MIRLN --- 9-29 June 2013 (v16.09) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)
ANNOUNCEMENTS | NEWS | RESOURCES | LOOKING BACK | NOTES
- Prosecutors' Use of Mobile Phone Tracking is 'Junk Science,' Critics Say
- Mounting Evidence of the NSA Warrantless Surveillance
- A.C.L.U. Files Lawsuit Seeking to Stop the Collection of Domestic Phone Logs
- Officials: NSA Doesn't Collect Cellphone-Location Records
- Here's Everything We've Learned About How the NSA's Secret Programs Work
- What We Don't Know About Spying on Citizens: Scarier Than What We Know
- Latest Glenn Greenwald Scoop Vindicates One of the Original NSA Whistleblowers
- The Criminal N.S.A.
- Spain Pushing for Right to Install Government Spyware on Citizens' Devices
- Passengers Can Challenge Gov't GPS Tracking, Court Finds
- When Artworks Crash: Restorers Face Digital Test
- Ponemon Cost of Data Breach 2013
- Copies, Rights and Copyrights
- Bank's New Cybersecurity Audits Catch Law Firms Flat-Footed
- LawSauce App Helps You Locate Legal Materials Worldwide
- Use of Tor and E-Mail Crypto Could Increase Chances that NSA Keeps Your Data
- Data Breaches: Telcos And ISPs Have 24 Hours to Come Clean, Says EU
- New "E-Proxy Handbook"
- American Bankers' Association Claims Routing Numbers Are Copyrighted
- Second Circuit Suggests that the Plain View Exception Should Be Applied More Narrowly to Digital Searches
- EU Asserts Jurisdiction Over Google's Servers
- No New Trials When Jurors Haven't Adequately Disclosed Facebook Friendships
ANNOUNCEMENTS
ABA Journal/Ross Contest for Short Fiction (deadline 31 July 2013) - The ABA Journal is accepting entries for the 2013 ABA Journal/Ross Contest for Short Fiction. Entries should be original works of fiction, no longer than 7,500 words. Entries should illuminate the role of law and/or lawyers in modern life. The winner will receive a prize of $3,000. View the full rules and entry form here: http://www.abajournal.com/contests/ross_essay
Polley: In late July the ABA will publish The ABA Cybersecurity Handbook: A Resources for Attorneys, Law Firms and Business Professionals , with chapters on sources of the risk, legal and ethical obligations, practice-setting specifics, planning and recovery, and insurance. Through the ABA Cybersecurity Legal Task Force I've been heavily involved in this, and think it'll be an invaluable resource for US lawyers of all stripes.
NEWS
Prosecutors' Use of Mobile Phone Tracking is 'Junk Science,' Critics Say (ABA Journal, 1 June 2013) - At his trial last year on federal kidnapping and conspiracy charges, prosecutors sought to introduce cell tower evidence purporting to show that calls placed from defendant Antonio Evans' cellphone could have come from his aunt's house, where the victim was thought to have been held for ransom. That's not unusual. Hardly a day goes by when some prosecutor doesn't go to court armed with cell tower evidence he or she claims places a defendant in the vicinity of a crime the defendant is accused of committing. What made the Evans case unusual was the fact that the defense even put up a fight to keep the cell tower evidence out of the trial. Evans' lawyers said the technique has not been shown to be scientific. Such testimony usually goes unchallenged, presumably because most defense lawyers either accept at face value prosecutors' assurances that cell tower evidence is scientific or because they don't know enough about the underlying technology to understand its limitations. And, on the few occasions that it has been challenged, the courts have always let it in. Until U.S. District Judge Joan H. Lefkow of Chicago came along, that is. Lefkow, who tried the Evans case, took an in-depth look at the cell tower evidence the government was proposing to use and found it wanting. The judge wrote that "multiple factors can affect the signal strength of a tower" and an FBI special agent's "chosen methodology has received no scrutiny outside the law enforcement community." As a result, the court concluded that the government had not demonstrated that testimony was reliable, Lefkow wrote in an Aug. 29, 2012, opinion and order. Critics of cell tower tracking, as the practice is often called, say the decision is long overdue. It marks the first partial defense victory against the use of such evidence on Daubert grounds, the test formulated in the 1993 U.S. Supreme Court case Daubert v. Merrell Dow Pharmaceuticals. The test says that the judge should rule on the admissibility of scientific information submitted to assist the fact finder. It is used by federal and many state courts to determine the admissibility of expert testimony. Critics hope the case represents a turning point in the courts' general tendency to submit when dubious scientific techniques such as cell tower tracking are proffered. Michael Cherry, the CEO of Cherry Biometrics, a Falls Church, Va.-based consulting firm that has led the legal assault on cell tower tracking, calls it "junk science" that should never be admitted in any court for any reason. In fact, he can't believe that such an easily disproved technique, which has been around for a decade or more, is still routinely being used in court.
Mounting Evidence of the NSA Warrantless Surveillance (EFF, 6 June 2013) - EFF has so much evidence of the surveillance now that we've created a timeline . In brief, America first learned about the secret surveillance in a 2005 New York Times exposé which disclosed one aspect of the NSA's domestic surveillance program. We learned that the Bush Administration had been illegally tapping phone lines in the U.S. without warrants or court permission immediately following the 9/11 attacks. President Bush himself admitted at least some of what the government was doing. In early 2006, EFF received photos and blueprints from former AT&T technician Mark Klein. These undisputed documents show that AT&T installed a fiberoptic splitter at its facility in San Francisco which sends copies of all AT&T customers' emails, web browsing, and other Internet traffic to the NSA. Later in 2006, USA Today and a number of other newspapers published a story disclosing that the NSA had compiled a massive database of call records from American telecommunications companies, which included AT&T, Verizon, and Bell South. This was confirmed by a number of members of Congress. Information has continued to trickle out over time. In 2009, the New York Times reported the NSA was still collecting purely domestic communications in a "significant and systematic" way after the FISA Amendments Act was passed in 2008. [Polley: useful, broad review]
- and -
A.C.L.U. Files Lawsuit Seeking to Stop the Collection of Domestic Phone Logs (NYT, 11 June 2013) - The American Civil Liberties Union sued the Obama administration on Tuesday over its "dragnet" collection of logs of domestic phone calls, contending that the once-secret program - whose existence was exposed last week by a former National Security Agency contractor - is illegal and asking a judge to stop it and order the records purged. The lawsuit could set up an eventual Supreme Court test. It could also focus attention on this disclosure amid the larger heap of top secret surveillance matters revealed by Edward J. Snowden, the former N.S.A. contractor who came forward Sunday to say he was their source. The program "gives the government a comprehensive record of our associations and public movements, revealing a wealth of detail about our familial, political, professional, religious and intimate associations," the complaint says , adding that it "is likely to have a chilling effect on whistle-blowers and others who would otherwise contact" the A.C.L.U. for legal assistance. In other lawsuits against national security policies, the government has often persuaded courts to dismiss them without ruling on the merits by arguing that litigation would reveal state secrets or that the plaintiffs could not prove they were personally affected and so lacked standing in court. This case may be different. The government has now declassified the existence of the program. And the A.C.L.U. is a customer of Verizon Business Network Services - the recipient of a leaked secret court order for all its domestic calling records - which it says gives it standing.
- and -
Officials: NSA Doesn't Collect Cellphone-Location Records (WSJ, 16 June 2013) - The National Security Agency sweeps up data on millions of cellphones and Internet communications under secret court orders. But as it mounts a rigorous defense of its surveillance, the agency has disclosed new details that portray its efforts as tightly controlled and limited in scope, while successful in thwarting potential plots. As part of this program, however, the NSA chooses not to collect such data as the nearest cellphone tower used to place or receive a mobile call, U.S. officials said. In a statement released this weekend, the Office of the Director of National Intelligence said the NSA program doesn't collect "any cell phone locational information." Such information has been found to be of value to criminal investigators, who can use it to link suspects with crime scenes. However, the U.S. official said the data doesn't provide sufficient intelligence value to justify the resources that would be required to use it. [Polley: Why ever not? They certainly were collecting IP addresses for email (and maybe VoIP calls), which provide limited geographical information. Color me skeptical on this disclaimer. Also, parse their language very closely - when they say they "aren't collecting XXX-type of information under this program", they are NOT saying they don't collect it under some other program. These kinds of "lawyer tricks" are unbecoming and thwart serious debate.]
- and -
Here's Everything We've Learned About How the NSA's Secret Programs Work (Washington Post, 25 June 2013) -- In the last few days, the press has focused on NSA leaker Edward Snowden and his efforts to evade capture by the U.S. government. But the more important story is what we've learned about National Security Agency surveillance programs thanks to his disclosures. Any one of Snowden's revelations would have been a big story in its own right. But the news has been coming so rapidly that it's difficult to keep track of it all. So here's a handy guide to the recent revelations about what the NSA has been doing.
