Saturday, June 26, 2010

MIRLN --- 6-26 June 2010 (v13.09)

(supplemented by related Tweets: #mirln)

·      E-Discovery Nightmare Arises on BP’s Horizon
·      NATO Warns of Strike Against Cyber Attackers
·      After Google Hack, Warnings Pop Up In SEC Filings
o   Senior Leaders Becoming Disconnected From Security
·      The E-Book Sector
·      Knowledge Management In Mergers and Acquisitions
·      BP Damage Control Leaks Online
o   Using Social Networking as Legal Tool
·      EDS Settles Lawsuit over Botched CRM Project for $460 Million
·      Irish Data Protection Commissioner Introduces Draft Code of Practice on Breach Notification
o   UK’s ICO Will Not Compel Companies to Report Data Losses
·      Judge Limits DHS Laptop Border Searches
·      Tackling Social Media Problems at Work
o   Survey: Social Networking Policies Still Scarce
· Putting Primary Law in the Public Domain
·      Do You Own Your Software or Just ‘License’ It?
·      Corporations, LLCs, and Electronic Communication
·      FTC’s Provocative Discussion Paper on Saving Print Media
·      The Enemy Within
·      Mass. Court to be Test Pad for Blogs, Tweets
·      Supreme Court OKs Search of Policeman’s Text Messages
·      Utah Attorney General Mark Shurtleff Uses Twitter To Announce Execution
·      Google And Twitter Tell Appeals Court That ‘Hot News’ Doctrine Is Obsolete
·      Calif. Justices Say Junk E-Mail Messages Don’t Violate Anti-Spam Law
·      ACLU: FBI Used ‘Dragnet’-Style Warrantless Cell Tracking
·      Obama Administration Aims to Protect Identities in Cyberspace
·      Next Supreme Court Nominee’s Emails Now Searchable Gmail Style
·      Tech Champion, Watchdog Heads To Google
·      YouTube Gets Decisive Win in Viacom/FAPL Case
·      With All It Considers, NPR Music Is Growing
·      Study: Open-Source Making Significant Traction in the Enterprise


E-Discovery Nightmare Arises on BP’s Horizon (, 5 June 2010) -
The legal strategies for BP and other companies involved in the Deepwater Horizon disaster have yet to be revealed. But one thing is certain. Their in-house legal departments are in the midst of an expensive and Herculean [one calls it Augean] task -- discovery. “All of these organizations are well aware of the need to preserve and collect key information,” said Jim Wagner, CEO of DiscoverReady, a discovery management service. “But few organizations have ever confronted the scale of discovery that they are likely to have to undertake.” The companies are under document hold demands, subpoenas, and other requests from federal agencies, including the Justice Department, which announced this week that it has begun civil and criminal investigations into the massive oil spill in the Gulf of Mexico. They’re also subject to court orders in pending litigation. So the companies’ legal teams are likely sifting through and collecting massive amounts of data in both electronic and paper form, information that may go back decades. There may be physical evidence to collect, which may be have been destroyed. Meanwhile, the companies’ lawyers are also likely dealing with cross-border privacy issues that make the discovery process even more complex. “Welcome to discovery 101 in 2010,” said Laura Kibbe, who helped build Pfizer’s e-discovery system in 2005 as senior counsel. In the 1990s, she was also an in-house attorney at Texaco, where she dealt with the legal aftermath of oil spills. She’s now senior vice president of document review services at Epiq Systems. “Even under the best of circumstances, discovery is a labor-intensive, time-consuming process,” Kibbe said. “And it never goes as fast as government investigators or corporate counsel would like.” Figuring out what data is out there, and who has it, is the first step. That entails conducting interviews with employees and working with IT professionals to see what data can be retrieved and from where. Producing these documents under intense public scrutiny adds one more layer of complexity, legal experts said. The companies will have to be transparent and communicate regularly with government agencies about their processes. That will be key to the companies’ legal defense, and their public image. “Any mistakes they make will be magnified 100 times,” said Craig Carpenter, general counsel of Recommind, an e-discovery software provider. Some documents are easier to get than others. Much of the recent information the government wants about how companies immediately responded to the disaster will be electronic, Kibbe said. But government investigators may also want decades-old paper documents about construction and equipment, such as the now-sunken oil rig. Finding those paper documents will be hard if the people involved are no longer employed at the companies. “Everybody who knows anything about those products is gone,” Kibbe said. There’s also the challenge of getting employees to retain information after document hold notices have been issued. It could be tricky for in-house lawyers if the companies face criminal charges. So-called “bad actors” could delete information that might get them in trouble, said Wendy Curtis, chair of Orrick Herrington & Sutcliff’s e-discovery Working Group. “They need to be cognizant of that level of risk and put steps in place to prevent people from doing that,” she said. To make the task even more arduous, some of the information companies that London-based BP will need could be located overseas in the European Union, where stricter privacy laws make it harder to send information to the U.S.

NATO Warns of Strike Against Cyber Attackers (The Times, 6 June 2010) - NATO is considering the use of military force against enemies who launch cyber attacks on its member states. The move follows a series of Russian-linked hacking against Nato members and warnings from intelligence services of the growing threat from China. A team of Nato experts led by Madeleine Albright, the former US secretary of state, has warned that the next attack on a Nato country “may well come down a fibre-optic cable”. A report by Albright’s group said that a cyber attack on the critical infrastructure of a Nato country could equate to an armed attack, justifying retaliation. “A large-scale attack on Nato’s command and control systems or energy grids could possibly lead to collective defence measures under article 5,” the experts said. Article 5 is the cornerstone of the 1949 Nato charter, laying down that “an armed attack” against one or more Nato countries “shall be considered an attack against them all”. NATO is now considering how severe the attack would have to be to justify retaliation, what military force could be used and what targets would be attacked. The organisation’s lawyers say that because the effect of a cyber attack can be similar to an armed assault, there is no need to redraft existing treaties.

After Google Hack, Warnings Pop Up In SEC Filings (Business Week, 8 June 2010) - Five months after Google was hit by hackers looking to steal its secrets, technology companies are increasingly warning their shareholders that they may be materially affected by hacking attempts designed to take valuable intellectual property. In the past few months Google, Intel, Symantec and Northrop Grumman -- all companies thought to have been targets of a widespread spying operation -- have added new warnings to their U.S. Securities and Exchange Commission filings informing investors of the risks of computer attacks. Google doesn’t talk about the specific attack against its systems, but it now warns shareholders that this type of event is a material risk. “[O]utside parties may attempt to fraudulently induce employees, users, or customers to disclose sensitive information in order to gain access to our data or our users’ or customers’ data,” Google wrote in a section added to its annual financial report in February, a month after it disclosed the hacking incident. In February, Intel disclosed in an SEC filing that it had been targeted by a similar attack in January, and warned investors that the theft of its trade secrets could hurt its bottom line.

- and -

Senior Leaders Becoming Disconnected From Security (SC Magazine, 21 June 2010) – The boards and senior executives at many organizations are not adequately involved in enterprise privacy and security decisions, according to a report released by researchers at Carnegie Mellon University’s CyLab. In the survey of 66 board members and senior executives at Fortune 100 companies, released last week, none of the respondents said that improving computer and data security is a top board priority, even though 56 percent said improving risk management is, according to the report. The finding suggests that there is a gap in understanding the relationship between IT risks and enterprise risk management, Jody Westby, a CyLab adjunct distinguished fellow and CEO of security risk advisory company Global Cyber Risk, told on Monday. “Boards are paying attention to risk, but they don’t understand information technology risk, and they need to learn how to exercise governance over the privacy and security of their digital assets,” Westby said. The second annual “Governance of Enterprise Security” report also found that board participation on a number of IT security governance activities is worse than it has been in the past. For example, 61 percent of respondents said they have not reviewed or approved annual privacy and security risk management budgets – up from 40 percent who said the same in 2008, the last time the survey was conducted. Respondents also are reviewing fewer security and privacy reports. CMU study/report here:

The E-Book Sector (InsideHigherEd, 8 June 2010) - E-textbooks might be the most-talked about and least-used learning tools in traditional higher education. Campus libraries and e-reader manufacturers are betting on electronic learning materials to overtake traditional textbooks in the foreseeable future, but very few students at traditional institutions are currently using e-textbooks, according to recent surveys. Not so in the world of for-profit online education. Online for-profits such as American Public University System and the University of Phoenix have for years strategically steered students toward e-textbooks in an attempt to shave costs and ensure a more reliable delivery method that, in the context of online education, might seem to make more sense. At Kaplan University’s School of Legal Studies, digital texts account for around 80 percent of assigned reading. At Capella University, e-textbooks are an available and accepted option in nearly all 1,250 courses. In for-profit higher education, more than any other sector, the traditional book is becoming obsolete. Phoenix actually mandates that instructors assign digital materials “whenever feasible” -- a strategic turn the company started to take back in 2003, but which has come to fruition more recently, with so many more materials now available in digital format. At this point, roughly 90 percent of Phoenix’s course content is delivered via e-books or other electronic means -- the only exceptions coming in courses such as art history, where copyright issues surrounding digital renderings of images such as paintings remain a hurdle for e-book publishers, says David Bickford, the vice president of academic affairs at Phoenix. The American Public University System -- which is a private, for-profit university, despite its name -- has also been consciously promoting the use of e-textbooks, resulting in widespread adoption of the new format among students. Of the company’s 400 fully online courses, about 300 assign e-textbooks as the default delivery method (with exceptions for overseas military personnel, who make up a significant proportion of the institution’s enrollment and tend to have irregular Web access). While the institution allows stateside students the option of buying print books, more than 90 percent of students opt for the e-textbook, says Fred Stielow, dean of libraries. Those are staggering adoption rates compared to those at nonprofit online programs and on traditional campuses. Among the respondents to a 2009 Campus Computing Project survey of 182 online programs at nonprofit universities, only 9 percent said e-textbooks were “widely used” at their institutions, while nearly half said electronic versions were “rarely used.” Even fewer brick-and-mortar institutions are deploying e-books in lieu of hard copies, with fewer than 5 percent citing e-book deployment as a key IT priority in the short term, according to another Campus Computing Project survey. And according to data from the Student Monitor, e-textbooks accounted for only 2 percent of all textbook sales last fall. [related post from InsideHigherEd here:]

Knowledge Management In Mergers and Acquisitions (Nick Milton, 8 June 2010) - Knowledge management delivers maximum value when applied to high value knowledge, to support high value decisions, and in areas where that knowledge is otherwise at risk of being lost. A typical high value area is Mergers and Acquisitions. These are high cost, complex operations, where crucial decisions need to be made very well, and yet happen relatively rarely, so it is easy for tacit knowledge to be lost. People caught up in the high pressure activity can easily forget the detail of how the decisions were made, and fail to pass the knowledge on to future mergers and acquisitions teams. This combination of high value decisions made relatively infrequently, so that human memory alone cannot be relied on as a knowledge store, means that there is great value on documenting the learning for use in future mergers, acquisitions and divestments. [Editor: good-news/bad-news … good: this works; bad: the company here is BP]

BP Damage Control Leaks Online (ABC, 8 June 2010 ) - Be careful where you click, especially if you’re looking for news on the BP oil spill. BP, the very company responsible for the oil spill that is already the worst in U.S. history, has purchased several phrases on search engines such as Google and Yahoo so that the first result that shows up directs information seekers to the company’s official website. A simple Google search of “oil spill” turns up several thousand news results, but the first link, highlighted at the very top of the page, is from BP. “Learn more about how BP is helping,” the link’s tagline reads. A spokesman for the company confirmed to ABC News that it had, in fact, bought these search terms to make information on the spill more accessible to the public. “We have bought search terms on search engines like Google to make it easier for people to find out more about our efforts in the Gulf and make it easier for people to find key links to information on filing claims, reporting oil on the beach and signing up to volunteer,” BP spokesman Toby Odone told ABC News. [Hilarious Jon Stewart 7-minute clip:]

- and -

Using Social Networking as Legal Tool (WJS, 15 June 2010) - Soon after the Deepwater Horizon drilling rig sank in April, Parker Waichman Alonso LLP turned to the Web in pursuit of law clients. The New York-based plaintiffs’ firm set up websites with names like, and, and it filled them with news related to the disaster and invitations for visitors to provide their names and contact information. More than 1,000 people have now completed the forms on the websites, and Parker Waichman, which has 23 lawyers, has filed about a dozen suits related to the oil disaster. Law firms, particularly those that represent plaintiffs, are increasingly devoting resources to developing a presence online, where consumers—and potential clients—congregate. And some of those firms are also creating news sites, such as, with content created by employees. The plaintiffs’ sites disclose that they are affiliated with law firms, but many have the look and feel of community forums or news boards. And they have recently begun to supplant some more traditional marketing methods, such as yellow-page ads and radio and television spots. Like many plaintiffs firms, Parker Waichman also buys search ads and uses Facebook to publicize its sites. It also has 20 technology specialists who handle such tasks as writing copy for its roughly 300 websites. “We are on Twitter, Facebook, MySpace, all the social-networking sites,” said Jerrold Parker, a partner, noting that the firm now spends more than $1 million a year on digital marketing, about a third of its average annual marketing budget. The firm bought Google search ads for a few days after the BP PLC oil disaster to attract users to the law firm. It also added content to boost the sites’ rankings in the search results for terms like “oil spill lawsuit.”

EDS Settles Lawsuit over Botched CRM Project for $460 Million (Computerworld, 9 June 2010) - EDS has agreed to pay a staggering $460 million to settle a long-standing lawsuit brought against it by U.K.-based British Sky Broadcasting Group PLC over a botched Customer Relationship Management project. In a statement released yesterday, Sky said that the two companies had “full and finally” settled the litigation and all claims including those related to damages, litigation costs and interest. Yesterday’s settlement amount includes an interim payment of £270 million that EDS, which is now owned by Hewlett-Packard Co., paid Sky in February. That payment came after a British court in January ruled that EDS had misrepresented facts about its CRM implementation abilities and about how long it would take to complete the job when pitching for the CRM project back in 2000. A spokeswoman for HP today downplayed the settlement and said it had to do with a dispute that originated well before HP acquired EDS. “This matter is now closed, having been settled fully and finally on mutually agreed terms,” she said by e-mail. “We will not be commenting further publicly on this legacy issue.” The size of the EDS settlement amount is more than four times the amount of the original $109 million CRM development contract that EDS signed with Sky Broadcasting in late 2000. Under the contract, EDS was supposed to have helped Sky implement a CRM system to support the broadcaster’s call centers.

Irish Data Protection Commissioner Introduces Draft Code of Practice on Breach Notification (SC Magazine, 10 June 2010) - The theft or loss of personal data relating to more than 100 individuals now has to be reported to the Data Protection Commissioner under a draft code of practice in Ireland. According to the Irish Times, a draft code has been published in response to the recent recommendations of the Data Protection Review group established by Minister for Justice Dermot Ahern. Data Protection Commissioner Billy Hawkes said he had sought to publish the draft as quickly as possible after the review group report ‘to respond to public concern in relation to organisations losing personal data under their control while at the same time not imposing an undue burden on those organisations’. However there is an exception to this law where the data can be considered inaccessible due to proper security. Members of the public have been invited to make observations or submissions on the draft code before Friday 18th June. Brian Honan, founder and head of Ireland’s computer security incident response team and who contributed to the working group, said that he was pleased to see this proposed. He said: “As someone who has been campaigning for mandatory data breach disclosure laws in Ireland for a number of years I am pleased to see the proposed Data Security Breach Code of Practice. I have long argued that organisations need to realise that the data they hold on staff and customers is not theirs but rather has been entrusted to them by those individuals.

- but -

UK’s ICO Will Not Compel Companies to Report Data Losses (V3, 10 June 2010) - The Information Commissioner’s Office (ICO) has no plans to force companies to report data losses, despite the Irish data protection watchdog lobbying its government for such measures. Organisations in the UK are not obliged to tell the ICO about any data losses, although the information watchdog has stressed that expects erring firms to do so, and considers it best practice. The Irish Data Protection Commissioner believes that any organisation that loses data on more than 100 individuals should have to report the incident, but a statement by the ICO has confirmed that it has no intention of calling for a similar system. “Under the Data Protection Act organisations have an obligation to ensure that personal information is held securely. We encourage organisations to advise us as soon as they are aware of a data breach which puts their customers at risk,” the ICO said.

Judge Limits DHS Laptop Border Searches (Wired, 10 June 2010) - A federal judge has ruled that border agents cannot seize a traveler’s laptop, keep it locked up for months, and examine it for contraband files without a warrant half a year later. U.S. District Judge Jeffrey White in the Northern District of California rejected the Obama administration’s argument that no warrant was necessary to look through the electronic files of an American citizen who was returning home from a trip to South Korea. “The court concludes that June search required a warrant,” White ruled on June 2, referring to a search of Andrew Hanson’s computer that took place a year ago. Hanson arrived San Francisco International Airport in January 2009. The Justice Department invoked a novel argument--which White dubbed “unpersuasive”--claiming that while Hanson was able to enter the country, his laptop remained in a kind of legal limbo where the Bill of Rights did not apply. (The Fourth Amendment generally requires a warrant for searches.) “Until merchandise has cleared customs, it may not enter the United States,” assistant U.S. attorney Owen Martikan argued. “The laptop never cleared customs and was maintained in government custody until it was searched...” Eric Chase, an attorney representing Hanson, acknowledged that an immediate search conducted at the border without a warrant is permissible. But police perusal of a hard drive six months later definitely is not, he said when asking the court to toss out the results of the June 2009 search.

Tackling Social Media Problems at Work (, 10 June 2010) - Online social media is changing the way people communicate. It’s also blurring the line between work and play as more employees log on to networking sites like Facebook and Twitter, while they’re both on and off the clock. These days, employers are finding it increasingly difficult to limit or stop employees from using social media at work because a growing number of companies use the same sites to promote their products and services. And that’s creating some unique legal challenges in areas from privacy to employment, said outside and in-house counsel at a panel discussion Tuesday titled “The Virtual Water Cooler,” held at the 22nd Annual General Counsel Conference in New York. So they gave their fellow in-house counsel some suggestions from their own experience about how to make sure employees aren’t wasting company time or revealing trade secrets online -- without violating their legal rights or limiting their freedom of expression. In-house lawyers for both The Coca-Cola Company and Sprint Nextel said their companies don’t limit what employees can do online and they don’t monitor employees individually. Coke, for example, just keeps track of which sites are used most frequently companywide. It relies on managers to inform the legal department when an employee is suspected of violating a code of conduct online. Sprint also gives its employees a lot of latitude when it comes to social media, said in-house counsel Kirk Salzmann. In fact, it has an internal program called the “Social Media Ninja,” which encourages employees to become regular promoters of the company on social media sites. “Sprint is becoming a little more sophisticated,” he said. But there are still many legal risks associated with the use of social media, particularly when it comes to hiring, they said. The panelists discouraged companies from systematically using Facebook to weed through potential job candidates. The company could be accused of age, race, or religious discrimination later on. “We pretty much decided not to do it because of that kind of risk,” Johnson said. Elise Bloom, a partner at Proskauer Rose, said that if companies want to do it, they should have one group of people cull the sites for information, and then turn over only relevant information to the people doing the hiring. “There’s not going to be a perfect solution,” she said.

- and -

Survey: Social Networking Policies Still Scarce (Network World, 23 June 2010) - Most organizations do not have a social networking policy, despite giving employees unfettered access to the popular web sites, according to a survey conducted by Symantec earlier this month. The survey was an attempt to gauge employee use of social media after a 2010 Symantec report on enterprise security found that enterprises view social media as a threat to security, said Kevin Haley, director of Symantec Security Response. Approximately 50 percent of the 336 respondents to the survey said they access Facebook or YouTube at least once a day, with 16 percent indicating they access the sites between three and five times daily. More than half access the sites for business reasons, according to the research. Another 46 percent said the sites were accessed for personal reasons. “To me the most interesting thing about this is this high level of concern CISOs and CIOs have about social networking, and yet so few of them have really implemented policy or procedures or any kind of blocking,” said Haley. Among organizations who responded, 42 percent said their organization does not block employee access to social media sites, and has no policy in place around social media use. Only 5 percent indicated a complete blocking of the sites at work, a solution that is not really feasible in today’s business environment, said Haley. Putting Primary Law in the Public Domain (Ambrogi’s blog, 11 June 2010) - Over the past six months, a series of workshops and symposia have explored the so-called campaign, an effort to put all U.S. primary legal materials in the public domain. Next week, the series wraps up with a June 15 workshop sponsored by the Center for American Progress (which will be streamed live online) and then two days of events at Harvard’s Berkman Center June 17 and June 18. On this week’s Lawyer2Lawyer podcast, we discuss with two people who have been integrally involved in the campaign and who are both pioneers in bringing primary legal materials to the public: Carl Malamud, founder of Public.Resource.Org, and Thomas R. Bruce, director and co-founder of the Legal Information Institute at Cornell University Law School. Listen to the show here or download the MP3.

Do You Own Your Software or Just ‘License’ It? (, 11 June 2010) - Is the software installed on your computer something you own -- or did you simply buy a “license” to use it? That’s the issue at the heart of Vernor v. Autodesk Inc., a case argued Monday before the 9th U.S. Circuit Court of Appeals that represents a broad challenge to the software industry’s fundamental business model. The dispute originated when plaintiff Craig Vernor, who earns a living selling used items on eBay, acquired several copies of AutoCAD, the 3-D modeling software that is Autodesk’s main product, at an office sale held by an architecture firm. New copies of AutoCAD software typically sell for about $4,000. When Vernor listed those copies for sale on eBay, Autodesk sent the online auction company a takedown notice accusing him of copyright infringement. Vernor responded with a counter-notice to eBay emphasizing that he was reselling legitimate, not pirated, software. Ultimately, after receiving more complaints from Vernor, eBay suspended his account for a month. (Vernor ultimately sold two copies of the secondhand AutoCAD software for about $400 apiece.) Vernor’s next move was to file a pro se declaratory judgment lawsuit in federal district court in Seattle. In his suit, Vernor sought a ruling that his resales of legitimate copies of AutoCAD did not infringe Autodesk’s copyright. Vernor soon got Greg Beck, a litigator at consumer nonprofit Public Citizen, to represent him. In 2008, federal district court judge Richard Jones ruled in Vernor’s favor on summary judgment, and Autodesk appealed that decision. If the 9th Circuit affirms the district court ruling in Vernor’s favor, many standard software licenses -- some form of which cover nearly all consumer software -- could become legally meaningless. Fearful of just that result, a major software industry group, the Software and Information Industry Association, has filed an amicus brief in support of Autodesk’s position. Autodesk general counsel Pascal di Fronzo referred an interview request to Jerry Falk, the Howard Rice partner representing the company in the appeal. Falk explains that if Vernor’s view on software resale is upheld by courts, the business model around which many software makers are built would have to change drastically. That, he says, is because a software vendor generally makes its software available under a “license,” while retaining the right to transfer copies, even after the initial sale. In other words, Autodesk’s position is that its customers are buying a license, and that the actual “ownership” of the copy stays with Autodesk. Falk adds that Autodesk makes copies of its software available to students and educators at much lower prices than what it charges those who use the software commercially. If those copies could be resold without restriction in a secondary market, Falk says, the company wouldn’t be able to offer such discounts. “It’s not at all clear who would benefit” he says. “There’s a substantial body of economic analysis that says all prices would go up, because software companies would end up charging more.”

