Saturday, July 17, 2010

MIRLN --- 27 June – 17 July 2010 (v13.10)

·      Cybersecurity Insurance: Many Companies Continue to Ignore the Issue
·      Twitter Settles with FTC Over ‘Happiness’ Breach
·      Court’s Ruling Gives Shot In The Arm To Companies With Network Breaches
·      Steps to ‘Internet-Proof’ Your Cease and Desist Letter
·      For $1.99, a (Legal) Song to Add to YouTube Videos
·      Honorable Technology
·      Being Wrong About My Laptop-Only Office
·      National ID Management Plan Draft Short on Details
·      Another Large Firm Unveils an iPhone App
·      Lawyer Uses Web to Sort Through Jury Pool
·      Court Affirms An ISP Is Not Joe Friday Just For Patrolling Its Own Turf
·      Federal Rules On Campus File Sharing Kick In Today
·      Cyberwar: It Is Time for Countries to Start Talking About Arms Control on the Internet
o   War In the Fifth Domain: Are the Mouse and Keyboard the New Weapons of Conflict?
·      How Social Media Has Prepared Us for Collaborative Business
·      Mediation In Thomas-Rasset Case Fails, RIAA Hit With Bill
·      Microsoft Opens Source Code to Russian Secret Service
o   NSA Cyber-security Program Details Revealed
·      National Archives Announces Launch of New “Our Archives” Wiki
·      2010 ABA Legal Technology Survey
·      Opinion: 3 Reasons to Kill the Internet Kill Switch Idea
·      Social Media Use in the Workplace on the Rise
·      Florida Law Firms Protest Bar’s Online Ad Rules
·      HHS Issues Security Guidance on Risk Analysis
·      Bluetooth at Heart of Gas Station Credit-Card Scam in Southeast
·      Council of Europe Adopts Simplified Rules For VAT Invoicing
·      Jewish Law and Copyright
·      eBay Venue Selection Clause Upheld in Texas
·      High Court Privacy Ruling Finds Way Into Sunshine Law Case
·      Blackboard’s Bid to Galvanize E-Texts
·      No More Vacation: How Technology Is Stealing Our Lives


Cybersecurity Insurance: Many Companies Continue to Ignore the Issue (Pittsburgh Post-Gazette, 22 June 2010) - After a year of high-tech breaches at some of the nation’s biggest companies, a provision in a Senate bill calls on the White House to encourage a market for cybersecurity insurance to protect businesses from debilitating costs brought on by hacking and compromised information. The bill, introduced by Sens. Jay Rockefeller, D-W.V., and Olympia Snowe, R-Maine, says the president or his appointee must report to Congress on “the feasibility of creating a market for cybersecurity risk management” one year after the bill’s passing. But a crashed server policy is not as easy to write as a crashed car policy. Many businesses are deterred by an application process described as appropriately exhaustive but forever imprecise. The process is complicated by the tricky nature of monetizing data. Web experts always have held that “information wants to be free.” But how much is it worth when it’s stolen? Companies lost an average of $234,000 per breach in 2009, a recent report by the Computer Security Institute in New York found. But a report released last Tuesday by the Carnegie Mellon CyLab found that 65 percent of its Fortune 1,000 respondents were not reviewing their companies’ cybersecurity policies. Jody Westby, a researcher who worked on the CyLab report that indicated board negligence, said the insurance provision in the cybersecurity bill was a mandate by an ill-informed Congress. “This is interventionist, regulatory, heavy-handed action by Congress,” said Ms. Westby from an technology best practices conference in Burkina Faso, West Africa. “This isn’t anything that Congress is going to fix,” she said. “It’s something boards in America need to fix.”

Twitter Settles with FTC Over ‘Happiness’ Breach (Wired, 24 June 2010) - Twitter has agreed to implement a new security program and submit to a security audit from a third party as part of a settlement agreement with the Federal Trade Commission over breaches the micro-blogging service experienced in 2009 that put its customers’ privacy at risk. One of the breaches allowed hackers to take over high-profile Twitter accounts, including then-President-Elect Barack Obama’s and the official feed for Fox News, and view personal information of the account holders as well as send out fake messages through the accounts. Twitter will not have to pay a fine in the settlement, but the company is prohibited from “misleading consumers about the extent to which it maintains and protects the security, privacy and confidentiality of nonpublic consumer information, including the measures it takes to prevent authorized access to information and honor the privacy choices made by consumers.” Twitter was breached in January 2009 after a teenage hacker obtained access to the administrative account of one of its employees. The employee had used a weak password — “happiness” — which the intruder easily discovered by using an automated password-guessing tool to crack it. The hacker, who goes by the handle GMZ, told Threat Level at the time that cracking the password was easy because Twitter allowed an unlimited number of rapid-fire log-in attempts to be conducted on accounts. Twitter said at the time that 33 high-profile accounts were compromised, but in a statement about the settlement published on its blog on Thursday, it said 45 accounts were affected. Twitter co-founder Biz Stone told Threat Level after the January 2009 breach that the company was addressing the security issues that allowed the breach by doing “a full security review on all access points to Twitter. More immediately, we’re strengthening the security surrounding sign-in. We’re also further restricting access to the support tools for added security.” The FTC chastised Twitter for its lax security. “When a company promises consumers that their personal information is secure, it must live up to that promise,” David Vladeck, director of the FTC’s Bureau of Consumer Protection, said in a statement about the settlement.

Court’s Ruling Gives Shot In The Arm To Companies With Network Breaches (Steptoe & Johnson’s E-Commerce Law Week, 26 June 2010) - A recent decision by a federal court in Illinois in Devine v. Kapasi provides more ammunition for companies seeking a viable cause of action against those who obtain unauthorized access to their networks. The court ruled that a “facility through which an electronic communication service is provided” can legitimately file suit under the Stored Communications Act (SCA) (18 U.S.C. § 2701, et seq.) when it is breached, even if that facility does not provide such services to the public. In other words, the court made clear that a private server also falls under the umbrella of the SCA prohibition on unauthorized access. The ruling also underscores how the SCA can serve as a complement to, or substitute for, the Computer Fraud and Abuse Act (CFAA). Indeed, as the Plaintiffs saw first-hand in this case, most private sector plaintiffs making a CFAA claim suffer the disadvantage of having to prove a statutory threshold of damage “aggregating at least $5,000 in value.” A cause of action under the SCA has no such threshold.

