Saturday, June 05, 2010

MIRLN --- 16 May – 5 June 2010 (v13.08)

(supplemented by related Tweets: #mirln)

·      Court Rules the Residential Address, Home Telephone Number and Personal Email of ODE Licensees Are Not Public Record
·      Real Legal Issues With Virtual Currencies
·      “Internet Privacy is A Fallacy,” Court Says
·      JustMed, Inc. v. Byce: A Tech Upset
·      Google Data Admission Angers European Officials
·      Federal Judiciary Launches Enhanced Website
·      Duke to Shut Usenet Server, Home to the First Electronic Newsgroups
·      Indiana Supreme Court Turns to Twitter
·      Digital Books, Their Readers, and Privacy
·      EFF: Forget Cookies, Your Browser Has Fingerprints
·      ‘Hot News’ and the ‘Duty to Police’ It
·      Obama Technology Adviser Reprimanded For Ethics Violation
·      Cloud Service Users Face Confusing Legal Landscape
·      Connecticut Supreme Court Finds Call Records on Cell Phone Protected by Fourth Amendment
·      Computer Network Attacks In U. S. Law and Doctrine
·      Microsoft to Give Governments Heads Up on Security Vulnerabilities
·      Reducing the ESI Burden of Privilege Logs
·      How Social Media is Changing Government Agencies
·      Seventh Circuit Vacates Contempt for E-Mail Barrage
·      CFAA Can Protect Trade Secrets
·      State Department Moves from Telegrams to Wikis
·      Harvard’s Paper Cuts -School Library Works to Maintain Stature in the Shift to Digital
·      UK Law Firm Inks $852 Million Outsourcing Deal
·      The 15 Funniest Tweets From The Fake BP Twitter Account
o   Oilaholic: Oil Spill Goes Real-Time
·      DHS Official: Cybersecurity Is Industry Responsibility
·      Pentagon: Let Us Secure Your Network or Face the ‘Wild Wild West’ Internet Alone
·      Business Continuity, Not Data Breaches, Among Top Concerns for Tech Firms
·      FTC Postpones ‘Red Flags’ Identity Theft Rule
·      End Zone to War Zone: Pentagon Wants NFL Tech for Battlefield Replays


Court Rules the Residential Address, Home Telephone Number and Personal Email of ODE Licensees Are Not Public Record (Dinsmore & Shohl, 11 May 2010) - The Franklin County Court of Common Pleas recently issued a decision on the Ohio Education Association’s (OEA) request for a permanent injunction preventing the Ohio Department of Education (ODE) from releasing or publishing certain information concerning individuals licensed by ODE. Therein, the court held that the residential address, home telephone number, and personal email address of ODE’s licensees are not “records” and are thus not required to be disclosed under the Public Records Act (“PRA”).

Real Legal Issues With Virtual Currencies (Network World, 12 May 2010) - Attorney J. Dax Hansen is a partner at Perkins Coie LLP in Seattle. With contributions from his colleagues Andrew H. Grant and Kirk Soderquist, he has written an interesting legal perspective on the growing use of synthetic or virtual currencies in massively multiplayer online role-playing games (MMPORG) and virtual worlds such as Second Life. The remainder of this column and the following are entirely their work with minor edits… “Points,” “coins,” “bucks” and other forms of virtual currency are becoming standard offerings for online game sites, social media sites, retailers and other businesses. Virtual currency systems generate revenue, provide low cost alternatives to credit cards for micropayments, offer prepaid solutions appealing to youth and other users without credit cards, and help companies build attractive loyalty programs. Although virtual currency systems are often used to sell digital content, they continue to become more complex - approximating real world currency as they allow purchase of physical goods and services from multiple merchants, offer cash redemption options, and facilitate peer-to-peer payments. Even though the currency may be virtual, these systems pose real legal issues - both for issuers of the virtual currency and potentially for other network service providers and partners. Issuing virtual currency could subject an issuer to various state and federal regulatory regimes with wide ranging operational, financial and liability implications. These implications include restrictions on an issuer’s ability to expire the virtual currency or impose inactivity fees, requirements to give cash back for unused virtual currency, obligations to remit unused virtual currency balances to states, potential regulation as a financial institution, requirements to structure systems to avoid illegal lotteries, and privacy and data security issues. This pair of articles highlights several key legal considerations and offers practical tips for companies that operate - or are considering developing - virtual currency systems.

“Internet Privacy is A Fallacy,” Court Says (Steptoe & Johnson’s E-Commerce Law Week, 13 May 2010) - A New York court gave this dismal assessment of the state of online privacy in dismissing criminal charges against an employer who used a keystroke monitor to record the personal emails of an employee. The court essentially flipped the usual approach to employer monitoring cases on its head, reasoning that employees have no expectation of privacy in their workplace communications unless they take affirmative steps to carve out a zone of privacy. Moreover, the court’s strong dismissal of any notion of privacy in email -- though contrary to the holding of the vast majority of decisions that have touched on the issue -- may be cited in future cases not only by employers, but also by the government and by hackers when their access to computers or communications is challenged in court.

