Saturday, August 28, 2010

MIRLN --- 8-28 August 2010 (v13.12)


(supplemented by related Tweets: http://twitter.com/vpolley #mirln)

·      Installation of Software a “Wrongful Act” Under Technology E&O Policy
·      Bank Fined $9.7m Over Poor IT Governance
·      Mozilla Plans to Silently Update Firefox
·      CDT’s Schwartz Takes Job at NIST
·      Open Source Tools Turn WikiLeaks Into Illustrated Afghan Meltdown
·      Internet Sale Ruled to Trigger Personal Jurisdiction in Long-Arm Law
·      Court Rejects Warrantless GPS Tracking
o   Court Allows Agents To Secretly Put GPS Trackers On Cars
o   Cars Hacked Through Wireless Tire Sensors
·      Injunction Barring Nominative Use of “Lexus” Was Overbroad
·      A Review of Verizon and Google’s Net Neutrality Proposal
·      National Security Letter Recipient Can Speak Out For First Time Since FBI Demanded Customer Records From Him
·      First Circuit Upholds Maine “Data Mining” Law
·      FDA Tells Novartis That ‘Facebook Sharing’ Widget On Its Site Violates Drug Ad Rules
·      A Revised Taxonomy of Social Networking Data
·      How Spies (And Counter Spies) Are Using The Cloud
·      Limited Discovery of Facebook Allowed in Harassment Case
o   Is ‘Private’ Data on Social Networks Discoverable?
·      Cisco 2010 Midyear Security Report
·      Suit Alleges Disney, Other Top Sites Spied On Users
·      Pennsylvania: No Charges Over Secret Photos
·      How to Use Mechanical Turk to Rock Conference Blogging
·      Site Tracks Federal Judicial Vacancies
·      Federal Circuit: Group’s Internet and Radio Worship Does Not Meet IRS Definition of ‘Church’
·      Sheet Music Piracy: You Can Get Everything For Free On the Internet
·      Fla. Bar Website Rules Face Challenge in State High Court
·      FACTA’s Receipt Truncation Requirement Does Not Apply To E-Mail Receipts
·      Redacting Personally Identifiable Data From E-Filings
·      Texas Bar Turns Over 63,000 Member E-Mail Addresses to Law Student
·      Newsweek Explains Why Fashion Designers Don’t Need Copyright
·      Yoga Wars! India Blocks Patents On Poses
·      Pentagon’s Cybersecurity Plans Have a Cold War Chill
·      Charges Settled Over Fake Reviews on iTunes
·      Augmented Reality and the Layar Reality Browser
·      Federal Judge Sanctions Tech Company Over Handling of E-Discovery

NEWS | PODCASTS | RESOURCES | DIFFERENT | LOOKING BACK | NOTES

Installation of Software a “Wrongful Act” Under Technology E&O Policy (Wiley Rein, 30 July 2010) - Applying Minnesota law, the United States Court of Appeals for the Eighth Circuit has held that an insurer had a duty to defend under a “Information and Network Technology Errors and Omissions” policy because a lawsuit asserting that the insured software manufacturer installed tracking cookies and “spyware” on the underlying claimant’s computer alleged a “wrongful act.” Eyeblaster, Inc. v. Fed. Ins. Co., 2010 WL 2869547 (8th Cir. July 23, 2010). The underlying litigation alleged that the plaintiff’s computer was infected with a spyware program from the insured’s software, causing the computer to freeze up and lose data. The insured tendered the claim to the insurer under an errors and omissions policy that covered financial injury caused by a wrongful act that results in a failure of the insured’s product to perform its intended function or to serve its intended purpose. The policy defined “wrongful act” as an “error, an unintentional omission, or a negligent act.” The insurer argued that the underlying complaint did not allege a “wrongful act” because the underlying claimant asserted that the insured intentionally placed its software on the claimant’s computer. The court rejected this argument, holding that the claim fell within policy’s coverage and gave rise to a duty to defend. The court noted that it had previously defined “error” in a technology errors and omissions policy “to include intentional, non-negligent acts but to exclude intentionally wrongful conduct.” Here, the court said, the claimant alleged that the insurer installed tracking cookies and other software on his computer, which was an intentional act. However, the court determined that the insurer could point to no evidence that doing so was “intentionally wrongful,” noting that the insurer’s parent company used such technology on its own website. Because the underlying complaint did not allege “intentional acts that were either negligent or wrongful,” the insurer could not show that the use of such technology was outside the policy’s coverage. http://www.wileyrein.com/publications.cfm?sp=articles&id=6297&elq_mid=10680&elq_cid=996107

Bank Fined $9.7m Over Poor IT Governance (SC Magazine, 5 August 2010) - UK financial services regulator the Financial Services Authority [FSA] has fined the Royal Bank of Scotland (RBS) £5.6 million (A$9.7 million) for implementing shoddy IT systems which left it in breach of the country’s money laundering laws. The bank had implemented its treasury IT system in 2006, which was meant to screen incoming and outgoing cross-border payments. According to the FSA, RBS neglected to check the accuracy of the systems since its implementation. “After the initial set up, the results produced by the screening filters were not routinely reviewed or monitored by RBSG to ensure that they were appropriate. “This meant that over time the ‘fuzzy matching’ parameters initially set by RBSG became significantly less effective at identifying potential matches,” the authority said in its decision notice this week. http://www.securecomputing.net.au/News/223608,bank-fined-97m-over-poor-it-governance.aspx

Mozilla Plans to Silently Update Firefox (Computerworld, 6 August 2010) - Taking a page from rival Google’s playbook, Mozilla plans to introduce silent, behind-the-scenes security updating to Firefox 4. The feature, which has gotten little attention from Mozilla, is currently “on track” to make it into the final of Firefox 4, the major upgrade slated to ship before the end of the year. Mozilla has released two beta previews of Firefox 4 in the last four weeks, and has set a third beta for next week. Firefox 4’s silent update will only be offered on Windows, Mozilla has said. Most updates, including all security updates, will be downloaded and installed automatically without asking the user or requiring a confirmation, said Alex Faaborg, a principal designer on Firefox. Unlike Google, Mozilla will let users change the default silent service to the more traditional mode, where the browser asks permission before downloading and installing any update. Chrome is the poster boy for automatic updates. Google’s browser kicked off in September 2008 with a then-controversial mechanism that removed the user from the update equation. Chrome continues to rely on an automated service that updates the browser in the background, and can’t be switched off. http://www.computerworld.com/s/article/9180272/Mozilla_plans_to_silently_update_Firefox?taxonomyId=17

CDT’s Schwartz Takes Job at NIST (FederalNewsRadio, 6 August 2010) - Ari Schwartz, the vice president and chief operating officer at the Center for Democracy and Technology, no longer will just talk about what needs to change, but actually be in a position to affect change. Schwartz is leaving CDT after 13 years to join the National Institute of Standards and Technology as a senior Internet policy advisor. “NIST is growing both in size and in importance and this is a great opportunity I couldn’t pass up,” Schwartz says. “It’s a chance to make a real difference to change things in areas that there is a lot of support in. I will take advantage of everything I learned at CDT.” Schwartz will start at NIST working on the Internet Policy Task Force on Aug. 30. His last day at CDT will be Aug. 27. Schwartz will take over the role Curt Barker has been playing on the IPTF. Barker is going back to work at NIST on other security and privacy issues. Schwartz says he also will focus on cybersecurity, privacy and standards issues at NIST. At CDT, he focuses on increasing individual control over personal and public information, promotes privacy protections in the digital age and expanding access to government information via the Internet. Schwartz also is a member of the Information Security and Privacy Advisory Board, which advises NIST, the Office of Management and Budget and Congress on cybersecurity and privacy issues. Schwartz will have to leave the board when he joins NIST. http://www.federalnewsradio.com/?nid=35&sid=2021390

