CHICAGO PROGRAM ANNOUNCEMENT
Critical cyber issues affecting you today (ABA Cybersecurity Legal Task Force, 8 February 2014) - Recent losses that have been reported at Target and Neiman Marcus have brought to the front pages of the news how important cybersecurity is to the private sector. In the wake of the Snowden and Manning revelations, it is increasingly harder for both the government and the private sector to protect their assets and secrets. In short, law firms and government law departments continue to be prime targets due to the valuable client information they hold. The ABA Cybersecurity Legal Task Force and its Sections and Committees have produced a number of books, articles, and pamphlets to help focus the legal community on these issues. The panel will discuss current cyber threats, applicable laws, and the ethical standards lawyers need to be aware of in this dangerous arena. Panelists include MIRLN editor Polley . ABA midyear meeting, 8 February 2014; 09:00-10:30 - Hyatt Regency Chicago, Plaza Ballroom A, Lobby Level, East Tower.
- Tweets, likes and follows: social media and the fair disclosure
- The law belongs in the public domain
- Supreme Court enshrines "reasonable suspicion" for device search at border
- Federal Court in Virginia court says domain names are not property, but contractual rights
- Shepardize the Internet!
- Writing briefs when judges read on iPads
- Old applications; new patents
- Why Bitcoin matters
- Tennis's new concern: data harvesting
- Lawyer accused of revealing TMI in response to bad Avvo review is reprimanded
- 10 tips for avoiding ethical lapses when using social media
- Cybersecurity and the duty of care: a top 10 checklist for board members
- Five things your IT department wants [the GC] to know about data security
- Court ruling notes that for-profit, full copy of audio, without commentary can also be fair use, in specific circumstances
- Rockefeller to Target: why haven't you reported data breach to the Securities and Exchange Commission
- US forces Coursera to ban students from Cuba, Iran, Sudan, and Syria
- Pentagon, GSA tackle cybersecurity through acquisition reform
- Scientific fact or junk science? Tracking a cell phone without GPS
- Timid about fair use?
- Does publication on the web give rise to "access" in copyright infringement analysis?
- IT's losing battle against cloud adoption
Tweets, likes and follows: social media and the fair disclosure (Corporate Counsel, 10 Jan 2014) - Is tweeting considered Fair Disclosure? Have social rules changed the rules? The SEC says yes, but the landscape is new and the dust is still settling. Be careful. In April 2013, the Securities and Exchange Commission (SEC) cleared public companies to use social media outlets such as Twitter® and Facebook® to announce key information in compliance with Regulation Fair Disclosure (Regulation FD), "so long as investors have been alerted about which social media will be used to disseminate such information." However, the SEC's guidance was general, leaving room for error. Some executives may be rightfully worried about those in their organizations with "itchy Twitter fingers," while balancing a desire to communicate with shareholders and potential investors who are eager for information. Indeed, social media are essential channels in today's world, and there is good reason to act prudently when using them to announce financial and other key information to investors. Some law firms, such as Philadelphia-based Pepper Hamilton LLP, recommend some best practices. A commentary posted on the firm's corporate website shortly after the SEC guidance was released includes several key "Pepper Points" that are particularly instructive. For example * * *
The law belongs in the public domain (EFF, 14 Jan 2014) - For nearly two centuries it has been a basic precept that the law lives in the public domain. It's simple: in a democratic society, people must have an unrestricted right to read and speak their own laws. Full stop. Of course, that principle means the law can never be subject to copyright restrictions. If any single entity owns a copyright in the law, it can buy, sell or ration the law, and make all sort of rules about when, where, and how we share it. People should never have to pay a fee to review and compare the rules and regulations they must obey, and no private entity should be the gatekeeper to the law. As an appellate court put it : [I]t is hard to see how the public's essential due process right of free access to the law (including a necessary right freely to copy and circulate all or part of a given law for various purposes), can be reconciled with the exclusivity afforded a private copyright holder . . . . Fortunately, open access crusaders like Public.Resource.Org (whose founder, Carl Malamud, is testifying before Congress today about this issue), and the Center for Information Technology Policy, have worked hard to correct the situation, by publishing legal and government documents and giving citizens the tools to do so themselves. A private company, Google, has also done its part by including court opinions in the Google Scholar database. Until recently, these folks haven't had to deal with copyright infringement lawsuits as they worked to free the law. No longer. A group of standards-development organizations (SDOs) have banded together to sue Public.Resource.Org, accusing the site of infringing copyright by reproducing and publishing a host of safety codes that those organizations drafted and then lobbied heavily to have incorporated into law. The SDOs argue that they hold a copyright on those laws because the standards began their existence in the private sector, and were only later "incorporated by reference" into the law. That claim conflicts with the public interest, common sense, and the rule of law. The fundamental right to access and share the law does not disappear just because the law in question is a technical standard. And a good thing, too, because these standards are now a significant part of the laws that shape our lives. Once incorporated, they become mandatory requirements, just like any other law. The case involves crucial national standards like the national electrical codes, fire safety codes, and so on. Public access to such codes-meaning not just the ability to read them, but to publish and re-use them-can be crucial when there is an industrial accident, when there is a disaster such as the Moore, Oklahoma tornado, or when a homebuyer wants to know whether her house is code-compliant. Publishing the codes online, in a readily accessible format, makes it possible for reporters and other interested citizens to not only view them easily, but also to search and excerpt and generate new insights.
Supreme Court enshrines "reasonable suspicion" for device search at border (ArsTechnica, 14 Jan 2014) - On Monday, the Supreme Court let stand a March 2013 ruling that established-at least in the Ninth Circuit in the western United States -that extended and sophisticated forensic analysis of a digital device requires a reasonable suspicion of wrongdoing. The case, United States v. Cotterman , involves an American man who was driving back into the country from Mexico with his wife in 2007 and had his laptop cursorily searched, with a more advanced search then performed at a government facility 170 miles away. The Supreme Court declined to hear Howard Cotterman's appeal of the legality of the extensive search. As the Ninth Circuit judges wrote: Although courts have long recognized that border searches constitute a "historically recognized exception to the Fourth Amendment's general principle that a warrant be obtained," United States v. Ramsey, 431 U.S. 606, 621 (1977), reasonableness remains the touchstone for a warrantless search. Even at the border, we have rejected an "anything goes" approach. See United States v. Seljan, 547 F.3d 993, 1000 (9th Cir. 2008) (en banc). Mindful of the heavy burden on law enforcement to protect our borders juxtaposed with individual privacy interests in data on portable digital devices, we conclude that, under the circumstances here, reasonable suspicion was required for the forensic examination of Cotterman's laptop. Because border agents had such a reasonable suspicion, we reverse the district court's order granting Cotterman's motion to suppress the evidence of child pornography obtained from his laptop."
Federal Court in Virginia court says domain names are not property, but contractual rights (Venkat Balasubramani, 14 Jan 2014) - Following the sex.com case from the Ninth Circuit , it is taken for granted that domain names are property that can be converted, sold, transferred, or subject to a creditor's collection efforts. Interestingly, a federal district court in Virginia took a contrary view. The case arose out of a bankruptcy of Alexandria Surveys International. Two competing Alexandria surveying companies were trying to buy the assets of ASI and ended up with conflicting claims. The first company, Alexandria Surveys, LLC, acquired the telephone number and web address from Cox Communications, the provider, under the theory that these were executory contracts that could be taken over. However, the estate was reopened at the request of a second company (Alexandria Consulting Group) and in the second go around ACG purchased a bunch of assets from the trustee, including the web address and telephone number. The bankruptcy court ordered the ASL to turn over the web address and telephone number (and servers) to ACG. ASL objected, arguing that the web address and telephone numbers were not "property of the bankruptcy estate." The district court agrees with ASL on appeal. The court largely relies on the Virginia Supreme Court's decision in Network Solutions v. Umbro : "a domain name registrant acquires the contractual right to use a unique domain name for a specified period of time . . . 'a domain name is not personal property but rather' the product of a contract for services." ACG tried to distinguish Umbro on the basis that it involved a garnishment proceeding, but the court says that the key part of the holding-that a domain name is a "contractual right"-applies regardless. The court says that because ASI did not have a property interest in the website and phone number at most it had a contractual interest and since the trustee did not assume it, there was nothing to be sold to ACG.
Shepardize the Internet! (InsideHigherEd, 16 Jan 2014) - Every law school student knows "shepardizing." It is the process by which one learns how and in what ways to research a legal case that may have been affected by subsequent cases. Shepardizing is a critical process in a legal system based on precedent. Stare decisis notwithstanding, one must know the latest decision on any specific legal question to proceed to the next. In the old days, it was done by hand and rather laborious, requiring not only denoting a case, but also reading those subsequent cases to evaluate the nuances of "modified," "distinguished," or even "overruled." I was in law school during the transition to digitized process. In one of my first jobs as a lawyer, the attorney who gave me the assignment thought me brilliant because I came back within 20 minutes with the up-to-date case that significantly modified the one he asked me to research. His opinion shifted when I explained the automated West Law program that did all the work! Francine Prose's piece in the New York Times "How Have Google and YouTube Changed the Way You Work?" made me think of that legal research process. A fiction author of some note, Francine Prose observes how frequently she is introduced with the mistakes that are embedded in a Wikipedia page about her. With all the knowledge that search engines integrate, some form of updating information, or at least denoting links with metadata that contextualizes it, shouldn't be too difficult to create. I expect that some faculty and research librarians may take that notion to task. One faculty member I know discovered mass academic integrity violation when a homework assignment came back from over 200 of her students with the same mistaken chemical in it, because it was a mistake in her instructor's manual that was posted on-line! More to the point, information literacy 101 instructs students not to accept the first link in a search, to test for validity, to evaluate the source, and to do a researcher's version of shepardizing. In other words, to dive deeper exploring subsequent research. Digitalliteracy.cornell.edu is a go-to site for faculty and students to understand on-line research; one among many such sites. That work is not in conflict with the thought that search engines shift to some form of automated updating of links. Users, especially computer scientists, research faculty, and reference librarians, should already be thinking about how this metadata should operate. Waiting for Google or Bing or any profit-driven search company to meet the needs of our academic community is not a prudent plan. But serving academia is not the principal point. It is that serving the academic community will also serve the public. Responsible "shepardizing" helps citizens as well as students because it prizes transparent, objective, valid and sometimes even peer reviewed or tested information.
Writing briefs when judges read on iPads (Volokh Conspiracy, 17 Jan 2014) - I just read a very interesting article, Daniel Sockwell, Writing a Brief for the iPad Judge . The basic problem: [M]ore and more judges are reading briefs primarily on iPads or other tablets…. The Fifth Circuit judiciary reads the majority of their briefs on iPads, and, from conversations with numerous judges and clerks, the other Circuits are not far behind (though I was told that the Third Circuit is "not as iPad heavy as some circuits"). The best way to know how a particular judge typically reads briefs is to ask - the clerks will likely be happy to help. Why do iPads even matter? … Lawyers who care about communicating forcefully and clearly should seek to perfect style and typography in addition to substance. The rules of typography are simply different for a screen than for print… And here are the author's suggestions (reprinted with his permission, some paragraph breaks added): A brief written to be read on an iPad should differ from one written for text in three main ways: it should use fewer footnotes, should use a different font, and should avoid confusing hierarchical organization. Lawyers who expect a brief to be read on an iPad should try to avoid footnotes. One of the advantages of reading on an iPad is that judges can adjust the screen view, zooming in and focusing on the current passage. However, this advantage is lost if footnotes require the reader to constantly scroll to the bottom of the page for citations or substantive material. Worse, the extra scrolling raises the risk that the footnotes won't be read at all, already a concern with substantive footnotes. Next, lawyers should carefully consider what font to use in a brief that may be read on an iPad. Fonts designed for screen reading are significantly different from those designed to be printed. Most importantly, quality printers print at a much higher resolution-even the retina iPad display has only 264 pixels per inch, less than half the dots per inch of a quality laser printer. As a result, some of the best print fonts can become jagged or difficult to read at screen resolutions, especially when readers zoom in. * * *
Old applications; new patents (Patently-O, 18 Jan 2014) - Patent applications filed on or after June 8, 1995 have a term of twenty years from the date of application filing. The prior rule offered a term of seventeen years from the issue date. This change was part of the Uruguay Round Agreements Act (URAA) that harmonized US law with that of other countries and also helped to substantially move away from the problem of patent application sandbagging / submarining where patent applicants intentionally delayed prosecution in order to accrue additional end-stage patent term. That problem has arisen again, although to a lesser extent, with the generous patent term adjustment offered for delays in prosecution. Although the change-over was almost twenty-years ago, there are still a number of pre-URAA patents pending at the PTO. When they issue, these patents have the benefit of having 17-more years of patent term remaining. For some fundamental technologies whose market has blossomed over the past two decades, that potential value is enormous. According to the PTO, there are now 450 of these old applications still pending at the USPTO. That is down from about 600 three years ago. The twenty pre-URAA patents issued in 2013 are owned by only seven different entities, and twelve of them are owned by Personalized Media Communications.