JustMed, Inc. v. Byce: A Tech Upset (Sonnenschein, 12 May 2010) - For early stage technology companies the definitions of independent contractor and employee for determining copyright ownership may have changed. In a case that could alter the landscape as to who is considered an employee when it comes to “work for hire” and copyright ownership in the world of technology based start-ups, the United States Court of Appeals for the Ninth Circuit relaxed the rules on who is considered an employee versus an independent contractor for the purposes of considering where work is considered a “work for hire.” In JustMed, Inc. v. Byce, 2010 U.S. App. LEXIS 6976 (9th Cir. Apr. 5, 2010), the Ninth Circuit was asked to decide whether JustMed, Inc., a small technology start-up company, or Michael Byce, a software developer working remotely, owned the source code that Byce engineered while working for JustMed.
The Court’s analysis distinguished between technology start-up businesses, which are well known for the informal manner in which they are formed and operate -- a handful of people working in a garage and programming their computers -- and more established companies, where formalities regarding employment tend to be more rigorously observed. The Court found that Byce qualified as an “employee” of JustMed, and his work belonged to them, despite the fact that he:
·      worked from home in Idaho,
·      worked on his own computer, and
·      worked without much direction from Oregon-based JustMed.
Ordinarily, those factors would favor finding Byce to be an independent contractor. In addition:
·      Byce and JustMed had no written employment agreement,
·      Byce never filled out an I-9 employment form,
·      Byce filed his first W-4 tax withholding form in 2005 - a year after beginning full-time work on the source code in 2004,
·      JustMed did not issue a W-2 for Byce,
·      JustMed did not withhold taxes, pay workers’ compensation, or pay unemployment insurance for Byce, and
·      JustMed did not provide any employment benefits for Byce, or report his employment to the state.
Byce was nevertheless deemed an employee because:
·      he was not hired for a specific term,
·      he was not hired to work on a discrete project,
·      he worked with JustMed on projects other that the source code,
·      he updated the company’s Web site,
·      he demonstrated the company’s product at trade shows,
·      he was listed in the company’s brochure,
·      he was issued a business card, under the title of either “Director of Research and Development” or “Director of Engineering,” and
·      he asked for a cash salary (after initially being paid in company stock), even though he never deposited his paychecks.

Google Data Admission Angers European Officials (NYT, 15 May 2010) - European privacy regulators and advocates reacted angrily Saturday to the disclosure by Google, the world’s largest search engine, that it had systematically collected private data since 2006 while compiling its Street View photo archive. After being pressed by European officials about the kind of data the company compiled in creating the archive — and what it did with that information — Google acknowledged on Friday that it had collected snippets of private data around the world. In a blog post on its Web site, the company said information had been recorded as it was sent over unencrypted residential wireless networks as Google’s Street View cars with mounted recording equipment passed by. The data collection, which Google said was inadvertent and the result of a programming error, took place in all the countries where Street View has been catalogued, including the United States and parts of Europe. Google apologized and said it had not used the information, which it plans to delete in conjunction with regulators. But in Germany, Google’s collection of the data — which the company said could include the Web sites viewed by individuals or the content of their e-mail — is a violation of privacy law, said Ilse Aigner, the German minister for food, agriculture and consumer protection. In a statement Saturday, her ministry demanded a full accounting.

Federal Judiciary Launches Enhanced Website (US Courts, 15 May 2010) - The Federal Judiciary’s website,, today unveils a host of enhancements. The site has been redesigned to make it more attractive, accessible, and useful to its diverse audience of users. The improvements further the website’s mission of increasing public interest, awareness, and understanding of the federal court system and its functions, and to serve as a source for disseminating Federal Judiciary information to the public. Among the enhancements:
·      Email Delivery Service: Interested users can subscribe to email updates. When Judiciary news releases, Newsroom updates, notifications of new publications, emergency notifications and significant content updates are made, a notification is sent directly to the subscribers’ email addresses. Each subscriber can choose to receive alerts on topics of particular interest or alerts for all updates. Subscriptions are free, and can be canceled or updated at any time.
·      Multimedia – video, podcasts, photos, YouTube Channel: Videos have been available on for several years, with a focus on civic education and highlighting news. Recently, the focus was expanded to feature two informational video series – Bankruptcy Basics and Working for the Federal Judiciary. Photo slide shows have been added, to include and illustrate such topics as naturalization ceremonies, educational outreach programs, and Judiciary news.
·      The website will feature expanded use of multimedia, including a link to the Judiciary’s YouTube Channel,, which is a joint initiative of the Administrative Office of the U.S. Courts and the Federal Judicial Center.
·      Widgets: A widget is a portable chunk of computer programming code that can be embedded in a Web page to add dynamic content. For example, an organization could take a widget from and install it in their website homepage to receive continuous Federal Judiciary news updates directly.
·      Read-aloud service: Web text is read aloud for users who find it difficult to read online, a useful tool for those who have difficulty reading or are mildly visually impaired. This free program also allows users to download portable files from and listen to it later.

Duke to Shut Usenet Server, Home to the First Electronic Newsgroups (Duke Today, 17 May 2010) - This week marks the end of an era for one of the earliest pieces of Internet history, which got its start at Duke more than 30 years ago. On May 20, Duke will shut down its Usenet server, which provides access to a worldwide electronic discussion network of newsgroups started in 1979 by two Duke graduate students, Tom Truscott and Jim Ellis. Working with a graduate student at UNC-Chapel Hill, they came up with a simple program to exchange messages and files between computers at Duke and UNC using telephone modems. The “Users Network,” Usenet for short, grew into an international electronic discussion forum with more than 120,000 newsgroups dedicated to various topics, from local dining to computer programming languages. Each group had a distinctive name such as soc.history or sci.math. Usenet also played an integral role in the growth of the popularity of the Internet, said Dietolf Ramm, professor emeritus of computer science. At the time, a connection to the Internet was not only expensive but required a research contract with the federal Advanced Research Projects Agency. “ARPA had funded a few schools to begin the early stages of Internet, but most schools didn’t have that,” said Ramm, who worked with the students who developed Usenet. “Usenet was a pioneering effort because it allowed anybody to connect and participate in communications.” Many social aspects of online communication – from emoticons and slang acronyms such as LOL to flame wars – originated or were popularized on Usenet. Duke users can still access Usenet archives – the largest collection of posted online messages – through Google Groups.