Open Source Tools Turn WikiLeaks Into Illustrated Afghan Meltdown (Wired, 9 August 2010) - It’s one thing to read about individual Taliban attacks in WikiLeaks’ trove of war logs. It’s something quite different to see the bombings and the shootings mount, and watch the insurgency metastasize. NYU political science grad student (and occasional Danger Room contributor) Drew Conway has done just that, using an open source statistical programming language called R and a graphical plotting software tool. The results are unnerving, like stop-motion photography of a freeway wreck. Above is the latest example: a graph showing the spread of combat from 2004 to 2009. It’s exactly what you wouldn’t want to see as a war drags on. “The sheer volume of observations [in the WikiLeaks database] inhibit the majority of consumers from being able to gain knowledge from it. By providing graphical summaries of the data people can draw inferences quickly, which would have been very difficult to do by serially reading through the files,” Conway e-mails Danger Room. “For instance, in the most recent graph I posted [see above], many people were noticing the increasing number of attacks around Afghanistan’s ‘ring road,’ over time, and seeing that as an indication of the Taliban’s attempt to undermine the Afghanistan government by cutting off villages from one another.” Conway’s work largely mirrors what the U.S. military’s internal teams of intelligence analysts found. But Conway and Columbia University post-doc Mike Dewar did all this work themselves, relying solely on free tools and the WikiLeaked logs. Applying statistical analysis, they found little evidence of tampering in the reports. Next month, Conway hopes, a group of New York-based R users will be able to tease out more insights from the data. http://www.wired.com/dangerroom/2010/08/open-source-wikileaked-docs-illustrated-afghan-meltdown/

Internet Sale Ruled to Trigger Personal Jurisdiction in Long-Arm Law (Law.com, 9 August 2010) - A trademark infringement action can be brought against an out-of-state employee of an online retailer who sent a bogus handbag to a Bronx, N.Y., address from a website that offered merchandise to New York consumers, a federal appeals court has ruled. Simone Ubaldelli, a California resident and principal of Queen Bee of Beverly Hills, contended that the fashion company Chloé could not sue him in New York based on the one-time Internet-based sale of the fake designer purse. Reversing a judgment of the district court, the U.S. Court of Appeals for the Second Circuit held that Mr. Ubaldelli’s single act, combined with the fact that Queen Bee had made at least 50 sales of non-Chloé merchandise to New Yorkers through its online site, gave rise to personal jurisdiction under the state’s long-arm statute. Queen Bee’s “additional contacts show that the shipment of a counterfeit Chloé bag was not, as the district court thought, a ‘one-off transaction’…but rather a part of a larger business plan purposefully directed at New York consumers,” Judge Peter W. Hall wrote in Chloé v. Queen Bee of Beverly Hills, LLC, 09-3361-cv. In 2005, Chloé discovered that Queen Bee, an online retail discount designer incorporated in Alabama, was hawking counterfeit copies of the French designer’s $1,600 leather handbag on its Web site. Chloé’s law firm, Kalow & Springut, directed a paralegal to place an online order for a Chloé “Paddington” bag and have the purse sent to her Bronx address. The bag, which later proved to be phony, arrived with a shipping label bearing the Beverly Hills address of Mr. Ubaldelli, one of two principals of Queen Bee. http://www.law.com/jsp/article.jsp?id=1202464392587&rss=newswire

Court Rejects Warrantless GPS Tracking (Computerworld, 9 August 2010) - The U.S. Court of Appeals for the District of Columbia circuit has rejected claims by the government that federal agents have the right to conduct around-the-clock warrantless GPS tracking of suspects. In a 41-page ruling last Friday, the appellate court dismissed government arguments about the constitutional validity of such searches and maintained that the evidence gathered from the warrantless GPS tracking in the case was obtained in violation of the Fourth Amendment. “It is one thing for a passerby to observe or even to follow someone during a single journey as he goes to the market or returns home from work,” Judge Douglas Ginsburg wrote on behalf of the three-judge panel that reviewed the case. “It is another thing entirely for that stranger to pick up the scent again the next day and the day after that, week in and week out, dogging his prey until he has identified all the places, people, amusements, and chores that make up that person’s hitherto private routine,” Judge Ginsburg wrote. Continuous monitoring of an individual’s movements over a period of time can reveal a lot of very personal information about that person and violate his reasonable expectation of privacy, the court ruled. “Prolonged GPS monitoring reveals an intimate picture of the subject’s life that he expects no one to have short perhaps of his spouse,” Judge Ginsburg wrote. “The intrusion such monitoring makes into the subject’s private affairs stands in stark contrast to the relatively brief intrusion at issue,” in previous cases.http://www.computerworld.com/s/article/9180474/Court_rejects_warrantless_GPS_tracking?source=rss_news The EFF has posted the ruling here: http://www.eff.org/files/filenode/US_v_Jones/maynard_decision.pdf

- but -

Court Allows Agents To Secretly Put GPS Trackers On Cars (CNN, 27 August 2010) - Law enforcement officers may secretly place a GPS device on a person’s car without seeking a warrant from a judge, according to a recent federal appeals court ruling in California. Drug Enforcement Administration agents in Oregon in 2007 surreptitiously attached a GPS to the silver Jeep owned by Juan Pineda-Moreno, whom they suspected of growing marijuana, according to court papers. When Pineda-Moreno was arrested and charged, one piece of evidence was the GPS data, including the longitude and latitude of where the Jeep was driven, and how long it stayed. Prosecutors asserted the Jeep had been driven several times to remote rural locations where agents discovered marijuana being grown, court documents show. Pineda-Moreno eventually pleaded guilty to conspiracy to grow marijuana, and is serving a 51-month sentence, according to his lawyer. But he appealed on the grounds that sneaking onto a person’s driveway and secretly tracking their car violates a person’s reasonable expectation of privacy. One of the dissenting judges in Pineda-Moreno’s case, Chief Judge Alex Kozinski, said the defendant’s driveway was private and that the decision would allow police to use tactics he called “creepy” and “underhanded.” “The vast majority of the 60 million people living in the Ninth Circuit will see their privacy materially diminished by the panel’s ruling,” Kozinksi wrote in his dissent. “I think it is Orwellian,” said Marc Rotenberg, executive director of the Electronic Privacy Information Center, which advocates for privacy rights. “If the courts allow the police to gather up this information without a warrant,” he said, “the police could place a tracking device on any individual’s car -- without having to ever justify the reason they did that.” http://edition.cnn.com/2010/CRIME/08/27/oregon.gps.surveillance/index.html?hpt=T2#fbid=EE-K4uFZa7N&wom=false

- and -

Cars Hacked Through Wireless Tire Sensors (ArsTechnica, 10 August 2010) - The tire pressure monitors built into modern cars have been shown to be insecure by researchers from Rutgers University and the University of South Carolina. The wireless sensors, compulsory in new automobiles in the US since 2008, can be used to track vehicles or feed bad data to the electronic control units (ECU), causing them to malfunction. Earlier in the year, researchers from the University of Washington and University of California San Diego showed that the ECUs could be hacked, giving attackers the ability to be both annoying, by enabling wipers or honking the horn, and dangerous, by disabling the brakes or jamming the accelerator. The new research shows that other systems in the vehicle are similarly insecure. The tire pressure monitors are notable because they’re wireless, allowing attacks to be made from adjacent vehicles. The researchers used equipment costing $1,500, including radio sensors and special software, to eavesdrop on, and interfere with, two different tire pressure monitoring systems. The pressure sensors contain unique IDs, so merely eavesdropping enabled the researchers to identify and track vehicles remotely. Beyond this, they could alter and forge the readings to cause warning lights on the dashboard to turn on, or even crash the ECU completely. http://arstechnica.com/security/news/2010/08/cars-hacked-through-wireless-tyre-sensors.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss [Editor: And, of course, this only complicates the still-unsettled question of law enforcement vehicle tracking. Cases are splitting on whether a warrant is needed to install a GPS tracker or emitter; expect law enforcement now to argue that they’re only passively tracking an already-installed emitter; the short range of current emitters can be extended. In this vein, see Judges Divided Over Rising GPS Surveillance (NYT, 14 August 2010); see also http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=226700146&subSection=All+Stories]

Injunction Barring Nominative Use of “Lexus” Was Overbroad (CCH, 10 August 2010) - An injunction barring automobile brokers from using any domain name that included the mark LEXUS was overbroad because it prohibited domain names that, on their face, dispelled any confusion as to sponsorship or endorsement, the U.S. Court of Appeals in San Francisco has decided. Toyota Motor Sales, U.S.A., Inc. brought a trademark infringement suit against the brokers for using the domain names buy-a-lexus.com and buyorleaselexus.com. The brokers were entitled to use the LEXUS mark in contexts that qualified as nominative fair uses, the appellate court said. Prohibition of truthful and non-misleading speech would not advance the Lanham Act’s purposes of protecting consumers and preventing unfair competition. Under the nominative fair use doctrine, the brokers could use the LEXUS mark in a truthful manner, even if they failed to expressly disavow association with Toyota, as long as the use was unlikely to cause confusion. The test for likelihood of confusion in a nominative fair use case was whether (1) the product was “readily identifiable” without use of the mark; (2) the defendant used more of the mark than necessary; and (3) the defendant falsely suggested it was sponsored or endorsed by the trademark owner. It was error for the district court to treat nominative fair use as an affirmative defense to be proven by the brokers only after Toyota established likelihood of confusion. The injunction was vacated and remanded for reconsideration. On remand, Toyota would bear the burden of establishing that the brokers’ use of the LEXUS mark in their domain names was not nominative fair use (Toyota Motor Sales, U.S.A., Inc. v. Tabari, 9thCir.)

A Review of Verizon and Google’s Net Neutrality Proposal (EFF, 10 August 2010) - Efforts to protect net neutrality that involve government regulation have always faced one fundamental obstacle: the substantial danger that the regulators will cause more harm than good for the Internet. The worst case scenario would be that, in allowing the FCC to regulate the Internet, we open the door for big business, Hollywood and the indecency police to exert even more influence on the Net than they do now. On Monday, Google and Verizon proposed a new legislative framework for net neutrality. Reaction to the proposal has been swift and, for the most part, highly critical. While we agree with many aspects of that criticism, we are interested in the framework’s attempt to grapple with the Trojan Horse problem. The proposed solution: a narrow grant of power to the FCC to enforce neutrality within carefully specified parameters. While this solution is not without its own substantial dangers, we think it deserves to be considered further if Congress decides to legislate. Unfortunately, the same document that proposed this intriguing idea also included some really terrible ideas. It carves out exemptions from neutrality requirements for so-called “unlawful” content, for wireless services, and for very vaguely-defined “additional online services.” The definition of “reasonable network management” is also problematically vague. As many, many, many have already pointed out, these exemptions threaten to completely undermine the stated goal of neutrality. Here’s a more detailed breakdown of our initial thoughts: * * * http://www.eff.org/deeplinks/2010/08/google-verizon-netneutrality [Editor: As usual, this is the kind of thoughtful, reasoned analysis I frequently find in EFF papers.]

National Security Letter Recipient Can Speak Out For First Time Since FBI Demanded Customer Records From Him (ACLU, 10 August 2010) - The FBI has partially lifted a gag it imposed on American Civil Liberties Union client Nicholas Merrill in 2004 that prevented him from disclosing to anyone that he received a national security letter (NSL) demanding private customer records. Merrill, who received the NSL as the president of an Internet service provider (ISP), can now reveal his identity and speak about his experience for the first time since receiving the NSL. The ACLU and New York Civil Liberties Union filed a lawsuit challenging the NSL statute and the gag order on behalf of Merrill (then called John Doe) in April 2004, which resulted in numerous court rulings finding the NSL statute unconstitutional. Merrill was the first person ever to challenge an NSL in court. “After six long years of not being able to tell anyone at all what happened to me – not even my family – I’m grateful to finally be able to talk about my experience of being served with a national security letter,” said Merrill. “Internet users do not give up their privacy rights when they log on, and the FBI should not have the power to secretly demand that ISPs turn over constitutionally protected information about their users without a court order. I hope my successful challenge to the FBI’s NSL gag power will empower others who may have received NSLs to speak out.” http://www.aclu.org/national-security/national-security-letter-recipient-can-speak-out-first-time-fbi-demanded-customer- [Editor: The ABA’s Cyberspace Law Committee helped publish a related guidebook, “Responding to National Security Letters: A Practical Guide for Legal Counsel”, available here: http://www.abanet.org/abastore/index.cfm?section=main&fm=Product.AddToCart&pid=5070610]

First Circuit Upholds Maine “Data Mining” Law (MediaLawProf Blog, 10 August 2010) - The First Circuit has upheld a state law prohibiting prescription information “data mining,” the second time it has ruled on such laws. In IMS Health Inc. v. Mills, the Court rejected constitutional challenges based in the First Amendment, finding that the statute regulates conduct, not speech. “We reject all of plaintiffs’ constitutional challenges to section 1711-E(2-A). Plaintiffs’ First Amendment challenges fail for the reasons stated in Ayotte: the statute regulates conduct, not speech, and even if it regulates commercial speech, that regulation satisfies constitutional standards. They also fail for reasons not present in Ayotte. The Maine statute constitutionally protects Maine prescribers’ choice to opt in to confidentiality protection to avoid being subjected to unwanted solicitations based on their identifying data. We also reject the argument that the statute is void for vagueness.” Compare with the Court’s decision in IMS v. Ayotte, F.3d 42 (1st Cir. 2008), cert. denied, 129 S. Ct. 2864 (2009) in which the majority said, “We say that the challenged elements of the Prescription Information Law principally regulate conduct because those provisions serve only to restrict the ability of data miners to aggregate, compile, and transfer information destined for narrowly defined commercial ends. In our view, this is a restriction on the conduct, not the speech, of the data miners. ...In other words, this is a situation in which information itself has become a commodity. The plaintiffs, who are in the business of harvesting, refining, and selling this commodity, ask us in essence to rule that because their product is information instead of, say, beef jerky, any regulation constitutes a restriction of speech. We think that such an interpretation stretches the fabric of the First Amendment beyond any rational measure.” http://lawprofessors.typepad.com/media_law_prof_blog/2010/08/first-circuit-upholds-maine-data-mining-law.html [Editor: a single brick -- but a good one – in the emerging wall of State protection of personal information (or at least State ability to regulate).]

FDA Tells Novartis That ‘Facebook Sharing’ Widget On Its Site Violates Drug Ad Rules (TechDirt, 10 August 2010) - Technology can certainly make for some interesting clashes with regulatory regimes. Social networking, for example, starts to bring up all sorts of questions about the fine line between certain regulated areas of advertising, and basic free speech communication issues. Eric Goldman points us to the news that the FDA is warning pharma giant Novartis over its use of a “Facebook Share” widget on its site promoting the drug Tasigna (a leukemia drug). http://techdirt.com/articles/20100806/15182710535.shtml

A Revised Taxonomy of Social Networking Data (Bruce Schneier, 10 August 2010) - Lately I’ve been reading about user security and privacy -- control, really -- on social networking sites. The issues are hard and the solutions harder, but I’m seeing a lot of confusion in even forming the questions. Social networking sites deal with several different types of user data, and it’s essential to separate them. Below is my taxonomy of social networking data, which I first presented at the Internet Governance Forum meeting last November, and again -- revised -- at an OECD workshop on the role of Internet intermediaries in June.
1.     Service data is the data you give to a social networking site in order to use it. Such data might include your legal name, your age, and your credit-card number.
2.     Disclosed data is what you post on your own pages: blog entries, photographs, messages, comments, and so on. 