Why Bitcoin matters (Marc Andreessen in NYT, 21 Jan 2014) - A mysterious new technology emerges, seemingly out of nowhere, but actually the result of two decades of intense research and development by nearly anonymous researchers. Political idealists project visions of liberation and revolution onto it; establishment elites heap contempt and scorn on it. On the other hand, technologists - nerds - are transfixed by it. They see within it enormous potential and spend their nights and weekends tinkering with it. Eventually mainstream products, companies and industries emerge to commercialize it; its effects become profound; and later, many people wonder why its powerful promise wasn't more obvious from the start. What technology am I talking about? Personal computers in 1975, the Internet in 1993, and - I believe - Bitcoin in 2014. * * * [ Polley : very, very interesting. I'm confused though by the Bitcoin mining motivation issues - as Bitcoin transactions increase (possibly thru micropayments), this'll require an explosion in block-ledger verification processing (by so-called "miners"). But, if the Bitcoin algorithm in fact has a finite number of possible coins (21 million), won't miners sometime lose the incentive to do the verification work?] [ Polley : I've decided I should know more about Bitcoin, and so am installing the MultiBit.app on my Mac and creating an account -- #notstraightforward]
Tennis's new concern: data harvesting (NYT, 21 Jan 2014) - The strangest story of this Australian Open so far involved a man, a smartphone, a consultant service for online gambling, a tennis match, an arrest, allegations of corruption, a new law and much confusion. Naturally, it unfolded without precedent. This story also brought new attention to the gambling boom around professional tennis and introduced many to the term courtsiding. The accused is Daniel Dobson, 22, of Britain. The police said he came to the tournament last week with an electronic device stitched inside his clothing and linked to a smartphone. They said he used these devices to relay the outcome of points to his employer, Sporting Data, as much as 10 seconds faster than those results could be transmitted through official channels. Dobson was arrested and charged with engaging in conduct to corrupt a betting outcome. The accusation fell under a law passed in the Australian state of Victoria last April called the Integrity in Sports Act, which was supported and promoted by a coalition of sports organizations, including Tennis Australia. At a news conference after the arrest, Graham Ashton, a deputy commissioner with the Victoria Police, described courtsiding as a "type of cheating and betting on sports." He said the advance notice provided by Dobson allowed bets to be placed on particular points after they happened and before agencies could close their betting windows. "Courtsiding is really only one step away from then contacting players and getting engaged in more illicit and sinister types of sports corruption," Ashton said. But many of those who bet on tennis do not agree. They say it is unlikely that Dobson relayed that information so someone else could bet on individual points. Most bookmakers have policies in place to prevent that; some allow bettors only to bet three points ahead; others institute a five-second delay after transactions. On Thursday, Dobson will appear before a judge. His case, to industry insiders, is more about sports results data and who owns them. Among the bullet points in its news release to announce its exclusive data rights for the tournament, the sports data provider Enetpulse listed "exclusive official data service designed for bookmakers," "fastest live scoring service in the market" and "all data direct from the Umpire's Chair." Brendan Poots, the chief executive of the Melbourne-based sports investment fund Priomha Capital, said the value of that rapid data could be seven figures. The question, then, is whether it is against the law for someone other than Enetpulse - like Sporting Data - to try to transmit it faster.
Lawyer accused of revealing TMI in response to bad Avvo review is reprimanded (ABA Journal, 21 Jan 2014) - A Chicago lawyer accused of disclosing confidential information about a client in response to his bad Avvo review has been reprimanded partly for the revelation. Employment lawyer Betty Tsamis "exceeded what was necessary to respond to [the client's] accusations," according to stipulated findings of fact. The Legal Profession Blog links to the joint stipulation and reprimand by the Hearing Board of the Illinois Attorney Registration and Disciplinary Commission. Tsamis also bounced a check to a client, partly because she failed to account for credit card fees charged to her client trust account, according to the stipulated facts. She made good on the check with money from her own funds. Tsamis' Avvo revelation occurred as a result of a negative online review by an American Airlines flight attendant who hired Tsamis in an unsuccessful effort to secure unemployment benefits. The attendant had been fired for allegedly assaulting a co-worker. Tsamis asked the former client to remove his first review, posted in February 2013, and he responded that he would do so if Tsamis returned his files and the $1,500 he had paid in attorney fees. Avvo removed the post, spurring a second negative review by the former client. This time, Tsamis responded to the post and revealed confidential information about the case, according to the stipulated facts. The disciplinary complaint had alleged that Tsamis wrote this: "I dislike it very much when my clients lose, but I cannot invent positive facts for clients when they are not there. I feel badly for him, but his own actions in beating up a female co-worker are what caused the consequences he is now so upset about." One of Tsamis' lawyers has said he thinks the client was not identified by last name on the Avvo website when Tsamis responded to his criticism. In mitigation, Tsamis has already taken steps to improve her financial record-keeping, she has no prior disciplinary history, and she has expressed remorse for her conduct, the stipulated facts said. One of Tsamis' lawyers, Kathryne Hayes, gave this statement to the ABA Journal: "While we believe that Ms. Tsamis' conduct was within the [ethics rules], this matter raises an important issue for all lawyers-especially those who are active on attorney-review websites and have the opportunity to comment on client reviews posted to these types of websites.
10 tips for avoiding ethical lapses when using social media (ABA's Business Law Today, January 2014) - You may be among the thousands of legal professionals flocking to social media sites like LinkedIn, Facebook, Twitter, or Google+ to expand your professional presence in the emerging digital frontier. If so, have you paused to consider how the ethics rules apply to your online activities? You should. Some of the ethical constraints that apply to your social media usage as a legal professional may surprise you. Moreover, legal ethics regulators across the country are beginning to pay close attention to what legal professionals are doing with social media, how they are doing it, and why they are doing it. The result is a patchwork quilt of ethics opinions and rule changes intended to clarify how the rules of professional conduct apply to social media activities. This article provides 10 tips for avoiding ethical lapses while using social media as a legal professional. The authors cite primarily to the ABA Model Rules of Professional Conduct (RPC) and select ethics opinions from various states. In addition to considering the general information in this article, you should carefully review the ethics rules and ethics opinions adopted by the specific jurisdiction(s) in which you are licensed and in which your law firm maintains an office. * * *
- and -
Cybersecurity and the duty of care: a top 10 checklist for board members (DLA Piper, 24 Jan 2014) - Visibility on information security, including cybersecurity as well as physical security aspects, is increasingly permeating corporate life. The relatively new SEC requirements for public disclosure of cybersecurity incidents are just one example. As directors prepare to fulfill their duty of care in an informed way, what are the issues that matter today? The following checklist was created to help outside directors understand the cybersecurity issues that matter to boards today based on information from panel discussions and individual directors * * * [ Polley : mostly these are good, but a couple appear unnecessarily granular.]
- and a related piece -
Five things your IT department wants [the GC] to know about data security (Thomson Reuters, 30 Jan 2014) - The year 2013 was pretty terrifying when it comes to data security. Amid the fears created by the breaches at Adobe and Target, plus the knowledge that big brother really has been watching us through the NSA, every corporate counsel ought to be concerned about data security at their organization. However, as the senior manager of IT Operations for Serengeti, a SaaS (software as a service) e-billing and matter management company, Anne-Marie Scollay explains that there is no "silver bullet that provides an impervious layer of security around data." Anne-Marie frequently collaborates with legal departments and their IT teams as they evaluate Serengeti's cloud solution and shares insights regarding data security.
Court ruling notes that for-profit, full copy of audio, without commentary can also be fair use, in specific circumstances (TechDirt, 28 Jan 2014) - Back in 2011, we were worried about the implications of a lawsuit between the Swatch Group and Bloomberg, concerning the recording and distribution of an earnings call by Swatch. In short, Swatch claimed a copyright on its own earnings call. Bloomberg, which obtained a copy of the recording done by someone else, made that recording available to its customers. Not only did this have interesting fair use questions, it also opened up the possibility that bizarre copyright claims could be used as an alternative to wiretapping laws to block perfectly legitimate recordings of phone calls. Thankfully, the 2nd Circuit appeals court has issued a clear ruling noting that this use is fair use -- and that's true even though Bloomberg (1) used the whole thing (2) did so for commercial reasons and (3) did not add any commentary. This is important, because we regularly hear from copyright maximalist types who assume that if you do any of the above, it automatically loses the ability to be considered fair use. Here, however, the court clearly shows why that's not true, which should set a useful precedent for other fair use cases (at least within the 2nd circuit), especially when it comes in the context of "reporting." The Court makes a few very useful statements in explaining why all of this is fair use. Take, for example, the issue of it being "commercial" in nature. While that may make it a higher bar to prove fair use, it clearly does not preclude fair use * * *
Rockefeller to Target: why haven't you reported data breach to the Securities and Exchange Commission (US Senate, 28 Jan 2014) - Chairman John D. (Jay) Rockefeller IV today sent a letter to Target asking why the company has not yet reported its recent massive data breach to the Securities and Exchange Commission (SEC), as the Commission recommended in an October 2011 guidance. Rockefeller encouraged the SEC to issue this guidance , and is a strong supporter of giving investors more complete and timely information about cyber incidents such as the Target data breach. "A data breach involving the theft of personal information about tens of millions of Target customers is clearly a material cyber attack that has affected how your business operates. I am therefore puzzled why your company has not yet updated its SEC filings to reflect this event. Your failure thus far to provide this information to your investors does not seem consistent with the spirit or the letter of the SEC's financial disclosure rules," Rockefeller wrote. More recently, Rockefeller encouraged SEC Chairman Mary Jo White in April 2013 to issue Commission-level guidance to spur companies to take their cybersecurity efforts seriously. Chairman White recently asked SEC staff to review disclosure rules, saying, "I believe we should rethink not only the type of information we ask companies to disclose, but also how that information is presented, where and how that information is disclosed, and how we can take advantage of technology to facilitate investors' access to information and make it more meaningful to them." Rockefeller and Senator Claire McCaskill (D-Mo.) asked Target on January 14, 2014 for the latest findings on the circumstances that permitted unauthorized access to the financial and personally identifying information of as many as 110 million Americans. [ Polley : see also the earlier To 8-K, or not to 8-K? For Target, that is indeed the question (Mintz Levin, 17 Jan 2014)]
US forces Coursera to ban students from Cuba, Iran, Sudan, and Syria (Slashdot, 29 Jan 2014) - "Coursera is an online website that offers free courses from many of the world's top universities. Now, all students from Syria, Sudan, Iran and Cuba will no longer be able to access Coursera . The official blog provides more info regarding the ban: ' Until now the interpretation of export control regulations as they relate to MOOCs has been unclear and Coursera has been operating under the interpretation that MOOCs would not be restricted. We recently received information that has led to the understanding that the services offered on Coursera are not in compliance with the law as it stands ... United States export control regulations prohibit U.S. businesses, such as MOOC providers like Coursera, from offering services to users in sanctioned countries, including Cuba, Iran, Sudan, and Syria. Under the law, certain aspects of Coursera's course offerings are considered services and are therefore subject to restrictions in sanctioned countries, with the exception of Syria.'"
Pentagon, GSA tackle cybersecurity through acquisition reform (FedScoop, 29 Jan 2014) - The Defense Department and the General Services Administration on Jan. 23 delivered a joint report to the president recommending a series of wide-ranging changes to the federal acquisition cycle to help improve cybersecurity and critical infrastructure resilience. The report, signed by Secretary of Defense Chuck Hagel and GSA Administrator Dan Tangherlini, is in response to requirements outlined in Executive Order 13636, "Improving Critical Infrastructure Cybersecurity," signed by President Barack Obama last February. The order directed the Pentagon and GSA to come up with a plan to incorporate cybersecurity standards into acquisition planning and contract administration, and to harmonize procurement requirements across the federal government. The report outlines six recommendations that focus on the need for baseline cybersecurity for federal contractors, comprehensive workforce training, consistent cybersecurity terminology for contracts, incorporation of cyber-risk management into federal enterprise risk management, development of more specific and standardized security controls for particular types of acquisitions, limiting purchases to certain sources for higher-risk acquisitions, and increasing government accountability for cybersecurity throughout the acquisition lifecycle
Scientific fact or junk science? Tracking a cell phone without GPS (ABA Judge's Journal, Judge Herbert Dixon, 30 Jan 2014) - Increasingly, competing experts are offering opposing opinions on the reliability of determining the approximate location of a cell phone. In this article, Judge Dixon highlights the significant arguments by both sides and discusses the technology on which these arguments are based.
Timid about fair use? (InsideHigherEd, 30 Jan 2014) - Visual arts professionals, including art historians, let real and perceived fears about copyright law get in the way of their work, finds a new report from the College Art Association. And while the fundamentally visual nature of their discipline raises particular concerns among scholars of art, artists, editors and museum curators, experts say their fears are shared across academe -- although some disciplines have worked to develop codes to help scholars navigate the murky waters of fair use. "The visual arts communities of practice share a common problem in their confusion about and misunderstanding of the nature of copyright law and the availability of fair use," reads the report, called "Copyright, Permissions, and Fair Use Among Visual Artists and the Academic and Museum Visual Arts Communities." "Their work is constrained and censored, most powerfully by themselves, because of the confusion and the resulting fear and anxiety." In addition to a lack of clarity of about what is fair use -- the section of copyright law allowing for non-licensed use of copyrighted material for commentary and other "transformative" purposes -- arts professionals fear the costs, in time and dollars, of seeking out permission for licensed use, the report says. It calls these anxieties part of a larger "permissions culture," in which there is a presumption that licensed use is necessary -- even when, in reality, there are many uses for which it is not.
Does publication on the web give rise to "access" in copyright infringement analysis? (Evan Brown, 30 Jan 2014) - Plaintiff sued defendant for copyright infringement. Defendant moved for judgment on the pleadings (which is essentially the same thing as a motion to dismiss for failure to state a claim except it is after defendant files an answer). Defendant asserted that plaintiff had not pled copyright infringement because under the Seventh Circuit's "substantial similarity" test to demonstrate infringement, plaintiff had not pled defendant had "access" to the allegedly infringed work. In some copyright infringement cases, a plaintiff may not have direct evidence that the defendant committed infringement. In those situations, a finder of fact may infer that infringement has occurred when it is shown that: (a) the defendant had access to the copyrighted work; and (b) the accused work is substantially similar to the copyrighted work. In this case, defendant argued it never had access to plaintiff's designs that it was alleged to have infringed. But the court considered the online publication, 11 years ago, of plaintiff's designs, to find access for purposes of the motion for judgment on the pleadings: " With regard to online publication, in 2003, [plaintiff] first published the [allegedly infringed work] at [its website]. The Internet already was widely used and accessible at that time. Because the non-movant is entitled to reasonable favorable inferences in evaluating a motion for judgment on the pleadings, the online publication is enough to establish access for purposes of denying [defendant's] motion for judgment on the pleadings."
IT's losing battle against cloud adoption (ReadWrite, 31 Jan 2014) - Asking IT about emerging trends in enterprise computing is increasingly a fool's errand. Open source pioneer Billy Marshall once quipped that "the CIO is the last to know," because she was too far removed from what open-source code her IT team was downloading or which SaaS services they were accessing. Now this phrase may apply to entire IT organizations, with major lines of business tuning into the cloud and tuning out IT prescriptions. Of course, this has been happening for years. What's striking is just how pervasive the shift away from IT has become. We know cloud computing is big. We also know the cloud is outpacing traditional data center workloads. Cisco, for example, finds that from 2012 to 2017, data center workloads will grow a little more than two-fold while cloud workloads will grow almost four-fold. What we didn't know, however, is just how clueless enterprise IT has been about the state of cloud adoption within their own enterprises. For example, according to a report from Netskope , a cloud analytics and policy company, IT thinks it has a grasp on cloud apps running within the enterprise, but in reality it may not have the foggiest clue. IT underestimates cloud app usage within their organizations by about 10 times. That's a shocking delta between perception and reality, and means that IT has a lot of work to do, given that many of the apps being run are almost certainly not up to IT's security standards. The potential problem is widespread across the enterprise, with different groups turning to the cloud to get stuff done: Marketing (51 cloud apps per enterprise), HR (35), Storage (26), and CRM/SFA and Collaboration (23).
LOOKING BACK - MIRLN TEN YEARS AGO
(note: link-rot has affected about 50% of these original URLs)
Adobe users upset about secret anti-counterfeit measure (Houston Chronicle, 19 Jan 2004) -- Adobe Systems acknowledged Friday it quietly added technology to the world's best-known graphics software at the request of government regulators and international bankers to prevent consumers from making copies of the world's major currencies. Adobe, the world's leading vendor for graphics software, said the secretive technology "would have minimal impact on honest customers." It generates a warning message when someone tries to make digital copies of some currencies. The U.S. Federal Reserve and other organizations that worked on the technology said they could not disclose how it works and would not name which other software companies include it in their products. They cited concerns that counterfeiters would try to defeat it. "We sort of knew this would come out eventually," Adobe spokesman Russell Brady said. "We can't really talk about the technology itself." Microsoft spokesman Jim Desler said the technology was not built into versions of its Windows operating system. Rival graphics software by Taiwan-based Ulead Systems also blocks customers from making copies of currency. Experts said the decision by Adobe represents one of the rare occasions when the technology industry has agreed to include third-party software code into products at the request of government and finance officials. Adobe revealed it added the technology after a customer complained in an online support forum about mysterious behavior by the new $649 "Photoshop CS" software when opening an image of a U.S. $20 bill. Kevin Connor, Adobe's product management director, said the company did not disclose the technology at the request of international bankers. He said Adobe may add the detection mechanism to its other products. [Editor's note  : This kind of secret embedding is an extremely serious matter - it has profound security and privacy implications, and affects the credibility of commercial software vendors.]
White House releases new infrastructure security directive (Computerworld, 18 Dec 2003) -- The White House yesterday released the long-awaited rewrite of a 1998 document that established critical-infrastructure protection, including cybersecurity, as a core policy of the U.S. government. But two prominent senators from opposite sides of the political aisle disagree on the new policy's direction. Homeland Security Presidential Directive-7 (HSPD-7) replaced Presidential Decision Directive-63, signed on May 22, 1998, by then-President Bill Clinton, as the main document outlining the public/private partnership needed to eliminate major vulnerabilities to the nation's critical physical and cyberinfrastructures. The new document is titled "Critical Infrastructure Identification, Prioritization and Protection." It calls for a concerted public/private effort to identify and catalog the nation's most critical infrastructure facilities and networks using geospatial imaging systems and requests detailed modeling and simulation studies to learn more about the potential effects of terrorist attacks against these infrastructures. The HSPD-7 gives the U.S. Department of Homeland Security (DHS) another year to "outline national goals, objectives, milestones, and key initiatives," even though a cybersecurity plan released in February envisioned that such work would be done much sooner. Senate Governmental Affairs Committee Chairman Susan Collins (R-Maine) praised the administration for the directive. "In the post-9/11 world, we cannot afford weak links in our critical infrastructure protection or gaps in our support for local first responders," she said. But presidential candidate Sen. Joseph Lieberman (D-Conn.), the ranking Democrat on the committee, lambasted Bush for allowing the DHS to take more time to put together yet another plan.
MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:firstname.lastname@example.org?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.
SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu
2. InsideHigherEd - http://www.insidehighered.com/
3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/
4. NewsScan and Innovation, http://www.newsscan.com
5. Aon's Technology & Professional Risks Newsletter
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html
7. McGuire Wood's Technology & Business Articles of Note
8. Steptoe & Johnson's E-Commerce Law Week
9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/
10. The Benton Foundation's Communications Headlines
11. Readers' submissions, and the editor's discoveries
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top