Indiana Supreme Court Turns to Twitter (Indiana Business Journal, 18 May 2010) - 
Expanding what it describes as its communication plan, the Indiana Supreme Court is using the social media platform of Twitter to get word out about new rulings, transfer grants and denials, and other court-related events.
 In a statement, the Supreme Court notes that court-watchers may be surprised about the use of the 140-character social media platform instead of 140-page legal documents detailing court business. But times are changing.

 “Social media is changing the way people receive information,” Chief Justice Randall T. Shepard said in a news release. “Using new media will allow us to ensure that the press and the public can follow the work of the Judicial Branch.”

 The Indiana Courts Twitter page can be found online at, and online users also can sign up for RSS feeds for other court-related services such as the Indiana Court Times, the Indiana Judicial Center legislative blog, notice of Supreme Court oral arguments, the Judicial Technology Automation Committee’s blog called Bites & Bytes, and the court’s YouTube channel.

Digital Books, Their Readers, and Privacy (Media Law Prof Blog, 18 May 2010) - Jennifer Lynch, Samuelson Law, Technology & Public Policy Clinic, and Nicole Ozer, ACLU of Northern California, have published “Protecting Reader Privacy in Digital Books,” presented at the Association for the Advancement of Artificial Intelligence Privacy 2010 Symposium. Here is the abstract. What you choose to read says a lot about who you are, what you value, and what you believe. That’s why you should be able to learn about anything from politics to health without worrying that someone is looking over your shoulder. However, as books move into digital form, new reader privacy issues are emerging. In stark contrast to libraries that retain as little information about readers as possible, digital book services are capturing detailed information about readers: who they are, what books they browse and read, and even how long a given page is viewed, and the notes written in the “margins.” Without strong privacy protections, all of this browsing and reading history can be collected, analyzed, and may end up in the hands of the government or third parties without a reader’s knowledge or consent. 

Retaining and strengthening reader privacy in the digital age requires a thorough examination of the potential privacy and free speech implications of digital book services and of the laws and policies that are needed to properly protect readers. Part I of this article discusses the history of strong legal and policy protections for reader privacy. Part II discusses current developments in digital book services. Part III discusses emerging privacy and free speech issues related to digital book services. Part IV proposes some policy and legislative solutions. SSRN link:

EFF: Forget Cookies, Your Browser Has Fingerprints (Computerworld, 18 May 2010) - Even without cookies, popular browsers such as Internet Explorer and Firefox give Web sites enough information to get a unique picture of their visitors about 94 percent of the time, according to research compiled over the past few months by the Electronic Frontier Foundation. The research puts a quantitative assessment on something that security gurus have known about for years, said Peter Eckersley, the EFF senior staff technologist who did the research. He found that configuration information -- data on the type of browser, operating system, plugins, and even fonts installed can be compiled by Web sites to create a unique portrait of most visitors. This means that most Internet users are a lot less anonymous than they believe, Eckersley said. “Even if you turn off cookies and you use a proxy to hide your IP address, you could still be tracked,” he said. The data doesn’t actually identify the Web user, but it creates a unique browser “fingerprint,” that can be used to identify the user when he visits other Web sites. Using JavaScript, Web sites are able to probe PCs and learn a lot. No single piece of data is enough to identify the visitor on its own, but when it’s all strung together -- browser version, language, operating system, time zone details -- a clearer picture emerges. Some things -- what combination of plugins and fonts are installed, for example -- can be a dead giveaway.

‘Hot News’ and the ‘Duty to Police’ It (, 18 May 2010) - The public interest in timely news has never been greater. News originators -- traditional news organizations and news services that make costly investments in reporters, editors, and bureaus -- have responded by going where more and more readers are: on the internet. Today, most original news content can be found, for free, on publishers’ websites or licensed sites. However, originators face challenges: They must compete for internet viewers and advertising dollars with an array of third-party news services, often called “news aggregators,” that do no original reporting but instead copy and distribute news content from originator sites without permission. To protect their interest in the content they gather at a cost, originators are now asserting their rights in court, often through suits alleging “hot-news” misappropriation. This doctrine, nearly a century old, was for many years considered something of a historical oddity, but it has gained new relevance as timely news information has become valuable to a variety of digital platforms. However, a recent decision of the U.S. District Court for the Southern District of New York suggests that, in a world where many aggregators are copying the news content of one originator, one lawsuit may not be sufficient -- equitable principles may require originators to restrain misappropriation of their content by other parties as well. This article will review this suggested “duty to police” in Barclays Capital Inc. v., No. 06 Civ. 4908, 2010 WL 1005160 (S.D.N.Y. March 18, 2010), and its potential negative consequences for news originators. [Editor: quite interesting and useful]

Obama Technology Adviser Reprimanded For Ethics Violation (Washington Post, 19 May 2010) - A White House technology adviser hired from Google was reprimanded for improperly contacting former colleagues in violation of Obama administration ethics rules, a spokesman said. U.S. Deputy Chief Technology Officer Andrew McLaughlin, Google’s former head of global public policy, exchanged e-mails with “his former employer on topics within the scope of his official duties,” which is prohibited by President Obama’s ethics policies, Rick Weiss, a spokesman for the Office of Science and Technology Policy, said Tuesday in an e-mail. McLaughlin’s decision to join the administration last year highlighted connections between Google and the White House. Google chief executive Eric Schmidt, who backed Obama’s campaign for president, is part of Obama’s council of advisers on science and technology.

