Saturday, May 28, 2011

MIRLN --- 8-28 May 2011 (v14.07)

NEWS | PODCASTS | RESOURCES | LOOKING BACK | NOTES

Subscribing to Software as a Service While Fulfilling the Duties of Confidentiality and Preservation of Client Property (North Carolina Bar Association, 21 April 2011; Proposed Formal Ethics Opinion No. 6) - Proposed opinion rules that a law firm may contract with a vendor of software as a service, provided the lawyer uses reasonable care to assure that the risks that confidential client information may be disclosed or lost are effectively minimized.

top

New FBI Documents Provide Details on Government's Surveillance Spyware (EFF, 29 April 2011) - EFF recently received documents from the FBI that reveal details about the depth of the agency's electronic surveillance capabilities and call into question the FBI's controversial effort to push Congress to expand the Communications Assistance to Law Enforcement Act ( CALEA ) for greater access to communications data. The documents we received were sent to us in response to a Freedom of Information Act (FOIA) request we filed back in 2007 after Wired reported on evidence that the FBI was able to use "secret spyware" to track the source of e-mailed bomb threats against a Washington state high school. The documents discuss a tool called a "web bug" or a "Computer and Internet Protocol Address Verifier" (CIPAV), which seems to have been in use since at least 2001. It's not clear from the documents how the FBI deploys the spyware, though Wired has reported that, in the Washington state case, the FBI may have sent a URL via MySpace's internal messaging, pointing to code that would install the spyware by exploiting a vulnerability in the user's browser. Although the documents discuss some problems with installing the tool in some cases, other documents note that the agency's Crypto Unit only needs 24-48 hours to prepare deployment. And once the tool is deployed, "it stay[s] persistent on the compromised computer and . . . every time the computer connects to the Internet, [FBI] will capture the information associated with the PRTT [ Pen Register/Trap & Trace Order ].

top

- and -

NSA Gathers 4x the Amount of Info than the Library of Congress, Daily (ReadWriteWeb, 11 May 2011) - The National Security Agency is the geekiest of the spy shops. The NSA is responsible for gathering and parsing information from around the world, usually electronic data. At ReadWriteWeb, we're no strangers to big data, in fact we're fans. But sometimes you come face to face with facts and figures that bring home how big "big" is. According to an article from the Baltimore Sun, in six hours, the NSA intercepts and stores as much information as you find in the whole of the Library of Congress.

top

- and -

FBI Fights to Protect ISPS that Snoop on Their Customers (The Register, 12 May 2011) - The FBI has finally come clean on the real reason it doesn't want to name phone and internet service providers that participate in a sweeping surveillance program that taps international communications without a warrant: Customers would get mad and dump or sue the providers. This rare piece of honesty came in a recently filed court declaration (PDF) from a top FBI official arguing why the agency shouldn't have to supply the names in response to a Freedom of Information request filed by the American Civil Liberties Union. "Specifically, these businesses would be substantially harmed if their customers knew that they were furnishing information to the FBI," David M. Hardy wrote. "The stigma of working with the FBI would cause customers to cancel the companies' services and file civil actions to prevent further disclosure of subscriber information. Therefore, the FBI has properly withheld this information." In his declaration, Hardy said names should also be kept confidential to prevent the service providers themselves from retaliating against the government. "For instance, given that these companies would pay a high price if it were known that they were providing information about their customers to the FBI, it is likely that companies, though lacking grounds to do so, would nevertheless avail themselves of legal options to resist cooperation," he wrote. "It is only with the understanding of complete confidentiality that full cooperation of such sources can be enlisted, and only through this confidence that these sources can be persuaded to continue to fully cooperate in providing valuable assistance in the future."

top

- and -

The Secret Sharer: Is Thomas Drake an Enemy of the State? (The New Yorker, Jane Mayer, 23 May 2011) -- On June 13th, a fifty-four-year-old former government employee named Thomas Drake is scheduled to appear in a courtroom in Baltimore, where he will face some of the gravest charges that can be brought against an American citizen. A former senior executive at the National Security Agency, the government's electronic-espionage service, he is accused, in essence, of being an enemy of the state. According to a ten-count indictment delivered against him in April, 2010, Drake violated the Espionage Act-the 1917 statute that was used to convict Aldrich Ames, the C.I.A. officer who, in the eighties and nineties, sold U.S. intelligence to the K.G.B., enabling the Kremlin to assassinate informants. In 2007, the indictment says, Drake willfully retained top-secret defense documents that he had sworn an oath to protect, sneaking them out of the intelligence agency's headquarters, at Fort Meade, Maryland, and taking them home, for the purpose of "unauthorized disclosure." The aim of this scheme, the indictment says, was to leak government secrets to an unnamed newspaper reporter, who is identifiable as Siobhan Gorman, of the Baltimore Sun. Gorman wrote a prize-winning series of articles for the Sun about financial waste, bureaucratic dysfunction, and dubious legal practices in N.S.A. counterterrorism programs. Drake is also charged with obstructing justice and lying to federal law-enforcement agents. If he is convicted on all counts, he could receive a prison term of thirty-five years. [Editor: Fascinating and disturbing at the same time. ThinThread sounds like a fantastic tool, now misapplied: "Binney, for his part, believes that the agency now stores copies of all e-mails transmitted in America, in case the government wants to retrieve the details later. In the past few years, the N.S.A. has built enormous electronic-storage facilities in Texas and Utah. Binney says that an N.S.A. e-mail database can be searched with "dictionary selection," in the manner of Google. After 9/11, he says, "General Hayden reassured everyone that the N.S.A. didn't put out dragnets, and that was true. It had no need-it was getting every fish in the sea." Binney considers himself a conservative, and, as an opponent of big government, he worries that the N.S.A.'s data-mining program is so extensive that it could help "create an Orwellian state." Whereas wiretap surveillance requires trained human operators, data mining is automated, meaning that the entire country can be watched. Conceivably, U.S. officials could "monitor the Tea Party, or reporters, whatever group or organization you want to target," he says. "It's exactly what the Founding Fathers never wanted." ]

top

Ponemon Releases Cloud Service Provider Study (Ponemon Institute, 2 May 2011) - Last week with CA Technologies we issued the results of a study of cloud service providers and their views on cloud security. There has been a lot of interest in this study. Readers have reviewed the results and responded with some very good questions and comments. In a nutshell, people - including us - were surprised by the results, which showed that cloud providers didn't put security as the No. 1 concern in providing their services. [Editor: Really? People were surprised at this?]

top

Sony's Insurers to Help Foot Bill for Data Breach (Reuters, 5 May 2011) - Sony is looking to its insurers to help pay for its massive data breach, an amount that one expert estimates could exceed $2 billion, but others said insurers may balk at ponying up that kind of money. "We have a variety of types of insurance that cover damages. Certain carriers have been put on notice," Sony Corp spokesman Dan Race told Reuters. Race declined to name the insurers or to say whether there was a cap on the size of any payout they would make to Sony. Sony has been under fire since hackers accessed personal data for more than 100 million of its online video game users. It has said it could not rule out that some 12.3 million credit card numbers had been obtained during the hacking. Sony noticed unauthorized activity on its network on April 19, and reported it to the U.S. Federal Bureau of Investigation on April 22. Some experts said Sony faces an uphill battle to get its insurers to pay for its damages from the cyber breach. They may try to blame Sony for negligence for failing to properly secure its data centers, said Dan Zeiler, a director of security and compliance for American Internet Services, a data center services provider.

top

- and -

PlayStation Network hack will cost Sony $170m (Computerworld, 23 May 2011) - Sony expects the hack of the PlayStation Network and will cost it ¥14 billion ($170 million) this financial year, it said Monday. Unknown hackers hit the network gaming service for PlayStation 3 consoles in April, penetrating the system and stealing personal information from the roughly 77 million accounts on the PlayStation Network and sister Qriocity service. A second attack was directed at the Sony Online Entertainment network used for PC gaming. Sony responded to the attacks by taking the systems offline. It called in several computer security companies to conduct forensic audits and rebuilt its security system. Users in many countries are being offered a year-long identity-theft protection program and free games. The cost estimate includes those actions and associated legal costs, said Masaru Kato, Sony's CFO, at a Tokyo news conference. "To date, we have not confirmed any misuse of personal information or credit cards," said Kato.

top

A Tool to Harvest iPhone Location Data (NYT Nick Bilton, 5 May 2011) - A lot people got upset about Apple collecting location data on iPads and iPhones. The company just issued an update to the devices' software in part to tamp down the reaction. But that data could be as useful to regular people as it is to Apple. Developers in The New York Times Company Research and Development Lab released a Web-based tool on Thursday that they hope will corral the location data Apple had been collecting and make it available to customers and researchers. The Times Company's Research Lab calls the project OpenPaths.cc, and describe it as a tool to "securely store, explore, and donate your iOS location data." People who participate in the project are asked to upload location information from their phone, which is then made anonymous and added to a database with the data from every other upload. People can then browse their own location data on an interactive map. At a later date researchers will be able request access to the collection of location uploads.

top

How To Subpoena Facebook and Other Social Media Services (Associates Mind, 5 May 2011) - As more people use social media for a variety of reasons, it only follows that data and information from social media sites are going to become a necessary component of litigation. The question is: how to properly obtain this information? Fortunately, the Electronic Frontier Foundation has already done that work for you with a Freedom of Information Act request to a half-dozen government agencies seeking their policies for using social networking sites for investigations, data-collection, and surveillance. During this process they have also obtained the Law Enforcement Guides to numerous social media and e-commerce websites.

The EFF also provides a nice spreadsheet ( PDF or XLS ) comparing all the law enforcement and privacy guidelines side-by-side. You can see the full list of social media guidelines on their site.

top

Google Loses Copyright Appeal Over Internet Links to Belgian Newspapers (Bloomberg, 6 May 2011) - Google Inc. (GOOG) lost an attempt to overturn a Belgian ruling that blocked it from publishing links to local newspapers on its online news service. The Court of Appeal in Brussels on May 5 upheld a 2007 lower court ruling that forced Google to remove links and snippets of articles from French- and German-language Belgian newspapers from Google.com and Google.be. Google, the owner of the world's most-used search engine, faced a 25,000-euro ($36,300) daily fine for any delay in implementing the judgment. Copiepresse, the group that filed the suit on behalf of the newspapers, said the snippets generated revenue for the search engines and that publishers should be paid for the content. The publications have a second suit pending in which they seek as much as 49.1 million Euros for the period in which their content was visible on Google News.

top

PC Rental Store Hid Secret Spy Hardware In Laptop, Suit Says (Channel Register, 6 May 2011) - A Wyoming couple has filed a federal lawsuit claiming a computer they purchased came with secret spying hardware that allowed the seller to monitor their every move. According to the complaint, Brian and Crystal Byrd first learned of the snoop device when they received a visit at home from a manager of the local Aaron's rent-to-own store falsely claiming they hadn't made required payments on their Dell Inspiron laptop. During the conversation, manager Christopher Mendoza said he had a photo of Mr. Byrd using the computer and as proof showed a picture that had been taken remotely using an off-the-shelf device called PC Rental Agent. "When Brian Byrd demanded that Mendoza explain how Mendoza had obtained an unauthorized photograph, Mendoza responded that he was not supposed to disclose that Aaron's had the photograph," the complaint, filed on Tuesday in US District Court in Pittsburgh, Pennsylvania, alleged.

top

World's Servers Process 9.57zb of Data a Year (Computerworld, 9 May 2011) - Researchers at the School of International Relations and Pacific Studies and the San Diego Supercomputer Center at the University of California, San Diego, estimate that the total is equivalent to a 5.6-billion-mile-high stack of books stretching from Earth to Neptune and back to Earth, repeated about 20 times. By 2024, business servers worldwide will annually process the digital equivalent of a stack of books extending more than 4.37 light-years to Alpha Centauri, according to a report compiled by the scientists. The report, titled " How Much Information?: 2010 Report on Enterprise Server Information ," was released at the SNW conference last month. Roger Bohn, one of the report's co-authors, compared the world's business servers to the underwater portion of an iceberg "that runs the world that we see.

top

PDF/A Is In Your Future - Get Used To It (Future Lawyer, 9 May 2011) - I know, just when you were getting used to saving documents as PDF files, and attaching them to emails, and scanning documents for sending; now, the Federal Court system is going to require the archival format for PDF files for efiling. Sooner or later, all court systems are going to be requiring this, so go to Rick Borstein's blog and educate yourself now. PDF/A is just a format for embedding all the fonts and other stuff needed to show the document now and in the future, exactly as it was filed. So, if someone wants to read your Complaint 30 years from now, it will look exactly as you filed it. Of course, if someone wants to read my pleadings 30 years from now, they will likely already be locked up in an Institution. Oh, well.

top

Lightening the Paper Load (NYT, 10 May 2011) - Conferences and trade shows seem to generate vast amounts of paperwork - booklets, programs, handouts, guides. But as increasing numbers of business travelers carry smartphones and tablets, organizers of these events are responding by developing mobile applications. Most bundle a scheduling tool, floor plan and maybe information about local restaurants or a social networking link on their apps. But a handful of organizers have begun to use apps to reduce or even replace the vast amounts of paper they once carried to events. Without so much paper to produce for conferences, planners said they were saving time and money. Not only that, business travelers do not need to carry around cumbersome and often heavy printed copies. While some producers have described their events as "paperless" for years - generally by distributing material via CD or directing attendees to download documents posted online - the growing popularity of tablets like Apple's iPad and the increasing sophistication of app software make it possible for travelers to be truly unencumbered without sacrificing convenience. David Holcombe, president and chief executive of an organization for online education professionals called the eLearning Guild, said the group has eliminated almost all the paperwork at their three annual conferences. "I've felt for some time we spent way too much money on materials, paper handouts, that sort of stuff," said Mr. Holcombe, who estimated that he would save $50,000 this year alone on printing costs. He said he still offered a paper program to attendees but it had been trimmed to around a dozen pages from 50, with the remainder of the material going onto the app. He says he now brings two fewer staff members to each event, since the burden of distributing hard copies has been eliminated. And his delegates have told him they love the convenience. "For us, it's a really huge customer service thing," he said. It helps that the attendees tend to be early technology adopters - about 40 percent brought iPads to the group's March conference. Participants can use the app content to help them decide which seminars to attend, and they can keep a virtual eye on what else is going on at the event even while sequestered in a classroom because of the app's real-time updates. "It stimulates engagement," Mr. Holcombe said. Greg Lohrentz, the chief operations officer of the trade association Meeting Professionals International, agreed that content-rich apps give event participants better access to information. "The tablet allows for that educational experience outside the room," he said. While participants are sitting in a classroom, they can scroll through updates and Twitter feeds to find out what else is going on in other sessions or on the trade show floor, he said. Jennifer Wilhelm, editor of digital media for the American Society for Training & Development, said she planned to offer an app that includes an iPad version for a conference in May that is expected to attract 8,000 people. The app will free her from the trouble and expense of printing handouts for three keynote speeches and roughly 200 education sessions, she said. Attendees will be able to follow along with a speaker's PowerPoint presentations, take notes and fill out worksheets all within the app. "Viewing the slides and seeing any materials where there might be a worksheet is going to be huge on a tablet," she said. At a smaller conference this year, Mrs. Wilhelm said roughly half the participants downloaded the mobile app.

top

Senators Want Cyberattacks To Be Disclosed (Mashable, 12 May 2011) - If a group of five senators have their way, the SEC will one day require companies to publicly disclose cyberattacks like the one that shut down Sony's Playstation Network for the past three weeks. The politicians, which include Senate Commerce Committee Chairman Jay Rockefeller and four other Democrats, sent a letter to the Securities and Exchange Commission asking it to create guidelines that would require companies to report major network attacks. In addition, they wrote, guidelines should require companies to explain details about intellectual property that may have been compromised during an attack and include vulnerability to cyberattacks in corporate risk disclosures. As Sony has demonstrated, a hacker attack can be devastating to a company's bottom line and potentially to its investors. One analyst told the WSJ last week that he estimated the April attack will cost Sony about $1.24 billion. Yet too few companies warn investors of cyber security risks. According to the WSJ, a 2009 study by insurance underwriter Hiscox Inc. found that 38% of Fortune 500 companies made a "significant oversight" by omitting risk of data-security breaches in their public filings.

top

Prosecutors Look to Social Media for Selecting Casey Anthony Jurors (ABA Journal, 16 May 2011) - Prosecutors trying Casey Anthony, a 25-year-old Florida woman charged with murdering her young daughter, were armed with Internet information during a special Saturday jury selection, checking out panel members' social media profiles during voir dire. According to the Associated Press, prosecutors in the high-profile case used a preemptory challenge to dismiss an individual who allegedly posted the jury instructions on his Facebook page. He also joked about writing a book, the AP reports. Another juror, who Tweeted about a fender bender, was also excused. "Cops in Florida are idiots and completely useless," was most likely the tweet that caught the government's attention. [Editor: when will prospective jurors try to avoid service by making similar posting, preemptively?]

top

Dentist Who Sued Yelp Must Pay Legal Fees (MediaPost, 17 May 2011) - A dentist who sued Yelp and two reviewers for a negative post has herself been ordered to pay almost $81,000 under a California law that protects people's right to discuss matters of public interest. The ruling, issued last week by Santa Clara Superior Court Judge Peter Kirwan, directs dentist Yvonne Wong to pay attorneys' fees and legal costs to Yelp, as well as Tai Jing and Jia Ma, parents of a 6-year-old patient of Wong's. The case dates to January of 2009, when Wong sued Yelp as well as Tai Jing, and his wife, Jia Ma, about a bad review on the site. Wong alleged that the couple wrote that their son was left lightheaded from laughing gas administered by Wong, and that he received a filling containing mercury. Wong said those statements libeled her and caused her emotional distress; she argued that the post implied that she had not informed Jing and his wife ahead of time that the filling would contain mercury. A California appellate court ruled last year that Yelp was entitled to dismissal under the state's anti-SLAPP (strategic lawsuit against public participation) statute, because the post furthered discussion on issues of public interest. The court wrote that the review concerned the controversy surrounding mercury in dental fillings, and therefore was subject to the anti-SLAPP law. Yelp was probably also immune from liability under the federal Communications Decency Act, which says that sites are not legally responsible for defamation by users. But that law, unlike California's anti-SLAPP statute, does not provide for defendants to recover legal fees.

top

ABA Launches Website to Help Military Families (ABA Journal, 17 May 2011) - The American Bar Association recently launched a new Website for military service members and their families that aims to provide information about a variety of legal issues. ABA Home Front features an information center, a directory of programs and a military pro bono center. Henry M. Dewoskin, a Clayton, Mo., lawyer who chairs the military committee of the Family Law Section, says that he and other volunteers worked with ABA staff to ensure information on the site was written clearly and could be easily understood by people who are not lawyers. "I hope it can be used as a resource for the public, and I also hope it's one of the first pages that they go to," said Dewoskin, a judge advocate general officer who currently serves as a major in the U.S. Army Reserve. The portal also includes information about the Servicemembers Civil Relief Act, which provides legal protections for active-duty military and their families.

top

Finding State Court Dockets Online - or Not (Robert Ambrogi, 17 May 2011) - If an online docket service offers access to a docket that isn't online, is it really an online service? That is but one of the philosophical questions you may ask yourself after reading The Existential Exercise of Finding State Court Materials Online , a post by Rachael Samberg at Legal Research Plus. Samberg conducted a mini-survey of the online availability of state superior court filings, looking at both commercial services such as CourtLink and CourtExpress and at courts' own websites. With regard to the commercial sites, her findings are well summed up in this one sentence: "What isn't available through commercial services significantly constrains research, but what hinders research even further is the inability to determine what isn't available." Even when something is advertised as "available," that doesn't mean it is available online. In some cases, Samberg writes, "they are 'available' only in the sense that one can make a request online (and pay additional money) to have a runner pull them from the court." As for court websites, they are all over the board when it comes to docket access. There is no clear rhyme or reason to why some courts offer docket access and some don't. Of those that do, the quality of available dockets varies dramatically and "navigational problems can leave you lost at sea."

top

University Of Michigan Library Kicks Off Project To Identify All The Orphan Works In Its Collection (Techdirt, 17 May 2011) - For years, we've seen attempts to create "orphan works" legislation to deal with a much bigger problem caused by the Copyright Act of 1976. Prior to that, when copyright required registration formalities, it was relatively easy to determine if something was covered by copyright and who likely controlled that copyright. After the 1976 Act went into effect, suddenly you had all sorts of works that were probably covered by copyright, but it wasn't always clear who had the copyright, and thus there was no real way to contact them. Many people concerned about this -- including many in the Copyright Office, who usually come down on the side of always ratcheting copyright up, rather than finding exceptions -- started pushing for an orphan works law, that would let people make use of works if they really couldn't find the original owner. Tragically, the photographer community spread a ton of misinformation about the orphan works proposals and scuttled the whole thing. 

Of course, there is the flipside to the argument, which is that if we made such a huge mess thanks to the 1976 Act, perhaps we should look at rolling back that Act, or at least rolling back the "automatic copyright" provisions. But, of course, our copyright masters never see the point in admitting they might have gotten something wrong. So, the best interim issue is an orphan works law. Of course, to get that actually through, one of the big questions is how big of an impact do orphan works really have. Along those lines, the University of Michigan Library is kicking off a new project to identify all the orphan works it has in its collection , which sounds like it could take quite some time. However, it would be nice to see some data on just how many works today are technically under copyright, but whose copyright holder is unknown or can't be found. Having some actual data might help shift the debate forward, rather than trekking over the same myths yet again.

top

Employer Sues Former Employee For Checking Facebook and Personal E-Mail and "Excessive Internet Usage" at Work (Volokh Conspiracy, 17 May 2011) - The Ninth Circuit recently ruled that an employee "exceeds authorized access" to his employer's computer when he violates the employer's Internet use restrictions: Given that federal law criminalizes exceeding authorized access, see 18 U.S.C. 1030(a)(2)(C), that would mean that every employee who surfs the Internet, checks Facebook, or logs in to personal e-mail from work is guilty of a federal crime if the employer's workplace Internet use policy prohibits it. But surely no employee would ever be subject to a CFAA action for that kind of innocuous conduct, right? Wrong, in light of Lee v. PMSI, Inc., 2011 WL 1742028 (M.D.Fla. 2011), handed down May 6. After Wendi Lee sued her former employer PMSI, Inc. for pregnancy discrimination, PMSI Inc. filed a counterclaim against Lee arguing that she had violated the CFAA because she engaged in "excessive internet usage" at work and "visit[ed] personal websites such as Facebook and monitor[ed] and [sent] personal email through her Verizon web mail account." District Judge Merryday concluded that such conduct does not exceed authorized access to the employer's computer in violation of the CFAA.

top

YouTube Matches Congress Members For Debates On New Town Hall Platform (Mashable, 18 May 2011) - YouTube is matching up members of Congress for debates on hot issues in a new channel launching on Wednesday. The channel, dubbed YouTube Town Hall, is filled with debates surrounding the budget, economy, energy, Afghanistan, education and healthcare. Initially topics were chosen by popularity on Google News and Google web search over the past year, but YouTube plans to accept questions from viewers in the future. Each debate features two members of Congress who explain their points of view on the given topic in videos made especially for the Town Hall channel. Sides are not necessarily drawn along party lines, and viewers only find out what party each debater belongs to (unless they recognize him or her, of course) after they choose which person's perspective they support. Those votes will be tallied and displayed on a leader board to show who is "winning" the debate. YouTube first started encouraging Congress members' content in January 2009, with the launch of The Senate Hub and The House Hub. YouTube Head of News and Politics Steve Grove estimates that at that time, about half of the members of Congress had YouTube channels. Now, well over 90% have them, and several presidential candidates - including President Obama - have used YouTube to launch their campaigns.

top

What They Are Really Typing (InsideHigherEd, 18 May 2011) - For years, researchers have conducted studies in hopes of answering whether having laptops in class undermines student learning. In the avalanche of literature, one can find data pointing each way. A 2006 study of 83 undergraduate psychology students suggested that having laptops in class distracts both the students who use them and their classmates. Several law professors have written triumphal papers documenting their own experiments banning laptops, which one of them complained had transformed his students from thoughtful, selective note-takers into "court reporters" reduced to mindlessly transcribing his lectures. And yet other papers have argued that laptop bans are reductive exercises that ignore the possibility that some students - maybe even a majority - might in fact benefit from being able to use computers in class if only professors would provide a modicum of discipline and direction. Still, there is one notable consistency that spans the literature on laptops in class: most researchers obtained their data by surveying students and professors. The authors of two recent studies of laptops and classroom learning decided that relying on student and professor testimony would not do. They decided instead to spy on students. In one study , a St. John's University law professor hired research assistants to peek over students' shoulders from the back of the lecture hall. In the other , a pair of University of Vermont business professors used computer spyware to monitor their students' browsing activities during lectures. The average student in the Vermont study cycled through a whopping 65 new, active windows per lecture, nearly two-thirds of which were classified as "distractive." (One student averaged 174 new windows per lecture.) But only one type of distractive application appeared to have any effect on how well students ended up doing on assessments: instant messaging. Students who frequently checked e-mail and surfed non-course-related sites did not appear to sweat for their sins on homework, quizzes, tests, or the final exam. High rates of instant-messaging activity, however, showed significant correlations with poor performances on all but one test during the semester.

top

Decreased Value of Consumer Personal Information Resulting from Security Breach Confers Standing in Personal Injury Suit (Proskauer, May 2011) - A plaintiff whose personal data was contained in a social network service online database copied by a hacker sufficiently alleged an injury-in-fact to support Article III standing, on the theory that the value of his personal information was diminished as a result of the breach, a district court ruled. The plaintiff alleged that the security breach was enabled by the defendant's storage of user passwords in unencrypted, "plain text" form, and its failure to secure the database where the passwords were stored against well-known security vulnerabilities. The court acknowledged that the plaintiff's claim was novel, and questioned his ability to prove his damages theory, but declined to dismiss the action, citing "a paucity of controlling authority regarding the legal sufficiency of plaintiff's damages theory," and the unsettled state of the law generally regarding the unauthorized disclosure of personal information via the Internet. Despite having held that the plaintiff alleged sufficient facts to establish Article III standing, the court dismissed several of the plaintiff's substantive claims for failure to plead the particularized elements of injury, including those under the California unfair competition law and the California Penal Code. Claridge v. Rockyou Inc. (N.D. Cal. Apr. 11, 2011) Opinion

top

Laboratory for Legal Scholarship (InsideHigherEd, 19 May 2011) - n the world of legal scholarship, Ross E. Davies is a serial entrepreneur. The George Mason University law professor was one of the founders of The Green Bag, which sought to make short, topical legal writing both cool and tenure-able. Since its founding in 1997, the journal has spawned progeny serious ( collections of "in chamber" opinions by Supreme Court justices), lighthearted ( bobblehead dolls and trading cards of same), and controversial (its own law school rankings). Because The Green Bag has sought to extend the boundaries of what counts as legal scholarship, and succeeded by many measures, it and Davies have become flames to which similarly entrepreneurial and intellectually curious legal scholars are often drawn with their own ideas -- " The Green Bag should do this," Davies says he is often told by purveyors of such ideas. While many things would seem to fit within the original journal's iconoclastic approach (the most recent issue included articles on Rhode Island's rules of evidence and correspondence revealing one lawyer's attempt to help a sixth-grade class win the rights to stage Roald Dahl's Charlie and the Chocolate Factory ), some of the ideas are distinctive enough in their content or form that they would take The Green Bag too far afield from its own mission, Davies says. But rather than turn its back on potential innovators, The Green Bag hopes to use its hard-earned influence and (modest) resources to incubate them, through the creation of a new entity, The Journal of Law. The publication is less a traditional journal itself, really, than a little holding company designed to nurture a series of would-be journals. In the introduction to the journal's first issue, Davies compares the new enterprise to a business school incubator for legal intellectuals, offering "friendly, small-scale, in-kind support for promising, unconventional ideas for which (a) there might be a market, but (b) there is not yet backing among established, deep-pocketed powers-that-be." While there are many law reviews (more than 200, by this count ), on many different topics, there is relatively little variation among them in form; the legal academy, Davies notes in the introduction, is generally uncomfortable with what he calls "funny-looking scholarship" -- content that does not hew to the conventional law review article format of tens of thousands of words of theory or analysis (with scores of footnotes), written under the byline of an established law professor or practitioner. The first issue offers a taste of the ways in which The Journal of Law will differ from traditional legal publications, offering three journals, each in its own way representing a break from standard law journal fare in their own ways.

top

Ten Ways General Counsel Can Avoid the Cover of the Wall Street Journal (Sharon Nelson, 19 May 2011) - Thanks to Rich Hall of Bridgeway Software for providing this informative guest post: "Ask anyone following the eDiscovery space and chances are they have seen their share of world-class legal departments, as well as the haphazard, hoping to elude judicial rebuke. Let's face it; there is nothing worse than seeing General Counsel (GC) on the front page of the Wall Street Journal. What typically places a General Counsel on the cover of the WSJ is not the glory of a significant matter but more about how a matter, significant or insignificant, was handled. The real shame is evident when an insignificant matter is laced with mistakes and/or when negligence could have, and should, have been easily avoided. History has shown that the best way to avoid judicial sanctions - and your name appearing in the WSJ - is to have a defensible legal hold process. To avoid a matter meltdown, General Counsel should consider these top ten tips when implementing a defensible legal hold process: * * *." [Editor - these are useful, comprehensive (albeit occasionally aspirational) suggestions for an ESI process management approach.]

top

Best Legal Department 2011 Winner: Google (Law.com, 19 May 2011) - Spend time with the energetic crew at Google Inc., and the word "disrupt" comes up a lot. Google's businesses tend to do that to the traditional marketplace, and Googlers (as they call themselves) make no apologies. In fact, they use the word with pride-sounding like 1960s protesters determined to shake the Establishment. The company's lawyers often find themselves in the thick of it-before, during, and after "disruptions." And you might expect them to sound a little upset, since they have to deal with the sometimes messy consequences. But they, too, seem to relish rattling the barricades. If this sounds like the enthusiasm of youth (and they are young), they also seem intent on building their own kind of law department. Googlers aren't enamored of received wisdom. Like children of the sixties, they prefer to test all the old shibboleths. And even the new ones. Many of their cases are cutting-edge. "Bleeding-edge," an in-house lawyer amends. They test the limits of laws perpetually lagging behind new technology. Can advertisers use trademarked terms in Google ads? Can Google scan and make available copyrighted but out-of-print books? Is the company liable if results of its search engine direct users to counterfeit or pirated products? These are just a few of the questions that courts-and Google's lawyers-have been grappling with. It's an exciting time to be Google's general counsel, says Kent Walker. They win a lot of cases that define the boundaries of the law. The biggest was the summary judgment last June in which a judge ruled that Google's YouTube was not liable for the posting of Viacom Inc.'s video clips. "We lose some," Walker adds, "as we did today," referring to the decision by another judge rejecting the Book Search settlement Google had reached with the Authors Guild and the Association of American Publishers. The ruling leaves years of legal work in limbo. The company has only been around for a dozen years, so the lawyers aren't exactly encumbered by tradition. They're trying to craft approaches of their own, says Walker, sitting in a conference room near his office-er, make that desk. There are no offices. The renovation of their building that Walker ordered last year for the law department was part of an "open style" in hierarchy and architecture. "We don't have an open-door policy," he explains. "We have a no-door policy." And they reach decisions by consensus, abetted by a multitude of inviting spaces where lawyers are encouraged to congregate-including a library reading room with a virtual fireplace. "Sometimes there's an advantage to having a scrum," says Walker, "where a whole group of people come together on these issues." And it's also-are you ready for this?-fun. [Editor: this last point-about the scrum-resonates strongly with me; during my time leading Knowledge Management efforts at Schlumberger we were cognizant of the need to casual-setting enabled conversation - at several companies the "library" has evolved to serve this purpose as a primary objective.]

top

Should a Firm Keep Its 'Crown Jewels' in the Vault, or Share Them with Clients? (ABA Journal, 23 May 2011) - Paul Lippe writes: "I [recently] presented, along with an in-house lawyer from British Telecom and others, on why firms were sharing more and more knowledge in order to collaborate with clients. Among the obvious reasons were demonstrating experience, getting business, training their younger folks, delivering service more efficiently, and catalyzing the firm's own efforts to be organized. But one audience member inevitably asked the question: 'Why should we give our crown jewels to clients?' The questioner is someone I know to be a very sophisticated fellow, and I was pretty sure he asked the question mostly as a strawman because he hears it from partners in the firm. But perhaps it is worth recounting again why firms benefit from collaborating with clients: * * *." [Editor: worthwhile summary of now 15-year-old knowledge management concerns, and realities. It's happening anyway, so get ahead of the curve, or out of the way. More here .]

top

Court Rules that ECPA Does Not Preempt State Law (Steptoe, 26 May 2011) - The U.S. District Court for the Northern District of California has held in Valentine v. NebuAd that the California Invasion of Privacy Act and California Computer Crime Law are not preempted by the federal Electronic Communications Privacy Act (ECPA). The court therefore refused to dismiss claims under those state statutes against NebuAd based on the company's tracking of Internet users' online activity in order to deliver targeted advertisements. The preemption issue is important to Internet service providers and other companies because many states' laws are more restrictive than ECPA when it comes to monitoring Internet activity and electronic communications. Most courts (with at least one exception) have held that ECPA does not preempt more restrictive state laws, meaning that providers who want to monitor Internet activity and communications have to comply not only with ECPA, but also 50 differing and often vague state laws that govern wiretapping and access to stored communications data.

top

Online Insurance Application Constitutes "Writing" for Purposes of Waiving Insurance Coverage for Medical Benefits--Barwick v. GEICO (Eric Goldman, 26 May 2011) - Although 47 states, the District of Columbia, Puerto Rico and the Virgin Islands have adopted the Uniform Electronic Transaction Act (UETA), we have had very few cases discussing or interpreting UETA. Here, we have a case where the court is asked whether a waiver in an online insurance application is a "writing" for purposes of a state insurance law that requires coverage waivers to be in writing. The facts are fairly simple. In 2009, a woman (who subsequently married the plaintiff) purchased automobile insurance coverage online at GEICO's website. In the online application, the woman rejected coverage for medical benefits as permitted under Arkansas law. The online form bore the woman's electronic signature. In a discovery deposition, the woman also acknowledged that she completed the form on the website, that she did not select the coverage for medical benefits, and that she signed the application electronically. The lower state court granted summary judgment to GEICO and dismissed the husband's claim for medical benefits. On appeal, the husband argued that the electronic application containing his wife's electronic signature did not meet the requirement that a rejection of coverage be "in writing" under the terms of Arkansas Code Annotated Section 23-89-203 (Repl. 2004). The husband argued that because a general statute does not apply when a specific one governs the subject matter, the insurance statute requirement that the waiver of coverage be "in writing", takes precedence over the more general provisions in the UETA. He also argued that pressing a computer button did not constitute a "writing" for purposes of waiving coverage. The Arkansas Supreme Court reviewed the history of UETA and noted that Arkansas had adopted UETA in 2001 to facilitate electronic transactions. The court found that the online application was an "electronic record" under UETA. The Court also found that there was no conflict between the insurance statute and UETA, and that the two provisions can be read "harmoniously" to mean that an electronic record can fulfill the requirement of written rejection for coverage. As a result, the Arkansas Supreme Court affirmed the lower court's grant of summary judgment to GEICO. The court's analysis is straightforward and correct. One would think that the legal issue is obvious, but there have been very few cases interpreting UETA to date (perhaps because the statute is so simple?). UETA was drafted so that the state legislators did not have to amend the numerous statutory requirements for "writings" in each statute. Instead, UETA provides a global approach that a record or signature may not be denied legal effect or enforceability solely because it is in electronic form, and a contract may not be denied legal effect or enforceability solely because an electronic record was used in its formation. But it's nice to now have a case to point to when a client questions the validity of online agreements. * * * Unlike the court in Colorado last year , the Arkansas Supreme court correctly determined that EUTA, and not the federal Electronics Signatures In Global and National Commerce Act (commonly known as "E-Sign"), applies to this case. [Editor: related Volokh Conspiracy story about Presidential "signatures" on legislation: What Does "Sign" Mean? (27 May 2011)]

top

NOTED PODCASTS

Social Media Strategic Planning (MIRLN podcast, 18 May 2011, 16 minutes) - Discussion of how to manage strategic design processes for social media implementation, with a focus on bar associations (but with lessons-learned from other kinds of enterprises), and how social media can implicate "knowledge management" processes.

top

- and -

Social Media Strategies for Bar Assns (KnowConnect slidecast, 11 May 2011, 80 minutes); at the ABA's Business Bar Leaders Conference, by Vince Polley, Elizabeth Derrico (ABA), and Catherine Sanders Reach (ABA). "The ABA has been a pioneer in the use of all forms of Social Media as an effective tool and resource for and by bar associations. We have assembled a panel of the leading experts on this subject who have guided the ABA in this area and have been instrumental in sharing the ABA's experience and success in using social media with leaders of state and local bar associations."

top

John Tehranian - Hearsay Culture Show (Stanford's Center for Internet & Society, 15 March 2011) - Interview with Prof. John Tehranian of Chapman University School of Law, author of Infringement Nation; contains some interesting ideas about fair use; Prof. Tehranian is an exceptionally clear speaker.

top

Brookings ECPA Event (Lawfare, 17 May 2011) - I [Benjamin Wittes] was delighted to host an excellent panel event today at Brookings on the future of the Electronic Communications Privacy Act. For ECPA nerds, the video below is well-worth watching, as it contains a very good discussion of the major issues in contention right now-specifically, cloud-stored communications content data and location data from cell phones. For ECPA neophytes who are interested in digital privacy issues, the video is also worth watching, in part because Orin Kerr's opening lecture is probably the best primer on the subject that you will ever seen or read and in part because the panel debate is very illuminating. The event opens with Orin's talk. The panel, which immediately follows the talk, includes Valerie Caproni, general counsel of the FBI, James Dempsey of the Center for Democracy and Technology, James Baker of the Justice Department, and Albert Gidari of Perkins Coie.

top

RESOURCES

Law Enforcement Use of Global Positioning (GPS) Devices to Monitor Motor Vehicles: Fourth Amendment Considerations (Congressional Research Service, 28 Feb 2011) - Summary: As technology continues to advance, what was once thought novel, even a luxury, quickly becomes commonplace, even a necessity. Global Positioning System (GPS) technology is one such example. Generally, GPS is a satellite-based technology that discloses the location of a given object. This technology is used in automobiles and cell phones to provide individual drivers with directional assistance. Just as individuals are finding increasing applications for GPS technology, state and federal governments are as well. State and federal law enforcement use various forms of GPS technology to obtain evidence in criminal investigations. For example, federal prosecutors have used information from cellular phone service providers that allows real-time tracking of the locations of customers' cellular phones. Title III of the Omnibus Crime Control and Safe Streets Act of 1958 (P.L. 90-351) regulates the interception of wire, oral, and electronic communications. As such, it does not regulate the use of GPS technology affixed to vehicles and is beyond the scope of this report. The increased reliance on GPS technology raises important societal and legal considerations. Some contend that law enforcement's use of such technology to track motor vehicles' movements provides for a safer society. Conversely, others have voiced concerns that GPS technology could be used to reveal information inherently private. Defendants on both the state and federal levels are raising Fourth Amendment constitutional challenges, asking the courts to require law enforcement to first obtain a warrant before using GPS technology. Subject to a few exceptions, the Fourth Amendment of the U.S. Constitution requires law enforcement to obtain a warrant before conducting a search or making a seizure. Courts continue to grapple with the specific issue of whether law enforcement's use of GPS technology constitutes a search or seizure, as well as the broader question of how the Constitution should address advancing technology in general. The Supreme Court has not directly addressed the issue of whether law enforcement's use of GPS technology in connection with motor vehicles falls within the Fourth Amendment's purview. Lower federal courts have relied on Supreme Court precedent to arrive at arguably varying conclusions. For example, several district and circuit courts of appeals have concluded that law enforcement's current use of GPS technology does not constitute a search, and is thus permissible, under the Constitution. To date, while the U.S. Supreme Court has not provprovided a definitive answer regarding law enforcement's use of GPS technology, state legislatures and courts have approached the issue in various ways. Some states have enacted laws requiring law enforcement to obtain a warrant before using GPS technology. Some state courts have resolved the question under their own constitutions. Although they have reached somewhat differing conclusions, other state courts have relied on Supreme Court precedent, such as United States v. Knotts, 460 U.S. 276 (1983), to derive an answer. This report discusses the basics of GPS technology, society's reliance on it, and some of the related legal and privacy implications. In addition, the report examines legislative and judicial responses on both federal and state levels.

top

LOOKING BACK

EARTHLINK REJECTS FBI'S REQUEST TO INSTALL CARNIVORE (SiliconValley.com, 18 September 2001) -- Less than 24 hours after last week's terrorist attacks on New York and Washington, FBI agents visited executives in EarthLink's Atlanta headquarters. The agents, subpoenas in hand, wanted EarthLink personnel to install the FBI's controversial tracking software -- called Carnivore -- on the networks the company uses to connect customers to the Internet. The agents were looking for electronic clues, trying to retrace suspected terrorists' steps in cyberspace. EarthLink, which last year battled the FBI in court to keep the "sniffing" software off its systems, said no. Instead, the Atlanta-based Internet service provider used its own technology to pull records the FBI wanted. http://www.siliconvalley.com/docs/news/tech/078338.htm

top

OHIO PANEL ANALYZES COMMERCIAL WEB SITES THAT LINK LAWYERS WITH PROSPECTIVE CLIENTS (BNA, 9 May 2001) -- Ohio lawyers may not participate in a commercial law-related Web site that provides them with clients if the arrangement entails prohibited payment for referrals or if the business is engaged in the unauthorized practice of law, the Ohio Supreme Court's ethics panel advised April 6 (Ohio Supreme Court Board of Commissioners on Grievances and Discipline, Op. 2001-2, 4/6/01). Exhorting lawyers to be "extremely cautious," the board listed several features that it identified as distinguishing permissible payments for legal advertising from impermissible rewards for referrals. It also urged lawyers to be alert to unauthorized practice whenever a law-related Web site offers services that go beyond providing legal forms to users. http://ipcenter.bna.com/ipcenter/1,1103,1_883,00.html

top

Saturday, May 07, 2011

MIRLN --- 17 April – 7 May 2011 (v14.06)

MIRLN --- 17 April - 7 May 2011 (v14.06) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

o Police Use Data Shared by TomTom GPS Users to Set Targeted Speed Traps

o Password Protected? Can a Password Save Your Cell Phone from the Search Incident to Arrest Doctrine?

o Atoms vs. Bits: Your Phone in the Eyes of the Law

o Telling Traces

NEWS | PODCASTS | RESOURCES | DIFFERENT | LOOKING BACK | NOTES

US Police Increasingly Peeping At E-Mail, Instant Messages (TechWorld, 12 April 2011) - Law enforcement organizations are making tens of thousands of requests for private electronic information from companies such as Sprint, Facebook and AOL, but few detailed statistics are available, according to a privacy researcher. Police and other agencies have "enthusiastically embraced" asking for e-mail, instant messages and mobile-phone location data, but there's no U.S. federal law that requires the reporting of requests for stored communications data, wrote Christopher Soghoian, a doctoral candidate at theSchool of Informatics and Computing at Indiana University, in a newly published paper. "Unfortunately, there are no reporting requirements for the modern surveillance methods that make up the majority of law enforcement requests to service providers and telephone companies," Soghoian wrote. "As such, this surveillance largely occurs off the books, with no way for Congress or the general public to know the true scale of such activities." That's in contrast to traditional wiretaps and "pen registers," which record non-content data around a particular communication, such as the number dialed or e-mail address that a communication was sent to. The U.S. Congress mandates that it should receive reports on these requests, which are compiled by the Administrative Office of the U.S. Courts, Soghoian wrote. If law enforcement wants to intercept e-mail or instant messages in real-time, they are required to report it. Since 1997, federal law enforcement has requested real-time intercepts only 67 times, with state law enforcement agents obtaining 54 intercept orders. Soghoian wrote that those low figures may seem counterintuitive given the real-time nature of electronic communications. But all of the communications are stored, he noted. "It is often cheaper and easier to do it after the fact rather than in real-time," Soghoian wrote. Cox Communications, a major U.S. service provider, charges $3,500 for a wiretap and $2,500 for a pen register. Account information, however, costs a mere $40. Soghoian found through his research that law enforcement agencies requested more than 30,000 wiretaps between 1987 and 2009. But the scale of requests for stored communications appears to be much greater. Citing a New York Times story from 2006, Soghoian wrote that AOL was receiving 1,000 requests per month.

top

Google Wi-Fi Judge Asks if Packet Sniffing Is Spying (Wired, 18 April 2011) - The question of whether Google is liable for damages for secretly intercepting data on open Wi-Fi routers across the United States is boiling down to the definition of a "radio communication." That appears to be the legal theory embraced by the Silicon Valley federal judge presiding over nearly a dozen combined lawsuits seeking damages from Google for eavesdropping on open Wi-Fi networks from its Street View mapping cars. The cars had been equipped with Wi-Fi-sniffing hardware to record the names and MAC addresses of routers to improve Google location-specific services. But those cars were also capturing the contents of internet packets that were sent over unencrypted Wi-Fi as they drove by, something the company said was an accidental leftover from testing. While the company quickly admitted that it had made a mistake and temporarily grounded its fleet of mapping vehicles last year, the company was confronted with a number of investigations around the world, as well as class-action lawsuits that were joined in San Jose, California. The lawsuits are being heard by U.S. District Judge James Ware. At the center of the legal flap is whether Google breached the Wiretap Act. The answer is important not only to Google, but to the millions who use open, unencrypted Wi-Fi networks at coffee shops, restaurants or any other business trying to attract customers. Google said it is not illegal to intercept data from unencrypted, or non-password-protected Wi-Fi networks. Plaintiffs' lawyers representing millions of Americans whose internet traffic was sniffed by Google think otherwise, and are seeking unspecified damages. Judge Ware, however, suggested the answer to the far-reaching privacy dilemma lies in an unanswered question. He has asked each side to define "radio communication" (.pdf) as it applies to the Wiretap Act, and wants to know whether home Wi-Fi networks are "radio communications" under the Wiretap Act. In response, Google wrote last week that open Wi-Fi networks are akin to "radio communications" like AM/FM radio, citizens' band and police and fire bands - and are "readily accessible" to the general public. Indeed, packet-sniffing software, such as Wireshark and Firesheep, is easily available online. Hence, because unencrypted Wi-Fi signals travel over the radio spectrum, they are not covered by the Wiretap Act, (.pdf) Google responded.

top

Social Networking, Users, and Reasonable Expectations of Privacy Under the Fourth Amendment (Media Law Prof Blog, 18 April 2011) - Junichi P. Semitsu, University of San Diego School of Law, has published From Facebook to Mug Shot: How the Dearth of Social Networking Privacy Rights Revolutionized Online Government Surveillance in volume 31 of the Pace Law Review (2011). Here is the abstract: "Each month, Facebook's half billion active users disseminate over 30 billion pieces of content. In this complex digital ecosystem, they live a parallel life that, for many, involves more frequent, fulfilling, and compelling communication than any other offline or online forum. But even though Facebook users have privacy options to control who sees what content, this Article concludes that every single one of Facebook's 133 million active users in the United States lack a reasonable expectation of privacy from government surveillance of virtually all of their online activity. 

Based on Facebook's own interpretations of federal privacy laws, a warrant is only necessary to compel disclosure of inbox and outbox messages less than 181 days old. Everything else can be obtained with subpoenas that do not even require reasonable suspicion. Accordingly, over the last six years, government agents have worked the beat by mining the treasure trove of personal and confidential information on Facebook. 

But while Facebook has been justifiably criticized for its weak and shifting privacy rules, this Article demonstrates that even if it adopted the strongest and clearest policies possible, its users would still lack reasonable expectations of privacy under federal law. First, federal courts have failed to properly adapt Fourth Amendment law to the realities of Internet architecture. Since all Facebook content has been knowingly exposed to at least one third party, the Supreme Court's current Fourth Amendment jurisprudence does not clearly stop investigators from being allowed carte blanche to fish through the entire site for incriminating evidence. Second, Congress has failed to meaningfully revise the Electronic Communications Privacy Act (ECPA) for over a quarter century. Even if the ECPA were amended to cover all Facebook content, its lack of a suppression remedy would be one of several things that would keep Facebook a permanent open book. Thus, even when the government lacks reasonable suspicion of criminal activity and the user opts for the strictest privacy controls, Facebook users still cannot expect federal law to stop their private content and communications from being used against them. 

This Article seeks to bring attention to this problem and rectify it. It examines Facebook's architecture, reveals the ways in which government agencies have investigated crimes on social networking sites, and analyzes how courts have interpreted the Fourth Amendment and the ECPA. The Article concludes with an urgent proposal to revise the ECPA and reinterpret Katz before the Facebook generation accepts the Hobson's choice it currently faces: either live life off the grid or accept that using modern communications technologies means the possibility of unwarranted government surveillance."

top

Righthaven Reeling: Secret Doc Could Doom a Copyright Troll (ArsTechnica, 18 April 2011) - If a company's entire business model is predicated on bringing copyright infringement lawsuits, you might expect that company to make sure it actually has the right to sue first. But a newly unsealed court document casts some doubt on Righthaven's rights; defense attorneys are already using the new document to say that Righthaven cases are a "sham" and are "invalid." And Righthaven's moves to keep this document secret have angered the judge in the case, who ripped into Righthaven in spectacular fashion last Thursday as he unsealed the document. In just over a year, Righthaven has sued several hundred people for copyright infringement over newspaper articles and photographs. The company's epic run of copyright trollery has produced some preposterous cases-suing an Ars Technica writer, suing a paper's own sources for an article, suing nonprofits without warning or takedown requests-and judges have ruled against Righthaven several times on fair use grounds. Still, leaving aside questions of ethics and tactics, it was widely assumed that Righthaven actually had the standing to sue. After Righthaven's Strategic Alliance Agreement was unsealed in a Nevada federal court last week, however, defense attorneys have savaged the company, saying that its copyrights are a "sham" and are "invalid." Lawyers in several different cases have already moved for dismissals and fees. The agreement was revealed (late) during discovery in a Righthaven lawsuit against Democratic Underground. Righthaven is currently attempting to dismiss the suit, but Democratic Underground lawyers won't let them, asking instead for the court to first rule on the issue of fair use in the case. Righthaven has repeatedly tried to dismiss lawsuits that weren't going well rather than let them come to judgment. The agreement describes a 50/50 revenue split between Righthaven and Stephens Media. In addition, the agreement appears to give Righthaven only the right to sue over the story or photograph at issue, but not to exploit it in any other way. Past court cases have ruled that companies cannot bring copyright suits unless they control one of the "exclusive rights" enumerated in the Copyright Acts, rights including copying, distribution, public performance, etc. The "right to sue" is not among them. "Righthaven has been conveyed no rights in the work at issue other than the right to sue for infringement," argue Democratic Underground's lawyers, "a fact that renders the assignment to Righthaven invalid."

top

Steven Bradbury on Cybersecurity (Lawfare, 18 April 2011) - The Harvard National Security Journal has just posted a very interesting essay by Steven Bradbury entitled The Developing Legal Framework for Defensive and Offensive Cyber Operations . (Steve was my successor in running the Office of Legal Counsel for the last four and a half years of the Bush administration.) Steve says he is "not a noted expert on cybersecurity," but then adds that he "did have occasion to advise on cybersecurity issues" while in OLC. As the head of OLC he wrote an important opinion on the legality of the EINSTEIN 2.0 intrusion detection system for government networks (a decision affirmed and elaborated upon by my colleague David Barron when he was running OLC for the Obama administration.) Part of Steve's essay tracks his OLC opinion in explaining why EINSTEIN 2.0 is consistent with the Fourth Amendment and relevant statutes. But Steve goes beyond that opinion and addresses several further issues. He emphasizes that he is "speaking only for [himself] - not for my law firm and not for any current or former client." Nonetheless, the issues he addresses, and the tentative answers he gives, shed more light on the cybersecurity legal issues facing the government, and how the government might be thinking about them, than any source I know. For example, Steve argues that EINSTEIN 2.0 can be expanded to private entities like Defense contractors. "It should be pretty straightforward to do so," he maintains, "provided the network is owned or operated by a single entity or group of entities and is set up like an intranet with a limited set of authorized users, and provided the operator can agree by contract or can be required by regulation to use log-on banners and user agreements like those employed by the federal agencies participating in EINSTEIN." But Steve is skeptical that EINSTEIN 2.0 can be extended to "the public Internet itself." More interesting than Steve's comments on EINSTEIN 2.0 are what he says about offensive cyber operations, including covert cyber-operations, the Title 10 v. 50 debate as it applies to cyber, customary law limitations on cyber operations, and legal issues related to "using offensive cyber capabilities to block or disrupt the servers overseas where WikiLeaks is holding the sensitive U.S. information." The essay is a must-read for those interested in legal issues related to cybersecurity.

top

Best Practices for Keeping Your Home Network Secure (NSA, April 2011) - The cyber threat is no longer limited to your office network and work persona. Adversaries realize that targets are typically more vulnerable when operating from their home network

since there is less rigor associated with the protection, monitoring, and maintenance of most home networks. Home users need to maintain a basic level of network defense and hygiene for both themselves and their family members when accessing the Internet. [Editor: contains common-sense recommendations.]

top

ACLU: Michigan Cops Stealing Drivers' Phone Data (CNET, 19 April 2011) - The Michigan State Police have started using handheld machines called "extraction devices" to download personal information from motorists they pull over, even if they're not suspected of any crime. Naturally, the ACLU has a problem with this. The devices, sold by a company called Cellebrite, can download text messages, photos, video, and even GPS data from most brands of cell phones. The handheld machines have various interfaces to work with different models and can even bypass security passwords and access some information. The problem as the ACLU sees it, is that accessing a citizen's private phone information when there's no probable cause creates a violation of the Constitution's 4th Amendment, which protects us against unreasonable searches and seizures. To that end, it's petitioning the MSP to turn over information about its use of the devices under the Freedom of Information Act. The MSP said it's happy to comply, that is, if the ACLU provides them with a processing fee in excess of $500,000. That's more than $100,000 for each of the five devices the MSP says it has in use.

top

- and -

Police Use Data Shared by TomTom GPS Users to Set Targeted Speed Traps (Law.com, 3 May 2011) - Companies that ask you to allow them to collect information about your use of their product may have good intentions, but sometimes purchasers of that information may have other plans. For example, when you sign up for the TomTom GPS device service, the company asks you if it is OK if they collect "travel time information," and most users agree to this. TomTom says it uses this information to "create high quality traffic information and to route you around traffic jams and get you to your destination as quickly and safely as possible." So far, so good, right? TomTom also sometimes makes this information available to local governments and authorities so that authorities can "better understand where congestion takes place, where to build new roads and how to make roads safer." Again, no problem. Last week, however, TomTom's CEO Harold Goddijn wrote a letter to the company's customers letting them know that, in at least some areas, local police have used the data in an "unforeseen" way that may make TomTom users wish they had never agreed to share information: to place speed cameras where the shared TomTom data shows average speed is higher than the legally allowed speed limit. In his letter, Goddijn writes that TomTom "fully understands some of customers do not like this and we will amend the licensing conditions to stop this type of usage in near future." PC Mag reports that TomTom started selling traffic data to governments earlier this year as a way to supplement weak earnings. After a Dutch newspaper reported that Dutch police were using the data to target speed traps, however, customers became upset, prompting Goddijn's letter.

top

- and -

Password Protected? Can a Password Save Your Cell Phone from the Search Incident to Arrest Doctrine? (SSRN, Adam Gershowitz, 31 August 2010) - Abstract: "Over the last few years, dozens of courts have authorized police to conduct warrantless searches of cell phones when arresting individuals. Under the so-called search incident to arrest doctrine, police are free to search text messages, call histories, photos, voicemails, and a host of other data if they arrest an individual and remove a cell phone from his pocket. Given that courts have offered little protection against cell phone searches, this article explores whether individuals can protect themselves by password protecting their phones. The article concludes, unfortunately, that password protecting a cell phone offers minimal legal protection. In conducting a search incident to arrest, police may attempt to hack or bypass a password. Because cell phones are often found in arrestees' pockets, police may take the phones to the police station where computer savvy officers will have the time and technology to unlock the phone's contents. And if police are themselves unable to decipher the password, they may request or even demand that an arrestee turn over his password without any significant risk of the evidence on the phone being suppressed under the Miranda doctrine or as a Fifth Amendment violation. In short, while password protecting a cell phone may make it more challenging for police to find evidence, the password itself offers very little legal protection. Accordingly, legislative or judicial action is needed to narrow the search incident to arrest doctrine with respect to cell phones."

top

iPhones Secretly Track Their Users' Locations (CNN, 20 April 2011) - Apple devices appear to be tracking their owners' locations and storing data about people's whereabouts without their knowledge, according to a report posted Wednesday on a site called iPhone Tracker. The unauthorized surveillance started in June 2010, when the latest version of Apple's mobile operating system was released, according to two researchers who say they discovered a hidden tracking file and posted it out of concern for users. Apple has not responded to the allegations. The researchers have posted a program online that will let any iPhone user see a map of his or her location over time, going back to June, when iOS 4.0 was released. The program's developers, listed as Alasdair Allan and Pete Warden, say this data is stored on a person's iPhone or 3G-enabled iPad and on computers that are synced with those devices. There's no evidence, they say, that the data is also transmitted to Apple as it's collected. "Cell phone providers collect similar data almost inevitably as part of their operations, but it's kept behind their firewall. It normally requires a court order to gain access to it, whereas this is available to anyone who can get their hands on your phone or computer," they write. [Editor: Wow! I ran the referenced program - on my Macintosh it pulled the phone's GPS data from a backup file on the laptop, and then graphed it onto a map, which you can zoom in, temporally and/or positionally; somehow it shows me in Canada, where I know my phone has not been. Related NYT story here:http://www.nytimes.com/2011/04/21/business/21data.html?_r=1 Apple's official Q&A on April 27 doesn't seem to explain why they've associated date/time with location. On May 4, Apple released a software update to reduce the location cache size, disable it when "Location Services" are off, and to stop backing up the cache to connected computers. See also Bought Your Child An iPhone? Stalk Them With Footprints (TechCrunch, 5 May 2011)]

top

- and -

Atoms vs. Bits: Your Phone in the Eyes of the Law (The Atlantic, 26 April 2011) - On the last Friday in November in 2007, James Nix was riding shotgun in a car driving through the streets of Albany, Oregon, a freeway passthrough town between Salem and Eugene. Nix had several outstanding warrants for possession of a controlled substance, endangering the welfare of a minor and violating his parole on an earlier drug conviction. Earlier that day, an Albany police officer saw Nix take a call on his cell and then immediately after sell drugs to someone in classic hand-to-hand, money for drugs, switch. So, he'd tipped off another officer by the name of Jones to watch for the car. After investigating Nix for several weeks, they were going to make an arrest. Officer Jones pulled Nix's friend over in a lawful traffic stop and Nix bolted. He didn't get far before being apprehended, though, and Jones patted him down, finding 22 clear plastic baggies often associated with drug dealing, $370 in cash and a cellphone. Jones said while he counted the money, the phone rang "continually." With enough evidence to make an arrest for selling drugs, Jones called Nix's investigators, who told him to deliver the phone to the Albany PD's mobile phone expert. Without a warrant, the forensics analyst searched the entire contents of the phone and "found text messages that he believed were drug related and images 'consistent with methamphetamine.'" They were subsequently used against Nix in a trial which found him guilty. Ask yourself: Do you think it was OK for the police to search the contents of Nix's phone without a warrant? It's a complicated issue. We have rules against warrantless searches for good reason. On the other hand, law enforcement doesn't want to lose the ability to do everything it can to catch people they think are criminals. Here's the legal issue at the heart of the case, which will be argued before the Oregon Supreme Court next week. We all know that the Fourth Amendment to the Constitution protects everyone from "unreasonable" search and seizure. Since the 18th century, though, many cases have touched on how to define what is and is not unreasonable. Under English common law, it was generally considered reasonable for the police to search you while you were being arrested. It became known as the "search incident to arrest exception" and has been around in American law for well over 100 years. The big change to the exception came in the 1969 case Chimel vs. California, which laid out a key exception to the exception. Namely, if a suspect was arrested in his home, the police couldn't search his whole house. As Wikipedia summarizes it, the police could only search, "the area within the immediate control of the suspect," or as James Nix's attorney Bronson James more colorfully put it, there is a "wingspan rule." If you can reach it, the cops can search it.

top

- and -

Telling Traces (IT Conversations podcast by Deborah Estrin, 30 March 2011) - As an expert in localization and sensory networks Deborah Estrin explains what can be learned and shared in the richness of digital traces of activity. She talks about GIS potential for improving commute patterns as well as calculating one's carbon footprint. The ability to corral data and mash up with maps and analytics empowered high school students to accurately estimate and share their carbon impact. Tracing of individual activity does not just involve automated traces but also experience sampling. A patient's struggle with diabetes and hypertension can yield opportunities to help patients having difficulty with side effects of medications. Self analytics may be prescribed to monitor effects or drug interactions in real-time. This has the potential to prevent a day from being interrupted or lost entirely because of medication challenges. Estrin contends that the capacity of our pretransactional information to be as private or as public we care top make it has drawbacks that users should be circumspect about. If recordable, thoughts, feelings and their biological indicators, probably should not be stored on a cell phone. Use of secure cloud storage could be effective in managing personal information in educated ways and using best practices.

top

E-Discovery Audio Search (KM World, 20 April 2011) - ZyLAB has unveiled its Audio Search Bundle, a desktop software product engineered to identify relevant audio clips from multimedia files and from business tools such as fixed-line telephone, VOIP, mobile and specialist platforms such as Skype or MSN Live. It is designed for technical and non-technical users involved in legal disputes, forensics, law enforcement and lawful data interception to search, review and analyze audio data with the same ease as more traditional forms of electronically stored information (ESI). ZyLAB says Audio Search Bundle transforms audio recordings into a phonetic representation of the way in which words are pronounced, so that investigators can search for dictionary terms as well as proper names, company names or brands without the need to "re-ingest" the data.

top

Another "Round" of Data Insecurity (Steptoe's E-Commerce Law Week, 21 April 2011) - The Massachusetts Attorney General has reached a settlement with the Briar Group LLC, the owner of bars and restaurants in the Boston area, over a data breach in 2009 that exposed over 120,000 debit and credit card accounts of customers. The AG alleged that Briar had engaged in "unfair and deceptive practices" under Massachusetts law by accepting customers' payment cards without taking reasonable steps to secure the customers' personal information. Notably, the breach occurred before the effective date of Massachusetts' data security regulations. But, just as the FTC has done at the federal level, the Massachusetts AG determined that the lack of what she considered reasonable security measures constituted a violation of the law. In addition to paying a civil fine of $110,000, Briar must comply with the Massachusetts data security regulations and the Payment Card Industry Data Security Standards - which, of course, it is required to do, anyway.

top

Courtroom Social Media Lab Readies for May 2 Launch (Ambrogi, 22 April 2011) - An innovative experiment that will turn a working Massachusetts courtroom into a test lab for social media in the courts is gearing up to launch on May 2. Once it starts, most of what happens in the courtroom at Quincy District Court will be streamed live over the Web for anyone to see. In addition, a designated area of the courtroom will be reserved for bloggers and citizen journalists. The courtroom will be equipped with WiFi to access the Internet. Originally named "Order in the Court 2.0," the project has now been renamed OpenCourt. Its website, when it launches, will be at OpenCourt.us. The camera providing the live feed will be controlled by the judge, who will be able to turn it off in certain circumstances. The camera will be turned off for most domestic violence cases and also in any proceedings where state law or court rules prohibit cameras. In addition, the judge will be able to turn off the camera as a matter of judicial discretion. The video feed will be archived and will be available for use by news organizations, bloggers and others. [Editor: see also Take Peek Into Your Local Courtroom with OpenCourt (ReadWriteWeb, 3 May 2011)]

top

The New York Times' Cascade: Data Visualization for Tweets (Mashable, 22 April 2011) - The research and development department of The New York Times has recently been pondering the life cycle of the paper's news stories in social media - specifically, on Twitter. Cascade is a project that visually represents what happens when readers tweet about articles. Even now, however, Cascade is more than just a nifty data visualization. Some journalists think it also gives us new ways of to think about and optimize for sharing and engagement on the social web, especially since it helps identify the most influential sharers, the more shareable terms, and more. Its creators write on the project's website that Cascade "links browsing behavior on a site to sharing activity to construct a detailed picture of how information propagates through the social media space. While initially applied to New York Times stories and information, the tool and its underlying logic may be applied to any publisher or brand interested in understanding how its messages are shared." [Editor: includes interesting 4-minute video.]

top

Ubuntu Linux Boosted by 10,000 Seat PC Win (IT World, 22 April 2011) - Canonical has taken the wraps off a morale-boosting deal that has seen German insurance giant LVM Versicherungen convert 10,000 PCs to use Ubuntu Linux across the company's operations. The project included the conversion of 3,000 desktop and laptop computers in LVM's Muenster HQ with a further 7,000 in the company's agencies around Germany. The core software used by the company is LAS, a Java-based claims-processing application of its own design, backed by Lotus Notes, Adobe's Reader and the OpenOffice suite. The news isn't entirely a surprise given that LVM has been using Ubuntu for some time. But converting a company's entire install base to use the software is still a modest coup. LVM is also a demanding environment for any OS. The company's workforce is bolstered by a small army of self-employed and mobile sales representatives that sell insurance at street and living room level. The LAS system is described as being used by the sales team in an 'always-on' configuration. The official release made no mention of the operating system being displaced but Techworld understands these were running older versions of Windows in recent years.

top

Tech landscape 2011: Top product picks; Rise of Mac viruses; Security for thumbdrives, iPhone; and more (ABA Journal, 26 April 2011) - It's once again time to catch up on the latest-greatest and not so great-in legal technology for attorneys, especially those in solo and small firms. And for that, we turn to authors of the 2011 Solo and Small Firm Legal Technology Guide: Critical Decisions Made Simple-Sharon D. Nelson, John W. Simek and Michael C. Maschke. [Editor: includes recommendations for computerized case management systems.]

top

Biz Cards Go Digital: Firm Adds QR Codes to Business Cards (ABA Journal, 27 April 2011) - A 55-member law firm in northern Virginia is giving its lawyers the option of adding a "Quick Response Code" to their business cards to make it easier to share contact information with colleagues and clients. The Washington Post notes in a brief that while QR codes are common in Europe and Asia, the practice is only recently gaining traction in the United States. The Fairfax-based firm Odin Feldman Pittleman is promoting its adoption of the QR code in a news release (PDF). QR codes, when scanned by smartphones, can transfer more data than could fit on a typical business card and is used as a convenient way to automatically transfer names, addresses and other contact information to digital address books. [Editor: I dropped physical address info from my business cards in 1996; the QR idea is au courant but too late? See " QR Code Resume Makes Your Embossed Paper Look Lame" for more. See also story below about "Bumping" phones to make payments.]

top

Feds to Remotely Uninstall Coreflood Bot from Some PCs (Computerworld, 27 April 2011) - Federal authorities will remotely uninstall the Coreflood botnet Trojan from some infected Windows PCs over the next four weeks. Coreflood will be removed from infected computers only when the owners have been identified by the Department of Justice (DOJ) and they have submitted an authorization form to the FBI. The DOJ's plan to uninstall Coreflood is the latest step in a coordinated campaign to cripple the botnet, which controls more than 2 million compromised computers. Two weeks ago, the DOJ and the FBI obtained an unprecedented temporary restraining order that allowed them to seize five command-and-control (C&C) servers that managed Coreflood. Since then, the U.S. Marshal's Service has operated substitute C&C servers that have disabled the bot on most infected PCs. Those actions have reduced Coreflood by 90% in the U.S. and nearly 75% in other countries, but the government wanted to do more.

top

Why We Need An Open Wireless Movement (EFF, 27 April 2011) - If you sometimes find yourself needing an open wireless network in order to check your email from a car, a street corner, or a park, you may have noticed that they're getting harder to find.

Stories like the one over the weekend about a bunch of police breaking down an innocent man's door because he happened to leave his network open, as well as general fears about slow networks and online privacy, are convincing many people to password-lock their WiFi routers. The gradual disappearance of open wireless networks is a tragedy of the commons, with a confusing twist of privacy and security debate. This essay explains why the progressive locking of wireless networks is harmful - for convenience, for privacy and for efficient use of the electromagnetic spectrum. We will need a political and technological "Open Wireless Movement" to reverse the degradation of this indispensable component of the Internet's infrastructure. Part of the task will simply be reminding people that opening their WiFi is the socially responsible thing to do, and explaining that individuals who choose to do so can enjoy the same legal protections against liability as any other Internet access provider. Individuals, including Bruce Schneier and Cory Doctorow, have laid some of the groundwork. It's time to spread the message far and wide. But an Open Wireless Movement will also need to do technical work: we need to build new technologies to ensure that people have an easy way to share a portion of their bandwidth without affecting the performance of their own network connections while at the same time ensuring that there is absolutely no privacy downside to running an open wireless network. [Editor: I agree completely; part of my home WiFi network is open.]

top

Bank Lets Customers Pay Friends By Bumping iPhones (Mashable, 29 April 2011) - ING Direct customers can now transfer payments to friends with the bump of a cellphone - no account numbers needed. The bank released an updated version of its iPhone app [iTunes link] on Wednesday morning that integrates an API from Bump Technologies, a startup that makes it easy to transfer information between phones by tapping them together. Previously Bump's technology has been used to exchange contact information, photos and music between users. This is the first time that a bank has leveraged it for person-to-person payments. Many banks (including ING Direct) are experimenting with another technology called near field communication (NFC), which could one day power phone-to-phone transactions. But there are a limited number of NFC-enabled devices in the market, and security standards have yet to emerge. Bump is much simpler. The startup's app and API recognize tapping motions and maps them. When a Bump is recognized, a signal is sent to cloud servers that match it with another Bump that occurred at the exact same place and time. It decides those two Bumps are a match, and exchanges information between them. In ING's case, each user will need to log into his or her secure account to send or receive payment. Bump's role is to ID participants in a person-to-person transaction instead of requiring them to type and verify account numbers.

top

Amazon's Cloud Crash Destroyed Many Customers' Data (MSNBC, 29 April 2011) - In addition to taking down the sites of dozens of high-profile companies for hours (and, in some cases, days), Amazon's huge EC2 cloud services crash permanently destroyed some data. Amazon has yet to fully explain what happened when its mission-critical and supposedly bomb-proof systems crashed, but the explanation will be important. As will the explanation for how the company could have permanently destroyed some of its customers data.

top

The Latest from the NLRB on Social Media (Littler, 2 May 2011) - The National Labor Relations Board created a stir in late 2010 by filing an unfair labor practice charge against ambulance company, AMR, for firing an employee who, among other things, called her supervisor a "mental patient" in a Facebook post read by many co-workers. As it turns out, the "Facebook case" was just the beginning of what appears to be a trend by the Board, subsequently joined by unions, to restrict employers' ability to promulgate and enforce social media policies that, in the Board's view, impinge on employees' rights under the National Labor Relations Act. Several recent developments provide a window into the Board's intentions. Last week, the NLRB's Hartford Regional Director, who was responsible for filing the Facebook case, provided useful information about the Board's intentions, both in comments and in handout materials, while speaking on a panel for the Connecticut Bar Association. Below are some of the highlights: * * * [Guidelines, 4 recent filed complaints, best-practices for disclaimers, litigation strategy] * * * In a development that could resonate beyond social media, the Regional Director also revealed that the Regions, at the direction of the Board's Acting General Counsel, are filing complaints to set the stage to reverse the Board's December 2007 decision in Register Guard . In that case, a Republican-dominated Board held that an employer can lawfully impose a broad ban on employee's use of the corporate e-mail system for solicitations and other non-business reasons as long as the policy on its face does not discriminate against union activity and is enforced in a non-discriminatory manner. A reversal of Register Guard could severely crimp employers' ability to regulate employees' social media activity while using corporate electronic resources.

top

EPIC Proposes "Fair Information Practices" for Google (BeSpacific, 3 May 2011) - "Today EPIC submitteddetailed comments on a landmark privacy agreement that requires Google to adopt a "Comprehensive Privacy Plan" to safeguard the privacy and personal information of Internet users. In comments to the Federal Trade Commission, EPIC recommended that the FTC require Google to adopt and implement comprehensive Fair Information Practices http://www.bespacific.com/mt/archives/027172.html

top

New Legal Networking Site Seeks to Keep it Simple (Robert Ambrogi, 5 May 2011) - At the PLI seminar on social media I attended yesterday in New York, one of the speakers, Kelly Hoey, remarked, "I don't ever again want to have to fill out another social media profile." Well Kelly, meet Lawford, a new professional networking site for lawyers that fills out your profile for you. This week marks the private-beta launch of Lawford. Lawford's developers have the ambitious goal of building the largest legal networking platform in the world. In fact, they say that they hope someday to have every lawyer in the world become a contributing part of the site. [See original article for an invite code.] Given the tough time other legal-vertical networking sites have had building up any critical mass of users, not to mention the ABA's recent shuttering of its networking site, Lawford has its work cut out for it. That said, it is approaching the legal market in a unique way, one that cuts out much of the work of joining a professional network. Recognizing that lawyers are tight on time, Lawford aims to make the sign-up process as painless as possible. To do this, it has assembled data on literally every lawyer in the United States. What that means is that it knows who you are before you ever tell it a thing about yourself.

top

Tattoo Design May Halt the Release of Hangover II (CaseClothesed, 5 May 2011) - Tattoo Artist S. Victor Whitmill is suing Warner Bros. Entertainment for using his "art work" on their film "The Hangover Part II." Whitmill originally created the tattoo piece on Mike Tyson's face, and now a main character in "The Hangover Part II" movie is using the same tattoo on his face. Whitmill states that he owns the artwork and the copyright in the original tattoo, and the unauthorized placing of the exact tattoo on another character constitutes copyright infringement. Are tattoos protected, and should Warner Bros. have contacted Whitmill to obtain permission to use it in the film? Maggie Sicklinger recently wrote an article pertaining to this issue, clickhere to read it. The article stated that the Ninth Circuit recently decided in Anderson v. City of Hermosa Beach No. 08-56914, that tattooing is an expressive activity similar to pen and ink drawings, and therefore entitled to full First Amendment protection! Copyright protection extends to expressive work "fixed" in a tangible medium and according to this case, artwork on the body of a person is copyright protected.

top

Applying the Rules of Evidence Related to Authentication to Online Sources (Volokh Conspiracy, 6 May 2011) - Evidence law has special rules that require someone who wants to introduce a document to first introduce "foundation" evidence that shows the document was indeed written by the person who supposedly wrote it; this is called "authentication." Griffin v. State, decided by Maryland's highest court on April 28, has an interesting discussion of how those rules play out with regard to online sources. The case itself involved the authentication of a MySpace Web page, but the discussion can apply to many other online sources as well. Note that this is a different matter than deciding the reliability of an online source, or the admissibility in other respects of an online source (e.g., whether the source contains inadmissible hearsay). It is also a different matter than deciding the factual authenticity of the source given a dispute about the foundation evidence (e.g., if A denies that he wrote a Web page, but B testifies that he had heard A say he did write the Web page). The question is simply what factual foundation - however disputed that factual foundation might be - has to be presented before the document can even be introduced into evidence. It would then be up to the jury to resolve any factual disputes related to that foundation evidence. Here's the court's discussion of some ways that Web page such as a Myspace page can be authenticated in the legal sense, so that the sites' contents can be introduced as evidence: * * *

top

Archiving the Web for Scholars (InsideHigherEd, 6 May 2011) - Many scholars, while struggling to find and patch together the surviving fragments of historical documents, have probably longed for a time machine. In the era of Internet research, they might finally get their wish. Sort of. The Internet Archive, a nonprofit founded in 1996, has provided libraries and other institutions with the tools to preserve "the ephemera of the Web" - websites and their various documents, images, videos, and links - not just by caching a snapshot of the "landing page," but by copying and preserving entire domains that researchers can navigate just as they would have at any point in the site's history - even if the site moves, changes, or disappears. Many libraries are beginning to use the Internet Archive, and its popular WayBack Machine, to develop scholar-friendly archives of websites. The organization currently hosts collections of archived websites for more than 60 different colleges and universities. The idea is essentially to preserve websites the way libraries have long preserved newspapers via microform. As the Internet has increasingly become society's medium of record, it has become common for the authors of scholarly papers to cite Web content that has no corresponding print documents. (Several academic style guides recently added guidelines for citing Twitter and Facebook content.) Web addresses have become so unreliable that the Modern Language Association recently stopped requiring scholars to include URLs when citing websites, instructing them instead to include information that might help readers hunt down the site with search engines. It would be simpler, of course, if they could just cite a library archive where the relevant version of the website is preserved in suspended animation, Wolven says.

top

NOTED PODCASTS

Hearsay Culture - Interview with Prof. David Post (56 minutes; 12 April 2011) - Interview with Prof. David Post of Temple University Beasley School of Law, author of In Search of Jefferson's Moose: Notes on the State of Cyberspace. [Editor: fairly interesting discussion of Jeffersonian precepts, in the context of "The Law of the Horse", et al.]

top

RESOURCES

Privacy Protections for Personal Information Online (CRS, 6 April 2011) - There is no comprehensive federal privacy statute that protects personal information. Instead, a patchwork of federal laws and regulations govern the collection and disclosure of personal information and has been addressed by Congress on a sector-by-sector basis. Federal laws and regulations extend protection to consumer credit reports, electronic communications, federal agency records, education records, bank records, cable subscriber information, video rental records, motor vehicle records, health information, telecommunications subscriber information, children's online information, and customer financial information. Some contend that this patchwork of laws and regulations is insufficient to meet the demands of today's technology. Congress, the Obama Administration, businesses, public interest groups, and citizens are all involved in the discussion of privacy solutions. This report examines some of those efforts with respect to the protection of personal information. This report provides a brief overview of selected recent developments in the area of federal privacy law. This report does not cover workplace privacy laws or state privacy laws.

top

The Path of Internet Law: An Annotated Guide to Legal Landmarks (forthcoming Duke Law & Tech Review, 3 April 2011) - Abstract: "In the classic holiday film "It's a Wonderful Life," a disillusioned George Bailey (played by Jimmy Stewart) makes a wish that he had never lived. Clarence, the Angel in training, grants George his wish and shows him how life in his hometown would have been different if he had never been born. Our Article asks how the law of intellectual property and legal research have been reshaped by the creation of the Internet. This Article provides guideposts for the best legal resources for Internet law to assist busy lawyers and legal academics in tracing the past, present, and future path of Internet Law. This Article unfolds in three parts: Part I traces the path of the history of the Internet as a technology. Part II is a brief timeline of Internet case law and statutory developments for Internet-related intellectual property (IP) law developments. This part of the article highlights intellectual property, but our broader point is that Internet law illuminates every substantive and procedural aspect of U.S. law. During this formative period, the Internet reshaped the path of each branch of the law of intellectual property. Part III presents an annotated guide to the best research resources to assist academics and policymakers in tracing the future path of Internet Law. The future path of Internet law will be less U.S. centric, therefore we review the best available sources for tracing the path of Internet law in a global setting. Finally, we conclude by hazarding some predictions based upon the "sibylline leaves" gathered from extant Internet case law and statutory developments about the future of Internet law."

top

DIFFERENT

Google Map Maker and Admissions (InsideHigherEd, 21 April 2011) - Strategic Enrollment Management (SEM) professionals should be some of the most tech-savvy student affairs practitioners at your campus. With useful technologies being released seemingly on a daily basis, it is crucial that SEM directors, especially those who work in Admissions, be plugged in to new ways that technology can be used to market their campuses. One of the most popular posts on my personal blog is also one of the simplest -- "Campus maps and Google." The post is essentially a snapshot of how some schools use the Google Maps API to create a custom Google map for their campus. Numerous institutions use this option for their campus map. This week,Google announced the availability of Google Map Maker for the United States. Google Map Maker allows users to label building locations, create unique paths/shortcuts, and label the outline of buildings. It's evident that Google recognizes the potential benefit for higher education institutions. The "getting started" web page for Google Map Maker features a section for " Schools and Universities." With Google Map Maker, anyone with a Google account can create custom content on top of your institution's Google Map presence. While the potential for amazing user-generated content is massive, it will be interesting to see if Admissions personnel will utilize Map Maker content.

top

LOOKING BACK - MIRLN TEN YEARS AGO

ONE-THIRD OF ONLINE AMERICA IS ON AMERICA ONLINE A new study by market research firm Jupiter Media Metrix says that 33% of the time Americans spent online last month was spent at services offered by AOL Time Warner, while America Online competitors lagged far behind: Yahoo at 7% and Microsoft sites at 6%. And why are all these people online at AOL? They've got messages. Instant messaging and e-mail accounted for half of all the minutes spent on AOL. A Jupiter senior industry analyst explained: "What this shows is the power of the AOL business model. AOL mixes a content service with an access business and a software business. That mix allows them to control the environment you're living in much more than their competitors do, leading to more time with AOL." (Washington Post 27 Feb 2001) http://washingtonpost.com/wp-dyn/articles/A58901-2001Feb26.html

top

PRINCETON PROFESSOR BOWS TO RECORDING INDUSTRY (Salon.com, 26 April 2001) -- Bowing to the threat of legal action from the recording industry, a Princeton computer scientists decided against presenting a paper Thursday on how the research team he led broke security on digital music. Edward Felten, an associate professor in Princeton University's computer science department, had remained mum for days on whether he would present the paper at the International Information Hiding Workshop, announced he would not make the information public because threats of legal action had been made against the authors. Early this month, the Secure Digital Music Initiative Foundation -- which has ties with the Recording Industry Association of America -- sent Felten a letter suggesting he could be sued if he released information on how "watermarks" encrypted into digital music files could be broken. http://www.salon.com/tech/wire/2001/04/26/riaa/index.html [Editor: I'll be with Ed next month at the Privacy Law Scholars Conference; Ed now is the FTC's chief technologist.]

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln. Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. BNA's Internet Law News, http://ecommercecenter.bna.com

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. Law.com

11. Readers' submissions, and the editor's discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose . top