Saturday, March 16, 2013

MIRLN --- 24 February – 16 March 2013 (v16.04)

MIRLN --- 24 February - 16 March 2013 (v16.04) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | BOOKS | LOOKING BACK | NOTES

Secretly Taping Johns is not a Privacy Violation, State's Top Court Says (ABA Journal, 20 Feb 2013) - Maine's top court has upheld the dismissal of 46 charges against a businessman accused of taping a prostitute's sexual encounters, holding that the johns have no reasonable expectation of privacy under a state law banning recording in private places. The Maine Supreme Judicial Court dismissed the invasion of privacy charges against Mark Strong in a decision (PDF) on Friday. He was accused of videotaping people who paid to have sex with dance instructor Alexis Wright, who his was his business partner in a Zumba dance studio in Kennebunk. He still faces accusations that he promoted prostitution. "Places of prostitution and people who knowingly frequent them to engage a prostitute are not sanctioned by society," the court said. "Accordingly, it is objectively unreasonable for a person who knowingly enters a place of prostitution for the purpose of engaging a prostitute to expect that society recognizes a right to be safe from surveillance while inside."

top

HTC Settles Privacy Case Over Flaws in Phones (NYT, 22 Feb 2013) - More than 18 million smartphones and other mobile devices made by HTC, a Taiwanese company that is one of the largest sellers of smartphones in the United States, had security flaws that could allow location tracking of users against their will and the theft of personal information stored on their phones, federal officials said Friday. The Federal Trade Commission charged HTC with customizing the software on its Android- and Windows-based phones in ways that let third-party applications install software that could steal personal information, surreptitiously send text messages or enable the device's microphone to record the user's phone calls. The action is the first attempt by the commission to police a manufacturer of mobile devices. As smartphones and tablets become a common way for consumers to shop, bank and chat online, personal information and privacy will need to be guarded. HTC America, based in Bellevue, Wash., agreed to settle the civil suit with the commission by issuing software patches that close the security holes, and by creating a security program that will be monitored by an independent party for the next 20 years. The F.T.C. does not have the authority to assess fines in consumer protection cases. "The company didn't design its products with security in mind," Lesley Fair, a senior lawyer in the commission's Bureau of Consumer Protection, wrote in a blog post . "HTC didn't test the software on its mobile devices for potential security vulnerabilities, didn't follow commonly accepted secure coding practices and didn't even respond when warned about the flaws in its devices."

top

Michigan Right of Publicity Law (Harvard's DMLP, 25 Feb 2013) - This page covers legal information specific to the State of Michigan. For more general information, see the Legal Guide page on Using the Name or Likeness of Another ; for other states, see State Law: Right of Publicity . Although no state appellate court in Michigan has yet explicitly recognized a common law right of publicity, the U.S. Court of Appeals for the Sixth Circuit has opined that such a right would be recognized under Michigan law. In addition, Michigan's state appellate courts have recognized comparable protection in the nature of a property right under its "appropriation" tort. The state has no corresponding statute. Publications and political organizations concerned about infringing on a plaintiff's right of publicity should note that state appellate courts have interpreted the First Amendment to protect a broad range of speech from appropriation claims. For more detail, consult the First Amendment section below. The Sixth Circuit has suggested that Michigan would recognize a right of publicity to protect a person's 'identity' in addition to their name and likeness. It would therefore be possible to violate Michigan's common law right of publicity without employing a person's photo or name. In Carson v. Here's Johnny Portable Toilets, Inc. , 698 F.2d 831 (6th Cir. 1983), the U.S. Court of Appeals for the Sixth Circuit held that the use of an identifying catchphrase ("Here's Johnny") by a portable toilet company was enough to constitute an appropriation of Johnny Carson's identity under Michigan law. In fact, the court in Carson noted that the use of Johnny Carson's full name, John William Carson, would not have infringed on his right of publicity as it is distinct from his identity as celebrity.

top

Idaho Taxes Software in the Cloud (Westlaw Insider, 25 Feb 2013) - In a surprising and troubling move for the providers and users of "cloud" computing services, state tax authorities in Idaho ruled that software provided through cloud computing networks is subject to the state's six percent sales tax. The Idaho ruling characterized all computer software as tangible property subject to tax no mater how it is made accessible to users. Use of cloud computing networks to make software accessible to consumers is increasingly popular. The process of providing software through computer networks is commonly referred to as, "software as a service." Several states, including Virginia, Nebraska, Tennessee, Kansas, Rhode Island, and Wisconsin determined that software as a service is not subject to sales tax. They concluded that sales tax should only apply when a copy of software is downloaded to the possession of the end user. Most cloud computing systems provide access to shared software and do not involve downloading of copies. Other states are developing some form of sales tax specifically for application to software as a service. Those states include Washington, Texas, Indiana, New York, and Arizona. The Idaho ruling is reportedly based on the interpretation that software made accessible through cloud networks is within the "constructive" control of the end user. Idaho authorities contend that this constructive control is sufficient to make software as a service tangible property under Idaho law. Idaho is the only state, to date, that treats software in all forms as tangible property. Providers of cloud computing services fear that the Idaho action will adversely affect the popularity of cloud services by raising the costs of use. In addition to affecting the cost of software as a service, the Idaho ruling has potentially broader impact, as well. By characterizing all computer software as tangible property, Idaho has set the foundation for broad and possibly intrusive assertion of its state law against cloud service providers operating out of other jurisdictions.

top

Iowa Retains Media/Non-Media Distinction, Leaving Bloggers Vulnerable (Berkman's DMLP, 26 Feb 2013) - I've already written several posts about the overblown predictions that a ruling involving an Oregon blogger ( now on appeal ) would have dire consequences for bloggers in that state. But a recent decision by Iowa's Supreme Court on who can be considered "news media" under Iowa law may truly endanger bloggers and other online contributors in the Hawkeye State. The issue is that the Iowa Supreme Court decided to maintain the distinction in Iowa state law between "media" and "non-media" defendants, with the latter being easier to sue for some types of libel. Bierman v. Weier , No. 10-1503, 2013 WL 203611 (Iowa Jan. 18, 2013) is a libel suit based on Scott Weier's memoir, Mind, Body and Soul , which focuses on Weier's personal transformation after his divorce from plaintiff Beth Weier. In the book Scott Weier alleged that Beth suffered from mental illness because her father, plaintiff Gail Bierman, had molested her as a child. * * *

top

ABA Issues New Opinion: Judicial Ethics and Social Media (Ride The Lightning, 28 Feb 2013) - On February 21st, the American Bar Association released Formal Opinion 462 , Judge's Use of Electronic Social Networking Media. It offers a new acronym, ESM, meaning electronic social media. Judges are allowed to participate in ESM so long as they "comply with the relevant provisions of the Code of Judicial Conduct and avoid any conduct that would undermine the judge's independence, integrity or impartiality, or create an appearance of impropriety." Nothing new there but I did note this paragraph: A judge should disclose on the record information the judge believes the parties or their lawyers might reasonably consider relevant to a possible motion for disqualification even if the judge believes there is no basis for the disqualification. For example, a judge may decide to disclose that the judge and a party, a party's lawyer or a witness have an ESM connection, but that the judge believes the connection has not resulted in a relationship requiring disqualification. However, nothing requires a judge to search all of the judge's ESM connections if a judge does not have specific knowledge of an ESM connection that rises to the level of an actual or perceived problematic relationship with any individual. That is indeed new. I like the practicality of that advice. In the same way, we have had judges note on the record, "I know Mr. Simek of Sensei Enterprises and have had some social interactions with him - does (the other side) have any objection to proceeding in this case with Mr. Simek as an expert?" Invariably, the answer is "No, your Honor" but I love the transparency. Judges who are active on social media will certainly want to read this opinion carefully. [Polley: the ABA Journal's piece on the Opinion is here .]

top

What Does Your Lawyer Want You to Know About Social Media? (Gov't Technology, 28 Feb 2013) - The benefits of social media have been well documented in the public sector. From soliciting new ideas and opinions on Facebook to sending out key announcements through Twitter, social networks have become vital communication mediums for government agencies. But while online tools have made interacting with the public more convenient, the legal pitfalls associated with social media have also been exposed. Chief among those concerns are the free speech rights of users, particularly if a government entity deletes comments off its social pages. Municipal attorneys recommend that agencies refrain from deleting user commentary on official government Facebook walls or Twitter if those pages are open to public posting, which could be construed as a public forum in the eyes of the law. A public forum is a venue open to all types of expression allowed under the First Amendment like parks and streets. However, there is an exception if the speech incites violence or is threatening. In those cases, removing the comments won't subject an agency to liability on the basis of a First Amendment challenge, according to Christina Checel, senior deputy city attorney of Long Beach, Calif. But if someone posts a statement damning city services or making a political statement that's critical of elected officials, it must remain up. That advice may seem cut and dry, but it can get murky when the commentator is an employee of or affiliated with the government agency. * * *

top

CRS - Cybersecurity: Authoritative Reports and Resources (Congressional Research Service, 28 Feb 2013) - Cybersecurity vulnerabilities challenge governments, businesses, and individuals worldwide. Attacks have been initiated by individuals, as well as countries. Targets have included government networks, military defenses, companies, or political organizations, depending upon whether the attacker was seeking military intelligence, conducting diplomatic or industrial espionage, or intimidating political activists. In addition, national borders mean little or nothing to cyberattackers, and attributing an attack to a specific location can be difficult, which also makes a response problematic. Congress has been actively involved in cybersecurity issues, holding hearings every year since 2001. There is no shortage of data on this topic: government agencies, academic institutions, think tanks, security consultants, and trade associations have issued hundreds of reports, studies, analyses, and statistics. This report provides links to selected authoritative resources related to cybersecurity issues.

top

Federal Judge Alex Kozinski Talks About Using TOR to Surf Silk Road & The Armory for Drugs, Weapons and Hitmen (TechDirt, 1 March 2013) - While I don't always agree with him (who do I always agree with?), like many folks who follow legal issues, Judge Alex Kozinski, the chief judge of the court of appeals for the 9th circuit, is one of my favorite judges. Known almost as much for his ability to entertain as for his clear, well-written (and frequently funny) judicial rulings, one thing that's always been clear is that, unlike some judges, Kozinski is both down to earth and really inquisitive when it comes to understanding how things really work, rather than just accepting common wisdom. Last night, Judge Kozinski gave a lecture at Santa Clara University on "The Two Faces of Anonymity." As I expected, it was entertaining and insightful, with a few Kozinski-esque surprises thrown in. By far the most entertaining part of the evening was Kozinski sharing (with screenshots) his experience exploring the "hidden web." He claims that when he told his children about the topic of the talk, they told him he needed to explore the hidden web. So, "with some trepidation," he downloaded Tor and dove in, starting out at Silk Road, which still remains the most well known hidden website out there. As we've noted in the past, for all the excitement and press attention Silk Road has received for being a totally anonymous online marketplace used mainly for buying and selling drugs and other illicit goods, it still is a fairly small business . Still, Judge Kozinski detailed his exploration of the market, including checking out various drugs (including many he'd never heard of before). He also looked into the ability to buy forged documents and lots of counterfeit software.

top

More Companies Reporting Cybersecurity Incidents (Washington Post, 1 March 2013) - At least 19 financial institutions have disclosed to investors in recent weeks that their computers were targets of malicious cyber­assaults last year, a sign of growing openness among corporations about the breadth of cybersecurity incidents plaguing the private sector. In their annual financial reports to the Securities and Exchange Commission, major banks such as Bank of America, Citi, Wells Fargo and JPMorgan Chase, along with smaller institutions, have reported that their systems were hit with computer disruptions or intrusions. The disclosures are significant in that for years, companies, including banks, have been loath even to acknowledge that they have been victims of such incidents. But it appears that SEC guidance issued in October 2011 making clear that companies need to report significant computerized theft or disruption, combined with greater public attention to the issue, is forcing more disclosure. Also, the fact that the banks hit by the DDOS attacks have been named in media accounts has made ignoring them more difficult. Such corporations as eBay, LinkedIn, Level 3 Communications, Chesapeake Energy and AT&T have admitted they suffered intrusions or disruptions last year. "It's almost naive for most large companies in the critical infrastructure sector to say that they aren't subject to attack," said Paul Smocer, president of BITS, a financial services trade organization.

top

Newspapers Go All-In for Copyright Fight Against Clipping Service (Ars Technica, 3 March 2013) - A copyright battle between The Associated Press and an online news-clipping service is reaching a climax, and the case could have significant implications for fair use. AP sued Meltwater Group last year, arguing the "reputation management" company had a "parasitic business model" that violated copyright. Meltwater is defending the case, arguing that it is merely a search engine. Meltwater News is a media-monitoring service that helps corporations track what's being said about them in press outlets online. The company boasts that it can "track keywords, phrases, and topics in over 192,000 sources from over 190 countries and 100 languages" throughout the day. It doesn't send its subscribers full articles, but does copy snippets and headlines then provide links to full stories-like Google News. Last week, the nation's largest newspapers lined up to tell the New York federal judge considering the case that they support the AP. An amicus brief [ PDF ] was filed by The New York Times , The McClatchy Company, Advance Publications, and the Newspaper Association of America, which represents 200 newspapers around the country. In the brief, they argue that Meltwater isn't a search engine-it's a competitor. Briefs have also been filed in this case by the Electronic Frontier Foundation and the Computer & Communications Industry Association [ PDF ], a tech industry trade group that includes Google as a member. Both groups are supporting Meltwater.

top

Google Offers Searchable Map of All White Space Spectrum in the US (ArsTechnica, 4 March 2013) - If and when White Spaces networks become a major success story, it will be a very well-organized one . Internet-capable devices will get online by accessing the empty airwaves in unused TV channels, and they'll avoid interference with actual broadcasts by connecting to databases that keep track of all available spectrum. Google today began a public test of a White Spaces database to help make this a reality. Google isn't the first to operate one of these databases, but it's done so with a very Google-like approach. In addition to letting white space devices identify available spectrum, Google unveiled a browser-based tool that lets anybody find out what spectrum is available nearby.

top

CRS - Public Access to Data from Federally Funded Research (BeSpacific, 5 March 2013) - Public Access to Data from Federally Funded Research: Provisions in OMB Circular A-110 . Eric A. Fischer, Senior Specialist in Science and Technology. March 1, 2013 : "The results of scientific studies are often used in making government policy decisions. While the studies are often published, traditional federal research funding policies did not require the data on which they are based to be made available publicly. Such policies did, however, generally require researchers to share data and physical samples with other scientists after publication of the research. A rider, often called the Shelby Amendment or Data Access Act, that was attached to the Omnibus Appropriations Act for FY1999, P.L. 105-277, mandated the Office of Management and Budget (OMB) to amend Circular A-110 to require federal agencies to ensure that "all data produced under a [federally funded] award will be made available to the public through the procedures established under the Freedom of Information Act [FOIA]." The amendment
authorizes user fees. OMB was required to make changes and release a revised circular; subsequently, agencies that chose to do so issued their own conforming rules. The final revision was published in the Federal Register on October 8, 1999, and has not been changed in subsequent updates to the circular."

top

Google Releases First Data on National Security Letters (Mashable, 5 March 2013) - Google received somewhere between zero and 999 National Security Letters requesting information about its users in each of the last four years, according to newly revealed data released by the company today. This is the first time that Google, or any other company, has published data regarding the secretive information requests. National Security Letters (NSLs), which are different from subpoenas, are used by U.S. government agencies - particularly the FBI - when investigating national security matters. Their main peculiarity is that they contain a gag order preventing the recipient from disclosing the existence of the letter itself. This means that if the FBI requests data from Google about a certain user, Google can't notify the user of such a request. That is why we know so little about the extent of their use. According to the Electronic Communications Privacy Act, the FBI can use NSLs to seek non-content data like "the name, address, length of service, and local and long distance toll billing records." For Google, this means that the FBI can't ask for "Gmail content, search queries, YouTube videos or user IP addresses," with an NSL, the company wrote in its updated FAQ .

top

FTC Staff Report Examines Growing Use of Mobile Payments Report Includes Recommendations for Industry (BeSpacific, 8 March 2013) - "As part of its efforts to ensure that consumers are protected in the growing mobile marketplace, the Federal Trade Commission issued a staff report today highlighting key issues facing consumers and companies as they adopt mobile payment services. The report, titled Paper, Plastic… or Mobile? An FTC Workshop on Mobile Payments , is based on a workshop held by the Commission in 2012 to examine these issues."

top

Why We Miss the First Sale Doctrine in Digital Libraries (John Palfrey in TheDigitalShift, 8 March 2013) - Publishers, ebook vendors, and libraries are engaged in a "tug of war" over the lending of electronic books, according to Library Journal 's recent ebook survey . This clash inhibits most libraries from fulfilling their important institutional missions to provide access to knowledge and preserve our cultural heritage. In the best case, this tug of war will be a temporary struggle. The best outcome is not a winner who holds all the rope and another lying on the ground with rope-burned hands. If there must be a winner of any kind, it ought to be the reading public. In this article, the fourth installment in a series on the initiative to build a Digital Public Library of America , I examine the underlying role of law in the ebook lending debate, explore potential solutions to the problems, and consider how the DPLA can contribute to solutions for those we serve. At the core of this issue is the way the copyright law works-or doesn't-when it comes to books, libraries, and readers in the United States today and into the future. A bit of background on the relevant law helps to set the scene for the tug-of-war. In the United States, copyright law grants to the creators of original works of authorship a bundle of exclusive rights -namely, the ability to legally exclude others from copying, adapting, distributing, displaying, and performing their creations. Should an individual (or a library, for that matter) make use of a copyrighted work in a manner that implicates one of these rights, an exception to the law must apply; otherwise, the copyright owner may be able to make a successful claim for infringement. * * *

top

En Banc Ninth Circuit Holds That Computer Forensic Searches Are Like "Virtual Strip Searches" And Require Reasonable Suspicion At the Border (Volokh Conspiracy, 8 March 2013) - Today the Ninth Circuit handed down its long-awaited en banc decision in United States v. Cotterman , a case on the lawfulness of searching a computer at the border. (My prior posts are here , here , here , and here .) Today the Ninth Circuit announced a special rule for computer searches: Although a "review of computer files" can occur without reasonable suspicion, the "forensic examination" of a computer at the border requires reasonable suspicion because it is "akin to reading a diary line by line looking for mention of criminal activity-plus looking at everything the writer may have erased."

top

When it Comes to Getting News on Twitter, You Are Who You Follow? (GigaOM, 10 March 2013) - As Nate Silver discussed earlier today at SXSW in Austin on Sunday, the polarization of cable news and politics means that if you're a serious Rachel Maddow fan, there's only a tiny chance that you also vote Republican, and the same is true of Sean Hannity listeners and chances they'll go for Democrats. But as we change where we get our news and turn to places like Twitter for information and verification of facts, it's important to ask how that polarization will translate to social media - if it will at all. Several journalists discussing the future of news dissemination (something we'll also be discussing at paidContent Live in April) tied these issues to those of crowdsourced news, particularly in the Middle East, when the tensions between accuracy and access are most apparent. NBC correspondent Ayman Mohyeldin made an interesting argument about verification, arguing that people should be free to select the accounts they want to follow and personally decide whether to trust that information or not, just as they tune into particular cable shows in the United States and apply their own sense of skepticism to Maddow and Hannity.

top

Small Businesses Have Big Data Breach Problems (Ride The Lightning, 11 March 2013) - A recently released report issued by the Ponemon Institute reveals that 55 percent of U.S. small businesses have experienced at least one data breach, but only a third notified individuals that their personal information had been exposed. The companies which participated had annual revenues of less than $10 million. The survey indicated that 53 percent had multiple breaches. That last statistic should raise eyebrows. And since 46 states have data breach notification laws, it is disturbing that a third of the respondents did not notify the people affected by the breach. 70 percent of the respondents believed that sensitive data is more likely to be breached when the data is outsourced - but 62 percent do not have contracts in place requiring third parties to cover the costs associated with a breach. It is troubling that 85% share customer and employee records with third parties such as those which provide billing, payroll, employee benefits, web hosting and information technology services but obviously are not taking adequate data security precautions.

top

"Regulation of Social Media and Mobile Media" Talk Slides (Eric Goldman, 12 March 2013) - Last month, I spoke at the ABA Antitrust Section's always-well-done Consumer Protection Conference . This time I was recruited as the provocateur to discuss the challenges of regulating social media and mobile media. Regular readers know where I stand on that question .

top

How to Make Effective Disclosures in Digital Advertising (FTC, March 2013) - In the online marketplace, consumers can transact business without the constraints of time or distance. One can log on to the Internet day or night and purchase almost anything one desires, and advances in mobile technology allow advertisers to reach consumers nearly anywhere they go. But cyberspace is not without boundaries, and deception is unlawful no matter what the medium. The FTC has enforced and will continue enforcing its consumer protection laws to ensure that products and services are described truthfully online, and that consumers understand what they are paying for. These activities benefit consumers as well as sellers, who expect and deserve the opportunity to compete in a marketplace free of deception and unfair practices. The general principles of advertising law apply online, but new issues arise almost as fast as technology develops - most recently, new issues have arisen concerning space- constrained screens and social media platforms. This FTC staff guidance document describes the information businesses should consider as they develop ads for online media to ensure that they comply with the law.

top

FTC Can Serve Foreign Defendants Via Facebook, Federal Judge Rules (ABA Journal, 13 March 2013) - The Hague Service Convention doesn't expressly authorize service on foreign defendants by email or social media accounts. But, saying that a U.S. court has the power under the treaty and the Federal Rules of Civil Procedure to approve supplemental means of service, a federal judge in Manhattan has OK'd a plan for the Federal Trade Commission to serve to serve defendants in India with duplicate sets of documents both by email and via Facebook, according to Reuters . The federal courts need to keep an open mind about new technology, wrote U.S. District Judge Paul Engelmayer in his opinion (PDF) last week, to which the S.D.N.Y. Blog provides a link. The judge determined that Facebook service was authorized by Fed. Rule Civ. Pro. 4(f)(3), which provides that "a Court may fashion means of service on an individual in a foreign country, so long as the ordered means of service (1) is not prohibited by international agreement; and (2) comports with constitutional notions of due process." He cited a 1980 decision in which a federal court in New York authorized service by Telex, as well as a recent opinion by the San Francisco-based 9th U.S. Circuit Court of Appeals approving service by email. "The court acknowledges that service by Facebook is a relatively novel concept, and that it is conceivable that defendants will not in fact receive notice by this means," wrote Engelmayer. "But, as noted, the proposed service by Facebook is intended not as the sole method of service, but instead to backstop the service upon each defendant at his, or its, known email address. And history teaches that, as technology advances and modes of communication progress, courts must be open to considering requests to authorize service via technological means of then-recent vintage, rather than dismissing them out of hand as novel." The unusual ruling apparently is one of the first of its kind in the United States. A 2009 article in the Federal Courts Law Review says courts in Australia and New Zealand have also OK'd service by Facebook, Reuters notes, and in 2009 the British High Court allowed service to be made via Twitter . This year, the High Court also authorized service by Facebook .

top

Massachusetts Supreme Judicial Court Expands Consumer Zip Code Privacy Protection (Edwards Wildman, 12 March 2013) - In a closely watched case with a somewhat unexpected result, the highest Massachusetts court decided in Tyler v. Michaels Stores that zip codes are "personal identifying information" that may not be collected and recorded as part of a credit card transaction. A consumer could establish a violation of the state's unfair business practices statute based on retailers' collection and entry of zip codes at the point of sale, if some distinct injury or harm was met, said the Mass. Supreme Judicial Court ("SJC"). Plaintiff's privacy claim, which was also brought as a class action, was permitted to move forward even though the collection of zip codes did not cause the plaintiff to become a victim of identity fraud. The Court found that the plaintiff could establish a claim merely by showing that she received unwanted marketing materials from the merchant as a result of disclosing her zip code, or that the merchant sold the zip code information for a profit to a third party. With the Court's ruling, even zip code information that does not directly identify the consumer is nevertheless "personal identifying information" because, the court noted, it can be combined with other information enabling merchants to identify the consumer's address and telephone number through publicly available databases.

top

RESOURCES

International Compendium of Data Privacy Laws (Baker Hostetler, March 2013) - Privacy and data protection issues confront all organizations-whether you handle employee information, credit card data, sensitive financial information, or trade secrets. Securing data is a daunting task that is further complicated by cross-border transfer issues and the differences in privacy laws around the world. These laws are complex and can pose myriad and sometimes conflicting obligations to a multinational enterprise. Our practitioners are experienced at guiding our clients through this maze of global privacy norms. The BakerHostetler Privacy and Data Protection Team has developed a prompt and practical approach. We have a comprehensive international network of expert service providers who are responsive when our clients require support and guidance through a data security event. This compendium represents our global experience in this field. While it is not a substitute for legal advice, it is a reference guide that outlines the basic requirements in place when dealing with international data breach so that you can know what immediate steps to take, and what questions you need to ask to minimize your company's exposure.

top

BOOKS

A Practical Guide to Software Licensing for Licensees and Licensors (5th Edition, by Ward Classen, available thru the ABA Webstore) - [Polley: I reviewed the 4th edition in MIRLN 15.07. This new edition still contains a CD with contract language (perfect for cut-and-paste) and new chapters on FOSS, Maintenance & Support, and ancillary clauses). With a discount for ABA Business Law Section members, it's a worthwhile addition to your library.]

top

LOOKING BACK

Furtive Phone Photography Spurs Ban (BBC, 4 April 2003) -- As camera phones become more popular, national, governments, local authorities and some businesses are starting to restrict the places they can be used. Italy's data protection commissioner has issued stringent rules governing how the phones can be used and some other organisations, including strip clubs and gyms, have banned the phones from their premises. Picture phones are already banned in Saudi Arabia and their use is frowned upon in other Middle Eastern nations. Some people have already been prosecuted for misusing their mobile phone camera. In mid-March the Italian information commissioner, which oversees the ways that companies and individuals use data they collect about other people, issued regulations setting out what people can do with camera phones. The rules only allow images of people to be snapped for personal use, demand that the images be kept safe and require users to tell people if the image they have taken of them will appear online. The Italian data watchdog is worried that people will abuse the ease with which snaps can be taken with phones such as the Nokia 3650, SonyEricsson T68, Panasonic GD87 and Sharp GX-10. Some Middle Eastern nations are banning picture phones To head off such abuse Saudi Arabia's Commission for Promoting Virtue and Preventing Vice has banned the phones. In the United Arab Emirates and Japan some men have already been prosecuted for using their camera phone to surreptitiously take voyeuristic pictures of women.

top

Use a Honeypot, Go to Prison? (SecurityFocus, 16 April 2003) -- Using a honeypot to detect and surveil computer intruders might put you on the working end of federal wiretapping beef, or even get you sued by the next hacker that sticks his nose in the trap, a Justice Department attorney warned Wednesday. "There are some legal issues here, and they are not necessarily trivial, and they're not necessarily easy," said Richard Salgado, senior counsel for the Department of Justice's computer crime unit, speaking at the RSA Conference here Wednesday. An increasingly popular technique for detecting would-be intruders, a honeypot is a type of hacker flypaper: a system that sits on an organization's network for no other purpose than to be hacked, in theory diverting attackers away from genuinely valuable targets and putting them in an closely monitored environment where every keystroke can be analyzed. But that monitoring is what federal criminal law calls "interception of communications," said Salgado, a felony that carries up to five years in prison. Fortunately for honeypot operators, there are exemptions to the Federal Wiretap Act that could be applied to some honeypot configurations, but they still leave many hacker traps in a legal danger zone. One exemption permits interception of a communication if one of the parties consents to it the monitoring. To that end, Salgado suggested that honeypots display a banner message warning that use of the computer is monitored. "You can banner your honeypot... and you've got the argument that they saw the banner, continued using the system, and consented to monitoring," he said. But most hackers don't penetrate a system through the front door -- telneting in or surfing to a web page -- and if they never see the banner, they haven't consented to monitoring. "It's not the silver bullet."

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/ 10. The Benton Foundation's Communications Headlines

11. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top