Saturday, March 24, 2012

MIRLN --- 4-24 March 2012 (v15.04)

MIRLN --- 4-24 March 2012 (v15.04) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

NEWS | PODCASTS | BOOKS | LOOKING BACK | NOTES

SEC Proposes Rules To Help Prevent And Detect Identity Theft (SEC, 28 Feb 2012) - The Securities and Exchange Commission today announced a rule proposal to help protect investors from identity theft by ensuring that broker-dealers, mutual funds, and other SEC-regulated entities create programs to detect and respond appropriately to red flags. The SEC issued the proposal jointly with the Commodity Futures Trading Commission (CFTC). Section 1088 of the Dodd-Frank Act transferred authority over certain parts of the Fair Credit Reporting Act from the Federal Trade Commission (FTC) to the SEC and CFTC for entities they regulate. The proposed rules are substantially similar to rules adopted in 2007 by the FTC and other federal financial regulatory agencies that were previously required to adopt such rules. The rule proposal would require SEC-regulated entities to adopt a written identity theft program that would include reasonable policies and procedures to:

  • Identify relevant red flags.
  • Detect the occurrence of red flags.
  • Respond appropriately to the detected red flags.
  • Periodically update the program.

The proposed rule would include guidelines and examples of red flags to help firms administer their programs.

top

Legal Censorship: PayPal Makes a Habit of Deciding What Users Can Read (EFF, 29 Feb 2012) - PayPal has instituted a new policy aimed at censoring what digital denizens can and can't read, and they're doing it in a way that leaves us with little recourse to challenge their policies in court. Indie publisher Smashwords has notified contributing authors, publishers, and literary agents that they would no longer be providing a platform for certain forms of sexually explicit fiction. This comes in response to an initiative by online payment processor PayPal to deny service to online merchants selling what they deem to be obscene written content. PayPal is demonstrating, again and to our great disappointment, the dire consequences to online speech when service providers start acting like content police. Mark Coker, founder of Smashwords, described the new policy in a recent blog post. The policy would ban the selling of ebooks that contain "bestiality, rape-for-titillation, incest and underage erotica." Trying to apply these definitions to all forms of literary expression raise questions that can only have subjective answers. Would Nabokov's Lolita be removed from online stores, as it explores issues of pedophilia and consent in soaring, oft-romantic language? Will the Bible be banned for its description of incestuous relationships? This isn't the first time PayPal has tried its hand at censorship. In 2010, they cut off services to the whistleblower WikiLeaks, helping to create the financial blockade that has hamstrung the whistleblower organization. And as we explained when WikiLeaks was facing censorship from service providers: the First Amendment to the Constitution guarantees freedom of expression against government encroachment-but that doesn't help if the censorship doesn't come from the government. Free speech online is only as strong as private intermediaries are willing to let it be. Frankly, we don't think that PayPal should be using its influence to make moral judgments about what ebooks are appropriate for Smashwords readers. As Wendy Kaminer wrote in a forward to Nadine Strossen's Defending Pornography : "Speech shouldn't have to justify itself as nice, socially constructive, or inoffensive in order to be protected. Civil liberty is shaped, in part, by the belief that free expression has normative or inherent value, which means that you have a right to speak regardless of the merits of what you say."

top

Copyright: Lawfirms Sued for Submitting Prior Art to the USPTO (PatentlyO, 2 March 2012) - The Hoboken publishing company (John Wiley) and the non-profit American Institute of Physics have continued their quest to pursue copyright infringement charges against US patent attorneys who submit copies of journal articles to the US Patent Office during the patent application process. The submission of those documents is required by law and attorneys who fail to submit known and relevant prior art can be subject to ethics charges and the associated patents held unenforceable. Earlier this year, the US Patent Office issued a memo indicating its belief that copying and submitting copyrighted documents should be considered a non-actionable fair use. Firms already pay for access to the articles and the USPTO also has its own access to most of the articles. The issue is whether the patent applicants must pay an additional fee for making a copy for the USPTO and an additional copy for the in-house file.

top

Publishers Oppose Bill on Scholarly Open Access (InsideHigherEd, 6 March 2012) - A group of 81 scholarly journal publishers on Monday came out against the latest iteration of the Federal Research Public Access Act (FRPAA) -- a bill that would require federal research grantees to make their resulting academic papers freely available to the public no more than six months after publication in a scholarly journal. The bill, introduced last month in both the House and the Senate , is the third iteration of FRPAA to be introduced since 2006; two previous versions failed to make it to a vote. The Association of American Publishers (AAP) sent letters to prominent legislators in both chambers criticizing the bill for seeking to apply a "one-size-fits-all" deadline of six months before publishers, many of which charge for access to articles, must compete with a free version in a government database. In many disciplines, publishers retain the exclusive right to sell access to the peer-reviewed article for "several years before costs are recovered," according to the AAP. Among the 81 signatories to the letters was Elsevier, a major journal publisher that last month withdrew its support for (and effectively nixed) the Research Works Act -- a bill that would have preemptively killed FRPAA -- after facing a boycott from frustrated scholars.

top

FCC: No, You Can't Jam Your Neighbor's Cellphone (National Journal, 6 March 2012) - The Federal Communications Commission is officially reminding people that it is illegal to use cell phone jammers on other people, no matter how annoying you find their conversation on the bus. In an Enforcement Advisory released on Tuesday, FCC Enforcement Bureau Chief Michele Ellison cited recent reports of people using jammers to create "quiet zones" on public transit. "We caution consumers that it is against the law to use a cell or GPS jammer or any other type of device that blocks, jams, or interferes with authorized communications, as well as to import, advertise, sell, or ship such a device," Ellison said. "The FCC Enforcement Bureau has a zero tolerance policy in this area and will take aggressive action against violators." On Monday NBC10 in Philadelphia reported facing off with a man using a jammer to silence cellphone conversations he found rude and irritating. Complaints over loud conversations on public transit have become a symbol of the proliferation of mobile communications, but jamming technology won't offer a legal answer. The prohibition is based on language in the 1996 Communications Act and the FCC says it can fine violators more than $100,000. Officials say jammers pose a public safety risk because they can block emergency communications. The FCC Enforcement Bureau pointed to incidents where a tax adviser used a cell jammer to find peace during tax season but blocked communications at a neighboring fire department as well. In another instance, a teacher was illegally using a device to bock phones in his classroom but also jammed communications for the entire school. Still in the market for a jammer? The FCC has a nine-page list of do's and don't's.

top

Obama Admin Wants Warrantless Access to Cell Phone Location Data (ArsTechnica, 7 March 2012) - A Maryland court last week ruled that the government does not need a warrant to force a cell phone provider to disclose more than six months of data on the movements of one of its customers. Two defendants had been accused of armed robbery, and a key piece of evidence against them was data about the movements of the pair's cell phones. The defendants had sought to suppress this location evidence because the government did not get a warrant before seeking the data from network providers. But last Thursday, Judge Richard D. Bennett ruled that a warrant is not required to obtain cell-site location records (CSLR) from a wireless carrier. Courts all over the country have been wrestling with this question, and the government has been on something of a winning streak. While one court ruled last year that such information requests violate the Fourth Amendment, most others have reached the opposite conclusion. The Obama administration laid out its position in a legal brief last month, arguing that customers have "no privacy interest" in CSLR held by a network provider. Under a legal principle known as the "third-party doctrine," information voluntarily disclosed to a third party ceases to enjoy Fourth Amendment protection. The government contends that this rule applies to cell phone location data collected by a network provider.

top

Old Maps Online Lets You Find Your Way Around 17th Century Holy Roman Empire (ArsTechnica, 7 March 2012) - The world's single largest online collection of historical maps launched earlier this week at Old Maps Online . By the end of the year, the site aims to have 60,000 maps available for public access. Cooperating institutions include the British Library, the National Library of Scotland, the Czech Republic's Moravian Library and the San Francisco Bay Area's David Rumsey Map Collection. [W]hat makes this project so arresting is the way the site is organized. Starting from a map of your area, you can zoom in or reorient over a basic world map, then drill down. The right column contains a changing stack of maps germane to your area. I started, for instance, in my home state of Oregon. The stack presented me with a 1901 gazette page of the "products of selected industries" in the state and a 1935 Standard Oil road map. I spun the globe and drilled down all the way to the street level at Granada, Spain, where I had an early 20th century map of eastern Spain and an 18th century map of "Hispania Benedicta," a map of the Benedictine religious order. Each historical map you click on is presented in a separate frame that you can enlarge, drawn from the contributing institution. A slider across the top allows you to dynamically change the offerings by moving from as early as 1000 CE up to 2010 (check Google Maps for anything more recent). A search box allows you to navigate by place name.

top

Mashups and Copyright (MLPB, 7 March 2012) - Elina Lae, University of Michigan Law School; University of Helsinki Faculty of Law, has published Mashups − A Protected Form of Appropriation Art or a Blatant Copyright Infringement?: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2003854

top

Court Declares Newspaper Excerpt on Online Forum is a Non-Infringing Fair Use (EFF, 10 March 2012) - [T]he federal district court in Nevada issued a declaratory judgment that makes is harder for copyright holders to file lawsuits over excerpts of material and burden online forums and their users with nuisance lawsuits. The judgment - part of the nuisance lawsuit avalanche started by copyright troll Righthaven - found that Democratic Underground did not infringe the copyright in a Las Vegas Review-Journal newspaper article when a user of the online political forum posted a five-sentence excerpt, with a link back to the newspaper's website. Judge Roger Hunt's judgment confirms that an online forum is not liable for its users' posts, even if it was not protected by the safe harbors of the Digital Millennium Copyright Act's notice and takedown provisions. The decision also clarifies that a common practice on the Internet - excerpting a few sentences and linking to interesting articles elsewhere - is a fair use , not an infringement of copyright.

top

Loss of Control (InsideHigherEd, 14 March 2012) - Jeff MacSwan and Kellie Rolstad, a husband-and-wife team at Arizona State University, heard rumors last year that courses they designed for an online program were being used without their permission. So in the summer of 2011, MacSwan registered as a student in an English as a Second Language program for which the couple, both tenured professors, had developed courses. In his telling, he logged on to discover that the courses he and his wife, an associate professor of linguistics, had created were being used without attribution or authorization. A lawsuit is now likely as MacSwan and Rolstad claim damages for alleged violation of copyright laws and university rules. The couple left Arizona State and are now employed as tenured professors in the College of Education at the University of Maryland at College Park. Their lawyer sent a notice of claim, a legal notice that precedes a lawsuit, to the Arizona Board of Regents and the state's attorney general in December, calling for $3 million in damages. Sparring over ownership of course materials might grow, as more institutions offer online courses and look at them as a potential source of revenue. Experts feel that the law is uncertain when it comes to statutes and case law, and an argument could be made for either side. "…As a practical matter, it is best for a university to have a policy about the ownership of course materials or an actual agreement with faculty members," said Georgia K. Harper, scholarly communications adviser for the University Libraries at the University of Texas at Austin. Harper, an attorney who also represents the UT system's office of general counsel on copyright issues, said universities may have different traditions: there might be a strong tradition of faculty ownership at one, while other institutions might claim ownership of such materials, stating that they were created within the scope of employment.

top

Case Study of Social Media in Business (KIT, 15 March 2012) - The MIT Sloan School's Center for Information Systems Research (CISR), famous for the book by Profs. Jeanne Ross and Peter Weill, "Enterprise Architecture as Strategy," just published a short report (subscription required) by Prof. Wanda Orlikowski and Susan Scott, "How Social Media Can Disrupt Your Industry: a Case Study in the Travel Sector." The authors shows how a Web site like TripAdvisor has, for better or for worse, changed the way hotels are rated, and they recommend some steps for a business to understand and leverage the crowdsourcing of user opinions.

top

Social Networks Cannot be Forced to Filter Traffic for Privacy (Steptoe, 15 March 2012) - Europe's highest court has concluded that online social networks cannot be required to filter for illegal content as a general matter. The European Court of Justice (ECJ) last month held that national courts may not require a hosting service provider to install, at its own expense, a general filtering system designed to monitor user activity for copyright-infringing material. The court determined that mandating the installation of such a system would contravene the EU E-Commerce Directive and laws guaranteeing rights to freedom of business, protection of personal data, and freedom of information. The decision in SABAM v. Netlog NV is a natural follow-on to previous ECJ decisions regarding the role of online intermediaries in preventing the illegal downloading and sharing of infringing material online.

top

Democratic Senators Issue Strong Warning About Use of the Patriot Act (NYT, 16 March 2012) - For more than two years, a handful of Democrats on the Senate intelligence committee have warned that the government is secretly interpreting its surveillance powers under the Patriot Act in a way that would be alarming if the public - or even others in Congress - knew about it. On Thursday, two of those senators - Ron Wyden of Oregon and Mark Udall of Colorado - went further. They said a top-secret intelligence operation that is based on that secret legal theory is not as crucial to national security as executive branch officials have maintained. The senators, who also said that Americans would be "stunned" to know what the government thought the Patriot Act allowed it to do, made their remarks in a letter to Attorney General Eric H. Holder Jr. after a Justice Department official last month told a judge that disclosing anything about the program "could be expected to cause exceptionally grave damage to the national security of the United States." The Justice Department has argued that disclosing information about its interpretation of the Patriot Act could alert adversaries to how the government collects certain intelligence. It is seeking the dismissal of two Freedom of Information Act lawsuits - by The New York Times and by the American Civil Liberties Union - related to how the Patriot Act has been interpreted. The senators wrote that it was appropriate to keep specific operations secret. But, they said, the government in a democracy must act within publicly understood law so that voters "can ratify or reject decisions made on their behalf" - even if that "obligation to be transparent with the public" creates other challenges. The dispute centers on what the government thinks it is allowed to do under Section 215 of the Patriot Act, under which agents may obtain a secret order from the Foreign Intelligence Surveillance Court allowing them to get access to any "tangible things" - like business records - that are deemed "relevant" to a terrorism or espionage investigation. There appears to be both an ordinary use for Section 215 orders - akin to using a grand jury subpoena to get specific information in a traditional criminal investigation - and a separate, classified intelligence collection activity that also relies upon them. The interpretation of Section 215 that authorizes this secret surveillance operation is apparently not obvious from a plain text reading of the provision, and was developed through a series of classified rulings by the Foreign Intelligence Surveillance Court.

top

One Sci-Fi Author Wrote 29 of the Kindle's 100 Most-Highlighted Passages (SlashDot, 17 March 2012) - An anonymous reader writes: "Today Amazon announced that a science fiction writer has become the Kindle's all-time best-selling author . Last June Suzanne Collins, who wrote the Hunger Games trilogy, was only the fourth author to sell one million ebooks, but this month Amazon announced she'd overtaken all her competition (and she also wrote the #1 and #2 best-selling ebooks this Christmas). In fact, 29 of the 100 most-highlighted passages on the Kindle were written by Collins, including 7 of the top 10. And on a separate list of recent highlights, Collins has written 17 of the top 20 most-highlighted passages." It's pretty interesting to go through the top-100 list and look at the passages people think are worth highlighting. Taken out of context, many of them could be patched together and re-sold as a self-help book. None are quite so eloquent as #18 in the recent highlights.

top

New Case Highlights Split of Authority Interpreting the Computer Fraud and Abuse Act (Foley, 18 March 2012) - Employers increasingly are suing former employees who have left to join or form competing companies using the civil remedies available under the Computer Fraud and Abuse Act ("CFAA"), 18 U.S.C. § 1030. They use the CFAA to prevent their former employees from using sensitive information obtained from the former employer's computer system. The scope of the CFAA, however, is subject to hot debate among the federal courts, as highlighted by a recent case from the District of Minnesota. In Walsh Bishop Associates, Inc. v. O'Brien, Civil Action No. 11-2673 (DSD/AJB), 2012 WL 669069 (D. Minn. Feb. 28, 2012), the court interpreted a provision of the CFAA, 18 U.S.C. § 1030 (a)(2)(C), which subjects an individual who "intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer" to civil liability should the plaintiff meet certain conditions. In particular, the court had to determine the scope of the phrase "exceeds authorized access," which the CFAA defines as "to access a computer with authorization and to use such access to obtain or alter information in the computer that the accesser is not entitled so to obtain or alter." 18 U.S.C. § 1030(e)(6). The plaintiff argued that a person exceeds authorized access by accessing information in order to use it in a manner contrary to an employer's interests and use policies. The O'Brien court, however, concluded, among other things, that subsection (a)(2) is not based on use of information, but rather access to information. Plaintiff's interpretation therefore could not be correct and the court had to focus on whether the defendants accessed information that they were forbidden to access instead of how defendants intended to use the information they had obtained. Other courts, including the District of Massachusetts, have come to a different conclusion regarding this language in the CFAA. In Guest-Tek Interactive Entertainment Inc. v. Pullen, 665 F. Supp. 2d 42 (D. Mass. 2009 ), Judge Gorton analyzed a different provision of the CFAA that also included both the "without authorization" and "exceeds authorized access" language. See 18 U.S.C. § 1030(a)(4). The defendants argued that the CFAA applies only to those lacking initial authorization and not those who subsequently misuse or misappropriate information. The plaintiff in response argued that the employee defendant's alleged breach of his fiduciary duty of loyalty to the plaintiff (by copying files and secretly planning a competitive venture while still employed) effectively extinguished his authorization to access plaintiff's computers. The employee defendant's initial authorization to access the plaintiff's confidential information was premised on the agency relationship between the parties, the plaintiff argued, and therefore when the employee breached his duty of loyalty he ended that relationship and constructively terminated his authorization to access the plaintiff's files. Judge Gorton agreed with the plaintiff. He determined that the First Circuit advocated a broader reading of the CFAA in EF Cultural Travel BV v. Explorica, Inc., 274 F.3d 577 (1st Cir. 2001 ). In that case, the court "upheld a CFAA claim against employees who had collected pricing information from their former employer's website in order to develop a competing entity with lower prices." Guest-Tek , 665 F. Supp. 2d at 45. The First Circuit found "that the former employees' reliance on [plaintiff]'s pricing information reeked of use-and indeed, abuse-of proprietary information that goes beyond any authorized use of [plaintiff]'s website." Id. (quotation and brackets omitted). The First Circuit's analysis of the employees' "authorized use" and "abuse" of the plaintiff's proprietary information in Explorica , Judge Gorton ruled, undercut the Guest-Tek defendants' plain language argument-the type of argument the court accepted in O'Brien .

top

Passwords, Profiles, and the Privilege Against Self-Incrimination: Facebook and the Fifth Amendment (Caren Myers Morrison, SSRN) - Abstract: While Facebook has become ubiquitous in most people's lives, it is also making increasingly frequent appearances in criminal cases. In the past few years, Facebook has emerged as a fertile source of incriminating information from boastful or careless defendants who find in Facebook a great way to project their outlaw persona to the world. But does the Fifth Amendment privilege against self-incrimination shield someone who has posted incriminating information on his Facebook page from being forced to disclose his password or provide access to his profile? While in most cases, Facebook information is public, in rare situations, a law enforcement officer might find herself in the peculiar position of believing that incriminating information is posted on a Facebook page, but having no way to get to it without the suspect's cooperation. In these circumstances, the government would have to subpoena the suspect for his Facebook content or his password, and may have to compel compliance by offering immunity for the act of producing the information. What is not clear is whether the immunized communication implied in the act of turning over Facebook content or passwords - confirming the existence of the account, the defendant's control over it, and its authenticity - would then taint the Facebook information itself, rendering the government unable to use it. While these situations are only likely to arise in a relatively narrow class of cases, the application of unsettled Fifth Amendment doctrine to novel technological issues raises complex questions. This paper, part of the Arkansas Law Review's Symposium on Facebook and the Law, will attempt to provide a guide through this uncharted landscape. After reviewing Facebook's growing prominence in criminal cases and the tangled Fifth Amendment jurisprudence that governs subpoenas for documents, I conclude that, where the government does not have enough information to obtain Facebook information from the company itself, a suspect's Facebook profile may be effectively beyond government reach. In the final section of the paper, I consider whether this level of protectiveness is normatively desirable or whether it will simply create an incentive for greater government intrusions.

top

Congressional Oversight of Agency Public Communications: Implications of Agency New Media Use (BeSpacific, 19 March 2012) - CRS report , Kevin R. Kosar, Analyst in American National Government: "This report intends to assist Congress in its oversight of executive branch agencies' public communications. Here, "public communications" refers to agency communications that are directed to the public. Many, and perhaps most, federal agencies routinely communicate with the public. Agencies do so for many purposes, including informing the public of its rights and entitlements, and informing the public of the agency's activities. Agencies spent more than $900 million on contracts for advertising services in FY2010, a figure that does not include all agency communications expenditures.
 Congress frequently has investigated agency public communication activities. For example, in late February 2012 the Senate Homeland Security and Governmental Affairs Committee's Subcommittee on Oversight of Government Management began investigating 11 federal agencies' public communications activities and expenditures."

top

Social Media Still Has Skeptics in Government (Government Technology, 19 March 2012) - Social media and networking websites have spanned the globe, but these free-to-use online services continue to be greeted with skepticism within some government workplaces. Twenty-seven percent of government IT professionals working in state or local government aren't allowed to access social media and networking websites such as Twitter and Facebook at work, while 20 percent said these online sites are of limited usefulness in the workplace. Another 12 percent said they are of no value at all. The findings came from a new Government Technology survey based on responses from 100 members of the GovTech Exchange, an online community of senior-level IT professionals from state and local government. On the whole, according to the data below, adoption and enthusiasm for websites like Facebook and Twitter appears to be vigorous.

top

Bizarre Combo Rulings From EU Court Of Justice: Dentists Don't Have To Pay Music Royalties, But Hotels Do (TechDirt, 21 March 2012) - Over the last few years, collection societies have become ridiculously aggressive in trying to get just about anyone to pay up for playing music. The results have been rather crazy, with auto garages being told that they have to pay up because the mechanics out in the garage had the radio on loud enough that customers in the waiting room could hear it. Ditto for a police station where some officers had a radio on in the back, but which some of the public could hear in the front. Then there was the demand that a grocery story pay up because a shop assistant sang while stacking cans . And the craziest of all: the time when the owner of a horse stable was told to pay up because her horses liked listening to music. A lot of this comes from the simple fact that these collection societies are really just trying to squeeze as much excess revenue as they can out of any location they can find. It's gotten to the point where the "copyright investigators" are really sales people , and are given incentives just like a sales person. They have revenue targets with bonuses for extra revenue they bring in. This gives them incentives to do all sorts of crazy things... like randomly calling up small businesses and if they hear any music in the background , demanding a license. Thankfully, it appears that the EU Court of Justice is pushing back on some of that. It recently issued two rulings about royalty collections -- but unfortunately it seems like the two rulings conflict with each other in some ways. In one, it is determined that a dentist's office does not need to pay a royalty because patients don't go to the dentist for the music. But then there's the other ruling. The exact same court. The exact same panel of judges. The exact same day. Very different ruling. This one involved a hotel, and the question of whether or not music playing in the hotel rooms is subject to collections. And here, the court comes to the opposite conclusion, and says that the hotel must pay.

top

NOTED PODCASTS

First Amendment, Tort, and Privacy - The Privacy Paradox: Piracy and its Conflicting Values (Stanford; 3 Feb 2012; 101 minutes) - [Editor: fascinating and useful discussion by Eugene Volokh, Cindy Cohn, Jeff Rosen, and Tom Goldstein; topics include the Jones GPS case, the emerging "right to be forgotten", a negligence-based theory of required surveillance practices, and others.]

top

BOOKS

"Always On" Is Surprisingly Good (InsideHigherEd, 15 March 2012) - Give yourself 5 hours and 42 minutes to read Always On: How the iPhone Unlocked the Anything-Anytime Future--and Locked Us In (by Brian X. Chen) (the length of the audiobook … you will read it even faster if you use your eyeballs and not your ears), and you will learn some new things. Brian X. Chen is not an Apple fanboy or an unthinking iPhone evangelist. Rather, Chen (who now writes for the NYT Bits blog ) is a thoughtful critic of the costs, as well as the benefits, of our always connected and hyper-networked society. Chen's thesis is that the combination of 3 technologies - the smart phone, ubiquitous bandwidth, and Web 2.0 social tools - have fundamentally changed how we structure our professional and personal lives. Mobile information abundance, combined with always available digital communication, equates to the need for new structures around our work, education, and social lives. What Chen is advocating is that we take seriously this shift from information/communication scarcity to information/communication abundance . He asks, what would higher education look like if designed around the capabilities the iPhone and mobile apps, and he wonders how the institutions that do not evolve will remain relevant. Chen also recognizes the costs of living in a world where e-mail, text messaging, Twitter, Facebook and the entire Web are always with us. Chen does not shy away from detailing the dangers of our mobile web addiction. He worries that we will misuse the technology of smart phones, ubiquitous networks, and social tools to avoid rather than develop authentic relationships. And rather than offer any simple fix-alls or advice, Chen takes the route of detailing how the iPhone and the web has provided both benefits and costs in his own relationships.

top

LOOKING BACK - MIRLN TEN YEARS AGO

LEFT GETS NOD FROM RIGHT ON COPYRIGHT LAW (CNET, 20 Nov 2002) -- U.S. Appeals Court Judge Richard Posner, one of America's most prominent jurists, warned Tuesday of an "enormous expansion" of intellectual-property law, adding a conservative voice to a chorus of criticism that's so far come from the left. During a lecture organized by the American Enterprise Institute and the Brookings Institution., Posner criticized a 1998 law extending the duration of U.S. copyrights. He also attacked the Patent and Trademark Office for granting "very questionable" business method patents. "These rights keep expanding without any solid information about why they're socially beneficial," Posner said. "At the same time that regulations are diminishing, intellectual-property rights are blossoming--(two) opposite trends bucking each other." Posner's critique is significant because up to now much of the attack on the steady expansion of intellectual-property rights has come from the left, and the Seventh Circuit judge is a darling of the conservative movement. Posner, a prolific author, is most famous for applying economic analysis to the law. He also mediated settlement talks in the Microsoft antitrust case. http://news.com.com/2100-1023-966595.html

top

SECRETARY NORTON IS CITED FOR CONTEMPT IN INDIAN TRUST CASE (Government Computer News, 18 Sept 2002) -- A federal judge yesterday found Interior secretary Gale Norton and assistant secretary for Indian affairs Neal McCaleb in contempt of court for failing to fix systems that manage trust fund accounts for American Indians. Judge Royce C. Lamberth of the U.S. District Court for the District of Columbia charged the two government officials with four counts of fraud against the court and one count of litigation misconduct. The ruling came in the long-running case of Cobell v. Norton. Last December, Lamberth ordered the Interior Department to disconnect nearly all its systems from the Internet because of security flaws that put the trust funds in jeopardy [see www.gcn.com/vol1_no1/daily-updates/17636-1.html]. Some department systems closely related to trust accounting remain disconnected from the Internet, although Interior has been gradually restoring Net services with the approval of a court-appointed security reviewer. Lamberth last week ruled that the Interior officials had acted "disgracefully" by failing to fix the flawed accounting systems or submit honest reports about efforts to build the Trust Asset and Accounting Management System and conduct a data cleanup project at the Bureau of Indian Affairs. http://gcn.com/articles/2002/09/18/secretary-norton-is-cited-for-contempt-in-indian-trust-case.aspx?sc_lang=en

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. BNA's Internet Law News, http://ecommercecenter.bna.com

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. Readers' submissions, and the editor's discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

Saturday, March 03, 2012

MIRLN --- 12 February – 3 March 2012 (v15.03)

MIRLN --- 12 February - 3 March 2012 (v15.03) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

NEWS | PODCASTS | RESOURCES | LOOKING BACK | NOTES

Breaking Virtual Ground (InsideHigherEd, 13 Feb 2012) - Massachusetts Institute of Technology announced today that registration has opened for its first online course through MITx , its new online spin-off devoted to offering "interactive" online versions of MIT courses to people not enrolled at the prestigious university. The first course is an adapted version of Circuits and Electronics, an introductory course in which students learn the basic architecture of computers and gadgets. Participants will watch five- to 10-minute video tutorials, read an e-textbook, and complete homework assignments, virtual laboratories and two exams. At the end of the course, they will receive a cumulative grade and a certificate from MITx. Registration will cost nothing, and there is no limit to enrollment. The "modest" fees that the university has said it will charge for MITx will most likely be tied to the credential, according to a spokesman. He said pricing has not been determined yet. The assignments and exams will be graded by computer programs. MITx does not plan to include any protection against cheating beyond an honor code and the natural obstacles inherent in the complexity of the assignments and exam questions. The completion certificate will note this explicitly, Agarwal says. In the future, MITx may pursue more sophisticated checks on dishonesty, he added. One homegrown e-learning innovation MITx hopes to bring to bear in its inaugural course is a virtual circuits laboratory that will allows participants to play with chips and resistors and orient themselves to the building blocks of microprocessors - all via a browser window. Instead of handling a breadboard and connecting components with their hands, the MITx registrants will do so by clicking, dragging and dropping in "the gaming equivalent of a physical lab," Agarwal said.

top

Congress Left in Dark on DOJ Wiretaps (Wired, 13 Feb 2012) - A Senate staffer was tasked two years ago with compiling reports for a subcommittee about the number of times annually the Justice Department employed a covert internet and telephone surveillance method known as pen register and trap-and-trace capturing. But the records, which the Justice Department is required to forward to Congress annually, were nowhere in sight. That's because the Justice Department was not following the law and had not provided Congress with the material at least for years 2004 to 2008. On the flip side, Congress was not exercising its watchdog role, thus enabling the Justice Department to skirt any oversight whatsoever on an increasingly used surveillance method that does not require court warrants, according to Justice Department documents obtained via the Freedom of Information Act. The mishap is just one piece of an ever-growing disconnect between Americans' privacy interests, and a Congress seemingly uncommitted to protecting those interests. The reports, recently posted on Justice Department website, chronicle a powerful surveillance tool undertaken tens of thousands of times annually by the Federal Bureau of Investigation, the Drug Enforcement Agency, the Marshals Service and the Bureau of Alcohol, Tobacco and Firearms. The reports show that, from 2004 to 2008, the number of times this wiretapping method was employed nearly doubled, from 10,885 to 21,152. Judges sign off on these telco orders when the authorities say the information is relevant to an investigation. No probable cause that the target committed a crime - the warrant standard - is necessary. The Justice Department, beginning in late 2010, has only published the reports from 2004 to 2009 , the year it obtained 23,895 judicial orders to conduct such surveillance. It did not immediately comment on whether the 2010 and 2011 reports have been compiled and sent to Congress, or explain why the mishap occurred. Internet security researcher Christopher Soghoian recently obtained e-mails via a two-year FOIA process confirm for the first time that Congress was left out of the loop for at least the years 2004 to 2008. Using FOIA, he and others have crowbarred from the Justice Department the reports from 1999 to 2009 . "This is an important surveillance tool," Soghoian said in a telephone interview. "In addition to showing that DOJ is lazy and not obeying the law, the most notable thing here is that Congress was asleep at the wheel." The handful of government e-mails (.pdf) Soghoian obtained confirm for the first time that Congress was left out of the loop for at least the years 2004 to 2008. A law review article suggests the same for years 1999 through 2003 .

top

Feds Argue Using a Fake Name Can Deprive You of Rights (WSJ, 14 Feb 2012) - Does using a fake name when you sign up for a cellphone plan mean the government can get information from your phone without a warrant? That's one argument the Department of Justice is making in an Arizona case - that using a false name is fraud and means you don't have a reasonable expectation of privacy. Such a stance might raise questions about the widespread practice of using pseudonyms to sign up for services online. But legal experts said it's unlikely a court would take the argument that far. The case, which the Journal first covered in an article last year , involves the use of a cellphone-tracking device called a stingray to find a mobile broadband card that the government says was being used to file fraudulent tax returns. The government conceded in the case that the use of the stingray was intrusive enough qualify as a search under the Fourth Amendment, which protects against unreasonable searches and seizures. But in a court filing on Jan. 27, the government argues that the defendant, Daniel David Rigmaiden, doesn't have standing to bring a Fourth Amendment claim because the broadband card, service and computer were purchased under false names and the apartment was rented using the name of a dead person and a fake ID. Courts recently have found that a warrantless search is OK if the person used fraud to get the thing being searched, said Susan Freiwald, a professor at the University of San Francisco School of Law. In one example, the defendant had bought a computer with a stolen credit card and the person who actually owned the card consented to the search. In another, the defendant was receiving mail addressed to an alias he used only as part of a fraud. But other cases have found that people still have a reasonable expectation of privacy - and thus can't have their property searched without a warrant - even if they are using an alias. "It's not against the law to use a fake name," said Adam Candeub, director of the Intellectual Property, Information and Communications Law Program at Michigan State University. The use of a fake ID and signing of a lease might be a different matter, though. "It can be fraudulent if you are entering into a contract under a fake name, but if it is a simple retail transaction the law is not clear," he said. Ms. Freiwald said that although prosecutors have argued repeatedly that using an alias diminishes a person's Fourth Amendment rights, "it would be too large an encroachment on both privacy rights and the rights of free speech if the mere use of a pseudonym were enough to deprive someone" of Fourth Amendment protections.

top

FCC to Get Tougher on Robocalls (USA Today, 14 Nov 2012) - The Federal Communications Commission today is set to approve tougher rules giving consumers additional protection against unwanted autodialed or prerecorded calls to home phone lines. "We have gotten thousands of complaints," says FCC Chairman Julius Genachowski. "Consumers were still getting robocalls they don't want and shouldn't get." He expects the commission to approve new rules that will require telemarketers to get written consent before making such calls. Even though Congress in 2008 passed legislation making Do Not Call permanent, some telemarketers have continued to make unsolicited calls because of loopholes in the law. Under the new FCC rules, telemarketers must get consent before calling home phones, even if the consumer hasn't included their number on the Do Not Call registry. Current rules already prohibit such calls to cellphones without consent. Previously, companies that consumers already had done business with could robocall them, but that exemption will be removed under the new rules. Other new provisions require telemarketers to give consumers a quick way to end the call and automatically add their number to telemarketers' Do Not Call lists. Not covered by the new rules: robocalls from schools and other non-profit organizations and political groups, because they are considered informational. Those calls cannot be made without consent to wireless phones, however.

top

Mayo Clinic Center For Social Media : Role Model For Legal Profession (Kevin O'Keefe, 14 Feb 2012) - If you've been following Mayo Clinic, you've seen their commitment to be the leader in social medicine in medicine. The latest comes with the announcement of their fourth annual Social Media Summit , a week long program in Rochester, Minn. campus this October. Mayo Clinic is not placing an emphasis on social media as a gimmick or as an attention grabber. Mayo is doing so because of its dedication to the patient. Mayo sees social media as critical to helping its colleagues promote health, fight disease, and promote healthcare. Mayo has founded the Media and developed a world wide Social Media Health Network as part of their efforts.

top

First State Attorney General Action Under HITECH (Proskauer, 14 Feb 2012) - On January 19, 2012, Minnesota Attorney General Lori Swanson exercised her authority under the HITECH Act by filing a lawsuit against a business associate for the failure to protect protected health information (PHI) and for the failure to disclose the extent to which PHI was utilized. The case alleges that Accretive Health, Inc., a debt collection agency, lost a laptop containing unencrypted PHI of approximately 23,500 Minnesota patients. This represents the first case brought by a state attorney general under HIPAA.

top

Fair Use Or Free Riding? The AP's New Attack On News Scraping (PaidContent.org, 14 Feb 2012) - The Associated Press is becoming more aggressive in trying to rein in the information the news service scatters around the world. After helping to launch a copyright monitoring service, the AP is now suing a company that clips headlines and news items for its customers. In a complaint filed this morning in New York federal court, the AP accused Norway-based Meltwater of wrongfully repackaging and sharing its content without a license. The lawsuit comes at a time when content owners continue to wrestle with how to stop what they perceive as free riding by news monitors and aggregators. In its lawsuit, the AP is also claiming copyright infringement on the grounds that Meltwater has copied and stored the articles, and that it is sharing "the heart" of the articles by reproducing more than 30% of them. [Editor: here we go again. The 30% threshold reminds me of when Palm Pilots limited cut-and-paste to a fixed number of words.]

top

SEC to Telcos: Yes, Net Neutrality is a Significant Policy Issue (ReadWriteWeb, 15 Feb 2012) - Back in December 2006, as part of its agreement to merge with former regional Bell operating company BellSouth, AT&T made a pledge to the Federal Communications Commission. In that pledge, AT&T promised it would maintain a fair and neutral policy toward all Internet packet routing, applying no privileges based on packets' origin, content, or destination. It's perhaps the clearest definition of net neutrality that has ever been devised. So a group of AT&T shareholders have been wondering why the company is running from it. Last month, they sought a shareholders' vote to effectively embed AT&T's 2006 net neutrality language as network policy. AT&T sought the Securities and Exchange Commission's permission to block that shareholders' proposal. Yesterday, after five Democratic senators weighed in, the SEC denied AT&T's motion, and the proposal now must go forward. "The open (non-discriminatory) architecture of the Internet is critical to the prosperity of our economy and society," the proposal from Trillium Asset Management begins. After making references to the potential benefits of net neutrality policy to the economy, and after citing the then-likely merger with T-Mobile (which is now off), the Trillium proposal would resolve that AT&T "operate a neutral network with neutral routing along the company's wireless infrastructure such that the company does not privilege, degrade or prioritize any packet transmitted over its wireless infrastructure based on its source, ownership or destination." Last week, the SEC Chief Counsel's office issued a letter to AT&T's attorneys essentially forbidding it to block the Trillium motion. "In view of the sustained public debate over the last several years concerning net neutrality and the Internet and the increasing recognition that the issue raises significant policy considerations," wrote Attorney-Advisor Erin E. Martin, "we do not believe that AT&T may omit the proposal from its proxy materials."

top

Warrantless Search of Digital Camera Constitutes an Unreasonable Search, Court Holds (Steptoe, 16 Feb 2012) - A federal district court in Oregon last month ruled that the warrantless search of a digital camera was not permitted pursuant to the "search-incident-to arrest" exception from the requirement for a warrant, and therefore violated the Fourth Amendment. The court in Schlossberg v. Solesbee ruled that the large volume of personal data that can be stored on modern mobile devices entitles them to a higher standard of privacy and thus, absent the existence of an exigent circumstance, an officer must obtain a warrant to search any electronic device found on a suspect. The court noted that neither the Supreme Court nor the Ninth Circuit had previously considered the warrantless search of an arrestee's camera, and that courts have split over whether warrantless searches of other electronic devices fall within the search-incident-to-an-arrest exception.

top

How Companies Learn Your Secrets (NYT, 16 Feb 2012) - Andrew Pole had just started working as a statistician for Target in 2002, when two colleagues from the marketing department stopped by his desk to ask an odd question: "If we wanted to figure out if a customer is pregnant, even if she didn't want us to know, can you do that? " As the marketers explained to Pole - and as Pole later explained to me, back when we were still speaking and before Target told him to stop - new parents are a retailer's holy grail. Most shoppers don't buy everything they need at one store. Instead, they buy groceries at the grocery store and toys at the toy store, and they visit Target only when they need certain items they associate with Target - cleaning supplies, say, or new socks or a six-month supply of toilet paper. But Target sells everything from milk to stuffed animals to lawn furniture to electronics, so one of the company's primary goals is convincing customers that the only store they need is Target. There are, however, some brief periods in a person's life when old routines fall apart and buying habits are suddenly in flux. One of those moments - the moment, really - is right around the birth of a child, when parents are exhausted and overwhelmed and their shopping patterns and brand loyalties are up for grabs. But as Target's marketers explained to Pole, timing is everything. Because birth records are usually public, the moment a couple have a new baby, they are almost instantaneously barraged with offers and incentives and advertisements from all sorts of companies. Which means that the key is to reach them earlier, before any other retailers know a baby is on the way. Specifically, the marketers said they wanted to send specially designed ads to women in their second trimester, which is when most expectant mothers begin buying all sorts of new things, like prenatal vitamins and maternity clothing. "Can you give us a list?" the marketers asked. For decades, Target has collected vast amounts of data on every person who regularly walks into one of its stores. Whenever possible, Target assigns each shopper a unique code - known internally as the Guest ID number - that keeps tabs on everything they buy. "If you use a credit card or a coupon, or fill out a survey, or mail in a refund, or call the customer help line, or open an e-mail we've sent you or visit our Web site, we'll record it and link it to your Guest ID," Pole said. "We want to know everything we can." [Editor: it's a long piece, but very interesting.]

top

Ethics Complaint Claims Lawyer Tried to Sway Potential Jurors by Posting Discovery Video on YouTube (ABA Journal, 16 Feb 2012) - An ethics complaint alleges a downstate Illinois lawyer attempted to sway public opinion against the prosecution of his drug client by posting a discovery video online. Lawyer Jesse Raymond Gilsdorf hired a company to post the video of an undercover drug buy on YouTube in April 2011 and then linked to it on Facebook, according to the complaint . The two-part video received more than 2,000 hits before a judge ordered its removal. The Legal Profession Blog has a story. The video was labeled "Cops and Task Force Planting Drugs." It implied that police had engaged in improper conduct and entrapped Gilsdorf's client, who was charged with unlawful delivery of a controlled substance in Pike County, the complaint alleges. Gilsdorf did not receive the consent of his client before posting the video, the complaint says.

top

Law Firm Websites Are Not the Foundation of Online Business Development (Kevin O'Keefe, 18 Feb 2012) - The fact is law firms have websites. The question is not whether to have a website or not. The question is whether law firms should throw more money and time at their website when the firm's lawyers and business development professionals don't know how to use the Internet to network. Lawyers and law firms got plenty of work before we had websites. They did it through networking. The Internet doesn't change that. The Internet just presents lawyers a golden opportunity to network so as to build relationships and enhance one's reputation at an accelerated rate. When it comes to networking through the Internet, a website doesn't make the list of the most important items to master: (1) LinkedIn . Not just as your profile of record that's more important than the bio on your websites, but as a consummate networking arena. (2) RSS reader . How can you network with others online if you cannot hear what others are talking about? (3) Blog . There is simply no better way for a lawyer to grow professionally and from a business development standpoint than to blog in an engaging fashion. (4) Twitter . In addition to Twitter possibly being the single biggest personal branding tool since the television, Twitter provides lawyers a powerful information network and relationship building tool. (5) Facebook . Too many lawyers divide the online world into personal and professional. Networkers know you can't do it. Facebook enables lawyers to enhance their relationships with close business associates. (6) Google+ . No one has a firm grip on where Google+ is headed, but their is no question it's here to stay and is going to influence search and discovery of information and people. Lawyers would be well served to experiment with Google+. Those six tools are all about networking through the Internet. Networking that empowers a lawyer to build relationships and enhance their reputation.

top

Hoo-ah: How the US Army Has Become a Social Media Leader (ReadWriteWeb, 19 Feb 2012) - Over the past several years, the US Army has developed an exemplary program in exploiting numerous social media methods, and done so without a lot of flash, expense, or personnel. They have an engaged audience, numerous followers, and maintained a multi-pronged campaign into all of the major social media networks, including recent beach-heads in Pinterest and Google+. All this, and with a five-person team based in the Pentagon and without spending much in the way of budget too. They are a worthy case study for organizations that are trying to make their own assaults on social media and haven't been as effective. Let's take a tour of the Army social media landscape and show you what they are doing right. Regardless of your politics, I think you will agree that they are leading by example when it comes to social media. [Editor: good, actionable material here.]

top

Many Voices, but Still One Times (NYT's Public Editor, 19 Feb 2012) - DAVID CARR put his finger on something in his column last Monday, which dealt with the tension between individual journalists' social media expressions and their employers' established standards. Digital innovation has created great opportunities for the former and severe challenges for the latter. The problem is part of a much larger phenomenon. In the current environment, New York Times journalists are empowered to build their own personal following via social networks like Twitter and Facebook, while at the same time the wider audience can use blogs and curation sites to pull content away from The Times. The result is a deconstructed New York Times that is reassembled by others far from The Times's home base at NYTimes.com. The paper should at least try to balance this, I believe, by using home base to reinforce its voice and its standards for journalism. Home base should be an anchor that not only offers content but also an institutional statement about what The Times stands for and what it thinks. One step toward accomplishing this would be a powerful reader portal on the Web site, a place where useful tools and straightforward communication could help strengthen The Times's brand. What might be included? [Editor: very interesting; If the Old Gray Lady moves this way, it'll create a de facto best practice for other news e-outlets.]

top

Is Writing Style Sufficient to Deanonoymize Material Posted Online? (33 Bits, 20 Feb 2012) - Ryan Calo writes: I have a new paper appearing at IEEE S&P with Hristo Paskov, Neil Gong, John Bethencourt , Emil Stefanov , Richard Shin and Dawn Song on Internet-scale authorship identification based on stylometry , i.e., analysis of writing style. Stylometric identification exploits the fact that we all have a 'fingerprint' based on our stylistic choices and idiosyncrasies with the written word. To quote from my previous post speculating on the possibility of Internet-scale authorship identification: Consider two words that are nearly interchangeable, say 'since' and 'because'. Different people use the two words in a differing proportion. By comparing the relative frequency of the two words, you get a little bit of information about a person, typically under 1 bit. But by putting together enough of these 'markers', you can construct a profile. The basic idea that people have distinctive writing styles is very well-known and well-understood, and there is an extremely long line of research on this topic. This research began in modern form in the early 1960s when statisticians Mosteller and Wallace determined the authorship of the disputed Federalist papers, and were featured in TIME magazine. It is never easy to make a significant contribution in a heavily studied area. No surprise, then, that my initial blog post was written about three years ago, and the Stanford-Berkeley collaboration began in earnest over two years ago.

top

LawVest Unveils Fixed-Price Law Firm Combining Solicitors and Barristers (Legal Futures, 20 Feb 2012) - A groundbreaking business law firm operating entirely on fixed fees and featuring a mix of leading barristers and solicitors opens today, aiming for a market that it claims has been "protected from real competition for too long". Riverview Law is the brainchild of LawVest, which as first revealed on Legal Futures last autumn has investment from global law firm DLA Piper. LawVest is to apply to become an alternative business structure (ABS). Operating through Riverview Solicitors and Riverview Chambers, it offers businesses with up to 1,000 employees annual contracts from as little as £200 a month for all their day-to-day legal support, or receive a fixed price for a particular piece of work. The annual contracts provide unlimited access to legal advice. Advice is mainly provided remotely, backed up by sophisticated IT. Large organisations can outsource their in-house legal function to Riverview Law, also at a fixed price. Riverview is an option for DLA clients who are no longer core to the global firm's plans, but LawVest chief executive Karl Chapman emphasised that Riverview will receive "no preferential treatment" and DLA lawyers will be under no obligation to refer work. "The business will stand and fall on the quality, standards, service and prices we provide," he said.

top

CIA to Software Vendors: A Revolution is Coming (Reuters, 21 Feb 2012) - The U.S. Central Intelligence Agency told software vendors on Tuesday that it plans to revolutionize the way it does business with them as part of a race to keep up with the blazing pace of technology advances. Rather than stick with traditional all-you-can-eat deals known as "enterprise licensing agreements," the CIA wants to buy software services on a "metered," pay-as-you-go basis, Ira "Gus" Hunt, the agency's top technology officer, told an industry conference. "Think Amazon," he said, referring to the electronic commerce giant where the inventory is vast but the billing is per item. "That model really works." The old way of contracting for proprietary software inhibits flexibility, postponing the CIA's chance to take advantage of emerging capabilities early on, Hunt said. Hunt made his remarks at a conference on emerging technologies organized by the Armed Forces Communications & Electronics Association's Washington D.C. chapter. Replying to a question, he said the CIA would be willing to give vendors with security clearances a "peek under the covers" to address any doubt about whether it was fairly accounting for proprietary software used under any pay-as-you-go deal. "Don't kid yourself that we can't do this thing because we can," he said, adding that the agency was seeking to build strong partnerships with its information technology suppliers.

top

Corporate Clients Should Ask Specific Questions About Law Firm Computer Security, Experts Say (ABA Journal, 21 Feb 2012) - We live in a world in which computer attacks via the Internet are routine, and many law firms are both particularly inviting targets and especially vulnerable. So determining whether outside counsel has sufficient computer safeguards is a question business clients should routinely ask, according to Corporate Counsel. One expert says 80 major law firms were hacked last year, Bloomberg reports. And in a recent Forbes column, another expert tells a chilling tale of two partners from an unidentified law firm who visit him for advice after discovering that all of their client files have been obtained by China-based hackers. It's difficult not to be victimized in such attacks, which often involve opening an attachment to a seemingly legitimate spoofed email that purports to be from a known individual such as a work colleague, says Alan Paller of the SANS Institute. So corporate clients should ask-and law firms should be prepared to answer-some specific questions about Internet security, another expert tells Corporate Counsel. Among them: Does the law firm keep logs of everyone who has accessed client files and require the use of complex passwords on its work stations and servers? "The issue ends up being that the lawyers are so oriented to the convenient use of computers," says Eric Friedberg, a former federal prosecutor who is now co-president of consultant Stroz Friedberg. "It presents real challenges to pervasively establish a culture of security, because convenience has to be subjugated to secure computer use." For the complete list of computer security questions he recommends that business clients ask their law firms, read the full Corporate Counsel article .

top

UK's High Court for the First Time OKs Service Via Facebook (ABA Journal, 21 Feb 2012) - In a United Kingdom first, the High Court there has agreed to allow a hard-to-locate individual to be served via Facebook in a civil case. Fabio de Biase has been granted 14 days to respond-much more than the norm-to be sure he has enough time to check his Facebook account, the Am Law Daily reports. His former employer, broker TFS Derivatives, is a defendant in a suit brought by investment manager AKO Capital, which claims it has been significantly overcharged. TFS hopes to force de Biase, a derivatives negotiator who managed the relationship between the two companies, to pay a portion of any damages won by AKO. Stories in Legal Week and the Telegraph provide further details. The U.K.'s County Court, as well as courts in Australia and New Zealand, have previously allowed service via the social networking site, and the High Court previously allowed service via Twitter.

top

Pain in the Butt (InsideHigherEd, 22 Feb 2012) - The term "cybersquatting" -- buying and selling Internet domains that correspond with existing brands -- is not the most elegant coinage in the English language. University of Hawaii officials have found that cybersquatters can be tasteless decorators, as well. In January, the university found that somebody had purchased UniversityofHawaii.xxx and was offering to sell the domain on eBay. Earlier this month, the domain went live with photos of nude couples having sex in various Hawaii-like settings, according to Hawaii News Now -- prompting a cease-and-desist letter from university lawyers that has apparently persuaded the site to shut down. Hawaii was the first victim of a virtual land grab for a new category of Web domain that ends with "dot-xxx," a suffix meant to signal pornographic content. The university appears to have successfully persuaded the proprietor of UniversityofHawaii.xxx to shut down the site. But Educause, an influential higher ed technology group, says the new dot-xxx addresses, as well as other newly available "generic top-level domain names" (gTLDs), are turning out to be an unequivocal pain for colleges and universities. "The effects of these initiatives thus far have been modest, but they have been entirely negative. So far as we know, no college or university has benefited from either initiative," wrote Gregory Jackson, vice president of policy at Educause, in blog post on Friday. "Rather, institutions have been exposed to risk and incurred costs without receiving any value in return." After speculating in the fall that colleges and universities had little to fear from the new dot-xxx domains, Jackson began soliciting feedback from institutions in the Educause network to gauge the effects of the new virtual real estate, which became active in December. "Lots [of institutions] looked at the low costs and decided to buy or claim a bunch of domains, usually variations on institution or team names," Jackson told Inside Higher Ed. "A couple were approached by squatters, but ignored them." So far, he says, the University of Hawaii is the only instance of a cybersquatter actually posting porn at a university-themed domain. Because it had allowed its federally registered trademark on "University of Hawaii" to lapse eight years ago, the university was unable to defend against interlopers by reserving "UniversityofHawaii.xxx" last fall during a special pre-registration period. But officials at several universities have pointed out that it would be expensive and difficult to try to block all possible variations on their brand, even if the trademarked phrases were secure. That was Hawaii's rationale for declining to buy up dot-xxx properties even when non-trademarked phrases became available for purchase.

top

Courts Continue to Grapple with Discovery Disputes Around Social Networking Evidence (Eric Goldman, 22 Feb 2012) - Tompkins v. Detroit Metro Airport , 10-10413 (E.D. Mich.; Jan. 18, 2012) This is a slip and fall case where the plaintiff alleges that injuries she suffered at Detroit's Metro airport affected her quality of life and ability to work. Defendant asked plaintiff to release her medical records and records from her Facebook account. She refused as to the Facebook account, arguing that the private portions of her account should not be turned over in discovery. The court says (citing to McMillen v. Hummingbird and Romano v. Steelcase ) that there's no privilege as to information contained in social networking accounts. Access to this information by an opponent in litigation is governed by traditional discovery principles. The court notes that in both Romano and McMillen the plaintiffs made injury claims that were inconsistent with information contained in the public portions of their social networking accounts. The court says that while there is no privilege protecting private (or quasi-private) information in a social networking account, "the [d]efendant does not have a generalized right to rummage at will through information that [p]laintiff has limited from public view." The court says there has to be a threshold showing that "the requested information is likely to lead to the discovery of admissible evidence." [Translation: a standard argument in every personal injury case that the plaintiff must have posted pictures of herself frolicking on the beach will not fly.] Davenport v. State Farm Mutual Auto Ins. , 2012 U.S. Dist. LEXIS 20944 (M.D. Fla; Feb. 21, 2012) Here, the insurance company defendant sent a request to plaintiff seeking all photographs posted to social networking sites, whether posted by plaintiff or by a third party. As in Tompkins, the court says there's no special privilege that attaches to social networking content, but the rules of discovery limit an opponent's ability to request this information. Plaintiff proposed that she be required to produce only photographs taken by her that depict her. She says the photos she has been "tagged" in do not satisfy the Rule 26 relevance standard, but the court disagrees. The court says plaintiff has to produce all photographs which depict her, whether she posted them or she had been tagged in the picture. The court does limit this by saying the default discovery rules only require a party to produce information that is within the party's "possession, custody, or control." The court says this "likely" means that plaintiff will "need to produce only photographs that she posted or in which she was tagged." The court does not offer any additional details on whether material posted to a social networking site is still within that party's "possession, custody, or control." Courts are really all over the place on issues relating to the discovery of information posted to social networks. The decisions grapple with (but none coherently address) the following issues: (1) whether any of the communications are covered under the Stored Communications Act and how this affects discoverability; (2) whether an opponent can obtain direct access a non-party or witnesses social networking site (several decisions have ordered password swaps, waivers, or in-camera reviews); (3) whether the discovery request should be directed to the social network directly or to the party whose information is sought; (4) what threshold showing is required form a party seeking discovery; (5) whether information posted to a social networking site is within the control, possession or custody of the party who posted it (for purposes of Rule 26).

Courts appear perfectly willing to smack down discovery requests that overreach, but continue to struggle with finding a balance and dealing with the logistical issues inherent in these types of discovery disputes.

top

Strengthening Third-Party Contracts to Lower Breach Risks (Dark Reading, 22 Feb 2012) - Details emerged this week that showed that recent Anonymous hacks of Federal Trade Commission (FTC) websites could potentially have been prevented had the FTC not dispensed with security provisions in a contract with the third-party vendors who hosted the sites. As organizations continue to divide labor in IT-particularly in development of public-facing websites-the incident could prove a good lesson in the importance of shoring up contract language and SLAs to ensure third parties are not adding undue risks of data breaches in the future. In the case of the FTC, the federal agency suffered two embarrassing breaches within the last two months. In January, Anonymous attacked the FTC's OnGuardOnline.gov site and this month it again hacked the FTC's Bureau of Consumer Protection site. The websites in question were open to attack due to a failure to patch the server operating systems and applications associated with the site, a weakness that Anonymous took advantage of to publicize its distaste for the Anti-Counterfeiting Trade Agreement (ACTA) backed by the federal government. The sites in question were developed by public relations firm Fleishman-Hilliard, which hosted the sites on resources provided by hosting and cloud services provider Media Temple. The two firms are currently duking it out in a very public finger-pointing spat reported by Ars Technica, which also brought to light the fact that the $1.5 million contract to develop the sites initially included security provisions during the acquisition process but then dropped those requirements. According to John Nicholson, counsel for the global sourcing practice at Washington, D.C.-based law firm Pillsbury Winthrop Shaw Pittman LLP, these days such contract omissions are pretty rare, but they still happen. "It's unusual, particularly these days when sensitivity to security and privacy is high, but gaps in functionality like this aren't unheard of," he says. "When dealing with cloud / hosting agreements, any time the supplier isn't responsible for the end-to-end service, and the integration of all of the subsidiary functions provided by third parties, things like this can happen."

top

Two Lawyers Sue West and LexisNexis for Reproducing Legal Briefs (ABA Journal, 23 Feb 2012) - Two lawyers have filed a class action suit claiming West Publishing and Reed Elsevier are violating the copyrights of lawyers by reproducing their lawsuit documents in Westlaw and LexisNexis databases. The plaintiffs, Oklahoma lawyer Edward White and New York City lawyer Kenneth Elan, filed suit on Wednesday in Manhattan federal court. How Appealing links to coverage by the Volokh Conspiracy and the Wall Street Journal Law Blog . White has obtained copyright registration for some of his motions, while Elan has not. They seek to represent two classes of lawyers who have and haven't copyrighted their work. The suit says the publishers charge substantial fees for access to lawyers' work. West, for example, charges $622 a month for solos to access its "All State Briefs" and "All Federal Briefs" databases, the suit says. The Law Blog says the suit "appears to be a novel interpretation of copyright law" while the Volokh Conspiracy says the argument for infringement is "moderately strong." "The question is whether the commercial posting of the briefs is fair use; and fair use law is, as usual, vague enough that there's no clear answer," the Volokh Conspiracy says.

top

Liability and the Cybersecurity Bill (Lawfare, 23 Feb 2012; by Paul Rosenzweig) - In an earlier post about the information sharing provisions of the cybersecurity bill pending in the Senate I highlighted the issue of liability protection and the preemption of State law, musing that those provisions might prove controversial with those who wanted to retain traditional rights of action in State courts. Well, other people have the opposite concern. Gus Coldebella, the former Acting General Counsel of the Department of Homeland Security, thinks that the liability provisions don't go far enough and need to be fixed. Here's the gist of it from the introduction: "[The bill] doesn't sufficiently tamp down potential legal liability for private entities, and in some cases increases it, creating an insurmountable disincentive for companies to voluntarily share cyber information. It leaves owners of critical infrastructure subject to civil litigation and outsized damages if an attack happens, even when they fully comply with the Act's mandates. Before the Act comes out of beta, Congress should debug its liability protection provisions." The entire article is worth a read. More fodder for consideration as the bill moves forward.

top

Eleventh Circuit Finds Fifth Amendment Right Against Self Incrimination Protects Against Being Forced to Decrypt Hard Drive Contents (Volokh, 24 Feb 2012) - The important decision is In re Grand Jury Subpoena Duces Tecum Dated March 25, 2011 . From the opinion by Judge Tjoflat: "We hold that the act of Doe's decryption and production of the contents of the hard drives would sufficiently implicate the Fifth Amendment privilege. We reach this holding by concluding that (1) Doe's decryption and production of the contents of the drives would be testimonial, not merely a physical act; and (2) the explicit and implicit factual communications associated with the decryption and production are not foregone conclusions. First, the decryption and production of the hard drives would require the use of the contents of Doe's mind and could not be fairly characterized as a physical act that would be nontestimonial in nature. We conclude that the decryption and production would be tantamount to testimony by Doe of his knowledge of the existence and location of potentially incriminating files; of his possession, control, and access to the encrypted portions of the drives; and of his capability to decrypt the files. We are unpersuaded by the Government's derivation of the key/combination analogy in arguing that Doe's production of the unencrypted files would be nothing more than a physical nontestimonial transfer. The Government attempts to avoid the analogy by arguing that it does not seek the combination or the key, but rather the contents. This argument badly misses the mark. In Fisher, where the analogy was born, and again in Hubbell, the Government never sought the "key" or the "combination" to the safe for its own sake; rather, the Government sought the files being withheld, just as the Government does here. Hubbell, 530 U.S. at 38, 120 S. Ct. at 2044 (trying to compel production of documents); Fisher v. United States, 425 U.S. at 394-95, 96 S. Ct. at 1572-73 (seeking to access contents possessed by attorneys). Requiring Doe to use a decryption password is most certainly more akin to requiring the production of a combination because both demand the use of the contents of the mind, and the production is accompanied by the implied factual statements noted above that could prove to be incriminatory. See Hubbell, 530 U.S. at 43, 120 S. Ct. at 2047. Hence, we conclude that what the Government seeks to compel in this case, the decryption and production of the contents of the hard drives, is testimonial in character." Also note that the court's analysis isn't inconsistent with Boucher and Fricosu , the two district court cases on 5th Amendment limits on decryption. In both of those prior cases, the district courts merely held on the facts of the case that the testimony was a foregone conclusion. [Editor: extremely important case, and (I believe) the right result. EFF's discussion of the decision is here .]

top

NIST Issues Draft Computer Security Breach Incident Handling Guide (Foley, 27 Feb 2012) - The National Institute of Standards and Technology (NIST) has published for public comment a draft update to a guide [SP 800-61] for organizations managing their responses to computer security incidents such as hacking attacks. The Guide notes that computer security incident response has become an important component of information technology (IT) programs. Security-related threats have become not only more numerous and diverse but also more damaging and disruptive. New types of security-related incidents emerge frequently. NIST acknowledges that performing incident response effectively is a complex undertaking. Establishing a successful incident response capability requires substantial planning and resources. The Guide is intended to help both established and newly formed incident response teams. Unlike most threats several years ago, which tended to be short-lived and easy to notice, many of today's threats are more stealthy, specifically designed to quietly, slowly spread to other hosts, gathering information over extended periods of time. The Guide discusses seven (7) requirements and recommendations to enhance the efficient and effective incident response activities. [Editor: see also Revision of SP 800-53 Addresses Current Cybersecurity Threats, Adds Privacy Controls (28 Feb 2012) - To handle insider threats, supply chain risk, mobile and cloud computing technologies, and other cybersecurity issues and challenges, NIST has released Security and Privacy Controls for Federal Information Systems and Organizations, Special Publication (SP) 800-53, Revision 4 (Initial Public Draft). The document is considered a principal catalog of security standards and guidelines used by federal government agencies that NIST is required to publish by law.

"The changes we propose in Revision 4 are directly linked to the current state of the threat space-the capabilities, intentions and targeting activities of adversaries-and analysis of attack data over time," explained Ron Ross, FISMA Implementation Project Leader and NIST fellow.]

top

Reidentification Theory Doesn't Save Privacy Lawsuit (Eric Goldman, 28 Feb 2012) - CVS Caremark provided consumer data to pharma companies and data brokers. The plaintiffs alleged that the data transfers violated CVS's privacy policies, but CVS apparently disclosed only "de-identified" data as contemplated by HIPAA. Plaintiffs couldn't sue under HIPAA, both because CVS complied with HIPAA and because HIPAA doesn't enable a private cause of action for these violations. Although these facts implicate Sorrell v. IMS , that case didn't come up because the plaintiffs didn't sue under an analogous statute specifically pharmaceutical data transfers. Instead, the plaintiffs sued under Pennsylvania's consumer protection act, claiming that CVS made material misrepresentations in its privacy policies about its data handling. The court dismisses the suit--with prejudice!--on two principal grounds. To salvage the situation, the plaintiffs' lawyer tried to argue that the de-identified information could be re-identified by recipients, but apparently the plaintiffs' lawyer couldn't make the argument very cogently. It seems pretty clear that the lawyer didn't fully understand re-identification--at least, not well enough to explain how it might trump CVS's privacy promises. Thus, the court never really gets to the merits of the re-identification theory, but clearly it did not pique the judge's interest. Presumably the "single journal article" referenced is Paul Ohm's Broken Promises of Privacy article. As we've already seen, privacy plaintiffs' lawyers are avid readers of the privacy scholarly literature, looking for new theories to help them grind their axes. Privacy scholars should be gratified by this practitioner attention. As we know, most law review articles never get read (my mom won't even read mine). As this case illustrates, privacy plaintiffs' lawyers may build their entire cases around the academic literature. Although the re-identification theory doesn't go anywhere in this case, arguably CVS dodged a bullet. Ever since I read Paul's paper, I have been recommending that companies stop making PII/non-PII distinctions in their privacy policies. It was instantly clear to me from reading Paul's paper that plaintiffs could attack a privacy policy's promise not to disclose "PII" using a reidentification theory because we don't reliably know which bits of data can be used to uniquely identify individuals. Indeed, the language CVS used (it wouldn't disclose information that "may identify" consumers) was especially dangerous, because any bit of information, in combination with the right set of other data, has the theoretical capacity to uniquely identify individuals. The plaintiffs' lawyer in this case was sniffing around the issue but didn't nail it; but other cases--especially after goofy rulings like Pineda treating zip codes as PII--will raise the issue better and pose significant danger to defendants. This case is a warning sign that CVS, and everyone else, should carefully reexamine the PII/non-PII distinctions in their privacy policies. Steinberg v. CVS Caremark Corp. , 2012 WL 507807 (E.D. Pa. Feb. 16, 2012)

top

Judge Posner on Searching a Cell Phone Incident to Arrest (Volokh Conspiracy, Orin Kerr, 29 Feb 2012) - I am often filled with a mild sense of both excitement and dread when I learn that Judge Posner has authored an opinion in areas of law that I follow closely. Excitement, because I know it will be fascinating to read. And dread, because I know it will be filled with extensive error-prone dicta on issues not briefed and reasoning that is hard to square with existing precedents. On that score, Judge Posner's opinion today in United States v. Flores-Lopez doesn't disappoint. The issue: When the Fourth Amendment allows the police to search a cell phone incident to arrest. The conclusion: As far as I can tell, Judge Posner seems to have some sort of graduated scale in mind, in which minimally intrusive searches of phones are okay as a routine matter incident to arrest but more extensive searches require more justification or maybe a warrant. * * * Incidentally, my own view is that the best rule for searching cell phones incident to arrest is the Arizona v. Gant rule for automobile searches incident to arrest. That is, searches of electronic storage devices should be allowed under the search incident to arrest exception if there is reason to believe evidence of the crime of arrest will be found on the phone, but not allowed if there is no such evidence. Matching the rule for cars and electronic storage devices makes sense, I think. Both are containers of containers that are used for many purposes, can store a lot of information and evidence, and yet are also often with the person at the time of arrest.

top

NOTED PODCASTS

Aerial Robots Swarm the Stage at TED (ArsTechnica, 2 March 2012; 16 min video) - Vijay Kumar's videos have already been a hit on YouTube, as people have been fascinated to watch swarms of robotic quadrotors perform various feats, like flying through narrow windows and coasting across a room in formation. But Kumar still had a few tricks up his sleeve when he took the stage at TED, and he seized the opportunity to show some serious ways in which aerial robots will change our world. Kumar, however, envisions aerial robots that can fly themselves and carry out their tasks, on their own, or with minimal human input beyond initial design and programming. His drones offload even more of the job of stabilizing their flight to computers that aren't even on-board the copter (a weight and complexity advantage). Once airborne, the entire flight is computer-controlled. [Editor: absolutely enthralling!]

top

Chief Judge Alex Kozinski - The Privacy Paradox: Privacy and its Conflicting Values (Stanford's CIS, 3 Feb 2012; 52 minutes) - [Editor: funny, thoughtful discussion by the Judge about new technologies' impact on privacy law, and several recent cases. I was surprised at some of his remarks - e.g., his praise for an EFF action - which I hadn't expected from a sitting judge.]

top

RESOURCES

Contemporary Issues in Cyberlaw (William & Mitchell Law Review, Feb 2012) - [Editor: entire issue dedicated to cyberlaw; articles by Eric Goldman, Roland Trope, and Sarah Jane Hughes, et al.]

top

Where Are Laws Equal for Men and Women? (The World Bank, Feb 2012) - Women, Business and the Law presents indicators based on laws and regulations affecting women's prospects as entrepreneurs and employees, in part drawing on laws contained in the Gender Law Library. Both resources can inform research and policy discussions on how to improve women's economic opportunities and outcomes.

top

Doing Business Law Library (The World Bank, Feb 2012) - The Doing Business law library is the largest free online collection of business laws and regulations. We link to official government sources wherever possible. Translations are not official unless indicated otherwise. We update the collection regularly but are unable to guarantee that laws are the most recent version.

top

LOOKING BACK - MIRLN TEN YEARS AGO

BBC BANS USE OF NON-MS PDAS (The Register, 30 Jan. 2002) -- The BBC IT department has evidently taken the Microsoft shilling, in some style. Our sources informed us a while back that the company is spending a total of £61 million on Windows upgrades for approximately 24,000 desktops, and now an internal memo leaked to Silicon.com reveals that it has banned staff from using any non-Microsoft PDA with company machines. So BBC staffers using Palms and Psions (Psion, incidentally, is based not a molotov cocktail's throw from Beeb HQ) can deem themselves security threats, and have until summer of next year to switch or stop using them with the company kit. The BBC is actually standardising on PocketPC 2002, claiming that all other PDA platforms are insecure. Microsoft does indeed publicise the security features of of PocketPC 2002, and there is, sort of, a real security issue for IT departments when it comes to PDAs. But it's actually a lot more about BOFH control-freakery than it is really about security. http://www.theregister.co.uk/content/54/23882.html

top

COMCAST SAYS IT RECORDS WEB BROWSING OF ITS 1 MILLION INTERNET SUBSCRIBERS (SiliconValley.com, 13 Feb. 2002) -- Comcast Corp., the nation's third-largest cable company, has started recording the Web browsing activities of each of its 1 million high-speed Internet subscribers without notifying them of the change. Comcast acknowledged Tuesday that it is recording which Web pages each customer visits as part of a technology overhaul that it hopes will save money and speed up its network, but which was not intended to infringe on privacy. Outside experts - including the vendor whose powerful software Comcast is using - said Comcast is recording more information about the online activities of customers than is necessary for the technology enhancements. "It's not needed," said Steve Russell, a vice president for Inktomi Corp. Russell said Inktomi's software also records other information from Comcast subscribers, which can include passwords for Web sites and credit-card numbers under limited circumstances. Russell discounted privacy concerns, saying engineers are using some of the information to improve Comcast performance and that many other Internet devices record data racing across computer networks. But two of the nation's largest Internet providers, America Online and Earthlink, said they purposely do not collect details about the Web browsing of their combined 35 million subscribers. http://www.siliconvalley.com/mld/siliconvalley/2661735.htm

-- and, later that same day --

COMCAST SAYS IT WILL IMMEDIATELY STOP RECORDING CUSTOMER WEB BROWSING (SiliconValley.com, 13 Feb. 2002) -- Comcast Corp., the nation's third-largest cable company, pledged Wednesday to immediately stop recording the Web browsing activities of each of its 1 million high-speed Internet subscribers. Comcast said in a statement that it will stop storing the information ``in order to completely reassure our customers that the privacy of their information is secure.'' Comcast reassured customers Wednesday that the information had been stored only temporarily, was purged automatically every few days and ``has never been connected to individual subscribers.'' http://www.siliconvalley.com/mld/siliconvalley/news/2664051.htm

-- and, the NEXT day we get a different spin --

COMCAST PROMISES NOT TO TRACK SUBSCRIBERS (The Register, 14 Feb. 2002) -- A little brouhaha started last week with a post to the Vuln-Dev mailing list, in which a contributor called J. Edgar Hoover observed that Comcast's cable Internet service was using an Inktomi traffic server capable of recording the comings and goings of its subscribers. Five days later the Associated Press' Ted Bridis got hold of the story and 'broke' it, without bothering to credit his source, apparently in hopes that the world would credit him with this amazing discovery. There isn't actually a great deal to this story beyond speculation, or you'd have read it on the seventh, when J Edgar stepped forward. The questionable equipment isn't necessarily a problem. ISPs and NSPs often use caching hardware to serve pages more quickly and balance traffic loads. The real question here would be 'what is Comcast doing with this information?' And of course our wire drone offers not one shred of evidence that it was being misused -- which would, of course, constitute a story. The upshot of all this hack-fabricated 'controversy' is that Comcast has stated that it wasn't tracking users' surfing habits and wasn't selling user-specific marketing data. The company further issued a guarantee that they won't do any such thing in future. http://www.theregister.co.uk/content/6/24062.html

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. BNA's Internet Law News, http://ecommercecenter.bna.com

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. Readers' submissions, and the editor's discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top