Cloud Service Users Face Confusing Legal Landscape (Network World, 18 May 2010) - Cloud computing has great benefits for businesses but legal uncertainties threaten to hamper adoption, said a group of lawyers speaking during a seminar in Seattle this week. “We will have to create a robust legal system and we will have to do it sooner rather than later and before we have the cloud computing equivalent of an offshore oil rig blowout,” said Barry J. Reingold, a partner at Perkins Coie in Washington, D.C. Lawyers speaking at the Law Seminars International event on Monday offered advice about the types of research companies should do before signing up for cloud services to make sure they can protect themselves from potential legal fallout. One of the most important issues facing companies that wish to store or process data in the cloud is determining which legal systems have jurisdiction over the data. “It’s a can of worms,” said Andy James, a lawyer with Osborne Clarke.

Connecticut Supreme Court Finds Call Records on Cell Phone Protected by Fourth Amendment (Steptoe & Johnson’s E-Commerce Law Week, 18 May 2010) -The majority of courts have held that telephone call records are not protected by the Fourth Amendment because those records are shared with third parties -- namely, the phone company. But the Connecticut Supreme Court recently distinguished those cases, finding in Connecticut v. Boyd that call records that are found on the cell phone itself are protected by the Fourth Amendment, and thus may be searched only with a warrant. This case would seem a likely candidate for U.S. Supreme Court review given its adverse impact on law enforcement. If it is not taken up by the High Court, it would likely be because the Connecticut Supreme Court ultimately upheld the trial court’s decision to admit the call logs on the ground that the seizure of the cell phone and the search of its contents were valid under the “automobile exception” to the Fourth Amendment’s warrant requirement.

Computer Network Attacks In U. S. Law and Doctrine (Media Law Prof Blog, 19 May 2010) - Paul Walker, U. S. Navy Judge Advocate General’s Corps, has published Rethinking Computer Network ‘Attack’: Implications for Law and U.S. Doctrine, forthcoming in the Journal of National Security Law & Policy. Here is the abstract: “Because much of current legal scholarship uncritically accepts either popular, hacker-based notions of computer “attacks” or the definition of “computer network attack” used in United States military doctrine, a critical approach to what constitutes an “attack” under international humanitarian law is needed. First making the case that the definition of “attack” in Article 49 of Additional Protocol I is customary international law, the article examines a number of methodologies that can provide the appropriate determination that an “act of violence” involving computers, computer networks or information systems has occurred. Of the three methodologies examined, the consequence-based method is the most appropriate. This methodology is applied to two information-based capabilities, distributed denial-of-service (DDoS) actions and chip-level actions, to determine whether or not these types of actions are, in fact, “attacks” under IHL. The article concludes that DDoS actions-- despite widespread belief to the contrary-- do not rise to the level of an attack under IHL. Chip-level actions may constitute IHL attacks if the foreseeable consequences involve death, injury to personnel, or destruction of property, which is the case for some, but by no means all, chip-level (and malicious software) actions. In calling for a more rigorous adherence to well-defined legal standards and definitions in the area of information-based warfare, the article concludes with a call to revise the United States definition of “computer network attack” in order to more closely adhere to the definition of attack under IHL.” SSRN link:

Microsoft to Give Governments Heads Up on Security Vulnerabilities (FCW, 19 May 2010) - Microsoft will share technical information on security vulnerabilities with some government organizations before it publicly releases security patches to help governments protect critical infrastructure. Government organizations that participate in both of two existing Microsoft programs designed to share security information with governments can get advance access to the vulnerability data through a new pilot program named the Defensive Information Sharing Program (DISP). Microsoft will start the pilot program this summer and begin the full program later this year, said Jerry Bryant, group manager, response communications for Microsoft, in an e-mail statement. Bryant said early access to that information would let the government organizations get an early start on risk assessment and mitigation. “This will allow members [of DISP] more time to prioritize creating and disseminating authoritative guidance for increasing network defensive posture actions,” Bryant said. DISP is one of two pilot programs that Stephen Adegbite, senior security program manager lead in the Microsoft Security Response Center, detailed in a blog post on May 17. Adegbite also described another program, the Critical Infrastructure Partner Program, to share with governments, insights on security policy such as approaches to help protect critical infrastructures.

Reducing the ESI Burden of Privilege Logs (, 20 May 2010) - Privilege logs were never a fun part of business litigation. There are few tasks more tedious than logging individual pieces of correspondence by date, author, recipients, subject matter, reason withheld, etc. In the era of electronically stored information, the creation of a document-by-document privilege log has gone beyond mere tedium to become one of the more costly elements of an ESI burden that, by itself, may be dissuading businesses from pursuing commercial litigation at all. Something has to be done, say many, or else the burden of ESI discovery will foreclose litigation as an option for resolving modestly sized disputes. The authors of a recent law review article, building upon the work of The Sedona Conference, think they have a solution.

How Social Media is Changing Government Agencies (Mashable, 20 May 2010) - While many government agencies still tend to employ the “broadcast” model when using social media, some are engaging through hashtags, community building initiatives, and geo-location analysis. These efforts are helping to better inform the public and alert them to public safety emergencies in real-time. A good recent example of this is how the team of energy companies and government agencies responding to the oil spill in the Gulf of Mexico are putting these strategies to use. Here are ways other government agencies, from local law enforcement to the National Weather Service, are seizing on these tools to improve their services. At the most basic level, social media is about community building. Government agencies have adopted this mindset to varying degrees as a way to foster trust and dialogue with people. “It is truly a national town hall that has never been attempted during a disaster,” said Commander James Hoeft of the U.S. Navy, who oversees the cleanup effort’s social media team. The idea has been implemented in parts of the U.S. government to varying degrees. In 2008, Admiral Thad Allen of the U.S. Coast Guard sent out a service-wide message saying, “[To] modernize the Coast Guard we must learn how to effectively use social media tools to enhance our ability to perform as a more transparent, change-centric organization.” The Coast Guard has since deployed a series of Flickr, YouTube and Twitter accounts, both at the headquarters and regional levels, as a part of The Coast Guard Compass. Some are better than others, with many serving simply as multimedia RSS feeds. But there are stars, like the Twitter feed for the Portsmouth, VA-based District Five, which discusses their latest coastal rescue operations.