Steps to ‘Internet-Proof’ Your Cease and Desist Letter (Eric Goldman’s blog, 28 June 2010) - I posted a ways back at Avvo’s blog about how the internet increasingly affects litigation by shining the light on abusive lawsuits or those that overreach. I didn’t mention something related that has become fairly common, and that’s the mockery of cease and desist letters by the internet. It seems like not a week goes by without someone sending an ill-advised cease and desist letter that the internet enjoys a good laugh over. Last week’s example was brought to you by the National Pork Board and its lawyers, who decided that ThinkGeek’s “Canned Unicorn Meat” (released on April 1) infringed on NPB’s “The Other White Meat” family of trademarks. (ThinkGeek: “Officially Our Best-Ever Cease and Desist.”) D.C. Toedt has a post titled “Cease-and-desist letters: Five ways to keep your client and yourself from looking foolish“ that provides some helpful steps you can take to avoid NPB’s plight:
1. Think about whether sending the letter is such a good idea.
2. Consider what the other side might do for a counter-attack.
3. Skip the histrionics – just the facts, ma’am.
4. Never threaten to sue – when the time comes, just do it.
5. Don’t set a compliance deadline, nor demand a written response.
That’s pretty sage advice that people often seem to ignore. Cease and desist letters should also be relatively short and to the point. You obviously want to be right on the facts and the law, but rare is the opponent who will be cowed into submission by extensive citations coupled with wonderful lawyerly prose. If it does not achieve compliance, it ends up being a way to sink a bunch of lawyer time into a letter that does not result in much. Often, a cease and desist letter to a lawyer becomes what a confirmation hearing is to a senator: an opportunity to drone on. (Cease and desist letters often serve other purposes, such as putting the other side on notice, revoking an implied license, etc.) On the other hand, a well-written response could sway the other side. Since the party who is sending the cease and desist will almost always see the response, a thoughtful response is an opportunity to demonstrate why the demands in the letter are out in left field. Increasingly, lawsuits play out in the public arena, so it’s also worth looping in the PR/messaging folks at the early stages (i.e., before you send the letter). If the recipient posts your letter and mockery ensues, you probably skipped one of the steps outlined in the post, but in any event, it would be helpful to have something articulating your rationale and position already out there or ready to go. Of course, when all else fails, you could always try to assert a copyright in your letter (to prevent its reproduction), but that’s just inviting further ridicule.

For $1.99, a (Legal) Song to Add to YouTube Videos (NYT, 28 June 2010) - You’ve shot the video and edited it down. It’s ready for YouTube. But what about the soundtrack? Publishing a video with copyrighted music requires a license for the song. And securing that can be a cumbersome task — track down the record label, make a deal — especially for amateurs just looking to post a video of the family vacation. But on Tuesday, the music licensing company Rumblefish is introducing a service that allows users to buy a license to a copyrighted song for $1.99. For that price, the user gets the full version of the song and can edit it as well. The new service, Friendly Music, can be used only for noncommercial purposes — like posting family or wedding videos online. Any commercial purpose, like including it in a video intended to sell a product, requires a different license. Friendly Music will offer access to more than 35,000 songs, though none of them come from the four major labels. The company says that it hopes to have deals with what it is calling name artists in the coming months.

Honorable Technology (InsideHigherEd, 28 June 2010) -”It’s not honors English. It’s honorable English,” said Mr. McCann of La Jolla High School in 1979. Three thousand miles away and 30 years later, this principle is still true. So true that Mr. McCann’s wisdom has become something of a motto for Macaulay Honors College. Beyond just honors classes or programs, the concept of honorable behavior is one that is essential for all students -- but too often relegated to a page in the student handbook or a mandated paragraph on a syllabus forbidding plagiarism. What is missing from such notifications is a comprehensive, ethical, and honorable approach to teaching and learning, especially when technology is involved and is as crucial to a program as it is to ours. This is something we learned the hard way. All Macaulay students are provided with laptops and digital cameras as part of their honors scholarships. But we don’t just give out tech gifts and run. Our core belief is that, like scholars and explorers throughout history, students should make use of the latest, most innovative, productive tools of their age and understand that tools by themselves are not value-free. Although a student’s laptop is not a tool on the order of magnitude of an atomic bomb, the principle is the same: With power, greater or lesser, comes responsibility. So we work with students from the moment they are handed their laptops to train them and to challenge them to understand the power they hold.

Being Wrong About My Laptop-Only Office (InsideHigherEd, 28 June 2010) - I’m in the middle of Being Wrong: Adventures in the Margin of Error, by Kathryn Schulz, so everything I write this week is going to be strongly influenced by this amazing book. The big message of Being Wrong, so far, is that we should embrace error. Embrace our own and other people’s errors, as it is only through being wrong that we learn anything. Schultz laments that we all too often fail to utter the simple words, “I was wrong” -- almost always attaching a caveat or explanation. She thinks we’d all be better off, both as people and as a people, if we figured out how turn our inability to get it right into a virtue as opposed to a vice. Think you are good at admitting your errors? Fine. Tell us specifically the last time you were wrong about something? Or tell us the kind of thing you are often wrong about? It’s actually pretty hard. So in the spirit of “Being Wrong,” I want to share with you my idea for how I want to arrange my new office. This week I’m changing my physical location for a new gig at my college (more on that later), and I have this idea about how I want my new office to be set-up. Having read Snoop: What Your Stuff Says About You, by Sam Gosling, I know all too well how one’s office setup sends a message about the image of ourselves we wish to project. [Editor: embracing error is key in knowledge management; the hospital where my mother died advertised a staff learning program with a poster “Never Waste a Great Mistake!” (which I took in the right way). More on KM here.] [PPS: I’m editing MIRLN in a laptop-only office right now – the backyard garden.]

National ID Management Plan Draft Short on Details (NextGov, 28 June 2010) - A draft of a national plan to manage identities on the Internet that the Obama administration released on June 25 advocates using standard credentials to prove individuals’ identities online, including making sure devices and software are legitimate, but some cyber experts say the policy still leaves open security and privacy issues. As promised, White House cybersecurity coordinator Howard Schmidt announced the release of the National Strategy for Trusted Identities in Cyberspace, which will act as a “a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.” The proposed strategy, which the Homeland Security Department posted online for public comment, would allow individuals to choose voluntarily to obtain a “secure, interoperable and privacy-enhancing credential,” such as a smart identity card, from a variety of public and private services. The credential would authenticate the user while conducting different types of online transactions, Schmidt said. The plan does not advocate a national identification card, he noted, but rather “an ecosystem of interoperable identity service providers” that provide individuals with a choice of credentials that can be used to securely access electronic health records, conduct online banking, purchase items over the Internet, or send an e-mail, for example. Users will have more control of the private information used to authenticate themselves online, Schmidt said, and generally will not have to reveal more than is necessary to do so. But the plan leaves unanswered some critical questions, federal information technology experts said. “The concern is the process associated [with] who is validating who,” which is not clearly defined in the plan, said Karen Evans, former administrator for e-government and information technology at the Office of Management and Budget during the George W. Bush administration. Evans said the same issue arose when the [public key infrastructure] emerged as a way to create, manage, distribute, revoke digital certificates, and when the Bush administration began implementing Homeland Security Presidential Directive 12, which established a common identification standard for federal employees and contractors to access government buildings and computers. Evans also is member of the Commission on Cybersecurity for the 44th Presidency, which the Center for Strategic and International Studies created in October 2007 to advise incoming presidents on cybersecurity issues. Processes for validating identities must be clearly defined and effectively address privacy concerns, she said, referencing a lawsuit employees of the California Institute of Technology’s Jet Propulsion Laboratory filed against NASA. They claimed background investigations required for HSPD-12 violated their constitutional right to privacy. The case is currently before the Supreme Court. Evans agreed with public comments posted in response to the strategy that warned against centralization and reinventing the wheel. One person argued, “A single centralized identity is inherently less secure than a dozen identities, because it creates a single point of failure,” and another advocated enforcing “existing open source initiatives that already are known to work, including the e-mail encryption standard [Pretty Good Privacy] and OpenID,” the standard for authenticating users online.

Another Large Firm Unveils an iPhone App (Robert Ambrogi, 29 June 2010) - Following on the heels of Morrison & Foerster and its launch of an iPhone app in March, the Boston-based AmLaw 200 firm Goulston & Storrs this week came out with an iPhone app of its own. While the MoFo app had the clever name, MoFo2Go, the G&S app is rather blandly dubbed, Goulston & Storrs News Application. Compared to the MoFo app, the G&S app is also rather bland in its execution. While the MoFo app lets one view attorneys’ bios, explore the firm’s offices, follow firm news, and even play a pretty neat game, the G&S app is nothing more than a news feed, with tabs for advisories, press releases and publications put out by the firm. At least the price is right: free.

Lawyer Uses Web to Sort Through Jury Pool (ABA Journal, 1 July 2010) - Paralegals carrying laptops equipped with 3G and wireless cellphone lines accompany Los Angeles County plaintiffs lawyer Paul Kiesel to court when it’s time to pick a jury. Providing that they can pick up a signal, the workers do real-time social media searches while the clerk reads the names of jury panel members. In Los Angeles County, how jury panel members’ names are released is left to the judge’s discretion. On big cases, Kiesel says, the court might release names the evening before selection begins. But more commonly, counsel finds out who is on the panel as the members walk in. “Last month I had 50 jurors, and as the court clerk read out the names, I had two people in the courtroom and a third person back at the office, with all three of them doing research,” says Kiesel, a partner with Kiesel, Boucher & Larson. Junior lawyers also assisted, and Kiesel estimates the social media research for that case cost less than $5,000. or the most part, state courts allow lawyers to bring laptops into court rooms, but Googling the jury panel isn’t what they have in mind, says Paula Hannaford-Agor. She directs the Center for Jury Studies at the National Center for State Courts. “It’s hard to make a broad generalization, but it’s fair to say the bench is more protective of juror privacy,” she says, adding that online snooping “tends to creep jurors out when they’re aware of it.” Kiesel says no judge has banned him from using the Internet in jury selection. That sort of mandate, he adds, would violate the First Amendment. Hannaford-Agor allows that the searches would be hard to police. “This is a really fluid area right now, and no one in the legal community is adequately keeping up with the technology or some of the implications,” she says. “So if you call me again in six months, I might have a different answer.”

Court Affirms An ISP Is Not Joe Friday Just For Patrolling Its Own Turf (Steptoe & Johnson’s E-Commerce Law Week, 1 July 2010) - The Fourth Circuit recently concluded in U.S. v. Richardson that an Internet service provider’s screening of users’ communications for images of child pornography did not make it an agent of the government, and thus did not implicate the Fourth Amendment. Even though federal law requires ISPs to report any “apparent” child pornography that they come across, the court reasoned, this reporting obligation does not require or even encourage ISPs to go looking for such material. The decision leaves open the question of what other actions by the government to encourage reporting, or to influence the manner in which screening is done, might cross the line and turn ISPs into government agents. These questions are relevant not just to reporting of child pornography, but to other areas in which the government might urge, or even require, communications providers to screen packets that cross their networks, such as in an effort to detect malware or copyrighted material.

Federal Rules On Campus File Sharing Kick In Today (CNET, 1 July 2010) - Frat parties and free music have been among the perks of attending college in the United States during the past decade. But now the days of using fat campus bandwidth to download movies and music via file-sharing networks appear to be coming to an end. Thursday is the deadline for colleges and universities that receive Title IV federal aid to have implemented antipiracy procedures on their campuses as part of the Higher Education Opportunity Act (HEOA) of 2008. HEOA, which was backed by the movie and music industries, addresses a lot of different facets of higher education, but tucked in there are provisions that require schools to adhere to guidelines on illegal file sharing. They include:
 • Providing students a description of copyright law and campus policies with regards to violations of copyright law.
• Combatting copyright violations on campus networks using technology-based deterrents.
• Offering alternatives to illegal downloading.
In the past year, schools across the country have tried to comply by implementing new procedures and technologies.

Cyberwar: It Is Time for Countries to Start Talking About Arms Control on the Internet (The Economist Cover Story, 1 July 2010) - Throughout history new technologies have revolutionised warfare, sometimes abruptly, sometimes only gradually: think of the chariot, gunpowder, aircraft, radar and nuclear fission. So it has been with information technology. Computers and the internet have transformed economies and given Western armies great advantages, such as the ability to send remotely piloted aircraft across the world to gather intelligence and attack targets. But the spread of digital technology comes at a cost: it exposes armies and societies to digital attack. The threat is complex, multifaceted and potentially very dangerous. Modern societies are ever more reliant on computer systems linked to the internet, giving enemies more avenues of attack. If power stations, refineries, banks and air-traffic-control systems were brought down, people would lose their lives. Yet there are few, if any, rules in cyberspace of the kind that govern behaviour, even warfare, in other domains. As with nuclear- and conventional-arms control, big countries should start talking about how to reduce the threat from cyberwar, the aim being to restrict attacks before it is too late. Cyberspace has become the fifth domain of warfare, after land, sea, air and space (see article). Some scenarios imagine the almost instantaneous failure of the systems that keep the modern world turning. As computer networks collapse, factories and chemical plants explode, satellites spin out of control and the financial and power grids fail. That seems alarmist to many experts. Yet most agree that infiltrating networks is pretty easy for those who have the will, means and the time to spare. Governments know this because they are such enthusiastic hackers themselves. Spies frequently break into computer systems to steal information by the warehouse load, whether it is from Google or defence contractors. Penetrating networks to damage them is not much harder. And, if you take enough care, nobody can prove you did it.

- and -

War In the Fifth Domain: Are the Mouse and Keyboard the New Weapons of Conflict? (The Economist, 1 July 2010) – At the height of the cold war, in June 1982, an American early-warning satellite detected a large blast in Siberia. A missile being fired? A nuclear test? It was, it seems, an explosion on a Soviet gas pipeline. The cause was a malfunction in the computer-control system that Soviet spies had stolen from a firm in Canada. They did not know that the CIA had tampered with the software so that it would “go haywire, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds,” according to the memoirs of Thomas Reed, a former air force secretary. The result, he said, “was the most monumental non-nuclear explosion and fire ever seen from space.” This was one of the earliest demonstrations of the power of a “logic bomb”. Three decades later, with more and more vital computer systems linked up to the internet, could enemies use logic bombs to, say, turn off the electricity from the other side of the world? Could terrorists or hackers cause financial chaos by tampering with Wall Street’s computerised trading systems? And given that computer chips and software are produced globally, could a foreign power infect high-tech military equipment with computer bugs? “It scares me to death,” says one senior military source. “The destructive potential is so great.” After land, sea, air and space, warfare has entered the fifth domain: cyberspace. President Barack Obama has declared America’s digital infrastructure to be a “strategic national asset” and appointed Howard Schmidt, the former head of security at Microsoft, as his cyber-security tsar. In May the Pentagon set up its new Cyber Command (Cybercom) headed by General Keith Alexander, director of the National Security Agency (NSA). His mandate is to conduct “full-spectrum” operations—to defend American military networks and attack other countries’ systems. Precisely how, and by what rules, is secret.

How Social Media Has Prepared Us for Collaborative Business (Mashable, 6 July 2010) - While Facebook and Twitter are often cited as distractions for employees, the networks’ immediacy, collaboration and community offer great hope for business. Today, a massive technological shift is underway — led for the first time by employees — to bring these benefits to the workplace. And this change has happened only very recently. Facebook has surpassed 400 million active users in just six years and Twitter counted 105 million registered users in just four. These networks have trained a generation for a new style of collaboration through profiles, status updates, groups, feeds, lists and filters. As such, they have changed our expectations of how we should be able to connect with others and collaborate in real-time. But when we come to work, we throw all of this out the window. The concept of immediacy doesn’t exist here, and arguably, this is where it matters most. Many businesses are stuck in the past, using antiquated technologies that were put in place before the web even existed. For new graduates entering the workplace, it’s counterintuitive to have to revert to these slow forms of collaboration. As a result, we are more productive with our personal networks than we are with our colleagues and customers. Why shouldn’t we expect real-time collaboration at work? Business happens in real-time. Market shifts happen in real-time. Data changes in real-time. Why shouldn’t collaboration and learning in business happen in real-time, too? That question is the inspiration for new social tools entering the workplace that have the same look and feel as Facebook or Twitter. These social tools offer a new way to collaborate with people at work that is private, secure and relevant to business. Because we all use the public networks, there’s no learning curve. Instead of following friends or celebrities, you follow people on your team, the activity in your top customer accounts, your new marketing campaigns, and your critical business documents. You’re able to gain the insights you need from a real-time feed, all within a completely secure environment. And because these new social tools are based on the web, you can access them from anywhere, whether you’re on your laptop, iPad or iPhone. Imagine Facebook and Twitter-style collaboration in the workplace:
Social Tools in Your Work Life
Post photos from the BBQ last Saturday and it will show up in the feeds of your friends and family.
Post the new sales presentation you’ve updated, and it will show up in the feeds of your colleagues.
Collaborate with friends to plan a camping trip for next month.
Collaborate with colleagues to prepare for the big customer meeting next week.
You follow @tylerflorence or @gdelaurentiis on Twitter for cooking tips.
You follow experts in your company for tips on how to best close deals or find industry expertise.
You follow @Starbucks on Twitter for the latest deals and customer service.
You follow important customer accounts to be sure issues and open items are resolved.
You post questions to your Facebook wall or Twitter feed to get recommendations and insight from friends and industry experts.
You post questions to your company network to receive advice and relevant documents from your colleagues across all departments.

Mediation In Thomas-Rasset Case Fails, RIAA Hit With Bill (ArsTechnica, 7 July 2010) - Minnesota’s top federal judge, Michael Davis, certainly seems like a man who just wants the (in)famous Jammie Thomas-Rasset peer-to-peer file-sharing case on his docket to just go away. And the recording industry, which has prosecuted Thomas-Rasset through one name change, two trials, and three years, appears to be under the distinct impression that it’s getting picked on. Thomas-Rasset was the first P2P user in the US to take her copyright infringement case all the way to a federal trial, where she was found liable for $222,000 in damages. After the trial ended, Judge Davis tossed the verdict and granted Thomas-Rasset a new trial on the grounds that one of his jury instructions was flawed. That second trial again found Thomas-Rasset liable, and jurors upped the damages to a shocking $1.92 million for the 24 songs at issue in the case. This time, Davis ruled the amount “monstrous” and slashed it to $54,000. The RIAA could take that amount or it could choose a third trial, limited to the issue of damages. It chose a third trial. But instead of letting the case play out, Davis in June 2010 ordered the parties to meet with a Minneapolis arbiter to hash out their differences. When Davis ordered both sides into mediation again last month, lawyers on both sides must have practiced their eye-rolling skills. What was the point? But Davis also noted something specific and unusual in his June 18 order: the arbiter would be paid $400 per hour, and “the fees incurred for the settlement proceedings shall be paid by Plaintiff.” That is, by the recording labels.

Microsoft Opens Source Code to Russian Secret Service (ZDnet, 8 July 2010) - Russian publication Vedomosti reported on Wednesday that Microsoft had also given the Russian Federal Security Service (FSB) access to Microsoft Windows Server 2008 R2, Microsoft Office 2010 and Microsoft SQL Server source code, with hopes of improving Microsoft sales to the Russian state. The agreement will allow state bodies to study the source code and develop cryptography for the Microsoft products through the Science-Technical Centre ‘Atlas’, a government body controlled by the Ministry of Communications and Press, according to Vedomosti. Microsoft Russia president Nikolai Pryanishnikov told Vedomosti that employees of Atlas and the FSB will be able to share conclusions about Microsoft products. The agreement is an extension to a deal Microsoft struck with the Russian government in 2002 to share source code for Windows XP, Windows 2000 and Windows Server 2000, said Vedomosti. A senior security source with links to the UK government told ZDNet UK on Wednesday that the 2002 deal was part of Microsoft’s Government Security Program. NATO also signed up, said the source. Having a number of different governments with access to Microsoft code meant it was possible that a government could find holes in the code and use it to exploit another nation-state’s systems, said the source. Cambridge University security expert Richard Clayton told ZDNet UK on Thursday that opening up source code leads to a complex security situation. While a view of the code could enable a government to find security holes that the state could use to launch attacks against other nation states, it is possible to find holes in software without having access to the source code, said Clayton.

- and -

NSA Cyber-security Program Details Revealed (eWeek, 9 July 2010) - In response to a report in the Wall Street Journal, the National Security Agency revealed some information about its plans for “Perfect Citizen,” which it described as a research and engineering effort around vulnerability assessment and capabilities development. The National Security Agency revealed some information about the nature of its “Perfect Citizen” cyber-security program after a report about the agency’s plans surfaced in the media. While the agency is unwilling to confirm or deny some details of the Wall Street Journal article, the agency described Perfect Citizen as a “vulnerabilities-assessment and capabilities-development” effort, and stressed that there is no monitoring activity involved. “Specifically, it does not involve the monitoring of communications or the placement of sensors on utility company systems,” NSA spokesperson Judith Emmel said in a statement. “This contract provides a set of technical solutions that help the National Security Agency better understand the threats to national security networks, which is a critical part of NSA’s mission of defending the nation.” Defense contractor Raytheon was reported by the Journal to have received the contract for the project. According to the Journal, Perfect Citizen would involve placing sensors across a variety of computer networks belonging to government agencies and private sector companies involved in critical infrastructure in order to protect against cyber-attacks. The focus would be large, typically older systems designed without Internet connectivity or security in mind, the Journal reported.

National Archives Announces Launch of New “Our Archives” Wiki (BeSpacific, 9 July 2010) - The National Archives announces the launch today of its first public wiki called “Our Archives” on Wikispaces located at: “Our Archives” provides a collaborative space for members of the public, researchers, and staff to share knowledge about National Archives records, resources and research. The wiki is an opportunity for researchers, historians, archivists, and citizen archivists to work together to create pages on specific records or topics as well as to share information and resources to connect with other researchers.”

2010 ABA Legal Technology Survey (e-Discovery Insights, 9 July 2010) - Nothing like a Friday afternoon to examine six volumes of law & technology statistics from the ABA. I was somewhat amused when I accessed their page and discovered that they’d received an endorsement - from yours truly. Somebody apparently liked something I said about last year’s survey and quoted me. The ABA provided me with some excerpts, so I reviewed them and picked out a few that I thought would be of interest.

Opinion: 3 Reasons to Kill the Internet Kill Switch Idea (Bruce Schneier, 9 July 2010) - Last month, Sen. Joe Lieberman, I-Conn., introduced a bill that might -- we’re not really sure -- give the president the authority to shut down all or portions of the Internet in the event of an emergency. It’s not a new idea. Sens. Jay Rockefeller, D-W.Va., and Olympia Snowe, R-Maine, proposed the same thing last year, and some argue that the president can already do something like this. If this or a similar bill ever passes, the details will change considerably and repeatedly. So let’s talk about the idea of an Internet kill switch in general. It’s a bad one. Security is always a trade-off: costs versus benefits. So the first question to ask is: What are the benefits? There is only one possible use of this sort of capability, and that is in the face of a warfare-caliber enemy attack. It’s the primary reason lawmakers are considering giving the president a kill switch. They know that shutting off the Internet, or even isolating the U.S. from the rest of the world, would cause damage, but they envision a scenario where not doing so would cause even more. That reasoning is based on several flawed assumptions. [Editor: As usual, I find Schneier’s reasoning sound and useful.]

Social Media Use in the Workplace on the Rise (Mashable, 12 July 2010) - A new study from Trend Micro shows that more workers around the globe are using social networks while in the office and on the clock. The survey took a look at the habits of 1,600 Internet users from the U.S., UK, Germany and Japan and found that over the past two years alone, social web use in the workplace has risen from 19% to 24%. In Germany specifically, social media use at work saw a 10% increase. It’s still unclear whether this gradual but significant rise is being used to drive our businesses ahead, or if we’re instead wasting our companies’ time and money — a distinction that’s especially important to managers concerned with network security and productivity issues. For workers on laptops, these numbers are even higher — 8% globally and 14% in Germany. All told, almost a third of laptop users around the world will use social websites while at work. A company’s size also seems to make a difference whether or not employees will use social sites while at work. Especially in the U.S. and Japan, workers at larger companies are more likely to stay off social networks — perhaps due to firewalling or other forms of restricted access. In the UK and Germany, however, employees at big companies are slightly more likely to browse the social web while at the office.

