Saturday, January 21, 2012

MIRLN --- 1-21 Jan 2012 (v15.01)

MIRLN --- 1-21 Jan 2012 (v15.01) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

NEWS | LOOKING BACK | NOTES

Ruling by Justice Dept. Opens a Door on Online Gambling (NYT, 24 Dec 2011) - The Justice Department has reversed its long-held opposition to many forms of Internet gambling, removing a big legal obstacle for states that want to sanction online gambling to help fix their budget deficits. The legal opinion , issued by the department's office of legal counsel in September but made public on Friday, came in response to requests by New York and Illinois to clarify whether the Wire Act of 1961, which prohibits wagering over telecommunications systems that cross state or national borders, prevented those states from using the Internet to sell lottery tickets to adults within their own borders. Although the opinion dealt specifically with lottery tickets, it opened the door for states to allow Internet poker and other forms of online betting that do not involve sports. Many states are interested in online gambling as a way to raise tax revenue.

top

Publishers vs. Libraries: An E-Book Tug of War (NYT, 24 Dec 2011) - Last year, Christmas was the biggest single day for e-book sales by HarperCollins. And indications are that this year's Christmas Day total will be even higher, given the extremely strong sales of e-readers like the Kindle and the Nook. Amazon announced on Dec. 15 that it had sold one million of its Kindles in each of the three previous weeks. E-books and audio books on the Web site of the New York Public Library. Publishers are waiting for an industrywide approach to e-lending to gel. But we can also guess that the number of visitors to the e-book sections of public libraries' Web sites is about to set a record, too. And that is a source of great worry for publishers. In their eyes, borrowing an e-book from a library has been too easy. Worried that people will click to borrow an e-book from a library rather than click to buy it, almost all major publishers in the United States now block libraries' access to the e-book form of either all of their titles or their most recently published ones. Borrowing a printed book from the library imposes an inconvenience upon its patrons. "You have to walk or drive to the library, then walk or drive back to return it," says Maja Thomas, a senior vice president of the Hachettte Book Group, in charge of its digital division. And print copies don't last forever; eventually, the ones that are much in demand will have to be replaced. "Selling one copy that could be lent out an infinite number of times with no friction is not a sustainable business model for us," Ms. Thomas says. Hachette stopped making its e-books available to libraries in 2009. E-lending is not without some friction. Software ensures that only one patron can read an e-book copy at a time, and people who see a long waiting list for a certain title may decide to buy it instead. Explaining Simon & Schuster's policy - it has never made its e-books available to libraries - Elinor Hirschhorn, executive vice president and chief digital officer, says, "We're concerned that authors and publishers are made whole by library e-lending and that they aren't losing sales that they might have made in another channel."

top

Cyber Threat to Power Grid Puts Utility Investors at Risk (Forbes, 27 Dec 2011) - The electric-utility industry's concerns about cyber security has escalated sufficiently for several investor-owned utilities to include cyber-attacks as a material risk factor in recent filings with the U.S. Securities and Exchange Commission. In November, Consolidated Edison of New York, a large electric and gas utilities serving customers in New York City and Westchester County, included cyber-attacks as a risk factor that could affect investors quarterly report (10-Q) for the first time. Con Edison's 10-Q stated: "A Cyber Attack Could Adversely Affect the Companies. The Utilities and other operators of critical energy infrastructure may face a heightened risk of cyber attack. In the event of such an attack, the Utilities and the competitive energy businesses could have their operations disrupted, property damaged and customer information stolen; experience substantial loss of revenues, response costs and other financial loss; and be subject to increased regulation, litigation and damage to their reputation." Although Con Edison is not the first utility to disclose cyber-security a serious threat in SEC filings, it is perhaps the first to describe cyber-attacks as a stand-alone risk category. For example, Pepco Holdings, a large power and gas utility serving customers in Delaware, the District of Columbia, Maryland and New Jersey, includes cyber-attacks in a broader, catch-all disclosure about terrorism and other mega-catastrophes.

top

440,783 "Silent SMS" Used to Track German Suspects in 2010 (F-Secure, 29 Dec 2011) - The 28th Chaos Communication Congress ( 28C3 ) is currently underway in Berlin and on Tuesday, researcher Karsten Nohl gave a presentation called: Defending mobile phones. If you have an hour, it's worth watching . But one of the most interesting things, from our point of view, was Nohl's brief reference to recent reports (Dec. 13th) about various German police authorities having used nearly half a million "Silent SMS" to track suspects in 2010.

So we did a web search and found nothing about it in the English language press. However, Wikipedia's SMS entry has (had) this:

 "Silent messages, often called silent SMS, stealth SMS, or stealthy ping, will not show up on the display, neither
 is there an acoustical signal when they are received. However, at the mobile provider some data is created
 (for example, the subscriber identification IMSI). This kind of message is sent especially by the police to locate
 a person or to create a complete movement profile of a person. In Germany in the year 2010, nearly half a
 million "silent SMSs" were sent by the federal police, the customs, and the secret service "Office for Protection
 of the Constitution." So what exactly does this mean?

 Well, basically, various German law enforcement agencies have been "pinging" mobile phones. Such pings only reply whether or not the targeted resource is online or not, just like an IP network ping from a computer would.

 But then after making their pings, the agencies have been requesting network logs from mobile network operators. The logs don't reveal information from the mobile phones themselves, but they can be used to locate the cell towers through which the pings traveled. And thus, can be used to track the mobile targeted.

top

ABA Identity Management Legal Task Force Posts First Draft (SecureIDNews, 2 Jan 2012) - The first draft of the American Bar Association Task Force Report tentatively titled "Solving the Legal Challenges of Online Identity Management" has been posted on the Task Force Web site for review and comment. It is set out in three parts, as three separate documents:

1. Part 1: Identity Management Fundamentals and Terminology

2. Part 2: Legal Regulation of, and Barriers to, Identity Management

3. Part 3: Structuring the Legal Framework for an Identity System

The three documents can be downloaded here . The documents are located on the right side of the page, immediately under the heading "Resources and Drafts." The draft is still preliminary but are supposed to act as a starting point for discussion. The task force wants to move ahead quickly so input and suggested revisions are welcome, says Tom Smedinghoff, a partner at Edwards Wildman Palmer LLP and chairman of the group.

top

How the US Pressured Spain to Adopt Unpopular Web Blocking Law (Ars Technica, 6 Jan 2012) - Though a deeply divided Congress is currently considering Internet website censorship legislation, the US has no such official policy-not even for child porn, which is voluntarily blocked by some ISPs. Nor does the US have a government-backed "three strikes" or "graduated response" system of escalating warnings to particular users accused of downloading music and movies from file-sharing networks. Yet here was the ultimatum that the US Embassy in Madrid gave the Spanish government in February 2008: adopt such measures or we will punish you. Thanks to WikiLeaks, we have the text of the diplomatic cable announcing the pressure tactics. "We propose to tell the new government that Spain will appear on the Watch List if it does not do three things by October 2008. First, issue a [Government of Spain] announcement stating that Internet piracy is illegal, and that the copyright levy system does not compensate creators for copyrighted material acquired through peer-to-peer file sharing. Second, amend the 2006 "circular" that is widely interpreted in Spain as saying that peer-to-peer file sharing is legal. Third, announce that the GoS [Government of Spain] will adopt measures along the lines of the French and/or UK proposals aimed at curbing Internet piracy by the summer of 2009." See also EFF's posting on this -- https://www.eff.org/deeplinks/2012/01/spains-ley-sinde-new-revelations

top

Promoting Vetted News Content on Social Media (or, How Not to Give Your Lawyer a Heart Attack) (CMLP, 5 Jan 2012) - By now, it is a given that many journalists have a regular presence on social networking services. The value of social media for gathering information, developing the journalist's public persona, and promoting the journalist's work is well-recognized. And although many news outlets have established guidelines and policies regarding behavior on social media, most outlets still permit journalists substantial discretion as to the tone and content of their tweets and posts. Special concerns arise, however, when you use social media to promote articles that have been vetted by your attorneys. To understand these concerns, it helps to understand more about what media lawyers are looking for when we perform prepublication review of an article. Although there are numerous issues that we might consider, media lawyers are primarily concerned with any statements in an article that might adversely affect the reputation of identifiable people or companies. Of course, a great deal of sound journalism can be damaging to reputation, including stories about political corruption, unfair business practices, or criminal activity. The lawyer's concern is normally not whether such stories are newsworthy (that is up to you and your editor), but whether there is adequate factual support for the statements in your article. Thus, on the most basic level, our review involves identifying the individuals and companies at issue in an article and the factual support for statements about those people. We give particular attention to people who are not the main focus of the article, because it is sometimes the case that less time is given to researching facts about secondary parties. Errors about these side players in a story can also generate legal claims, and sometimes your lawyer might suggest cutting references in your article to secondary parties if it seems that the facts about those people are underdeveloped. On a deeper level, we are concerned with the overall context and gist of the article. Because defamation claims can arise not only from the explicit text of an article but also from reasonable inferences drawn from the text, we want to be sure that there are no inferences that an audience could draw from your article that you do not intend. To that end, we might suggest language changes or restructuring of the article to eliminate juxtapositions of fact and other contextual clues that make it appear that an article is suggesting more than it can actually support. Our goal in this process is risk management: We try to enable you to publish everything that you want to publish while moderating any risks involved.

top

Feds Want Judge to Force Suspect to Give Up Laptop Password (Wired, 5 Jan 2012) - Federal prosecutors want a judge to order a Colorado woman to provide the password to decrypt her laptop, which the government seized with a search warrant. With backup from digital rights groups, the woman is fighting the feds, arguing that being forced to provide her password violates the Fifth Amendment's protection against forced self-incrimination. Colorado U.S. District Judge Robert Blackburn is expected to rule any day on whether to force defendant Ramona Fricosu to decrypt her Toshiba Satellite M305, which authorities seized from her in 2010 with a court warrant while investigating financial fraud. The case is being closely watched by digital rights groups, as the issue has never been squarely weighed in on by federal courts, and the Supreme Court has never addressed the issue. But a factually similar dispute involving child pornography ended with a Vermont federal judge ordering the defendant to decrypt the hard drive of his laptop. While that case never reached the Supreme Court, it differed from the Fricosu matter because U.S. border agents already knew there was child porn on the computer because they saw it while the computer was running during a 2006 routine stop along the Canadian border. The Electronic Frontier Foundation's Marcia Hoffman said (.pdf) in a court filing that the very act of requiring Fricosu to input her password into the laptop would be incriminating "because it might reveal she had control over the laptop and the data there." Assistant U.S. Attorney Patricia Davies said (.pdf) said there is no Fifth Amendment breach, and that it might "require significant resources and may harm the subject computer" if it tried to crack the encryption. [Editor: seems to me that there was some decent case-law on this 15 years ago, arising in the context of former Oregon Senator Bob Packwood's diary; my recollection is sketchy, but revolves around the argument that if you've NEVER written down the password, being forced to divulge it is testimonial action, protected by the 5 th . OTOH, if you have written it down, being compelled to hand it over is not protected testimonial action.]

top

Man Convicted of Murder Gets Retrial After Virus Eats Transcripts (The Register, 5 Jan 2012) - A US man who had been convicted on a second-degree murder charge will get a new trial after a computer virus destroyed transcripts of court proceedings. Randy Chaviano, of Hialeah, Florida, was given a life sentence for the fatal shooting of Carlos Acosta after he was convicted by a Miami jury in July 2009. An appeal was lodged when it was discovered that only a partial record of the trial that led to Chaviano's conviction could be found. In the circumstances the Third District Court of Appeal had no option but to strike the conviction and order a fresh trial. Court stenographers normally record proceedings on both paper and digital disk. But Terlesa Cowart, stenographer at Chaviano's 2009 trial, forgot to bring enough rolls of paper and relied on digital recordings alone to chronicle proceedings. She transferred this data to her PC and erased it from the stenograph. Bad move. The PC subsequently became infected by an unidentified virus, causing the destruction of the records. No secure backup was taken, so the state will be put through the expense of a second trial that will cause, at the very least, inconvenience for witnesses and heartache for the victim's family.

top

FedRAMP Security Controls Unveiled (GovInfoSecurity, 9 Jan 2012) - The federal government has issued some 170 controls for FedRAMP, the program designed to vet cloud computing providers for federal government agencies. The security controls for the Federal Risk and Authorization Management Program, or FedRAMP, align with the National Institute of Standards and Technology Special Publication 800-53 Revision 3 for low and moderate impact systems. Cloud computing providers must implement these security controls in order for them to receive authorization to provide cloud services to federal agencies. Writing in a blog posted on the Federal Chief Information Officers Council website, Department of Homeland Security CIO Richard Spires said the security controls approved by the board create a baseline of controls to properly address the unique elements of authorizing cloud products and services, including multi-tenancy, control of an infrastructure and shared resource pooling. "This baseline serves all federal agencies and [cloud service providers], to which additional controls may be added by agencies to meet specific requirements," Spires said. Implementation of the FedRAMP security controls will be detailed in the several documents to be released before the initial operating capability of the program later this year. Those documents will align with the NIST SP 800-37 Risk Management Framework and include * * *. [Editor: see also "Questions to Ask of Cloud Vendors" by Mintz Levin on 19 Dec 2011 here: http://www.privacyandsecuritymatters.com/2011/12/things-to-do-in-2012-questions-to-ask-of-cloud-vendors/?elq_mid=17029&elq_cid=996107#page=1 ]

top

Who Owns Your Employee's LinkedIn Connections at Your Law Firm? (Kevin O'Keefe, 10 Jan 2012) - Last month I asked who owns the Twitter followers at your law firm? My question was precipitated by the Phonedog.com lawsuit in which an employer claims the employer owns the Twitter account started by an ex-employee while still an employee. The Wall Street Journal's Joe Palazzolo reports before we had an employer's claim to Twitter followers, we had a company claiming the right to a fired employee's LinkedIn account and the ex-employee's connections. Upon being sued by the ex-employee to get her account back, the company filed a counterclaim alleging, among other things, that the connections were trade secrets. Philadelphia employment lawyer, Eric Meyer, summarized the company's claim. "The defendants claim that Dr. Eagle's LinkedIn connections belong to them and that Dr. Eagle effectively stole those connections. The defendants also claim that Dr. Eagle now reaps the benefit of the time and effort that the defendants previously put into maintaining her LinkedIn account. (The new owners contend that former employees of Edcomm were required to utilize an Edcomm template when creating LinkedIn accounts, use an Edcomm email address, and permit Edcomm to monitor their Linkedin pages)." [Editor: see also posting on InsideHigherEd -- http://www.insidehighered.com/blogs/who-owns-twitter-account ]

top

Lockdown - The Coming War On General-Purpose Computing (Cory Doctorow, 11 Jan 2012) - General-purpose computers are astounding. They're so astounding that our society still struggles to come to grips with them, what they're for, how to accommodate them, and how to cope with them. This brings us back to something you might be sick of reading about: copyright. But bear with me, because this is about something more important. The shape of the copyright wars clues us into an upcoming fight over the destiny of the general-purpose computer itself. In the beginning, we had packaged software and we had sneakernet. We had floppy disks in ziplock bags, in cardboard boxes, hung on pegs in shops, and sold like candy bars and magazines. They were eminently susceptible to duplication, were duplicated quickly, and widely, and this was to the great chagrin of people who made and sold software. Enter Digital Rights Management in its most primitive forms: let's call it DRM 0.96. They introduced physical indicia which the software checked for-deliberate damage, dongles, hidden sectors-and challenge-response protocols that required possession of large, unwieldy manuals that were difficult to copy. [Editor: 2007 Pioneer Award winner Cory Doctorow writes up his keynote presentation from the Chaos Communication Congress. Very interesting piece; it got a fair amount of coverage in the blogosphere.]

top

Mass Ct: ZIP Code is Personal Identification Info Under Credit Card Statute But Plaintiff Must Still Allege Harm (Eric Goldman's blog, 10 Jan 2012) - Last year, the California Supreme Court held that a ZIP Code is personal identification information for purposes of a statute which restricted the type of information a retailer could collect: " California Supreme Court Rules That a ZIP Code is Personal Identification Information -- Pineda v. Williams-Sonoma ." A federal court in Massachusetts recently construed a similar Massachusetts statute to reach the same conclusion, albeit for different reasons. But having found that the retailer in this case technically violated the statute, the court dismisses the case on the basis that the plaintiff failed to allege a cognizable injury. The new case is Tyler v. Michaels Stores, Inc. , 2012 WL 32208 (D. Mass.; Jan. 6, 2012)

top

ECJ Confirms IP Addresses are "Personal Data" (A&L Goodbody, 13 Jan 2012) - As we reported recently, the CJEU held in Scarlet Extended SA ("Scarlet") v Societe belge des auteurs, compositeurs et editeurs ("SABAM"), Case C-70/10 that an order requiring a Belgian internet service provider to filter certain peer to peer files is not permissible under EU law. The CJEU found that any national measures to protect copyright must "strike a fair balance between the protection of copyright and the protection of the fundamental rights of individuals who are affected by such measures". This case is also noteworthy for its landmark decision that internet protocol addresses constitute "protected personal data". The CJEU held that the injunction sought, requiring installation of the contested filtering system, "would involve a systematic analysis of all content and the collection and identification of users' IP addresses from which unlawful content on the network is sent. Those addresses are protected personal data because they allow those users to be precisely identified." This decision is particularly interesting as Charlton J., in EMI Records (Ireland) Limited v Eircom Limited [2010[] IEHC 108, held that an IP address was not "personal data" under the Data Protection Act 1988-2003, in circumstances where it was collected by a record company and provided to Eircom, in order for Eircom to deal with the owner of the IP address in accordance with the 'three strikes' scheme. Charlton J. concluded that as the name and address of the owner of the IP address was unlikely to come into the possession of the record company, since it was a matter for Eircom to deal the relevant person, the IP address in and of itself did not constitute "personal data" in the hands of the record company. Different positions have been adopted by the Member States on this issue, despite the Article 29 Working Party issuing an Opinion (Opinion 4/2007 on the concept of Personal Data) which states that it considers IP addresses as constituting "personal data". The Working Party stated this was "especially in those cases where the processing of IP addresses is carried out with the purpose of identifying the users of the computer (for instance, by copyright holders in order to prosecute computer users for violation of intellectual property rights)." The CJEU's clarification that IP addresses are "personal data" should ensure a more consistent interpretation is adopted across the EU in the future. Interestingly, the European Commission's draft EU Data Protection Regulation, which has been leaked ahead of scheduled publication on Data Protection Day, 28 January 2012, also indicates that IP addresses constitute "personal data".

top

US Killer Spy Drone Controls Switch to Linux (The Register, 12 Jan 2012) - The control of US military spy drones appears to have shifted from Windows to Linux following an embarrassing malware infection. Ground control systems at Creech Air Force Base in Nevada, which commands the killer unmanned aircraft, became infected with a virus last September. In a statement at the time the Air Force dismissed the electronic nasty as a nuisance and said it posed no threat to the operation of Reaper drones, but the intrusion was nonetheless treated seriously. "The ground system is separate from the flight control system Air Force pilots use to fly the aircraft remotely; the ability of the pilots to safely fly these aircraft remained secure throughout the incident," it said. The discovery of the virus was nonetheless hugely embarrassing for the Air Force. The credential-stealing malware, first reported by Wired, made its way from a portable hard drive onto ground systems, which control the drones' weapons and surveillance functions. Portable disks are used to load map updates and transfer mission videos from one computer to another, Defense News added.

top

Obama Administration Says Constitution Protects Cell Phone Recordings (Ars Technica, 13 Jan 2012) - The Obama administration has told a federal judge that Baltimore police officers violated the First, Fourth, and Fourteenth Amendments by seizing a man's cell phone and deleting its contents. The deletions were allegedly in retaliation for the man's use of the phone to record the officers' arrest of his friend. According to the Maryland ACLU, this is the first time the Obama Justice Department has weighed in on whether the Constitution protects citizens' right to record the actions of police with their cell phones. * * * The filing is the latest sign of an emerging consensus that the First Amendment protects the right to record the public conduct of government officials with a cell phone. Last week, the Boston PD was forced to admit its officers acted improperly when they arrested a man for recording an arrest, after the First Circuit Court of Appeals ruled against the city. And while Judge Richard Posner worried that a right to record the police will lead to excessive "snooping around," his fellow judges on the Seventh Circuit seemed sympathetic to the ACLU's argument that Illinois's strict wiretapping statute violates citizens First Amendment rights.

top

FOIA Documents Reveal Homeland Security is Monitoring Political Dissent (EPIC, 13 Jan 2012) - As the result of EPIC v. DHS, a Freedom of Information Act lawsuit , EPIC has obtained nearly thee hundred pages of documents detailing a Department of Homeland Security's surveillance program. The documents include contracts and statements of work with General Dynamics for 24/7 media and social network monitoring and periodic reports to DHS. The documents reveal that the agency is tracking media stories that "reflect adversely" on DHS or the U.S. government. One tracking report -- "Residents Voice Opposition Over Possible Plan to Bring Guantanamo Detainees to Local Prison-Standish MI" -- summarizes dissent on blogs and social networking cites, quoting commenters. EPIC sent a request for these documents in April 2004 and filed suit against the agency in December. For more information, see EPIC: EPIC v. Department of Homeland Security: Media Monitoring .

top

E-Mail After Work Hours? That's Overtime, Says [Brazilian] Law (CNET, 14 Jan 2012) - The liberty some seem to enjoy most is yours. As recessions hit and profit pressures become the sole reason for existence, bosses seem to believe that they own workers--until they discard them for younger, fresher models Now a curiously human law has reared its head in Brazil. According to the Associated Press , this law says that if a company e-mails you after your allotted working hours, then this is the same as if one's supervisor is giving one an instruction to perform a certain work task. Ergo, argue Brazilian labor lawyers, if a worker receives such an e-mail and has to act on it, he or she qualifies for overtime pay.

top

World Bank Assumes Control of Google Map Data (ReadWriteWeb, 16 Jan 2012) - Google announced a partnership with the World Bank today to make Google Map Maker data more accessible to government organizations in disaster scenarios. Google Map Maker is the tool for crowd-sourcing the editing and maintenance of Google's world map. Its user-generated data include locations of hospitals, schools, settlements, water sources and minor roads. Access to these data will help governments, NGOs, researchers and individuals plan without waiting for the changes to be approved and added to the official maps. World Bank partner organizations, such as government and U.N. agencies, can contact World Bank offices to request access to the data. Kenya, South Sudan, Tanzania, Sierra Leone, Ghana, Zambia, Nigeria, Democratic Republic of Congo, Moldova, Mozambique, Nepal and Haiti will pilot the project. This partnership could improve response time and effectiveness in crises in underserved areas of the world. It's just a shame that Google has decided to compete with Ushahidi and other open-source efforts to solve this problem. Access to Google Map Maker data is privileged, and Google has chosen the mother of all elite gatekeepers, the World Bank, to facilitate this program.

top

Legal Ethics to Go, Thanks to New Bar App (Robert Ambrogi, 16 Jan 2012) - A new mobile app introduced this week by the New York State Bar Association lets lawyers search and access ethics opinions from their mobile phones. The NYSBA Mobile Ethics App includes the state bar's catalog of more than 900 legal ethics opinions, dating back to 1964. The app allows users to search for an opinion by keyword, retrieve it by opinion number, or browse a list of categories such as "attorney advertising," "concurrent representation" and "non-refundable retainer." Results show both a digest of the opinion and its full text. It can notify you when new opinions are added.

top

Authentication of Primary Legal Materials and Pricing Options (BeSpacific, 17 Jan 2012) - "The recent passage of the Uniform Electronic Legal Material Act (UELMA) has brought to the forefront the issue of costs of authenticating primary legal materials in electronic format. This white paper briefly reviews five methods of electronic authentication. These methods are based on trustworthiness, file types, effort to implement, and volume of electronic documents to be authenticated. Six sample solutions are described and their relative costs are compared. The white paper also frames the legal landscape and background of authentication for primary legal materials in electronic format, and provides context and points to applicable resources. The aim of this collective effort is to promote the understanding of costs related to authentication and invite further discussion on the issue...It is not intended to offer legal advice. Please consult an attorney for assistance with specific concerns or advice."

top

Thou Shalt Not Tweet To Strangers... and Other Foolishness from the Florida Bar (Kevin O'Keefe, 18 Jan 2012) - "The Standing Committee on Advertising [of the Florida Bar Association] has reviewed the networking media, and issues the following guidelines for lawyers using them." Whew, I was wondering when someone would get around to reviewing all of the social media and social networking sites on the Internet as well as review all the various methods of engagement and interaction that come with them. A lot of lawyers like me were out here in the wilderness of social networking and social media relying solely on our common sense, good judgment, and existing ethics guidelines for guidance on how to ethically use the Internet today. What a foolhardy approach. Now we have the all knowing wise men and women of the Florida Bar's 'Standing Committee on Advertising' commanding as of January 10, 2012, that: "Invitations sent directly from a social media site via instant messaging to a third party to view or link to the lawyer's page on an unsolicited basis are solicitations in violation of Rule 4-7.4(a), unless the recipient is the lawyer's current client, former client, relative, or is another lawyer." And commanding: "Pages of individual lawyers on social networking sites that are used solely for social purposes to maintain social contact with family and close friends [presumably Facebook], are not subject to the lawyer advertising rules."

top

Third Circuit Says Data Breach Plaintiffs Lack Standing Absent Misuse of Data (Eric Goldman, 18 Jan 2012) - Ceridian is a payroll processing firm. Reilly and Pluemacher were employees of a law firm that was a Ceridian customer. In December 2009, Ceridian suffered a "security breach." A hacker infiltrated Ceridian's system and gained access to information belonging to 27,000 employees at 1,900 companies. After investigating, Ceridian sent a letter to the affected individuals, letting them know that their personal information, including "first name, last name, social security number and, in several cases, birth date and/or bank account" information was accessed. Ceridian provided the affected individuals one year of free credit monitoring and identity theft protection. (It's unclear as to whether plaintiffs took advantage of this, but they alleged that they spent money for monitoring efforts.) The Third Circuit focuses on the issue of whether plaintiffs have standing. The court canvasses the precedent and says most courts addressing standing for data breach plaintiffs have concluded that plaintiffs lack standing because the harm is too speculative. The court agrees: "Here, no evidence suggests that the data has been--or will ever be--misused. The present test is actuality, not hypothetical speculations concerning the possibility of future injury."

top

LOOKING BACK

UCITA CHANGES FAIL TO APPEASE (Computerworld, 7 Jan.2002) -- The drafters of the controversial UCITA software licensing law have done an about-face on some of its key provisions, including recommending a ban on remote system shut-offs by software vendors. But the changes don't appear to go far enough to win support from businesses fighting state-by-state adoption of the measure. "These changes are not meaningful. They are more window dressing than real substance," said Elaine McDonald, an attorney at Principal Financial Group in Des Moines, Iowa, which is a member of a broad coalition of businesses and groups opposing the measure. The Uniform Computer Information Transactions Act has been under attack by library and consumer groups and by companies, including giants such as The Boeing Co. in Chicago and Caterpillar Inc. in Peoria, Ill., all of which maintain that the law gives too much power to vendors. Opponents blocked UCITA in every state where it was introduced last year. Facing the possibility that UCITA could die, its drafting committee met last month and adopted a series of amendments intended to win support. In particular, the committee reversed course on the so-called self-help provision, which would have allowed vendors to remotely turn off systems in a contract dispute without court intervention. Vendors would now have to go to court when such disputes arise. "I do know that some of the changes that are being proposed will result in satisfying the concerns of some," said Carlyle Ring Jr., chairman of the UCITA drafting committee of the National Conference of Commissioners on Uniform State Laws, a Chicago-based organization that spearheads commercial law adoption in the U.S. "Others are not going to be as satisfied," he said. UCITA provides a framework for licensing contracts that lack certain specific provisions. Opponents say UCITA's default provisions grant several questionable rights to software publishers. http://www.computerworld.com/s/article/67149/UCITA_Changes_Fail_to_Appease

top

MORTGAGE VENDOR WILL ALLOW ELECTRONIC SIGNATURES ON MORTGAGE APPLICATIONS (CNN, 22 Jan. 2002) -- Mortgage vendor Quicken Loans Inc. is deploying what may be the first electronic signature network for high-value business-to-consumer transactions. Starting this spring, the company will let loan seekers use electronic signatures to complete and submit mortgage applications immediately after being preapproved online, without requiring the usual paperwork and ink signatures. Unlike emerging efforts to implement electronic signatures in other consumer settings, Quicken's loan process won't require consumers to use private keys, download digital certificates or use specialized signing software to authenticate themselves. Instead, the company will combine information provided by the consumer during the loan application process with a unique user name and information such as details of an auto loan to authenticate users. Quicken's effort shows that some corporations may finally be working through the technical, regulatory and legal concerns related to the use of electronic signatures in high-value consumer transactions, said Avivah Litan, an analyst at Stamford, Connecticut-based Gartner Inc. "As far as I know, Quicken Loans is the first application to implement e-signatures in high-value B2C transactions," she said. http://www.cnn.com/2002/TECH/ptech/01/22/quicken.loans.idg/index.html

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. BNA's Internet Law News, http://ecommercecenter.bna.com

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. Readers' submissions, and the editor's discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top