- The Protection of Classified Information: The Legal Framework
- FTC Tightens Rules to Protect Children's Privacy Online
- Cyberinsurance: Understanding the Risks
- Health-Care Sector Vulnerable to Hackers, Researchers Say
- New Mandate Would Require Military Contractors to Report Cyber Breaches
- Insurers Evaluating their Clients' Risk Exposures are Advised to Monitor their Own Cybersecurity Exposures, Particularly Related to Mobile and BYOD
- Accessing Email Server from Canada Supported Personal Jurisdiction in the U.S.
- EFF: Limit Software Patents
- Superior Court of Ontario Allows Lawyers and Journalists to Use Electronic Media in Court
- 6 States Bar Employers From Demanding Facebook Passwords
- Punishing Hackers Even When They Do No Damage
- Stored Communications Act Does Not Protect Information Stored On Cell Phone
- Most Popular Intellectual Property and Technology Law Blogs
- California Rules on Ethics of Social Media Postings
- Defendant Not Entitled to "Delve Carte Blanche" Into Plaintiff's Social Media Accounts
- Handling Disputes Over Access To Employee Social Network Accounts
- Postal Service to Host Cloud-Based Public-Private ID Protection Network
- Dinosaur Alert: Irish Newspapers Desperately Trying to Charge for Links
- Privacy Plaintiffs in Deep Packet Inspection Case Get No Love From the Tenth Circuit
- The U.S. Fair Use Defense In Other Jurisdictions
- Originality in Photographs According to US Court of Appeals
- Anonymous Petitions U.S. to See DDoS Attacks as Legal Protest
The Protection of Classified Information: The Legal Framework (CRS Study, Jennifer K. Elsea, Legislative Attorney. December 17, 2012) - The publication of secret information by WikiLeaks and multiple media outlets, followed by news coverage of leaks involving high-profile national security operations, has heightened interest in the legal framework that governs security classification and declassification, access to classified information, agency procedures for preventing and responding to unauthorized disclosures, and penalties for improper disclosure. Classification authority generally rests with the executive branch, although Congress has enacted legislation regarding the protection of certain sensitive information. While the Supreme Court has stated that the President has inherent constitutional authority to control access to sensitive information relating to the national defense or to foreign affairs, no court has found that Congress is without authority to legislate in this area. This report provides an overview of the relationship between executive and legislative authority over national security information, and summarizes the current laws that form the legal framework protecting classified information, including current executive orders and some agency regulations pertaining to the handling of unauthorized disclosures of classified information by government officers and employees. The report also summarizes criminal laws that pertain specifically to the unauthorized disclosure of classified information, as well as civil and administrative penalties. Finally, the report describes some recent developments in executive branch security policies and legislation currently before Congress ( S. 3454 ).
FTC Tightens Rules to Protect Children's Privacy Online (Washington Post, 19 Dec 2012) - Web sites and mobile apps will have to get parental permission to collect photos, videos and a wide array of other information that children expose online under federal guidelines released Wednesday. The Federal Trade Commission's update to child online privacy laws comes after a two-year debate over how far the government should go to protect the privacy of children 12 and younger without curbing the practices of a thriving Web economy that relies on data for advertising. The amendments require companies to get permission from parents to collect a child's photographs, videos and geolocational information - all content that social media, online games and mobile devices have made easy to share. Companies such as Google and Viacom must also have a parent's consent before using tracking tools, such as cookies, that use IP addresses and mobile device IDs to follow a child's Web activity across multiple apps and sites. In the end, the FTC decided that those companies would be liable only when they have "actual knowledge" that their partner sites are collecting information about children. App stores such as Apple's iTunes and Google Play won't be liable for the child privacy practices of its hundreds of thousands of apps, the FTC said. Others said the updates were too heavy-handed and might define a kid-oriented site too broadly. Angry Birds, for example, is a game that is largely popular among adults but is animated and may appear to be aimed at children.
Cyberinsurance: Understanding the Risks (Michigan Bar Journal, Fall 2012) - Business lawyers are often involved with risk management and insurance coverage issues. We are expected to be familiar with the types of insurance and the scope of coverage, whether in the general operation of the client's businesses, the negotiation of contracts in which they are a vendor or a purchaser of services, or in the general assessment of risk management. Our business clients typically purchase insurance products for property, personal injury, and general commercial liability cover- age, and may also obtain coverage for certain acts of directors and officers, errors and omissions coverage, or other employee practices. When dealing with cyberinsurance, however, there is a complete paradigm shift. The assessment of real risks becomes a critical part of the analysis. This article will seek to pro- vide some high-level thoughts and recommendations for understanding this area.
Health-Care Sector Vulnerable to Hackers, Researchers Say (Washington Post, 25 Dec 2012) - As the health-care industry rushed onto the Internet in search of efficiencies and improved care in recent years, it has exposed a wide array of vulnerable hospital computers and medical devices to hacking, according to documents and interviews. Security researchers warn that intruders could exploit known gaps to steal patients' records for use in identity theft schemes and even launch disruptive attacks that could shut down critical hospital systems. A year-long examination of cybersecurity by The Washington Post has found that health care is among the most vulnerable industries in the country, in part because it lags behind in addressing known problems. "I have never seen an industry with more gaping security holes," said Avi Rubin, a computer scientist and technical director of the Information Security Institute at Johns Hopkins University.
New Mandate Would Require Military Contractors to Report Cyber Breaches (NextGov, 26 Dec 2012) - The Defense authorization bill approved by Congress last week would require contractors to tell the Pentagon about penetrations of company-owned networks that handle military data. If President Obama signs the legislation into law, it would make permanent part of a Pentagon test program under which participating contractors report computer breaches in exchange for access to some classified cyber threat intelligence. What began as a defense industrial base pilot program in 2011 was opened to all interested military vendors in May. In October, reports surfaced that five of the 17 initial contractors dropped out of part of the program in which the National Security Agency shares classified threat indicators with the participants, apparently because they concluded the requirements for participation were too expensive and time-consuming for any enhanced security benefit. At the time, Lockheed Martin Corp. executives who help run the program noted the growth potential of another segment of the program that allows contractors to voluntarily share information about breaches to their networks without revealing identifying information to fellow contractors and the government. Now they say interest in the whole program is increasing. [The] second part basically reveals to contractors, or their Internet service providers, digital footprints of malicious software so antivirus scans can block the malware. The program's regulations state that, in exchange for this intelligence, contractors must disclose breaches they have suffered "within 72 hours of discovery." Congress's measure only states that contractors are mandated "to rapidly report" to the Defense Department each "successful penetration of the network or information systems" carrying military data.
Insurers Evaluating their Clients' Risk Exposures are Advised to Monitor their Own Cybersecurity Exposures, Particularly Related to Mobile and BYOD (Insurance Networking, 28 Dec 2012) - As insurers evaluate their 2013 risk management programs, they are faced with a growing concern over the long-term effects of cybersecurity attacks. This concern is shared by some legislators in Washington, however, in November, the Cybersecurity Act of 2012 (CSA) failed to pass the U.S. Senate. The vote was portrayed as Republican obstructionism, even though five Democrats voted against the bill and four Republicans voted for it, according to the online site The Foundry . Meanwhile, the President has vowed to issue an executive order to implement at least some of the elements of the bill. Corporate board concerns are also growing, as directors are faced with a host of liabilities related to cybersecurity, not the least of which is federal reporting standards. As a result, boards are increasingly directing management to implement processes for identifying, assessing, and monitoring the ever-evolving sophistication of cybersecurity risks. Many are making cybersecurity a top-priority risk oversight issue. These events create compelling reasons to encourage commercial lines customers to include cybersecurity in their insurance portfolio, and insurers are in a scramble to evaluate and highlight the greatest risk exposures and vulnerabilities to the corporate enterprise and beyond.
Accessing Email Server from Canada Supported Personal Jurisdiction in the U.S. (Internet Cases blog, 28 Dec 2012) - MacDermid, Inc. v. Deiter , No. 11-5388 (2d Cir. December 26, 2012) The Second Circuit reversed a District Court that held it could not exercise personal jurisdiction over a Canadian defendant accused of accessing email servers located in Connecticut. Defendant lived and worked in Canada for a U.S.-based company having its principal place of business in Connecticut. She knew her company's email servers were located in Connecticut. When she learned that she was about to be terminated from her position, she forwarded confidential company data from her work email account to her personal account. The former employer sued in the U.S. District Court for the District of Connecticut. That court dismissed the case, holding that the relevant Connecticut state statute (Conn. Gen. Stat. § 52-59b(a)) did not authorize the exercise of personal jurisdiction. The lower court found that although the statute authorized personal jurisdiction over one who "uses a computer" in the state, defendant's alleged computer use took place exclusively in Canada. Plaintiff-employer sought review with the Second Circuit Court of Appeals. On appeal, the court reversed, holding that the state statute authorized the exercise of personal jurisdiction, and that such exercise comported with due process.
EFF: Limit Software Patents (Patently-O, 28 Dec 2012) - Since the Supreme Court's 2010 Bilski ruling, the Federal Circuit has been consistent on only one point in its § 101 jurisprudence-and that's on being inconsistent. In the face of the Federal Circuit's failure to provide a workable § 101 standard, the Supreme Court issued its unanimous ruling in Mayo v. Prometheus, essentially telling the Federal Circuit to take the patentable subject matter inquiry seriously. Yet the Federal Circuit paid no heed when it issued ruled in CLS Bank v. Alice, all but ignoring the Supreme Court (for many of us court watchers, the Federal Circuit's failure to address Mayo was shocking; even Judge Prost, in her dissent, admonished the majority for "fail[ing] to follow the Supreme Court's instructions-not just in its holding, but more importantly in its approach."). So it really was no surprise when the Federal Circuit agreed to take CLS en banc. We, along with many others, hope that this case would provide the Court an opportunity to head the Bilski Court's warning that: "The Information Age empowers people with new capacities to perform statistical analyses and mathematical calculations with a speed and sophistication that enable the design of protocols for more efficient performance of a vast number of business tasks. If a high enough bar is not set when considering patent applications of this sort, patent examiners and courts could be flooded with claims that would put a chill on creative endeavor and dynamic change. (130 S. Ct. at 3229)." As currently interpreted, § 101 leaves parties unable to discern a patent's metes and bounds or assess its validity, making inadvertent infringement an unfortunate cost of doing business. This has led to a dangerous and dramatic increase in patent litigation, particularly surrounding business method patents or those covering software. For better or worse (and I think worse), the major uptick in these cases involved non-practicing entities.
Superior Court of Ontario Allows Lawyers and Journalists to Use Electronic Media in Court (SLAW, 2 Jan 2013) - The Superior Court of Justice of Ontario has issued a 'protocol' that will (as of February 1) allow lawyers, licensed paralegals, law students, self-represented parties, and 'media or journalists' to use electronic communications devices (broadly defined to include laptops and smart phones) in court without express permission. Naturally there are some conditions, including:
- don't disturb the proceedings
- don't distribute any information that is subject to a publication ban
- don't take any pictures
- don't distribute recordings (though lawyers and journalists may make recordings for their own use)
6 States Bar Employers From Demanding Facebook Passwords (Wired, 2 Jan 2013) - California and Illinois on Tuesday joined four others in becoming the union's only states barring employers from demanding that employees fork over their social-media passwords. Congress unsurprisingly couldn't muster the wherewithal to approve the Password Protection Act of 2012, so a handful of states have taken it upon themselves. The new laws come amid reports nationwide that employers were demanding access to their employees' or potential employees' personal, non-public data on Facebook, Twitter and other social-media accounts. Facebook, too, said in March that it noticed an increase in complaints about employers demanding "inappropriate access" to Facebook accounts . California's and Illinois' laws took force Tuesday, the first day of the year. Michigan's and New Jersey's became active last month and Maryland's , in October. Delaware's measure became law in July.
Punishing Hackers Even When They Do No Damage (Steptoe, 3 Jan 2013) - The U.S. District Court for the Northern District of Illinois has held, in Chadha v. Chopra, that a party suing under the Stored Communications Act (SCA) can recover punitive damages and attorneys' fees without having to prove actual damages. The court noted that federal courts are split over whether a party must prove actual damages in order to recover statutory damages under the SCA. However, the court held that the statutory language also provides for recovery of punitive damages, and does not require proof of actual damages as a prerequisite to an award of punitive damages and attorneys' fees. This will make it easier for victims to use civil suits to go after hackers.
Stored Communications Act Does Not Protect Information Stored On Cell Phone (Steptoe, 3 Jan 2013) - The Fifth Circuit has held, in Garcia v. City of Loredo, that information stored on and accessed from a cell phone is not covered by the SCA. Accordingly, an employer who accessed the contents of plaintiff's cell phone without authorization did not violate the statute. This is the latest in a string of decisions that declined to extend SCA protection to personal computers and cell phones, and limited it to data stored by an electronic communications service provider.
Most Popular Intellectual Property and Technology Law Blogs (Barry Sookman, 3 Jan 2013) - One of the best ways to stay on top of IP/Tech legal developments is by subscribing to blogs. In the IP/Tech field, there are many very good ones to choose from. Justia's BlawgSearch lists and ranks many of them. I subscribe to over 90. Over the holidays, and with the help of McCarthy Tetrault articling student Addison Cameron-Huff, I ranked them by popularity. There is no perfect tool for conducting this type of evaluation. I relied on RSS subscriber counts using the RSS subscriber base of Google Reader, iGoogle and Google Desktop as a proxy. I also reviewed each site's Google PaegRank and Alexa rank which were somewhat helpful in confirming or determining popularity. Set out below is a listing of legal IP/Tech blogs ordered by popularity and geography as follows: (1) Top 10 blogs worldwide; (2) Canada; (3) UK/Australia and other Commonwealth countries; (4) EU; and (5) US.
California Rules on Ethics of Social Media Postings (Robert Ambrogi, 3 Jan 2012) - Would you consider it ethical for a lawyer to post the following to a social media site such as Facebook: "Another great victory in court today! My client is delighted. Who wants to be next?" In California, that post would violate the Rules of Professional Conduct, according to a recent ethics opinion issued by the State Bar of California's Standing Committee on Professional Responsibility and Conduct. The opinion, issued late in December, considered the following issue: Under what circumstances would an attorney's postings on social media websites be subject to professional responsibility rules and standards governing attorney advertising? More specifically, it considered five actual posts by an attorney to a social media site that, although not identified as such, sounds to have been Facebook. According to the opinion, the site was one where "only individuals whom the Attorney has approved to view her personal page may view this content." It went on to say that the attorney had about 500 approved contacts, or "friends," who were a mix of personal and professional acquaintances, "including some persons whom Attorney does not even know." The ethics panel hinged its analysis on Rule 1-400 of California's Rules of Professional Conduct. The ethics panel concludes its opinion with this summary: Attorney may post information about her practice on Facebook, Twitter, or other social media websites, but those postings may be subject to compliance with rule 1-400 if their content can be considered to be "concerning the availability for professional employment." Such communications also may be subject to the relevant sections of California Business and Professions Code sections 6157 et seq.
Defendant Not Entitled to "Delve Carte Blanche" Into Plaintiff's Social Media Accounts (InfoLawGroup, 4 Jan 2013) - A federal court in Montana has held that a plaintiff in an insurance dispute was protected from having to turn over all of her social media content to her litigation opponent. The court's decision helps define the contours of discoverable information in cases involving social media evidence. Plaintiff was injured in an auto accident and sued defendant insurance company after it refused to pay medical bills. Defendant served a production request seeking, among other things, "a full printout of all of [plaintiff's] social media website pages and all photographs posted thereon . . . from August 26, 2008 to the present." Plaintiff objected to the request on grounds it was overly burdensome and harassing. Defendant moved to compel production of the social media content. The court denied the motion. The court examined a number of recent decisions in which litigants have sought broad access to their opponents' social media content. It noted that Romano v. Steelcase, Inc. , 907 N.Y.S.2d 650 (N.Y. Sup. Ct. 2010) demonstrated how social media evidence may be relevant to claims involving a plaintiff's alleged injuries. And it looked to E.E.O.C. v. Simply Storage Management, LLC , 270 F.R.D. 430 (S.D. Ind. 2010) to observe that such material is not protected from discovery merely because a party deems the content "private." Defendant argued that because plaintiff alleged a "host" of injuries, her social media accounts "may very well undermine or contradict" those allegations. But defendant could not point to any publicly available content (e.g., photos showing plaintiff engaging in strenuous activity) to support that contention. The court found defendant had not come forward with evidence that plaintiff's public postings undermined her personal injury claims. Guided by Tompkins v. Detroit Metropolitan Airport , 278 F.R.D. 387 (E.D. Mich. 2012), which held that one does not have a "generalized right to rummage" through his or her opponents' social media content, the court held that defendant was not "entitled to delve carte blanche into the nonpublic sections of [plaintiff's] social networking accounts." [case is Keller v. National Farmers Union Property & Cas. Co., 2013 WL 27731 (D. Mont. January 2, 2013)]
- and -
Handling Disputes Over Access To Employee Social Network Accounts (MLPB, 9 Jan 2013) - Zoe Argento, Roger Williams University School of Law, has published Whose Social Network Account? A Trade Secret Solution to Allocating Rights as Roger Williams University Legal Studies Paper No. 131 (to be published in Michigan Telecommunications and Technology Law Review). Here is the abstract. Who has the superior right to a social network account? This is the question at issue in the growing number of disputes between employers and workers over social network accounts. The problem has no clear legal precedent. Although the disputes implicate rights under trademark, copyright and privacy law, these legal paradigms fail to address the core issue. At base, disputes over social network accounts are disputes over the right to access the account's followers - the people, sometimes numbering in the tens of thousands, who follow an account. This article evaluates the problem from the perspective of the public interest in social network use, particularly in use that blurs professional and personal roles. The article argues that the public interest is best served by resolving these disputes under a trade secret approach.
Postal Service to Host Cloud-Based Public-Private ID Protection Network (NextGov, 4 Jan 2013) - The U.S. Postal Service has been tapped to manage a yearlong trial of technology that ultimately should allow citizens to securely register for online services at multiple agencies -- without obtaining multiple passwords and other digital identification for each service. Within days USPS is expected to begin hiring one or more cloud companies to host the simplified access network, according to a government notice . The so-called Federal Cloud Credentialing Exchange, or FCCX, will act as a middleman between agencies and approved popular ID providers, such as Verizon and PayPal, that already have verified the identities of many citizens for e-commerce transactions, federal officials said this week. If this service works, one day a person might be able to change an address online by logging on to USPS.gov with the same passcode or smart card that person uses to file taxes through IRS.gov and buy books from Amazon.com. The exchange is meant to be part of a larger public-private movement. So far, agencies have stumbled leading the country on a likely decade-long endeavor, called the National Strategy for Trusted Identities in Cyberspace, to ensure Internet users are who they say they are when interacting online. One concern is that the strategy relies on trusting an embryonic industry of nongovernment "credential providers" to certify sensitive personal information. To soothe nerves, the Obama administration in November 2012 decided to start small, only at the Postal Service, with a model that can be scaled up government wide later, according to a draft work order .
Dinosaur Alert: Irish Newspapers Desperately Trying to Charge for Links (PaidContent, 4 Jan 2013) -There's plenty of experimentation going on in the media business when it comes to finding new methods of monetizing content: leaky paywalls at the New York Times and others, API licensing at The Guardian , membership models like the one Andrew Sullivan just launched , and so on. Irish newspapers, however, would apparently prefer to just charge people for linking to their content - as much as 300 Euros for each link. In a statement released on Friday , the country's newspaper industry also confirms that it is lobbying to have Irish copyright laws define links as copyright infringement. This fight has been going on behind the scenes for some time, but recently came to light when Irish lawyer Simon McGarr wrote about attempts by the Irish newspaper industry's licensing body to charge one of his clients (a charity called Women's Aid) a fee for linking to newspaper content. According to McGarr, the newspaper licensing group told the charity it had to pay an annual license fee: 300 Euros for one to 5 links, 500 Euros for 6 to 10 links - with a sliding scale extending all the way to 50 links, which would theoretically cost the charity 1,350 Euros. According to the licensing body: "a licence is required to link directly to an online article even without uploading any of the content directly onto your own website." Not surprisingly, this position has been ridiculed by a number of media-industry observers, including journalism professors Jay Rosen and Jeff Jarvis , as well as George Brock of City University in London - some Irish journalists have even apologized on Twitter for their country's behavior. But in a press release on Friday, the group that represents most of Ireland's papers maintained that it has every right to charge websites for links, and that it believes linking to newspaper content for commercial purposes should constitute copyright infringement. [Polley: some evidence of slight retreat on 9 Jan here .]
Privacy Plaintiffs in Deep Packet Inspection Case Get No Love From the Tenth Circuit (Eric Goldman's blog, 7 Jan 2013) - This is an appeal from one of the many lawsuits against IAPs for implementing the ill-fated NebuAd "deep packet inspection" system. Here's my post on the district court grant of summary judgment in favor of Embarq: Deep Packet Inspection Lawsuits: NebuAd Partner ISP Wins Summary Judgment . Plaintiffs do not fare any better in their appeal. On the factual side, plaintiffs were not able to develop any evidence that (1) Embarq obtained or utilized any of the data extracted by NebuAd, or (2) the flow of data through Embarq's system differed in any way from how data typically flowed through Embarq's system (the big exception being that the data was routed in a way that allowed NebuAd to extract data regarding plaintiffs). Canvassing the ECPA's legislative history and context, and the fact that there's no general federal statutory liability for aiding and abetting (absent a clear Congressional directive), the court says that Embarq cannot be held liable for any alleged ECPA violations of NebuAd. Thus, the court looks to see if Embarq violated the ECPA directly. With respect to whether Embarq itself "intercepted" plaintiffs' communications, the court notes the clunky application of the term "intercept" to the facts. "Interception" is defined as the "acquisition" of a communication's "contents," but the line between "access" and "acquisition" is murky at best. The court instead relies on the portion of the definition of "device" that excludes any equipment "used by a provider of wire or electronic communication services in the ordinary course of its business." Noting there was no dispute that Embarq only acquired the same access to the data that it had as an IAP, the court concludes that Embarq falls under this exception and can't be held liable for intercepting plaintiffs' communications. Ouch. There were some mildly favorable facts to Embarq (the fact that it was paid an absurdly small amount of money for participating in the DPI test), but I still find the emphatic defense win somewhat remarkable. Kirch v. Embarq Management , No. 11-3275 (10th Cir. Dec. 28, 2012)
The U.S. Fair Use Defense In Other Jurisdictions (MLPB, 8 Jan 2013) - Graeme W. Austin, Victoria University of Wellington, has published The Two Faces of Fair Use at 25 New Zealand Universities Law Review 285 (2012). Here is the abstract: Responding to suggestions that the "fair use" defence in US copyright law should be exported to other jurisdictions, this article scrutinises the different ways in which the defence has been applied in decisional law. Fair use cases fall into two broad categories. First, the defence has been applied to ensure that the exercise of the copyright monopoly does not significantly fetter downstream creativity by other authors. Here, the prevailing doctrine requires that the defendant's use be genuinely "transformative", which, at the very least, requires the defendant to be using the plaintiff's work in new and creative ways - transforming it into something new. Secondly, fair use has been applied to new technological innovations - such as digital search engines - that do not themselves transform the underlying works, but instead often provide new ways of disseminating copyright-protected material. The paper argues that only the first use of the fair use defence is consistent with traditional fair use doctrine. Accordingly, if policy makers anticipate that fair use should be applied in a way that shields technological entrepreneurship from copyright litigation, they ought to make that clear. Even if that approach were adopted, however, it is questionable whether fair use litigation is an appropriate vehicle for facilitating technological development. The final part of the article explores some of the problems that might arise through this kind of "economic regulation through litigation."
Originality in Photographs According to US Court of Appeals (The 1709 blog, 9 Jan 2013) - What is original (and is thus protectable) and what is not in a photograph? Questions like these have troubled copyright lawyers (and possibly courts, too) since the invention of photography itself. As this blogger learnt from The Hollywood Reporter , the First Circuit Court of Appeals has just delivered a decision addressing this Hamlet's dilemma, in little more than 6,000 words. The case is Donald A Harney v Sony Pictures Television, Inc, and A&E Television Networks, LLC , a fascinating appeal from the US District Court for the District of Massachusetts with an even more intriguing factual background. On a sunny spring day in 2007, freelancer Donald Harney snapped a photograph of a blonde girl in a pink coat riding piggyback on her father's shoulders while leaving a Boston church on Palm Sunday. The picture became extremely well-known, especially when it was revealed that the father portrayed therein was a German citizen who had assumed, amongst the others, the name Clark Rockefeller (real name: Christian Gerhartsreiter). A "professional" imposter who had passed himself off as a member of the high profile Rockefeller family and whose previous false identities included descendant of British royalty, Wall Street investment advisor and rocket scientist, Gerhartsreiter abducted his daughter during a parental visit (more on this story on Vanity Fair here ). Harney's photograph was thus used in a FBI "Wanted poster" and widely disseminated in the media. In 2010, Sony produced a TV film based on Rockfeller's identity deception and entitled Who is Clark Rockfeller? (trailer available here ). This included an image that resembled, as far as pose and composition were concerned, Harney's photograph, although a number of details was different. Harney thought of bringing an action for copyright infringement against Sony, but the district court eventually dismissed it. According to Circuit Judge Lipez, Harney's photo and the image displayed in the film shared several important features. However, copying another's work does not invariably constitute copyright infringement, as it is permissible to mimic the elements which cannot be protected because unoriginal. The inquiry into substantial similarity embraces two different types of scrutiny * * *. [Polley: for an egregious similar example under UK law, see MIRLN 15.02's " Similar but Not Copied; Image Found to Breach Copyright ".]
Anonymous Petitions U.S. to See DDoS Attacks as Legal Protest (CNET, 10 Jan 2013) - It's hard to imagine a group that adheres to anarchic ideology would want its actions legalized under U.S. law. But that is exactly what Anonymous is doing. The loose-knit group of hackers submitted a petition to President Obama this week asking that distributed denial-of-service attacks be recognized as a legal form of protest. The petition , which is posted on the White House's "We the People" Web site, claims that DDoS attacks are not illegal hacking but rather a way for people to carry out protests online. Similar to the Occupy movement when protesters pitched tents in public spaces, the petition says DDoS attacks also occupy public spaces in order to send a message. Anonymous has claimed responsibility for many DDoS attacks over the years, the majority of which had political overtones. For example, in an effort to defend WikiLeaks in 2010, the hacking group launched a slew of DDoS attacks on companies, government agencies, and organizations it believed to be "impairing" WikiLeaks' efforts to release classified information. This year, Anonymous has also led DDoS campaigns against Syrian government Web sites for the government's alleged shutdown of the Internet; and it has conducted a "cyberwar" against the Israeli government in protest of government attacks on Gaza.
EFF's Guide to CDA 230: The Most Important Law Protecting Online Speech (EFF, 6 Dec 2012) - In 1996, while debating the intricacies of a bill that would massively overhaul the telecommunications laws of the United States, two astute Congressmen introduced an amendment that would allow the Internet to flourish. The amendment-which would become Section 230 of the Communications Decency Act (CDA 230)-stated that "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." In other words, online intermediaries that host or republish speech-blogs, review sites, social networks, and more-are protected against a range of laws that might otherwise be used to hold them legally responsible for what others say and do. CDA 230 is crucial to the free flow of expression online. While the rest of the Communications Decency Act, an attempt by the government to regulate indecent content online, was found unconstitutional by the courts, Section 230 survived. As Judge Wilkinson put it in the seminal CDA 230 case, Zeran v. America Online , "Section 230 was enacted, in part, to maintain the robust nature of Internet communication, and accordingly, to keep government interference in the medium to a minimum." Websites could edit, filter, and screen content if they wanted without being held liable for the content itself. To better inform everyone on the Internet of the importance of this law, we have created an extensive guide to CDA 230 . We feel that it is crucial for everyone to familiarize themselves the fundamental laws protecting free speech online, whether you're a lawyer, innovator, student, entrepreneur, policymaker, or simply an Internet user. Why? Well, despite the fact that courts have affirmed time and time again how crucial CDA 230 is, states have attempted to pass laws that undercut its authority. One prominent example is in Washington state, where the state legislature attempted to make online service providers criminally liable for providing access to content posted by third parties. EFF, on behalf of the Internet Archive, successfully challenged the statute on CDA 230 and constitutional grounds, obtaining a preliminary injunction from a federal judge in July and obtaining an agreement today from the state to permanently enjoin the statute's enforcement. We're strong believers in the idea that a safe future for civil liberties rests in the hands of an educated and informed public. With that in mind, check out our new guide to CDA 230 . Not only will it inform you about the basics of the law, but it has some pretty nifty features: (1) Key Legal Cases ; (2) Legislative History ; (3) EFF Involvement ; (4) CDA 230 Successes ; and (5) Infographic: CDA 230's Importance .
LOOKING BACK - MIRLN TEN YEARS AGO
(note: link-rot has affected about 50% of these original URLs)
ABA RELEASES NEW SURVEY OF LAWYERS' TECHNOLOGY USAGE (ABA, 17 Sept 2003) -- Lawyer use of technology to provide legal services in the United States is nearly universal. More than 98 percent of respondents to the ABA's 2002 Legal Technology Survey indicated that they used a computer for work-related tasks. The survey is a comprehensive look at how the legal profession uses technology. More than 3,000 ABA members in private practice in the U.S. returned questionnaires relating to law office computing, litigation and courtroom technology, and Web and communications. The survey covers issues including technology training, budgeting, hardware and software purchases, as well as where and how lawyers use technology. Lawyers continue to adopt technologies common in other industries, underscoring the similar business needs lawyers have with other professions. More than 40 percent of respondents use personal digital assistants, up 10 percent from the 2001 survey. Nearly 20 percent use a laptop as their primary computer, and more than two-thirds have access to a laptop on a temporary basis. Wireless networking is slowly gaining ground, particularly among solo lawyers, of whom 6 percent report using WiFi. Broadband access is increasingly popular, with 29 percent of respondents indicating they used DSL and 25 percent using a T1 line. Only 3 percent use ISDN for Internet access, and 2 percent use a wireless connection. Fewer than 2 percent of lawyers use computers with a Macintosh operating system. Linux and Unix hold a similar slice of law firm network operating systems. Microsoft accounts for the majority of networks, with just over 14 percent of law firms still using Novell. There appear to be more law firms with local area networks this year, with 79 percent of firms indicating they have a LAN, up from 71 percent in 2001. Surprisingly, fewer than half of the law firms responding to the survey had policies regarding acceptable use of internal e-mail of computers. Just over 40 percent had disaster recovery or business continuity plans, despite an increased awareness in the susceptibility of businesses to terrorism and other threats. The legal profession remains document-centric, with word processing software available at 96 percent of law firms, although it's only used personally by 66 percent of lawyers. E-mail software is also a staple of the modern lawyer, available at 93.5 percent of firms, and personally used by 73 percent of respondents. Microsoft Word continues as the leading word processor in law firms, in use by 72.5 percent of respondents, with 43.5 percent using Corel WordPerfect. http://www.abanet.org/media/sep03/091703.html
COURT SETS TEST FOR E-DISCOVERY REQUESTS (BNA's Internet Law News, 15 May 2003) -- A New York court has sought to establish a new test for e-discovery requests. The court said that while most courts rely considerations such as the specificity of the request, the likelihood of discovering critical information, the availability of the information from other sources, the purpose for which the data is kept, the relative benefits to the parties, the costs, and the ability of each side to pay those costs, it would add to the list of considerations of "the amount in controversy" and the "issues at stake in the litigation." Case name is Zubulake v. UBS Warburg. http://www.law.com/jsp/article.jsp?id=1052440727620
MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:firstname.lastname@example.org?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.
SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu
2. InsideHigherEd - http://www.insidehighered.com/
3. SANS Newsbites, email@example.com
4. NewsScan and Innovation, http://www.newsscan.com
5. Aon's Technology & Professional Risks Newsletter
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html
7. McGuire Wood's Technology & Business Articles of Note
8. Steptoe & Johnson's E-Commerce Law Week
9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/
10. The Benton Foundation's Communications Headlines
11. Readers' submissions, and the editor's discoveries
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top