Saturday, March 26, 2011

MIRLN --- 6-26 March 2011 (v14.04)

MIRLN --- 6-26 March 2011 (v14.04) --- by Vince Polley and KnowConnect PLLC
(supplemented by related Tweets: http://twitter.com/vpolley #mirln)

**** MIRLN PODCASTS ****
The MIRLN podcasts now are on iTunes -- http://itunes.apple.com/us/podcast/mirln/id424352330 or search for “MIRLN”. Or, you can find them at http://www.knowconnect.com/mirln/podcast/, and an RSS feed is available.

·      Dead.Ly URL’s and Authoritarian Social Network Tracking
·      Massive Intervention
·      Mass. AGO Web Communications Policies
·      Software Best Practices and Open Source Derivative Works
·      Michigan Town Split on Child Pornography Charges
·      New Report on Business Models for Scholarly Publishing
·      Cost of a Data Breach Climbs Higher
·      Hacking of DuPont, J&J, GE Were Undisclosed Google-Type Attacks
·      Judge: Debt Agency Can’t Contact or Search for Woman on Facebook
·      Important Ninth Circuit Ruling on Keyword Advertising
·      Researchers Show How a Car’s Electronics Can Be Taken Over Remotely
·      Google Again Sued Over Gmail Content Scanning
·      Law Enforcement Use of GPS Devices, and More from CRS
·      The “Adam Smith” Award for Innovation in Legal Service Delivery
·      Legal Industry Does Not Exist on ‘LinkedIn Today’
·      Radio Daze
·      Robots and the Law?
·      The Digital Pileup
·      As Law Student Readies Reverse Auction Site, Law Bloggers React to ‘eBay’ of Lawyering
·      What Auditors Are Saying About Compliance And Encryption
·      Web Host Liable For Contributory Infringement
·      New Site Offers Free Video ‘Nuggets’ of CLE
·      Righthaven Loses Second Fair Use Ruling Over Copyright Lawsuits
·      Crowdsourcing the Preservation of U.S. War Papers
·      Chin Decides Google Books Settlement Would ‘Go Too Far’
·      Spot Me If You Can: Uncovering Spoken Phrases In Encrypted VoIP Conversations
·      Cornell Library Rejects Non-Disclosures On Journal Pricing; Will Reveal All Prices
·      The Deplorable State of Law Firm Security

NEWS | PODCASTS | RESOURCES | FUN | LOOKING BACK | NOTES

Dead.Ly URL’s and Authoritarian Social Network Tracking (ZDnet, 27 Feb 2011) - The escalating unrest in North Africa and other parts of the world continues to make us wonder about the fundamental levers of control of the entire internet, and its uses for mass interactions and broadcasts. Bit.ly, the uniform resource locator (web site url address) shortener widely used by marketers and Twitter users relies on .ly, the Internet country code top-level domain (ccTLD) for Libya and it’s still far from clear who ultimately controls the off switch for those domains. According to Bit.ly they have five root nameservers for the .ly ccTLD: two in Oregon, one in the Netherlands and two in Libya. The Oregon and Netherlands servers are presumably reliant on obtaining updates from the .LY registry inside Libya. If they can’t, at some point they will consider the data they have stale/obsolete and stop providing information on the .LY domain. If the Libyan registry is cut off the internet the availability of .LY domains would be compromised somewhere between 0 and 28 days, with inconsistencies increasing as attempts to ‘phone home’ to the Libyan TLD servers got no response. http://www.zdnet.com/blog/collaboration/deadly-urls-and-authoritarian-social-network-tracking/1901

Massive Intervention (Der Spiegel, 28 Feb 2011; computer-translated version) - The businessman wanted to go home. Eight hours had taken the flight from India, but now delayed by the customs officials at the Munich Airport his return. A routine check, said. Personal, luggage, laptop. It did, but the conscience of the passengers was clear and there was nothing to declare. Only with his computer, the inspectors disappeared into the next room. Shortly after clear: everything is fine. Safe journey home. The little stopover at the airport “Franz Josef Strauss in mid-2009 has what it takes, in Berlin again ignite a debate on the powers of investigative authorities. It’s in the digital age is an issue that divides the black-yellow coalition in the federal government: when and how far the state may enter to combat crime in the computers of its citizens? For the merchant from Bavaria was under that control a little more baggage than the first. On his computer had the Bavarian State Criminal Police Office (LKA) a spyware hiding. The secret at the airport installed program secured by the police far-reaching access to the laptop. Once the device connects to the Internet, it sent every 30 seconds a photo of the screen to the investigators - some 60,000 in three months. http://translate.googleusercontent.com/translate_c?hl=en&ie=UTF-8&sl=auto&tl=en&u=http://www.spiegel.de/spiegel/0,1518,748110,00.html&prev=_t&rurl=translate.google.com&twu=1&usg=ALkJrhg1_RLZyagAwPEgnr94W2np3UjDUQ [Spotted by MIRLN reader Michael Fleming of Cray, Inc.]

Mass. AGO Web Communications Policies (Office of the Attorney General, March 2011) - The Attorney General’s Office uses several social media tools for outreach, education and information. These online tools help the office reach more residents with helpful consumer and safety information, and are intended to enhance, but not replace, the office’s interaction with constituents and the media. http://www.mass.gov/?pageID=cagoutilities&L=1&sid=Cago&U=Cago_web_communications [Editor: discussion of the AGO’s blog, Twitter, Flickr, YouTube, and e-newsletter communications vehicles]

Software Best Practices and Open Source Derivative Works (Citizen Media Law Project, 2 March 2011) - We received a request not long ago from one of the lawyers in our Online Media Legal Network who is looking for legal resources on a couple different issues tied to software development, particularly open source software development. And frankly, they’re the sorts of resources that we expect more and more lawyers will have need for. Thus, we’re reposting the requests here - along with my first stab at researching them - in the hopes of drumming up a bit of crowdsourcing to find the answers. The first request was for best practices, procedures, and policies relating to management of the software development function. Of particular concern is situations where developers are writing original code, licensing commercial code, and using open source code in developing software that is redistributed to nonprofits. What recommendations are out there for such best practices in complying with the various licenses? Next, the lawyer was wondering at what point the GNU General Public License (“GPL”) kicks in and “infects” other software. As the lawyer says, “Clearly derivative works are covered, but I am trying to get a better handle on how much linking, touching, combining, etc. gives rise to the viral requirement.” http://www.citmedialaw.org/blog/2011/software-best-practices-and-open-source-derivative-works [Editor: the story carries links to various relevant resources.]

Michigan Town Split on Child Pornography Charges (NYT, 7 March 2011) - People in this economically pressed town near Lake Michigan are divided into two camps: Those who think Evan Emory should pay hard for what he did, and those who think he should be let off easy. Mr. Emory, 21, an aspiring singer and songwriter, became a household name here last month when he edited a video to make it appear that elementary school children in a local classroom were listening to him sing a song with graphic sexual lyrics. He then showed the video in a nightclub and posted it on YouTube. Tony Tague, the Muskegon County prosecutor, stands firmly in the first camp: He charged Mr. Emory with manufacturing and distributing child pornography, a crime that carries a penalty of up to 20 years in prison and 25 years on the sex offender registry. Mr. Emory, who had gotten permission to sing songs like “Lunchlady Land” for the first graders, waited until the students left for the day and then recorded new, sexually explicit lyrics, miming gestures to accompany them. He then edited the video to make it seem as if the children were listening to the sexual lyrics and making faces in response. Mr. Emory’s supporters, including the almost 3,000 people who have “liked” the “Free Evan Emory” page on Facebook, say the charge is a vast overreaction to a prank gone astray, and a threat to free expression. Legal experts say the case — and the strong reactions it has drawn from places as far as Ireland and Australia— underscores the still evolving nature of the law when it comes to defining child pornography in the age of Facebook, YouTube and sexting. But with the rise of technology, said Carissa B. Hessick, an associate professor at the Sandra Day O’Connor College of Law at Arizona State and an expert on child pornography and criminal sentencing, “now we have situations where people are being arrested and charged” in connection with digitally altered images, where no child was abused. http://www.nytimes.com/2011/03/08/us/08muskegon.html?_r=1

New Report on Business Models for Scholarly Publishing (InsideHigherEd, 7 March 2011) - University presses need to consider new business models, and share information on successful new approaches, but no one model should be assumed to be correct for all, according to a report being released today by the Association of American University Presses. “[T]he simple product-sales models of the 20th century, devised when information was scarce and expensive, are clearly inappropriate for the 21st-century scholarly ecosystem. As the report details, new forms of openness, fees, subscriptions, products, and services are being combined to try to build sustainable business models to fund innovative digital scholarly publishing in diverse arenas,” the report says. The report stresses the role of university presses in vetting and improving scholarly writing, not just publishing it, and that emphasis turns up in several recommendations. “Open access is a principle to be embraced if publishing costs can be supported by the larger scholarly enterprise. University presses, and nonprofit publishers generally, should become fully engaged in these discussions,” the report says. Another recommendation: “Proposals and plans for new business models should explicitly address the potential impact of the new model on other parts of the press’s programs, as well as explicitly address the requirements, both operational and financial, for making the transition to a new model.” http://www.insidehighered.com/news/2011/03/07/qt#253189

Cost of a Data Breach Climbs Higher (Ponemon Institute, 8 March 2011) - Most privacy advocates and people in the data protection community believe that data breach costs will start coming down eventually because consumers will become somewhat immune to data breach news. The idea is that data breach notifications will become so commonplace that customers just won’t care anymore. But, that hasn’t happened yet. The latest U.S. Cost of a Data Breach report, which was just released today, shows that costs continue to rise. This year, they reached $214 per compromised record and averaged $7.2 million per data breach event. The fact is that individuals still care deeply about their personal information and they lose trust in companies that fail to protect it. It’s not only direct costs of a data breach, such as notification and legal defense costs that impact the bottom line for companies, but also indirect costs like lost customer business due to abnormal churn. This year’s study showed some very interesting results. In my view, there are a few standout trends.
·      Rapid response to data breach costs more. For the second year, we’ve seen companies that quickly respond to data breaches pay more than companies that take longer. This year, they paid 54 percent more. Fueling this rush to notify is compliance with regulations like HIPAA and the HITECH Act and the numerous state data breach notification laws. It seems that U.S. companies have this urgency to just get the notification process over with. Unfortunately, these companies are in such a hurry to do the right thing and notify victims that they end up over-notifying. This causes customers who are not actually at risk to lose trust in the company and abnormal customer churn increases. Companies that take a more surgical approach and spend the time on forensics to detect which customers are actually at risk and require notification, ultimately spend less on data breaches.
·      Malicious or criminal attacks are causing more breaches. This year malicious attacks were the root cause of 31 percent of the data breaches studied. This is up from 24 percent in 2009 and 12 percent in 2008. The significant jump in malicious attacks over the past two years is certainly indicative of the worsening threat environment. Malicious attacks come from both outside and inside the organization, ranging from data-stealing malware to social engineering. What’s more, these data breaches are the most expensive. Malicious attacks create more costs because they are harder to detect, the investigation is more involved and they are more difficult to contain and remediate. Another reason malicious attacks are so expensive is the criminal is out to monetize their work; they’re trying to profit off the breach. However, it’s not always the bad guys doing bad things that cause data breaches. It’s often your best employees making silly mistakes. Negligence is still the leading cause of data breaches at 41 percent.
http://www.ponemon.org/blog/post/cost-of-a-data-breach-climbs-higher [Editor: This is the definitive benchmark study of breach costs, conducted with the same methodology over several years. Well worth study.]

Hacking of DuPont, J&J, GE Were Undisclosed Google-Type Attacks (Bloomberg, 8 March 2011) - The FBI broke the news to executives at DuPont Co. late last year that hackers had cracked the company’s computer networks for the second time in 12 months, according to a confidential Dec. 9, 2010, e-mail discussing the investigation. About a year earlier, DuPont had been hit by the same China- based hackers who struck Google Inc. and unlike Google, DuPont kept the intrusion secret, internal e-mails from cyber-security firm HBGary Inc. show. As DuPont probed the incidents, executives concluded they were the target of a campaign of industrial spying, the e-mails show. The attacks on DuPont and on more than a dozen other companies are discussed in about 60,000 confidential e-mails that HBGary, hired by some of targeted businesses, said were stolen from it on Feb. 6 and posted on the Internet by a group of hacker-activists known as Anonymous. The companies attacked include Walt Disney Co., Sony Corp., Johnson & Johnson, and GE, the e-mails show. The incidents described in the stolen e-mails portray industrial espionage by hackers based in China, Russia and other countries. U.S. law enforcement agencies say the attacks have intensified in number and scope over the past two years. A Baker Hughes spokesman, Gary Flaharty, confirmed in an interview last month that his company’s networks were breached. Baker Hughes decided the intrusion was not a material event and so didn’t file a disclosure with U.S. regulators, he said. http://www.businessweek.com/news/2011-03-08/hacking-of-dupont-j-j-ge-were-undisclosed-google-type-attacks.html [Editor: on 5 Nov 2010 I tweeted from a DC symposium on law & national security: “FBI: every CEO in America knows that their company networks have been penetrated; often results in complete access.” There’s real, unreported, huge economic activity going on behind/under these penetrations.]

Judge: Debt Agency Can’t Contact or Search for Woman on Facebook [or other SM services] (AP, 9 March 2011) - A Florida judge has ordered a debt collection agency to not use Facebook or any other social media site in an attempt to locate a woman over a $362 unpaid car loan. Judge W. Douglas Baird also ordered Mark One Financial LLC of Jacksonville, Fla. to refrain from contacting the woman’s family or friends on Facebook. http://hosted2.ap.org/apdefault/f28cc4ac186b4036b3b4fa29caa6142b/Article_2011-03-09-Facebook%20Debt%20Collection/id-810548d5ef6d4030a3f8005e398943ef

Important Ninth Circuit Ruling on Keyword Advertising (Eric Goldman, 9 March 2011) - We’ve had surprisingly few appellate decisions involving keyword advertising generally, and almost none involving trademark owners’ lawsuits against keyword advertisers (as opposed to suing keyword sellers like search engines). On that basis alone, this ruling is important. The case is also remarkable because the opinion, written by highly regarded Judge Wardlaw, gets so many things right. Perhaps that sounds like damning with faint praise, but the reality is that the Ninth Circuit’s Internet trademark law has become horribly tortured due to deeply flawed opinions like the 1999 Brookfield case. This opinion deftly cuts through the accumulated doctrinal cruft and lays a nice foundation for future Internet trademark jurisprudence. The only sour note is that the opinion makes some unnecessary and empirically shaky “presumptions”--exactly the kind of unfortunate appellate court fact-finding that got the Ninth Circuit into trouble into the first place. Still, given how this opinion could have turned out, I still give this opinion very high marks. * * * I am often asked by other Internet Law professors for a single keyword advertising case they should consider teaching. Until now, I haven’t had a good answer. I’ve taught several keyword ad cases over the years. The last two years I’ve taught the Hearts on Fire case, which has been pretty good. Other folks have taught the Second Circuit’s Rescuecom case, a theoretically interesting case but a lousy teaching case. In my opinion, this ruling is clearly the best keyword advertising teaching case now available. Unless something better comes along, I’ll be substituting this case for the Hearts on Fire case in my Internet Law reader. Assuming many of my colleagues make the same choice, I expect this opinion will be an instant classic. http://blog.ericgoldman.org/archives/2011/03/important_ninth.htm

Researchers Show How a Car’s Electronics Can Be Taken Over Remotely (NYT, 10 March 2011) - With a modest amount of expertise, computer hackers could gain remote access to someone’s car — just as they do to people’s personal computers — and take over the vehicle’s basic functions, including control of its engine, according to a report by computer scientists from the University of California, San Diego and the University of Washington. Although no such takeovers have been reported in the real world, the scientists were able to do exactly this in an experiment conducted on a car they bought for the purpose of trying to hack it. Their report, delivered last Friday to the National Academy of Sciences’ Transportation Research Board, described how such unauthorized intrusions could theoretically take place. Because many of today’s cars contain cellular connections and Bluetooth wireless technology, it is possible for a hacker, working from a remote location, to take control of various features — like the car locks and brakes — as well as to track the vehicle’s location, eavesdrop on its cabin and steal vehicle data, the researchers said. They described a range of potential compromises of car security and safety. The new report is a follow-on to similar research these experts conducted last year, which showed that cars were increasingly indistinguishable from Internet-connected computers in terms of vulnerability to outside intrusion and control. That project tried to show that the internal networks used to control systems in today’s cars are not secure in the face of a potential attacker who has physical access to the vehicle. http://www.nytimes.com/2011/03/10/business/10hack.html?_r=1&ref=business

Google Again Sued Over Gmail Content Scanning (Information Week, 10 March 2011) - Attorneys representing former Gmail user Kelly Michaels of Smith County, Texas, have sued Google, claiming that its Gmail service violates users’ privacy by scanning e-mail messages to serve relevant ads. This is not the first time Google has faced such a suit. Another Texas resident, Keith Dunbar, made similar claims in November, 2010. It’s an issue Google has been dealing with since Gmail was introduced in 2004. At Google’s request, the Dunbar suit has been sealed. However, in a reply filed prior to the sealing of the case, Google’s attorneys provide highlighted terms of service and the company’s privacy policy as exhibits to show that users are informed about how Gmail operates. Michaels’s complaint takes the novel approach of arguing that while Google asks users to accept its terms of service, the company doesn’t require that users actually understand what they’re agreeing to. Such comprehension is all but impossible, the complaint suggests, because terms of service documents are difficult to read, if they’re read at all. The complaint bemoans how users who wish to read Google’s Terms of Service have to scroll through a small text box with something like 92 paragraphs or visit a 15-page print-friendly version. Then there’s a separate Program Policy and Privacy Policy, each on different Web pages, and the Privacy Policy includes some 55 external links. It’s widely known that people don’t read lengthy documents online, particularly dry legalese. There’s even Internet shorthand for the phenomenon: “TL; DR,” which stands for “too long; didn’t read.” Sadly for the plaintiff, there’s no legal recognition of “TL; DR,” even if companies like Google and Facebook recognize the problem. Both companies have acknowledged how difficult it is to read and understand lengthy privacy and terms of service documents, and have tried to make them less impenetrable. http://www.informationweek.com/news/security/privacy/showArticle.jhtml?articleID=229300677&subSection=Security [TMI?]

Law Enforcement Use of GPS Devices, and More from CRS (FAS, 10 March 2011) - When law enforcement agencies use a Global Positioning System device to track the motor vehicle of a potential suspect, is that a “search” that is subject to constitutional protections under the Fourth Amendment? Or is it comparable to visual inspection of public information that enjoys no such protection? The Supreme Court has not ruled on the subject, and lower courts have issued a range of opinions in different cases, according to a new report (pdf) from the Congressional Research Service that carefully delineated the issues. “Depending on how one reads the courts’ decisions, one could conclude that there is a split in the courts regarding whether law enforcement must first obtain a warrant before using a GPS device. Conversely, one could also conclude that the courts’ decisions are reconcilable and that the outcomes of the cases are fact-sensitive.” http://www.fas.org/blog/secrecy/2011/03/law_gps.html

The “Adam Smith” Award for Innovation in Legal Service Delivery (AdamSmithEsq, 10 March 2011) - A couple of weeks ago I learned that the legal department of Kraft Foods issued its “Adam Smith” award, for innovation in the delivery of legal services, to Clifford Chance, and Kraft intends it to be an annual award. I was curious to learn more. The first thing I learned was that the award was not named for the publication you’re reading, but for the original Adam Smith himself. Officially, the award is the “Kraft Foods Free Market Award,” but internally it’s known as the Adam Smith Award, and that is the name by which it will henceforth be known here, and in all right-thinking circles. The award goes to “the firm that best demonstrates the principles of free market competition.” Marc Firestone, Kraft Foods Executive Vice President, Corporate & Legal Affairs and General Counsel, said the genesis of the award was finding a way to lower costs for legal work and in the process they discovered that returning to basic economic principles was the key. Kraft has about 120 lawyers around the globe but they lack robust electronic connections other than email. Clifford Chance, by contrast, has a robust internal communications system. “After three years of spinning our wheels,” [DGC] Gerd reported, Clifford Chance was able to help Kraft’s legal department get truly connected globally in very short order. This makes great sense to me: Integrated global legal services are the core competence of Clifford Chance, but nowhere on the top 100 list for Kraft, nor should they be. The innovation was establishing internal blogs and discussion boards at Kraft addressing specific subject matter areas. The basic insight came from Clifford Chance but was adapted by Kraft for its own corporate culture, as I read it, and this could be an example of the most robust kind of innovation-sharing between firms and clients that we could imagine. The thinking must go as follows:
·      Law firm has practice X (Knowledge Management as an expertise, in this case)
·      Which client could use if it worked in their corporate environment (turning law firm KM theories into blogs and discussion boards)
·      So that both client and law firm “win,” in the sense that the both learn something from each other.
What Kraft did, then, plain and simple, was to set up those blogs and discussion boards, even though they were something Clifford Chance had never looked at internally in terms of its own KM efforts. http://www.adamsmithesq.com/archives/2011/03/the-adam-smith-award-for-innovation-in-legal-service-delivery.html [Editor: fascinating role-reversal – here it’s the law firm leading and the client following, in a classic implementation of knowledge management. I’m especially surprised that it’s Kraft – back in the mid-1990s they had a forward-thinking “knowledge management” culture. For more on KM implementation, and discussion of its implications for “Enterprise 2.0” see materials at KnowConnect: http://www.knowconnect.com/know/cat/km_presentations.]

Legal Industry Does Not Exist on ‘LinkedIn Today’ (Law.com, 11 March 2011) - LinkedIn announced Thursday that it has launched “LinkedIn Today,” which some have described as an effort to become the “The Wall Street Journal of social news.” LinkedIn describes LinkedIn Today as a site that “delivers the day’s top news, tailored to you based on what your connections and industry peers are reading and sharing.” Unless, of course, you are a lawyer or in the legal profession, in which case you get absolutely nothing. Yes, despite lawyers’ pretty heavy use of LinkedIn as a social media tool, LinkedIn Today seems to forget that we even exist. As Bob Ambrogi similarly observed Thursday on his LawSites blog, LinkedIn Today offers a lengthy list of industries you can choose to tailor your reading, but law isn’t one of them. In addition, he notes, the site does not draw on any legal-news sources. “Given the apparent widespread use of LinkedIn among legal professionals of all kinds, it is surprising that this new service would skip right over the entire industry,” Ambrogi adds. http://legalblogwatch.typepad.com/legal_blog_watch/2011/03/legal-industry-does-not-exist-on-linkedin-today.html

Radio Daze (Tablet, 11 Feb 2011) - Last year, a young man called in to a radio station with a problem. He’d recently attended a bachelor party, he said, and a friend of the groom-to-be, clueless of the unwritten etiquette of maledom, brought his girlfriend along, derailing what was supposed to be a weekend of gambling, girls, and general debauchery. The caller told his story with passion and verve, and then asked the station’s listeners for their advice on how to treat his clueless pal. Or at least he would have, had this been a real conversation. The young man—who asked to remain nameless in order to protect his chances for future employment—was an actor, and the staged call an audition. A short while later, he received the following email: “Thank you for auditioning for Premiere On Call,” it said. “Your audition was great! We’d like to invite you to join our official roster of ‘ready-to-work’ actors.” The job, the email indicated, paid $40 an hour, with one hour guaranteed per day. But what exactly was the work? The question popped up during the audition and was explained, the actor said, clearly and simply: If he passed the audition, he would be invited periodically to call in to various talk shows and recite various scenarios that made for interesting radio. He would never be identified as an actor, and his scenarios would never be identified as fabricated—which they always were. Curious, the actor did some snooping and learned that Premiere On Call was a service offered by Premiere Radio Networks, the largest syndication company in the United States and a subsidiary of Clear Channel Communications, the entertainment and advertising giant. Premiere syndicates some of the more sterling names in radio, including Rush Limbaugh, Glenn Beck, and Sean Hannity. But a great radio show depends as much on great callers as it does on great hosts: Enter Premiere On Call. “Premiere On Call is our new custom caller service,” read the service’s website, which disappeared as this story was being reported (for a cached version of the site click here). “We supply voice talent to take/make your on-air calls, improvise your scenes or deliver your scripts. Using our simple online booking tool, specify the kind of voice you need, and we’ll get your the right person fast. Unless you request it, you won’t hear that same voice again for at least two months, ensuring the authenticity of your programming for avid listeners.” The actors hired by Premiere to provide the aforementioned voice talents sign confidentiality agreements and so would not go on the record. But their accounts leave little room for doubt. All of the actors I questioned reported receiving scripts, calling in to real shows, pretending to be real people. Frequently, one actor said, the calls were live, sometimes recorded in advance, but never presented on-air as anything but real. http://www.tabletmag.com/life-and-religion/58759/radio-daze/ Follow-up stories began to emerge in early March: http://www.opednews.com/articles/Limbaugh-Hannity-Parent-Co-by-Gustav-Wynn-110305-942.html?show=votes

Robots and the Law? (Volokh Conspiracy, 12 March 2011) - I want to ask a follow-up to Orin’s post below on Judge Friendly and Air Law. I’ve taken an increasing interest in robotics — partly just robotics for its own interest, but also as a law professor from the standpoint of robots and the law. It started, in my case, from spending time on battlefield robotics, but it has morphed into a larger interest in robotics and the law, and perhaps future law. So I read Orin’s post, and the comments, and wonder whether there is a “there” to robotics and the law. I don’t mean from the standpoint of teaching a course; I tend to resist that kind of course on pedagogical grounds. I mean from the standpoint of a lawyer looking down the road and trying to anticipate what might be future areas of practice. I agree with Jay’s comment to Orin’s post that we academics often tend to underestimate just how much particular specialization occurs in law practice on account of the particulars of statutes and regulation and the complicated factual circumstances of usage — we academics tend to dismiss the crucial details by saying, well, it’s all just tort or products liability, whereas from the practicing lawyer’s standpoint, the devil, and the practice, are in the details. E.g., I mentioned robots and the law to a sophisticated law and economics professor, and he said, tell me if I’m wrong, but is there anything to this other than regular old tort and products liability law? What’s different about robots? I don’t know that there is — but I do wonder if that answer isn’t doing precisely what Jay warns against, correctly in my view — professorial reductionism. Sure, it’s all just tort, but will that be true from the practice perspective? My question is this: if you assume, as I do, that robots will increasingly enter ordinary life, in ways that involve important things such as nursing care, and at least partly autonomous activities as well as gross locomotion and other physical activities, in ordinary and routine life ... what, if any, practice specialities in law are likely to emerge from that? Speculate on ways in which this area might or might not become a genuinely distinct branch of law — but without simply engaging in pro forma reductivism of the “it’s all just products liability!” kind. Of course this involves some speculation on the direction of technology and the social uses of robots, too. (ps. Let me head off now any comments related to the 3 Laws and all that. Love Asimov too, but let’s not go there here. I want to know what, if anything, might emerge as a practical law speciality in this area.) http://volokh.com/2011/03/12/robots-and-the-law/

The Digital Pileup (NYT Op-Ed, 13 March 2011) – Some facts of life are just plain counterintuitive. It can be too cold to snow. Heavy things float. Martinis have calories. Here’s another one with significantly greater import: Electronic information is tangible. The apps we use, the games on our phones, the messages we incessantly tap — all of it may seem to fly through the air and live in some cloud, but in truth, most of it lands with a thump in the earthly domain. Because electronic information seems invisible, we underestimate the resources it takes to keep it all alive. The data centers dotting the globe, colloquially known as “server farms,” are major power users with considerable carbon footprints. Such huge clusters of servers not only require power to run but must also be cooled. In the United States, it’s estimated that server farms, which house Internet, business and telecommunications systems and store the bulk of our data, consume close to 3 percent of our national power supply. Seventy percent of the digital universe is generated by individuals as we browse, share, and entertain ourselves. And the growth rate of this digital universe is stunning to contemplate. The current volume estimate of all electronic information is roughly 1.2 zettabytes, the amount of data that would be generated by everyone in the world posting messages on Twitter continuously for a century. That includes everything from e-mail to YouTube. More stunning: 75 percent of the information is duplicative. By 2020, experts estimate that the volume will be 44 times greater than it was in 2009. There finally may be, in fact, T.M.I. Proliferating information takes a human toll, too, as it becomes more difficult to wade through the digital detritus. We’re all breeding (and probably hoarding) electronic information. Insensitive to our data-propagating power, we forward a joke on a Monday that may produce 10 million copies by Friday — probably all being stored somewhere. Despite the conveniences our online lives provide, we end up being buried by data at home and at work. An overabundance of data makes important things harder to find and impedes good decision-making. Efficiency withers as we struggle to find and manage the information we need to do our jobs. Estimates abound on how much productivity is lost because of information overload, but all of them are in the hundreds of millions of dollars yearly. In the corporate realm, companies stockpile data because keeping it seems easier than figuring out what they can delete. This behavior has hidden costs and creates risks of security and privacy breaches as data goes rogue. In addition, large corporations face eye-popping litigation costs when they search for information that may be evidence in a lawsuit — so-called e-discovery — that can add up to millions of dollars a year. Cases are often settled because it’s cheaper to just pay up. With so many resource challenges facing them, most companies postpone the effort and cost of managing their data. http://www.nytimes.com/2011/03/13/opinion/13podolny.html?_r=1&partner=rssnyt&emc=rss [Editor: Every page on www.knowconnect.com carries varying superscript tag-lines, like “Can we find what we need, just when we need it?” or “Could we save less information, and find more?”. Knowledge management addresses some of these challenges; click on one of these superscripts for more detail.]

As Law Student Readies Reverse Auction Site, Law Bloggers React to ‘eBay’ of Lawyering (ABA Journal, 14 March 2011) - Niznik’s graduation musings led him to contemplate the plight of indebted law students struggling to find jobs in a bleak economic climate as well as the expensive and largely inaccessible nature of the legal profession. His answer to both issues is at once goofy and serious. The New York Law School student founded Shpoonkle, a playfully named website that allows attorneys and law firms to bid on legal requests submitted by clients. The service is free for now, but Niznik said attorneys may be charged membership fees in the future. Though it has yet to officially launch, lawyers and clients have already started joining the site. According to Niznik, more than 20 attorneys joined Shpoonkle since the site opened Tuesday, and membership numbers are increasing daily. The idea behind Shpoonkle is relatively simple: Clients can sift through offers made by attorneys and pick the one that suits their budget. “Privacy shouldn’t be a concern” because only lawyers can view cases posted on the site, Niznik said. Shpoonkle’s motto is “Justice You Can Afford!” but it may not be the kind of justice some attorneys are willing to embrace. Last week, as news of the legal service hit the blogosphere, some law blogs disparaged the website, mocking everything from its name to its purpose. On his New York criminal defense blog Simple Justice, Scott Greenfield said, “Any lawyer who signs up for this service should be immediately disbarred, then tarred and feathered, then publicly humiliated.” Calling the site the “eBay of lawyering,” Greenfield argues the service will lower the integrity of the legal profession. http://www.abajournal.com/news/article/new_york_law_school_student_to_launch_reverse_auction_site/?utm_source=maestro&utm_medium=email&utm_campaign=weekly_email [Editor: reminds me of eLaw.com (Austin, Texas), and their early work in 2002.]

What Auditors Are Saying About Compliance And Encryption (Dark Reading, 15 March 2011) - In more than half of the audits they have conducted, both internal IT security and external auditors say the companies either failed or had serious deficiencies in their security compliance. And more than half say organizations are employing encryption purely for compliance reasons, according to a new report. The Ponemon Institute’s “What Auditors Think About Crypto” report, commissioned by Thales, is based on a survey of more than 500 auditors. Nearly half of them believe that audits and assessments should be mainly for rooting out risks and vulnerabilities, 42 percent say it should be for determining compliance for internal policies, and 34 percent say it should be for checking compliance with regulatory and legal mandates. http://www.darkreading.com/database-security/167901020/security/encryption/229301041/what-auditors-are-saying-about-compliance-and-encryption.html Report here: (requires registration) -- from the report itself:
“Following are some of the most salient findings of this research.
·      A large number of respondents say their organizations are not taking data security seriously, and may not be allocating enough resources to achieve a reasonable state of compliance with laws and regulations, as well as a high security posture.
·      In the world of compliance, business units rather than legal, IT or compliance, own the budget and thus determine whether or not to invest in audits.”

Web Host Liable For Contributory Infringement (Law.com, 15 March 2011) - A South Carolina jury’s recent $770,750 verdict against Bright Builders Inc. marks the first time a Web-hosting company has been found liable for contributory infringement without actual notice that a customer’s Web site lists fake products for sale. South Carolina District Judge Margaret Seymour’s March 14 judgment in Roger Cleveland Golf Company Inc. v. Prince followed the jury’s March 10 verdict. The jury returned a $28,250 statutory damages verdict against Web site owners Christopher Prince and Prince Distribution LLC for trademark counterfeiting and infringement. The verdict included damages against both sets of defendants for violating the South Carolina Unfair Trade Practices Act. The jury found that Bright Builders and Prince were both liable for Prince’s copycatclubs.com Web site, which sold counterfeit Cleveland Golf clubs. The total judgment was based on the Prince defendants’ infringement of 11 Cleveland Golf registered trademarks, plus post-judgment interest. According to court papers, Prince’s Web site claimed to be “your one stop shop for the best copied golf clubs on the Internet.” Cleveland Golf originally filed suit against the Prince defendants because the Web site name and its claims were so brazen, said Christopher Finnerty, a Boston partner at Columbia, S.C.-based Nelson Mullins Riley & Scarborough and lead counsel on the case. “Usually, there’s a little cloak and dagger when counterfeit goods are sold online,” Finnerty said. “Their Web sites don’t usually advertise that they’re selling counterfeit goods.” The plaintiffs discovered Bright Builders’ role during its deposition of Prince and filed an amended complaint naming the company as a defendant, Finnerty said. For other Internet intermediaries, the ruling means that once they know or should have known that their customers are selling infringing goods, “they can’t remain willfully blind and wait for the brand owner to provide notice,” Finnerty said. http://www.law.com/jsp/nlj/PubArticleNLJ.jsp?id=1202486298897

New Site Offers Free Video ‘Nuggets’ of CLE (Robert Ambrogi, 16 March 2011) - At the ACLEA annual meeting last summer, I gave a plenary talk, “10 Ways Technology is Rewiring Lawyers’ Brains … and What it Means for CLE.” Several times during that talk, when I wanted examples of online CLE sites that were engaged in social media, that were transparent about their products and pricing, that understood the concept of delivering value, and that highlighted consumer feedback and ratings, I kept coming back to one provider, Lawline.com. Again last month, I wrote about this company when it became the first CLE provider to offer video courses via a mobile phone. Now it has unveiled another feature that shows it to be a step ahead of the social media curve. This time, it has launched a completely free e-learning website for lawyers, Learn.Lawline.com. Borrowing from the hundreds of hours of video content Lawline has created, the site breaks up these videos into mini lessons that answer specific questions. Rather than sit through an entire CLE course, you can spend just a few minutes watching the segment that speaks to the particular issue you’re interested in. Perhaps you want a quick refresher on what constitutes an employee at will. Or you want to hear about the jurisdictional issues in setting up an online business. Or maybe you want to review the qualifications for an H1-B visa. There are hundreds of these to choose from. Of course, Lawline is a commercial enterprise, so it is not giving away all of every course. Rather, it has extracted from each course what it describes as the “golden nuggets” of information. Depending on the course, this can range from five short clips to more than 30. If at any point you decide that you want to purchase the full course, you can, of course, do that. Each “nugget” includes social media tools that allow you to share or e-mail the clip or embed it in a web page or blog post. Also, each short video is shown on a page that includes the relevant slides from the course presentation. http://via.pulsene.ws/15tvn [Editor: I’d appreciate hearing from users of this site.]

Righthaven Loses Second Fair Use Ruling Over Copyright Lawsuits (Las Vegas Sun, 18 March 2011) - An Oregon nonprofit did not infringe on copyrights when it posted without authorization an entire Las Vegas Review-Journal story on its website, a judge ruled Friday. U.S. District Judge James Mahan said during a hearing he planned to dismiss, on fair use grounds, a copyright infringement lawsuit filed against the Center for Intercultural Organizing (CIO), in Portland, Ore. The lawsuit was filed last year by Righthaven LLC of Las Vegas, the Review-Journal’s copyright enforcement partner that also enforces copyrights for the Denver Post. Mahan, who last year raised the fair use issue in the CIO case without being prodded to do so by CIO attorneys, said the copyright lawsuit would be dismissed because the nonprofit used it in an educational way, the CIO didn’t try to use the story to raise money and because the story in question was primarily factual as opposed to being creative. The judge also found there was no harm to the market for the story. Separately, Righthaven on Thursday filed at least its 250th lawsuit since March 2010. The latest suit, filed in U.S. District Court for Colorado, is over the Denver Post TSA pat-down photo. This brings to at least 46 the number of lawsuits over that photo. http://www.lasvegassun.com/news/2011/mar/18/righthaven-loses-second-fair-use-ruling-over-copyr/

Crowdsourcing the Preservation of U.S. War Papers (ReadWriteWeb, 18 March 2011) - The Center for History and New Media at George Mason University has joined forces with crowdsourcing document outfit Scripto, open source document transcription tool, to transcribe and share a piece of U.S. history thought to be lost. The project “Papers of the War Department, 1784-1800“ seeks to transcribe and digitize copies of papers from a formative part of American history, previously thought to be lost to fire. Projects like these rarely suffer from a surfeit of funding, so using Scripto to coordinate a crowdsourced transcription has made the project possible. The collection consists of 45,000 documents consisting of hundreds of thousands of individual pages from the records of what later came to be known as the Department of Defense. Volunteers register to become a Transcription Associate and then can browse to select whichever document they wish to transcribe or search the collection if they have particular interests. In addition to making it financially feasible, letting the public take a hand in such a project has the benefit of bringing history close to the volunteer and turning that volunteer into an evangelist for the importance of history to contemporary life. Also, it gives the historians involved a sense, as the documents are transcribed, for what the public finds the most compelling. The project is funded by the National Historical Publications & Records Commission of the National Archives and the National Endowment for the Humanities’ Office of Digital Humanities. http://www.readwriteweb.com/archives/crowdsourcing_us_war_papers.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+readwriteweb+%28ReadWriteWeb%29&utm_content=Google+Reader

Chin Decides Google Books Settlement Would ‘Go Too Far’ (NLJ, 23 March 2011) - Google’s attempt to build the world’s biggest digital library was sidetracked yesterday as a federal judge rejected a settlement between the Internet giant and authors and publishers who sued for copyright infringement. Judge Denny Chin said the settlement, which was reached in 2008 to resolve two lawsuits challenging the mass scanning of books and the display of “snippets” for online searching “would simply go too far.” The deal “would grant Google significant rights to exploit entire books, without the permission of the copyright owners,” said Judge Chin, a former Southern District judge who kept the case when he was elevated to the Second Circuit. “Indeed, the Amended Settlement Agreement would give Google a significant advantage over competitors, rewarding it for engaging in wholesale copyrighted works without permission, while releasing claims well beyond those presented in the case.” However, the judge said that many of his concerns could be addressed if the amended agreement was “converted from an ‘opt-out’ settlement to an ‘opt-in’ settlement” and he urged the parties to consider that as they return to negotiations. A central problem, Judge Chin said, was that the settlement “would transfer to Google certain rights in exchange for future and ongoing arrangements including the sharing of future proceeds, and it would release Google (and others) from liability for certain future acts.” The Justice Department submitted a statement of interest calling it an “attempt to use the class action mechanism to implement forward-looking business arrangements that go far beyond the dispute before the Court in this litigation.” Judge Chin said he was bothered because figuring “a mechanism for exploiting unclaimed books is a matter more suited for Congress than this court.” As for the concern that the settlement would release claims that go far beyond the pleadings, the judge made clear the case was brought to challenge “snippets” for online searching, with Google arguing it was fair use to make small portions of the works available through search requests. “The case was about the use of an indexing and searching tool, not the sale of complete copyrighted works,” he said. http://www.law.com/jsp/nylj/PubArticleNY.jsp?id=1202487454956&slreturn=1&hbxlogin=1

Spot Me If You Can: Uncovering Spoken Phrases In Encrypted VoIP Conversations (Paper by Johns Hopkins’ Charles Wright et al., March 2011) – Abstract: Despite the rapid adoption of Voice over IP (VoIP), its security implications are not yet fully understood. Since VoIP calls may traverse untrusted networks, packets should be encrypted to ensure confidentiality. However, we show that when the audio is encoded using variable bit rate codecs, the lengths of encrypted VoIP packets can be used to identify the phrases spoken within a call. Our results indicate that a passive observer can identify phrases from a standard speech corpus within encrypted calls with an average accuracy of 50%, and with accuracy greater than 90% for some phrases. Clearly, such an attack calls into question the efficacy of current VoIP encryption standards. In addition, we examine the impact of various features of the underlying audio on our performance and discuss methods for mitigation. http://cs.unc.edu/~fabian/papers/oakland08.pdf

Cornell Library Rejects Non-Disclosures On Journal Pricing; Will Reveal All Prices (TechDirt, 25 March 2011) - One of the more pernicious areas of locking up knowledge that we’ve seen and discussed involves academic journals. These tend to involve private publishers who get a tremendous amount of completely free labor in terms of content submissions and even reviewers/editors... and then demand the copyrights of the research, while charging universities ridiculously high fees. Those publishers have also gone to great lengths to try to block the US government from trying to make federally funded research available to the public at no cost after a limited amount of time. And, of course, the journals often rely on secrecy to get the most money -- including requiring universities to sign non-disclosure agreements (NDAs) that forbid them from revealing how much they’re paying for a journal. 

It’s nice to see some universities really starting to push back, and it’s even nicer when it’s a university that I attended and from which I received two degrees. My sister informs me that Cornell University has decided to take a stand and is refusing to sign any NDAs from various journals, and will make the prices they’re being charged for such journals public. As the University made clear in a statement about this policy, it feels these agreements go against the basic nature of openness and fairness * * * http://www.techdirt.com/articles/20110323/02473713592/cornell-library-rejects-non-disclosures-journal-pricing-will-reveal-all-prices.shtml

The Deplorable State of Law Firm Security (Sharon Nelson, 25 March 2011) - In our most recent Digital Detectives podcast for Legal Talk Network, John and I were happy to welcome Rob Lee, a Director with the information security firm Mandiant and the curriculum lead for digital forensic training at the SANS Institute, to discuss the deplorable state of law firm security. It resonated with us that Rob believes that law firm security is about five years behind the rest of the business world. That may be kind. Certainly we’ve never done a law firm security assessment without finding significant vulnerabilities and Rob’s experience has been the same. He talks extensively about Advanced Persistent Threats, the concept of defense in depth and the importance of security assessments. As he notes, hacking into law firms is so easy that the Chinese don’t even waste their “A” teams on it – the junior rookie squads can handle it. The attitude of many law firms is that “it can’t happen here.” What’s amazing is how many times it already has. If you’re interested in law firm security, Rob offers a wealth of information in this podcast - our thanks for his willingness to share his knowledge! http://RideTheLightning.senseient.com/2011/03/the-deplorable-state-of-law-firm-security.html

**** NOTED PODCASTS ****
The MIRLN podcasts now are on iTunes -- http://itunes.apple.com/us/podcast/mirln/id424352330 or search for “MIRLN”. You can also find them at http://www.knowconnect.com/mirln/podcast/, and an RSS feed is available. MIRLN 14.04 podcast: “Cybersecurity” (17 March 2011; 10 minutes) - Discussion of recently reported attacks on high-profile companies like GE, Sony, Johnson & Johnson, and the implications for cyber-integrity and data governance.

Susan Landau on Surveillance or Security? The Risks Posed by New Wiretapping Technologies (Berkman Center, 8 March 2011; 64 minutes) - The reliance of business and commerce on IP-based networks leaves the U.S. highly exposed and vulnerable to cyberattack, yet U.S. law enforcement remains focused on building wiretapping systems within communications infrastructure. By embedding eavesdropping mechanisms into communications technology itself, we build tools that could easily be turned against us. In this talk based on her new book, Susan Landau — currently a fellow at the Radcliffe Institute for Advanced Study at Harvard — asks: In a world that has Al-Qaeda, nation-state economic espionage, and Hurricane Katrina, how do we get communications security right? http://blogs.law.harvard.edu/mediaberkman/2011/03/08/book-talk-susan-landau-on-surveillance-or-security-the-risks-posed-by-new-wiretapping-technologies-audio/ [Editor: Superb, comprehensive discussion of IP infrastructure implications for communications security, ranging from EPCA to CALEA to FISA, from the FBI to the NSA to Northrop Grumman to Ericson, from the US to Greece to France to China – really terrific.] See also Susan Landau’s testimony before the House Judiciary Committee, Subcommittee on Crime, Terrorism, and Homeland Security on government eavesdropping. http://judiciary.house.gov/hearings/hear_02172011.html

Data Privacy - EPCA Revisited (Stanford CIS, 24 Jan 2011) - Does the Fourth Amendment protect the privacy of your webmail? Does the government have to get a search warrant before tracking the location of your phone? What are the latest electronic privacy developments in courts and in Congress? In connection with Data Privacy Day 2011, two experts will discussed the state of electronic communications law. Kevin Bankston, senior staff attorney at the Electronic Frontier Foundation, discussed recent cases he has litigated involving the Electronic Communications Privacy Act—the decades—old law that regulates electronic communications privacy—and EFF’s efforts as part of the “Digital Due Process” Coalition to update that law for the 21st century. Susan Freiwald, Professor of Law at University of San Francisco School of Law, focused on the constitutional tensions underlying these current debates over online and wireless communications privacy, with a special focus on her work defending the locational privacy of cell phone users and privacy in stored email. http://cyberlaw.stanford.edu/podcasts/20110124_CIS_DataPrivacy.mp3 [Editor: very useful discussion–aside from Prof. Freiwald’s annoying habit of constant, albeit useful, interruptions–of the history behind EPCA/SCA and geo-tracking; I’d love to hear the other side of the issue presented as thoroughly as in this presentation. The discussion of the Warshak case illuminates the MIRLN podcast 14.02 - http://www.knowconnect.com/mirln/podcast/]

**** RESOURCES ****
WIPO Launches New On-line Tool to Facilitate Brand Searche (WIPO, 8 March 2011) - A new on-line tool launched by WIPO on March 8, 2011, will make it easier to search over 640,000 records relating to internationally protected trademarks, appellations of origin and armorial bearings, flags and other state emblems as well as the names, abbreviations and emblems of intergovernmental organizations. The Global Brand Database allows free of charge, simultaneous brand-related searches across multiple collections. At present, the Global Brand Database search interface allows users to access three WIPO databases – international trademarks registered under the Madrid system for the international registration of marks; appellations of origin registered under the Lisbon system for the international registration of appellations of origin; and armorial bearings, flags and other state emblems as well as the names, abbreviations and emblems of intergovernmental organizations protected under Article 6ter of the Paris Convention for the Protection of Industrial Property – by means of one simple, user-friendly screen. http://www.wipo.int/pressroom/en/articles/2011/article_0007.html?sms_ss=twitter&at_xt=4d78e161e3a66511,0

**** FUN ****
Cleveland Browns Lawyer Letter Is Apparently Real (Lowering the Bar, 18 March 2011) - Occasionally you do come across things that seem just too good to be true, and like others I was suspicious of this correspondence that circulated recently. As you may recall, this purports to be (1) a 1974 letter from a lawyer and Cleveland Browns season-ticket holder threatening to sue the team if any person in his party sustained an injury from “the sailing of paper airplanes” by unruly fans, and (2) a rudely hilarious (or hilariously rude) response to this ridiculous threat, sent by the team’s general counsel. Turns out that the Cleveland Plain Dealer followed up on this, and managed to reach both of the people involved, who said that both the letters were real. This was good enough for the professional urban-legend checkers at snopes.com, so it’s good enough for me. The general counsel, James Bailey, now lives in San Diego. Bailey also confirmed he had copied Art Modell, the team’s owner, on the letter, which might not have been the best idea. “I should have been more cautious,” Bailey said. “After I wrote it, I heard about it right away from Art. He said something like, ‘What the hell are you doing?’ He was not a guy lacking passion.” The complainer, Dale Cox, has since moved to Idaho but is still practicing law (and, he says, is still a Browns season-ticket holder, which might show his judgment has not improved). He told the Plain Dealer he wasn’t mad about the response and that in fact he “thought it was pretty cool.” Whether he’s remembering that correctly or just doesn’t want to seem like a sore loser now, that’s the right response. He also claimed to have “used that letter a couple times myself since,” but if he did, he did not provide details. I came across a couple of posts suggesting that Mark Twain originally came up with this idea, but if he did, I couldn’t find it; and it would probably be public domain and/or fair use anyway, if like Mr. Cox you wanted to use this yourself. http://www.loweringthebar.net/2011/03/cleveland-browns-lawyer-letter-is-apparently-real.html

FBI Surveillance near ABA? -- see http://www.flickr.com/photos/16626231@N00/5551407594/ for a screen shot of nearby WiFi networks I took while at the ABA on 22 March 2011.

**** LOOKING BACK - MIRLN TEN YEARS AGO ****
FBI’S CYBERCRIME INFO-SHARING (Wired News, 5 Jan. 2001) The FBI announced Friday the completion of a program that seeks to combat cybercrime by encouraging companies to share information about Internet attacks they have experienced. Participating companies and the FBI would use encrypted e-mail and a secure website to warn each other about new hacking attempts, computer viruses and other Internet-based criminal activity. By encouraging communication among tech companies, the FBI hopes to reduce the impact of Internet crime, which according to one estimate takes a $1.6 trillion bite annually out of the global economy. http://www.wired.com/news/politics/0,1283,41030,00.html

PENTAGON BAFFLED BY HACKER FILE THEFTS (Commerce Times, 7 May 2001) -- A hacking group, most likely Russian-based, has stolen thousands of files in consistent attacks over the past three years from the Pentagon and other government agencies, according to an article written by a National Security Agency (NSA) consultant. The sophisticated attempts amount to “the most persistent and serious computer attack against the United States to date,” wrote James Adams. The attacks were first detected in March 1998, Adams reports, and have been investigated extensively since then in a project code-named Moonlight Maze. After researchers traced the attacks to seven Russian Internet addresses, a complaint was filed with

**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line. Unsubscribe by sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln. Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu
2. InsideHigherEd - http://www.insidehighered.com/
3. SANS Newsbites, sans@sans.org
4. NewsScan and Innovation, http://www.newsscan.com
5. BNA’s Internet Law News, http://ecommercecenter.bna.com
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/
10. Law.com
11. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

Saturday, March 05, 2011

MIRLN --- 13 Feb - 5 March 2011 (v14.03)


**** MIRLN PODCASTS ****
Announcing the MIRLN podcast -- a companion to the MIRLN e-newsletter, MIRLN podcasts will dig into various topics. They are hosted at http://www.knowconnect.com/mirln/podcast/, and an RSS feed is available.

·      UK’s Advertising Authority Launches Ad Campaign to Prepare Business for New Online Marketing Regulation
·      California Supreme Court Says Zip Codes are PII
·      Wikileaks Wasn’t the Only Operation HBGary Federal, Palantir and Berico Planned to Defraud
o   Complaint Accuses Hunton & Williams of Dirty Tricks
·      Class Action Lawsuit Filed Against Coach Over Bogus Takedowns, Trademark Bullying
·      ANSI Critical Issue: Copyright in Standards
·      CIA Lawyer: How I Issued Drone ‘Death Warrants’
·      Employer Had No Duty to Safeguard Information
·      Microsoft To Finally Let Companies Use Others’ Trademarks As Search Triggers
·      Fashion Designer Derek Lam Unveils Crowd-Selected Collection for eBay
o   Uncle Sam Wants YOU to Design a Military Rescue Vehicle
·      This is the Creepy, Super Cool Future of Smartphones & Social Networks
·      Court Says Metadata Should Be Released Under Freedom Of Information Act Request
·      Millennium Park Garden Deemed Not Copyrightable, Because Gardens Are Not Authored
o   Mardi Gras Indians Still Trying To Copyright Costumes
o   Did Watson Succeed On Jeopardy By Infringing Copyrights?
·      New Hacking Tools Pose Bigger Threats to Wi-Fi Users
·      Should Employers Be Allowed to Ask for Your Facebook Login?
·      HHS Imposes a $4.3 Million Civil Money Penalty for Violations of the HIPAA Privacy Rule
·      Curating Of Legal Social Media
·      Savvy Louisiana Ruling on Metatags--Southern Snow v. Snowizard
·      Judge Nixes Motion to Compel Witness in Drug Case, But OKs Unusual Alternative: Skype
·      Exxon, Shell, BP Said to Have Been Hacked Through Chinese Internet Servers
·      A Limit on Lending E-Books
o   A Library Written in Disappearing Ink
·      “Consumer Reviews of Doctors and Copyright Law” Talk Notes
·      New Survey Asks Lawyers about E-Discovery and Hosting in the Cloud
·      DHS Seeks Systems For Covert Body Scans, Documents Show
·      An iPad 2 LMS Fantasy

NEWS | PODCASTS | RESOURCES | LOOKING BACK | NOTES

UK’s Advertising Authority Launches Ad Campaign to Prepare Business for New Online Marketing Regulation (ASA, 17 Jan 2011) - The Advertising Standards Authority (ASA) is today launching a cross-media ad campaign (outdoor, radio, press, online) to raise awareness of the fact that its remit is being extended to cover marketing on websites from 1 March 2011. From 1 March, marketing communications on companies’ own websites and in other third party space under their control, such as Facebook and Twitter, will have to adhere to the non-broadcast advertising rules as set out in the CAP Code. The ad campaign seeks to raise awareness of the ASA’s extended remit and calls on companies to ensure marketing messages on their websites are legal, decent, honest and truthful. It also encourages business to make sure their websites comply by seeking help and advice. To help businesses and website owners, the Committee of Advertising Practice (CAP), the industry body that writes the Advertising Codes, offers a full range of training and advice resources. Businesses and agencies are urged to sign up to CAP Services to ensure they are up-to-speed with how the extended remit will impact on them and how they can avoid being in breach of the rules. http://www.asa.org.uk/Media-Centre/2011/ASA-launches-ad-campaign-to-prepare-business.aspx

California Supreme Court Says Zip Codes are PII (Information Law Group, 11 Feb 2011) - Thinking hard about how business and consumer interests can be harmonized by effective and privacy/security-friendly policies and practices? We thought so. Worried that zip codes might be treated as personal information in this country? Probably not. All that may be changing. In a ruling already attracting criticism and attention from some high profile privacy bloggers, the California Supreme Court ruled Thursday, in Pineda v. Williams-Sonoma, that zip codes are “personal identification information” for purposes of California’s Song-Beverly Credit Card Act, California Civil Code section 1747.08, reversing the Court of Appeal‘s decision that we discussed last year. For those of you who may be wondering, yes - the statute provides for penalties of up to $250 for the first violation and $1,000 for each subsequent violation, and does not require any allegations of harm to the consumer. California has already seen dozens, if not hundreds, of class action lawsuits around the Song-Beverly Credit Card Act. The Court’s interpretation of “personal identification information” as including zip codes is likely to spark a new round of class action suits. California retailers should carefully consider the Pineda decision in crafting and updating their personnel policies and training programs with respect to collection of information during credit card transactions. http://www.infolawgroup.com/2011/02/articles/lawsuit/california-supreme-court-says-zip-codes-are-piireally-as-california-goes-so-goes-the-nation-part-two/#more

Wikileaks Wasn’t the Only Operation HBGary Federal, Palantir and Berico Planned to Defraud (TechDirt, 11 Feb 2011) - By now the exposed plan of HBGary Federal, Palantir and Berico to attack Wikileaks and its supporters through fraud and deception, in order to help Bank of America, has been discussed widely. However, the leaked HBGary Federal emails suggest that this sort of plan involving these three companies had been used elsewhere. Apparently the US Chamber of Commerce had approached the same three firms to plan a remarkably similar attack on groups that oppose the US Chamber of Commerce. 

That leaked plan (embedded below) includes a similar plan to create fake documents and give them to these groups to publish, with the intent of “exposing” them later, to raise questions about their credibility. The reason HBGary Federal, Palantir and Berico were even talking to BofA in the first place was because BofA contacted the Justice Department to ask what to do about Wikileaks, and the Justice Department turned them on to the law firm of Huntoon [sic] and Williams, who was instrumental in arranging both of these proposals. http://www.techdirt.com/articles/20110211/11342913057.shtml [Editor: see earlier story in MIRLN 14.02; see also http://legaltimes.typepad.com/blt/2011/02/e-mail-hunton-williams-expected-huge-gains.html which asserts that Hunton possibly was pursuing this activity as part of a business plan. All in all, a cautionary tale for law firms.]

- it gets worse -

Complaint Accuses Hunton & Williams of Dirty Tricks (BLT, 24 Feb 2011) - Three Hunton & Williams partners face an ethics complaint before the D.C. Bar after the release of e-mails saying they worked on an effort to undermine liberal activists. The organization Stop the Chamber says it filed the complaint on Wednesday. Stop the Chamber, a critic of the U.S. Chamber of Commerce, was among the groups targeted by the security companies that Hunton & Williams worked with, according to e-mails. The 14-page complaint (PDF) accuses the three Hunton & Williams lawyers of violating Rule 8.4 of the D.C. Rules of Professional Conduct. The rule prohibits misconduct including conduct “involving dishonesty, fraud, deceit, or misrepresentation.” The lawyers violated the rule, says the complaint, when they collaborated with the three security companies on a project to gather information on and to undercut the Chamber’s critics. In November, the e-mails say, the companies’ employees discussed covert ways to “discredit” the union-backed U.S. Chamber Watch, including the creation of a forged document and “fake insider personas.” Hunton & Williams has declined to comment on the more than 71,000 e-mails, which hackers took after breaking into the servers of a potential Hunton & Williams subcontractor. A message left today with a firm spokeswoman was not immediately returned. The three lawyers targeted by the complaint are all partners in the firm’s Washington office: Robert Quackenboss, John Woods and Richard Wyatt Jr. http://legaltimes.typepad.com/blt/2011/02/complaint-accuses-hunton-williams-of-dirty-tricks.html [Editor: Hunton’s participation mentioned on 24 Feb by Glenn Greenwald on Colbert Report -- http://www.colbertnation.com/the-colbert-report-videos/375429/february-24-2011/corporate-hacker-tries-to-take-down-wikileaks---glenn-greenwald]

Class Action Lawsuit Filed Against Coach Over Bogus Takedowns, Trademark Bullying (TechDirt, 14 Feb 2011) - We’ve seen so many cases of trademark bullying, and it’s so rare to see people fight back, that it’s interesting to see it happening -- and even more surprising to see it done as a class action suit. Eric Goldman points us to the news that this class action lawsuit has been filed against luxury goods maker, Coach, for apparently issuing takedowns to eBay for perfectly legitimate second-hand sales, while also threatening those who put up those items. I’ll let the lawsuit itself explain the basics: “Without investigating the validity of its allegations, Coach wantonly accuses consumers of infringing its trademarks by selling counterfeit Coach products. Coach apparently monitors online retailers such as E-Bay, looking for ads from consumers selling second hand Coach products. In response to such ads, Coach delegates a New York law firm to launch a threatening letter to the consumer. These letters accuse the consumer of trademark infringement, threaten legal action, and demand the immediate payment of damages to Coach in “settlement” of Coach’s threats. At the same time, Coach (or its New York law firm) informs the online retailer that infringing merchandise is being sold on its website. In many cases, this causes the online retailer to involuntarily remove the allegedly infringing ad, and to disable the consumer’s online account. This destroys any chance the consumer had to sell the Coach product second hand, and otherwise damages the consumer. In many cases (such as that of the lead plaintiff identified here), Coach’s allegations of infringement are flatly false. It appears that Coach fails to conduct even a minimally reasonable investigation into its counterfeiting claims before threatening legal action. For example, the lead plaintiff identified in this Complaint is a former Coach employee, who owned, and tried to sell, genuine and legitimate Coach products It was entirely legal for her to do so. Coach’s threats against her were false, reckless, and unwarranted.” http://www.techdirt.com/articles/20110211/21555413069/class-action-lawsuit-filed-against-coach-over-bogus-takedowns-trademark-bullying.shtml

ANSI Critical Issue: Copyright in Standards (Twitter posting by Carl Malamud on 14 Feb 2011) – References: “This ANSI position paper describes why voluntary consensus standards that are incorporated by reference into federal government regulations are copyright protected.” http://publicaa.ansi.org/sites/apdl/Documents/Forms/AllItems.aspx?RootFolder=%2fsites%2fapdl%2fDocuments%2fNews%20and%20Publications%2fCritical%20Issues%2fCopyright%20on%20Standards%20in%20Regulations&View=%7b21C60355%2dAB17%2d4CD7%2dA090%2dBABEEC5D7C60%7d and http://publicaa.ansi.org/sites/apdl/Documents/News%20and%20Publications/Critical%20Issues/Copyright%20on%20Standards%20in%20Regulations/Copyright%20on%20Standards%20in%20Regulation.pdf [Editor: it always irritated me that I had to pay to get a copy of ISO 27001 and other important security standards.]

CIA Lawyer: How I Issued Drone ‘Death Warrants’ (Wired, 14 Feb 2011) - You can expect to see at least two people inside the secret bunkers in Virginia where the CIA pilots its lethal drones over Pakistan. One controls the distant drone, his hand on a joystick, ready to fire off a missile at a target below. Another is a CIA lawyer, watching to ensure that the operator is within his rights to attack his target. Call it a “punctilious” method to avoid civilian casualties and legal hot water, as one of those lawyers recently did — or call it the bureaucratization of a shadow war. Tara Mckelvey gets a very rare peek inside the processes that go into the drone strikes, an undeclared air war that peaked last year at 118 missile firings, up from 33 in 2008. Her conclusion, published today in Newsweek, is that the operations ordering them are “multilayered and methodical, run by a corps of civil servants who carry out their duties in a professional manner.” But even the CIA’s former top lawyer, John Rizzo, is blunt about his involvement in what he calls “murder.” Rizzo told Mckelvey that the process works roughly like this: the CIA’s Counterterrorist Center maintains a team of ten lawyers, who compile evidence that a prospective target constitutes a threat to the U.S. If Rizzo outlined the threshold that the lawyers have to meet, Mckelvey doesn’t report what it is, nor does she explain who asks the lawyers to compile a case on a particular target. But the CIA’s general counsel vets the case before issuing what Rizzo, who held the job during the Bush and early Obama administrations, calls a “death warrant.” The president doesn’t review the targeting list. What the CIA lawyers are reviewing the drone program for is a mystery. Some law professors contend that the very involvement of CIA civilians or contractors in an inherently military program like the drone strikes make their pilots “unlawful combatants,” as Georgetown’s Gary Solis tells Mckelvey. http://www.wired.com/dangerroom/2011/02/behind-the-drones-lots-of-bureaucracy/

Employer Had No Duty to Safeguard Information (Wolters Kluwer, 17 Feb 2011; subscription required) - A school district that inadvertently disclosed the personal information of 1,750 former employees was not liable for the disclosure because it had no statutory or common law duty to safeguard the information, an Illinois appellate court has held. The former employees received an insurance enrollment list sent on behalf of the school district that contained the names of all 1,750 former employees, along with their addresses, Social Security numbers, marital status, medical and dental insurers and health insurance plan information. After learning of the disclosure, the school district sent a letter to the employees asking them to return the list or destroy it and offered one year of free credit protection insurance. The employees brought a class action suit against the school district, alleging violations of various state laws and negligence. The employees argued that the school district owed a statutory duty to safeguard their personal information under the Health Insurance Portability and Accountability Act (HIPAA) and Illinois Personal Information Protection Act. The court, however, determined that the school district had no statutory duty to safeguard the employees’ personal information. Although the Health Insurance Portability and Accountability Act (HIPAA) prohibits the disclosure of an individual’s identifiable health information, health records held by a covered entity in its role as an employer are excluded from HIPAA protection. Because the school district was acting in its role as an employer, its actions were outside the HIPAA protections. Moreover, the Personal Information Protection Act did not create a statutory duty to safeguard the employees’ personal information. The Act requires that any data collector notify an owner of personal information if there is a breach of data security. The court determined that the Act did not create a separate duty to safeguard the information. Cooney v. Chicago Public Schools (IllAppCt) at ¶100-519

Microsoft To Finally Let Companies Use Others’ Trademarks As Search Triggers (MediaPost, 16 Feb 2011) - In a major change in policy, Microsoft has decided to allow marketers to use other companies’ trademarks to trigger search ads. “To come in line with search industry practices, as of March 3rd, Microsoft will cease editorial investigations into complaints about trademarks used as keywords to trigger ads on Bing & Yahoo Search in the United States and Canada,” the company says. The change was first reported by Santa Clara University law professor Eric Goldman. Google has allowed trademarks to trigger search ads since 2004. While the move troubled some trademark owners -- and even sparked a few lawsuits -- it seems to have been good for Google’s growth. What’s more, Google has prevailed in court in the few cases that went to trial. Back in 2004 Geico lost a lawsuit alleging that its trademark was infringed when Google allowed Geico rivals to use its name to trigger search ads. The judge in that case ruled that Geico hadn’t proven that consumers were confused by this use of its trademark. More recently, a federal judge in Alexandria, Va. dismissed a similar trademark infringement lawsuit by Rosetta Stone against Google. Rosetta Stone appealed that decision to the 4th Circuit, which is considering the matter. http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=145191

Fashion Designer Derek Lam Unveils Crowd-Selected Collection for eBay (Mashable, 16 Feb 2011) - Upscale fashion designer Derek Lam unveiled Wednesday a new, 16-piece collection designed exclusively for eBay. The designs debuted simultaneously at Fashion Week headquarters in Lincoln Center and on ebay.com. Consumers are invited to view and cast votes for their favorite pieces, made from a combination of poplins, denim and printed georgette in simple, easy-to-wear designs, at dereklam.ebay.com. The five dresses with the greatest number of votes will then be produced and made available in sizes 0 to 16 for purchase on ebay.com in May. Each will cost between $125 and $295 — by no means cheap, but significantly more reasonable than the $1,000+ price tags attached to items in Lam’s primary collection. What’s unusual is not that Lam is producing a one-off collection for eBay – big-name designers like Vera Wang and Alber Elbaz of Lanvin have partnered with the likes of H&M and Target in similar initiatives in the past — but that consumers are getting a say in what part of the collection makes it to market. http://mashable.com/2011/02/16/derek-lam-ebay/

- and -

Uncle Sam Wants YOU to Design a Military Rescue Vehicle (FOX News, 23 Feb 2011) - Sure, you can drive it. But can you build it? The army’s secretive technology division has been collecting dozens of ideas for the design of its in-the-works rescue vehicle via a social-media contest -- relying solely on the power of the crowd to get the next big thing built. So perhaps the Defense Advanced Research Projects Agency (DARPA) will build the Armadillo, a vehicle with an extendable “tail” that creates more room in a back compartment for up to three injured war fighters to rest comfortably until they return to base for medical attention. As intriguing as these vehicles are, what’s cooler is the idea behind it: the potential for ordinary people to collaborate on something as important as a new military vehicle. Anyone at all can submit a design, draw over existing designs or provide in-depth comments for their creators to incorporate. Designs can then be adapted and resubmitted, up until the deadline. Local Motors of Chandler, Ariz., is running the competition, officially known as the Experimental Crowd-derived Combat-support Vehicle (XC2V) Design Challenge, through March 10. The military will judge the submissions and build a concept model from the winner in June. Such co-creation of vehicles, tapping into the power of the Internet to “crowd source” design, is the specialty of Local Motors, Rogers said. http://www.foxnews.com/scitech/2011/02/23/uncle-sam-wants-design-military-rescue-vehicle/

This is the Creepy, Super Cool Future of Smartphones & Social Networks (ReadWriteWeb, 17 Feb 2011) - There’s very little gray area on this one: You’re either completely excited by the potential for built-in facial recognition combined with smartphones and social networks, or your entirely creeped out and afraid for the future of the planet. The future is nearly here and I, for one, welcome our new overlords, who today come to us in the form of a Silicon Valley company called Viewdle that we first wrote about last October. Last October, Viewdle raised $10 million and told us that it’s primary function would be to assist with tagging photos on smartphones before they’re even uploaded to sites like Facebook, that way they wouldn’t get lost in the cloud. Today, however, Austin-based PSFK Salon writes that the company was out and about at the Mobile World Congress showing off a much deeper integration, wherein its visual analysis technology is used to link faces with social media. “Viewdle sits between the camera and the user analysing faces in the camera stream, identifying them, then offering links to Facebook, YouTube, LinkedIn, and other social media platforms. A user can identify and tag people in pictures & videos then pass the information to their social networks. As they tag others the software learns to recognize them, and can even share these new visual profiles with other users. The live view also offers an augmented reality tagging overlay that reveals information about the people around you.” According to Viewdle’s website, a number of implementations are on the way, from ViewdleFaces to ViewdlePlaces to ViewdleGames. For now, however, Viewdle Uploader - a desktop program - is the only thing available. Its mobile apps, which it says are coming soon, stand apart from other recognition programs with one big distinction. They do all of the facial recognition procession locally, on the device, instead of outsourcing that functionality to the cloud. http://www.readwriteweb.com/archives/this_is_the_creepy_super_cool_future_of_smartphone.php [Editor: the video in the article (here) is interesting. This could be great for people like me who are bad at recognizing faces; scary for people who read Orwell.]

Court Says Metadata Should Be Released Under Freedom Of Information Act Request (TechDirt, 17 Feb 2011) - Copycense points us to the fascinating news that a federal judge has ordered Immigrations and Customs Enforcement (ICE) to reveal the metadata on a document as part of a Freedom of Information Act (FOIA) request. ICE had responded to the FOIA request (apparently “after significant delay,”) but provided the content requested in an unsearchable PDF. The original requestor for the content, the National Day Laborer Organization, complained that this was unfair, and the information had to be supplied with metadata -- and the court agreed. The court also agreed that making the PDF unsearchable was not justified: “Metadata maintained by the agency as a part of an electronic record is presumptively producible under FOIA, unless the agency demonstrates that such metadata is not ‘readily producible.’” Sounds like some government employees are going to need to spend the next few weeks scrubbing metadata from documents. Wouldn’t want people to find out who really wrote various laws by looking at the metadata on Word docs, would we? As for the unsearchable format, the judge slammed ICE for clearly going out of its way to make the document “more difficult or burdensome for the requesting party to use,” in violation of standard discover rules. Nice to see that ICE has the time to purposely obfuscate records requested in a FOIA. http://www.techdirt.com/articles/20110214/01031613079/court-says-metadata-should-be-released-under-freedom-information-act-request.shtml

Millennium Park Garden Deemed Not Copyrightable, Because Gardens Are Not Authored (TechDirt, 17 Feb 2011) - Eric Goldman points us to a fascinating ruling concerning whether or not an artistic garden can be covered by copyright. The ruling itself (embedded below) is interesting for a variety of reasons. It goes over the basics of “moral rights” in US copyright in great detail. As most people know, for the most part, the US does not recognize moral rights -- even though the Berne Convention (which the US has tragically signed on to) requires it. Partly to get around this, the US did put in extremely limited moral rights for a very small subset of works, and part of this case revolves around that. 

An artist by the name of Chapman Kelley created an artistic wildflower garden in Chicago’s Millennium Park, which he often described as a “living painting.” Years later, after the wildflowers (which had been maintained by others) started to die off, the city of Chicago reduced the size of the garden and reconfigured it. In response, Kelley sued, claiming a violation of his “right of integrity.” 

The court goes through a nice discussion on the history of moral rights and copyright in the US and then overrules, partly, the lower court decision that found the garden to be a painting or statue, but not copyrightable because it lacked originality. The court agrees that the work should not qualify for such protections and is uncopyrightable, but not due to the originality argument (which the court says makes little sense). Instead, the appeals court points out something rather basic: copyright only applies to works that are “fixed in a tangible medium of expression.” And here it sees a big problem: a garden is not fixed. http://www.techdirt.com/articles/20110217/03034813151/millennium-park-garden-deemed-not-copyrightable-because-gardens-are-not-authored.shtml

-- and --

Mardi Gras Indians Still Trying To Copyright Costumes (TechDirt, 18 Feb 2011) - Last year, we wrote about the ridiculous situation down in New Orleans where the “Mardi Gras Indians” -- a group of New Orleans residents who create elaborate costumes for Mardi Gras -- were trying to copyright their outfits. Of course, as we’ve noted over and over again, clothing doesn’t get covered by copyright, but this group tried to claim that the costumes were really sculptures, and thus qualified for copyright protection. The key thing they were upset about was the fact that people were taking pictures of these costumes as they wore them during Mardi Gras. Think about that for a second. You create an elaborate costume for the sole purpose of showing it off at Mardi Gras... and then you start screaming copyright infringement because someone takes a photo? Really? 

NPR has an interview with one of the guys and the law professor who’s helping them try to secure these copyrights. In it, the law professor, Ashlye Keaton, suggests that the photographs represent a derivative work of the copyrighted costume. http://www.techdirt.com/articles/20110210/23572513051/mardi-gras-indians-still-trying-to-copyright-costumes.shtml

-- and --

Did Watson Succeed On Jeopardy By Infringing Copyrights? (TechDirt, 17 Feb 2011) - An anonymous tipster points us to a really interesting comment by Peter Hirtle on a Laboratorium.net post discussing Watson, the Jeopardy-playing computer, where he asks whether or not Watson infringes on copyrights: From IBM’s Watson Supercomputer Wins Practice Jeopardy Round in Wired Magazine: “Researchers scanned some 200 million pages of content -- or the equivalent of about one million books -- into the system, including books, movie scripts and entire encyclopedias.” It seems unlikely that IBM got permission to scan one million books. Can we expect soon a lawsuit from the Author’s Guild against IBM and the producers of Jeopardy! (which, after all, is profiting from this scanning)? http://www.techdirt.com/articles/20110217/11093713153/did-watson-succeed-jeopardy-infringing-copyrights.shtml

New Hacking Tools Pose Bigger Threats to Wi-Fi Users (NYT, 18 Feb 2011) - You may think the only people capable of snooping on your Internet activity are government intelligence agents or possibly a talented teenage hacker holed up in his parents’ basement. But some simple software lets just about anyone sitting next to you at your local coffee shop watch you browse the Web and even assume your identity online. Until recently, only determined and knowledgeable hackers with fancy tools and lots of time on their hands could spy while you used your laptop or smartphone at Wi-Fi hot spots. But a free program called Firesheep, released in October, has made it simple to see what other users of an unsecured Wi-Fi network are doing and then log on as them at the sites they visited. Without issuing any warnings of the possible threat, Web site administrators have since been scrambling to provide added protections. “I released Firesheep to show that a core and widespread issue in Web site security is being ignored,” said Eric Butler, a freelance software developer in Seattle who created the program. “It points out the lack of end-to-end encryption.” What he means is that while the password you initially enter on Web sites like Facebook, Twitter, Flickr, Amazon, eBay and The New York Times is encrypted, the Web browser’s cookie, a bit of code that that identifies your computer, your settings on the site or other private information, is often not encrypted. Firesheep grabs that cookie, allowing nosy or malicious users to, in essence, be you on the site and have full access to your account. More than a million people have downloaded the program in the last three months (including this reporter, who is not exactly a computer genius). And it is easy to use. The only sites that are safe from snoopers are those that employ the cryptographic protocol transport layer security or its predecessor, secure sockets layer, throughout your session. PayPal and many banks do this, but a startling number of sites that people trust to safeguard their privacy do not. You know you are shielded from prying eyes if a little lock appears in the corner of your browser or the Web address starts with “https” rather than “http.” http://www.nytimes.com/2011/02/17/technology/personaltech/17basics.html?_r=1

Should Employers Be Allowed to Ask for Your Facebook Login? (The Atlantic, 19 Feb 2011) - The American Civil Liberties Union has taken up the cause of a Maryland man who was forced to cough up his Facebook password during a job interview with the Department of Corrections in that state. According to an ACLU letter sent to the Maryland Department of Corrections, the organization requires that new applicants and those applying for recertifications give the government “their social media account usernames and personal passwords for use in employee background checks.” The ACLU calls this policy “a frightening and illegal invasion of privacy” and I can’t say that I disagree. Keep in mind that this isn’t looking at what you’ve posted to a public Twitter account; the government agency here could look through private Facebook messages, which seems a lot like reading through your mail, paper or digital. While it’s not surprising that some employers might want to snoop in your social media life, it strikes me as a remarkable misapprehension of what Facebook is to think that it should be wholly open for background investigations. Legally, things are probably more complex, but it seems commonsensical that carte blanche access to your communications should be off-limits. http://www.theatlantic.com/technology/archive/2011/02/should-employers-be-allowed-to-ask-for-your-facebook-login/71480/

HHS Imposes a $4.3 Million Civil Money Penalty for Violations of the HIPAA Privacy Rule (InsuranceNewsNet, 22 Feb 2011) - The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has issued a Notice of Final Determination finding that Cignet Health of Prince George’s County, Md., (Cignet) violated the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HHS has imposed a civil money penalty (CMP) of $4.3 million for the violations, representing the first CMP issued by the Department for a covered entity’s violations of the HIPAA Privacy Rule. The CMP is based on the violation categories and increased penalty amounts authorized by Section 13410(d) of the Health Information Technology for Economic and Clinical Health (HITECH) Act. In a Notice of Proposed Determination issued Oct. 20, 2010, OCR found that Cignet violated 41 patients’ rights by denying them access to their medical records when requested between September 2008 and October 2009. These patients individually filed complaints with OCR, initiating investigations of each complaint. The HIPAA Privacy Rule requires that a covered entity provide a patient with a copy of their medical records within 30 (and no later than 60) days of the patient’s request. The CMP for these violations is $1.3 million. During the investigations, Cignet refused to respond to OCR’s demands to produce the records. Additionally, Cignet failed to cooperate with OCR’s investigations of the complaints and produce the records in response to OCR’s subpoena. OCR filed a petition to enforce its subpoena in United States District Court and obtained a default judgment against Cignet on March 30, 2010. On April 7, 2010, Cignet produced the medical records to OCR, but otherwise made no efforts to resolve the complaints through informal means. OCR also found that Cignet failed to cooperate with OCR’s investigations on a continuing daily basis from March 17, 2009, to April 7, 2010, and that the failure to cooperate was due to Cignet’s willful neglect to comply with the Privacy Rule. http://insurancenewsnet.com/article.aspx?id=248887&type=newswires

Curating Of Legal Social Media (Kevin O’Keefe, 23 Feb 2011) - Bill Pollak, CEO of American Lawyer Media, shared more of his thinking on the curating of social media in a blog post this morning. “...I think ALM’s journalists can play in curating other people’s writings in order to help our audience find the most important, most meaningful or most interesting content available on the web. The fact is that the role of a good editor has never been more important -- the amount of information available to any one of us has become so overwhelming that having someone we trust do that curation for us could be quite valuable.” Pollak’s point is that a reporter can curate content from various social media sources, including Twitter, Facebook, Blogs, YouTube, and Flickr. http://kevin.lexblog.com/articles/social-media-1/ [Editor: the new MIRLN podcast 14.03 is apropos: “Social Media and Lawyers”]

Savvy Louisiana Ruling on Metatags--Southern Snow v. Snowizard (Eric Goldman, 24 Feb 2011) - Have I ever mentioned how much I hate metatags cases? They have led to some godawful rulings. But surprisingly, today’s opinion was quite refreshing. It’s just the iceberg tip of a litigation battle royale taking place among Louisiana manufacturers of shaved ice equipment and flavorings. Sno Wizards manufactures the trademarked “SnoWizard” shaved ice machine. The defendant in this ruling, Parasol, makes syrup for shaved ice and put the term “snow wizard” in its metatags. (I checked a few pages on Parasol’s website and couldn’t find the reference any more). Presumably, Parasol wants to tell shaved ice retailers to consider their syrup for shaved ice manufactured using Sno Wizards’ machine. Given that Sno Wizard also sells its own flavorings, it’s easy to speculate why Sno Wizard might object to Parasol’s efforts. Sno Wizard argued the trademark owner’s standard party line that use of its trademarks in someone else’s metatags is per se infringement; no further proof required. The court recaps the argument: “SnoWizard retorts that the cases applying Brookfield Communications recognize that the defendant’s use of the plaintiff’s mark in website metatags creates initial interest confusion and therefore constitutes trademark infringement and unfair competition as a matter of law.” From Sno Wizard’s standpoint, res ipsa loquitur. Fortunately, this judge digs deeper. Although the opinion is light on citations, it’s rich with wisdom. The court starts out with this winner: “It would be odd indeed for the law to require a plaintiff in an ordinary trademark infringement case to prove likelihood of confusion to the jury, yet to create a lighter burden where metatags are involved, given that with metatags the consumer never actually sees the trademark or knows that it is in use. Thus, the Court is persuaded that SnoWizard cannot passively assume that likelihood of confusion is established as a matter of law in this case.” http://blog.ericgoldman.org/archives/2011/02/savvy_louisiana.htm [Editor: Excellent analysis by Prof. Goldman; he’s really a pleasure to read.]

Judge Nixes Motion to Compel Witness in Drug Case, But OKs Unusual Alternative: Skype (ABA Journal, 24 Feb 2011) - After declining to require an out-of-state witness for the defense to testify in a drug-trafficking case, a leading Georgia judge found another way to allow the alibi witness to appear—Skype. Opposed by the prosecutor in the case, the Internet-based video-phone service allowed a Texas witness to testify from his home state, even though the defendant, Juan Salazar, couldn’t afford to compensate him for his travel costs, reports the Daily Business Review. While Douglas County Superior Court Chief Judge David Emerson then went on to sentence Salazar to 30 years, the defense was pleased with this evidentiary ruling, says attorney Arturo Corso of Corso Kennedy & Campbell in Gainesville, Ga. His client plans to appeal the conviction. A big-screen television made the witness almost life-size, and the technology allowed the prosecution to cross-examine the Texas witness almost as if he had been personally in the courtroom, according to the judge and defense counsel. http://www.abajournal.com/news/article/judge_nixes_motion_to_compel_witness_in_criminal_case_but_oks_unusual_alter/

Exxon, Shell, BP Said to Have Been Hacked Through Chinese Internet Servers (Bloomberg, 24 Feb 2011) - Computer hackers working through Internet servers in China broke into and stole proprietary information from the networks of six U.S. and European energy companies, including Exxon Mobil Corp., Royal Dutch Shell Plc and BP Plc, according to one of the companies and investigators who declined to be identified. McAfee Inc., a cyber-security firm, reported Feb. 10 that such attacks had resulted in the loss of “project-financing information with regard to oil and gas field bids and operations.” In its report, Santa Clara, California-based McAfee, assisted by other cyber-security firms, didn’t identify the energy companies targeted. The attacks, which it dubbed “Night Dragon,” originated “primarily in China” and occurred during the past three years. The list of companies hit, none of which disclosed the attacks in filings with regulators, also includes Marathon Oil Corp., ConocoPhillips and Baker Hughes Inc., according to the people who worked on or are familiar with the companies’ investigations and asked not to be identified because of the confidential nature of the matter. Chinese hackers broke into the computer network of Baker Hughes, said Gary Flaharty, spokesman for the Houston-based provider of advanced drilling technology. Baker Hughes concluded the incident didn’t need to be disclosed because it wasn’t material to investors, he said, declining to comment further. Hackers targeted computerized topographical maps worth “millions of dollars” that show locations of potential oil reserves, said Ed Skoudis, whose company, Washington-based InGuardians Inc., investigated two recent breaches of U.S. oil companies’ networks. He declined to name his clients or the origin of the hackers. http://www.bloomberg.com/news/2011-02-24/exxon-shell-bp-said-to-have-been-hacked-through-chinese-internet-servers.html [Editor: Oilfield services companies like Baker Hughes, Schlumberger, and Halliburton have been particularly attractive targets for this, because they handle oil reservoir information for most energy companies – all the eggs, in three baskets. See also http://www.bloomberg.com/news/2011-02-24/exxon-shell-bp-said-to-have-been-hacked-through-chinese-internet-servers.html]

A Limit on Lending E-Books (NYT, 27 Feb 2011) - A print book can be checked out of a library countless times, at least until it falls apart and needs to be replaced. What about an e-book? HarperCollins, the publisher of Michael Crichton, Sarah Palin and Dennis Lehane, said on Friday that it had revised its restrictions for libraries that offer its e-books to patrons. Until now, libraries that have paid for the privilege of making a publisher’s e-books available for borrowing have typically been granted the right to lend an e-book — say, the latest John Grisham thriller — an unlimited number of times. Like print books, e-books in libraries are lent to one person at a time, often for two weeks. Then the book automatically expires from the borrower’s account. HarperCollins said on Friday that it had changed its mind. Beginning March 7, its books may be checked out only 26 times before the license expires. “We believe this change balances the value libraries get from our titles with the need to protect our authors and ensure a presence in public libraries and the communities they serve for years to come,” it said in a statement. The policy does not affect books already licensed by libraries. Steve Potash, the chief executive of OverDrive, a provider of e-books to public libraries, said HarperCollins was the first publisher to limit how many times an e-book may be checked out. The announcement was a reminder of the publishers’ squeamishness over having their e-books available in libraries. More people are using libraries for e-reading, a practice that does not require visiting a library in person, and is possible on many electronic devices, including the Nook and the iPad. http://mediadecoder.blogs.nytimes.com/2011/02/27/a-limit-on-lending-e-books/?scp=1&sq=potash%20overdrive&st=cse

- and -

A Library Written in Disappearing Ink (InsideHigherEd, 28 Feb 2011) - I’ve been mulling over the bizarre new move by a major publisher to get more blood out of a turnip - or rather, to try and get more money out public libraries at a time when their budgets are being slashed. The librarians’ corner of the Twitterverse has been on fire ever since Library Journal investigated a vague pronouncement from Overdrive, a vendor of e-books and digital audio books to libraries, that some unnamed publisher wanted to limit the number of times an e-book could be checked out. The publisher in question, it turns out, is HarperCollins, which has decided that after a book has been checked out 26 times the library will have to purchase it again or it will vanish. To many, this seems outrageous, a kind of technological book burning. A boycott has been launched, a bill of rights for e-book readers proposed. And BoingBoing, Slashdot, Metafilter, and even the New York Times took note. Now, before I go any further, I should add a few additional facts for background. First, at least two of the Big Six publishers (Macmillan and Simon & Schuster) won’t let libraries purchase or license e-books at all. The CEO of Macmillan said he would only consider letting libraries loan e-books if he could find the right business model. (Apparently the annoying feature of copyright law that lets people do what they like with a book after they’ve purchased it is a bug that he would like to see fixed.) Second, libraries pay more for e-books than for a print copy. Up front, the library has to pay the vendor quite a lot for the system that controls one-user-at-a-time software that returns the book automatically after two weeks, it pays full price rather than the discounted price that it pays for a print book, and librarians spend a lot of time trouble-shooting downloads and explaining to people that library e-books won’t work on a Kindle. (Amazon, like Macmillan and Simon & Schuster, prefers a digital future that is entirely pay per view.) Finally, libraries have no way of doing with e-books things that they traditionally have done - preserve culture (because they don’t own anything they can legally retain) or defend against censorship (because the publisher retains control of the content and can change or delete it at any time - and could do so in every library at once). For these reasons, I’ve had my reservation about libraries investing their scarce dollars into renting material with so many restrictions that benefits only those who have the equipment to read the digital files. But what really dismays me is this: publishers believe that libraries are not good for business, that sharing is a bug, that book culture would survive if everyone had to pay for everything they read. http://www.insidehighered.com/blogs/library_babel_fish/a_library_written_in_disappearing_ink

“Consumer Reviews of Doctors and Copyright Law” Talk Notes (Eric Goldman, 28 Feb 2011) - You may recall that Medical Justice is a vendor trying to help doctors squelch online patient reviews--most recently by getting a prospective copyright assignment of the unwritten reviews and then sending 512(c)(3) takedown notices for any unwanted online reviews that are now newly owned. This is a terrible hack on the entire consumer review ecosystem, and it’s been bothering me for some time as I mentioned in my recent Regulation of Reputational Information paper. Last month, I gave my first public talk about Medical Justice at the University of Houston. I styled the talk “Consumer Reviews of Doctors and Copyright Law,” two topics I never thought would go together but apparently they do. My talk slides. I will have more to say about Medical Justice’s system and its many deficiencies in the near future. http://blog.ericgoldman.org/archives/2011/02/consumer_review_2.htm

New Survey Asks Lawyers about E-Discovery and Hosting in the Cloud (Catalyst, 1 March 2010) - A new survey is out of lawyers’ use of technology, and while its primary focus is on practice management, it also asks about other uses of technology, including Software as a Service, hosted e-discovery review, online document storage and outsourcing to a foreign country. The survey, Case, Matter & Practice Management System Study, was conducted by Andrew Z. Adkins III, director of the Legal Technology Institute at the University of Florida Levin College of Law. While the overarching purpose was to study lawyers’ use of case, matter and practice management systems, the survey also asked about a wide range of technology issues, from word processing to SaaS, all with the goal of documenting the current technology environment within the legal profession. In a series of questions pertaining to lawyers’ use of SaaS and Internet-based applications, the survey suggests that lawyers remain concerned about a number of issues. Their greatest concerns, it found, were speed and performance, followed by the danger of exposure to computer viruses. Also of significant concern were security and confidentiality. To the survey question, “Is your firm/law dept. considering hosting your software and data online?” 14 percent of respondents said they already were and another 5.2 percent said they were actively considering it. Forty-two percent said it was unlikely they would host software and data online. The survey next asked, “How do you feel about hosting your attorney/client privileged data in a web-based program?” Here is how the answers broke down:
·      I think it is malpractice, nothing online is secure: 8.3%.
·      I don’t think it is malpractice, but I wouldn’t do it: 46.8%.
·      I trust my IT staff to keep data secure and cover my liability: 30.2%.
·      My clients and I are comfortable with online client data: 14.8%.

DHS Seeks Systems For Covert Body Scans, Documents Show (ComputerWorld, 2 March 2011) - Documents obtained Tuesday by the Electronic Privacy Information Center suggest that the U.S. Department of Homeland Security has signed contracts for the development of mobile and static systems that can be used scan pedestrians and people at rail and bus stations and special event venues -- apparently at times without their knowledge. The documents indicate that DHS moved to develop the technology as part of an effort to bolster the ability of law enforcement personnel to quickly detect concealed bombs and other explosives on individuals. EPIC obtained the documents from the DHS under a Freedom of Information Act request for data on mobile and static scanning systems it filed last year. Among the tools mentioned in the DHS documents is an X-Ray Backscatter system that could detect concealed metallic and high-density plastic objects on people from up to 10 meters away. The language used in many of the documents suggests that the DHS plans to use the scanners mostly in a covert fashion, [EPIC’s] McCall said. http://www.computerworld.com/s/article/9212681/DHS_seeks_systems_for_covert_body_scans_documents_show?source=rss_news&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+computerworld%2Fnews%2Ffeed+%28Latest+from+Computerworld%29&utm_content=Google+Feedfetcher

An iPad 2 LMS Fantasy (InsideHigherEd, 2 March 2011) - Sending shockwaves through the ed tech establishment, Apple unveiled the iPad LMS at the March 2nd iPad 2 event. The iPad LMS, and corresponding Mac/PC and web Apps, was the third major iPad 2 software announced, alongside the new iPad 2 versions of iMovie and GarageBand. Taking advantage of the new A5 dual-core processor and dual cameras, the iPad LMS offers the following authoring, collaboration, and learning features:
·      Integrated Speech-to-Text Authoring: Students and professors can create discussion board posts, blog or wiki entries simply by speaking. The iPad converts speech-to-text on the fly, populating the Apple LMS collaboration tools.
·      Integrated Video Authoring: Asynchronous communication can switch between text and video, with the integrated video recording and publishing directly into the LMS collaboration areas. Students and faculty can create and post video from the iPad 2 directly into the Apple LMS.
·      Voice-Over Presentation Capture and Sharing: Faculty can quickly create voice-over learning objects within the Apple LMS, calling up presentations and documents either authored on the iPad or imported from productivity applications such as Office. Students can work individually or collaboratively on voice-over presentations, sharing their work within the Apple LMS or publishing up to YouTube or iTunesU.
·      Synchronous Class Discussions and Virtual Office Hours: Utilizing the expanded academic FaceTime applications, class members can video chat with each other from within the Apple LMS. Groups of students can meet, with up to 24 simultaneous group video discussions. Virtual office hours and video tutoring services are easily accessible. The academic FaceTime discussions can be recorded and seamlessly placed in the Apple LMS as learning objects.
·      Deep Integration with iTunesU: The Apple LMS can easily pull in lectures and other learning objects from iTunesU. Faculty and students can choose to publish individual class videos, voice-over presentations, or entire courses to iTunesU from the iPad 2. Test banks, animations, and simulations are now shared through iTunesU, with authoring tools to create these objects built directly in to the Apple LMS.
Steve Jobs also announced that Apple is developing an initial set of 10 core courses, to be designed by Apple and academic partners to highlight best practices in pedagogy and the power of the iPad 2 and the Apple LMS. These courses will be free to all students as self-paced learning environments, and be available to any institution of higher learning to offer for credit as an instructor led course. Jobs called these new Apple Courses, combined with the Apple LMS, the best expression yet of Apple’s commitment to marry technology with the liberal arts. http://www.insidehighered.com/blogs/technology_and_learning/an_ipad_2_lms_fantasy [Editor: sound like terrific, easy-to-use tools for knowledge management.]

**** NOTED PODCASTS ****
·      MIRLN 14.02 (8 minutes; 8 Feb 2011) - National Security Letters -- Discussion of Twitter’s response to December 2010 national security demands for user information, apparently related to WikiLeak’s trove of State Department cable traffic, and the related implications of the 6th Circuit’s decision in US v. Warshak (requiring a probable-cause warrant for similar data).
·      MIRLN 14.03 (14 minutes; 23 Feb 2011) - Social Media and Lawyers -- Drawing on a presentation made to the North Carolina Bar (on February 18) and on an article in the ABA Journal (February 2011 issue), we discuss whether and how lawyers might make effective use of social media tools such as Facebook, LinkedIn, Twitter, and blogs.

The Path of Legal Information (John Palfrey, Berkman Center, 13 Jan 2011 - 65mins) - On the occasion of his appointment as the Henry N. Ess III Professor of Law, John Palfrey delivers a lecture proposing a path toward a new legal information environment that is predominantly digital in nature. A new, digitally optimized legal information environment can be the key to a world of improvements, but such a revolution in information can also carry risks. Here, Professor Palfrey discusses the benefits, risks, and obstacles of facing a new system of legal information. http://blogs.law.harvard.edu/mediaberkman/2011/01/13/john-palfrey-on-the-path-of-legal-information-audio/

**** RESOURCES ****
Resource from .Gov that shows you all the broadband options on your street: http://www.broadbandmap.gov/

**** LOOKING BACK ****
CONGRESS HAS LOW INTEREST IN CONSTITUENT (E-)MAIL (New York Times, 13 Dec. 2001) -- A test by a New York Times reporter found that e-mail sent to Congressional offices is unlikely to be read. After sending messages to 65 Senate offices identifying herself as a reporter for the Times doing a story on e-mail message-handling by members of Congress, she received only 27 automated response and 7 other responses within two weeks. One of seven full responses was from Larry Neal, the deputy chief of staff for Senator Phil Gramm of Texas, who explained: “The communication that Sen. Gramm values most certainly does not arrive by wire. It is the one where someone sat down at a kitchen table, got a sheet of lined paper and a No. 2 pencil, and poured their heart into a letter.” http://partners.nytimes.com/2001/12/13/technology/circuits/13CONG.html

**** NOTES ****

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line. Unsubscribe by sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln. Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu
2. InsideHigherEd - http://www.insidehighered.com/
3. SANS Newsbites, sans@sans.org
4. NewsScan and Innovation, http://www.newsscan.com
5. BNA’s Internet Law News, http://ecommercecenter.bna.com
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/
10. Law.com
11. Readers’ submissions, and the editor’s discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.