Seventh Circuit Vacates Contempt for E-Mail Barrage (Citizen Media Law Project, 21 May 2010) - The Seventh Circuit Court of Appeals has vacated the summary contempt citation and sentence imposed by U.S. District Judge Robert Gettleman after his court e-mail account was inundated with messages after infomercial pitchman Kevin Trudeau urged his supporters to e-mail the judge. FTC v. Trudeau, No. 10-1383, slip op. (7th Cir. May 20, 2010). The appeals court vacated Judge Gettleman’s summary citation of Trudeau for contempt, and the imposition of a 30-day sentence, concluding that such summary contempt proceedings were limited to interference with court proceedings that a judge personally observes, and occurs within the physical boundaries of the court room. The Court noted that the goal of such a summary procedure, in which the judge simply declares someone in contempt and imposes a penalty, is to quickly resolve the disruption and proceed with the court’s business. “The record in this case is devoid of any suggestion that Trudeau’s summary punishment was necessary to restore the court’s ability to resume its duties. “No trial was being disrupted by a failure to comply with a court order.” And, while we credit the judge’s determination that the e-mails “imped[ed] [the court’s] means of communication and caus[ed] the necessity of a threat assessment,” he made no finding that immediate and summary punishment for Trudeau was necessary to solve his communication problems. . .” FTC v. Trudeau, slip op. at 12.

CFAA Can Protect Trade Secrets (NY Law Journal, 24 May 2010) - Despite the increased recognition by Congress on the importance of the protection of intellectual property in recent years, it has not seriously considered enacting a federal law protecting trade secrets and has instead focused on amending existing laws including criminal laws that protect intellectual property. Companies and their general counsel ... even when faced with a nightmarish situation when, for example, a number of individuals leave to join a competitor and take with them vitally important trade secrets ... have a variety of imperfect options as to how to proceed. They can report the theft to the local U.S. Attorney for investigation of violations of federal criminal laws, including the Economic Espionage Act. However, there is no assurance that federal authorities will open an investigation and, even if they do so, there is no guarantee that they will prosecute. Indeed, since the Economic Espionage Act was enacted in 1996, the federal government has prosecuted only slightly more than 50 cases. Alternatively or concurrently they can bring a civil action under state or federal law. While a civil action may offer some possibility of redress, state courts may not be equipped to deal with a sophisticated and extremely large and time-consuming theft of trade secrets and, while federal courts may be better equipped to deal with the issues, companies are often foreclosed from bringing an action in federal court because of lack of jurisdiction. In an attempt to get around this issue, companies have sought to establish federal jurisdiction by asserting a violation of the federal Computer Fraud and Abuse Act. Courts, however, are increasingly reluctant to find that the CFAA is a replacement for a federal trade secrets act ... even where the theft involves electronic information ... and have dismissed CFAA claims on the ground that the employee accessed the information with authorization. It is important for general counsel to be aware of this limitation and should institute a trade secret protection program that not only better protects the companies’ trade secrets and confidential information but includes steps that will increase the possibility that a federal court will find jurisdiction under the CFAA in the unfortunate, but increasingly likely event that an employee does steal or attempt to steal a company’s trade secrets. Before turning to the specific steps that a company can take including the outlines of a trade secret protection program, it is first important to understand the limitations of the CFAA and specifically the split between the “narrow” and “broad” view that has arisen in the context of theft of trade secrets.

State Department Moves from Telegrams to Wikis (ArsTechnica, 24 May 2010) - You might imagine the US State Department as a place awash in paperwork, a sprawling bureaucratic entity that encircles the globe and still passes information between its foreign missions with telegrams. And you would be right. But spurred by an overwhelming need to share and archive on-the-ground knowledge quickly, the State Department has also become a poster child for government use of wikis. Within 15 months of coming up with the idea, State rolled out a working MediaWiki install that it called “Diplopedia.” The site now has 10,000+ articles and receives more than 2,000 visits on an average day. This being a major government project, some changes had to be made—Linux was out, for instance, and “Don’t be a jerk” would “not work as a governance norm for a government agency.” A new paper (PDF), written by a former Diplopedia project lead and a Rice University professor, chronicles the genesis and growth of the wiki in fascinating detail. For instance, the paper makes clear that bringing a wiki into State wasn’t a matter of open source idealism as much as an attempt to solve a practical problem. “Foreign Service Officers (FSOs), who move around the globe, were expected to acquire a degree of expertise rapidly in each new job, but upon leaving the job, this knowledge could be lost,” write authors Chris Bronk and Tiffany Smith. “The organization did not have a strong system where prior job incumbents could be called upon to explain the intricacies of job process or subject matter... ‘How to?’ questions were among the most frequently asked, especially by junior staff.”

Harvard’s Paper Cuts -School Library Works to Maintain Stature in the Shift to Digital (Boston Globe, 24 May 2010) - The thin, tattered book, an 1899 dissertation on Homer, written in French, is tucked into one of the more than 40 shelves devoted to the epic poet in the stacks of Widener Library. Collecting obscure works like this one has helped Harvard amass the world’s largest university library. The 16.5 million volumes university wide span a range of esoteric topics, from the manuscripts of Ukrainian political leaders to the field notes of famous horticulturists. Harvard owns so many books, serials, and other items that it now houses nearly half of the collection in a climate-controlled warehouse 25 miles away in Southborough. But the days of accumulating every important title and artifact under the scholarly sun are over for Harvard’s labyrinthine system of 73 libraries. Facing an unprecedented budget crunch, the university cancelled print copies of more than 1,000 journal titles last year in favor of online subscriptions. And Harvard is turning toward other universities to collaborate and share acquisitions, all while trying to maintain its libraries’ stature in an increasingly digital world. Students can now sit in their dorms and order books directly from their computers to be delivered within 24 hours to the library of their choice from the Harvard Depository, a high-density storage facility where a forklift is required to fetch books from 30-foot shelves. In some cases, students can avoid the library altogether; materials can be downloaded or the library will scan relevant book chapters and e-mail them.

UK Law Firm Inks $852 Million Outsourcing Deal (, 25 May 2010) - Legal process outsourcing (LPO) company Integreon has entered into what it describes in a press release as the largest legal outsourcing deal ever, worth $852 million over 10 years, with British law firm CMS Cameron McKenna. The work covered by the agreement -- nonbillable support tasks such as accounting, human resources, marketing, training and information technology -- does not affect lawyers directly. The deal is not the first of its kind for Los Angeles-based Integreon, but it is the largest, according to the company. Integreon, which maintains outsourcing centers in India as well as in the Philippines and South Africa, has previously handled support services for Clifford Chance and DLA Piper. One notable aspect of Integreon’s agreement with CMS Cameron is the openness about the price tag. Most firms that turn to LPOs for discovery and other legal work ask not to be identified, much less have the value of their contracts disclosed. Thus, while rough estimates of the potential multibillion-dollar market for legal outsourcing have been bandied about for several years, the true scale of the industry has so far been hard to capture. That may be changing. John Croft, Integreon’s president of global sales, says CMS Cameron’s Weston had no problem making the contract’s value public: “He wanted his clients and potential clients to see that he was proactively going about the way he provided legal services to them.”

The 15 Funniest Tweets From The Fake BP Twitter Account (Business Insider, 25 May 2010) - Last week, one creative Twitter user began posting Tweets under the name “BPGlobalPR“. According to the WSJ, the fake account now has double the followers of the real BP corporate Twitter. Whoops. That’s a major PR fail. (BP knows about the account and isn’t laughing.) We’ve picked out some of the funniest ones for your viewing pleasure. Maybe they’ll take your mind off of all that very real oil spewing into the Gulf. [Editor: not funny, really; but does illustrate the power of the medium – more useful is the following.]

Oilaholic: Oil Spill Goes Real-Time (ReadWriteWeb, 4 June 2010) - A new mashup lets you track the BP oil spill news using Facebook, Twitter, Flickr and more, all from one interface. Called "Oilaholic," the site serves as a one-stop shop for everything oil spill-related, including the latest tweets, the live video cam feed from uStream, the latest Facebook news and Flickr photos, the hottest headlines from Google News and elsewhere on the web, a real-time "leak meter" feed (which is incredibly disturbing), a live chatroom for venting your frustrations after you look at the leak meter, plus links to useful resources including government agencies, volunteer efforts, phone numbers to call and more.

DHS Official: Cybersecurity Is Industry Responsibility (Tech Daily Dose, 25 May 2010) - A top Department of Homeland Security official said Tuesday that contractors that fail to live up to security requirements in federal technology contracts should be held accountable, even if the vulnerabilities originated in products or capabilities provided by suppliers, reported. In most business situations, “if we have a contractual arrangement and you fail [to meet the requirements], I have legal recourse,” said Richard Marshall, director of global cybersecurity management at DHS. “Why wouldn’t the same be true when the supply chain [is involved]? I’m buying a product from you, and you represent that it’s a product with the following characteristics. If you fail, I have a right to sue you.” Marshall spoke at the SecureAmericas conference in Arlington, Va., an event hosted by the cybersecurity provider International Information Systems Security Certification Consortium. He noted a number of examples where failures in the supply chain led to serious security implications, including a wave of hard drives infected with viruses that infiltrated the U.S. market from Asia in 2007 and a recent case in which thumb drives were shipped preinstalled with malicious software, eventually leading to the Defense Department imposing a temporary ban on the storage devices. “Buy from an authorized vendor and make sure that vendor has purchased from an authorized vendor,” Marshall advised. Federal technology and acquisition officials must write contracts that set specific expectations for how industry secures computer hardware and software, including assurances the products they purchase from suppliers and the development processes followed best practices.

Pentagon: Let Us Secure Your Network or Face the ‘Wild Wild West’ Internet Alone (Wired, 27 May 2010) - Companies that operate critical infrastructures and do not voluntarily allow the federal government to install monitoring software on their networks to detect possible cyberattacks would face the “wild” internet on their own and place us all at risk, a top Pentagon official seemed to say Wednesday. Defense Deputy Secretary William Lynn III, speaking at the Strategic Command Cyber Symposium in Nebraska, said we need to think imaginatively about how to use the National Security Agency’s Einstein monitoring systems on critical private-sector networks — such as those in the financial, utility and communication industries — in order to protect us. “Operators of critical infrastructure could opt in to a government-sponsored security regime,” Lynn said. Otherwise, “individual users who do not want to enroll could stay in the wild wild west of the unprotected internet.” Failure to protect the power grids, transportation system, or financial sector, he said, “could lead to physical damage and economic disruption on a massive scale.” Privacy and civil liberties groups, however, have raised concerns about the Einstein systems with regard to what information they would collect and share with the government and what oversight, if any, would be put in place to ensure that federal privacy and wiretapping laws are not violated. The Einstein programs are intrusion-detection and response systems developed by the National Security Agency. The government is in the process of deploying Einstein 2 to federal networks to inspect traffic for malicious threats, but there has been talk of deploying it to private-sector networks as well. Intrusion-detection systems are already a standard tool in the defense arsenal of private-sector businesses, and the government has been unclear about how its system surpasses those already available to companies.

