Saturday, October 30, 2010

MIRLN --- 10-30 October 2010 (v13.15)

(supplemented by related Tweets: #mirln)

·      A Rapid Rise in Social Media Use by Older Lawyers?
·      Cloud Computing Legal Issues
·      Washington State Supreme Court: E-Mail Metadata Is Public Record
·      More About Vote-Hacking Incident Revealed at Council Hearing
·      Man Buys Police Department’s Domain Name After Getting Ticket
o   Man Buys Police Department’s Domain Name After Getting Ticket
·      Ruling Proves to Be Primer on E-Discovery Enforcement
·      New FOIA Documents Reveal DHS Social Media Monitoring During Obama Inauguration
·      Are Communications Providers Violating ECPA By Complying With Out-of-State Subpoenas and Search Warrants?
·      Microsoft’s Bing Gets a Social Lift From Facebook
·      Lawyers Have a Duty to Scrub Electronics Before Disposal
·      Play It Again, Professor
o   Blogger Wins Fair Use Defense...On a Motion to Dismiss!--Righthaven v. Realty One
·      U.S. Agrees to Uphold Right to Photograph Near Its Buildings
·      Judge Clears CAPTCHA-Breaking Case for Criminal Trial
·      Universities Pen Harsh Words to Note-Selling Site
·      Victoria Police Serve Intervention on Facebook
·      Get Affordable Legal Guidance For Your Business with Rocket Lawyer
·      New Law Extends Disability Access Requirements to IP-Enabled Communications
·      Law Firms Staff Experts to Manage EDD
·      Texas Slaps Amazon With $269m Bill for Uncollected Sales Taxes
·      Free Speech Protects Amazon Buyers' Data, Federal Judge Rules
·      Georgia Mulls Citizens' Right to Access Courts via E-File
·      Air Force Manual Describes Shadowy Cyberwar World
·      White House Unveils Internet Privacy Committee
·      Pop-up Ad Prior to Software Download Could Be Deceptive
·      Would You 'Friend' the Judge?
·      The Best Backchannels Are Active Before, During, and After
·      Ethics of Advising Clients to Make Social Networks Private
·      Payment Card Industry Issues Guidance on Encryption


A Rapid Rise in Social Media Use by Older Lawyers? (Robert Ambrogi, 30 August 2010) - A report this week on social media use by older adults has important implications for the legal profession — even though it never mentions the legal profession or any other profession. A study by Pew Internet, Older Adults and Social Media, finds that social-networking use among Internet users aged 50 and older nearly doubled in the last year, from 22% in April 2009 to 42% in May 2010. Even more noteworthy, among adult Internet users aged 50-64, social-networking use grew by 88%, from 25% to 47%. That means that nearly half of Internet users aged 50-64 use social networking. And within this 50-64 age group, one in five say they use social-networking sites virtually every day. Another finding: One in 10 online adults aged 50-64 and one in 20 aged 65 and older uses Twitter or a similar service to share status updates. The survey is of adults who are Internet users, not of the population at large. Of course, virtually all actively practicing lawyers these days are Internet users. That suggests that the survey’s findings can be applied to lawyers. If roughly half of adults aged 50-64 are using social networking tools, it seems fair to assume that roughly half of lawyers in that age range are using these tools. That leads to two conclusions: * * *

Cloud Computing Legal Issues (InfoSecurity blog) - Cloud computing seems an unavoidable fast-paced revolution. Analysts estimate that in 2012, the size of the enterprise cloud-computing business may reach $60 billion to $80 billion – or about 10% of the global IT-service and enterprise-software market (BCG 2009 Capturing the Value of Cloud Computing). Such revolution brings about a lot of benefits but also several legal concerns. As Des Ward rightly wrote in his article The cost of saving money – no longer the company reputation: “[w]hilst the immediate instinct is to just look at the cost saving, it’s simply not possible to reduce costs and transfer all your risks at the same time.” It has emerged from a recent study that security, privacy, and legal matters represent the main obstacles that are encountered when implementing cloud computing, because the market provides only marginal assurance (KPMG 2010 From Hype to Future). In this respect, the Common Assurance Maturity Model (CAMM) can offer a very valuable solution, when its core controls are supplemented by additional legal compliance modules (e.g., an EU data protection compliance module). In a series of short articles I will briefly describe the main legal issues related to cloud computing, and then focus on data protection and data security, which are by far the biggest concerns for both cloud service providers (CSPs) and (potential) customers. I build on the work done last year as contributor to the European Networks and Information Security Agency (ENISA) study Cloud Computing Risk Assessment to further analyse data protection and data security issues. The following specific questions will be addressed:
·      When does Directive 95/46/EC apply?
·      How are data protection roles (i.e., data controller and data processor) distributed in the cloud environment, and thus the related duties, obligations, and possible liabilities?
·      Which data security measures need to be applied?
·      What are the possible ways to lawfully transfer personal data to countries outside the European Economic Area (EEA)?
·      How can data subject rights be guaranteed?
It is worth clarifying that these articles will analyse cloud computing services offered by CSPs to businesses (as opposed to consumers), i.e., B2B cloud computing (as opposed to B2C). For an analysis of data protection issues related to B2C cloud computing services, I recommend reading the Council of Europe discussion paper Cloud Computing and Its Implications on Data Protection. [Editor: mostly the EU dimension; spotted by Claude Baudoin, my former colleague and head of Cébé here:]

Washington State Supreme Court: E-Mail Metadata Is Public Record (Seattle Times, 7 Oct 2010) - Metadata associated with electronic documents - such as the "to" and "from" fields in e-mails - is a public record subject to disclosure, Washington's Supreme Court ruled Thursday. The 5-4 ruling concerned a Shoreline resident's request under the Public Records Act for an e-mail that had been sent to the city's deputy mayor. The resident received a copy of the e-mail without the metadata and subsequently filed a request for the information. "Metadata may contain information that relates to the conduct of government and is important for the public to know," Justice Susan Owens wrote. "It could conceivably include information about whether a document was altered, what time a document was created, or who sent a document to whom." Owens wrote that only one other state high court - Arizona's - has considered the question, and it too held that that the information is subject to disclosure. The issue has arisen elsewhere as courts grapple with the intersection of technology and disclosure laws. An appeals court in New York ruled early this year that an agency should have released certain metadata associated with photographs pursuant to a disclosure request.

