Saturday, September 18, 2010

MIRLN --- 29 August – 18 September 2010 (v13.13)

·      NIST Publishes Approved Testing Procedures for Electronic Health Records
·      California Town Abandons Facebook Page Amid Legal Concerns
·      Visa Offers New Guidance on Securing Payment Applications
·      Conn. Gets Tough on Insurance Breaches
·      Computer Forensics Experts, Who’s Your Daddy?
·      The Lawyer On the Net
·      Writer Neal Stephenson Unveils His Digital Novel The Mongoliad
·      Are Judges Using Social Media?
·      Social Media Helps NRC Combat Brain Drain
·      YouTube Ads Turn Videos Into Revenue
·      Feds Issue Smart Grid Cybersecurity Guidelines
o   Feds Putting Their Heads In the Cloud
·      Stealth Mode Watch: Another Nail In The Coffin Of ‘Stealth’
·      White House Launches Web Site Seeking Citizens’ Help
·      3rd Circuit: Probable Cause May Be Needed for Cell Phone Location Data
·      ACLU Sues Over Warrantless Border Laptop Searches
·      HHS Withdraws Breach Notification Final Rule
·      Cybersecurity – Four New Essays
·      No, You Don’t Own It: Court Upholds EULAS, Threatens Digital Resale
·      Russia Uses Microsoft to Suppress Dissent
·      The Timely Demise of the Fourth Amendment Third Party Doctrine
·      Search Takes a Social Turn
·      Orchestra To Turn Copyright-Free Classical Scores Into Copyright-Free Music
·      Appeals Court Guts Landmark Computer-Privacy Ruling
·      N.J. Court OKs Googling Jurors During Voir Dire
·      Interview with Susskind About New Edition of “The End of Lawyers?”
·      Confronting Piracy In the World of Fashion
·      Company Not Responsible for Harassive Comments by Coworker on Personal Facebook Page
·      Web Analytics Code of Ethics
·      The Goods and Bads of Bump, Which Links You to Your License Plate


NIST Publishes Approved Testing Procedures for Electronic Health Records (NIST, 17 August 2010) - In efforts to help the nation’s health care industry make the transition to the digital age in an effective and meaningful fashion, the National Institute of Standards and Technology (NIST) has published a set of approved procedures for testing information technology systems that work with electronic health records (EHRs). Released in draft form earlier this year (see “NIST, Partners Develop Testing Infrastructure for Health IT Systems,” NIST Tech Beat for March 16, 2010, at, the approved and finalized testing procedures are now available for use. Under a certification program established by the U.S. Department of Health and Human Services Office of the National Coordinator (HHS/ONC), testing organizations authorized by HHS/ONC can use the tools to evaluate EHR software and systems that vendors would like to sell to doctor’s offices, hospitals and other health care providers. Starting next year, the federal government will provide extra Medicare and Medicaid payments to health care providers that implement EHR systems certified to meet ONC requirements that conform to technical standards and are put to “meaningful use,” performing specifically defined functions. These ONC-approved test procedures help ensure that electronic health records function properly and work interchangeably across systems developed by different vendors. The set of 45 approved test procedures evaluate components of electronic health records such as their encryption, how they plot and display growth charts, and how they control access so that only authorized users can access their information. The development of these tools was mandated by the American Recovery and Reinvestment Act (ARRA) in order to support a health IT infrastructure. Notice of the approved test procedures appears in the August 9, 2010, Federal Register. For more information, see and

California Town Abandons Facebook Page Amid Legal Concerns (ABA Journal, 24 August 2010) - The city of Redondo Beach, Calif., is abandoning its Facebook page after hearing about potential legal problems. The city council voted to ditch the page last week after City Attorney Mike Webb outlined his concerns about the First Amendment and state legal requirements, the Daily Breeze reports. The legal issues include:
• May city officials remove vulgar posts and misinformation, or are the comments protected by the First Amendment?
• If a quorum of city council members comment on a Facebook post, is it a violation of the open meetings law? Such laws require advance notice of meetings and an opportunity to attend, blogger Robert Ambrogi writes at the Media Law blog.
• Is the city obligated to retain user comments under the state’s public records law?
• Could the city face liability for employee comments deemed offensive in the workplace?
Webb told the Daily Breeze he believes Facebook has too many complications that could lead to litigation. “I would just prefer that the case law not have ‘City of Redondo Beach’ in the title,” he said.

Visa Offers New Guidance on Securing Payment Applications (Computerworld, 25 August 2010) - Visa on Tuesday announced a set of security best practices for vendors of payment applications and for the systems integrators and resellers responsible for implementing and managing them. The guidelines are designed to address continuing vulnerabilities in the payment chain stemming from insecure implementations of the applications that are used in credit and debit card transactions, according to Eduardo Perez, Visa’s head of global payment system security. The existing Payment Application Data Security Standard (PA-DSS) administered by the PCI Security Council, already requires developers of payment applications to implement specific security controls in their software. For instance, the standard requires application vendors and developers to ensure their applications do not store certain cardholder and authentication data, such as PINs. However, while the software itself may be secure, several vulnerabilities continue to persist because of improper configurations and other implementation errors, Perez said. Visa’s best practices are a natural extension to the PA-DSS requirements, Perez said. “What we have done is to go a bit beyond these requirements. PA-DSS is about secure payment applications and not about their secure implementation and management.” Visa’s guidelines were developed in collaboration with the SANS Institute, a Bethesda, Md.-based security training and certification organization. The best practices touch upon 10 different issues and include a mix of technology and process-related advice.

Conn. Gets Tough on Insurance Breaches (GovInfoSecurity, 30 August 2010) - All insurance companies doing business in Connecticut now must report information breaches to state authorities within five calendar days, even if the data involved was encrypted. The tough policy which applies to paper and electronic records, was contained in a bulletin (Bulletin IC-25) that the state insurance department issued earlier this month. For health insurers, the state requirements go far beyond the federal requirements included in the HITECH Act interim final breach notification rule. That rule requires that major breaches must be reported to federal authorities within 60 days, and it does not require reporting breaches of encrypted information. The state’s action was “in response to some recent data breaches which were not reported in what we believe to be a timely manner,” says a spokesman for the Connecticut Insurance Department. The new policy for insurers is just the latest in aggressive actions to crack down on healthcare breaches in the state. Connecticut Attorney General Richard Blumenthal made headlines earlier this year when he became the first attorney general to sue an organization for HIPAA violations, as authorized under the HITECH Act. He sued Health Net, which eventually agreed to pay $250,000 in damages and offer stronger consumer protections to settle the suit over a breach in 2009. The new state insurance breach reporting policy applies to health maintenance organizations, preferred provider organizations, and other health insurers, as well as property and casualty insurers, pharmacy benefit managers and medical discount plans. It does not apply to hospitals and physicians.

Computer Forensics Experts, Who’s Your Daddy? (, 31 August 2010) - In 2001, Jessica Bair was serving as an expert computer forensic examiner in a statutory rape case being prosecuted largely on the basis of digital evidence. As is common in such cases, the defense challenged the validity of the computer files by attacking the credibility of her reports and conclusions. But Bair says one thing helped tip things in her favor. When being qualified, she mentioned computer forensic certifications she had earned while in the military. As soon as she mentioned her certifications, she says the judge stopped her mid-answer and asked her to repeat each certification slowly, so he could write them down in his notes. “At the time, only military or law enforcement could get certification like this,” says Bair, who later co-created a certification program for Guidance Software. “Computer forensics examiners can have a hard time defending themselves in court without some sort of validation they can point to.” As computer forensics has become increasingly important to civil and criminal trials, certification for computer experts has been a growing business. Today there are a handful of nonprofit and for-profit organizations that offer computer forensic certification programs. However, no one program or authority has appeared to define what a computer forensic certification should entail, which means these programs can vary wildly in terms of quality. “The fact is that most certifications in computer forensics mean little more than that the person has paid a fee and completed a form,” says Craig Ball, a computer forensics examiner in Austin, Texas. “I hold multiple certifications, so it’s not that I feel they have no value; but I think that you can pass the certification exams and still be a markedly inadequate examiner.” Originally, only military and law enforcement certifications were available. But as computer forensic experts began to be commonly employed in legal matters, more civilian and nonlaw enforcement computer professionals began entering the business. The growing demand for computer forensic experts has created a growing profession without a standard training model. “People watch a program like CSI and think they want to get into this field,” says Bair, senior director of curriculum development at Guidance Software. “You might be able to train to be a technician, but this is a complex field that requires many different skills.”

The Lawyer On the Net (Media Law Prof Blog, 1 Sept 2010) - Lucille A. Jewel, John Marshall Law School (Atlanta), has published I Can Has Lawyer? The Conflict Between the Participatory Culture of the Internet and the Legal Profession. Here is the abstract: “The Internet allows citizens to comment on public affairs with an amplified and unfiltered voice, creating an open, community-based culture where robust debate flourishes. However, many of the ideals and practices of participatory culture clash with the traditional legal culture as it exists in the United States. This cultural conflict can be seen in emerging narratives, in the form of web blogs and lawyer emails that go “viral,” in which lawyers comment on the lack of humanism within big law firm hiring and firing practices; expose the alienating work environments experienced by low-level contract attorneys; or criticize judges who show hostility toward criminal defense attorneys. 

From a critical standpoint, these narratives tell the story of a broken legal profession, implicitly arguing that the liberal humanism that the profession supposedly embodies does not apply to all lawyers. These stories are, in effect, structural critiques of the profession. Nonetheless, these missives have the potential to run afoul of ethical rules and professional norms that prohibit attorneys from impugning the integrity of the judiciary and the legal profession. Because these narratives provide a valuable critique of the profession, however, ethical rules or professional norms should not operate to shut these stories down. As the democratic ideals inherent in participatory culture become more deeply embedded in our society, the legal profession should also evolve and embrace a more pluralistic and unconstrained approach toward professionalism. 

Part I of this Article describes the characteristics of participatory culture relevant to the legal profession. Part II explores the emerging format of the online lawyer narrative and Part III analyzes the professionalism issues raised by these new narratives.”

Writer Neal Stephenson Unveils His Digital Novel The Mongoliad (NYT, 1 Sept 2010) - Author Neal Stephenson has been credited for inspiring today’s virtual world startups with his novel Snow Crash. Now he’s launching a startup himself: Subutai, where he is co-founder and chairman. The company, based in Seattle and San Francisco, has developed what it calls the PULP platform for creating digital novels. The core of the experience is still a text novel, but authors can add additional material like background articles, images, music, and video. There are also social features that allow readers to create their own profiles, earn badges for activity on the site or in the application, and interact with other readers. Stephenson said in an interview that this material is an extension of what many science fiction and fantasy novels already offer. “I can remember reading Dune for the first time, and I started by reading the glossary,” he said. “Any book that had that kind of extra stuff in it was always hugely fascinating to me.” Subutai is launching its inaugural product today, a serialized story called The Mongoliad about the Mongol invasion of Europe. The company promises to release a new chapter a week. Readers can pay $5.99 for a six-month subscription fee or $9.99 for a year. Co-founder and President Jeremy Bornstein said the company is experimenting with a new model for publishing books. The traditional model of paying for content may not hold up when the content “be canned and sent around to your friends for free,” he said, but people will hopefully still to pay for content if “the experience is so much more rich, so much more involving.” [For an homage to Stephenson, see “Looking Back” below.]

Are Judges Using Social Media? (, 1 Sept 2010) - On their own time, state judges are experimenting with social media such as Facebook, according to a new survey. But judges doubt that that they could use the new media tools in their professional lives without violating judicial ethics codes. Those are the findings of a survey conducted by the Conference of Court Public Information Officers conducted in June and released Aug. 26 following a recent meeting of the group, which represents spokespersons for state and federal courts. “Judges appear to be adopting and accepting new media at about the same rate as the general population,” said Christopher Davey, director of public information for the Supreme Court of Ohio, and co-author of a conference report on new media and the courts. “But they are being very cautious, very mindful of the canons.” Forty percent of the judges who responded to the survey said they use social media sites. Most of those use Facebook and most are judges who stand for election. Fewer than 9 percent of non-elected judge use social media sites, the survey indicated. Some elected judges have used the sites to interact with voters, said Davey, but most use them the same way other adults do, namely “to connect with their grandkids.” Still, close to half of the judges responding disagreed with the notion that they could use social media sites in their professional lives without violating ethics rules. Several state judicial ethics bodies have adopted rules prohibiting judges from “friending” on Facebook the lawyers who appear before them. Almost all who responded agreed that judges and court personnel need to familiarize themselves with new media. But a very small percentage of courts — fewer than 7 percent — use the social media sites for official purposes, such as alerting the public or the press to newly issued rulings. The Tennessee court system has been on Twitter for more than a year with nearly 900 followers, according to spokeswoman Laura Click. “It’s a great way to communicate with the public,” she said, “It’s generated a great deal of interest.” She said the Tennessee Supreme Court was quick to embrace the idea when she proposed it, and a YouTube channel is in the works.

