Saturday, January 22, 2011

MIRLN --- 1-22 January 2011 (v14.01)

(supplemented by related Tweets: #mirln)

·      IBM Creates Cloud-Computing System for NATO Command
·      Nationwide Employee Sentenced To 2 1/2 Years For Counterfeit Video Games
·      Whether a Lawyer Who Maintains Some or All of a Former Client’s Records Solely in Electronic Form Must Provide the Former Client With Paper Copies of Such Records If Requested By the Former Client and, If So, Whether the Lawyer May Charge the Former Client For Providing the Files In Paper Form
·      Using What We Know: Turning Organizational Knowledge into Team Performance
·      MoFo Launches Newsletter Tracking Rapidly Shifting Social Media
·      Listening: First Step In Blogging By Lawyers
·      Cell Phones Can Be Searched After Arrest, CA Justices Say
·      US Racked Up 662 Reported Data Breaches In 2010
·      Quinn Emanuel $13 Million Facebook Fee Held Up While Ex-Clients Appeal in Calif.
·      Some Injuries Just Don’t Hurt
·      House.Resource.Org
·      Judge Blocks Gov’t From Upgrading Email System To Microsoft In Google Lawsuit
·      Obama To Hand Commerce Dept. Authority Over Cybersecurity ID
·      Privacy Policies Are Dead, Privacy Watchdog Says
·      Copyrighting Digital Images of Real People
·      Fifth Circuit Permits Warrantless Government Searches Based on Previous Private Search Not Known To Police
·      Twitter Shines a Spotlight on Secret F.B.I. Subpoenas
o   Social Media and Law Enforcement: Who Gets What Data and When?
·      New MIT OpenCourseWare Initiative Aims to Improve Independent Online Learning
·      How a Law Firm Website is Like a Cave or a Middle School Dance
·      Google Scholar Now Searches Cases by Jurisdiction and Court
·      E-Discovery Sanctions Reach All-Time High for Litigants and Lawyers
·      10 Reasons Law Blogs Are Preferable to Email Blasts and Newsletters
·      Court Rejects Claim of a First Amendment Right to Audio-Record Police Officers
·      New Task for Phone: File Taxes
·      Appeals Court Finds Attorney-Client Privilege Doesn’t Cover Work Emails
·      Appearing Virtually at a Store Near You
·      Pennsylvania Court Specifies Test for Unmasking Anonymous Online Speakers
·      Law Pivot Gets New Tool, More Funding to Crowdsource the Law
·      Lawyer Acting as Expert Witness Violated Child Porn Law With Court Exhibits, 6th Circuit Rules
·      U.S. Army Launches Social Media Handbook
·      EU, Stop Making Sense (Please)


IBM Creates Cloud-Computing System for NATO Command (Bloomberg, 22 Dec 2010) - International Business Machines Corp., the world’s biggest computer-services provider, is building a cloud-computing system for NATO in the first such deal for the international military alliance. The software and hardware will let NATO more quickly collect and analyze data, such as military intelligence in Afghanistan, said E.J. Herold, head of the project for IBM. NATO’s military command department in Norfolk, Virginia, will use the technology first, with the possibility it will expand to other divisions, he said. Terms of the accord weren’t disclosed. IBM gains a foothold for similar projects for NATO’s other departments, as well as its 28 member countries. The Armonk, New York-based company is betting cloud computing, which helps customers save money by letting them store and access data via the Internet, will be a $3 billion business by 2015. IBM will manage the North Atlantic Treaty Organization’s data from inside the Norfolk base, in a so-called private-cloud model, which lets customers put information on servers within their own security systems. The system will help the military command pull together information from sources such as radar systems, cameras or infrared images that had been separated. See also’s-help/ [Spotted by MIRLN reader Roland Trope.]

Nationwide Employee Sentenced To 2 1/2 Years For Counterfeit Video Games (Columbus Dispatch, 30 Dec 2010) - New monitoring software at Nationwide Insurance spelled the beginning of the end for an employee who had been counterfeiting and selling computer games for five years. The software alerted Nationwide officials to a spreadsheet that Qiang “Michael” Bi had sent from his personal e-mail account to his Nationwide e-mail account. The spreadsheet listed eBay accounts, credit-card numbers and false identity information that Bi used in a lucrative counterfeiting scheme. Yesterday, U.S. District Judge Algenon L. Marbley sentenced the 36-year-old Bi to 2 1/2 years in prison. Bi had pleaded guilty earlier this year to charges of mail fraud, copyright infringement and aggravated identity theft. The spreadsheet listed more than 50 eBay and PayPal accounts, all with different names. [Editor: suspicious activity-detector systems might have flagged this because of the home-to-work email, but a spreadsheet? I’m guessing there was either manual inspection or some kind of DPI system.]

Whether a Lawyer Who Maintains Some or All of a Former Client’s Records Solely in Electronic Form Must Provide the Former Client With Paper Copies of Such Records If Requested By the Former Client and, If So, Whether the Lawyer May Charge the Former Client For Providing the Files In Paper Form. (DC Ethics Opinion 357, December 2010) - As a general matter, there is no ethical prohibition against maintaining client records solely in electronic form, although there are some restrictions as to particular types of documents. Lawyers and clients may enter into reasonable agreements addressing how the client’s files will be maintained, how copies will be provided to the client if requested, and who will bear what costs associated with providing the files in a particular form; entering into such agreements is prudent and can help avoid misunderstandings. Assuming no such agreement was entered into prior to the termination of the relationship, however, a lawyer must comply with a reasonable request to convert electronic records to paper form. In most circumstances, a former client should bear the cost of converting to paper form any records that were properly maintained in electronic form. However, the lawyer may be required to bear the cost if * * *

Using What We Know: Turning Organizational Knowledge into Team Performance (HBR, 31 Dec 2011) -- “This paper examines how teams draw on knowledge resources in the firm in the production of novel output. We theorize positive effects of team use of an organizational knowledge repository on two measures of team performance (quality and efficiency), and argue that these effects will be greater when teams face structural characteristics (team geographic dispersion and task change) that intensify the challenge of knowledge integration. Drawing on information processing theory, we distinguish between a team’s knowledge repository use and concentration of use (the extent to which use is limited to a few members versus more evenly distributed within the team). Using objective data from several hundred software development projects in an Indian software services firm, we find that knowledge repository use has a positive effect on project efficiency but not on project quality. Concentration of repository use, a form of within-team specialization, is negatively associated with project efficiency and positively related to project quality. Finally, as predicted, we find that in some cases the effects of both repository use and concentration of repository use are greater when teams are dispersed geographically or encounter changing tasks. Our findings offer insight for theory and practice into how organizational knowledge resources can improve knowledge workers’ productivity and help build organizational capability.”

MoFo Launches Newsletter Tracking Rapidly Shifting Social Media (ABA Journal, 1 Jan 2011) - It wasn’t long ago that clients came to Morrison & Foerster for help updating their employee handbooks to prohibit staff from blogging about their jobs. Then the San Francisco-based firm noticed a change. “Silicon Valley companies started to see value in loosening up,” says John Delaney, a MoFo partner. “Clients were asking about having their own Facebook pages. The guy in their mailroom was starting to Twitter.” As companies realized that social media was something more than “what they had seen looking over their daughter’s shoulder,” they turned to the firm for advice, says Gabriel Meister, also a firm partner. And Delaney and Meister, both New York City-based members of the firm’s technology transactions practice group, began to see a need for themselves to keep abreast of the rapidly changing world of social media. Last year the two decided to launch a newsletter that would help. In July they began publishing MoFo’s Socially Aware. The new monthly newsletter—distributed only in PDF format—examines social media issues such as malicious online impersonation and anonymous online postings, as well as broader First Amendment issues.

Listening: First Step In Blogging By Lawyers (Kevin O’Keefe, 2 Jan 2011) - Imagine you’re an estate planning lawyer in Des Moines looking to grow your practice. The marketing folks at Principal Park, home of the Triple A Des Moines Cubs, call to tell you that you’ll have free use of a luxury box for five of next year’s ball games. Better yet, they tell you they’ll arrange for the food and drink and invite a who’s who in networking for a Des Moines estate lawyer. Would you go? Darn right you’d go. Would you wear ear plugs so you couldn’t hear anyone? Heck no. But that’s exactly what most lawyers do when they blog. Rather than listening to their target audience, lawyers shout information, updates, and news without listening to a word being said by the folks they ought to be networking with. All in an effort to showcase their intellect and build their personal brand. [Editor: Useful advice.]

Cell Phones Can Be Searched After Arrest, CA Justices Say (, 3 Jan 2011) - Delving into privacy concerns in the age of the smart phone, the California Supreme Court determined today that after police take a cell phone from a suspect during an arrest, they can search the phone’s text messages without a warrant. The majority in the 5-2 decision reasoned that U.S. Supreme Court precedents call for cell phones to be treated as personal property “immediately associated” with the suspect’s person. But in a dissenting opinion, Justice Kathryn Werdegar wrote that information stored on cell phones shouldn’t be examined without a warrant and warned that the majority sanctioned searches that violate the U.S. Constitution’s Fourth Amendment. In weighing whether perusing the text messages constituted an illegal search, the Supreme Court relied largely on United States v. Robinson , 414 U.S. 218, 224 (1973) — which held it was legal for an officer to search a cigarette pack found in an arrestee’s coat pocket — and United States v. Chadwick 433 U.S. 1, 14-15 (1977), which invalidated federal narcotics agents’ warrantless search of a 200-pound foot locker after they arrested the men loading it into a car. Diaz’s lawyer, Lyn Woodward of Pacific Grove, had argued that the quantities of personal data cell phones contain are “unrivaled” by items traditionally considered “immediately associated with the person of the arrestee,” such as clothing or a cigarette pack. She also argued that cell phones should be treated like the foot locker in Chadwick because they’re not necessarily worn on the person. Werdegar, joined by Justice Carlos Moreno in the dissent, argued there’s no need to search a cell phone immediately if it’s in police control, and that instead a warrant can be obtained to conduct the search properly. She wrote that the majority gave “police carte blanche, with no showing of exigency, to rummage at leisure through the wealth of personal and business information that can be carried on a mobile phone or handheld computer merely because the device was taken from an arrestee’s person.” And, in a footnote, Werdegar reasoned that the facts of the case — because of increasingly ubiquitous cell phones and handheld computers — differ enough that the precedents the majority cites “provide no basis for evading this court’s independent responsibility to determine the constitutionality of the search at issue.”

US Racked Up 662 Reported Data Breaches In 2010 (InfoSecurity, 4 Jan 2011) - The non-profit Identity Theft Resource Center (ITRC) has compiled its final tally of reported US-based data breach incidents in 2010. With 662 reported breach events, it’s a nearly 33% increase over 2009. A couple of noteworthy lowlights from the report include breaches affecting two of the ‘Holy Grails’ of personal information: Social Security numbers and credit/debit card details. Sixty-two percent of the reported incidents involved the loss of Social Security data, or 76% of the known records. A further 26% of the breaches involved payment card information, or 29% of the reportedly compromised records. ITRC’s analysis shows that 51% of publicly reported data breaches disclosed the total number of records compromised, coming in at 16.1 million records total. However, this means almost half of all reported data breaches failed to reveal the number of compromised records, a fact the ITRC claims is “another argument for mandatory reporting”.

Quinn Emanuel $13 Million Facebook Fee Held Up While Ex-Clients Appeal in Calif. (New York Law Journal, 5 Jan 2011) - When Manhattan Supreme Court Justice Richard Lowe III (See Profile) in November affirmed a$13 million fee award for Quinn Emanuel Urquhart & Sullivan against its onetime clients, Facebook Inc. rivals Cameron and Tyler Winklevoss, the firm’s litigator-in-chief John Quinn could not help but brag via his Twitter account: “Winklevoss twins lose again: QE paydaycometh” (NYLJ, Nov. 10).But four days before Christmas, a federal district judge in San Jose, Calif., James Ware, ruled that the $13 million must remain in an escrow account while the Winklevoss twins appeal the New York decision. And meanwhile, according to an exhibit filed with Judge Ware, Mr. Quinn has faced questioning by Justice Lowe, who wanted to know why Mr. Quinn made the fee decision available through a Twitter link, even though the ruling was sealed.

Some Injuries Just Don’t Hurt (Steptoe’s E-Commerce Law Week, 6 Jan 2011) - “Injury in fact” and “actual loss or damage” would seem, to the untrained eye, to be the same thing. But, as demonstrated in data breach cases, you can have the first without the second, and thus have standing to sue in federal court but not a cognizable negligence claim. In Krottner v. Starbucks, the Ninth Circuit found that the increased risk of identity theft constituted “injury in fact” and thus gave plaintiffs standing under Article III, Section 2 of the U.S. Constitution. It also found that a plaintiff’s alleged stress and anxiety arising from a data breach was sufficient to confer standing. But the court ruled, in a second, unpublished opinion, that the allegation of a risk of future harm did not constitute “actual loss or damage” necessary to make out a negligence claim under the law of Washington State. The Ninth Circuit’s decision that standing could be predicated on the risk of future identity theft appears to deepen a circuit split on this issue.

House.Resource.Org (Carl Malamud, O’Reilly Radar, 5 Jan 2011) -- For the past 5 years, I’ve haunted the halls of the U.S. Congress with a geeky ask: broadcast-quality video from all congressional hearings should be posted on the Internet. I gave a tech talk at Google, drew up business plans to start a new nonprofit, enlisted the help of the Public Printer, and harassed my friends in the mainstream media and my friends working for the former Speaker. My motivation has been a deeply felt belief that one should not have to live inside the Washington, D.C. beltway in order to observe the proceedings of the U.S. Congress. No matter what our political beliefs, no matter how much we disagree on the issues, we must all agree that the business of the Congress is the business of the People. Today, that means that business must be conducted so that it is visible on the Internet. Today, we are announcing a new site, House.Resource.Org. This site contains today over 500 hearings we obtained from C-SPAN from the proceedings of the House Committee on Oversight and Government Reform. Under an agreement reached with Chairman Darrell Issa and Speaker of the House John A. Boehner, we are now in receipt of several hundred more high-resolution files from 2009 and 2010 hearings that will be loaded on the site. In addition, the Committee has agreed to furnish us with high-resolution files from all hearings in 2011, which we will be posting on a weekly basis. Note that this is not a real-time service, we are posting big files after-the-fact. A letter received today from Chairman Darrell Issa and Speaker of the House John A. Boehner states that it is their hope “that this project is only the beginning of an effort to eventually bring all congressional committee video online.” On a technical note, serves the files as HTTP, RSYNC, and FTP. We’ve also put in place many of the official GPO transcripts as signed PDF and as raw text. If you’d like to view the files, you’ll be able to do so on YouTube, the Internet Archive, and on C-SPAN. We also expect other organizations to make use of this material. The C-SPAN video is licensed for non-commercial attribution use and the material from the Congress is in the public domain.

Judge Blocks Gov’t From Upgrading Email System To Microsoft In Google Lawsuit (TechDirt, 6 Jan 2011) - Back in November, we were one of the first to report that Google had sued the US government after the Department of the Interior had put out a Request for Quotation (RFQ) for an upgraded email system that stated upfront that the solution had to be based on Microsoft. Google, who had been talking to the Interior Department about using its own solution, had received promises that the RFQ would not be biased towards Microsoft -- and thus were shocked when it wasn’t just biased towards Microsoft, but restricted only to Microsoft. In the first phase of the lawsuit, it appears that Google has made a compelling enough case that the judge has issued an injunction, preventing the DOI from moving forward with the email upgrade. The LA Times headline and opening graf is a bit hyperbolic concerning this “victory.” Google certainly hasn’t won the lawsuit, and it’s hardly a “major victory” at this point, but it at least suggests that the judge finds Google’s basic claims credible. DOI can try to rewrite its RFQ to get out of the lawsuit or it can protest the injunction and the lawsuit will continue.

Obama To Hand Commerce Dept. Authority Over Cybersecurity ID (CNET, 7 Jan 2011) - President Obama is planning to hand the U.S. Commerce Department authority over a forthcoming cybersecurity effort to create an Internet ID for Americans, a White House official said here today. It’s “the absolute perfect spot in the U.S. government” to centralize efforts toward creating an “identity ecosystem” for the Internet, White House Cybersecurity Coordinator Howard Schmidt said. That news, first reported by CNET, effectively pushes the department to the forefront of the issue, beating out other potential candidates, including the National Security Agency and the Department of Homeland Security. The move also is likely to please privacy and civil-liberties groups that have raised concerns in the past over the dual roles of police and intelligence agencies. The announcement came at an event today at the Stanford Institute for Economic Policy Research, where U.S. Commerce Secretary Gary Locke and Schmidt spoke. The Obama administration is currently drafting what it’s calling the National Strategy for Trusted Identities in Cyberspace, which Locke said will be released by the president in the next few months. (An early version was publicly released last summer.) “We are not talking about a national ID card,” Locke said at the Stanford event. “We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy, and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.” Details about the “trusted identity” project are remarkably scarce. Last year’s announcement referenced a possible forthcoming smart card or digital certificate that would prove that online users are who they say they are. These digital IDs would be offered to consumers by online vendors for financial transactions. Schmidt stressed today that anonymity and pseudonymity will remain possible on the Internet. “I don’t have to get a credential, if I don’t want to,” he said. There’s no chance that “a centralized database will emerge,” and “we need the private sector to lead the implementation of this,” he said. Jim Dempsey of the Center for Democracy and Technology, who spoke later at the event, said any Internet ID must be created by the private sector--and also voluntary and competitive.

Privacy Policies Are Dead, Privacy Watchdog Says (ReadWriteWeb, 7 Jan 2011) - Privacy policies are dead, says Fran Maier, President of privacy auditing firm TrustE, and it’s time for the web to move into an era of “just in time” notifications whenever new types of data are being collected or when our data is being used in new ways. At a time when online data about individuals and our actions is growing exponentially, when the potential for that data to drive innovation and monetization is just beginning to be understood, when users are wrestling to take control over new forms of communication and when government is looking to take action to protect the complex interests of its citizens - Maier’s forward looking statements, well informed by the history of online privacy practices, are well worth paying attention to. Maier’s statements were included in a 14 minute TedX talk posted on the TrustE company blog this week. (Full video embedded below as well.) In the talk, Maier provided an overview of evolving understandings of privacy from’s 1995 creation of a privacy policy before the practice was widespread, through Facebook’s controversial but highly granular policies today, the emerging European practice of notifying citizens when they enter an area watched by surveillance cameras and a future characterized by an Internet of Things, where user data is held not just online, but in our phones, our cameras, our electrical grid and elsewhere. Maier says we’ll soon start to see a system called a Forward Eye in advertisements online, which will tell us what information about us is being captured and how it will be used. We’ll then be given an option to opt-out.

Copyrighting Digital Images of Real People (Media Law Prof Blog, 10 Jan 2011) - Bryce Clayton Newell has published Independent Creation and Originality in the Age of Imitated Reality: A Comparative Analysis of Copyright and Database Protection for Digital Models of Real People at 6 Brigham Young University International Law & Management Review 93 (2010). Here is the abstract. “This Article addresses a few of the issues that confront digital artists and modeling companies in the context of copyright law’s requirements of originality and independent creation, and provides a comparative look at potential protection for these types of digital models under differing definitions of originality. In an age when animators deal with pixels as well as paint brushes, the laws of the United States potentially offer digital artists less protection in this context than do the laws of other countries, such as the United Kingdom and Australia. Specifically, the requirement of originality after Feist and the lack of sui generis database protection in the United States provide less protection for digital visual effects artists engaged in modeling reality than do the laws of these other jurisdictions. This Article examines some examples of recent advancements in digital imaging technology; specifically, the ability to create digital clones of preexisting things, such as living or deceased personalities and other, non-human, objects. The Article then provides a comparative analysis of copyright’s requirement of originality in the United States, United Kingdom, and Australia, followed by a brief look at sui generis protection under the European Union’s recent directive on the legal protection of databases.”

Fifth Circuit Permits Warrantless Government Searches Based on Previous Private Search Not Known To Police (Volokh Conspiracy, 9 Jan 2011; post by Orin Kerr) - Last week the Fifth Circuit handed down a significant decision on the “private search” doctrine in Fourth Amendment law, United States v. Oliver. Oliver permits warrantless searches under the private search doctrine even when the police who conducted the search didn’t know about the private search. I don’t think the private search doctrine can extend so far, and in this post I hope to explain why I think the decision is wrong. I also want to explain why a different Fourth Amendment rule, the “apparent authority” doctrine, very possibly applies to the facts of this case. The apparent authority doctrine was not litigated in the Oliver case, but it should have been. If I’m right about that, the Oliver decision may have reached a plausible result but did so using a rationale that is quite troubling and likely to cause more problems in the future.

Twitter Shines a Spotlight on Secret F.B.I. Subpoenas (NYT, 9 Jan 2011) - The news that federal prosecutors have demanded that the microblogging site Twitter provide the account details of people connected to the WikiLeaks case, including its founder, Julian Assange, isn’t noteworthy because the government’s request was unusual or intrusive. It is noteworthy because it became public. Even as Web sites, social networking services and telephone companies amass more and more information about their users, the government — in the course of conducting inquiries — has been able to look through much of the information without the knowledge of the people being investigated. For the Twitter request, the government obtained a secret subpoena from a federal court. Twitter challenged the secrecy, not the subpoena itself, and won the right to inform the people whose records the government was seeking. WikiLeaks says it suspects that other large sites like Google and Facebook have received similar requests and simply went along with the government. Subpoena here:; Court order:

- and -

Social Media and Law Enforcement: Who Gets What Data and When? (EFF, 20 Jan 2011) - This month, we were reminded how important it is that social media companies do what they can to protect the sensitive data they hold from the prying eyes of the government. As many news outlets have reported, the US Department of Justice recently obtained a court order for records from Twitter on several of its users related to the WikiLeaks disclosures. Instead of just turning over this information, Twitter “beta-tested a spine” and notified its users of the court order, thus giving them the opportunity to challenge it in court. We have been investigating how the government seeks information from social networking sites such as Twitter and how the sites respond to these requests in our ongoing social networking Freedom of Information Act (FOIA) request, filed with the help of UC Berkeley’s Samuelson Law, Technology & Public Policy Clinic. As part of our request to the Department of Justice and other federal agencies, we asked for copies of the guides the sites themselves send out to law enforcement explaining how agents can obtain information about a site’s users and what kinds of information are available. The information we got back enabled us to make an unprecedented comparison of these critical documents, as most of the information was not available publicly before now. We received copies of guides from 13 companies, including Facebook, MySpace, AOL, eBay, Ning, Tagged, Craigslist and others, and for some of the companies we received several versions of the guide. We have combed through the data in these guides and, with the Samuelson Clinic’s help, organized it into a comprehensive spreadsheet (in .xls and .pdf) that compares how the companies handle requests for user information such as contact information, photos, IP logs, friend networks, buying history, and private messages. And although we didn’t receive a copy of Twitter’s law enforcement guide, Twitter publishes some relevant information on its site, so we have included that in our spreadsheet for comparison. The guides we received, which were dated between 2005 and 2010, show that social networking sites have struggled to develop consistent, straightforward policies to govern how and when they will provide private user information to law enforcement agencies. The guides also show how those policies (and how the companies present their policies to law enforcement) have evolved over time.

New MIT OpenCourseWare Initiative Aims to Improve Independent Online Learning (ReadWriteWeb, 12 Jan 2011) - MIT OpenCourseWare is launching five new courses today that mark a new model for one of the world’s premier open educational resources. These OCW Scholar courses are designed for use by independent learners, and like the other material made available through MIT OCW, are freely available for anyone to pursue. These aren’t distance learning classes - there is no instructor, no contact with MIT, no credit. But the courses are meant to be stand-alone offerings, not requiring any additional materials for learning. Although MIT OpenCourseWare may have become synonymous with the move to online education, it’s worth noting that the original expectation of the initiative was that by making the university’s course content freely and openly accessible, other educators would use the syllabi, lecture notes, tests, and assignments to design their other courses. It’s apparent, however, that the most of the people using the site are there as learners, not as teachers. The OCW Scholar courses are aimed at providing these learners with a more complete set of materials, so that those taking the courses needn’t turn elsewhere for other resources - such as journal articles - in order to complete the curriculum. These new OCW courses combine materials from multiple MIT courses, and the OCW team has worked with university faculty and teaching assistants to create new materials specifically designed for this project. The Physics 1 class, for example, contains a set of video lectures from MIT Physics Professor Walter Lewin, a set of course notes (replacing the need for a traditional textbook), a set of class slides, homework problems, homework help videos (in which Prof. Lewin helps learners through solving the problems), links to related materials, and an online study group at OpenStudy where you can connect with other independent learners. MIT OCW plans to publish 20 OCW Scholar courses over the next three years, all focused on introductory college-level science, math, engineering and other foundational subjects. This first set of courses that launch today include 8.01SC Physics I, 8.02SC Physics II, 18.01SC Calculus I, 18.02SC Calculus II and 3.091SC Introduction to Solid State Chemistry.

How a Law Firm Website is Like a Cave or a Middle School Dance (Robert Ambrogi, 13 Jan 2011) - Think back to when our ancestors lived in caves and imagine yourself as your clan’s hunter-gatherer. Sit by the cave entrance all day and hope that a wooly mammoth might saunter by, and your clan will soon be clamoring for food. As a hunter-gatherer, you need to do just that – get out of your cave and hunt and gather. A law firm website is a lot like that cave. Sit idle by the entrance all day hoping that some wooly mammoth of a client will wander in, and your firm will soon be on a low-revenue diet. Like our cave-dwelling ancestors, if we want to eat, we can’t sit still and hope that food finds us. What that means, simply put, is that a law firm website is the beginning of your online marketing, but by no means the end. Think of it as your home base, a launching point, a point of reference and a sort of electronic brochure. It should provide the information that potential clients would want to know about you and your practice. Your job, as hunter-gatherer, is to get them interested enough that they will want to visit it. This is why it is critical to law firm marketing to engage in social media. Do not assume that potential clients will find you or your website. You need to get up off your virtual rock and go out to where they are. Engage with them. Let them get to know you. Contribute to their conversations. Maybe you will interest them enough that they will want to learn more about you.

Google Scholar Now Searches Cases by Jurisdiction and Court (Robert Ambrogi, 13 Jan 2011) - When I first wrote last year about the fact that Google Scholar had added case law research, I acknowledged it was still rough around the edges. Even so, I described it as “more than just a good start,” adding, “I expect there will be further refinements and enhancements to come.” A notable enhancement launched this week: Google Scholar added the ability to search court opinions and law journals by jurisdiction. Simply go to the advanced search page and, under “Collections” at the bottom of the page, pick your jurisdiction. The default choices are to search all courts within a federal circuit or within a state. But click the link that says, “Select specific courts to search,” and you open a menu that lets you pick individual courts. In fact, you can even “mix and match” specific courts from across multiple jurisdictions. Thus, you could, if you wanted, conduct a single search of just the U.S. District Court for Massachusetts and the Supreme Court of Rhode Island, or any other combination. Needless to say, this enhances the ability to use Google Scholar for more targeted research. Read more about this at the Google Scholar Blog.

E-Discovery Sanctions Reach All-Time High for Litigants and Lawyers (ABA Journal, 13 Jan 2011) - E-discovery sanctions have reached an all-time high after three decades of litigation over alleged discovery wrongdoing, and lawyers are increasingly being targeted. A study by three King & Spalding lawyers identified 30 cases in which attorneys were sanctioned for e-discovery violations, seven of them in 2009, according to a summary on the Catalyst E-Discovery Blog. Overall, 46 sanctions were awarded in 2009, the last year covered by the study. Before 2009, the highest number of sanctions awarded against lawyers in a single year was five, in 2008 and 2007. “Sanction motions and sanction awards for e-discovery violations have been trending ever-upward for the last 10 years and have now reached historic highs,” according to the King & Spalding study, published in the Duke Law Journal (PDF). The King & Spalding lawyers analyzed 401 cases before 2010 in which sanctions were sought and found 230 sanctions awarded, including often severe sanctions of case dismissals, adverse jury instructions and significant money awards. Sanctions of more than $5 million were ordered in five cases, and sanctions of $1 million or more were awarded in four others. Defendants were sanctioned for e-discovery violations nearly three times more often than plaintiffs. When sanctions were awarded, the most common misconduct was failure to preserve electronic evidence, followed by failure to produce and delay in production. Courts rarely sanctioned lawyers for e-discovery violations without also sanctioning their clients. Usually the counsel sanctions were for a pattern of misconduct. Typically the sanction required the lawyers to pay attorney fees and costs, and the amount ranged from $500 to $500,000.

10 Reasons Law Blogs Are Preferable to Email Blasts and Newsletters (Kevin O’Keefe, 14 Jan 2011) - A marketing and communications director with a good law firm client of LexBlog’s asked this week to help her on the question of a law blog versus a email monthly blast. She’s working with a practice group looking to expand their marketing reach beyond a monthly email blast they had limited success with. The group liked the idea of a blog, but is now getting cold feet because of the “frequency” of publishing. The practice group is now thinking another monthly mass-email and purchasing mailing lists to extend its reach. The marketing and communications director believes a blog may be the better fit. She’s asked for my comments. Though email newsletters may still play a role in law firm marketing, here’s ten compelling reasons the practice group should consider a blog first: * * * [Editor: This is a useful, actionable list.]

Court Rejects Claim of a First Amendment Right to Audio-Record Police Officers (Volokh Conspiracy, 14 Jan 2011) - From ACLU v. Alvarez (N.D. Jan. 10, 2011): “The American Civil Liberties Union of Illinois (“the ACLU”) sues Anita Alvarez, in her official capacity as Cook County State’s Attorney, seeking declaratory and injunctive relief with respect to the Illinois Eavesdropping Act, 720 ILCS 5/14 .... To assist in deterring and detecting police misconduct, the ACLU has developed a program to “audio record police officers, without the consent of the officers, when (a) the officers are performing their public duties, (b) the officers are in public places, (c) the officers are speaking at a volume audible to the unassisted human ear, and (d) the manner of recording is otherwise lawful.” ... [But t]he ACLU, Connell and Carter have not carried out the ACLU’s program due to fear of prosecution by the State’s Attorney under the Act. The Act provides that a first offense of nonconsensual eavesdropping is a Class 4 felony. “A person commits eavesdropping when he ... [k]nowingly and intentionally uses an eavesdropping device for the purpose of hearing or recording all or any part of any conversation ... unless he does so ... with the consent of all of the parties to such conversation, ...” The ACLU, Connell and Carter cite [nine] pending prosecutions of individuals under the Act .... The ACLU has cured the limited standing deficiencies addressed in the memorandum opinion dismissing the original complaint by sufficiently alleging a threat of prosecution. However, the credible, imminent threatened injury must implicate a constitutional right. The ACLU has not alleged a cognizable First Amendment injury. The ACLU cites neither Supreme Court nor Seventh Circuit authority that the First Amendment includes a right to audio record. Cf. Potts v. City of Lafayette, Indiana, 121 F.3d 1106, 1111 (7th Cir.1997) (“there is nothing in the Constitution which guarantees the right to record a public event” ‘). Amendment would therefore be futile.... The State’s Attorney argues that a “willing speaker” must exist to implicate the First Amendment’s right to free speech, Virginia State Bd. of Pharmacy v. Virginia Citizens Consumer Council, Inc., 425 U.S. 748, 756 (1976).... The ACLU intends to audio record police officers speaking with one another or police officers speaking with civilians. The ACLU’s program only implicates conversations with police officers. The ACLU does not intend to seek the consent of either police officers or civilians interacting with police officers. Police officers and civilians may be willing speakers with one another, but the ACLU does not allege this willingness of the speakers extends to the ACLU, an independent third party audio recording conversations without the consent of the participants. The ACLU has not met its burden of showing standing to assert a First Amendment right or injury....”

New Task for Phone: File Taxes (NYT, 15 Jan 2011) - Intuit, the company that makes TurboTax software, introduced an application on Friday that lets users automatically fill out the 1040EZ, the most basic of the I.R.S. personal tax forms. Filers simply photograph their W-2 and the app does much of the rest. Intuit’s SnapTax app, available for the iPhone and Android phones, relies on image-recognition technology to read salary and withholding information from the W-2. Users answer a few questions and review their return for accuracy before submitting it electronically by tapping a File Now button. Intuit charges $15 for each filing through the app, and it says that completing a return can take as little as 15 minutes. The app is intended for consumers who are increasingly using their mobile phones for everything, including shopping and banking. Taxes are just the next step, although it may take some getting used to for people who are accustomed to preparing their returns with a pencil and calculator or on a desktop computer. To use SnapTax, individuals must earn less than $80,000, while married couples must earn less than $100,000. The limit for individuals is lower than the $100,000 cap set by the Internal Revenue Service for those taxpayers using the 1040EZ but not filing by mobile phone. Intuit says it wants to make sure the app is not used by people who should be maximizing their savings by itemizing deductions, which is not allowed on the 1040EZ. Additionally, 1040EZ filers must have no dependents and be under age 65. Image-recognition technology, which for years was considered unreliable, is increasingly being put to use in online services. Technical advancements and the spread of smartphones have provided new opportunities for it. The technology is also being used to translate signs from Spanish into English, scan bar codes in stores and help solve Sudoku puzzles.

Appeals Court Finds Attorney-Client Privilege Doesn’t Cover Work Emails (ReadWriteBiz, 18 Jan 2011) - Attorney-client privilege does not extend to emails sent from a work email account, a California Court of Appeals has ruled. The unanimous decision was handed down by the Third Appellate District Court in Sacramento last week. The court’s decision means that a company has a right to access any email sent via a company computer - so use caution, perhaps, when using your work email account to consult with an attorney about suing your employer. These emails, writes the court, “were akin to consulting her lawyer in her employer’s conference room, in a loud voice, with the door open, so that any reasonable person would expect that their discussion of her complaints about her employer would be overheard .” There have been a number of important legal decisions recently about privacy and email. The New Jersey Supreme Court, for example, found that email sent from a personal web-based email account was private, provided that usage wasn’t covered by a company policy. But the U.S. Supreme Court found last summer that a police officer’s texts on department pagers were not private. Last week’s decision involved a secretary who sued her employer for wrongful termination. Her employer introduced some of her emails between she and her attorney in the court case, arguing that her attorney had urged her to file the suit. She had appealed the decision, arguing the emails should not have been admissible in court. The decision last week by the appeals court said that these emails were not confidential as her company had an explicit policy about company email, stating that it was for company business only and was not private.

Appearing Virtually at a Store Near You (NYT, 18 Jan 2011) – Sexy may not be the first word that comes to mind to describe Barnes & Noble, but the sex appeal of the bookseller rose considerably this week among some readers of Esquire magazine. Beginning Tuesday, Brooklyn Decker, who was voted the sexiest woman alive by Esquire readers recently and is featured on the cover of its February issue, began appearing at the stores to pose for photographs with fans. Ms. Decker is not setting foot in the actual stores, but is appearing virtually through a novel use of GPS technology with broad marketing potential. Using an iPhone with a special app, visitors to the stores can select from among several poses by Ms. Decker, who then appears in the center of the viewfinder and is superimposed wherever the smartphone is pointed. Participants can pose beside her likeness, and some poses — like Ms. Decker blowing a kiss to her side — seem incomplete without an object of ardor in the frame. Users are prompted with the option of posting the images to Facebook or e-mailing them to friends. Ms. Decker will be able to be viewed in more than 700 Barnes & Noble locations. GoldRun, the fledgling New York agency that developed the application, can create GPS zones as large as 500 feet in diameter for such promotions, but in Barnes & Noble, the enabled area is only about 150 feet, pinpointing the magazine section — where, of course, Esquire is sold. Although it is not paying for the campaign, Barnes & Noble is helping to promote it through its Web site and through e-mail messages to customers.

Pennsylvania Court Specifies Test for Unmasking Anonymous Online Speakers (Perkins Coie, 19 Jan 2011) - Last week, the Superior Court of Pennsylvania vacated a trial court’s order directing the disclosure of the identities of six John Does who allegedly posted defamatory remarks on the internet and adopted a four-prong modified test for unmasking anonymous online speakers in the future. In Pilchesky v. Gatelli, 2001 Pa. Super. 3, Nos. 38 MDA 2009 and 39 MDA 2009 (Jan. 5. 2001), the appeals court reviewed the standards courts use to evaluate whether the identity of an anonymous online speaker should be disclosed, and concluded that “[t]here are four requirements which must be addressed [and which] are necessary to ensure the proper balance between a speaker’s right to remain anonymous and a defamation plaintiff’s right to seek redress.” These requirements, discussed further below, are (1) notification of the John Doe defendants, (2) sufficiency of evidence to establish a prima facie case for all elements of a defamation claim, (3) an affidavit from the plaintiff asserting that the information is sought in good faith and is necessary to secure relief, and (4) that the court has expressly balanced the defendant’s First Amendment rights against the strength of the plaintiff’s prima facie case.

Law Pivot Gets New Tool, More Funding to Crowdsource the Law (GigaOM, 19 Jan 2011) - Silicon Valley startup Law Pivot announced new funding and a new recommendation feature for its Quora-like Q&A service that aims to democratize access to quality legal advice. According to Nitin Gupta, Law Pivot co-founder and VP of business development, the new recommendation feature will add value to the service by helping companies target their queries to lawyers that best match their needs. Even before today’s news, though, Law Pivot has defied the odds by gaining traction in a notoriously technology-resistant profession. Law Pivot targets technology startups without large legal budgets by letting them pose questions via the web service, which are then answered by Law Pivot’s stable of qualified lawyers. It all sounds great, although Gupta himself — a former lawyer — acknowledges that the legal industry is typically among the last to adopt new technologies. An ongoing shift away from the traditional billable-hours model was accelerated by the economic downturn, however, and now Gupta says “[L]aw firms are realizing that they have to change their ways.” According to Gupta, Law Pivot has attracted participation from many skilled attorneys, including senior partners at large firms. I asked Gupta about a handful of ethical considerations — including conflict of interest and malpractice liability — that could negatively affect the quality of Law Pivot’s service, but he didn’t seem too concerned. He explained that attorneys understand the rules around concerns, and know that they need to take the appropriate steps to mitigate them, just like they would with in-person client consultations. Another issue that could arise revolves around payment for attorneys, as it’s possible they won’t prioritize Law Pivot questions when more-pressing or higher-paying work awaits with actual clients. [Editor: interesting, but the ethical issues seem huge. Does anyone have experience here, or care to comment (email comments to me, or post them here:]

Lawyer Acting as Expert Witness Violated Child Porn Law With Court Exhibits, 6th Circuit Rules (ABA Journal, 20 Jan 2011) - An Ohio lawyer serving as an expert witness appropriately became a defendant in criminal and civil cases when he created child pornography by digitally altering stock photo images of children engaged in innocent activities, a federal appeals court has ruled. A federal district court judge had said that attorney Dean Boland was shielded by Ohio state law from civil liability to the parents of the two children whose photos he used in court as an expert witness on behalf of his clients. But the Cincinnati-based 6th U.S. Circuit Court of Appeals overruled, holding yesterday that federal law contains no such expert witness exemption and instead expressly requires that any child pornography exhibits be closely supervised by the government, Courthouse News Service reports. Boland entered into a deferred prosecution agreement in 2007 with federal prosecutors in Cleveland and made a public apology in the Cleveland Bar Journal concerning his use of the exhibits as an expert witness in several criminal cases. For example, Boland took the head of one child from a photo, attached it to a photo of the body of a woman engaged in sexual activity, and then altered the woman’s body to look like a child’s body, according to CNS and the 6th Circuit’s written opinion (PDF). However, Boland was subsequently sued by the parents of the children whose images he altered for the exhibits, who can now proceed with their claims.

U.S. Army Launches Social Media Handbook (Mashable, 20 Jan 2011) - The United States Army has officially announced the release of the 2011 Army Social Media Handbook, a document that’s meant to offer social media guidance for soldiers, personnel and families alike. The handbook is a follow-up to the 2010 Social Media Book, which was produced by the Army’s Online and Social Media Division. According to a post on Army Live, the official U.S. Army blog, the 2010 book “only scratched the surface of Army social media use,” which is why a new document was created. The new social media handbook now provides additional tips and best practices, along with information on operations security tips, branding information, checklists, regulations and frequently asked questions.

EU, Stop Making Sense (Please) (Steptoe, 20 Jan 2011) - The European Union’s Article 29 Working Party last month issued an opinion that attempts to clarify which nations’ data protection laws apply to the processing of personal data. The opinion also recommends changes in the EU’s approach to jurisdictional issues as the Union considers how to improve its data protection framework. But the opinion does more to obfuscate the issues than to clarify them. It does illustrate, though, how complicated it is for ISPs, communications companies, websites, financial institutions, cloud computing services, and other entities that do business in the EU – whether they are “established” there or not – to figure out which nations’ laws they must comply with. Article 29 opinion here:

**** RESOURCES ****
Best Practices in E-Discovery (KM World, January 2011) - As if designed to make life more difficult, the demands of e-discovery are altering the way we do our work, organize our workforce and maintain governance over the flood of email, social networking and traditional work documents and content. The driving forces behind e-discovery’s newfound stature are the amendments adopted to the Federal Rules of Civil Procedure (FRCP), which requires any electronically stored information to be available as part of a litigation. And it also, to make matters worse, instituted new processes for the way in which opposing counsels interact. In short, it messed everything up. In an effort to sort it all out, the current KMWorld White Paper, “Best Practices in E-Discovery,” addresses the many challenges posed by e-discovery, and offers the best advice on meeting them. (free registration required)

**** COMMENTARY ****
Security in 2020 (Bruce Schneier, 16 Dec 2010) - There’s really no such thing as security in the abstract. Security can only be defined in relation to something else. You’re secure from something or against something. In the next 10 years, the traditional definition of IT security— that it protects you from hackers, criminals, and other bad guys—­will undergo a radical shift. Instead of protecting you from the bad guys, it will increasingly protect businesses and their business models from you. Ten years ago, the big conceptual change in IT security was deperimeterization. A wordlike grouping of 18 letters with both a prefix and a suffix, it has to be the ugliest word our industry invented. The concept, though— the dissolution of the strict boundaries between the internal and external network—­was both real and important. There’s more deperimeterization today than there ever was. Customer and partner access, guest access, outsourced e-mail, VPNs; to the extent there is an organizational network boundary, it’s so full of holes that it’s sometimes easier to pretend it isn’t there. The most important change, though, is conceptual. We used to think of a network as a fortress, with the good guys on the inside and the bad guys on the outside, and walls and gates and guards to ensure that only the good guys got inside. Modern networks are more like cities, dynamic and complex entities with many different boundaries within them. The access, authorization, and trust relationships are even more complicated. Today, two other conceptual changes matter. The first is consumerization. Another ponderous invented word, it’s the idea that consumers get the cool new gadgets first, and demand to do their work on them. Employees already have their laptops configured just the way they like them, and they don’t want another one just for getting through the corporate VPN. They’re already reading their mail on their BlackBerrys or iPads. They already have a home computer, and it’s cooler than the standard issue IT department machine. Network administrators are increasingly losing control over clients. This trend will only increase. Consumer devices will become trendier, cheaper, and more integrated; and younger people are already used to using their own stuff on their school networks. It’s a recapitulation of the PC revolution. The centralized computer center concept was shaken by people buying PCs to run VisiCalc; now it’s iPads and Android smart phones. The second conceptual change comes from cloud computing: our increasing tendency to store our data elsewhere. Call it decentralization: our email, photos, books, music, and documents are stored somewhere, and accessible to us through our consumer devices. The younger you are, the more you expect to get your digital stuff on the closest screen available. This is an important trend, because it signals the end of the hardware and operating system battles we’ve all lived with. Windows vs. Mac doesn’t matter when all you need is a web browser. Computers become temporary; user backup becomes irrelevant. It’s all out there somewhere— and users are increasingly losing control over their data. [Editor: Article continues, and is worth reading; discusses coming “deconcentration”, “decustomerization”, and “depersonalization”.]

**** FUN ****
Texting Girl Falls Into Fountain, Microsoft Smiles? (CNET, 18 Jan 2011) - Some events make us stop and think. Then there are the events that make us stop, think, laugh, and propagate until we can’t think of anyone else to send them to. This, surely, is one of those events. The video shows a girl wandering around a mall, busily texting on her cell phone. And then, well, she falls into the mall fountain. (video at: She’s reportedly thinking of suing the mall:

AT&T Commercials From 1993 Eerily Comes True (Techland, 3 Jan 2011) - Happy New Year! While most of you are making resolutions and predicting what’s going to happen, Buzzfeed has uncovered this gem from 1993 about the future of technology according to AT&T. See if any of these “ideas” have become reality. The company said, “You will.” And, we did.

- and -

WARREN BUFFETT WARNS ON NEWSPAPERS VS. THE NET Investment guru Warren Buffett predicts hard times for the newspaper industry, warning that the Internet presents a major challenge to printed news publishers. Buffett says although he still reads newspapers, he often finds himself turning to his computer for news, and he suspects others do, too. Often, he says, he can get the next morning’s news stories from the New York Times or Boston Globe Web sites for free. “That cannot be a good thing for newspapers. It’s not a good idea to be charging a lot of money
for something you can get for free.” More significant than the loss of subscription dollars, however, is the siphoning of advertising revenues, says Buffett. “The idea that chopping down trees, running through million-dollar presses... is going to be competitive with some little click on a computer” is nonsense. (AP/Washington Post 29 Apr 2001)

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( with the word “MIRLN” in the subject line. Unsubscribe by sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at Get supplemental information through Twitter:

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. InsideHigherEd -
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog,
11. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

Saturday, January 01, 2011

MIRLN --- 12-31 December 2010 (v13.18)

(supplemented by related Tweets: #mirln)

·      Website Privacy Policies - An Extensive Primer
·      Judges Can Have Facebook Friends, with ‘Constant Vigil,’ Says Ohio Supreme Court Board
·      Military Bans Disks, Threatens Courts-Martial to Stop New Leaks
o   Congressional Research Service Analysts Complaining About Blocked Access To Wikileaks
·      Protect Your Pre-1997 IP Address
·      EFF Victory: Appeals Court Holds that Email Privacy Protected by Fourth Amendment
·      A Mixed Ninth Circuit Ruling in MDY v. Blizzard: WoW Buyers Are Not Owners – But Glider Users Are Not Copyright Infringers
·      9th Circuit Rules Victims Needn’t Show ‘Misuse’ of Stolen Personal Data
·      UK’s Information Commissioner’s Office Issues First Data Breach Fines
·      A Magistrate Judge Correctly Ruled That A Youtube.Com User Waived The Attorney-Client Privilege By Recounting On Her Blog And In E-Mail Her Discussions With Her Attorneys
·      AMA Challenges E-Prescription Penalties
·      Vendors form ‘Legal Cloud Computing Association
·      Your Apps Are Watching You
·      The Report of Current Opinions
·      Updates to Twitter Allowed in British Courts
·      Social Media or Snake Oil: Does Social Media Measure Up to the Hype?
·      NIST Outlines An Organizational-Level Approach To Continuous Monitoring
·      Nebraska Rolls Out Free Docket App
·      Court Rejects Plaintiff’s Proposal of Class Notice via Twitter, SMS, and Email -- Jermyn v. Best Buy
o   Man Divorces Wife By SMS
·      VA Employees Using Unauthorized Cloud Services
·      Financial Industry Favors Security Through Obscurity; Demands Cambridge Censor Paper Detailing Weaknesses
·      Data Hacker Pageranks Members of the US Congress
·      First Amendment Rights To Blog A Case
·      E-Lawyering Expert: Stay Competitive With a Virtual Law Practice
·      NOAA Launches Website Housing Previously Released Public Information from the Deepwater Horizon Response
·      Email ‘Oops’ Ends With Gordon & Rees Being Booted From Case
·      MERS: How a Mortgage Clearinghouse Became a Villain in the Foreclosure Mess


Website Privacy Policies - An Extensive Primer..... (Foley Hoag, 1 Dec 2010) - If your start-up’s website will collect user information.... and chances are it will, you need to start thinking about your website privacy policy. I have often spoken with founders who think that the website privacy policy is a “one size fits all, grab an example from a well know e-retailer or established company web-site that appears to have a similar business model, snip here, paste there and you’re all set” deal. My wide eyed stare of horror in reaction to this is mostly dismissed as symptomatic of the overly cautious view of life that seemingly plagues my profession. I have discussed this with a colleague Patrick Connolly and he had the great idea to write a primer on the issue of Privacy Policies for websites. Now let me warn you, Patrick’s primer is not short and it isn’t meant to be because it highlights the issues that we step through and the risks and possible reprisals that we consider when we draft a privacy policy for a particular start-up. So without further ado, here’s Patrick’s well thought out “Primer on the Website Privacy Policies”, hopefully once your done reading you’ll agree that your privacy policy is not something to be taken lightly. [Editor: Provides a useful framework to begin to work thru the issues; this is one of my three practice areas, too.]

Judges Can Have Facebook Friends, with ‘Constant Vigil,’ Says Ohio Supreme Court Board (ABA Journal, 8 Dec 2010) - An Ohio judge is allowed to have Facebook friends, the Board of Commissioners on Grievances and Discipline of the state’s top court held today. But doing so requires “constant vigil,” the board says in its written opinion, because “a judge must maintain dignity in every comment, photograph and other information shared on the social network,” reports the Associated Press. They also have to be careful to avoid bias and can’t gather evidence for cases from social media sites. A state supreme court press release provides additional details and links to a copy of the Dec. 3 opinion.

Military Bans Disks, Threatens Courts-Martial to Stop New Leaks (Wired, 9 Dec 2010) - It’s too late to stop WikiLeaks from publishing thousands more classified documents, nabbed from the Pentagon’s secret network. But the U.S. military is telling its troops to stop using CDs, DVDs, thumb drives and every other form of removable media — or risk a court martial. Maj. Gen. Richard Webber, commander of Air Force Network Operations, issued the Dec. 3 “Cyber Control Order” — obtained by Danger Room — which directs airmen to “immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET,” the Defense Department’s secret network. Similar directives have gone out to the military’s other branches. It’s one of a number of moves the Defense Department is making to prevent further disclosures of secret information in the wake of the WikiLeaks document dumps. Pfc. Bradley Manning says he downloaded hundreds of thousands of files from SIPRNET to a CD marked “Lady Gaga” before giving the files to WikiLeaks. To stop that from happening again, an August internal review suggested that the Pentagon disable all classified computers’ ability to write to removable media. About 60 percent of military machines are now connected to a Host Based Security System, which looks for anomalous behavior. And now there’s this disk-banning order. One military source who works on these networks says it will make the job harder; classified computers are often disconnected from the network, or are in low-bandwidth areas. A DVD or a thumb drive is often the easiest way to get information from one machine to the next. “They were asking us to build homes before,” the source says. “Now they’re taking away our hammers.”

- and -

Congressional Research Service Analysts Complaining About Blocked Access To Wikileaks (Techdirt, 15 Dec 2010) - With the Library of Congress blocking access to Wikileaks over some misguided notion of what its legal responsibilities are, Copycense points us to a report about how librarians across the nation are now arguing over whether or not this was the right move, with many feeling that it was decidedly a bad move. However, perhaps more interesting is the claim, in the middle of the article, that analysts at the Congressional Research Service are negatively impacted by this as well: “Since the Congressional Research Service is a component of the Library, this means that CRS researchers will be unable to access or to cite the leaked materials in their research reports to Congress. Several current and former CRS analysts expressed perplexity and dismay about the move, and they said it could undermine the institution’s research activities. It’s a difficult situation,” one unidentified CRS analyst told Aftergood. “The information was released illegally, and it’s not right for government agencies to be aiding and abetting this illegal dissemination. But the information is out there. Presumably, any Library of Congress researcher who wants to access the information that WikiLeaks illegally released will simply use their home computers or cell phones to do so. Will they be able to refer directly to the information in their writings for the Library? Apparently not, unless a secondary source, like a newspaper, happens to have already cited it.”

Protect Your Pre-1997 IP Address (Computerworld, 10 Dec 2010) - If your company obtained its IP address space before 1997, you have probably received several letters from the American Registry for Internet Numbers Ltd. (ARIN) encouraging you to enter into a contractual agreement to protect the IP address. But should you sign it? ARIN’s contract is called the Legacy Registration Services Agreement (Legacy RSA). It proposes to give companies contractual guarantees, including grandfathering of certain protected rights; continued use -- at no extra charge, at least for now -- of IP address services like “in-addr” and “whois” listings; reduced annual fees compared with those of ARIN’s regular IP address holders; and future fee waivers, in exchange for returning unused IP address space. But be careful -- there are several issues you should consider before signing up for this. Registrants that obtained IP addresses directly from ARIN after 1997 entered into service agreements that fall under ARIN’s jurisdiction, and are therefore subject to ARIN’s resource utilization policies. But it is unclear whether IP address registrations of legacy IP address holders -- those that happened before 1997 -- were ever formally transferred to ARIN. ARIN has never claimed that it has control over these legacy IP addresses, but at the same time, it has never conceded that it lacks the authority either. [This is a fairly arcane area, often overlooked in M&A transactions, which involves something like chain-of-title issues: how to prove your “ownership” of an IP address block, acquired thru a M&A transaction years ago? With the looming exhaustion of IP4 address space, such issues are coming to the fore.]

EFF Victory: Appeals Court Holds that Email Privacy Protected by Fourth Amendment (EFF, 14 Dec 2010) - In a landmark decision issued today in the criminal appeal of U.S. v. Warshak, the Sixth Circuit Court of Appeals has ruled that the government must have a search warrant before it can secretly seize and search emails stored by email service providers. Closely tracking arguments made by EFF in its amicus brief, the court found that email users have the same reasonable expectation of privacy in their stored email as they do in their phone calls and postal mail. EFF filed a similar amicus brief with the 6th Circuit in 2006 in a civil suit brought by criminal defendant Warshak against the government for its warrantless seizure of his emails. There, the 6th Circuit agreed with EFF that email users have a Fourth Amendment-protected expectation of privacy in the email they store with their email providers, though that decision was later vacated on procedural grounds. Warshak’s appeal of his criminal conviction has brought the issue back to the Sixth Circuit, and once again the court has agreed with EFF and held that email users have a Fourth Amendment-protected reasonable expectation of privacy in the contents of their email accounts. Opinion here:

A Mixed Ninth Circuit Ruling in MDY v. Blizzard: WoW Buyers Are Not Owners – But Glider Users Are Not Copyright Infringers (EFF, 14 Dec 2010) - The Ninth Circuit today issued its decision in the second of a trio of cases that raise the critical legal question of whether “magic words” in a end-user license agreement (EULA) slapped onto a consumer product can turn buyers (or gift recipients) into mere licensees, rather than owners. Following its previous ruling in the first of these cases, Vernor v. Autodesk, the court today said yes — but there’s a twist. The case (which we’ve covered previously) pits Blizzard, the maker of World of Warcraft, against MDY, the maker of a program called Glider (what Blizzard calls a “bot”) that lets you play WoW on “auto-pilot” up to a certain level. Blizzard won in the district court, successfully arguing that WoW purchasers do not “own” their software, but merely “license” it. On this dystopian view, Blizzard owns every WoW DVD ever shipped for all eternity and may be able to use copyright law to punish WoW players who use the software in any manner not authorized by the “license” (like using Glider). The district court agreed, and MDY appealed. Ownership matters, because otherwise Blizzard and other software vendors can wipe away important consumer rights with legalese contained in license agreements. In September, the Ninth Circuit held that buyers of software (and possibly DVDs, CDs and other “licensed” content) are not owners as long as the vendor saddles the transfer with enough restrictions to transform what the buyer may think is sale into a mere license. Today, in yet another blow to user rights, the Ninth Circuit ruled that Blizzard’s license restrictions for WoW accomplish the same purpose. However, the court also held that using Glider in WoW play in violation of Blizzard’s terms did not amount to copyright infringement. Blizzard had argued that MDY was secondarily liable for copyright infringement because it provided software that allowed users to play in unauthorized ways. Not so, said the appellate court, because there was no direct liability to begin with. The license term that forbade WoW players from using Glider was a covenant — a promise not to do something — rather than a condition — limiting the scope of the copyright license. And while violating “antibot” covenants might breach a contract, it does not violate any copyright. (By contrast, creating a derivative work might.) This point may seem a bit arcane, but it’s crucial because it helps avoid a situation in which violating contracts and EULAs could result in a copyright infringement lawsuit (with the heavy club of statutory damages, attorney’s fees and low standards for injunctions) rather than just a simple breach of contract claim.

9th Circuit Rules Victims Needn’t Show ‘Misuse’ of Stolen Personal Data (FPN, 15 Dec 2010) - Employees didn’t need to show misuse of their personal information in order to sue their employer over alleged negligence in allowing its theft, the 9th Circuit has ruled in affirming judgment. The plaintiffs are 97,000 current and former Starbucks employees whose names, addresses, and Social Security numbers were stored on a company laptop that was stolen. The plaintiffs filed a class action against Starbucks for the loss of their personal information, asserting negligence and breach of contract. Starbucks argued that, because none of the plaintiffs could show that their personal information was actually misused, they could not establish sufficient injury for purposes of standing under Article III of the Constitution. But the court concluded that an increased risk of identity theft satisfies Article III standing requirements. “If a plaintiff faces ‘a credible threat of harm,’ and that harm is ‘both real and immediate, not conjectural or hypothetical,’ the plaintiff has met the injury-in-fact requirement for standing under Article III. Here, [plaintiffs] have alleged a credible threat of real and immediate harm stemming from the theft of a laptop containing their unencrypted personal data,” the court said. U.S. Court of Appeals, 9th Circuit. Krottner v. Starbucks Corp., No. 09-35823. Dec. 14, 2010. Lawyers USA No. 993-2514.

UK’s Information Commissioner’s Office Issues First Data Breach Fines (Steptoe’s E-Commerce Law Week, 16 Dec 2010) - Until recently, the UK’s Information Commissioner’s Office (ICO) had more bark than bite when it came to data protection. The extent of its powers was issuing enforcement notices and bringing court cases against violators of the Data Protection Act 1998. But earlier this year, as we reported, the ICO was authorized to issue monetary penalties up to ₤500,000 for individual data security breaches. And now the ICO has exercised that new power, issuing two fines totaling ₤160,000 for data breaches. Both fines were for failures to properly safeguard private and sensitive information. The ICO noted that both violators failed to take even the most basic steps to protect the information; one of the cases turned largely on the fact that the employer had failed to put encryption on a laptop that an employee used to work from home.

A Magistrate Judge Correctly Ruled That A Youtube.Com User Waived The Attorney-Client Privilege By Recounting On Her Blog And In E-Mail Her Discussions With Her Attorneys (CCH’s Guide to Computer Law, 16 Dec 2010; subscription required) - The user argued that her comments regarding “her counsel’s motives for representing her pro bono” did not waive the attorney-client privilege with respect to her own motivations for filing suit. However, the two subjects were closely intertwined and could not easily be separated. The user also contended that she was mistaken when she stated that her case was “not a ‘fair use’ case at all,” based on conversations with her attorneys A party may not attempt to explain an apparent admission as a misinterpretation of a conversation with counsel, and then deny the opposing party on the basis of privilege access to the very conversations at issue. When a client reveals to a third party that something is “what my lawyer thinks,” she cannot avoid discovery on the basis that the communication was confidential. Lenz v. Universal Music Corp., NDCal

AMA Challenges E-Prescription Penalties (Information Week, 16 Dec 2010) - The American Medical Association and 103 state and specialty medical societies have sent a letter to Kathleen Sebelius, secretary for the Department of Health and Human Services, requesting that the Centers for Medicare & Medicaid Services (CMS) change its e-prescribing penalty requirements, which will create a financial burden on physicians, the letter said. The request was prompted by a change in the e-prescribing policy that CMS published in the 2011 Final Fee Schedule Rule, which introduced a provision requiring a physician to report at least ten instances of using e-prescriptions for Medicare office visits and services between January 1, 2011 through to June 30, 2011. If physicians don’t meet these requirements, they will face penalties in 2012 and 2013.

Vendors form ‘Legal Cloud Computing Association (Robert Ambrogi, 17 Dec 2010) - Four companies that offer legal-oriented products and services through the cloud have banded together to form the Legal Cloud Computing Association. LCCA’s purpose, according to its announcement, “is to promote standards for cloud computing that are responsive to the needs of the legal profession and to enable lawyers to become aware of the benefits of computing technology through the development and distribution of education and informational resources.” The four companies that make up LCCA’s founding membership are:
Clio (Themis Solutions Inc.)
DirectLaw, Inc.
Rocket Matter LLC
Total Attorneys, LLC
As its first official act as an organization, the LCCA published its comments on the ABA Commission on Ethics 20/20 paper concerning lawyers’ use of Internet-based client-development tools (PDF). With regard to cloud computing, the LCCA proposes that the ABA endorse a minimal set of standards for cloud-computing providers along with model terms of service for cloud providers. Those minimal standards, the LCCA says, should cover data-center security, network security, software security, data-transmission security, back-ups and redundancy, confidentiality and privacy, and data portability.

Your Apps Are Watching You (WSJ, 18 Dec 2010) - Few devices know more personal details about people than the smartphones in their pockets: phone numbers, current location, often the owner’s real name—even a unique ID number that can never be changed or turned off. These phones don’t keep secrets. They are sharing this personal data widely and regularly, a Wall Street Journal investigation has found. An examination of 101 popular smartphone “apps”—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders. The findings reveal the intrusive effort by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them. Apps sharing the most information included TextPlus 4, a popular iPhone app for text messaging. It sent the phone’s unique ID number to eight ad companies and the phone’s zip code, along with the user’s age and gender, to two of them. Both the Android and iPhone versions of Pandora, a popular music app, sent age, gender, location and phone identifiers to various ad networks. Smartphone users are all but powerless to limit the tracking. With few exceptions, app users can’t “opt out” of phone tracking, as is possible, in limited form, on regular computers. On computers it is also possible to block or delete “cookies,” which are tiny tracking files. These techniques generally don’t work on cellphone apps.

The Report of Current Opinions (O’Reilly Radar, 19 Dec 2010) - Public.Resource.Org will begin providing in 2011 a weekly release of the Report of Current Opinions (RECOP). The Report will initially consist of HTML of all slip and final opinions of the appellate and supreme courts of the 50 states and the federal government. The feed will be available for reuse without restriction under the Creative Commons CC-Zero License and will include full star pagination. This data is being obtained through an agreement with Fastcase, one of the leading legal information publishers. Fastcase will be providing us all opinions in a given week by the end of the following week. We will work with our partners in Law.Gov to perform initial post-processing of the raw HTML data, including such tasks as privacy audits, conversion to XHTML, and tagging for style, content, and metadata. The RECOP feed will be treated as an open source project with revision control, multiple commiters [commentors?], open discussion lists, and perhaps even multiple branches. Law.Gov participants include both for-profit organizations such as Justia and Fastcase and academic institutions such as Princeton, Cornell, and Stanford. We welcome additional participants from both communities. More details will be made available in mid-January on the Law.Gov mailing list. n addition to weekly release of all current opinions, this feed will include periodic releases of important segments of the back file, including:
·      A release of 3 million pages of 9th Circuit briefs from 1892 to 1968 which was produced in cooperation with UC Hastings College of the Law and the Internet Archive and is scheduled for release in Q1 2011.
·      Double-keyed HTML for at least the first 10 volumes of the Federal Reporter, First Series and all 30 volumes of the Federal Cases will be completed by the end of Q2 2011. This data is being furnished as part of the YesWeScan Project. Now, you too can give the gift that you can cite forever.
·      William S. Hein & Co., which provided high-resolution scans of the Federal Cases, is providing a high-resolution scan of the Federal Reporter, First Series which will be released in Q1 2011.
We are actively pursuing several other important archives that are missing such as Supreme Court Briefs, multiple versions of the annotated statutes of the 50 states, and other key collections. We would welcome the contribution of any legal publishers wishing to furnish such data.

Updates to Twitter Allowed in British Courts (NYT, 20 Dec 2010) - The head of the judiciary in England and Wales ruled on Monday that reporters and other observers can send updates to Twitter and other short text messages from courtrooms while trials are in session so long as the messages do not impede the judicial process. The interim decision, meant to guide courts in his jurisdiction, came a week after an appeals court judge in London barred those present at a bail hearing for Julian Assange, the WikiLeaks founder, from posting messages to Twitter. “There is no statutory prohibition on the use of live text-based communications in open court,” the judicial head, Lord Chief Justice Igor Judge, found in the Monday ruling. (The full text of the ruling is embedded at the end of this post.) “But before such use is permitted, the court must be satisfied that its use does not pose a danger of interference to the proper administration of justice in the individual case.” While cameras and sound recording equipment remain prohibited, live text updates to social networks are “unobtrusive” and “virtually silent” and therefore “unlikely to interfere with the proper administration of justice,” he wrote. Because most courtrooms require that mobile phones and other devices be switched off during proceedings, reporters or others present for the trial must ask for an exception for the purpose of sending live messages via Twitter and other text-based services. Judges can decide, however, to limit such updates. Criminal cases may be particularly sensitive, the chief justice wrote, though reporters may also be prevented from using text devices during civil trials as well, especially in situations where the posting of information could pressure or distract a future witness. In the United States, state and federal courts have taken varied approaches to Twitter. In Georgia district court last year, a federal judge denied a journalist’s request to use his Blackberry mobile phone in court to post messages, citing a federal rule that prohibits the “broadcasting” of proceedings. But a court in Connecticut allowed Twitter updates during the heavily publicized murder trial of Steven J. Hayes. In that case, defense lawyers appeared to set the grounds for a possible appeal, arguing that tens of thousands of messages had been sent from the courtroom, creating a carnival atmosphere and denying Mr. Hayes a fair trial. Ruling here:

Social Media or Snake Oil: Does Social Media Measure Up to the Hype? (ABA Journal, 2010) - Is the social media phenomenon overhyped? A growing chorus of voices says yes. Critics argue there are no credible ways to measure return on investment in social media. They also contend there’s no definitive data showing that social media create business, or that the number of followers you have on Twitter or friends on Face book translates into dollars earned. The conundrum is that both the cynics and the cheerleaders may be right. Kevin O’Keefe, CEO and publisher of Seattle-based Lexblog, which provides social media consulting to law firms, says he does think there is too much hype about social media. “There are a lot of people who don’t know what they’re talking about creating a buzz about it. It’s terribly effective, but that doesn’t mean it’s not overhyped.” Perhaps the most overhyped metric of social media is the gross number of participants. Consultants waxing on about the value of social media start with Facebook’s 500 million active users and Twitter’s 190 million monthly visitors. Yet tallies of friends on Facebook and followers on Twitter mean little. If you’re hunting for hard numbers on social media value, you may be searching for fool’s gold. Social media isn’t about statistics. It’s about good, old-fashioned relationship building. “Numbers on your return on investment are meaningless,” says Daniel Harris of Harris & Moure in Seattle and author of the China Law Blog. “It’s like saying if you speak at a seminar, what’s the return? You never know in hard numbers, but you do know when someone calls six months later and says, ‘I heard you speak. We have this matter.’” [Editor: you tell me; you’re reading this, after all.]

NIST Outlines An Organizational-Level Approach To Continuous Monitoring (GCN, 21 Dec 2010) - Effective IT security requires a top-down approach, with strategic planning at the organizational level rather than on a system-by-system basis, the National Institute of Standards and Technology says in newly released draft guidelines for continuous monitoring. Many, if not all, of an agency’s IT systems are mission-critical these days, and periodic snapshots of their status do not provide adequate assurance of security, according to the initial public draft of Special Publication 800-137, Information Security Continuous Monitoring for Federal Information Systems and Organizations.” Continuous monitoring to assess security status and enable incident response is now the standard for security assessment and maintenance. “Information security is a dynamic process that must be effectively managed to respond to new vulnerabilities, evolving threats and an organization’s constantly changing enterprise architecture and operational environment,” the publication states. The publication offers guidelines on the development of a continuous monitoring strategy and the implementation of a program based on that strategy. The program should provide visibility into assets and an awareness of threats and vulnerabilities to the system, and expose the effectiveness of security controls being used. It also should allow the organization to determine if the security controls are aligned properly with its risk tolerance and help the organization respond if it finds that security controls are not adequate.

Nebraska Rolls Out Free Docket App (ABA Journal, 21 Dec 2010) - Attorneys and judges in Nebraska have been able to use a searchable online court calendar for several years. But since this past fall they’ve had something a lot more slick for finding court dates: an app. Last September the state of Nebraska authorized and created a free state court docket app for the iPhone and its progeny. Nebraska appears to be the only state, so far, to have created such an app. The app makes most district and all county court hearing schedules searchable by day, time and location in real time. During its first month, the app was downloaded over 150 times, says Jennifer Rasmussen, project manager at, the state portal site that handled the programming. There haven’t been any comments posted about it on iTunes, but Rasmussen figures the audience could widen considerably, with about 6,500 attorneys in the state—maybe half of them trial lawyers.

Court Rejects Plaintiff’s Proposal of Class Notice via Twitter, SMS, and Email -- Jermyn v. Best Buy (Eric Goldman, 22 Dec 2010) - Plaintiffs brought a class action against Best Buy alleging that Best Buy failed to honor its price-match guarantee. The court certified the class with respect to New York residents who had bought certain items from Best Buy since 2002 and who were denied Best Buy’s price guarantee. The named plaintiff suggested several forms of notice to potential class members, including notification via: (1) Best Buy’s “Twelpforce“ Twitter account, (2) SMS, and (3) email. Noting that overinclusive individual notice is not required, and that Best Buy is only required to undertake “reasonable steps” to identify individual affected class members, the court rejects all three suggestions. The court conducted a random sample of Best Buy’s “Tweplforce” account and concluded that it was primarily a medium for providing technical support to customers. As with respect to the suggested notice via Twitter, the court accepts Best Buy’s argument that notice via SMS was overinclusive, based on Best Buy’s argument. The proposed email notice suffered the same fate, since Best Buy was “unable to restrict notice via email to only class members . . . [it] only collected customer emails when a customer makes a purchase on; when a customer obtains a protection or service plan for an item purchased at or at a Best Buy store; or when a customer voluntarily shares her email address when visiting” The court’s treatment of Twitter as an form of individual notice was interesting, and not entirely accurate. Tweets are not “individualized messages” in the sense that the list of recipients is not controlled by the sender (there’s not a finite list) - the list of recipients includes people who follow the general stream of Tweets as well as those who have opted in to receive messages. Additionally, tweets can be disseminated further by those who see initial tweets, increasing the odds that the word would get out to its intended audience. It’s also worth noting that the “Twelpforce” account is not Best Buy’s only Twitter account. For some reason, plaintiff didn’t suggest notice via Best Buy’s main account, which has approximately 123,000 followers. Given that the costs involved in disseminating notice via Twitter are de minimis, I’m surprised the court wasn’t more open to the suggestion. Also, I was surprised that neither party brought up Facebook as a possibility. Best Buy’s Facebook page is approaching 2 million followers, and offers a similarly inexpensive way to get the notice out to a broad group of interested people. I would think Best Buy’s resistance stems from not wanting to suffer any negative branding implications from including news of this class action in its overt marketing channels, but I would have thought the minimal cost would have swayed the court.

- but -

Man Divorces Wife By SMS (Emirates24, 25 Dec 2010) - A Saudi court decided to separate a national couple after the husband sent a SMS to his wife mobile phone telling her that she is divorced, a newspaper in the Gulf Kingdom reported on Saturday. The woman from the western town of Madina asked court to officially endorse her divorce and supported its complaint with the SMS from her husband, the online Arabic language daily Anakum said. “The husband told the judge he sent the message after an argument with his wife but that he did not mean to divorce her,” the paper said. “But the judge considered the SMS as a real divorce under Islam and decided to support the wife’s plea for divorce.”

VA Employees Using Unauthorized Cloud Services (Information Week, 23 Dec 2010) - The Obama administration might be pushing federal agencies to adopt cloud computing, but federal workers are already ahead of the curve, as the Department of Veterans Affairs recently discovered when it found out hospital employees were using Web-based tools from companies like Google and Yahoo on the job. The discovery isn’t shocking -- consumer adoption of cloud services has in many ways outstripped corporate and government adoption -- but it does raise security concerns, as the services being used haven’t necessarily gone through the rigorous certification process required to comply with federal cybersecurity guidelines. “The government can’t keep up with Google, Apple, Yahoo, and others who are creating grey apps for healthcare usage,” VA CIO Roger Baker said Thursday on a monthly cybersecurity conference call with reporters. “This is an issue we’re going to continue to deal with going forward. These are great tools for patient care, but at the same time we can’t use them. If we don’t figure out how to embrace them, our users will figure it out without us.” Baker applauded companies like Google for moving forward with government security certifications for “moderate” risk information, but said that the VA requires even higher security standards for personally identifiable information like the type its employees are beginning to store online. For now, the agency is treating the use of services like these as a security concern, and blocking access to sites as they became known. For example, last month the agency discovered that a few orthopedics department residents at the Jesse Brown VA Medical Center have been keeping a calendar of patient data on Yahoo Calendar for more than three years. The residents had stored full names, dates, types of surgery, and the last four digits of Social Security numbers for 878 patients on the site, sharing the same user account. When the VA discovered this, it blocked access to the site, deleted all the entries, changed the password (which hadn’t been changed once during the three years of use), and began mailing out letters of notification to all affected patients. Such a scenario has played out numerous times in recent months, Baker said. The most popular use of cloud services was by employees using Google Docs to store shift-change information and residents using it to document what type of role they played in various procedures. “While these are password-protected accounts, the issue is that they leave the VA,” Baker said. “We need to figure out how to meet this demand and still meet our requirements from the standpoint of security controls.”

Financial Industry Favors Security Through Obscurity; Demands Cambridge Censor Paper Detailing Weaknesses (TechDirt, 27 Dec 2010) - The chip and PIN system that is used for financial transactions throughout large parts of Europe and Canada (still surprised that it hasn’t really come to the US...) has numerous vulnerabilities that have been detailed over the years. In the past year alone, there have been a number of problems and weaknesses highlighted with the system. Apparently, the financial industry isn’t happy about this, but rather than fixing the problems it’s reacting in the usual way: going after the messenger. Slashdot points us to the news that the UK Cards Association -- a trade group representing banks and credit card companies -- has asked Cambridge researchers to remove a thesis which highlights some of the vulnerabilities. You can see the demand letter embedded below, but it’s fairly amusing. The letter claims that the publication (which you can read about on the author’s (Omar Choudary) website, where he describes a device for intercepting, monitoring and modifying such data) “oversteps the boundaries of what constitutes responsible disclosure.” In other words, they’re not happy about it, so Cambridge should force the student to shut up. Of course, what’s amusing is that after chiding Cambridge University for such irresponsible publishing, the Association then tries to downplay the significance of the whole thing anyway: “Fortunately, the type of attack described in the research is difficult to undertake and is unlikely to carry a sufficient risk-reward ratio to interest genuine fraudsters. And, in the unlikely event that such an attack were to take place in the UK marketplace, the banking industry’s fraud prevention systems would be able to detect when such an attack had happened.”

Data Hacker Pageranks Members of the US Congress (ReadWriteWeb, 27 Dec 2010) - What’s the fastest way to evaluate the true behavior of a Senator or Representative in Congress? How about through a ready-made mathematical model and some charts? That’s what Josh Tauberer has created as the latest project at congress-tracking site “Bulk access to legislative information makes large-scale statistical analyses possible,” Tauberer writes. He’s performed analyses he says are like Google’s Pagerank, but for politicians: he’s tracked which politicians vote together in order to discover moderates and extremists, and he’s treated sponsorship and co-sponsorship of legislation like an endorsement of leadership, similar to the way Google treats links between web pages as an endorsement. The resulting chart, below, tracks Senate members on axis of leadership and ideology. It’s a fascinating way to see important qualitative matters quantified and to get a quick snapshot of politicians you might not follow very closely. Something like this could also be helpful in assessing claims and pushing for accountability of elected officials.

First Amendment Rights To Blog A Case (Cobalt Law Firm, 28 Dec 2010) – “Dear Mr. Olson -- We are in receipt of your letter (below) in which you demand that we cease or you will sue. We are a law firm; and we are reporting news in our blog. Clearly is that stated under the category on ‘News’ as you acknowledge in paragraph two of your letter. We acknowledge that your client has trademark rights. However, protection for trademark rights under the Lanham Act is limited to protection against another’s use of a designation to identify its business, or in marketing its goods or services in a way that causes a likelihood of confusion. Such trademark rights do not override First Amendment rights.” Of course, this has now been picked up by TechDirt --

E-Lawyering Expert: Stay Competitive With a Virtual Law Practice (ABA Journal, 28 Dec 2010) - More clients than ever are seeking legal services online, and the market is growing every day with new competitors—online companies such as Legal Zoom, Inc. and “do it yourself” legal kits on the Internet, among them—that are challenging the dominance of the traditional law firm. Stephanie Kimbro, co-founder of Virtual Law Office software and a virtual law office owner, says in her book Virtual Law Practice that “mainstream legal professionals who have preferred to stick with more traditional law practice methods can no longer turn a blind eye to this change if they wish to remain competitive.” YourABA recently asked Kimbro to provide some guidance on establishing a virtual presence and best practices for effective e-lawyering.

NOAA Launches Website Housing Previously Released Public Information from the Deepwater Horizon Response (NOAA, 29 Dec 2010) - NOAA today unveiled a web archive of the maps, wildlife reports, scientific reports and other previously released public information used by emergency responders, fishermen, mariners and local officials during the Deepwater Horizon oil spill. The NOAA Deepwater Horizon Library can be accessed via “This website serves as a valuable learning tool and resource for scientists, students and historians of all backgrounds for many years to come,” said Jane Lubchenco, Ph.D., under secretary of commerce for oceans and atmosphere and NOAA administrator. “Good science underpins everything we do at NOAA, and our scientists worked tirelessly during the spill to monitor the oceans, coasts and skies. Much of that mission-critical information is now available in this library.”

Email ‘Oops’ Ends With Gordon & Rees Being Booted From Case (LegalPad, 29 Dec 2010) - It’s great the way email software autocompletes addresses for you. Except when it puts in the wrong one. That’s what happened to Braun Hagey partner J. Noah Hagey. But it wasn’t a total disaster, as it kicked off a chain of events that culminated last week with an eye-popping protective order (read it here) booting his opposing counsel and in-house lawyers off a case in federal court. Here’s what happened. Hagey represents a handful of engineers in Oakland who in September left engineering and design firm Arcadis to start their own shop. Apparently worried their former employer would try to interfere, they hired Braun Hagey and later conferred by email -- with autocomplete inserting an old Arcadis address for one of the former employees. So four message threads, including one attaching a draft declaration, were delivered to Arcadis, where an email monitoring system routed them to legal. In a declaration, Hagey said the plaintiffs didn’t realize their emails had been intercepted until lawyers at Gordon & Rees filed a counterclaim that references the day the former employees held a meeting -– a date, he said, Gordon & Rees could only have learned from the emails. Reached Wednesday, Hagey declined to comment publicly. In a declaration, Elizabeth Spangler, an inhouse lawyer at Arcadis, acknowledged receiving the threads and reviewing the draft complaint -- at which point she says she realized the material was probably privileged. She says, however, that there were no great revelations in the material, and she didn’t share it with anyone. She did say, though, that she must have inadvertently given Gordon & Rees the date on which the exiting employees met. She also said she later learned her boss, Arcadis’ General Counsel Steven Niparko, had also briefly reviewed the email. On Dec. 17, U.S. District Judge Jeffrey White ordered that Arcadis replace Gordon & Rees with new, untainted counsel. He also ordered Spangler off the case, and said the GC must be “removed from all aspects of the day-to-day management.” And he ordered Arcadis to pay fees and costs of $40,000. [Editor: a possibly-unexpected outcome -- a risky way to contaminate opposing counsel.]

MERS: How a Mortgage Clearinghouse Became a Villain in the Foreclosure Mess (Washington Post, 31 Dec 2010) - In the early 1990s, the biggest names in the mortgage industry hatched a plan for a new electronic clearinghouse that would transform the home loan business - and unlock billions of dollars of new investments and profits. [A] central electronic clearinghouse would allow the companies to transfer thousands of mortgages instantaneously, greasing the wheels of a system in which loans could be repeatedly and quickly bought and sold. “Assignments are creatures of 17th-century real property law; they do not coexist easily with high-volume, late 20th-century secondary mortgage market transactions,” Phyllis K. Slesinger, then senior director of investor relations for the Mortgage Bankers Association of America, wrote in paper explaining the system. Sixteen years down the road, the mortgage business is a mess. The electronic clearinghouse has become a reality: The Virginia-based Mortgage Electronic Registrations Systems, a registry with 67 million mortgages on file, has become part of the industry’s standard operating procedure. But critics say promises of transparency and of ironing out wrinkles in record-keeping haven’t panned out. The firm, which tracks more than 60 percent of the country’s residential mortgages but whose parent company employs just 45 people in a Reston office building, is on the firing line now. * * * MERS became a stripped down version of the original idea. The first thing to go was the vault for keeping documents. MERS instead became a giant electronic card catalogue that tracked who was managing a particular loan as it was sold and resold, but it left the companies themselves responsible for guarding the mortgage (or deed of trust) and the promissory note (or IOU) - the two critical pieces of paper that prove who owns a loan. Next to go was transparency, critics say. When a home loan is securitized, at least a half-dozen parties are typically involved. The loan might be originated by a mortgage finance firm, sold to a company that aggregates them into a pool and then sells them to an investor such as a pension fund. A different “servicer” such as Bank of America is usually responsible for collecting payments. Most loans are bought and sold several times, and the servicer can change, too. The mortgage bankers decided that to simplify record-keeping, MERS would be listed as a “nominee” for the mortgage holder in local land records offices. When the loans changed hands, the new owner or servicer would register the transaction electronically in the MERS system without having to re-record the transaction across the country. But Mark Monacelli, a county recorder in Duluth, Minn., who was the lead negotiator for the association representing recorders from most of the nation’s 3,600 counties, said that practice makes it difficult for homeowners to be able to trace the chain of ownership of their loan. [Editor: Long article, interesting subject. Illustrates the tension between law and technology, and how things can go off the tracks when the tech/business side gets too far ahead of the law. This isn’t going to end prettily.]

The Innovation Secrets of Steve Jobs (Carmine Gallo, 22 Nov 2010; 53 minutes) - Apple’s Steve Jobs has a reputation for innovation, particularly with Apple’s company slogan of “Think Different”. Carmine Gallo wrote a book that reviewed Jobs’ presentation secrets and now details his innovation secrets. Gallo discusses his book, including the seven points of innovation followed by Steve Jobs. Gallo also talks about the thought process that led to this follow-up to his previous successful book. [Editor: Gallo’s starts off a bit slick for my tastes, but he’s actually done a very useful job distilling and presenting here. These are extremely good points he makes, especially for younger people.]

**** RESOURCES ****
Copyright for Internet Authors and Artists (Prof. Thomas Field, 16 Oct 2010) -- This small paper attempts to answer inquiries received during the span of at least a decade. It contains little information that is unavailable at the Copyright Office website, but it focuses on the needs of a much smaller, if sizable, audience. [Editor: 6-page almost FAQ-like – useful for quick orientation of new clients.]

WIPO Launches On-line Tool to Assist in Filing International Trademark Applications (WIPO, 20 Dec 2010) - WIPO launched on December 20, 2010 an on-line tool - the Madrid System Goods & Services Manager (G&S Manager) - that will help trademark applicants in compiling the list of goods and services that must be submitted when filing an international application under the Madrid System for the International Registration of Marks. The G&S Manager, which can be accessed through the WIPO GOLD portal, gives access to thousands of standard terms classified in accordance with the 9th edition of the International Classification of Goods and Services for the Purposes of the Registration of Marks (Nice Classification). Applicants using the G&S Manager can select the terms that best describe the goods and services relating to the mark. Users of the Madrid system must ensure that they provide the correct description and classification of the goods and services for which the mark will be used. By selecting terms from the G&S Manager, applicants can be confident that no irregularity notice will be issued with respect to the classification or indication of those goods and services. The G&S Manager is available in the three working languages of the Madrid system, namely English, French and Spanish, and gives access to some 30,000 terms in English and their equivalents in French and Spanish.

**** LOOKING BACK ****
JUDGE MAKES A CASE FOR THE DELETE KEY (New York Times 5 Oct 2000) - District Court Judge James Rosenbaum has published an article called “In Defense of the DELETE Key,” in which he bemoans the eternal nature of computer communications and reminisces fondly about pre-computer days when people casually spoke “off the record”: “At this earlier time, two people could easily say something -- even, perhaps, something politically incorrect -- simply between themselves. They might even have exchanged nasty notes between themselves. And when they had moved past this tacky, but probably innocent moment, it was truly gone.” Today, however, “an idle thought jotted onto a calendar, a tasteless joke passed to a once-trusted friend, a suggestive invitation directed at an uninterested recipient, if done electronically, will last forever. Years later, it can subject its author to liability.” Rosenbaum proposes a “cyber statute of limitations” -- perhaps six months for an isolated e-mail message -- after which “deleted” documents would be legally consigned to the electronic rubbish heap and become inadmissible as evidence of possible wrongdoing. He makes an exception for recovered “deleted” messages from someone who has exhibited a pattern of egregious behavior or communications. The article was published in the Summer issue of The Green Bag, a literary law journal. [link broken]

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( with the word “MIRLN” in the subject line. Unsubscribe by sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at Get supplemental information through Twitter:

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. InsideHigherEd -
3. SANS Newsbites,
4. NewsScan and Innovation,
5. BNA’s Internet Law News,
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog,
11. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.