Saturday, February 20, 2010

MIRLN --- 1-20 February (v13.03)

• Stolen Twitter Accounts Can Fetch $1,000
• Will Your Big-Screen Super Bowl Party Violate Copyright Law?
• UN Calls for Global Cyber Treaty
• Wikileaks, Struggling to Make Ends Meet, Begs for Donations
• A Breach Too Far
• Twitter, Facebook Use Rising Among Gang Members
• Firms Worry About Social Networks, But Don’t Block Access
• Federal Court Officials Issue Guidance on Jury Use of Blackberries, iPhones, Twitter, LinkedIn Etc.
• Brokers Must Think Twice Before Tweeting, Facebooking
• Sacrebleu! French High Court Limits Employees’ Privacy Rights in the Workplace
• Court’s Decision Would Severely Limit Employer Use of CFAA
• TV ‘Anywhere’: AT&T Relents on 3G Slingbox
• Google Asks Spy Agency for Help With Inquiry Into Cyberattacks
• New Joint Degree Program In Law and Music Business
• Ruling: FACTA Does Not Extend to E-Commerce Confirmations
• Judges Cannot Be Facebook “Friends” With Attorneys Who Appear Before Them
• More on Metadata and Other Electronic Document Issues
• Preserving Born-Digital Legal Materials - Where to Start?
• UK Court Finds That Simply Linking To Infringing Videos Is Not Infringing
• Shell Hit By Massive Data Breach
• Photographing Public Art: A Legal Waltz in Seattle
• N.Y. City Bar Urges Limiting Personal Data in Civil Filings
• Scariest Forum on the Internet?
• EU Revises Model Contract Clauses for Data Transfers
• More than 75,000 Computer Systems Hacked in One of Largest Cyber Attacks, Security Firm Says
• Does Discarding Unallocated Space Deserve Contempt?

PROGRAMS | NEWS | BOOK REVIEW | DIFFERENT RESOURCES | LOOKING BACK | NOTES

**** UPCOMING PROGRAMS ****
“Head in the Cloud, Feet in the Rules of Professional Conduct”: Managing the Ethical Risks to Lawyers from Web 2.0 Technologies, Portable Devices, and Cloud Computing, teleconference and live audio webcast (ABA, 3 March 2010) - The program’s full description and registration page is now live at: http://www.abanet.org/cle/programs/t10hcf1.html; faculty include Chris Kelly (candidate for CA Attorney General), Roland Trope, and Vince Polley.

The Pace Global Consumer Law Forum and UNCITRAL Collaborate to Present a Colloquium on Global E-Commerce and Online Dispute Resolution -- UNCITRAL and the Pace Law School Global Consumer Law Forum are collaborating to present the colloquium “A Fresh Look at Online Dispute Resolution and Global E-Commerce: Toward a Practical and Fair Redress System for the 21st Century Trader (Consumer and Merchant)” to be held at the UN Vienna International Centre on March 29th and 30th. The conference will be held during the same period as the Vis International Arbitration moot and is sponsored by UNCITRAL, Penn State Dickinson School of Law, and the Institute of International Commercial Law at Pace Law School. Leading experts (from government, private sector, academia, and the non-profit sector) will engage in a two-day intensive colloquium analyzing the current cross-border legal frameworks for e-commerce, existing mechanisms for online dispute resolution, and exploring the practicalities of establishing a future global ODR system for both B2B and B2C disputes. For program information, see http://www.pace.edu/page.cfm?doc_id=35508

**** NEWS ****

Stolen Twitter Accounts Can Fetch $1,000 (ComputerWorld, 29 Jan 2010) - According to researchers at Kaspersky Lab, cybercriminals are trying to sell hacked Twitter user names and passwords on-line for hundreds of dollars. Since 2005, the bad guys have been developing new data-stealing malware that is now a growing problem on the Internet. Some of these programs look for banking passwords, others hunt for on-line gaming credentials. But the fastest-growing data stealers are generic spying programs that try to steal as much information as possible from their victims, said Kaspersky Researcher Dmitry Bestuzhev, speaking at a press event Friday. Bestuzhev has seen Gmail accounts for sale on Russian hacker forums, (asking price 2,500 rubles, or $82) RapidShare accounts going for $5 per month, as well as Skype, instant messaging and Facebook credentials being offered. Asking prices can vary greatly, depending on the name of the account and the number of followers, but attackers are looking for an initial, trusted, stepping stone from which to send malicious Twitter messages and, ideally, infect more machines. Bestuzhev said that one Twitter account, with just over 320 followers, was offered at $1,000 in an underground hacker forum. The user’s name was a simple three letter combination that Bestuzhev thought might make it more valuable to criminals. Compare that to an MSN account, which Bestuzhev has seen priced at €1 ($1.40). “The price for Twitter accounts is really high,” he said. http://www.computerworld.com/s/article/9150001/Stolen_Twitter_accounts_can_fetch_1_000?source=rss_news