More About Vote-Hacking Incident Revealed at Council Hearing (Washington Post, 8 Oct 2010) - The D.C. Council is hearing complaints about September's primary elections in a hearing underway now at the John A. Wilson Building. [T]oday's most dramatic moments concern a public testing of a "digital vote by mail" system that was intended to allow about 950 overseas voters to cast absentee ballots over the Internet. J. Alex Halderman, a University of Michigan professor who infiltrated the system with his graduate students during a "bring it on" trial period, described how they were able to have complete control over the system's servers, allowing them to monitor incoming votes and change votes already cast for two days before being discovered. He described much of this in detail in a blog post this week. But Halderman revealed more at the hearing this morning, including that his team was able to take control of routers and switches in the voting system. That gave them access to, among other things, security cameras in a BOEE server room. (After his testimony, Halderman showed reporters live video from the room, streaming to his iPhone.) Halderman also reported that while he and his students had control of the system, they witnessed hackers from China and Iran prodding those routers and switches. They chose to modify a firewall and change the password to keep the would-be infiltrators out. [Editor: I hadn’t heard of the China/Iran dimension; maybe normal automated probes, but also possibly reflects a more pernicious dimension.]

Man Buys Police Department’s Domain Name After Getting Ticket (Raw Justice, 8 Oct 2010) - Most of the time, if you get a speeding ticket you just grumble about it and pay the fine. It’s usually not a big deal for most people unless it happens a lot or they get caught going a ridiculous amount over the posted speed limit. You can fight it in court or just pay the ticket, and for most people those are the only options. However, after receiving a $90 speeding ticket in Bluff City, Tennessee, Brian McCrary discovered a third option. The Bluff City Police Department had forgotten to renew their domain name,, and let it expire. McCrary bought the domain name for $80 and posted his side of the story with information about speed traps in Bluff City and the $250,000 per month they cost the town’s 1,500 residents. The police department had no idea their domain name had expired and that McCrary owned it until reporters started calling them to ask about it. Bluff City Police Chief David Nelson said they may approach McCrary about buying the domain back from him, but they are not optimistic.

- and -

Politicians' Domain Names Prey to Cybersquatters (, 20 Oct 2010) - The midterm elections, now just two weeks away, have been marked by an explosive growth in the use of Web 2.0 tools such as online social networking and blogging in an effort to garner support and electrify voters. The sophisticated nature of today's political campaigns makes the results of a recent survey by the Coalition Against Domain Name Abuse all the more surprising: Members of Congress have a terrible record when it comes to registering domain names corresponding to their own names. In particular, CADNA surveyed registrations of domain names in the popular dot-com and dot-org top-level domains, consisting of each U.S. representative's first and last name or last name followed by the words "ForSenate" or "ForCongress." According to CADNA, only one-quarter of the domain names were registered by the representative whose name it incorporated. Moreover, fewer than half of the members of the House and Senate were the registrants of the domain name version of their full names in dot-com. This may have important implications for this year's contests. Consider, for example, the websites,, and These three sites have at least two things in common. First, the names are all present or prospective members of Congress (respectively, a Democratic congressman from Indiana running for Senate; a Democratic candidate for a House seat from Kansas; and a Republican member of the House from Texas who is seeking re-election). Second, none of these sites belong to the individuals named in the site address. The first links to an anti-Ellsworth site sponsored by the Indiana Republican Party; the second is an anti-Moore site paid for by her opponent's campaign committee; and the third jumps to the site of Hall's Libertarian opponent.

Ruling Proves to Be Primer on E-Discovery Enforcement (, 12 Oct 2010) - A federal judge's most recent opinion in an ongoing matter provides remarkable insight into several issues that arise frequently in e-discovery. Magistrate Judge Paul Grimm's lengthy opinion in Victor Stanley Inc. v. Creative Pipe Inc., filed Sept. 9, is worth the read if only for its review and distillation of the case law regarding spoliation and remedies. But the opinion is newsworthy because it sets out a harsh remedy for the defendant whom he found had destroyed evidence, lied to the court and dragged out proceedings -- civil contempt, with the defendant facing severe costs and fines or a two-year prison sentence if he fails to pay that fine. The court's focus upon and analysis of the costs -- in time, money, effort, and expertise -- of spoliation and dilatory tactics to the justice system is both spot on and timely. The lessons drawn from the reality underlying the court's analysis, however, are discouraging.