3.     Entrusted data is what you post on other people’s pages. It’s basically the same stuff as disclosed data, but the difference is that you don’t have control over the data once you post it -- another user does.

4.     Incidental data is what other people post about you: a paragraph about you that someone else writes, a picture of you that someone else takes and posts. Again, it’s basically the same stuff as disclosed data, but the difference is that you don’t have control over it, and you didn’t create it in the first place.

5.     Behavioral data is data the site collects about your habits by recording what you do and who you do it with. It might include games you play, topics you write about, news articles you access (and what that says about your political leanings), and so on.

6.     Derived data is data about you that is derived from all the other data. For example, if 80 percent of your friends self-identify as gay, you’re likely gay yourself.
There are other ways to look at user data. Some of it you give to the social networking site in confidence, expecting the site to safeguard the data. Some of it you publish openly and others use it to find you. And some of it you share only within an enumerated circle of other users. At the receiving end, social networking sites can monetize all of it: generally by selling targeted advertising. Different social networking sites give users different rights for each data type. Some are always private, some can be made private, and some are always public. Some can be edited or deleted -- I know one site that allows entrusted data to be edited or deleted within a 24-hour period -- and some cannot. Some can be viewed and some cannot. http://www.schneier.com/blog/archives/2010/08/a_taxonomy_of_s_1.html

How Spies (And Counter Spies) Are Using The Cloud (Wired, 12 August 2010) - Secret agents have long been at the cutting edge of technological developments. By studying how different spy agencies use technology, it’s often been possible to glean an insight into the future. Pocket camera or hidden mic anyone? But in recent years technological growth has outpaced spy innovation, and so their latest gadgets haven’t been coming from a Q figure, but instead from the outside world. Speaking to Wired.co.uk, Dave Thomas, a former SAS operative, explained exactly how spies are using the same type of technology that you’re likely using right now to write your emails, host your photos and remotely access your PC. “Whereas before you would have a camera that would be the size of a quarter of a matchbox that could store maybe half an hour’s worth of data video or footage, nowadays the same size device can literally contain weeks of information,” Thomas said. “What has changed is the ability to remotely access that information, rather than having to retrieve it from tapes or hard drives. Being able to turn stuff on and off from thousands of miles away, the other side of the world, is a key thing.” But anti-spying organizations are also employing the same tricks, says Thomas, by stuffing miniaturized communications equipment into their bugging tools, as well as loading up equipment known to be used by spies with keyloggers and other tools normally associated with cybercriminals. http://www.wired.com/epicenter/2010/08/how-spies-are-using-the-cloud/

Limited Discovery of Facebook Allowed in Harassment Case (Law.com, 12 August 2010) - It is a fair bet that many of those reading The Legal Intelligencer have neither a Facebook page nor a MySpace account -- although when our children reach a certain age, they can certainly tell us about them. But electronic discovery is well upon us, and employment litigation is at the forefront of issues involving social networking sites. A recent discovery order in the case of EEOC v. Simply Storage Management in the U.S. District Court for the Southern District of Indiana discussed how much information from such sites is discoverable to an employer defending an employment discrimination claim. According to the opinion, Joanie Zupan and Tara Strahl claimed that they were subjected to sexual harassment during their employment with Simply Storage. In September 2009, the Equal Employment Opportunity Commission, or EEOC, filed a complaint on their behalf and, after a round of preliminary motions, discovery ensued. Simply Storage’s request for production of documents included requests for “all photographs or videos posted by [Zupan or Strahl] or anyone on [their] behalf on Facebook or MySpace [from the beginning of their employment to the present].” Further, Simply Storage requested all “updates, messages, wall comments, causes joined ... activity streams ... and applications [including ... the ‘Naughty Application’]” for the same time period. The EEOC, not surprisingly, objected to the production of all social network content -- and, in a protective order, to any deposition questioning along these lines -- claiming that the requests were overly broad, harassing, not relevant, and infringed on the claimant’s privacy. Simply Storage countered that the requests were proper because the EEOC had placed the “emotional health” of the women at issue, beyond that typically encountered in “garden variety emotional distress claims.” Specifically, the EEOC had responded to prior discovery regarding damages by claiming that Strahl had sought “medical treatment” for anxiety stemming from the alleged sexual harassment and that Zupan had become “depressed and suffers from post traumatic stress disorder” based upon the same behavior. The court rejected Simply Storage’s assertion that all of the content on the claimants’ sites was discoverable. Rather, the court held that “it must be the substance of the communication that determines relevance.” The court relied upon the 2006 Southern District of New York case Rozell v. Ross-Holst, which recognized that, while “anything that a person says or does might in some theoretical sense be reflective of her emotional state ... that is hardly justification for requiring productions of every thought she may have reduced to writing ... [or] the deposition of everyone she may have talked to.” The court then found the EEOC’s proposed limitation too narrow. That is, “it is reasonable to expect severe emotional or mental injury to manifest itself in some [social network] content, [including when the distress occurred and the degree of distress].” Producing only content specifically related to the allegations in the complaint would likely result only in communications supportive of the claim. The court noted that such a restriction “might not ... yield information inconsistent with the claimant’s allegations of injury or about other potential causes of injury.” http://www.law.com/jsp/article.jsp?id=1202464808697&rss=newswire

- and -

Is ‘Private’ Data on Social Networks Discoverable? (Law.com, 25 August 2010) - On May 26, a federal court issued an opinion in a discovery dispute that applies outmoded federal electronic privacy laws from the 1980s to Facebook and MySpace. The ruling could permanently change the way “social networking” sites are viewed by businesses and those involved in litigation. The decision also appears to offer the first in-depth analysis on the effect of “privacy settings” found on many social networking sites and whether information is protected from discovery by federal privacy laws. The U.S. district court’s decision partially reversed and partially vacated a magistrate judge’s order declining to quash subpoenas for certain materials held by a third party in a copyright infringement case. See Crispin v. Christian Audigier Inc., 2010 U.S. Dist. Lexis 52832 (C.D. Calif. May 26, 2010). The decision appears to be the first to apply the Stored Communications Act, enacted in 1986, to content on today’s social networking sites. See 18 U.S.C. 2701-11. The plaintiff, an artist named Buckley Crispin, claimed that the defendants, Christian Audigier Inc. and its sublicensees, used his artwork in violation of their oral agreement. The defendants sought information from MySpace and Facebook, including Crispin’s subscriber information and all communications by Crispin referring to any of the defendants. A federal magistrate declined to quash certain of the defendants’ subpoenas, rejecting among other arguments that the information they sought was protected by the SCA. The district court’s decision offered answers to two key questions. First, the holding explains that the SCA’s protections reach at least some of the content hosted on social networking sites and that such content will be precluded from discovery from those sites. Second, the decision suggests that privacy settings matter. The private messaging features of social networking sites were protected because the court considered them to be as private as e-mail. Moreover, the court found that the SCA’s protections applied to wall postings and comments only to the extent that those communications were not available to the general public. http://www.law.com/jsp/article.jsp?id=1202471022686&rss=newswire

