MIRLN --- 1-22 December 2012 (v15.17) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)
NEWS | PODCASTS | BOOKS | DIFFERENT | LOOKING BACK | NOTES
- TOR Operator Charged for Child Porn Transmitted Over His Servers
- DHS Cybersecurity Insurance Workshop: Defining Challenges to Today's Cybersecurity Insurance Market
- ITU Packet Inspection Standard Raises Serious Privacy Concerns
- America's Increasing Obsession with Social Media Driving Law Firm Business
- Why Cybersecurity Matters
- The 21st Century Legal Retainer Agreement
- Civil Litigation: A Better Way to Improve Cybersecurity?
- Ponemon Study Reveals Ninety-Four Percent of Hospitals Surveyed Suffered Data Breaches
- Timeline of NSA Domestic Spying
- Can Legal Publishers Collaborate With Blogs?
- To Yelp Or Not To Yelp? Lawsuit Puts The Chill On Bad Reviews
- Two More Cases Hold That Anti-SLAPP Laws Protect Consumer Reviews
- Copyright in Tattoo Case
- Judge Scheindlin Helps Demystify Foreign E-Discovery
- AAA Launches Tool to Create ADR Clauses
- The State of Intellectual Property Around the World
- Disability Access: Law and Policy
- Will Pennsylvania Shut Down the Free Internet?
- 'Non-Harmful' Phone Spoofing OK, Appeals Court Says
- Chicago Area Courts Ban Electronic Devices, For Some
- Service by Email Comes to Illinois
- Fourth Circuit Limits Marital Communications Privilege for Email
- Texas Lawyer Sues the State over His Blog's Name and Wins
- Copyright Levies On Electronics Devices - 2012 Developments
- Feds Can Keep Data of Innocent Citizens for Five Years
- UK Copyright Reform Affects Fair Use, Format-shifting and Big Data
- Court Gives Cold Shoulder to Hot Yoga, Finding Yoga Sequences Not Copyrightable
- HLS1x: Copyright
- Devil's in the Small Print
TOR Operator Charged for Child Porn Transmitted Over His Servers (ArsTechnica, 29 Nov 2012) - An Austrian operator of Tor servers-that were used to anonymously route huge amounts of traffic over the Internet-has been charged with distributing child pornography. This comes after police detected illegal images traversing one of the nodes he maintains. William Weber, a 20-year-old IT administrator in Graz, Austria, said nine officers searched his home on Wednesday after presenting him with a court order charging him with distribution and possible production of child pornography. The crimes carry penalties of as many as 10 years in prison. Police from the Styrian Landeskriminalamt, which has jurisdiction over the Austrian state of Styria, confiscated 20 computers as well as a game console, iPads, external hard drives, USB thumb drives, and other electronics. Evidence cited in the document showed that one of seven Tor Project exit nodes he operated transported illegal images. Short for the onion router, Tor was designed by the US Naval Research Laboratory as a way to cloak the IP addresses and contents of people sending e-mail, browsing websites, and doing other online activities. It is regularly used by political dissidents, journalists, law enforcement officers, and criminals who want to keep their online activities private. Tor works by encrypting a user's Internet traffic multiple times and funneling it through a dedicated server with its own IP address. The data is then passed to a second server, which decrypts one layer of the encryption before passing it to a third server. At that point the data is converted to its original form and sent to its final destination. Tor's onion-like architecture makes it infeasible for the contents to be intercepted by third parties, except by those monitoring an exit node. Even then, it's hard to know where the traffic originated. Weber isn't the first operator of a Tor node to land in hot water as a result of the traffic traversing his server. In 2007, German police raided the home of a Dusseldorf man after bomb threats allegedly passed through his Tor server. Last year, a separate Tor operator said police confiscated hardware and software after someone misused his exit node. During interview with police later on Wednesday, Weber said there was a "more friendly environment" once investigators understood the Polish server that transmitted the illegal images was used by Tor participants rather than by Weber himself. But he said he still faces the possibility of serious criminal penalties and the possibility of a precedent that Tor operators can be held liable if he's convicted. "Sadly we have nothing like the EFF here that could help me in this case by legal assistance, so I'm on my own and require a good lawyer," he wrote in a blog post seeking donations .
DHS Cybersecurity Insurance Workshop: Defining Challenges to Today's Cybersecurity Insurance Market (30 Nov 2012) - Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, network damage, and cyber extortion. The Department of Commerce Internet Policy Task Force has described cybersecurity insurance as a potentially "effective, market-driven way of increasing cybersecurity" because it may help reduce the number of successful cyber attacks by promoting widespread adoption of preventative measures; encouraging the implementation of best practices by basing premiums on an insured's level of self-protection; and limiting the level of losses that companies face following a cyber attack.1 Given this hope, many carriers and companies would like the cybersecurity insurance market to expand into new cyber risk areas to cover currently uninsurable risks such as cyber-related critical infrastructure failures, reputational damage, and the value of lost intellectual property and other proprietary data. Despite the appeal of cybersecurity insurance in a world where news of cyber attacks is an almost daily occurrence, the cybersecurity insurance market today faces significant challenges. While a sizable third-party market exists to cover losses suffered by a company's customers, first-party policies that address direct harms to companies themselves remain expensive, rare, and largely unattractive. Observers blame several factors for this phenomenon, including: (1) a lack of actuarial data which results in high premiums for first-party policies that many can't afford; (2) the widespread, mistaken belief that standard corporate insurance policies and/or general liability policies already cover most cyber risks; and (3) fear that a so-called "cyber hurricane" will overwhelm carriers who might otherwise enter the market before they build up sufficient reserves to cover large losses. Traditional insurance coverage issues such as moral hazard and adverse selection likewise play a part in discouraging market entry by these carriers. Evolving the cybersecurity insurance market to one that offers more coverage to more insureds at lower prices therefore depends on two key factors: (1) the development of common cybersecurity standards and best practices; and (2) a clearer understanding of the kinds and amounts of loss that various cyber incidents can cause. [Polley: I cannot find a public URL for this, so am sharing my copy thru my Dropbox folder. This is a very interesting report, with much useful information.]
ITU Packet Inspection Standard Raises Serious Privacy Concerns (InfoWorld, 30 Nov 2012) - The UN's telecommunications standards organization has approved a standard for deep packet inspection (DPI) that raises serious concerns about privacy, the Center for Democracy and Technology said. That ITU-T, is showing an interest in deep packet inspection suggests some governments hope for a world where even encrypted communications may not be safe from prying eyes, according to the CDT. The adoption of the standard -- officially known as "Requirements for Deep Packet Inspection in Next Generation Networks" or "Y.2770" -- happened last week during the World Telecommunication Standardization Assembly (WTSA), which is held every four years and defines what the ITU-T should focus on. The biggest concern is that the standard holds very little in reserve when it comes to privacy invasion, the CDT wrote. "There is a general lack of attention to design considerations we think are important to Internet users, namely privacy and security. Obviously DPI has the potential to be an extremely invasive technology," said Alissa Cooper, chief computer scientist at the CDT. The standard barely even acknowledges that there is a privacy risk at all, according to Cooper. "What we like to see, at the very least, is a thorough analysis of what the pros and cons are, and how you can build in mitigation for some of the more invasive aspects of the technology. But this has none of that," Cooper said. For example, the standard document optionally requires DPI systems to support inspection of encrypted traffic, which is "antithetical to most norms, policies, and laws concerning privacy of communications," the CDT wrote. The CDT's concerns are backed by European digital rights group EDRi.
America's Increasing Obsession with Social Media Driving Law Firm Business (Kevin O'Keefe, 30 Nov 2012) - Morrison & Foerster's popular Socially Aware Blog, a LXBN network publication, is out this week with a thought-provoking infographic that delves into Americans' increasing obsession with social media, along with their increasingly fractured attention spans. Some of the statistics MoFo has compiled might surprise you:
- The amount of time the average person spent monthly on social networking more than doubled between 2006 and 2011 - from 2.7 hours to 6.9 hours
- More than half of TV viewers are multi-tasking in front of the tube: 61% of viewers surf the Internet while watching TV; 29% use Facebook while in front of the TV
- Social media now accounts for 18% of time spent online
- The fastest growing segments of social networking users are men of all ages and people over 55 years old - both groups grew by more than 9% between July 2010 and October 2011.
- Facebook is the undisputed leader among social networking sites: Visitors spend an average of 6.75 hours on the site each month - nearly twice the amount of time spent on Tumblr, Pinterest, Twitter, LinkedIn, and GooglePlus combined.
- The percentage of Americans who have a social-networking profile has more than doubled in recent years - from 24% in 2008 to 56% in 2012.
Why Cybersecurity Matters (Stewart Baker, 2 Dec 2012) - For those who think I'm a little paranoid on the subject of cybersecurity, I suggest this story - a nightmare made in China for a small US businessman. Brian Milburn's parental control software was pirated and used in a China's infamous Green Dam software . When he sued, hackers tied to the Chinese government attacked his networks relentlessly, nearly destroying his business: "F or three years, a group of hackers from China waged a relentless campaign of cyber harassment against Solid Oak Software Inc., Milburn's family-owned, eight-person firm in Santa Barbara, California. The attack began less than two weeks after Milburn publicly accused China of appropriating his company's parental filtering software, CYBERsitter , for a national Internet censoring project. And it ended shortly after he settled a $2.2 billion lawsuit against the Chinese government and a string of computer companies last April. In between, the hackers assailed Solid Oak's computer systems, shutting down web and e-mail servers, spying on an employee with her webcam, and gaining access to sensitive files in a battle that caused company revenues to tumble and brought it within a hair's breadth of collapse." There are two particularly interesting, and troubling, aspects of the story. First, the hackers immediately attacked Milburn's law firm as well as his company. This tactic is now part of the standard playbook for China's hackers, but US law firms have not fully adapted to the threat . (emphasis added)
The 21st Century Legal Retainer Agreement (Ride the Lightning, 3 Dec 2012) - How times have changed. Once upon a time, lawyers and clients entered into a representation agreement based on a handshake. Today, that same agreement might result in an ethics complaint against the lawyer for failing to commit his fees to writing, or worse, a refusal by the client to pay the bill based on claims that the lawyer never did all the work he promised. Whether you call it a Retainer Agreement, Engagement Letter, Fee Agreement, Representation Agreement or something else, the contract between lawyer and client entered into at the outset of the relationship sets forth the terms of price of services to be rendered by the lawyer. But today, Retainer Agreements must do more than simply state terms of service and price. In the 21st Century, more lawyers seek to charge flat fees for ongoing work, and must comply with applicable ethics rules. Lawyers may need to inform clients of other matters - outsourcing, data storage or acceptance of payment by credit card. At the same time, some lawyers deliver legal services entirely online or may ask a client to execute an agreement on an iPad. In these cases, short retainer agreements that get to the heart of the matter in a couple of sentences are preferable a lengthy lawyerly tome. Today's clients are different too. They're accustomed to consuming information disseminated in sound-bites and 140-character streams and consequently, lack the attention span to read through a seven page retainer agreement. Clients also have access to all sorts of simple online forms, which has changed their perception of what a legal document should look like. For many clients, a lengthy retainer can be intimidating and off-putting; an added hurdle to hiring a lawyer instead of going with a DIY (do-it-yourself) product. Below is a checklist of topics that you may want to consider addressing in your retainer agreement, along with a few sample clauses * * *
Civil Litigation: A Better Way to Improve Cybersecurity? (NetworkWorld, 4 Dec 2012) - A precedent-setting case in the world of electronic banking points to a better method for securing the nation's critical infrastructure from cyberattack, according to a former Department of Homeland Security (DHS) official. Paul Rosenzweig, former assistant secretary for policy at DHS and founder of Red Branch Law & Consulting, said the recent settlement in Patco Construction v. People's United Bank shows how civil litigation can force banks to improve their online security practices. And if that can happen in the financial industry, it can also happen with a critical infrastructure operator, he said, and be more effective than federal cybersecurity legislation or regulation. "In the long run, a civil tort/contract liability system will develop that will work more effectively and flexibly -- imposing costs on those who stint their cybersecurity efforts in an unreasonable manner," Rosenzweig wrote in a recent post on Lawfare . In the Patco case, the company, a small property development and contractor in Sanford, Maine, sued People's United for authorizing six fraudulent withdrawals from its account in May 2009, totaling $588,851, even after the bank's security system had flagged each transaction as high-risk. The fraudulent transactions -- six over seven days -- came from a computer that had never been used before by Patco, from an IP address not recognized as from Patco, and were for amounts greater by several magnitudes than any Patco had made to third parties before. The money was going to people Patco had never before paid. The bank was able to block or recover $243,406 of that total. The First Circuit U.S. Court of Appeals ruling on July 3 was the first time a federal court found that a bank's electronic transaction security procedures failed to meet the standard required under the Uniform Commercial Code (UCC) as "commercially reasonable," putting the bank on the hook for losses due to fraud.
Ponemon Study Reveals Ninety-Four Percent of Hospitals Surveyed Suffered Data Breaches (Data Breach Press, 6 Dec 2012) - The Third Annual Benchmark Study on Patient Privacy & Data Security by Ponemon Institute, sponsored by ID Experts, reports that healthcare organizations face an uphill battle in their efforts to stop data breaches. Ninety-four percent of healthcare organizations surveyed suffered at least one data breach during the past two years; and 45 percent of organizations experienced more than five data breaches each during this same period. Data breach is an ongoing operational risk. Based on the experience of the 80 healthcare organizations participating in this research, data breaches could be costing the U.S. healthcare industry an average of $7 billion annually. Leading causes were lost devices, employee mistakes, third-party snafus, and criminal attacks. A new finding indicates that 69 percent of organizations surveyed do not secure medical devices-such as mammogram imaging and insulin pumps-which hold patients' protected health information (PHI). Overall, the research indicates that patients and their PHI are at increased risk for medical identity theft. Risks to patient privacy are expected to increase, especially as mobile and cloud technology become pervasive in healthcare. [Polley: I'd bet the other 6% just don't know they've been breached. Kinda like the response law firms gave a few years ago.]
Timeline of NSA Domestic Spying (EFF, 6 Dec 2012) - All of the evidence found in this timeline can also be found in the Summary of Evidence we submitted to the court in Jewel v. NSA. It is intended to recall all the credible accounts and information of the NSA's domestic spying program found in the media, congressional testimony, books, and court actions. For a short description of the people involved in the spying you can look at our Profiles page , which includes many of the key characters from the NSA Domestic Spying program. [Polley: from December 2012 stretching back to the FISA law in 1978, and a bit further. Entries on the timeline have pop-out annotations, and links to more. If you're unfamiliar with Orwell's 1984, you should read it, and this, while you can.]
Can Legal Publishers Collaborate With Blogs? (Kevin O'Keefe, 7 Dec 2012) - Amanda Hirsch, (@amanda_hirsch) the editor of Collaboration Central and former editorial director of PBS.org, shares that J-Lab (Institute for Interactive Journalism) just released the results of its three-year Networked Journalism pilot project that called for eight newspapers to network with local blogs. In its report, Networked Journalism: What Works , J-Lab's executive director, Jan Schaffer, (@janjlab) outlines the problem the project was designed to explore: "With U.S. newspapers losing more than 42,000 journalists since 2007, local news coverage has suffered. At the same time, hundreds of local blogs and news sites have launched in their markets … What role can traditional news organizations play not only to expose their audiences to more news than they themselves can deliver, but also to connect new sources of information rising throughout their communities?" Per Hirsch, Schaffer concluded for a partnership between community blog partners and a legacy newsroom to work, two things are needed. First, "it is the responsibility of the hub news organization to provide their news networks with enough visibility and outbound links to drive traffic to their partners' sites." And second, "it is the responsibility of the community news partners to post frequently enough to be robust participants and to nab the visibility - either on the network page or the home page - that would bring them traffic." It turns out networked publishing did work, especially in communities such as Seattle and Portland where there was a robust blogging community. Networked publishing in the law can work for the exact same reason as in news publishing. The number of legal journalists is shrinking. So are the number of publications. At the same time the community of law bloggers is skyrocketing. LexBlog's LXBN Network alone has over 7,000 lawyer authors, including almost 70% of the AmLaw 200 law firm blogs. Though the lawyers may not be trained journalists they are experts in the areas on which they blog. Not only do the know the law, but as part of their jobs they are addressing practical issues in their area of law on a daily basis. Who better than to report and comment than those located where the rubber meets the road?
To Yelp Or Not To Yelp? Lawsuit Puts The Chill On Bad Reviews (NPR, 9 Dec 2012) - The next time you're about to post a scathing review of a business on a site like Yelp or Angie's List, you might want to think twice. This week, a housing contractor named Christopher Dietz sued a former customer for $750,000 in defamation charges for what she wrote in a review on Yelp. Jane Perez wrote that there was damage to her home and that jewelry was missing after she'd had work done from Dietz's company, Dietz Development LLC. On Thursday, a judge took the unusual step of ordering Perez to take down parts of those reviews . While this isn't the first lawsuit of this type, Santa Clara University law professor Eric Goldman tells NPR's Rachel Martin that these cases are, so far, uncommon, because online reviews are still such a new area. "We're still developing the rules about how to deal with consumer reviews," Goldman says. He also says often the economics of litigation don't support lawsuits for a single, negative review. The reality, Goldman says, is that it is extremely unlikely that a single review costs a business anything. "My perspective is that any individual review is not credible, but the aggregate affect of the reviews ... tend to paint a pretty accurate picture," he says. A Harvard study in 2011 showed that a one-star increase on Yelp leads to a 5 to 9 percent increase in revenue. That potential revenue bump gives businesses all the more reason to fiercely protect their online reputation. The lawsuit itself, Goldman says, is a reminder that even though we have the freedom to voice our opinions on the Internet, we also own those words and can be held responsible for them. "Most people don't realize that they're betting their house ... every time they put their opinions out into the public discourse," he says. "When people realize that, it becomes incredibly inhibiting."
- and -
Two More Cases Hold That Anti-SLAPP Laws Protect Consumer Reviews (Eric Goldman, 13 Dec 2012) - Every anti-SLAPP law is worded differently, but some statutes protect statements on "matters of public interest," "issues of public concern" or something similar. This language usually doesn't explicitly reference consumer reviews of marketplace offerings, but my position is that consumer reviews should categorically qualify as matters of public interest because they help consumers make better marketplace choices, and society benefits from more efficient marketplaces. Typically-- but not always --courts have reached this result, but sometime with more drama than necessary. Thus, it's nice to see two clean rulings finding that consumer reviews qualify for anti-SLAPP protection * * *
Copyright in Tattoo Case (CMLP, 10 Dec 2012) - A tattoo artist sued THQ, Inc., the makers of an Ultimate Fighting Championship (UFC) themed video game, for copyright infringement. The artist tattooed a lion on fighter Carlos Condit's torso, and claims that it was his original creation. ( Complaint at 12.) The artist alleges that he created the original design, and owns a registration for the copyright to the design. ( Compl . at 16.) He claims that by using the work in a video game, depicting Carlos Condit, THQ infringed upon his copyright in the work. A press release issued by the firm representing the artist, Christopher Escobedo, states: "People often believe that they own the images that are tattooed on them by tattoo artists," explains Speth [Escobedo's attorney]. "In reality, the owner of the tattoo artwork is the creator of the work, unless there is a written assignment of the copyright in the tattoo art." Escobedo and Condit never had a written agreement. Thus, claims Escobedo in the lawsuit, he remains the owner of the copyright over the image he drew. Nothing in this statement is false, but that doesn't mean that this gets you to the correct answer. Here is the correct answer: * * * 2. Fair Use: I see very little room to argue that THQ's use is not fair use. THQ has the right to use Condit's likeness. That likeness happens to have been augmented with someone else's copyrighted work. The copyright owner can no sooner prohibit this use than he can prohibit me from using it demonstratively as I have in this piece (doubly so, since I clipped it from his complaint). THQ can't accurately depict Condit without the tattoo. THQ can not be prohibited from depicting Condit accurately, just because the artist wants more money. That said, there might be some theoretical claims, but not against THQ. Condit himself might (I stress MIGHT) have some liability. This is a highly theoretical argument - but I presume that Condit got paid for the right to use his likeness in the video game. Let's say that the agreement has a clause that states that Condit has the legal ability to transfer or license all relevant rights. There *might* be an argument that Condit did not have the right to assign the rights to the ink, and thus the artist gets a portion of Condit's profits. Again, theory here, and not likely. But, if I had to save the case, I'd argue that.
Judge Scheindlin Helps Demystify Foreign E-Discovery (Law.com, 10 Dec 2012) - One of the most vexing problems for global companies and their lawyers is how to identify, collect, and use electronically stored information in e-discovery without ending up in jail or facing huge fines. The most obvious problem is that countries have very different laws about personal privacy, often developed in reaction to their unique histories - especially if that history included repressive regimes where personal information was used to identify and kill dissidents. At the Georgetown Advanced E-Discovery Institute Friday panel, "First Do No Harm: Preserving and Admitting Foreign ESI," panelists offered analysis and advice on this challenging topic, which becomes more difficult by the day as the world becomes increasingly "smaller" with the explosion of inexpensive mobile devices and communication options.
AAA Launches Tool to Create ADR Clauses (Robert Ambrogi, 11 Dec 2012) - The American Arbitration Association has launched ClauseBuilder , a web-based tool designed to assist in drafting clear and effective arbitration and mediation agreements. The new tool provides parties with the AAA's standard arbitration agreement, in addition to an array of options parties may consider when drafting ADR clauses, including specifying the number of arbitrators; arbitrator qualifications; locale provisions; governing law; the duration of arbitration proceedings; and whether to use arbitration, mediation, or both. As launched, ClauseBuilder can be used only to create commercial arbitration and mediation contracts. Future versions in development will address construction, international and employment contracts. ClauseBuilder can be used to create pre-dispute ADR clauses to be included in contracts as well as clauses for existing disputes that parties would like to submit to arbitration or mediation. In addition to creating ADR clauses, ClauseBuilder will allow users to preview, edit, and archive their ADR agreements. ClauseBuilder is free to use. Once you indicate the type of clause you wish to create (e.g., commercial arbitration), it shows you the basic, standard language. From there, you can select from a number of options to modify the clause. How many arbitrators will a panel include? How will they be selected? What law will govern? To what extent will pre-hearing discovery be allowed? What remedies will be available to the arbitrators. Must arbitrators provide a reasoned opinion? For these and other options, you simply click radio buttons to designate your preferences.
The State of Intellectual Property Around the World (The Atlantic, 11 Dec 2012) - Economies are slowing across the globe. But inventors across the globe apparently didn't get that memo. Patent filings and grants have exploded in the past few years -- fueled, in particular, by innovations coming out of, and into, China. And fueled, as well, by new fields -- computer technologies, communications platforms -- that invite inventors to make their marks on them. A new report from the World Intellectual Property Organization -- the IP arm of the United Nations -- has documented that proliferation of patents (and trademarks, and industrial designs) as it's played out on the world stage. And their findings are pretty staggering. The study tracks data as of 2011, detailing IP trends on a worldwide, and country-by-country, basis. And while the report lends itself to a major headline -- that China's patent office has ousted the United States's as the world's largest -- the real story here is the fact that innovation, overall and officially, is on the rise. Around the world. The report itself is long and wonky. But it's full of juicy stats. So here, below, are some of the juiciest. The current state of intellectual property, around the world and by the numbers: * * *
Disability Access: Law and Policy (InsideHigherEd, 12 Dec 2012) - Dan Goldstein, attorney for National Federation of the Blind, has recently published the clearest articulation to date of the relationship between disability law and web accessibility. In short, while the Americans Disability Act, promulgated in 1990, did not explicitly speak to cyberspace, it nonetheless is the legal foundation upon which accommodations to it are required of those entities that fall under its scope, including higher education. This point is an important one to make. For some years, institutional attorneys and disability advocates have gotten tangled in discussions about whether section 508 of the Rehabilitation Act, which outlines a baseline of technical standards for web accessibility and is required for all federal agencies, is required of colleges and universities. The answer to that specific legal question is no. Receipt of federal funds does not a federal agency make of a college or university. But looking at just one tree obscured the forest and confused the how with the why. The ADA does apply to colleges and universities, public and private. Irrespective of which particular technical standards are chosen -- section 508, W3C, a hybrid, etc. -- mounting case law makes clear the point that accommodation must be made. Take a look yourself at this excellent document.
Will Pennsylvania Shut Down the Free Internet? (Steptoe, 13 Dec 2012) - A Hotmail user in Pennsylvania has brought a class action against Google (Brinkman v. Google, Inc.) alleging that its interception of non-Gmail users' communications with Gmail users violates Pennsylvania's wiretap statute. Google, of course, gets the consent of its Gmail users to intercept and scan the content of their emails in order to serve up targeted advertisements based on the users' apparent interests. But it does not obtain the consent of non-Gmail users that communicate with the Gmail users. This raises the question of whether Google's practices violate the laws of the dozen or so states, including Pennsylvania, that forbid interception of electronic communications without the consent of all parties to a communication. This is an issue of great importance to email providers, social media, Internet service providers, and others that review the content of online communications or monitor web activity as part of their online behavioral advertising (OBA) programs. If state all-party consent laws were interpreted in a manner that effectively brought OBA to a screeching halt, it could end the Internet as we know it. Without the revenue derived from OBA, free or low-cost Internet services that we take for granted could suddenly become expensive propositions. Moreover, companies that monitor the communications of their employees with the outside world could be subject to the same sorts of lawsuits, since they lack the consent of non-employees to interception of their communications with the company's workers.
'Non-Harmful' Phone Spoofing OK, Appeals Court Says (Wired, 13 Dec 2012) A federal appeals court is nullifying a Mississippi law that forbids phone spoofing of any type, ruling that Congress has authorized so-called "non-harmful" spoofing. Spoofing, misrepresenting the originating telephone caller's identification to the call recipient, was outlawed entirely in Mississippi under the 2010 Caller ID Anti-Spoofing Act (ASA), punishable by up to a year in prison. The decision (.pdf) is likely a death blow to the eight states that are mulling laws similar to Mississippi's, as well as Oklahoma and Louisiana, which already have similar statutes on the books, said Mark Del Bianco, the Maryland plaintiff's attorney in the case. Del Bianco represented New Jersey-based Teltech Systems and Michigan-based Wonderland Rentals - companies that provide nationwide, third-party spoofing services. Teltech offers its customers the SpoofCard , which operates like a long-distance calling card with the ability to manipulate the caller ID displayed to the called party. Wonderland uses spoofing to conduct quality control for businesses by faking the phone numbers of its client customers in order to anonymously test customer service representatives. A lower federal court had sided with the companies, nullifying the law because it impacted communications outside the state. The 5th U.S. Circuit Court of Appeals, however, overturned it because it said the measure was trumped by federal law. The Truth in Caller ID Act (TCIA) of 2009 authorizes spoofing in limited instances, the appeals court ruled.
Chicago Area Courts Ban Electronic Devices, For Some (CMLP, 17 Dec 2012) - Criminal courthouses in Cook County, Illinois (Chicago and environs) will ban the public from bringing in electronic devices as of Jan. 15, under an order issued by Cook County Chief Judge Timothy Evans in mid-December. See Gen'l Admin. Order 2012-8 (Ill. Cir. Ct., Cook Cnty. Dec. 11, 2012). In a press release announcing the new policy, Evans cited concerns that people attending court proceedings were using cellphones to photograph - and intimidate -- witnesses, judges, jurors, and prospective jurors, to relay courtroom testimony to upcoming witnesses, and to stream judges' comments during trial. "The court is sending a strong message to gang members and others that any attempts to intimidate witnesses, jurors, and judges in court will not be permitted," Evans was quoted saying in the release. "The ban will help to ensure that justice is properly done by preserving the integrity of testimony and maintaining court decorum." The ban will apply to 12 of the 13 courthouses in county. The exception will be the Richard J. Daley Center Courthouse in Chicago, which handles civil, traffic and misdemeanor cases. Under the order, members of the news media are exempt from the ban, and will be able to use electronic devices in courtrooms under the circuit court's pending application for to participated in the extended media coverage experiment authorized by the Illinois Supreme Court. See In re: Extended Media Coverage in the Circuit Courts of Illinois on an Experimental Basis, M.R. 2364 (Ill. Jan. 24, 2012). Others exempt from the ban include current or former judges; licensed attorneys; all law enforcement officers; all government employees; persons reporting for jury service; jurors (subject to the authority of the trial judges); building and maintenance workers, and equipment repair persons and vendors. But their use of the devices will be limited to public areas of the courthouses.
- OTOH -
Service by Email Comes to Illinois (The Connected Lawyer, 19 Dec 2012) - Recently the Illinois Supreme Court adopted an amendment to Supreme Court Rule 11 , which deals with service of documents to opposing parties. This amendment, which takes effect January 1, 2013, allows attorneys to serve documents by email and it requires attorneys to provide an email address for service on all appearances and pleadings. I think this is a great change. Admittedly, I think the rule requires some refinement ( e.g. , what formats are appropriate, when is email service effective). However, on the whole, I think this is a great step forward. Not unexpectedly, however, there has been a significant outcry from members of the bar who are raising objections to this. Some of the objections that I see include the typical claims that this discriminates against attorneys who are not technologically savvy and that it provides no exemption for attorneys who do not have an email address.
Fourth Circuit Limits Marital Communications Privilege for Email (Covington, 18 Dec 2012) - The Fourth Circuit recently ruled that the marital communications privilege does not always apply to email that is sent from a work account. A federal jury convicted former Virginia state legislator Phillip A. Hamilton of federal program bribery and extortion under color of right. During trial, the court admitted email messages that Hamilton sent to his wife from his work account. On appeal, Hamilton contended that admission of those messages violated the marital communications privilege, which covers private spousal communication that was intended to remain confidential. In an opinion last week, the Fourth Circuit disagreed, concluding that Hamilton had no reason to expect that his work emails were confidential. The Court analogized Hamilton's claim to a 1934 case in which the Supreme Court held that a defendant could not claim the marital privilege for communication that he shared with a stenographer. "Email has become the modern stenographer," the Fourth Circuit wrote. Hamilton's employer did not have a computer use policy when he sent the email messages, but the employer later adopted a policy stating the users have "no expectation of privacy in their use of the Computer System" and "[a]ll information created, sent[,] received, accessed, or stored in the . . . Computer System is subject to inspection and monitoring at any time." Because Hamilton's employer adopted this policy before the investigation of his bribery and extortion began, the Fourth Circuit concluded, Hamilton had ample time to delete any confidential email from his employer's archives. Under the Fourth Circuit's reasoning, a defendant still may claim the marital communications privilege for work emails if the defendant had an objectively reasonable belief in the privacy of those emails. For instance, if the employer's computer use policy guarantees email privacy, the defendant may argue that he reasonably believed the email was confidential.
Texas Lawyer Sues the State over His Blog's Name and Wins (ABA Journal, 19 Dec 2012) - Lubbock, Texas, lawyer John Gibson had a simple idea: Create a blog about the state's workers' compensation law. Luckily, "texasworkerscomplaw.com" was available, so he grabbed it. Gibson then was hit with a cease-and-desist order from the Texas Department of Insurance, which informed him that his blog violated a state law governing the use of the department's name and purview. The state threatened to fine him $5,000 per violation per day if he continued to use the words Texas and workers and compensation in any order in any marketing or promotional efforts. Gibson sued , claiming the state was violating his First, Fifth and 14th amendment rights. He also argued that his blog was mainly informational. Last October, the 5th U.S. Circuit Court of Appeals at New Orleans agreed with Gibson, holding that "Texas made no serious attempt to justify this regulation as narrowly tailored to a substantial state interest." The court noted that the law regarding the type of protection afforded domain names is in its infancy. "As with many new issues involving the Internet, the proper method of analysis to determine whether a domain name is commercial speech or a more vigorously protected form of speech is res nova," Circuit Judge Edith Brown Clement wrote for the court. "A domain name, which in itself could qualify as ordinary communicative speech, might qualify as commercial speech if the website itself is used almost exclusively for commercial purposes." Gibson's lawyer, Robert Hogan, says the case has potential to impact other blawggers. "There are broader issues concerning what degree of First Amendment protection applies to lawyers' blogs because there's no clear delineation from any court of appeals as to whether lawyers' blogs should be treated as commercial speech and get a reduced degree of First Amendment protection, or whether they deserve a higher degree of protection because of their inherent noncommercial nature."
Copyright Levies On Electronics Devices - 2012 Developments (Bird & Bird, 20 Dec 2012) - Copyright levies are systems that impose fees on the manufacture, import and/or sale of devices and media which can be used to reproduce and/or store third party copyright works, aiming to compensate rightholders for the licence revenues they lose due to the fact that end users are allowed to undertake certain defined permitted acts of copying without the right holders' consent. In the digital area, only private end-users are usually entitled to carry out the statutory permitted acts. At present, 21 out of the 27 Member States of the European Union ("EU") provide for private copying and similar end-user copying exceptions accompanied by levy schemes. The scope of the exceptions, the level of the levies and the products to which levies will pertain vary materially from Member State to Member State (please click here to see our November 2011 Copyright Levy Newsletter). However, due to the lack of harmonisation and the major changes caused by digitisation of copyright works, copyright levy schemes have come under increasing attack, and copyright levies have become a major legal, economical and political issue. In particular, the ground breaking "Padawan" judgment of the European Court of Justice ("ECJ") on 21 October 2010 is currently having a major impact on many pending cases and has triggered discussions as to whether fundamental changes to the present copyright levy regimes in Europe are needed. For more detailed information on the "Padawan" judgment, please click here to see the Bird & Bird Newsletter " European Court of Justice questions legitimacy of existing copyright levy regimes " dated 22 October 2010. The first Member States to react to this changing situation was Spain, which has abolished its copyright levy scheme. Further changes to copyright levy schemes all over Europe are likely to follow. In this Newsflash, we summarise the development in Spain as well as the status quo of copyright levy systems in Belgium, Czech Republic, Finland, France, Germany, Hungary, Italy, The Netherlands, Poland, Slovakia, Sweden and United Kingdom.
Feds Can Keep Data of Innocent Citizens for Five Years (Ride the Lightning, 20 Dec 2012) - Slate recently reported (the original source was the Wall St. Journal ) on a relatively new and very wide-ranging surveillance operation. The National Counterterrorism Center, which is located in an unmarked building in McLean, VA, now has the authority to store and monitor the data of innocent U.S. citizens for up to five years, using "predictive pattern-matching" to analyze it for suspect behavior. The Journal said that the NCTC has access to entire federal databases, including flight records, casino employee lists, the names of Americans hosting foreign-exchange students and many others. Even more alarming is the fact that this data can be given to foreign governments for analysis. Officials say the surveillance is subject to "rigorous oversight" which has always translated to, "Trust me, I'm from the government."
UK Copyright Reform Affects Fair Use, Format-shifting and Big Data (GigaOm, 20 Dec 2012) - The British government has unveiled a comprehensive raft of measures aimed at modernizing copyright in the country. This is pretty much what it promised to do in 2011 in response to the Hargreaves Review , which it had commissioned. Some of the measures are terrifically obvious, none more so than the legalization of format-shifting - yes, copying music from a CD to your iPhone is still technically illegal in the UK, although no-one gets prosecuted for it. Others bring the UK much closer to the U.S. fair use system. For example, a copyright exemption will now be brought in for parody, caricature and pastiche. In other words, stuff like that Newport State Of Mind parody will no longer be illegal. Bafflingly, the government says it will "allow limited copying on a fair dealing basis which would allow genuine parody, but prohibit copying disguised as parody". The Intellectual Property Office, which the reforms will put in charge of "clarifying areas where there is confusion or misunderstanding on the scope and application of copyright law", clearly needs something to keep it busy. The reforms should have a big impact on the educational and research sectors. Again with some absurdity, the current IP regime makes it legally risky for teachers to show copyrighted material over interactive whiteboards and distance-learning systems - this will be fixed, as will the ban on allowing the copying of sound recordings, films and broadcasts for private study and non-commercial research.
Court Gives Cold Shoulder to Hot Yoga, Finding Yoga Sequences Not Copyrightable (Baker Hostetler, 20 Dec 2012) - On Friday, the Central District of California held that a series of yoga poses designed to improve health is not copyrightable, dismissing claims of copyright infringement bought by Bikram Choudhury against Evolation Yoga. This ruling followed in the footsteps of the Copyright Office's recent announcement that it will no longer issue registration certificates for sequences of yoga poses designed to improve health. The California lawsuit was brought by Bikram Choudhury, the originator of the popular hot yoga style, Bikram Yoga. Bikram Yoga incorporates a series of 26 yoga poses and two breathing exercises performed in the same order and manner in a room of 105 degrees Fahrenheit over the course of approximately ninety minutes (the "Bikram Sequence"). Defendants are former students of Choudhury who taught the Bikram Sequence-the same 26 poses and two breathing exercises in the same order, manner, and environment-in their own studios, without Choudhury's permission. Claiming the Bikram Sequence was copyrightable, Choudhury sued for copyright infringement and also brought claims for trademark infringement, false designation of origin, dilution, unfair competition, unfair business practices, breach of contract, inducing breach of contract. Considering a motion for partial summary judgment on the copyright claim only, the Central District of California firmly held that a series of yoga poses, including the Bikram Sequence, is not copyrightable because (1) a series of yoga poses designed to promote health, like any exercise routine, constitutes a non-copyrightable fact or idea and (2) a series of yoga poses does not fall into the enumerated categories of copyrightable works under 17 U.S.C. § 102, but is, instead, a non-copyrightable system or procedure. Key to the court's ruling is its finding, guided by the Copyright Office's June 2012 announcement, that yoga poses are exercises. Exercises do not fall into the enumerated categories of authorship under 17 U.S.C. § 102 and are not copyrightable.
HLS1x: Copyright (HarvardX, 20 Dec 2012) - HLS1x Copyright, an experimental course offered on edX, will explore in depth the law, theory, and practice of copyright. Approximately two thirds of the course will focus on the copyright system of the United States; the remainder will be devoted to the laws pertaining to copyright and "neighboring rights" in other countries. Considerable attention will be devoted to the relationship between copyright law and creative expression in a variety of fields: literature; music; film; photography; graphic art; software; comedy; fashion; and architecture. The course will commence on January 28, 2013, and last for 12 weeks. Enrollment in the course is limited to 500 participants, who will be selected through an application process. When admitting participants, the course organizers will seek to create a group that is diverse along many dimensions, including country of residence, age, occupation, educational background, and gender. Applicants must be at least 13 years old, have a good grasp of the English language, and be willing to devote eight hours per week to learning and discussing the material. Otherwise, however, there are no prerequisites for taking this course. In particular, no legal background is required. Several methods of instruction will be used. Participants will watch pre-recorded lectures, engage in interactive live webcasts of events in which guest speakers address especially controversial issues, discuss legal problems in online forums, and (most importantly) participate once a week in an 80-minute online seminar. Those seminars will be taught by teaching fellows, all of whom are currently students at Harvard Law School. At the conclusion of the course, each participant will take a three-hour exam, designed to assess his or her knowledge of copyright law and policy. Those exams will be graded by the teaching fellows. Participants who receive passing grades will be awarded certificates of completion and will be provided written assessments of their degree of proficiency. HLS1x Copyright is an experimental course, with four different variants that allow Prof. Fisher and his team to experiment with different combinations of teaching materials and educational technologies. Enrollment for the course is limited because we believe that high-quality legal education depends, at least in part, upon supervised small-group discussions of difficult issues. Fidelity to that principle requires confining the course to the number of participants that can be supervised effectively by our 21 teaching fellows. The limit on the enrollment does not mean, however, that we are not allowing access to the course materials; they will be made publicly available.
Devil's in the Small Print (WSJ, 20 Dec 2012) - A book about boilerplate? That contract with the small print that you have to sign before renting a power tool? The incomprehensible "Terms of Service" agreement that Internet providers require you to claim you have read and approved? Standardized contracts are unavoidable, but they don't seem like a subject for an important or interesting book. They are, you might think, just one more example of the background absurdities of modern life. But Margaret Jane Radin, a law professor at the University of Michigan, has given us a sophisticated and thought-provoking treatment of the boilerplate contracts that everyone signs yet few read or understand. Ms. Radin begins by arguing that boilerplate contracts-which as early as 1919 were widespread enough of a commercial practice as to be a subject of case law-aren't really contracts at all. Because the terms aren't bargained over, it follows that they aren't consented to in any traditional sense; there is no meeting of the minds between the parties. Ms. Radin effectively debunks legal abstractions designed to reconcile boilerplate with contract theory. She discusses ideas like constructive, or fictional, consent, which exists when a judge believes there was a reasonable opportunity to read and assent to contractual terms that in fact were never read or agreed to. She also touches on hypothetical consent, which involves theorizing about the conditions under which a rational person would consent. In the end she concludes that neither accommodates boilerplate to the moral basis of contracts law.
NOTED PODCASTS
Christopher Soghoian on the Growing Trade in Software Security Exploits (Berkman, 29 Nov 2012; 61 minutes) - Over the past year, the public has started to learn about the shadowy trade in software security exploits. Rather than disclosing these flaws to software vendors like Google and Microsoft who will then fix them, security researchers can now sell them for six figures to governments who then use them for interception, espionage and cyber war. Are researchers who sell exploits simply engaging in legitimate free speech that should be protected? Or, are they engaging in the sale of digital arms in a global market that should be regulated? In this talk, Chris Sogohian - Principal Technologist and a Senior Policy Analyst with the Speech, Privacy and Technology Project at the American Civil Liberties Union - discusses what should be done, if anything, about this part of the security industry. [Polley: very interesting discussion. For his proposed conclave of law professors, I'd like to hear them explore targeting the sub-rosa dimension of this activity, which attacks all end-users' security and privacy expectations. Aiding & abetting? Tortious interference with contract? Other?]
Audio of Recent ABA Standing Committee Conference (Lawfare, 13 Dec 2012) - The American Bar Association's Standing Committee on Law and National Security has released audio recordings of its recent conference in Washington . Here they all are: * * * [Polley: This is a great program, every year. It's *THE* event for national security lawyers.]
BOOKS
Smith on Design Patents (Patently-O, 16 Dec 2012) - When I began writing Patently-O in 2004, design patents were largely thought of as akin to a pre-ball Cinderella: In rags, forlorn, and quite pitiful. Things have changed. Design patents are more valuable than ever and their trajectory continues to rise. Matthew A. Smith ( Foley ) recently put together a short treatise on design patents ( short for a treatise ) and offered to publish Version 0.9 here as a preliminary draft for commentary. Coverage in the 82 page volume includes general background on the laws of design patents; design patent application preparation and prosecution; design patent enforcement; tests of design patent validity; and design patent remedies. As per his usual, Smith's approach is to provide straightforward analysis in practical terms and with direct reference to the underlying sources of law. Read it while its hot : Matthew A. Smith, Design Patents, Ed. 0.9 (Prelim. Draft) (Dec. 12, 2012). File Attachment: 2012-12-12_Design_Patents.pdf (545 KB) .
The Future of Scientific Knowledge Discovery in Open Networked Environments (National Academies Press, 2012) - Digital technologies and networks are now part of everyday work in the sciences, and have enhanced access to and use of scientific data, information, and literature significantly. They offer the promise of accelerating the discovery and communication of knowledge, both within the scientific community and in the broader society, as scientific data and information are made openly available online. The focus of this project was on computer-mediated or computational scientific knowledge discovery, taken broadly as any research processes enabled by digital computing technologies. Such technologies may include data mining, information retrieval and extraction, artificial intelligence, distributed grid computing, and others. These technological capabilities support computer-mediated knowledge discovery, which some believe is a new paradigm in the conduct of research. The emphasis was primarily on digitally networked data, rather than on the scientific, technical, and medical literature. The meeting also focused mostly on the advantages of knowledge discovery in open networked environments, although some of the disadvantages were raised as well. [Polley: free e-version; $48 for hardcopy]
DIFFERENT
The Explosion of 15th Century Printing: A Data Visualization (The Atlantic, 5 Dec 2012) - Harvard's metaLAB is "dedicated to exploring and expanding the frontiers of networked culture in the arts and humanities," pursuing interdisciplinary research like this fascinating look at the spread of printing across Europe in the 1400s. Drawing on data from the university's library collections, the animation below maps the number and location of printed works by year. Watch it full screen in HD to see cities light up as the years scroll by in the lower left corner. Matthew Battles, a principal and senior researcher at metaLAB and past Atlantic contributor, describes the research and technology that went into the visualization in an interview. [Polley: pretty cool visualization; I was surprised at the concentration of printing activity near Venice.]
LOOKING BACK - MIRLN TEN YEARS AGO
(note: link-rot has affected about 50% of these original URLs)
FORRESTER SEES $2 BILLION DIGITAL MUSIC MARKET BY 2007 (SiliconValley.com, 13 August 2002) -- Video may have killed the radio star, but Forrester Research Tuesday said Internet piracy was not to blame -- as record labels have claimed -- for the 15 percent drop in music sales in the past two years. ``There is no denying that times are tough for the music business, but not because of downloading," said Josh Bernoff, principal analyst at Cambridge, Massachusetts-based research firm Forrester Research Inc., who released a report on the digital music market. Based on surveys of 1,000 U.S. online consumers, Forrester said it sees no evidence of decreased CD buying among frequent digital music consumers and said the record labels could restore industry growth by making it easier for people to find, copy, and pay for music on their own terms. Forrester predicts that by 2007, digital music revenues in the United States will reach more than $2 billion, or 17 percent of the music business, from about $3 million in 2001. Forrester pointed to the economy and competition from other media for the music market's downturn, rather than the emergence of free song-swap services like now-idled Napster and several similar sites in its wake, which the recording industry has claimed in several copyright lawsuits have hurt sales.
FBI BEGINS VISITING LIBRARIES (AP 24 June 2002) -- The FBI is visiting libraries nationwide and checking the reading records of people it suspects of having ties to terrorists or plotting an attack, library officials say. The FBI effort, authorized by the antiterrorism law enacted after the Sept. 11 attacks, is the first broad government check of library records since the 1970s when prosecutors reined in the practice for fear of abuses. The Justice Department and FBI declined to comment Monday, except to note that such searches are now legal under the Patriot Act that President Bush signed last October. Libraries across the nation were reluctant to discuss their dealings with the FBI. The same law that makes the searches legal also makes it a criminal offense for librarians to reveal the details or extent. "Patron information is sacrosanct here. It's nobody's business what you read," said Kari Hanson, director of the Bridgeview Public Library in suburban Chicago. The process by which the FBI gains access to library records is quick and mostly secret under the Patriot Act. First, the FBI must obtain a search warrant from a court that meets in secret to hear the agency's case. The FBI must show it has reason to suspect that a person is involved with a terrorist or a terrorist plot - far less difficult than meeting the tougher legal standards of probable cause, required for traditional search warrants or reasonable doubt, required for convictions. With the warrant, FBI investigators can visit a library and gain immediate access to the records. Judith Krug, the American Library Association's director for intellectual freedom, said the FBI was treading on the rights it is supposed to be upholding.
NOTES
MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.
Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.
SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu
2. InsideHigherEd - http://www.insidehighered.com/
3. SANS Newsbites, sans@sans.org
4. NewsScan and Innovation, http://www.newsscan.com
5. Aon's Technology & Professional Risks Newsletter
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html
7. McGuire Wood's Technology & Business Articles of Note
8. Steptoe & Johnson's E-Commerce Law Week
9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/
10. The Benton Foundation's Communications Headlines
11. Readers' submissions, and the editor's discoveries