Florida Law Firms Protest Bar’s Online Ad Rules (, 12 July 2010) - While the American Civil Liberties Union and other nonprofit legal groups have been declared exempt from a strict proposal for regulating lawyer websites, Florida’s largest law firms are starting to band together to protest the regulations, largely on First Amendment grounds. Facing protests, lawsuits and threats of more lawsuits from lawyers, The Florida Bar has postponed rules that were to take effect July 1. The Florida Supreme Court is allowing lawyers to file comments about the proposal by 
Aug. 16. The new rules would have barred online testimonials, summaries of case results and “deceptive, misleading, manipulative” or confusing audio or visual content. The Bar, facing protests that the rules were overly vague and unfair, offered a compromise amendment that would allow existing sites to be viewed if visitors clicked a disclaimer box. Florida already is acknowledged to have some of the toughest rules in the nation for lawyer advertising. Many lawyers consider the latest version of online regulations a violation of their First Amendment right to free speech. Additionally, some lawyers complain that a disclaimer box could scare away or discourage viewers, including potential new clients. The Washington consumer advocacy group Public Citizen has sued The Bar over the proposed rules. In a May 13 letter to the Bar, the ACLU of Florida stated it had no intention of requiring the public to click and view a disclaimer. Practically threatening a lawsuit, the civil liberties group asked the Bar to advise by June 1 whether it would be required to comply with the new web rules. The ACLU’s site seeks to educate the public through news releases about its successes, encourage participation in civil liberties issues and allow people to seek legal assistance from the ACLU. All actions would have been barred by the new rules. “Because of the importance of the public education component of the ACLU, we do not intend to create a portion of the Web site to be accessible only after viewing a disclaimer page,” said Florida ACLU legal director Randall Marshall. “We believe that the postings on our Web site are fully protected by the First Amendment and that the application of this revised rule to the ACLU would constitute a violation of our constitutional rights.” Bar ethics counsel Elizabeth Tarbert wrote the ACLU on June 28 stating the new rules do not apply to the ACLU. “The ACLU Web site is not considered commercial speech as the Web site exists for the purpose of furthering the ACLU’s political agenda and is not an advertisement for clients for pecuniary gain,” Tarbert noted.

HHS Issues Security Guidance on Risk Analysis (Strasburger, 12 July 2010) -As discussed in a prior edition of Health Industry Online, the enactment of the American Recovery and Reinvestment Act of 20091 (ARRA), and more specifically, Title XIII of the ARRA, known as the Health Information Technology for Economic and Clinical Health Act (HITECH Act) has caused many health care providers and business associates to revisit their existing policies and procedures relating to compliance with HIPAA and its privacy and security regulations.2 To assist organizations in complying with HIPAA security standards, the HITECH Act requires the U.S. Department of Health and Human Services (HHS) to issue annual guidance on the “most effective and appropriate technical safeguards” for use in carrying out the provisions of the HIPAA security regulations (Security Rule).3 Accordingly, HHS will release a series of guidance materials to assist organizations in identifying and implementing administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of electronic protected health information (e-PHI), which will be updated annually. The first annual guidance on the Security Rule, entitled “HIPAA Security Standards: Guidance on Risk Analysis” (Draft Guidance) was recently issued by the HHS Office for Civil Rights (OCR). The Draft Guidance addresses the Security Rule’s risk analysis provision, which requires an organization to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of e-PHI held by the covered entity.4 The Draft Guidance describes risk analysis as the first step in Security Rule compliance, as the outcome of the analysis process is “a critical factor in assessing whether an implementation specification or equivalent measure is reasonable and appropriate.” While the Draft Guidance does not mandate a “one-size-fits-all” method for conducting risk analysis, it does set out the following elements that should be incorporated into any organization’s assessment of current security measures and potential risks to e-PHI * * *

Bluetooth at Heart of Gas Station Credit-Card Scam in Southeast (Computerworld, 13 July 2010) - Thieves are stealing credit-card numbers through skimmers they secretly installed inside pumps at gas stations throughout the Southeast, using Bluetooth wireless to transmit stolen card numbers, according to law enforcement officials. "We've sent detectives out to every gas station within a mile of Interstate 75," says Lt. Steve Maynard, spokesman for the Alachua County Sheriff's Office, which last Thursday was first notified about a suspicious skimming device discovered by a maintenance worker at a Shell Station located in the vicinity of Gainesville, Fla. So far, three card-skimming devices hidden in gas pumps at three stations have been discovered by investigators, and the U.S. Secret Service has been notified. The Sheriff's Office, along with other local police departments, are trying to inspect as many gas stations in the area as possible, especially focusing on those along I-75. But law enforcement is encouraging gas station operators to look for signs of the skimmers at their pumps and contact them if they think they've found something. The Secret Service has indicated there's a crime wave throughout the Southeast involving the gas-station pump card skimmers, and it may be traced back to a single gang that may be working out of Miami, Maynard says. Nearby St. Johns County in Florida has also been hit by the gas-pump card skimmers. Maynard says criminals wanting to hide the credit-card skimmers in gas pumps must have a key to the pump, but in some cases, a single key will serve to get into many gas pumps. It's not known whether the gas-pump skimming operation involves insiders. Law enforcement is encouraging gas-station operators to train video surveillance they may use on the pumps.

Council of Europe Adopts Simplified Rules For VAT Invoicing (COE, 13 July 2010) - The Council today adopted a directive aimed at simplifying VAT invoicing requirements, in particular as regards electronic invoicing (10858/10 + 11339/10 ADD 1). The new directive sets out to ensure the acceptance by tax authorities of e-invoices under the same conditions as for paper invoices, and to remove legal obstacles to the transmission and storage of e-invoices. It also comprises measures to help tax authorities ensure that tax is paid so as to better tackle VAT fraud. These include establishing deadlines for the issuance of invoices, thus enabling speedier exchange of information on intra-EU supplies of goods and services. Current EU provisions on VAT invoicing have led to a less-than-harmonised set of rules, on account of the many options that remain available to the member states. The aims of current provisions have therefore not been fully met. Furthermore, compliance with regulatory requirements has hindered the take-up of technologies that are necessary for the development of e-invoicing. The Commission estimates potential annual cost savings for businesses at up to EUR 18 billion if obstacles to e-invoicing in VAT rules were to be removed.

Jewish Law and Copyright (Media Law Prof Blog, 15 July 2010) - Neil W. Netanel, University of California, Los Angeles School of Law, and David Nimmer, Irell & Manella, have published Is Copyright Property? The Debate in Jewish Law , in 12 Theoretical Inquiries in Law (2011). Here is the abstract: “Is copyright a property right? That question raises a host of thorny theoretical issues regarding the foundational underpinnings of both copyright and property. The notion that if copyright is “property,” it will or should resemble a perpetual, absolute, pre-political property right, has repeatedly infused judicial proceedings, legislative enactments, and public debate in both common law and civil law countries as well. 

Like their common law and civil law counterparts, Jewish law jurists have engaged in protracted debate about whether copyright is a property right. Recent decades have seen numerous rabbinic court decisions, responses (rulings in disputes or advisory opinions coupled with a lengthy exegesis on Jewish law in answer to questions posed), scholarly articles, and blog entries on such issues as whether it is permissible, without license from the author or publisher, to republish a book after the rabbinic printing privilege has expired; to copy and distribute software or sound recordings; to perform music in wedding halls; to make copies for classroom use; and to download songs from the Internet. And like in secular law, but for somewhat different reasons, the characterization of copyright as “property” has significant doctrinal consequences for resolution of these controversies in Jewish law. There are numerous, and at times profound, differences in the terminology, form of argument, doctrinal specifics, and overarching legal framework of Jewish law and secular law in this area and others. Nonetheless, the arguments within the Jewish law debate have some intriguing parallels with those of secular law copyright. In fact, one finds the direct, if largely unstated, influence of secular copyright just below the surface in the debate about whether copyright is property in Jewish law.”

eBay Venue Selection Clause Upheld in Texas (Eric Goldman, 15 July 2010) - In Comb v. PayPal, 218 F. Supp. 2d 1165 (N.D. Cal. 2002), PayPal defended a putative class action by invoking the arbitration clause in its user agreement. Judge Fogel tossed the arbitration clause on unconscionability grounds, noting (among other defects) the cost/benefit problem facing plaintiffs: their case values individually were much smaller than the arbitration costs, and arbitration blocked class adjudication. This ruling was quite influential. Since then, online user agreements--and especially mandatory venue selection clauses--have become vulnerable to unconscionability challenges and other collateral challenges on their enforceability. At this point, a vendor’s attempt to destroy class consolidation through a mandatory arbitration clause is virtually per se unconscionable. The Comb case involved PayPal’s venue selection clause, but eBay’s user agreement had a basically identical clause. With this clear warning sign, eBay revised its venue selection clause. eBay now uses a bifurcated approach. The baseline is mandatory venue in a Santa Clara County, California court. However, if the dispute amount is less than $10,000, the plaintiff can select arbitration that does not involve in-person hearings. I personally think eBay’s approach is pretty savvy, and I have modeled some clients’ venue selection clauses on it. It responds to the Comb v. PayPal concerns about the arbitration costs for small disputes by creating a “fast lane” for small disputes, while still keeping the important disputes in eBay’s home court. This recent ruling shows the strength of eBay’s current approach. Richards is the victim of a busted eBay Motors transaction, apparently incurring an $18,000 loss. eBay apparently takes the position that the transaction took place off-website and therefore outside the scope of eBay’s Vehicle Protection Program. Richards sued eBay and the car seller in his home court. eBay responded with its mandatory venue selection clause. Apparently, the trial court rejected eBay’s motion, but the appellate court easily reverses the trial court and orders the trial judge to enforce eBay’s clause.

High Court Privacy Ruling Finds Way Into Sunshine Law Case (, 15 July 2010) - Last month’s U.S. Supreme Court decision on the privacy of petition signers in state ballot initiatives is already being invoked in the broader context of defending state sunshine and open meeting laws. The state of Texas cited the decision Doe v. Reed (pdf) earlier this week in the latest chapter of a long-running dispute over the state open meeting act, which some local Texas officials are challenging as unconstitutional. The local officials say the law’s criminal provisions put them in constant fear of punishment when they communicate with each other, in effect violating their own freedom of speech. “Openness in government is a First Amendment virtue, not a First Amendment violation,” Texas countered in a brief filed in the U.S. District Court for the Western District of Texas in the case of City of Alpine v. Abbott. “The fundamental purpose of the First Amendment is to enable and empower people to engage in free, robust discourse about their government, its officials, and the policies they adopt on their behalf.” In Doe v. Reed, handed down on June 24, the U.S. Supreme Court ruled that the names of signers who wanted to place on the Washington state ballot a referendum opposing same-sex marriage could be disclosed under state law. Some of the petition signers said they feared harassment from gay rights advocates if their names were made public and put up on the Internet. The Court did not rule out the possibility that such fears could trump disclosure in a future case, but it did include language supportive of the need for government transparency. The Court said the state had an interest in “promoting transparency and accountability in the electoral process, which the State argues is ‘essential to the proper functioning of a democracy.’” Concurrences by other justices also spoke of the virtues of openness, with Justice Antonin Scalia, for example, stating that “the exercise of lawmaking power in the United States has traditionally been public.” Scalia also said those engaging in legislative acts -- including ballot initiatives -- should have the “civic courage” to stand up for their views. Texas Solicitor General James Ho quoted from the decision and also from this term’s Citizens United v. Federal Election Commission in arguing that the local Texas officials have no valid claim against the state open meetings law. “Requiring officials to conduct public business in public furthers, rather than frustrates, fundamental First Amendment values,” wrote Ho, who worked to expand government openness when he was on the staff of Sen. John Cornyn (R-Texas.) “It is far from clear … that public officials, engaged in public business, enjoy any First Amendment right to secrecy against their own constituents.”

Blackboard’s Bid to Galvanize E-Texts (InsideHigherEd, 15 July 2010) - In a series of moves that could give a boost to an e-textbook industry that has been treading water for years, Blackboard announced Wednesday that it is partnering with a major publisher and two major e-textbook vendors to make it easy for professors and students to assign and access e-textbooks and other digital materials directly through its popular learning-management system. The company, which controlled about 60 percent of the learning-management market as of last year, said it is partnering with McGraw-Hill, a top academic publisher, as well as Follett Higher Education Group and Barnes & Noble, two major distributors that operate a combined 1,500 college bookstores in the United States and Canada. The McGraw-Hill partnership will allow instructors to search the McGraw-Hill catalog for relevant course materials, then assign them to their students, without ever leaving Blackboard. Students can then purchase and access the assigned materials, also through the Blackboard portal, via the Follett and Barnes & Noble online bookstores. The company would not comment on whether it is negotiating similar deals with publishers other than McGraw-Hill. But the other big-time e-textbook providers have been making moves of their own. Earlier this week, CourseSmart, a consortium of five major publishers (including McGraw-Hill), unveiled its new “Faculty Instant Access” program, which lets instructors access e-textbooks and other online content directly through any learning-management system (including Blackboard). CourseSmart will be rolling out the program to a handful of “selected universities” in coming weeks.

No More Vacation: How Technology Is Stealing Our Lives (, 15 July 2010) - Friday before the 4th of July, my friend Sara and I walked to the local pool, talking about work stress, anxiety, difficulty relaxing. We were both struck by how lately, after 15 years of full-time work, we were so unreasonably tired. Why now, we wondered, when we have more experience and self-assurance, when we are amply compensated for our labor at comparatively cushy white-collar jobs, do we feel more spent than when we were strapped entry-level drones, running our tails off to please insatiable bosses? Why has our recent exhaustion felt so bone-deep and dire? Childless, we marveled at how our mothers managed kids and jobs, while we were so wrecked. As we entered the locker room, we were briskly reminded of the strict New York City public pool rules: no street clothes on the pool deck, no food or drink, no cellphones. Stowing our stuff in the cubbie above us, both of our hands paused in midair as I checked my phone and Sara eyed her BlackBerry nervously. As we headed out to the concrete and chlorine oasis, Sara said with an unconvincingly nonchalant laugh, “I hope nobody’s looking for me.” It was late afternoon before a holiday weekend, I assured her. But I quietly worried that an associate I’d been playing phone tag with might leave a message. If I didn’t return it till later that night, would she surmise that I wasn’t working? This, I realized after one lap in the bracing blue water, is why we are so tired. There’s been a lot written about how the beeping and flashing gadgets with which we now surround ourselves keep us from sleeping, keep us from concentrating, keep us, ironically, from working. The thing that I have noticed of late is how often they seem to keep us from living. Perhaps I’m feeling a loss of leisure so keenly these days because of my romanticized (but real) memories of summer days from not so long ago. Not just the ones in which I was a kid on a three-month vacation, but in which I was the daughter of parents who came home from their jobs at night and were at home, who cooked dinner, or maybe drove us to a movie or watched television or read a book without so much as a glance at a Palm Pilot or an e-mail in box. It’s not that my academic parents didn’t work overtime: They often read, graded papers and caught up on administrative work late into the night. But that extra work was done on what was once generously regarded as “their time.” They found ways to fit it in around hours or days during which their colleagues or superiors had no idea where they were, in which they were unreachable and there was no notion that they should be otherwise. Those rusty memories are decades old, but even as recently as 12 summers ago, while I tried to keep my head above water at my first job, my legendary and demanding boss would, at some magic moment on a Friday afternoon, disappear to her country house, where she could be reached primarily by an unreliable fax machine. She was gone for the weekend. Now, it often seems, there is no “gone for the weekend.” There is certainly no “gone for the night.” Sometimes there’s not even a gone on vacation. [Editor: Ain’t it the truth!]

Making it Big in Software (IT Conversations, 10 June 2010) – 48 minute interview; Sam Lightstone, author of the book, Making it Big in Software, discusses the process of moving up from initial education through eventual job success. He talks about the importance of the mentoring process for apprentice software engineers, as well as how crucial innovation is to success. [Editor: very useful perspective on mentoring new employees, and learning business management lessons; I was struck how broadly applicable the lessons are, and am encouraging my daughter, who’s in the fashion business, also to listen.]

**** RESOURCES ****
The Dartmouth Atlas of Health Care (June 2010) - For more than 20 years, the Dartmouth Atlas Project has documented glaring variations in how medical resources are distributed and used in the United States. The project uses Medicare data to provide comprehensive information and analysis about national, regional, and local markets, as well as individual hospitals and their affiliated physicians. These reports and the research upon which they are based have helped policymakers, the media, health care analysts and others improve their understanding of the efficiency and effectiveness of our health care system. This valuable data forms the foundation for many of the ongoing efforts to improve health and health systems across America. This web site provides access to all Atlas reports and publications, as well as interactive tools to allow visitors to view specific regions and perform their own comparisons and analyses. These tools have helped other groups create reports like those listed on our Case Studies page.

**** BOOK REVIEW ****
U.S. Intelligence Community Law Sourcebook: A Compendium of National Security Related Laws and Policy Documents (Andrew Borene, ABA’s Standing Committee on Law & National Security) - The U.S Intelligence Community Law Sourcebook is the complete guide to U.S intelligence community source material, including relevant federal statutes, intelligence authorization acts, executive orders, attorney general and the director of national intelligence guidelines, and proposed significant legislation in the U.S. intelligence community. This is an invaluable desk-reference companion to other key resources (e.g., National Security Law casebook by Norton, Tipson & Turner). It’s received praise by Edwin Meese, Sen. Max Cleland, John Rizzo, and Spike Bowman, and is available on the ABA Web Store here. While it lacks an index, the table of contents is usefully detailed and covers these general headings: Federal Statutes, Congressional Intelligence Committees, Annual Intelligence Authorization Acts, Executive Orders, Intelligence Policy Directives and Guidance, Detention and Interrogation Policy Annex, and Significant Proposed Legislation in 2010. The volume may be supplemented online by an ABA webpage housing commentary and expert-essays; stay-tuned. – Related: “Manual on International Law Applicable to Air and Missile Warfare”, mentioned in the July 2010 issue of the ABA Journal --

**** FUN ****
13 Internet Slangs with Unexpected Alternate Meanings (Mashable, 10 July 2010) - We’ve all grown accustomed to the online jargon, shorthands and acronyms that have developed over decades of Internet use. Silly as they might be, most of us are guilty of truncating, abbreviating or misspelling words to save a few seconds here and there. The jury is still out on whether the seconds have added up to much or not, but linguists have had a field day studying online lingual behaviors and their effects on offline writing and speech. Nevertheless, it’s interesting to look at how pre-Internetacronyms and abbreviations like “LOL” have taken on new meanings (“laughing out loud”) with the introduction of widely popular Internet idioms. Below, you’ll find a list of 13 Internet acronyms and slang terms with unexpected alternative meanings, ranging from downright unpredictable to hilariously ironic. Add your favorites in the comments below * * *

MEASURING THE INFORMATION EXPLOSION (Science Daily 19 Oct 2000) - Two professors at University of California, Berkeley have finally gotten a handle on the amount of all new data produced worldwide last year -- on the Internet, in scholarly journals, and even in junk mail -- and are reporting a “revolution” in information production and accessibility. Hal Varian and Peter Lyman, professors at UC-Berkeley’s School of Information Management & Systems, used “terabytes” as the smallest practical common standard of measurement to compare the size of information across media. (One terabyte equals a million megabytes or the text content of a million books.) Findings reported in their study, “How Much Information?” are mindboggling: The directly accessible “surface” Web consists of about 2.5 billion documents and is growing at a rate of 7.3 million pages a day. When the “deep” Web of connected databases, intranets and dynamic pages is included, there are about 550 billion documents, 95% of which are publicly accessible. The report is available at [link broken] and will be updated periodically in response to readers’ comments.

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley ( with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at Get supplemental information through Twitter:

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. InsideHigherEd -
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog,
11. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.