New FOIA Documents Reveal DHS Social Media Monitoring During Obama Inauguration (EFF, 13 Oct 2010) - As noted in our first post, EFF recently received new documents via our FOIA lawsuit on social network surveillance, filed with the help of UC Berkeley’s Samuelson Clinic, that reveal two ways the government has been tracking people online: Citizenship and Immigration’s surveillance of social networks to investigate citizenship petitions and the DHS’s use of a “Social Networking Monitoring Center” to collect and analyze online public communication during President Obama’s inauguration. This is the second of two posts describing these documents and some of their implications. In addition to learning about surveillance of citizenship petitioners, EFF also learned that leading up to President Obama’s January 2009 inauguration, DHS established a Social Networking Monitoring Center (SNMC) to monitor social networking sites for “items of interest.” In a set of slides [PDF] outlining the effort, DHS discusses both the massive collection and use of social network information as well as the privacy principles it sought to employ when doing so. While it is laudable to see DHS discussing the Fair Information Practice Principles [PDF] as part of the design for such a project, the breadth of sites targeted is concerning. For example, among the key “Candidates for Analysis” were general social networking sites like Facebook, MySpace, Twitter, and Flickr as well as sites that focus specifically on certain demographic groups such as MiGente and BlackPlanet, news sites such as NPR, and political commentary sites DailyKos. According to the slides, SNMC looks for “‘items of interest’ in the routine of social networking posts on the events, organizations, activities, and environment” of important events. While the slides indicate that DHS scrutinized the information and emphasized the need to look at credible sources, evidence, and corroboration, they also suggest the DHS collected a massive amount of data on individuals and organizations explicitly tied to a political event.

Are Communications Providers Violating ECPA By Complying With Out-of-State Subpoenas and Search Warrants? (Steptoe’s E-Commerce Law Week, 14 Oct 2010) - A trio of class action suits recently filed in Georgia state court (Sams v. Yahoo! Inc., Losapio v. Comcast Corp., and Sams v. Windstream Corp.) has called into question a common practice among communications companies -- disclosing communications information in response to subpoenas and warrants that are faxed (or emailed) from state and local law enforcement agencies or state courts in other states. The problem, as we have previously noted, is that this practice may violate the Electronic Communications Privacy Act (ECPA), which bars communications providers from disclosing this sort of information to governmental entities except in response to lawful orders. Because state laws typically provide that subpoenas and search warrants have no effect outside of the state, a company that discloses information in response to an out-of-state subpoena or warrant is not acting pursuant to a legitimate order, and thus violates ECPA. That is the theory of these suits, anyway. The mystery is why it took so long for someone to make this claim. However these cases turn out, they should at least cause communications companies to reevaluate their policies and procedures for complying with government demands for information.

Microsoft’s Bing Gets a Social Lift From Facebook (NYT, 14 Oct 2010) - Facebook and Microsoft announced a partnership on Wednesday that will give the results on Microsoft’s Bing search engine a social twist — and could help both companies compete against a common adversary, Google. The new feature allows people who use Facebook to see Bing search results that incorporate information from their friends, like restaurant recommendations. When a user searches for something like a movie, place or product on Bing, information about how many of their friends “liked” that item on Facebook and related links they have shared will appear alongside the results. The Facebook data will help determine how prominently these will appear, said Yusuf Mehdi, a senior vice president for online business at Microsoft. [Editor: social-media moderated search – I think this can be huge. Too bad Facebook has so badly managed new-feature rollout – if it’d been done better, more people would be comfortable “liking” things, and SM-moderated search would be much more effective. Still, it’ll come, eventually.]

Lawyers Have a Duty to Scrub Electronics Before Disposal (Florida Bar, 15 Oct 2010) - Have you texted a client from your cell phone? Used a copying service or business services at a hotel to replicate client documents? Do you do business via an iPhone, Blackberry, laptop, or iPad?

 Then you may have an extra step or two to take when disposing of such equipment, according to a new proposed ethics opinion.

 The Professional Ethics Committee addressed that issue and the confidentiality a lawyer owes to a deceased client at its September 24 meeting.

 The committee approved two proposed advisory opinions, both of which were referred by the Bar Board of Governors. Both opinions are reproduced in their entirety in an official notice in this News.

 PAO 10-2 addressed computerized equipment that could retain confidential information when discarded, sold, or recycled. Such equipment includes computers, scanners, and copiers (which have hard drives that retain electronic copies of processed documents), cell phones, personal digital assistants, fax machines, memory cards, and other storage media that can accumulate such records. The opinion also noted that lawyers using commercial copying services or copying services at a hotel can expose confidential information because those machines likely have hard drives that can capture that information.!OpenDocument

Play It Again, Professor (Chronicle of Higher Ed, 17 Oct 2010) - Marcus Boon gave a reading recently to promote his new book. It took place at Spoonbill & Sugartown, a bookstore in Brooklyn. About 40 or 50 people showed up. But they didn't hear a single word written by Mr. Boon. Instead, he read from a 1960s sex manual, an Italian cookbook, and Bob Dylan's memoir, among others. He had grabbed those books, more or less at random, from the store's shelves an hour before the event. So why not read from the book he actually wrote? "I didn't see a need to," says Mr. Boon, an associate professor of English at York University, in Toronto. That's because, he says, the same concepts could be found elsewhere, albeit in slightly altered form. Not coincidentally, that's the case he makes in his book, In Praise of Copying (Harvard University Press). Mr. Boon argues that originality is more complicated than it seems, and that imitation may be the sincerest form of being human. He writes: "I came to recognize that many of the boundaries we have set up between activities we call 'copying' and those we call 'not copying' are false, and that, objectively, phenomena that involve copying are everywhere around us." He read from the cookbook because recipes aren't protected by copyright law (unless they contain a "substantial literary expression," according to the U.S. Copyright Office). He read from the memoir because of Dylan's liberal borrowings from traditional folk music. And he read from the sex manual because, well, sex is all about reproduction, isn't it?