Will Your Big-Screen Super Bowl Party Violate Copyright Law? (ArsTechnica, 31 Jan 2010) - An offhand comment the other day by a friend caught my attention—”Did you know that you can’t watch the Super Bowl on a TV screen larger than 55 inches? Yeah, it’s right there in the law.” With the Colts and Saints set to do battle in Super Bowl XLIV, this seemed worth looking into as a public service. Could it be that some of those giant flat panel TV sets now finding their way into US living rooms are actually violating copyright law? Copyright law has a huge range of exemptions (like face-to-face classroom teaching), limitations (like fair use), and compulsory licensing schemes (like paying songwriters when you perform a cover version of a tune). Some are well known, but most are of interest only to specialists. US Code Title 17, Chapter 1, Section 110 is called “Limitations on exclusive rights: exemption of certain performances and displays,” and it lays out 12 of these exemptions to copyright restrictions. Are 55+ inch TVs mentioned specifically? They certainly are. TV broadcasts and movie showings can only be displayed so long as “no such audiovisual device has a diagonal screen size greater than 55 inches, and any audio portion of the performance or display is communicated by means of a total of not more than 6 loudspeakers.” So there it is in black and white—a ban on big TVs! Sort of. While my friend was right about what’s contained in the law, it’s important to put the words in context. In this case, the context is exemption number five, which deals with TVs. The exemption opens by saying that turning on a TV set in one’s house does not incur any sort of “public performance” liability under copyright law. So long as you’re using a set that can reasonably be described as “a single receiving apparatus of a kind commonly used in private homes,” you’re in the clear. It all sounds boring and academic, but the NFL famously made waves back in 2007 when it went after an Indianapolis church for hosting a Super Bowl party. Fall Creek Baptist Church planned to 1) charge admission to cover the food bill and 2) show the game on a giant projector system of more than 55 inches. Both were no-nos. In the wake of the NFL’s threat, churches around the country canceled get-togethers that year. Though it was in fact written into copyright law, the NFL’s action generated such bad press that several US Senators pressured the league to change its enforcement practices, law or no law. Sen. Arlen Specter (R-PA, now D-PA) even introduced S. 2591, a bill which singled out “professional football contests” and allowed nonprofit groups to show the games on any size screen. The bill went nowhere, but the NFL did call an audible. In late 2008, the league announced that it was changing its ways and would no longer go after churches simply for using a 55+ inch screen. http://arstechnica.com/tech-policy/news/2010/01/will-your-big-screen-super-bowl-party-violate-copyright-law.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

UN Calls for Global Cyber Treaty (ZDNet, 1 Feb 2010) - The world needs a treaty to prevent cyber attacks becoming an all-out war, the head of the main UN communications and technology agency has warned. International Telecommunications Union secretary general Hamadoun Toure gave his warning on Saturday at a World Economic Forum debate where experts said nations must now consider when a cyber attack becomes a declaration of war. With attacks on Google from China a major talking point in Davos, Toure said the risk of a cyber conflict between two nations grows every year. He proposed a treaty in which countries would engage not to make the first cyber strike against another nation. “A cyber war would be worse than a tsunami — a catastrophe,” the UN official said, highlighting examples such as attacks on Estonia last year. He proposed an international accord, adding: “The framework would look like a peace treaty before a war.” Countries should guarantee to protect their citizens and their right to access to information, promise not to harbour cyber terrorists and “should commit themselves not to attack another”. John Negroponte, former director of US intelligence, said intelligence agencies in the major powers would be the first to “express reservations” about such an accord. Susan Collins, a US Republican senator who sits on several senate military and home affairs committees, said the prospect of a cyber attack sparking a war was now being considered in the United States. “If someone bombed the electric grid in our country and we saw the bombers coming in it would clearly be an act of war. “If that same country uses sophisticated computers to knock out our electricity grid, I definitely think we are getting closer to saying it is an act of war,” Collins said. http://www.zdnet.com.au/news/security/soa/UN-calls-for-global-cyber-treaty/0,130061744,339300673,00.htm?omnRef=1337&omnRef=1337

Wikileaks, Struggling to Make Ends Meet, Begs for Donations (ArsTechnica, 1 Feb 2010) - WikiLeaks—a wiki that made a name for itself by publishing anonymous, classified information—has been temporarily shut down due to its own budget crisis. The Sunshine Press, the nonprofit organization behind WikiLeaks, has decided to cease operations in order to “concentrate on raising the funds necessary” to keep the site going, and is begging for donations lest it be stuck offline forever. For those who aren’t familiar with the Sunshine Press, it was originally started by a group of Chinese dissidents and is made up of human rights activists, investigative journalists, and other concerned citizens around the globe. WikiLeaks regularly publishes information and documents from various governmental entities, corporations, religious organizations, and more, many of which cannot be published by the traditional media—the organization says the goal is to prevent whistle-blowers from being thrown in jail for exposing sensitive information, particularly in China. However, the site is not China-focused; WikiLeaks boasts that its database contains more than 1.2 million leaked documents from around the world. It has generated a fair amount of controversy in the past by publishing a secret Australian Internet blacklist and its decision to auction off a Hugo Chavez aid’s e-mail trove. The site even says it’s currently holding “hundreds of thousands of pages” regarding the US detainee system, the Iraq war, China, and corrupt banks, just waiting to be released. http://arstechnica.com/tech-policy/news/2010/02/wikileaks-struggling-to-make-ends-meet-begs-for-donations.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss [Editor: consider making a donation.]