Cisco 2010 Midyear Security Report (Cisco, 12 August 2010) - “Web 2.0, mobility, virtualization, and other dramatic shifts in how we communicate and collaborate are carving out a new landscape for business and for enterprise security. The Cisco® Midyear Security Report examines these changes and their impact on the enterprise, and highlights other significant trends and threats creating security challenges for organizations worldwide. The report also includes recommendations from Cisco security experts designed to help enterprises strengthen their security. http://www.cisco.com/en/US/prod/collateral/vpndevc/security_annual_report_mid2010.pdf

Suit Alleges Disney, Other Top Sites Spied On Users (CNET, 14 August 2010) - A lawsuit filed in federal court last week alleges that a group of well-known Web sites, including those owned by Disney, Warner Bros. Records, and Demand Media, broke the law by secretly tracking the Web movements of their users, including children. Attorneys representing a group of minors and their parents filed the suit Tuesday in the U.S. District Court for the Central District of California, records show. The suit alleges that Clearspring Technologies, a software company that creates widgets and also offers a way to serve ads via widgets, is at the center of the wrongdoing. Web site operators such as Disney, Playlist.com, and SodaHead are “Clearspring Flash Cookie Affiliates,” the plaintiffs allege in their suit. Clearspring set “Flash cookies on (affiliate site) users’ computers...online tracking device(s) which would allow access to and disclosure of Internet users’ online activities.” The Web sites working with Clearspring knew users weren’t just tracked at sites owned by affiliates, but were followed without their knowledge wherever they went online, the defendants wrote in their suit. Clearspring and Disney representatives were not immediately available for comment Saturday. A representative for Warner Music Group, parent company of Warner Bros. Records, declined to comment. A similar lawsuit was filed last month against Clearspring rival Quantcast, as well as a host of that company’s clients, including ABC and NBC. The same law firms that filed that suit--Parisi & Havens, and the Law Office of Joseph Malley--were responsible for filing the recent complaint. All the news lately about Web privacy--or the lack thereof--is enough to make anyone paranoid about logging on. The Wall Street Journal recently published an expose on Web privacy and concluded that “one of the fastest-growing businesses on the Internet...is the business of spying on Internet users.” And we’ve seen controversies over privacy at Google and at Facebook. While Congress is looking into improving privacy protections for Web users, it would seem some people are going to take up the issue in court. The suit against Clearspring was filed one year after researchers from UC Berkeley issued a report on how more than half of the Internet’s best known Web sites use Adobe’s Flash technology to surreptitiously gather information about their users, according to a story in Wired.com. “Flash Cookies” are not affected when users try to remove traditional cookies with their browser’s privacy controls. “What’s even sneakier,” Wired.com reporter Ryan Singel wrote then, is “several services even use the surreptitious data storage to reinstate traditional cookies that a user deleted, which is called ‘re-spawning,’” This means that a user may kill a cookie, but some technologies will bring it back to life by assigning that cookie’s unique ID to a new cookie. The report from the Berkeley researchers named two companies that reinstate cookies: QuantCast and Clearspring. http://news.cnet.com/8301-31001_3-20013672-261.html

Pennsylvania: No Charges Over Secret Photos (NYT, 17 August 2010) - Federal prosecutors will not file charges against a school district or its employees over the use of software to monitor students remotely. Zane David Memeger, a United States attorney, said investigators had found no evidence of criminal intent by Lower Merion School District employees who activated tracking software that took thousands of images on school-provided laptops. A student and his family sued the district in February, claiming officials invaded his privacy. That case continues. The district has acknowledged capturing 56,000 screen shots and Webcam images so it could locate missing laptops. http://www.nytimes.com/2010/08/18/us/18brfs-NOCHARGESOVE_BRF.html?scp=1&sq=memeger&st=cse

How to Use Mechanical Turk to Rock Conference Blogging (ReadWriteWeb, 17 August 2010) - Let’s say you are going to, or hosting, a conference and you want to make a good impression with the attendees and organizers. One way to do that is to create useful and thoughtful original content and resources regarding the event. Thanks to tools like Mechanical Turk, Google Custom Search and of course Twitter, you can now do incredible things around conferences that would have been very inefficient to do before. Earlier this month I went to the Techonomy conference in Lake Tahoe and wrote both here on ReadWriteWeb and on the conference blog. The event brought technologists together to talk about tackling the world’s big problems, like water and food shortages. It was a very impressive group of people. Before the event began, I used a few online tools to create some resources that proved very helpful in creating high-quality coverage of the event. I thought I would share what I did so that readers could make use of these same or similar methods. Specifically, here’s what I set up:
·      A Twitter list of all the conference attendees who use Twitter. This was very useful for keeping track of what people were saying during the event, even if they weren’t using the official hash tag. It’s also a really impressive list of people to keep in touch with in the future, and now when I’m viewing their Tweets in a list, I’ll always know the context that I discovered them in.
·      A Twitter list of women participating in the event. I also did the research to make it easy for me to create a list of people from outside the United States who were there. It’s good to create a special view into the conversations of some groups of people who can get lost in the noise of known industry leaders, in this case disproportionately men from Silicon Valley. Those lists are good not just to track particular perspectives during the event, I’ve also subscribed to the same lists in the beautiful iPad app Flipboard, so now I’ve got a personalized magazine made up of all the links shared on Twitter by international attendees of the Techonomy conference. That’s nice to have.
·      Most important for the blogging at the conference, I created a Google Custom Search Engine that searches the archives of all the websites of the organizations the conference attendees work for. This proved invaluable, as I could reference the previous work and research of the people present in writing about their discussions that weekend. It made for much better-informed blogging than I would have been capable of without the tool.

Site Tracks Federal Judicial Vacancies (Robert Ambrogi, 18 August 2010) - Both the president and Congress are often criticized for moving too slowly to fill federal judicial vacancies. But where are these vacancies and what has been done to fill them? The answers to these and other questions can be found at JudicialNominations.org, a website published by the American Constitution Society. The site features an interactive map of the United States showing vacancies by circuits and by federal districts. Click on any one to see the status of vacancies and nominations within that circuit or district. Last but not at all least are two boxes on the site’s front page that list the five vacancies that have been open the longest and the five nominees who have been pending the longest. The longest-open vacancy is a seat on the 9th U.S. Circuit Court of Appeals that has not been filled since Dec. 31, 2004. The longest-pending nominee is Jane Stranch, nominated for the 6th Circuit on Aug. 5, 2009. http://www.lawsitesblog.com/2010/08/site-tracks-federal-judicial-vacancies.html

Federal Circuit: Group’s Internet and Radio Worship Does Not Meet IRS Definition of ‘Church’ (Law.com, 18 August 2010) - The U.S. Court of Appeals for the Federal Circuit has ruled that a religious organization that primarily holds Internet and radio worship services does not meet the U.S. Internal Revenue Service’s definition of a church. A three-judge panel on Monday unanimously upheld a ruling by the U.S. Court of Federal Claims, in a case brought by the Foundation of Human Understanding, founded by Roy Masters in 1963 and “based upon Judeo-Christian beliefs and the doctrine and teachings of its founder.” The foundation challenged an IRS determination that it did not meet the Internal Revenue Code’s definition of a “church.” Federal Circuit Judge William Bryson noted that neither Congress nor the IRS has issued much guidance regarding the code’s definition of “church.” He said that court precedents have emphasized the associational test, which defines a church as an organization whose members meet regularly for organized worship, and on the IRS’s 14 criteria for determining what is a church. Those criteria include that it has a recognized creed and form of worship; a formal code of doctrine and discipline; a membership not associated with any other church or denomination; ordained ministers selected after completing prescribed studies; and holds regular religious services. The Federal Circuit panel deemed the associational test the most important. It agreed with the lower court that the foundation’s “electronic ministry” did not satisfy the test. “The fact that all the listeners simultaneously received the Foundation’s message over the radio or the Internet does not mean that those members associated with each other and worshiped communally,” Bryson wrote. http://www.law.com/jsp/article.jsp?id=1202470154549&rss=newswire [Editor: Different result if parishioners used chat or Tweeted? Used Skype or GoogleWave? Different result if parishioners lived in repressive regimes and could only worship/associate covertly? Possibly time to re-assess the associational test?]