- and -
What We Don't Know About Spying on Citizens: Scarier Than What We Know (Bruce Schneier in The Atlantic, 6 June 2013) [Polley: part of a thorough, large compendium of US surveillance resources and information - one of the most useful CryptoGram issues ever.]
- and -
Latest Glenn Greenwald Scoop Vindicates One of the Original NSA Whistleblowers (Business Insider, 27 June 2013) - William Binney - one of the best mathematicians and code breakers in National Security Agency (NSA) history - worked for America's premier covert intelligence gathering organization for 32 years before resigning in late 2001 because he "could not stay after the NSA began purposefully violating the Constitution." Binney claims that the NSA took one of the programs he built, known as ThinThread, and started using the program and members of his team to spy on virtually every U.S. citizen under the code-name Stellar Wind. Thanks to NSA whistleblower/leaker Edward Snowden, documents detailing the top-secret surveillance program have now been published for the first time. And they corroborate what Binney has said for years. From Glenn Greenwald and Spencer Ackerman of The Guardian: "The collection of email metadata on Americans began in late 2001, under a top-secret NSA program started shortly after 9/11, according to the documents. Known as Stellar Wind, the program initially did not rely on the authority of any court - and initially restricted the NSA from analyzing records of emails between communicants wholly inside the US." However, the NSA subsequently gained authority to "analyze communications metadata associated with United States persons and persons believed to be in the United States," according to a secret Justice Department memo from 2007 that was obtained by the Guardian. Binney explains that how ThinThreat was built to track electronic activities - phone calls, emails, banking and travel records, social media , etc. - and map them to collect "all the attributes that any individual has" in every type of activity and build a real-time profile based on that data. Greenwald and Ackerman, citing the NSA documents, describe how mining metadata from U.S. phone calls and especially Internet communications, which continues to this day, allows the NSA to performs "contact chaining" by which the agency can "analyzed networks with two degrees of separation (two hops) from [a] target." [Polley: the NSA documents are fascinating -- http://s3.documentcloud.org/documents/717973/doc0171.pdf and http://s3.documentcloud.org/documents/717974/nsa-memo.pdf . Fascinating, and very depressing. Panopticon.]
- and finally -
The Criminal N.S.A. (NYT OpEd, 27 June 2013) - The twin revelations that telecom carriers have been secretly giving the National Security Agency information about Americans' phone calls, and that the N.S.A. has been capturing e-mail and other private communications from Internet companies as part of a secret program called Prism, have not enraged most Americans. Lulled, perhaps, by the Obama administration's claims that these "modest encroachments on privacy" were approved by Congress and by federal judges, public opinion quickly migrated from shock to "meh." It didn't help that Congressional watchdogs - with a few exceptions, like Senator Rand Paul, Republican of Kentucky - have accepted the White House's claims of legality. The leaders of the Senate Intelligence Committee, Dianne Feinstein, Democrat of California, and Saxby Chambliss, Republican of Georgia, have called the surveillance legal. This view is wrong - and not only, or even mainly, because of the privacy issues raised by the American Civil Liberties Union and other critics. The two programs violate both the letter and the spirit of federal law. No statute explicitly authorizes mass surveillance. Through a series of legal contortions, the Obama administration has argued that Congress, since 9/11, intended to implicitly authorize mass surveillance. But this strategy mostly consists of wordplay, fear-mongering and a highly selective reading of the law. Americans deserve better from the White House - and from President Obama, who has seemingly forgotten the constitutional law he once taught.
Spain Pushing for Right to Install Government Spyware on Citizens' Devices (ZDnet, 6 June 2013) - The Spanish government is looking to pass legislation that would allow police to install spyware on suspected criminal's computers, according to a report. Spanish daily El País reported on Tuesday that the bill, drawn up by the ministry of justice, is still in its draft phase. But should it be passed into law, police authorities would have the power to install spyware on computers, laptops, tablets, mobile phones and even USBs and external hard drives in order to harvest personal information about the owner. The bill states that targets would have to be suspected of terrorism, organised crime, child pornography, online fraud or cyber-bullying offences carrying a minimum sentence of three years for the use of spyware to be authorised. The spyware would be installed remotely, the report said, and the target machine would have to be physically located in Spain.
Passengers Can Challenge Gov't GPS Tracking, Court Finds (ArsTechnica, 7 June 2013) - Thanks to the United States v. Jones Supreme Court decision from January 2012, we now know that law enforcement cannot place a GPS tracking device on someone's car without a warrant. But what if you're merely a passenger in the car-not the owner-and efforts to track the presumed target also track you ? According to a new decision (PDF) this week from the Massachusetts Supreme Judicial Court, you'd still have standing to challenge the government's electronic surveillance of your movements . The Electronic Frontier Foundation, which filed an amicus brief in the case, applauded the ruling on Friday , noting that "while the decision only applies in Massachusetts, it's important for state courts and legislators to protect their citizens' privacy concerns and build momentum for other state courts and legislatures-as well as federal courts and Congress-to do the same."
When Artworks Crash: Restorers Face Digital Test (NYT, 9 June 2013) - Paintings fade; sculptures chip. Art restorers have long known how to repair those material flaws, so the experience of looking at a Vermeer or a Rodin remains basically unchanged over time. But when creativity is computerized, the art isn't so easy to fix. For instance, when a Web-based work becomes technologically obsolete, does updated software simply restore it? Or is the piece fundamentally changed? That was the conundrum facing the Whitney Museum of American Art, which in 1995 became one of the first institutions to acquire an Internet-made artwork. Created by the artist Douglas Davis, "The World's First Collaborative Sentence" functioned as blog comments do today, allowing users to add to the opening lines. An early example of interactive computer art, the piece attracted 200,000 contributions from 1994 to 2000 from all over the globe. By 2005 the piece had been shifted between computer servers, and the programmer moved on. When Whitney curators decided to resurrect the piece last year, the art didn't work. Once innovative, "The World's First Collaborative Sentence" now mostly just crashed browsers. The rudimentary code and links were out of date. There was endlessly scrolling and seemingly indecipherable text in a format that had long ago ceased being cutting edge. For a generation, institutions from the Museum of Modern Art in New York to the Pompidou Center in Paris have been collecting digital art. But in trying to restore the Davis work, which was finally debugged and reposted at the end of May, the Whitney encountered what many exhibitors, collectors and artists are also discovering: the 1s and 0s of digital art degrade far more rapidly than traditional visual art does, and the demands of upkeep are much higher. Nor is the way forward clear.
Ponemon Cost of Data Breach 2013 (Symantec, June 2013) - Symantec and the Ponemon Institute proudly present the 2013 Cost of Data Breach reports. The 2013 Cost of Data Breach Study: Global Analysis is based on the actual data breach experiences of 277 companies around the globe and takes into account a wide range of direct and indirect business costs. Country reports are available for the United States, United Kingdom, France, Germany, Italy, India, Japan, Australia, and Brazil (new). [Polley: Aggregate costs are largely unchanged from last year, but the cause of breaches has finally tipped: malicious activity now accounts for a plurality of breaches, and the per-record costs for such malicious breaches is $277, versus the average per-record cost of $188. See also Regulations' Impact on Data Breach Costs (BankInfo Security, 11 June 2013)]
Copies, Rights and Copyrights (Public Knowledge, 13 June 2013) - Without any education in copyright law, pretty much everyone can explain what they can legally do with the books, CDs, and DVDs that they own. They can use them, lend them, give them away, sell them, and so on. They can't copy them and distribute those copies at will. Transfer those same copyrighted works into the format of digital files, though, and the law starts to diverge sharply from intuition. It's an open question as to whether or not I can sell someone my "used" mp3s, even if I delete them after I send them over. A number of lawyers will still argue over whether or not I can rip my DVD of The Avengers to my iPad. And I may not be able to give my ebook collection to my heirs when I die. It's a basic feature of our laws that you have a lot of rights over your own physical property. You can sell your car to whomever you like, repair it, modify it up to (and well beyond) the bounds of taste or sanity, lend it to anyone, and even rent it out for others to use. The same is true of pretty much anything else you have in your possession- your umbrella, your coat, and your desk. But reach over to those software discs on your desk and something changes- you're standing on much shakier ground. And if you pull out an audio CD from the dusty stack next to those, things can get even more complicated. To a large extent, this difference is due to copyright law, which gives authors particular rights over how other people can use their creative works. This power contrasts, and occasionally conflicts with, ordinary property law. [Polley: there's much more in the rest of the report.]