A Breach Too Far (ABA Journal, 1 Feb 2010) - Experts on cybersecurity warn that law firms need to fear the same kind of illegal intrusions into confidential information maintained on their computer systems that already are striking government entities and private corporations with increasing frequency. There is a good reason why law firms are an excellent target for cyberattacks, said Bradford A. Bleier, a unit chief in the Cyber Division of the FBI, who was one of the speakers addressing the issue in November at the 19th Annual Review of the Field of National Security Law. The two-day conference in Washington, D.C., was co-sponsored by the ABA Standing Committee on Law and National Security in conjunction with the law schools at the University of Virginia and Duke University. “Law firms are tremendous concentrations of really critical, private information,” Bleier said, and attacking their computer systems “is an optimal way to obtain commercial and personal information.” Other speakers at the conference said law firms face difficult ethics quandaries in conjunction with thefts of information from their computers. A key question, said Stewart A. Baker, a partner at Steptoe & Johnson in Washington, D.C., is what to tell clients when there has been a breach of confidential information. Baker recounted one incident in which the FBI informed a law firm’s managing partner that it had identified confidential information from the firm in messages being sent to a foreign country. Asked what he would tell his clients, the managing partner reportedly said, “I’m not even sure I’m going to tell my partners.” Under the ABA Model Rules of Professional Conduct, that would have been the wrong answer, said Thomas D. Morgan, a professor who teaches ethics at the George Washington University Law School in Washington, D.C. (The Model Rules have been adopted in full or in part by every state except California.) “The cover-up can be worse than the original offense,” said Morgan, who noted that Model Rule 1.4 (Communications) “means you have an explicit requirement to tell the client because it’s the client who ultimately will have to decide what to do about it.” But despite that mandate of Rule 1.4, there are circumstances that raise questions about when and to what extent it must be followed to the letter, said Stewart, a member of the advisory committee to the Law and National Security Committee. One question, for instance, is whether a law firm has an obligation to inform a client when it can’t be determined whether the client’s information was compromised in a cybersecurity breach. http://www.abajournal.com/mobile/article/a_breach_too_far

Twitter, Facebook Use Rising Among Gang Members (SiliconValley.com, 2 Feb 2010) - When a gang member was released from jail soon after his arrest for selling methamphetamine, friends and associates assumed he had cut a deal with authorities and become a police informant. They sent a warning on Twitter that went like this: We have a snitch in our midst. Unbeknownst to them, that tweet and the traffic it generated were being closely followed by investigators, who had been tracking the San Francisco Bay Area gang for months. Officials sat back and watched as others joined the conversation and left behind incriminating information. Law enforcement officials say gangs are making greater use of Twitter and Facebook, where they sometimes post information that helps agents identify gang associates and learn more about their organizations. “You find out about people you never would have known about before,” said Dean Johnston with the California Bureau of Narcotics Enforcement, which helps police investigate gangs. “You build this little tree of people.” http://www.siliconvalley.com/latest-headlines/ci_14318645?nclick_check=1

Firms Worry About Social Networks, But Don’t Block Access (ArsTechnica, 2 Feb 2010) - Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at “alarming” rates over the last 12 months, posing a risk to both users and the companies they work for. Nearly three-quarters of businesses (72 percent) told Sophos that they’re concerned about employee behavior on social networks—and it’s not the HR-related behavior they’re concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009. Given this level of worry over cybersecurity, one would assume that the businesses in question would lock down access to MySpace, Facebook, and Twitter. Not so, according to the report. Almost half of all firms said that they allow their staff unfettered access to Facebook—a 13 percent increase from a year ago. Sophos called this a “grim irony,” though the firm made it clear that it’s wiser to educate employees and apply “social security” methods instead of merely barring staff from using these sites. http://arstechnica.com/business/news/2010/02/firms-worry-about-social-networks-but-not-blocking-access.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

Federal Court Officials Issue Guidance on Jury Use of Blackberries, iPhones, Twitter, LinkedIn Etc. (BNA’s E-Commerce Tech Law, 2 Feb 2010) - According to the Administrative Office of the U.S. Courts, a committee on court administration matters has sent around to all federal trial courts proposed jury instructions that specifically address the influence of mobile communications devices and electronic social media on jury deliberations. The rise of the “connected juror” has bedeviled the judicial system, introducing a host of new opportunities for juror consideration of irrelevant and inadmissible evidence, as well as new opportunities for improper communications with deliberating jurors, as this recent article from the Baltimore sun notes. The proposed jury instructions state the general rule (“You must not conduct any independent research about this case ....”) and then, for the jurors who require additional guidance, move on to the new media specifics (“ In other words, you should not consult dictionaries or reference materials, search the internet, websites, blogs, or use any other electronic tools to obtain information about this case or to help you decide the case are an attempt to fill in what is apparently a deficiency in jurors’ understanding of the general rule that evidence obtained outside of the courtroom may not be considered.”) The proposed rules also mention by name Blackberries, iPhones, text messaging, Twitter, Facebook, My Space, LinkedIn, and YouTube. Prohibiting all of them, if used to learn about, or communicate about the case. http://pblog.bna.com/techlaw/2010/02/us-courts-officials-issue-guidance-on-jury-use-of-blackberries-iphones-twitter-linkedin-etc.html

Brokers Must Think Twice Before Tweeting, Facebooking (ArsTechnica, 2 Feb 2010) - If you’re a registered broker or work for firm that sells any sort of investment products, you’ll want to think twice before blurting out anything that could be construed as investment advice on Facebook, Twitter, or any other social networking site. The Financial Industry Regulatory Authority (FINRA) has updated its guidelines for interpreting the rules that govern how brokers present advice to the public to cover online social networks; and, in some cases, the guidelines rely on social network monitoring and archiving technology that doesn’t even exist yet. The new guidelines have two broad effects on the way financial firms use social media. First, the new rules attempt to take the traditional distinction between marketing a brand and hawking specific investment products, and to enforce it in online venues that sport a constantly evolving slate of features and functionality, and where the lines between the personal and the professional—or, the personal and the promotional—aren’t always clear. Take Facebook, for example, where ostensibly personal accounts nonetheless indicate where an individual works. A broker might not only identify himself as an employee of a particular bank or brokerage in his Facebook profile, but he might also be a fan of his employer’s official Facebook page, and belong to various unofficial Facebook groups that use the company’s name and logo. Based on the new guidelines, it appears that the static parts of a Facebook page, like an employee’s personal profile, fall under the FINRA rules that govern firms’ marketing to the public, with the result that they need formal approval before being posted. The dynamic, conversational parts of a page—specifically, Facebook’s wall, a blog’s comments section, and other places where users interact with each other—could constitute a “public appearance” on behalf of the firm, which means posts don’t have to be approved beforehand, but “firms must supervise these interactive electronic communications under NASD Rule 3010 in a manner reasonably designed to ensure that they do not violate the content requirements of FINRA’s communications rules.” When it comes to sorting out which communications are business-related, or even which posts or tweets run afoul of the rules, the FINRA is taking a “we know it when we see it” approach that appears to grant some leeway for interpretation. Phrases like “whether a particular communication constitutes a ‘recommendation’ for purposes of Rule 2310 will depend on the facts and circumstances of the communication,” are typical throughout the document; reference to the specific “facts and circumstances” of a particular communication are common. The point seems to be to err on the side of caution, because it’s not always clear what will get you in trouble. http://arstechnica.com/tech-policy/news/2010/02/brokers-must-think-twice-before-tweeting-facebooking.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss

Sacrebleu! French High Court Limits Employees’ Privacy Rights in the Workplace (Steptoe & Johnson’s E-Commerce Law Week, 4 Feb 2010) - The Cour de cassation Chambre sociale, the labor chamber of France’s highest court of appeals, upheld a lower court’s ruling that an employer is entitled to open employee files not marked “private,” even without the employee’s presence or consent. The court’s ruling expands the scope of allowable employer monitoring of employees’ communications in France, and is the latest in a line of cases narrowing the Cassation Court’s 2001 decision in Nikon France SA v. Frédéric O. Nikon established that employees have a right to privacy in personal messages transmitted using a workplace computer, even where an employer has banned non-business use of the computer. Since then, though, the Cassation Court has issued decisions that refined Nikon in favor of employers, including a 2008 ruling that employers had the right to monitor an employee’s Internet usage without the employee’s knowledge or presence, and a 2009 ruling that an employee file could not be considered “private” merely because it was identified by the employee’s initials. http://www.steptoe.com/publications-6612.html

Court’s Decision Would Severely Limit Employer Use of CFAA (Steptoe & Johnson’s E-Commerce Law Week, 4 Feb 2010) - A federal district court in Illinois has weighed in on what constitutes “loss” under the Computer Fraud and Abuse Act (CFAA), ruling that civil claims cannot survive absent evidence of “impairment or unavailability of data or interruption of service.” This is an issue that has divided the courts; if the court’s reasoning is sustained on appeal by the Seventh Circuit and adopted by other federal courts of appeal, it would greatly limit the utility of the CFAA to employers. http://www.steptoe.com/publications-6612.html

TV ‘Anywhere’: AT&T Relents on 3G Slingbox (Wired, 4 Feb 2010) - In a significant policy reversal, AT&T announced Thursday that it will allow Sling Media’s mobile apps to run on its 3G network. That means owners of various Sling Box devices can watch live, streaming TV, as well as DVR-recorded content and movies downloaded at home using an iPhone app without a Wi-Fi connection. Last May, AT&T claimed the Sling app would “create congestion” on its 3G network. It ran tests in December, and now concludes that “the optimized app can run on its 3G network” and said it has alerted both Apple and Sling to its decision. What changed? In part, the Sling app itself. AT&T’s announcement claims that while the Sling app had always been optimized for 3G, AT&T “worked with” Sling to make it even more efficient (i.e., degraded video and/or audio quality until the Sling app consumed an acceptable amount of bandwidth). SlingPlayer Mobile is one of the most expensive on iTunes — $30 — and it works only if you have Sling hardware at home that costs hundreds of dollars. But it integrates with any video system, including TiVo. Slingbox aficionados have been watching their home channel lineup and programming anywhere in the world on their laptops using downloadable software and, more recently, via a web interface. But there are no monthly fees and no new service to sign up for: You simply run SlingPlayer and watch as if you were home. You can operate your DVR to record programs, play movie rentals and call up video-on-demand, making it all available in your pocket. http://www.wired.com/epicenter/2010/02/att-will-allow-optimized-sling-app-for-iphone/

Google Asks Spy Agency for Help With Inquiry Into Cyberattacks (NYT, 4 Feb 2010) - Google has turned to the National Security Agency for technical assistance to learn more about the computer network attackers who breached the company’s cybersecurity defenses last year, a person with direct knowledge of the agreement said Thursday. The collaboration between Google, the world’s largest search engine company, and the federal agency in charge of global electronic surveillance raises both civil liberties issues and new questions about how much Google knew about the electronic thefts it experienced when it stated last month that it might end its business operations in China. The agreement was first reported on Wednesday evening by The Washington Post. By turning to the N.S.A., which has no formal legal authority to investigate domestic criminal acts, instead of the Department of Homeland Security, which does have such authority, Google is clearly seeking to avoid having its search engine, e-mail and other Web services regulated as part of the nation’s “critical infrastructure.” The United States government has become increasingly concerned about the computer risks confronting energy and water distribution systems and financial and communications networks. Systems designated as critical infrastructure are increasingly being held to tighter regulatory standards. The relationship that the N.S.A. has struck with Google is known as a cooperative research and development agreement, according to a person who has been briefed on the relationship. These were created as part of the Federal Technology Transfer Act of 1986 and are essentially a written agreement between a private company and a government agency to work together on a specific project. They were intended to help accelerate the commercialization of government-developed technology. http://www.nytimes.com/2010/02/05/science/05google.html

New Joint Degree Program In Law and Music Business (University of Miami, 8 Feb 2010) - The University of Miami School of Law and the Frost School of Music have launched a new joint degree program in law and music business – the first of its kind in the country – that will enable students to earn a J.D. and a Masters of Music in Music Business and Entertainment Industries. This degree will give future entertainment attorneys a thorough understanding of the music industry. In this specialization, students not only learn the essentials of law, but also the common practices of the music business. Students can complete both degrees in less time while studying at a top law school and one of the best music schools in the country. And, as one of the four top music cities in the U.S. and as the music center for the Latin American Divisions of all major music companies, Miami offers exceptional internship and work opportunities. http://www.law.miami.edu/news.php?article=1455 [Editor: See “Bernstein” story under the Different section below; wonder what he’d have made of this.]

