Saturday, October 09, 2010

MIRLN --- 19 September – 9 October 2010 (v13.14)

(supplemented by related Tweets: #mirln)

·      Hack-Proof Dream?
·      Overheard Cell-Phone Conversations: When Less Speech Is More Distracting
·      Guidance On Mitigating Risk Posed by Information Stored On Photocopiers, Fax Machines and Printers
o   Are Digital Copiers Targets for E-Discovery?
·      Malicious Code That Comes With Release Notes?
·      Did Iqbal/Twombly Raise the Bar for Browsewrap Claims?
·      Web Group to Screen Bogus Drug Sellers
·      The Derivative Works Right
·      The MOMA Test
·      Seventh Circuit Allows Illinois Case Against Out-Of-State E-Commerce Retailer to Go Forward
·      Financial Disclosure Forms for Federal Judges Can Be Hard to Track Down
·      Feds: Privacy Does Not Exist in ‘Public Places’
·      Using Social Network Evidence in Family Court
·      National Archives and Records Administration Issues Guidelines on Cloud Computing
·      Questions, and Directors, Lost in the Ether
·      Helmet Cam Was Legal, Ditto Taping Arresting Officer, Judge Rules
·      Model Privacy Notice Form Compliance Guide Issued
·      New Site Bridges Law School, Law Practice
·      California Bans Malicious Online Impersonation
·      Web Snooping Is A Dangerous Move
·      Deleted Facebook and MySpace Posts Are Discoverable--Romano v. Steelcase
·      Lawyers Can’t Friend Potential Witnesses Under False Pretenses, Ethics Opinion Says
·      Lawyer Websites
o   ABA Asserts Copyright On Its Lawyer-Advertising Rules
o   Security Concerns Spark a Controversy Over a Bar Association’s Endorsement of Cloud Computing
·      UK Faces EU Case Over Online Privacy
·      How Stuxnet is Scaring the Tech World Half to Death
·      Who Owns a Terminated Employee’s Twitter Account?
·      US Marshal Service’s Electronic Surveillance Manual
·      How Private Is Facebook Under the SCA?
o   Mixing Work and Play on Facebook
·      Man Jailed Over Computer Password Refusal


Hack-Proof Dream? (ABA Journal, 1 Sept 2010) - While you’d be hard-pressed to find a security consultant who believes any law firm can be completely protected from the Web’s dark side, there are still plenty of vendors furiously pursuing the ideal. Two in particular, InZero and Invincea, claim to have come up with the magic bullet with technologies that essentially place an impenetrable buffer between a law firm’s Web browsers and its critical digital infrastructure. InZero has been especially bold in its assertions, once offering a free Harley-Davidson motorcycle to any hacker who could penetrate its first-generation product. There were no takers. A number of tests since then by British Telecom’s Ipswich labs, Escrypt Inc., the federal Defense Advanced Research Projects Agency and others have come up empty-handed as well, according to Oleksiy Shevchenko, InZero’s chief technology officer. Still, though competitor Invincea trots out the same, successful test results of impenetrability by the independent testing firm Cigital, law firm IT security consultants like Wise Comprehensive Solutions remain skeptical. “Experientially and logically, there is always a back door or fail-safe to every system,” says Orville Wilson, CEO at Wheaton, Md.-based Wise. The most nettlesome rub in all this? As the debate rages, the legal community has become an especially lucrative target for professional-grade hackers snooping the Web for high-value intellectual property and other business-critical information. “Firms representing client corporations that are negotiating major international deals are particularly inviting targets,” Wilson says. “Law firms have a tremendous concentration of really critical, private information. Hence, sneaking into their computer systems is a really optimal way to obtain economic, personnel and personal security-related information.” Alan Brill, a Secaucus, N.J.-based senior managing director at Kroll, another IT security consultancy, shares Wilson’s view. “The problem that law firms face is that there is an evolution leading to greater reliance on Internet-based communication with clients, co-counsel and the courts,” Brill says. “I wish I could tell you that there was a matching evolution in security that would render today’s problems obsolete, but that’s not happening.”

Overheard Cell-Phone Conversations: When Less Speech Is More Distracting (PubMed, 3 Sept 2010) – Abstract: Why are people more irritated by nearby cell-phone conversations than by conversations between two people who are physically present? Overhearing someone on a cell phone means hearing only half of a conversation-a “halfalogue.” We show that merely overhearing a halfalogue results in decreased performance on cognitive tasks designed to reflect the attentional demands of daily activities. By contrast, overhearing both sides of a cell-phone conversation or a monologue does not result in decreased performance. This may be because the content of a halfalogue is less predictable than both sides of a conversation. In a second experiment, we controlled for differences in acoustic factors between these types of overheard speech, establishing that it is the unpredictable informational content of halfalogues that results in distraction. Thus, we provide a cognitive explanation for why overheard cell-phone conversations are especially irritating: Less-predictable speech results in more distraction for a listener engaged in other tasks.

Guidance On Mitigating Risk Posed by Information Stored On Photocopiers, Fax Machines and Printers (FDIC, 15 Sept 2010) – The US Federal Deposit Insurance Corporation (FDIC) has issued a document for financial institutions titled “Guidance on Mitigating Risk Posed by Information Stored on Photocopiers, Fax Machines and Printers.” The document describes the risks inherent in the use of the devices because they may contain hard drives or flash memory that retains information transmitted by the devices. Many financial institutions lease these devices and return them at the end of the lease period. The guidance recommends that financial institutions establish and enforce “written policies and procedures to identity devices that store digital images of business documents and ensure their hard drive or flash memory is erased, encrypted or destroyed prior to being returned to the leasing company, sold to a third party or otherwise disposed of.” The guidance was issued because field examiners “felt the vast majority of bankers that they dealt with ... were completely unaware of the problem.”

- and -

Are Digital Copiers Targets for E-Discovery? (, 4 Oct 2010) - In April 2010, CBS News ran a story about the relative lack of information security involving digital copiers commonly found in most office settings. Working with a copier security expert, CBS News purchased four used copiers based on price and the number of copies on the meter. According to the reporter, the copier hard disk drives were removed and “[scanned] using forensic software ... available free on the internet,” and images of documents which had been copied or scanned were found stored on the hard drives. In one instance the reporter claims “tens of thousands of documents” were found on one copier while 300 documents were found on another. The reader was left with the impression that the images of potentially sensitive documents were stored on the copier hard drives in plain sight, so to speak. What the reporter failed to properly explain is that the document images that were found came from the unallocated space of the hard drives and had to be recovered -- the files were not available without the use of special software to find and view them. After the news story was televised, it was only a matter of days before it was circulated in e-mails, blogs, and websites, with many legal industry observers opining at length about the possible ramifications of targeting digital copiers for litigation holds and electronic discovery requests. Before determining the significance of a copier as a potential repository of information, it is important to understand how digital copiers create, store, and delete data. Despite using the same storage device found in a PC, copiers are more like printers in how they use available memory. [Editor: again, mostly a technical discussion of the possibilities; not much legal analysis/discussion.]

Malicious Code That Comes With Release Notes? (Network World, 16 Sept 2010) – I was astonished when Mike Dausin of security provider HP TippingPoint briefed me on a new state of network security report and explained how much more sophisticated writers of malicious code had become. Their code is much cleaner than it had been in years past and that recently, some updated versions of this code had actually come with release notes. “When you think about code having release notes, that implies a level of maturity that just wasn’t there before,” said Dausin, manager of advance security intelligence for TippingPoint, whose DVLabs unit conducts research into network vulnerabilities and helped produce “The Top Cyber Security Risks Report,” which was published today. Distributing malicious code with release notes is like a maker of burglar tools distributing a brochure about how to use a new pry bar to break into a house. It’s a particularly brazen move and underscores the point that the bad guys are getting much better at their jobs. The 43-page report identifies four major areas of concern for network administrators and makes five recommendations of what enterprises should do to improve their game to match the improvements in the bad guys’ game.

Did Iqbal/Twombly Raise the Bar for Browsewrap Claims? (BNA E-Commerce blog, 17 Sept 2010) - Judge Leonie Brinkema of the Eastern District of Virginia issued an interesting opinion earlier this week in a case involving one company’s multiple acts of datamining a competitor’s website with a screen-scraping program. Among other things, the court held that the plaintiff had failed to allege a valid breach of contract claim, a claim based on data use restrictions in a browsewrap presentation. The court said that the plaintiff’s unadorned allegations that “the terms of the TOUs [Terms of Use] are readily available for review” and that the defendants had an “opportunity to review” the terms fell short of the pleading standards set out in a pair of recent Supreme Court decisions. In Bell Atl. Corp. v. Twombly, 550 U.S. 544 (2007), the high court said that allegations must be sufficient to nudge a claim from conceivable to plausible. Two years later, in Ashcroft v. Iqbal, 129 S. Ct.1937 (2009), the court stated that “if the well-pled facts do not permit the court to infer more than the mere possibility of misconduct, the complaint has alleged--but it has not shown--that the pleader is entitled to relief.” The Twombly/Iqbal pleading standard was not met here, the court said. In order to allege a plausible contract claim based on a browsewrap agreement, the website user must have had either actual or constructive knowledge of the website terms and must also have manifested agreement to those terms. The court, looking at screenshots submitted by the defendant, remarked that the terms were: “buried at the bottom of the first page, in extremely fine print, [that] users must affirmatively scroll down to the bottom of the page to even see the link.” Against the evidence of these screenshots, the court said that the plaintiff’s allegations that the plaintiff’s conclusory allegations about the defendant’s knowledge of the website terms and assent to those terms merely by accessing the site “are plainly insufficient under the Iqbal and Twombly standard to state a plausible claim for relief.” The case is Cvent Inc v. Eventbrite Inc., No. 10-cv-481 (E.D. Va. Sept. 14, 2010).

Web Group to Screen Bogus Drug Sellers (Financial Times, 19 Sept 2010) - In a victory for the fight against criminal networks distributing counterfeit and adulterated drugs over the internet, the world’s second-biggest seller of website addresses is to begin screening customers for unapproved drug sales. Under pressure from security professionals, the internet governance group Icann and the White House, the domain-name seller eNom last week quietly retained LegitScript, a company that vets internet pharmaceutical concerns to make sure they are licensed to do business in the US. While GoDaddy, the world’s biggest seller of domain names, and other registrars have knocked thousands of rogue pharmacies offline, until now eNom, owned by Demand Media of Santa Monica, had refused to act without a court order or law-enforcement directive. The changed approach was disclosed in an amended securities filing for Demand Media’s planned initial public stock offering. The filing says LegitScript will assist eNom “in identifying customers who are violating our terms of service by operating online pharmacies in violation of US state or federal law”. [Editor: the idea of pre-approval/vetting, as a prerequisite to holding a web “presence” is, generally speaking, troubling; OK in this case, I suppose, but I’m already imagining the slippery slope.]

The Derivative Works Right (Media Law Prof Blog, 20 Sept 2010) - Christina Bohannan, University of Iowa College of Law, has published Taming the Derivative Works Right: A Modest Proposal for Reducing Overbreadth and Vagueness in Copyright, at 12 Vanderbilt Journal of Entertainment & Technology Law 669 (Summer 2010). Here is the abstract: “The Supreme Court’s recent 8-1 decision in United States v. Stevens only served to reiterate the Court’s concern with overbreadth in First Amendment challenges to statutes. Concluding that the statute in question prohibited a good deal of speech that was unrelated to the statute’s legitimate target, the Court held that the statute was substantially overbroad and therefore invalid. Stevens as well as earlier First Amendment decisions shed considerable light on the problems of overbreadth and vagueness in copyright law, particularly the derivative works right. The copyright holder’s derivative works right prohibits others from making any work “based upon a copyrighted work” that “modifies, transforms, or adapts” the copyrighted work in any way. Because all new expression must necessarily borrow from existing expression to some degree, the derivative works right sweeps a good deal of speech within its prohibition, much of which is either harmless to the copyright holder or else outside the legitimate boundaries of copyright protection. While the fair use doctrine purports to protect some of this new expression, fair use is vague and unpredictable in application, particularly when it intersects with the derivative works right. Further, the doctrine can be asserted only after a speaker has risked an infringement claim. This Article compares the Copyright Act and the way courts have applied it to a variety of other provisions that limit speech and that have been struck down or construed narrowly on overbreadth grounds. It demonstrates considerable overbreadth and vagueness in the scope of copyright protection, arguing for narrowing rules of construction that will mitigate these First Amendment concerns.” Article here:

The MOMA Test (Cast Clothesed, 20 Sept 2010) - It seems as if the test for what is copyrightable is if someone considers the piece in question to be art. In my copyright lass last week, we read and discussed the case Barry Kieselstein-cord v. Accessories by Pearl, Inc.632 F.2d 989 (2nd Cir. 1980). This case extended copyright protection to belt buckles, namely the Kieselstein-Cord Winchester” and “Vaquero” belt buckle styles that are pictured to the left. To me, belt buckles are useful articles – an element to which copyright will not normally extend its protection (see 17 U.S.C. § 101 definitions of “pictorial, graphic, and sculptural works” and “useful articles”). Buckles help you fasten your belt, which in turn keep your pants up around your waist. One of the arguments that Second Circuit uses to protect these buckle designs under copyright was that the Museum of Modern Art (MOMA) had accepted them into their permanent collection. So, are useful things considered art only when the MOMA accepts it as art? I was in the MOMA yesterday. Looking around, the MOMA considers a lot of design of useful articles to be art. On the 5th floor, there is a whole variety of furniture on display from Eames to Saarinen. Some of these items were things I found in Bloomingdale’s last weekend when I was shopping for a couch. They have lamps, TVs, hearing aids, and even a helicopter. These things are all useful articles and walking around I wondered what is copyrightable? The most striking exhibit of useful articles was Counter Space - an exhibition devoted to the design of the modern kitchen. That exhibit had commonplace kitchen items like pots, pans, and bowls on display. Would those items now be copyrightable? Is good design of useful articles always art and, therefore, should be copyrightable? Or does that good design just make it work better and remain in the public domain so that everyone can benefit from it? If the Metropolitan Museum of Art has a Costume Institute with about 80,000 pieces of clothing and accessories, would these pieces be extended the same copyright protection? I do not see the difference between a fashion show and an art show. Yet, one expression is considered art when another expression is considered merely useful. As these museum collections begin to add more clothing as art, they argument for protecting these designs grows stronger. I urge you to look at some of these collections and see what you think should be considered art, great design, and copyrightable pieces.

Seventh Circuit Allows Illinois Case Against Out-Of-State E-Commerce Retailer to Go Forward (Foley, 20 Sept 2010) - The Seventh Circuit Court of Appeals has dealt head-on with an issue of importance to online retailers, holding that an e-commerce cigarette outlet from New Mexico could be sued in Illinois over online sales. The case is State of Illinois v. Hemi Group LLC, No. 09-1407, 2010 U.S. App. LEXIS 19126 (7th Cir. Sept. 14, 2010). Hemi is a Native-American-owned cigarette sales business that operates several e-commerce Web sites from a reservation in New Mexico. Illinois claimed that Hemi evaded Illinois tax regulations and restrictions on sales to minors by selling cigarettes to Illinois residents over the Internet. Hemi moved to dismiss for lack of personal jurisdiction, arguing that it could not be haled into court in Illinois if its business activities took place solely in New Mexico, where it received and fulfilled orders. The decision turned on whether Hemi, through its Internet activities, had purposely availed itself of opportunities in Illinois by shipping orders to Illinois residents. The Seventh Circuit was hesitant “to fashion a special jurisdictional test for Internet-based cases” and declined to adopt a sliding-scale approach used by other courts to determine whether Internet activity could lead to court jurisdiction. The Seventh Circuit also conceded that Hemi did not have continuous and systematic business activities in Illinois. Nonetheless, the Court found jurisdiction, relying on three facts:
1.              Hemi maintained a substantial commercial venture online.
2.              Hemi stated on its Web site that it would ship to any state except New York, which the Court interpreted as an express election to do business with Illinois residents. Focusing on this fact, the Court highlighted that Hemi knew how to protect itself from being haled into court in New York and thereby must have known that by conducting business with residents of another state, it could be forced into court in that state.
3.              Hemi shipped cigarettes to Illinois purchasers. This was a sufficient basis for establishing jurisdiction, even though under commercial law the sales technically occurred in New Mexico.
Of particular significance for on-line retailers, the Court concluded that it was “fair” to require Hemi to appear in Illinois to answer claims based on sales through its nationwide interactive Web site. This was true even though Hemi had no physical operations in Illinois, did no advertising in the state, and accepted and filled orders in New Mexico. The Court accepted the notion that a retailer selling to Illinois residents deserves to be subject to suit in Illinois, at least with respect to issues related to those sales. Likewise, in deciding not to ship to New York, Hemi “should have foreseen” that by making sales to Illinois, it would be subject to jurisdiction there, the Court held. It is unclear whether the Seventh Circuit would have found jurisdiction in the absence of this fact, but it was interpreted as a deliberate decision to do business with the state. Significantly, while the case deals with taxes, the decision is limited to the question of whether Hemi could be sued in Illinois. The court did not consider whether Hemi’s Internet activities created sufficient nexus in Illinois to require Hemi to collect and remit state sales/use taxes on sales to Illinois residents. The full ruling is available online at

Financial Disclosure Forms for Federal Judges Can Be Hard to Track Down (, 20 Sept 2010) - If you’re looking for a senator’s most recent report on personal finances, you can walk into an office in the Capitol complex, sit down at a computer and print out the report in a matter of minutes. You can look up a House member’s report on any computer connected to the Internet. But if you want to see a federal judge’s disclosure, be prepared to wait. It can take two weeks to get a report, and it may be partially censored before its release. The reports are not available on the judiciary’s recently upgraded website, though you can read why judges think they are underpaid. While reviewing reports intended for public examination can be as simple as the click of a computer mouse these days, federal judges refuse to make it easy for the public to see annual reports on their investments, affiliations and paid travel -- reports that could signal potential conflicts of interest in pending lawsuits. What’s more, the judges are told each time someone requests a copy. “There’s a disincentive on part of litigants and other interested parties to ask for a particular judge’s financial disclosure form,” said Tom Fitton, president of the conservative public interest group Judicial Watch. “Whether or not they would be retaliated against I don’t know, but people get nervous.” The Administrative Office of U.S. Courts, the central repository for judges’ disclosure forms, routinely imposes a delay of about 10 days before turning over a requested form so the judge can be notified and review the form. By contrast, at the Office of Government Ethics, the central location of the forms of executive branch officials, requests made in writing can be filled the same day if made early enough, otherwise the next day. There is no prerelease notification to the executive branch official. Alone among federal offices, the House of Representatives allows people to obtain financial disclosure reports online. Richard Carelli, a spokesman for the judiciary, said the notification of judges and review of reports is done solely for the safety of judges and their families. Reviews have allowed court officers to black out information that could reveal where a spouse works, for instance, Carelli said. In 2008, for example, reports for 120 judges were edited to remove some information before their release, according to an annual report the judges send Congress.

Feds: Privacy Does Not Exist in ‘Public Places’ (Wired, 21 Sept 2010) - The Obama administration has urged a federal appeals court to allow the government, without a court warrant, to affix GPS devices on suspects’ vehicles to track their every move. The Justice Department is demanding a federal appeals court rehear a case in which it reversed the conviction and life sentence of a cocaine dealer whose vehicle was tracked via GPS for a month, without a court warrant. The authorities then obtained warrants to search and find drugs in the locations where defendant Antoine Jones had travelled. The administration, in urging the full U.S. Court of Appeals for the District of Columbia to reverse a three-judge panel’s August ruling from the same court, said Monday that Americans should expect no privacy while in public. “The panel’s conclusion that Jones had a reasonable expectation of privacy in the public movements of his Jeep rested on the premise that an individual has a reasonable expectation of privacy in the totality of his or her movements in public places, “ Assistant U.S. Attorney Peter Smith wrote the court in a petition for rehearing. The case is an important test of privacy rights as GPS devices have become a common tool in crime fighting, and can be affixed to moving vehicles by an officer shooting a dart. Three other circuit courts have already said the authorities do not need a warrant for GPS vehicle tracking, Smith pointed out. The circuit’s ruling means that, in the District of Columbia area, the authorities need a warrant to install a GPS-tracking device on a vehicle. But in much of the United States, including the West, a warrant is not required. Unless the circuit changes it mind, only the Supreme Court can mandate a uniform rule. The government said the appellate panel’s August decision is “vague and unworkable” and undermines a law enforcement practice used “with great frequency.” The legal dispute centers on a 1983 U.S. Supreme Court decision concerning a tracking beacon affixed to a container, without a court warrant, to follow a motorist to a secluded cabin. The appeals court said that decision did not apply to today’s GPS monitoring of a suspect, which lasted a month. [Editor: The New York Times ran an editorial on 5 Oct 2010 on this:]

Using Social Network Evidence in Family Court (, 21 Sept 2010) - The use of electronically stored information as evidence in family law litigation has increased dramatically. Electronically stored information is defined as “information created, manipulated, communicated, stored, and best utilized in digital form, requiring the use of computer hardware and software.” The most common forms of this type of evidence include e-mails, voice mails, text messages and, very significantly, information from social networking sites. Because of the proliferation of this type of information, the family law attorney needs to be familiar with the availability of this type of evidence as well as the rules governing its admissibility. The most striking change in the use of electronically stored information in family law cases has been the proliferation of media accounts relating to evidence found on social networking sites such as Facebook or MySpace. In a recent survey conducted by the American Academy of Matrimonial Lawyers, 81% of responders said they had seen an increase in the use of social networking evidence during the past five years. In fact, the survey cited Facebook as the “unrivaled leader for online divorce evidence,” noting that 66% of those surveyed cited it as a primary source. The types of cases in which the evidence has been used are typical of those that most matrimonial lawyers encounter every day. There are spouses who claim not to be engaging in extramarital affairs whose paramours are posting pictures of them together. Parents who are not entitled to take children out of the jurisdiction may then post pictures of themselves with the children during out-of-state vacation spots such as
Disney World. Parents may use photos posted on a website showing the other parent consuming liquor or using drugs. A spouse who claims he or she is incapable of earning income may post information on business-related sites looking for employment. Postings are also used to establish the whereabouts of individuals at times when they may be claiming to be elsewhere because they are often date and time stamped. This type of evidence can be used in several ways. It can be introduced into evidence at trial or in a hearing. More likely, once it is discovered and the other side is notified, it is can be used as a bargaining tool in a negotiation.

National Archives and Records Administration Issues Guidelines on Cloud Computing (BeSpacific, 22 Sept 2010) - “The National Archives and Records Administration (NARA) has issued guidance for Federal Agencies on records management and cloud computing. NARA Bulletin 2010-05: Guidance on Managing Records in Cloud Computing Environments, builds on the NARA FAQ about Cloud Computing posted on the website in February, 2010. The new guidance defines and outlines cloud computing technology, deployment models, and service models. This Bulletin was developed in consultation with several Federal agencies now adopting various forms of cloud computing. These discussions helped NARA identify and validate challenges for records management posed by cloud computing. The Bulletin also proposes ways Federal agencies can begin to address such challenges.”

Questions, and Directors, Lost in the Ether (NYT, 25 Sept 2010) – Annual shareholder meetings may not be the most efficient occasion for managers to meet with the owners of the companies they run — they can be hard for shareholders to get to and are sometimes hijacked by gadflies with personal agendas and long-winded, irrelevant questions. Because most, if not all, shareholders cast their votes before the meetings even take place, they can feel ritualistic and not terribly meaningful. Yet, these congregations do give shareholders a rare opportunity to take the measure of the managers and directors who are supposed to work for them. How executives answer questions that shareholders pitch at them can be very revealing. As long as investors get a chance to ask their questions, of course. Which brings us to a curious phenomenon known as the virtual annual meeting. Given that the Internet has made digital get-togethers ubiquitous, it was only a matter of time before large corporations began suggesting that in-person annual meetings be replaced with online-only gatherings. The benefits are obvious: efficiency and ease of participation, for example. But some investors fear that ether-only meetings will allow managers to hide from shareholders, evade their questions or otherwise dismiss their concerns. And they are pointing to the shareholder meeting last Monday of the Symantec Corporation as an example of why their concerns have merit. Like other technology companies, Symantec has held hybrid annual meetings in recent years — offering both a venue for those who wanted to attend in person and a virtual meeting for everyone else. This year, it decided to go all-virtual and alerted shareholders to the change in proxy materials submitted last month. While other companies have done this, Symantec is the first Fortune 500 corporation to conduct an Internet-only shareholder meeting, according to institutional shareholder groups. Here’s another wrinkle: Unlike other companies that broadcast video along with audio, Symantec held its meeting as audio-only — making it impossible for investors to observe the goings-on or see which Symantec executives had decided to make themselves available. Anne Sheehan, director of corporate governance at Calstrs, a California pension plan, wrote a letter to John W. Thompson, Symantec’s chairman, saying, “We believe it is important that public companies at least annually provide shareholders with the opportunity to meet with the directors who represent them.” The Council of Institutional Investors also indicated its opposition to Symantec’s online-only move. But Symantec management read and answered only two questions from shareholders. Bruce T. Herbert, chief executive of Newground Social Investment, an investment manager in Seattle whose clients hold Symantec shares, said the company failed to answer a query he placed in the electronic queue. Mr. Herbert also objected to the way Symantec conducted the meeting, saying it provided no chance for shareholders to see questions submitted by others or to follow up on any topics shareholders might have raised. Neither did executives identify who submitted the questions it did decide to read. [See related MIRLN post “A Real Trend? More Companies Holding Virtual Annual Meetings” from MIRLN --- 25 April - 15 May 2010 (v13.07)]

Helmet Cam Was Legal, Ditto Taping Arresting Officer, Judge Rules (ABA Journal, 27 Sept 2010) - A motorcyclist who was jailed and charged with violating Maryland’s wiretap law after he used a helmet cam to film the state trooper who had pulled him over for speeding is off the hook. Hartford County Circuit Judge Emory Pitt Jr. ruled that a uniformed police officer doing his job in public has no reasonable expectation of privacy, eliminating a necessary element of the wiretap case against defendant Anthony Graber, reports the Story Lab blog of the Washington Post. Pitt also threw out a charge against Graber for possessing a device whose primary purpose was intercepting oral communications. Under the government’s argument that the helmet cam fell within this definition, “almost every cell phone, BlackBerry, and every similar device, not to mention dictation equipment and other types of recording devices” would also be illegal, the judge said. [Editor: see below, under Resources, an article titled “How to Record the Cops: A Guide to the Technology For Keeping Government Accountable”.]

Model Privacy Notice Form Compliance Guide Issued (CCH’s Financial Privacy Law Report Letter, 30 Sept 2010; subscription required) - The Federal Deposit Insurance Corp. has issued a brief compliance guide for state nonmember banks that choose to use the model privacy notice form adopted by the federal regulators to inform consumers of the banks’ information sharing practices and the consumers’ right to opt out of some information sharing. Institutions are not required to use the model form but, if they do, they will be deemed to be in compliance with the Gramm-Leach-Bliley Act notice requirements. The safe harbor provided by the use of the current sample forms will end on Dec. 31, 2010, the agency said. FIL-60-2010 is available on the FDIC website at and will be reproduced in an upcoming Report.

New Site Bridges Law School, Law Practice (Robert Ambrogi, 28 Sept 2010) - A legal education site being launched today, Beyond The Bar, aims to provide a bridge between law school and law practice, providing training to new associates in business skills, legal skills and client relations. The site is sponsored by Thomson Reuters and the West LegalEdcenter. “The goal of Beyond the Bar,” the site says, “is to provide an opportunity for new lawyers to gain a deeper understanding of skills through interactive workshops, going beyond traditional bridge-the-gap or transitional education programs.” The site offers training courses in topics such as contract drafting, business counseling, effective communication, pretrial advocacy, client service and interpersonal communications. It appears that the courses are all live — there are no webcasts or other online courses offered through the site right now. From what I can tell, it appears that the site will add online courses as it is further developed.

California Bans Malicious Online Impersonation (Computer World, 28 Sept 2010) - A new law makes it illegal in California to maliciously impersonate someone online. On Monday California Governor Arnold Schwarzenegger signed the law, which makes it a misdemeanor in the state to impersonate someone online for “purposes of harming, intimidating, threatening, or defrauding another person.” The law is designed to crack down on cyber-bullying and would apply to cases like that of Elizabeth Thrasher, who was charged last year with posting a 17-year-old girl’s photo, e-mail and mobile number to a Craigslist adult forum, following an argument. The law is not designed to prohibit parody or satire, but some worry that it could have a chilling effect nevertheless. “It could be used to put the lid on free speech,” said Mike Bonanno a member of the Yes Men, a group that has made a career out of parodying powerful corporations. “Our impersonations are revealed almost immediately after we do them -- there is a net gain of information for the public: it is anything but fraud. But those facts may not stop corporations and their political cronies from using this law to attack activists who are truly exercising free speech,” he wrote in an e-mail. The Electronic Frontier Foundation doesn’t like the law either. Like Bonanno, EFF Senior Staff Attorney Corynne McSherry worries that it could give corporations and public officials a new way to sue their critics into silence. “We’re disappointed that the Governor decided to sign this bill, given that it is likely to be used to squelch political speech,” she said via e-mail. The law lets victims seek damages in civil court. Perpetrators can also face criminal charges -- up to a $1,000 fine and a year’s imprisonment. The law takes effect Jan. 1, 2011.

Web Snooping Is A Dangerous Move (CNN, 29 Sept 2010; Bruce Schneier) - On Monday, The New York Times reported that President Obama will seek sweeping laws enabling law enforcement to more easily eavesdrop on the internet. Technologies are changing, the administration argues, and modern digital systems aren’t as easy to monitor as traditional telephones. The government wants to force companies to redesign their communications systems and information networks to facilitate surveillance, and to provide law enforcement with back doors that enable them to bypass any security measures. The proposal may seem extreme, but -- unfortunately -- it’s not unique. Just a few months ago, the governments of the United Arab Emirates, Saudi Arabia and India threatened to ban BlackBerry devices unless the company made eavesdropping easier. China has already built a massive internet surveillance system to better control its citizens. Obama isn’t the first U.S. president to seek expanded digital eavesdropping. The 1994 CALEA law required phone companies to build ways to better facilitate FBI eavesdropping into their digital phone switches. Since 2001, the National Security Agency has built substantial eavesdropping systems within the United States. These laws are dangerous, both for citizens of countries like China and citizens of Western democracies. Forcing companies to redesign their communications products and services to facilitate government eavesdropping reduces privacy and liberty; that’s obvious. But the laws also make us less safe. Communications systems that have no inherent eavesdropping capabilities are more secure than systems with those capabilities built in. Any surveillance system invites both criminal appropriation and government abuse. Function creep is the most obvious abuse: New police powers, enacted to fight terrorism, are already used in situations of conventional nonterrorist crime. Internet surveillance and control will be no different. Official misuses are bad enough, but the unofficial uses are far more worrisome. An infrastructure conducive to surveillance and control invites surveillance and control, both by the people you expect and the people you don’t. Any surveillance and control system must itself be secured, and we’re not very good at that. Why does anyone think that only authorized law enforcement will mine collected internet data or eavesdrop on Skype and IM conversations? These risks are not theoretical. After 9/11, the National Security Agency built a surveillance infrastructure to eavesdrop on telephone calls and e-mails within the United States. Although procedural rules stated that only non-Americans and international phone calls were to be listened to, actual practice didn’t always match those rules. NSA analysts collected more data than they were authorized to and used the system to spy on wives, girlfriends and famous people like former President Bill Clinton. The most serious known misuse of a telecommunications surveillance infrastructure took place in Greece. Between June 2004 and March 2005, someone wiretapped more than 100 cell phones belonging to members of the Greek government -- the prime minister and the ministers of defense, foreign affairs and justice -- and other prominent people. Ericsson built this wiretapping capability into Vodafone’s products, but enabled it only for governments that requested it. Greece wasn’t one of those governments, but some still unknown party -- a rival political group? organized crime? -- figured out how to surreptitiously turn the feature on.

Deleted Facebook and MySpace Posts Are Discoverable--Romano v. Steelcase (Eric Goldman, 29 Sept 2010) - On my personal blog, I have repeatedly blogged about plaintiffs who tell one story in court only to have that story undone by their postings to social networking sites. See, e.g., Sedie v. US, People v. Franco (despite the tragedy, my personal favorite) and Embry v. State. This case is in the same vein. Romano claims that she is largely bedridden/housebound, but her public Facebook pictures show her apparently enjoying herself away from home. The defense requests access to her non-public posts on Facebook and MySpace, which the judge grants. The short opinion focuses on the defense’s ability to access the private posts, but the actual order covers both current as well as deleted material. Specifically, the court orders “Defendant STEELCASE’s motion for an Order granting said Defendant access to Plaintiff’s current and historical Facebook and MySpace pages and accounts, including all deleted pages and related information, is hereby granted in all respects.” The court didn’t discuss the deleted material separately in its analysis, but this seems like a gotcha. Once a person posts material to Facebook or MySpace, there may not be a meaningful “undo”--even deleting it does not eliminate the material as future discoverable evidence for the duration of Facebook’s and MySpace’s retention periods. [This raises the related Q of how long the sites archive deleted material. Facebook’s privacy policy had the opaque statement “Removed and deleted information may persist in backup copies for up to 90 days, but will not be available to others.” Putting aside the ambiguity of not being available to others--an untrue statement given the subsequent privacy policy statement about cooperating with legal requests--I couldn’t tell if this was the retention policy. So, if I delete a photo from Facebook on day 1, does this statement mean that the photo will become undiscoverable by day 91?]

Lawyers Can’t Friend Potential Witnesses Under False Pretenses, Ethics Opinion Says (ABA Journal, 30 Sept 2010) - Lawyers can’t use trickery to obtain evidence on Facebook and other social networking sites, according to a new ethics opinion. The opinion (PDF) by New York City Bar Association focused on this question: May a lawyer use deceptive behavior to friend a potential witnesses? The bar’s Committee on Professional Ethics concluded the answer is no, while allowing lawyers to play their cards close to the vest. “We conclude that an attorney or her agent may use her real name and profile to send a ‘friend request’ to obtain information from an unrepresented person’s social networking website without also disclosing the reasons for making the request,” the opinion says. A press release has details. The opinion notes that lawyers are increasingly turning to social networking sites such as Facebook, Twitter and YouTube as potential sources of evidence. A divorce lawyer, for example, may look for evidence of infidelity on Facebook. Or a lawyer representing a plaintiff in a copyright infringement case would be interested in pirated videos on YouTube. But lawyers searching for information are limited by ethics rules barring misconduct involving dishonesty, fraud, deceit or misrepresentation and prohibiting knowing false statements of fact, the opinion says. “We believe these rules are violated whenever an attorney ‘friends’ an individual under false pretenses,” the opinion concludes. The opinion lists potential ruses that are off-limits. A lawyer can’t create a false Facebook profile in hopes it will be of interest to a targeted witness. And a lawyer can’t e-mail a YouTube account holder falsely touting a recent digital post in hopes of gaining access to the target’s channel.

Lawyer Websites (ABA Formal Opinion 10-457, Standing Committee on Ethics and Professional Responsibility; August 2010, first epublished 30 Sept 2010) - Websites have become a common means by which lawyers communicate with the public. Lawyers must not include misleading information on websites, must be mindful of the expectations created by the website, and must carefully manage inquiries invited through the website. Websites that invite inquiries may create a prospective client-lawyer relationship under Rule 1.18. Lawyers who respond to website-initiated inquiries about legal services should consider the possibility that Rule 1.18 may apply.

- and -

ABA Asserts Copyright On Its Lawyer-Advertising Rules (Forbes blogs, 29 Sept 2010) - This interesting post over at reveals that the American Bar Association plans to issue an important opinion about lawyer advertising — but, following its usual policy, will use copyright laws to restrict who can read it. The folks at attorney-rating site, who seem to be angering lawyers a lot lately, went ahead and posted the ethics opinion despite the ABA’s plea to hold off. It’s here [Editor: after posting this on 29 Sept, AVVO apparently reconsidered; is was removed as of 30 Sept]. Formal Opinion 10-457, a six-page, footnote-laden guide tells ABA members, in essence, how to avoid violating ethics rules when they set up websites or communicate with potential clients online. Information must be accurate and current, it says, and lawyers have to be careful not to establish an attorney-client relationship unwittingly when they engage in online conversations on their websites or in chat rooms and the like. Facebook, it seems, might be a potential minefield of ethics violations. You’d think the ABA would want to disseminate this information far and wide, and indeed, the media relations folks at ABA headquarters in Chicago will provide copies of all such opinions to reporters who ask. But the organization also asserts copyright protection on these documents and puts them behind a pay wall, charging even members $20 for a copy, after a year. This sort of copyright protection is a dicey proposition I’ve written about in the past, in connection with copyrighted building codes. The American Medical Association also zealously protects the CPT codes doctors use to properly bill Medicare for procedures; without buying them from the AMA doctors run the risk of civil or criminal prosecution. [Editor: I’ve watched the recent internal ABA debate about this, and (of course) there are two sides to the story. Did you know that ISO Standards also are for-fee? Like the ABA Ethics Opinion issue, it seems inapt to charge money for access to a set of rules which we expect people to follow. Indeed, not unlike copyrighting the Oregon civil code, but that’s another story. See also the “Noted Podcast” selection below featuring Carl Malamud.]

- and -

Security Concerns Spark a Controversy Over a Bar Association’s Endorsement of Cloud Computing (Inside Counsel, 20 August 2010) - Storing data on remote servers in a vendor’s data center and accessing it via the Internet through various forms of “cloud computing” or Software as a Service (SaaS) can be a cost-effective solution for companies that don’t want to invest in their own technical infrastructure. A SaaS vendor owns and maintains the infrastructure while the customer pays a periodic fee for that use. But critics concerned about the security of data stored in vendors’ data centers have thrown a curve ball at the North Carolina Bar’s attempt to establish an ethical roadmap for attorneys interested in employing SaaS solutions. The setback comes even as the popularity of cloud computing grows. Security flaws have raised questions about the ethics of storing clients’ information in the cloud, given a lawyer’s obligation to protect confidential client information from disclosure. Addressing questions on this point, the Ethics Committee of the North Carolina State Bar in April published for comment a proposed, first-of-its-kind ethical opinion that would give lawyers in that state the green light to employ cloud computing solutions, while suggesting the importance of due diligence in hiring a vendor. It also provides an extensive set of questions that corporate law departments nationwide can adopt to determine if they’ve exercised due diligence. In its proposed opinion, the Ethics Committee concludes that lawyers “may contract with a SaaS vendor, provided the risks that confidential client information may be disclosed or lost are effectively minimized.”

UK Faces EU Case Over Online Privacy (The Guardian, 1 Oct 2010) - The European commission is taking the UK government to court for breaching European Union laws on internet privacy. The court action follows complaints made by broadband users to the UK Information Commissioner relating to the secret use of Phorm activity-tracking software monitoring users’ online habits, an experiment BT dropped in 2009 after tests in 2006 and 2007. But BT has now said that it is “simply inaccurate” to link the court action to the company. The telecoms operator hit back at reports linking the commission’s investigation to the company’s experiment tracking the online habits of customers in order to target them with relevant advertising. “The potential infraction proceedings relate to an alleged mis-implementation of EU law by the UK government. As such, they are a matter for the EU and the UK government. It is simply inaccurate to describe them as relating in any way to BT,” the company said. The European commission twice wrote to the UK government in 2009 asking it to change privacy laws under the Regulation of Investigator Powers Act (RIPA) and the Data Protection Act (DPA). The commission has now said it will use court action to force the UK government to more fully implement the Privacy and Electronic Communications Directive and the Data Protection Directive. The commission yesterday said: “The commission considers that existing UK law governing the confidentiality of electronic communications is in breach of the UK’s obligations under the ePrivacy Directive and the Data Protection Directive.” BT, the UK’s largest broadband provider, attracted controversy for testing technology developed by Phorm that tracked the habits of customers in order to increase the relevancy of advertising it serves. It subsequently dropped the idea after a backlash from users and privacy watchdogs. The commission said the UK government is not strict enough in the way it prohibits the interception of a person’s communication. “Current UK law authorises interception of communications not only where the persons concerned have consented to interception but also when the person intercepting the communications has ‘reasonable grounds for believing’ that consent to do so has been given. These UK provisions do not comply with EU rules defining consent as ‘freely given, specific and informed indication of a person’s wishes’,” it added.

How Stuxnet is Scaring the Tech World Half to Death (Weekly Standard, 2 Oct 2010) - The computer worm Stuxnet broke out of the tech underworld and into the mass media this week. It’s an amazing story: Stuxnet has infected roughly 45,000 computers. Sixty percent of these machines happen to be in Iran. Which is odd. What is odder still is that Stuxnet is designed specifically to attack a computer system using software from Siemens which controls industrial facilities such as factories, oil refineries, and oh, by the way, nuclear power plants. As you might imagine, Stuxnet raises big, interesting geo-strategic questions. Did a state design it as an attack on the Iranian nuclear program? Was it a private group of vigilantes? Some combination of the two? Or something else altogether? But it’s worth pausing to contemplate Stuxnet on its own terms, and understand why the tech nerds were so doomsday-ish about it in the first place. We should start at the beginning… [Editor: no legal dimension here, only interesting technical discussion. See also, and -- Siemens apparently hardcoded a userid and password into their system.]

Who Owns a Terminated Employee’s Twitter Account? ( Legal Blog Watch, 5 Oct 2010) - On his Spam Notes blog, Venkat Balasubramani attempts to answer an interesting question inspired by CNN’s recent firing of anchor Rich Sanchez for comments he made about comedian Jon Stewart. The question, first posed by Marshall Kirkpatrick at ReadWriteWeb, is who owns the rights to Sanchez’s CNN-branded Twitter account (@ricksanchezcnn) with over 146,000 followers? Kirkpatrick asks: “Does Sanchez own his Twitter account or does CNN? Ought he be required to remove the reference to CNN from his name?” Venkat writes that absent an agreement governing the right to the username, the issue is quite muddy. He believes Sanchez could argue that “if he built up a fan-base as a result of his popularity, he’s not required to turn over his ‘fans’ to his employer.” CNN, on the other hand, could counter that Sanchez “gained these followers by exploiting the CNN brand and by using company resources.” Venkat concludes that Sanchez’s position is probably stronger, but that he probably cannot keep the letters “CNN” in his username. Venkat adds that CNN and its media peers would be well-served to start addressing ownership of social media accounts via contract. Such an agreement, he notes, could have provided that upon termination:
(1) Sanchez would stop using the account immediately;
(2) CNN would have access to Sanchez’s password at all times;
(3) Sanchez would not post any public statements without CNN’s approval; and
(4) Sanchez would turn over the account to CNN. [Editor: this advice might be more nuanced, don’t you think? E.g., #3 is a bit strange.]

US Marshal Service’s Electronic Surveillance Manual (Chris Soghoian’s blog, 5 Oct 2010) - Last week, the FOIA fairy delivered 25 pages of internal rules that outline when and how the US Marshal Service uses electronic surveillance methods. According to the cover letters accompanying the documents, the policies are “obsolete” and that “the office is preparing to rewrite/revise it, which could take 30 days or longer to complete.”

The full document can be downloaded here (pdf)

The most interesting things that jumped out to me:

1. One of the most heavily redacted sections relates to the use of trigger fish, or cell site analyzers, which allow the government to locate phones without the assistance of the phone company. 2. The special rules that USMS investigators must follow before wiretapping VIPs such as Members of Congress, Governors and Judges.

How Private Is Facebook Under the SCA? (, 5 Oct 2010) - In 1986, Congress passed the Stored Communications Act as part of the Electronic Communications Privacy Act to address privacy issues attendant to the advent of the internet. Through the SCA, Congress intended to restrict disclosure of private communications by providers of electronic communications services. Recently, in Crispin v. Christian Audigier Inc., et al.,[FOOTNOTE 1] the U.S. District Court for the Central District of California was tasked with application of the SCA in the context of social networking and webmail services. Crispin involved subpoenas issued by defendants in a copyright infringement and breach of contract action to two non-party social networking service providers, Facebook and MySpace, and Media Temple, a non-party web hosting company that provides webmail services. The subpoenas sought disclosure of plaintiff’s private e-mail and social networking messages, as well as plaintiff’s MySpace comments and Facebook wall postings. Plaintiff moved to quash the subpoenas, arguing that the communications were protected under the SCA. In the resulting decision, District Court Judge Margaret M. Morrow thoroughly analyzed several important and timely issues, including whether a litigant has standing to move to quash subpoenas served on non-party web hosting and social networking companies to which the litigant subscribes, whether the SCA applies to these types of providers, whether the SCA provides immunity for disclosure of private information when compelled by subpoena, and the extent to which private electronic communications and data in the custody of social networking and webmail providers are protected. [Editor: for a useful parsing of SCA and the RCS (Remote Computing Service, see also “ECPA Reform - Inconsistent Holdings on Social Media“ by Andy Serwin]

- and -

Mixing Work and Play on Facebook (InsideHigherEd, 6 Oct 2010) - Learning management is frequently thought of as a top-down activity, with professors setting the agenda and presiding over e-learning environments like they do a traditional classroom. Facebook, meanwhile, has been thought of more as a distraction from schoolwork than a place where students engage with it. Now, a technology team at Purdue University has created a new application that seeks to upend both of those assumptions. The application, called Mixable, is positioned as an e-learning environment that empowers students, and can be used as a little study room and course library inside Facebook. Drawing on course registration data, Mixable invites students in virtual rooms with classmates in each of their courses. Once there, it lets them post and start comment threads about links, files, and other materials that might be relevant to the course — or not. The point is, there is no administrative authority determining what should (or must) be posted or discussed, and students are free to abstain from participating — just like on Facebook. Professors can join in, but they don’t run the show. And students can choose to make posts viewable by some classmates and not others. “In essence, the conversation is owned by the student,” says Kyle Bowen, the director of informatics at Purdue. Mixable is currently being piloted in four courses at Purdue, soon to be seven. [A] screenshot of recent activity in the Mixable room for a communications course that focuses on emerging technologies (with student names redacted) shows students posting tutorials on blogging and website design. One student posted a guide on turning a personal computer into a Web server. Another shared a link to tips on designing avatars. There was not any casual banter, but students seemed to be passing around resources.

Man Jailed Over Computer Password Refusal (BBC, 5 Oct 2010) - A teenager has been jailed for 16 weeks after he refused to give police the password to his computer. Oliver Drage, 19, of Liverpool, was arrested in May 2009 by police tackling child sexual exploitation. Police seized his computer but could not access material on it as it had a 50-character encryption password. He was formally asked to disclose his password but failed to do so, which is an offence under the Regulation of Investigatory Powers Act 2000, police said. Drage was convicted of failing to disclose an encryption key in September. He was sentenced at Preston Crown Court on Monday.

Visions of the Gamepocalypse (Long Now Foundation, 27 July 2010; Jesse Schell, 1h46m) – Editor: I cannot encapsulate the breadth of this presentation, but it goes well beyond games and touches on advertising, technology, AR and VR, education, and invention. I enjoyed it very, very much.; slides here:

“By the People...” (IT Conversations, 2009, 21 minute podcast by Carl Malamud) - Carl Malamud of Public.Resource.Org discusses the benefits free access to information brings to society. In a presentation from Gov 2.0, he indicates how the internet wave has enabled the Securities and Exchange Commission (SEC) to fulfill its mission to provide our financial markets with greater efficiency and transparency, by placing corporate filings of public companies on EDGAR, a public filings database successfully initiated by Malamud in the ‘80s. [Editor: I was struck by his characterization of law as “the operating system of our society”, and the need to assure open-source access and creation of such laws. Includes a bit of history, too: the origins of the GPO and the Congressional Record, the Federal Register, EDGAR, and PACER.]

**** RESOURCES ****
Rees Morrison Survey -- As the general counsel manager of a legal department, you may be interested in key staffing and spending metrics from the largest benchmark report ever compiled for legal departments -- more than 600 law departments. The confidential online survey asks for six pieces of law department data so it is easy to complete: 
- the number of lawyers, paralegals, and other staff (as of Dec. 31, 2009);
- internal and external legal spend last year; and
- revenue last year.
The 60+-page report, to be distributed in late October, has 25 charts (one for each benchmark metric) and five tables, all with metrics that are normalized and aggregated. It contains ratios for industry benchmarks as well as benchmarks for departments by country, number of lawyers, region, and company revenue. Survey participants receive their report at no cost. The fourth and final release will go out in November or December. Please click here to complete the survey. Or, copy and paste the following URL into a browser: If you have questions, please write the sponsor of the survey, Rees Morrison, at [Editor: Rees has been doing very good work with corporate law departments, and I highly recommend him to you. Participating in this survey will help your company, and the profession.]

Cloud Computing and National Security Law (Lawfare blog by Jack Goldsmith, 4 Oct 2010) - That is the title of a new report by the National Security Research Group, a student student-run organization at Harvard Law School devoted to analyzing concrete national security legal problems in ways that might be useful to national security practitioners. The NSRG’s cloud computing study has an admirably clear description of what cloud computing is; the best analysis available of the wide range of legal problems it raises (including the applicability of the Computer Fraud and Abuse Act to the cloud, various statutory search and seizure issues, and the use of cloud information in court); and recommendations for legal reform. If you have comments on the cloud computing report or suggestions for future projects, the NSRG team can be reached at

How to Record the Cops: A Guide to the Technology For Keeping Government Accountable (, 20 Sept 2010) - This summer the issue of recording on-duty police officers has received a great deal of media attention. Camera-wielding citizens were arrested in Maryland, Illinois, and Massachusetts under interpretations of state wiretapping laws, while others were arrested in New Hampshire, Ohio, Oregon, Florida, and elsewhere based on vaguer charges related to obstructing or interfering with a police officer. So far Massachusetts is the only state to explicitly uphold a conviction for recording on-duty cops, and Illinois and Massachusetts are the only states where it is clearly illegal. The Illinois law has yet to be considered by the state’s Supreme Court, while the Massachusetts law has yet to be upheld by a federal appeals court. Maryland Attorney General Douglas Gansler recently issued an opinion concluding that arrests for recording cops are based on a misreading of the state’s wiretapping statute, but that opinion isn’t binding on local prosecutors. In the remaining 47 states, the law is clearer: It is generally legal to record the police, as long as you don’t physically interfere with them. You may be unfairly harassed, questioned, or even arrested, but it’s unlikely you will be charged, much less convicted. (These are general observations and should not be treated as legal advice.) One reason this issue has heated up recently is that the democratization of technology has made it easier than ever for just about anyone to pull out a camera and quickly document an encounter with police. So what’s the best way to record cops? Here is a quick rundown of the technology that’s out there.

**** DIFFERENT ****
The Art of Google Street View (blogTO, February 2010) - Since the launch of Google’s Street View, hoards of people have marveled at the intriguing, wacky and even beautiful scenes captured by the city-mapping camera. And yet, for the most part, continued interest in the feature seems confined to bouts of procrastination and/or the gathering of travel information (both local and otherwise). While there’s little doubt that there are worse ways one could engage in both the former and latter, recently I’ve noticed another way that these virtual cities are being put to use. More and more artists are undertaking projects that rely heavily on Street View. Not to be confused with the plethora of articles and websites devoted to sharing strange or humorous incidents captured by the now highly recognizable camera-car, these projects go beyond the comic and the bizarre in the hopes of shedding light on the world at large and the complicated role that Google’s putatively benevolent information gathering plays in our understanding of it. No doubt the best example of this is Jon Rafman’s “The Nine Eyes of Google Street View,” an excellent series of images that reveals both the eeriness of this new form of surveillance and its artistic potential. For Rafman, “this way of photographing creates a cultural text like any other, a structured and structuring space whose codes and meaning the artist and the curator of the images can assist in constructing or deciphering.” Also fitting this description is the work of Hong Kong-based photographer Michael Wolf. An artist with a fascination for architecture and the urban environment, much of Wolf’s photography has documented the density of modern cities. With his most recent series, however, he’s shifted his focus in order to investigate the photographic tradition and iconography of Paris. Similar to Thomas Ruff’s jpeg series, the argument is that the closer we look and the more we document, the less we actually make sense of the world around us. Culled from the vast archive of images freely available for download on the internet, Ruff’s massive prints of the burning World Trade Center capture this insight marvelously: from a distance, they appear clear and easy to “read” -- but the closer one gets, the more the images break apart, eventually leaving the viewer staring at a fuzzy mess of pixels with no apparent structure. Although the visual logic -- where space equals time -- could be labeled simplistic, it’d be tough to conceive of a better metaphor for the process by which we understand historical events.

GOVERNMENT RELENTS ON ENCRYPTION SOFTWARE POSTING BAN (Wall Street Journal 25 Feb 2000) In an about-face, the U.S. government says it will allow computer scientist Daniel Bernstein to post the source code for Bernstein’s Snuffle encryption software on his Web site. The change of heart came following a district court ruling that in light of the new, liberalized encryption software export restrictions implemented in January, Bernstein should be able to post his code. Bernstein and his lawyer are considering pursuing his lawsuit against the government, however, because “there’s an area of ambiguity that remains”: the new rules don’t address “mirror sites,” which copy and publish Web pages automatically to provide speedier access for users in other countries. The rules also require that the source code may be posted as long as residents of countries suspected of supporting terrorism won’t have access to the material -- an administrative nightmare for any Web operator.

- and -

EARTHLINK SAYS IT WON’T INSTALL DEVICE FOR FBI Major Internet service provider EarthLink says it has rejected the FBI’s attempt to install Carnivore, the bureaus’ new sophisticated surveillance device, on its network due to privacy concerns and service disruptions it causes. EarthLink executives pledged to provide help when possible to authorities in criminal investigations, but said installing Carnivore would force technical adjustments that could bring part of its network down and affect service for thousands of customers. The ISP also claims that Carnivore poses large liability issues for it
because there is no way to determine whether Carnivore’s monitoring is limited to the criminal investigation, or is practicing a less discreet surveillance. (Wall Street Journal, 2000 July 14)

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley ( with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at Get supplemental information through Twitter:

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. InsideHigherEd -
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog,
11. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

No comments: