MIRLN --- 29 July - 18 August 2012 (v15.11) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)
- Servicing Settlement Means More Oversight of Foreclosure Law Firms
- YouTube's Face-Blurring Technology Enables Anonymity
- 4th Circuit Limits the Reach of the Computer Fraud and Abuse Act
- Rhode Island Repeals Law Criminalizing False Speech Online
- NIST Updates Computer Security Guides
- How Fair Use Can Help Solve the Orphan Works Problem
- Who's Tweeting? Lawmakers Don't Say
- Twitter Usage Soaring: Lawyers Need to Get on Board
- ABA Survey Shows Growth in Lawyers' Social Media Use
- 10 Tips to Keep Social Networking in Line With ABA Ethics
- On Reconsideration, Illinois Judge Holds Blog Is Protected By Shield Law
- Judge Posner: Embedding Infringing Videos Is Not Copyright Infringement, And Neither Is Watching Them
- Insurance May Provide Little Relief For Knight Capital Losses
- Counting Votes 2012: A State by State Look at Election Preparedness
- Lawyers Have Duty to Stay Current on Technology's Risks and Benefits, New Model Ethics Comment Says
- Online Marketing, Including Lead Generation, Is Addressed in Changes to ABA Ethics Rules
- OCLC Recommends Open Data Commons Attribution License (ODC-BY) for WorldCat Data
- Google Records Show Book Scanning was Aimed at Amazon
- Court Reporting Goes Digital
- Need an Update on the Economy? There is an App for that
- California Publishes New Ethics Opinion on Virtual Law Offices
- Police Cameras Quietly Capture License Plates, Collect Data
- Your Car, Tracked: The Rapid Rise Of License Plate Readers
- Getting Ahead of Privacy Risk
- NIST: How to Prepare for and Respond to a Certificate Authority Breach
- Sixth Circuit Rules That Pinging a Cell Phone to Determine Its Location is Not a Fourth Amendment "Search"
- Google Improves Patent Search With Prior Art Finder, Adds Millions Of European Patents
- Progressive Car Insurance's "Snapshot" Experiment: Should Consumers Be Wary of Being Individually Tracked While Driving?
- Indiana Bar Introduces Business School For Lawyers
- Who's Reading Your Research? Academia.edu Adds Analytics Dashboard So Scholars Can See
- Denmark Approves Use of Microsoft Cloud Service
- ITU Seeks Public Input on the Future of Internet Regulation
- No Fourth Amendment Violation When Your Facebook "Friend" Shares Profile Information With Law Enforcement
Servicing Settlement Means More Oversight of Foreclosure Law Firms (HousingWire, 12 March 2012) - The $25 billion mortgage servicing settlement means more due diligence work for servicers when assessing the work of law firms and other third parties assisting with foreclosures and bankruptcies. The national mortgage servicer settlement involving the nation's top five mortgage servicers shows firms taxed with ensuring that all law firms, trustees, subservicers and other third parties handling foreclosure or mortgage servicing activities are in line with best practices outlined in the settlement agreement. Servicers are required to survey the firm's qualifications, practices, information security for document handling and financial viability, according to settlement documents. [Editor: I'm including this older story because of the emphasized language, which a banking lawyer drew to my attention last weekend. He indicated that they are beginning a comprehensive review of outside law firms cybersecurity capabilities.]
YouTube's Face-Blurring Technology Enables Anonymity (EFF, 24 July 2012) - YouTube recently unveiled a new face blurring tool that lets users choose to conceal every face in a video they have uploaded. This is a commendable step towards fostering anonymous speech on the Internet. Activists around the world rely on being able to speak freely through online media, including video, while hiding their own identities for fear of persecution. Such a tool would allow for crucial footage to be seen and dialogue to be heard-all without risking visual recognition. Though the tool is not perfect, YouTube has noted that they hope to improve the technology to allow more targeted, accurate blurs. For an-indepth analysis of the tool, see this detailed post from WITNESS .
4th Circuit Limits the Reach of the Computer Fraud and Abuse Act (Eric Goldman's blog, 28 July 2012) - We've blogged about the Computer Fraud and Abuse Act being stretched by plaintiffs in civil (particularly employment) cases. The Ninth Circuit in Nosal recently gave the statute a more limited interpretation, although it left some things unclear. (Here's our blog post on the Nosal en banc panel opinion: " Comments on the Ninth Circuit's En Banc Ruling in U.S. v. Nosal .") The Fourth Circuit recently followed Nosal's approach and went one step further. Both of these rulings make it much more difficult for employers to use the Computer Fraud and Abuse Act against departing employees. Case is WEC Carolina Energy Solutions LLC v. Miller, et al. , 2012 WL 3039213 (4th Cir.; July 26, 2012)
Rhode Island Repeals Law Criminalizing False Speech Online (CMLP, 30 July 2012) - In my four years in Providence, I undoubtedly told some white lies online. Of those I can easily remember, I have sent a message on Facebook claiming I was sick to get out of a party I had no interest in going to, though I was perfectly healthy; emailed a show's director that I'd be late to rehearsal because of a study group conflict when in fact I had brunch plans with some friends; and entered my height in heels into a Google spreadsheet as 5'4" when I know that could only true in my dreams. Little did I know that under Rhode Island General Laws § 11-52-7(b) (on computer crime), I was committing a misdemeanor every time and could have been subject to a $500 fine and/or imprisoned for a year each time. Fortunately, as I return to the area for visits, I will no longer have to worry about what I type, as this law was repealed by the Rhode Island General Assembly this June. With United States v. Alvarez , No. 11-210, 567 U.S. __ (2012), decided just days after the repeal, it's impossible not to consider how the repeal also shows a society that places value in protecting false speech. Furthermore, in the wake of Alvarez, had § 11-52-7(b) remained and been subject to a facial challenge, it would likely be found unconstitutional.
NIST Updates Computer Security Guides (Information Week, 30 July 2012) - The National Institute of Standards and Technology has released updated guidance on how federal agencies and businesses can deal with network attacks and malware. The advice comes in the form of two publications that have been revised to reflect the latest in security best practices: NIST's Guide to Intrusion Detection and Prevention Systems and Guide to Malware Incident Prevention and Handling for Desktop and Laptops . The agency is seeking public comments on the draft publications before releasing them in final form. This is the first revision to the intrusion detection and prevention system (IDPS) guide since its original release in February 2007. The most substantive changes are in the areas of mobile devices and wireless networking, including the emergence of the 802.11n wireless standard.
How Fair Use Can Help Solve the Orphan Works Problem (BeSpacific, 31 July 2012) - paper by Jennifer M. Urban - University of California, Berkeley - School of Law, June 18, 2012. Berkeley Technology Law Journal, Vol. 27, 2012. UC Berkeley Public Law Research Paper No. 2089526: "Many works that libraries, archives, and historical societies, among others, would like to digitize and make available online are "orphan works," that is, works for which the copyright holder either is unknown or cannot be located after a diligent search. Encountering orphan works can be stymieing because the lack of an owner means that there is no way to obtain permission to use them. While Congress nearly passed legislation to deal with the orphan works problem in 2008, its ultimate failure to enact this bill has left those who possess orphan works in limbo. Because of the risk of high statutory damages if an owner later shows up, nonprofit libraries and similar institutions have been reluctant to digitize these works and offer them to the public. The orphan status of these works thus creates a barrier to access to important cultural and historical information despite recent improvements in digitization technologies that could bring these works out of obscurity and make them much more widely useful. As such, there is international consensus that the "orphan works problem" must be addressed. This Article argues that legislation is not necessary to enable some uses of orphan works by nonprofit libraries and archives. Instead, the fair use doctrine in United States copyright law provides a partial solution. The Article addresses three basic questions: first, does fair use provide a viable basis on which libraries might digitize orphans? Second, does fair use provide a viable basis on which to make these orphans available to patrons or the public? Third, more generally, can or should fair use do any additional work in infringement analysis where the copyrighted work in question is an orphan?"
Who's Tweeting? Lawmakers Don't Say (TheHill.com, 1 August 2012) - Most lawmakers do not disclose whether they write their own tweets, according to a review of lawmaker Twitter bios by The Hill, which also finds that most members likely use a ghostwriter. While 84 percent of House lawmakers and 93 percent of senators are on Twitter, few follow President Obama's example in personally signing or tagging their tweets, an indication that would highlight the tweet's authenticity. Only 14 members of the House and 12 senators include a line in their bios that indicate whether a tweet is written by the lawmaker or a member of his or her staff. Those numbers include two accounts that put "press" in their Twitter account name and five that credit the account to "the office of" the lawmaker. Only two members of Congress follow Obama's lead in pledging to sign their tweets with their initials when they send them personally: Sens. Patty Murray (D-Wash.) and Bernie Sanders (I-Vt.).
Twitter Usage Soaring: Lawyers Need to Get on Board (Kevin O'Keefe, 2 August 2012) - Per a recent Internet study done by Pew Research Center Twitter use continues to soar: Some 15% of online adults use Twitter as of February 2012, and 8% do so on a typical day. Although overall Twitter usage has nearly doubled since the Pew Research Center's Internet & American Life Project first asked a stand-alone Twitter question in November 2010, the 15% of online adults who use Twitter as of early 2012 is similar to the 13% of such adults who did so in May 2011. At the same time, the proportion of online adults who use Twitter on a typical day has doubled since May 2011 and has quadrupled since late 2010 -at that point just 2% of online adults used Twitter on a typical day.2 The rise of smartphones might account for some of the uptick in usage because smartphone users are particularly likely to be using Twitter. (emphasis added)
- and -
ABA Survey Shows Growth in Lawyers' Social Media Use (Robert Ambrogi, 16 August 2012) - News flash: More lawyers are using social media! OK, we all knew that. But it's always nice to see some numbers that give us a sense of where we are. The recently published 2012 ABA Legal Technology Survey Report on web and communication technology does that. The survey is based on invitations to participate sent to 12,500 ABA-member lawyers in private practice. Of those, 823 completed the questionnaires, from which the results were tabulated. (One has to wonder whether limiting the survey to ABA members skews the results.) Overall, the survey showed increases in lawyers' blogging, use of the social networks LinkedIn and Facebook, and use of the microblogging site Twitter. Here are some of the findings * * *
- and -
10 Tips to Keep Social Networking in Line With ABA Ethics (Robert Ambrogi on LTN, 7 August 2012) - There's trouble in social media, with a capital "t" and that rhymes with "e" and that stands for ethics. For legal professionals, social media offer a powerful and economical set of tools for marketing, research, networking, collaboration and more. But as with any emerging media, there are uncharted pitfalls as well. Ethics and social media will be front and center at the American Bar Association's annual meeting this month in its hometown, Chicago. The ABA's House of Delegates - its governing body - will consider the recommendations of the ABA Commission on Ethics 20/20, which has proposed revisions to the Model Rules of Professional Conduct to address changes in technology. (See "Too Late & Too Little," by Michael Arkfeld, page 45, and "ABA to Tackle Technology Issues," by John Barkett bit.ly/LTN812e .) Meanwhile, staying out of trouble when using social media is not difficult, provided you are aware of the dangers, and use some common sense.
On Reconsideration, Illinois Judge Holds Blog Is Protected By Shield Law (CMLP, 2 August 2012) - On a motion for reconsideration, an Illinois trial judge who held in January that the technology news blog TechnoBuffalo.com was not protected by Illinois' reporter's shield law ( 75 Ill. Comp. Stat. §§ 5/8-901 - 8-909 ) has reversed himself, holding now that "within the present definitions under the Act, this Court must find TechnoBuffalo is a news medium, its employees are reporters, including the employee who wrote the article at issue, and TechnoBuffalo is protected by the Illinois reporter's privilege." New ruling here .
Judge Posner: Embedding Infringing Videos Is Not Copyright Infringement, And Neither Is Watching Them (TechDirt, 3 August 2012) - Recently we've seen a number of cases, both civil and criminal, brought against websites that involve either links or embeds of videos hosted elsewhere. UK student Richard O'Dwyer is facing extradition and criminal charges for hosting a site that did exactly that. But, as many of us have wondered in the past, how is such a site infringing at all? After all, the videos themselves were uploaded by other people to other sites. The streaming occurs from those other servers. The embed just points people to where the content is, but it does that neutrally, no matter what the content might be. A few months ago, we wrote about how the MPAA had jumped into a copyright infringement appeal involving porn producer Flava Works against a video "bookmarking" site called MyVidster. The MPAA argued that links and embeds are infringing, in support of a questionable district court ruling against MyVidster. The appeals court ruling has now come out, written by Judge Posner * * *. Posner goes into great detail about how MyVidster's linking and embedding features don't even come close to infringing. They're not infringement and they're not contributory infringement. He goes through a pretty accurate description of how embedding works, and why MyVidster is separate from the uploading/hosting/streaming. But then he notes that those watching the videos aren't even infringing, so there isn't even any infringement for MyVidster to contribute to. This ruling makes it clear that watching embedded videos is not infringing and then neither is hosting the embed code . While limited to the 7th Circuit, this ruling could still be quite handy in a number of other cases, including O'Dwyer's and the Rojadirecta case, which also involves embedded videos. Eric Goldman is a bit more skeptical of the impact of the ruling, arguing that Posner reasoning isn't particularly clear (well, he calls it a "train wreck.") [Editor: The EFF lauds the ruling - see here .]
Insurance May Provide Little Relief For Knight Capital Losses (Reuters, 4 August 2012) - As Knight Capital Group Inc struggles for survival after massive trading losses it said were caused by bad software, there seems to be little chance it can rely on insurance to save the day. Knight lost as much as 80 percent of its market value on Wednesday and Thursday and said it would have to raise money after a glitch in software it installed on Tuesday triggered a cascade of mistaken trades that wiped out $440 million of its capital. While details of Knight's coverage are unclear, its hopes for some sort of insurance recovery for its losses hinge in part on whether the buggy code was written by a Knight employee or came from a third-party vendor. Representatives for Knight did not respond to messages for comment on what, if any, insurance coverage the firm has for the situation. Insurance brokers say that if the code came from a third party, the vendor would likely have software errors and omissions insurance, designed to protect its customers from any fault in the vendor's programming. There is no guarantee that the vendor had coverage, though, and the software company's insurer would probably require it to eat a huge portion of the loss upfront. If Knight developed the software itself, brokers say that could potentially be covered under the firm's professional liability policy, though some insurance lawyers say that coverage is unlikely to cover such a huge loss. Either way, the scale of the loss points to an ongoing problem for financial companies in a world of high-frequency trading, ever changing technology demands from customers and regulators, and the difficulty of insuring these companies.
Counting Votes 2012: A State by State Look at Election Preparedness (CountingVotes.org, August 2012) - On Election Day, Nov. 6, the stakes will be high. A number of critical races will be very close, and some might be decided by very few votes. At the same time, it is highly likely that voting systems will fail in multiple places across the country. In fact, in every national election in the past decade, computerized voting systems have failed - machines haven't started, machines have failed in the middle of voting, memory cards couldn't be read be read, votes were mistallied or lost. Our elections are so complex, with so many different jurisdictions and varying technologies, that problems are inevitable. And, as the technology used for elections has become more complicated, the opportunity for error has substantially increased. This report reviews how prepared each state is to ensure that every eligible voter can vote, and that every vote is counted as cast. Because we cannot predict where machines will fail during the upcoming national election, every state should be as prepared as possible for system failures. The Verified Voting Foundation, the Rutgers Law School Constitutional Litigation Clinic and Common Cause surveyed states' voting equipment and ranked the states according to their preparedness. The rankings are based on how states compare to a set of best practices already being used in some places. The report ranks states from worst to best (inadequate, needs improvement, generally good, good and excellent) in these five areas of evaluation: * * *. Report here .
Lawyers Have Duty to Stay Current on Technology's Risks and Benefits, New Model Ethics Comment Says (ABA Journal, 6 August 2012) - Lawyers can't be Luddites, according to changes to the model ethics rules approved Monday by the ABA House of Delegates. Some of the changes approved by the House update the ABA Model Rules of Professional Conduct to acknowledge that information is stored digitally as well as in paper files, clients communicate electronically as well as by phone calls, and email isn't the only method of electronic communications. But the technology-related amendments go further, requiring lawyers to keep current on more than just changes in the law. Lawyers also have a duty to keep abreast of the benefits and risks associated with technology, according to new commentary language added to Rule 1.1 on the duty to provide competent representation. ( Click here (PDF) to see all of the amendments added to all of the model rules at this year's annual meeting.) A different change explores lawyer's obligations when they receive metadata-information that is embedded in electronic documents. New commentary says lawyers who receive metadata have a duty to notify the sender if they know or reasonably know that the metadata was inadvertently sent. The language does not address the issue of whether lawyers can take a look at that metadata, however. The proposed resolution outlining the changes, along with amendments to the resolution, are posted online . They were proposed by the ABA Commission on Ethics 20/20, which was appointed in 2009 to study the impact of technology and globalization on the legal profession. The resolution is one of six changes to model ethics rules adopted by the House. Other changes * * *
- and -
Online Marketing, Including Lead Generation, Is Addressed in Changes to ABA Ethics Rules (ABA Journal, 6 August 2012) - Online marketing tools for lawyers are addressed in revisions to the ABA Model Rules of Professional Conduct approved Monday by the ABA House of Delegates. When do online discussions give rise to duties to prospective clients? May a lawyer generate leads through Groupon? What type of online communications are impermissible solicitations? The changes, outlined in Resolution 105B , are designed to provide additional guidance. They include:
• A change in wording to Model Rule 1.18 on duties to prospective clients is intended to make clear that the rule may apply even in the absence of an oral discussion. According to new commentary, duties may arise if a lawyer invites the prospective client to submit information about possible representation without sufficient warnings or cautionary statements.
• A comment to Rule 7.2 says lawyers may pay for "lead generation" services, including Internet-based client leads, as long as certain safeguards are followed. According to the comment, the lead generator should not vouch for the lawyer's credentials or abilities, nor should it create the impression that it is making the referral without payment, or has determined the appropriate lawyer based on an analysis of the possible client's legal problems. A report to the House of Delegates says the change is intended to address new marketing methods such as those provided by Legal Match, Total Attorneys, Groupon, and Martindale-Hubbell's Lawyers.com.
• Amendments to Rule 7.3 governing solicitation of clients clarify when a lawyer's online communications are solicitations. According to new commentary, a lawyer's communications constitute a solicitation when the lawyer offers to provide, or can be reasonably understood to be offering to provide, legal services to a specific person.
OCLC Recommends Open Data Commons Attribution License (ODC-BY) for WorldCat Data (OCLC, 6 August 2012) - OCLC is recommending the Open Data Commons Attribution License (ODC-BY) for member institutions that would like to release their library catalog data on the Web. This open data license provides the means for users to share WorldCat-derived data in a manner that is consistent with the cooperative's community norms defined in the "WorldCat Rights and Responsibilities." Data can be freely shared subject only to attribution and OCLC's request that those making use of WorldCat derived data conform to the community norms.
Google Records Show Book Scanning was Aimed at Amazon (PaidContent, 6 August 2012) - Google has so far spent more than $180 million on book scanning and, at the outset of the project, one of its stated goals was to keep web searchers away from Amazon. These are among the details set out in a new court filing by the Authors Guild, which is locked in a long-running case over the search giant's decision to digitize libraries. The filing points to internal Google documents in an attempt to show that the scanning was an overtly commercial project, and that the scanning was not a fair use as Google is claiming. In a 2003 internal Google presentation described in the filing, the company stated "[we want web searchers interested in book content to come to Google not Amazon." As annotated by the Authors' Guild, the 2003 Google presentation also said "[e]verything else is secondary … but make money." (The presentation was filed under seal so the context of the remark is unclear).
Court Reporting Goes Digital (Lawyerist.com, 9 August 2012) - Indiana courts just went all-digital for hearing records, trading transcription for digital video recording. Why? It's cheaper - and better, too, if well implemented. After all, court reporters aren't perfect, and even a perfect transcript doesn't tell the whole story. Added Justice Michael McDonald, who was instrumental in pioneering the transition to digital recording in Kentucky over 30 years ago: "The court reporter's transcript is the rankest of hearsay; you're just trusting she hears it correctly." Apparently, Kentucky has been doing this since the 80s, so although Indiana may still count as an early adopter, video is hardly cutting edge.
Need an Update on the Economy? There is an App for that (Reuters, 9 August 2012) - In an effort to give economists, policy makers, business owners and everyday citizens greater access to real-time data on the health of the U.S. economy, the Census Bureau on Thursday launched its first mobile app. The America's Economy app provides constantly updated statistics on key economic indicators, lets users set alerts for when new data will be released and makes it easy to share that data on Facebook Inc and Twitter. "The release of this app is an example of our commitment to giving taxpayers faster and easier access to the statistics we produce, including the Economic Census, that impact the lives of all Americans," Census Bureau Director Robert Groves said. The Census Bureau said the app offers the real-time statistics that are driving business hiring, sales and production decisions. The app is currently available for Google Inc's suite of Android-powered smartphones and tablets and will come to Apple Inc's iPhone and iPad in the coming weeks. The initial release of the app covers 16 economic indicators, including the unemployment rate, GDP and construction spending, compiled from data from the U.S. Commerce Department's Census Bureau, the Bureau of Economic Analysis, and the U.S. Department of Labor's Bureau of Labor Statistics. The app is part of the Census Bureau's broader Web Transformation Project. The agency has also made strides to improve the search and navigation capabilities on its website, and it opened up its census data to developers last month to spur innovative new platforms. The Census Bureau said it would release two more apps over the next few months.
California Publishes New Ethics Opinion on Virtual Law Offices (VirtualLawPractice.com, 9 August 2012) - The State Bar of California has published its formal ethics opinion on virtual law offices, No. 2012-184 . The opinion requires that the lawyer conduct due diligence in selecting the technology but also that he or she "conduct periodic reassessments of all of these factors to confirm that the VLO vendor's services and systems remain at the level for which she initially contracted, and that changes in the vendor's business environment or management have not negatively affected its adequacy". The opinion also states that the lawyer consider whether or not to provide disclosure of the use of the technology and receive consent from the client. Cal. State Bar Formal Opn. No. 2010-179 regarding data security is cited as a resource along with several other ABA opinions and resources related to technology and third-party storage of law office data. This ethics opinion is unique because it focuses a significant amount of text on the issues of competency in online delivery and authentication of online client identity.
Police Cameras Quietly Capture License Plates, Collect Data (Minneapolis Star, 10 August 2012) - Police in Minnesota and across the country are increasingly using small car-mounted cameras to scan thousands of license plates and pinpoint -- in real time -- stolen vehicles, suspended drivers and criminals. Those same cameras also record the time, date and location of every car they see and store the information. That disturbs privacy advocates, who want more details about the cameras and are calling for standards to govern how police classify and retain plate-reader data. Without a state law, departments in Minnesota are free to set their own policies on how long they keep the information. The State Patrol deletes location data after 48 hours, St. Paul police erase it in 14 days and Minneapolis retains it for a year. Minneapolis cops captured data on 805,000 license plates in June alone, and 4.9 million so far this year. When a Star Tribune reporter requested data on his own license plate under Minnesota's open records law, the Minneapolis Police Department responded with a list of dates, times and coordinates of his car that illustrated his daily routine . Over the course of a year, cameras in squad cars logged him heading to work on W. Franklin Avenue at 8:07 a.m. one day, returning home on Portland Avenue S. at 6:17 p.m. on another, and parking three times late at night outside a friend's house in Uptown. Police had captured the car's license plate seven times.
- and -
Your Car, Tracked: The Rapid Rise Of License Plate Readers (ArsTechnica, 15 August 2012) - Tiburon, a small but wealthy town just northeast of the Golden Gate Bridge, has an unusual distinction: it was one of the first towns in the country to mount automated license plate readers (LPRs) at its city borders-the only two roads going in and out of town. Effectively, that means the cops are keeping an eye on every car coming and going. The scanners can read 60 license plates per second, then match observed plates against a "hot list" of wanted vehicles, stolen cars, or criminal suspects. LPRs have increasingly become a mainstay of law enforcement nationwide; many agencies tout them as a highly effective "force multiplier" for catching bad guys, most notably burglars, car thieves, child molesters, kidnappers, terrorists, and-potentially-undocumented immigrants.
Getting Ahead of Privacy Risk (Compliance Week, 13 August 2012) - Compliance Week held another of our editorial roundtables last week in Atlanta, this time to talk about every compliance executive's biggest headache these days: privacy regulation. Or at least, we started the conversation talking about privacy regulation. First came the usual complaints about the complex, and even contradictory, privacy regimes that various nations can impose on the modern global corporation. "Be very afraid any time you do anything in the European Union," one person warned; another griped about South Korea. Germany's notorious works councils were mentioned more than a few times. All par for the course when you let a group of compliance officers uncork about global privacy issues. Then, however, we got to the good stuff: how a company's own corporate structure may or may not help manage privacy and data security risks. We went around the table, each person offering one big concern at his or her company. "I wonder whether we know how handle data ethically," one attendee said. "I mean, I don't believe we're doing anything wrong. I just wonder if we're doing things intelligently." This is where privacy risk for compliance officers truly lies. The problem isn't that laws or regulations in specific countries might be too burdensome; it's that your own corporate structure might not let you talk about privacy risks to others in the corporation at all, no matter what the laws are. Maybe your IT systems are so loose that the marketing team can launch a new campaign using cheap cloud computing service, without ever telling you that they're collecting data on scads of consumers. ("We're a marketing company," one attendee quipped. "We don't do well with mandates.") Maybe the audit committee has assigned privacy risks to the compliance department, but data security rests with the IT department, and the CIO never tells you that he needs to cut the budget next year by 20 percent. Maybe a business unit manager overseas can hire his own legal counsel and taps a dunderhead with no sense. Those are just a few possible scenarios above. Whatever the circumstance might be, the threat is that the compliance officer is powerless to make people think about privacy so they'll try to prevent problems in the first place-and if you don't have that awareness, the risks have a funny way of coming to pass.
NIST: How to Prepare for and Respond to a Certificate Authority Breach (DarkReading, 13 August 2012) - The federal government's National Institute for Standards and Technology (NIST) has issued its first-ever guidelines for government agencies and private-sector businesses to protect themselves in the wake of the breach of their digital certificate authorities. A wave of certificate authority (CA) breaches during the past year-and-a-half -- including the Flame malware's abuse of a Microsoft digital certificate -- has been a wake-up call for many organizations. The reality is that many organizations in both the public and private sector don't have a detailed accounting of their digital certificates, their CAs, or who within their organizations "own" those certs. NIST's new "Preparing for and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance" guidelines bulletin, which it co-authored with Venafi, was in direct response to concerns about how a CA breach could affect agencies and businesses. NIST recommends that organizations ensure their CA is "secure," whether it's an internal or external authority. That means security best practices and regular third-party audits. And if a CA suffers an "impersonation" attack or one of its Registration Authorities is compromised, it should have clear-cut emergency revocation response in place: "The CA must revoke the certificates and inform the organizations identified as subjects in the fraudulent certificates and all potential relying parties that might rely on those certificates. If a CA system compromise or signing key theft occurs, the CA's certificate(s) must be revoked by any CAs that have issued certificates to it, all subjects that the compromised CA has issued certificates to must be notified that they will require new certificates, and all possible relying parties must be notified," according to the guidelines published by NIST.
Sixth Circuit Rules That Pinging a Cell Phone to Determine Its Location is Not a Fourth Amendment "Search" (Volokh Conspiracy, Orin Kerr, 14 August 2012) - The decision handed down this morning is United States v. Skinner , and it was 2-1 on the Fourth Amendment merits. The defendant used a pre-paid cell phone obtained by providing false identity information (also known as a " burner ") to communicate with co-conspirators as he brought a motor home filled with marijuana from Arizona from Tennessee. Agents learned the cell phone number that the defendant was using and obtained a court order requiring the cell phone company to disclose location information of the phone to the agents. The government used the location information to track the car for three days, eventually catching up to the car at a rest stop in Texas. Local police brought out a dog to sniff for marijuana; the dog alerted for the presence of drugs inside; and the search of the car revealed 1,100 pounds of marijuana inside. The majority opinion by Judge Rogers concludes that the defendant did not have a reasonable expectation of privacy in the location that his cell phone was broadcasting. The court's opinion relies on several different strands of Fourth Amendment law. Perhaps the major rationale is this: Cell phones work by broadcasting location, and an expectation of privacy based on a misunderstanding of how the technology works cannot be reasonable.
Google Improves Patent Search With Prior Art Finder, Adds Millions Of European Patents (TechCrunch, 14 August 2012) - Google today expanded its search coverage for patents by adding millions of documents from the European Patent Office to Google Patents. Google's patent search tool went live all the way back in 2006, but only featured U.S. patents until now. In addition, the company also added a "Prior Art Finder" feature to Google Patents that automatically scans the web, Google Patents, Google Scholar and Google Books for key phrases from a patent's text. You can insert your own joke about prior art and the ongoing Samsung v. Apple lawsuit here, but this is obviously a pretty useful tool for somebody who is trying to understand how novel a patent really is. In today's announcement, Google engineering manager Jon Orwant notes that the company hopes that "this tool will give patent searchers another way to discover information relevant to a patent application, supplementing the search techniques they use today." He also stresses that Google will refine and extend this feature as its engineers and algorithms learn how to better analyze patent claims.
Progressive Car Insurance's "Snapshot" Experiment: Should Consumers Be Wary of Being Individually Tracked While Driving? (Justica.com, by Anita Ramasastry, 14 August 2012) - We are all used to being charged insurance premiums that are based on risk ratings. We know that we are being put into categories for health, medical, auto, or life insurance, based on some of our own characteristics. But we also know that we are being lumped in with other policyholders-some of whom might be sicker, older, or otherwise "riskier" than we are. Our insurance rates are based in part on our own attributes, but they are also based on those of the other people in our "pool." Insurance is a complex business and our premiums are calculated based on a great deal of statistical modeling. But in this column, I'll address a simple question: Would it be better if insurance companies could calculate risk individually and thus customize a policy? Or, put another way, would it be better if we could each be a statistical pool of one? This solution may seem appealing: Low-risk types such as better drivers seeking car insurance, or triathletes seeking health insurance, would be offered lower premiums based on their lower personal risk. This is the type of new approach that Progressive Car Insurance ("Progressive") is now putting to the test. Progressive has developed a tool to track individual drivers' behavior. Once the results are in, drivers will be offered insurance at a rate based on how they perform when behind the wheel. Progressive's CEO has called this new pilot program, known as "Snapshot," an "evolution" and "a meaningful start toward personalized insurance pricing based on real-time measurement of your driving behavior-the statistics of one." In this column, I will discuss the new trend towards Usage-Based Insurance (UBI), highlighting Snapshot. I will also discuss some of the privacy concerns that may arise from this type of tracking. In particular, I'll explore how the use of GPS-tracking in the rental-car context has led policymakers to express concerns-concerns that, in turn, may lead to limits on the types of UBI that will be permitted in the marketplace.
Indiana Bar Introduces Business School For Lawyers (Indiana Lawyer, 15 August 2012) - The business versus profession debate has been raging since Ted Waggoner became a lawyer in 1978 and probably had been going on long before then. Waggoner, a partner at Peterson Waggoner & Perkins LLP in Rochester, remembered some small-firm attorneys at that time began describing themselves as business owners while the elders insisted the practice of law was a profession, not a business. Having practiced in a small firm his entire career, Waggoner highlighted his pragmatic stance by asking, how will a law firm make payroll if it is not a business? The Business Law Section of the Indiana State Bar Association is addressing the growing need among lawyers to know good business practices like payroll, inventory, accounting and advertising in order to keep their firms open. In conjunction with Butler University's College of Business Executive Education Office, the Business Law Section is offering a five-seminar Business School for Lawyers.
Who's Reading Your Research? Academia.edu Adds Analytics Dashboard So Scholars Can See (InsideHigherEd, 15 August 2012) - Academia.edu , a social network for scholars, is unveiling a new feature today that its founder Richard Price hopes will help address part of the "credit gap" for research. Academia.edu allows users to upload and share their research papers, and the site is launching today its Analytics Dashboard for Scientists that Price says will let scholars see the "real-time impact" of their work. Academic publishing has long been a black-box in terms of both who's reading and who's citing. Publishing in journals may be expected (required, even), but the delays in the publishing process can make it challenging to ascertain how much influence work has. "It typically takes about 3 to 5 years for citations to actually appear back in the process," argues Price, pointing to the lengthy time between researching, writing, peer-reviewing, and publishing. That's part of the problem with services like Google Scholar that do offer citation counts, Price contends. And certainly the new feature available on Academia.edu echoes Google Analytics more than Google Scholar. You can see the pageviews on your papers; you can see the keywords that led people to them; you can see where those viewers come from. The latter only gives details about the country of origin - enough for scholars to be able to tout the global reach of their work. It would be interesting to see more granular information - which city, which university even - but Price says there are certain privacy concerns before offering those sorts of details.
Denmark Approves Use of Microsoft Cloud Service (Steptoe, 16 August 2012) - Denmark has approved a Danish institution's request to use a U.S.-based cloud computing solution for the processing of its employees' personal data. After reviewing Microsoft's policies and processor agreement with regard to the company's Office 365 cloud solution, Denmark's Data Protection Agency (DPA) judged the program to be consistent with Danish and European Union privacy law. This decision marks the first time the DPA has deemed a U.S.-based cloud computing solution to be in compliance with the requirements of Denmark's Personal Data Act (which implements the EU Data Protection Directive) and stands in contrast with the DPA's decision last year to reject a city's request to use Google's cloud computing service to store personal data.
ITU Seeks Public Input on the Future of Internet Regulation (Infoworld, 16 August 2012) - The United Nations' International Telecommunication Union (ITU) has called for a public consultation on a draft document ahead of a December meeting to finalize a new treaty for regulation of the Internet, it said Wednesday. The ITU published on its website the draft version of the document that will be discussed during the upcoming World Conference on International Telecommunications (WCIT) in Dubai. People can express their views and opinions on the content of the draft document or any other matter related to WCIT, the ITU said in a statement . The conference in Dubai is a global conference that will aim to sign a treaty to define the general principles for the provision and operation of international telecommunications networks around the world, the ITU said. The consultation will remain open until Nov. 3 and the inputs will be made available to all member states, ITU said. ITU's plan has already run into some opposition. The U.S. House of Representatives, for instance, has raised concerns that the meeting in December will include proposals that aim to restrict the Internet. The draft document has, for example, a clause that proposes to grant all national authorities the right to impose taxes on all incoming and outgoing telecommunications traffic and Internet traffic termination fees. The House of Representatives unanimously voted against the ITU plan earlier this month and stated the Internet does not need new international regulations, saying that such regulations could be devastating to Internet freedom and economic development. Civil liberties groups have raised similar concerns .
No Fourth Amendment Violation When Your Facebook "Friend" Shares Profile Information With Law Enforcement (Eric Goldman's blog, 16 August 2012) - Colon moved to suppress evidence seized from his Facebook account pursuant to a warrant. He did not contest the finding of probable cause, but he took issue with the government's methods used to procure evidence in support of its showing of probable cause. The government used a cooperating witness who was "friends" with Colon on Facebook and who provided Colon's information (pictures or posts?) that supported the warrant application. (Friends is in quotes because obviously this wasn't a very friendly thing to do). Colon argued that the government's procurement of information in this way violated his Fourth Amendment rights. The court says that there is no Fourth Amendment protection in publicly posted information. On the other hand, if users post content to social networking sites "using more secure privacy settings, [this] reflect[s] the user's intent to preserve information as private" and may engender Fourth Amendment protection. Colon's Facebook profile did not fall into the second category. His profile allowed his friends to view a list of all his other friends, "as well as messages and photographs that Colon and others posted to Colon's profile." Because the privacy settings allowed Colon's friends to view materials posted to his Facebook account, the court says there was no Fourth Amendment violation. US v. Meregildo , No. 11 CR 576 (WHP) (S.D.N.Y.; Aug 10, 2012)
LOOKING BACK - MIRLN TEN YEARS AGO
(note: link-rot has affected about 50% of these original URLs)
BID TO OUTLAW DNA TROPHY HUNTERS (The Observer, 3 March 2002) -- Stealing DNA material must be made a crime to prevent celebrities facing demands from blackmailers who learn their secrets from snatched samples, a U.K. government body will recommend. Advances in technology now mean that DNA traces can be taken from a chewed pen top or a coffee cup from which someone has drunk. These can be tested without the victim knowing to reveal potentially embarrassing information about their parentage, medical history or, potentially, such traits as alcoholism or aggression. The Human Genetics Commission (HGC) will urge Ministers in a report next month to outlaw obtaining samples by deceit or testing them. The new law would protect ordinary patients as well as public figures from finding their material used in medical trials without their consent. It would also stop parents secretly testing their own children to check whether a partner has been unfaithful. http://www.observer.co.uk/uk_news/story/0,6903,660991,00.html
VERIZON'S COPYRIGHT CAMPAIGN (CNET, 27 August 2002) -- The copyright wars on Capitol Hill have begun to drift into the political equivalent of trench warfare, with Hollywood and the music industry pitted against hardware makers, electronics manufacturers, and ragtag activists at nonprofit groups. Now consumers have a powerful new ally. Verizon and other telecommunications giants have ordered their phalanx of lobbyists to oppose the entertainment industry's demands for new copyright laws. The company is also fighting the Recording Industry Association of America's request for information about a subscriber. So at the center of the copyright scrum, you'll find Sarah Deutsch. The 41-year-old Deutsch, a vice president and associate general counsel at Verizon, represented her employer during the negotiations over the World Intellectual Property Organization (WIPO) copyright treaties and the Digital Millennium Copyright Act (DMCA). These days, she is marshaling the opposition to proposals in Congress that would permit attacks on peer-to-peer networks, boost technology used for digital rights management, and grant more power to copyright holders. [CNET's interview with Deutsch follows.] http://news.com.com/2008-1082-955417.html
MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:email@example.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.
SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu
2. InsideHigherEd - http://www.insidehighered.com/
3. SANS Newsbites, firstname.lastname@example.org
4. NewsScan and Innovation, http://www.newsscan.com
5. Aon's Technology & Professional Risks Newsletter
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html
7. McGuire Wood's Technology & Business Articles of Note
8. Steptoe & Johnson's E-Commerce Law Week
9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/
10. The Benton Foundation's Communications Headlines
11. Readers' submissions, and the editor's discoveries
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top