(supplemented by related Tweets: http://twitter.com/vpolley #mirln)
· Some Papers Are Uploaded to Bangalore to Be Graded
· FTC Reviewing COPPA Rules
· New Prepaid Wireless Users Outnumber Postpaid For First Time
· Companies Fall Short On Protecting Sensitive Data, Study Says
· Yelp Makes Changes in Response to Small-Business Owners
· FTC Busts Another Company For Inadequate Data Security
· US Privacy Law In Theory and In Practice
· Judge Sues Newspaper for $50M, Claims Breach of Promised Anonymity re Web Comments
· Visual Artists Sue Google Over Images in Digitized Books
· Official’s Ignorance Of Specific Sales Does Not Undermine Jurisdiction In Web Sale Case
· Nikkei Restricts Links to Its New Web Site
· Must Criminal Contempt Occur in Court? 7th Cir. Mulls Judge’s Reaction to E-Mail Flood
· Memo to Gov Agencies: You May Now Tweet, Blog and Facebook
· Justice Stevens Leaves Mark on Internet Law
· A Checklist for Cloud Computing Deals
· The Fourth Amendment and Computer Warrants
· Electronic Systems Policy After ‘Stengart’
· Google Backs Yahoo In Privacy Fight With DOJ
· Assigning Value to E-Discovery’s Unknown
· Cyber-War Nominee Sees Gaps in Law
· Federal Regulators Release Model Consumer Privacy Notice Online Form Builder
· Recording Police and Defining ‘Plain Sight’
· E-Discovery Threatens to ‘Litigize’ Arbitration
· Mississippi Passes Data Breach Notification Law
o California Senate Again OKs Breach Notification Law Update
o In Data Breaches, Keeping Number of Records Lost Secret Can Protect Stock Prices
· PA School Snared 1,000s of Webcam Images
· Plaintiff Sues Over Court Requiring LexisNexis for E-Filing
· Gucci’s Fired In-House Lawyer Savages Company in Court Papers
· World Bank Opens Up Its Data, Removes Pay Walls
· Amazon Refuses North Carolina’s Demands for Customers’ Personal Data
· ACTA Arrives (And It’s Gotten a Tiny Bit Better)
· Google Street View Logs Wi-Fi Networks, MAC Addresses
NEWS | PODCASTS | RESOURCES | DIFFERENT | FUN | LOOKING BACK | NOTES
Some Papers Are Uploaded to Bangalore to Be Graded (Chronicle of Higher Ed, 4 April 2010) - Lori Whisenant knows that one way to improve the writing skills of undergraduates is to make them write more. But as each student in her course in business law and ethics at the University of Houston began to crank out—often awkwardly—nearly 5,000 words a semester, it became clear to her that what would really help them was consistent, detailed feedback. Her seven teaching assistants, some of whom did not have much experience, couldn’t deliver. Their workload was staggering: About 1,000 juniors and seniors enroll in the course each year. “Our graders were great,” she says, “but they were not experts in providing feedback.” That shortcoming led Ms. Whisenant, director of business law and ethics studies at Houston, to a novel solution last fall. She outsourced assignment grading to a company whose employees are mostly in Asia. Virtual-TA, a service of a company called EduMetry Inc., took over. The goal of the service is to relieve professors and teaching assistants of a traditional and sometimes tiresome task—and even, the company says, to do it better than TA’s can. http://chronicle.com/article/Outsourced-Grading-With/64954/
FTC Reviewing COPPA Rules (Tech Daily Dose, 5 April 2010) - The FTC is seeking comment on whether changes should be made to rules imposing certain requirements on Web sites directed at children, including a mandate that they obtain parental consent before collecting personal information from children under the age of 13. In a Federal Register notice Monday, the FTC said the Children’s Online Privacy Protection Act, which went into effect in 2000, requires the agency to review the rules required by the law every five years. While the agency declined to make changes in 2005 when it first reviewed the rules for Web sites aimed at children under 13, the FTC said it now “believes that changes to the online environment over the past five years, including but not limited to children’s increasing use of mobile technology to access the Internet, warrant reexamining the rule at this time.” In addition to parental consent, the current FTC rules imposed under COPPA also require Web sites aimed at children under 13 to secure the information they collect from children and bars them from requiring children to provide more information than is “reasonably necessary to participate” in activities provided on the site. In its request for comments, which are due by June 30, the FTC is asking for input on such issues as whether the definition of “Internet” should be expanded to include mobile communications, interactive television and gaming and other activities and whether the definition of “personal information” also should be expanded to include persistent IP addresses, mobile geolocation data or information used to help target ads at specific Internet users. Other issues, the FTC is seeking comment on include whether changes should be made to the requirements that information be kept secure and private; the requirement that allows parents to review or delete personal information about their children; and on the provision barring the linking of participation in activities on a children’s Web site to the collection of personal information. http://techdailydose.nationaljournal.com/2010/04/ftc-reviewing-coppa-rules.php
New Prepaid Wireless Users Outnumber Postpaid For First Time (DSL Reports, 5 April 2010) - Telecompetitor directs our attention to a new study (pdf) stating that during the fourth quarter of last year, new prepaid wireless phone customers outnumbered new postpaid customers for the first time ever. According to the report, prepaid service -- which often offers users less-expensive service with no contract, accounted for nearly two thirds (65%) of the 4.2 million net subscribers added by in the fourth quarter of 2009. While prepaid service grew at a 17% clip during the fourth quarter of 2009, postpaid service grew at just 3%. In other news of wireless industry change, a second report notes that global mobile data consumption exceeded voice traffic last year for the first time ever. www.dslreports.com/shownews/New-Prepaid-Wireless-Users-Outnumber-Postpaid-For-First-Time-107745
Companies Fall Short On Protecting Sensitive Data, Study Says (Dark Reading, 5 April 2010) - Enterprises are pushing hard to protect credit card data and customers’ personal information, but they might not be doing enough to protect their most valuable company secrets, according to a study published today. http://www.rsa.com/go/press/RSATheSecurityDivisionofEMCNewsRelease_4510.html The study, which was conducted by Forrester Research on behalf of Microsoft and RSA, suggests that compliance-driven security initiatives place too much emphasis on securing customer records and other “custodial information,” while shortchanging efforts to secure intellectual property and valuable company secrets. “Secrets” comprise more than two-thirds of companies’ information portfolios and more than 62 percent of the value of those portfolios, according to the study. But when it comes to investing time and resources, enterprises spend roughly the same amount of time and money on compliance-driven initiatives -- protecting “custodial data,” Forrester says -- as they do on protecting corporate secrets. “This strongly suggests that investments are overweighed toward compliance,” the study says. http://darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=224201369&subSection=Vulnerabilities+and+threats
Yelp Makes Changes in Response to Small-Business Owners (NYT, 6 April 2010) - Small business owners have been loud and vocal in their criticism of Yelp and its reader reviews. On Tuesday, Yelp will make two significant changes to its pages to address those complaints. On Yelp, where users rank and review local businesses, readers will now be able to click on a link to see reviews that Yelp filtered out, and advertisers on Yelp will no longer be able to post their favorite review at the top of the page. “I hope that these changes will debunk some of the myths and conspiracy theories out there about Yelp and its advertising and whether those are linked,” said Jeremy Stoppelman, Yelp’s co-founder and chief executive. The changes come after several small businesses, including a California veterinary clinic and an Illinois bakery, filed a class action lawsuit accusing the site of extortion. The suit claims that Yelp will remove negative reviews and reinstate positive reviews for paying advertisers and says that “business listings on Yelp.com are in fact biased in favor of businesses that buy Yelp advertising.” Yelp has dismissed the complaints as conspiracy theories. However the lawsuit turns out, two things are clear from small business owners’ complaints about Yelp. Yelp’s sales managers use a hard sell when signing up advertisers, and business owners remain confused about how exactly Yelp’s ranking and filtering of reviews works. As I wrote about last year, many businesses are irked because they feel Yelp is not transparent about why certain reviews show up on their pages and others do not. Some of the confusion came from the fact that advertisers, who pay $300 to $1,000 a month, have been allowed to choose one review that shows up at the top of their profile page. Yelp’s spam filter also scans for suspicious reviews, like those that could have been written by a competitor or a business owner’s friend or relative. Yelp is making the new changes to address these two issues. People will be able to see which reviews have been removed from the site, so they can judge for themselves whether or not advertisers are getting a special advantage and whether the reviews are worthy. http://bits.blogs.nytimes.com/2010/04/06/yelp-makes-changes-to-appease-small-business-owners/?ref=technology
FTC Busts Another Company For Inadequate Data Security (Steptoe & Johnson’s E-Commerce Law Week, 7 April 2010) - Dave & Buster’s, Inc., which operates restaurant and entertainment complexes nationwide, has agreed to settle charges by the Federal Trade Commission that it left consumers’ credit and debit card information vulnerable to hackers, and that this vulnerability resulted in hundreds of thousands of dollars in fraudulent charges. The FTC noted that this is its 27th enforcement action challenging companies’ data security practices. The Commission alleged that Dave & Buster’s failed to take “reasonable and appropriate” steps to secure “sensitive personal information” it had collected from customers in order to authorize their payment card purchases, and that this failure constituted an “unfair act or practice” in violation of the FTC Act. While the Commission in the past has focused on, inter alia, the failure to encrypt personal information, its complaint here focused on the lack of adequate access controls and filters on outbound data traffic. http://www.steptoe.com/publications-6770.html
US Privacy Law In Theory and In Practice (Media Law Prof Blog, 7 April 2010) - Kenneth A. Bamberger, University of California, Berkeley, School of Law, and Deirdre K. Mulligan, School of Information, University of California, Berkeley, have published “Privacy on the Books and on the Ground,” in volume 63 of the Stanford Law Review (2010). Here is the abstract: “U.S. privacy law is under attack. Scholars and advocates criticize it as weak, incomplete, and confusing, and argue that it fails to empower individuals to control the use of their personal information. The most recent detailed inquiry into corporate treatment of privacy, conducted in 1994, frames these critiques, finding that firms neglected the issue in their data management practices because of the ambiguity in privacy mandates and lax enforcement. As Congress and the Obama Administration consider privacy reform, they encounter a drumbeat of arguments favoring the elimination of legal ambiguity by adoption of omnibus privacy statutes, the EU’s approach. These critiques present a largely accurate description of privacy law “on the books.” But the debate has strangely ignored privacy “on the ground” - since 1994, no one has conducted a sustained inquiry into how corporations actually manage privacy, and what motivates them. This omission is especially striking because the neglect of the 90s has been replaced by a massive dedication of corporate resources to privacy management, the inclusion of privacy officers at the c-suite level, and the employment of a 6,500-strong cadre of privacy professionals. This Article presents findings from the first study of corporate privacy management in fifteen years, involving qualitative interviews with Chief Privacy Officers identified by their peers as industry leaders. Spurred by these findings, we present a descriptive account of privacy “on the ground” that upends the terms of the prevailing policy debate. Our alternative account identifies elements neglected by the traditional story - the emergence of the Federal Trade Commission as a privacy regulator, the increasing influence of privacy advocates, market and media pressures for privacy-protection, and the rise of privacy professionals - and traces the ways in which these players supplemented a privacy debate largely focused on processes (such as notice and consent mechanisms) with a growing corporate emphasis on substance: preventing violations of consumers’ expectations of privacy. Two alterations to the legal landscape contribute to this definitional shift. First, the substantive definition tracks the emergence of the FTC as a roving regulator with broad yet ambiguous power to evaluate privacy practices in the marketplace through its consumer protection lens. The FTC’s mandate to protect consumers from “unfairness” and “deception” permits dynamic regulation that evolves with changing contexts, and forces corporate practices to develop accordingly. Second, state security breach notification laws raised the soft and hard costs of mismanaging personal information. Together these changes led companies to integrate substantive considerations of consumers’ privacy expectations into their workflows, rather than leaving privacy to the lawyers and their process-based “click through if you ‘consent’ to the privacy policy” approach.” http://lawprofessors.typepad.com/media_law_prof_blog/2010/04/us-privacy-law-in-theory-and-in-practice.html SSRN link: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1568385
Judge Sues Newspaper for $50M, Claims Breach of Promised Anonymity re Web Comments (ABA Journal, 7 April 2010) - Under fire over anonymous comments reportedly made from her private e-mail account about defendants and at least one lawyer in cases she is overseeing, an Ohio judge has blasted back by filing suit against the Cleveland newspaper that broke the story. Cuyahoga Court of Common Pleas Judge Shirley Strickland Safford says the Plain Dealer breached the terms of use for its website by disclosing her identity and her daughter’s identity in articles about anonymous comments reportedly made on the newspaper’s website from their joint e-mail account, according to WKYC Channel 3 and a press release (PDF) issued by her lawyer, Brian Spitz. The Cuyahoga County suit she filed today seeks $25 million in compensatory damages and $25 million in punitive damages for alleged breach of contract and invasion of privacy. In addition to the Plain Dealer, it names the newspaper’s parent company and other defendants responsible for administering the Cleveland.com site, contending that the newspaper, an editor and unknown reporters conspired with the entities that controlled confidential registration information to reveal it publicly. http://www.abajournal.com/weekly/article/judge_sues_newspaper_for_alleged_breach_of_anonymity_promise_re_web_comment
Visual Artists Sue Google Over Images in Digitized Books (Law.com, 8 April 2010) - Eleven photography and graphic arts organizations, and individual illustrators and photographers have hit Google Inc. with a copyright infringement class action over the company’s ongoing project to digitize the world’s books. The American Society of Media Photographers Inc. v. Google Inc., filed on Wednesday in the Southern District of New York, claims the company’s Google Book Search project involves massive infringement of copyrighted images. The plaintiffs seek an injunction against the company and a declaratory judgment that the company infringed the plaintiffs’ and class members’ copyrights. The plaintiffs seek unspecified actual damages. They’re also asking the court to award statutory damages of at least $30,000 per infringed visual work or at least $150,000 per infringed visual work if the court finds that Google acted willfully. The plaintiffs are not trying to hamper Google’s business, said their lawyer, James McGuire, the managing partner of the New York office of London-based Mishcon de Reya. “The issue in the case is that Google has been misappropriating and misusing the property and rights of the class without authorization and compensation,” McGuire said. “It may be that we can work out an arrangement with Google, but we can only do so if it pays proper attention to the rights of the plaintiffs.” Four of the five photography groups and four individuals not named in the recently filed suit tried unsuccessfully to intervene in a pending Southern District of New York consolidated lawsuit brought by authors, The Authors Guild v. Google Inc. On Sept. 2, 2009, Judge Denny Chin issued an order concluding that it was “simply too late to permit new parties into the case.” In a Nov. 4, 2009, memorandum decision about the photography plaintiffs’ motion for reconsideration of their request to intervene, Chin wrote that it “makes more sense” for them to file their own lawsuit. http://www.law.com/jsp/article.jsp?id=1202447691262&rss=newswire
Official’s Ignorance Of Specific Sales Does Not Undermine Jurisdiction In Web Sale Case (BNA’s Internet Law News, 8 April 2010) - BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the District of New Jersey held March 22 that a web company that offered its products to purchasers throughout the United States is subject to jurisdiction in a state where six orders were placed and ultimately shipped, regardless of corporate management’s subjective ignorance of those sales. Case name is Food Sciences Corporation v. Nagler. [Editor: Sadly, BNA’s ILN, produced so ably for 10 years by Michael Geist, has drawn to an end as of 16 April 2010. I’ve been hugely impressed by the quality of this service, and not a little mystified about the “how”; hats off to Michael.]
Nikkei Restricts Links to Its New Web Site (NYT, 8 April 2010) - Japan’s largest business newspaper, the Nikkei, joined the trend of other news sites last week by requiring readers to pay to view its Web site. But, in a twist, it also imposed a policy severely restricting links to its articles — or even its home page. Links to Nikkei’s home page require a detailed written application. Among other things, applicants must spell out their reasons for linking to the site. In addition, regular readers of the site will also notice that the paper has disabled the ability to right-click — which usually brings up a menu including “copy link address.” The paper’s “link policy” ends on an ominous note: “We may seek damages for any violations of these rules.” The Nikkei says the rules are intended to make sure its pay wall is not breached and to prevent the linking of its content from “inappropriate” sites. “In some cases, links to individual stories could lead to stories being manipulated for a purpose other than journalism, for example to promote a certain stock,” the Nikkei said. “There is a danger this could inaccurately affect financial markets.” Instead of going all out on the Web like many American papers, Japan’s top papers have limited online fare, so that readers must buy print editions for full articles. On Daily Yomiuri Online, the Web site of another Japanese daily, many articles are short versions, or “stubs,” with no photographs. The same is true for Asahi.com, run by the Asahi Shimbun. The Yomiuri and Asahi are the world’s two largest newspapers — the Yomiuri has a circulation of slightly more than 10 million, while the Asahi has slightly more than 8 million readers. The New York Times, by comparison, has average daily sales of 928,000 papers. http://www.nytimes.com/2010/04/09/technology/09paper.html?scp=1&sq=japanese%20financial%20newspaper%20fee%20to%20view%20web&st=cse
Must Criminal Contempt Occur in Court? 7th Cir. Mulls Judge’s Reaction to E-Mail Flood (ABA Journal, 8 April 2010) - As lawyers today debated before the 7th U.S. Circuit Court of Appeals whether a federal district judge should have sentenced an informercial pitchman to 30 days for flooding his in-box with e-mail, the three-judge panel honed in on whether criminal contempt can occur outside the physical boundaries of a courtroom. Partner Kimball Anderson of Winston & Strawn, representing Kevin Trudeau, argued that the finding by U.S. District Judge Robert Gettleman requires in-court misconduct, before a judge, that directly affects the administration of justice, reports the Chicago Sun-Times. However, Gary Feinerman, a Sidley Austin partner appointed to argue that Gettelman’s contempt order should be upheld, said the deluge of angry e-mail that Trudeau encouraged fans to send to Gettleman’s e-mail and BlackBerry created a sufficient basis for the judge’s finding against Trudeau. In this day and age, he contended, a computer should be considered part of the courtroom, so “the court, at that point, was under attack.” http://ow.ly/171aCX
Memo to Gov Agencies: You May Now Tweet, Blog and Facebook (ReadWriteWeb, 8 April 2010) - Next time you hear about your city council looking to pass a law, make sure to check out their blog, Twitter and Facebook accounts. The Office of Management and Budget issued a memorandum yesterday that should make it easier for government agencies to both communicate with citizens and receive feedback by way of the Internet and social media. The memo, entitled “Social Media, Web-Based Interactive Technologies, and the Paperwork Reduction Act” addresses the bounds of the Paperwork Reduction Act, a law first passed in 1980, and again in 1995, that regulates the ways in which government agencies can collect information. Yesterday’s memo identifies a number of online activities, according to some rather specific criteria, that can now be considered outside the realm of the PRA - and therefore allowable without prior authorization by the OMB, something that could take several months. This Memorandum identifies a series of other activities that, consistent with the text and purposes of the PRA, OMB has determined may be excluded from its purview. Such activities include many uses of wikis, the posting of comments, the conduct of certain contests, and the rating and ranking of posts or comments by website users. This Memorandum applies whether agency interactions are occurring on a .gov website or on a third-party platform. The memo is in response to a January 21, 2009 memorandum by President Obama, which called for the establishment of “a system of transparency, public participation and collaboration.” http://bit.ly/cQprSK
Justice Stevens Leaves Mark on Internet Law (CNET, 9 April 2010) - U.S. Supreme Court Justice John Paul Stevens, who announced his retirement on Friday, is arguably the most liberal member of the court. What’s less open to debate is that a pair of his opinions written over a decade ago outlined the legal environment that gave rise to today’s Internet. Amazon.com, Newegg.com, Overstock.com, and other major Internet retailers can trace much of their growth in the last decade to Stevens’ 1992 opinion that said, unambiguously, that they cannot be required to collect sales taxes on out-of-state sales. That gave them a competitive advantage over traditional rivals like Borders and Best Buy that did charge sales taxes--while irking state tax collectors immeasurably. news.cnet.com/8301-13578_3-20002145-38.html
A Checklist for Cloud Computing Deals (Law.com, 9 April 2010) - Cloud computing has become a technology buzzword. Its definition is elusive, but a working definition could be: A service offered by vendors with large computer server networks to provide infrastructure such as processing capacity, storage for electronic data and records, software as a service or provision of services such as e-mail. The idea, as e-commerce and tech-savvy counsel may know, is to use a multilayered network of servers and computers to provide computing and hosting power when needed -- sort of a front-end and back-office architecture with a backup system, without much of the in-house worries that go with investments in IT infrastructure. Cloud computing can help e-commerce ventures in a variety of ways, including by allowing expansion of services and support during business peaks, such as holidays, or other seasonal or special shopping times. For expansion to cloud computing where formal contracts, or regulatory, fiduciary or other obligations are involved, e-commerce counsel will be called on to ensure all arrangements are proper and beneficial. More on that below. http://www.law.com/jsp/article.jsp?id=1202447767770&rss=newswire
The Fourth Amendment and Computer Warrants (Media Law Prof Blog, 12 April 2010) - Orin S. Kerr, George Washington University Law School, has published Ex Ante Regulation of Computer Search and Seizure. It is forthcoming in the Virginia Law Review. Here is the abstract: “In the last decade, magistrate judges around the United States have introduced a new practice of regulating the search and seizure of computers by imposing restrictions on computer warrants. These ex ante restrictions are imposed as conditions of obtaining a warrant: Magistrate judges refuse to sign warrant applications unless the government agrees to the magistrate’s limitation on how the warrant will be executed. These limitations vary from magistrate to magistrate, but they generally target four different stages of how computer warrants are executed: the on-site seizure of computers, the timing of the subsequent off-site search, the method of the off-site search, and the return of the seized computers when searches are complete. This Article contends that ex ante restrictions on the execution of computer warrants are constitutionally unauthorized and unwise. The Fourth Amendment does not permit judges to impose limits on the execution of warrants in the name of reasonableness. When such limits are imposed, they have no legal effect. The imposition of ex ante limits on computer warrants is also harmful: Ex ante assessments of reasonableness in ex parte proceedings are highly error-prone, and they end up prohibiting reasonable practices when paired with ex post review. Although ex ante restrictions may seem necessary in light of the present uncertainty of computer search and seizure law, such restrictions end up having the opposite effect. By transforming litigation of the lawfulness of a warrant’s execution into litigation focusing on compliance with restrictions rather than reasonableness, ex ante restrictions prevent the development of reasonableness standards to be imposed ex post that are needed to regulate the new computer search process. Magistrate judges should refuse to impose such restrictions and should let the law develop via judicial review ex post.” http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1571888
Electronic Systems Policy After ‘Stengart’ (Law.com 12 April 2010) - In its much anticipated decision in Stengart v. Loving Care, No. A-16-09, 2010 WL 1189458 (Mar. 30, 2010), the New Jersey Supreme Court addressed the extent to which an employee has an expectation of privacy and confidentiality in e-mails exchanged with his or her attorney via a password-protected, web-based e-mail account accessed on a company-owned computer. The court ruled that an employee does not waive the attorney-client privilege when using a personal e-mail account on a company computer to communicate with his or her attorney. In addition, the court held that company attorneys who fail to turn over an employee’s privileged communications found on the company’s computers to the employee’s attorney are subject to sanctions for violating Rule 4.4(b), which covers an attorney’s obligations with regard to inadvertently produced documents. The Stengart decision obviously has serious implications both for companies that seek to limit and monitor employees’ use of company computers and for attorneys who discover arguably privileged communications between an employee and the employee’s lawyer on a company’s computer systems. In the wake of the Stengart decision, New Jersey employers should re-examine their current electronic systems policies and e-discovery practices in collaboration with employment counsel, keeping in mind the following best practices. http://www.law.com/jsp/article.jsp?id=1202447854132&rss=newswire
Google Backs Yahoo In Privacy Fight With DOJ (CNET, 13 April 2010) - Google and an alliance of privacy groups have come to Yahoo’s aid by helping the Web portal fend off a broad request from the U.S. Department of Justice for e-mail messages, CNET has learned. In a brief filed Tuesday afternoon, the coalition says a search warrant signed by a judge is necessary before the FBI or other police agencies can read the contents of Yahoo Mail messages--a position that puts those companies directly at odds with the Obama administration. Yahoo has been quietly fighting prosecutors’ requests in front of a federal judge in Colorado, with many documents filed under seal. Tuesday’s brief from Google and the other groups aims to buttress Yahoo’s position by saying users who store their e-mail in the cloud enjoy a reasonable expectation of privacy that is protected by the U.S. Constitution. The coalition also includes the Electronic Frontier Foundation, the Center for Democracy and Technology, the Progress and Freedom Foundation, the Computer and Communications Industry Association, and TRUSTe. For its part, the Justice Department has taken a legalistic approach: a 17-page brief it filed last month acknowledges that federal law requires search warrants for messages in “electronic storage” that are less than 181 days old. But, Assistant U.S. Attorney Pegeen Rhyne writes in a government brief, the Yahoo Mail messages don’t meet that definition. “Previously opened e-mail is not in ‘electronic storage,’” Rhyne wrote in a motion filed last month. “This court should therefore require Yahoo to comply with the order and produce the specified communications in the targeted accounts.” (The Justice Department’s position is that what’s known as a 2703(d) order--not as privacy-protective as the rules for search warrants--should let police read e-mail.) On December 3, 2009, U.S. Magistrate Judge Craig Shaffer ordered Yahoo to hand to prosecutors certain records including the contents of e-mail messages. Yahoo divulged some of the data but refused to turn over e-mail that had been previously viewed, accessed, or downloaded and was less than 181 days old. http://news.cnet.com/8301-13578_3-20002423-38.html EFF story about government retreat: http://www.eff.org/deeplinks/2010/04/government-backs-down-yahoo-email-privacy-case CNET on the retreat: http://news.cnet.com/8301-13578_3-20002722-38.html?tag=newsEditorsPicksArea.0
Assigning Value to E-Discovery’s Unknown (Law.com, 14 April 2010) - In the marvelous Dashiell Hammett novel and John Huston film, “The Maltese Falcon,” private detective Sam Spade, bad guys Kaspar Gutman and Joel Cairo and various others spend money and the lives of others in pursuit of the “black bird,” a statuette of a falcon which, according to Gutman, is encrusted from head to toe with jewels hidden from sight by a thin, black enamel coating. The bird had acquired the coating to mask its true value. As readers and moviegoers, we never learn whether the falcon actually existed, much less its true value. The courts, in two recent, prominent e-discovery decisions, were presented with the same problem Sam Spade initially had: how does one value the unknown? For Spade, the unknown was a jewel-encrusted statuette that may or may not exist. For U.S. District Judge for the Southern District of New York Shira A. Scheindlin, who authored the Jan. 15 decision in Pension Committee of the University of Montreal Pension Plan v. Bank of America Securities, and U.S. District Judge for the Southern District of Texas Lee H. Rosenthal, who authored the Feb. 19 opinion in Rimkus Consulting Group, Inc. v. Cammarata et al., the question was how to value discovery that may never have existed, i.e., data that should have been preserved to determine whether it needed to be produced as e-discovery but, due to the actions of the producing parties, was destroyed. This article looks at the approach taken by Scheindlin in Pension Committee. http://www.law.com/jsp/article.jsp?id=1202448001191&rss=newswire
Cyber-War Nominee Sees Gaps in Law (NYT, 14 April 2010) - The Army intelligence officer nominated to lead the Pentagon’s new command devoted to warfare in cyberspace has warned Congress of a gap between the military’s technical capabilities and legal controls over digital combat. The officer, Lt. Gen. Keith B. Alexander, wrote to members of the Senate Armed Services Committee that computer network warfare is evolving so rapidly that there is a “mismatch between our technical capabilities to conduct operations and the governing laws and policies.” As he prepared for his confirmation hearing on Thursday as the first head of the Cyber Command, he pledged that the White House and Pentagon were “working hard to resolve the mismatch.” In a 32-page response to questions from senators, General Alexander sketched out the broad battlefield envisioned for the computer warfare command, listing the kind of targets that his new headquarters could be ordered to attack. The target list included traditional battlefield prizes – command-and-control systems at military headquarters, air defense networks and weapons systems that require computers to operate. But he acknowledged that it also included civilian institutions and municipal infrastructure that are essential to state sovereignty and stability, including power grids, banks and financial networks, transportation and telecommunications. General Alexander promised that the proposed Cyber Command would be sensitive to the ripple effects from this kind of warfare, and would honor the same laws of war that govern traditional combat in seeking to limit the impact on civilians. “It is difficult for me to conceive of an instance where it would be appropriate to attack a bank or a financial institution, unless perhaps it was being used solely to support enemy military operations,” he wrote. General Alexander did not note it in his response, but the Bush administration considered exactly that kind of network attack on Iraq’s banking system before the invasion of 2003, but rejected the idea, fearing unintended impact on global financial markets. http://www.nytimes.com/2010/04/15/world/15military.html
Federal Regulators Release Model Consumer Privacy Notice Online Form Builder (FRB, 15 April 2010) - Eight federal regulators released an Online Form Builder today that financial institutions can download and use to develop and print customized versions of a model consumer privacy notice. The Online Form Builder, based on the model form regulation published in the Federal Register on December 1, 2009, under the Gramm-Leach-Bliley Act, is available with several options. Easy-to-follow instructions for the form builder will guide an institution to select the version of the model form that fits its practices, such as whether the institution provides an opt-out for consumers. To obtain a legal “safe harbor” and so satisfy the law’s disclosure requirements, institutions must follow the instructions in the model form regulation when using the Online Form Builder. The model privacy form was developed jointly by the Board of Governors of the Federal Reserve System, Commodity Futures Trading Commission, Federal Deposit Insurance Corporation, Federal Trade Commission, National Credit Union Administration, Office of the Comptroller of the Currency, Office of Thrift Supervision, and Securities and Exchange Commission. The Online Form Builder is available at * * * http://www.federalreserve.gov/newsevents/press/bcreg/20100415a.htm
Recording Police and Defining ‘Plain Sight’ (CMLP, 15 April 2010) - As bicyclist Eli Damon tells the story, a police officer pulled him over on March 20 as he rode his bike in Hadley, Massachusetts. The officer cited him for failing to keep to the right side of the road, and while issuing a ticket for the offense he noticed a camera on Damon’s helmet. The officer “told me that by recording his voice without explicitly warning him of it,” Damon later said, “I was violating federal wiretapping law.” Because federal law permits the recording of in-person conversations with the consent of only one of the parties (see 18 U.S.C. 2511(2)(d)), it’s likely the officer had instead meant to cite state law. The Massachusetts wiretapping statute, MGL Ch. 272 § 99, requires all parties — meaning both Damon and the officer — to consent to the recording. Because the statute only addresses secret recordings, those made with a camera in plain sight fall outside the restrictions. A 2001 decision by the Massachusetts Supreme Judicial Court made clear that recording police openly does not violate the wiretapping law, and lower courts consistently have recognized that exception. Still, Massachusetts police are charging individuals under the statute despite their cameras being in what most would agree is plain view. Damon’s camera was secured to the side of his helmet. “I said that I was not being secretive since the camera [was] in plain view, right next to my face,” Damon said.” He demanded that I turn off the camera and hand it to him so he could hold it as evidence.” The officer, he said, “continued to talk to me about how serious a crime I had committed with the camera.” A court will likely dismiss the charge if Damon can prove he recorded the police in an open, non-secretive manner. It appears to be a relatively easy case to make given the camera’s location and the officer noticing it on his own — facts that don’t exactly smack of secrecy. Since the SJC’s ruling in Commonwealth v. Hyde, 750 N.E.2d 963 (Mass. 2001), lower courts have considered such factors in similar wiretapping cases. Simon Glik openly recorded officers with his cellphone in 2007 as they conducted a drug arrest in Boston. The charge was ultimately dismissed. The same for John Surmacz who was arrested after he openly recorded police breaking up a holiday party in Brighton in 2008. Police arrested filmmaker Emily Peyton in 2007 after she recorded officers in Greenfield detaining an anti-war protester. Once she established that the recording occurred openly, the state dropped the charge. This all stems from persuasive dicta in the Hyde opinion. http://www.citmedialaw.org/blog/2010/recording-police-and-defining-plain-sight?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+CitizenMediaLawProject+(Citizen+Media+Law+Project)
E-Discovery Threatens to ‘Litigize’ Arbitration (Law.com, 16 April 2010) - Most international commercial arbitrations avoid U.S.-style discovery. Depositions are rare and document discovery generally is limited by comparison to domestic arbitration proceedings. Typically, parties produce documents they believe will support their claims or defenses. Document requests must be supported by a showing of need, together with a narrow description of the document and a statement that it is actually in the possession of the other party. In ruling on the scope of compelled document production, arbitrators are expected to balance the likely benefits of production against cost, delay, and the burden to the party who must produce. International Bar Association rules do not mention e-discovery or refer to electronically stored information, but a number of commentators have argued that the governing principles of the IBA rules ought to apply not only to paper documents but also to electronically stored information. Currently, an IBA arbitration subcommittee is addressing potential changes to the 1999 Rules, and those changes could include e-discovery. The International Centre for Dispute Resolution, the international arm of the American Arbitration Association, issued its “Guidelines for Information Exchanges in International Arbitration” in May 2008. The provision regarding electronic documents states: “Requests for documents maintained in electronic form should be narrowly focused and structured to make searching for them as economical as possible. The Tribunal may direct testing or other means of focusing and limiting any search.” This provision applies to all international arbitration proceedings administered by the International Centre for Dispute Resolution after May 31, 2008, unless the parties expressly agree to opt out of its application. The Chartered Institute of Arbitrators issued its “Protocol for E-Disclosure in Arbitration“ in October 2008. The protocol’s purpose is to focus early consideration upon disclosure of electronically stored information where appropriate and necessary; to alert the parties and arbitrators to these issues at an early stage, particularly as to the scope of production and conduct of disclosure; and to allow parties to adopt the protocol as part of a pre-dispute agreement or a pending proceeding. The protocol identifies tools and techniques for reducing the burdens of e-discovery, including limiting disclosure to specific categories of documents, specific date ranges, custodians, etc.; the use of agreed search terms; the use of agreed software tools; the use of data sampling; and formats and methods of e-discovery. http://www.law.com/jsp/article.jsp?id=1202448121439&rss=newswire
Mississippi Passes Data Breach Notification Law (security Planet, 16 April 2010) - Mississippi this week became the 46th state to pass legislation requiring businesses and government agencies to immediately notify people when their personal information has been compromised by either an accidental or deliberate data breach. House Bill 583, which was signed into law this week by Gov. Haley Barbour, goes into effect on July 1 and requires “any person who conducts business” in the state to disclose any breach to all affected individuals without unreasonable delay. It further compels organizations to alert appropriate law enforcement agencies of the data breach and to initiate their own internal investigations to determine both the scope and nature of the incident. With Mississippi now on board, only Alabama, Kentucky, New Mexico and South Dakota have yet to adopt data breach notification statutes to protect consumers from what’s become an almost weekly occurrence. http://www.esecurityplanet.com/features/article.php/3876906/Mississippi-Passes-Data-Breach-Notification-Law.htm
- and -
California Senate Again OKs Breach Notification Law Update (SC Magazine, 16 April 2010) - The California Senate has approved a bill that would update the state’s pioneering data breach notification law, the lawmaker who introduced the legislation announced Friday. The bill from Democratic Sen. Joe Simitian is a reintroduction of the same measure that he proposed last year, but which was ultimately vetoed by Gov. Arnold Schwarzenegger. The current legislation, known as SB-1186, builds on the landmark 2003 breach notification bill, SB-1386, by requiring that breach notification letters also contain specifics around the data-loss incident, including the type of personal information exposed, a description of the incident, and advice on steps to take to protect oneself from identity theft. The law also would mandate that organizations that suffer a breach affecting 500 or more people must submit a copy of the alert letter to the state attorney general’s office. “This new measure makes modest but helpful changes to the law,” Simitian said in a statement. “It will also give law enforcement the ability to see the big picture, and a better understanding of the patterns and practices developing in connection with identity theft.” He added that he believes, based on conversations with the governor’s office, that Schwarzenegger will sign the bill this time. http://www.scmagazineus.com/california-senate-again-oks-breach-notification-law-update/article/168168/
- but -
In Data Breaches, Keeping Number of Records Lost Secret Can Protect Stock Prices (Network World, 14 April 2010) - When companies publicly declare that they have suffered a data breach, it’s best not to reveal how many individual records were involved if they don’t want to take a hit in their stock prices, according to a study. The Heartland breach last year involving 130 million lost records set off a plunge that reduced its stock price by 90%, and it hadn’t fully recovered a year later, according to the Perimeter E-Security “U.S. Data Breach Study of 2009” report. Smaller breaches triggered stock-price drops of 12% on average that were made up for in about 60 days, the study says. But when companies don’t reveal how many records were compromised, there is no discernible impact on the stock price. “When it is a high-profile, largely publicized breach, it seems to impact the stock heavily,” the study says. “When a company does not disclose the total number of records lost, there appears to be no statistically meaningful impact to the stock.” http://www.networkworld.com/news/2010/041410-data-breaches-stock-prices.html
PA School Snared 1,000s of Webcam Images (AP, 18 April 2010) - A suburban Philadelphia school district snapped secret webcam pictures of a high school student when he was partially undressed or sleeping in his bed, and captured instant messages he exchanged with friends, the student charged in court papers this week. The Lower Merion School District concedes its efforts to find missing school-issued laptops was misguided, and officials vowed anew Friday to release the findings of their internal investigation, “good and bad.” The LANrev software program took screen shots and webcam photos every 15 seconds when activated. The district thereby captured over 400 screen shots and webcam images of Harriton High School sophomore Blake Robbins, according to court filings this week in his lawsuit. Mark Haltzman, who filed the lawsuit on behalf of Robbins and his family, said evidence now shows the district used the tracking software for non-authorized reasons — for instance, when students failed to pay the required insurance or return the laptops at year’s end. At least once, a name mix-up led the district to activate the wrong student’s laptop, he charged. news.yahoo.com/s/ap/20100416/ap_on_hi_te/us_laptops_spying_on_students
Plaintiff Sues Over Court Requiring LexisNexis for E-Filing (Law.com, 19 April 2010) - A requirement that civil litigants in a state district court in Montgomery County use LexisNexis for court filings violates the U.S. and Texas constitutions, a woman alleges in a class action filed in the U.S. District Court for the Southern District of Texas in Houston. Karen McPeters, the plaintiff for the proposed class action, filed McPeters v. Edwards, et al. on April 6. The original complaint names as defendants 9th District Court Judge Frederick Edwards, Montgomery County, District Clerk Barbara Adamick, and Reed Elsevier, an English-Dutch conglomerate doing business as LexisNexis. As alleged in the original complaint, an order Edwards signed on Feb. 10, 2003, requires McPeters, as a party in a civil suit in the 9th District Court, to exclusively use LexisNexis’ online electronic filing service to file pleadings and documents in her suit. San Antonio solo Robert L. Mays Jr., McPeters’ attorney, says the district clerk returns unfiled any documents not filed through LexisNexis. The requirement that litigants use LexisNexis exclusively for the court filings violates the Texas Constitution’s open courts provision, he maintains. http://www.law.com/jsp/article.jsp?id=1202448233917&rss=newswire
Gucci’s Fired In-House Lawyer Savages Company in Court Papers (Law.com, 20 April 2010) - Jonathan Moss, the chief legal officer fired by Gucci America Inc. because he was not authorized to practice law, fired back at the company Friday in an affidavit filed amid Gucci’s court battle over trademarks. And now Gucci may be facing a wrongful termination suit, if Moss’ language is any indication of his intentions. Though not a party to the case, Moss spoke out as “a matter of professional responsibility.” He said, “Gucci alleges that it terminated my employment for cause because I ‘deceived’ it and because it ‘questioned my trustworthiness.’ These allegations are inconsistent with the facts and are untrue.” The affidavit states that Moss believes Gucci’s reasons for firing him are “inconsistent with the facts and the law.” He cited excellent performance evaluations and his accomplishments while in-house counsel at the company. Moss had voluntarily gone on inactive status with the California bar, where he was licensed. His inactive status came out during the trademark infringement suit brought by Gucci against competitor Guess Inc. in U.S. District Court in Manhattan. He has since converted back to active status. Gucci lawyers have argued that communications with Moss about the trademark litigation are confidential under attorney-client privilege. But Guess countered that they are not privileged because Moss was not authorized to practice law due to his inactive status. Gucci attorney Louis Ederer, a partner at Arnold & Porter in New York, filed a motion to protect the privilege (pdf), claiming that Moss is a member of a state bar, and that no one at Gucci knew his license wasn’t up-to-date when they talked with him. Ederer didn’t return calls for comment. But Gucci fired Moss anyway. Moss said he believed that his inactive status had no effect on his being able to be an in-house counsel, and that he never hid his inactive status from Gucci. The issue, he said, “just never came up.” www.law.com/jsp/article.jsp?id=1202448297760&rss=newswire
World Bank Opens Up Its Data, Removes Pay Walls (GigaOM, 20 April 2010) - The World Bank, which tracks everything from mortality rates and education levels to CO2 emissions and livestock production in hundreds of countries around the globe, is opening up its data, including removing all of the pay walls around information that used to require a subscription fee. The agency has also launched a new web site where it’s making all of the information from dozens of its global databases and surveys available for browsing or download. The Bank said that it’s “challenging the global community to use the data to create new applications and solutions to help poor people in the developing world.” The data at the World Bank site includes more than 2,000 indicators related to economic well-being and global development, including some that the agency has been accumulating for 50 years. The data is available in Arabic, French and Spanish as well as English. The agency said that it plans to launch an Apps for Development competition in the next few months, which it hopes will lead to tools, applications and mashups that use World Bank data to help global development. “I believe it’s important to make the data and knowledge of the World Bank available to everyone,” World Bank Group President Robert Zoellick said in a statement. “Statistics tell the story of people in developing and emerging countries and can play an important part in helping to overcome poverty. They are now easily accessible on the Web for all users, and can be used to create new apps for development.” http://gigaom.com/2010/04/20/world-bank-opens-up-its-data-removes-pay-walls/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+OmMalik+(GigaOM)
Amazon Refuses North Carolina’s Demands for Customers’ Personal Data (ReadWriteWeb, 20 April 2010) - North Carolina has asked online retailer Amazon.com to turn over the names and addresses of every customer who has made a purchase on the site since 2003 and what they bought. The N.C. Department of Revenue is making the request in an attempt to audit Amazon’s compliance with state sales and tax laws, according to a Reuters report. Amazon says revealing this data violates customer privacy and has filed a lawsuit to prevent having to turn over the records, which hold the transaction details on 50 million purchases over a 7-year time frame. http://www.readwriteweb.com/archives/amazon_refuses_north_carolinas_demands_for_customers_personal_data.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+readwriteweb+(ReadWriteWeb)
ACTA Arrives (And It’s Gotten a Tiny Bit Better) (ArsTechnica, 21 April 2010) - We’ve been covering the Anti-Counterfeiting Trade Agreement (ACTA) for two years now, and in that entire 24 month period no official text of the agreement has been released. Remarkable, really, given the intense scrutiny, but there you have it. Today, that all changed as the countries behind ACTA finally released a consolidated draft text (PDF) of the agreement. Though billed as a “trade agreement” about “counterfeiting,” ACTA is much more than that: it’s an intellectual property treaty in disguise. Tucked inside the draft are provisions that will prevent people from bypassing digital locks on the items they buy, that will force ISPs to shoulder more of the burden in the fight against online piracy, and that bring US-style “notice-and-takedown” rules to the world. Well, not to the world, exactly. ACTA is more like a select club of countries: Australia, Canada, the European Union countries, Japan, Korea, Mexico, Morocco, New Zealand, Singapore, Switzerland and the United States of America. But the treaty it develops is really just the next rung on a ladder stretching back to 1886, and it will certainly be wielded like a weapon on the rest of the world in the future. The text is not final—that is due to happen later this year—so if you want to see changes made, the time to act is now. After a year of partial leaks and finally complete leaks, ACTA’s basic outlines are familiar. We’ll start our ACTA deep dive with an overview of the key provisions, especially as they relate to the Internet. Stick around afterwards to understand how and why we have ACTA at all, some likely effects of the treaty, and thoughts on the negotiating endgame. http://arstechnica.com/tech-policy/news/2010/04/acta-is-here.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss Consolidated draft here: http://trade.ec.europa.eu/doclib/html/146028.htm
Google Street View Logs Wi-Fi Networks, MAC Addresses (Slashdot, 23 April 2010) - An anonymous reader points to this story at The Register that says: "Google is collecting more than just images when they drive around for the Street View service. 'Google's roving Street View spycam may blur your face, but it's got your number. The Street View service is under fire in Germany for scanning private WLAN networks, and recording users' unique MAC (Media Access Control) addresses, as the car trundles along.' There's a choice quote at the end: 'Google CEO Eric Schmidt recently said Internet users shouldn't worry about privacy unless they have something to hide.'" http://yro.slashdot.org/story/10/04/23/0522228/Google-Street-View-Logs-Wi-Fi-Networks-MAC-Addresses?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Slashdot/slashdot+(Slashdot)
**** NOTED PODCASTS ****
Pranav Mistry: The Thrilling Potential of SixthSense Technology (TED, Nov 2009) – “At TEDIndia, Pranav Mistry demos several tools that help the physical world interact with the world of data -- including a deep look at his SixthSense device and a new, paradigm-shifting paper “laptop.” In an onstage Q&A, Mistry says he’ll open-source the software behind SixthSense, to open its possibilities to all.” [Editor: fascinating visual demonstration of very cool things; instead of augmented reality, this is more like augmented computing. Related to featured podcast in MIRLN 12.04.]
**** RESOURCES ****
NIST: Guide to Protecting the Confidentiality of Personally Identifiable Information (NIST Special Publication 800-122, April 2010) - The escalation of security breaches involving personally identifiable information (PII) has contributed to the loss of millions of records over the past few years. Breaches involving PII are hazardous to both individuals and organizations. Individual harms may include identity theft, embarrassment, or blackmail. Organizational harms may include a loss of public trust, legal liability, or remediation costs. To appropriately protect the confidentiality of PII, organizations should use a risk-based approach; as McGeorge Bundy once stated, “If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds.” This document provides guidelines for a risk-based approach to protecting the confidentiality of PII. The recommendations in this document are intended primarily for U.S. Federal government agencies and those who conduct business on behalf of the agencies, but other organizations may find portions of the publication useful. Each organization may be subject to a different combination of laws, regulations, and other mandates related to protecting PII, so an organization’s legal counsel and privacy officer should be consulted to determine the current obligations for PII protection. For example, the Office of Management and Budget (OMB) has issued several memoranda with requirements for how Federal agencies must handle and protect PII. To effectively protect PII, organizations should implement the following recommendations. http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf
U.S. Initiatives to Promote Global Internet Freedom: Issues, Policy, and Technology (Congressional Research Service, 5 April 2010) - Modern means of communications, led by the Internet, provide a relatively inexpensive, open, easy-entry means of sharing ideas, information, pictures, and text around the world. In a political and human rights context, in closed societies when the more established, formal news media is denied access to or does not report on specified news events, the Internet has become an alternative source of media, and sometimes a means to organize politically. The openness and the freedom of expression allowed through blogs, social networks, video sharing sites, and other tools of today’s communications technology has proven to be an unprecedented and often disruptive force in some closed societies. Governments that seek to maintain their authority and control the ideas and information their citizens receive are often caught in a dilemma: they feel that they need access to the Internet to participate in commerce in the global market and for economic growth and technological development, but fear that allowing open access to the Internet potentially weakens their control over their citizens. Legislation now under consideration in the 111th Congress would mandate that U.S. companies selling Internet technologies and services to repressive countries take actions to combat censorship and protect personally identifiable information. Some believe, however, that technology can offer a complementary and, in some cases, better and more easily implemented solution to some of those issues. They argue that hardware and Internet services, in and of themselves, are neutral elements of the Internet; it is how they are implemented by various countries that is repressive. Full CRS report here: http://www.fas.org/sgp/crs/misc/R41120.pdf
Federal Cyber Security Outlook for 2010 (Clarus Research Group, April 2010) - How well prepared are IT professionals within U.S. government agencies to respond to foreign cyber threats? Will government initiatives, such as the Comprehensive National Cybersecurity Initiative and the creation of the U.S. National Cybersecurity Coordinator role, be effective in addressing the challenges facing U.S. critical IT infrastructure? What is the impact of compliance on security within the federal IT environment? Commissioned by Lumension, Clarus Research Group set about to answer these and other important questions facing federal IT in Lumension’s Federal Cyber Security Outlook for 2010: National IT Security Challenges Mounting study. Clarus Research Group interviewed over 200 federal IT decision-makers and influencers about endpoint operations, IT security and compliance issues. http://www.lumension.com/Media_Files/Documents/Marketing---Sales/Others/Federal-Cyber-Security-Outlook-for-2010.aspx
**** DIFFERENT ****
Forward-Looking Disclaimers: Mattel Has Real Style! (CorporateCounsel, 22 April 2010) - If there were awards given for entertainment value of disclaimers, I imagine this forward-looking information disclaimer for Mattel’s new interactive 2009 Annual Report (you’ll need to click on “Start”) would win hands-down this year (last year’s winner would be Southwest’s “rap” disclaimer). It’s innovative as two children read the disclaimer at the beginning of the video. After reading - and writing - so many staid disclaimers over the years, it’s cute as buttons. On the one hand, due to its high entertainment value, I bet a court would give this disclaimer more weight than written disclaimers because shareholders are much more likely to pay attention to it. But on the other, it’s also possible that a court may be turned off by children reading the disclaimer for fear that investors wouldn’t take it seriously. As noted in the memos posted in our “Forward-Looking Information” Practice Area, courts seem to prefer that the cautionary language be tailored to the forward-looking language in the document. But that just applies when the forward-looking information is in a written document. In this case, it’s a video and arguably it’s considered an “oral” statement - in which case, the requisite disclaimer is much more bare-bones and need not be tailored (just like Mattel has it). I’m not sure if a court would consider a video “oral.” Note that under Reg G, a webcast is considered “oral” - but other provisions of the securities laws could lead one to conclude that all multimedia are “writings” (see these FAQs I drafted long ago). All interesting stuff to ponder. http://www.thecorporatecounsel.net/Blog/2010/04/social-media-and-investor-relations.html
Letter Arrives In Lansing 83 Years Later (Lansing State Journal, 14 April 2010) - A letter that arrived in Rick Kanaby’s mailbox Friday would make a snail look like Secretariat. It was mailed on Jan. 25, 1927. Yes, 1927. It took 83 years to go from Maple Rapids to Lansing. Bearing a two-cent George Washington stamp, the letter was addressed to “Miss Ella M. Baxter, 617 W. Shiwassee, Lansing, Mich.” That’s Kanaby’s address, all right, but obviously Ella Baxter is long gone. She left no forwarding address. Inside the envelope Kanaby found a chatty, hand-written note about baking bread, gathering eggs, and Mikey tripping over a coal pail and cutting his face. It’s unsigned. Sometimes the U.S. Postal Service will accompany a mishandled piece of mail with an explanation - “Sorry, this letter was ripped to shreds in a mail sorting machine,” etc. Oddly, the letter that took 83 years to travel 40 miles came with no such explanation. http://www.lansingstatejournal.com/article/20100414/NEWS01/4140340/Schneider-Letter-arrives-in-Lansing-83-years-later Letter copy here: http://www.lansingstatejournal.com/assets/pdf/A3155625414.PDF
**** FUN ****
The 10 Best “Get a Mac” Ads (Mashable, 9 April 2010) - Love them or hate them, Apple’s iconic “Get a Mac” ads have made a huge impact on pop culture. Today, we’ve learned that the campaign is slated for the deadpool. In an interview with the Onion’s A.V. Club, actor Justin Long was asked about the status of the campaign. He responded, “I heard from [fellow actor in the spots] John [Hodgman], I think they’re going to move on[...] Not only am I going to miss doing them, but also working with John.” AdWeek called “Get a Mac” the best campaign of the decade. The four-year campaign spawned countless YouTube parodies from fans and foes alike and even the occasional Linux user. Now that it’s over, let’s take a look back on 1- of the most popular ads — and a couple of parodies, as well. http://mashable.com/2010/04/08/best-get-a-mac-ads/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Mashable+(Mashable) [Editor: the Mr. Bean one is fantastic; I hadn’t seen most of these. My fav is Sad Song: http://www.youtube.com/watch?v=H8iKucmLQpg]
**** LOOKING BACK - MIRLN TEN YEARS AGO ****
NO NEWS IS GOOD NEWS TO AMERICANS -- Here’s more on the recent survey from the Pew Research Center for the People and the Press, which reported that a third of Americans now go online for news at least once a week -- compared to a fifth just two years ago. And 15% seek news daily from the Internet -- nearly three times as many readers as two years ago. The study also hints that television is headed for the distress experienced by newspapers during the 1970s and 1980s, when they lost readers to broadcast media. While newspaper readership is now holding steady, with almost two-thirds of respondents saying they read a paper regularly, broadcast news is losing out to the Web and cable TV, said Pew director Andrew Kohut. Fewer people report watching network evening news -- three in 10 today, compared to four in 10 in 1997. That trend is supported by recent Nielsen ratings, which show an erosion of evening news viewers. But all news outlets share a common pressure: The appetite for news in general is waning -- from 53% who closely followed the news in 1994 to 45% today. Fewer than a third of young adults said they like keeping up with the news. (MSNBC 11 June 2000) http://www.msnbc.com:80/news/419313.asp?cp1=1
**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.
Recent MIRLN issues are archived at www.knowconnect.com/mirln. Get supplemental information through Twitter: http://twitter.com/vpolley)
SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu
2. InsideHigherEd - http://www.insidehighered.com/
3. SANS Newsbites, sans@sans.org
4. NewsScan and Innovation, http://www.newsscan.com
5. BNA’s Internet Law News, http://ecommercecenter.bna.com
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/
10. Law.com
11. Readers’ submissions, and the editor’s discoveries.
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.