Social Media Helps NRC Combat Brain Drain (GCN, 2 Sept 2010) - The Nuclear Regulatory Commission, like many government agencies, faces the challenge of retaining and sharing the technical expertise of an aging workforce that is being replaced by younger workers. “Most of us came in during the ‘70s and ‘80s” and are beginning to retire, said Patricia Eng, NRC’s senior adviser for knowledge management. Agencies are hiring new employees to take their places, but NRC estimates that it is losing an estimated 3,900 years of experience every year. The challenge of maintaining specialized knowledge during this generational shift is compounded by the commission’s distributed structure, which results in silos of expertise in separate offices. Its headquarters is in Rockville, Md., and the agency has regional offices in Pennsylvania, Georgia, Illinois, Texas, Nevada and Tennessee. It also has on-site inspectors permanently stationed at each nuclear power plant that it regulates. The knowledge management challenge is simple, as Eng sees it: “Get the information that is needed to the right person.” To achieve that, she said, “we went simple.” During the past three years, NRC has been rolling out the Tomoye enterprise social networking tool that integrates with Microsoft SharePoint and allows users on the commission’s intranet to collaborate and share information and documents. “We provide them with a product that supports development of communities of practice and allows professional networking inside the environment,” said Eric Sauve, vice president of NewsGator Technologies, which acquired Tomoye in January. Tomoye is a commercial product that was easily customized for NRC’s use and has required no help-desk support or user training, Eng said. “It’s Facebook-like; it’s got wiki-like tools,” she said. Because it sits behind the agency’s firewall, Eng does not have to worry about encryption or additional user access controls for security. To date, about a quarter of the NRC staff is using Tomoye to collaborate and share. There are no plans to require all the staff to join the community. Eng said she is content to let use of the platform spread virally, with new users joining as they see the value of it, “because the software is so easy to use.” [Editor: sounds like too-much reliance on technology, vs. process and culture – this is what I do for a living. More:]]

YouTube Ads Turn Videos Into Revenue (NYT, 2 Sept 2010) - Last month, a YouTube user, TomR35, uploaded a clip from the AMC series “Mad Men” in which Don Draper makes a heartfelt speech about the importance of nostalgia in advertising. Viewers wouldn’t notice, but that clip also makes an important point about modern advertising — YouTube is an increasingly fruitful place for advertisers. In the past, Lions Gate, which owns the rights to the “Mad Men” clip, might have requested that TomR35’s version be taken down. But it has decided to leave clips like this up, and in return, YouTube runs ads with the video and splits the revenue with Lions Gate. Remarkably, more than one-third of the two billion views of YouTube videos with ads each week are like TomR35’s “Mad Men” clip — uploaded without the copyright owner’s permission but left up by the owner’s choice. They are automatically recognized by YouTube, using a system called Content ID that scans videos and compares them to material provided by copyright owners. Those two billion views, a 50 percent increase over last year, according to the company, are just 14 percent of the videos viewed each week on the Google-owned site. But that’s enough to turn YouTube profitable this year, analysts say. YouTube now offers several types of ads, including display ads on its home page and on the video pages, ads that promote videos and ads that run in the video stream or pop up on the bottom of a video. When someone uploaded a recording of the Eminem song “Not Afraid,” for instance, instead of taking down the recording, YouTube ran pop-up ads that let people buy the song or the ring tone and shared the revenue with the copyright owner.

Feds Issue Smart Grid Cybersecurity Guidelines (Information Week, 3 Sept 2010) - As part of the billions the federal government is spending to push the nation from its current aging electrical grid and infrastructure toward a smart grid, the National Institute of Standards and Technology released Thursday a series of guidelines for smart grid cybersecurity. The recommendations, which come in a three-volume guide (totaling a whopping 537 pages) titled Guidelines for Smart Grid Cyber Security, come as concerns about the vulnerability of the nation’s electrical grid have been on the rise. The new report includes high-level security requirements, a risk assessment framework, an evaluation of privacy concerns, guides to mitigating vulnerabilities, and a summary of research needs. It also recommends a multi-layered security strategy. In total, the report details 189 security requirements. That being said, NIST called the guidelines just the first step in building a secure smart grid. Guidelines (in 3 volumes) available here:

- and -

Feds Putting Their Heads In the Cloud (Steptoe & Johnson, 9 Sept 2010) - A subcommittee of the Federal CIO Council issued a report identifying some of the legal issues that federal agencies need to consider before storing personally identifiable information in the “cloud.” The report does not discourage the use of cloud computing, and in fact touts it as “a cost-saving and efficient option” for addressing agencies’ burgeoning storage requirements -- good news for companies offering cloud computing solutions. But it notes that cloud computing presents security and privacy risks that need to be taken into account, and helpfully sets out some of the laws that agencies must consider when deciding whether to move information to the cloud. For cloud computing providers, the report provides insight into how their potential federal government customers will be thinking about these issues.

Stealth Mode Watch: Another Nail In The Coffin Of ‘Stealth’ (TechCrunch, 4 Sept 2010) - Stealth Mode Watch, a searchable data spider of often very revealing SEC form D filings, is the brain child of Denis Papathanasiou, who came up with the idea while researching funding options (aka spying) for his ebooks startup Fifobooks, “I was just using it to keep tabs on specific investors and other competitors in the ebook space, but I mentioned it to a few people, and they were interested enough to want to use it themselves.” Papathanasiou then added a public API and launched it in beta under its own domain. Right now the site allows a simple search mode which shows results for the past four weeks and then an extended API mode which allows results past that date as well as filtering parameters like “people,” “companies” and “places” (Humans beware: The data is delivered in XML files). Papathanasiou says he got the idea from First Round Capital Managing Director Josh Kopelman’s “The Death of Stealth Mode,” which warned startups of the perils of filing series D forms. “If you’re starting a company and want to stay in “stealth mode”, make sure you understand the impact of your Form D filing and factor that into your plans. And if you’re a lawyer for a startup company, please tell your clients about the public disclosures you make on their behalf!”

White House Launches Web Site Seeking Citizens’ Help (Computerworld, 7 Sept 2010) - The U.S. government is asking the public for help with some of its most vexing problems with the launch of a new Web site that offers rewards for the best ideas., announced by U.S. government CTO Aneesh Chopra and CIO Vivek Kundra on Tuesday, seeks the public’s ideas on several problems government agencies want solved. As of Tuesday, listed 36 challenges from 16 U.S. agencies, with most of the challenges offering cash prizes. “will build out an accountable, results-oriented ecosystem that is fueled by grassroots, bottom-up organizations in the public,” Kundra said at the Gov. 2.0 Summit in Washington. The site will “engage the American people in new and creative ways to solve real and practical problems,” he added.
·      The U.S. Department of Energy is offering $15 million in prizes in a contest to create ultra-efficient lighting products. Nine other contests listed as of Tuesday offer prizes of $1 million or more, and several contests offered prizes of $5,000 or less.
·      Other contests offered the winners publicity or a pat on the back from a grateful government. The U.S. Environmental Protection Agency has challenged universities to reduce the garbage generated at football games, with publicity going to the winners in several categories.
·      The U.S. Department of the Interior is asking for people to submit photographs of national historic landmarks, with the winners’ pictures displayed on the National Park Service Web site. This is the 11th anniversary of the contest.
Other challenges listed on are new. The U.S. Department of Agriculture and First Lady Michelle Obama want teams of people to create tasty and healthy recipes that can be used in school lunch programs. Winning teams will be invited to prepare their recipes alongside White House chefs, and the challenge includes $12,000 in prize money. is part of a “fundamental shift” in the way government works, Kundra said. “What does is it engages the American people to be co-creators in creating solutions to some of the toughest problems this country faces,” he added. People who go to can vote on problems and solutions offered there, in addition to competing in the challenges, Kundra said. People who sign on to support a challenge will get updates of its progress.

3rd Circuit: Probable Cause May Be Needed for Cell Phone Location Data (, 8 Sept 2010) - In the first appellate ruling on a cutting-edge privacy issue, the 3rd U.S. Circuit Court of Appeals has declared that cell phone location data may trigger Fourth Amendment concerns and that prosecutors demanding access to such records may be required at times to satisfy a probable cause standard. The ruling in In re Application of the USA - Electronic Communication Service is a setback for the Justice Department, which had argued that judges are required under §2703 of the Stored Communications Act to issue orders for access to such data whenever prosecutors show that it would be “material” and “relevant” to an ongoing investigation. But the appellate court’s ruling also reversed a decision by U.S. Magistrate Judge Lisa Pupo Lenihan of the Western District of Pennsylvania that said §2703 didn’t apply and that prosecutors must always show probable cause to access such data. Instead, the appellate court largely adopted the position espoused by a coalition of civil rights and privacy groups who, in an amicus brief, argued that although the records are covered by §2703, judges must be free to decide when to demand that prosecutors satisfy the probable cause standard. “Because the statute as presently written gives the magistrate judge the option to require a warrant showing probable cause, we are unwilling to remove that option although it is an option to be used sparingly,” U.S. Circuit Judge Dolores K. Sloviter wrote in an opinion joined by Judge Jane R. Roth and partly joined by visiting 9th Circuit Judge A. Wallace Tashima. The ruling was hailed as an important protection of privacy rights by professor Susan Freiwald of the University of San Francisco School of Law, an expert in the area of privacy and technology, who filed her own amicus brief and was one of two lawyers arguing against the government. Freiwald said that while the 3rd Circuit reversed the lower court’s ruling, the larger importance of the appellate court’s decision was the panel’s rejection of the Justice Department’s reading of the statute as well as the government’s arguments about the modern-day implications of two significant decisions from the U.S. Supreme Court in the 1970s. At issue in the case is data, termed CSLI (for “cell site location information”), that are recorded about once every seven seconds whenever a cell phone is turned on, and can be used to effectively track the whereabouts and the comings and goings of any cell phone user. Ordinarily, the behind-the-scenes mechanics of criminal investigations are invisible to the public, and prosecutors obtain orders for access to such data without any public scrutiny. But in February 2008, Lenihan publicly issued a 52-page opinion that said the prosecutors must meet the “probable cause” standard whenever they demand CSLI. “This court believes that citizens continue to hold a reasonable expectation of privacy in the information the government seeks regarding their physical movements/locations -- even now that such information is routinely produced by their cell phones -- and that, therefore, the government’s investigatory search of such information continues to be protected by the Fourth Amendment’s warrant requirement,” Lenihan wrote. On appeal, the Justice Department argued that Lenihan got the issues wrong because the statutes clearly allow the government to require “a provider of electronic communication service” to disclose “a record or other information pertaining to a subscriber.” Now the 3rd Circuit has sided with the Justice Department on the threshold question and ruled that Lenihan must be reversed on her holding that the data isn’t covered by the statute. “We hold that CSLI from cell phone calls is obtainable under a Section 2703(d) order and that such an order does not require the traditional probable cause determination,” Sloviter wrote. Lenihan erred, Sloviter said, “in allowing her impressions of the general expectation of privacy of citizens to transform that standard into anything else.” But Sloviter also described the government’s position as “extreme” and said she was “puzzled” by the government’s argument that it would be unable to secure warrants. “In our experience, magistrate judges have not been overly demanding in providing warrants as long as the government is not intruding beyond constitutional boundaries,” Sloviter wrote. Sloviter also flatly rejected the government’s arguments stemming from two U.S. Supreme Court decisions from the 1970s which, prosecutors said, showed that the Fourth Amendment is never triggered by information that is voluntarily shared with phone companies, such as records of numbers dialed. “A cell phone customer has not ‘voluntarily’ shared his location information with a cellular provider in any meaningful way,” Sloviter wrote. “... It is unlikely that cell phone customers are aware that their cell phone providers collect and store historical location information.”

ACLU Sues Over Warrantless Border Laptop Searches (ArsTechnica, 8 Sept 2010) - An Obama administration policy allowing US border officials to seize and search laptops, smart phones and other electronic devices for any reason was challenged as unconstitutional in federal court Tuesday. Citing the government’s own figures, the American Civil Liberties Union and the National Association of Criminal Defense Lawyers claim about 6,500 persons had their electronic devices searched along the U.S. border since October 2008. In one instance, according to the lawsuit filed in New York, a computer laptop was seized from a New York man at the Canadian border and not returned for 11 days. The lawsuit seeks no monetary damages, but asks the court to order an end to the searches. “All we want is that the government has to have some shred of evidence they can point to that may turn up some evidence of wrongdoing,” says ACLU attorney Catherine Crump. The so-called “border exception” to the Fourth Amendment’s probable-cause standard sometimes requires the lower standard of “reasonable suspicion” to search a traveler’s person or physical property, says Crump. But when it comes to electronic devices, the government’s “policy allows a purely suspicionless search of laptops, cell phones and other electronic devices,” she says. The lawsuit comes as laptops, and now smart phones, (.pdf) have become virtual extensions of ourselves, housing everything from e-mail to instant-message chats to our papers and effects. The government maintains it needs the carte blanche authority to search electronics at the border to keep the United States safe. That’s what it told the San Francisco-based 9th US Circuit Court of Appeals, which approved the searches in 2008. Tuesday’s lawsuit is in the jurisdiction of the New York-based 2nd US Circuit Court of Appeals, which is not obliged to follow precedent in other circuits.

HHS Withdraws Breach Notification Final Rule (McGuire Woods, 8 Sept 2010) - On August 28, 2010, the U.S. Department of Health and Human Services (HHS) announced on its website that it has withdrawn the final breach notification rule from the Office of Management and Budget (OMB) to “allow for further consideration, given the Department’s experience to date in administering the regulations.” During the 60-day public comment period on the Interim Final Rule for Breach Notification for Unsecured Protected Health Information, HHS received approximately 120 comments. The Interim Final Rule, issued pursuant to the Health Information Technology for Economic and Clinical Health (HITECH) Act, became effective September 23, 2009. The regulations, developed by the Office of Civil Rights, require a HIPAA-covered entity to notify affected individuals and the Secretary of HHS of a breach, and to inform the media in cases where a breach affects more than 500 individuals. The regulations also require a business associate of a covered entity to notify the covered entity of a breach at or by the business associate.

Cybersecurity – Four New Essays (Lawfare blog by Jack Goldsmith, 9 Sept 2010) - Cybersecurity is in my opinion and the opinion of many in Washington the most significant national security challenge that the United States faces today. We are among the most computer-dependent of societies, and we have the most computer-dependent military and intelligence agencies, in the world. And with computer dependency comes computer vulnerabilities – vulnerabilities that are hard to find and hard to fix. My basic views on the issue are laid out here, in a long review of Richard Clarke’s and Robert Knake’s good book, Cyberwar. I am writing my own book on the topic and hope to write about it a lot in this space over the next year. But in the meantime, in the last few weeks four important essays on cybersecurity have appeared. The most significant is Deputy Secretary of Defense William’s Lynn’s essay in Foreign Affairs (subscription needed), Defending a New Domain: The Pentagon’s Cyberstrategy. Lynn begins the essay by revealing that in 2008 the Pentagon suffered “the most significant breach of U.S. military computers ever” when a flash drive inserted into a U.S. military laptop at a base in the Middle East surreptitiously introduced malware into Centcom’s classified and unclassified computer systems. He describes DOD’s response to this intrusion, and then explains why DOD is establishing Cyber Command; why it is skeptical about deterrence through retaliation; why arms control agreements are probably not a model for international cybersecurity norms; why the U.S. military “must respond to [cyberattacks] as they happen or even before they arrive;” why the National Security Agency (whose Director is also in charge of Cyber Command) is heavily involved in such “active defenses;” why the Pentagon and NSA should be involved in protecting private civilian critical infrastructure from cyber attack; and much more. I am persuaded by most of this forward-looking essay, but many will find it controversial. In any event, it is indispensable reading as a guide to DOD thinking on the topic. The second essay, just posted, is Matt Waxman’s article, still in draft, entitled Cyber-Attacks and the Use of Force: Back to the Future of Article 2(4). This is (along with Michael Schmitt’s ground-breaking work) in my view the most sober and interesting discussion yet on how the U.N. Charter’s prohibition on the use of force should apply to cyberattacks. It is conventional wisdom that the Charter’s conceptual framework – grounded in kinetic terms like “uses of force” and “armed attack” – is difficult to translate to the cyber context. Matt goes back to the Cold War and shows that very similar translation problems arose in connection with proxy wars, economic sanctions, and the like, and explains how the lessons of history should inform the modern cyber debate. Third, Duncan Hollis also recently posted a new draft essay, An e-SOS for Cyberspace. A central problem for cybersecurity is the attribution problem: it is very hard (for reasons that I explain at length in my review) to know where a cyber attack originated or who is responsible for it. That in turn makes it hard to build norms against bad behavior; anonymity is a norm-killer. Duncan proposes to deal with this problem by establishing an international duty among nations to “assist” the victim of a cyber attack, akin to a duty at sea to assist someone who makes an SOS call. As he explains in his abstract, an “e-SOS system could help avoid harms from existing cyberthreats and deter others,” and could “make computer systems and networks more resilient to any harm they impose.” I agree that this could help in theory; the trick, it seems to me, is to reach a verifiable and enforceable agreement to this effect. I have a similar reaction, finally, to the new essay by Robert Knake (Clarke’s co-author for Cyber War), Internet Governance in an Age of Cyber Insecurity. Robert’s essay is difficult to summarize but worth reading. I find his most of his international proposals unrealistic, for reasons hinted at in my review and that I will explain more fully when I complete an essay on the topic in about a month.–-four-new-essays/?utm_source=twitterfeed&utm_medium=twitter

No, You Don’t Own It: Court Upholds EULAS, Threatens Digital Resale (ArsTechnica, 10 Sept 2010) - The US Court of Appeals for the Ninth Circuit today ruled (PDF) on a long-standing case involving used software on eBay, and it came to an important decision: if a company says you don’t have the right to resell a program, you don’t have that right. Could this mean the end of the resale market for all digital content? Yup. But the court says it had no choice. The case is Vernor v. Autodesk, in which Timothy Vernor made his living from selling items (including software) on eBay. Vernor had picked up some old copies of AutoCAD from an architect’s office sale, complete with their serial numbers, and he put them up on eBay noting that they were not currently installed on any computer. Sounds legal, right? But there’s a catch. Autodesk, the software’s developer, forced all users to accept an agreement before using AutoCAD. This agreement made clear that AutoCAD was merely licensed, never sold, and that one’s license was non-transferable. Further, a licensee could not rent, lease, or sell the software to anyone else; you couldn’t even physically transfer the discs out of the Western Hemisphere (!). Finally, if you upgraded to a new version, the old version had to be destroyed. The copies Vernor picked up at the architect’s sale were old copies that had not been destroyed as required. Vernor believed he was in the clear to resell them, as he had not agreed to any license. But after putting them on eBay, Autodesk repeatedly tried to shut down his sales. Vernor, on the verge of getting banned from eBay, sued Autodesk and asked the court to declare his sales legal. A federal court did so in 2008, but Autodesk appealed, and today the appeals court reversed that earlier decision. In its view, US “first sale” protections don’t apply to Vernor, because he didn’t buy the software from a legitimate “owner.” That, in turn, is because the architecture firm had only “licensed” the software, and that license could indeed allow a software company to prevent resale, lending, and even removal from the Western Hemisphere. So how does one know when it’s a “license” or a “sale”? (In other cases, courts have ruled that simply calling something a “license” doesn’t make it so.) In today’s ruling, the judges laid out a test: * * * Fenwick & West analysis here:

Russia Uses Microsoft to Suppress Dissent (NYT, 11 Sept 2010) - It was late one afternoon in January when a squad of plainclothes police officers arrived at the headquarters of a prominent environmental group here. They brushed past the staff with barely a word and instead set upon the computers before carting them away. Taken were files that chronicled a generation’s worth of efforts to protect the Siberian wilderness. The group, Baikal Environmental Wave, was organizing protests against Prime Minister Vladimir V. Putin’s decision to reopen a paper factory that had polluted nearby Lake Baikal, a natural wonder that by some estimates holds 20 percent of the world’s fresh water. Instead, the group fell victim to one of the authorities’ newest tactics for quelling dissent: confiscating computers under the pretext of searching for pirated Microsoft software. Across Russia, the security services have carried out dozens of similar raids against outspoken advocacy groups or opposition newspapers in recent years. Security officials say the inquiries reflect their concern about software piracy, which is rampant in Russia. Yet they rarely if ever carry out raids against advocacy groups or news organizations that back the government. As the ploy grows common, the authorities are receiving key assistance from an unexpected partner: Microsoft itself. In politically tinged inquiries across Russia, lawyers retained by Microsoft have staunchly backed the police. Interviews and a review of law enforcement documents show that in recent cases, Microsoft lawyers made statements describing the company as a victim and arguing that criminal charges should be pursued. The lawyers rebuffed pleas by accused journalists and advocacy groups, including Baikal Wave, to refrain from working with the authorities. Baikal Wave, in fact, said it had purchased and installed legal Microsoft software specifically to deny the authorities an excuse to raid them. The group later asked Microsoft for help in fending off the police. “Microsoft did not want to help us, which would have been the right thing to do,” said Marina Rikhvanova, a Baikal Environmental Wave co-chairwoman and one of Russia’s best-known environmentalists. “They said these issues had to be handled by the security services.” After The New York Times presented its reporting to senior Microsoft officials, the company responded that it planned to tighten its oversight of its legal affairs in Russia. Human rights organizations in Russia have been pressing Microsoft to do so for months. The Moscow Helsinki Group sent a letter to Microsoft this year saying that the company was complicit in “the persecution of civil society activists.” [Editor: Quite a story, painting Microsoft in a bad light. By Monday, Sept 13, Microsoft had changed instructions to its Russian counsel, and issued blanked licenses to such advocacy groups. The NYT still chastised Microsoft in an editorial on Sept 15: ]

The Timely Demise of the Fourth Amendment Third Party Doctrine (SSRN, Prof. Steven Henderson, 11 Sept 2010) - In what may be a slightly premature obituary, in this response to a forthcoming paper by Matthew Tokson I argue that the Fourth Amendment third party doctrine “has at least taken ill, and it can be hoped it is an illness from which it will never recover.” It is increasingly unpopular as a matter of state constitutional law, has long been assailed in scholarship but now thoughtful alternatives are percolating, and it cannot – or at least should not – withstand the pressures which technology and social norms are placing upon it. Even the Supreme Court seems loath to defend or invoke it, and lower courts seem to be responding to that shift. In the relatively short space allotted, I place Tokson’s thoughtful argument in this greater context, and briefly reply to related arguments of Professor Kerr and Judge Posner.

Search Takes a Social Turn (NYT, 12 Sept 2010) - Now, even on the Internet, it is not what you know but who you know. After a decade when search engines ruled supreme — tapping billions of Web pages to answer every conceivable query — many people now prefer getting their online information the old-fashioned way: by yakking across the fence. Turning to friends is the new rage in the Web world, extending far beyond established social networking sites and setting off a rush among Web companies looking for ways to help people capitalize on the wisdom of their social circles — and to make some money in the process. “What your friends think and what people like you think is much more relevant than what everybody thinks,” said Augie Ray, an analyst with Forrester Research. now allows its shoppers to connect to their Facebook accounts so that Amazon can display their friends’ favorite books, films and other products. TunerFish, a start-up owned by Comcast, lets users share what television shows and movies they are watching, mapping out an up-to-the-minute TV guide of programs gaining in popularity among their friends. And Loopt, a location-focused social network with 3.4 million registered users, recently began showing them which of their friends liked a particular restaurant. “We’ve gotten a tremendous response from that,” said Sam Altman, a co-founder. Mr. Altman said that one’s network of friends “is an incredible predictor of what you will like.” On Google and other search engines, searches for things like hotels or electronics can turn up a lot of online clutter and spam. Instead, many people informally poll their friends for recommendations, often through social networks like Facebook and Twitter. [Editor: this kind of peer-mediated search has go be giving Google nightmares – Facebook is poised to supplant Google as the go-to search tool in many applications.]

Orchestra To Turn Copyright-Free Classical Scores Into Copyright-Free Music (SlashDot, 12 Sept 2010) - “An online music site has raised over $13,000 to hire a full orchestra to record royalty-free classical music. (‘“Although the actual symphonies are long out of copyright, there is separate protection for every individual performance by an orchestra,” notes one technology site.’) MusOpen has reached their fundraising goal for both the orchestra and a recording facility, and will now record the complete symphonies of Beethoven, Brahms, Sibelius and Tchaikovsky. And because their fundraising deadline doesn’t end until Tuesday, they’ve promised to add additional recordings for every additional $1,000 raised.”

Appeals Court Guts Landmark Computer-Privacy Ruling (Wired, 13 Sept 2010) - Bowing to the Obama administration, a federal appeals court Monday gutted its own decision that had dramatically narrowed the government’s search-and-seizure powers in the digital age. The 9-2 ruling by the 9th U.S. Circuit Court of Appeals nullifies Miranda-style guidelines the court promulgated last year that were designed to protect Fourth Amendment privacy rights during court-authorized computer searches. Supreme Court Justice Elena Kagan, as solicitor general last year, had urged the court to reverse itself amid complaints that federal prosecutions were being complicated, and computer searches were grinding to a halt, because of the detailed guidelines. The original ruling required the government to cull specific data described in the search warrant, rather than copy entire hard drives. When that’s not possible, the feds were advised to use an independent third party under the court’s supervision, whose job it would be to comb through the files for the specific information, and provide it, and nothing else, to the government. The ruling said judges should “deny the warrant altogether” if the government does not consent to such a plan in data-search cases. The ruling came in a case that dates to 2004, when federal prosecutors probing a Northern California steroid ring obtained warrants to seize the results of urine samples of 10 Major League Baseball players at a Long Beach, California, drug-testing facility. The players had been tested as part of a voluntary drug-deterrence program implemented by Major League Baseball. Federal agents serving the search warrant on the Comprehensive Drug Testing lab wound up making a copy of a directory containing a Microsoft Excel spreadsheet with results of every player that was tested in the program. Then, back in the office, they scrolled freely through the spreadsheet, ultimately noting the names of all 104 players who tested positive. The government claimed the right to prosecute the Major League Baseball players or use the test results that weren’t sought in the warrant, arguing that the information was lawfully found in “plain site,” just like marijuana being discovered on a dining room table during a court-authorized weapons search of a home. The San Francisco-based appeals court threw out the evidence beyond the originally sought players, and in the landmark decision last year, set out specific steps the government should follow to keep a search warrant for computer data from turning into a license for a fishing expedition. Monday’s 58-page ruling (.pdf) in a rehearing of the case still excludes the evidence, and reiterates that law enforcement cannot use seized materials in a computer search that are beyond the scope of the warrant. But the ruling omits the detailed guidance to which the Obama administration had objected. Instead, the judges urged “greater vigilance on the part of judicial officers in striking the right balance between the government’s interest in law enforcement and the right of individuals to be free from unreasonable searches and seizures.”

N.J. Court OKs Googling Jurors During Voir Dire (NLJ, 13 Sept 2010) - Now that New Jersey courtrooms have Wi-Fi capability, trial lawyers with wireless laptops have a distinct edge: the ability to Google prospective jurors at the counsel table. And an appeals court has given its blessing to the practice, reversing a trial judge who told a lawyer to disconnect lest he gain an unfair advantage. “That [plaintiff’s counsel] had the foresight to bring his laptop computer to court, and defense counsel did not, simply cannot serve as a basis for judicial intervention in the name of ‘fairness’ or maintaining ‘a level playing field,’” the court said on Aug. 30 in Carino v. Muenzen, M.D., A-5491-08. “The playing field was, in fact, already ‘level’ because Internet access was open to both counsel, even if only one of them chose to utilize it.”

Interview with Susskind About New Edition of “The End of Lawyers?” (Legal IT Professionals, 13 Sept 2010) - This month, a new paperback edition of Richard Susskind’s last book “The End of Lawyers?” will be published. A good reason for Legal IT professionals to interview Susskind and ask him about the current status of the legal industry. Today part 1, about the new paperback edition, embracing change, and the impact of the global financial crisis on law firms. The new edition of “The End of Lawyers? “will provide an update of what happened in the legal field since the original manuscript of the book was submitted and will also introduce some of Susskind’s new ideas, new ways of thinking about the practice of law. “No new findings” Susskind says, “it’s more to do with providing tools to practitioners who want to try and change their law firms. What I found two, three and more years ago is that most of my time was spent trying to convince lawyers that a change was likely and change was necessary. And I’ve now got to the stage, I believe, when I speak with senior lawyers, that they accept that the legal profession is changing, and now they want more practical help rather than theoretical discussion about the future. So in a sense my period as an evangelist for change is coming to an end, and the kinds of ideas I’m publishing in the paperback edition, resemble more the kinds of ideas that I put to clients when I’m acting as a consultant to a firm on a one-on-one basis. [Editor: Susskind has always had provocative ideas, even if some are a bit ahead of their time. I think he’s well worth reading, especially if the paperback version is priced better than the $50 hardback or the $32 Kindle version.]

Confronting Piracy In the World of Fashion (NPR’s Marketplace interview, 13 Sept 2010) - Kai Ryssdal talks to Susan Scafidi, the director of Fordham University’s new Fashion Law Institute, which will provide legal services for design students and designers and train future lawyers who would like to focus on the issues confronting the fashion industry.

Company Not Responsible for Harassive Comments by Coworker on Personal Facebook Page (Eric Goldman, 14 Sept 2010) - Plaintiff brought a hostile work environment claim against her employer. Plaintiff alleged, among other things, that the employer failed to properly investigate derogatory comments made on Facebook. Specifically, following a company event, another employee (or someone related to the other employee) uploaded photos of the event to a personal Facebook account. Plaintiff commented on the Facebook photo and said: “remind me that taking pictures in this shade is really a disservice to my wonderful chocolate skin.” In response, another employee (who also happened to be a defendant) responded by stating: “That is why you always have to smile!!!” Plaintiff pointed to this comment along with other evidence in support of her hostile workplace claim. The court rejects plaintiff’s claims on summary judgment. With respect to the Facebook comment, the court finds that there was no evidence that the account to which the photo was uploaded was a company account. The court also did not credit plaintiff’s testimony that the company had a policy in place that encouraged employees to upload photos of company events to their Facebook pages. In any event, the court rules that the company took appropriate corrective action.

Web Analytics Code of Ethics (Web Analytics Assn, 14 Sept 2010) - Following up on last week’s thread about how the web analytics industry is on the cusp of becoming our own worst enemy as the tide of public opinion increasingly turns against online and behavioral analytics I wanted to make good on my offer to help the Web Analytics Association. I fully support the efforts of the Association to create a solid community for web analytics professionals around the world and have long been a contributor to their work, be it turning the Web Analytics Forum (at Yahoo! Groups) over to WAA management, opening the doors for WAA participation in Web Analytics Wednesday, and providing other “behind the scenes” support when asked. To continue to support the Association I wanted to follow-up on something my partner John Lovett recently proposed. In a message to the WAA’s Standards Committee John suggested something he and I talked a few weeks back: the development of a “Web Analysts Code of Ethics.” In John’s words: “[A Code of Ethics] would allow web analysts and the companies * we * work for to wear white hats and gain the trust of consumers. It would also be a starting point for an education campaign on the benefits of digital measurement tracking.” I could not agree more. So, I figured I would start the conversation by drafting a document for review and comment by the Web Analytics Association Standards Committee, the WAA Board of Directors, and all web analytics practitioners everywhere – WAA members or not. The following is a “1.0” version of a “Web Analysts Code of Ethics.” As you read this please take the time to consider A) whether you agree with the proposed statement, B) if not, why you disagree with the proposed statement, and C) what you think is missing, and D) whether you believe as a working web analysts you would have the ability (and be willing) to adhere to this type of code.

The Goods and Bads of Bump, Which Links You to Your License Plate (ZDnet, 16 Sept 2010) - A company named Bump took to the stage at the DEMO conference in Silicon Valley this week, offering a peek at technology that ties you to your license plate number and gives “mobile” communication a whole new meaning. At first glance, the concept is scary, creepy and slightly disturbing - the ability for drivers to communicate with each other by text or email simply by sending a message to a license plate number. Sure, has included some safety features, such as allowing users to reject or block certain messages and keeping names anonymous. And, of course, the service is opt-in only. The user has to enter - and verify - the plate number.

**** RESOURCES ****
Universal Translator demo (, 10 Sept 2010) – free language translator tool for chat, SMS, email, and Twitter exchanges. See demo at [Editor: this from a MIRLN reader; does anyone have any sense of the vetted reliability of the translations?]

Welcome to Lawfare (new blog, by Jack Goldsmith, Bobby Chesney, Ben Wittes) - Welcome to Lawfare, a new blog by Robert Chesney, Jack Goldsmith, and myself. For those readers familiar with our prior writings, our subject will come as no surprise: We mean to devote this blog to that nebulous zone in which actions taken or contemplated to protect the nation interact with the nation’s laws and legal institutions. We will, I am sure, construe this subject broadly to include subjects as far-flung as cybersecurity, Guantánamo habeas litigation, targeted killing, biosecurity, universal jurisdiction, the Alien Tort Statute, the state secrets privilege and countless other related and not-so-related matters. We have all written extensively in this space, both individually and collectively. Our purpose in creating this blog is to create a collective outlet for shorter writing that is more responsive to the ongoing events. The name Lawfare refers both to the use of law as a weapon of conflict and, perhaps more importantly, to the depressing reality that America remains at war with itself over the law governing its warfare with others. This latter sense of the word—which is admittedly not its normal usage—binds together a great deal of our work over the years. It is our hope to provide an ongoing commentary on America’s lawfare, even as we participate in many of its skirmishes.

Global Internet Geography (Telegeography, Sept 2010) -- TeleGeography’s Global Internet Geography is the world’s most comprehensive source of data and analysis about international Internet capacity, traffic, service providers, and pricing.
Content Highlights
·      Comprehensive analysis of Internet capacity, traffic, and IP transit pricing
·      Profiles of 95 Internet backbone operators and a directory of over 440 providers in 144 countries
·      International Internet traffic data for 38 major countries and capacity and detailed indicator data for 73 countries
·      U.S. domestic bandwidth data from 2002-2010 and traffic data from 2007-2010
·      In-depth analysis of global and regional wholesale Internet pricing trends
Network Capacity and Traffic
Global Internet Geography provides expert analysis of international Internet backbone capacity and traffic growth and details the growth of the Internet by country, region, route, and city.
Market Structure
·      Overview of network interconnection and peering trends
·      Ranking of Internet service providers by Autonomous System (AS) connectivity and number of countries connected
·      Analysis of concentration of international Internet capacity by carrier
Capacity Data
·      International Internet bandwidth metrics for 170 countries, 2002-2010
·      Current and historical country-to-country Internet bandwidth for 73 countries
·      Current and historical international Internet bandwidth by region, route, and city
·      International Internet capacity growth by region, 2002-2010
·      50 highest-capacity city-to-city and country-to-country international Internet routes, 2006-2010
·      50 highest-capacity international Internet hub cities, 2006-2010 [Editor: subscription costs $5500, but the executive summary is free and contains much useful data and graphics. Excerpts:
·      “Demand for international Internet service appears to be recession-proof. International Internet traffic and network capacity have grown rapidly throughout the deep recession and slow economic recovery of the past few years. Many developing countries experienced triple-digit traffic growth, and Internet backbone operators responded to this traffic growth by deploying vast amounts of new capacity. The strong pace of demand helped to offset the continued erosion of IP transit prices, which have declined by 25 percent per year in major hub cities since 2007. TeleGeography’s Global Internet Geography Research Service provides analysis and statistics on Internet capacity and traffic, IP transit pricing, and backbone operators.”
·      “Average international Internet traffic increased 62 percent in 2010, while peak traffic rose 56 percent. South Asia, the Middle East, and eastern Europe experienced the fastest growth. Peak and average international Internet traffic from all three regions has grown at a compound rate exceeding 95 percent. Growth in seemingly mature markets has also remained solid—for example, between 2006 and 2010, average traffic on links connected to the U.S. & Canada grew at a compound annual rate of 54 percent.”]

Again, not technically looking back thru MIRLN’s eyes… The current cheesy TV show “Covert Affairs” had a character relating why he’d fallen for a bad-for-him girlfriend with the obscure remark “She’d read Snow Crash” (episode aired 24 August 2010). For those of you who haven’t read this 18 year-old book by Neil Stephenson, it’s still engaging—the only piece of fiction I kept in my office—I gave away countless copies to visitors who were in the Internet business but hadn’t read it; I’ve just bought another e-copy for my iPad. Stephenson envisioned: the World Wide Web; Google Earth; avatars and SecondLife; crowd-casting and YouTube; and WiFi—all of this back around 1990. Really prescient.

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley ( with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at Get supplemental information through Twitter:

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. InsideHigherEd -
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog,
11. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.