MIRLN --- 4-31 December (v14.17) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)
- New EU Directive on Consumer Rights Affects Website Terms
- iCloud to the Rescue?
- Red Cross Wants Real Life Laws Enforced Within Virtual Worlds
- The Trespass Tort Versus the CFAA: A Response to the Oracle Amicus Brief in Nosal
- Cut-and-Paste Reveals Redacted Info on Apple Smartphone Market in Federal Judge's Opinion
- Oregon Judge Rules Bloggers Aren't Journalists
- Does a Naked Retweet Carry an Endorsement by a Lawyer or Law Firm?
- DARPA Unshredding Contest
- Feds Launch Cloud Security Standards Program
- Privacy Fades in Facebook Era
- Law Firms and Social Media: A Match Not Yet Made in Heaven
- Are You Following Your Clients On Twitter?
- LexisNexis and Vizibility Release Research Results on the Use of Social Media Within Law Firms
- Some Facts About Carrier IQ
- YouTube for Schools and Lecture Capture
- UK Judge Sanctions Live-Tweeting for Reporters
- Court Denies Motion to Provide Access to Social Networking Sites in Civil Discovery
- Judge Dismisses Twitter Stalking Case
- It's Official: The LAPD Ain't Going to Google
- Breach Response: The Legal View
- PATRIOT Act Continues To Harm US Businesses: BAE Refuses To Use MS Cloud Over PATRIOT Act Fears
- The Online Media Legal Network Celebrates its Second Birthday!
- Metropolitan Museum Provides a Trove of Images for Google Goggles
- Don't Break the Internet
- Do Individuals Have "A Right To Be Forgotten"?
- NewtGingrich.com, Occupied
- The PeaceTones Legal Empowerment Project
- Volkswagen Agrees to Curb Company E-Mail in Off Hours
New EU Directive on Consumer Rights Affects Website Terms (IT Law Group, 8 Nov 2011) - In late October 2011, the European Council of Ministers formally adopted the new EU Consumer Rights Directive . The new Directive will drastically affect the rules that apply to online shopping. Numerous provisions will also apply to both the online and the offline markets. The Directive is intended to protect "consumers," i.e., all natural persons who are acting for purposes that are outside their trade, business, craft, or profession. It creates new obligations for "traders," a broad term that encompasses all categories of persons who sell products or services. The Directive defines the term "trader" as any natural or legal person who is acting, directly or indirectly for purposes relating to his/its trade, business, craft of profession in relations to contracts covered by the Directive. These contracts include: sales contracts, service contracts, distance contracts, off-premises contracts, and public auction contracts that are concluded between a trader and a consumer. US companies that operate websites that sell to European customers, as well as their affiliates who make direct sales to EU consumers, must start evaluating the numerous consequences that the implementation of the Directive on Consumer Rights will have on their operations. The consequences include: * * *
iCloud to the Rescue? (Digital Samurai, 11 Nov 2011) - We doubt it, but let's slow down and stop drinking the Apple Kool-Aid. There are some very interesting items in the T&C (Terms & Conditions) that most people don't even read. The tendency is to click, click, click just to get to the end quickly. The T&C for iCloud is around 12-13 pages long, depending on the device used to view it. So let's dive right into some of the "features" presented in the T&C and what they may mean. First, you are required to have a compatible device, duh? It also states that "…certain software (fees may apply)…" whatever that means. There are a lot of words about the location-based services and what Apple and its partners can do with the collected data. Make sure you understand the cloud collects GPS location, crowd-sourced Wi-Fi information, device ID, Apple ID, etc. That sounds like enough information to be personally identifiable to us. There are no words on how long they store the data, if at all, but we're pretty sure they don't throw it away after processing. You can opt out of the collection by not using any location-based services, which we doubt many will do. Apple doesn't take any responsibility for the integrity of any content stored in iCloud. In other words, you are on your own so don't assume that you can actually use any of the data that you may transmit to iCloud. There's a whole sentence in capital letters that states "…Apple does not guarantee or warrant that any content you may store or access through the service will not be subject to inadvertent damage, corruption, loss, or removal in accordance…" Geez, you call that a backup solution? Apparently not, since a few pages later they say "You are responsible for backing up, to your own computer or other device, any important documents, images or other Content that you store or access via the Service." One of the more disturbing provisions states that Apple will give your data to any law enforcement authority, government official or third party if they feel it appropriate, necessary or legally required. That's pretty scary and there is nothing that says Apple will even give you notice that they are giving over your data. Apparently your data is not encrypted in iCloud or Apple has the decryption keys, which still means unintended parties can see your data. This means that iCloud is NOT an acceptable service for attorneys that keep client information on their iDevices.
Red Cross Wants Real Life Laws Enforced Within Virtual Worlds (TechDirt, 5 Dec 2011) - Kotaku has published an article in which the International Committee of the Red Cross proposes that real life laws such as the Geneva and Hague Conventions should be enforced within video games . Before you get too riled up, they are not proposing that video game players be locked up and punished for war crimes for actions performed within the game, but are rather proposing that game designers program those conventions into the games: " In computer and video games, violence is often shown and the players become 'virtually violent'. However, such games are not zones free of rules and ethics. It would be highly appreciated if games reproducing armed conflicts were to include the rules which apply to real armed conflicts. These rules and values are given by international humanitarian law and human rights law. They limit excessive violence and protect the human dignity of members of particularly vulnerable groups. " These types of arguments are very similar to the arguments made by those who have requested laws regulating violence in video games in the past. Those people argued that the lack of consequences in the game would influence player behavior in real life. We know that the US Supreme Court rejected those arguments as the science behind them was not sound. But we all know that pesky court rulings never get in the way of those who want to control human behavior. The Red Cross is looking to have game developers to voluntarily include these laws within the game world noting that some developers already take the time to do it. If that fails, it has no qualms about getting the government involved: "One possible course of action could be to encourage game designers/producers to incorporate IHL in the development and design of video games, while another could be to encourage governments to adopt laws and regulations to regulate this ever-growing industry."
The Trespass Tort Versus the CFAA: A Response to the Oracle Amicus Brief in Nosal (Volokh Conspiracy, 5 Dec 2011) - In a recently-filed amicus brief submitted by Oracle America Inc. before the en banc Ninth Circuit in United States v. Nosal , the important Computer Fraud and Abuse Act case I have blogged a lot about, Oracle makes the following argument about interpreting "access" and "authorization" in the context of the CFAA. The CFAA's prohibition on exceeding authorized access and access without authorization is modeled on trespass principles, the brief reasons, so the scope of the CFAA should be interpreted by reference to the trespass principles articulated in the Restatement (Second) of Torts. According to the Oracle brief, this means that (a) computer owners can condition access to their computers using express restrictions like Terms of Service, but (b) express restrictions are only enforceable in some circumstances. The brief summarizes when express restrictions can be enforced under the tort of trespass. [Editor: interesting argument, well-presented.]
Cut-and-Paste Reveals Redacted Info on Apple Smartphone Market in Federal Judge's Opinion (ABA Journal, 6 Dec 2011) - A federal judge's opinion in Apple's patent infringement suit against Samsung Electronics was formatted in a way that exposed redacted information. The mistaken revelation in the opinion issued Friday by U.S. District Judge Lucy Koh discussed Apple studies showing its customers are unlikely to switch to Samsung's Android devices, Reuters reports. The redacted portions also included some details on Apple's licensing deals with Nokia and IBM. The redacted material was revealed when the opinion, released in PDF format, was cut and pasted into another document. According to Reuters, the redactions reveal courts' predilection to seal materials in intellectual property cases. The story quotes Emory law professor Timothy Holbrook, who said he didn't see any apparent trade secrets in the redactions. "Most of it just seems like it was sealed out of an abundance of caution," he said. Koh's opinion denied Apple's request for a preliminary injunction in its suit claiming Samsung's Galaxy products infringe patents for the iPhone and iPad. The opinion revealing the information was sealed and a new version was posted about four hours later.
Oregon Judge Rules Bloggers Aren't Journalists (CNET, 7 Dec 2011) - A U.S. District Court judge in Portland, Ore., ruled that a blogger who wrote about an investment firm that subsequently accused her of defamation must pay the company $2.5 million because she's a blogger who doesn't legally qualify as a journalist. Crystal Cox, whose blogs are a mixture of fact, opinion, and commentary, wrote several posts that were critical of Obsidian Finance Group and its co-founder, Kevin Padrick. In one blog post , Cox accused Padrick of fraud while serving as trustee in a real estate bankruptcy case. The firm considered the posts defamatory and filed a $10 million lawsuit (PDF) against Cox in January. The blog the court focused on during the case was more factual in tone, suggesting she had an inside source who was leaking her information. Obsidian demanded she reveal the source of her information to prove its veracity. Cox, who acted as her own attorney in the case, refused to reveal her source, arguing that she was afforded the same protections as journalists under Oregon's Shield Law.
Does a Naked Retweet Carry an Endorsement by a Lawyer or Law Firm? (Kevin O'Keefe, 7 Dec 2011) - Does a retweet mean an endorsement of something that was tweeted by someone else or a simple "check this out?" That's a question journalists are trying to answer that also applies to some law firms. Last month the Associated Press released modified guidelines for social media (pdf), including a specific section on retweeting. [Editor: Interesting exploration of the issues.]
DARPA Unshredding Contest (Bruce Schneier, 8 Dec 2011) - DARPA held an unshredding contest, and there's a winner : "Lots of experts were skeptical that a solution could be produced at all let alone within the short time frame," said Dan Kaufman, director, DARPA Information Innovation Office. "The most effective approaches were not purely computational or crowd-sourced, but used a combination blended with some clever detective work. We are impressed by the ingenuity this type of competition elicits."
Feds Launch Cloud Security Standards Program (Computerworld, 8 Dec 2011) - Federal agencies will soon have a government-wide security standard for assessing, authorizing and monitoring cloud products and services. Federal CIO Steven VanRoekel Thursday unveiled the Federal Risk and Authorization Management Program (FedRAMP), which establishes a set of baseline security and privacy standards that all cloud service providers will need to meet in order to sell their products to government agencies. The program requires that all federal agencies use only FedRAMP-certified cloud services and technologies for public clouds, private clouds, hybrid clouds and community clouds. The program also covers all cloud service models, including Software as a Service (SaaS) and Platform as a Service (PaaS). FedRAMP will also provide federal agencies with standard procurement language to use in requests for proposals from cloud service vendors. A Joint Authorization Board, comprising of security experts from the Department of Homeland Security (DHS), General Services Administration (GSA) and the Department of Defense will be responsible for updating the FedRAMP security requirements on an ongoing basis. A group of third-party assessors hired from the private sector will be responsible for independently assessing cloud service providers and certifying their compliance with the standards. The Federal CIO council, a group of government IT executives that set federal IT management practices, will publish an initial set of baseline security and privacy controls for cloud providers within 30 days, VanRoekel said in a White House Office of Management and Budget memorandum ( download pdf ) sent on Thursday to federal agency CIOs. [Europeans considering cloud services may find the ENISA (the European Network and Information Security Agency) guide to "Cloud Computing Risk Assessment" useful:
Privacy Fades in Facebook Era (NYT, 11 Dec 2011) - As much as it pains me to say this: privacy is on its deathbed. I came to this sad realization recently when a stranger began leaving comments on photos I had uploaded to Instagram, the iPhone photo-sharing app. After several comments - all of which were nice - I began wondering who this person was. Now the catch here is that she had used only a first name on her Instagram profile. You would think a first name online is enough to conceal your identity. Trust me, it's not. So I set out, innocently and curiously, to figure who she was. I knew this person lived in San Francisco, from her own photos. At first I tried Google, but a first name and city were not enough to narrow it down. Then I went to her photos and looked for people whom she had responded to in the comments. Eventually I found a conversation with someone clearly her friend. I easily found that person's full name, went to the person's Facebook friend list and searched for my commenter's first name. There it was: a full name. With that, I searched Google and before I knew it, I had this person's phone number, home address and place of employment. Creepy, right? I even had a link to a running app that she uses that showed the path of her morning run. This took all of 10 minutes. "We used to have privacy through obscurity online, so even if people had that information out there, the steps that it would take to aggregate it all were too great," said Elizabeth Stark, a lecturer in law at Stanford who teaches about privacy on the Internet. "Previously you could have searched every photo on the Internet for a photo of Nick Bilton until you eventually found one, but that would take a lifetime. Now, facial recognition software can return more images about someone instantly." [Editor: try it - go to http://images.google.com/ and click on the camera icon in the search bar to search-by-image. It worked for one of my own images. There are similar services - e.g. www.tineye.com ]
Law Firms and Social Media: A Match Not Yet Made in Heaven (WJS, 12 Dec 2011) - While a number of global law firms have dipped their toes in the social media pool, relatively few have taken the plunge into genuine interactivity, according to an audit released today by LexisNexis Martindale-Hubbell. The company looked at how 110 global law firms used LinkedIn, Twitter, YouTube and other social media from April to mid-May of 2011. The upshot? "It's just getting going," said Bryn Hughes, the company's marketing and communications manager in international markets. "For the legal sector, I think they are slow to adapt to new technology." Firms appear interested in using social media as a marketing platform, particularly outfits based in places with excellent internet penetration: New York, Canada, the United Kingdom and Western Europe. Still, most of those surveyed use social networks as one-way channels to distribute company news, and few embraced blogging and YouTube or integrated social media widget into firm web sites, the audit found. Hughes said that lawyers he had spoken with seem interested in using social media, but remained cautious about liability, client confidentiality and the potential embarrassment of posting erroneous statements online. Here's the snapshot of the findings:
- 77% of firms surveyed had profiles on LinkedIn
- 31% used Twitter
- 29% used Facebook
- 10.9% used YouTube
- 8% had official firm blogs
- 7% used social media widgets to integrate firm web sites
- and -
Are You Following Your Clients On Twitter? (Kevin O'Keefe, 20 Dec 2011) - Good attorneys and law firms are always looking for ways to stay in touch in with their clients. Weeks can go by without meeting a client on an active matter. Months or a year can by without talking to a client for which you have no matters pending. How do you stay in touch? Many law firms send out newsletters and alerts, arguably to share helpful information, with the intent to keep 'mind share.' That's a one-way broadcast style of communicating. You're not engaging the client, listening to the client, nor meeting them on their turf. An easy way to stay in touch with clients is to follow them on Twitter. It's becoming more and more common that people have Twitter accounts, whether business leaders or consumers. Look up your clients on Twitter. Look in their LinkedIn profile for their Twitter handle. Start following your clients.
- and -
LexisNexis and Vizibility Release Research Results on the Use of Social Media Within Law Firms (PR Newswire, 21 Dec 2011) - Vizibility Inc. and LexisNexis announced today the results of a survey conducted to shed light on the use of social media in legal services marketing. To illustrate the findings, the results have been released as an infographic . The research suggests a high degree of reliance on broadly defined social media marketing programs, with 81% of survey participants reporting they already use social media marketing tools and another 10.1% saying they plan to deploy social media marketing elements within six months. Furthermore, reliance on social media tools and how they're measured differ significantly by firm size. The survey found that a clear majority of participants consider social media an important part of their overall marketing strategy, with nearly half (48.5%) reporting that social media is "somewhat important" while another 31% believe the tools are "extremely important" to their total marketing efforts. A minority, 5% of responding firms, report not using social media. "You have to measure the results from social media to justify it. Our new data reveals a split between small and large firms in social media marketing objectives," noted Lawyers.com(SM) Editor in Chief and LawMarketing Blog author Larry Bodine. "For example, among small firms, almost 71% of participants in practices with five or fewer attorneys said that they rely on social media marketing to generate new business. In contrast, among respondents from big firms with 100 or more attorneys, only 37% measure social media success this way. Large firms better get smart about social media if they expect it to produce new work."
Some Facts About Carrier IQ (EFF, 13 Dec 2011) - There has been a rolling scandal about the Carrier IQ software installed by cell phone companies on 150 million phones, mostly within the United States. Subjects of outright disagreement have included the nature of the program, what information it actually collects, and under what circumstances. This post will attempt to explain Carrier IQ's architecture, and why apparently conflicting statements about it are in some instances simultaneously correct. The information in this post has been synthesised from sources including Trevor Eckhart, Ashkan Soltani, Dan Rosenberg, and Carrier IQ itself.
YouTube for Schools and Lecture Capture (InsideHigherEd, 13 Dec 2011) - YouTube announced YouTube for Schools today, a variant of YouTube designed to be more education friendly. This site seems primarily aimed at the primary and secondary market, although higher ed may find some things to like. If a school signs up for the service it can upload videos that are then displayed without any non-educational videos (or commenting). The YouTube University site has playlists for arts, business, education, engineering, history, humanities, languages, law, mathematics, medicine, science and social sciences.
- and -
M.I.T. Expands Its Free Online Courses (NYT, 19 Dec 2011) - While students at the Massachusetts Institute of Technology pay thousands of dollars for courses, the university will announce a new program on Monday allowing anyone anywhere to take M.I.T. courses online free of charge - and for the first time earn official certificates for demonstrating mastery of the subjects taught. "There are many people who would love to augment their education by having access to M.I.T. content, people who are very capable to earn a certificate from M.I.T.," said L. Rafael Reif, the provost, in a conference call with reporters Friday. M.I.T. led the way to an era of online learning 10 years ago by posting course materials from almost all its classes. Its free OpenCourseWare now includes nearly 2,100 courses and has been used by more than 100 million people. But the new "M.I.T.x" interactive online learning platform will go further, giving students access to online laboratories, self-assessments and student-to-student discussions. Mr. Reif and Anant Agarwal, director of the Computer Science and Artificial Intelligence Lab, said M.I.T.x would start this spring - perhaps with just one course - but would expand to include many more courses, as OpenCourseWare has done. "The technologies available are much more advanced than when we started OpenCourseWare," Mr. Agarwal said. "We can provide pedagogical tools to self-assess, self-pace or create an online learning community." The M.I.T.x classes, he said, will have online discussions and forums where students can ask questions and, often, have them answered by others in the class. M.I.T. said its new learning platform should eventually host a virtual community of learners around the world - and enhance the education of M.I.T.'s on-campus students, with online tools that enrich their classroom and laboratory experiences. The development of the new platform will be accompanied by an M.I.T.-wide research initiative on online teaching and learning, including grading by computer. And because the M.I.T.x platform will be available free to people around the world, M.I.T. officials said they expected that other universities would also use it to offer their own free online courses.
UK Judge Sanctions Live-Tweeting for Reporters (Mashable, 14 Dec 2011) - A high-ranking UK judge has issued official guidelines that allow journalists to live-tweet public court proceedings in England and Wales without seeking permission. The practice guidance allows journalists to issue live, text-based communications on mobile phones and other Internet-connected devices, including emails, tweets and Facebook status updates. Reporters won't be able to share Twitpics or sound bites over the social web, however; photography and sound recording on these (and other) devices still needs court approval. These new sanctions do not extend to the public. Public attendees will still need to seek permission to use their mobile devices for text-based communications - and any other purpose - during court sessions.
- and -
Is It Enough to Tell Jurors Not to Tweet? (CMLP, 19 Dec 2011) - The Arkansas Supreme Court has reversed a murder conviction - and death sentence - in a case where one juror tweeted during trial, while another fell asleep. Both these problems, the court said, constituted juror misconduct requiring reversal and a new trial. Erickson Dimas-Martinez v. State , 2011 Ark. 515 (Dec. 8, 2011). The Supreme Court was particularly concerned about one of the juror's tweets, "Its over," sent 50 minutes before the jury informed the court that it had agreed on a sentence. As a result of this tweet, the court said, followers of the juror's Twitter feed - including, the court said, at least one journalist (with the online magazine Ozarks Unbound ) - "had advance notice that the jury had completed its sentencing deliberations before an official announcement was made to the court." Dimas-Martinez's lawyers also pointed out that the tweeting juror tweeted during trial despite continued admonitions to the jury throughout the trial warning them not to do so, and that he continued tweeting after the trial judge specifically told him to stop after defense lawyers discovered an earlier tweet. (That one said, "Choices to be made. Hearts to be broken. We each define the great line.") The case raises the question of whether admonishing jurors to not use the Internet and social media is effective. The Arkansas Supreme Court expressed its clear concern, and suggested that measures more drastic than admonitions may need to be taken: "[W]e take this opportunity to recognize the wide array of possible juror misconduct that might result when jurors have unrestricted access to their mobile phones during a trial. Most mobile phones now allow instant access to a myriad of information. Not only can jurors access Facebook, Twitter, or other social media sites, but they can also access news sites that might have information about a case. There is also the possibility that a juror could conduct research about many aspects of a case. Thus, we refer to the Supreme Court Committee on Criminal Practice and the Supreme Court Committee on Civil Practice for consideration of the question of whether jurors' access to mobile phones should be limited during a trial." It is worth noting that while the jurors in this murder trial were told not to tweet about the trial, it does not appear, based on the admonitions repeated in the Arkansas Supreme Court's decision, that they were told why.
Court Denies Motion to Provide Access to Social Networking Sites in Civil Discovery (Volokh Conspiracy, 14 Dec 2011) - The decision by the Pennsylvania Court of Common Pleas is Arcq v. Fields (Dec. 8), and it distinguishes Largent v. Reed (blogged about recently here ) on the ground that the party seeking discovery lacked a sufficient good-faith basis for requesting access to the private portion of the other side's social networking accounts. In Largent, and in other cases, the party seeking discovery saw the public portion of her adversary's Facebook account, and therefore had a basis to conclude that there may be relevant information in the private portions of the account. In Arcq, by contrast, the party seeking discovery made a blanket request for access to all of the other side's social networking accounts, and yet didn't know if his adversary even had any such accounts. The court in Arcq concludes that because the moving party did not first see the public portion of his adversary's site, he lacks a good-faith basis to believe that there is relevant evidence in the private portions and therefore the motion to access the social networking sites is denied.
Judge Dismisses Twitter Stalking Case (NYT, 15 Dec 2011) - In a case with potentially far-reaching consequences for freedom of expression on the Internet, a federal judge on Thursday dismissed a criminal case against a man accused of stalking a religious leader on Twitter, saying that the Constitution protects "uncomfortable" speech on such bulletin-boardlike sites. The government had accused the defendant, William Lawrence Cassidy, of harassing and causing "substantial emotional distress" to a Buddhist religious leader named Alyce Zeoli. He had posted thousands of messages about her, some predicting her violent death. He lived in California, she in Maryland. In his 27-page order, Judge Roger W. Titus wrote that "while Mr. Cassidy's speech may have inflicted substantial emotional distress, the government's indictment here is directed squarely at protected speech: anonymous, uncomfortable Internet speech addressing religious matters." In his order, Judge Titus drew an analogy to the colonial period, when the Bill of Rights was written. A blog, he said, is like a bulletin board that a person of that time might have planted in his front yard. "If one colonist wants to see what is on another's bulletin board, he would need to walk over to his neighbor's yard and look at what is posted, or hire someone else to do so," he offered. With Twitter, he went on, news from one colonist's bulletin board could automatically show up on another's. The postings can be "turned on or off by the owners of the bulletin boards," he wrote. In other words, one can disregard what is posted on a bulletin board. "This is in sharp contrast to a telephone call, letter or e-mail specifically addressed to and directed at another person," he concluded. Hanni Fakhoury, a lawyer with the Electronic Frontier Foundation, based in San Francisco, which filed a brief in support of the defendant's motion to dismiss the case, said he was heartened by the distinction that the judge drew between speech on a public platform, versus through e-mail or telephone. The order is among the first to address a recently expanded cyberstalking law and, as such, could have important repercussions. "This is an area where there has been very little case law," said Eugene Volokh, a law professor at the University of California, Los Angeles. "It is likely to be quite influential." Judge's order is here .
It's Official: The LAPD Ain't Going to Google (GigaOM, 15 Dec 2011) - After a long-running controversy, the 13,000 employees of the Los Angeles Police Department will definitely not move to Google Apps. And that's final. On Wednesday, the Los Angeles City Council voted to officially kill a proposed deployment of Google Apps to the LAPD. The city's other 17,000 employees-those outside law enforcement - will keep using Gmail, the Los Angeles Times reported last night. Two years ago, the LA-Google deal, with CSC acting as contractor, was trumpeted by Google to show that Google Apps - Gmail, specifically - was ready for use by large organizations. But the LAPD had misgivings about how secure Gmail is. For law enforcement and court officials who must deal with sensitive information - evidence, names of confidential informants, etc. - security is critical. Because the LAPD must communicate with the FBI and other federal law enforcement agencies, its communications must meet federal Criminal Justice Information Security standards, as well - something no cloud-based mail is yet able to do. That means the issue is not be as much about Gmail per se as cloud-based email, in general, a fact conceded privately by even some of Google's largest competitors. A spokeswoman for LA city council president Eric Garcetti reiterated that today. "This is about the security of cloud. There are federal as well as local security requirements that must be met," she said.
Breach Response: The Legal View (BankInfoSecurity, 15 Dec 2011) - As legal issues surrounding data breaches become increasingly complex, more organizations are turning to attorneys for post-breach response, says Lisa Sotto, a managing partner for New York-based law firm Hunton & Williams. Complying with a multitude of regional and international laws when consumers' personal information is compromised is critical. And depending on the size and reach of the organization breached, that could mean complying with dozens of mandates and regulations in various parts of the country and world. Sotto, who focuses on privacy and information security, says the role of attorneys has changed significantly in recent years. After a data breach, attorneys handle many facets during the response process. "A lawyer who's well-versed in managing data breaches knows that she or he needs to manage really much more than the straight legal compliance issues," Sotto says in an interview with BankInfoSecurity's Tracy Kitten [transcript below]. Attorneys' duties post-breach typically include: forensics investigations; managing public relations; managing media issues generally; hiring and training call-center agents; retaining a mail house; retaining a credit monitoring and identity protection service; and dealing with the inevitable fallout of a data breach internally. "And of course, the lawyers also need to set things up to try to mitigate the risk of litigation that typically follows a security incident," Sotto says.
PATRIOT Act Continues To Harm US Businesses: BAE Refuses To Use MS Cloud Over PATRIOT Act Fears (TechDirt, 15 Dec 2011) - Following on recent reports that, under the PATRIOT Act, European companies that use Microsoft's cloud offerings in Europe might find their data subject to US government snooping and seizure, it appears that some rather large European companies are rethinking their cloud deployment plans. UK defense contracting giant BAE had apparently planned to start using Microsoft Office 365, until it was pointed out that this could make their documents subject to US snooping under the PATRIOT Act... and the company changed its plans . At what point do PATRIOT Act supporters realize that such broad provisions don't help the US at all, but only lead to situations like this, where business is driven elsewhere. [Editor: see complementary story at ArsTechnica here .]
Metropolitan Museum Provides a Trove of Images for Google Goggles (NYT, 16 Dec 2011) - Over the past year visual-art obsessives have been having a field day with the feature of the Google smart-phone app called Google Goggles, which allows a user to shoot a picture of something - a painting, a photograph, a poster - and in seconds see an identification of the image and a list of search results for more information about it. The app, which was introduced for Android phones in late 2009 and last year for the iPhone, has been getting much better recently at digging up the title, artist and art-historical provenance of the work that the phone camera is looking at. Part of the credit for that can go to holders of huge art-image databases like the J. Paul Getty Museum, which provided Google several months ago with access to several hundred images from its collection, becoming the first museum to do so. Now the Metropolitan Museum of Art has gotten involved. It announced Friday that it has supplied more than 76,000 images of paintings, drawings, prints and photographs in its collection to the project, meaning that if you come across a reproduction of a painting that rings a bell - like "Juan de Pareja" - but can't remember who painted it, your phone can tell you within seconds that it was Diego Velázquez. The app then directs you to the work on the Met's site, for example, which tells you where to find the painting in the museum and gives you much more information about it. (Two-dimensional works function best with the app; it tends to struggle with sculpture, so the Met has so far stuck to paintings and other works on flat surfaces.)
Don't Break the Internet (Profs Lemley, Levine & Post, in Stanford Law Review, 19 Dec 2011) - Two bills now pending in Congress-the PROTECT IP Act of 2011 (Protect IP) in the Senate and the Stop Online Piracy Act (SOPA) in the House-represent the latest legislative attempts to address a serious global problem: large-scale online copyright and trademark infringement. Although the bills differ in certain respects, they share an underlying approach and an enforcement philosophy that pose grave constitutional problems and that could have potentially disastrous consequences for the stability and security of the Internet's addressing system, for the principle of interconnectivity that has helped drive the Internet's extraordinary growth, and for free expression. [Editor: full paper here .]
Do Individuals Have "A Right To Be Forgotten"? (MLPB, 19 Dec 2011) - Jef Ausloos, Electronic Frontier Foundation, has published The 'Right to Be Forgotten' - Worth Remembering? in Computer Law & Security Review (2012). Here is the abstract: "In the last few years there has been a lot of buzz around a so-called 'right to be forgotten.' Especially in Europe, this catchphrase is heavily debated in the media, in court and by regulators. Since a clear definition has not emerged (yet), the following article will try to raise the veil on this vague concept. The first part will weigh the right's pros and cons against each other. It will appear that the 'right to be forgotten' clearly has merit, but needs better definition to avoid any negative consequences. As such, the right is nothing more than a way to give (back) individuals control over their personal data and make the consent regime more effective. The second part will then evaluate the potential implementation of the right. Measures are required at the normative, economical, technical, as well as legislative level. The article concludes by proposing a 'right to be forgotten' that is limited to data-processing situations where the individual has given his or her consent. Combined with a public-interest exception, this should (partially) restore the power balance and allow individuals a more effective control over their personal data." Paper is here .
NewtGingrich.com, Occupied (Washington Post, 21 Dec 2011) - When you go to NewtGingrich.com right now, you might end up on the Washington Post. The pro-Democratic super PAC American Bridge has bought the domain and programmed it to redirect to various Web sites, a clever attack on the former House speaker. The link might take you to Freddie Mac 's Web site, Tiffany's , information about Greek cruises , or to the ad Gingrich cut with former House Speaker Nancy Pelosi in favor of addressing climate change. Sometimes the page goes to a Post article about his campaign's June implosion . American Bridge has now put NewtGingrich.com on Craigslist , jokingly offering to sell the site for somewhere between $10,000 and a million dollars to "someone with greater need than us." The only other candidate whose .com website remains unclaimed by the candidate is Texas Gov. Rick Perry's RickPerry.com. For a few months, that site redirected to the campaign website of Rep. Ron Paul (R-Texas); it now goes to a generic page. As the Post reported recently , web domains are a new battleground in the 2012 campaign. Anonymous proxies often make it hard to determine which campaign is behind attack Web sites.
The PeaceTones Legal Empowerment Project (Robert Ambrogi, 22 Dec 2011) - On the latest Lawyer2Lawyer podcast , we look at Peacetones , an initiative of the Internet Bar Organization to empower artists in the developing world with legal and technology tools to bring their music to the world online. Also in the program, we share a holiday treat from a great songwriter and longtime friend, attorney Larry Savell . Read more about this week's show and listen to the full program at the Legal Talk Network . [Editor: I'm on the board of InternetBar.org, where MIRLN is mirrored.]
Volkswagen Agrees to Curb Company E-Mail in Off Hours (NYT, 23 Dec 2011) - Volkswagen has agreed to deactivate e-mails for its German staff members' company BlackBerrys when they are off duty. Under an agreement reached this week with labor representatives, staff members at Volkswagen will receive e-mails via BlackBerry from half an hour before they start work until half an hour after they finish, and will be in blackout mode the rest of the time, a spokesman for the company said. The new e-mail protocol for Europe's biggest automaker applies to staff members covered by collective bargaining, so it would seem that board-level executives will still be attached to their BlackBerrys. Very few companies have taken such drastic measures to force workers toward a better work-life balance. Deutsche Telekom, the telecommunications company, introduced a "smart device policy" last year that calls on workers to claim communication-free time when they are off work, in exchange for a promise that management will not expect them to read e-mail or pick up the phone at all times. "Mobile communication devices offer a great amount of freedom, but also embody the risk of no longer being able to switch off," the company said. In Europe's biggest economy, where burnout is blamed for almost 10 million sick days a year, labor representatives want to limit the amount of time that employees spend responding to e-mails on weekends and during vacation. Bitkom, a German technology organization, published a study this year showing that 88 percent of German workers are reachable for clients, colleagues and bosses by e-mail or mobile phone outside of working hours, compared with 73 percent two years ago. [Editor: see related story from MIRLN 14.16 involving Atos.]
Universal Access to All Knowledge (Long Now Foundation; Brewster Kahle; 94 minutes) - As founder and librarian of the storied Internet Archive (deemed impossible by all when he started it in 1996), Brewster Kahle has practical experience behind his universalist vision of access to every bit of knowledge ever created, for all time, ever improving. He will speak to questions such as these: Can we make a distributed web of books that supports vending and lending? How can our machines learn by reading these materials? Can we reconfigure the information to make interactive question answering machines? Can we learn from past human translations of documents to seed an automatic version? And, can we learn how to do optical character recognition by having billions of correct examples? What compensation systems will best serve creators and networked users? How do we preserve petabytes of changing data?
Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices (EFF guide, December 2011) - Legal analysis and presentation of technical measures to protect information from border search.
In Search of Jefferson's Moose (book by David Post, Dec 2011) - In 1787, Thomas Jefferson, then the American Minister to France, had the "complete skeleton, skin & horns" of an American moose shipped to him in Paris and mounted in the lobby of his residence as a symbol of the vast possibilities contained in the strange and largely unexplored New World. Taking a cue from Jefferson's efforts, David Post, one of the nation's leading Internet scholars, here presents a pithy, colorful exploration of the still mostly undiscovered territory of cyberspace--what it is, how it works, and how it should be governed.
Mysterious Paper Sculptures (Central Station, August 2011) - Those of you who don't keep up with Edinburgh's literary world through Twitter may have missed the recent spate of mysterious paper sculptures appearing around the city. [Editor: Whimsical charming story about a mysterious library visitor, bearing gifts.]
LOOKING BACK - MIRLN TEN YEARS AGO
SOFTWARE ENABLES HANDS-FREE FLIGHT New technology from the NASA Ames Research Center allows a pilot to land a plane just by waving his hands around in the air. Rather than grasping the controls, the pilot dons a sleeve made out of a pair of old exercise tights with a series of metal buttons sewn on. The buttons pick up electrical signals from the nerves controlling the pilot's arm, and is capable of interpreting the signals precisely enough to land a plane safely. The real goal of the experiment is not hands-free flight, but using nerve signals to control equipment such as nanomachines without surgical implants. The technique could also eventually replace keyboards or joysticks, and prove useful for astronauts wielding tools while wearing bulky spacesuits. "This is a fundamentally new way to communicate with machines," says Charles Jorgensen, head of NASA Ames' neuroengineering lab. The technique has been tested in a simulated environment to land a damaged aircraft, with problems ranging from locked rudder controls to full hydraulic failure. In each case, the landing was successful, says Jorgensen. ("Hands-off Approach" New Scientist 2 Feb 2001) http://www.newscientist.com/article/dn387-handsoff-approach.html
IT SECURITY GROUP GEARS UP (ZDnet, 6 February 2001) The IT Information Sharing and Analysis Center (ISAC) will use an anonymizing service when they begin sharing information on attacks and defenses next month. However, many companies are uncomfortable sharing information about their vulnerabilities with each other and with the government. Computer Associates, Microsoft, Oracle and 16 other major technology companies have put up $650,000 for the center's first year. The center is an outgrowth of a four-year, federal effort to secure the nation's critical information infrastructure against criminals, terrorist and garden-variety hackers. Internet Security Systems of Atlanta will run the operation. http://www.zdnet.com/zdnn/stories/news/0%2C4586%2C2682476%2C00.html [URL expired]
MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:email@example.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.
SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu
2. InsideHigherEd - http://www.insidehighered.com/
3. SANS Newsbites, firstname.lastname@example.org
4. NewsScan and Innovation, http://www.newsscan.com
5. BNA's Internet Law News, http://ecommercecenter.bna.com
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html
7. McGuire Wood's Technology & Business Articles of Note
8. Steptoe & Johnson's E-Commerce Law Week
9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/
10. Readers' submissions, and the editor's discoveries.
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top