Bank's New Cybersecurity Audits Catch Law Firms Flat-Footed (ABA Journal, 13 June 2013) - Under pressure from federal regulators, who are concerned about lax cybersecurity at law firms, the Bank of America Merrill Lynch has begun conducting audits on the law firms it does business with, to verify what they are doing to protect sensitive information. Although experts have been warning for some time that such audits were looming, a number of law firms have been caught flat-footed, assistant B of A general counsel Richard Borden told attendees at a recent conference for top in-house lawyers, Corporate Counsel reports. Similar audits may be looming in the United Kingdom, where regulators also are concerned that law firms may represent the "soft underbelly" of clients, such as defense contractors, that are likely to be targeted by hackers, according to ITV News . And in both the U.S. and north of the border, law firms and their clients are increasingly concerned about cybersecurity issues and how best to address them, Canadian Lawyer Magazine reports. Many insurers are now require that compliance programs be in place before they will place coverage for cybersecurity risks, the article notes. "It's been really interesting dealing with the law firms, because they're not ready," said Borden, an in-house cybersecurity lawyer who has been helping the group that's auditing the Bank of America's outside counsel. "Some of them are, I should say, but there are many that aren't. And it actually does pose a threat." Auditors are looking to see if the law firm has a cybersecurity plan, he told Corporate Counsel, and, if so, whether it is followed. Since mobile electronic devices are a likely weak area, one issue is whether confidential information sent to them is encrypted. Additionally, unwary employees clicking on malicious links in email remains a common cause of problems, just as it has been for years.
LawSauce App Helps You Locate Legal Materials Worldwide (Robert Ambrogi, 17 June 2013) - Two experts in legal research have developed an app for iOS and Android devices that they describe as like an international GPS for lawyers, helping you quickly locate the right web resource for a variety of legal research tasks. After trying it out over several days, I am impressed by how much it covers. In some cases, however, I was tripped up by anomalies in how the app organizes resources. I found myself confused about why certain resources were omitted, when it turns out some of them were there all along, only not where I thought I'd find them. More on that below. Called LawSauce , the app helps you sift through the variety of legal materials available online and find the ones best suited to help you find what you need. It covers more than 100 jurisdictions and includes more than 8,000 links. More links are being added all the time - in fact new links were added just this morning. The app was developed by Ruth Bird, law librarian at the Bodleian Law Library at the University of Oxford in the U.K., and Natalie Wieland, legal research skills adviser at the University of Melbourne Law School in Australia. The app works by guiding you to the appropriate resource. For example, let's say you want to find a case from the Constitutional Court of South Africa. The first screen in LawSauce asks you to select a task. From the drop-down menu, tap, "Find Cases." That takes you to the next screen, which asks you to select a region. Tap "Africa." The next screen asks you to select a jurisdiction, so from a list of African countries, you tap "South Africa." The next screen asks you to select a title. Various resources are listed, but you tap, "Constitutional Court of South Africa." Next you go to a screen that asks you select a resource. Only one is listed - the World Legal Information Institute. Click "Next" and you come to a page that summarizes your selections and has a hyperlink to the World LII. (If the selected resource is not free, LawSauce displays a dollar sign.) Tap the link to open your device's browser and go to the World LII.
Use of Tor and E-Mail Crypto Could Increase Chances that NSA Keeps Your Data (ArsTechnica, 20 June 2013) - Using online anonymity services such as Tor or sending encrypted e-mail and instant messages are grounds for US-based communications to be retained by the National Security Agency even when they're collected inadvertently, according to a secret government document published Thursday. The document, titled Minimization Procedures Used by the National Security Agency in Connection with Acquisitions of Foreign Intelligence , is the latest bombshell leak to be dropped by UK-based newspaper The Guardian . It and a second, top-secret document detail the circumstances in which data collected on US persons under foreign intelligence authority must be destroyed or can be retained. The memos outline procedures NSA analysts must follow to ensure they stay within the mandate of minimizing data collected on US citizens and residents. While the documents make clear that data collection and interception must cease immediately once it's determined a target is within the US, they still provide analysts with a fair amount of leeway. And that leeway seems to work to the disadvantage of people who take steps to protect their Internet communications from prying eyes. For instance, a person whose physical location is unknown-which more often than not is the case when someone uses anonymity software from the Tor Project-"will not be treated as a United States person, unless such person can be positively identified as such, or the nature or circumstances of the person's communications give rise to a reasonable belief that such person is a United States person," the secret document stated. And in the event that an intercepted communication is later deemed to be from a US person, the requirement to promptly destroy the material may be suspended in a variety of circumstances. Among the exceptions are "communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis."
Data Breaches: Telcos And ISPs Have 24 Hours to Come Clean, Says EU (ZDnet, 24 June 2013) - Telcos and ISPs that serve European customers will have to come clean on data breaches within 24 hours under new EU regulations. Under the regulations , telecoms operators and ISPs operating in Europe will have to notify national data protection authorities within 24 hours where personal data has been lost, stolen or "otherwise compromised". Usually companies will have to disclose the nature and size of the breach within 24 hours, but where this isn't possible they must submit "initial information" within this time before providing full details within three days. Affected firms will be required to spell out which pieces of information have been compromised and what measures have been, or will be, applied by the company to put this right. Businesses and consumers will be notified of the breach if it is felt it "is likely to adversely affect personal data or privacy", under the terms of a test provided by the European Commission. The regulation will require companies to pay particular attention to the type of data compromised, particularly where the breach includes financial information, location data, internet log files, web browsing histories, email data, and itemised call lists. European ISPs and telcos have been obliged to inform national authorities and subscribers about breaches of personal data since 2011, but this regulation spells out how to fulfill this obligation - adding requirements such as the 24-hour window for notification. [Polley: See also Encryption would exempt ISPs from data breach notification to EU customers (Network World, 24 June 2013).]
New "E-Proxy Handbook" (CorporateCounsel.net, 25 June 2013) - Spanking brand new. Posted in our " E-Proxy" Practice Area , this comprehensive " E-Proxy Handbook " provides a heap of practical guidance about how to deal with Rule 14a-16. This one is a real gem - 39 pages of practical guidance.
American Bankers' Association Claims Routing Numbers Are Copyrighted (TechDirt, 25 June 2013) - Reader J Cronin alerts us to the apparent fact that the American Bankers Association (ABA) believes that federal routing numbers are covered by its own copyright, and they've sent a takedown letter to a website that published routing numbers. Greg Thatcher runs a website that, among other things, publishes bank routing numbers . Those are the numbers that appear on the bottom of checks that basically tell you how to send the banks money. Thatcher gets those numbers directly from the Federal Reserve's website . Having a single source for those numbers is really useful for people trying to wire money, so you can see why Thatcher's page would be really popular with lots of people.
Second Circuit Suggests that the Plain View Exception Should Be Applied More Narrowly to Digital Searches (Volokh Conspiracy by Orin Kerr, 25 June 2013) - As regular readers know, I am very interested in the scope of the plain view exception for computer searches. In physical searches, if the government comes across evidence unrelated to the search it is lawfully conducting, the government can seize that evidence as long as its incriminating nature is immediately apparent. I have argued that this rule is troublesome in the context of digital searches because everything comes into plain view in computer searches. A computer warrant for anything becomes a warrant for everything, making every computer warrant a general warrant in practice. To counter that dynamic, I have argued that the plain view exception should not apply to digital searches. See Orin Kerr, Searches and Seizures in a Digital World, 119 Harv. L. Rev. 531 (2005) . * * * I was very interested to see the Second Circuit's decision today in United States v. Galpin . First, the opinion agrees that the scope of computer searches raises special problems: "The potential for privacy violations occasioned by an unbridled, exploratory search of a hard drive is enormous. This threat is compounded by the nature of digital storage. Where a warrant authorizes the search of a residence, the physical dimensions of the evidence sought will naturally impose limitations on where an officer may pry: an officer could not properly look for a stolen flat-screen television by rummaging through the suspect's medicine cabinet, nor search for false tax documents by viewing the suspect's home video collection. Such limitations are largely absent in the digital realm, where the size or other outwardly visible characteristics of a file may disclose nothing about its content."
EU Asserts Jurisdiction Over Google's Servers (Peter Vogel, 28 June 2013) - Internet jurisdiction may have taken an interesting turn now that the EU asserted that servers outside the EU are subject to EU law. On June 25, 2013 Niilo Jaaskinen, the independent Advocate General of the European Court of Justice, issued an Opinion that the EU Data Protective Directive applies to search engines that contain data about EU citizens. That is, regardless of the location of the servers, the EU claims it has jurisdiction over Google, and other search engines. The Washington Post reported that: …Google or other companies cannot argue they are not subject to local data regulators' authority because their servers are physically located in another country.
No New Trials When Jurors Haven't Adequately Disclosed Facebook Friendships (Eric Goldman's blog, 28 June 2013) - Three recent cases all raise the same issue: does an undisclosed Facebook relationship between a juror and someone involved in the case warrant a new trial. In several recent cases, the answer was: no. * * *
RESOURCES
"FTC Regulation of Social Media" Talk Slides and Recording (Eric Goldman, 20 June 2013) - " Last week, I spoke at the 16th Annual FDA-OCRA 2013 Educational Conference in Irvine to an audience of medical device and pharmaceutical compliance professionals. My topic was how the FTC regulates social media, with an emphasis on goods normally regulated by the FDA. My co-panelist had the even harder job of trying to distill the FDA's (lack of) guidance on social media marketing. My talk slides . I also made an audio recording (item #38). Note I started the recording about 90-120 seconds into the talk, but nothing crucial got omitted."
LOOKING BACK - MIRLN TEN YEARS AGO
(note: link-rot has affected about 50% of these original URLs)
Funding For TIA All But Dead (Wired, 14 July 2003) -- The controversial Terrorism Information Awareness program, which would troll Americans' personal records to find terrorists before they strike, may soon face the same fate Congress meted out to John Ashcroft in his attempt to create a corps of volunteer domestic spies: death by legislation. The Senate's $368 billion version of the 2004 defense appropriations bill, released from committee to the full Senate on Wednesday, contains a provision that would deny all funds to, and thus would effectively kill, the Terrorism Information Awareness program, formerly known as Total Information Awareness. TIA's projected budget for 2004 is $169 million. TIA is the brainchild of John Poindexter, a key figure from the Iran-Contra scandal, who now heads the research effort at the Defense Advanced Research Projects Agency. Critics on the left and right have called TIA an attempt to impose Big Brother on Americans. The program would use advanced data-mining tools and a mammoth database to find patterns of terrorist activities in electronic data trails left behind by everyday life. The Senate bill's language is simple but comprehensive: "No funds appropriated or otherwise made available to the Department of Defense ... or to any other department, agency or element of the Federal Government, may be obligated or expended on research and development on the Terrorism Information Awareness program." The removal of funds from the program marks the strongest Congressional reaction to TIA since it first gained prominent media attention in November 2002. The Senate likely will vote on and pass the bill early next week as lawmakers hope to send the spending bill to the White House before Congress recesses in August. After the Senate votes, the provision's fate will be decided by a joint committee, which will reconcile the Senate's bill with the House version. The House version contains no explicit provision to deny funds to TIA. But Congress watchers say opponents of the TIA likely will succeed in killing it. "The provision was added by the consensus of the committee," said David Carle, a spokesman for Sen. Patrick Leahy, a member of the Defense Appropriations subcommittee. Carle also said that the drive to include the provision denying funds was led by Republican Sen. Ted Stevens, who chairs both the defense subcommittee and the appropriations committee. "The defunding has a chance of surviving committee," said Ari Schwartz, associate director of the Center for Democracy and Technology. "If Stevens is behind it, then it almost certainly will happen."
Are Wiretap Orders Unnecessary in an Age of Cheap Electronic Storage? (Steptoe & Johnson's E-Commerce Law Week, No. 239) -- Wiretaps have always been the most sensitive tool in law enforcement's kit, and obtaining a wiretap order is expensive as well as difficult. Getting a search warrant, in contrast, is an everyday matter in police departments around the country. A recent federal court's decision raises the prospect that wiretap orders for electronic communications could be almost entirely replaced by search warrants. In United States v. Councilman, a Massachusetts federal court has made it possible to characterize almost all electronic communications as "stored communications" -- which may be accessed by police armed only with a search warrant (or less) -- rather than as communications in transit, which require a full-blown wiretap order.
NOTES
MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.
Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.
SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu
2. InsideHigherEd - http://www.insidehighered.com/
3. SANS Newsbites, sans@sans.org
4. NewsScan and Innovation, http://www.newsscan.com
5. Aon's Technology & Professional Risks Newsletter
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html
7. McGuire Wood's Technology & Business Articles of Note
8. Steptoe & Johnson's E-Commerce Law Week
9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/
10. The Benton Foundation's Communications Headlines
11. Readers' submissions, and the editor's discoveries
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top