Sheet Music Piracy: You Can Get Everything For Free On the Internet (NPR, 19 August 2010; 7minute broadcast) - Digital technology has made it possible for users to share perfect copies of audio and video files over the Internet, skirting copyright laws. And, as Tony Award-winning songwriter Jason Robert Brown discovered recently, even sheet music isn’t immune. When he published correspondence about the issue between a teenage fan and himself on his blog, he unleashed what he has called a “firestorm” of responses. As a theater songwriter, Brown may not be as well-known as Stephen Sondheim or Stephen Schwartz, but his finely crafted songs have been performed on and off Broadway. Brown makes a healthy upper-middle-class living from a variety of sources — he gets royalties from productions of his shows, and he teaches and performs. And, he estimates, about one-third of his income comes from the sale of sheet music. He says he had heard about websites where sheet music is shared, without any payment, and decided to check one of them out. http://www.npr.org/blogs/therecord/2010/08/18/129279738/sheet-music-file-sharing-you-can-get-everything-for-free-on-the-internet?sc=ipad&f=124289519 [Editor: Access to music lyrics is likewise fraught, but calls to me siren-like.]

Fla. Bar Website Rules Face Challenge in State High Court (Law.com, 19 August 2010) - Proposed Florida Bar rules for web advertising would require law firms to spend millions of dollars redoing their existing sites, could push clients to choose law firms in other states, and violate the First Amendment. Those are just a few of the objections submitted by eight large law firms that banded together to fight the proposal and submitted a 66-page comment to the Florida Supreme Court. The deadline for comments was Monday. The Florida Bar has until Sept. 7 to respond. The law firms protesting the new rules are Bilzin Sumberg Baena Price & Axelrod, Carlton Fields, Foley & Lardner, Jorden Burt, Holland & Knight, Hunton & Williams, Weil Gotshal & Manges, and White & Case. The Washington-based consumer advocacy group Public Citizen also sued the Bar last year over the proposed rules. Facing protests and threats of more lawsuits, the Bar postponed new rules that were to take effect July 1 to regulate law firm websites. The rules would prohibit online testimonials, case summaries, and “deceptive, misleading, manipulative” or confusing audio or visual content. The Bar, facing protests that the rules were vague and unfair, offered a compromise that would allow existing sites to be viewed if visitors clicked a disclaimer box. Following strong objections, the Bar exempted the American Civil Liberties Union and other nonprofit legal groups from the rules, stating they do not promote commercial speech. http://www.law.com/jsp/article.jsp?id=1202470389291&rss=newswire

FACTA’s Receipt Truncation Requirement Does Not Apply To E-Mail Receipts (Michael Rigney, 23 August 2010) - In June of 2009, Eduard Shlahtichman purchased contact lenses from defendant 1-800 Contacts using the Internet. Shlahtichman used his credit card for the purchase. The company sent him an e-mail confirming his purchase. The e-mail contained the expiration date of his credit card. Shlahtichman brought suit pursuant to the Fair and Accurate Credit Transactions Act of 2003 (“FACTA“). FACTA prohibits a merchant from “print[ing]” a credit card expiration date on a receipt “provided to the cardholder at the point of the sale.” That restriction applies only to electronically printed receipts. Judge Darrah (N.D. Ill.) dismissed the suit on two grounds: that an e-mail order confirmation does not constitute printing and that an e-mail order confirmation is not provided “at the point of the sale.” Shlahtichman appeals. In their opinion, Judges Bauer, Rovner, and Hamilton affirmed. Much of the appeal centers on the meaning of the word “print.” Since it is not defined in the statute, the Court looked to its ordinary meaning. Although recognizing that a minority of courts have extended its meaning to computer displayed receipts, the Court concluded that the Act applies only to paper receipts. It relied on dictionary definitions, the overall context and content of the Act, the ready application of such an approach to face-to-face transactions versus a host of questions in the computer context, Congress’ determination of the effective date of the Act using the year the printing device was first put into use, and the lack of any reference to Internet or e-mail in the Act in light of Congress’ many such references in other statutes. Alternatively, the Court noted that dismissal was proper because Shlahtichman alleged no actual injury, statutory damages are available only for willful violations, and 1-800 Contacts’ interpretation of the statute was reasonable, even if wrong, and could not support a finding of willfulness. http://www.intheiropinion.com/2010/08/articles/consumer-protection-law/factas-receipt-truncation-requirement-does-not-apply-to-email-receipts/#page=1

Redacting Personally Identifiable Data From E-Filings (Law.com, 23 August 2010) - Electronic filing of court documents has become the norm rather than the exception both here, in New York federal and state courts, and around the country. The trend is driven by the pervasive availability of online technology to conveniently enable e-filing, as well as the generally held presumption in U.S. jurisprudence that court proceedings are public in nature and should be easily accessible to the public. At the same time, privacy advocates, concerned about the amount of personally identifiable information easily available on the internet and the resultant increase of identity theft and other types of fraud, wish to restrict public access to certain types of data. These two somewhat contradictory philosophies intersect on the issue of whether the proliferation of electronic filing has unduly and unnecessarily exposed personally identifiable information to possible exploitation. At issue is the requirement that attorneys redact personally identifiable information from their e-filings. The obligation of an attorney to preserve the privacy interests of those involved in litigation and administrative proceedings has arisen in a variety of circumstances, and has been touched on in academic circles. However, whether an attorney’s failure to meet that requirement can create professional liability to either the attorney’s client -- or even to a non-client -- has not been definitively answered. The governing rules regarding the protection of confidential information in e-filings are relatively straightforward, but often are unfamiliar to practitioners. For example, Federal Rule of Civil Procedure 5.2 provides, in relevant part, that a party or non-party making an electronic filing (as well as a paper filing) that contains an individual’s Social Security number, taxpayer identification number, or birth date, or the name of a person known to be a minor or a financial account number, may include, unless the court otherwise orders, only: (1) the last four digits of the Social Security number and taxpayer identification number; (2) the year of the individual’s birth; (3) the minor’s initials; and (4) the last four digits of the financial account number. The remaining material must be redacted from the filing. The rule also provides that a court may order that a filing be made under seal without redaction (and that, upon a court order, such a filing may be unsealed or the person who made the filing may file a redacted version for the public record), and that, for good cause, a court may require redaction of additional information (such as driver’s license numbers and alien registration numbers) or limit or prohibit a nonparty’s remote electronic access to a document filed with the court. The Advisory Committee’s notes to Rule 5.2 explain that the rule was adopted in compliance with §205(c)(3) of the E-Government Act of 2002. Section 205(c)(3) required the U.S. Supreme Court to prescribe rules “to protect privacy and security concerns relating to electronic filing of documents and the public availability ... of documents filed electronically.” As the Advisory Committee points out, the rule was derived from and implements the policy adopted by the Judicial Conference in September 2001 to address the privacy concerns resulting from public access to electronic case files. http://www.law.com/jsp/article.jsp?id=1202470891377&rss=newswire

Texas Bar Turns Over 63,000 Member E-Mail Addresses to Law Student (Law.com, 23 August 2010) - Facing allegations that they violated the Texas Public Information Act, on Aug. 16 State Bar of Texas officials released to a member of the public the e-mail addresses of nearly 63,000 lawyers. Joe Crews, who represents Marni von Wilpert in her suit against the State Bar and its executive director Michelle Hunter, says the list of lawyers’ e-mail addresses clearly is subject to the Public Information Act. “I don’t understand why it was an issue,” says Crews, owner of the Crews Law Firm in Austin. On Aug. 14, von Wilpert filed von Wilpert v. State Bar of Texas, et al. in a state district court in Travis County. As noted in the original petition, von Wilpert seeks a declaratory judgment that the defendants violated the Public Information Act and injunctive relief to require release of the information. But the State Bar voluntarily released the e-mail addresses. Despite the suit, one of the lawyers whose e-mail addresses was released to von Wilpert does not believe the Bar should have handed over the list so easily. “I don’t think the Bar should have agreed to it without consulting with the attorneys [Bar membership] and waiting for a judge to order them to do it,” says Colorado City solo Pat Barber. http://www.law.com/jsp/article.jsp?id=1202470897117&rss=newswire

Newsweek Explains Why Fashion Designers Don’t Need Copyright (TechDirt, 23 August 2010) - For many years, we’ve been troubled by the effort by some fashion designers to add a totally unnecessary copyright to fashion design. We had noted that the fashion industry was actually a great example of a creative industry that was thriving without copyrights. It’s quite innovative and has a ton of competition, which is what we’d like to see -- so it never made sense that some politicians keep introducing a bill to extend copyright protection to fashion designers. This year, Sen. Chuck Schumer is back again with another attempt at extending copyright to fashion, and he’s been able to sign up a large number of co-sponsors. In the past, similar proposals haven’t gone far, but there’s a feeling that there may be some momentum behind it this year. 

Thankfully, some in the mainstream press are calling foul. Over at Newsweek, Ezra Klein has a fantastic column questioning the need for this bill and highlighting just how ridiculous it is. My favorite part is the following: “But perhaps the strongest argument is that America’s apparel industry doesn’t seem broken--so why try and fix it? “America is the world fashion leader,” said Steven Kolb, director of the Council of Fashion Designers of America, the lead trade group in support of the Schumer bill, “and yet it is basically the only industrialized country that does not provide protection for fashion design. Run that by me one more time? We’re the world leader in fashion, so we should change our policy to mimic our lagging competitors?” http://techdirt.com/articles/20100820/16194310714.shtml

Yoga Wars! India Blocks Patents On Poses (NPR, 23 August 2010) - The Indian government wants people to stop trying to patent ancient yoga practices. So officials are filming hundreds of yoga poses and translating ancient Sanscrit [sic] texts. They plan to send the results to patent offices around the world next month, the Washington Post reports. It’s an outgrowth of a project called the Traditional Knowledge Digital Library, which was originally created to fight patents on traditional Indian medicine — like turmeric for wound healing, which received a U.S. patent that was later withdrawn after India objected. “Yoga is collective knowledge and is available for use by everybody no matter what the interpretation,” the head of the digital library told the WaPo. “...we wanted to ensure that, in the future, nobody will be able to claim that he has created a yoga posture which was actually already created in 2500 B.C. in India.” The fight over who owns yoga got a lot of attention a few years back when Bikram Choudhury said a series of yoga positions done in a room heated to over 100 degrees was his intellectual property. Legal fights ensued. http://www.npr.org/blogs/money/2010/08/23/129381241/india-yoga-patents-html

Pentagon’s Cybersecurity Plans Have a Cold War Chill (Washington Post, 26 August 2010) - With little fanfare, the Pentagon is putting the finishing touches on a new strategy that will treat cyberspace as a domain of potential warfare -- and apply instant “active defense” to counterattacks that, in theory, could shut down the nation’s transportation and commerce. Even though it deals with a distinctly 21st-century problem, the strategy has echoes of the Cold War: America’s closest allies would be drawn into an early-warning network of collective cybersecurity; private industry would be mobilized in a kind of civil defense against attackers; and military commanders would be given authority to respond automatically to electronic invaders. In place of “massive retaliation” against attackers whose country of origin may be unclear, the strategy proposes an alternative concept of deterrence based on making America’s infrastructure robust and redundant enough to survive any attack. The Department of Homeland Security would oversee this hardening of infrastructure, with help from the National Security Agency. http://www.washingtonpost.com/wp-dyn/content/article/2010/08/25/AR2010082505962.html

Charges Settled Over Fake Reviews on iTunes (NYT, 26 August 2010) - Discerning Internet users know that glowing online reviews of things like books or restaurants cannot always be trusted. But federal regulators are serving notice that if you stand to gain financially from the review you are writing, you should be upfront about it. The Federal Trade Commission said on Thursday that a California marketing company had settled charges that it engaged in deceptive advertising by having its employees write and post positive reviews of clients’ games in the Apple iTunes Store, without disclosing that they were being paid to do so. The charges were the first to be brought under a new set of guidelines for Internet endorsements that the agency introduced last year. The guidelines have often been described as rules for bloggers, but they also cover anyone writing reviews on Web sites or promoting products through Facebook or Twitter. They are meant to impose on the Internet the same kind of truth-in-advertising principles that have long existed offline. Under the settlement, Reverb Communications and one of its executives, Tracie Snitker, agreed to remove all of the iTunes reviews that appeared to have been written by ordinary people but were actually written by employees of the company, which is based in Twain Harte, Calif. The settlement also bars Reverb and Ms. Snitker from making similar endorsements of any product or service without disclosing any relevant connections. When the guidelines were announced, many bloggers and users of services like Twitter complained of government overreach, and worried that they would have to disclose even tenuous connections with companies or services they wrote about. But Jonathan Zittrain, a professor at Harvard Law School and co-founder of the Berkman Center for Internet and Society, said the commission’s first enforcement action under the guidelines should be seen as good news by those who were concerned. “This case sort of shows that what they have in mind is not the individual blogger or Twitterer, but rather a professional endorser,” Professor Zittrain said. Given that fake reviews are widely understood to be common in the iTunes Store and on many Web sites, it was not clear why the trade commission had singled out Reverb. But the blog MobileCrunch reported last August that it had obtained a company document in which Reverb said it had hired “a small team of interns” whose tasks included “writing influential game reviews.” Eric Goldman, former general counsel of Epinions.com, which reviews consumer products, said fake reviews were “a pervasive problem on the Internet.” http://www.nytimes.com/2010/08/27/technology/27ftc.html?_r=1&ref=business

Augmented Reality and the Layar Reality Browser (InsideHigherEd, 26 August 2010) - I remember when I first saw the Verizon Wireless commercial featuring the Layar Reality Browser. It looked like something out of a science fiction movie. When my student web coordinator came in to the office with her iPhone, I asked her if she had ever heard of “Layar.” She had not heard of it so we downloaded it from the App Store. I was amazed at how the app used the phone’s camera, GPS and Internet access to create a virtual layer of information over the image being displayed by the phone. It was my first experience with an augmented reality application. A few universities have started using Layar to provide campus-specific augmented reality maps:
·      University of Wisconsin - Madison
·      West Virginia University
·      Arizona State University
·      University of California, Santa Barbara
·      Purdue University
New content layers can easily be created and shared. New student orientation programs, campus auxiliary services, first year experience courses, and campus tours could all benefit from using custom layers. I predict that a lot more schools will actively engage in augmented reality application development in the near future. http://www.insidehighered.com/blogs/student_affairs_and_technology/augmented_reality_and_the_layar_reality_browser [Editor: I’ve been using Layar on my iPhone for a month or so, but without an “ah-ha!” moment yet. Seeing proximate tweeters in my neighborhood just isn’t doing it for me.]

Federal Judge Sanctions Tech Company Over Handling of E-Discovery (Law.com, 27 August 2010) - A federal judge has sanctioned a leading developer of “flash drive” technology for its mishandling of electronic discovery in what the judge called a “David and Goliath-like” struggle. Southern District Judge William H. Pauley ruled that he would instruct the jury to draw a negative inference from the fact that SanDisk Corp., a company with a market capitalization of $8.7 billion, had lost the hard drives from laptop computers it issued to two former employees who are the plaintiffs in Harkabi v. Sandisk Corp., 08 Civ. 8230. SanDisk must be “mortif[ied]” by the ex-employees’ argument that the company, as a leading purveyor of electronic data storage devices, cannot claim that it made an “innocent” mistake in losing the hard-drive data, Pauley wrote. That argument is on target, the judge concluded, noting that SanDisk’s “size and cutting edge technology raises an expectation of competence in maintaining its own electronic records.” Pauley also awarded $150,000 in attorney’s fees to the two plaintiffs, Dan Harkabi and Gidon Elazar, because of delays the company caused in producing their e-mails during the 17 months they worked for SanDisk. http://www.law.com/jsp/article.jsp?id=1202471160961&rss=newswire

**** NOTED PODCASTS ****
Patrick Meier on Crowdsourcing Crisis Mapping (Berkman, 13 July 2010; 65 minutes) - Director of Crisis Mapping and Strategic Partnerships at Ushahidi — has published widely on the topic of conflict early warning and blogs at iRevolution.net and EarlyWarning. Here he discusses how Ushahidi’s open source mapping system has been used to help those on the ground report issues and connect swiftly with responders during crises and major events such as the recent earthquake in Haiti, the Gulf oil spill, and elections in Sudan. http://blogs.law.harvard.edu/mediaberkman/2010/07/13/patrick-meier-on-crowdsourcing-crisis-mapping-audio/

WiFi Holes, iPhone Jailbreaking, and DMCA (IT Conversations, 3 August 2010) – Glenn Fleishman writes about many aspects of current technology. He joins Phil and Scott to discuss a number of current networking and mobile issues. He begins with an examination of a newly found hole in the 802.11 standard and whether it is a major problem. He also discusses WiFi security issues and how both enterprises and the personal users are dealing with them. Glenn also reviews such topics as location data, the now legal ability to jailbreak the iPhone, and his objections to the DMCA. http://itc.conversationsnetwork.org/shows/detail4634.html [Editor: too-technical discussion at beginning about 802.11n holes; interesting stuff at 20:00 on Skyhook and WiFi location data, and at 30:00 on home spectrum rights and MagicJack; iPhone jailbreak/DMCA stuff at 40:00 is skip-able.]

**** RESOURCES ****
A “Chicago” Manual for the Internet Age (The New Yorker, 12 August 2010) - The Sixteenth Edition of “The Chicago Manual of Style” is here, and it's hard for some of us to contain our excitement. What should we read first? The new section on parallel structure, or the expanded guide for achieving bias-free language? And did you see that sleek, new, toothpaste-blue jacket? Farewell, older orange editions: this is a style guide for a new era! It's easy to tease, but for those of us who spend our days worrying over words, there really is something thrilling—or at least comforting—about the arrival of the newest incarnation of this venerable guide. As it happens, the world of publishing has changed a lot since the fifteenth edition was released in 2003, and the editors at the University of Chicago Press have made an effort to acknowledge these new developments. Balancing a tried-and-true tradition with new standards for electronic publishing—where it sometimes feels as though we're all making up the rules as we go—is no easy feat, and the sixteenth edition of the “Chicago Manual” seems to be caught between two worlds. Near the front of the book, there's still a lengthy section on marking up printed manuscripts, along with a table of handwritten proofreaders' marks that sent pangs of nostalgia through this blogger's heart. But at the back of the book, an appendix dealing with digital production technologies provides detailed instructions—complete with a gnarly-looking flowchart—on when and how to edit HTML and XML files during the course of producing a book, e-book, or Web publication. One note seems to warn the scrupulous editor against the dangers of letting authors—those sneaky devils—tinker with their own electronic files: the editor "needs to have procedures in place for making sure the author does not make any undocumented changes—inadvertently or otherwise." http://www.newyorker.com/online/blogs/books/2010/08/a-chicago-manual-for-the-internet-age.html

Electronic Commerce Law: Direct Regulation, Co-Regulation and Self-Regulation (Jane Winn, Sept 2010) – Abstract: The global integration of markets has both eroded the sovereignty of national governments in regulating their domestic economies and also given rise to distinctive new forms of regulation whose authority may be largely independent of any national government. Information and communication technologies (ICT) contribute to this trend by supporting the development of self-regulatory systems that are embedded in global ICT networks subject to strong network effects. Self-regulating ICT networks are one example of a new type of governance that is growing in importance as a result of globalization. This paper focuses on electronic commerce as a form of commercial activity mediated by ICT networks. In recent decades, national governments have used direct regulation, co-regulation and self-regulation in response to the growth of a global information infrastructure and electronic commerce. This paper considers three case studies: electronic signature laws as a form of direct regulation; the Single Euro Payment Area as a form of co-regulation, and the Payment Card Industry Data Security Standard as a form of self-regulation. These case studies suggest that electronic commerce law in global markets is based on a form of legal pluralism that is reminiscent in some ways of the traditional law merchant, and that if its role in regulating commercial transactions is more clearly recognized, that may aid national regulators in retaining their authority over their domestic markets. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1634832 [Editor: A continuation of the “code-as-law” analysis; I helped workshop a version of this paper at the Berkeley/GWU Privacy Law Scholar Conference in June.]

**** DIFFERENT ****
How Google Translate Works (Google, 12 August 2010) - Google uploaded a video that explains how Google's machine translation service works. It's fascinating to see how much Google Translate has improved in the past 4 years and how many Google services use it. http://googlesystem.blogspot.com/2010/08/how-google-translate-works.html [2.5 minute explanation of “statistical machine translation”.]

**** LOOKING BACK - MIRLN TEN YEARS AGO ****
'80s Nostalgia? M-M-Max Headroom Is Now On DVD (NPR, 10 August 2010) - People who saw Max Headroom back in the '80s should have no problem remembering him instantly — and not necessarily from the ABC TV series, which shone briefly and brightly in 1987 and 1988. Max, a supposedly computer-generated TV host played by Matt Frewer, was a bona fide media sensation for a while: He hosted a music-video show, starred in ads for New Coke (OK, so that didn't go so well), even appeared on the cover of Newsweek. But to those too young to have experienced Max firsthand, how do you describe him, much less explain him? Well, let's try. Imagine a background of thin, brightly lit neon tubes, rotating and pulsating in various geometric patterns. Now, in front of that background, place a talking head. No hands, no body, just a head — a head that looks manufactured, like a plastic dummy, but also is eerily human. That's Max Headroom — with a stutter, both aural and visual, that's like a record needle stuck in a groove. There were only 14 episodes of the TV series, and they're all on Max Headroom: The Complete Series. The show is set, as it proclaims at the start of each hour, "20 minutes into the future," but it's a very dark, cynical, Blade Runner type of future. The biggest media giant in the world is Network 23, a global operation — and one of its biggest stars is Edison Carter, a hard-hitting reporter in the 60 Minutes tradition. http://www.npr.org/templates/story/story.php?storyId=129087041 [Editor: 8 minute audio story. Indeed, much of the storyline was prescient, but Blip-verts don’t really make your head explode. Yet. Mostly, it’s certain paid-political announcements that make you wish somebody’s head would explode.]

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at  (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln. Get supplemental information through Twitter: http://twitter.com/vpolley)

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu
2. InsideHigherEd - http://www.insidehighered.com/ 
3. SANS Newsbites, sans@sans.org
4. NewsScan and Innovation, http://www.newsscan.com
5. BNA’s Internet Law News, http://ecommercecenter.bna.com
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/
10. Law.com
11. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit  or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.