Corporations, LLCs, and Electronic Communication (, 14 June 2010) - A natural person may do whatever is not forbidden by law, but a corporation may do only what is authorized by law and its charter. To what extent may corporations, the rules for which were developed generally in the 17th century, and limited liability companies, authorized in the 20th century, avail themselves of modern communication methods made available through technological advances? When the governing body, or the “owners,” or both, of an artificial entity consist of multiple individuals, and decisions must be made collectively, consensus must be reached among the several directors, shareholders, members, or managers. Traditional corporate law required the directors to meet face to face, on due notice, and to vote on a proposal after discussion and debate. The face-to-face requirement was similar for shareholders’ meetings, except that unlike a director, a shareholder was permitted to give a proxy to someone else, whether or not a shareholder, to attend the meeting and cast the proxy giver’s vote. By the mid-20th century, when corporations had become a vehicle through which not only large enterprises, but also individuals and small “partnerships” did business, legislatures (New Jersey did so in 1960s) modified the requirement for face-to-face corporate meetings. Both directors and shareholders were authorized to “act” by unanimous written consent. Shareholders were also authorized to act by non-unanimous written consent on notice to all others. Directors’ “meetings” were authorized to be held by means of conference telephone so long as everyone could hear each other. About 20 years ago (coincidentally when legislatures across the nation authorized the formation of LLCs), the use of computers, the internet, and e-mail began to envelop the world with dazzling speed that revolutionized communication. As virtually every large and small business, professional practice, and government function came to utilize (some might say become enslaved by) the computer, clients began to ask their lawyers if business or nonprofit corporations or LLCs could make use of the speed and convenience of electronic communication. Statutes are attempting to keep pace with the developments in technology. In 1988, the New Jersey Business Corporation Act was amended at N.J.S. 14A:5-8 to permit the list of shareholders entitled to vote at a shareholders’ meeting to be displayed on “any equipment which permits the visual display of the information required by this section.” The Committee on Corporate Laws of the ABA Section of Business Law has proposed an amendment to Section 7.5 of the Model Business Corporation Act that would authorize shareholders to participate in any meeting by means of remote communication subject to guidelines and procedures developed by the board of directors. The corporation must implement reasonable measures to verify that the remote participants are shareholders who have the opportunity to communicate and read or hear the proceedings. Recognizing that all features of a face-to-face (whether across the table or seated in an auditorium) meeting cannot be duplicated, the official comment to the proposed amendment states: “While this provision is aimed at approximating as much as possible shareholder participation in person or by proxy, including interacting with management during the meeting, it does not require that all can so participate and interact.” More relevant to New Jersey lawyers and New Jersey corporations is that in January, former Gov. Corzine signed A2879 (L.2009, ch. 176) into law. It amends N.J.S. 14A:1-8 to allow required or permitted notices be given by electronic transmission in addition to the traditional methods of mail and personal delivery. The new statute also adds a new section to the BCA, N.J.S. 14A:1-8.1, which prescribes the circumstances and requirements pursuant to which notices may be given electronically.

FTC’s Provocative Discussion Paper on Saving Print Media (CMLP, 14 June 2010) - The Federal Trade Commission—which last year created guidelines to impose ethical standards on bloggers—is now taking on the ambitious task of saving the print media in the Internet era. In preparation for the final in a series of hearings on the future of the news media, the Commission has released a staff report that makes some pretty bold proposals, including legal changes and even government subsidies for traditional media. The final hearing will be held June 15 at the National Press Club in Washington, D.C. The report carefully notes on the first page that “[t]his draft does not represent final conclusions or recommendations by the Commission or FTC staff; it is solely for purposes of discussion.” The Commission issued a subsequent press release to clarify this. The proposals in the report were raised by panelists testifying at the FTC hearings, not generated by the FTC itself. Among the proposals in the report:
·      amend the Copyright Act to specifically recognize the “hot news” doctrine, which a few courts have used to protect exclusive news reports and information for a brief period of time after publication;
·      amend the Copyright Act to limit or clearly define the fair use doctrine with respect to news aggregators;
·      create a government- or privately-run copyright licensing system for the news industry;
·      create antitrust exemptions to allow news organizations to create a system for news aggregators and others to pay for the use of online content, and to erect pay walls for online content;
·      establish a “journalism” division of the AmeriCorps youth public service program;
·      increase government funding for the Corporation for Public Broadcasting;
·      establish a national fund for local news, using funds from FCC fees on cell phone users, television and radio broadcast licensees, or Internet service providers, or from taxes on consumer electronics or advertising;
·      provide a tax credit to news organizations for every journalist they employ

The Enemy Within (The Atlantic, June 2010) - When the Conficker computer “worm” was unleashed on the world in November 2008, cyber-security experts didn’t know what to make of it. It infiltrated millions of computers around the globe. It constantly checks in with its unknown creators. It uses an encryption code so sophisticated that only a very few people could have deployed it. For the first time ever, the cyber-security elites of the world have joined forces in a high-tech game of cops and robbers, trying to find Conficker’s creators and defeat them. The cops are failing. And now the worm lies there, waiting … [Editor: Terrific story, illustrating our increasing vulnerabilities and criminals’ increasing sophistication.]

Mass. Court to be Test Pad for Blogs, Tweets (Robert Ambrogi, 17 June 2010) - A courtroom in Quincy, Mass., will become a test kitchen for using new media to cover legal proceedings, thanks to a $250,000 Knight News Challenge grant announced today. The grant will go to Order in the Court 2.0, a project spearheaded by John Davidow, executive editor of new media at WBUR in Boston. The project will turn a courtroom in Quincy District Court into a laboratory to help establish best practices for digital coverage that can serve as a model for courts elsewhere. The courtroom will have a designated area for live blogging and the ability to stream court proceedings live to the public. The chief judge of the court has agreed to the project and the project has the support of the Judiciary Media Committee of the Massachusetts Supreme Judicial Court.

Supreme Court OKs Search of Policeman’s Text Messages (, 17 June 2010) - The Supreme Court on Thursday upheld the search of a police officer’s personal, sometimes sexually explicit, messages on a government-owned pager, saying it did not violate his constitutional rights. The Court was unanimous in reversing a federal appeals court ruling that sided with the Ontario, Calif., SWAT team officer. Justice Anthony Kennedy wrote for the Court that the officer, Sgt. Jeff Quon, could not assume “that his messages were in all circumstances immune from scrutiny.” But Kennedy said the Court purposely avoided a broader ruling about employees’ expectations of privacy when using equipment provided by their employers because of rapid and unpredictable changes in technology. Many employers tell workers there is no guarantee of privacy in anything sent over their company- or government-provided computers, cell phones or pagers. Ontario has a similar policy, but a police official also informally told officers that no one would audit their text messages if the officers personally paid for charges above a monthly allowance. The 9th U.S. Circuit Court of Appeals in San Francisco said the informal policy was enough to give the officers a “reasonable expectation of privacy” in their text messages and establish that their constitutional rights had been violated. Kennedy said that it is true that many employers accept or tolerate personal communications on company time and equipment. But he suggested that employees who want to avoid the potential embarrassment of having those communications revealed might “want to purchase and pay for their own” cell phones and other devices. Quon decision (17June 2010) - [Editor: any other result would have been surprising; employers retain logical rights of control and inspection over equipment they own, and remain largely free to (re)set employee privacy expectations.]

Utah Attorney General Mark Shurtleff Uses Twitter To Announce Execution (TechCrunch, 18 June 2010) - A sign of the times, although many may find it distasteful, or much worse: Utah Attorney General Mark Shurtleff used a mobile Twitter client to send out a tweet announcing the impending execution by firing squad of convicted murderer Ronnie Lee Gardner. As the BBC notes, quite a modern way to announce a very old-fashioned death. In total, the AG sent out 3 tweets about the event from his iPhone only a couple of hours ago, the most recent one an all-too-familiar (on Twitter) self-promoting one:
1) A solemn day. Barring a stay by Sup Ct, & with my final nod, Utah will use most extreme power & execute a killer. Mourn his victims. Justice
2) I just gave the go ahead to Corrections Director to proceed with Gardner’s execution. May God grant him the mercy he denied his victims.
3) We will be streaming live my press conference as soon as I’m told Gardner is dead. Watch it at

Google And Twitter Tell Appeals Court That ‘Hot News’ Doctrine Is Obsolete (TechDirt, 22 June 2010) - It looks like Google and Twitter have decided to weigh in on the closely watched lawsuit between and Barclays, which has helped bring back the hot news doctrine, which creates an monopoly right on news reporting. This is quite worrisome for a whole variety of reasons, and as the appeals court considers the case, Google and Twitter have filed an amicus brief worrying about the implications of allowing the hot news doctrine to stand: “News reporting always has been a complex ecosystem, where what is ‘news’ is often driven by certain influential news organizations, with others republishing or broadcasting those facts -- all to the benefit of the public,” the companies said in the filing. Google and Twitter argued that upholding the district court’s decision would give those who obtained the news first strong incentives to block others from obtaining the same information.”

Calif. Justices Say Junk E-Mail Messages Don’t Violate Anti-Spam Law ( 22 June 2010) - Those e-mail messages offering good credit rates from several seemingly independent sources? They might be annoying, but they’re not illegal. That’s what the California Supreme Court said in a ruling released Monday (pdf). “We find,” Justice Ming Chin wrote for a unanimous court, “that a single e-mail with an accurate and traceable domain name neither contains nor is accompanied by ‘misrepresented … header information’ ... merely because its domain name ... is ‘random,’ ‘varied,’ ‘garbled’ and ‘nonsensical’ when viewed in conjunction with domain names used in other e-mails. “An e-mail with an accurate and traceable domain name,” he continued, “makes no affirmative representation or statement of fact that is false.” The suit was filed by Craig Kleffman, who accused Vonage Holdings Corp. of violating the state’s anti-spam act by sending him 11 e-mail messages with headers that made each seem as if it came from a different source. The e-mail messages -- headed by such names as and -- offered broadband telephone services. But the high court held that even if the messages were intended to bypass computers’ spam filters, they were not misrepresentations.