Ruling: FACTA Does Not Extend to E-Commerce Confirmations (MultiChannelMerchant, 8 Feb 2010) - Online merchants have dodged another bullet when it comes to the Fair and Accurate Credit Transactions Act (FACTA). In the recent case Shlahtichman v. 1-800 Contacts, Inc., a judge in the Northern District of Illinois ruled in December that FACTA does not apply to electronic displays or e-mail confirmations of Internet transactions. Congress amended the Fair Credit Reporting Act in 2003 by enacting FACTA. Among other things, FACTA restricts the disclosure of consumers’ information on electronically printed receipts provided to cardholders at the point of sale or transaction. Due to confusion of whether FACTA required truncating the credit or debit card number to the last five digits and masking the card’s expiration date, hundreds of class action lawsuits were filed--despite the lack of any actual injuries, such as credit card fraud or identity theft. The epidemic of FACTA lawsuits became so rampant that in May 2008, Congress passed the Credit and Debit Card Receipt Clarification Act to protect merchants that had included expiration dates on receipts from civil FACTA liability. Undaunted, plaintiff’s class action lawyers turned to the Internet in hopes of finding more fertile ground for class action lawsuits. In Shlahtichman, the plaintiff alleged that, after using his credit card to purchase contact lenses over the Internet in June 2009, he received at his home a computer-generated receipt that displayed the expiration date of his credit card. (The Clarification Act only insulates merchants from expiration date liability for receipts printed prior to June 3, 2008). Although suffering no actual damages, the plaintiff sought, on behalf of himself and a class of similarly situated persons, $1,000 per receipt. In dismissing the complaint for failure to state a claim, Judge John Darrah determined that an e-mail order confirmation is not an electronically printed receipt because the “plain meaning of ‘print’ is to transfer information to paper.” The court rejected the plaintiff’s argument that print is more commonly understood as displaying on a computer screen as “unpersuasive.” http://multichannelmerchant.com/ecommerce/news/facta-ruling-ecommerce-confirmations-0208/

Judges Cannot Be Facebook “Friends” With Attorneys Who Appear Before Them (BNA’s Internet Law News, 11 Feb 2010)- BNA’s Electronic Commerce & Law Report reports that a majority of the Florida Supreme Court’s judicial ethics committee has concluded that online “friending” between judges and attorneys who appear before them is inappropriate. A judge who does so conveys or lets the named attorneys convey the impression that the lawyers are in a special position to influence the judge.

More on Metadata and Other Electronic Document Issues (ALAS, 12 Feb 2010) - The Arizona Supreme Court recently ruled that metadata embedded in electronic documents is part of the public record and must be disclosed in response to a public records request. See Lake v. City of Phoenix, 218 P.3d 1004 (Ariz. 2009). The ruling involved an employment discrimination suit filed by a former Phoenix police officer. The officer made a public records request, seeking notes his supervisor kept in electronic form related to the officer’s job performance. After reviewing the hard-copy file, the officer suspected that certain notes had been back-dated. He then filed another public records request so that he could review the metadata embedded in the supervisor’s electronic notes. The trial court denied the officer’s request, and the appellate court affirmed, concluding that the public record does not encompass metadata. The Arizona Supreme Court reversed, holding that when a public record is maintained in electronic form, the electronic record, including any metadata, is subject to disclosure under the state’s public records law. The court disagreed with the City of Phoenix’s claim that production of metadata would be an administrative nightmare, finding that unduly burdensome or harassing requests can be addressed under existing law. In a separate development, the Arizona State Bar Commission on the Rules of Professional Conduct endorsed a law firm’s encrypted electronic client file storage system that allows clients to access their files directly. See Arizona Opinion 09-04. The committee had previously determined that electronic storage of client files is permissible, as long as adequate steps are taken to protect file confidentiality. See Arizona Opinion 05-04. The committee approved the firm’s security proposals, but warned that these measures might become inadequate as technology advances over time. http://www.alas.com/articles/enews/lpen10-01-l04.html [Spotted by MIRLN reader Phillip Schmandt of McGinnis, Lochridge.]

Preserving Born-Digital Legal Materials - Where to Start? (LLRX.com, 14 Feb 2010) - It’s tempting to begin any discussion of digital preservation and law libraries with a mind-blowing statistic. Something to drive home the fact that the clearly-defined world of information we’ve known since the invention of movable type has evolved into an ephemeral world of bits and bytes, that it’s expanding at a rate that makes it nearly impossible to contain, and that now is the time to invest in digital preservation efforts. But, at this point, that’s an argument that you and I have already heard. As we begin the second decade of the 21st century, we know with certainty that the digital world is ubiquitous because we ourselves are part of it. Ours is a world where items posted on blogs are cited in landmark court decisions, a former governor and vice-presidential candidate posts her resignation speech and policy positions to Facebook, and a busy 21st-century president is attached at the thumb to his Blackberry. http://www.llrx.com/features/borndigital.htm [Editor: Interesting, 30,000 foot survey.]

UK Court Finds That Simply Linking To Infringing Videos Is Not Infringing (TechDirt, 15 Feb 2010) - We’ve seen more than a few lawsuits over the years by the entertainment industry against various sites that merely link to infringing content. The entertainment industry likes to make the claim that this is inducing infringement, but if you’re just pointing to a bunch of YouTube videos, it’s difficult to see how that should be considered infringement at all. In one such case, over in the UK, a site called tv-links.co.uk, after years battling this in court, was found not to have infringed on the copyrights of movie studios. The case was brought by FACT, the “Federation Against Copyright Theft,” but had little evidence of any actual infringement being done by the site, who merely linked to videos found on YouTube, Veoh, DailyMotion and other sites. FACT originally claimed that the site “facilitated” copyright infringement on the internet, despite that not being a part of UK law. Eventually, the official charges were “Conspiracy to Defraud and breaches of the Copyright Designs and Patents Act,” which is quite similar to what OiNK’s admin was charged with. And just like how OiNK’s Alan Ellis was found not guilty, the court has sided with TV links, noting that it didn’t actually infringe on anyone’s copyrights directly. Of course, this still took years of having to fight it out in court and a ton of resources -- some of which were frozen by a “financial restraining order” during the case itself. http://techdirt.com/articles/20100212/1549298157.shtml

Shell Hit By Massive Data Breach (The Register, 15 Feb 2010) - Shell has been hit by a massive data breach - the contact database for 176,000 staff and contractors at the firm has been copied and forwarded to lobbyists and activists opposed to the company. John Donovan, an activist who received the database, said he had voluntarily destroyed the files. But he warned that other copies were available online. The email supposedly comes from 176 “concerned staff” to highlight Shell’s activities in Nigeria. The database is about six months old and could have been released by a recently laid off staff member, or there could really be a rogue campaign group within Shell. Richard Wiseman, chief ethics and compliance officer at Royal Dutch Shell, wrote to staff last week after the breach emerged. He said: “The Global Address List, containing contact information of everyone in Shell and some contractors, joint ventures and other third parties, has been downloaded without authorisation and distributed to some external parties. We do not know who did this. We are investigating and are raising this theft of information with the relevant data protection authorities.” The company played down the security implications of the loss - it is phone and email details rather than real-world addresses. http://www.theregister.co.uk/2010/02/15/shell_data_loss/

Photographing Public Art: A Legal Waltz in Seattle (Citizen Media Law Project, 17 Feb 2010) - To photographer Mike Hipple, the claim is baseless. The photo he took about 10 years ago of a woman standing near the “Dance Steps on Broadway” sculpture in Seattle’s Capitol Hill is an example of fair use. If it’s not, he reasons, the right of all photographers to take pictures in public will be in jeopardy. His photo was, after all, “taken on a public sidewalk, showing a woman interacting with a piece of public art, paid for by public funds. And it only depicts a small portion of the artwork at that,” Hipple wrote. “Now if this doesn’t qualify as fair use of the sculpture, I don’t know what does.” Hipple’s sentiment is shared by many Seattle residents who feel that public art, financed with their tax dollars, should be in the public domain. They paid for it, say residents, so they should be able to photograph it without fear of a lawsuit. Hipple is just a small-guy photographer being bullied by a greedy litigious copyright holder, they say. It’s an understandable sentiment, but not necessarily a solid legal defense. Hipple sold the photo (pictured above) to a stock photography company. Jack Mackie, who created “Dance Steps on Broadway,” demanded that the company remove the photo, claiming that it infringed his copyright by reproducing the sculpture. The company promptly removed the photo, but Mackie sued Hipple last February for selling it in the first place. The lawsuit has outraged scores of residents who find Mackie to be out of step with the public’s interest. Mackie installed the eight sets of inlaid bronze shoe prints, mapping out well-known dances such as the waltz and rumba, in 1982 when the city rebuilt the neighborhood’s sidewalks. Despite receiving public financing for the project, Mackie retained rights to the artwork. Those rights, according to § 106 of the U.S. Copyright Act, include the exclusive right to reproduce the work or to create derivative work from it. http://www.citmedialaw.org/blog/2010/photographing-public-art-legal-waltz-seattle?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+CitizenMediaLawProject+(Citizen+Media+Law+Project)&utm_content=Google+Reader

N.Y. City Bar Urges Limiting Personal Data in Civil Filings (Law.com, 18 Feb 2010) - Citing the increasing availability of court documents on the internet, the New York City Bar is urging the courts to adopt a statewide rule that would sharply curtail the inclusion of “sensitive personal information” in civil court filings. Such documents presumptively have been “public records in New York ... accessible to anyone willing to make the trip to a courthouse,” according to a report released last week by the City Bar’s subcommittee on electronic records within the group’s Council on Judicial Administration. With the court system and private companies posting records online, and the difficulty of purging electronically filed information, “[t]he reality is that the notion of privacy of court records is a misnomer,” the report says. The City Bar’s proposal would require that civil court filers omit or redact nine categories of information, including Social Security, taxpayer identification, and driver’s license numbers. The rule also would prohibit the names of minor children, dates of birth, bank and financial account numbers, government-issued identification numbers, and “other identification numbers which uniquely identify an individual” from appearing on civil court filings. Due to the volume of filings in New York, which, according to the subcommittee’s report, “make it unrealistic to expect court personnel” to omit or redact the information, attorneys and other persons filing documents would be responsible for complying with the rule. http://www.law.com/jsp/article.jsp?id=1202443770342&rss=newswire

Scariest Forum on the Internet? (InsideHigherEd, 18 Feb 2010) - Just two weeks after its Feb. 2 launch, The Chicago Manual of Style Online’s new discussion forum already features numerous discussions with titles like “ ‘Predecessor to’ or ‘predecessor of’ “? and “Worst online punctuation abuse?” But the most popular thread thus far is titled “I’m afraid to post here.” Its first message: “Could there be a more intimidating place to post?” Other commenters echoed that sentiment: “I do fear a grammatical error in posts here because even if everyone is polite enough to ignore it they will surely notice it,” fretted one. Nevertheless, numerous Chicago Manual acolytes have already managed to overcome their trepidation over airing thoughts in such august grammatical company. While they’ve no doubt been aided in this feat by the lure of $100 in free books (which the press has promised to award at random to one of those who post within 30 days of the forum’s launch), forum users also expressed delight over having “a place to ask questions and enjoy a sense of community with fellow writers and editors,” as one commenter put it. And that’s exactly the goal of the forum, according to the University of Chicago Press’s reference promotions manager, Ellen Gibson: “What we hope to build is a sense of community among our subscribers.” In that regard, the forum seems thus far to be a success: users can ask any and all style-related questions (“Is there a rule about using whether or if?”) and receive quick responses from others, often citing the Manual itself (“From CMOS 5.202: determine whether; determine if. The first phrasing is irreproachable style; the second is acceptable, though less formal”). The press hopes that this function will finally bridge the long-standing gap between the number of questions that Chicago users submit to its Q&A each month (hundreds, Gibson said) and the number that editors can answer (about 10 every month). But the forum isn’t limited to the nitty-gritty of copy editing; it also includes sections where users can post their questions on author relations (“How does one deal with the frustration of continually correcting the same differences in usage without losing one’s temper or alienating the writer?”), professional development (“Have you ever taken a class in copyediting?”) and the publishing industry (“How can publishers best utilize Facebook and Twitter for marketing purposes?”), as well as, of course, miscellaneous (“Best way to develop good grammar habits?”). http://www.insidehighered.com/news/2010/02/18/chicago

EU Revises Model Contract Clauses for Data Transfers (Steptoe & Johnson’s E-Commerce Law Week, 18 Feb 2010) - The EU Data Protection Directive restricts transfers of personal data of EU residents to non-EU countries. A common approach for complying with this obligation is for the EU data transferor and the transferee abroad to adopt model contract clauses approved by the European Commission. The European Commission earlier this month adopted a decision approving a new set of model contract clauses for the transfer of personal data from a data controller to a foreign processor (controller-to-controller clauses were previously approved). The new clauses permit the foreign processor to re-transfer data to a sub-processor (the previous version did not permit this), and delete an arbitration provision from the previous version that had never been applied in practice. http://www.steptoe.com/publications-6631.html

More than 75,000 Computer Systems Hacked in One of Largest Cyber Attacks, Security Firm Says (Washington Post, 18 Feb 2010) - More than 75,000 computer systems at nearly 2,500 companies in the United States and around the world have been hacked in what appears to be one of the largest and most sophisticated attacks by cyber criminals discovered to date, according to a northern Virginia security firm. The attack, which began in late 2008 and was discovered last month, targeted proprietary corporate data, e-mails, credit-card transaction data and login credentials at companies in the health and technology industries in 196 countries, according to Herndon-based NetWitness. News of the attack follows reports last month that the computer networks at Google and more than 30 other large financial, energy, defense, technology and media firms had been compromised. Google said the attack on its system originated in China. This latest attack does not appear to be linked to the Google intrusion, said Amit Yoran, NetWitness’s chief executive. But it is significant, he said, in its scale and in its apparent demonstration that the criminal groups’ sophistication in cyberattacks is approaching that of nation states such as China and Russia. The intrusion, first reported on the Wall Street Journal’s Web site, was detected Jan. 26 by NetWitness engineer Alex Cox. He discovered the intrusion, dubbed the Kneber bot, being run by a ring based in Eastern Europe operating through at least 20 command and control servers worldwide. The hackers lured unsuspecting employees at targeted firms to download infected software from sites controlled by the hackers, or baited them into opening e-mails containing the infected attachments, Yoran said. The malicious software, or “bots,” enabled the attackers to commandeer users’ computers, scrape them for log-in credentials and passwords -- including to online banking and social networking sites -- and then exploit that data to hack into the systems of other users, Yoran said. The number of penetrated systems grew exponentially, he said. Among the companies hit were Cardinal Health, located in Dublin, Ohio, and Merck, according to the Wall Street Journal. A spokesman for Cardinal said the firm removed the infected computers as soon as the breach was found. Also affected were educational institutions, energy firms, financial companies and Internet service providers. Ten government agencies were penetrated, none in the national security area, NetWitness said. http://www.washingtonpost.com/wp-dyn/content/article/2010/02/17/AR2010021705816.html?wprss=rss_technology

Does Discarding Unallocated Space Deserve Contempt? (Law.com, 19 Feb 2010) - A defendant’s effort to keep sensitive personal and business data from falling into the wrong hands by taking steps to ensure the deletion of files landed him in contempt of Delaware’s Chancery Court, but the court’s conclusion that he violated a status quo agreement places a dubious value on the computer equivalent of a wastepaper basket. In TR Investors LLC v. Genger, No. 3994-VCS, Delaware Court of Chancery (Dec. 9, 2009), the court found defendant Arie Genger in contempt of court for “wiping” the “unallocated space” of the hard drive of his work computer and file server in the face of an order that prohibited him from “tampering with, destroying or in any way disposing of any Company-related documents, books or records.” The court reasoned that e-files that the defendant should have had were missing; such files would have been found in the wiped unallocated space, even if they were in deleted or only temporary form; the order in question prohibited such wiping; and the defendant conducted such wiping in order to destroy the missing files or copies. The consequences of the court’s decision are profound and far-reaching. The court’s reasoning, however, is in my view suspect both technically and legally, and thus bears close scrutiny. http://www.law.com/jsp/article.jsp?id=1202443834708&rss=newswire

**** BOOK REVIEW ****
In the World of Facebook (NY Review of Books, 25 Feb 2010) - Facebook, the most popular social networking Web site in the world, was founded in a Harvard dorm room in the winter of 2004. Like Microsoft, that other famous technology company started by a Harvard dropout, Facebook was not particularly original. A quarter-century earlier, Bill Gates, asked by IBM to provide the basic programming for its new personal computer, simply bought a program from another company and renamed it. Mark Zuckerberg, the primary founder of Facebook, who dropped out of college six months after starting the site, took most of his ideas from existing social networks such as Friendster and MySpace. But while Microsoft could as easily have originated at MIT or Caltech, it was no accident that Facebook came from Harvard. What is “social networking”? For all the vagueness of the term, which now seems to encompass everything we do with other people online, it is usually associated with three basic activities: the creation of a personal Web page, or “profile,” that will serve as a surrogate home for the self; a trip to a kind of virtual agora, where, along with amusedly studying passersby, you can take a stroll through the ghost town of acquaintanceships past, looking up every person who’s crossed your path and whose name you can remember; and finally, a chance to remove the digital barrier and reveal yourself to the unsuspecting subjects of your gaze by, as we have learned to put it with the Internet’s peculiar eagerness for deforming our language, “friending” them, i.e., requesting that you be connected online in some way. [Editor: Interesting, useful review on the evolution of FaceBook, and some possible futures for it.] http://www.nybooks.com/articles/23651

**** DIFFERENT ****
Bernstein on the Mystery Behind the Music (New York Times, 15 Feb 2010) - Imagine this: you drop onto the sofa on a Sunday afternoon, switch on the TV and see a dapper young man with a baton standing before an orchestra and demonstrating the patterns conductors use to lead music in different meters — two, three, four and five beats to the bar. He directs his players in a few examples, bits of Beethoven’s Ninth and Schubert’s Eighth Symphonies, Prokofiev’s “Peter and the Wolf,” Waldteufel’s “Skater’s Waltz.” Then he ups the ante, showing how these simple gestures, with subtle modification, are used to coax a fluid, lyrical performance; a playful reading; or an urgently dramatic interpretation from an orchestra. For 48 minutes, this young conductor — Leonard Bernstein, caught on film in 1955 — brings you into the musician’s world, talking about how tempo, dynamics and phrasing express a conductor’s feelings and beliefs about a piece, and how that expressivity affects a listener’s perception of the music. And he offers you a glimpse of his preparation for a performance. Even with hundreds of cable channels to choose from today, the likelihood of running into a show like this is slim. But in the 1950s, when American television viewers had three major networks to choose from — CBS, NBC and ABC — classical music was a part of the standard programming mix. Bernstein’s conducting demonstration was one of seven appearances, now on DVD, that he made on “Omnibus,” a 90-minute program that offered segments on science and the arts, particularly music and theater. It ran from 1952 to 1961, and migrated across the networks, from CBS to ABC in 1956, and to NBC in 1957. http://www.nytimes.com/2010/02/16/arts/music/16bernstein.html?emc=eta1 [Editor: off-point, but a charming article. I knew Bernstein a bit back in college, and the part about him moving into “Village Explainer” mode made me smile; the long quote by Tom Wolfe made me laugh.]

**** RESOURCES ****
A Chronology of Legal Technology, 1842-1995 (Robert Ambrogi, 14 Feb 2010) - http://www.legaline.com/2010/02/chronology-of-legal-technology-1842.html

**** FUN ****
Angry Norwegians in scuba gear chase after Google Street View car (BoingBoing, 9 Feb 2010) - Click here to see the image above in the wild. News story, auto-translated to English in the Norwegian newspaper Aftenposten. More on Google Maps. http://www.boingboing.net/2010/02/09/angry-norwegians-in.html

**** LOOKING BACK - MIRLN TEN YEARS AGO ****
LEGAL WORK UP FOR BID (Wall Street Journal, 12 Apr 2000) - The same entrepreneur who came up with the concept of brokering "pollution credits" now has found a new marketplace to tackle -- corporate law. He's planning to soon launch what amounts to an eBay for the legal industry called eLawForum. Clients will post information on their legal needs and solicit bids from competing law firms, which will then have an incentive to offer lower prices to get the work. Preliminary trials of eLawForum have generated an enthusiastic response from participants, and several competing companies, such as iBidLaw.com, are getting ready to launch their own lawyer-brokering ventures. And while some large, established law firms insist their clients would never abandon them for some Web upstart, smaller firms see the online brokerages as a means of entrée to clients they could otherwise never hope to snare. "It is very hard to crack the New York market," says C. Boyden Gray, partner in a Washington, DC, law firm. "I think this would actually help us (to compete)." http://interactive.wsj.com/articles/SB955495910135240236.htm

A NEW CORPORATE TITLE: 'CHIEF PRIVACY OFFICER' A new executive position is showing up on the organization charts of companies such as American Express, Citigroup, Prudential, and AT&T: the Chief Privacy Officer, who has broad powers to protect the privacy of consumers who interact with corporate computer systems. George Washington University professor Lance Hoffman says that the new position "attracts people who have a knowledge of history and law. They know something about technology, and they can't get techno-dazzled by explanations that don't hold water. They appreciate what technology can do for good and for evil." (AP/San Jose Mercury News 11 Jul 2000) http://www.sjmercury.com/svtech/news/breaking/merc/docs/032861.htm

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln.

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. BNA’s Internet Law News, http://ecommercecenter.bna.com.
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
7. McGuire Wood’s Technology & Business Articles of Note,
8. Steptoe & Johnson’s E-Commerce Law Week,
9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/.
10. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.