Business Continuity, Not Data Breaches, Among Top Concerns for Tech Firms (Computerworld, 24 May 200) - Data security and breach prevention ranks low as a risk factor for most big technical companies, according to new research that identifies the most widespread concerns among the 100 largest U.S. public technology companies. The research, released by BDO, a professional services firm, examines the risk factors listed in the fiscal year 2009 10-K SEC filings of the companies; the factors were analyzed and ranked in order by frequency cited. Among security risks, natural disasters, wars, conflicts and terrorist attacks were cited by 55% of respondents as a risk concern and was 16th on the list, much higher than breaches of technology security, privacy and theft, which was mentioned by 44% of the companies, putting it at 23rd on the list. Aftab Jamil, leader of the Technology Practice at BDO, said he thought business continuity was driving worries about risks like natural disasters and conflicts. “I think it has to do not only with the general difficulty one might encounter as result, but also, at the end of the day, what they are concerned about is business continuity,” he said. “Can they get back on their feet relatively quickly? If you in the path of a hurricane or an oil spill, can you keep your business going?” Accounting, internal controls and Sarbanes-Oxley compliance is the 18th largest risk factor this year, according to the list. Jamil pointed to fears of market backlash or perception that could arise as a result of mistakes in complying with the regulations. “The core risk for companies is, should they have catastrophic failure on their part; be it fraud or error or misapplication of GAAP accounting rules, eventually if this leads to restatement of historical financials, there is not only the cost involved in handling that, but, more than that, there is market perception of what is going on,” said Jamil. “The taint that your reputation might suffer because of that is huge. It’s so easy to lose shareholder value because market reaction might be so negative to any issue that may arise.” However, despite its appearance in the top twenty, accounting, internal controls and Sarbanes-Oxley compliance fell in rank this year, likely reflecting the increased maturity of those regulations, said Jamil. While breaches of technology security, privacy and theft was only at 23rd on the list, it was a slight increase over last year, when 30% mentioned security breaches as a risk. (See Data Breach Disclosure Law, State by State.) Jamil said he was still surprised by its lower ranking. “Given all that is going with media attention being given to this issue, I thought it would inch up higher,” he said. “It would not surprise me if this particular risk factor becomes more prominent in future years. It’s not top-twenty, but it’s not far off from it either.”

FTC Postpones ‘Red Flags’ Identity Theft Rule (National Law Journal, 1 June 2010) - Under pressure from Congress, the Federal Trade Commission has agreed to postpone enforcement of its “Red Flags” rule that requires lawyers, doctors and other professionals to develop written identity theft prevention programs. Both the American Bar Association and the American Medical Association have sued the agency, arguing that imposing the identity theft rule requirements on their members is arbitrary, capricious and has no legally supportable basis. The rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring “creditors” and “financial institutions” to address the risk of identity theft. The FTC considers lawyers and other professionals to be creditors under the act, and required them to implement written identity theft prevention programs to detect the warning signs -- or “red flags” -- of identity theft in their day-to-day operations. Last August, the ABA, represented pro bono by Proskauer Rose, filed suit in U.S. District Court for the District of Columbia challenging the rule’s application to lawyers. In October, Judge Reggie Walton backed the ABA, saying the FTC had overreached and that applying the rule to lawyers was unreasonable. The FTC in February said it would appeal the decision. Last month, the American Medical Association sued the FTC in U.S. District Court, arguing the rule should not apply to physicians either. Sidley Austin‘s Frank Volpe is representing the AMA. On Friday the FTC announced that “as the request of several members of Congress,” it would delay enforcement of the rule until the end of the year.

End Zone to War Zone: Pentagon Wants NFL Tech for Battlefield Replays (Wired, 3 June 2010) - The Pentagon’s cribbing a play from Monday Night Football, adopting the same instant replay technology used during games to improve analysis of war zone video feeds. Harris Corporation, the company behind instant replay for professional football and baseball games, has teamed up with the military on an analysis system that’s already been deployed to several bases, reports Live Science. The system, called Full-Motion Video Asset Management Engine (FAME) uses “metadata” tags to encode important details — time, date, camera location — into each video frame. In a football game, those tags would help broadcasters pick the best clip to re-air, then explain, a play. In a war-zone, they’d help analysts watch video in a richer, easier-to-grasp context. And additional tags could link a video clip to photographs, cell phone calls, databases or documents. The final result turns war-zone footage into play-by-play video feed, with analysts becoming veritable game announcers: “One can then view data in ways as rich as depicted with football games on TV, which not only show what is happening from multiple angles, but the identity of teams, the current score, the line of the field where a play started, where the ball needs to go for first down, which quarter and down it is, time remaining, how many yards there are to go, as well as pop-up windows and scrolling data giving details on players and scores from others games and audio commentary detailing plays.”

Johanna Blakley: Lessons from Fashion's Free Culture (TED Talks, April 2010 at USC) - Copyright law's grip on film, music and software barely touches the fashion industry ... and fashion benefits in both innovation and sales, says Johanna Blakley. At TEDxUSC 2010, she talks about what all creative industries can learn from fashion's free culture. A commentator remarks: "In this 15-minute TED talk, Johanna Blakley addresses a subject alien to most here — fashion — but in a way sure to grab our attention. The lesson is about how the fashion industry's lack of copyright protection can teach other industries about what copyright means to innovation. And yes, she mentions open source software. There is one killer slide at 12:20 comparing the gross sales of low-IP-protection industries with those of films and books and music. If you want to know more, or if you prefer text, the Ready To Share project website should give you all the data you crave on the subject."

Tom Wujec: Build a Tower, Build a Team (TED, February 2010; 7 minute video) - Tom Wujec presents some surprisingly deep research into the "marshmallow problem" -- a simple team-building exercise that involves dry spaghetti, one yard of tape and a marshmallow. Who can build the tallest tower with these ingredients? And why does a surprising group always beat the average? [Editor: Resembles quite closely a knowledge management proof-of-concept exercise in KnowConnect’s service offering.]

**** RESOURCES ****
Protecting Anonymity and Association in Cyberspace (Media Law Prof Blog, 26 May 2010) - Minjeong Kim, Department of Journalism and Technical Communication, College of Liberal Arts, Colorado State University, has published The Right to Anonymous Association in Cyberspace: US Legal Protection for Anonymity in Name, in Face, and in Action, in volume 7 of SCRIPT-ed (2010). Here is the abstract: “
The Internet has become a communication medium of intense group interaction, and individuals with marginalised identities have used anonymity as a tool with which to participate in online interaction. In order to capture the full spectrum of the role that anonymity plays in cyberspace, I explore in this article the US constitutional right to anonymous association. I draw on the concepts of anonymity defined in the social science literature - identity protection, visual anonymity, and action anonymity - and analyse US case law regarding the right to anonymous association in both offline and online worlds. The examination suggests that (1) the right to anonymous association has been especially meaningful for those who are marginalised in society; (2) future courts - in light of established legal rules governing the right to anonymous association - must give careful consideration to the question as to who is seeking anonymity; (3) different concepts of anonymity have greater independence in cyberspace and, therefore, need to be distinguished by scholars and courts. Overall, the right to anonymous association in cyberspace can be understood as the positive right of individuals to control information about themselves in order to find and associate with others. The examined case law shows that strong support for such a right is embedded in the US legal tradition.”

Are 'Better' Security Breach Notification Laws Possible? (Prof. Jane Winn, Berkeley Technology Law Journal, 2009) - Security breach notification laws (SBNLs) may have succeeded in bringing the issue of inadequate information security to the attention of American consumers, but do not appear to be having much impact on the way that American businesses store and use sensitive personal information.  This failure is not surprising in light of the extremely limited scope of American SBNLs, which generally do not reinforce an underlying right to privacy but instead only mandate disclosure of information that is confusing and difficult for consumers to make use of.  While receiving repeated notices of security breaches might someday galvanize American public opinion to support stronger information privacy laws, that would be a remote and uncertain benefit from legislation that appears in the short term to penalize responsible businesses while being disregarded by unsophisticated and irresponsible ones.  Although businesses in possession of sensitive personal information are exposed to something like strict liability for security breaches, the vendors of the information technology systems that are vulnerable to breaches remain exempt from liability.  SBNLs generally commit no public resources to ensuring compliance, reducing the risk that non-compliance will be detected to near zero for many businesses.  Under such circumstances, most businesses have no economic incentive to comply with a law when compliance would be very costly.  Even though litigation claiming damages following a security breach notification has not been successful to date, the risk of being exposed to such litigation as a result of compliance further increases incentives for non-compliance.  This paper reviews the development of new governance approaches to regulation, including “responsive regulation,” “smart regulation” and “better regulation” and then applies new governance criteria to SBNLs to show why they are unlikely to have much impact on the information security policies of many American businesses.  This paper reviews the practical problems that any business faces when trying to secure large quantities of sensitive personal information, and outlines what a “better regulation” approach to information security regulation targeting sensitive personal information might include. Article on SSRN:

Google Announces Free Download of 10 Terabytes of Patents and Trademarks (BeSpacific, 3 June 2010) - Google Public Policy Blog: "When we launched Google Patent Search in 2006, we wanted to make it easier for people to understand the world of inventions, whether they were browsing for curious patents or researching serious engineering. Recently, we’ve also worked on a number of public data search features, as well as experimental features like the Public Data Explorer...That’s why we’re proud to announce that the USPTO and Google are making this data available for free at This includes all granted patents and trademarks, and published applications -- with both full text and images. And in the future we will be making more data available including file histories and related data."

**** FUN ****
Red Faces as Cambridge University Discovers it’s Not All Greek (The Times, 25 May 2010) - It is not as embarrassing as King Minos’s discovery that his wife had slept with a bull, nor as cringeworthy as Ares and Aphrodite being caught in an adulterous embrace in a golden net. However, Cambridge University was sheepish yesterday as it admitted that there was a spelling mistake in the inscription on the entrance to its new Classics department building. A set of glass doors at the entrance to the £1.3 million extension is inscribed with Aristotle’s quotation: “All men by nature desiring to know.” The typesetter made a small slip-up by entering the Roman letter “s” instead of the Ancient Greek letter sigma in the word “phusei” — meaning “by nature”. The university dispatched a sign-maker to scratch off the offending quotation yesterday as scholars highlighted the mistake. Mary Beard, Professor of Classics at Cambridge, noted the error in her blog on Timesonline, where she complained that the automated doors were so sluggish that they were causing queues of impatient classicists. “Even the gods have shown their disapproval in their own inimitable way,” she wrote.

BLOCKBUSTER, ENRON TEAM UP ON DEMAND-VIDEO Video rental giant Blockbuster is partnering with energy trader Enron to market a video-on-demand service using Enron's nationwide state-of-the-art fiber-optic network. The 20-year alliance will allow consumers with high-speed Internet access and a special TV set-top box to order movies over their TVs and PCs at their convenience. Although only a couple of million households currently have broadband Internet access, Blockbuster is hoping to quickly dominate the nascent market by capitalizing on its brand, its 65 million customers, and its entrenched relationships with movie studios. Meanwhile, Enron is angling to become a major player in broadband Internet access: "Enron is the leader of the pack and I think this could be the beginning of streaming of content over its network," says a PaineWebber analyst. "Signing a company like Blockbuster is a reassuring signal of the validity of their strategy." (Los Angeles Times 20 Jul 2000)

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at  (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley ( with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at Get supplemental information through Twitter:

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. InsideHigherEd - 
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog,
11. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit  or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: