

Rethinking Green (Stewart Brand, 9 Oct 2009) - Brand builds his case for rethinking environmental goals and methods on two major changes going on in the world. The one that most people still don’t take into consideration is that power is shifting to the developing world, where 5 out of 6 people live, where the bulk of humanity is getting out of poverty by moving to cities and creating their own jobs and communities (slums, for now). He noted that history has always been driven by the world’s largest cities, and these years they are places like Mumbai, Lagos, Dhaka, Sao Paulo, Karachi, and Mexico City, which are growing 3 times faster and 9 times bigger than cities in the currently developed world ever did. The people in those cities are unstoppably moving up the “energy ladder” to high quality grid electricity and up the “food ladder” toward better nutrition, including meat. As soon as they can afford it, everyone in the global South is going to get air conditioning. The second dominant global fact is climate change. Brand emphasized that climate is a severely nonlinear system packed with tipping points and positive feedbacks such as the unpredicted rapid melting of Arctic ice. Warming causes droughts, which lowers carrying capacity for humans, and they fight over the diminishing resources, as in Darfur. It also is melting the glaciers of the Himalayan plateau, which feed the rivers on which 40% of humanity depends for water in the dry season—the Indus, Ganges, Brahmaputra, Mekong, Irrawaddy, Yangtze, and Yellow. [Editor: This is fascinating, especially given that Brand is extremely thoughtful and credible. Has nothing to do with IT law, but worth your time anyway. 90-minute podcast; ONE-STAR]

**** RESOURCES ****
Disclosure, Deception and Deep-Packet Inspection: The Role of the Federal Trade Commision Act’s Deceptive Conduct Prohibitions in the Net Neutrality Debate (SSRN paper by Prof. Catherine Sandoval) - This Article examines a largely unexplored frontier in the “Net Neutrality” debate: the Federal Trade Commission (FTC) Act’s proscriptions against deceptive conduct as a legal limit on Internet Service Provider (ISP) discrimination against Internet traffic. ISP discrimination against certain types of Internet traffic has blossomed since 2005 when the Federal Communications Commission (FCC), with the Supreme Court’s blessing in NCTA v. Brand X and FCC, relieved ISPs from common-carrier regulations that prohibited discrimination and reclassified ISPs as “information service providers.” This Article argues that the Internet’s architecture and codes presumed common carriage, indicating that the Internet’s design and industry “self-regulation” cannot alone prevent ISPs who control access to the Internet’s physical layer from becoming its gatekeepers. The FTC and FCC must use their respective authority to police the gulf between ISP promises and practices, protect Internet users and competition, and safeguard the Internet itself as a source for innovation and a wide range of speech.

**** FUN ****
Most Awesomely Bad Military Acronyms 7 (Danger Room, 1 Dec 2009) - It’s the most wonderful time of the year. Not because of some lame holiday. Because it’s time again for our Most Awesomely bad Military Acronyms (MAMAs).
The defense and intelligence establishment is famous for stirring words into an insane alphabet soup of acronyms, abbreviations, and neologisms. For over a year, we’ve been on a quest to find the silliest, most agonizing MAMAs out there. Our latest batch has a heroic bent - the champions of mil-jargon, if you will. Behold!
* Communications Electronic Attack with Surveillance And Reconnaissance. (CEASAR)
* Game-theoretic Optimal Deformable Zone including Inertia with Local Approach (GODZILA)
* Applied Research reGarding Operationally Novel And Unique Technologies (ARGONAUT)
* Automated Low-Level Analysis and Description of Diverse Intelligence Video (ALADDIN)
* Joint Counter Radio Controlled Improvised Explosive Device Electronic (JCREW)
* Bioterrorism Operations Policy for Public Emergency/Chemoterrorism Operations Policy for Public Emergency (BOPPER/COPPER)

HAS GOVERNMENT ENCRYPTION EXPORT POLICY FAILED? -- Researchers at George Washington University’s Cyberspace Policy Institute are telling the Senate Commerce Committee that the most powerful encryption software is now widely accessible internationally, despite the Clinton Administration’s efforts to restrict the spread of “strong encryption” technology for fear it would be used by terrorists and criminals. But the U.S. has lost its monopoly on the mathematical algorithms underlying advanced encryption techniques, and 167 products now available internationally use algorithms that can not be decoded by even the largest and most sophisticated computers. (New York Times 10 Jun 99)

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley ( with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
6. Crypto-Gram,
7. McGuire Wood’s Technology & Business Articles of Note,
8. Steptoe & Johnson’s E-Commerce Law Week,
9. Eric Goldman’s Technology and Marketing Law Blog,
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.