ACLU: FBI Used ‘Dragnet’-Style Warrantless Cell Tracking (CNET, 22 June 2010) - To nab a pair of men accused of robbing banks in Connecticut, court documents show the FBI turned to a novel investigative technique last year: warrantless monitoring of the locations of about 180 different cell phones, court documents show. The FBI obtained a secret order--it has not been made public--commanding nine different telephone companies to provide federal police “with all cell site tracking data and cell site locator information for all incoming and outgoing calls to and from the target numbers.” But because the U.S. Justice Department did not obtain a warrant by proving to a judge that there was probable cause to suspect criminal activity, there’s now a risk that the evidence from the location surveillance may be tossed out of court as illegally obtained. (Here’s a list (PDF) of the phone numbers tracked.) An attorney for Luis Soto, one of two brothers accused of stealing about $90,000 from Webster Bank and New Alliance Bank, asked a Connecticut judge on May 18 to suppress the location information, saying “the government obtained information that could be used to track the movements and locate the whereabouts at specific times of up to 180 people.” On Friday, the ACLU and the Electronic Frontier Foundation submitted a friend-of-the-court brief (PDF) agreeing with the defense. It says: “Because cell site location information implicates an expectation of privacy that society is prepared to recognize as reasonable, the Fourth Amendment requires that the government obtain a warrant based on probable cause prior to collecting this information.” The Obama administration has argued that no search warrants are needed; it says what’s needed is only a 2703(d) order, which requires law enforcement to show that the records are “relevant and material to an ongoing criminal investigation.” Because that standard is easier to meet than that of a search warrant, it’s less privacy-protective. In the Connecticut bank robbery case, the Justice Department has not yet directly replied to Soto’s motion. But earlier papers that prosecutors filed say that “the government selected the numbers in its cell site order by looking at the telephone numbers calling and being called by the known phone numbers at or around the time of each robbery.” “For each call the records provide a cell tower number,” the government’s brief says. “The cell tower number can then be looked up in other certified records, which gives a latitude and longitude for the tower location. Then any publicly available mapping tool (the government has used Google Maps) can be used to find the location of the tower.” In that case, the Obama administration has argued that warrantless tracking is permitted because Americans enjoy no “reasonable expectation of privacy” in their--or at least their cell phones’--whereabouts. U.S. Department of Justice lawyers say that “a customer’s Fourth Amendment rights are not violated when the phone company reveals to the government its own records” that show where a mobile device placed and received calls.

Obama Administration Aims to Protect Identities in Cyberspace (Nat’l Journal, 22 June 2010) - Information technology geeks, start your engines. The Obama administration on Friday plans to release the latest draft of its strategy for identification and authentication in cyberspace, Howard Schmidt, White House cybersecurity coordinator, said today. The National Strategy for Trusted Identities in Cyberspace, which is expected to recommend changes to privacy laws and set policies for verifying identities during online transactions, will be open for public comment with an aim toward getting Obama’s final approval in the fall, Schmidt said at a cybersecurity conference organized by Symantec. The goal is to strengthen protections against identity theft and online fraud, but to do so in a way that is not disruptive for businesses and consumers, Schmidt said. “We should not have to dramatically change the way we do business,” he added. Schmidt said the administration wants to work with the private sector to develop what he termed an “identity ecosystem.”

Next Supreme Court Nominee’s Emails Now Searchable Gmail Style (ReadWriteWeb, 23 June 2010) - Historical records are hard to look through casually. One solution is being explored in the case of Supreme Court Justice nominee Elena Kagan’s archive of emails sent while working for the Clinton administration. That body of data is now presented in a web-based interface that looks a lot like Gmail and is open to full-text search, thanks to the watchdog Sunlight Foundation. Elena’s Inbox is a thought-provoking project that could inspire future efforts to facilitate citizen evaluation of public records, and Sunlight has open-sourced the code used to build it. As it stands, the microsite is a fun and interesting peek inside the Clinton administration’s day to day operations. It’s hard to imagine any previous political nominee facing this degree of public transparency. Kagan was a legal eagle for Clinton, holding two different positions over five years. In that time, she sent just under five thousand emails. Some of the emails are amusing, others enlightening, others still are both. This is a fun interface for looking through these texts, but the limitations are quickly evident as well. Full text search works well when it’s your own email you’re searching through, but when you don’t know what language someone else uses to discuss certain topics, full text search feels inadequate. If a site like this incorporated collaborative user tagging of emails into topical buckets, that would make it all the more interesting. It would also be in character for the Sunlight Foundation.

Tech Champion, Watchdog Heads To Google (CNET, 23 June 2010) - Fred von Lohmann, likely the technology’s sector most recognized legal advocate, has called it quits as senior staff attorney for the Electronic Frontier Foundation. One of Grokster’s lead attorneys in the landmark MGM v. Grokster case, von Lohmann confirmed he is leaving EFF to take a job as Google’s senior copyright counsel. In an e-mail Wednesday, von Lohmann declined to comment further. If you’re a fan of unimpeded innovation, the free distribution of content over the Web, and Internet users’ right to privacy then you should take your hat off to von Lohmann. The way his supporters see it, von Lohmann has toiled to prevent tech start-ups accused of copyright violations from being stomped into jelly by mammoth entertainment conglomerates. Jonathan Zittrain, a Harvard law professor and co-director of Harvard’s Berkman Center for Internet & Society, said von Lohmann reminds him of the fictional Dr. Seuss character, The Lorax, a defender of the environment. It’s like “‘I am the Lorax and I speak for the trees,’” Zittrain said. “To me Fred is somebody who has been in the trenches as a litigator and that means you must take views and stick with them to do battle. Yet, I don’t know him as ideologically inflexible. “It’s rare to see somebody in the trenches that long and adopt and stick by structured positions but who has some flexibility to say ‘What is the right answer here?’” Zittrain continued. “That’s why those that may have had interests implicated by EFF policies and positions may have had reason to fear him but not consider him a foe.”

YouTube Gets Decisive Win in Viacom/FAPL Case (Eric Goldman, 23 June 2010) - The Viacom v. YouTube case has been noteworthy for numerous reasons. It involves the cherished Internet brands YouTube and Google, it’s been going on forever (see my initial blog post on Viacom’s complaint from March 2007), and it’s generated lots of water cooler talk (see the salacious details from the parties’ summary judgment motions). Now, the case is also noteworthy because it hands YouTube a clean and decisive win on the DMCA 512(c) safe harbor. The ruling basically says that the current industry standard practices of notice-and-takedown for user-caused copyright infringement satisfies the safe harbor. Although this seems like an uncontroversial result when stated like that, the reality is that copyright owners have repeatedly angled to get a better deal than Congress gave them in 512. This case will squelch many of those copyright owner requests to force service providers to go beyond current industry-standard practices. Of course, we have to see how the opinion fares on appeal. The opinion stays above the fray and avoids most of the messy facts from the parties’ voyeuristic filings earlier this year. On the decisive question of what constitutes YouTube’s actual knowledge or red flags awareness of infringement, the court immediately turns to the legislative history. Fortunately for YouTube, the legislative history is replete with defense-favorable statements. Thus, the court summarizes the legislative history by saying its “tenor” requires that service providers have “knowledge of specific and identifiable infringements of particular individual items. Mere knowledge of prevalence of such activity in general is not enough.” Subsequently, the court reinforces that “General knowledge that infringement is ‘ubiquitous’ does not impose a duty on the service provider to monitor or search its service for infringements.” The court supports these conclusions by noting the difficulty service providers have monitoring/policing large databases of UGC and the fact that the notice-and-takedown system worked well in Viacom’s case when it actually submitted notices. The court also favorably cites the ccBill, UMG v. Veoh, Corbis v. Amazon and Tiffany v. eBay cases. By doing so, the court subtly does two things. First, it imports 9th Circuit 512 jurisprudence into a 2nd Circuit-bound court, and second, it imports the 2nd Circuit’s recent secondary trademark liability analysis into a copyright case. Both moves also favored YouTube. The latter is particularly interesting because it seems to accept a notice-and-takedown regime for trademark--not the statutory requirement, but nevertheless the logical implication of Tiffany v. eBay. Perhaps we are seeing some convergence in secondary copyright and secondary trademark infringement cases, despite their different statutory foundations.

With All It Considers, NPR Music Is Growing (NYT, 24 June 2010) - Music has long been part of NPR’s identity, but perhaps never more than in recent years, as its NPR Music Web site has become an increasingly popular outlet for artists and music fans. The site, at, features many artists who don’t get heavy airplay on commercial radio, from the soprano RenĂ©e Fleming to the jazz musician Fred Hersch. But big-name pop acts get attention too. This month the Web site streamed 45 shows from the Bonnaroo festival, including the sets by the Dave Matthews Band and Tori Amos. More than 40 can still be found on the Web site. And on Wednesday NPR Music went mobile, introducing an iPhone application that provides a platform for the more than 300 pieces of new content — from videos to blog posts, podcasts to live concerts — that are added to the site each month. Music coverage is nothing new to public radio. But Kinsey Wilson, NPR’s general manager of digital media, said that since the music site went live in 2007, its staff has “provided a hub where things can originate,” rather than have music coverage spread across its news and culture desks. Mr. Wilson said that he had been skeptical about including so many genres under one roof — jazz, hip-hop, rock, world and classical — but that he had been proven wrong. The number of people coming to the site continues to increase, to about 1.7 million unique users in May. And the site has plans to expand its coverage of other genres too, especially Latin music.

Study: Open-Source Making Significant Traction in the Enterprise (ReadWriteWeb, 24 June 2010) - Open source software is at an inflection point in the enterprise. According to a survey by Accenture, more than two-thirds of organizations anticipate increases in investments this year. Almost 40% said that they expect to migrate mission-critical software to open-source within the next 12 months. The survey is in line with a market that is validating the use of open-source in the enterprise. This is illustrated by Red Hat's most recent financial results. In the past year, Red Hat's revenues are up 20%. All parts of its business are showing growth with particular strength in middleware. The company signed the largest deal in its history during the last quarter. According to Datamation, Red Hat renewed all of its top 25 deals during the quarter at over 120 percent of their original value. Accenture surveyed 300 blue-chip organizations in both the public and private sector. Half of the respondents are fully committed to open source. The survey further validates Red Hat results in its findings that 88% of all companies that use open-source will increase their investments in 2010. Some of the other findings in the survey:
·      In both the United States and the United Kingdom, respondents cited quality and improved reliability as the key benefits to open-source. A total of 70% cited improved reliability and 69% said they are finding better security and bug fixing.
·      Cost is a huge driver. Of the respondents, 71 percent sad they believed they could save in software maintenance costs. They also cited savings in total cost of ownership and development costs.
·      Companies still don't want to share their own open-source. Less than a third say they do. This may be one of the biggest concerns as open-source goes in-house and not shared with the community. It's this sharing that gives open-source its strength.
·      The public sector is lagging in the adoption of open-source.

ALL STATES SHOULD HAVE ONLINE VOTING BY 2004 (Newsbytes, 6 November 2000) - A report from Gartner says that all 50 states should offer Internet voting by the time of the 2004 presidential election. However, Gartner’s Christopher Baum says obsolescence may be behind the move online rather than technological innovation. He looked at the buying cycle for mechanical voting machines and found that 35 percent of states and counties were still using voting machines in 1996 that employ a technology invented in the 1890s. The question for governments, Baum says, is whether they should buy expensive voting machines or move voting online. Bill Kimberling, deputy director of the Federal Election Commission’s Office of Election Administration, says a significant majority of states are using direct electronic systems for voting. He says that online voting in 2004 is “wishful thinking” because of security and voter verification issues.

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley ( with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at Get supplemental information through Twitter:

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. InsideHigherEd -
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog,
11. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

Saturday, June 05, 2010

MIRLN --- 16 May – 5 June 2010 (v13.08)

(supplemented by related Tweets: #mirln)

·      Court Rules the Residential Address, Home Telephone Number and Personal Email of ODE Licensees Are Not Public Record
·      Real Legal Issues With Virtual Currencies
·      “Internet Privacy is A Fallacy,” Court Says
·      JustMed, Inc. v. Byce: A Tech Upset
·      Google Data Admission Angers European Officials
·      Federal Judiciary Launches Enhanced Website
·      Duke to Shut Usenet Server, Home to the First Electronic Newsgroups
·      Indiana Supreme Court Turns to Twitter
·      Digital Books, Their Readers, and Privacy
·      EFF: Forget Cookies, Your Browser Has Fingerprints
·      ‘Hot News’ and the ‘Duty to Police’ It
·      Obama Technology Adviser Reprimanded For Ethics Violation
·      Cloud Service Users Face Confusing Legal Landscape
·      Connecticut Supreme Court Finds Call Records on Cell Phone Protected by Fourth Amendment
·      Computer Network Attacks In U. S. Law and Doctrine
·      Microsoft to Give Governments Heads Up on Security Vulnerabilities
·      Reducing the ESI Burden of Privilege Logs
·      How Social Media is Changing Government Agencies
·      Seventh Circuit Vacates Contempt for E-Mail Barrage
·      CFAA Can Protect Trade Secrets
·      State Department Moves from Telegrams to Wikis
·      Harvard’s Paper Cuts -School Library Works to Maintain Stature in the Shift to Digital
·      UK Law Firm Inks $852 Million Outsourcing Deal
·      The 15 Funniest Tweets From The Fake BP Twitter Account
o   Oilaholic: Oil Spill Goes Real-Time
·      DHS Official: Cybersecurity Is Industry Responsibility
·      Pentagon: Let Us Secure Your Network or Face the ‘Wild Wild West’ Internet Alone
·      Business Continuity, Not Data Breaches, Among Top Concerns for Tech Firms
·      FTC Postpones ‘Red Flags’ Identity Theft Rule
·      End Zone to War Zone: Pentagon Wants NFL Tech for Battlefield Replays


Court Rules the Residential Address, Home Telephone Number and Personal Email of ODE Licensees Are Not Public Record (Dinsmore & Shohl, 11 May 2010) - The Franklin County Court of Common Pleas recently issued a decision on the Ohio Education Association’s (OEA) request for a permanent injunction preventing the Ohio Department of Education (ODE) from releasing or publishing certain information concerning individuals licensed by ODE. Therein, the court held that the residential address, home telephone number, and personal email address of ODE’s licensees are not “records” and are thus not required to be disclosed under the Public Records Act (“PRA”).

Real Legal Issues With Virtual Currencies (Network World, 12 May 2010) - Attorney J. Dax Hansen is a partner at Perkins Coie LLP in Seattle. With contributions from his colleagues Andrew H. Grant and Kirk Soderquist, he has written an interesting legal perspective on the growing use of synthetic or virtual currencies in massively multiplayer online role-playing games (MMPORG) and virtual worlds such as Second Life. The remainder of this column and the following are entirely their work with minor edits… “Points,” “coins,” “bucks” and other forms of virtual currency are becoming standard offerings for online game sites, social media sites, retailers and other businesses. Virtual currency systems generate revenue, provide low cost alternatives to credit cards for micropayments, offer prepaid solutions appealing to youth and other users without credit cards, and help companies build attractive loyalty programs. Although virtual currency systems are often used to sell digital content, they continue to become more complex - approximating real world currency as they allow purchase of physical goods and services from multiple merchants, offer cash redemption options, and facilitate peer-to-peer payments. Even though the currency may be virtual, these systems pose real legal issues - both for issuers of the virtual currency and potentially for other network service providers and partners. Issuing virtual currency could subject an issuer to various state and federal regulatory regimes with wide ranging operational, financial and liability implications. These implications include restrictions on an issuer’s ability to expire the virtual currency or impose inactivity fees, requirements to give cash back for unused virtual currency, obligations to remit unused virtual currency balances to states, potential regulation as a financial institution, requirements to structure systems to avoid illegal lotteries, and privacy and data security issues. This pair of articles highlights several key legal considerations and offers practical tips for companies that operate - or are considering developing - virtual currency systems.

“Internet Privacy is A Fallacy,” Court Says (Steptoe & Johnson’s E-Commerce Law Week, 13 May 2010) - A New York court gave this dismal assessment of the state of online privacy in dismissing criminal charges against an employer who used a keystroke monitor to record the personal emails of an employee. The court essentially flipped the usual approach to employer monitoring cases on its head, reasoning that employees have no expectation of privacy in their workplace communications unless they take affirmative steps to carve out a zone of privacy. Moreover, the court’s strong dismissal of any notion of privacy in email -- though contrary to the holding of the vast majority of decisions that have touched on the issue -- may be cited in future cases not only by employers, but also by the government and by hackers when their access to computers or communications is challenged in court.

JustMed, Inc. v. Byce: A Tech Upset (Sonnenschein, 12 May 2010) - For early stage technology companies the definitions of independent contractor and employee for determining copyright ownership may have changed. In a case that could alter the landscape as to who is considered an employee when it comes to “work for hire” and copyright ownership in the world of technology based start-ups, the United States Court of Appeals for the Ninth Circuit relaxed the rules on who is considered an employee versus an independent contractor for the purposes of considering where work is considered a “work for hire.” In JustMed, Inc. v. Byce, 2010 U.S. App. LEXIS 6976 (9th Cir. Apr. 5, 2010), the Ninth Circuit was asked to decide whether JustMed, Inc., a small technology start-up company, or Michael Byce, a software developer working remotely, owned the source code that Byce engineered while working for JustMed.
The Court’s analysis distinguished between technology start-up businesses, which are well known for the informal manner in which they are formed and operate -- a handful of people working in a garage and programming their computers -- and more established companies, where formalities regarding employment tend to be more rigorously observed. The Court found that Byce qualified as an “employee” of JustMed, and his work belonged to them, despite the fact that he:
·      worked from home in Idaho,
·      worked on his own computer, and
·      worked without much direction from Oregon-based JustMed.
Ordinarily, those factors would favor finding Byce to be an independent contractor. In addition:
·      Byce and JustMed had no written employment agreement,
·      Byce never filled out an I-9 employment form,
·      Byce filed his first W-4 tax withholding form in 2005 - a year after beginning full-time work on the source code in 2004,
·      JustMed did not issue a W-2 for Byce,
·      JustMed did not withhold taxes, pay workers’ compensation, or pay unemployment insurance for Byce, and
·      JustMed did not provide any employment benefits for Byce, or report his employment to the state.
Byce was nevertheless deemed an employee because:
·      he was not hired for a specific term,
·      he was not hired to work on a discrete project,
·      he worked with JustMed on projects other that the source code,
·      he updated the company’s Web site,
·      he demonstrated the company’s product at trade shows,
·      he was listed in the company’s brochure,
·      he was issued a business card, under the title of either “Director of Research and Development” or “Director of Engineering,” and
·      he asked for a cash salary (after initially being paid in company stock), even though he never deposited his paychecks.

Google Data Admission Angers European Officials (NYT, 15 May 2010) - European privacy regulators and advocates reacted angrily Saturday to the disclosure by Google, the world’s largest search engine, that it had systematically collected private data since 2006 while compiling its Street View photo archive. After being pressed by European officials about the kind of data the company compiled in creating the archive — and what it did with that information — Google acknowledged on Friday that it had collected snippets of private data around the world. In a blog post on its Web site, the company said information had been recorded as it was sent over unencrypted residential wireless networks as Google’s Street View cars with mounted recording equipment passed by. The data collection, which Google said was inadvertent and the result of a programming error, took place in all the countries where Street View has been catalogued, including the United States and parts of Europe. Google apologized and said it had not used the information, which it plans to delete in conjunction with regulators. But in Germany, Google’s collection of the data — which the company said could include the Web sites viewed by individuals or the content of their e-mail — is a violation of privacy law, said Ilse Aigner, the German minister for food, agriculture and consumer protection. In a statement Saturday, her ministry demanded a full accounting.

Federal Judiciary Launches Enhanced Website (US Courts, 15 May 2010) - The Federal Judiciary’s website,, today unveils a host of enhancements. The site has been redesigned to make it more attractive, accessible, and useful to its diverse audience of users. The improvements further the website’s mission of increasing public interest, awareness, and understanding of the federal court system and its functions, and to serve as a source for disseminating Federal Judiciary information to the public. Among the enhancements:
·      Email Delivery Service: Interested users can subscribe to email updates. When Judiciary news releases, Newsroom updates, notifications of new publications, emergency notifications and significant content updates are made, a notification is sent directly to the subscribers’ email addresses. Each subscriber can choose to receive alerts on topics of particular interest or alerts for all updates. Subscriptions are free, and can be canceled or updated at any time.
·      Multimedia – video, podcasts, photos, YouTube Channel: Videos have been available on for several years, with a focus on civic education and highlighting news. Recently, the focus was expanded to feature two informational video series – Bankruptcy Basics and Working for the Federal Judiciary. Photo slide shows have been added, to include and illustrate such topics as naturalization ceremonies, educational outreach programs, and Judiciary news.
·      The website will feature expanded use of multimedia, including a link to the Judiciary’s YouTube Channel,, which is a joint initiative of the Administrative Office of the U.S. Courts and the Federal Judicial Center.
·      Widgets: A widget is a portable chunk of computer programming code that can be embedded in a Web page to add dynamic content. For example, an organization could take a widget from and install it in their website homepage to receive continuous Federal Judiciary news updates directly.
·      Read-aloud service: Web text is read aloud for users who find it difficult to read online, a useful tool for those who have difficulty reading or are mildly visually impaired. This free program also allows users to download portable files from and listen to it later.

Duke to Shut Usenet Server, Home to the First Electronic Newsgroups (Duke Today, 17 May 2010) - This week marks the end of an era for one of the earliest pieces of Internet history, which got its start at Duke more than 30 years ago. On May 20, Duke will shut down its Usenet server, which provides access to a worldwide electronic discussion network of newsgroups started in 1979 by two Duke graduate students, Tom Truscott and Jim Ellis. Working with a graduate student at UNC-Chapel Hill, they came up with a simple program to exchange messages and files between computers at Duke and UNC using telephone modems. The “Users Network,” Usenet for short, grew into an international electronic discussion forum with more than 120,000 newsgroups dedicated to various topics, from local dining to computer programming languages. Each group had a distinctive name such as soc.history or sci.math. Usenet also played an integral role in the growth of the popularity of the Internet, said Dietolf Ramm, professor emeritus of computer science. At the time, a connection to the Internet was not only expensive but required a research contract with the federal Advanced Research Projects Agency. “ARPA had funded a few schools to begin the early stages of Internet, but most schools didn’t have that,” said Ramm, who worked with the students who developed Usenet. “Usenet was a pioneering effort because it allowed anybody to connect and participate in communications.” Many social aspects of online communication – from emoticons and slang acronyms such as LOL to flame wars – originated or were popularized on Usenet. Duke users can still access Usenet archives – the largest collection of posted online messages – through Google Groups.

Indiana Supreme Court Turns to Twitter (Indiana Business Journal, 18 May 2010) - 
Expanding what it describes as its communication plan, the Indiana Supreme Court is using the social media platform of Twitter to get word out about new rulings, transfer grants and denials, and other court-related events.
 In a statement, the Supreme Court notes that court-watchers may be surprised about the use of the 140-character social media platform instead of 140-page legal documents detailing court business. But times are changing.

 “Social media is changing the way people receive information,” Chief Justice Randall T. Shepard said in a news release. “Using new media will allow us to ensure that the press and the public can follow the work of the Judicial Branch.”

 The Indiana Courts Twitter page can be found online at, and online users also can sign up for RSS feeds for other court-related services such as the Indiana Court Times, the Indiana Judicial Center legislative blog, notice of Supreme Court oral arguments, the Judicial Technology Automation Committee’s blog called Bites & Bytes, and the court’s YouTube channel.

Digital Books, Their Readers, and Privacy (Media Law Prof Blog, 18 May 2010) - Jennifer Lynch, Samuelson Law, Technology & Public Policy Clinic, and Nicole Ozer, ACLU of Northern California, have published “Protecting Reader Privacy in Digital Books,” presented at the Association for the Advancement of Artificial Intelligence Privacy 2010 Symposium. Here is the abstract. What you choose to read says a lot about who you are, what you value, and what you believe. That’s why you should be able to learn about anything from politics to health without worrying that someone is looking over your shoulder. However, as books move into digital form, new reader privacy issues are emerging. In stark contrast to libraries that retain as little information about readers as possible, digital book services are capturing detailed information about readers: who they are, what books they browse and read, and even how long a given page is viewed, and the notes written in the “margins.” Without strong privacy protections, all of this browsing and reading history can be collected, analyzed, and may end up in the hands of the government or third parties without a reader’s knowledge or consent. 

Retaining and strengthening reader privacy in the digital age requires a thorough examination of the potential privacy and free speech implications of digital book services and of the laws and policies that are needed to properly protect readers. Part I of this article discusses the history of strong legal and policy protections for reader privacy. Part II discusses current developments in digital book services. Part III discusses emerging privacy and free speech issues related to digital book services. Part IV proposes some policy and legislative solutions. SSRN link:

EFF: Forget Cookies, Your Browser Has Fingerprints (Computerworld, 18 May 2010) - Even without cookies, popular browsers such as Internet Explorer and Firefox give Web sites enough information to get a unique picture of their visitors about 94 percent of the time, according to research compiled over the past few months by the Electronic Frontier Foundation. The research puts a quantitative assessment on something that security gurus have known about for years, said Peter Eckersley, the EFF senior staff technologist who did the research. He found that configuration information -- data on the type of browser, operating system, plugins, and even fonts installed can be compiled by Web sites to create a unique portrait of most visitors. This means that most Internet users are a lot less anonymous than they believe, Eckersley said. “Even if you turn off cookies and you use a proxy to hide your IP address, you could still be tracked,” he said. The data doesn’t actually identify the Web user, but it creates a unique browser “fingerprint,” that can be used to identify the user when he visits other Web sites. Using JavaScript, Web sites are able to probe PCs and learn a lot. No single piece of data is enough to identify the visitor on its own, but when it’s all strung together -- browser version, language, operating system, time zone details -- a clearer picture emerges. Some things -- what combination of plugins and fonts are installed, for example -- can be a dead giveaway.

‘Hot News’ and the ‘Duty to Police’ It (, 18 May 2010) - The public interest in timely news has never been greater. News originators -- traditional news organizations and news services that make costly investments in reporters, editors, and bureaus -- have responded by going where more and more readers are: on the internet. Today, most original news content can be found, for free, on publishers’ websites or licensed sites. However, originators face challenges: They must compete for internet viewers and advertising dollars with an array of third-party news services, often called “news aggregators,” that do no original reporting but instead copy and distribute news content from originator sites without permission. To protect their interest in the content they gather at a cost, originators are now asserting their rights in court, often through suits alleging “hot-news” misappropriation. This doctrine, nearly a century old, was for many years considered something of a historical oddity, but it has gained new relevance as timely news information has become valuable to a variety of digital platforms. However, a recent decision of the U.S. District Court for the Southern District of New York suggests that, in a world where many aggregators are copying the news content of one originator, one lawsuit may not be sufficient -- equitable principles may require originators to restrain misappropriation of their content by other parties as well. This article will review this suggested “duty to police” in Barclays Capital Inc. v., No. 06 Civ. 4908, 2010 WL 1005160 (S.D.N.Y. March 18, 2010), and its potential negative consequences for news originators. [Editor: quite interesting and useful]

Obama Technology Adviser Reprimanded For Ethics Violation (Washington Post, 19 May 2010) - A White House technology adviser hired from Google was reprimanded for improperly contacting former colleagues in violation of Obama administration ethics rules, a spokesman said. U.S. Deputy Chief Technology Officer Andrew McLaughlin, Google’s former head of global public policy, exchanged e-mails with “his former employer on topics within the scope of his official duties,” which is prohibited by President Obama’s ethics policies, Rick Weiss, a spokesman for the Office of Science and Technology Policy, said Tuesday in an e-mail. McLaughlin’s decision to join the administration last year highlighted connections between Google and the White House. Google chief executive Eric Schmidt, who backed Obama’s campaign for president, is part of Obama’s council of advisers on science and technology.

Cloud Service Users Face Confusing Legal Landscape (Network World, 18 May 2010) - Cloud computing has great benefits for businesses but legal uncertainties threaten to hamper adoption, said a group of lawyers speaking during a seminar in Seattle this week. “We will have to create a robust legal system and we will have to do it sooner rather than later and before we have the cloud computing equivalent of an offshore oil rig blowout,” said Barry J. Reingold, a partner at Perkins Coie in Washington, D.C. Lawyers speaking at the Law Seminars International event on Monday offered advice about the types of research companies should do before signing up for cloud services to make sure they can protect themselves from potential legal fallout. One of the most important issues facing companies that wish to store or process data in the cloud is determining which legal systems have jurisdiction over the data. “It’s a can of worms,” said Andy James, a lawyer with Osborne Clarke.

Connecticut Supreme Court Finds Call Records on Cell Phone Protected by Fourth Amendment (Steptoe & Johnson’s E-Commerce Law Week, 18 May 2010) -The majority of courts have held that telephone call records are not protected by the Fourth Amendment because those records are shared with third parties -- namely, the phone company. But the Connecticut Supreme Court recently distinguished those cases, finding in Connecticut v. Boyd that call records that are found on the cell phone itself are protected by the Fourth Amendment, and thus may be searched only with a warrant. This case would seem a likely candidate for U.S. Supreme Court review given its adverse impact on law enforcement. If it is not taken up by the High Court, it would likely be because the Connecticut Supreme Court ultimately upheld the trial court’s decision to admit the call logs on the ground that the seizure of the cell phone and the search of its contents were valid under the “automobile exception” to the Fourth Amendment’s warrant requirement.

Computer Network Attacks In U. S. Law and Doctrine (Media Law Prof Blog, 19 May 2010) - Paul Walker, U. S. Navy Judge Advocate General’s Corps, has published Rethinking Computer Network ‘Attack’: Implications for Law and U.S. Doctrine, forthcoming in the Journal of National Security Law & Policy. Here is the abstract: “Because much of current legal scholarship uncritically accepts either popular, hacker-based notions of computer “attacks” or the definition of “computer network attack” used in United States military doctrine, a critical approach to what constitutes an “attack” under international humanitarian law is needed. First making the case that the definition of “attack” in Article 49 of Additional Protocol I is customary international law, the article examines a number of methodologies that can provide the appropriate determination that an “act of violence” involving computers, computer networks or information systems has occurred. Of the three methodologies examined, the consequence-based method is the most appropriate. This methodology is applied to two information-based capabilities, distributed denial-of-service (DDoS) actions and chip-level actions, to determine whether or not these types of actions are, in fact, “attacks” under IHL. The article concludes that DDoS actions-- despite widespread belief to the contrary-- do not rise to the level of an attack under IHL. Chip-level actions may constitute IHL attacks if the foreseeable consequences involve death, injury to personnel, or destruction of property, which is the case for some, but by no means all, chip-level (and malicious software) actions. In calling for a more rigorous adherence to well-defined legal standards and definitions in the area of information-based warfare, the article concludes with a call to revise the United States definition of “computer network attack” in order to more closely adhere to the definition of attack under IHL.” SSRN link:

Microsoft to Give Governments Heads Up on Security Vulnerabilities (FCW, 19 May 2010) - Microsoft will share technical information on security vulnerabilities with some government organizations before it publicly releases security patches to help governments protect critical infrastructure. Government organizations that participate in both of two existing Microsoft programs designed to share security information with governments can get advance access to the vulnerability data through a new pilot program named the Defensive Information Sharing Program (DISP). Microsoft will start the pilot program this summer and begin the full program later this year, said Jerry Bryant, group manager, response communications for Microsoft, in an e-mail statement. Bryant said early access to that information would let the government organizations get an early start on risk assessment and mitigation. “This will allow members [of DISP] more time to prioritize creating and disseminating authoritative guidance for increasing network defensive posture actions,” Bryant said. DISP is one of two pilot programs that Stephen Adegbite, senior security program manager lead in the Microsoft Security Response Center, detailed in a blog post on May 17. Adegbite also described another program, the Critical Infrastructure Partner Program, to share with governments, insights on security policy such as approaches to help protect critical infrastructures.

Reducing the ESI Burden of Privilege Logs (, 20 May 2010) - Privilege logs were never a fun part of business litigation. There are few tasks more tedious than logging individual pieces of correspondence by date, author, recipients, subject matter, reason withheld, etc. In the era of electronically stored information, the creation of a document-by-document privilege log has gone beyond mere tedium to become one of the more costly elements of an ESI burden that, by itself, may be dissuading businesses from pursuing commercial litigation at all. Something has to be done, say many, or else the burden of ESI discovery will foreclose litigation as an option for resolving modestly sized disputes. The authors of a recent law review article, building upon the work of The Sedona Conference, think they have a solution.

How Social Media is Changing Government Agencies (Mashable, 20 May 2010) - While many government agencies still tend to employ the “broadcast” model when using social media, some are engaging through hashtags, community building initiatives, and geo-location analysis. These efforts are helping to better inform the public and alert them to public safety emergencies in real-time. A good recent example of this is how the team of energy companies and government agencies responding to the oil spill in the Gulf of Mexico are putting these strategies to use. Here are ways other government agencies, from local law enforcement to the National Weather Service, are seizing on these tools to improve their services. At the most basic level, social media is about community building. Government agencies have adopted this mindset to varying degrees as a way to foster trust and dialogue with people. “It is truly a national town hall that has never been attempted during a disaster,” said Commander James Hoeft of the U.S. Navy, who oversees the cleanup effort’s social media team. The idea has been implemented in parts of the U.S. government to varying degrees. In 2008, Admiral Thad Allen of the U.S. Coast Guard sent out a service-wide message saying, “[To] modernize the Coast Guard we must learn how to effectively use social media tools to enhance our ability to perform as a more transparent, change-centric organization.” The Coast Guard has since deployed a series of Flickr, YouTube and Twitter accounts, both at the headquarters and regional levels, as a part of The Coast Guard Compass. Some are better than others, with many serving simply as multimedia RSS feeds. But there are stars, like the Twitter feed for the Portsmouth, VA-based District Five, which discusses their latest coastal rescue operations.

Seventh Circuit Vacates Contempt for E-Mail Barrage (Citizen Media Law Project, 21 May 2010) - The Seventh Circuit Court of Appeals has vacated the summary contempt citation and sentence imposed by U.S. District Judge Robert Gettleman after his court e-mail account was inundated with messages after infomercial pitchman Kevin Trudeau urged his supporters to e-mail the judge. FTC v. Trudeau, No. 10-1383, slip op. (7th Cir. May 20, 2010). The appeals court vacated Judge Gettleman’s summary citation of Trudeau for contempt, and the imposition of a 30-day sentence, concluding that such summary contempt proceedings were limited to interference with court proceedings that a judge personally observes, and occurs within the physical boundaries of the court room. The Court noted that the goal of such a summary procedure, in which the judge simply declares someone in contempt and imposes a penalty, is to quickly resolve the disruption and proceed with the court’s business. “The record in this case is devoid of any suggestion that Trudeau’s summary punishment was necessary to restore the court’s ability to resume its duties. “No trial was being disrupted by a failure to comply with a court order.” And, while we credit the judge’s determination that the e-mails “imped[ed] [the court’s] means of communication and caus[ed] the necessity of a threat assessment,” he made no finding that immediate and summary punishment for Trudeau was necessary to solve his communication problems. . .” FTC v. Trudeau, slip op. at 12.

CFAA Can Protect Trade Secrets (NY Law Journal, 24 May 2010) - Despite the increased recognition by Congress on the importance of the protection of intellectual property in recent years, it has not seriously considered enacting a federal law protecting trade secrets and has instead focused on amending existing laws including criminal laws that protect intellectual property. Companies and their general counsel ... even when faced with a nightmarish situation when, for example, a number of individuals leave to join a competitor and take with them vitally important trade secrets ... have a variety of imperfect options as to how to proceed. They can report the theft to the local U.S. Attorney for investigation of violations of federal criminal laws, including the Economic Espionage Act. However, there is no assurance that federal authorities will open an investigation and, even if they do so, there is no guarantee that they will prosecute. Indeed, since the Economic Espionage Act was enacted in 1996, the federal government has prosecuted only slightly more than 50 cases. Alternatively or concurrently they can bring a civil action under state or federal law. While a civil action may offer some possibility of redress, state courts may not be equipped to deal with a sophisticated and extremely large and time-consuming theft of trade secrets and, while federal courts may be better equipped to deal with the issues, companies are often foreclosed from bringing an action in federal court because of lack of jurisdiction. In an attempt to get around this issue, companies have sought to establish federal jurisdiction by asserting a violation of the federal Computer Fraud and Abuse Act. Courts, however, are increasingly reluctant to find that the CFAA is a replacement for a federal trade secrets act ... even where the theft involves electronic information ... and have dismissed CFAA claims on the ground that the employee accessed the information with authorization. It is important for general counsel to be aware of this limitation and should institute a trade secret protection program that not only better protects the companies’ trade secrets and confidential information but includes steps that will increase the possibility that a federal court will find jurisdiction under the CFAA in the unfortunate, but increasingly likely event that an employee does steal or attempt to steal a company’s trade secrets. Before turning to the specific steps that a company can take including the outlines of a trade secret protection program, it is first important to understand the limitations of the CFAA and specifically the split between the “narrow” and “broad” view that has arisen in the context of theft of trade secrets.

State Department Moves from Telegrams to Wikis (ArsTechnica, 24 May 2010) - You might imagine the US State Department as a place awash in paperwork, a sprawling bureaucratic entity that encircles the globe and still passes information between its foreign missions with telegrams. And you would be right. But spurred by an overwhelming need to share and archive on-the-ground knowledge quickly, the State Department has also become a poster child for government use of wikis. Within 15 months of coming up with the idea, State rolled out a working MediaWiki install that it called “Diplopedia.” The site now has 10,000+ articles and receives more than 2,000 visits on an average day. This being a major government project, some changes had to be made—Linux was out, for instance, and “Don’t be a jerk” would “not work as a governance norm for a government agency.” A new paper (PDF), written by a former Diplopedia project lead and a Rice University professor, chronicles the genesis and growth of the wiki in fascinating detail. For instance, the paper makes clear that bringing a wiki into State wasn’t a matter of open source idealism as much as an attempt to solve a practical problem. “Foreign Service Officers (FSOs), who move around the globe, were expected to acquire a degree of expertise rapidly in each new job, but upon leaving the job, this knowledge could be lost,” write authors Chris Bronk and Tiffany Smith. “The organization did not have a strong system where prior job incumbents could be called upon to explain the intricacies of job process or subject matter... ‘How to?’ questions were among the most frequently asked, especially by junior staff.”

Harvard’s Paper Cuts -School Library Works to Maintain Stature in the Shift to Digital (Boston Globe, 24 May 2010) - The thin, tattered book, an 1899 dissertation on Homer, written in French, is tucked into one of the more than 40 shelves devoted to the epic poet in the stacks of Widener Library. Collecting obscure works like this one has helped Harvard amass the world’s largest university library. The 16.5 million volumes university wide span a range of esoteric topics, from the manuscripts of Ukrainian political leaders to the field notes of famous horticulturists. Harvard owns so many books, serials, and other items that it now houses nearly half of the collection in a climate-controlled warehouse 25 miles away in Southborough. But the days of accumulating every important title and artifact under the scholarly sun are over for Harvard’s labyrinthine system of 73 libraries. Facing an unprecedented budget crunch, the university cancelled print copies of more than 1,000 journal titles last year in favor of online subscriptions. And Harvard is turning toward other universities to collaborate and share acquisitions, all while trying to maintain its libraries’ stature in an increasingly digital world. Students can now sit in their dorms and order books directly from their computers to be delivered within 24 hours to the library of their choice from the Harvard Depository, a high-density storage facility where a forklift is required to fetch books from 30-foot shelves. In some cases, students can avoid the library altogether; materials can be downloaded or the library will scan relevant book chapters and e-mail them.

UK Law Firm Inks $852 Million Outsourcing Deal (, 25 May 2010) - Legal process outsourcing (LPO) company Integreon has entered into what it describes in a press release as the largest legal outsourcing deal ever, worth $852 million over 10 years, with British law firm CMS Cameron McKenna. The work covered by the agreement -- nonbillable support tasks such as accounting, human resources, marketing, training and information technology -- does not affect lawyers directly. The deal is not the first of its kind for Los Angeles-based Integreon, but it is the largest, according to the company. Integreon, which maintains outsourcing centers in India as well as in the Philippines and South Africa, has previously handled support services for Clifford Chance and DLA Piper. One notable aspect of Integreon’s agreement with CMS Cameron is the openness about the price tag. Most firms that turn to LPOs for discovery and other legal work ask not to be identified, much less have the value of their contracts disclosed. Thus, while rough estimates of the potential multibillion-dollar market for legal outsourcing have been bandied about for several years, the true scale of the industry has so far been hard to capture. That may be changing. John Croft, Integreon’s president of global sales, says CMS Cameron’s Weston had no problem making the contract’s value public: “He wanted his clients and potential clients to see that he was proactively going about the way he provided legal services to them.”

The 15 Funniest Tweets From The Fake BP Twitter Account (Business Insider, 25 May 2010) - Last week, one creative Twitter user began posting Tweets under the name “BPGlobalPR“. According to the WSJ, the fake account now has double the followers of the real BP corporate Twitter. Whoops. That’s a major PR fail. (BP knows about the account and isn’t laughing.) We’ve picked out some of the funniest ones for your viewing pleasure. Maybe they’ll take your mind off of all that very real oil spewing into the Gulf. [Editor: not funny, really; but does illustrate the power of the medium – more useful is the following.]

Oilaholic: Oil Spill Goes Real-Time (ReadWriteWeb, 4 June 2010) - A new mashup lets you track the BP oil spill news using Facebook, Twitter, Flickr and more, all from one interface. Called "Oilaholic," the site serves as a one-stop shop for everything oil spill-related, including the latest tweets, the live video cam feed from uStream, the latest Facebook news and Flickr photos, the hottest headlines from Google News and elsewhere on the web, a real-time "leak meter" feed (which is incredibly disturbing), a live chatroom for venting your frustrations after you look at the leak meter, plus links to useful resources including government agencies, volunteer efforts, phone numbers to call and more.

DHS Official: Cybersecurity Is Industry Responsibility (Tech Daily Dose, 25 May 2010) - A top Department of Homeland Security official said Tuesday that contractors that fail to live up to security requirements in federal technology contracts should be held accountable, even if the vulnerabilities originated in products or capabilities provided by suppliers, reported. In most business situations, “if we have a contractual arrangement and you fail [to meet the requirements], I have legal recourse,” said Richard Marshall, director of global cybersecurity management at DHS. “Why wouldn’t the same be true when the supply chain [is involved]? I’m buying a product from you, and you represent that it’s a product with the following characteristics. If you fail, I have a right to sue you.” Marshall spoke at the SecureAmericas conference in Arlington, Va., an event hosted by the cybersecurity provider International Information Systems Security Certification Consortium. He noted a number of examples where failures in the supply chain led to serious security implications, including a wave of hard drives infected with viruses that infiltrated the U.S. market from Asia in 2007 and a recent case in which thumb drives were shipped preinstalled with malicious software, eventually leading to the Defense Department imposing a temporary ban on the storage devices. “Buy from an authorized vendor and make sure that vendor has purchased from an authorized vendor,” Marshall advised. Federal technology and acquisition officials must write contracts that set specific expectations for how industry secures computer hardware and software, including assurances the products they purchase from suppliers and the development processes followed best practices.

Pentagon: Let Us Secure Your Network or Face the ‘Wild Wild West’ Internet Alone (Wired, 27 May 2010) - Companies that operate critical infrastructures and do not voluntarily allow the federal government to install monitoring software on their networks to detect possible cyberattacks would face the “wild” internet on their own and place us all at risk, a top Pentagon official seemed to say Wednesday. Defense Deputy Secretary William Lynn III, speaking at the Strategic Command Cyber Symposium in Nebraska, said we need to think imaginatively about how to use the National Security Agency’s Einstein monitoring systems on critical private-sector networks — such as those in the financial, utility and communication industries — in order to protect us. “Operators of critical infrastructure could opt in to a government-sponsored security regime,” Lynn said. Otherwise, “individual users who do not want to enroll could stay in the wild wild west of the unprotected internet.” Failure to protect the power grids, transportation system, or financial sector, he said, “could lead to physical damage and economic disruption on a massive scale.” Privacy and civil liberties groups, however, have raised concerns about the Einstein systems with regard to what information they would collect and share with the government and what oversight, if any, would be put in place to ensure that federal privacy and wiretapping laws are not violated. The Einstein programs are intrusion-detection and response systems developed by the National Security Agency. The government is in the process of deploying Einstein 2 to federal networks to inspect traffic for malicious threats, but there has been talk of deploying it to private-sector networks as well. Intrusion-detection systems are already a standard tool in the defense arsenal of private-sector businesses, and the government has been unclear about how its system surpasses those already available to companies.

Business Continuity, Not Data Breaches, Among Top Concerns for Tech Firms (Computerworld, 24 May 200) - Data security and breach prevention ranks low as a risk factor for most big technical companies, according to new research that identifies the most widespread concerns among the 100 largest U.S. public technology companies. The research, released by BDO, a professional services firm, examines the risk factors listed in the fiscal year 2009 10-K SEC filings of the companies; the factors were analyzed and ranked in order by frequency cited. Among security risks, natural disasters, wars, conflicts and terrorist attacks were cited by 55% of respondents as a risk concern and was 16th on the list, much higher than breaches of technology security, privacy and theft, which was mentioned by 44% of the companies, putting it at 23rd on the list. Aftab Jamil, leader of the Technology Practice at BDO, said he thought business continuity was driving worries about risks like natural disasters and conflicts. “I think it has to do not only with the general difficulty one might encounter as result, but also, at the end of the day, what they are concerned about is business continuity,” he said. “Can they get back on their feet relatively quickly? If you in the path of a hurricane or an oil spill, can you keep your business going?” Accounting, internal controls and Sarbanes-Oxley compliance is the 18th largest risk factor this year, according to the list. Jamil pointed to fears of market backlash or perception that could arise as a result of mistakes in complying with the regulations. “The core risk for companies is, should they have catastrophic failure on their part; be it fraud or error or misapplication of GAAP accounting rules, eventually if this leads to restatement of historical financials, there is not only the cost involved in handling that, but, more than that, there is market perception of what is going on,” said Jamil. “The taint that your reputation might suffer because of that is huge. It’s so easy to lose shareholder value because market reaction might be so negative to any issue that may arise.” However, despite its appearance in the top twenty, accounting, internal controls and Sarbanes-Oxley compliance fell in rank this year, likely reflecting the increased maturity of those regulations, said Jamil. While breaches of technology security, privacy and theft was only at 23rd on the list, it was a slight increase over last year, when 30% mentioned security breaches as a risk. (See Data Breach Disclosure Law, State by State.) Jamil said he was still surprised by its lower ranking. “Given all that is going with media attention being given to this issue, I thought it would inch up higher,” he said. “It would not surprise me if this particular risk factor becomes more prominent in future years. It’s not top-twenty, but it’s not far off from it either.”

FTC Postpones ‘Red Flags’ Identity Theft Rule (National Law Journal, 1 June 2010) - Under pressure from Congress, the Federal Trade Commission has agreed to postpone enforcement of its “Red Flags” rule that requires lawyers, doctors and other professionals to develop written identity theft prevention programs. Both the American Bar Association and the American Medical Association have sued the agency, arguing that imposing the identity theft rule requirements on their members is arbitrary, capricious and has no legally supportable basis. The rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring “creditors” and “financial institutions” to address the risk of identity theft. The FTC considers lawyers and other professionals to be creditors under the act, and required them to implement written identity theft prevention programs to detect the warning signs -- or “red flags” -- of identity theft in their day-to-day operations. Last August, the ABA, represented pro bono by Proskauer Rose, filed suit in U.S. District Court for the District of Columbia challenging the rule’s application to lawyers. In October, Judge Reggie Walton backed the ABA, saying the FTC had overreached and that applying the rule to lawyers was unreasonable. The FTC in February said it would appeal the decision. Last month, the American Medical Association sued the FTC in U.S. District Court, arguing the rule should not apply to physicians either. Sidley Austin‘s Frank Volpe is representing the AMA. On Friday the FTC announced that “as the request of several members of Congress,” it would delay enforcement of the rule until the end of the year.

End Zone to War Zone: Pentagon Wants NFL Tech for Battlefield Replays (Wired, 3 June 2010) - The Pentagon’s cribbing a play from Monday Night Football, adopting the same instant replay technology used during games to improve analysis of war zone video feeds. Harris Corporation, the company behind instant replay for professional football and baseball games, has teamed up with the military on an analysis system that’s already been deployed to several bases, reports Live Science. The system, called Full-Motion Video Asset Management Engine (FAME) uses “metadata” tags to encode important details — time, date, camera location — into each video frame. In a football game, those tags would help broadcasters pick the best clip to re-air, then explain, a play. In a war-zone, they’d help analysts watch video in a richer, easier-to-grasp context. And additional tags could link a video clip to photographs, cell phone calls, databases or documents. The final result turns war-zone footage into play-by-play video feed, with analysts becoming veritable game announcers: “One can then view data in ways as rich as depicted with football games on TV, which not only show what is happening from multiple angles, but the identity of teams, the current score, the line of the field where a play started, where the ball needs to go for first down, which quarter and down it is, time remaining, how many yards there are to go, as well as pop-up windows and scrolling data giving details on players and scores from others games and audio commentary detailing plays.”

Johanna Blakley: Lessons from Fashion's Free Culture (TED Talks, April 2010 at USC) - Copyright law's grip on film, music and software barely touches the fashion industry ... and fashion benefits in both innovation and sales, says Johanna Blakley. At TEDxUSC 2010, she talks about what all creative industries can learn from fashion's free culture. A commentator remarks: "In this 15-minute TED talk, Johanna Blakley addresses a subject alien to most here — fashion — but in a way sure to grab our attention. The lesson is about how the fashion industry's lack of copyright protection can teach other industries about what copyright means to innovation. And yes, she mentions open source software. There is one killer slide at 12:20 comparing the gross sales of low-IP-protection industries with those of films and books and music. If you want to know more, or if you prefer text, the Ready To Share project website should give you all the data you crave on the subject."

Tom Wujec: Build a Tower, Build a Team (TED, February 2010; 7 minute video) - Tom Wujec presents some surprisingly deep research into the "marshmallow problem" -- a simple team-building exercise that involves dry spaghetti, one yard of tape and a marshmallow. Who can build the tallest tower with these ingredients? And why does a surprising group always beat the average? [Editor: Resembles quite closely a knowledge management proof-of-concept exercise in KnowConnect’s service offering.]

**** RESOURCES ****
Protecting Anonymity and Association in Cyberspace (Media Law Prof Blog, 26 May 2010) - Minjeong Kim, Department of Journalism and Technical Communication, College of Liberal Arts, Colorado State University, has published The Right to Anonymous Association in Cyberspace: US Legal Protection for Anonymity in Name, in Face, and in Action, in volume 7 of SCRIPT-ed (2010). Here is the abstract: “
The Internet has become a communication medium of intense group interaction, and individuals with marginalised identities have used anonymity as a tool with which to participate in online interaction. In order to capture the full spectrum of the role that anonymity plays in cyberspace, I explore in this article the US constitutional right to anonymous association. I draw on the concepts of anonymity defined in the social science literature - identity protection, visual anonymity, and action anonymity - and analyse US case law regarding the right to anonymous association in both offline and online worlds. The examination suggests that (1) the right to anonymous association has been especially meaningful for those who are marginalised in society; (2) future courts - in light of established legal rules governing the right to anonymous association - must give careful consideration to the question as to who is seeking anonymity; (3) different concepts of anonymity have greater independence in cyberspace and, therefore, need to be distinguished by scholars and courts. Overall, the right to anonymous association in cyberspace can be understood as the positive right of individuals to control information about themselves in order to find and associate with others. The examined case law shows that strong support for such a right is embedded in the US legal tradition.”

Are 'Better' Security Breach Notification Laws Possible? (Prof. Jane Winn, Berkeley Technology Law Journal, 2009) - Security breach notification laws (SBNLs) may have succeeded in bringing the issue of inadequate information security to the attention of American consumers, but do not appear to be having much impact on the way that American businesses store and use sensitive personal information.  This failure is not surprising in light of the extremely limited scope of American SBNLs, which generally do not reinforce an underlying right to privacy but instead only mandate disclosure of information that is confusing and difficult for consumers to make use of.  While receiving repeated notices of security breaches might someday galvanize American public opinion to support stronger information privacy laws, that would be a remote and uncertain benefit from legislation that appears in the short term to penalize responsible businesses while being disregarded by unsophisticated and irresponsible ones.  Although businesses in possession of sensitive personal information are exposed to something like strict liability for security breaches, the vendors of the information technology systems that are vulnerable to breaches remain exempt from liability.  SBNLs generally commit no public resources to ensuring compliance, reducing the risk that non-compliance will be detected to near zero for many businesses.  Under such circumstances, most businesses have no economic incentive to comply with a law when compliance would be very costly.  Even though litigation claiming damages following a security breach notification has not been successful to date, the risk of being exposed to such litigation as a result of compliance further increases incentives for non-compliance.  This paper reviews the development of new governance approaches to regulation, including “responsive regulation,” “smart regulation” and “better regulation” and then applies new governance criteria to SBNLs to show why they are unlikely to have much impact on the information security policies of many American businesses.  This paper reviews the practical problems that any business faces when trying to secure large quantities of sensitive personal information, and outlines what a “better regulation” approach to information security regulation targeting sensitive personal information might include. Article on SSRN:

Google Announces Free Download of 10 Terabytes of Patents and Trademarks (BeSpacific, 3 June 2010) - Google Public Policy Blog: "When we launched Google Patent Search in 2006, we wanted to make it easier for people to understand the world of inventions, whether they were browsing for curious patents or researching serious engineering. Recently, we’ve also worked on a number of public data search features, as well as experimental features like the Public Data Explorer...That’s why we’re proud to announce that the USPTO and Google are making this data available for free at This includes all granted patents and trademarks, and published applications -- with both full text and images. And in the future we will be making more data available including file histories and related data."

**** FUN ****
Red Faces as Cambridge University Discovers it’s Not All Greek (The Times, 25 May 2010) - It is not as embarrassing as King Minos’s discovery that his wife had slept with a bull, nor as cringeworthy as Ares and Aphrodite being caught in an adulterous embrace in a golden net. However, Cambridge University was sheepish yesterday as it admitted that there was a spelling mistake in the inscription on the entrance to its new Classics department building. A set of glass doors at the entrance to the £1.3 million extension is inscribed with Aristotle’s quotation: “All men by nature desiring to know.” The typesetter made a small slip-up by entering the Roman letter “s” instead of the Ancient Greek letter sigma in the word “phusei” — meaning “by nature”. The university dispatched a sign-maker to scratch off the offending quotation yesterday as scholars highlighted the mistake. Mary Beard, Professor of Classics at Cambridge, noted the error in her blog on Timesonline, where she complained that the automated doors were so sluggish that they were causing queues of impatient classicists. “Even the gods have shown their disapproval in their own inimitable way,” she wrote.

BLOCKBUSTER, ENRON TEAM UP ON DEMAND-VIDEO Video rental giant Blockbuster is partnering with energy trader Enron to market a video-on-demand service using Enron's nationwide state-of-the-art fiber-optic network. The 20-year alliance will allow consumers with high-speed Internet access and a special TV set-top box to order movies over their TVs and PCs at their convenience. Although only a couple of million households currently have broadband Internet access, Blockbuster is hoping to quickly dominate the nascent market by capitalizing on its brand, its 65 million customers, and its entrenched relationships with movie studios. Meanwhile, Enron is angling to become a major player in broadband Internet access: "Enron is the leader of the pack and I think this could be the beginning of streaming of content over its network," says a PaineWebber analyst. "Signing a company like Blockbuster is a reassuring signal of the validity of their strategy." (Los Angeles Times 20 Jul 2000)

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at  (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley ( with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at Get supplemental information through Twitter:

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. InsideHigherEd - 
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog,
11. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit  or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.