Saturday, July 28, 2012

MIRLN --- 8-28 July 2012 (v15.10)

MIRLN --- 8-28 July 2012 (v15.10) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

permalink

NEWS | RESOURCES | DIFFERENT | LOOKING BACK | NOTES

Cyber Threats Facilitate Ability to Commit Economic Espionage (GAO, 28 June 2012) - The nation faces an evolving array of cyber-based threats arising from a variety of sources. These sources include criminal groups, hackers, terrorists, organization insiders, and foreign nations engaged in crime, political activism, or espionage and information warfare. These threat sources vary in terms of the capabilities of the actors, their willingness to act, and their motives, which can include monetary gain or political advantage, among others. Moreover, potential threat actors have a variety of attack techniques at their disposal, which can adversely affect an organization's computers or networks and be used to intercept or steal valuable information. The magnitude of the threat is compounded by the ever-increasing sophistication of cyber attack techniques, such as attacks that may combine multiple techniques. Using these techniques, threat actors may target individuals and businesses, resulting in, among other things, loss of sensitive personal or proprietary information. These concerns are highlighted by reports of cyber incidents that have had serious effects on consumers and businesses. These include the compromise of individuals' sensitive personal data such as credit- and debit-card information and the theft of businesses' IP and other proprietary information. While difficult to quantify monetarily, the loss of such information can result in identity theft; lower-quality counterfeit goods; lost sales or brand value to businesses; and lower overall economic growth and declining international trade. To protect against these threats, a variety of security controls and other techniques are available. These include technical controls such as those that manage access to systems, ensure system integrity, and encrypt sensitive data. But they also include risk management and strategic planning that organizations undertake to improve their overall security posture and reduce their exposure to risk. Further, effective public-private partnerships are a key element for, among other things, sharing information about threats. Multiple federal agencies undertake a wide range of activities in support of IP rights. Some of these agencies include the Departments of Commerce, Justice, and Homeland Security, among others. For example, components within the Justice Department and the Federal Bureau of Investigation are dedicated to fighting computer-based threats to IP. In addition, both Congress and the Administration have established interagency mechanisms for better coordinating the protection of IP. Ensuring effective coordination will be critical for better protecting the economic security of America's businesses. GAO report here .

top

Social Media Moves into List of Top Risks (Insurance Networking, 3 July 2012) - Fewer than 25 percent of executives report their organizations continuously monitor risk, according to a Deloitte and Forbes Insights survey, and more than a quarter (27 percent) said the risks posed by social media would be increasingly important. "Social media wasn't even on the radar a few years ago, and we're now seeing it ranked among the top five sources of risk, on the same level as financial risk," said Henry Ristuccia, partner, Deloitte & Touche LLP and co-leader of Deloitte's Governance and Risk Management services. "The rise of social media is just another contributor to the volatile risk environment companies are being forced to navigate. The current marketplace seems to require that organizations be nimble in their risk assessment approach, whether it's dealing with what employees post on social networks, or how they're coping with regulatory changes or taking advantage of the opportunities rewarded risks can create." "We believe technology has the potential to play a breakout role in the management of risk, but many companies are still behind the curve in this area," said Mark Carey, partner, Deloitte & Touche LLP and leader of the U.S. Governance and Risk Strategies services for commercial and public sector industries. "It is encouraging, however, that more than half the respondents said their companies were planning to invest in continuous risk monitoring, and the tools that are available should not only help them with risk management overall, but also increase efficiency and decrease costs over time."

top

Federal Appeals Court Raps Bank Over Shoddy Online Security (Computer World, 5 July 2012) - A construction company in Maine may stand a greater chance of recovering some of the $345,000 it lost in fraudulent wire transfers that it blames on poor online banking practices of its bank. Patco Construction Company, based in Sanford, Maine, sued Ocean Bank, now called People's United Bank, after fraudsters made six wire transfers using the Automated Clearing House (ACH) transfer system amounting to more than $588,000 in May 2009. About $243,000 was recovered. In its suit, Patco alleged among other claims that Ocean Bank's online security was not commercially reasonable under Article 4A of the Uniform Commercial Code (UCC), a federal code governing contractual disputes that has been adopted into most U.S. states' laws. The UCC does not allow claims such as negligence, fraud and breach of contract. The code makes it potentially costly for small businesses to sue financial institutions over cybercrime-related fraud. Even if a small business wins a lawsuit, under the code the financial damages are limited only to the money stolen plus interest. In a significant twist, a three-judge federal appeals court panel found on Tuesday that Ocean Bank's online security measures were not "commercially reasonable," reversing a lower court ruling from May 2011.

top

Board Oversight and Cybersecurity - What are the Risks to Your Company? (Foley Hoag, 8 July 2012) - Does your board exercise proper oversight over cybersecurity risks? Directors and officers have fiduciary duties to protect the assets of their companies. This obligation covers digital assets, including corporate information, applications, and networks. The scope of the obligation is defined, in part, by laws and regulations that impose specific privacy and security obligations on companies. The threats to digital assets are real, and companies are increasingly grappling with how best to manage network infiltrations, denial-of-service attacks, and other cyber-threats. In this context, a new report found that while boards are engaged in risk management, the link between cybersecurity risks and enterprise risk management remains poorly understood. The report, How Boards & Senior Executives are Managing Cyber Risks , is based on a survey conducted by Carnegie Mellon CyLab . This is the third survey that CyLab has conducted and its findings reveal that, for many companies, boards do not have sufficient information to properly oversee the management of cybersecurity risks. CyLab identified the following areas as specifically lacking: * * *

top

EFF Backs Libraries in Battle Over Book Digitization (EFF, 9 July 2012) - The Electronic Frontier Foundation (EFF) has joined several national library associations in urging a federal court to find that the fair use doctrine permitted the creation of a valuable digital library. Although the case was filed long after the more famous Google Books lawsuit, Authors Guild v. HathiTrust presents a similar issue: whether digitization of books without granting full text access to the public is a legal fair use of copyrighted material. For the past seven years, major university libraries have been collaborating with Google to digitize their collections, with one result being the creation of the HathiTrust Digital Library (HDL). Via the HDL, more than 60 university and research libraries can store, secure, and search their digital collections. With the exception of some patrons who have disabilities, HDL does not allow for users to access books in their entirety - it simply does a search for keywords and delivers titles and page numbers as results. Nonetheless, the Authors Guild claims its members are due compensation in exchange for being included in the collection. In an amicus brief filed Friday, EFF and the American Library Association, the Association of College and Research Libraries, and the Association of Research Libraries argue that the copying of books for a database like the HDL is a clear case of fair use, and obviously in the public interest. "The HDL doesn't give most users whole copies of a book. Instead, libraries use the HDL to search for books titles that they should borrow or purchase for their users," said EFF Intellectual Property Director Corynne McSherry. "This is a highly detailed map - a reference tool - and doesn't take the place of book sales. This is just the kind of fair use that copyright law is supposed to protect." For the full amicus brief in The Authors Guild v. HathiTrust:
 https://www.eff.org/node/71166

top

Why The New York Times Eschews Formal Social Media Guidelines (Poynter, 10 July 2012) - Phil Corbett, The New York Times associate managing editor for standards, tells me in a phone interview why the paper chooses to have only informal social media guidelines: We have not done a very formal, detailed written policy. We've talked about it, but up until now we've made a conscious decision not to do that. Partly because we've really been encouraging our journalists over the past couple of years to embrace social media, to use it as a tool, to get comfortable with it. We think it's really important for them to do that, and we've been concerned that if on the one hand you tell all your reporters and editors "Social media is great, you really should be experimenting and getting the benefit of this great tool," but on the other hand, "Here's 27 rules that you better not violate or you're going to be in big trouble" - that's not necessarily the most effective way to encourage your journalists. … We do talk about it a lot. I talk to new people who come on board, and to reporters and editors who are getting more deeply into social media. We have social media editors and producers who are available to work with our journalists to help them and to give them advice and guidance. … But in general our message is that people should be thoughtful. They need to realize that social media is basically a public activity, it's not a private activity, and that people will know that they work for the Times, that they are Times journalists, and will identify them with the Times. And so they should just keep that in mind and be careful not to do anything on social media that would undercut their credibility. … So far this approach seems to be working for us. People have been smart about it, and thoughtful.

top

No Negligence Claim for Infringement via Shared Internet Connection (Preempted by Copyright Act) (Eric Goldman's blog, 11 July 2012) - A question that was floating around in the blogosphere was whether you can be sued for maintaining an open wi-fi connection where a third party engages in file-sharing using your connection. A district court judge in New York answered that question in the negative. (This case involved a shared internet connection, rather than open wi-fi, but this shouldn't change the result.) Liberty Media sued Whetstone and Tabora, who were roommates. Liberty alleged that Whetstone "regularly pirat[ed] copyrighted content." Liberty alleged that Tabora "knowingly participated and . . . declined to put a stop to Whetstone's [alleged infringement,] despite having had the ability to have done so." Although Liberty asserted claims for direct and contributory infringement against both defendants, it also asserted a claim for negligence against Tabora. The court says that the negligence claim against Tabora is preempted by the Copyright Act: "[t]he right that Liberty seeks to vindicate by its state law negligence claim - the imposition on one who knowingly contributes to a direct infringement by another - already is protected by the Copyright Act under the doctrine of contributory infringement." Case is Liberty Media Holdings, LLC v. Tabora & Whetstone , 12 Civ. 2234 (LAK) (S.D.N.Y.; July 9, 2012). Related EFF post here .

top

Lèse Majesté: 16th Century Censorship Meets 21st Century Law (CMLP, 12 July 2012) - When hearing the expression "lèse majesté," images of the Queen of Hearts ordering heads to be chopped off ASAP may come to mind. Marie-Antoinette, the queen who was once a "majesté" in France, herself lost her head during the French Revolution. Surely, the crime of lèse majesté is now a thing of the past? Not quite, as some monarchies still prosecute this crime. Several of the European monarchies still have lèse-majesté laws, including Norway, where prosecuting the crime can only be carried out by the king or with his consent. Article 112 of the Thai Criminal Code states that "Whoever defames, insults or threatens the King, the Queen, the Heir-apparent or the Regent, shall be punished with imprisonment of three to 15 years." The code does not define, however, what constitutes a defamation or an insult. Thailand has been enforcing its lèse majesté law quite aggressively lately. It seems that the law has been used by Thailand prosecutors to suppress political speech critical of the monarchy, particularly speech by partisans of former Prime Minister Thakshin Shinawatra, who are known as the "Red Shirts." In September 2006, a military coup d'état deseated Prime Minister Thakshin Shinawatra and dissolved the Parliament. Since 2009, the Thailand public prosecutor has filed 12 lèse majesté suits against the Red Shirts, or persons suspected of supporting them. For instance, Ampon Tangnoppakul was sentenced last November to 20 years in prison by a Thai Court, for having sent four text messages to a government official criticizing Thailand's royal family. He claimed that he never sent these messages, and that he does not even know how to send text messages. Mr. Tangnoppakul died last May while serving his sentence. He was not the only person incriminated of lèse-majesté in Thailand. Surachai Danwattananusorn, who has criticized the 2006 coup d'état, was sentenced in February 2012 to seven and a half years of prison for having insulted the monarchy. 

Journalists and bloggers are also feeling the heat. The editor of a Thai political website was sentenced in 2012 to a eight-month suspended sentence because she had not removed comments believed to be insulting to the monarchy, an offense under section 15 of the Thai Computer Crime Act.

top

Social Media and [NLRB] Law: An In-Depth Look (Constangy, 12 July 2012) - As Constangy previously reported here and here , the Acting General Counsel of the National Labor Relations Board recently issued a third memorandum specifically addressing the lawfulness of seven social media policies. The inconsistencies contained within the report, as well as its two predecessors , have left many - pundits and employers alike - scratching their heads. The good news is that the most recent report closes by providing discussion about and a copy of a policy that "passed" - from Walmart - which employers can use as a model for their own policies. Because our prior publications on the subject were relatively brief, the following is a more in-depth look at the position of the NLRB and the courts on social media policies * * *

top

FFIEC's New Cloud Info 'Disappointing' (BankInfoSecurity, 13 July 2012) - An attorney who specializes in data security issues says a cloud computing resource document that the Federal Financial Institutions Examination Council issued July 10 falls short of providing useful insights about how banks and credit unions must address privacy and security risks. In the four-page document, the FFIEC explains how banking institutions should apply existing guidance to deals they sign for outsourced cloud-based services. But Francoise Gilbert, an attorney at the IT Law Group, says the resource is far too shallow to offer banks and credit unions any real insights about precautions they should take when considering cloud computing. The FFIEC's insistence that institutions should apply the same standards to cloud providers that they apply to other service providers reveals a lack of knowledge on the part of banking regulators about the unique risks posed by cloud computing, Gilbert says. "I find this document a bit disappointing," she says. "They view cloud computing as just another form of outsourcing, and that's a far too simplistic view." The FFIEC suggests that when considering cloud computing, banks and credit unions continue to follow the same fundamental guidelines and risk strategies outlined in the FFIEC Information Technology Examination Handbook , especially the Outsourcing Technology Services Booklet . Gilbert points to separate cloud security guidelines that other agencies have issued to illustrate the shortcomings of the FFIEC's new resource. For example, guidelines issued in December by the National Institute for Standards and Technology and on July 1 by the European Commission delve more deeply into the nuances of cloud computing and offer specific risk mitigation considerations organizations should consider, she notes. "Compare what the FFIEC has issued with the guidance just issued by the European Commission," Gilbert says. "That document is nearly 30 pages long and is much more detailed about the cloud's unique risks."

top

Lawyers in Alabama Can't Use Groupon (Legal Skills Prof Blog, 14 July 2012) - According to Alabama State Bar Disciplinary Commission, Op. 2012-01 , Alabama lawyers can't use group coupon websites, because the arrangement violates ethics rules against fee-sharing with nonlawyers and the rule requiring all unearned fees to be placed in a trust account. According to the Alabama commission, use of Groupon-style programs risks violating rules on conflicts of interest, competence, diligence, and communication. These marketing websites offer consumers the opportunity to purchase goods and services at deep discounts. The websites get a percentage of every purchase. Three other state bars have reached a contrary conclusion: North Carolina, South Carolina, and New York. Indiana sides with Alabama.

top

What Social Media Do Government Officials Use Most? (Gov't Technology, 16 July 2012) - All social media platforms are not created equal in the eyes of public officials. A new survey of 164 members of the GOVERNING Exchange, an online community of government executives, finds that Facebook and LinkedIn are used most often in the workplace. Unsurprisingly, Facebook is used at home by more that 4 out of 5 government executives. The findings reveal that Pinterest - despite being only two years old - is used at home by 1 out of 5 public servants. Only 16 percent of respondents said they don't use social networks at all. Meanwhile, 17 percent said someone else manages their social media accounts.

top

Chuck Close Succeeds In Stifling A Creative Homage... But Only For Another 100 Years Or So! (TechDirt, 16 July 2012) - Chuck Close is an interesting artist. One of the most famous, most successful artists alive today, he paints giant portraits of people based on photographs. He does so by enlarging photographs, dividing up the images, and copying smaller areas square by square. The effect is quite striking. A couple years ago, there was an astoundingly fascinating interview of both Close and famed neuroscientist Oliver Sachs (who the movie Awakenings was based on) talking about how both have face blindness, in that they simply cannot recognize faces. Given that, it's interesting to see that Close's entire career is based on painting faces. Scott Blake is a long-time devoted Chuck Close fan -- and also a skilled computer artist. In 2001 he had the idea to create a "Chuck Close Filter," which would take images and turn them into something that looks like a Chuck Close image. While it took a lot of work, and was showcased at an exhibit in 2002, he said that computers weren't fast enough to make use of the filter in realtime at the time. In 2008, computers were fast enough that they could take an uploaded photo and automatically generate a "Chuck Close filtered version," so he set up a site called FreeChuckCloseArt.com . Two years later than that, Close threatened to take legal action against him. Blake has now detailed the whole thing in a long blog post . Here's the exchange between the two, though, reading the entire story (and seeing the images) is absolutely worthwhile * * * Blake notes that while he has shut down the site, he has a plan. Recognizing that eventually Close's works will go into the public domain, he's made plans for the filter to be re-released in 100 years after Close's death, on the assumption (perhaps not a good one due to extensions) that the works will be public domain by then.

top

ACLU: "Reasonable Suspicion" Not Good Enough for GPS Tracking (ArsTechnica, 17 July 2012) - If you're a student of the privacy and tech law worlds (or you just read Ars) then you're probably familiar with last year's Supreme Court decision, Jones v. United States . Earlier this year, the nine justices unanimously agreed that placing a GPS tracking device on a suspect's car without a warrant was unconstitutional. That decision continues to have ripple effects throughout the privacy law world, and likely will for years to come. However, as we pointed out in our January 2012 coverage , the justices disagreed amongst themselves about why it violated the Fourth Amendment, which protects citizens against unreasonable searches and seizures. One wing of the court found that installing the GPS device was an unwarranted physical trespass on private property and therefore illegal. The minority wing found the practice unconstitutional as it violated the doctrine known as "a reasonable expectation of privacy." In Jones , the Supreme Court found the act of installing the GPS tracking device was a Fourth Amendment search, and doing so without a warrant in that case was unconstitutional. However, the court did not consider the question of whether a warrant-and probable cause-is always required when the government uses a GPS device. In a new case, known as United States v. Robinson , the government argues that an officer's mere " reasonable suspicion " of wrongdoing is enough to justify the placement of a GPS tracking device on a suspect's car without a warrant. Earlier this year, a federal magistrate judge in Missouri agreed, allowing evidence collected by the GPS device to stand. Last week, the American Civil Liberties Union (ACLU) filed an amicus brief in the case, which is still being argued before the United States District Court in the Eastern District of Missouri. The ACLU argues that Jones bolsters its position that "[t]his Court should adhere to the Supreme Court's long-standing directive that warrantless searches are presumptively unreasonable and hold that defendant's Fourth Amendment rights were violated."

top

Paul Hastings Considers Permanent Home Offices (ABA Journal, 17 July 2012) - Wood paneling and large offices are going by the wayside at some law firms. The idea is to cut office expenses and encourage cooperation, the Wall Street Journal (sub. req.) reports. Firms embracing this 21st century design are "shrinking private offices, swapping out walls for glass, and installing high-tech meeting rooms in dead space once occupied by law libraries and filing cabinets," the story says. Lawyer offices have decreased in size by 20 percent to 25 percent, according to Matthew Barlow, executive vice president at the brokerage firm Studley Inc. Some firms, he said, are placing junior lawyers in interior space once used by administrative staffers. Typical office sizes are 225 square feet for partners, the story says, and 150 square feet for associates. In New York, however, many firms put two associates in an office. The idea was first embraced by U.K law firms. Allen & Overy opted for a "generic office size," all with soundproof glass walls, when it moved its London headquarters in 2005. Others have implemented open-plan offices where lawyers sit at workstations separated by glass partitions. Among the U.S. law firms making the change is Paul Hastings, which is planning to make the changes when its leases come up for renewal, the story says. The firm is also considering allowing some lawyers to work permanently from home.

top

Cyber-Screening, Social Media, and Fair Credit Reporting: Why We Need to Move Beyond the FTC's Recent Spokeo Enforcement Action (Anita Ramasastry, 17 July 2012) - As American employees, we are increasingly becoming aware that our current and potential employers are trawling the Internet to look for our social-media activity as a way of judging whether we should be hired or retained. Is that practice legal? As a baseline rule, it is, as long as the current or potential employer does not discriminate on protected grounds, such as race, religion, or gender. Many companies are turning to private data-collection firms as a way of getting around possible discrimination claims or problems. To do so, they are hiring data brokers or aggregation firms that can collect data and "scrub" it (for example, by removing someone's race). These companies-much like Experian, Transunion, or Equifax, which prepare traditional credit reports-are subject to the Fair Credit Reporting Act (FCRA)-a federal law that was designed to ensure that the information provided by third parties to employers or creditors is accurate, and that consumers are informed of any adverse decisions that are made about them, based on such information. Are companies that compile social-media data subject to the FCRA? Until recently, the answer was unclear, but the FTC has now made it clearer. Indeed, the FTC recently imposed a $800,000 fine against one of these social-media-data companies, Spokeo, for its failure to adhere to the FCRA when collecting social-media data and passing it on to prospective employers. In this column, I will discuss the implications of the FTC's Spokeo enforcement action, and why it is important. I will also discuss why the collection and use of social-media data is inherently different from the collection of the kind of data that has traditionally been gathered for credit-reporting purposes. This contrast means that policymakers now need to look afresh at the FCRA to see how it does, or does not, adequately address the ways in which social-media data is used to assess consumer and employee behavior.

top

Without Credit (InsideHigherEd, 18 July 2012) - The University of Washington plans to offer "enhanced" versions of the massive open online courses (MOOCs) it will develop through a partnership with Coursera, according to the university's provost. The "enhanced" versions will add a number of features designed to make them more closely resemble conventional online courses -- including more assessments, direct interaction with instructors, and the opportunity to earn a certificate that hypothetically could be redeemed for course credit. But the "enhanced" MOOCs will also come with price tags and enrollment caps. And while students might be able to redeem their completion certificates for credit toward a University of Washington degree, they could do so only if they enrolled as tuition-paying students at the university, says David P. Szatmary, the provost. Apart from residing online and on the Coursera platform, these "enhanced" and potentially credit-bearing courses will hardly qualify as MOOCs. Even as traditional universities have embraced massive free courses, those institutions have drawn a line on the matter of offering credit. Some professors send a letter of recognition to students who succeed in the free, online versions of their courses, but the universities have refrained from offering those students course credits that count toward the completion of a traditional degree. So far the only way students might redeem their success in MOOCs for formal college credit is by seeking validation through prior-learning assessment apparatuses . This despite rumors, following Monday's news of 12 new universities plotting to broadcast free versions of their highly regarded courses, that Washington was going to become the first traditional institution to take the plunge on offering course credit for its MOOCs. Washington is slated to develop 19 courses with Coursera -- covering topics in economics, business, biology and computer science -- making it the company's most ambitious partner. "[S]ome of them will offer credit," The New York Times wrote of Coursera's new partners in a widely circulated article about the company's announcement. The article cited Washington, in particular, as planning to offer university credit for its MOOCs this fall, and noted that "other online ventures are also moving in that direction." The report was the most e-mailed story on the Times 's website Monday, and the detail about Washington offering credit was parroted in several places around the Web . [Editor: See also here .]

top

It's Legal: Cops Seize Cell Phone, Impersonate Owner (ArsTechnica, 19 July 2012) - In November 2009, police officers in the state of Washington seized an iPhone belonging to suspected drug dealer Daniel Lee. While the phone was in police custody, a man named Shawn Hinton sent a text message to the device, reading, "Hey whats up dogg can you call me i need to talk to you." Suspecting that Hinton was looking to buy drugs from Lee, Detective Kevin Sawyer replied to the message, posing as Lee. With a series of text messages, he arranged to meet Hinton in the parking lot of a local grocery store-where Hinton was arrested and charged with attempted possession of heroin. Hinton wasn't Sawyer's only target. According to a court decision summing up the facts, "Sawyer spent about 5 or 10 minutes looking at some of the text messages on the iPhone; he also looked to see who had been calling. Many of the text messages that Lee's iPhone had received and stored were from individuals who were seeking drugs from Lee." So Sawyer texted one of the individuals on the list and asked him if he "needed more." The individual, Jonathan Roden, replied, "Yeah, that would be cool. I still gotta sum, but I could use some more. I prefer to just get a ball, so I'm only payin' one eighty for it, instead of two Ts for two hundred, that way." (The court helpfully explained that a "ball" is "a drug weight equivalent to approximately 3.5 grams.") But can cops legally do this with seized cell phones? When their cases went to trial, Hinton and Roden both argued that Sawyer had violated their privacy rights by intercepting, without a warrant, private communications intended for Lee. But in a pair of decisions, one of which was recently covered by Forbes , a Washington state appeals court disagreed. If the decisions, penned by Judge Joel Penoyar and supported by one of his colleagues, are upheld on appeal, they could have far-reaching implications for cell phone privacy.

top

Why Skype? Get Google Hangouts (Attorney @ Work, 20 July 2012) - Google+ is Google's effort to create a social media community. It seems like a lot of people have a Google+ account but don't really use it. There is, though, one aspect of Google+ that differentiates it from the other social media sites and it is Google Hangouts . It's my favorite part of Google+ and it has become one of my favorite means of communication-and it won't drive up your long-distance bill. Google Hangouts is similar to Skype in that it's a videoconferencing tool. With Skype, you have to pay if you want to talk to more than one person at a time, but in a Google Hangouts session, you can have up to 10 people. It has screenshare capabilities so you can share what's on your screen with everyone else. You can set up a Hangout to be public or private where you only invite select individuals to participate. Hangouts are a fantastic way to talk with multiple people in multiple places without driving up your long-distance bill. It works anywhere that you have an Internet connection and a webcam with a microphone. Here are my personal favorite five uses for Google Hangouts * * *

top

The NYT'S Bill Keller on Why We Should Defend WikiLeaks (GigaOM, 25 July 2012) - In a post on Tuesday entitled "First they came for WikiLeaks, then the New York Times ," we wrote about how there is growing evidence that Congress and the Justice Department may be considering legal sanctions against traditional journalists who publish classified information - in other words, extending the kind of legal attacks they have been making on WikiLeaks to the traditional media such as the New York Times . In an emailed response to that post, former NYT executive editor Bill Keller said he strongly agrees that an attack on WikiLeaks' right to publish such leaked documents is an implicit attack on the media as a whole, and that the mainstream media should protest any prosecution of the organization as a betrayal of the First Amendment. [Editor: for much more detail and analysis see Yochai Benkler's terrific March article on this.]

top

US Copyright Office Takes a Position on Yoga (1709 Blog, 25 July 2012) - The US Copyright Office has issued a policy explaining that Yoga positions and poses are not covered by S102 of the US Copyright Act as they are neither dramatic works nor choreographic works - and most certainly are not musical, artistic or literary works. The policy explains "[W]hile such a functional system or process may be aesthetically appealing, it is nevertheless uncopyrightable subject matter. A film or description of such an exercise routine or simple dance routine may be copyrightable, as may a compilation of photographs of such movements. However, such a copyright will not extend to the movements themselves, either individually or in combination, but only to the expressive description, depiction, or illustration of the routine that falls within a section 102(a) category of authorship. You can read the Copyright Office's full Statement of Policy here and here .

top

Service of Process, 2.0 (CMLP, 26 July 2012) - The judicial system in the United States has kept up with technological change in many ways. We have electronic filing, websites for federal courts, and Internet streaming court coverage. But there is one way that courts have not been as quick to adapt electronically - service of process. Last month, the U.S. District Court for the Southern District of New York denied a request to allow service of process via social networking site (in this case, Facebook). The case, Fortunato v. Chase Bank U.S.A., involved Chase Bank's attempts to locate and serve process on a third-party defendant who fraudulently charged up multiple credit cards and gave a false physical address. The judge called the request "unorthodox," and found that Chase Bank had not given the court "a degree of certainty" about the defendant's alleged Facebook profile and the email address attached to that profile that would ensure that the defendant would receive and read the notice. However, the judge did allow for alternative service by general publication in local newspapers. The inclusion of methods of service recognized under state law widens the range of options, but electronic service remains outside of the norm. That said, when traditional methods of service have failed, courts may permit "alternative service of process." In 1950, the Supreme Court in Mullane v. Central Hanover Trust set forth the standard for alternate service of process when "due diligence" had been exhausted to serve a defendant: "To be sure, the Constitution does not require any particular means of service of process, only that the method selected be reasonably calculated to provide notice and an opportunity to respond." The United States has in fact allowed for electronic service of process as an alternative, but exclusively in the international context. Fed. R. Civ. P. 4(f)(3), which governs service internationally, allows for international service "by other means not prohibited by international agreement, as the court orders." A 2002 Ninth Circuit decision, Rio Properties, Inc. v. Rio International Interlink , discussed international email service's inherent pros and cons, stating that constitutional principles of notice and opportunity to respond "unshackles the federal courts from anachronistic methods of service and permits them entry into the technological renaissance." Other countries are also recognizing electronic service of process. In 2008 a judge in Australia authorized service of a default judgment to defendants via Facebook after multiple failed attempts to effectuate service, including in person and via email. Other countries soon followed suit allowing alternative service of process via email or Facebook private message, including New Zealand , Canada and most recently, the United Kingdom .

top

Showcasing Academic Technology (InsideHigherEd, 27 July 2012) - Faculty and staff from the University of Minnesota accomplished what some might consider a near-miracle of publishing: they turned blank pages into a 317-page book in 10 weeks. E-book, that is. Since the book -- Cultivating Change in the Academy: 50+ Stories from the Digital Frontlines at the University of Minnesota in 2012 -- is online, its producers could circumvent some of the cost and time associated with print publishing. Ann Hill Duin, a professor of writing studies at the University of Minnesota-Twin Cities and one of the book's three editors, elicited the help of colleagues to produce the book, which addresses advances in academic technology. The book was released to the University of Minnesota Digital Conservancy, along with its complementary WordPress site, this month. The book addresses four overarching topics -- ideas for transforming teaching methods, solutions to specific classroom problems, examples of campus leaders providing direction and support for these efforts, and ways the university is spreading its innovation off campus. It includes chapters on web-based problem-solving coaches for physics students, using disc jockey vernacular to encourage instructors to "remix" education by combining instructional materials, concepts or areas of expertise, and developing instructional videos geared toward multilingual students needing help with American academic English.

top

RESOURCES

ABA Compendium on Cloud Ethics Opinions (ABA's LTRC, 11 July 2012) - Comprehensive index of various States' ethics opinions on lawyers' use of cloud computing services.

top

DIFFERENT

When Art, Apple and the Secret Service Collide: 'People Staring at Computers' (Wired, 12 July 2012) - Maybe an email, or a phone call from Apple. Instead, my first indication that something was "wrong" was a real-life visit from the organization best known for protecting the President of the United States of America. They rang the doorbell a few times. It woke me up, and I tried to ignore it. There were always kids playing with the doorbells in our apartment building. But the kids don't normally shout, "this is the Secret Service, open the door," so I took that as my cue to get out of bed. * * * [Editor: pretty interesting discussion of using public-space computers to take photos of people in public spaces as part of an art project. I saw something similar in an Amsterdam museum last summer. The activities of law enforcement were very interesting. All in all, a good read if you've got 20 minutes.]

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

NET CLEARINGHOUSE FOR CREATIVES (Wired, 15 May 2002) -- An Internet clearinghouse seeks to counteract the barriers to creativity that its founders believe current copyright protection law fosters. The Creative Commons, a nonprofit organization based at Stanford University and formed by legal scholars and Web publishers, will encourage authors and other creative people to donate selected writings, music, video and other works for free exchange. A documentary filmmaker needing a shot of the New York skyline could use the clearinghouse to find royalty-free footage. Or a small-town orchestra with limited funding could find pieces to perform for free. Currently, a filmmaker or orchestra director must track down a copyright holder, obtain permission and often pay royalties. Projects may never take off if copyright holders won't license their works. Copyright holders who choose to participate in the Commons may set general conditions such as allowing royalty-free use only in noncommercial settings, but they won't be able to veto individual projects. Users would be able to search for digital and physical materials at creativecommons.org. Spearheading the effort is Stanford law professor Lawrence Lessig, a prominent scholar who complains that the current strict legal interpretation of intellectual property rights frequently stifles the type of sharing that spurs innovation. The Creative Commons seeks to counteract that tendency. Molly S. Van Houweling, the project's executive director, said the clearinghouse is ideal for start-up bands and lesser-known authors who want their works more widely heard or read. More established creators, meanwhile, may wish to donate their works so that noncommercial projects could succeed, she said. Contributors retain copyrights on their works. They can still sell them -- for instance, they can offer them through the project royalty-free for noncommercial use but charge others independent of the Commons. The Creative Commons has raised nearly $900,000, mostly from the Center for the Public Domain, a nonprofit foundation. http://www.wired.com/news/culture/0,1284,52562,00.html

top

AIR FORCE SEEKS BETTER SECURITY FROM MICROSOFT (USA Today, 10 March 2002) -- A top U.S. Air Force official has warned Microsoft to dramatically improve the security of its software or risk losing the Air Force as a customer. In an interview, Air Force chief information officer John Gilligan revealed he has met with senior Microsoft executives to tell them the Air Force is "raising the bar on our level of expectation" for secure software. Since being named Air Force CIO in November, Gilligan, who controls a $6 billion-a-year technology budget, also has met with executives from Cisco Systems and delivered a similar message at a handful of industry forums. "We just can't afford the exposures, and so those who give us better solutions, that's where we're going to put our business," Gilligan says. Gilligan, former Energy Department CIO, has discussed security most often with executives at Microsoft. "They are the biggest supplier to the Air Force, and my attempt has been to encourage them to set an example," he says. http://www.usatoday.com/life/cyber/tech/2002/03/11/gilligan.htm

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. The Benton Foundation's Communications Headlines

11. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

Saturday, July 07, 2012

MIRLN --- 17 June – 7 July 2012 (v15.09)

MIRLN --- 17 June - 7 July 2012 (v15.09) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

permalink

NEWS | PODCASTS | LOOKING BACK | NOTES

The "Bring Your Own Device" to Work Movement (Littler, May 2012) - We are pleased to share with you Littler's Report on the 2012 Littler Initiative entitled The "Bring Your Own Device" to Work Movement. The Report analyzes the challenges employers will face over the next 1 to 3 years as more and more employees use personal devices to perform work. For some companies, a BYOD or "Bring Your Own Device" policy may be the right response. [Editor: A thorough, actionable analysis of the various legal and technological issues, co-authored by Mike McGuire. The entire report is here .]

top

Ethics Opinion Warns Lawyers About Perils of Unintentional Juror Contact During Online Research (ABA Journal, 5 June 2012) - Lawyers may research potential and sitting jurors on Facebook and other social media sites, but communications with jurors should be avoided, according to a new ethics opinion. The opinion by the New York City Bar Association's Committee on Professional Ethics notes that it's not always easy to discern whether a visit to a website will result in a communication. The opinion says it is unethical for lawyers or those working on their behalf to make juror friend requests, a finding that is in accord with a recent opinion by New York County Lawyers' Association. But the City Bar opinion sets out to address a broader issue: what constitutes a prohibited ex parte communication with a juror. According to the opinion, the ban on communication is violated not only through friend requests, but also when the lawyer is aware that his or her review of the juror's comments, pages or posts will be disclosed to the juror. In addition, a violation might occur even if the communication to the juror is inadvertent or unintended. "In the social media context, due to the nature of the services, unintentional communications with a member of the jury venire or the jury pose a particular risk," the opinion says. "For example, if an attorney views a juror's social media page and the juror receives an automated message from the social media service that a potential contact has viewed her profile-even if the attorney has not requested the sending of that message or is entirely unaware of it-the attorney has arguably 'communicated' with the juror." Although the relevant rule appears to bar even inadvertent communication, the ethics committee takes no position on whether such a communication would in fact be a violation.

top

- and -

California Draft Opinion on Lawyers' Use of Social Media (June 2012) - ISSUE: Under what circumstances would an attorney's postings on social media websites be subject to professional responsibility rules and standards governing attorney advertising? DIGEST: Material posted by an attorney on a social media website will be subject to professional responsibility rules and standards governing attorney advertising if that material constitutes a "communication" within the meaning of rule 1-400 (Advertising and Solicitation) of the Rules of Professional Conduct of the State Bar of California; or (2) "advertising by electronic media" within the meaning of Article 9.5 (Legal Advertising) of the State Bar Act. The restrictions imposed by the professional responsibility rules and standards governing attorney advertising are not relaxed merely because such compliance might be more difficult or awkward in a social media setting.

top

Banks: Hackers More Aggressive In Attacking Customer Accounts (Computerworld, 14 June 2012) - A survey of large financial institutions shows they faced more attacks by hackers to take over customer banking accounts last year than in the two previous years, and about a third of these attacks succeeded. The total number of attacks to try and break in and transfer money out of hacked customer accounts was up to 314 over the course of 2011, according to the Financial Services Information Sharing and Analysis Center (FS-ISAC), which released findings of its survey of 95 financial institutions and five service providers. That's an increase from 87 attacks against bank accounts in 2009 and 239 in 2010. FS-ISAC is the group that coordinates on security issues with the Department of Homeland Security. The survey was conducted by the American Bankers Association. Increasingly, banks are extending strong authentication to their customers to prevent successful takeovers of accounts by hackers, whose strategy is often to use malware to take control of the computer of someone authorized to make payments or other high-dollar transfers related to corporate accounts. These authentication methods can take many forms. United Bank & Trust, located in Ann Arbor, Mich., for instance, increased security for customers through a method that automatically phones the customer making an online funds transfer to verify the details about the transaction before it's executed.

top

- and -

U.S. Critical Infrastructure Cyberattack Reports Jump Dramatically (Dark Reading, 29 June 2012) - U.S. critical infrastructure companies saw a dramatic increase in the number of reported cyber-security incidents between 2009 and 2011, according to a new report from the U.S. Industrial Control System Cyber Emergency Response Team (ICS-CERT). In 2009, ICS-CERT fielded 9 incident reports. In 2010, that number increased to 41. In 2011, it was 198. Of those 198, seven resulted in the deployment of onsite incident response teams from ICS-CERT, and 21 of the other incidents involved remote analysis efforts by the Advanced Analytics Lab. Incidents specific to the water sector, when added to those that impacted multiple sectors, accounted for more than half of the incidents due to a larger number of Internet-facing control system devices reported by independent researchers, according to the report. All totaled, ICS-CERT performed 17 onsite assessments during 2009, 2010 and 2011, including seven last year. The most common attack vector for network intrusion was spear-phishing, which accounted for seven of the 17 incidents. "Sophisticated threat actors" were tied to 11 of the incidents, with the goal in several cases being the theft of data. "No intrusions were identified directly into control system networks," the report states. "However, given the flat and interconnected nature of many of these organization's networks, threat actors, once they have gained a presence, have the potential to move laterally into other portions of the network, including the control system, where they could compromise critical infrastructure operations." Tellingly, in 12 of the 17 cases, implementing of security best practices such as login limitations and properly configured firewalls could have deterred the attack, minimized the time it took to detect it or reduced its impact, ICS-CERT reports.

top

Analysis: You Can Record Cops, Even In Private (ArsTechnica, 19 June 2012) - In the past year, two different appeals courts have ruled that recording the actions of police officers in public places is protected by the First Amendment. A new legal analysis argues that the right to record the actions of law enforcement is also protected by the Constitution's due process clause. This right can apply even in non-public settings.

The paper is written by Glenn Reynolds, best known as the author of the Instapundit blog. He has a day job as a law professor at the University of Tennessee, and he co-authored the paper with attorney John Steakley.

top

Google Documents Government Snooping (ReadWriteWeb, 20 June 2012) - Google disclosed government requests for user data in the latest installment in its Transparency Report . The report documents an upward trend in requests that Google itself finds "troubling." For this fifth installment of the interactive report, Google added the ability to view aggregated court orders and other requests across all countries . From July to December 2011, governments requested information on 28,562 user accounts worldwide. This number covers requests for user information and blog post or video take-downs and includes Google's rate of compliance. The U.S. government submitted 6,321 requests for data, of which Google fulfilled more than 90% at least partially. The federal government also lodged 187 requests for blog and video takedowns.

top

The Chilling Effects On Innovation Caused By Bad Copyright Law (TechDirt, 20 June 2012) - We've talked a few times about how attacks on new innovations in the name of protecting copyright can create massive chilling effects. For example, the increasingly questionable arguments against Megaupload have created a real chill for online cloud storage providers. That was likely manifest last week in the news that Dropbox was killing off its "public folders" feature in deference to its link feature, basically making the product less useful. Matt Schruers, from CCIA has an interesting blog post up which ties actions like those done by Dropbox here with a new study showing how the chilling effects of bad copyright law can impact innovation . The full study (pdf) is actually something of a follow up to an earlier study we wrote about, which showed how good judicial rulings on copyright which allowed for greater innovation (such as the Cablevision ruling , which allowed cloud-based DVRs to exist) contributed directly to greater funding of innovation. 

This new study, also by Harvard professor Josh Lerner, highlights the unfortunate opposite impact: the chilling effects on investment in innovation that comes as a result of anti-innovation judicial rulings.

top

Whose Intellectual Property? (InsideHigherEd, 21 June 2012) - Over the last 30 years, universities have become increasingly aggressive about securing the rights to faculty intellectual property (IP) that is patentable and thus potentially profitable. The operative distinction in many current policies is between faculty IP that can be protected by copyright, versus IP that is patentable. In a major new 100,000-word report issued this month -- Recommended Principles & Practices to Guide Academy-Industry Relationships -- the American Association of University Professors argues that this distinction is not grounded in any rational analysis of the nature of faculty research and productivity. It is essentially an opportunistic maneuver to gain administrative control over IP that may be income producing. We urge that the administrative distinction between ownership of copyrightable and patentable intellectual property be abandoned. Faculty members should have primary authority over the disposition of all their IP, subject to legal and contractual restrictions and subject to principles articulated by campus faculty collectively.

top

The Public Domain: Surveillance in Everyday Life (BeSpacific, 21 June 2012) - Alice Marwick. Surveillance & Society, Vol 9, No 4 (2012): "People create profiles on social network sites and Twitter accounts against the background of an audience. This paper argues that closely examining content created by others and looking at one's own content through other people's eyes, a common part of social media use, should be framed as social surveillance. While social surveillance is distinguished from traditional surveillance along three axes (power, hierarchy, and reciprocity), its effects and behavior modification is common to traditional surveillance. Drawing on ethnographic studies of United States populations, I look at social surveillance, how it is practiced, and its impact on people who engage in it. I use Foucault's concept of capillaries of power to demonstrate that social surveillance assumes the power differentials evident in everyday interactions rather than the hierarchical power relationships assumed in much of the surveillance literature. Social media involves a collapse of social contexts and social roles, complicating boundary work but facilitating social surveillance. Individuals strategically reveal, disclose and conceal personal information to create connections with others and tend social boundaries. These processes are normal parts of day-to-day life in communities that are highly connected through social media."

top

OSC Sends a Stern Warning About Reading Employees' Emails (NextGov, 21 June 2012) - In a fiercely worded bid for whistleblowers' rights, the Office of Special Counsel released a memo Wednesday to all executive departments and federal agencies strongly urging them to evaluate their policies on monitoring employee emails and other communications. "Agency monitoring specifically designed to target protected disclosures to the OSC and inspectors general is highly problematic," Special Counsel Carolyn Lerner wrote in the memo . "Such targeting undermines the ability of employees to make confidential disclosures." The memo doesn't mention any agency or case by name, but the Food and Drug Administration is under investigation for alleged monitoring of employee correspondence with OSC, members of Congress and the news media. As early as 2009, FDA whistleblowers seeking to report on their agency's lax approval processes for medical devices were being unlawfully watched and reprimanded by management, according to the National Whistleblowers Center.

top

Technology and the First Amendment (MLPB, 21 June 2012) - Christopher S. Yoo, University of Pennsylvania Law School & University of Pennsylvania Annenberg School for Communication, University of Pennsylvania School of Engineering and Applied Science, has published Technologies of Control and the Future of the First Amendment at 53 William & Mary Law Review 747 (2011). Here is the abstract: "The technological context surrounding the Supreme Court's landmark decision in FCC v. Pacifica Foundation allowed the Court to gloss over the tension between two rather disparate rationales. Those adopting a civil libertarian view of free speech could support the decision on the grounds that viewers' and listeners' inability to filter out unwanted speech exposed them to content that they did not wish to see or hear. At the same time, Pacifica also found support from those who more paternalistically regard indecency as low value (if not socially harmful) speech that is unworthy of full First Amendment protection. The arrival of filtering technologies has introduced a wedge between those who supported the constitutionality of indecency regulations out of a desire to enhance individual autonomy and those who wish to restrict speech in order to promote a particular vision of the public good. At the same time, commentators on the political left have begun to question whether continued support for the classic liberal vision of free speech may be interfering with the advancement of progressive values. This Article offers a qualified defense of the libertarian vision of free speech. Deviating from the civil libertarian view would require a revolution in doctrine and would contradict the postulate of independent moral agency that lies at the heart of liberal theory. Although some suggested institutions for ascertaining the idealized preferences that individuals ought to have could justify allowing the government to override individuals' actual preferences, such an approach is all-too reminiscent of the Rousseauian notion of being "forced to be free" and has never been accepted by the Supreme Court. Finally, claims that private censorship presents risks commensurate with public censorship fail to address the fact that liberal theory presupposes the existence of a private sphere into which the state cannot intrude, as well as the long tradition recognizing the special dangers associated with the coercive power of the state. Moreover, the rationales upon which the Supreme Court has relied to justify overriding individual preferences in broadcasting and cable have been undermined by technological change."

top

Scholarship Roundup: A Guide to the Legislative History of the America Invents Act (PatentlyO, 22 June 2012) - One of the challenges of working with the Leahy-Smith America Invents Act stems from its legislative history, which is scattered through more than five years of Congressional materials. To address this challenge, Joe Matal, Judiciary Committee Counsel to Senator Jon Kyl, recently published a comprehensive guide to the legislative history of the AIA in the Federal Circuit Bar Journal. Matal's compendium provides both a history of the Congressional discussion leading up to the AIA as well as a roadmap to the relevant legislative materials, linking them to particular provisions of the AIA and explaining how to locate each source. Part I addresses the portions of the AIA that relate to applications before a patent issues, while Part II deals with the portions that apply after a patent is granted. Paper here .

top

German University to Stream Subtitled Lectures (DW, 25 June 2012) - German is not easy - international students often have trouble understanding their professors. But a German university is trialing software to translate and subtitle lectures. International students at the Karlsruhe Institute of Technology (KIT) in western Germany may soon only need to turn on their laptops to understand their professors - a new program is will automatically transcribe lecture and translate them into English. The result will appear almost simultaneously on the student's computer screen, like subtitles on a film. The translation is to be streamed live on the Web, and will avoid the need for students to install any special software. The subtitles will be available to view on any browser. In addition to the live stream, students will also be able to view any Powerpoint presentation in English.

top

Client Secrets at Risk as Hackers Target Law Firms (WSJ, 25 June 2012) - Think knowing how to draft a contract, file a motion on time and keep your mouth shut fulfills your lawyerly obligations of competence and confidentiality? Not these days. Cyberattacks against law firms are on the rise, and that means attorneys who want to protect their clients' secrets are having to reboot their skills for the digital age. Lawyers sling millions of gigabytes of confidential information daily through cyberspace, conducting much of their business via email or smartphones and other mobile devices that provide ready access to documents. But the new tools also offer tempting targets for hackers, who experts say regard law firms as "soft targets" in their hunt for insider scoops on mergers, patents and other deals, as WSJ detailed in this Monday's Law Journal. "The challenge is not the laptop, the iPad or whatever," said Carlos Rodriguez, manager of network infrastructure and security for the Midwestern law firm Lathrop & Gage LLP. "The challenge is protecting the data… the smaller the firm gets, the more difficult it gets for them to put the proper controls and to educate the firm."

top

The Future of Predictive Coding - Rise of the Evidentiary Expert? (BullsEye Blog, 26 June 2012) - Ponder these mind-boggling statistics, courtesy of the ABA 2012 Litigation Section Annual Conference: Some companies estimate that for every 340,000 pages of information preserved for litigation, only 1 is actually used. In addition, discovery comprises approximately 50% of the cost of litigation. Like a dog chasing its own tail, technology has been forced to generate new solutions to deal with the escalating costs and burdens associated with legal review of massive amounts of electronically stored information. Welcome to computer-assisted document coding and review, sometimes better known by the legal industry as predictive coding. Thanks in part to three cases that have recently emerged on predictive coding, ( Da Silva Moore , Kleen Products, LLC , and Global Aerospace Inc. ), this relatively novel technique is now garnering recognition, and in one seminal case, judicial approval. In the ground-breaking case of Da Silva Moore v. Publicis Groupe , Case No. 11-cv-01279 (S.D.N.Y. April 26, 2012) the U.S. District Court for the S.D. of New York became the first court to officially approve the use of predictive coding as an acceptable way of reviewing electronically stored documents in certain cases. Although definitions can differ , what is commonly referred to as predictive coding - perhaps more appropriately called computer-assisted document coding and review - is a human-driven, human-supervised technique of utilizing computer technology to review, analyze, and process large sets of electronically stored data for relevance, privilege, priority, issue-relation, or other thematic patterns. According to a report submitted at the ABA 2012 Litigation Section Annual Conference, predictive coding involves the development of decision-making criteria which is based upon a training set, and then applied to a larger body of data for the purpose of making predictions. At the heart of predictive coding lies the concept of "supervised learning," defined as "an algorithm that learns from human decisions and then has the ability to apply those decisions to new data."

top

Protecting False Reputations and Valuing Free Speech (MLPB, 26 June 2012) - John A. Humbach, Pace University School of Law, has published Privacy Rights: The Virtue of Protecting a False Reputation. Here is the abstract: What is the virtue of protecting a false reputation? The thesis of this paper is that there is none. There is none, at least, that justifies the suppression of free speech. Yet, there is a growing trend to see the protection of reputation from truth as a key function of the so-called "right of privacy." 

Unfortunately, people often do things that they are not proud of or do not want others to know about. Often, however, these are precisely the things that others want or need to know. For our own protection, each of us is better off being aware of the negative or less-than-flattering qualities of others with whom we deal. 

The things that people say about each other are protected by the Constitution as much as any other form of expression. The Supreme Court has recognized repeatedly that the judgment embodied in the First Amendment is that the benefits of a free flow of information outweigh the costs and that those who speak truthfully cannot be made to do so at their peril. Therefore, disclosures of truthful information cannot, in the name of "privacy," be constitutionally subjected to after-the-fact governmental determinations that they were not justified, unnecessary or even a crime. 

Perhaps there are things that it is better for us not to see or hear. But the assumption of the First Amendment is that government should not be deciding these limitations on the free flow of information or what speech is important enough to be "worth it." If, in the name of protecting privacy or reputations, government agencies can decide after the fact what is and is not legitimate negative information, self-censorship will abound and valuable information will suffer.

top

Comcast Pays $800,000 to U.S. for Hiding Stand-Alone Broadband (GigaOM, 27 June 2012) - The Federal Communications Commission has settled with Comcast over charges that the cable company made it hard for consumers to find stand-alone broadband packages that don't cost an arm and leg. As part of the settlement Comcast paid the U.S. Treasury $800,000 and the FCC extended the length of time Comcast had to provide such a service. The cable provider was ordered by the agency to provide access to "a reasonably priced broadband option to consumers who do not receive their cable service from the company" under the Commission's Order approving the Comcast-NBCU transaction in 2010. To further show its ire with Comcast, the FCC also said Comcast would have to provide the stand-alone reasonable broadband-only package for another year - until February 21, 2015. From the FCC release: "Under the order the Commission required Comcast to offer standalone broadband services on terms equivalent to packages that bundle broadband and video cable service. Comcast was ordered to offer a broadband service with a download speed of at least 6 mbps at a price no greater than $49.95 for three years. The Commission also prohibited Comcast from raising prices on the required broadband service for two years. Finally, Comcast had to "visibly offer and actively market" standalone broadband Internet access service to highlight the availability of this special service and other standalone broadband services."

top

SWAT Team Throws Flashbangs, Raids Wrong Home Due To Open Wifi Network (ArsTechnica, 28 June 2012) - The long-standing, heavily documented militarization of even small-town American police forces was always going to create problems when it met anonymous Internet threats. And so it has, again-this time in Evansville, Indiana, where officers acted on some Topix postings threatening violence against local police. They then sent an entire SWAT unit to execute a search warrant on a local house, one in which the front door was open and an 18-year old woman sat inside watching TV. The cops brought along TV cameras, inviting a local reporter to film the glorious operation. In the resulting video, you can watch the SWAT team , decked out in black bulletproof vests and helmets and carrying window and door smashers, creep slowly up to the house. At some point, they apparently "knock" and announce their presence-though not with the goal of getting anyone to come to the door. As the local police chief admitted later to the Evansville Courier & Press , the process is really just "designed to distract." (SWAT does not need to wait for a response.) Officers break the screen door and a window, tossing a flashbang into the house-which you can see explode in the video. A second flashbang gets tossed in for good measure a moment later. SWAT enters the house. But the family in the home was released without any charges as police realized their mistake. Turns out the home had an open WiFi router, and the threats had been made by someone outside the house. Whoops. So the cops did some more investigation and decided that the threats had come from a house on the same street. This time, apparently recognizing they had gone a little nuts on the first raid, the police department didn't send a SWAT team at all. Despite believing that they now had the right location and that a threat-making bomber lurked within, they just sent officers up to the door.

top

FOIA Request Forces DOJ to Reveal National Security Letter Templates (ArsTechnica, 28 June 2012) - As the result of a Freedom of Information Act request filed by the American Civil Liberties Union, the Department of Justice has revealed, for the first time, the types of secret letters that the government can send out to ISPs and other tech companies being asked to reveal personal data about their users and customers who are being investigated for national security reasons. In 2009, over 6,000 Americans received such National Security Letters (NSLs). According to the Wall Street Journal , the "letters show that the FBI is now informing people who receive the letters how they can challenge the documents in court. But some key elements of the letters remain blocked from view-including lists of material the FBI says companies can send in response to the letter." Most commonly, government investigators request names and addresses associated with phone and Internet records. There are also some especially broad requests, including "electronic communications transactional records," and "Internet activity logs." However, it remains unclear exactly what those terms mean, and how companies comply or don't comply with such requests is also a mystery. "You are hereby directed to provide the Federal Bureau of Investigation (FBI) the names, addresses, and length of service and electronic communications transactional records, to include existing transaction/activity logs and all electronic mail (e-mail) header information, for the below listed [e-mail/IP] address holder(s): [e-mail/IP address or addresses] [on a specific date] or [For the period from [specific date] to [specific date][present]," the template states . The newspaper also reported that exactly what information is disclosed to federal authorities is not usually made public. In requests for comment, Verizon and AT&T said they did not comment on national security matters, while Google and Twitter said they merely comply with "valid legal process," but that they would notify users of such requests whenever possible. Facebook, interestingly, has taken a much more narrow interpretation of the law. "We interpret the national security letter provision as applied to Facebook to require the production of only two categories of information: name and length of service," said Fred Wolens, a public policy spokesman for the social networking giant, as quoted by the WSJ.

top

New European Guidelines to Address Cloud Computing (NYT, 1 July 2012) - The European Commission's panel on privacy is expected on Monday to endorse the concept of cloud computing as legal under the Continent's privacy law and to recommend for the first time that large companies and organizations police themselves to assure that personal information kept in remote locations is protected. The panel, known as the Article 29 Working Party, is expected to make the recommendation as part of its long-awaited guidelines on cloud computing, which have the potential, some industry experts say, to allay concerns over data privacy and pave the way for wider adoption of the remote-computing services that are more common in the United States.

top

Social Media is the Message for Olympics (NYT, 2 July 2012) - At the Olympic Games in London, set to begin this month, the official motto of "swifter, higher, stronger" will be supplemented by a new label. If some marketers, fans and athletes have anything to say, these Games will be the first Social Media Olympics - the "Socialympics," as some are calling them. Even the Olympic movement, which sometimes steps into the future with great caution, has warily accepted the idea. * * * All this sharing and connecting has also created some new headaches. There is grumbling, for instance, about the restrictions that the organizers of the Games have imposed on this most freewheeling of media formats. [T]he guidelines include provisions for social media, detailing what marketers may and may not do. Among the banned actions are the use of certain word combinations in social media content: Nonsponsors have been warned not to try putting, say, "twenty-twelve" and "gold" in the same tweet. Athletes and spectators face restrictions, too. Neither will be permitted to post video footage of sporting events to online forums. Participants are allowed to post on blogs or Twitter, but the postings must be in a "first-person, diary-type format and should not be in the role of a journalist," the guidelines state. "They must not report on competition or comment on the activities of other participants or accredited persons, or disclose any information which is confidential or private in relation to any other person or organization," the rules say.

top

CRS - Federal Laws Relating to Cybersecurity: Discussion of Proposed Revisions (BeSpacific, 4 July 2012) - "For more than a decade, various experts have expressed increasing concerns about cybersecurity, in light of the growing frequency, impact, and sophistication of attacks on information systems in the United States and abroad. Consensus has also been building that the current legislative framework for cybersecurity might need to be revised. The complex federal role in cybersecurity involves both securing federal systems and assisting in protecting nonfederal systems. Under current law, all federal agencies have cybersecurity responsibilities relating to their own systems, and many have sector-specific responsibilities for critical infrastructure. More than 50 statutes address various aspects of cybersecurity either directly or indirectly, but there is no overarching framework legislation in place. While revisions to most of those laws have been proposed over the past few years, no major cybersecurity legislation has been enacted since 2002." CRS report here .

top

NOTED PODCASTS

Push: Law, Law School, Technology, and Fear (unknown author? posted 29 June 2012) - [Editor: terrific impassioned 6min video about lawyers' too-slow uptake of technology, and the inertia of FUD.]

top

Anya Kamenetz on Who Can Learn Online, and How? (Berkman podcast, 25 June 2012; 64 minutes) - Much of the conversation around the new wave of online education startups has focused on what they mean for the incumbent institutions, from for-profit online universities to the traditional Ivy League. But what about what they mean for learners? Who is currently succeeding in open learning contexts? What are the missing pieces of the ecosystem - from discovery, to peer support, to mentoring, to assessment - that will allow the most severely underserved learners to succeed in this new learning environment? Anya Kamenetz - senior writer at Fast Company Magazine, and author of two books and two ebooks about the future of education - discusses who online learning serves, and how.

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

DISTRIBUTED COMPUTING CASE ENDS WITH PROBATION (The Register, 18 Jan. 2002) -- A sys admin who installed distributed computing software on computers at an American college has been sentenced to probation. This may seem harsh but David McOwen, the former BOFH at the state run DeKalb Technical College in Georgia, can consider himself fortunate - since the authorities brought charges against him that might have sent him to jail. McOwen has been given a year of probation and a $2,100 fine for linking up college PCs to Distributed.net, a communal code breaking network that takes advantage of spare computing cycles to crack codes. Since February 2000, McOwen has been the target of a "computer trespass" investigation and then prosecution. Last autumn McOwen was charged with one count of computer theft and seven counts of computer trespassing (one for each of the school offices where McOwen downloaded the distributed.net client), Newsbytes reports. He faced a fine of $400,000 and the prospect of prison if convicted at a criminal trial, which was due to take place later this month. Under the terms of the deal, announced yesterday, McOwen will receive one year of probation for each criminal count, to run concurrently, make restitution of $2100, and perform 80 hours of community service unrelated to computers or technology. McOwen will have no felony or misdemeanor record under Georgia's First Offender Act. "David never should have been prosecuted in the first place, but we're glad that the state decided to stop," said senior staff attorney Lee Tien of the Electronic Frontier Foundation (EFF), which campaigned on his behalf. "This is a very good result for David. He very likely could have won if the case had gone to trial, but trials cost money and you never know what will happen," Tien added. The case, which turned on whether McOwen had fair notice that installing the Distributed.net client software was prohibited, has taken a heavy toll on the sys admin. He resigned from his job at DeKalb soon after the school threatened him. Last August he was fired from his next job at Cingular Wireless because of the bad publicity surrounding the case. The issue raised by McOwen's prosecution isn't an isolated one. Last year, the Tennessee Valley Authority banned the SETI@home program from its computers, declaring it a risk to computer security. http://www.theregister.co.uk/content/4/23737.html

top

MIT DREAMS OF NEWFANGLED ALEXANDRIAN LIBRARY (LinuxWeek, Nov 2002) -- The Massachusetts Institute of Technology is developing a digital library called Dspace that it hopes will encompass virtually the entire intellectual output of its scholars and researchers. A joint venture between MIT and Hewlett-Packard is using open source software to create a super-archive to save trillions of bytes worth of digital information covering everything from recordings of classroom lectures and experiments to brain scans, surveys of the ocean floor and monitorings of interstellar space. MIT now wants to create a worldwide federation of universities using Dspace to make their content available to all Internet-connected devices. Under development since 1998, Dspace already contains a thousand items totaling over 2 terabytes of data - comparable to the hard-disk memory of 200 PCs. HP kicked in a $1.8 million grant to launch the project but stands to gain millions of dollars in new business if other universities join the Dspace federation. By comparison, the Library of Congress is estimated to contain 20 terabytes of data excluding pictures. http://www.sys-con.com/linux/articlenews.cfm?id=250 and http://news.com.com/2100-1001-964488.html?tag=lh {Editor in 2012: compare Universal Access to All Knowledge (Long Now Foundation; Brewster Kahle; 94 minutes), from MIRLN 14.17 ]

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. The Benton Foundation's Communications Headlines

11. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top