**** MIRLN PODCASTS ****
Announcing the MIRLN podcast -- a companion to the MIRLN e-newsletter, MIRLN podcasts will dig into various topics. They are hosted at http://www.knowconnect.com/mirln/podcast/, and an RSS feed is available.
· UK’s Advertising Authority Launches Ad Campaign to Prepare Business for New Online Marketing Regulation
· California Supreme Court Says Zip Codes are PII
· Wikileaks Wasn’t the Only Operation HBGary Federal, Palantir and Berico Planned to Defraud
o Complaint Accuses Hunton & Williams of Dirty Tricks
· Class Action Lawsuit Filed Against Coach Over Bogus Takedowns, Trademark Bullying
· ANSI Critical Issue: Copyright in Standards
· CIA Lawyer: How I Issued Drone ‘Death Warrants’
· Employer Had No Duty to Safeguard Information
· Microsoft To Finally Let Companies Use Others’ Trademarks As Search Triggers
· Fashion Designer Derek Lam Unveils Crowd-Selected Collection for eBay
o Uncle Sam Wants YOU to Design a Military Rescue Vehicle
· This is the Creepy, Super Cool Future of Smartphones & Social Networks
· Court Says Metadata Should Be Released Under Freedom Of Information Act Request
· Millennium Park Garden Deemed Not Copyrightable, Because Gardens Are Not Authored
o Mardi Gras Indians Still Trying To Copyright Costumes
o Did Watson Succeed On Jeopardy By Infringing Copyrights?
· New Hacking Tools Pose Bigger Threats to Wi-Fi Users
· Should Employers Be Allowed to Ask for Your Facebook Login?
· HHS Imposes a $4.3 Million Civil Money Penalty for Violations of the HIPAA Privacy Rule
· Curating Of Legal Social Media
· Savvy Louisiana Ruling on Metatags--Southern Snow v. Snowizard
· Judge Nixes Motion to Compel Witness in Drug Case, But OKs Unusual Alternative: Skype
· Exxon, Shell, BP Said to Have Been Hacked Through Chinese Internet Servers
· A Limit on Lending E-Books
o A Library Written in Disappearing Ink
· “Consumer Reviews of Doctors and Copyright Law” Talk Notes
· New Survey Asks Lawyers about E-Discovery and Hosting in the Cloud
· DHS Seeks Systems For Covert Body Scans, Documents Show
· An iPad 2 LMS Fantasy
NEWS | PODCASTS | RESOURCES | LOOKING BACK | NOTES
UK’s Advertising Authority Launches Ad Campaign to Prepare Business for New Online Marketing Regulation (ASA, 17 Jan 2011) - The Advertising Standards Authority (ASA) is today launching a cross-media ad campaign (outdoor, radio, press, online) to raise awareness of the fact that its remit is being extended to cover marketing on websites from 1 March 2011. From 1 March, marketing communications on companies’ own websites and in other third party space under their control, such as Facebook and Twitter, will have to adhere to the non-broadcast advertising rules as set out in the CAP Code. The ad campaign seeks to raise awareness of the ASA’s extended remit and calls on companies to ensure marketing messages on their websites are legal, decent, honest and truthful. It also encourages business to make sure their websites comply by seeking help and advice. To help businesses and website owners, the Committee of Advertising Practice (CAP), the industry body that writes the Advertising Codes, offers a full range of training and advice resources. Businesses and agencies are urged to sign up to CAP Services to ensure they are up-to-speed with how the extended remit will impact on them and how they can avoid being in breach of the rules. http://www.asa.org.uk/Media-Centre/2011/ASA-launches-ad-campaign-to-prepare-business.aspx
California Supreme Court Says Zip Codes are PII (Information Law Group, 11 Feb 2011) - Thinking hard about how business and consumer interests can be harmonized by effective and privacy/security-friendly policies and practices? We thought so. Worried that zip codes might be treated as personal information in this country? Probably not. All that may be changing. In a ruling already attracting criticism and attention from some high profile privacy bloggers, the California Supreme Court ruled Thursday, in Pineda v. Williams-Sonoma, that zip codes are “personal identification information” for purposes of California’s Song-Beverly Credit Card Act, California Civil Code section 1747.08, reversing the Court of Appeal‘s decision that we discussed last year. For those of you who may be wondering, yes - the statute provides for penalties of up to $250 for the first violation and $1,000 for each subsequent violation, and does not require any allegations of harm to the consumer. California has already seen dozens, if not hundreds, of class action lawsuits around the Song-Beverly Credit Card Act. The Court’s interpretation of “personal identification information” as including zip codes is likely to spark a new round of class action suits. California retailers should carefully consider the Pineda decision in crafting and updating their personnel policies and training programs with respect to collection of information during credit card transactions. http://www.infolawgroup.com/2011/02/articles/lawsuit/california-supreme-court-says-zip-codes-are-piireally-as-california-goes-so-goes-the-nation-part-two/#more
Wikileaks Wasn’t the Only Operation HBGary Federal, Palantir and Berico Planned to Defraud (TechDirt, 11 Feb 2011) - By now the exposed plan of HBGary Federal, Palantir and Berico to attack Wikileaks and its supporters through fraud and deception, in order to help Bank of America, has been discussed widely. However, the leaked HBGary Federal emails suggest that this sort of plan involving these three companies had been used elsewhere. Apparently the US Chamber of Commerce had approached the same three firms to plan a remarkably similar attack on groups that oppose the US Chamber of Commerce. That leaked plan (embedded below) includes a similar plan to create fake documents and give them to these groups to publish, with the intent of “exposing” them later, to raise questions about their credibility. The reason HBGary Federal, Palantir and Berico were even talking to BofA in the first place was because BofA contacted the Justice Department to ask what to do about Wikileaks, and the Justice Department turned them on to the law firm of Huntoon [sic] and Williams, who was instrumental in arranging both of these proposals. http://www.techdirt.com/articles/20110211/11342913057.shtml [Editor: see earlier story in MIRLN 14.02; see also http://legaltimes.typepad.com/blt/2011/02/e-mail-hunton-williams-expected-huge-gains.html which asserts that Hunton possibly was pursuing this activity as part of a business plan. All in all, a cautionary tale for law firms.]
- it gets worse -
Complaint Accuses Hunton & Williams of Dirty Tricks (BLT, 24 Feb 2011) - Three Hunton & Williams partners face an ethics complaint before the D.C. Bar after the release of e-mails saying they worked on an effort to undermine liberal activists. The organization Stop the Chamber says it filed the complaint on Wednesday. Stop the Chamber, a critic of the U.S. Chamber of Commerce, was among the groups targeted by the security companies that Hunton & Williams worked with, according to e-mails. The 14-page complaint (PDF) accuses the three Hunton & Williams lawyers of violating Rule 8.4 of the D.C. Rules of Professional Conduct. The rule prohibits misconduct including conduct “involving dishonesty, fraud, deceit, or misrepresentation.” The lawyers violated the rule, says the complaint, when they collaborated with the three security companies on a project to gather information on and to undercut the Chamber’s critics. In November, the e-mails say, the companies’ employees discussed covert ways to “discredit” the union-backed U.S. Chamber Watch, including the creation of a forged document and “fake insider personas.” Hunton & Williams has declined to comment on the more than 71,000 e-mails, which hackers took after breaking into the servers of a potential Hunton & Williams subcontractor. A message left today with a firm spokeswoman was not immediately returned. The three lawyers targeted by the complaint are all partners in the firm’s Washington office: Robert Quackenboss, John Woods and Richard Wyatt Jr. http://legaltimes.typepad.com/blt/2011/02/complaint-accuses-hunton-williams-of-dirty-tricks.html [Editor: Hunton’s participation mentioned on 24 Feb by Glenn Greenwald on Colbert Report -- http://www.colbertnation.com/the-colbert-report-videos/375429/february-24-2011/corporate-hacker-tries-to-take-down-wikileaks---glenn-greenwald]
Class Action Lawsuit Filed Against Coach Over Bogus Takedowns, Trademark Bullying (TechDirt, 14 Feb 2011) - We’ve seen so many cases of trademark bullying, and it’s so rare to see people fight back, that it’s interesting to see it happening -- and even more surprising to see it done as a class action suit. Eric Goldman points us to the news that this class action lawsuit has been filed against luxury goods maker, Coach, for apparently issuing takedowns to eBay for perfectly legitimate second-hand sales, while also threatening those who put up those items. I’ll let the lawsuit itself explain the basics: “Without investigating the validity of its allegations, Coach wantonly accuses consumers of infringing its trademarks by selling counterfeit Coach products. Coach apparently monitors online retailers such as E-Bay, looking for ads from consumers selling second hand Coach products. In response to such ads, Coach delegates a New York law firm to launch a threatening letter to the consumer. These letters accuse the consumer of trademark infringement, threaten legal action, and demand the immediate payment of damages to Coach in “settlement” of Coach’s threats. At the same time, Coach (or its New York law firm) informs the online retailer that infringing merchandise is being sold on its website. In many cases, this causes the online retailer to involuntarily remove the allegedly infringing ad, and to disable the consumer’s online account. This destroys any chance the consumer had to sell the Coach product second hand, and otherwise damages the consumer. In many cases (such as that of the lead plaintiff identified here), Coach’s allegations of infringement are flatly false. It appears that Coach fails to conduct even a minimally reasonable investigation into its counterfeiting claims before threatening legal action. For example, the lead plaintiff identified in this Complaint is a former Coach employee, who owned, and tried to sell, genuine and legitimate Coach products It was entirely legal for her to do so. Coach’s threats against her were false, reckless, and unwarranted.” http://www.techdirt.com/articles/20110211/21555413069/class-action-lawsuit-filed-against-coach-over-bogus-takedowns-trademark-bullying.shtml
ANSI Critical Issue: Copyright in Standards (Twitter posting by Carl Malamud on 14 Feb 2011) – References: “This ANSI position paper describes why voluntary consensus standards that are incorporated by reference into federal government regulations are copyright protected.” http://publicaa.ansi.org/sites/apdl/Documents/Forms/AllItems.aspx?RootFolder=%2fsites%2fapdl%2fDocuments%2fNews%20and%20Publications%2fCritical%20Issues%2fCopyright%20on%20Standards%20in%20Regulations&View=%7b21C60355%2dAB17%2d4CD7%2dA090%2dBABEEC5D7C60%7d and http://publicaa.ansi.org/sites/apdl/Documents/News%20and%20Publications/Critical%20Issues/Copyright%20on%20Standards%20in%20Regulations/Copyright%20on%20Standards%20in%20Regulation.pdf [Editor: it always irritated me that I had to pay to get a copy of ISO 27001 and other important security standards.]
CIA Lawyer: How I Issued Drone ‘Death Warrants’ (Wired, 14 Feb 2011) - You can expect to see at least two people inside the secret bunkers in Virginia where the CIA pilots its lethal drones over Pakistan. One controls the distant drone, his hand on a joystick, ready to fire off a missile at a target below. Another is a CIA lawyer, watching to ensure that the operator is within his rights to attack his target. Call it a “punctilious” method to avoid civilian casualties and legal hot water, as one of those lawyers recently did — or call it the bureaucratization of a shadow war. Tara Mckelvey gets a very rare peek inside the processes that go into the drone strikes, an undeclared air war that peaked last year at 118 missile firings, up from 33 in 2008. Her conclusion, published today in Newsweek, is that the operations ordering them are “multilayered and methodical, run by a corps of civil servants who carry out their duties in a professional manner.” But even the CIA’s former top lawyer, John Rizzo, is blunt about his involvement in what he calls “murder.” Rizzo told Mckelvey that the process works roughly like this: the CIA’s Counterterrorist Center maintains a team of ten lawyers, who compile evidence that a prospective target constitutes a threat to the U.S. If Rizzo outlined the threshold that the lawyers have to meet, Mckelvey doesn’t report what it is, nor does she explain who asks the lawyers to compile a case on a particular target. But the CIA’s general counsel vets the case before issuing what Rizzo, who held the job during the Bush and early Obama administrations, calls a “death warrant.” The president doesn’t review the targeting list. What the CIA lawyers are reviewing the drone program for is a mystery. Some law professors contend that the very involvement of CIA civilians or contractors in an inherently military program like the drone strikes make their pilots “unlawful combatants,” as Georgetown’s Gary Solis tells Mckelvey. http://www.wired.com/dangerroom/2011/02/behind-the-drones-lots-of-bureaucracy/
Employer Had No Duty to Safeguard Information (Wolters Kluwer, 17 Feb 2011; subscription required) - A school district that inadvertently disclosed the personal information of 1,750 former employees was not liable for the disclosure because it had no statutory or common law duty to safeguard the information, an Illinois appellate court has held. The former employees received an insurance enrollment list sent on behalf of the school district that contained the names of all 1,750 former employees, along with their addresses, Social Security numbers, marital status, medical and dental insurers and health insurance plan information. After learning of the disclosure, the school district sent a letter to the employees asking them to return the list or destroy it and offered one year of free credit protection insurance. The employees brought a class action suit against the school district, alleging violations of various state laws and negligence. The employees argued that the school district owed a statutory duty to safeguard their personal information under the Health Insurance Portability and Accountability Act (HIPAA) and Illinois Personal Information Protection Act. The court, however, determined that the school district had no statutory duty to safeguard the employees’ personal information. Although the Health Insurance Portability and Accountability Act (HIPAA) prohibits the disclosure of an individual’s identifiable health information, health records held by a covered entity in its role as an employer are excluded from HIPAA protection. Because the school district was acting in its role as an employer, its actions were outside the HIPAA protections. Moreover, the Personal Information Protection Act did not create a statutory duty to safeguard the employees’ personal information. The Act requires that any data collector notify an owner of personal information if there is a breach of data security. The court determined that the Act did not create a separate duty to safeguard the information. Cooney v. Chicago Public Schools (IllAppCt) at ¶100-519
Microsoft To Finally Let Companies Use Others’ Trademarks As Search Triggers (MediaPost, 16 Feb 2011) - In a major change in policy, Microsoft has decided to allow marketers to use other companies’ trademarks to trigger search ads. “To come in line with search industry practices, as of March 3rd, Microsoft will cease editorial investigations into complaints about trademarks used as keywords to trigger ads on Bing & Yahoo Search in the United States and Canada,” the company says. The change was first reported by Santa Clara University law professor Eric Goldman. Google has allowed trademarks to trigger search ads since 2004. While the move troubled some trademark owners -- and even sparked a few lawsuits -- it seems to have been good for Google’s growth. What’s more, Google has prevailed in court in the few cases that went to trial. Back in 2004 Geico lost a lawsuit alleging that its trademark was infringed when Google allowed Geico rivals to use its name to trigger search ads. The judge in that case ruled that Geico hadn’t proven that consumers were confused by this use of its trademark. More recently, a federal judge in Alexandria, Va. dismissed a similar trademark infringement lawsuit by Rosetta Stone against Google. Rosetta Stone appealed that decision to the 4th Circuit, which is considering the matter. http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=145191
Fashion Designer Derek Lam Unveils Crowd-Selected Collection for eBay (Mashable, 16 Feb 2011) - Upscale fashion designer Derek Lam unveiled Wednesday a new, 16-piece collection designed exclusively for eBay. The designs debuted simultaneously at Fashion Week headquarters in Lincoln Center and on ebay.com. Consumers are invited to view and cast votes for their favorite pieces, made from a combination of poplins, denim and printed georgette in simple, easy-to-wear designs, at dereklam.ebay.com. The five dresses with the greatest number of votes will then be produced and made available in sizes 0 to 16 for purchase on ebay.com in May. Each will cost between $125 and $295 — by no means cheap, but significantly more reasonable than the $1,000+ price tags attached to items in Lam’s primary collection. What’s unusual is not that Lam is producing a one-off collection for eBay – big-name designers like Vera Wang and Alber Elbaz of Lanvin have partnered with the likes of H&M and Target in similar initiatives in the past — but that consumers are getting a say in what part of the collection makes it to market. http://mashable.com/2011/02/16/derek-lam-ebay/
- and -
Uncle Sam Wants YOU to Design a Military Rescue Vehicle (FOX News, 23 Feb 2011) - Sure, you can drive it. But can you build it? The army’s secretive technology division has been collecting dozens of ideas for the design of its in-the-works rescue vehicle via a social-media contest -- relying solely on the power of the crowd to get the next big thing built. So perhaps the Defense Advanced Research Projects Agency (DARPA) will build the Armadillo, a vehicle with an extendable “tail” that creates more room in a back compartment for up to three injured war fighters to rest comfortably until they return to base for medical attention. As intriguing as these vehicles are, what’s cooler is the idea behind it: the potential for ordinary people to collaborate on something as important as a new military vehicle. Anyone at all can submit a design, draw over existing designs or provide in-depth comments for their creators to incorporate. Designs can then be adapted and resubmitted, up until the deadline. Local Motors of Chandler, Ariz., is running the competition, officially known as the Experimental Crowd-derived Combat-support Vehicle (XC2V) Design Challenge, through March 10. The military will judge the submissions and build a concept model from the winner in June. Such co-creation of vehicles, tapping into the power of the Internet to “crowd source” design, is the specialty of Local Motors, Rogers said. http://www.foxnews.com/scitech/2011/02/23/uncle-sam-wants-design-military-rescue-vehicle/
This is the Creepy, Super Cool Future of Smartphones & Social Networks (ReadWriteWeb, 17 Feb 2011) - There’s very little gray area on this one: You’re either completely excited by the potential for built-in facial recognition combined with smartphones and social networks, or your entirely creeped out and afraid for the future of the planet. The future is nearly here and I, for one, welcome our new overlords, who today come to us in the form of a Silicon Valley company called Viewdle that we first wrote about last October. Last October, Viewdle raised $10 million and told us that it’s primary function would be to assist with tagging photos on smartphones before they’re even uploaded to sites like Facebook, that way they wouldn’t get lost in the cloud. Today, however, Austin-based PSFK Salon writes that the company was out and about at the Mobile World Congress showing off a much deeper integration, wherein its visual analysis technology is used to link faces with social media. “Viewdle sits between the camera and the user analysing faces in the camera stream, identifying them, then offering links to Facebook, YouTube, LinkedIn, and other social media platforms. A user can identify and tag people in pictures & videos then pass the information to their social networks. As they tag others the software learns to recognize them, and can even share these new visual profiles with other users. The live view also offers an augmented reality tagging overlay that reveals information about the people around you.” According to Viewdle’s website, a number of implementations are on the way, from ViewdleFaces to ViewdlePlaces to ViewdleGames. For now, however, Viewdle Uploader - a desktop program - is the only thing available. Its mobile apps, which it says are coming soon, stand apart from other recognition programs with one big distinction. They do all of the facial recognition procession locally, on the device, instead of outsourcing that functionality to the cloud. http://www.readwriteweb.com/archives/this_is_the_creepy_super_cool_future_of_smartphone.php [Editor: the video in the article (here) is interesting. This could be great for people like me who are bad at recognizing faces; scary for people who read Orwell.]
Court Says Metadata Should Be Released Under Freedom Of Information Act Request (TechDirt, 17 Feb 2011) - Copycense points us to the fascinating news that a federal judge has ordered Immigrations and Customs Enforcement (ICE) to reveal the metadata on a document as part of a Freedom of Information Act (FOIA) request. ICE had responded to the FOIA request (apparently “after significant delay,”) but provided the content requested in an unsearchable PDF. The original requestor for the content, the National Day Laborer Organization, complained that this was unfair, and the information had to be supplied with metadata -- and the court agreed. The court also agreed that making the PDF unsearchable was not justified: “Metadata maintained by the agency as a part of an electronic record is presumptively producible under FOIA, unless the agency demonstrates that such metadata is not ‘readily producible.’” Sounds like some government employees are going to need to spend the next few weeks scrubbing metadata from documents. Wouldn’t want people to find out who really wrote various laws by looking at the metadata on Word docs, would we? As for the unsearchable format, the judge slammed ICE for clearly going out of its way to make the document “more difficult or burdensome for the requesting party to use,” in violation of standard discover rules. Nice to see that ICE has the time to purposely obfuscate records requested in a FOIA. http://www.techdirt.com/articles/20110214/01031613079/court-says-metadata-should-be-released-under-freedom-information-act-request.shtml
Millennium Park Garden Deemed Not Copyrightable, Because Gardens Are Not Authored (TechDirt, 17 Feb 2011) - Eric Goldman points us to a fascinating ruling concerning whether or not an artistic garden can be covered by copyright. The ruling itself (embedded below) is interesting for a variety of reasons. It goes over the basics of “moral rights” in US copyright in great detail. As most people know, for the most part, the US does not recognize moral rights -- even though the Berne Convention (which the US has tragically signed on to) requires it. Partly to get around this, the US did put in extremely limited moral rights for a very small subset of works, and part of this case revolves around that. An artist by the name of Chapman Kelley created an artistic wildflower garden in Chicago’s Millennium Park, which he often described as a “living painting.” Years later, after the wildflowers (which had been maintained by others) started to die off, the city of Chicago reduced the size of the garden and reconfigured it. In response, Kelley sued, claiming a violation of his “right of integrity.” The court goes through a nice discussion on the history of moral rights and copyright in the US and then overrules, partly, the lower court decision that found the garden to be a painting or statue, but not copyrightable because it lacked originality. The court agrees that the work should not qualify for such protections and is uncopyrightable, but not due to the originality argument (which the court says makes little sense). Instead, the appeals court points out something rather basic: copyright only applies to works that are “fixed in a tangible medium of expression.” And here it sees a big problem: a garden is not fixed. http://www.techdirt.com/articles/20110217/03034813151/millennium-park-garden-deemed-not-copyrightable-because-gardens-are-not-authored.shtml
-- and --
Mardi Gras Indians Still Trying To Copyright Costumes (TechDirt, 18 Feb 2011) - Last year, we wrote about the ridiculous situation down in New Orleans where the “Mardi Gras Indians” -- a group of New Orleans residents who create elaborate costumes for Mardi Gras -- were trying to copyright their outfits. Of course, as we’ve noted over and over again, clothing doesn’t get covered by copyright, but this group tried to claim that the costumes were really sculptures, and thus qualified for copyright protection. The key thing they were upset about was the fact that people were taking pictures of these costumes as they wore them during Mardi Gras. Think about that for a second. You create an elaborate costume for the sole purpose of showing it off at Mardi Gras... and then you start screaming copyright infringement because someone takes a photo? Really? NPR has an interview with one of the guys and the law professor who’s helping them try to secure these copyrights. In it, the law professor, Ashlye Keaton, suggests that the photographs represent a derivative work of the copyrighted costume. http://www.techdirt.com/articles/20110210/23572513051/mardi-gras-indians-still-trying-to-copyright-costumes.shtml
-- and --
Did Watson Succeed On Jeopardy By Infringing Copyrights? (TechDirt, 17 Feb 2011) - An anonymous tipster points us to a really interesting comment by Peter Hirtle on a Laboratorium.net post discussing Watson, the Jeopardy-playing computer, where he asks whether or not Watson infringes on copyrights: From IBM’s Watson Supercomputer Wins Practice Jeopardy Round in Wired Magazine: “Researchers scanned some 200 million pages of content -- or the equivalent of about one million books -- into the system, including books, movie scripts and entire encyclopedias.” It seems unlikely that IBM got permission to scan one million books. Can we expect soon a lawsuit from the Author’s Guild against IBM and the producers of Jeopardy! (which, after all, is profiting from this scanning)? http://www.techdirt.com/articles/20110217/11093713153/did-watson-succeed-jeopardy-infringing-copyrights.shtml
New Hacking Tools Pose Bigger Threats to Wi-Fi Users (NYT, 18 Feb 2011) - You may think the only people capable of snooping on your Internet activity are government intelligence agents or possibly a talented teenage hacker holed up in his parents’ basement. But some simple software lets just about anyone sitting next to you at your local coffee shop watch you browse the Web and even assume your identity online. Until recently, only determined and knowledgeable hackers with fancy tools and lots of time on their hands could spy while you used your laptop or smartphone at Wi-Fi hot spots. But a free program called Firesheep, released in October, has made it simple to see what other users of an unsecured Wi-Fi network are doing and then log on as them at the sites they visited. Without issuing any warnings of the possible threat, Web site administrators have since been scrambling to provide added protections. “I released Firesheep to show that a core and widespread issue in Web site security is being ignored,” said Eric Butler, a freelance software developer in Seattle who created the program. “It points out the lack of end-to-end encryption.” What he means is that while the password you initially enter on Web sites like Facebook, Twitter, Flickr, Amazon, eBay and The New York Times is encrypted, the Web browser’s cookie, a bit of code that that identifies your computer, your settings on the site or other private information, is often not encrypted. Firesheep grabs that cookie, allowing nosy or malicious users to, in essence, be you on the site and have full access to your account. More than a million people have downloaded the program in the last three months (including this reporter, who is not exactly a computer genius). And it is easy to use. The only sites that are safe from snoopers are those that employ the cryptographic protocol transport layer security or its predecessor, secure sockets layer, throughout your session. PayPal and many banks do this, but a startling number of sites that people trust to safeguard their privacy do not. You know you are shielded from prying eyes if a little lock appears in the corner of your browser or the Web address starts with “https” rather than “http.” http://www.nytimes.com/2011/02/17/technology/personaltech/17basics.html?_r=1
Should Employers Be Allowed to Ask for Your Facebook Login? (The Atlantic, 19 Feb 2011) - The American Civil Liberties Union has taken up the cause of a Maryland man who was forced to cough up his Facebook password during a job interview with the Department of Corrections in that state. According to an ACLU letter sent to the Maryland Department of Corrections, the organization requires that new applicants and those applying for recertifications give the government “their social media account usernames and personal passwords for use in employee background checks.” The ACLU calls this policy “a frightening and illegal invasion of privacy” and I can’t say that I disagree. Keep in mind that this isn’t looking at what you’ve posted to a public Twitter account; the government agency here could look through private Facebook messages, which seems a lot like reading through your mail, paper or digital. While it’s not surprising that some employers might want to snoop in your social media life, it strikes me as a remarkable misapprehension of what Facebook is to think that it should be wholly open for background investigations. Legally, things are probably more complex, but it seems commonsensical that carte blanche access to your communications should be off-limits. http://www.theatlantic.com/technology/archive/2011/02/should-employers-be-allowed-to-ask-for-your-facebook-login/71480/
HHS Imposes a $4.3 Million Civil Money Penalty for Violations of the HIPAA Privacy Rule (InsuranceNewsNet, 22 Feb 2011) - The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has issued a Notice of Final Determination finding that Cignet Health of Prince George’s County, Md., (Cignet) violated the Privacy Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HHS has imposed a civil money penalty (CMP) of $4.3 million for the violations, representing the first CMP issued by the Department for a covered entity’s violations of the HIPAA Privacy Rule. The CMP is based on the violation categories and increased penalty amounts authorized by Section 13410(d) of the Health Information Technology for Economic and Clinical Health (HITECH) Act. In a Notice of Proposed Determination issued Oct. 20, 2010, OCR found that Cignet violated 41 patients’ rights by denying them access to their medical records when requested between September 2008 and October 2009. These patients individually filed complaints with OCR, initiating investigations of each complaint. The HIPAA Privacy Rule requires that a covered entity provide a patient with a copy of their medical records within 30 (and no later than 60) days of the patient’s request. The CMP for these violations is $1.3 million. During the investigations, Cignet refused to respond to OCR’s demands to produce the records. Additionally, Cignet failed to cooperate with OCR’s investigations of the complaints and produce the records in response to OCR’s subpoena. OCR filed a petition to enforce its subpoena in United States District Court and obtained a default judgment against Cignet on March 30, 2010. On April 7, 2010, Cignet produced the medical records to OCR, but otherwise made no efforts to resolve the complaints through informal means. OCR also found that Cignet failed to cooperate with OCR’s investigations on a continuing daily basis from March 17, 2009, to April 7, 2010, and that the failure to cooperate was due to Cignet’s willful neglect to comply with the Privacy Rule. http://insurancenewsnet.com/article.aspx?id=248887&type=newswires
Curating Of Legal Social Media (Kevin O’Keefe, 23 Feb 2011) - Bill Pollak, CEO of American Lawyer Media, shared more of his thinking on the curating of social media in a blog post this morning. “...I think ALM’s journalists can play in curating other people’s writings in order to help our audience find the most important, most meaningful or most interesting content available on the web. The fact is that the role of a good editor has never been more important -- the amount of information available to any one of us has become so overwhelming that having someone we trust do that curation for us could be quite valuable.” Pollak’s point is that a reporter can curate content from various social media sources, including Twitter, Facebook, Blogs, YouTube, and Flickr. http://kevin.lexblog.com/articles/social-media-1/ [Editor: the new MIRLN podcast 14.03 is apropos: “Social Media and Lawyers”]
Savvy Louisiana Ruling on Metatags--Southern Snow v. Snowizard (Eric Goldman, 24 Feb 2011) - Have I ever mentioned how much I hate metatags cases? They have led to some godawful rulings. But surprisingly, today’s opinion was quite refreshing. It’s just the iceberg tip of a litigation battle royale taking place among Louisiana manufacturers of shaved ice equipment and flavorings. Sno Wizards manufactures the trademarked “SnoWizard” shaved ice machine. The defendant in this ruling, Parasol, makes syrup for shaved ice and put the term “snow wizard” in its metatags. (I checked a few pages on Parasol’s website and couldn’t find the reference any more). Presumably, Parasol wants to tell shaved ice retailers to consider their syrup for shaved ice manufactured using Sno Wizards’ machine. Given that Sno Wizard also sells its own flavorings, it’s easy to speculate why Sno Wizard might object to Parasol’s efforts. Sno Wizard argued the trademark owner’s standard party line that use of its trademarks in someone else’s metatags is per se infringement; no further proof required. The court recaps the argument: “SnoWizard retorts that the cases applying Brookfield Communications recognize that the defendant’s use of the plaintiff’s mark in website metatags creates initial interest confusion and therefore constitutes trademark infringement and unfair competition as a matter of law.” From Sno Wizard’s standpoint, res ipsa loquitur. Fortunately, this judge digs deeper. Although the opinion is light on citations, it’s rich with wisdom. The court starts out with this winner: “It would be odd indeed for the law to require a plaintiff in an ordinary trademark infringement case to prove likelihood of confusion to the jury, yet to create a lighter burden where metatags are involved, given that with metatags the consumer never actually sees the trademark or knows that it is in use. Thus, the Court is persuaded that SnoWizard cannot passively assume that likelihood of confusion is established as a matter of law in this case.” http://blog.ericgoldman.org/archives/2011/02/savvy_louisiana.htm [Editor: Excellent analysis by Prof. Goldman; he’s really a pleasure to read.]
Judge Nixes Motion to Compel Witness in Drug Case, But OKs Unusual Alternative: Skype (ABA Journal, 24 Feb 2011) - After declining to require an out-of-state witness for the defense to testify in a drug-trafficking case, a leading Georgia judge found another way to allow the alibi witness to appear—Skype. Opposed by the prosecutor in the case, the Internet-based video-phone service allowed a Texas witness to testify from his home state, even though the defendant, Juan Salazar, couldn’t afford to compensate him for his travel costs, reports the Daily Business Review. While Douglas County Superior Court Chief Judge David Emerson then went on to sentence Salazar to 30 years, the defense was pleased with this evidentiary ruling, says attorney Arturo Corso of Corso Kennedy & Campbell in Gainesville, Ga. His client plans to appeal the conviction. A big-screen television made the witness almost life-size, and the technology allowed the prosecution to cross-examine the Texas witness almost as if he had been personally in the courtroom, according to the judge and defense counsel. http://www.abajournal.com/news/article/judge_nixes_motion_to_compel_witness_in_criminal_case_but_oks_unusual_alter/
Exxon, Shell, BP Said to Have Been Hacked Through Chinese Internet Servers (Bloomberg, 24 Feb 2011) - Computer hackers working through Internet servers in China broke into and stole proprietary information from the networks of six U.S. and European energy companies, including Exxon Mobil Corp., Royal Dutch Shell Plc and BP Plc, according to one of the companies and investigators who declined to be identified. McAfee Inc., a cyber-security firm, reported Feb. 10 that such attacks had resulted in the loss of “project-financing information with regard to oil and gas field bids and operations.” In its report, Santa Clara, California-based McAfee, assisted by other cyber-security firms, didn’t identify the energy companies targeted. The attacks, which it dubbed “Night Dragon,” originated “primarily in China” and occurred during the past three years. The list of companies hit, none of which disclosed the attacks in filings with regulators, also includes Marathon Oil Corp., ConocoPhillips and Baker Hughes Inc., according to the people who worked on or are familiar with the companies’ investigations and asked not to be identified because of the confidential nature of the matter. Chinese hackers broke into the computer network of Baker Hughes, said Gary Flaharty, spokesman for the Houston-based provider of advanced drilling technology. Baker Hughes concluded the incident didn’t need to be disclosed because it wasn’t material to investors, he said, declining to comment further. Hackers targeted computerized topographical maps worth “millions of dollars” that show locations of potential oil reserves, said Ed Skoudis, whose company, Washington-based InGuardians Inc., investigated two recent breaches of U.S. oil companies’ networks. He declined to name his clients or the origin of the hackers. http://www.bloomberg.com/news/2011-02-24/exxon-shell-bp-said-to-have-been-hacked-through-chinese-internet-servers.html [Editor: Oilfield services companies like Baker Hughes, Schlumberger, and Halliburton have been particularly attractive targets for this, because they handle oil reservoir information for most energy companies – all the eggs, in three baskets. See also http://www.bloomberg.com/news/2011-02-24/exxon-shell-bp-said-to-have-been-hacked-through-chinese-internet-servers.html]
A Limit on Lending E-Books (NYT, 27 Feb 2011) - A print book can be checked out of a library countless times, at least until it falls apart and needs to be replaced. What about an e-book? HarperCollins, the publisher of Michael Crichton, Sarah Palin and Dennis Lehane, said on Friday that it had revised its restrictions for libraries that offer its e-books to patrons. Until now, libraries that have paid for the privilege of making a publisher’s e-books available for borrowing have typically been granted the right to lend an e-book — say, the latest John Grisham thriller — an unlimited number of times. Like print books, e-books in libraries are lent to one person at a time, often for two weeks. Then the book automatically expires from the borrower’s account. HarperCollins said on Friday that it had changed its mind. Beginning March 7, its books may be checked out only 26 times before the license expires. “We believe this change balances the value libraries get from our titles with the need to protect our authors and ensure a presence in public libraries and the communities they serve for years to come,” it said in a statement. The policy does not affect books already licensed by libraries. Steve Potash, the chief executive of OverDrive, a provider of e-books to public libraries, said HarperCollins was the first publisher to limit how many times an e-book may be checked out. The announcement was a reminder of the publishers’ squeamishness over having their e-books available in libraries. More people are using libraries for e-reading, a practice that does not require visiting a library in person, and is possible on many electronic devices, including the Nook and the iPad. http://mediadecoder.blogs.nytimes.com/2011/02/27/a-limit-on-lending-e-books/?scp=1&sq=potash%20overdrive&st=cse
- and -
A Library Written in Disappearing Ink (InsideHigherEd, 28 Feb 2011) - I’ve been mulling over the bizarre new move by a major publisher to get more blood out of a turnip - or rather, to try and get more money out public libraries at a time when their budgets are being slashed. The librarians’ corner of the Twitterverse has been on fire ever since Library Journal investigated a vague pronouncement from Overdrive, a vendor of e-books and digital audio books to libraries, that some unnamed publisher wanted to limit the number of times an e-book could be checked out. The publisher in question, it turns out, is HarperCollins, which has decided that after a book has been checked out 26 times the library will have to purchase it again or it will vanish. To many, this seems outrageous, a kind of technological book burning. A boycott has been launched, a bill of rights for e-book readers proposed. And BoingBoing, Slashdot, Metafilter, and even the New York Times took note. Now, before I go any further, I should add a few additional facts for background. First, at least two of the Big Six publishers (Macmillan and Simon & Schuster) won’t let libraries purchase or license e-books at all. The CEO of Macmillan said he would only consider letting libraries loan e-books if he could find the right business model. (Apparently the annoying feature of copyright law that lets people do what they like with a book after they’ve purchased it is a bug that he would like to see fixed.) Second, libraries pay more for e-books than for a print copy. Up front, the library has to pay the vendor quite a lot for the system that controls one-user-at-a-time software that returns the book automatically after two weeks, it pays full price rather than the discounted price that it pays for a print book, and librarians spend a lot of time trouble-shooting downloads and explaining to people that library e-books won’t work on a Kindle. (Amazon, like Macmillan and Simon & Schuster, prefers a digital future that is entirely pay per view.) Finally, libraries have no way of doing with e-books things that they traditionally have done - preserve culture (because they don’t own anything they can legally retain) or defend against censorship (because the publisher retains control of the content and can change or delete it at any time - and could do so in every library at once). For these reasons, I’ve had my reservation about libraries investing their scarce dollars into renting material with so many restrictions that benefits only those who have the equipment to read the digital files. But what really dismays me is this: publishers believe that libraries are not good for business, that sharing is a bug, that book culture would survive if everyone had to pay for everything they read. http://www.insidehighered.com/blogs/library_babel_fish/a_library_written_in_disappearing_ink
“Consumer Reviews of Doctors and Copyright Law” Talk Notes (Eric Goldman, 28 Feb 2011) - You may recall that Medical Justice is a vendor trying to help doctors squelch online patient reviews--most recently by getting a prospective copyright assignment of the unwritten reviews and then sending 512(c)(3) takedown notices for any unwanted online reviews that are now newly owned. This is a terrible hack on the entire consumer review ecosystem, and it’s been bothering me for some time as I mentioned in my recent Regulation of Reputational Information paper. Last month, I gave my first public talk about Medical Justice at the University of Houston. I styled the talk “Consumer Reviews of Doctors and Copyright Law,” two topics I never thought would go together but apparently they do. My talk slides. I will have more to say about Medical Justice’s system and its many deficiencies in the near future. http://blog.ericgoldman.org/archives/2011/02/consumer_review_2.htm
New Survey Asks Lawyers about E-Discovery and Hosting in the Cloud (Catalyst, 1 March 2010) - A new survey is out of lawyers’ use of technology, and while its primary focus is on practice management, it also asks about other uses of technology, including Software as a Service, hosted e-discovery review, online document storage and outsourcing to a foreign country. The survey, Case, Matter & Practice Management System Study, was conducted by Andrew Z. Adkins III, director of the Legal Technology Institute at the University of Florida Levin College of Law. While the overarching purpose was to study lawyers’ use of case, matter and practice management systems, the survey also asked about a wide range of technology issues, from word processing to SaaS, all with the goal of documenting the current technology environment within the legal profession. In a series of questions pertaining to lawyers’ use of SaaS and Internet-based applications, the survey suggests that lawyers remain concerned about a number of issues. Their greatest concerns, it found, were speed and performance, followed by the danger of exposure to computer viruses. Also of significant concern were security and confidentiality. To the survey question, “Is your firm/law dept. considering hosting your software and data online?” 14 percent of respondents said they already were and another 5.2 percent said they were actively considering it. Forty-two percent said it was unlikely they would host software and data online. The survey next asked, “How do you feel about hosting your attorney/client privileged data in a web-based program?” Here is how the answers broke down:
· I think it is malpractice, nothing online is secure: 8.3%.
· I don’t think it is malpractice, but I wouldn’t do it: 46.8%.
· I trust my IT staff to keep data secure and cover my liability: 30.2%.
· My clients and I are comfortable with online client data: 14.8%.
DHS Seeks Systems For Covert Body Scans, Documents Show (ComputerWorld, 2 March 2011) - Documents obtained Tuesday by the Electronic Privacy Information Center suggest that the U.S. Department of Homeland Security has signed contracts for the development of mobile and static systems that can be used scan pedestrians and people at rail and bus stations and special event venues -- apparently at times without their knowledge. The documents indicate that DHS moved to develop the technology as part of an effort to bolster the ability of law enforcement personnel to quickly detect concealed bombs and other explosives on individuals. EPIC obtained the documents from the DHS under a Freedom of Information Act request for data on mobile and static scanning systems it filed last year. Among the tools mentioned in the DHS documents is an X-Ray Backscatter system that could detect concealed metallic and high-density plastic objects on people from up to 10 meters away. The language used in many of the documents suggests that the DHS plans to use the scanners mostly in a covert fashion, [EPIC’s] McCall said. http://www.computerworld.com/s/article/9212681/DHS_seeks_systems_for_covert_body_scans_documents_show?source=rss_news&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+computerworld%2Fnews%2Ffeed+%28Latest+from+Computerworld%29&utm_content=Google+Feedfetcher
An iPad 2 LMS Fantasy (InsideHigherEd, 2 March 2011) - Sending shockwaves through the ed tech establishment, Apple unveiled the iPad LMS at the March 2nd iPad 2 event. The iPad LMS, and corresponding Mac/PC and web Apps, was the third major iPad 2 software announced, alongside the new iPad 2 versions of iMovie and GarageBand. Taking advantage of the new A5 dual-core processor and dual cameras, the iPad LMS offers the following authoring, collaboration, and learning features:
· Integrated Speech-to-Text Authoring: Students and professors can create discussion board posts, blog or wiki entries simply by speaking. The iPad converts speech-to-text on the fly, populating the Apple LMS collaboration tools.
· Integrated Video Authoring: Asynchronous communication can switch between text and video, with the integrated video recording and publishing directly into the LMS collaboration areas. Students and faculty can create and post video from the iPad 2 directly into the Apple LMS.
· Voice-Over Presentation Capture and Sharing: Faculty can quickly create voice-over learning objects within the Apple LMS, calling up presentations and documents either authored on the iPad or imported from productivity applications such as Office. Students can work individually or collaboratively on voice-over presentations, sharing their work within the Apple LMS or publishing up to YouTube or iTunesU.
· Synchronous Class Discussions and Virtual Office Hours: Utilizing the expanded academic FaceTime applications, class members can video chat with each other from within the Apple LMS. Groups of students can meet, with up to 24 simultaneous group video discussions. Virtual office hours and video tutoring services are easily accessible. The academic FaceTime discussions can be recorded and seamlessly placed in the Apple LMS as learning objects.
· Deep Integration with iTunesU: The Apple LMS can easily pull in lectures and other learning objects from iTunesU. Faculty and students can choose to publish individual class videos, voice-over presentations, or entire courses to iTunesU from the iPad 2. Test banks, animations, and simulations are now shared through iTunesU, with authoring tools to create these objects built directly in to the Apple LMS.
Steve Jobs also announced that Apple is developing an initial set of 10 core courses, to be designed by Apple and academic partners to highlight best practices in pedagogy and the power of the iPad 2 and the Apple LMS. These courses will be free to all students as self-paced learning environments, and be available to any institution of higher learning to offer for credit as an instructor led course. Jobs called these new Apple Courses, combined with the Apple LMS, the best expression yet of Apple’s commitment to marry technology with the liberal arts. http://www.insidehighered.com/blogs/technology_and_learning/an_ipad_2_lms_fantasy [Editor: sound like terrific, easy-to-use tools for knowledge management.]
**** NOTED PODCASTS ****
MIRLN podcasts (http://www.knowconnect.com/mirln/podcast/):
· MIRLN 14.02 (8 minutes; 8 Feb 2011) - National Security Letters -- Discussion of Twitter’s response to December 2010 national security demands for user information, apparently related to WikiLeak’s trove of State Department cable traffic, and the related implications of the 6th Circuit’s decision in US v. Warshak (requiring a probable-cause warrant for similar data).
· MIRLN 14.03 (14 minutes; 23 Feb 2011) - Social Media and Lawyers -- Drawing on a presentation made to the North Carolina Bar (on February 18) and on an article in the ABA Journal (February 2011 issue), we discuss whether and how lawyers might make effective use of social media tools such as Facebook, LinkedIn, Twitter, and blogs.
The Path of Legal Information (John Palfrey, Berkman Center, 13 Jan 2011 - 65mins) - On the occasion of his appointment as the Henry N. Ess III Professor of Law, John Palfrey delivers a lecture proposing a path toward a new legal information environment that is predominantly digital in nature. A new, digitally optimized legal information environment can be the key to a world of improvements, but such a revolution in information can also carry risks. Here, Professor Palfrey discusses the benefits, risks, and obstacles of facing a new system of legal information. http://blogs.law.harvard.edu/mediaberkman/2011/01/13/john-palfrey-on-the-path-of-legal-information-audio/
**** RESOURCES ****
Resource from .Gov that shows you all the broadband options on your street: http://www.broadbandmap.gov/
**** LOOKING BACK ****
CONGRESS HAS LOW INTEREST IN CONSTITUENT (E-)MAIL (New York Times, 13 Dec. 2001) -- A test by a New York Times reporter found that e-mail sent to Congressional offices is unlikely to be read. After sending messages to 65 Senate offices identifying herself as a reporter for the Times doing a story on e-mail message-handling by members of Congress, she received only 27 automated response and 7 other responses within two weeks. One of seven full responses was from Larry Neal, the deputy chief of staff for Senator Phil Gramm of Texas, who explained: “The communication that Sen. Gramm values most certainly does not arrive by wire. It is the one where someone sat down at a kitchen table, got a sheet of lined paper and a No. 2 pencil, and poured their heart into a letter.” http://partners.nytimes.com/2001/12/13/technology/circuits/13CONG.html
**** NOTES ****
MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley (mailto:email@example.com?subject=MIRLN) with the word “MIRLN” in the subject line. Unsubscribe by sending email to Vince with the words “MIRLN REMOVAL” in the subject line.
Recent MIRLN issues are archived at www.knowconnect.com/mirln. Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.
SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu
2. InsideHigherEd - http://www.insidehighered.com/
3. SANS Newsbites, firstname.lastname@example.org
4. NewsScan and Innovation, http://www.newsscan.com
5. BNA’s Internet Law News, http://ecommercecenter.bna.com
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html
7. McGuire Wood’s Technology & Business Articles of Note
8. Steptoe & Johnson’s E-Commerce Law Week
9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/
11. Readers’ submissions, and the editor’s discoveries.
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.