- and -

Blogger Wins Fair Use Defense...On a Motion to Dismiss!--Righthaven v. Realty One (Eric Goldman, 21 Oct 2010) - I've mentioned Righthaven before in my quick links, but this is my first full blog post about them. I trust most of you are familiar with Righthaven by now. Righthaven is a serial copyright plaintiff that searches for republications of newspaper articles, acquires the copyrights from participating newspapers (the Las Vegas Review-Journal is the largest and highest profile participating paper), sues the republisher for copyright infringement without any prior notice--seeking $75k or $150k in damages and transfer of the infringer's domain name--and then sends a settlement offer to the surprised defendant. According to this website, Righthaven has brought 157 lawsuits and settled 56 of them. Yesterday, we got the most important Righthaven ruling yet, this time in the Realty One Group case. The case involves a real estate broker's republication of 8 sentences from a 30 sentence Las Vegas Review-Journal article on the broker's blog, (now devoid of content). The court granted the blogger's fair use defense...on a motion to dismiss! The court notes the blogger quoted a relatively small percentage of the source article and, more to the point, says the blogger's "use of the copyrighted material is likely to have little to no effect on the market for the copyrighted news article." Successful fair use defenses on a motion to dismiss are exceptionally rare. It is hard (impossible?) to resolve fair use questions without relying upon disputed facts--a no-no on a motion to dismiss. Thus, it appears the court cut some procedural corners, and I could see an appeals court requiring the district court to try again. So as exciting as this result is, it may be vulnerable to an appeal if Righthaven pursued it. However, according to the Las Vegas Sun, "Righthaven CEO Steven Gibson, a Las Vegas attorney, on Wednesday said Righthaven likely won't appeal the Nelson ruling since it reached a confidential settlement with Nelson prior to the ruling being filed." [Editor: Phew!]

U.S. Agrees to Uphold Right to Photograph Near Its Buildings (NYT, 18 Oct 2010) - It is O.K. to take photos while standing in public spaces near federal buildings, after all. In a settlement with the New York Civil Liberties Union reached Monday, the federal government agreed to instruct its employees in writing of the “public’s general right to photograph the exterior of federal courthouses from publicly accessible spaces” and to remind them that “there are currently no general security regulations prohibiting exterior photography by individuals from publicly accessible spaces, absent a written local rule, regulation or order.” The settlement came in the case of Antonio Musumeci, a software developer from New Jersey who was arrested last November while filming a libertarian advocate who was protesting outside the Daniel Patrick Moynihan Federal Courthouse in Manhattan. The settlement, filed on Friday, ended a lawsuit against the Department of Homeland Security by Antonio Musumeci, 29, of Edgewater, N.J. He was arrested Nov. 9, 2009, as he videotaped a demonstrator in front of the Daniel Patrick Moynihan United States Courthouse at 500 Pearl Street. His principal camera was confiscated but he recorded the encounter on a second camera. At issue in the case was a federal regulation that was cited in the arrest of Mr. Musumeci but that seems — on the face of it — not to have prohibited what he was doing. It says, in part, that “persons entering in or on federal property may take photographs” of “building entrances, lobbies, foyers, corridors or auditoriums for news purposes.” Mr. Musumeci told the arresting officers that he worked for the radio talk program Free Talk Live. He was given a ticket and released on the spot. As part of the settlement, the Federal Protective Service said it construed the regulation “not to prohibit individuals from photographing (including motion photography) the exterior of federal courthouses from publicly accessible spaces.”

Judge Clears CAPTCHA-Breaking Case for Criminal Trial (Wired, 19 Oct 2010) - A federal judge in New Jersey has cleared the way for a landmark criminal case targeting CAPTCHA circumvention to proceed to trial. The case targets a ring of defendants who used various means to bypass CAPTCHA — the squiggly letters and numbers websites display to prove a visitor is human — in order to automatically purchase thousands of tickets from online vendors and resell them to premium customers. The defendants have been charged with wire fraud and with violating the anti-hacking Computer Fraud and Abuse Act, in an elaborate scheme that allegedly used a network of bots and other deceptive means to bypass CAPTCHA and grab more than 1 million tickets for concerts and sporting events. They made more than $25 million in profits from the resale of the tickets between 2002 and 2009. Prosecutors alleged that bypassing CAPTCHA constituted unauthorized access of ticket seller servers. Lawyers for the defendants had filed a motion to dismiss the charges on grounds that the government was trying to turn what should be a breach-of-contract civil matter into a criminal case, potentially increasing “exponentially” the universe of federal crimes. “This Indictment does not seek to punish computer fraud, it inappropriately tries to regulate the legal secondary market for event ticket sales through an overreaching prosecution,” the defendants argued in their motion. The Electronic Frontier Foundation filed an amicus brief (.pdf) also urging dismissal of the case.

Universities Pen Harsh Words to Note-Selling Site (CNET, 19 Oct 2010) - California collegians may be getting a lesson on the limits of sharing. Students at California state universities are expressing frustration following news that the university system sent a cease-and-desist letter to a new Web site that lets pupils sell their class notes--in violation of California law, the chancellor's office says. On NoteUtopia, students from about 100 colleges and universities around the country can buy, sell, or simply share their original class notes and reports, as well as handouts, exams released by the professor, and completed study guides. Students, who can join the 2-month-old site for free, can also collaborate with peers on homework assignments and directly communicate with professors who opt in to the service. But last month, California State University's Chancellor's Office sent a letter telling 22-year-old NoteUtopia founder and president Ryan Stevens to "immediately cease and desist from selling class notes in California" in accordance with section 66450 (PDF) of the state's education code, which prohibits "any business or person from selling or otherwise distributing or publishing class notes for a commercial purpose." There is, though, some uncertainty as to whether that section of the code is at odds with the First Amendment's guarantee of freedom of speech.

Victoria Police Serve Intervention on Facebook (IT News, 20 Oct 2010) - Victoria Police has served a cyberbullying intervention order via Facebook, after unsuccessful attempts to reach the accused by phone and in person. The man was a "prolific Facebook user" who had allegedly threatened, bullied and harassed a former partner online. Police were approached by the victim in August, but were unable to locate the accused by traditional means. In what police believe to be an Australian first, the accused was served with an interim intervention order, extract, explanation, contacts and a video of Leading Senior Constable Stuart Walton via a Facebook private message. The accused was ordered not to publish any material about the victim online, and not to contact the victim "by any means", including phone and e-mail, except through the police or a lawyer. "If you do not obey this order, you may be arrested and charged with a criminal offense," Walton said in the video. The accused did not attend Court as ordered, and police were unable to confirm that the message had been read. However, a Victorian Court Magistrate upheld the order indefinitely and a final order was served via Facebook. Police finally succeeded in contacting the accused after the final order was served, and ascertained that he had read both interim and final documents via Facebook and agreed to comply.,victoria-police-serve-intervention-on-facebook.aspx

Get Affordable Legal Guidance For Your Business with Rocket Lawyer (ReadWriteWeb, 20 Oct 2010) - All businesses have legal needs but not every company has the resources to hire a team of fancy, top notch lawyers. For smaller companies and nonprofits who fall into this category, there's Rocket Lawyer, a Website that offers legal assistance on a small business budget. In addition to granting access to a huge index of business legal forms, Rocket Lawyer puts customers in touch with attorneys, either via a searchable directory or by enabling them to post a question and leave contact info so a lawyer can reach out directly. The site launched a new feature this week called the Legal Health Score, which tells companies and individuals what their level of "legal wellness" is. Think of it like a credit score but instead of measuring financial dependability, it ranks one's potential legal vulnerability. For example, if a company does not have all of its business contracts in writing, they'll get a lower score. Have you used Rocket Lawyer or a similar legal advice Website for your business? Let us know if the experience worked for you in the comments. [Editor: Well?]

New Law Extends Disability Access Requirements to IP-Enabled Communications (Steptoe’s E-Commerce Law Week, 21 Oct 2010) - Earlier this month, President Obama signed the Twenty-First Century Communications and Video Accessibility Act of 2010 into law. The Act extends the disability access requirements of the Communications Act of 1934, as amended by the Telecommunications Act of 1996, to IP-enabled communications such as text-messaging, video conferencing, video delivery, and VoIP services. Significantly, the law extends accessibility requirements to "non-interconnected" VoIP services. Other provisions of the Act require that mobile phone manufacturers make their Internet browsers accessible to the visually impaired, that television shows or movies delivered over the Internet be closed captioned or contain audio descriptions, and that VoIP services be compatible with hearing aids.

Law Firms Staff Experts to Manage EDD (, 22 Oct 2010) - Three years ago, Littler Mendelson president Marko Mrkonich met with 11 of his partners to discuss hiring plans for a novel position: national e-discovery counsel -- an expert who could help the firm's attorneys and clients navigate the increasingly complex process of e-discovery. Most partners at the meeting liked the idea, but senior litigator Kevin Lilly had some reservations. "I was skeptical," says Lilly. "I wasn't sure if he'd add to the firm's bottom line; I didn't know if we needed him." Despite Lilly's misgivings, Littler hired litigator Paul Weiner from Buchanan Ingersoll & Rooney as its new e-discovery counsel. And within a month, Lilly had turned to Weiner for his advice. A client with a very complicated IT system had been hit with a putative wage-and-hour class action suit and needed help with preservation strategy. "I'm a convert," says Lilly. "Paul's been a huge success." Like Littler, many law firms have taken at least some new steps to grapple with the fast-changing world of e-discovery. Since 2006, when amendments to the Federal Rules of Civil Procedure placed greater responsibility on lawyers to preserve and produce electronically stored data, there's been a boom in the number of e-discovery practice groups or task forces. According to a recent survey by The Cowen Group, an e-discovery staffing and recruiting firm, 87 Am Law 200 firms have an e-discovery practice group or task force and 16 have full-time e-discovery partners. Drinker Biddle & Reath's e-discovery task force, which consists of one full-time e-discovery partner and a few partners working part-time on e-discovery, is sometimes retained for e-discovery issues even when Drinker isn't handling the underlying litigation. Daley & Fey -- a boutique with two partners, one counsel, one associate, and a staff of four technology and legal analysts -- focuses heavily on litigation preparedness, advising companies to get their data management in order before they're sued. As this diversity of approaches suggests, there's no set paradigm for the best way to manage e-discovery services. [Editor: Cyberspace committee member Mike McGuire also is a partner at Littler in the EDD area.]

Texas Slaps Amazon With $269m Bill for Uncollected Sales Taxes (TechFlash, 22 Oct 2010) - I'm taking a closer look at's SEC filing on its third-quarter financial results, and just noticed an interesting development under "Other Contingencies." According to Amazon, last month the state of Texas issued the company an assessment of $269 million for uncollected sales taxes for a four year period from Dec. 2005 to Dec. 2009. Amazon says the assessment is "without merit" and says it intends to "vigorously defend" itself in the matter.

- and -

Free Speech Protects Amazon Buyers' Data, Federal Judge Rules (, 27 Oct 2010) - Lists that identify the books, music and movies individual customers bought from online retailer Inc. are protected from North Carolina tax collectors, a federal judge has ruled. Amazon said in a lawsuit it filed in April in its hometown of Seattle that disclosing the names, addresses and purchases of its customers as requested by the North Carolina Revenue Department would harm anyone who may have bought controversial books or movies. U.S. District Judge Marsha Pechman ruled late Monday that the First Amendment protects a buyer from the government demanding to know the books, music and audiovisual products they've bought. Amazon and the American Civil Liberties Union, which later joined the case, "have established that the First Amendment protects the disclosure of individual's reading, listening, and viewing habits," Pechman wrote. At stake are potentially millions of dollars in taxes that North Carolina contends Amazon was responsible for collecting for years before a state law was changed last summer. "The ACLU is not taking issue with the department's authority to collect taxes on these purchases, but there is no legitimate reason why government officials need to know which North Carolina residents are reading which books or purchasing which specific brands of products," said Katy Parker, legal director for the ACLU of North Carolina Legal Foundation. Revenue Department spokeswoman Beth Stevenson said attorneys were reviewing the ruling and no decision has been made on whether to appeal the judge's ruling. The agency neither wants nor needs titles or similar details of products purchased by Amazon customers. "This case has been twisted into something it is not," Stevenson said in a statement. The agency "wants to collect the sales tax that is due to the state and nothing more."

Georgia Mulls Citizens' Right to Access Courts via E-File (, 25 Oct 2010) - A DeKalb County judge expressed surprise Tuesday when an attorney representing the parent company of LexisNexis asserted that the public has no constitutional right of access to the courts. The exchange came in a hearing before DeKalb Superior Court Judge Robert J. Castellani on a motion for summary judgment in a case that seeks to have Fulton County's e-filing system declared unconstitutional. The case is the fourth iteration of a potential class action against Fulton County and its e-filing system, and charges that the Fulton court's requirement that documents be filed via the fee-based LexisNexis File & Serve system declared an unconstitutional violation of citizens' right to access the courts. The suit also says the Fulton court's requirement violates Georgia law that stipulates the method by which legal documents must be filed and constitutes an "illegal scheme" between the county and LexisNexis' parent company, Reed Elsevier, to "impose an unlawful mandatory e-filing system upon litigants in Fulton County State and Superior Court and to charge excessive and unauthorized fees in connection therewith." In a series of orders beginning in 1999, approved by the Fulton County Board of Commissioners and signed by then-State Court Chief Judge Albert L. Thompson, cases must be e-filed if they involve asbestos, Fen-Phen, mercury or lead, silicosis, welding rods, medical or legal malpractice, personal injury, cases with four or more plaintiffs or defendants, cases in which more than $50,000 in damages is being sought, torts cases, and those in which no specific dollar figure is demanded. In Superior Court, certain asbestos and silicosis cases must e-file, and all filings in the criminal case against convicted Fulton County Courthouse shooter Brian Nichols also are required to be e-filed. The complaint says that LexisNexis charges administrative fees of between $7 and $12 for each document filed in addition to the courts' statutory filing fees, according to the complaint. A public access terminal at the courthouse allows pro se litigants to register and file documents without paying the fee.

Air Force Manual Describes Shadowy Cyberwar World (Washington Post, 25 Oct 2010) - A new Air Force manual for cyberwarfare describes a shadowy, fast-changing world where anonymous enemies can carry out devastating attacks in seconds and where conventional ideas about time and space don't apply. Much of the 62-page manual is a dry compendium of definitions, acronyms and explanations of who reports to whom. But it occasionally veers into scenarios that sound more like computer games than flesh-and-blood warfare. Enemies can cloak their identities and hide their attacks amid the cascade of data flowing across international computer networks, it warns. Relentless attackers are trying to hack into home and office networks in the U.S. "millions of times a day, 24/7." And operating in cyberspace "may require abandoning common assumptions concerning time and space" because attacks can come from anywhere and take only seconds, the manual says. The manual - officially, "Cyberspace Operations: Air Force Doctrine Document 3-12" - is dated July 15 but wasn't made public until this month. It is unclassified and available on the Internet. It dwells mostly on protecting U.S. military computer networks and makes little mention of attacking others. That could signal the Pentagon wants to keep its offensive plans secret, or that its chief goal is fending off cyberattacks to keep its networks up and running, analysts said. "Their primary mission is in some ways defensive," said James Lewis, a cybersecurity expert and a senior fellow at the Center for Strategic and International Studies. Lewis said the government still hasn't decided whether offensive cyberwarfare is the province of the military or intelligence agencies. Report here:

White House Unveils Internet Privacy Committee (Information Week, 25 Oct 2010) - The White House council on technology has formed a new subcommittee to develop principles that will attempt to balance the Internet's economic opportunity with people's right to privacy. The National Science and Technology Council's new Subcommittee on Privacy and Internet Policy also will aim to synchronize the practices of federal agencies with policy being considered and developed by lawmakers, according to a White House blog post unveiling the committee. The post is attributed to Cameron Kerry, general counsel at the Department of Commerce, and Christopher Schroeder, assistant attorney general at the Department of Justice, the chairs of the new subcommittee. The subcommittee will try to develop a common Internet privacy strategy among all of the legislative and regulatory stakeholders, both in the United States and abroad, Kerry and Schroeder wrote. Specifically, the subcommittee is charged with keeping an eye on global privacy challenges and coming up with ways to meet them, and fostering cooperation between the United States and other countries to develop policies to handle issues that arise. It also will work with the private sector to balance the needs of those doing business on the Internet with any privacy principles or policies that are developed, as well as any enforcement activity necessary to maintain them. The subcommittee is comprised of representatives from various federal departments and executive-level agencies. They include, among others: the Departments of Education, Energy, Health and Human Services, Homeland Security, State, Transportation, and Treasury; the Small Business Administration; the Domestic Policy Council; National Economic Council; National Security Council; the Office of Management and Budget; the Office of Science and Technology Policy; the Office of the U.S. Intellectual Property Enforcement Coordinator; and the National Security Staff Cybersecurity Directorate.

Pop-up Ad Prior to Software Download Could Be Deceptive (CCH, 25 Oct 2010; subscription required) - Online purchasers of McAfee antivirus software stated plausible claims under the California Unfair Competition Law (UCL) that they were deceived by a pop-up ad into inadvertently purchasing a third-party product, the federal district court in San Jose has ruled. After completing their McAfee purchase, but before downloading the McAfee software, the purchasers clicked a “Try It Now” button in a pop-up ad. Doing so enrolled them in a non-McAfee $4.95 per month subscription product called “PerfectSpeed,” as they discovered later upon noticing charges on their credit or debit card statements. The pop-up was the result of a partnering arrangement between McAfee and Arpu, Inc., a company that places online advertisements that enable the purchase of products with a single click, in this case using the purchasers’ credit card information transferred from McAfee, according to the class action complaint. The purchasers alleged that McAfee received an undisclosed fee for each customer who subscribed to Arpu’s services through the ad on McAfee’s site. The purchasers alleged that McAfee transfers the confidential billing information of its customers without adequately disclosing (1) the nature of the services to which customers are subscribing, (2) the consumer’s commitment to pay recurring monthly fees for the service, (3) the terms and conditions of the subscription service, (4) the identity of the billing party, and (5) the manner by which the customer may cancel the service. The purchasers’ complaint describing the allegedly misleading web pages and pop-up ad was specific enough to give McAfee the notice required by the heightened fraud pleading standard under Rule 9(b) of the Federal Rules of Civil Procedure, the court determined. In asserting that McAfee’s business practices were fraudulent under the UCL, the purchasers’ basic contention was that the pop-up ad led consumers to believe that clicking on it was a necessary step to download the McAfee software. While noting that visual cues in the pop-up—such as a “30 DAY FREE TRIAL” notice—tended to undermine the purchasers’ claims, the court nevertheless concluded that the purchasers alleged facts sufficient to state a plausible claim for relief. The purchasers also stated a claim that McAfee’s business practices were unfair under the UCL because the deception was unscrupulous and caused injury to consumers which outweighed its benefits, the court held. Case is Ferrington v. McAfee (USDC, ND California)

Would You 'Friend' the Judge? (, 26 Oct 2010) - When the Equal Employment Opportunity Commission filed a federal sex discrimination lawsuit in September 2009 on behalf of two women who claimed they were sexually harassed by a supervisor at Simply Storage Management, the company went after a trove of personal information: the women's Facebook and MySpace accounts. What better than personal pictures, videos, and status updates to try to discredit the women's claims of anxiety, depression, and posttraumatic stress caused by a hostile workplace? The EEOC challenged the requests as overbroad, not relevant, and an invasion of privacy, but in May a federal district court judge in Indiana ruled that information from social media websites is not off-limits simply because the accounts are locked or private. The judge ordered the women to produce all profiles, postings, messages, photos, and videos related to "any emotion, feeling, or mental state." A magistrate judge recently took a novel approach in Barnes v. CUS Nashville, LLC, a slip-and-fall case stemming from injuries the plaintiff suffered at the Coyote Ugly Saloon in Nashville. There, the judge had found that a civil subpoena of Facebook was barred under the Stored Communications Act. To resolve the discovery dispute over the plaintiff's and witnesses' Facebook photos and e-mails, the judge offered to open a Facebook account, "friend" the witnesses, review the contested materials in private, and disseminate any relevant information to the parties. "That was pretty creative," says Starkman. (Neither witness took up the judge on his offer; one voluntarily gave the defense a link to her Facebook photo album.)

The Best Backchannels Are Active Before, During, and After (InsideHigherEd, 26 Oct 2010) - Have you ever participated in a conference backchannel? Are you wondering what a backchannel is? A backchannel is the conversation that occurs (generally via a Twitter hashtag) simultaneously alongside a conference's primary events, sessions, panels, etc. It's a great way for conference attendees to share information, ask questions, participate in "tweetups," and generally add to their overall experience. Backchannels also serve as access points for folks who are not able to attend an event. Backchannels are easily accessed, and in my view, the best ones (#ACUHOI has been going strong since its national conference) are active before, during, and after an event. I have been an active participant in several backchannels as either an attendee at a conference or as a non-attendee who was simply following a particular conference hashtag. The active learning that takes place through a backchannel never fails to surprise me. When I was at #EDUCAUSE10 a couple of weeks ago, the backchannel was overflowing with information. As a participant on a technology bloggers panel, I followed the backchannel from the front of the room. People who were either in attendance and/or following the tweet stream asked questions via Twitter and the panelist answered their questions. In a few weeks, I'll be presenting at the #NACAS10 Annual Conference in Colorado Springs. I really want to have an active back channel. In order to get folks up to speed about Twitter, I am putting on a "Twitter Basics" webinar for registered attendees. Getting attendees used to using Twitter with a specific hashtag is an important step in cultivating an active backchannel. During my session at the conference, I am going to use to display the backchannel on a separate big screen. The backchannel will be taking place in the "back" as well as in the "front." The backchannel has become part of the "norm" at conferences. In my view, conferences that embrace the backchannel are allowing for greater amounts of learning and interaction to take place. The #EDUCAUSE10 hashtag feed was prominently displayed on LCD televisions throughout the conference. The conversation was constantly evolving, growing, and creating.

Ethics of Advising Clients to Make Social Networks Private (, 28 Oct 2010) - Once upon a time, a legal ethics professor told a great story on the first day of class. As a young lawyer, he represented a woman in a personal injury case who had suffered a serious injury as a result of a car accident. At trial, she hobbled to the witness stand on crutches. She testified, tearfully, about the great pain she endured each day from walking even the shortest of distances. She testified how the accident had truly changed her life. After less than 30 minutes on the stand, the jury was practically in tears. The professor left the courthouse that day confident that when his client finished her testimony on the following day, victory would be assured. The next morning, before appearing in court, the professor went to exercise at the Santa Monica stairs off Adelaide drive. And of course, he arrived to find his client there. Running. Smiling. Without crutches. Happy as a clam. Maybe even thinking about the perjurious testimony she would give later that morning with the professor's help. (This professor waited until the end of the semester to tell his class what he did. Don't worry, I will tell you at the end of this article.) A similar (although far less dramatic) ethical problem has arisen with the advent of social networking sites like Facebook and MySpace. The question is: What do you do if you discover something potentially harmful to your case on the public portion of your client's social networking web page? Can you advise your client to change his or her privacy settings to make that information invisible to the public? The genesis for this question comes from Romano v. Steelcase Inc.. Although the case has not yet been decided, a few weeks ago the court ordered that the defendant be given access to "plaintiff's current and historical Facebook and MySpace pages and accounts, including all deleted pages and related information upon the grounds that plaintiff has placed certain information on these social networking sites which are believed to be inconsistent with her claims in this action concerning the extent and nature of her injuries, especially her claims for loss of enjoyment of life."

Payment Card Industry Issues Guidance on Encryption (Steptoe, 28 Oct 2010) - The Payment Card Industry’s Security Standards Council has released two whitepapers on emerging security technologies: “EMV” payment cards and Point-to-Point Encryption (P2PE). The two guidance documents are intended to establish how both these technologies can be used to at least partially satisfy PCI Data Security Standards (“PCI DSS”). Eventually, with the issuance of more guidance documents, the hope is that a universal standard will be established for P2PE, as well as more guidelines as to the proper application of P2PE and EMV technology in compliance with PCI DSS.

**** RESOURCES ****
FTC Offers Legal Assistance Guide to Help Identity Theft Victims (BeSpacific, 21 Oct 2010) - "The Federal Trade Commission has created a guide to help attorneys and victim advocates provide legal assistance to identity theft victims. Geared toward resolving issues out of court, the Guide for Assisting Identity Theft Victims describes how advocates can intervene with creditors, credit reporting agencies, debt collectors, and others, as well as self-help measures that victims can take. Victims may need an advocate’s help in a variety of situations: their age, health, language skills, or income prevents them from making effective disputes; they’re being pursued for someone else’s debt; they face uncooperative creditors or credit reporting agencies; or their case is complex."

The Online Threat (Seymour Hersh in The New Yorker, 1 Nov 2010; recommended by Bruce Schneier) - On April 1, 2001, an American EP-3E Aries II reconnaissance plane on an eavesdropping mission collided with a Chinese interceptor jet over the South China Sea, triggering the first international crisis of George W. Bush’s Administration. The Chinese jet crashed, and its pilot was killed, but the pilot of the American aircraft, Navy Lieutenant Shane Osborn, managed to make an emergency landing at a Chinese F-8 fighter base on Hainan Island, fifteen miles from the mainland. Osborn later published a memoir, in which he described the “incessant jackhammer vibration” as the plane fell eight thousand feet in thirty seconds, before he regained control. The plane carried twenty-four officers and enlisted men and women attached to the Naval Security Group Command, a field component of the National Security Agency. They were repatriated after eleven days; the plane stayed behind. The Pentagon told the press that the crew had followed its protocol, which called for the use of a fire axe, and even hot coffee, to disable the plane’s equipment and software. These included an operating system created and controlled by the N.S.A., and the drivers needed to monitor encrypted Chinese radar, voice, and electronic communications. It was more than two years before the Navy acknowledged that things had not gone so well. “Compromise by the People’s Republic of China of undestroyed classified material . . . is highly probable and cannot be ruled out,” a Navy report issued in September, 2003, said.

**** DIFFERENT ****
Building The Next Big Thing: 25 Years Of MIT's Media Lab (ArsTechnica, 21 Oct 2010) - ast Friday, MIT's Media Lab hosted a series of talks to celebrate its 25th anniversary. Anyone who has paid attention to technology news over that period has undoubtedly heard of the various strange and interesting developments that make their way out of the Lab—Guitar Hero, LEGO Mindstorms, One Laptop per Child, and E Ink all started off as Media Lab projects. But far fewer people fully understand how the Media Lab operates, fits into MIT, and encourages such a creative environment; about half of the anniversary celebration's program focused on simply defining what the Media Lab is. So, for the benefit of those who weren't there, we'll attempt to explain how it has generated its reputation for being at the leading edge of technology. [Editor: Interesting profile. The Media Lab is the most interesting place I’ve ever visited.]

INSURANCE AGAINST HACK ATTACKS Lloyds of London and two other insurance companies will offer up to $100 million in insurance coverage to the clients of the computer security management firm Counterpane Security against losses resulting from attacks by network vandals. A Counterpane executive says, "This is not for your home user, this is for Yahoo!, this is for CDUniverse... It's threat-avoidance. This, along with monitoring, is just another arrow in your quiver." A recent study by Reality Research has predicted that businesses worldwide will lose an estimated $1.5 trillion this year due just to computer viruses spread through the Internet. (USA Today 10 Jul 2000)

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. InsideHigherEd -
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog,
11. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: