Saturday, December 22, 2012

MIRLN --- 1-22 December 2012 (v15.17)

MIRLN --- 1-22 December 2012 (v15.17) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | PODCASTS | BOOKS | DIFFERENT | LOOKING BACK | NOTES

TOR Operator Charged for Child Porn Transmitted Over His Servers (ArsTechnica, 29 Nov 2012) - An Austrian operator of Tor servers-that were used to anonymously route huge amounts of traffic over the Internet-has been charged with distributing child pornography. This comes after police detected illegal images traversing one of the nodes he maintains. William Weber, a 20-year-old IT administrator in Graz, Austria, said nine officers searched his home on Wednesday after presenting him with a court order charging him with distribution and possible production of child pornography. The crimes carry penalties of as many as 10 years in prison. Police from the Styrian Landeskriminalamt, which has jurisdiction over the Austrian state of Styria, confiscated 20 computers as well as a game console, iPads, external hard drives, USB thumb drives, and other electronics. Evidence cited in the document showed that one of seven Tor Project exit nodes he operated transported illegal images. Short for the onion router, Tor was designed by the US Naval Research Laboratory as a way to cloak the IP addresses and contents of people sending e-mail, browsing websites, and doing other online activities. It is regularly used by political dissidents, journalists, law enforcement officers, and criminals who want to keep their online activities private. Tor works by encrypting a user's Internet traffic multiple times and funneling it through a dedicated server with its own IP address. The data is then passed to a second server, which decrypts one layer of the encryption before passing it to a third server. At that point the data is converted to its original form and sent to its final destination. Tor's onion-like architecture makes it infeasible for the contents to be intercepted by third parties, except by those monitoring an exit node. Even then, it's hard to know where the traffic originated. Weber isn't the first operator of a Tor node to land in hot water as a result of the traffic traversing his server. In 2007, German police raided the home of a Dusseldorf man after bomb threats allegedly passed through his Tor server. Last year, a separate Tor operator said police confiscated hardware and software after someone misused his exit node. During interview with police later on Wednesday, Weber said there was a "more friendly environment" once investigators understood the Polish server that transmitted the illegal images was used by Tor participants rather than by Weber himself. But he said he still faces the possibility of serious criminal penalties and the possibility of a precedent that Tor operators can be held liable if he's convicted. "Sadly we have nothing like the EFF here that could help me in this case by legal assistance, so I'm on my own and require a good lawyer," he wrote in a blog post seeking donations .

top

DHS Cybersecurity Insurance Workshop: Defining Challenges to Today's Cybersecurity Insurance Market (30 Nov 2012) - Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, network damage, and cyber extortion. The Department of Commerce Internet Policy Task Force has described cybersecurity insurance as a potentially "effective, market-driven way of increasing cybersecurity" because it may help reduce the number of successful cyber attacks by promoting widespread adoption of preventative measures; encouraging the implementation of best practices by basing premiums on an insured's level of self-protection; and limiting the level of losses that companies face following a cyber attack.1 Given this hope, many carriers and companies would like the cybersecurity insurance market to expand into new cyber risk areas to cover currently uninsurable risks such as cyber-related critical infrastructure failures, reputational damage, and the value of lost intellectual property and other proprietary data. Despite the appeal of cybersecurity insurance in a world where news of cyber attacks is an almost daily occurrence, the cybersecurity insurance market today faces significant challenges. While a sizable third-party market exists to cover losses suffered by a company's customers, first-party policies that address direct harms to companies themselves remain expensive, rare, and largely unattractive. Observers blame several factors for this phenomenon, including: (1) a lack of actuarial data which results in high premiums for first-party policies that many can't afford; (2) the widespread, mistaken belief that standard corporate insurance policies and/or general liability policies already cover most cyber risks; and (3) fear that a so-called "cyber hurricane" will overwhelm carriers who might otherwise enter the market before they build up sufficient reserves to cover large losses. Traditional insurance coverage issues such as moral hazard and adverse selection likewise play a part in discouraging market entry by these carriers. Evolving the cybersecurity insurance market to one that offers more coverage to more insureds at lower prices therefore depends on two key factors: (1) the development of common cybersecurity standards and best practices; and (2) a clearer understanding of the kinds and amounts of loss that various cyber incidents can cause. [Polley: I cannot find a public URL for this, so am sharing my copy thru my Dropbox folder. This is a very interesting report, with much useful information.]

top

ITU Packet Inspection Standard Raises Serious Privacy Concerns (InfoWorld, 30 Nov 2012) - The UN's telecommunications standards organization has approved a standard for deep packet inspection (DPI) that raises serious concerns about privacy, the Center for Democracy and Technology said. That ITU-T, is showing an interest in deep packet inspection suggests some governments hope for a world where even encrypted communications may not be safe from prying eyes, according to the CDT. The adoption of the standard -- officially known as "Requirements for Deep Packet Inspection in Next Generation Networks" or "Y.2770" -- happened last week during the World Telecommunication Standardization Assembly (WTSA), which is held every four years and defines what the ITU-T should focus on. The biggest concern is that the standard holds very little in reserve when it comes to privacy invasion, the CDT wrote. "There is a general lack of attention to design considerations we think are important to Internet users, namely privacy and security. Obviously DPI has the potential to be an extremely invasive technology," said Alissa Cooper, chief computer scientist at the CDT. The standard barely even acknowledges that there is a privacy risk at all, according to Cooper. "What we like to see, at the very least, is a thorough analysis of what the pros and cons are, and how you can build in mitigation for some of the more invasive aspects of the technology. But this has none of that," Cooper said. For example, the standard document optionally requires DPI systems to support inspection of encrypted traffic, which is "antithetical to most norms, policies, and laws concerning privacy of communications," the CDT wrote. The CDT's concerns are backed by European digital rights group EDRi.

top

America's Increasing Obsession with Social Media Driving Law Firm Business (Kevin O'Keefe, 30 Nov 2012) - Morrison & Foerster's popular Socially Aware Blog, a LXBN network publication, is out this week with a thought-provoking infographic that delves into Americans' increasing obsession with social media, along with their increasingly fractured attention spans. Some of the statistics MoFo has compiled might surprise you:

  • The amount of time the average person spent monthly on social networking more than doubled between 2006 and 2011 - from 2.7 hours to 6.9 hours
  • More than half of TV viewers are multi-tasking in front of the tube: 61% of viewers surf the Internet while watching TV; 29% use Facebook while in front of the TV
  • Social media now accounts for 18% of time spent online
  • The fastest growing segments of social networking users are men of all ages and people over 55 years old - both groups grew by more than 9% between July 2010 and October 2011.
  • Facebook is the undisputed leader among social networking sites: Visitors spend an average of 6.75 hours on the site each month - nearly twice the amount of time spent on Tumblr, Pinterest, Twitter, LinkedIn, and GooglePlus combined.
  • The percentage of Americans who have a social-networking profile has more than doubled in recent years - from 24% in 2008 to 56% in 2012.

With some 15,000 subscribers, Socially Aware is a certified hit. The blog has generated major assignments for Morrison & Foerster, including representations for a leading media company, global manufacturer, major tech provider, multinational insurer and other clients in need of counsel for their own social media initiatives.

top

Why Cybersecurity Matters (Stewart Baker, 2 Dec 2012) - For those who think I'm a little paranoid on the subject of cybersecurity, I suggest this story - a nightmare made in China for a small US businessman. Brian Milburn's parental control software was pirated and used in a China's infamous Green Dam software . When he sued, hackers tied to the Chinese government attacked his networks relentlessly, nearly destroying his business: "F or three years, a group of hackers from China waged a relentless campaign of cyber harassment against Solid Oak Software Inc., Milburn's family-owned, eight-person firm in Santa Barbara, California. The attack began less than two weeks after Milburn publicly accused China of appropriating his company's parental filtering software, CYBERsitter , for a national Internet censoring project. And it ended shortly after he settled a $2.2 billion lawsuit against the Chinese government and a string of computer companies last April. In between, the hackers assailed Solid Oak's computer systems, shutting down web and e-mail servers, spying on an employee with her webcam, and gaining access to sensitive files in a battle that caused company revenues to tumble and brought it within a hair's breadth of collapse." There are two particularly interesting, and troubling, aspects of the story. First, the hackers immediately attacked Milburn's law firm as well as his company. This tactic is now part of the standard playbook for China's hackers, but US law firms have not fully adapted to the threat . (emphasis added)

top

The 21st Century Legal Retainer Agreement (Ride the Lightning, 3 Dec 2012) - How times have changed. Once upon a time, lawyers and clients entered into a representation agreement based on a handshake. Today, that same agreement might result in an ethics complaint against the lawyer for failing to commit his fees to writing, or worse, a refusal by the client to pay the bill based on claims that the lawyer never did all the work he promised. Whether you call it a Retainer Agreement, Engagement Letter, Fee Agreement, Representation Agreement or something else, the contract between lawyer and client entered into at the outset of the relationship sets forth the terms of price of services to be rendered by the lawyer. But today, Retainer Agreements must do more than simply state terms of service and price. In the 21st Century, more lawyers seek to charge flat fees for ongoing work, and must comply with applicable ethics rules. Lawyers may need to inform clients of other matters - outsourcing, data storage or acceptance of payment by credit card. At the same time, some lawyers deliver legal services entirely online or may ask a client to execute an agreement on an iPad. In these cases, short retainer agreements that get to the heart of the matter in a couple of sentences are preferable a lengthy lawyerly tome. Today's clients are different too. They're accustomed to consuming information disseminated in sound-bites and 140-character streams and consequently, lack the attention span to read through a seven page retainer agreement. Clients also have access to all sorts of simple online forms, which has changed their perception of what a legal document should look like. For many clients, a lengthy retainer can be intimidating and off-putting; an added hurdle to hiring a lawyer instead of going with a DIY (do-it-yourself) product. Below is a checklist of topics that you may want to consider addressing in your retainer agreement, along with a few sample clauses * * *

top

Civil Litigation: A Better Way to Improve Cybersecurity? (NetworkWorld, 4 Dec 2012) - A precedent-setting case in the world of electronic banking points to a better method for securing the nation's critical infrastructure from cyberattack, according to a former Department of Homeland Security (DHS) official. Paul Rosenzweig, former assistant secretary for policy at DHS and founder of Red Branch Law & Consulting, said the recent settlement in Patco Construction v. People's United Bank shows how civil litigation can force banks to improve their online security practices. And if that can happen in the financial industry, it can also happen with a critical infrastructure operator, he said, and be more effective than federal cybersecurity legislation or regulation. "In the long run, a civil tort/contract liability system will develop that will work more effectively and flexibly -- imposing costs on those who stint their cybersecurity efforts in an unreasonable manner," Rosenzweig wrote in a recent post on Lawfare . In the Patco case, the company, a small property development and contractor in Sanford, Maine, sued People's United for authorizing six fraudulent withdrawals from its account in May 2009, totaling $588,851, even after the bank's security system had flagged each transaction as high-risk. The fraudulent transactions -- six over seven days -- came from a computer that had never been used before by Patco, from an IP address not recognized as from Patco, and were for amounts greater by several magnitudes than any Patco had made to third parties before. The money was going to people Patco had never before paid. The bank was able to block or recover $243,406 of that total. The First Circuit U.S. Court of Appeals ruling on July 3 was the first time a federal court found that a bank's electronic transaction security procedures failed to meet the standard required under the Uniform Commercial Code (UCC) as "commercially reasonable," putting the bank on the hook for losses due to fraud.

top

Ponemon Study Reveals Ninety-Four Percent of Hospitals Surveyed Suffered Data Breaches (Data Breach Press, 6 Dec 2012) - The Third Annual Benchmark Study on Patient Privacy & Data Security by Ponemon Institute, sponsored by ID Experts, reports that healthcare organizations face an uphill battle in their efforts to stop data breaches. Ninety-four percent of healthcare organizations surveyed suffered at least one data breach during the past two years; and 45 percent of organizations experienced more than five data breaches each during this same period. Data breach is an ongoing operational risk. Based on the experience of the 80 healthcare organizations participating in this research, data breaches could be costing the U.S. healthcare industry an average of $7 billion annually. Leading causes were lost devices, employee mistakes, third-party snafus, and criminal attacks. A new finding indicates that 69 percent of organizations surveyed do not secure medical devices-such as mammogram imaging and insulin pumps-which hold patients' protected health information (PHI). Overall, the research indicates that patients and their PHI are at increased risk for medical identity theft. Risks to patient privacy are expected to increase, especially as mobile and cloud technology become pervasive in healthcare. [Polley: I'd bet the other 6% just don't know they've been breached. Kinda like the response law firms gave a few years ago.]

top

Timeline of NSA Domestic Spying (EFF, 6 Dec 2012) - All of the evidence found in this timeline can also be found in the Summary of Evidence we submitted to the court in Jewel v. NSA. It is intended to recall all the credible accounts and information of the NSA's domestic spying program found in the media, congressional testimony, books, and court actions. For a short description of the people involved in the spying you can look at our Profiles page , which includes many of the key characters from the NSA Domestic Spying program. [Polley: from December 2012 stretching back to the FISA law in 1978, and a bit further. Entries on the timeline have pop-out annotations, and links to more. If you're unfamiliar with Orwell's 1984, you should read it, and this, while you can.]

top

Can Legal Publishers Collaborate With Blogs? (Kevin O'Keefe, 7 Dec 2012) - Amanda Hirsch, (@amanda_hirsch) the editor of Collaboration Central and former editorial director of PBS.org, shares that J-Lab (Institute for Interactive Journalism) just released the results of its three-year Networked Journalism pilot project that called for eight newspapers to network with local blogs. In its report, Networked Journalism: What Works , J-Lab's executive director, Jan Schaffer, (@janjlab) outlines the problem the project was designed to explore: "With U.S. newspapers losing more than 42,000 journalists since 2007, local news coverage has suffered. At the same time, hundreds of local blogs and news sites have launched in their markets … What role can traditional news organizations play not only to expose their audiences to more news than they themselves can deliver, but also to connect new sources of information rising throughout their communities?" Per Hirsch, Schaffer concluded for a partnership between community blog partners and a legacy newsroom to work, two things are needed. First, "it is the responsibility of the hub news organization to provide their news networks with enough visibility and outbound links to drive traffic to their partners' sites." And second, "it is the responsibility of the community news partners to post frequently enough to be robust participants and to nab the visibility - either on the network page or the home page - that would bring them traffic." It turns out networked publishing did work, especially in communities such as Seattle and Portland where there was a robust blogging community. Networked publishing in the law can work for the exact same reason as in news publishing. The number of legal journalists is shrinking. So are the number of publications. At the same time the community of law bloggers is skyrocketing. LexBlog's LXBN Network alone has over 7,000 lawyer authors, including almost 70% of the AmLaw 200 law firm blogs. Though the lawyers may not be trained journalists they are experts in the areas on which they blog. Not only do the know the law, but as part of their jobs they are addressing practical issues in their area of law on a daily basis. Who better than to report and comment than those located where the rubber meets the road?

top

To Yelp Or Not To Yelp? Lawsuit Puts The Chill On Bad Reviews (NPR, 9 Dec 2012) - The next time you're about to post a scathing review of a business on a site like Yelp or Angie's List, you might want to think twice. This week, a housing contractor named Christopher Dietz sued a former customer for $750,000 in defamation charges for what she wrote in a review on Yelp. Jane Perez wrote that there was damage to her home and that jewelry was missing after she'd had work done from Dietz's company, Dietz Development LLC. On Thursday, a judge took the unusual step of ordering Perez to take down parts of those reviews . While this isn't the first lawsuit of this type, Santa Clara University law professor Eric Goldman tells NPR's Rachel Martin that these cases are, so far, uncommon, because online reviews are still such a new area. "We're still developing the rules about how to deal with consumer reviews," Goldman says. He also says often the economics of litigation don't support lawsuits for a single, negative review. The reality, Goldman says, is that it is extremely unlikely that a single review costs a business anything. "My perspective is that any individual review is not credible, but the aggregate affect of the reviews ... tend to paint a pretty accurate picture," he says. A Harvard study in 2011 showed that a one-star increase on Yelp leads to a 5 to 9 percent increase in revenue. That potential revenue bump gives businesses all the more reason to fiercely protect their online reputation. The lawsuit itself, Goldman says, is a reminder that even though we have the freedom to voice our opinions on the Internet, we also own those words and can be held responsible for them. "Most people don't realize that they're betting their house ... every time they put their opinions out into the public discourse," he says. "When people realize that, it becomes incredibly inhibiting."

top

- and -

Two More Cases Hold That Anti-SLAPP Laws Protect Consumer Reviews (Eric Goldman, 13 Dec 2012) - Every anti-SLAPP law is worded differently, but some statutes protect statements on "matters of public interest," "issues of public concern" or something similar. This language usually doesn't explicitly reference consumer reviews of marketplace offerings, but my position is that consumer reviews should categorically qualify as matters of public interest because they help consumers make better marketplace choices, and society benefits from more efficient marketplaces. Typically-- but not always --courts have reached this result, but sometime with more drama than necessary. Thus, it's nice to see two clean rulings finding that consumer reviews qualify for anti-SLAPP protection * * *

top

Copyright in Tattoo Case (CMLP, 10 Dec 2012) - A tattoo artist sued THQ, Inc., the makers of an Ultimate Fighting Championship (UFC) themed video game, for copyright infringement. The artist tattooed a lion on fighter Carlos Condit's torso, and claims that it was his original creation. ( Complaint at 12.) The artist alleges that he created the original design, and owns a registration for the copyright to the design. ( Compl . at 16.) He claims that by using the work in a video game, depicting Carlos Condit, THQ infringed upon his copyright in the work. A press release issued by the firm representing the artist, Christopher Escobedo, states: "People often believe that they own the images that are tattooed on them by tattoo artists," explains Speth [Escobedo's attorney]. "In reality, the owner of the tattoo artwork is the creator of the work, unless there is a written assignment of the copyright in the tattoo art." Escobedo and Condit never had a written agreement. Thus, claims Escobedo in the lawsuit, he remains the owner of the copyright over the image he drew. Nothing in this statement is false, but that doesn't mean that this gets you to the correct answer. Here is the correct answer: * * * 2. Fair Use: I see very little room to argue that THQ's use is not fair use. THQ has the right to use Condit's likeness. That likeness happens to have been augmented with someone else's copyrighted work. The copyright owner can no sooner prohibit this use than he can prohibit me from using it demonstratively as I have in this piece (doubly so, since I clipped it from his complaint). THQ can't accurately depict Condit without the tattoo. THQ can not be prohibited from depicting Condit accurately, just because the artist wants more money. That said, there might be some theoretical claims, but not against THQ. Condit himself might (I stress MIGHT) have some liability. This is a highly theoretical argument - but I presume that Condit got paid for the right to use his likeness in the video game. Let's say that the agreement has a clause that states that Condit has the legal ability to transfer or license all relevant rights. There *might* be an argument that Condit did not have the right to assign the rights to the ink, and thus the artist gets a portion of Condit's profits. Again, theory here, and not likely. But, if I had to save the case, I'd argue that.

top

Judge Scheindlin Helps Demystify Foreign E-Discovery (Law.com, 10 Dec 2012) - One of the most vexing problems for global companies and their lawyers is how to identify, collect, and use electronically stored information in e-discovery without ending up in jail or facing huge fines. The most obvious problem is that countries have very different laws about personal privacy, often developed in reaction to their unique histories - especially if that history included repressive regimes where personal information was used to identify and kill dissidents. At the Georgetown Advanced E-Discovery Institute Friday panel, "First Do No Harm: Preserving and Admitting Foreign ESI," panelists offered analysis and advice on this challenging topic, which becomes more difficult by the day as the world becomes increasingly "smaller" with the explosion of inexpensive mobile devices and communication options.

top

AAA Launches Tool to Create ADR Clauses (Robert Ambrogi, 11 Dec 2012) - The American Arbitration Association has launched ClauseBuilder , a web-based tool designed to assist in drafting clear and effective arbitration and mediation agreements. The new tool provides parties with the AAA's standard arbitration agreement, in addition to an array of options parties may consider when drafting ADR clauses, including specifying the number of arbitrators; arbitrator qualifications; locale provisions; governing law; the duration of arbitration proceedings; and whether to use arbitration, mediation, or both. As launched, ClauseBuilder can be used only to create commercial arbitration and mediation contracts. Future versions in development will address construction, international and employment contracts. ClauseBuilder can be used to create pre-dispute ADR clauses to be included in contracts as well as clauses for existing disputes that parties would like to submit to arbitration or mediation. In addition to creating ADR clauses, ClauseBuilder will allow users to preview, edit, and archive their ADR agreements. ClauseBuilder is free to use. Once you indicate the type of clause you wish to create (e.g., commercial arbitration), it shows you the basic, standard language. From there, you can select from a number of options to modify the clause. How many arbitrators will a panel include? How will they be selected? What law will govern? To what extent will pre-hearing discovery be allowed? What remedies will be available to the arbitrators. Must arbitrators provide a reasoned opinion? For these and other options, you simply click radio buttons to designate your preferences.

top

The State of Intellectual Property Around the World (The Atlantic, 11 Dec 2012) - Economies are slowing across the globe. But inventors across the globe apparently didn't get that memo. Patent filings and grants have exploded in the past few years -- fueled, in particular, by innovations coming out of, and into, China. And fueled, as well, by new fields -- computer technologies, communications platforms -- that invite inventors to make their marks on them. A new report from the World Intellectual Property Organization -- the IP arm of the United Nations -- has documented that proliferation of patents (and trademarks, and industrial designs) as it's played out on the world stage. And their findings are pretty staggering. The study tracks data as of 2011, detailing IP trends on a worldwide, and country-by-country, basis. And while the report lends itself to a major headline -- that China's patent office has ousted the United States's as the world's largest -- the real story here is the fact that innovation, overall and officially, is on the rise. Around the world. The report itself is long and wonky. But it's full of juicy stats. So here, below, are some of the juiciest. The current state of intellectual property, around the world and by the numbers: * * *

top

Disability Access: Law and Policy (InsideHigherEd, 12 Dec 2012) - Dan Goldstein, attorney for National Federation of the Blind, has recently published the clearest articulation to date of the relationship between disability law and web accessibility. In short, while the Americans Disability Act, promulgated in 1990, did not explicitly speak to cyberspace, it nonetheless is the legal foundation upon which accommodations to it are required of those entities that fall under its scope, including higher education. This point is an important one to make. For some years, institutional attorneys and disability advocates have gotten tangled in discussions about whether section 508 of the Rehabilitation Act, which outlines a baseline of technical standards for web accessibility and is required for all federal agencies, is required of colleges and universities. The answer to that specific legal question is no. Receipt of federal funds does not a federal agency make of a college or university. But looking at just one tree obscured the forest and confused the how with the why. The ADA does apply to colleges and universities, public and private. Irrespective of which particular technical standards are chosen -- section 508, W3C, a hybrid, etc. -- mounting case law makes clear the point that accommodation must be made. Take a look yourself at this excellent document.

top

Will Pennsylvania Shut Down the Free Internet? (Steptoe, 13 Dec 2012) - A Hotmail user in Pennsylvania has brought a class action against Google (Brinkman v. Google, Inc.) alleging that its interception of non-Gmail users' communications with Gmail users violates Pennsylvania's wiretap statute. Google, of course, gets the consent of its Gmail users to intercept and scan the content of their emails in order to serve up targeted advertisements based on the users' apparent interests. But it does not obtain the consent of non-Gmail users that communicate with the Gmail users. This raises the question of whether Google's practices violate the laws of the dozen or so states, including Pennsylvania, that forbid interception of electronic communications without the consent of all parties to a communication. This is an issue of great importance to email providers, social media, Internet service providers, and others that review the content of online communications or monitor web activity as part of their online behavioral advertising (OBA) programs. If state all-party consent laws were interpreted in a manner that effectively brought OBA to a screeching halt, it could end the Internet as we know it. Without the revenue derived from OBA, free or low-cost Internet services that we take for granted could suddenly become expensive propositions. Moreover, companies that monitor the communications of their employees with the outside world could be subject to the same sorts of lawsuits, since they lack the consent of non-employees to interception of their communications with the company's workers.

top

'Non-Harmful' Phone Spoofing OK, Appeals Court Says (Wired, 13 Dec 2012) A federal appeals court is nullifying a Mississippi law that forbids phone spoofing of any type, ruling that Congress has authorized so-called "non-harmful" spoofing. Spoofing, misrepresenting the originating telephone caller's identification to the call recipient, was outlawed entirely in Mississippi under the 2010 Caller ID Anti-Spoofing Act (ASA), punishable by up to a year in prison. The decision (.pdf) is likely a death blow to the eight states that are mulling laws similar to Mississippi's, as well as Oklahoma and Louisiana, which already have similar statutes on the books, said Mark Del Bianco, the Maryland plaintiff's attorney in the case. Del Bianco represented New Jersey-based Teltech Systems and Michigan-based Wonderland Rentals - companies that provide nationwide, third-party spoofing services. Teltech offers its customers the SpoofCard , which operates like a long-distance calling card with the ability to manipulate the caller ID displayed to the called party. Wonderland uses spoofing to conduct quality control for businesses by faking the phone numbers of its client customers in order to anonymously test customer service representatives. A lower federal court had sided with the companies, nullifying the law because it impacted communications outside the state. The 5th U.S. Circuit Court of Appeals, however, overturned it because it said the measure was trumped by federal law. The Truth in Caller ID Act (TCIA) of 2009 authorizes spoofing in limited instances, the appeals court ruled.

top

Chicago Area Courts Ban Electronic Devices, For Some (CMLP, 17 Dec 2012) - Criminal courthouses in Cook County, Illinois (Chicago and environs) will ban the public from bringing in electronic devices as of Jan. 15, under an order issued by Cook County Chief Judge Timothy Evans in mid-December. See Gen'l Admin. Order 2012-8 (Ill. Cir. Ct., Cook Cnty. Dec. 11, 2012). In a press release announcing the new policy, Evans cited concerns that people attending court proceedings were using cellphones to photograph - and intimidate -- witnesses, judges, jurors, and prospective jurors, to relay courtroom testimony to upcoming witnesses, and to stream judges' comments during trial. "The court is sending a strong message to gang members and others that any attempts to intimidate witnesses, jurors, and judges in court will not be permitted," Evans was quoted saying in the release. "The ban will help to ensure that justice is properly done by preserving the integrity of testimony and maintaining court decorum." The ban will apply to 12 of the 13 courthouses in county. The exception will be the Richard J. Daley Center Courthouse in Chicago, which handles civil, traffic and misdemeanor cases. Under the order, members of the news media are exempt from the ban, and will be able to use electronic devices in courtrooms under the circuit court's pending application for to participated in the extended media coverage experiment authorized by the Illinois Supreme Court. See In re: Extended Media Coverage in the Circuit Courts of Illinois on an Experimental Basis, M.R. 2364 (Ill. Jan. 24, 2012). Others exempt from the ban include current or former judges; licensed attorneys; all law enforcement officers; all government employees; persons reporting for jury service; jurors (subject to the authority of the trial judges); building and maintenance workers, and equipment repair persons and vendors. But their use of the devices will be limited to public areas of the courthouses.

top

- OTOH -

Service by Email Comes to Illinois (The Connected Lawyer, 19 Dec 2012) - Recently the Illinois Supreme Court adopted an amendment to Supreme Court Rule 11 , which deals with service of documents to opposing parties. This amendment, which takes effect January 1, 2013, allows attorneys to serve documents by email and it requires attorneys to provide an email address for service on all appearances and pleadings. I think this is a great change. Admittedly, I think the rule requires some refinement ( e.g. , what formats are appropriate, when is email service effective). However, on the whole, I think this is a great step forward. Not unexpectedly, however, there has been a significant outcry from members of the bar who are raising objections to this. Some of the objections that I see include the typical claims that this discriminates against attorneys who are not technologically savvy and that it provides no exemption for attorneys who do not have an email address.

top

Fourth Circuit Limits Marital Communications Privilege for Email (Covington, 18 Dec 2012) - The Fourth Circuit recently ruled that the marital communications privilege does not always apply to email that is sent from a work account. A federal jury convicted former Virginia state legislator Phillip A. Hamilton of federal program bribery and extortion under color of right. During trial, the court admitted email messages that Hamilton sent to his wife from his work account. On appeal, Hamilton contended that admission of those messages violated the marital communications privilege, which covers private spousal communication that was intended to remain confidential. In an opinion last week, the Fourth Circuit disagreed, concluding that Hamilton had no reason to expect that his work emails were confidential. The Court analogized Hamilton's claim to a 1934 case in which the Supreme Court held that a defendant could not claim the marital privilege for communication that he shared with a stenographer. "Email has become the modern stenographer," the Fourth Circuit wrote. Hamilton's employer did not have a computer use policy when he sent the email messages, but the employer later adopted a policy stating the users have "no expectation of privacy in their use of the Computer System" and "[a]ll information created, sent[,] received, accessed, or stored in the . . . Computer System is subject to inspection and monitoring at any time." Because Hamilton's employer adopted this policy before the investigation of his bribery and extortion began, the Fourth Circuit concluded, Hamilton had ample time to delete any confidential email from his employer's archives. Under the Fourth Circuit's reasoning, a defendant still may claim the marital communications privilege for work emails if the defendant had an objectively reasonable belief in the privacy of those emails. For instance, if the employer's computer use policy guarantees email privacy, the defendant may argue that he reasonably believed the email was confidential.

top

Texas Lawyer Sues the State over His Blog's Name and Wins (ABA Journal, 19 Dec 2012) - Lubbock, Texas, lawyer John Gibson had a simple idea: Create a blog about the state's workers' compensation law. Luckily, "texasworkerscomplaw.com" was available, so he grabbed it. Gibson then was hit with a cease-and-desist order from the Texas Department of Insurance, which informed him that his blog violated a state law governing the use of the department's name and purview. The state threatened to fine him $5,000 per violation per day if he continued to use the words Texas and workers and compensation in any order in any marketing or promotional efforts. Gibson sued , claiming the state was violating his First, Fifth and 14th amendment rights. He also argued that his blog was mainly informational. Last October, the 5th U.S. Circuit Court of Appeals at New Orleans agreed with Gibson, holding that "Texas made no serious attempt to justify this regulation as narrowly tailored to a substantial state interest." The court noted that the law regarding the type of protection afforded domain names is in its infancy. "As with many new issues involving the Internet, the proper method of analysis to determine whether a domain name is commercial speech or a more vigorously protected form of speech is res nova," Circuit Judge Edith Brown Clement wrote for the court. "A domain name, which in itself could qualify as ordinary communicative speech, might qualify as commercial speech if the website itself is used almost exclusively for commercial purposes." Gibson's lawyer, Robert Hogan, says the case has potential to impact other blawggers. "There are broader issues concerning what degree of First Amendment protection applies to lawyers' blogs because there's no clear delineation from any court of appeals as to whether lawyers' blogs should be treated as commercial speech and get a reduced degree of First Amendment protection, or whether they deserve a higher degree of protection because of their inherent noncommercial nature."

top

Copyright Levies On Electronics Devices - 2012 Developments (Bird & Bird, 20 Dec 2012) - Copyright levies are systems that impose fees on the manufacture, import and/or sale of devices and media which can be used to reproduce and/or store third party copyright works, aiming to compensate rightholders for the licence revenues they lose due to the fact that end users are allowed to undertake certain defined permitted acts of copying without the right holders' consent. In the digital area, only private end-users are usually entitled to carry out the statutory permitted acts. 
At present, 21 out of the 27 Member States of the European Union ("EU") provide for private copying and similar end-user copying exceptions accompanied by levy schemes. The scope of the exceptions, the level of the levies and the products to which levies will pertain vary materially from Member State to Member State (please click here to see our November 2011 Copyright Levy Newsletter). However, due to the lack of harmonisation and the major changes caused by digitisation of copyright works, copyright levy schemes have come under increasing attack, and copyright levies have become a major legal, economical and political issue. In particular, the ground breaking "Padawan" judgment of the European Court of Justice ("ECJ") on 21 October 2010 is currently having a major impact on many pending cases and has triggered discussions as to whether fundamental changes to the present copyright levy regimes in Europe are needed. For more detailed information on the "Padawan" judgment, please click here to see the Bird & Bird Newsletter " European Court of Justice questions legitimacy of existing copyright levy regimes " dated 22 October 2010. 
The first Member States to react to this changing situation was Spain, which has abolished its copyright levy scheme. Further changes to copyright levy schemes all over Europe are likely to follow. In this Newsflash, we summarise the development in Spain as well as the status quo of copyright levy systems in Belgium, Czech Republic, Finland, France, Germany, Hungary, Italy, The Netherlands, Poland, Slovakia, Sweden and United Kingdom.

top

Feds Can Keep Data of Innocent Citizens for Five Years (Ride the Lightning, 20 Dec 2012) - Slate recently reported (the original source was the Wall St. Journal ) on a relatively new and very wide-ranging surveillance operation. The National Counterterrorism Center, which is located in an unmarked building in McLean, VA, now has the authority to store and monitor the data of innocent U.S. citizens for up to five years, using "predictive pattern-matching" to analyze it for suspect behavior. The Journal said that the NCTC has access to entire federal databases, including flight records, casino employee lists, the names of Americans hosting foreign-exchange students and many others. Even more alarming is the fact that this data can be given to foreign governments for analysis. Officials say the surveillance is subject to "rigorous oversight" which has always translated to, "Trust me, I'm from the government."

top

UK Copyright Reform Affects Fair Use, Format-shifting and Big Data (GigaOm, 20 Dec 2012) - The British government has unveiled a comprehensive raft of measures aimed at modernizing copyright in the country. This is pretty much what it promised to do in 2011 in response to the Hargreaves Review , which it had commissioned. Some of the measures are terrifically obvious, none more so than the legalization of format-shifting - yes, copying music from a CD to your iPhone is still technically illegal in the UK, although no-one gets prosecuted for it. Others bring the UK much closer to the U.S. fair use system. For example, a copyright exemption will now be brought in for parody, caricature and pastiche. In other words, stuff like that Newport State Of Mind parody will no longer be illegal. Bafflingly, the government says it will "allow limited copying on a fair dealing basis which would allow genuine parody, but prohibit copying disguised as parody". The Intellectual Property Office, which the reforms will put in charge of "clarifying areas where there is confusion or misunderstanding on the scope and application of copyright law", clearly needs something to keep it busy. The reforms should have a big impact on the educational and research sectors. Again with some absurdity, the current IP regime makes it legally risky for teachers to show copyrighted material over interactive whiteboards and distance-learning systems - this will be fixed, as will the ban on allowing the copying of sound recordings, films and broadcasts for private study and non-commercial research.

top

Court Gives Cold Shoulder to Hot Yoga, Finding Yoga Sequences Not Copyrightable (Baker Hostetler, 20 Dec 2012) - On Friday, the Central District of California held that a series of yoga poses designed to improve health is not copyrightable, dismissing claims of copyright infringement bought by Bikram Choudhury against Evolation Yoga. This ruling followed in the footsteps of the Copyright Office's recent announcement that it will no longer issue registration certificates for sequences of yoga poses designed to improve health. The California lawsuit was brought by Bikram Choudhury, the originator of the popular hot yoga style, Bikram Yoga. Bikram Yoga incorporates a series of 26 yoga poses and two breathing exercises performed in the same order and manner in a room of 105 degrees Fahrenheit over the course of approximately ninety minutes (the "Bikram Sequence"). Defendants are former students of Choudhury who taught the Bikram Sequence-the same 26 poses and two breathing exercises in the same order, manner, and environment-in their own studios, without Choudhury's permission. Claiming the Bikram Sequence was copyrightable, Choudhury sued for copyright infringement and also brought claims for trademark infringement, false designation of origin, dilution, unfair competition, unfair business practices, breach of contract, inducing breach of contract. Considering a motion for partial summary judgment on the copyright claim only, the Central District of California firmly held that a series of yoga poses, including the Bikram Sequence, is not copyrightable because (1) a series of yoga poses designed to promote health, like any exercise routine, constitutes a non-copyrightable fact or idea and (2) a series of yoga poses does not fall into the enumerated categories of copyrightable works under 17 U.S.C. § 102, but is, instead, a non-copyrightable system or procedure. Key to the court's ruling is its finding, guided by the Copyright Office's June 2012 announcement, that yoga poses are exercises. Exercises do not fall into the enumerated categories of authorship under 17 U.S.C. § 102 and are not copyrightable.

top

HLS1x: Copyright (HarvardX, 20 Dec 2012) - HLS1x Copyright, an experimental course offered on edX, will explore in depth the law, theory, and practice of copyright. Approximately two thirds of the course will focus on the copyright system of the United States; the remainder will be devoted to the laws pertaining to copyright and "neighboring rights" in other countries. Considerable attention will be devoted to the relationship between copyright law and creative expression in a variety of fields: literature; music; film; photography; graphic art; software; comedy; fashion; and architecture. The course will commence on January 28, 2013, and last for 12 weeks. Enrollment in the course is limited to 500 participants, who will be selected through an application process. When admitting participants, the course organizers will seek to create a group that is diverse along many dimensions, including country of residence, age, occupation, educational background, and gender. Applicants must be at least 13 years old, have a good grasp of the English language, and be willing to devote eight hours per week to learning and discussing the material. Otherwise, however, there are no prerequisites for taking this course. In particular, no legal background is required. Several methods of instruction will be used. Participants will watch pre-recorded lectures, engage in interactive live webcasts of events in which guest speakers address especially controversial issues, discuss legal problems in online forums, and (most importantly) participate once a week in an 80-minute online seminar. Those seminars will be taught by teaching fellows, all of whom are currently students at Harvard Law School. At the conclusion of the course, each participant will take a three-hour exam, designed to assess his or her knowledge of copyright law and policy. Those exams will be graded by the teaching fellows. Participants who receive passing grades will be awarded certificates of completion and will be provided written assessments of their degree of proficiency. HLS1x Copyright is an experimental course, with four different variants that allow Prof. Fisher and his team to experiment with different combinations of teaching materials and educational technologies. Enrollment for the course is limited because we believe that high-quality legal education depends, at least in part, upon supervised small-group discussions of difficult issues. Fidelity to that principle requires confining the course to the number of participants that can be supervised effectively by our 21 teaching fellows. The limit on the enrollment does not mean, however, that we are not allowing access to the course materials; they will be made publicly available.

top

Devil's in the Small Print (WSJ, 20 Dec 2012) - A book about boilerplate? That contract with the small print that you have to sign before renting a power tool? The incomprehensible "Terms of Service" agreement that Internet providers require you to claim you have read and approved? Standardized contracts are unavoidable, but they don't seem like a subject for an important or interesting book. They are, you might think, just one more example of the background absurdities of modern life. But Margaret Jane Radin, a law professor at the University of Michigan, has given us a sophisticated and thought-provoking treatment of the boilerplate contracts that everyone signs yet few read or understand. Ms. Radin begins by arguing that boilerplate contracts-which as early as 1919 were widespread enough of a commercial practice as to be a subject of case law-aren't really contracts at all. Because the terms aren't bargained over, it follows that they aren't consented to in any traditional sense; there is no meeting of the minds between the parties. Ms. Radin effectively debunks legal abstractions designed to reconcile boilerplate with contract theory. She discusses ideas like constructive, or fictional, consent, which exists when a judge believes there was a reasonable opportunity to read and assent to contractual terms that in fact were never read or agreed to. She also touches on hypothetical consent, which involves theorizing about the conditions under which a rational person would consent. In the end she concludes that neither accommodates boilerplate to the moral basis of contracts law.

top

NOTED PODCASTS

Christopher Soghoian on the Growing Trade in Software Security Exploits (Berkman, 29 Nov 2012; 61 minutes) - Over the past year, the public has started to learn about the shadowy trade in software security exploits. Rather than disclosing these flaws to software vendors like Google and Microsoft who will then fix them, security researchers can now sell them for six figures to governments who then use them for interception, espionage and cyber war. Are researchers who sell exploits simply engaging in legitimate free speech that should be protected? Or, are they engaging in the sale of digital arms in a global market that should be regulated? In this talk, Chris Sogohian - Principal Technologist and a Senior Policy Analyst with the Speech, Privacy and Technology Project at the American Civil Liberties Union - discusses what should be done, if anything, about this part of the security industry. [Polley: very interesting discussion. For his proposed conclave of law professors, I'd like to hear them explore targeting the sub-rosa dimension of this activity, which attacks all end-users' security and privacy expectations. Aiding & abetting? Tortious interference with contract? Other?]

top

Audio of Recent ABA Standing Committee Conference (Lawfare, 13 Dec 2012) - The American Bar Association's Standing Committee on Law and National Security has released audio recordings of its recent conference in Washington . Here they all are: * * * [Polley: This is a great program, every year. It's *THE* event for national security lawyers.]

top

BOOKS

Smith on Design Patents (Patently-O, 16 Dec 2012) - When I began writing Patently-O in 2004, design patents were largely thought of as akin to a pre-ball Cinderella: In rags, forlorn, and quite pitiful. Things have changed. Design patents are more valuable than ever and their trajectory continues to rise. Matthew A. Smith ( Foley ) recently put together a short treatise on design patents ( short for a treatise ) and offered to publish Version 0.9 here as a preliminary draft for commentary. Coverage in the 82 page volume includes general background on the laws of design patents; design patent application preparation and prosecution; design patent enforcement; tests of design patent validity; and design patent remedies. As per his usual, Smith's approach is to provide straightforward analysis in practical terms and with direct reference to the underlying sources of law. Read it while its hot : Matthew A. Smith, Design Patents, Ed. 0.9 (Prelim. Draft) (Dec. 12, 2012). File Attachment: 2012-12-12_Design_Patents.pdf (545 KB) .

top

The Future of Scientific Knowledge Discovery in Open Networked Environments (National Academies Press, 2012) - Digital technologies and networks are now part of everyday work in the sciences, and have enhanced access to and use of scientific data, information, and literature significantly. They offer the promise of accelerating the discovery and communication of knowledge, both within the scientific community and in the broader society, as scientific data and information are made openly available online. The focus of this project was on computer-mediated or computational scientific knowledge discovery, taken broadly as any research processes enabled by digital computing technologies. Such technologies may include data mining, information retrieval and extraction, artificial intelligence, distributed grid computing, and others. These technological capabilities support computer-mediated knowledge discovery, which some believe is a new paradigm in the conduct of research. The emphasis was primarily on digitally networked data, rather than on the scientific, technical, and medical literature. The meeting also focused mostly on the advantages of knowledge discovery in open networked environments, although some of the disadvantages were raised as well. [Polley: free e-version; $48 for hardcopy]

top

DIFFERENT

The Explosion of 15th Century Printing: A Data Visualization (The Atlantic, 5 Dec 2012) - Harvard's metaLAB is "dedicated to exploring and expanding the frontiers of networked culture in the arts and humanities," pursuing interdisciplinary research like this fascinating look at the spread of printing across Europe in the 1400s. Drawing on data from the university's library collections, the animation below maps the number and location of printed works by year. Watch it full screen in HD to see cities light up as the years scroll by in the lower left corner. Matthew Battles, a principal and senior researcher at metaLAB and past Atlantic contributor, describes the research and technology that went into the visualization in an interview. [Polley: pretty cool visualization; I was surprised at the concentration of printing activity near Venice.]

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

FORRESTER SEES $2 BILLION DIGITAL MUSIC MARKET BY 2007 (SiliconValley.com, 13 August 2002) -- Video may have killed the radio star, but Forrester Research Tuesday said Internet piracy was not to blame -- as record labels have claimed -- for the 15 percent drop in music sales in the past two years. ``There is no denying that times are tough for the music business, but not because of downloading," said Josh Bernoff, principal analyst at Cambridge, Massachusetts-based research firm Forrester Research Inc., who released a report on the digital music market. Based on surveys of 1,000 U.S. online consumers, Forrester said it sees no evidence of decreased CD buying among frequent digital music consumers and said the record labels could restore industry growth by making it easier for people to find, copy, and pay for music on their own terms. Forrester predicts that by 2007, digital music revenues in the United States will reach more than $2 billion, or 17 percent of the music business, from about $3 million in 2001. Forrester pointed to the economy and competition from other media for the music market's downturn, rather than the emergence of free song-swap services like now-idled Napster and several similar sites in its wake, which the recording industry has claimed in several copyright lawsuits have hurt sales.

top

FBI BEGINS VISITING LIBRARIES (AP 24 June 2002) -- The FBI is visiting libraries nationwide and checking the reading records of people it suspects of having ties to terrorists or plotting an attack, library officials say. The FBI effort, authorized by the antiterrorism law enacted after the Sept. 11 attacks, is the first broad government check of library records since the 1970s when prosecutors reined in the practice for fear of abuses. The Justice Department and FBI declined to comment Monday, except to note that such searches are now legal under the Patriot Act that President Bush signed last October. Libraries across the nation were reluctant to discuss their dealings with the FBI. The same law that makes the searches legal also makes it a criminal offense for librarians to reveal the details or extent. "Patron information is sacrosanct here. It's nobody's business what you read," said Kari Hanson, director of the Bridgeview Public Library in suburban Chicago. The process by which the FBI gains access to library records is quick and mostly secret under the Patriot Act. First, the FBI must obtain a search warrant from a court that meets in secret to hear the agency's case. The FBI must show it has reason to suspect that a person is involved with a terrorist or a terrorist plot - far less difficult than meeting the tougher legal standards of probable cause, required for traditional search warrants or reasonable doubt, required for convictions. With the warrant, FBI investigators can visit a library and gain immediate access to the records. Judith Krug, the American Library Association's director for intellectual freedom, said the FBI was treading on the rights it is supposed to be upholding.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. The Benton Foundation's Communications Headlines

11. Readers' submissions, and the editor's discoveries

top

Saturday, December 01, 2012

MIRLN --- 11-30 November 2012 (v15.16)

MIRLN --- 11-30 November 2012 (v15.16) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | PODCASTS | LOOKING BACK | NOTES

Annual Incident Report 2011 (European Network & Information Security Agency, 11 Oct 2012) - For the first time in the EU, in spring 2012, national reports about security incidents were provided to ENISA and the European Commission, under Article 13a of the Framework Directive (2009/140/EC). This is a new article in the EU legal framework for electronic communications. In this new ENISA document, we analyse the 51 received incident reports, dealing with severe outages of electronic communication networks or services. ENISA will publish a similar overview and analysis, yearly, following subsequent rounds of annual summary reporting by the NRAs in the EU Member States. The next report will be published in spring 2013, and will summarize and analyse incidents that occurred in 2012. Full report (in English) here .

top

Megaupload Case Has Far-Reaching Implications for Cloud-Data Ownership Rights (Wired, 7 Nov 2012) - There's more at stake in the Megaupload case than the freedom of founder Kim Dotcom and his indicted file-sharing associates. The privacy and property rights of its 60 million users are also in jeopardy, as well as the privacy and property rights of anyone who stores data in the cloud, according to the Electronic Frontier Foundation, which is representing one of Megaupload's users in a lawsuit against the government that could set a precedent for cloud users in general. A hearing on the issue in Virginia federal court is expected to be set any day. The problem lies in the fact that there is currently no clear process for owners to retrieve property that federal prosecutors effectively seized when they shuttered the file-sharing and cyberlocker service last January over issues of alleged copyright infringement. And even if a system is put in place for users to get back their files, it's likely the data would first need to be reviewed by the government or a third party to determine if any of the data infringed copyrights, says EFF attorney Julie Samuels, because the government would oppose returning such data to account holders. [A]fter EFF filed papers on behalf of Kyle Goodwin, an Ohio man whose property was seized in the Megaupload case, a judge tentatively blocked the hosting company from deleting data and ordered the government, Dotcom's legal counsel and EFF to come up with suggestions about how to return property to Megaupload users, if at all.

top

RIM Good for Secret Jobs: BlackBerry 10 Cleared for Restricted Data (The Register, 8 Nov 2012) - BlackBerry 10 has passed the US Federal Information Processing Standard (FIPS) certification, meaning devices based on the platform can be used to send classified data between government agents. Despite a drop in US government uptake of its kit, this is still something unique to RIM. Apple and Android have both made huge strides in security, but only RIM has ever managed to get a mobile platform through the FIPS 140-2 process, which is managed by National Institute of Standards and Technology and recognised by the US and Canadian governments. The classification permits the transit of documents up to "restricted" level, so RIM's devices will be turning up in some halls of power, if not all of them.

top

The Ethics of Facebook-Stalking University Applicants (Rey Junco, Berkman, 8 Nov 2012) - Recently, Kaplan Test Prep released data from a survey showing how college admissions officers check applicant profiles in order to make admissions decisions . This isn't a new phenomenon: since 2008, I've been answering questions about whether residence life, judicial affairs, and other university departments should monitor their students' Facebook accounts. Here are some reasons why I think such evaluations of applicant Facebook profiles is unethical * * * [Polley: interesting; applicable to employers' social media review procedures, too.]

top

"Involuntary Porn" Site Tests the Boundaries of Legal Extortion (ArsTechnica, 13 Nov 2012) - In the era of Polaroid cameras, you didn't have to worry too much about a racy snapshot you took in the privacy of your bedroom becoming available to the general public. But thanks to the rise of digital cameras and the Internet, that's now a real risk. Hackers, disgruntled exes, and other vindictive individuals who gain access to your compromising digital snapshots can share them with the world with a single click. Recently, a number of websites have sprung up to cash in on the public humiliation of others. One of the first such sites was IsAnyoneUp, which solicited nude pictures of ordinary Americans submitted by third parties. To maximize the humiliation, the photos were posted along with identifying details such as name and home town. The site's owner, Hunter Moore, reportedly raked in thousands of dollars a month in advertising revenue, and he made the rounds on television talk shows defending his site. Moore finally shuttered the site earlier this year, but others have jumped in to fill the sordid niche he pioneered. One such site is the creatively named IsAnybodyDown. Like the original, it features naked pictures of ordinary Americans, generally submitted without the subjects' consent, as well as personal information such as their names, hometowns, phone numbers, and screenshots of their Facebook pages. If you think IsAnyoneUp couldn't be any sleazier, then IsAnybodyDown's seems determined to prove you wrong. A link on IsAnybodyDown reading "Get Me Off This Site!" leads to the website of "Takedown Hammer," an "independent third party team" that, for a modest fee of $250, will "issue a successful content removal request on your behalf." It brags of 90 successful removals from IsAnybodyDown.com. It seems pretty obvious that "Takedown Hammer" isn't actually independent of IsAnybodyDown. Indeed, copyright and First Amendment attorney Marc Randazza has found circumstantial evidence that IsAnybodyDown and Takedown Hammer are, in fact, both owned by a man named Craig Brittain. [Polley: see also The Guy Behind Two 'Revenge Porn' Sites Says Government Protects His Work (Business Insider, 29 Nov 2012)]

top

Establishment Opens Door for MOOCs (InsideHigherEd, 14 Nov 2012) - The clearest path to college credit for massive open online courses may soon be through credit recommendations from the American Council of Education (ACE), which announced Tuesday that it will work with Coursera to determine whether as many as 8-10 MOOCs should be worth credit. The council is also working on a similar arrangement with EdX, a MOOC-provider created by elite universities. The Bill & Melinda Gates Foundation is funding that effort as part of $3 million in new, wide-reaching MOOC-related grants, including research projects to be led by ACE , the Association of Public and Land-grant Universities (APLU) and Ithaka S+R, a research group that will team up with the University System of Maryland to test and study the use of massive open online courses across the system. Until now, MOOCs have been a source of fascination mostly because they make teaching by top-notch professors at prestigious universities free and available on the Internet to students anywhere, including in developing countries. Most MOOCs from high-profile providers such as Coursera, EdX, Udacity and Udemy feature upper-division material aimed at students looking to hone their skills or who are merely curious. Tuesday's rollout, however, helps open the door to the courses' use by credit-seeking students, particularly the growing adult student market. And the new round of grantees includes 10 institutions that the Gates Foundation has tapped to develop introductory and remedial courses, which often trip up low-income and first-generation college students. Perhaps most importantly, Tuesday's announcements signal that traditional higher education (represented by ACE and APLU) and Gates, the primary force behind the national college "completion agenda," both believe in the disruptive potential of MOOCs.

top

Terrorist Attack on Power Grid Could Cause Broad Hardship, Report Says (NYT, 14 Nov 2012) - Terrorists could black out large segments of the United States for weeks or months by attacking the power grid and damaging hard-to-replace components that are crucial to making it work, the National Academy of Sciences said in a report released Wednesday. While the report is the most authoritative yet on the subject, the grid's vulnerability has long been obvious to independent engineers and to the electric industry itself, which has intermittently tried, in collaboration with the Department of Homeland Security, to rehearse responses. Of particular concern are giant custom-built transformers that increase the voltage of electricity to levels suited for bulk transmission and then reduce voltage for distribution to customers. Very few of those transformers are manufactured in the United States, and replacing them can take many months. The National Academy of Sciences report mainly refers to less sophisticated attacks but also warns of cyberattacks or infiltration of the grid's transmission operators. "Even a few pernicious people in the wrong place are a potential source of vulnerability," it said. The report was completed in 2007, and after reviewing it, the Department of Homeland Security decided to classify its contents. The version released on Wednesday is redacted to avoid handing terrorists a "cookbook" on how to disrupt the grid, the report said.[Polley: thanks to @RolandTrope for this story]

top

Email Users Can't Count On Privacy Protections (WSJ, 14 Nov 2012) - One of the lessons from the unfolding case of the former director of the Central Intelligence Agency, David Petraeus, is that privacy protections for even the most sophisticated users of consumer-email services actually protect very little. In response to a Florida woman's complaints that she had received threatening emails, the Federal Bureau of Investigation gained access to the emails of Paula Broadwell, a writer who allegedly set up Gmail accounts under aliases to conduct an affair with Mr. Petraeus. To do so, the FBI received search warrants from a judge, according to U.S. officials. But other clues in the FBI investigation could be garnered without a warrant in an era when personal communication has shifted to centralized websites like Google Inc. and Facebook Inc., where messages rarely get truly deleted and all online communications carry a number of digital footprints. The U.S. and foreign governments now make a regular habit of seeking data about people from Internet giants, and those requests are on the rise. Google, one of the few tech companies that discloses details about the requests, this week said that in the first half of 2012, it received 7,969 such requests from U.S. authorities-nearly 34% more than it received in the first half of 2011. Google said it complied with 90% of those requests. In the U.S., the Fourth Amendment requires government agents to obtain a warrant from a judge before searching physical property. But under a 1986 law, the Electronic Communications Privacy Act, or ECPA, a warrant isn't typically required to access emails older than six months old because they are considered to be "abandoned."

top

- and -

When Will our Email Betray Us? An Email Privacy Primer in Light of the Petraeus Saga (EFF, 14 Nov 2012) - The unfolding scandal that led to the resignation of Gen. David Petraeus, the Director of the Central Intelligence Agency, started with some purportedly harassing emails sent from pseudonymous email accounts to Jill Kelley. After the FBI kicked its investigation into high gear, it identified the sender as Paula Broadwell and, ultimately, read massive amounts of private email messages that uncovered an affair between Broadwell and Petraeus (and now, the investigation has expanded to include Gen. John Allen's emails with Kelley). We've received a lot of questions about how this works-what legal process the FBI needs to conduct its email investigation. The short answer? It's complicated. * * * Compared to identifying information, ECPA provides more legal protection for the contents of your email, but with gaping exceptions. While a small but increasing number of federal courts have found that the Fourth Amendment requires a warrant for all email, the government claims ECPA only requires a warrant for email that is stored for 180 days or less. But as the Department of Justice Manual for searching and seizing email makes clear, the government believes this only applies to unopened email. Other email is fair game with only a subpoena, even if the messages are less than 180 days old. According to reports, Petraeus and Broadwell adopted a technique of drafting emails, and reading them in the draft folder rather than sending them. The DOJ would likely consider draft messages as "opened" email, and therefore not entitled to the protection of a search warrant. In a nutshell, although ECPA requires a warrant for the government to obtain the contents of an email stored online for less than 180 days, the government believes the warrant requirement doesn't apply for email that was opened and left on the server - the typical scenario for webmail systems like Gmail - even if the messages are less than 180 days old. So, under the government's view, so long as the emails had been opened or were saved in the "drafts" folder, only a subpoena was required to look at contents of Broadwell's email account. * * * [Polley: there's more here, and worth parsing.]

top

Google Will Not be Prosecuted for Street View Wi-Fi Sniffing in Germany (ComputerWorld, 15 Nov 2012) - The public prosecutor in Hamburg has decided not to start a criminal investigation into the way Googles' Street View cars gathered data from unencrypted Wi-Fi networks in Germany, the lawyer who requested the inquiry said Thursday. In 2010 Google acknowledged that its Street View cars collected data such as MAC addresses and SSIDs (service set identifiers) as well as personal payload data from Wi-Fi networks. Payload data can include email, passwords and medical data. The public prosecutor's office said it cannot pursue a criminal investigation into Google's Street View Wi-Fi sniffing. The prosecutor's office was unable to find any violation of criminal standards by Google in the way the company stores SSIDs, MAC addresses or payload data, it said in a letter sent *** on Thursday.

top

Seattle's 'Creepy Cameraman' Questions Our Comfort With Being Watched (Seattle Times, 18 Nov 2012) - At first, University of Washington professor Odai Johnson thought it was some art student's prank. One day last summer, right in the middle of class, a young man opened the door, stuck in a camera and began filming. Johnson asked him to leave. He refused. Johnson closed the door on him. He re-entered. All the while, Johnson's drama students looked unsure and nervous, frozen in a state of unease. "I confronted the man and told him his actions were an intrusion into our space, that he had no permission to insert himself and his camera and take whatever images he was gathering for whatever uses pleased him," Johnson told me over email. He "never stated his reasons, never asked for cooperation or permission. Just pointed and aimed and shot." You can see the whole exchange yourself on YouTube, where the cameraman - whoever he is - has posted video of this and other, similar confrontations with unwilling subjects around Seattle. A shopper leaving a store by Almvig's. A man on his cellphone outside a University Village Starbucks. A cab driver who, taking a wild guess as to why a camera is in his face, blurts, "I'm white! I'm not an African driver!" When asked what he's doing, the cameraman says he's "taking a video." When asked why, he says, "Why not?" When told he doesn't have permission, he says, "Oh, OK" and, to his subjects' confusion, irritation and rage, keeps filming. Is this a social experiment or some jerk having fun? Commenters are giving mixed reviews, calling the videos everything from horrific to hilarious, and their creator everything from a moron to a genius. Let's start with what's legal. I was struck, watching the videos, by the rights people think they have. Apart from the classrooms, a Scientology building and what appears to be a community center, the cameraman films in public. "This is America and I have a choice that you do not take a picture of me," a woman from a research institute tells him. But they're on the sidewalk. Her only choice is to walk away. Renowned Seattle science fiction author Neal Stephenson has been called a technology prophet for predicting in his 1992 classic, "Snow Crash," so much of what gadgets and the Web would make possible. In the book, characters called "gargoyles" walk around in special suits that let them record and upload everything around them, permission be damned. On a panel at the school just last month, University of Washington law professor Ryan Calo talked to Stephenson about the implications of his latest book - "REAMDE." Calo has his own fascination with the intersection of privacy and surveillance. As it stands, privacy law can do nothing about the creepy cameraman or the pervasive public surveillance he seems to represent. But what if the law changed? That may seem counterintuitive when technology is bursting our lives wide open, and the advice from experts is to be aware of it and deal with it. But Calo cited a recent Supreme Court case involving the use of a GPS tracking device in which five justices expressed concern over continuous surveillance. He thinks change can happen. I think he might be right.

top

Fourth Amendment Implications of Using "Moocherhunter" To Locate the User of An Unsecured Wireless Network (Volokh Conspiracy, Orin Kerr, 19 Nov 2012) - In United States v. Stanley, 2012 WL 5512987 (W.D.Pa. Nov. 14, 2012) (Conti, J.) , the district court evaluated a novel Fourth Amendment question: Does tracing the location of a user of an unsecured wireless network constitute a Fourth Amendment search? The court's answer: No. In this case, a Pennsylvania state police officer investigating the distribution of child pornography over peer-to-peer software learned that a computer at a particular IP address was sharing images of child pornography. The investigator, Erdley, obtained a search warrant to search the home associated with the IP address. The search was unsuccessful, however, and Erdley concluded that someone nearby was using the wireless connection from the home that had been left unsecured. With the consent of the homeowner, Kozikowski, Erdley used a software program called "Moocherhunter" to find the physical location of the individual who was accessing the network. Moocherhunter works by measuring the distance between the wireless router and the computer connecting to it: By moving the antenna of the wireless router, and knowing the MAC address of the computer connected to the wireless router, Erdley was able to trace the location of the computer connecting to the wireless router to a specific apartment. Erdley then obtained a search warrant and searched the apartment, finding child pornography on the computer of the defendant, Richard Stanley. The District Court ruled that use of Moocherhunter was not a search under Smith v. Maryland, 442 U.S. 735 (1979): Based upon Smith's rationale, the court finds Stanley did not have a legitimate expectation of privacy in the wireless signal he caused to emanate from his computer to the Kozikowski wireless router or in the signal being sent from the router back to his computer, and therefore, Erdely's use of Moocherhunter™ did not constitute a search in violation of the Fourth Amendment. Stanley argued that Moocherhunter was like the thermal imager in Kyllo v. United States, 533 U.S. 27 (2001), but the district court disagreed.

top

Engaging Facebook Friends Doesn't Violate Non-Solicitation Clause (Eric Goldman, 19 Nov 2012) - This case involves an employer's attempt to enforce a non-compete and a non-solicitation clause against a hair stylist. I'm especially interested in the court's discussion about the non-solicitation clause--a provision that might even be enforceable in California. From the court's distillation, it seems like the employer overreached quite a bit here, such as with this example: Four days after Ms. DiFonzo resigned from Invidia, David Paul Salons, her new employer, posted a "public announcement" on Ms. DiFonzo's Facebook page, noting DiFonzo's new affiliation with David Paul....In the comment section below that post, Ms. Kaiser [a hair salon customer] posted a comment which said, "See you tomorrow Maren [DiFonzo]!" See anything remotely resembling a solicitation here? Fortunately, the court doesn't either. Cf. Enhanced Network Solutions v. Hypersonic Technologies. The former employer next argued "Ms. DiFonzo has become Facebook 'friends' with at least eight clients of Invidia." Overall, having hair salon employees develop social media connections with customers sounds like a positive thing as it's likely to improve customer loyalty. For example, if customers are disloyal to their hair stylist and post photos of their new haircuts, they will be outing themselves to their hair stylist. And if the hair salon employee and the customer are bona fide friends (not the fake form of friendship so rampant on Facebook), then that relationship isn't "owned" by anyone.

top

Modria Launches A "Fairness Engine" For Online Dispute Resolution (TechCrunch, 19 Nov 2012) - Earlier this morning, we got an email from a lady whose account was mistakenly charged a few times too many by an online pet food store. There is little we can do about that, but it's a clear sign that even today, resolving those kinds of online disputes is still hard. Modria wants to change this with the help of its Fairness Engine . The privately funded company, which was founded in 2011, says that its cloud-based service helps "all parties involved in an online dispute to the table quickly and lets them arrive at an equitable solution that helps save costs and increase brand loyalty." The team behind the service already helped companies like eBay and PayPal solve more than 400 million cases. Indeed, Modria founder and CEO Colin Rule spent eight years as the Director of Online Dispute Resolution for eBay and PayPal. Modria helps businesses flag and diagnose customer issues and knows enough about the legal technicalities behind these problems to speed up the negotiation process. The tool uses four different modules for diagnosis, negotiation, mediation and arbitration.

top

Corbis and the Public Domain (MLPB, 20 Nov 2012) - Tanya Asim Cooper, University of Alabama School of Law, has published Corbis & Copyright?: Is Bill Gates Trying to Corner the Market on Public Domain Art? in volume 16 of the Intellectual Property Law Bulletin (2011). Here is the abstract. Art has the power to stir our emotions, evoke a physical response, and transport us to a different world. It can inspire and transform us. For all of those precious qualities, the public relies upon knowing that once the artist's exclusive rights to the artwork elapse, the "art must ultimately belong to us all." The notion that artwork eventually belongs to the public is paramount because art, like books and music, represents a collective experience that helps define what it means to be human. Thus, once the artist has enjoyed her exclusive rights to that art, it should belong to no one individual, but to everyone. This article argues that Corbis's copyright claim in its digitized reproductions of public domain art is suspect and concludes by discussing the ramifications for the public domain when Corbis asserts copyright protection for its public domain digital copies. Given the power and influence that Bill Gates and his company Corbis have on the market for public domain art, it behooves the public to be aware of this issue.

top

Navigating the Legal Pitfalls of Augmented Reality (Mashable, 21 Nov 2012) - The power of AR, particularly for marketers, is its ability to overlay highly relevant, timely and interactive data about specific products or services within a user's live physical environment. For example, companies are using AR to transform home or online shopping by bringing to life static, two-dimensional images ― see Ikea's 2013 catalog and Phillips TV Buying Guide mobile app ― or leveraging geolocational data to augment users' real-world retail experiences with instant data on pricing, reviews or special discounts (such as IBM's personal shopping assistant ). If you're considering whether to add an AR app to your marketing mix, be aware that traditional advertising law principles still apply, and that both federal and state regulators are keeping a watchful eye on AR's potential impact on consumer privacy. A unique aspect of AR is that it allows retailers to give online or mobile shoppers a realistic, up-close, three-dimensional or enhanced view of their products prior to purchase (think virtual dressing rooms ). If your AR app is used to promote or drive sales for a particular product, be sure to avoid overstating or exaggerating the features, functions or appearances of the product, or leaving out material information that could sway the consumer's purchasing decision. In September, the Federal Trade Commission (FTC) published a marketing guide for mobile app developers. It clarifies that long standing truth-in-advertising standards apply in the virtual world to the same extent as in the real world. The key takeaway: Disclosures must be clear and conspicuous. That is, you should look at your app from the perspective of the average user and ensure that disclosures are big and clear enough so that users actually notice them and understand what they say. Another rule of thumb is to keep your disclosures short and simple, and use consistent language and design features within your app. Before launching your app, carefully consider how best to make necessary disclosures visible and accessible in the AR context. You can expect more guidance on disclosures in the near future when the FTC releases its updated Dot Com Disclosures Guide .

top

Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act (SSRN; University of Amsterdam, 27 Nov 2012) - Abstract: Institutions have started to move their data and ICT operations into the cloud. It is becoming clear that this is leading to a decrease of overview and control over government access to data for law enforcement and national security purposes. This report looks at the possibilities for the U.S. government to obtain access to information in the cloud from Dutch institutions on the basis of U.S. law and on the basis of Dutch law and international co-operation. It concludes that the U.S. legal state of affairs implies that the transition towards the cloud has important negative consequences for the possibility to manage information confidentiality, information security and the privacy of European end users in relation to foreign governments.

top

Pinterest's Accounts and Terms of Service for Businesses and their Potential Impact on Sweepstakes, Contests, and Other Promotions (Information Law Group, 27 Nov 2012) - On November 14, 2012, Pinterest, Inc. revamped the Terms of Service ("Terms") for Pinterest.com ("Pinterest") and created new business only accounts ("Business Accounts") to be governed by the site's new Business Terms of Service ("Business Terms"). Although commercial use of the service was always encouraged by Pinterest, its Acceptable Use Policy and prior versions of its Terms of Service seemingly prohibited commercial use of the service. The creation of Business Accounts makes clear that commercial activity is not only encouraged, but explicitly allowed on Pinterest. The new features available for Business Accounts include: * * * The primary impetus for the creation of Business Accounts appears to be a means of providing guidance on how to best use Pinterest to advertise your brand (see Pinterest's document which explains how to maximize Pinterest features to your brand's advantage). There is, however, limited guidance on what you can and cannot do on the service or when referencing Pinterest in marketing materials (also, Pins from Business Accounts are still subject to Pinterest's Acceptable Use Policy and Pin Etiquette Policy ). Pinterest provides this guidance in its new Logos, Trademarks and Marketing Guidelines .

top

YouTube Expands Captioning for Six New Languages (Washington Post, 28 Nov 2012) - YouTube announced Wednesday that it is expanding support for its automatic captioning service for six European languages. The company said that its service will now display captions in German, Italian, French, Portuguese, Russian and Dutch. That brings the total number of languages up to 10: YouTube already generates automatic captions for English, Japanese, Korean and Spanish. As with the current languages, viewers will be able to see the captions by clicking the "CC" button in the lower right-hand corner of eligible videos. The company provides the auto-captions as a baseline transcript of what's going in its videos. However, since speech recognition technology isn't perfect, it also provides editing tools to improve the quality of the captions on its site. Content creators can download their automatic captions to edit them or do so right on YouTube videos. They can also upload their own scripts or transcripts to sync with videos on the site. Those interested in captioning their videos can use free sites and services to generate transcripts. The deaf community advocacy group, Telecommunications for the Deaf and Hard of Hearing, Inc. has a list of resources for people looking for online captioning tools and information.

top

Online Rain: Survey Says a Virtual Presence May Pay (ABA Journal, 28 Nov 2012) - The ABA's 2012 Legal Technology Survey Report documents some good news from survey respondents who use Web 2.0 services in their practices-double-digit percentages reported they had clients who retained them directly or via referral as a result of the lawyers' use of online services. Results from the last three years of survey reports show (in the main) continued growth in the number of positive responses to questions about gaining clients through the use of blogs; social networks including Avvo, Facebook, LawLink, Legal OnRamp, LinkedIn, Martindale-Hubbell Connected and Plaxo; and microblogs like Twitter. Among the many other details in the six-volume study, 50 percent of respondents who blog reported spending less than one hour a week maintaining their legal- topic blogs. [Polley: @edadams reports " 11% of lawyers get business from Twitter, up from 0% 2 years ago. "]

top

Unsubscribe Confirmation Texts Get FCC OK (Benton Foundation, 29 Nov 2012) - The Federal Communications Commission granted a request by SoundBite Communications, Inc. (SoundBite) and confirm that sending a one-time text message confirming a consumer's request that no further text messages be sent does not violate the Telephone Consumer Protection Act (TCPA) or the FCC's rules as long as the confirmation text has the specific characteristics described in the petition. The ruling will allow organizations that send text messages to consumers from whom they have obtained prior express consent to continue the practice of sending a final, one-time text to confirm receipt of a consumer's opt-out request-a widespread practice among businesses, non-profit organizations, and governmental entities, which many parties in this proceeding, including a consumer group, assert is good consumer policy. The FCC emphasized that the ruling applies only when the sender of text messages has obtained prior express consent, as required by the TCPA and Commission rules, from the consumer to be sent text messages using an automatic telephone dialing system or "autodialer." The ruling ensures that wireless consumers will continue to benefit from the TCPA's protection against unwanted autodialed texts, while giving them certainty that their opt-out requests are being successfully processed.

top

Official Syrian Web Sites Hosted in U.S. (NYT, 29 Nov 2012) - Even as Syrians lost access to the Internet on Thursday, people outside the country could still browse the Syrian government's many Web sites for much of the day because they are hosted in foreign countries, including the United States. By nightfall, after being contacted by The New York Times, several host companies said they were taking down those sites. They and similar companies had been identified in reports published by Citizen Lab, a research laboratory that monitors North American Web service providers that host Syrian Web sites. For example, the Web site of SANA, the Syrian state news agency, is hosted by a Dallas company, SoftLayer Technologies. It is one of a handful of Internet providers based in the United States that sell their services, often unknowingly, to Web sites operated by the government of President Bashar al-Assad. HostDime.com in Orlando, Fla., hosts the Web site of Syria's Ministry of Religious Affairs. Jumpline.com hosts the site of the country's General Authority for Development. The government of Hama, a city that has seen heavy clashes between rebels and government troops, operated its Web site through WeHostWebSites.com in Denver. An executive order by President Obama prohibits American companies from providing Web hosting and other services to Syria without obtaining a license from the Treasury Department. On Thursday, State Department officials confirmed that providing the services was a violation of the United States sanctions. "Our policies are designed to assist ordinary citizens who are exercising their fundamental freedoms of expression, assembly and association," a spokesman, Mark C. Toner, said.

top

Patent Prosecutors Licensing of Copyrights for Prior Art Submissions (Patently-O, 29 Nov 2012) - The Copyright Clearance Center (CCC) is a collective agent for many copyright holders and serves as a one-stop-shop for folks to license copyrights for use. CCC offers licenses to many (perhaps most) of the academic publications (non-patent literature) submitted to the USPTO under the Rule 56 duty of disclosure. In recent years, CCC has implemented a buffet license approach that allows a business to use their entire catalog for a fixed negotiated price. Until recently, few patent law firms have seen any copyright infringement risk associated non-patent prior art because the copies are most typically obtained from a licensed database and the submission to the PTO and file-copies are both likely fair use and therefore would not constitute copyright infringement. Thus, most firms have developed their its patent prosecution practices with an implicit belief that its prosecution related uses of scientific journal articles are noninfringing uses of the articles. In the spring of 2012, the publisher John Wiley began suing patent law firms - taking the contrary view that (1) making file copies; (2) sharing copies with clients; and (3) submitting copies to the USPTO each constitute actionable copyright infringement. These lawsuits are ongoing. The CCC license would allow both internal copying and submitting copies to the USPTO, although it does not allow the sharing copies with clients. Of course, these actions were all previously thought to be fair use. Professor Jamie Boyle has an interesting essay from 2007 discussing the problems with this license. His main point is that once we start paying for fair use material it stops being fair use going forward and moves toward a "culture of permission" that, in his view, is normatively bad. * * * [Polley: interesting discussion; I had dealings with CCC for my corporate employer some time ago.]

top

The Mosaic Theory of the Fourth Amendment (Volokh Conspiracy, Orin Kerr, 29 Nov 2012) - The Michigan Law Review has posted the final version of my latest article, The Mosaic Theory of the Fourth Amendment, 111 Mich. L. Rev. 311 (2012) , on its website. Here's the abstract: In the Supreme Court's recent decision on GPS surveillance, United States v. Jones, five justices authored or joined concurring opinions that applied a new approach to interpreting Fourth Amendment protection. Before Jones, Fourth Amendment decisions had always evaluated each step of an investigation individually. Jones introduced what we might call a "mosaic theory" of the Fourth Amendment, by which courts evaluate a collective sequence of government activity as an aggregated whole to consider whether the sequence amounts to a search. This Article considers the implications of a mosaic theory of the Fourth Amendment. It explores the choices and puzzles that a mosaic theory would raise, and it analyzes the merits of the proposed new method of Fourth Amendment analysis. The Article makes three major points. First, the mosaic theory represents a dramatic departure from the basic building block of existing Fourth Amendment doctrine. Second, adopting the mosaic theory would require courts to answer a long list of novel and challenging questions. Third, courts should reject the theory and retain the traditional sequential approach to Fourth Amendment analysis. The mosaic approach reflects legitimate concerns, but implementing it would be exceedingly difficult in light of rapid technological change. Courts can better respond to the concerns animating the mosaic theory within the traditional parameters of the sequential approach to Fourth Amendment analysis.

top

Insurance Coverage for Data Breach Claims (The Corporate Counselor, Nov 2012) - The risk of a data breach is not limited to financial institutions or businesses engaged exclusively in e-commerce. Any business that accepts credit cards as a form of payment, which includes practically every business on earth, is at risk. In fact, smaller-sized brick and mortar business are frequently targets of hackers who assume, rightly or wrongly, that such businesses lack the ability to detect and prevent theft of customer data. Like any potentially catastrophic problem, insurance can be at least a partial solution. This article examines insurance coverage for data breaches. In-house counsel may be surprised to learn that coverage for data breaches is not limited to specialty policies, and can often be found under standard CGL or property insurance policies. Any time a potential data breach occurs, it is essential for an insured to consider all forms of insurance that it carries and to provide prompt notice to its insurer(s) of any policy that even potentially could apply.

top

Who's Tracking Your Reading Habits? An E-Book Buyer's Guide to Privacy (EFF, 29 Nov 2012) - The holiday shopping season is upon us, and once again e-book readers promise to be a very popular gift. Last year's holiday season saw ownership of a dedicated e-reader device spike to nearly 1 in 5 Americans, and that number is poised to go even higher. But if you're in the market for an e-reader this year, or for e-books to read on one that you already own, you might want to know who's keeping an eye on your searching, shopping, and reading habits. As we've done since 2009, again we've taken some of the most popular e-book platforms and combed through their privacy policies for answers to common privacy questions that users deserve to know. In many cases, these answers were frustratingly vague and long-winded. In nearly all cases, reading e-books means giving up more privacy than browsing through a physical bookstore or library, or reading a paper book in your own home. Here, we've examined the policies of Google Books , Amazon Kindle , Barnes & Noble Nook , Kobo , Sony , Overdrive , Indiebound , Internet Archive , and Adobe Content Server for answers to the following questions:

  • Can they keep track of searches for books?

· Can they monitor what you're reading and how you're reading it after purchase and link that information back to you? Can they do that when the e-book is obtained elsewhere?

· What compatibility does the device have with books not purchased from an associated eBook store?

· Do they keep a record of book purchases? Can they track book purchases or acquisitions made from other sources?

· With whom can they share the information collected in non-aggregated form?

· Do they have mechanisms for customers to access, correct, or delete the information?

· Can they share information outside the company without the customer's consent?

top

French CNIL Publishes English Language Compliance Guides (Hogan Lovells, 30 Nov 2012) - France's data protection authority, the Commission Nationale de l'Informatique et des Libertés (CNIL), released on November 14, 2012 English-language versions of its compliance guides for businesses. The first guide, "Methodology for Privacy Risk Management" , provides step-by-step guide for identifying risks and prioritising remedial actions. The second guide, " Measures for the Privacy Risk Treatment ", provides practical guidance on issues such as data deletion, anonymisation, encryption, providing right of access to data subjects, handing data breaches, and protecting against cyber attacks. This second guide provides useful ross-references to security standards published by the French agency for computer security, the ANSSI .

top

NOTED PODCASTS

How to Make Your Research Open Access (Whether You're at Harvard or Not) (Berkman, 23 Oct 2012, 63 minutes) - How do you make your own work open access (OA)? The question comes up from researchers at schools with good OA policies (like Harvard and MIT) and at schools with no OA policies at all. We invite you to join Peter Suber and Stuart Shieber of the Harvard Open Access Project, the Berkman Center community, and Office for Scholarly Communication in an open forum on the Harvard OA policies, concrete steps for making your work OA, and questions on any aspect of OA, especially from the perspective of publishing researchers. [Polley: pretty interesting stuff, with implications for the ABA's publishing strategies. The discussion about Reed Elsevier's default rule on republishing/deposit was pretty surprising to me, and the idea of publishing fee impositions on the author , as a way to pay the bills, was interesting.]

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

PHILIPS SAYS COPY-PROTECTED CDS HAVE NO FUTURE (Head-Fi, 2 Jan. 2002) -- Philips, the inventor of the Compact Disc, does not expect controversial attempts by the music industry to introduce CD "copy protection" technologies to last very long, because of consumer complaints. Philips is opposed to the use of copy protection systems. The technology is designed to stop CDs playing or being copied on personal computers but it can also prevent them from playing on many normal systems. As inventor of the CD standard and the industry's licensing body, Philips could refuse to license such copy protected discs as genuine CDs, or pursue some other legal obstruction to the practice. But Gary Wirtz, general manager of the Philips Copyright Office at its headquarters in the Netherlands, believes that copy protection technology will fail all by itself. "Any kind of legal action would take years and we don't expect these [discs] to last that long," Wirtz told New Scientist. "At the moment we are trying to reason with people rather than sue them." Wirtz believes that consumer complaints should put music companies off the technique. He adds: "It's not going to work, because any hacker can still make copies. It's only going to effect legitimate consumers and we know there have already been considerable complaints."

top

E-MAIL OVERLOAD IS A MYTH, STUDY SAYS (Washington Post, 9 Dec 2002) -- Most American workers are not -- repeat not -- overwhelmed by stuffed e-mail inboxes or vast amounts of spam, according to a new study that contradicts conventional wisdom that e-mail has become a major burden on people's lives. About 60 percent of workers surveyed for the study by the Washington-based Pew Internet & American Life Project said they receive an average of 10 or fewer messages per day. Pew's conclusions, however, do not match the findings of other organizations that study Internet use. "It makes no sense to me," said Maurene C. Grey, research director of Gartner Inc., a research firm in Stamford, Conn. "We've found workers are extremely overloaded. My gut reaction was who in the world were they interviewing? I would seriously question the results of that study." http://www.washingtonpost.com/wp-dyn/articles/A24684-2002Dec7.html [Editor's note (2002): Time travel -- that's the only explanation. Pew somehow interviewed email users in 1996.]

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. The Benton Foundation's Communications Headlines

11. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top