Saturday, October 30, 2010

MIRLN --- 10-30 October 2010 (v13.15)

(supplemented by related Tweets: #mirln)

·      A Rapid Rise in Social Media Use by Older Lawyers?
·      Cloud Computing Legal Issues
·      Washington State Supreme Court: E-Mail Metadata Is Public Record
·      More About Vote-Hacking Incident Revealed at Council Hearing
·      Man Buys Police Department’s Domain Name After Getting Ticket
o   Man Buys Police Department’s Domain Name After Getting Ticket
·      Ruling Proves to Be Primer on E-Discovery Enforcement
·      New FOIA Documents Reveal DHS Social Media Monitoring During Obama Inauguration
·      Are Communications Providers Violating ECPA By Complying With Out-of-State Subpoenas and Search Warrants?
·      Microsoft’s Bing Gets a Social Lift From Facebook
·      Lawyers Have a Duty to Scrub Electronics Before Disposal
·      Play It Again, Professor
o   Blogger Wins Fair Use Defense...On a Motion to Dismiss!--Righthaven v. Realty One
·      U.S. Agrees to Uphold Right to Photograph Near Its Buildings
·      Judge Clears CAPTCHA-Breaking Case for Criminal Trial
·      Universities Pen Harsh Words to Note-Selling Site
·      Victoria Police Serve Intervention on Facebook
·      Get Affordable Legal Guidance For Your Business with Rocket Lawyer
·      New Law Extends Disability Access Requirements to IP-Enabled Communications
·      Law Firms Staff Experts to Manage EDD
·      Texas Slaps Amazon With $269m Bill for Uncollected Sales Taxes
·      Free Speech Protects Amazon Buyers' Data, Federal Judge Rules
·      Georgia Mulls Citizens' Right to Access Courts via E-File
·      Air Force Manual Describes Shadowy Cyberwar World
·      White House Unveils Internet Privacy Committee
·      Pop-up Ad Prior to Software Download Could Be Deceptive
·      Would You 'Friend' the Judge?
·      The Best Backchannels Are Active Before, During, and After
·      Ethics of Advising Clients to Make Social Networks Private
·      Payment Card Industry Issues Guidance on Encryption


A Rapid Rise in Social Media Use by Older Lawyers? (Robert Ambrogi, 30 August 2010) - A report this week on social media use by older adults has important implications for the legal profession — even though it never mentions the legal profession or any other profession. A study by Pew Internet, Older Adults and Social Media, finds that social-networking use among Internet users aged 50 and older nearly doubled in the last year, from 22% in April 2009 to 42% in May 2010. Even more noteworthy, among adult Internet users aged 50-64, social-networking use grew by 88%, from 25% to 47%. That means that nearly half of Internet users aged 50-64 use social networking. And within this 50-64 age group, one in five say they use social-networking sites virtually every day. Another finding: One in 10 online adults aged 50-64 and one in 20 aged 65 and older uses Twitter or a similar service to share status updates. The survey is of adults who are Internet users, not of the population at large. Of course, virtually all actively practicing lawyers these days are Internet users. That suggests that the survey’s findings can be applied to lawyers. If roughly half of adults aged 50-64 are using social networking tools, it seems fair to assume that roughly half of lawyers in that age range are using these tools. That leads to two conclusions: * * *

Cloud Computing Legal Issues (InfoSecurity blog) - Cloud computing seems an unavoidable fast-paced revolution. Analysts estimate that in 2012, the size of the enterprise cloud-computing business may reach $60 billion to $80 billion – or about 10% of the global IT-service and enterprise-software market (BCG 2009 Capturing the Value of Cloud Computing). Such revolution brings about a lot of benefits but also several legal concerns. As Des Ward rightly wrote in his article The cost of saving money – no longer the company reputation: “[w]hilst the immediate instinct is to just look at the cost saving, it’s simply not possible to reduce costs and transfer all your risks at the same time.” It has emerged from a recent study that security, privacy, and legal matters represent the main obstacles that are encountered when implementing cloud computing, because the market provides only marginal assurance (KPMG 2010 From Hype to Future). In this respect, the Common Assurance Maturity Model (CAMM) can offer a very valuable solution, when its core controls are supplemented by additional legal compliance modules (e.g., an EU data protection compliance module). In a series of short articles I will briefly describe the main legal issues related to cloud computing, and then focus on data protection and data security, which are by far the biggest concerns for both cloud service providers (CSPs) and (potential) customers. I build on the work done last year as contributor to the European Networks and Information Security Agency (ENISA) study Cloud Computing Risk Assessment to further analyse data protection and data security issues. The following specific questions will be addressed:
·      When does Directive 95/46/EC apply?
·      How are data protection roles (i.e., data controller and data processor) distributed in the cloud environment, and thus the related duties, obligations, and possible liabilities?
·      Which data security measures need to be applied?
·      What are the possible ways to lawfully transfer personal data to countries outside the European Economic Area (EEA)?
·      How can data subject rights be guaranteed?
It is worth clarifying that these articles will analyse cloud computing services offered by CSPs to businesses (as opposed to consumers), i.e., B2B cloud computing (as opposed to B2C). For an analysis of data protection issues related to B2C cloud computing services, I recommend reading the Council of Europe discussion paper Cloud Computing and Its Implications on Data Protection. [Editor: mostly the EU dimension; spotted by Claude Baudoin, my former colleague and head of Cébé here:]

Washington State Supreme Court: E-Mail Metadata Is Public Record (Seattle Times, 7 Oct 2010) - Metadata associated with electronic documents - such as the "to" and "from" fields in e-mails - is a public record subject to disclosure, Washington's Supreme Court ruled Thursday. The 5-4 ruling concerned a Shoreline resident's request under the Public Records Act for an e-mail that had been sent to the city's deputy mayor. The resident received a copy of the e-mail without the metadata and subsequently filed a request for the information. "Metadata may contain information that relates to the conduct of government and is important for the public to know," Justice Susan Owens wrote. "It could conceivably include information about whether a document was altered, what time a document was created, or who sent a document to whom." Owens wrote that only one other state high court - Arizona's - has considered the question, and it too held that that the information is subject to disclosure. The issue has arisen elsewhere as courts grapple with the intersection of technology and disclosure laws. An appeals court in New York ruled early this year that an agency should have released certain metadata associated with photographs pursuant to a disclosure request.

More About Vote-Hacking Incident Revealed at Council Hearing (Washington Post, 8 Oct 2010) - The D.C. Council is hearing complaints about September's primary elections in a hearing underway now at the John A. Wilson Building. [T]oday's most dramatic moments concern a public testing of a "digital vote by mail" system that was intended to allow about 950 overseas voters to cast absentee ballots over the Internet. J. Alex Halderman, a University of Michigan professor who infiltrated the system with his graduate students during a "bring it on" trial period, described how they were able to have complete control over the system's servers, allowing them to monitor incoming votes and change votes already cast for two days before being discovered. He described much of this in detail in a blog post this week. But Halderman revealed more at the hearing this morning, including that his team was able to take control of routers and switches in the voting system. That gave them access to, among other things, security cameras in a BOEE server room. (After his testimony, Halderman showed reporters live video from the room, streaming to his iPhone.) Halderman also reported that while he and his students had control of the system, they witnessed hackers from China and Iran prodding those routers and switches. They chose to modify a firewall and change the password to keep the would-be infiltrators out. [Editor: I hadn’t heard of the China/Iran dimension; maybe normal automated probes, but also possibly reflects a more pernicious dimension.]

Man Buys Police Department’s Domain Name After Getting Ticket (Raw Justice, 8 Oct 2010) - Most of the time, if you get a speeding ticket you just grumble about it and pay the fine. It’s usually not a big deal for most people unless it happens a lot or they get caught going a ridiculous amount over the posted speed limit. You can fight it in court or just pay the ticket, and for most people those are the only options. However, after receiving a $90 speeding ticket in Bluff City, Tennessee, Brian McCrary discovered a third option. The Bluff City Police Department had forgotten to renew their domain name,, and let it expire. McCrary bought the domain name for $80 and posted his side of the story with information about speed traps in Bluff City and the $250,000 per month they cost the town’s 1,500 residents. The police department had no idea their domain name had expired and that McCrary owned it until reporters started calling them to ask about it. Bluff City Police Chief David Nelson said they may approach McCrary about buying the domain back from him, but they are not optimistic.

- and -

Politicians' Domain Names Prey to Cybersquatters (, 20 Oct 2010) - The midterm elections, now just two weeks away, have been marked by an explosive growth in the use of Web 2.0 tools such as online social networking and blogging in an effort to garner support and electrify voters. The sophisticated nature of today's political campaigns makes the results of a recent survey by the Coalition Against Domain Name Abuse all the more surprising: Members of Congress have a terrible record when it comes to registering domain names corresponding to their own names. In particular, CADNA surveyed registrations of domain names in the popular dot-com and dot-org top-level domains, consisting of each U.S. representative's first and last name or last name followed by the words "ForSenate" or "ForCongress." According to CADNA, only one-quarter of the domain names were registered by the representative whose name it incorporated. Moreover, fewer than half of the members of the House and Senate were the registrants of the domain name version of their full names in dot-com. This may have important implications for this year's contests. Consider, for example, the websites,, and These three sites have at least two things in common. First, the names are all present or prospective members of Congress (respectively, a Democratic congressman from Indiana running for Senate; a Democratic candidate for a House seat from Kansas; and a Republican member of the House from Texas who is seeking re-election). Second, none of these sites belong to the individuals named in the site address. The first links to an anti-Ellsworth site sponsored by the Indiana Republican Party; the second is an anti-Moore site paid for by her opponent's campaign committee; and the third jumps to the site of Hall's Libertarian opponent.

Ruling Proves to Be Primer on E-Discovery Enforcement (, 12 Oct 2010) - A federal judge's most recent opinion in an ongoing matter provides remarkable insight into several issues that arise frequently in e-discovery. Magistrate Judge Paul Grimm's lengthy opinion in Victor Stanley Inc. v. Creative Pipe Inc., filed Sept. 9, is worth the read if only for its review and distillation of the case law regarding spoliation and remedies. But the opinion is newsworthy because it sets out a harsh remedy for the defendant whom he found had destroyed evidence, lied to the court and dragged out proceedings -- civil contempt, with the defendant facing severe costs and fines or a two-year prison sentence if he fails to pay that fine. The court's focus upon and analysis of the costs -- in time, money, effort, and expertise -- of spoliation and dilatory tactics to the justice system is both spot on and timely. The lessons drawn from the reality underlying the court's analysis, however, are discouraging.

New FOIA Documents Reveal DHS Social Media Monitoring During Obama Inauguration (EFF, 13 Oct 2010) - As noted in our first post, EFF recently received new documents via our FOIA lawsuit on social network surveillance, filed with the help of UC Berkeley’s Samuelson Clinic, that reveal two ways the government has been tracking people online: Citizenship and Immigration’s surveillance of social networks to investigate citizenship petitions and the DHS’s use of a “Social Networking Monitoring Center” to collect and analyze online public communication during President Obama’s inauguration. This is the second of two posts describing these documents and some of their implications. In addition to learning about surveillance of citizenship petitioners, EFF also learned that leading up to President Obama’s January 2009 inauguration, DHS established a Social Networking Monitoring Center (SNMC) to monitor social networking sites for “items of interest.” In a set of slides [PDF] outlining the effort, DHS discusses both the massive collection and use of social network information as well as the privacy principles it sought to employ when doing so. While it is laudable to see DHS discussing the Fair Information Practice Principles [PDF] as part of the design for such a project, the breadth of sites targeted is concerning. For example, among the key “Candidates for Analysis” were general social networking sites like Facebook, MySpace, Twitter, and Flickr as well as sites that focus specifically on certain demographic groups such as MiGente and BlackPlanet, news sites such as NPR, and political commentary sites DailyKos. According to the slides, SNMC looks for “‘items of interest’ in the routine of social networking posts on the events, organizations, activities, and environment” of important events. While the slides indicate that DHS scrutinized the information and emphasized the need to look at credible sources, evidence, and corroboration, they also suggest the DHS collected a massive amount of data on individuals and organizations explicitly tied to a political event.

Are Communications Providers Violating ECPA By Complying With Out-of-State Subpoenas and Search Warrants? (Steptoe’s E-Commerce Law Week, 14 Oct 2010) - A trio of class action suits recently filed in Georgia state court (Sams v. Yahoo! Inc., Losapio v. Comcast Corp., and Sams v. Windstream Corp.) has called into question a common practice among communications companies -- disclosing communications information in response to subpoenas and warrants that are faxed (or emailed) from state and local law enforcement agencies or state courts in other states. The problem, as we have previously noted, is that this practice may violate the Electronic Communications Privacy Act (ECPA), which bars communications providers from disclosing this sort of information to governmental entities except in response to lawful orders. Because state laws typically provide that subpoenas and search warrants have no effect outside of the state, a company that discloses information in response to an out-of-state subpoena or warrant is not acting pursuant to a legitimate order, and thus violates ECPA. That is the theory of these suits, anyway. The mystery is why it took so long for someone to make this claim. However these cases turn out, they should at least cause communications companies to reevaluate their policies and procedures for complying with government demands for information.

Microsoft’s Bing Gets a Social Lift From Facebook (NYT, 14 Oct 2010) - Facebook and Microsoft announced a partnership on Wednesday that will give the results on Microsoft’s Bing search engine a social twist — and could help both companies compete against a common adversary, Google. The new feature allows people who use Facebook to see Bing search results that incorporate information from their friends, like restaurant recommendations. When a user searches for something like a movie, place or product on Bing, information about how many of their friends “liked” that item on Facebook and related links they have shared will appear alongside the results. The Facebook data will help determine how prominently these will appear, said Yusuf Mehdi, a senior vice president for online business at Microsoft. [Editor: social-media moderated search – I think this can be huge. Too bad Facebook has so badly managed new-feature rollout – if it’d been done better, more people would be comfortable “liking” things, and SM-moderated search would be much more effective. Still, it’ll come, eventually.]

Lawyers Have a Duty to Scrub Electronics Before Disposal (Florida Bar, 15 Oct 2010) - Have you texted a client from your cell phone? Used a copying service or business services at a hotel to replicate client documents? Do you do business via an iPhone, Blackberry, laptop, or iPad?

 Then you may have an extra step or two to take when disposing of such equipment, according to a new proposed ethics opinion.

 The Professional Ethics Committee addressed that issue and the confidentiality a lawyer owes to a deceased client at its September 24 meeting.

 The committee approved two proposed advisory opinions, both of which were referred by the Bar Board of Governors. Both opinions are reproduced in their entirety in an official notice in this News.

 PAO 10-2 addressed computerized equipment that could retain confidential information when discarded, sold, or recycled. Such equipment includes computers, scanners, and copiers (which have hard drives that retain electronic copies of processed documents), cell phones, personal digital assistants, fax machines, memory cards, and other storage media that can accumulate such records. The opinion also noted that lawyers using commercial copying services or copying services at a hotel can expose confidential information because those machines likely have hard drives that can capture that information.!OpenDocument

Play It Again, Professor (Chronicle of Higher Ed, 17 Oct 2010) - Marcus Boon gave a reading recently to promote his new book. It took place at Spoonbill & Sugartown, a bookstore in Brooklyn. About 40 or 50 people showed up. But they didn't hear a single word written by Mr. Boon. Instead, he read from a 1960s sex manual, an Italian cookbook, and Bob Dylan's memoir, among others. He had grabbed those books, more or less at random, from the store's shelves an hour before the event. So why not read from the book he actually wrote? "I didn't see a need to," says Mr. Boon, an associate professor of English at York University, in Toronto. That's because, he says, the same concepts could be found elsewhere, albeit in slightly altered form. Not coincidentally, that's the case he makes in his book, In Praise of Copying (Harvard University Press). Mr. Boon argues that originality is more complicated than it seems, and that imitation may be the sincerest form of being human. He writes: "I came to recognize that many of the boundaries we have set up between activities we call 'copying' and those we call 'not copying' are false, and that, objectively, phenomena that involve copying are everywhere around us." He read from the cookbook because recipes aren't protected by copyright law (unless they contain a "substantial literary expression," according to the U.S. Copyright Office). He read from the memoir because of Dylan's liberal borrowings from traditional folk music. And he read from the sex manual because, well, sex is all about reproduction, isn't it?

- and -

Blogger Wins Fair Use Defense...On a Motion to Dismiss!--Righthaven v. Realty One (Eric Goldman, 21 Oct 2010) - I've mentioned Righthaven before in my quick links, but this is my first full blog post about them. I trust most of you are familiar with Righthaven by now. Righthaven is a serial copyright plaintiff that searches for republications of newspaper articles, acquires the copyrights from participating newspapers (the Las Vegas Review-Journal is the largest and highest profile participating paper), sues the republisher for copyright infringement without any prior notice--seeking $75k or $150k in damages and transfer of the infringer's domain name--and then sends a settlement offer to the surprised defendant. According to this website, Righthaven has brought 157 lawsuits and settled 56 of them. Yesterday, we got the most important Righthaven ruling yet, this time in the Realty One Group case. The case involves a real estate broker's republication of 8 sentences from a 30 sentence Las Vegas Review-Journal article on the broker's blog, (now devoid of content). The court granted the blogger's fair use defense...on a motion to dismiss! The court notes the blogger quoted a relatively small percentage of the source article and, more to the point, says the blogger's "use of the copyrighted material is likely to have little to no effect on the market for the copyrighted news article." Successful fair use defenses on a motion to dismiss are exceptionally rare. It is hard (impossible?) to resolve fair use questions without relying upon disputed facts--a no-no on a motion to dismiss. Thus, it appears the court cut some procedural corners, and I could see an appeals court requiring the district court to try again. So as exciting as this result is, it may be vulnerable to an appeal if Righthaven pursued it. However, according to the Las Vegas Sun, "Righthaven CEO Steven Gibson, a Las Vegas attorney, on Wednesday said Righthaven likely won't appeal the Nelson ruling since it reached a confidential settlement with Nelson prior to the ruling being filed." [Editor: Phew!]

U.S. Agrees to Uphold Right to Photograph Near Its Buildings (NYT, 18 Oct 2010) - It is O.K. to take photos while standing in public spaces near federal buildings, after all. In a settlement with the New York Civil Liberties Union reached Monday, the federal government agreed to instruct its employees in writing of the “public’s general right to photograph the exterior of federal courthouses from publicly accessible spaces” and to remind them that “there are currently no general security regulations prohibiting exterior photography by individuals from publicly accessible spaces, absent a written local rule, regulation or order.” The settlement came in the case of Antonio Musumeci, a software developer from New Jersey who was arrested last November while filming a libertarian advocate who was protesting outside the Daniel Patrick Moynihan Federal Courthouse in Manhattan. The settlement, filed on Friday, ended a lawsuit against the Department of Homeland Security by Antonio Musumeci, 29, of Edgewater, N.J. He was arrested Nov. 9, 2009, as he videotaped a demonstrator in front of the Daniel Patrick Moynihan United States Courthouse at 500 Pearl Street. His principal camera was confiscated but he recorded the encounter on a second camera. At issue in the case was a federal regulation that was cited in the arrest of Mr. Musumeci but that seems — on the face of it — not to have prohibited what he was doing. It says, in part, that “persons entering in or on federal property may take photographs” of “building entrances, lobbies, foyers, corridors or auditoriums for news purposes.” Mr. Musumeci told the arresting officers that he worked for the radio talk program Free Talk Live. He was given a ticket and released on the spot. As part of the settlement, the Federal Protective Service said it construed the regulation “not to prohibit individuals from photographing (including motion photography) the exterior of federal courthouses from publicly accessible spaces.”

Judge Clears CAPTCHA-Breaking Case for Criminal Trial (Wired, 19 Oct 2010) - A federal judge in New Jersey has cleared the way for a landmark criminal case targeting CAPTCHA circumvention to proceed to trial. The case targets a ring of defendants who used various means to bypass CAPTCHA — the squiggly letters and numbers websites display to prove a visitor is human — in order to automatically purchase thousands of tickets from online vendors and resell them to premium customers. The defendants have been charged with wire fraud and with violating the anti-hacking Computer Fraud and Abuse Act, in an elaborate scheme that allegedly used a network of bots and other deceptive means to bypass CAPTCHA and grab more than 1 million tickets for concerts and sporting events. They made more than $25 million in profits from the resale of the tickets between 2002 and 2009. Prosecutors alleged that bypassing CAPTCHA constituted unauthorized access of ticket seller servers. Lawyers for the defendants had filed a motion to dismiss the charges on grounds that the government was trying to turn what should be a breach-of-contract civil matter into a criminal case, potentially increasing “exponentially” the universe of federal crimes. “This Indictment does not seek to punish computer fraud, it inappropriately tries to regulate the legal secondary market for event ticket sales through an overreaching prosecution,” the defendants argued in their motion. The Electronic Frontier Foundation filed an amicus brief (.pdf) also urging dismissal of the case.

Universities Pen Harsh Words to Note-Selling Site (CNET, 19 Oct 2010) - California collegians may be getting a lesson on the limits of sharing. Students at California state universities are expressing frustration following news that the university system sent a cease-and-desist letter to a new Web site that lets pupils sell their class notes--in violation of California law, the chancellor's office says. On NoteUtopia, students from about 100 colleges and universities around the country can buy, sell, or simply share their original class notes and reports, as well as handouts, exams released by the professor, and completed study guides. Students, who can join the 2-month-old site for free, can also collaborate with peers on homework assignments and directly communicate with professors who opt in to the service. But last month, California State University's Chancellor's Office sent a letter telling 22-year-old NoteUtopia founder and president Ryan Stevens to "immediately cease and desist from selling class notes in California" in accordance with section 66450 (PDF) of the state's education code, which prohibits "any business or person from selling or otherwise distributing or publishing class notes for a commercial purpose." There is, though, some uncertainty as to whether that section of the code is at odds with the First Amendment's guarantee of freedom of speech.

Victoria Police Serve Intervention on Facebook (IT News, 20 Oct 2010) - Victoria Police has served a cyberbullying intervention order via Facebook, after unsuccessful attempts to reach the accused by phone and in person. The man was a "prolific Facebook user" who had allegedly threatened, bullied and harassed a former partner online. Police were approached by the victim in August, but were unable to locate the accused by traditional means. In what police believe to be an Australian first, the accused was served with an interim intervention order, extract, explanation, contacts and a video of Leading Senior Constable Stuart Walton via a Facebook private message. The accused was ordered not to publish any material about the victim online, and not to contact the victim "by any means", including phone and e-mail, except through the police or a lawyer. "If you do not obey this order, you may be arrested and charged with a criminal offense," Walton said in the video. The accused did not attend Court as ordered, and police were unable to confirm that the message had been read. However, a Victorian Court Magistrate upheld the order indefinitely and a final order was served via Facebook. Police finally succeeded in contacting the accused after the final order was served, and ascertained that he had read both interim and final documents via Facebook and agreed to comply.,victoria-police-serve-intervention-on-facebook.aspx

Get Affordable Legal Guidance For Your Business with Rocket Lawyer (ReadWriteWeb, 20 Oct 2010) - All businesses have legal needs but not every company has the resources to hire a team of fancy, top notch lawyers. For smaller companies and nonprofits who fall into this category, there's Rocket Lawyer, a Website that offers legal assistance on a small business budget. In addition to granting access to a huge index of business legal forms, Rocket Lawyer puts customers in touch with attorneys, either via a searchable directory or by enabling them to post a question and leave contact info so a lawyer can reach out directly. The site launched a new feature this week called the Legal Health Score, which tells companies and individuals what their level of "legal wellness" is. Think of it like a credit score but instead of measuring financial dependability, it ranks one's potential legal vulnerability. For example, if a company does not have all of its business contracts in writing, they'll get a lower score. Have you used Rocket Lawyer or a similar legal advice Website for your business? Let us know if the experience worked for you in the comments. [Editor: Well?]

New Law Extends Disability Access Requirements to IP-Enabled Communications (Steptoe’s E-Commerce Law Week, 21 Oct 2010) - Earlier this month, President Obama signed the Twenty-First Century Communications and Video Accessibility Act of 2010 into law. The Act extends the disability access requirements of the Communications Act of 1934, as amended by the Telecommunications Act of 1996, to IP-enabled communications such as text-messaging, video conferencing, video delivery, and VoIP services. Significantly, the law extends accessibility requirements to "non-interconnected" VoIP services. Other provisions of the Act require that mobile phone manufacturers make their Internet browsers accessible to the visually impaired, that television shows or movies delivered over the Internet be closed captioned or contain audio descriptions, and that VoIP services be compatible with hearing aids.

