Saturday, November 20, 2010

MIRLN --- 1-20 November 2010 (v13.16)

(supplemented by related Tweets: #mirln)

·      Facebooking in Court: Coping With Socially Networked Jurors
·      USPTO Launches Second Peer To Patent Pilot in Collaboration with New York Law School
·      Report Reveals the Riskiest Web Domains to Visit
·      Ind. AG Sues Wellpoint for $300k Over Data Breach Notification Delay
·      Who Is John Doe? Who Wants To Know?
·      French Court: Deeplinking to Genuine Source of Downloadable Software Did Not Amount to an IP Rights Infringement
·      Are these Records?
o   White House Orders Standard Practices on Unclassified Information
·      White House CIO Council Releases Draft Guidance on U.S. Govt Cloud Computing
·      Proper Data Disposal Means More Than Just Taking Out the Trash
·, All Over Again
·      Spam Filter Excuse for Missing a Deadline Flies in the Northern District of Illinois
·      Protecting and Securing Confidential Client Data
·      New Business Center Can Help Boost Compliance with FTC Law
·      The New Frontier of Employee Avatar Appearance Codes
·      “Should Lawyers Twitter?”
o   New AMA Policy Helps Guide Physicians’ Use of Social Media
o   Seeking Clients Via Facebook? In Ky., Bar May Regulate Social Media Comments
·      Holding on to a Domain Name to Gain Leverage in a Business Dispute Can Constitute Cybersquatting
·      A Lack of Transparency in S.E.C. Disclosure Rule
·      Company Accused of Firing Over Facebook Post
·      Twitter Clarifies Usage Rules, but AFP Still Claims Unbridled Right to Use Content Uploaded to Twitter
·      Gartner: Social Networking Slowly Taking Over E-Mail
·      Britain to Tape Traders’ Cell Phones to Fight Fraud
·      NYPD Uses Google Street View Images as Evidence in Heroin-Dealing Case
·      Lenz Waived Attorney-Client Privilege Through Chats, Blogging
·      Cybersecurity and Rerouting of Internet Traffic to Chinese Servers
·      Request for Discovery of Facebook Profile and Photos Rejected as a Fishing Expedition


Facebooking in Court: Coping With Socially Networked Jurors (, 14 Oct 2010) - Constant thought-sharing defines our Information Age. At the office, in the car or anywhere else, we share every detail of our daily existence in real time on Facebook. Most of the time, this is acceptable and constitutionally protected behavior. But what happens in the courtroom when jurors post their opinions about a case online during trial? Last month, one Michigan juror found out. Before the case was over, this juror posted on Facebook how it was “gonna be fun to tell the defendant they’re GUILTY.” Alert defense counsel saw the posting, and the trial judge dismissed the juror, fined her $250 and ordered her to write a five-page essay about the constitutional right to a fair trial. This is the new courtroom reality, one that offers courts less control over what information flows in and out of the jury box. The problem is that, over the centuries, our legal system developed rules designed to ensure that the facts presented to a jury are scrutinized and challenged by both sides. Jurors were asked to hear all the evidence, refrain from sharing opinions and ultimately deliberate in secret. But modern, socially networked jurors accustomed to accessing and sharing information are colliding with this fishbowl experience and disrupting trials in ways few know how to address. [Editor: good overview piece, with discussion of emergence of new standards, such as by the Judicial Conference of the US]

USPTO Launches Second Peer To Patent Pilot in Collaboration with New York Law School (USPTO, 19 Oct 2010) - The United States Patent and Trademark Office (USPTO) today announced a second Peer To Patent pilot program will be initiated with New York Law School’s Center for Patent Innovations (CPI). The new, one-year pilot will begin on October 25 and will expand on the previous pilot program—which was limited to software and business methods applications—to also include applications in biotechnology, bioinformatics, telecommunications, and speech recognition. The Peer To Patent pilot program, begun in 2007, opens the patent examination process to public participation in the belief that such participation accelerates the examination process and improves the quality of patents. Under the pilot program, inventors can opt to have their patent applications posted on the website. Volunteer scientific and technical experts then discuss the applications and submit prior art they think might be relevant to determining if an invention is new and non-obvious, as the law requires. After the review period, the prior art is sent to the USPTO patent examiners for their consideration during examination. The original Peer To Patent pilot, which ran from June 2007 until June 2009, opened the patent examination process up to online public participation for the first time in history. [Editor: a former colleague writes: “Many corporate lawyers are leery of letting employees participate, fearing that a company whose patent application is denied could sue unfavorable reviewers and their employers. However, subject matter experts have generally been quite willing to participate. Many agree with the USPTO that they can contribute to a system that will favor better patents and prevent frivolous ones from being approved by examiners who lack key knowledge of the concerned technologies.”]

Report Reveals the Riskiest Web Domains to Visit (Security Week, 26 Oct 2010) - Web risk climbed to a record 6.2% of more than 27 million live domains evaluated for the 2010 Mapping the Mal Web report released today by McAfee. According to the report, the world’s most heavily trafficked web domain, .COM, is now the riskiest, with fifty-six percent of all risky sites discovered ending in .COM. While .COM is the riskiest top-level domain, the riskiest country domain is Vietnam (.VN). Japan’s .JP ranks as the safest country domain for the second year in a row and .TRAVEL as the safest overall domain. It’s interesting to note that .JP (currently $89.99 at GoDaddy) and .TRAVEL ($89.99 at Moniker) domains are also some of the most expensive domains. Are cybercriminals getting cheap with other people’s credit cards? Or do the higher price make it more risky? “Last year Vietnam’s .VN was a relatively safe domain, and this year it jumped to the third most dangerous domain. Cybercriminals target regions where registering sites is cheap and convenient and pose the least risk of being caught,” said Paula Greve, director of web security research for McAfee Labs. Report here:

Ind. AG Sues Wellpoint for $300k Over Data Breach Notification Delay (Business Week, 29 Oct 2010) - The Indiana attorney general’s office is suing health insurance giant WellPoint Inc. for $300,000 for waiting months to notify customers that their medical records, credit card numbers and other sensitive information may have been exposed online. The lawsuit filed Friday in Marion County accuses WellPoint of violating a state law that requires businesses to provide notification of data breaches in a timely manner. State officials say the personal records were exposed for at least 137 days between last October and March. The suit says WellPoint learned of the problem Feb. 22 but didn’t start notifying customers until June.

Who Is John Doe? Who Wants To Know? (Media Law Prof Blog, 1 Nov 2010) - Lior Strahilevitz, University of Chicago Law School, has published Pseudonymous Litigation at 77 University of Chicago Law Review 1239 (2010). Here is the abstract: “We presently lack a good theory for when we should permit parties to litigate using a pseudonym, and American and European legal systems differ sharply on the question. This essay attempts to leverage one of the developments associated with the information age to make progress towards a satisfying answer. The relevant development is the newfound ease with which one can air a grievance pseudonymously or anonymously via online feedback sites, rating sites, and similar forums. Given the availability of these sometimes attractive alternatives to litigation, the legal system should answer the question of whether to permit a party to litigate as a “John Doe” by determining whether a particular grievance is optimally resolved via legal dispute resolution mechanisms or the self-help alternatives that have arisen online and elsewhere. These alternative mechanisms are markedly inferior to litigation at addressing certain types of disputes and markedly superior at addressing other sorts of controversies. Many of the factors most relevant to determining whether a dispute is best addressed in a court or in a less costly forum – such as the existence of legal issues of first impression, the public relations sophistication and reputational stakes of the parties, the existence of material factual disputes, the degree to which the parties’ conduct violates existing social norms, and the magnitude of the harms suffered – are not easily discerned at the outset of litigation. It therefore may be optimal to permit a party to litigate to final judgment using a pseudonym and to consider revealing the litigant’s identity at the conclusion of proceedings. Such determinations could be based on either a balancing test that weighs the relevant aforementioned factors or a less precise bright-line rule, such as “prevailing party pseudonymity.” The essay examines how such approaches would have played out in Doe v. Smith, a Seventh Circuit invasion of privacy case that expressed misgivings about permitting pseudonymous litigation despite quite sympathetic facts.” Article here:

French Court: Deeplinking to Genuine Source of Downloadable Software Did Not Amount to an IP Rights Infringement (Bird & Bird, 2 Nov 2010) - A French court has held that an unauthorised direct link to downloadable software, bypassing the home page of the software publisher, does not itself amount to an infringement of intellectual property rights. Nor did sponsored links to competing software amount to unfair competition.

Are these Records? (NARA, 2 Nov 2010) - Federal agencies’ Facebook posts, YouTube videos, blog posts, and tweets… are all of these Federal records? Increasingly, Federal agencies are using web 2.0 and social media tools to quickly and effectively communicate with the public. These applications, sites, and tools encourage public participation and increase our ability to be more open and transparent. The informal tone of the content, however, should not be confused with insignificance. Agencies must comply with all records management laws, regulations, and policies when using web 2.0 and social media tools. On October 20, 2010, the National Archives and Records Administration issued “Guidance on Managing Records in Web 2.0/Social Media Platforms” also known as NARA Bulletin 2011-02. The bulletin says that the “principles for analyzing, scheduling, and managing records are based on content and are independent of the medium; where and how an agency creates, uses, or stores information does not affect how agencies identify Federal records.” The following questions are meant to help agencies determine record status:
·      Is the information unique and not available anywhere else?
·      Does it contain evidence of the agency’s policies, business, mission, etc.?
·      Is this tool being used in relation to the agency’s work?
·      Is use of the tool authorized by the agency?
·      Is there a business need for the information?
If the answers to any of the questions are yes, then the content is likely to be a Federal record. While an agency may determine that content is non-record because it is duplicative and found elsewhere in an agency’s recordkeeping system, agencies should also consider the fact that social media platforms can offer better indexing, opportunity for public comment, and other collaboration.

- and -

White House Orders Standard Practices on Unclassified Information (Wired, 4 Nov 2010) - The White House released an executive order Thursday that aims to standardize how agencies handle unclassified information that carries statutory protections against dissemination. Such information — designated “controlled unclassified information,” or CUI — is currently handled in an ad hoc manner, with each agency creating its own policies, procedures and markings for safeguarding the information. This can create confusion with those requesting documents under the Freedom of Information Act, and among agency personnel handling such requests. “This inefficient, confusing patchwork has resulted in inconsistent marking and safeguarding of documents, led to unclear or unnecessarily restrictive dissemination policies, and created impediments to authorized information sharing,” according to the order, signed by President Obama. “The fact that these agency-specific policies are often hidden from public view has only aggravated these issues“ (.pdf). To standardize the management of such information, the directive orders all executive branch agencies to produce a list of all the categories and subcategories they currently use to distinguish CUI from other unclassified information and to submit the list within six months to the National Archives and Records Administration (NARA). For each category, the agencies must cite the relevant law, regulation or government policy that justifies protecting the information from dissemination. “If there is significant doubt about whether information should be designated as CUI, it shall not be so
designated,” according to the order. The NARA has a year to winnow these lists down to a single list of acceptable categories and subcategories for CUI.

White House CIO Council Releases Draft Guidance on U.S. Govt Cloud Computing (Information Law Group, 3 Nov 2010) - A draft release of a 90-page Proposed Security Assessment and Authorization for U.S. Government Cloud Computing was distributed by the White House CIO Council yesterday, curiously numbered a 0.96 release. A product of FedRAMP (the Federal Risk and Authorization Management Program), the guidance draft is the result of an 18-month inter-agency effort by the National Institute of Standards and Technology (NIST), General Services Administration (GSA)(see GAO-10-855T), the CIO Council and others, including state and local governments, industry, academia, and additional governmental bodies, such as the Information Security and Identity Management Committee (ISIMC). Comments on the draft can be submitted online until December 2nd here. While we’ll be posting further analysis of the cloud computing guidance draft, the three chapters of the draft’s tripartite organization focus on: 
·      Cloud Computing Security Requirements Baselines;
·      Continuous Monitoring; and a
·      Potential Assessment & Authorization Approach.
An appendix contains materials on assessment procedures and security documentation templates. While the end goal of this FedRAMP initiative is to streamline federal governmental cloud computing vetting and procurement across agencies, it clearly remains to be seen how this ultimately works out in the field.

Proper Data Disposal Means More Than Just Taking Out the Trash (Steptoe & Johnson’s E-Commerce Law Week, 4 Nov 10) -- An attorney who improperly disposed of client records was publicly reprimanded by the Indiana Supreme Court, which stated that the attorney’s failure to properly destroy the documents before disposing them left his clients vulnerable to the theft of privileged client information. While that case (In the Matter of: Steven C. Litz) involved physical documents, the same ethics requirement would also apply to disposal of electronic records. The proper disposal method of personal records is important not just for lawyers but for any entity that handles personal data, as Federal Trade Commission enforcement actions illustrate., All Over Again (Robert Ambrogi, 4 Nov 2010) - The legal news and information site got a major facelift this week, and the new look is more than skin deep. In addition to a cleaner and more consistent design throughout, the revamped features a broader array of news and voices, from both within and without the network of ALM,’s parent company. The site’s new look is evocative of a newspaper layout. The new home page appears cleaner but also packs in a lot more information than was there before — although there is a bit of vertical scrolling required to take it all in. The site includes more content from throughout the ALM network of newspapers, magazines, newsletters, websites and special reports. All of it can now be accessed with a single log-in. New features on the front page include a video center, a selection of special reports, and a selection of “top jobs” from openings listed on Notably, now incorporates content from outside the ALM network as well, making it more of single-stop destination for news. A front-page section titled “More Stories From the Web” links to legal news from various news organizations and wire services. A second section, “Other Voices from the Legal Web,” displays a Twitter feed of legal-industry tweets. As it did before, the front page continues to display recent posts from blogs within the Blog Network (of which this blog is a member). Also new to the page are lists of the most-viewed and most-commented stories. There is a separate, “most mentioned” box which, frankly, I cannot understand. It doesn’t explain the source of the mentions. I presume it means “most searched,” because if you click on any of the items listed, it takes you to a search for that item. [Editor: look for a new ABA website, too – but not before February.]

Spam Filter Excuse for Missing a Deadline Flies in the Northern District of Illinois (Eric Goldman, 4 Nov 2010) - Pace et al. vs. AIG, 8 C 945 (N.D. Ill.; Nov. 1, 2010) -- As the court notes in this case, ‘I missed a deadline because I did not receive electronic notice of a filing’ is becoming the “modern [lawyer’s] version of the classic ‘my dog ate my homework’ line.” The court granted AIG’s motion for summary judgment on March 30, 2010. The notice of appeal would have been due on April 29, 2010. After the due date, on May 27, 2010, Appellants moved for an extension of the deadline to file a notice of appeal. Initially, they argued that they never received a copy of the court’s March 30, 2010 order, but they wisely changed course and blamed it on their overzealous spam filter. Ultimately, the court grants the motion and extends the deadline, even though six lawyers were listed as counsel on the case, and a local rule requires local counsel to be responsible for receiving notices and notifying “the designating attorney of their receipt and contents.” In the process of granting the extension, the court beats up on counsel for appellants, noting that “[t]here can be no doubt that Appellants are guilty of neglect in this case . . . “ The court runs through the numerous other cases where courts have rejected the spam filter excuse, but finds that in many of those cases, the failure to act on an e-filed document was part of an overall pattern of lack of diligence or lack of credibility on the part of the lawyer who offered this excuse: * * *

Protecting and Securing Confidential Client Data (Law Tech News, 5 Nov 2010) - Law firms are entrusted with the most sensitive and valuable information the release of which may be devastating for affected clients, as well as for the firm. In light of state and federal legislation regulating health, financial, and technology secrets, a law firm may face criminal, regulatory, or disciplinary proceedings from an unauthorized release of information. A law firm may also face civil claims, ranging from breach of contract and fiduciary duty to malpractice, defamation, or other torts. Law firms may lose loyal clients, or jeopardize the privacy and financial interests of loyal employees. Despite these realities, law firms generally do not employ, or enforce the level of security that certain clients -- particularly those dealing with heavily regulated or confidential information -- use and take for granted in their own operations. However, the twin questions that law firms need to address today are: how important to its clients are the secrets entrusted by them to the firm, and is the firm taking adequate steps to fulfill its obligations to safeguard that information? The duty to protect information generally arises from one (or more) of six sources. These are:
• fiduciary duty;
• ethical duty under the Rules of Professional Conduct, Rule 1.6;
• court-imposed obligations, including rules protecting confidential information in family law matters, and protective orders entered in particular cases;
• contractual obligations with clients and non-clients, including law firm employees;
• state or federal statutes that apply to persons who receive or retain certain types of information, such as medical or financial-related information, and state secrets; and
• obligations imposed generally through tort law, such as the obligation to avoid publicizing another's private information.
As should be evident in reviewing the foregoing non-exhaustive list of duties and obligations, improper disclosure may violate multiple duties and/or obligations, and result in severe consequences, regardless of whether the disclosure was intentional or inadvertent. [Editor: there’s other useful material in this article; see also the piece titled “Law Firms Face Risks in Handling Personal Information” in the RESOURCES section below.]

New Business Center Can Help Boost Compliance with FTC Law (FTC, 5 Nov 2010) - The Federal Trade Commission has a new Business Center at that gives business owners, attorneys, and marketing professionals the tools they need to understand and comply with the consumer protection laws, rules, and guides the FTC enforces. The Business Center provides practical, plain-language guidance about advertising, credit, telemarketing, privacy, and a host of other topics. A series of short videos explain the bottom line about what businesses need to know to comply, and the Business Center blog gives readers the latest compliance tips and information. A new video encourages businesses to use and share the free resources in the Business Center to enhance compliance and build their customers’ trust. Companies can use the compliance tips in their newsletters and blogs, share the resources with their social and professional networks, use the videos for in-house trainings or presentations, and order free materials to hand out at conferences or community events. The FTC works to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. To file a complaint or get free information on consumer issues, visit or call toll-free, 1-877-FTC-HELP (1-877-382-4357); TTY: 1-866-653-4261. Watch a new video, How to File a Complaint, at to learn more. The FTC enters consumer complaints into the Consumer Sentinel Network, a secure online database and investigative tool used by more than 1,800 civil and criminal law enforcement agencies in the U.S. and abroad.

The New Frontier of Employee Avatar Appearance Codes (MoFo, 5 Nov 2010) - Should companies reasonably ask employees to moderate the appearance of their virtual characters—or “avatars”—to conform to the company’s dress code policies? Many companies currently maintain virtual worlds on their own computer networks (akin to the popular Second Life platform) that give employees the freedom to create their own virtual self-images that interact with the avatars of other employees. And given the almost limitless visual possibilities in creating and clothing avatars, they are frequently crafted to look far more risqué or outlandish than their real-world creators. A number of commentators in the business world have already begun to weigh in on whether companies can or should lawfully regulate the appearance of their employees’ avatars, when such appearance crosses the bounds of professional propriety and potentially offends colleagues. A well-publicized October 2009 report by IT technology consulting firm, Gartner Inc., found that “Avatars are creeping into business environments and will have far reaching implications for enterprises, from policy to dress code, behavior and computing platform requirements,” and estimated that by year-end 2013, 70% of enterprises will have behavior guidelines and dress codes established for all employees who maintain avatars inside a virtual environment associated with the enterprise. Although the first avatar appearance case remains to be seen, companies that are considering establishing employee avatar appearance codes should consider all of the following: * * *

“Should Lawyers Twitter?” (ABA Journal, 5 Nov 2010) - With a front-page feature story on Twitter in Sunday’s New York Times Business Section, it is perhaps a good time to visit the question: “Should Lawyers Twitter?” In the tradition of Donald Rumsfeld and now Randy Moss, let me proceed by asking and answering my own questions. What is the functionality of Twitter? Twitter is a wide-open Web service that lets you either (A) publish 140-character “tweets” that can be anything from a deep but brief legal thought to notes from a talk to a rant on your service frustration with American Airlines; and (B) “follow” other folks who are tweeting by reading their tweets. You can go to Twitter periodically to catch up without having the miscellaneous communication clog up your e-mail inbox. What problem does Twitter solve? Think of Twitter as a meta watercooler. It allows you to track and share thoughts across a wide range of folks. This may or may not solve a problem for you. I find the most useful aspect of Twitter to be (A) as an übereditor for news and developments across the Web; (B) a way to stay in tune with the thinking of folks who may be professionally important to me; and (C) a way to track what’s happening at conferences I can’t attend. [Editor: there’s more – interesting stuff that resonates with me.]

- and -

New AMA Policy Helps Guide Physicians’ Use of Social Media (AMA, 8 Nov 2010) - Millions of Americans use social networks and blogs to communicate, but when those users are physicians, challenges to the patient-physician relationship can arise. New policy adopted today by the American Medical Association (AMA) aims at helping physicians to maintain a positive online presence and preserve the integrity of the patient-physician relationship. “Using social media can help physicians create a professional presence online, express their personal views and foster relationships, but it can also create new challenges for the patient-physician relationship,” said AMA Board Member Mary Anne McCaffree, M.D. “The AMA’s new policy outlines a number of considerations physicians should weigh when building or maintaining a presence online.” The new policy encourages physicians to:
·      Use privacy settings to safeguard personal information and content to the fullest extent possible on social networking sites.
·      Routinely monitor their own Internet presence to ensure that the personal and professional information on their own sites and content posted about them by others, is accurate and appropriate.
·      Maintain appropriate boundaries of the patient-physician relationship when interacting with patients online and ensure patient privacy and confidentiality is maintained.
·      Consider separating personal and professional content online.
·      Recognize that actions online and content posted can negatively affect their reputations among patients and colleagues, and may even have consequences for their medical careers.
The new policy on professionalism when using social media was adopted today at the AMA’s semi-annual policy making meeting in San Diego. [Editor: I’m curious about how other, non-law professions are adapting to social media opportunities; their experiences may illuminate our options.]

- and -

Seeking Clients Via Facebook? In Ky., Bar May Regulate Social Media Comments (ABA Journal, 18 Nov 2010) - Lawyers in Kentucky who reach out to potential clients through social media such as Facebook and MySpace may see their comments regulated by the Kentucky Bar Association. The bar has proposed a regulation that would bar solicitations through social media unless lawyers pay a $75 filing fee and permit regulation by the bar’s Advertising Commission, the Louisville Courier-Journal reports. Some lawyers contacted by the newspaper criticized the proposal, saying it isn’t clear what kinds of comments would be regulated because of vague language. Critics said the proposal could be interpreted to regulate posts about lawyers’ views on legal issues, their latest court wins, or basic information such as their employment and education. But Lexington lawyer Ben Cowgill told the Courier-Journal he disagreed with those interpretations. “Does a lawyer engage in an ‘advertisement' of legal services merely by posting on Facebook that he is happy about winning a big case, or that she is burning the midnight oil on behalf of a client? No, not in my opinion,” said Cowgill, the bar’s former chief disciplinary counsel. The blog Kentucky Law Review posted the proposed amendment to the bar’s advertising rules, which authorize an advertising commission to review lawyer ads for compliance with the ethics rules. The proposed amendment defines "advertisement" as any communication containing a lawyer’s name or other identifying information. It goes on to list some exceptions. One exception is made for lawyer blogs that communicate in real time about legal issues, as long as there is no reference to an offer of legal services. “Communications made by a lawyer using a social media website such as MySpace and Facebook that are of a nonlegal nature are not considered advertisements,” the proposal says. “However, those that are of a legal nature are governed by [the advertising rules].”

Holding on to a Domain Name to Gain Leverage in a Business Dispute Can Constitute Cybersquatting -- DSPT Int’l v. Nahum (Eric Goldman, 6 Nov 2010) - This case involves the familiar story of a company leaving the domain name registration in the hands of someone who performed web design services (in this case, the registration was left in the name of the web designer’s brother) and the registrant later refusing to turn over the domain name due to a dispute over unfulfilled obligations to the registrant. On appeal, the key question was whether Lucky’s actions fit the statutory definition of cybersquatting - i.e., whether the domain name was registered or used with a “bad faith intent to profit from the plaintiff’s mark.” Lucky argued that there was no “bad faith intent to profit” from DSPT’s trademark because he only used the domain name to try to get money which he was rightfully owed, and even if he intended to profit from something, it was not from DSPT’s goodwill in the mark. The Ninth Circuit disagreed, construing the statute broadly, to find that holding the domain name hostage “to get leverage in a business dispute can establish a violation.” The court notes that while the initial registration of the domain name was obviously not in bad faith, Lucky’s subsequent “use” of the domain name in bad faith was enough to constitute a violation. Interestingly, the court acknowledged that Lucky never actually offered to “sell” the domain name back to DSPT.

A Lack of Transparency in S.E.C. Disclosure Rule (NYT, 8 Nov 2010) - Has the Securities and Exchange Commission bungled its disclosure rules? That’s the question being whispered around Wall Street trading floors after a series of company disclosures in recent weeks from the likes of Microsoft and Google that appear to have created an awful lot of confusion, potentially giving some savvy investors an edge while potentially putting the rest of us at a disadvantage. Here’s the back story: A little over a week ago, Microsoft decided to change the way it releases market-moving news like its earnings report. Instead of issuing a press release that it distributed across hundreds of news services, terminals and Web sites instantaneously, Microsoft has chosen to take advantage of some vaguely worded guidance from the S.E.C. that now allows companies to publish market-moving news directly on their own Web sites without requiring any wider distribution. So, on Oct. 28, at 4:15 p.m. Eastern time, Microsoft published its earnings report on its Web site. At 4:28 p.m., Microsoft filed its 8-K earnings report with the S.E.C., which companies are supposed to do before, or at least simultaneously with, the publication of an earnings report. Then, at 4:44 p.m., almost a half-hour after Microsoft had published its results, it issued a media advisory in a traditional press release to remind the world that it had released its earnings, though it didn’t include any numbers, just a link to its Web site. So if you had gone to Yahoo Finance or Google Finance looking for a copy of the earnings report, it wasn’t there. Microsoft isn’t alone. Google began publishing its results on its own Web site over the summer for the first time, too. The results were equally jarring. Google issued its second quarter results at 4 p.m.; the Reuters news wire didn’t move a headline about the earnings until 4:21 p.m. In an age of high-frequency trading when every millisecond counts — even in after-hours trading — the move toward companies’ distributing earnings and other market-moving information via their Web sites rather than through wider distribution channels raises some serious questions about transparency. And if Microsoft and Google are doing it, the rest of the Fortune 500 can’t be far behind. The S.E.C. passed Regulation Fair Disclosure — known as Regulation F.D. — in October 2000 to combat selective disclosure of market-moving information so that certain investors wouldn’t be able to trade ahead of others. But this latest disclosure trend may undermine some of that.

Company Accused of Firing Over Facebook Post (NYT, 8 Nov 2010) - In what labor officials and lawyers view as a ground-breaking case involving workers and social media, the National Labor Relations Board has accused a company of illegally firing an employee after she criticized her supervisor on her Facebook page. This is the first case in which the labor board has stepped in to argue that workers’ criticisms of their bosses or companies on a social networking site are generally a protected activity and that employers would be violating the law by punishing workers for such statements. The labor relations board announced last week that it had filed a complaint against an ambulance service, American Medical Response of Connecticut, that fired an emergency medical technician, accusing her, among other things, of violating a policy that bars employees from depicting the company “in any way” on Facebook or other social media sites in which they post pictures of themselves. Lafe Solomon, the board’s acting general counsel, said, “This is a fairly straightforward case under the National Labor Relations Act — whether it takes place on Facebook or at the water cooler, it was employees talking jointly about working conditions, in this case about their supervisor, and they have a right to do that.” That act gives workers a federally protected right to form unions, and it prohibits employers from punishing workers — whether union or nonunion — for discussing working conditions or unionization. The labor board said the company’s Facebook rule was “overly broad” and improperly limited employees’ rights to discuss working conditions among themselves. Moreover, the board faulted another company policy, one prohibiting employees from making “disparaging” or “discriminatory” “comments when discussing the company or the employee’s superiors” and “co-workers.” The board’s complaint prompted Morgan, Lewis & Bockius, a law firm with a large labor and employment practice representing hundreds of companies, to send a “lawflash” advisory on Monday to its clients, saying, “All private sector employers should take note,” regardless “of whether their work force is represented by a union.” The firm added, “Employers should review their Internet and social media policies to determine whether they are susceptible to an allegation that the policy would ‘reasonably tend to chill employees’ “ in the exercise of their rights to discuss wages, working conditions and unionization.

Twitter Clarifies Usage Rules, but AFP Still Claims Unbridled Right to Use Content Uploaded to Twitter (Eric Goldman, 9 Nov 2010) - Twitter recently issued new guidelines regarding use of the “Twitter” and “Tweet” marks, and use of the underlying tweets by users and third parties as well: “Guidelines for Use of the Twitter Trademark.” The guidelines prompted some criticism that Twitter was over-reaching and that it was putting the squeeze on the vibrant ecosystem which helped it grow in the first place. (See “Twitter Investor Defends New ‘Tweet’ Usage Rules,” for a discussion of some reactions and responses from an investor in Twitter.) Before talking about the trademark-related issues, I thought it was worth discussing a copyright/licensing issue that was lurking around. Twitter’s guidelines contain its views on whether and when you can reproduce someone else’s Tweets. This was largely thought to be an issue that would not come up in practice, but a case currently pending in the Southern District of New York (Agence France-Presse v. Morel) actually turns on the issue of whether uploading content to Twitter results in some sort of broad license to third parties. Agence France-Presse was accused by a photographer of downloading photos (of the Haiti earthquake aftermath) from a Twitter (or TwitPic) account and then licensing those photos to third parties. I thought the case would quickly settle, but it’s still ongoing. Surprisingly (almost shockingly), AFP is continuing to take the position that uploading photos to Twitter and TwitPic results in some sort of implied license for the world to use whatever content is uploaded. I think AFP is unlikely to prevail on its motion for a variety of reasons, but Twitter’s guidelines make clear that AFP’s interpretation of the Twitter terms of service is off-base, to say the least. Twitter’s terms contain language making clear that “you own your Tweets.”

Gartner: Social Networking Slowly Taking Over E-Mail (Macworld, 11 Nov 2010) - If you find yourself using Facebook to send out work-related emails to coworkers, you’re not alone. According to a new report issued by Gartner, 20 percent of business users will use social networks as their primary means of business communications by 2014. Gartner says it expects e-mail clients from Microsoft and IBM will soon start integrating with social networking sites, giving users access to their e-mails, contacts and calendars from their favorite social networking platform. What’s more, Gartner says that contact lists, calendars and messaging clients on smartphones will all be capable of connecting with social networking platforms by 2012. “The rigid distinction between e-mail and social networks will erode,” says Gartner analyst Monica Basso. “E-mail will take on my social attributes… while social networks will develop richer e-mail capabilities.” Gartner also predicts that more of these social network-enabled e-mail clients will move away from on-premises networks and into the cloud. By the end of 2010, Gartner projects that 10 percent of corporate e-mail accounts will be in the cloud, up from 7 percent in 2009.

Britain to Tape Traders’ Cell Phones to Fight Fraud (NYT, 11 Nov 2010) - Investment bankers and traders in Britain will have their mobile phone conversations recorded in the latest step by the country’s financial regulator to crack down on insider trading and market abuse. The Financial Services Authority, Britain’s financial watchdog, said Thursday that under new rules, effective next November, all financial services firms will be required to record any relevant communication by employees on their work cellphones. Companies would also be responsible for discouraging employees from taking client orders or discussing and arranging transactions on their private cellphones, where conversations cannot be recorded. The new rule makes Britain the only country in Europe to explicitly require the taping of conversations on business cellphones, according to the F.S.A. Rules in other European countries merely require companies to ensure that all relevant conversations are recorded. The F.S.A. already required the recording of conversations on office land lines and the storage of business e-mails, but exempted cellphones until now because the technology was not available, Ms. Bailey said. The rule will affect about 16,000 cellphones issued by financial services firms, which will be required to keep the recorded conversations for six months. The new rule will also require “firms to take reasonable steps to ensure that such communications do not take place on private communication equipment that firms cannot record mainly for privacy reasons,” the F.S.A. wrote in the policy statement published Thursday.’%20mobile%20calls&st=cse

NYPD Uses Google Street View Images as Evidence in Heroin-Dealing Case (LA Times, 11 Nov 2010) - The New York Police Department is using Google Maps with Street View as a crime-fighting tool. On Wednesday, the NYPD announced the arrest and indictment of seven people accused of being in a heroin-selling ring in Brooklyn. The police used images found on Google’s Street View as evidence, according to a report from NBC New York. Investigators, who built their case against the suspects over a four-month period, said Street View captured the ring standing on a Brooklyn street corner, in front of a Bodega where open-air drug sales occurred regularly, NBC New York reported. A few of the suspects can be seen on Google Maps’ Street View images for the intersection of Jackson Street and Kingsland Avenue. Over the course of the investigation, the suspects allegedly made more than 20 sales of heroin to undercover NYPD officers, NBC New York reported.

Lenz Waived Attorney-Client Privilege Through Chats, Blogging (BNA’s E-Commerce & Tech Law, 12 Nov 2010) - In addition to copyright infringement, trademark infringement, loss of employment, loss of prospects for employment, loss of friends, loss of privacy, cyber-bullying, cyber-stalking, defamation, juror misconduct, home robbery while you’re out of town, and plain old creating evidence that can later be used against you in court, we can now add waiver of attorney-client privilege to the list of bad things that can happen through ill-advised use of social media. That is what appears to be happening in Lenz v. Universal Music Corp., No. 07-3783 (N.D. Calif.), where a magistrate judge ruled late last month that plaintiff Stephanie Lenz waived attorney-client privilege by going on and on (and on) about her case in e-mail, on her blog, and in Gmail chat sessions. Through these online media, Lenz made representations about conversations she allegedly had with her Electronic Frontier Foundation attorneys -- conversations that involved why she sued Universal and discussions of legal strategies she was pursuing in her suit against the company. The magistrate judge ruled Oct. 22 that these online communications amounted to a waiver of the attorney-client privilege and that the communications were relevant to the plaintiff’s motives for filing suit against Universal. The magistrate ordered EFF to produce all documents previously requested by Universal but withheld due to a claim of attorney-client privilege; additionally, the plaintiff must submit to an additional deposition by Universal’s counsel.

Cybersecurity and Rerouting of Internet Traffic to Chinese Servers (Bobby Chesney on LawFare, 17 Nov 2010) - Not too many folks are familiar with the U.S.-China Economic and Security Review Commission, a body Congress created in 2000 to report periodically on, well, economic and security issues associated with the U.S.-China relationship. Its most recent report to Congress may get a fair amount of extra attention, however, in light of a fascinating–and disturbing–cybersecurity incident it describes. As Ellen Nakashima pointed out at the Post’s Checkpoint Washington blog today, the Commission’s report describes (at pages 243-44) an incident in which a Chinese state-owned entity rerouted a vast amount of internet traffic through Chinese servers: “For about 18 minutes on April 8, 2010, China Telecom advertised erroneous network traffic routes that instructed U.S. and other foreign Internet traffic to travel through Chinese servers. Other servers around the world quickly adopted these paths, routing all traffic to about 15 percent of the Internet’s destinations through servers located in China. This incident affected traffic to and from U.S. government (‘‘.gov’’) and military (‘‘.mil’’) sites, including those for the Senate, the army, the navy, the marine corps, the air force, the office of secretary of Defense, the National Aeronautics and Space Administration, the Department of Commerce, the National Oceanic and Atmospheric Administration, and many others. Certain commercial websites were also affected, such as those for Dell, Yahoo!, Microsoft, and IBM. Although the Commission has no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data, incidents of this nature could have a number of serious implications. This level of access could enable surveillance of specific users or sites. It could disrupt a data transaction and prevent a user from establishing a connection with a site. It could even allow a diversion of data to somewhere that the user did not intend (for example, to a ‘‘spoofed’’ site). Arbor Networks Chief Security Officer Danny McPherson has explained that the volume of affected data here could have been intended to conceal one targeted attack. Perhaps most disconcertingly, as a result of the diffusion of Internet security certification authorities, control over diverted data could possibly allow a telecommunications firm to compromise the integrity of supposedly secure encrypted sessions.”

Request for Discovery of Facebook Profile and Photos Rejected as a Fishing Expedition -- McCann v. Harleysville Insurance (Eric Goldman, 17 Nov 2010) - We've blogged about several decisions involving disputes around the discovery of social network profiles. An appeals court in New York recently rejected a party's request for the contents of plaintiff's Facebook profile because the party seeking the discovery "failed to establish a factual predicate with respect to the relevancy of the evidence." The plaintiff was involved in an auto accident, and settled with the other driver, and then went after the driver's insurance company. The insurance company sought disclosure of photographs from plaintiff's Facebook profile, and sought "an authorization for plaintiff's Facebook account." The court found that the defendant failed to put forth a sufficient factual predicate that anything relevant was contained in the profile, and thus the request smacked of a "fishing expedition." However, the court also found that the plaintiff's request for a protective order should not have been granted - i.e., defendant could come back, establish the "factual predicate," and obtain the necessary information. As with the other cases involving the discovery of social networking profile information, this case illustrates the logistical challenges posed in these situations. The party seeking discovery should not be able to rummage around in the other side's Facebook account. On the other hand, if there is relevant evidence, the party seeking discovery should not be deprived of access to it just because it's contained in a social networking profile. (There's also the issue of whether private messages are protected from disclosure by virtue of federal statutes.)

Lessig & Zittrain Take On...Competition (Berkman Center, 9 Sept 2010) - Radio Berkman returns from summer vacation with a big new episode in which Professors Zittrain and Lessig think through the Microsoft antitrust case and its implications for the current technology competition landscape, with some help from an audience of Berkman summer interns. From the MediaBerkman blog: “The year was 1998. Cher’s autotune anthem Believe was one of the year’s biggest hits, Titanic had swept the Oscars, and in some sterile software campus in the Northwest, Bill Gates was rehearsing a deposition. It’s been over 12 years since Gates’ and Microsoft’s anti-trust battle with the Department of Justice and the Federal Trade Commission first hit the courts. It is still seen as a watershed for the management of technology companies in the dot com age. But in the dozen years that have passed, people are still speculating whether the anti-trust case against Microsoft made any difference, and whether the software and technology companies of today are engaging in anti-competitive practices similar to or more risky than the ones that got Microsoft in trouble. Who are the Microsofts of today? Facebook? Apple? Google? And how do we manage competition in the digital age? Today, two of the leading minds on the Internet and law, Jonathan Zittrain and Larry Lessig, take on competition.”

**** RESOURCES ****
“Law Firms Face Risks in Handling Personal Information” (Hunton & Williams, Summer 2010) -- This article seeks to provide an overview of key privacy and information security issues impacting the practice of law. Law firms may collect, use and disclose personal information in numerous circumstances, both as providers of legal services and as employers. In safeguarding personal information that pertains to their employees or clients, or other individuals, law firms must comply with applicable privacy and information security laws as well as their professional duty of confidentiality. The article provides an overview of potential legal issues that law firms may encounter in connection with (i) hiring and employee administration functions; (ii) safeguarding the security of personal information that a law firm maintains; (iii) managing service providers that access personal information for which the firm is responsible; (iv) handling information security breaches; and (v) operating the firm’s Internet assets. The article also touches on privacy and information security laws outside the United States, including the legal requirements relevant to cross-border transfers of personal information. The final topics the article addresses are examples of privacy and information security enforcement actions, including judicial enforcement of professional ethics rules, and a brief discussion of some of the key pending privacy and information security legislative initiatives. Law firms should expect that they will face increasing attempts by unauthorized persons to gain access to information that they maintain, including personal information. One of a law firm’s greatest assets – its reputation – is threatened by the possibility of a breach that ruins a deal or embarrasses a client. A simple misstep in the safeguarding of personal information can lead to far-reaching and expensive consequences, including the loss of revenue and client trust. Accordingly, law firms would be well-served to take a proactive approach to privacy and information management by voluntarily implementing comprehensive measures to protect the security, confidentiality and integrity of personal information. Williams).pdf [Editor: Workmanlike survey of most of the important issues, but gives short shrift to lawyers’ heightened obligations owing to clients. See also “Cyberspace Under Siege” (ABA Journal, 1 Nov 2010) here:]

Updated Legal Guide Section: Securing Trademark Rights (Citizen Media Law Project, 5 Nov 2010) - We here at CMLP headquarters are always thinking about ways to improve our Legal Guide in order to make it more useful for you, our readers. As part of this ongoing effort, we recently updated the section on Securing Trademark Rights: Ownership and Federal Registration. The expanded section provides step-by-step instructions on filing for a federal trademark registration and links to important forms and manuals on the U.S. Patent and Trademark Office website, as well as information on maintaining your trademark rights through proper usage. Guide here:

The Emerging Field of Internet Governance (Laura DeNardis @ Yale Law School, 17 Sept 2010) – Abstract: While much Internet research focuses on Internet content and usage, another important set of questions exists at a level of technological design and governance orthogonal to content and therefore generally outside of public view. Internet governance scholars, rather than studying Internet usage at the content level, examine what is at stake in the design, administration, and manipulation of the Internet’s actual protocological and material architecture. This architecture is not external to politics and culture but, rather, deeply embeds the values and policy decisions that ultimately structure how we access information, how innovation will proceed, and how we exercise individual freedom online. “Governance” in the Internet governance context requires qualification because relevant actors are not only governments. Governance is usually understood as the efforts of nation states and traditional political structures to govern. Sovereign governments do perform certain Internet governance functions such as regulating computer fraud and abuse, performing antitrust oversight, and responding to Internet security threats. Unfortunately, some governments also use content filtering and blocking techniques for surveillance and censorship of citizens. Many other areas of Internet governance, such as Internet protocol design and coordination of critical Internet resources, have historically not been the exclusive purview of governments but of new transnational institutional forms and of private ordering. Without this qualification, the Internet governance nomenclature might incorrectly convey that this type of scholarship somehow advocates for greater government control of the Internet (Johnson, Crawford, and Palfrey 2004). The study of Internet governance is concerned with a number of overarching questions. How are we to understand the role of private Internet ordering and corporate social responsibility in determining communicative contexts of political and cultural expression? How can conflicting values be balanced: for example, the desire for interoperability versus the need to limit some exchanges based on authentication and trust? How should critical Internet resources be allocated, and by whom, to maximize technical efficiency but also achieve social goals? How do repressive governments “govern” the Internet through filtering, blocking, and other restraints on freedom of expression? What is the appropriate relationship between sovereign nation-state governance and nonterritorial modes of Internet governance? What are the connections between Internet protocol design, innovation, and individual civil liberties? To what extent are the problems of Internet governance creating new global governance institutions and what are the implications? Internet governance research brings these important public interest issues to light and produces the theoretical and applied research that influences some of the most critical policy debates of our time. This paper presents a taxonomy for understanding current themes and controversies in Internet governance, presents a canon of interdisciplinary Internet governance scholarship, and identifies some emerging issues that present a moment of opportunity for new research. The following are the current themes this paper describes: critical Internet resources; Internet protocols; Internet governance-related intellectual property rights; Internet security and infrastructure management; and communication rights. Areas in need of additional research involves the increasing privatization of Internet governance, particularly at the level of infrastructure management. Recommended areas for additional study include: 1) private sector backbone peering agreements at Internet exchange points (IXPs); 2) network management via deep packet inspection; and 3) the increasing use of trade secrecy laws in information intermediation.

**** FUN ****
The T_Mobile Welcome Back (YouTube, 29 Oct 2010) – [Editor: 3 minute, truly wonderful video clip of a terrific piece of performance art at London’s Heathrow airport.]

Texas Supreme Court Cites The Wisdom Of Spock On Star Trek (TechDirt, 31 Oct 2010) - NSILMike points us to an amusing bit of news concerning a recent ruling in the Texas Supreme Court, where the court cited Star Trek’s Spock (though, it’s mostly hidden in a footnote): Appropriately weighty principles guide our course. First, we recognize that police power draws from the credo that “the needs of the many outweigh the needs of the few.” Second, while this maxim rings utilitarian and Dickensian (not to mention Vulcan21), it is cabined by something contrarian and Texan: distrust of intrusive government and a belief that police power is justified only by urgency, not expediency. Then, if you jump down to Footnote 21, you get: See STAR TREK II: THE WRATH OF KHAN (Paramount Pictures 1982). The film references several works of classic literature, none more prominently than A Tale of Two Cities. Spock gives Admiral Kirk an antique copy as a birthday present, and the film itself is bookended with the book’s opening and closing passages. Most memorable, of course, is Spock’s famous line from his moment of sacrifice: “Don’t grieve, Admiral. It is logical. The needs of the many outweigh . . .” to which Kirk replies, “the needs of the few.” And so, Spock is now a legal authority on the Texas Constitution. Very logical.

TECHNICAL TINKERING SPARKS PROTESTS -- U.S. TV broadcaster CBS has come under fire for tampering with its live broadcast from Times Square on New Year’s Eve, after it used digital technology to erase the billboard logo of its rival network, NBC, and substituted its own logo instead. The network was caught by surprise by the criticism, and CBS TV’s president insisted, “Any time there’s an NBC logo up on our network, we’ll block it again.” But veteran CBS evening news anchorman Walter Cronkite called it “flat-out dishonest. CBS and the rest of the broadcasters must pledge to refrain from the use of the technique in any manner.” The technology, which could also enable newspapers to alter video clips on their Web sites, is available from Princeton Video Image. CBS has been using it for several months on its morning news program, and it was used in more than 1,200 live broadcasts around the world last year, including European football games. (The Guardian 14 Jan 2000),3604,122355,00.html

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( with the word “MIRLN” in the subject line. Unsubscribe by sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at Get supplemental information through Twitter:

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. InsideHigherEd -
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog,
11. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.