Law Firms Staff Experts to Manage EDD (, 22 Oct 2010) - Three years ago, Littler Mendelson president Marko Mrkonich met with 11 of his partners to discuss hiring plans for a novel position: national e-discovery counsel -- an expert who could help the firm's attorneys and clients navigate the increasingly complex process of e-discovery. Most partners at the meeting liked the idea, but senior litigator Kevin Lilly had some reservations. "I was skeptical," says Lilly. "I wasn't sure if he'd add to the firm's bottom line; I didn't know if we needed him." Despite Lilly's misgivings, Littler hired litigator Paul Weiner from Buchanan Ingersoll & Rooney as its new e-discovery counsel. And within a month, Lilly had turned to Weiner for his advice. A client with a very complicated IT system had been hit with a putative wage-and-hour class action suit and needed help with preservation strategy. "I'm a convert," says Lilly. "Paul's been a huge success." Like Littler, many law firms have taken at least some new steps to grapple with the fast-changing world of e-discovery. Since 2006, when amendments to the Federal Rules of Civil Procedure placed greater responsibility on lawyers to preserve and produce electronically stored data, there's been a boom in the number of e-discovery practice groups or task forces. According to a recent survey by The Cowen Group, an e-discovery staffing and recruiting firm, 87 Am Law 200 firms have an e-discovery practice group or task force and 16 have full-time e-discovery partners. Drinker Biddle & Reath's e-discovery task force, which consists of one full-time e-discovery partner and a few partners working part-time on e-discovery, is sometimes retained for e-discovery issues even when Drinker isn't handling the underlying litigation. Daley & Fey -- a boutique with two partners, one counsel, one associate, and a staff of four technology and legal analysts -- focuses heavily on litigation preparedness, advising companies to get their data management in order before they're sued. As this diversity of approaches suggests, there's no set paradigm for the best way to manage e-discovery services. [Editor: Cyberspace committee member Mike McGuire also is a partner at Littler in the EDD area.]

Texas Slaps Amazon With $269m Bill for Uncollected Sales Taxes (TechFlash, 22 Oct 2010) - I'm taking a closer look at's SEC filing on its third-quarter financial results, and just noticed an interesting development under "Other Contingencies." According to Amazon, last month the state of Texas issued the company an assessment of $269 million for uncollected sales taxes for a four year period from Dec. 2005 to Dec. 2009. Amazon says the assessment is "without merit" and says it intends to "vigorously defend" itself in the matter.

- and -

Free Speech Protects Amazon Buyers' Data, Federal Judge Rules (, 27 Oct 2010) - Lists that identify the books, music and movies individual customers bought from online retailer Inc. are protected from North Carolina tax collectors, a federal judge has ruled. Amazon said in a lawsuit it filed in April in its hometown of Seattle that disclosing the names, addresses and purchases of its customers as requested by the North Carolina Revenue Department would harm anyone who may have bought controversial books or movies. U.S. District Judge Marsha Pechman ruled late Monday that the First Amendment protects a buyer from the government demanding to know the books, music and audiovisual products they've bought. Amazon and the American Civil Liberties Union, which later joined the case, "have established that the First Amendment protects the disclosure of individual's reading, listening, and viewing habits," Pechman wrote. At stake are potentially millions of dollars in taxes that North Carolina contends Amazon was responsible for collecting for years before a state law was changed last summer. "The ACLU is not taking issue with the department's authority to collect taxes on these purchases, but there is no legitimate reason why government officials need to know which North Carolina residents are reading which books or purchasing which specific brands of products," said Katy Parker, legal director for the ACLU of North Carolina Legal Foundation. Revenue Department spokeswoman Beth Stevenson said attorneys were reviewing the ruling and no decision has been made on whether to appeal the judge's ruling. The agency neither wants nor needs titles or similar details of products purchased by Amazon customers. "This case has been twisted into something it is not," Stevenson said in a statement. The agency "wants to collect the sales tax that is due to the state and nothing more."

Georgia Mulls Citizens' Right to Access Courts via E-File (, 25 Oct 2010) - A DeKalb County judge expressed surprise Tuesday when an attorney representing the parent company of LexisNexis asserted that the public has no constitutional right of access to the courts. The exchange came in a hearing before DeKalb Superior Court Judge Robert J. Castellani on a motion for summary judgment in a case that seeks to have Fulton County's e-filing system declared unconstitutional. The case is the fourth iteration of a potential class action against Fulton County and its e-filing system, and charges that the Fulton court's requirement that documents be filed via the fee-based LexisNexis File & Serve system declared an unconstitutional violation of citizens' right to access the courts. The suit also says the Fulton court's requirement violates Georgia law that stipulates the method by which legal documents must be filed and constitutes an "illegal scheme" between the county and LexisNexis' parent company, Reed Elsevier, to "impose an unlawful mandatory e-filing system upon litigants in Fulton County State and Superior Court and to charge excessive and unauthorized fees in connection therewith." In a series of orders beginning in 1999, approved by the Fulton County Board of Commissioners and signed by then-State Court Chief Judge Albert L. Thompson, cases must be e-filed if they involve asbestos, Fen-Phen, mercury or lead, silicosis, welding rods, medical or legal malpractice, personal injury, cases with four or more plaintiffs or defendants, cases in which more than $50,000 in damages is being sought, torts cases, and those in which no specific dollar figure is demanded. In Superior Court, certain asbestos and silicosis cases must e-file, and all filings in the criminal case against convicted Fulton County Courthouse shooter Brian Nichols also are required to be e-filed. The complaint says that LexisNexis charges administrative fees of between $7 and $12 for each document filed in addition to the courts' statutory filing fees, according to the complaint. A public access terminal at the courthouse allows pro se litigants to register and file documents without paying the fee.

Air Force Manual Describes Shadowy Cyberwar World (Washington Post, 25 Oct 2010) - A new Air Force manual for cyberwarfare describes a shadowy, fast-changing world where anonymous enemies can carry out devastating attacks in seconds and where conventional ideas about time and space don't apply. Much of the 62-page manual is a dry compendium of definitions, acronyms and explanations of who reports to whom. But it occasionally veers into scenarios that sound more like computer games than flesh-and-blood warfare. Enemies can cloak their identities and hide their attacks amid the cascade of data flowing across international computer networks, it warns. Relentless attackers are trying to hack into home and office networks in the U.S. "millions of times a day, 24/7." And operating in cyberspace "may require abandoning common assumptions concerning time and space" because attacks can come from anywhere and take only seconds, the manual says. The manual - officially, "Cyberspace Operations: Air Force Doctrine Document 3-12" - is dated July 15 but wasn't made public until this month. It is unclassified and available on the Internet. It dwells mostly on protecting U.S. military computer networks and makes little mention of attacking others. That could signal the Pentagon wants to keep its offensive plans secret, or that its chief goal is fending off cyberattacks to keep its networks up and running, analysts said. "Their primary mission is in some ways defensive," said James Lewis, a cybersecurity expert and a senior fellow at the Center for Strategic and International Studies. Lewis said the government still hasn't decided whether offensive cyberwarfare is the province of the military or intelligence agencies. Report here:

White House Unveils Internet Privacy Committee (Information Week, 25 Oct 2010) - The White House council on technology has formed a new subcommittee to develop principles that will attempt to balance the Internet's economic opportunity with people's right to privacy. The National Science and Technology Council's new Subcommittee on Privacy and Internet Policy also will aim to synchronize the practices of federal agencies with policy being considered and developed by lawmakers, according to a White House blog post unveiling the committee. The post is attributed to Cameron Kerry, general counsel at the Department of Commerce, and Christopher Schroeder, assistant attorney general at the Department of Justice, the chairs of the new subcommittee. The subcommittee will try to develop a common Internet privacy strategy among all of the legislative and regulatory stakeholders, both in the United States and abroad, Kerry and Schroeder wrote. Specifically, the subcommittee is charged with keeping an eye on global privacy challenges and coming up with ways to meet them, and fostering cooperation between the United States and other countries to develop policies to handle issues that arise. It also will work with the private sector to balance the needs of those doing business on the Internet with any privacy principles or policies that are developed, as well as any enforcement activity necessary to maintain them. The subcommittee is comprised of representatives from various federal departments and executive-level agencies. They include, among others: the Departments of Education, Energy, Health and Human Services, Homeland Security, State, Transportation, and Treasury; the Small Business Administration; the Domestic Policy Council; National Economic Council; National Security Council; the Office of Management and Budget; the Office of Science and Technology Policy; the Office of the U.S. Intellectual Property Enforcement Coordinator; and the National Security Staff Cybersecurity Directorate.

Pop-up Ad Prior to Software Download Could Be Deceptive (CCH, 25 Oct 2010; subscription required) - Online purchasers of McAfee antivirus software stated plausible claims under the California Unfair Competition Law (UCL) that they were deceived by a pop-up ad into inadvertently purchasing a third-party product, the federal district court in San Jose has ruled. After completing their McAfee purchase, but before downloading the McAfee software, the purchasers clicked a “Try It Now” button in a pop-up ad. Doing so enrolled them in a non-McAfee $4.95 per month subscription product called “PerfectSpeed,” as they discovered later upon noticing charges on their credit or debit card statements. The pop-up was the result of a partnering arrangement between McAfee and Arpu, Inc., a company that places online advertisements that enable the purchase of products with a single click, in this case using the purchasers’ credit card information transferred from McAfee, according to the class action complaint. The purchasers alleged that McAfee received an undisclosed fee for each customer who subscribed to Arpu’s services through the ad on McAfee’s site. The purchasers alleged that McAfee transfers the confidential billing information of its customers without adequately disclosing (1) the nature of the services to which customers are subscribing, (2) the consumer’s commitment to pay recurring monthly fees for the service, (3) the terms and conditions of the subscription service, (4) the identity of the billing party, and (5) the manner by which the customer may cancel the service. The purchasers’ complaint describing the allegedly misleading web pages and pop-up ad was specific enough to give McAfee the notice required by the heightened fraud pleading standard under Rule 9(b) of the Federal Rules of Civil Procedure, the court determined. In asserting that McAfee’s business practices were fraudulent under the UCL, the purchasers’ basic contention was that the pop-up ad led consumers to believe that clicking on it was a necessary step to download the McAfee software. While noting that visual cues in the pop-up—such as a “30 DAY FREE TRIAL” notice—tended to undermine the purchasers’ claims, the court nevertheless concluded that the purchasers alleged facts sufficient to state a plausible claim for relief. The purchasers also stated a claim that McAfee’s business practices were unfair under the UCL because the deception was unscrupulous and caused injury to consumers which outweighed its benefits, the court held. Case is Ferrington v. McAfee (USDC, ND California)

Would You 'Friend' the Judge? (, 26 Oct 2010) - When the Equal Employment Opportunity Commission filed a federal sex discrimination lawsuit in September 2009 on behalf of two women who claimed they were sexually harassed by a supervisor at Simply Storage Management, the company went after a trove of personal information: the women's Facebook and MySpace accounts. What better than personal pictures, videos, and status updates to try to discredit the women's claims of anxiety, depression, and posttraumatic stress caused by a hostile workplace? The EEOC challenged the requests as overbroad, not relevant, and an invasion of privacy, but in May a federal district court judge in Indiana ruled that information from social media websites is not off-limits simply because the accounts are locked or private. The judge ordered the women to produce all profiles, postings, messages, photos, and videos related to "any emotion, feeling, or mental state." A magistrate judge recently took a novel approach in Barnes v. CUS Nashville, LLC, a slip-and-fall case stemming from injuries the plaintiff suffered at the Coyote Ugly Saloon in Nashville. There, the judge had found that a civil subpoena of Facebook was barred under the Stored Communications Act. To resolve the discovery dispute over the plaintiff's and witnesses' Facebook photos and e-mails, the judge offered to open a Facebook account, "friend" the witnesses, review the contested materials in private, and disseminate any relevant information to the parties. "That was pretty creative," says Starkman. (Neither witness took up the judge on his offer; one voluntarily gave the defense a link to her Facebook photo album.)

The Best Backchannels Are Active Before, During, and After (InsideHigherEd, 26 Oct 2010) - Have you ever participated in a conference backchannel? Are you wondering what a backchannel is? A backchannel is the conversation that occurs (generally via a Twitter hashtag) simultaneously alongside a conference's primary events, sessions, panels, etc. It's a great way for conference attendees to share information, ask questions, participate in "tweetups," and generally add to their overall experience. Backchannels also serve as access points for folks who are not able to attend an event. Backchannels are easily accessed, and in my view, the best ones (#ACUHOI has been going strong since its national conference) are active before, during, and after an event. I have been an active participant in several backchannels as either an attendee at a conference or as a non-attendee who was simply following a particular conference hashtag. The active learning that takes place through a backchannel never fails to surprise me. When I was at #EDUCAUSE10 a couple of weeks ago, the backchannel was overflowing with information. As a participant on a technology bloggers panel, I followed the backchannel from the front of the room. People who were either in attendance and/or following the tweet stream asked questions via Twitter and the panelist answered their questions. In a few weeks, I'll be presenting at the #NACAS10 Annual Conference in Colorado Springs. I really want to have an active back channel. In order to get folks up to speed about Twitter, I am putting on a "Twitter Basics" webinar for registered attendees. Getting attendees used to using Twitter with a specific hashtag is an important step in cultivating an active backchannel. During my session at the conference, I am going to use to display the backchannel on a separate big screen. The backchannel will be taking place in the "back" as well as in the "front." The backchannel has become part of the "norm" at conferences. In my view, conferences that embrace the backchannel are allowing for greater amounts of learning and interaction to take place. The #EDUCAUSE10 hashtag feed was prominently displayed on LCD televisions throughout the conference. The conversation was constantly evolving, growing, and creating.

Ethics of Advising Clients to Make Social Networks Private (, 28 Oct 2010) - Once upon a time, a legal ethics professor told a great story on the first day of class. As a young lawyer, he represented a woman in a personal injury case who had suffered a serious injury as a result of a car accident. At trial, she hobbled to the witness stand on crutches. She testified, tearfully, about the great pain she endured each day from walking even the shortest of distances. She testified how the accident had truly changed her life. After less than 30 minutes on the stand, the jury was practically in tears. The professor left the courthouse that day confident that when his client finished her testimony on the following day, victory would be assured. The next morning, before appearing in court, the professor went to exercise at the Santa Monica stairs off Adelaide drive. And of course, he arrived to find his client there. Running. Smiling. Without crutches. Happy as a clam. Maybe even thinking about the perjurious testimony she would give later that morning with the professor's help. (This professor waited until the end of the semester to tell his class what he did. Don't worry, I will tell you at the end of this article.) A similar (although far less dramatic) ethical problem has arisen with the advent of social networking sites like Facebook and MySpace. The question is: What do you do if you discover something potentially harmful to your case on the public portion of your client's social networking web page? Can you advise your client to change his or her privacy settings to make that information invisible to the public? The genesis for this question comes from Romano v. Steelcase Inc.. Although the case has not yet been decided, a few weeks ago the court ordered that the defendant be given access to "plaintiff's current and historical Facebook and MySpace pages and accounts, including all deleted pages and related information upon the grounds that plaintiff has placed certain information on these social networking sites which are believed to be inconsistent with her claims in this action concerning the extent and nature of her injuries, especially her claims for loss of enjoyment of life."

Payment Card Industry Issues Guidance on Encryption (Steptoe, 28 Oct 2010) - The Payment Card Industry’s Security Standards Council has released two whitepapers on emerging security technologies: “EMV” payment cards and Point-to-Point Encryption (P2PE). The two guidance documents are intended to establish how both these technologies can be used to at least partially satisfy PCI Data Security Standards (“PCI DSS”). Eventually, with the issuance of more guidance documents, the hope is that a universal standard will be established for P2PE, as well as more guidelines as to the proper application of P2PE and EMV technology in compliance with PCI DSS.

**** RESOURCES ****
FTC Offers Legal Assistance Guide to Help Identity Theft Victims (BeSpacific, 21 Oct 2010) - "The Federal Trade Commission has created a guide to help attorneys and victim advocates provide legal assistance to identity theft victims. Geared toward resolving issues out of court, the Guide for Assisting Identity Theft Victims describes how advocates can intervene with creditors, credit reporting agencies, debt collectors, and others, as well as self-help measures that victims can take. Victims may need an advocate’s help in a variety of situations: their age, health, language skills, or income prevents them from making effective disputes; they’re being pursued for someone else’s debt; they face uncooperative creditors or credit reporting agencies; or their case is complex."

The Online Threat (Seymour Hersh in The New Yorker, 1 Nov 2010; recommended by Bruce Schneier) - On April 1, 2001, an American EP-3E Aries II reconnaissance plane on an eavesdropping mission collided with a Chinese interceptor jet over the South China Sea, triggering the first international crisis of George W. Bush’s Administration. The Chinese jet crashed, and its pilot was killed, but the pilot of the American aircraft, Navy Lieutenant Shane Osborn, managed to make an emergency landing at a Chinese F-8 fighter base on Hainan Island, fifteen miles from the mainland. Osborn later published a memoir, in which he described the “incessant jackhammer vibration” as the plane fell eight thousand feet in thirty seconds, before he regained control. The plane carried twenty-four officers and enlisted men and women attached to the Naval Security Group Command, a field component of the National Security Agency. They were repatriated after eleven days; the plane stayed behind. The Pentagon told the press that the crew had followed its protocol, which called for the use of a fire axe, and even hot coffee, to disable the plane’s equipment and software. These included an operating system created and controlled by the N.S.A., and the drivers needed to monitor encrypted Chinese radar, voice, and electronic communications. It was more than two years before the Navy acknowledged that things had not gone so well. “Compromise by the People’s Republic of China of undestroyed classified material . . . is highly probable and cannot be ruled out,” a Navy report issued in September, 2003, said.

**** DIFFERENT ****
Building The Next Big Thing: 25 Years Of MIT's Media Lab (ArsTechnica, 21 Oct 2010) - ast Friday, MIT's Media Lab hosted a series of talks to celebrate its 25th anniversary. Anyone who has paid attention to technology news over that period has undoubtedly heard of the various strange and interesting developments that make their way out of the Lab—Guitar Hero, LEGO Mindstorms, One Laptop per Child, and E Ink all started off as Media Lab projects. But far fewer people fully understand how the Media Lab operates, fits into MIT, and encourages such a creative environment; about half of the anniversary celebration's program focused on simply defining what the Media Lab is. So, for the benefit of those who weren't there, we'll attempt to explain how it has generated its reputation for being at the leading edge of technology. [Editor: Interesting profile. The Media Lab is the most interesting place I’ve ever visited.]

INSURANCE AGAINST HACK ATTACKS Lloyds of London and two other insurance companies will offer up to $100 million in insurance coverage to the clients of the computer security management firm Counterpane Security against losses resulting from attacks by network vandals. A Counterpane executive says, "This is not for your home user, this is for Yahoo!, this is for CDUniverse... It's threat-avoidance. This, along with monitoring, is just another arrow in your quiver." A recent study by Reality Research has predicted that businesses worldwide will lose an estimated $1.5 trillion this year due just to computer viruses spread through the Internet. (USA Today 10 Jul 2000)

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. InsideHigherEd -
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog,
11. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

Saturday, October 09, 2010

MIRLN --- 19 September – 9 October 2010 (v13.14)

(supplemented by related Tweets: #mirln)

·      Hack-Proof Dream?
·      Overheard Cell-Phone Conversations: When Less Speech Is More Distracting
·      Guidance On Mitigating Risk Posed by Information Stored On Photocopiers, Fax Machines and Printers
o   Are Digital Copiers Targets for E-Discovery?
·      Malicious Code That Comes With Release Notes?
·      Did Iqbal/Twombly Raise the Bar for Browsewrap Claims?
·      Web Group to Screen Bogus Drug Sellers
·      The Derivative Works Right
·      The MOMA Test
·      Seventh Circuit Allows Illinois Case Against Out-Of-State E-Commerce Retailer to Go Forward
·      Financial Disclosure Forms for Federal Judges Can Be Hard to Track Down
·      Feds: Privacy Does Not Exist in ‘Public Places’
·      Using Social Network Evidence in Family Court
·      National Archives and Records Administration Issues Guidelines on Cloud Computing
·      Questions, and Directors, Lost in the Ether
·      Helmet Cam Was Legal, Ditto Taping Arresting Officer, Judge Rules
·      Model Privacy Notice Form Compliance Guide Issued
·      New Site Bridges Law School, Law Practice
·      California Bans Malicious Online Impersonation
·      Web Snooping Is A Dangerous Move
·      Deleted Facebook and MySpace Posts Are Discoverable--Romano v. Steelcase
·      Lawyers Can’t Friend Potential Witnesses Under False Pretenses, Ethics Opinion Says
·      Lawyer Websites
o   ABA Asserts Copyright On Its Lawyer-Advertising Rules
o   Security Concerns Spark a Controversy Over a Bar Association’s Endorsement of Cloud Computing
·      UK Faces EU Case Over Online Privacy
·      How Stuxnet is Scaring the Tech World Half to Death
·      Who Owns a Terminated Employee’s Twitter Account?
·      US Marshal Service’s Electronic Surveillance Manual
·      How Private Is Facebook Under the SCA?
o   Mixing Work and Play on Facebook
·      Man Jailed Over Computer Password Refusal


Hack-Proof Dream? (ABA Journal, 1 Sept 2010) - While you’d be hard-pressed to find a security consultant who believes any law firm can be completely protected from the Web’s dark side, there are still plenty of vendors furiously pursuing the ideal. Two in particular, InZero and Invincea, claim to have come up with the magic bullet with technologies that essentially place an impenetrable buffer between a law firm’s Web browsers and its critical digital infrastructure. InZero has been especially bold in its assertions, once offering a free Harley-Davidson motorcycle to any hacker who could penetrate its first-generation product. There were no takers. A number of tests since then by British Telecom’s Ipswich labs, Escrypt Inc., the federal Defense Advanced Research Projects Agency and others have come up empty-handed as well, according to Oleksiy Shevchenko, InZero’s chief technology officer. Still, though competitor Invincea trots out the same, successful test results of impenetrability by the independent testing firm Cigital, law firm IT security consultants like Wise Comprehensive Solutions remain skeptical. “Experientially and logically, there is always a back door or fail-safe to every system,” says Orville Wilson, CEO at Wheaton, Md.-based Wise. The most nettlesome rub in all this? As the debate rages, the legal community has become an especially lucrative target for professional-grade hackers snooping the Web for high-value intellectual property and other business-critical information. “Firms representing client corporations that are negotiating major international deals are particularly inviting targets,” Wilson says. “Law firms have a tremendous concentration of really critical, private information. Hence, sneaking into their computer systems is a really optimal way to obtain economic, personnel and personal security-related information.” Alan Brill, a Secaucus, N.J.-based senior managing director at Kroll, another IT security consultancy, shares Wilson’s view. “The problem that law firms face is that there is an evolution leading to greater reliance on Internet-based communication with clients, co-counsel and the courts,” Brill says. “I wish I could tell you that there was a matching evolution in security that would render today’s problems obsolete, but that’s not happening.”

Overheard Cell-Phone Conversations: When Less Speech Is More Distracting (PubMed, 3 Sept 2010) – Abstract: Why are people more irritated by nearby cell-phone conversations than by conversations between two people who are physically present? Overhearing someone on a cell phone means hearing only half of a conversation-a “halfalogue.” We show that merely overhearing a halfalogue results in decreased performance on cognitive tasks designed to reflect the attentional demands of daily activities. By contrast, overhearing both sides of a cell-phone conversation or a monologue does not result in decreased performance. This may be because the content of a halfalogue is less predictable than both sides of a conversation. In a second experiment, we controlled for differences in acoustic factors between these types of overheard speech, establishing that it is the unpredictable informational content of halfalogues that results in distraction. Thus, we provide a cognitive explanation for why overheard cell-phone conversations are especially irritating: Less-predictable speech results in more distraction for a listener engaged in other tasks.

Guidance On Mitigating Risk Posed by Information Stored On Photocopiers, Fax Machines and Printers (FDIC, 15 Sept 2010) – The US Federal Deposit Insurance Corporation (FDIC) has issued a document for financial institutions titled “Guidance on Mitigating Risk Posed by Information Stored on Photocopiers, Fax Machines and Printers.” The document describes the risks inherent in the use of the devices because they may contain hard drives or flash memory that retains information transmitted by the devices. Many financial institutions lease these devices and return them at the end of the lease period. The guidance recommends that financial institutions establish and enforce “written policies and procedures to identity devices that store digital images of business documents and ensure their hard drive or flash memory is erased, encrypted or destroyed prior to being returned to the leasing company, sold to a third party or otherwise disposed of.” The guidance was issued because field examiners “felt the vast majority of bankers that they dealt with ... were completely unaware of the problem.”

- and -

Are Digital Copiers Targets for E-Discovery? (, 4 Oct 2010) - In April 2010, CBS News ran a story about the relative lack of information security involving digital copiers commonly found in most office settings. Working with a copier security expert, CBS News purchased four used copiers based on price and the number of copies on the meter. According to the reporter, the copier hard disk drives were removed and “[scanned] using forensic software ... available free on the internet,” and images of documents which had been copied or scanned were found stored on the hard drives. In one instance the reporter claims “tens of thousands of documents” were found on one copier while 300 documents were found on another. The reader was left with the impression that the images of potentially sensitive documents were stored on the copier hard drives in plain sight, so to speak. What the reporter failed to properly explain is that the document images that were found came from the unallocated space of the hard drives and had to be recovered -- the files were not available without the use of special software to find and view them. After the news story was televised, it was only a matter of days before it was circulated in e-mails, blogs, and websites, with many legal industry observers opining at length about the possible ramifications of targeting digital copiers for litigation holds and electronic discovery requests. Before determining the significance of a copier as a potential repository of information, it is important to understand how digital copiers create, store, and delete data. Despite using the same storage device found in a PC, copiers are more like printers in how they use available memory. [Editor: again, mostly a technical discussion of the possibilities; not much legal analysis/discussion.]

Malicious Code That Comes With Release Notes? (Network World, 16 Sept 2010) – I was astonished when Mike Dausin of security provider HP TippingPoint briefed me on a new state of network security report and explained how much more sophisticated writers of malicious code had become. Their code is much cleaner than it had been in years past and that recently, some updated versions of this code had actually come with release notes. “When you think about code having release notes, that implies a level of maturity that just wasn’t there before,” said Dausin, manager of advance security intelligence for TippingPoint, whose DVLabs unit conducts research into network vulnerabilities and helped produce “The Top Cyber Security Risks Report,” which was published today. Distributing malicious code with release notes is like a maker of burglar tools distributing a brochure about how to use a new pry bar to break into a house. It’s a particularly brazen move and underscores the point that the bad guys are getting much better at their jobs. The 43-page report identifies four major areas of concern for network administrators and makes five recommendations of what enterprises should do to improve their game to match the improvements in the bad guys’ game.

Did Iqbal/Twombly Raise the Bar for Browsewrap Claims? (BNA E-Commerce blog, 17 Sept 2010) - Judge Leonie Brinkema of the Eastern District of Virginia issued an interesting opinion earlier this week in a case involving one company’s multiple acts of datamining a competitor’s website with a screen-scraping program. Among other things, the court held that the plaintiff had failed to allege a valid breach of contract claim, a claim based on data use restrictions in a browsewrap presentation. The court said that the plaintiff’s unadorned allegations that “the terms of the TOUs [Terms of Use] are readily available for review” and that the defendants had an “opportunity to review” the terms fell short of the pleading standards set out in a pair of recent Supreme Court decisions. In Bell Atl. Corp. v. Twombly, 550 U.S. 544 (2007), the high court said that allegations must be sufficient to nudge a claim from conceivable to plausible. Two years later, in Ashcroft v. Iqbal, 129 S. Ct.1937 (2009), the court stated that “if the well-pled facts do not permit the court to infer more than the mere possibility of misconduct, the complaint has alleged--but it has not shown--that the pleader is entitled to relief.” The Twombly/Iqbal pleading standard was not met here, the court said. In order to allege a plausible contract claim based on a browsewrap agreement, the website user must have had either actual or constructive knowledge of the website terms and must also have manifested agreement to those terms. The court, looking at screenshots submitted by the defendant, remarked that the terms were: “buried at the bottom of the first page, in extremely fine print, [that] users must affirmatively scroll down to the bottom of the page to even see the link.” Against the evidence of these screenshots, the court said that the plaintiff’s allegations that the plaintiff’s conclusory allegations about the defendant’s knowledge of the website terms and assent to those terms merely by accessing the site “are plainly insufficient under the Iqbal and Twombly standard to state a plausible claim for relief.” The case is Cvent Inc v. Eventbrite Inc., No. 10-cv-481 (E.D. Va. Sept. 14, 2010).

Web Group to Screen Bogus Drug Sellers (Financial Times, 19 Sept 2010) - In a victory for the fight against criminal networks distributing counterfeit and adulterated drugs over the internet, the world’s second-biggest seller of website addresses is to begin screening customers for unapproved drug sales. Under pressure from security professionals, the internet governance group Icann and the White House, the domain-name seller eNom last week quietly retained LegitScript, a company that vets internet pharmaceutical concerns to make sure they are licensed to do business in the US. While GoDaddy, the world’s biggest seller of domain names, and other registrars have knocked thousands of rogue pharmacies offline, until now eNom, owned by Demand Media of Santa Monica, had refused to act without a court order or law-enforcement directive. The changed approach was disclosed in an amended securities filing for Demand Media’s planned initial public stock offering. The filing says LegitScript will assist eNom “in identifying customers who are violating our terms of service by operating online pharmacies in violation of US state or federal law”. [Editor: the idea of pre-approval/vetting, as a prerequisite to holding a web “presence” is, generally speaking, troubling; OK in this case, I suppose, but I’m already imagining the slippery slope.]

The Derivative Works Right (Media Law Prof Blog, 20 Sept 2010) - Christina Bohannan, University of Iowa College of Law, has published Taming the Derivative Works Right: A Modest Proposal for Reducing Overbreadth and Vagueness in Copyright, at 12 Vanderbilt Journal of Entertainment & Technology Law 669 (Summer 2010). Here is the abstract: “The Supreme Court’s recent 8-1 decision in United States v. Stevens only served to reiterate the Court’s concern with overbreadth in First Amendment challenges to statutes. Concluding that the statute in question prohibited a good deal of speech that was unrelated to the statute’s legitimate target, the Court held that the statute was substantially overbroad and therefore invalid. Stevens as well as earlier First Amendment decisions shed considerable light on the problems of overbreadth and vagueness in copyright law, particularly the derivative works right. The copyright holder’s derivative works right prohibits others from making any work “based upon a copyrighted work” that “modifies, transforms, or adapts” the copyrighted work in any way. Because all new expression must necessarily borrow from existing expression to some degree, the derivative works right sweeps a good deal of speech within its prohibition, much of which is either harmless to the copyright holder or else outside the legitimate boundaries of copyright protection. While the fair use doctrine purports to protect some of this new expression, fair use is vague and unpredictable in application, particularly when it intersects with the derivative works right. Further, the doctrine can be asserted only after a speaker has risked an infringement claim. This Article compares the Copyright Act and the way courts have applied it to a variety of other provisions that limit speech and that have been struck down or construed narrowly on overbreadth grounds. It demonstrates considerable overbreadth and vagueness in the scope of copyright protection, arguing for narrowing rules of construction that will mitigate these First Amendment concerns.” Article here:

The MOMA Test (Cast Clothesed, 20 Sept 2010) - It seems as if the test for what is copyrightable is if someone considers the piece in question to be art. In my copyright lass last week, we read and discussed the case Barry Kieselstein-cord v. Accessories by Pearl, Inc.632 F.2d 989 (2nd Cir. 1980). This case extended copyright protection to belt buckles, namely the Kieselstein-Cord Winchester” and “Vaquero” belt buckle styles that are pictured to the left. To me, belt buckles are useful articles – an element to which copyright will not normally extend its protection (see 17 U.S.C. § 101 definitions of “pictorial, graphic, and sculptural works” and “useful articles”). Buckles help you fasten your belt, which in turn keep your pants up around your waist. One of the arguments that Second Circuit uses to protect these buckle designs under copyright was that the Museum of Modern Art (MOMA) had accepted them into their permanent collection. So, are useful things considered art only when the MOMA accepts it as art? I was in the MOMA yesterday. Looking around, the MOMA considers a lot of design of useful articles to be art. On the 5th floor, there is a whole variety of furniture on display from Eames to Saarinen. Some of these items were things I found in Bloomingdale’s last weekend when I was shopping for a couch. They have lamps, TVs, hearing aids, and even a helicopter. These things are all useful articles and walking around I wondered what is copyrightable? The most striking exhibit of useful articles was Counter Space - an exhibition devoted to the design of the modern kitchen. That exhibit had commonplace kitchen items like pots, pans, and bowls on display. Would those items now be copyrightable? Is good design of useful articles always art and, therefore, should be copyrightable? Or does that good design just make it work better and remain in the public domain so that everyone can benefit from it? If the Metropolitan Museum of Art has a Costume Institute with about 80,000 pieces of clothing and accessories, would these pieces be extended the same copyright protection? I do not see the difference between a fashion show and an art show. Yet, one expression is considered art when another expression is considered merely useful. As these museum collections begin to add more clothing as art, they argument for protecting these designs grows stronger. I urge you to look at some of these collections and see what you think should be considered art, great design, and copyrightable pieces.

Seventh Circuit Allows Illinois Case Against Out-Of-State E-Commerce Retailer to Go Forward (Foley, 20 Sept 2010) - The Seventh Circuit Court of Appeals has dealt head-on with an issue of importance to online retailers, holding that an e-commerce cigarette outlet from New Mexico could be sued in Illinois over online sales. The case is State of Illinois v. Hemi Group LLC, No. 09-1407, 2010 U.S. App. LEXIS 19126 (7th Cir. Sept. 14, 2010). Hemi is a Native-American-owned cigarette sales business that operates several e-commerce Web sites from a reservation in New Mexico. Illinois claimed that Hemi evaded Illinois tax regulations and restrictions on sales to minors by selling cigarettes to Illinois residents over the Internet. Hemi moved to dismiss for lack of personal jurisdiction, arguing that it could not be haled into court in Illinois if its business activities took place solely in New Mexico, where it received and fulfilled orders. The decision turned on whether Hemi, through its Internet activities, had purposely availed itself of opportunities in Illinois by shipping orders to Illinois residents. The Seventh Circuit was hesitant “to fashion a special jurisdictional test for Internet-based cases” and declined to adopt a sliding-scale approach used by other courts to determine whether Internet activity could lead to court jurisdiction. The Seventh Circuit also conceded that Hemi did not have continuous and systematic business activities in Illinois. Nonetheless, the Court found jurisdiction, relying on three facts:
1.              Hemi maintained a substantial commercial venture online.
2.              Hemi stated on its Web site that it would ship to any state except New York, which the Court interpreted as an express election to do business with Illinois residents. Focusing on this fact, the Court highlighted that Hemi knew how to protect itself from being haled into court in New York and thereby must have known that by conducting business with residents of another state, it could be forced into court in that state.
3.              Hemi shipped cigarettes to Illinois purchasers. This was a sufficient basis for establishing jurisdiction, even though under commercial law the sales technically occurred in New Mexico.
Of particular significance for on-line retailers, the Court concluded that it was “fair” to require Hemi to appear in Illinois to answer claims based on sales through its nationwide interactive Web site. This was true even though Hemi had no physical operations in Illinois, did no advertising in the state, and accepted and filled orders in New Mexico. The Court accepted the notion that a retailer selling to Illinois residents deserves to be subject to suit in Illinois, at least with respect to issues related to those sales. Likewise, in deciding not to ship to New York, Hemi “should have foreseen” that by making sales to Illinois, it would be subject to jurisdiction there, the Court held. It is unclear whether the Seventh Circuit would have found jurisdiction in the absence of this fact, but it was interpreted as a deliberate decision to do business with the state. Significantly, while the case deals with taxes, the decision is limited to the question of whether Hemi could be sued in Illinois. The court did not consider whether Hemi’s Internet activities created sufficient nexus in Illinois to require Hemi to collect and remit state sales/use taxes on sales to Illinois residents. The full ruling is available online at

Financial Disclosure Forms for Federal Judges Can Be Hard to Track Down (, 20 Sept 2010) - If you’re looking for a senator’s most recent report on personal finances, you can walk into an office in the Capitol complex, sit down at a computer and print out the report in a matter of minutes. You can look up a House member’s report on any computer connected to the Internet. But if you want to see a federal judge’s disclosure, be prepared to wait. It can take two weeks to get a report, and it may be partially censored before its release. The reports are not available on the judiciary’s recently upgraded website, though you can read why judges think they are underpaid. While reviewing reports intended for public examination can be as simple as the click of a computer mouse these days, federal judges refuse to make it easy for the public to see annual reports on their investments, affiliations and paid travel -- reports that could signal potential conflicts of interest in pending lawsuits. What’s more, the judges are told each time someone requests a copy. “There’s a disincentive on part of litigants and other interested parties to ask for a particular judge’s financial disclosure form,” said Tom Fitton, president of the conservative public interest group Judicial Watch. “Whether or not they would be retaliated against I don’t know, but people get nervous.” The Administrative Office of U.S. Courts, the central repository for judges’ disclosure forms, routinely imposes a delay of about 10 days before turning over a requested form so the judge can be notified and review the form. By contrast, at the Office of Government Ethics, the central location of the forms of executive branch officials, requests made in writing can be filled the same day if made early enough, otherwise the next day. There is no prerelease notification to the executive branch official. Alone among federal offices, the House of Representatives allows people to obtain financial disclosure reports online. Richard Carelli, a spokesman for the judiciary, said the notification of judges and review of reports is done solely for the safety of judges and their families. Reviews have allowed court officers to black out information that could reveal where a spouse works, for instance, Carelli said. In 2008, for example, reports for 120 judges were edited to remove some information before their release, according to an annual report the judges send Congress.

Feds: Privacy Does Not Exist in ‘Public Places’ (Wired, 21 Sept 2010) - The Obama administration has urged a federal appeals court to allow the government, without a court warrant, to affix GPS devices on suspects’ vehicles to track their every move. The Justice Department is demanding a federal appeals court rehear a case in which it reversed the conviction and life sentence of a cocaine dealer whose vehicle was tracked via GPS for a month, without a court warrant. The authorities then obtained warrants to search and find drugs in the locations where defendant Antoine Jones had travelled. The administration, in urging the full U.S. Court of Appeals for the District of Columbia to reverse a three-judge panel’s August ruling from the same court, said Monday that Americans should expect no privacy while in public. “The panel’s conclusion that Jones had a reasonable expectation of privacy in the public movements of his Jeep rested on the premise that an individual has a reasonable expectation of privacy in the totality of his or her movements in public places, “ Assistant U.S. Attorney Peter Smith wrote the court in a petition for rehearing. The case is an important test of privacy rights as GPS devices have become a common tool in crime fighting, and can be affixed to moving vehicles by an officer shooting a dart. Three other circuit courts have already said the authorities do not need a warrant for GPS vehicle tracking, Smith pointed out. The circuit’s ruling means that, in the District of Columbia area, the authorities need a warrant to install a GPS-tracking device on a vehicle. But in much of the United States, including the West, a warrant is not required. Unless the circuit changes it mind, only the Supreme Court can mandate a uniform rule. The government said the appellate panel’s August decision is “vague and unworkable” and undermines a law enforcement practice used “with great frequency.” The legal dispute centers on a 1983 U.S. Supreme Court decision concerning a tracking beacon affixed to a container, without a court warrant, to follow a motorist to a secluded cabin. The appeals court said that decision did not apply to today’s GPS monitoring of a suspect, which lasted a month. [Editor: The New York Times ran an editorial on 5 Oct 2010 on this:]

Using Social Network Evidence in Family Court (, 21 Sept 2010) - The use of electronically stored information as evidence in family law litigation has increased dramatically. Electronically stored information is defined as “information created, manipulated, communicated, stored, and best utilized in digital form, requiring the use of computer hardware and software.” The most common forms of this type of evidence include e-mails, voice mails, text messages and, very significantly, information from social networking sites. Because of the proliferation of this type of information, the family law attorney needs to be familiar with the availability of this type of evidence as well as the rules governing its admissibility. The most striking change in the use of electronically stored information in family law cases has been the proliferation of media accounts relating to evidence found on social networking sites such as Facebook or MySpace. In a recent survey conducted by the American Academy of Matrimonial Lawyers, 81% of responders said they had seen an increase in the use of social networking evidence during the past five years. In fact, the survey cited Facebook as the “unrivaled leader for online divorce evidence,” noting that 66% of those surveyed cited it as a primary source. The types of cases in which the evidence has been used are typical of those that most matrimonial lawyers encounter every day. There are spouses who claim not to be engaging in extramarital affairs whose paramours are posting pictures of them together. Parents who are not entitled to take children out of the jurisdiction may then post pictures of themselves with the children during out-of-state vacation spots such as
Disney World. Parents may use photos posted on a website showing the other parent consuming liquor or using drugs. A spouse who claims he or she is incapable of earning income may post information on business-related sites looking for employment. Postings are also used to establish the whereabouts of individuals at times when they may be claiming to be elsewhere because they are often date and time stamped. This type of evidence can be used in several ways. It can be introduced into evidence at trial or in a hearing. More likely, once it is discovered and the other side is notified, it is can be used as a bargaining tool in a negotiation.

National Archives and Records Administration Issues Guidelines on Cloud Computing (BeSpacific, 22 Sept 2010) - “The National Archives and Records Administration (NARA) has issued guidance for Federal Agencies on records management and cloud computing. NARA Bulletin 2010-05: Guidance on Managing Records in Cloud Computing Environments, builds on the NARA FAQ about Cloud Computing posted on the website in February, 2010. The new guidance defines and outlines cloud computing technology, deployment models, and service models. This Bulletin was developed in consultation with several Federal agencies now adopting various forms of cloud computing. These discussions helped NARA identify and validate challenges for records management posed by cloud computing. The Bulletin also proposes ways Federal agencies can begin to address such challenges.”

Questions, and Directors, Lost in the Ether (NYT, 25 Sept 2010) – Annual shareholder meetings may not be the most efficient occasion for managers to meet with the owners of the companies they run — they can be hard for shareholders to get to and are sometimes hijacked by gadflies with personal agendas and long-winded, irrelevant questions. Because most, if not all, shareholders cast their votes before the meetings even take place, they can feel ritualistic and not terribly meaningful. Yet, these congregations do give shareholders a rare opportunity to take the measure of the managers and directors who are supposed to work for them. How executives answer questions that shareholders pitch at them can be very revealing. As long as investors get a chance to ask their questions, of course. Which brings us to a curious phenomenon known as the virtual annual meeting. Given that the Internet has made digital get-togethers ubiquitous, it was only a matter of time before large corporations began suggesting that in-person annual meetings be replaced with online-only gatherings. The benefits are obvious: efficiency and ease of participation, for example. But some investors fear that ether-only meetings will allow managers to hide from shareholders, evade their questions or otherwise dismiss their concerns. And they are pointing to the shareholder meeting last Monday of the Symantec Corporation as an example of why their concerns have merit. Like other technology companies, Symantec has held hybrid annual meetings in recent years — offering both a venue for those who wanted to attend in person and a virtual meeting for everyone else. This year, it decided to go all-virtual and alerted shareholders to the change in proxy materials submitted last month. While other companies have done this, Symantec is the first Fortune 500 corporation to conduct an Internet-only shareholder meeting, according to institutional shareholder groups. Here’s another wrinkle: Unlike other companies that broadcast video along with audio, Symantec held its meeting as audio-only — making it impossible for investors to observe the goings-on or see which Symantec executives had decided to make themselves available. Anne Sheehan, director of corporate governance at Calstrs, a California pension plan, wrote a letter to John W. Thompson, Symantec’s chairman, saying, “We believe it is important that public companies at least annually provide shareholders with the opportunity to meet with the directors who represent them.” The Council of Institutional Investors also indicated its opposition to Symantec’s online-only move. But Symantec management read and answered only two questions from shareholders. Bruce T. Herbert, chief executive of Newground Social Investment, an investment manager in Seattle whose clients hold Symantec shares, said the company failed to answer a query he placed in the electronic queue. Mr. Herbert also objected to the way Symantec conducted the meeting, saying it provided no chance for shareholders to see questions submitted by others or to follow up on any topics shareholders might have raised. Neither did executives identify who submitted the questions it did decide to read. [See related MIRLN post “A Real Trend? More Companies Holding Virtual Annual Meetings” from MIRLN --- 25 April - 15 May 2010 (v13.07)]

Helmet Cam Was Legal, Ditto Taping Arresting Officer, Judge Rules (ABA Journal, 27 Sept 2010) - A motorcyclist who was jailed and charged with violating Maryland’s wiretap law after he used a helmet cam to film the state trooper who had pulled him over for speeding is off the hook. Hartford County Circuit Judge Emory Pitt Jr. ruled that a uniformed police officer doing his job in public has no reasonable expectation of privacy, eliminating a necessary element of the wiretap case against defendant Anthony Graber, reports the Story Lab blog of the Washington Post. Pitt also threw out a charge against Graber for possessing a device whose primary purpose was intercepting oral communications. Under the government’s argument that the helmet cam fell within this definition, “almost every cell phone, BlackBerry, and every similar device, not to mention dictation equipment and other types of recording devices” would also be illegal, the judge said. [Editor: see below, under Resources, an article titled “How to Record the Cops: A Guide to the Technology For Keeping Government Accountable”.]

Model Privacy Notice Form Compliance Guide Issued (CCH’s Financial Privacy Law Report Letter, 30 Sept 2010; subscription required) - The Federal Deposit Insurance Corp. has issued a brief compliance guide for state nonmember banks that choose to use the model privacy notice form adopted by the federal regulators to inform consumers of the banks’ information sharing practices and the consumers’ right to opt out of some information sharing. Institutions are not required to use the model form but, if they do, they will be deemed to be in compliance with the Gramm-Leach-Bliley Act notice requirements. The safe harbor provided by the use of the current sample forms will end on Dec. 31, 2010, the agency said. FIL-60-2010 is available on the FDIC website at and will be reproduced in an upcoming Report.

New Site Bridges Law School, Law Practice (Robert Ambrogi, 28 Sept 2010) - A legal education site being launched today, Beyond The Bar, aims to provide a bridge between law school and law practice, providing training to new associates in business skills, legal skills and client relations. The site is sponsored by Thomson Reuters and the West LegalEdcenter. “The goal of Beyond the Bar,” the site says, “is to provide an opportunity for new lawyers to gain a deeper understanding of skills through interactive workshops, going beyond traditional bridge-the-gap or transitional education programs.” The site offers training courses in topics such as contract drafting, business counseling, effective communication, pretrial advocacy, client service and interpersonal communications. It appears that the courses are all live — there are no webcasts or other online courses offered through the site right now. From what I can tell, it appears that the site will add online courses as it is further developed.

California Bans Malicious Online Impersonation (Computer World, 28 Sept 2010) - A new law makes it illegal in California to maliciously impersonate someone online. On Monday California Governor Arnold Schwarzenegger signed the law, which makes it a misdemeanor in the state to impersonate someone online for “purposes of harming, intimidating, threatening, or defrauding another person.” The law is designed to crack down on cyber-bullying and would apply to cases like that of Elizabeth Thrasher, who was charged last year with posting a 17-year-old girl’s photo, e-mail and mobile number to a Craigslist adult forum, following an argument. The law is not designed to prohibit parody or satire, but some worry that it could have a chilling effect nevertheless. “It could be used to put the lid on free speech,” said Mike Bonanno a member of the Yes Men, a group that has made a career out of parodying powerful corporations. “Our impersonations are revealed almost immediately after we do them -- there is a net gain of information for the public: it is anything but fraud. But those facts may not stop corporations and their political cronies from using this law to attack activists who are truly exercising free speech,” he wrote in an e-mail. The Electronic Frontier Foundation doesn’t like the law either. Like Bonanno, EFF Senior Staff Attorney Corynne McSherry worries that it could give corporations and public officials a new way to sue their critics into silence. “We’re disappointed that the Governor decided to sign this bill, given that it is likely to be used to squelch political speech,” she said via e-mail. The law lets victims seek damages in civil court. Perpetrators can also face criminal charges -- up to a $1,000 fine and a year’s imprisonment. The law takes effect Jan. 1, 2011.

Web Snooping Is A Dangerous Move (CNN, 29 Sept 2010; Bruce Schneier) - On Monday, The New York Times reported that President Obama will seek sweeping laws enabling law enforcement to more easily eavesdrop on the internet. Technologies are changing, the administration argues, and modern digital systems aren’t as easy to monitor as traditional telephones. The government wants to force companies to redesign their communications systems and information networks to facilitate surveillance, and to provide law enforcement with back doors that enable them to bypass any security measures. The proposal may seem extreme, but -- unfortunately -- it’s not unique. Just a few months ago, the governments of the United Arab Emirates, Saudi Arabia and India threatened to ban BlackBerry devices unless the company made eavesdropping easier. China has already built a massive internet surveillance system to better control its citizens. Obama isn’t the first U.S. president to seek expanded digital eavesdropping. The 1994 CALEA law required phone companies to build ways to better facilitate FBI eavesdropping into their digital phone switches. Since 2001, the National Security Agency has built substantial eavesdropping systems within the United States. These laws are dangerous, both for citizens of countries like China and citizens of Western democracies. Forcing companies to redesign their communications products and services to facilitate government eavesdropping reduces privacy and liberty; that’s obvious. But the laws also make us less safe. Communications systems that have no inherent eavesdropping capabilities are more secure than systems with those capabilities built in. Any surveillance system invites both criminal appropriation and government abuse. Function creep is the most obvious abuse: New police powers, enacted to fight terrorism, are already used in situations of conventional nonterrorist crime. Internet surveillance and control will be no different. Official misuses are bad enough, but the unofficial uses are far more worrisome. An infrastructure conducive to surveillance and control invites surveillance and control, both by the people you expect and the people you don’t. Any surveillance and control system must itself be secured, and we’re not very good at that. Why does anyone think that only authorized law enforcement will mine collected internet data or eavesdrop on Skype and IM conversations? These risks are not theoretical. After 9/11, the National Security Agency built a surveillance infrastructure to eavesdrop on telephone calls and e-mails within the United States. Although procedural rules stated that only non-Americans and international phone calls were to be listened to, actual practice didn’t always match those rules. NSA analysts collected more data than they were authorized to and used the system to spy on wives, girlfriends and famous people like former President Bill Clinton. The most serious known misuse of a telecommunications surveillance infrastructure took place in Greece. Between June 2004 and March 2005, someone wiretapped more than 100 cell phones belonging to members of the Greek government -- the prime minister and the ministers of defense, foreign affairs and justice -- and other prominent people. Ericsson built this wiretapping capability into Vodafone’s products, but enabled it only for governments that requested it. Greece wasn’t one of those governments, but some still unknown party -- a rival political group? organized crime? -- figured out how to surreptitiously turn the feature on.

Deleted Facebook and MySpace Posts Are Discoverable--Romano v. Steelcase (Eric Goldman, 29 Sept 2010) - On my personal blog, I have repeatedly blogged about plaintiffs who tell one story in court only to have that story undone by their postings to social networking sites. See, e.g., Sedie v. US, People v. Franco (despite the tragedy, my personal favorite) and Embry v. State. This case is in the same vein. Romano claims that she is largely bedridden/housebound, but her public Facebook pictures show her apparently enjoying herself away from home. The defense requests access to her non-public posts on Facebook and MySpace, which the judge grants. The short opinion focuses on the defense’s ability to access the private posts, but the actual order covers both current as well as deleted material. Specifically, the court orders “Defendant STEELCASE’s motion for an Order granting said Defendant access to Plaintiff’s current and historical Facebook and MySpace pages and accounts, including all deleted pages and related information, is hereby granted in all respects.” The court didn’t discuss the deleted material separately in its analysis, but this seems like a gotcha. Once a person posts material to Facebook or MySpace, there may not be a meaningful “undo”--even deleting it does not eliminate the material as future discoverable evidence for the duration of Facebook’s and MySpace’s retention periods. [This raises the related Q of how long the sites archive deleted material. Facebook’s privacy policy had the opaque statement “Removed and deleted information may persist in backup copies for up to 90 days, but will not be available to others.” Putting aside the ambiguity of not being available to others--an untrue statement given the subsequent privacy policy statement about cooperating with legal requests--I couldn’t tell if this was the retention policy. So, if I delete a photo from Facebook on day 1, does this statement mean that the photo will become undiscoverable by day 91?]

Lawyers Can’t Friend Potential Witnesses Under False Pretenses, Ethics Opinion Says (ABA Journal, 30 Sept 2010) - Lawyers can’t use trickery to obtain evidence on Facebook and other social networking sites, according to a new ethics opinion. The opinion (PDF) by New York City Bar Association focused on this question: May a lawyer use deceptive behavior to friend a potential witnesses? The bar’s Committee on Professional Ethics concluded the answer is no, while allowing lawyers to play their cards close to the vest. “We conclude that an attorney or her agent may use her real name and profile to send a ‘friend request’ to obtain information from an unrepresented person’s social networking website without also disclosing the reasons for making the request,” the opinion says. A press release has details. The opinion notes that lawyers are increasingly turning to social networking sites such as Facebook, Twitter and YouTube as potential sources of evidence. A divorce lawyer, for example, may look for evidence of infidelity on Facebook. Or a lawyer representing a plaintiff in a copyright infringement case would be interested in pirated videos on YouTube. But lawyers searching for information are limited by ethics rules barring misconduct involving dishonesty, fraud, deceit or misrepresentation and prohibiting knowing false statements of fact, the opinion says. “We believe these rules are violated whenever an attorney ‘friends’ an individual under false pretenses,” the opinion concludes. The opinion lists potential ruses that are off-limits. A lawyer can’t create a false Facebook profile in hopes it will be of interest to a targeted witness. And a lawyer can’t e-mail a YouTube account holder falsely touting a recent digital post in hopes of gaining access to the target’s channel.

Lawyer Websites (ABA Formal Opinion 10-457, Standing Committee on Ethics and Professional Responsibility; August 2010, first epublished 30 Sept 2010) - Websites have become a common means by which lawyers communicate with the public. Lawyers must not include misleading information on websites, must be mindful of the expectations created by the website, and must carefully manage inquiries invited through the website. Websites that invite inquiries may create a prospective client-lawyer relationship under Rule 1.18. Lawyers who respond to website-initiated inquiries about legal services should consider the possibility that Rule 1.18 may apply.

- and -

ABA Asserts Copyright On Its Lawyer-Advertising Rules (Forbes blogs, 29 Sept 2010) - This interesting post over at reveals that the American Bar Association plans to issue an important opinion about lawyer advertising — but, following its usual policy, will use copyright laws to restrict who can read it. The folks at attorney-rating site, who seem to be angering lawyers a lot lately, went ahead and posted the ethics opinion despite the ABA’s plea to hold off. It’s here [Editor: after posting this on 29 Sept, AVVO apparently reconsidered; is was removed as of 30 Sept]. Formal Opinion 10-457, a six-page, footnote-laden guide tells ABA members, in essence, how to avoid violating ethics rules when they set up websites or communicate with potential clients online. Information must be accurate and current, it says, and lawyers have to be careful not to establish an attorney-client relationship unwittingly when they engage in online conversations on their websites or in chat rooms and the like. Facebook, it seems, might be a potential minefield of ethics violations. You’d think the ABA would want to disseminate this information far and wide, and indeed, the media relations folks at ABA headquarters in Chicago will provide copies of all such opinions to reporters who ask. But the organization also asserts copyright protection on these documents and puts them behind a pay wall, charging even members $20 for a copy, after a year. This sort of copyright protection is a dicey proposition I’ve written about in the past, in connection with copyrighted building codes. The American Medical Association also zealously protects the CPT codes doctors use to properly bill Medicare for procedures; without buying them from the AMA doctors run the risk of civil or criminal prosecution. [Editor: I’ve watched the recent internal ABA debate about this, and (of course) there are two sides to the story. Did you know that ISO Standards also are for-fee? Like the ABA Ethics Opinion issue, it seems inapt to charge money for access to a set of rules which we expect people to follow. Indeed, not unlike copyrighting the Oregon civil code, but that’s another story. See also the “Noted Podcast” selection below featuring Carl Malamud.]

- and -

Security Concerns Spark a Controversy Over a Bar Association’s Endorsement of Cloud Computing (Inside Counsel, 20 August 2010) - Storing data on remote servers in a vendor’s data center and accessing it via the Internet through various forms of “cloud computing” or Software as a Service (SaaS) can be a cost-effective solution for companies that don’t want to invest in their own technical infrastructure. A SaaS vendor owns and maintains the infrastructure while the customer pays a periodic fee for that use. But critics concerned about the security of data stored in vendors’ data centers have thrown a curve ball at the North Carolina Bar’s attempt to establish an ethical roadmap for attorneys interested in employing SaaS solutions. The setback comes even as the popularity of cloud computing grows. Security flaws have raised questions about the ethics of storing clients’ information in the cloud, given a lawyer’s obligation to protect confidential client information from disclosure. Addressing questions on this point, the Ethics Committee of the North Carolina State Bar in April published for comment a proposed, first-of-its-kind ethical opinion that would give lawyers in that state the green light to employ cloud computing solutions, while suggesting the importance of due diligence in hiring a vendor. It also provides an extensive set of questions that corporate law departments nationwide can adopt to determine if they’ve exercised due diligence. In its proposed opinion, the Ethics Committee concludes that lawyers “may contract with a SaaS vendor, provided the risks that confidential client information may be disclosed or lost are effectively minimized.”

UK Faces EU Case Over Online Privacy (The Guardian, 1 Oct 2010) - The European commission is taking the UK government to court for breaching European Union laws on internet privacy. The court action follows complaints made by broadband users to the UK Information Commissioner relating to the secret use of Phorm activity-tracking software monitoring users’ online habits, an experiment BT dropped in 2009 after tests in 2006 and 2007. But BT has now said that it is “simply inaccurate” to link the court action to the company. The telecoms operator hit back at reports linking the commission’s investigation to the company’s experiment tracking the online habits of customers in order to target them with relevant advertising. “The potential infraction proceedings relate to an alleged mis-implementation of EU law by the UK government. As such, they are a matter for the EU and the UK government. It is simply inaccurate to describe them as relating in any way to BT,” the company said. The European commission twice wrote to the UK government in 2009 asking it to change privacy laws under the Regulation of Investigator Powers Act (RIPA) and the Data Protection Act (DPA). The commission has now said it will use court action to force the UK government to more fully implement the Privacy and Electronic Communications Directive and the Data Protection Directive. The commission yesterday said: “The commission considers that existing UK law governing the confidentiality of electronic communications is in breach of the UK’s obligations under the ePrivacy Directive and the Data Protection Directive.” BT, the UK’s largest broadband provider, attracted controversy for testing technology developed by Phorm that tracked the habits of customers in order to increase the relevancy of advertising it serves. It subsequently dropped the idea after a backlash from users and privacy watchdogs. The commission said the UK government is not strict enough in the way it prohibits the interception of a person’s communication. “Current UK law authorises interception of communications not only where the persons concerned have consented to interception but also when the person intercepting the communications has ‘reasonable grounds for believing’ that consent to do so has been given. These UK provisions do not comply with EU rules defining consent as ‘freely given, specific and informed indication of a person’s wishes’,” it added.

How Stuxnet is Scaring the Tech World Half to Death (Weekly Standard, 2 Oct 2010) - The computer worm Stuxnet broke out of the tech underworld and into the mass media this week. It’s an amazing story: Stuxnet has infected roughly 45,000 computers. Sixty percent of these machines happen to be in Iran. Which is odd. What is odder still is that Stuxnet is designed specifically to attack a computer system using software from Siemens which controls industrial facilities such as factories, oil refineries, and oh, by the way, nuclear power plants. As you might imagine, Stuxnet raises big, interesting geo-strategic questions. Did a state design it as an attack on the Iranian nuclear program? Was it a private group of vigilantes? Some combination of the two? Or something else altogether? But it’s worth pausing to contemplate Stuxnet on its own terms, and understand why the tech nerds were so doomsday-ish about it in the first place. We should start at the beginning… [Editor: no legal dimension here, only interesting technical discussion. See also, and -- Siemens apparently hardcoded a userid and password into their system.]

Who Owns a Terminated Employee’s Twitter Account? ( Legal Blog Watch, 5 Oct 2010) - On his Spam Notes blog, Venkat Balasubramani attempts to answer an interesting question inspired by CNN’s recent firing of anchor Rich Sanchez for comments he made about comedian Jon Stewart. The question, first posed by Marshall Kirkpatrick at ReadWriteWeb, is who owns the rights to Sanchez’s CNN-branded Twitter account (@ricksanchezcnn) with over 146,000 followers? Kirkpatrick asks: “Does Sanchez own his Twitter account or does CNN? Ought he be required to remove the reference to CNN from his name?” Venkat writes that absent an agreement governing the right to the username, the issue is quite muddy. He believes Sanchez could argue that “if he built up a fan-base as a result of his popularity, he’s not required to turn over his ‘fans’ to his employer.” CNN, on the other hand, could counter that Sanchez “gained these followers by exploiting the CNN brand and by using company resources.” Venkat concludes that Sanchez’s position is probably stronger, but that he probably cannot keep the letters “CNN” in his username. Venkat adds that CNN and its media peers would be well-served to start addressing ownership of social media accounts via contract. Such an agreement, he notes, could have provided that upon termination:
(1) Sanchez would stop using the account immediately;
(2) CNN would have access to Sanchez’s password at all times;
(3) Sanchez would not post any public statements without CNN’s approval; and
(4) Sanchez would turn over the account to CNN. [Editor: this advice might be more nuanced, don’t you think? E.g., #3 is a bit strange.]

US Marshal Service’s Electronic Surveillance Manual (Chris Soghoian’s blog, 5 Oct 2010) - Last week, the FOIA fairy delivered 25 pages of internal rules that outline when and how the US Marshal Service uses electronic surveillance methods. According to the cover letters accompanying the documents, the policies are “obsolete” and that “the office is preparing to rewrite/revise it, which could take 30 days or longer to complete.”

The full document can be downloaded here (pdf)

The most interesting things that jumped out to me:

1. One of the most heavily redacted sections relates to the use of trigger fish, or cell site analyzers, which allow the government to locate phones without the assistance of the phone company. 2. The special rules that USMS investigators must follow before wiretapping VIPs such as Members of Congress, Governors and Judges.

How Private Is Facebook Under the SCA? (, 5 Oct 2010) - In 1986, Congress passed the Stored Communications Act as part of the Electronic Communications Privacy Act to address privacy issues attendant to the advent of the internet. Through the SCA, Congress intended to restrict disclosure of private communications by providers of electronic communications services. Recently, in Crispin v. Christian Audigier Inc., et al.,[FOOTNOTE 1] the U.S. District Court for the Central District of California was tasked with application of the SCA in the context of social networking and webmail services. Crispin involved subpoenas issued by defendants in a copyright infringement and breach of contract action to two non-party social networking service providers, Facebook and MySpace, and Media Temple, a non-party web hosting company that provides webmail services. The subpoenas sought disclosure of plaintiff’s private e-mail and social networking messages, as well as plaintiff’s MySpace comments and Facebook wall postings. Plaintiff moved to quash the subpoenas, arguing that the communications were protected under the SCA. In the resulting decision, District Court Judge Margaret M. Morrow thoroughly analyzed several important and timely issues, including whether a litigant has standing to move to quash subpoenas served on non-party web hosting and social networking companies to which the litigant subscribes, whether the SCA applies to these types of providers, whether the SCA provides immunity for disclosure of private information when compelled by subpoena, and the extent to which private electronic communications and data in the custody of social networking and webmail providers are protected. [Editor: for a useful parsing of SCA and the RCS (Remote Computing Service, see also “ECPA Reform - Inconsistent Holdings on Social Media“ by Andy Serwin]

- and -

Mixing Work and Play on Facebook (InsideHigherEd, 6 Oct 2010) - Learning management is frequently thought of as a top-down activity, with professors setting the agenda and presiding over e-learning environments like they do a traditional classroom. Facebook, meanwhile, has been thought of more as a distraction from schoolwork than a place where students engage with it. Now, a technology team at Purdue University has created a new application that seeks to upend both of those assumptions. The application, called Mixable, is positioned as an e-learning environment that empowers students, and can be used as a little study room and course library inside Facebook. Drawing on course registration data, Mixable invites students in virtual rooms with classmates in each of their courses. Once there, it lets them post and start comment threads about links, files, and other materials that might be relevant to the course — or not. The point is, there is no administrative authority determining what should (or must) be posted or discussed, and students are free to abstain from participating — just like on Facebook. Professors can join in, but they don’t run the show. And students can choose to make posts viewable by some classmates and not others. “In essence, the conversation is owned by the student,” says Kyle Bowen, the director of informatics at Purdue. Mixable is currently being piloted in four courses at Purdue, soon to be seven. [A] screenshot of recent activity in the Mixable room for a communications course that focuses on emerging technologies (with student names redacted) shows students posting tutorials on blogging and website design. One student posted a guide on turning a personal computer into a Web server. Another shared a link to tips on designing avatars. There was not any casual banter, but students seemed to be passing around resources.

Man Jailed Over Computer Password Refusal (BBC, 5 Oct 2010) - A teenager has been jailed for 16 weeks after he refused to give police the password to his computer. Oliver Drage, 19, of Liverpool, was arrested in May 2009 by police tackling child sexual exploitation. Police seized his computer but could not access material on it as it had a 50-character encryption password. He was formally asked to disclose his password but failed to do so, which is an offence under the Regulation of Investigatory Powers Act 2000, police said. Drage was convicted of failing to disclose an encryption key in September. He was sentenced at Preston Crown Court on Monday.

Visions of the Gamepocalypse (Long Now Foundation, 27 July 2010; Jesse Schell, 1h46m) – Editor: I cannot encapsulate the breadth of this presentation, but it goes well beyond games and touches on advertising, technology, AR and VR, education, and invention. I enjoyed it very, very much.; slides here:

“By the People...” (IT Conversations, 2009, 21 minute podcast by Carl Malamud) - Carl Malamud of Public.Resource.Org discusses the benefits free access to information brings to society. In a presentation from Gov 2.0, he indicates how the internet wave has enabled the Securities and Exchange Commission (SEC) to fulfill its mission to provide our financial markets with greater efficiency and transparency, by placing corporate filings of public companies on EDGAR, a public filings database successfully initiated by Malamud in the ‘80s. [Editor: I was struck by his characterization of law as “the operating system of our society”, and the need to assure open-source access and creation of such laws. Includes a bit of history, too: the origins of the GPO and the Congressional Record, the Federal Register, EDGAR, and PACER.]

**** RESOURCES ****
Rees Morrison Survey -- As the general counsel manager of a legal department, you may be interested in key staffing and spending metrics from the largest benchmark report ever compiled for legal departments -- more than 600 law departments. The confidential online survey asks for six pieces of law department data so it is easy to complete: 
- the number of lawyers, paralegals, and other staff (as of Dec. 31, 2009);
- internal and external legal spend last year; and
- revenue last year.
The 60+-page report, to be distributed in late October, has 25 charts (one for each benchmark metric) and five tables, all with metrics that are normalized and aggregated. It contains ratios for industry benchmarks as well as benchmarks for departments by country, number of lawyers, region, and company revenue. Survey participants receive their report at no cost. The fourth and final release will go out in November or December. Please click here to complete the survey. Or, copy and paste the following URL into a browser: If you have questions, please write the sponsor of the survey, Rees Morrison, at [Editor: Rees has been doing very good work with corporate law departments, and I highly recommend him to you. Participating in this survey will help your company, and the profession.]

Cloud Computing and National Security Law (Lawfare blog by Jack Goldsmith, 4 Oct 2010) - That is the title of a new report by the National Security Research Group, a student student-run organization at Harvard Law School devoted to analyzing concrete national security legal problems in ways that might be useful to national security practitioners. The NSRG’s cloud computing study has an admirably clear description of what cloud computing is; the best analysis available of the wide range of legal problems it raises (including the applicability of the Computer Fraud and Abuse Act to the cloud, various statutory search and seizure issues, and the use of cloud information in court); and recommendations for legal reform. If you have comments on the cloud computing report or suggestions for future projects, the NSRG team can be reached at

How to Record the Cops: A Guide to the Technology For Keeping Government Accountable (, 20 Sept 2010) - This summer the issue of recording on-duty police officers has received a great deal of media attention. Camera-wielding citizens were arrested in Maryland, Illinois, and Massachusetts under interpretations of state wiretapping laws, while others were arrested in New Hampshire, Ohio, Oregon, Florida, and elsewhere based on vaguer charges related to obstructing or interfering with a police officer. So far Massachusetts is the only state to explicitly uphold a conviction for recording on-duty cops, and Illinois and Massachusetts are the only states where it is clearly illegal. The Illinois law has yet to be considered by the state’s Supreme Court, while the Massachusetts law has yet to be upheld by a federal appeals court. Maryland Attorney General Douglas Gansler recently issued an opinion concluding that arrests for recording cops are based on a misreading of the state’s wiretapping statute, but that opinion isn’t binding on local prosecutors. In the remaining 47 states, the law is clearer: It is generally legal to record the police, as long as you don’t physically interfere with them. You may be unfairly harassed, questioned, or even arrested, but it’s unlikely you will be charged, much less convicted. (These are general observations and should not be treated as legal advice.) One reason this issue has heated up recently is that the democratization of technology has made it easier than ever for just about anyone to pull out a camera and quickly document an encounter with police. So what’s the best way to record cops? Here is a quick rundown of the technology that’s out there.

**** DIFFERENT ****
The Art of Google Street View (blogTO, February 2010) - Since the launch of Google’s Street View, hoards of people have marveled at the intriguing, wacky and even beautiful scenes captured by the city-mapping camera. And yet, for the most part, continued interest in the feature seems confined to bouts of procrastination and/or the gathering of travel information (both local and otherwise). While there’s little doubt that there are worse ways one could engage in both the former and latter, recently I’ve noticed another way that these virtual cities are being put to use. More and more artists are undertaking projects that rely heavily on Street View. Not to be confused with the plethora of articles and websites devoted to sharing strange or humorous incidents captured by the now highly recognizable camera-car, these projects go beyond the comic and the bizarre in the hopes of shedding light on the world at large and the complicated role that Google’s putatively benevolent information gathering plays in our understanding of it. No doubt the best example of this is Jon Rafman’s “The Nine Eyes of Google Street View,” an excellent series of images that reveals both the eeriness of this new form of surveillance and its artistic potential. For Rafman, “this way of photographing creates a cultural text like any other, a structured and structuring space whose codes and meaning the artist and the curator of the images can assist in constructing or deciphering.” Also fitting this description is the work of Hong Kong-based photographer Michael Wolf. An artist with a fascination for architecture and the urban environment, much of Wolf’s photography has documented the density of modern cities. With his most recent series, however, he’s shifted his focus in order to investigate the photographic tradition and iconography of Paris. Similar to Thomas Ruff’s jpeg series, the argument is that the closer we look and the more we document, the less we actually make sense of the world around us. Culled from the vast archive of images freely available for download on the internet, Ruff’s massive prints of the burning World Trade Center capture this insight marvelously: from a distance, they appear clear and easy to “read” -- but the closer one gets, the more the images break apart, eventually leaving the viewer staring at a fuzzy mess of pixels with no apparent structure. Although the visual logic -- where space equals time -- could be labeled simplistic, it’d be tough to conceive of a better metaphor for the process by which we understand historical events.

GOVERNMENT RELENTS ON ENCRYPTION SOFTWARE POSTING BAN (Wall Street Journal 25 Feb 2000) In an about-face, the U.S. government says it will allow computer scientist Daniel Bernstein to post the source code for Bernstein’s Snuffle encryption software on his Web site. The change of heart came following a district court ruling that in light of the new, liberalized encryption software export restrictions implemented in January, Bernstein should be able to post his code. Bernstein and his lawyer are considering pursuing his lawsuit against the government, however, because “there’s an area of ambiguity that remains”: the new rules don’t address “mirror sites,” which copy and publish Web pages automatically to provide speedier access for users in other countries. The rules also require that the source code may be posted as long as residents of countries suspected of supporting terrorism won’t have access to the material -- an administrative nightmare for any Web operator.

- and -

EARTHLINK SAYS IT WON’T INSTALL DEVICE FOR FBI Major Internet service provider EarthLink says it has rejected the FBI’s attempt to install Carnivore, the bureaus’ new sophisticated surveillance device, on its network due to privacy concerns and service disruptions it causes. EarthLink executives pledged to provide help when possible to authorities in criminal investigations, but said installing Carnivore would force technical adjustments that could bring part of its network down and affect service for thousands of customers. The ISP also claims that Carnivore poses large liability issues for it
because there is no way to determine whether Carnivore’s monitoring is limited to the criminal investigation, or is practicing a less discreet surveillance. (Wall Street Journal, 2000 July 14)

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley ( with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at Get supplemental information through Twitter:

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. InsideHigherEd -
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog,
11. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.