Saturday, December 12, 2015

MIRLN --- 22 Nov – 12 Dec 2015 (v18.17)

MIRLN --- 22 Nov - 12 Dec 2015 (v18.17) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | FUN | LOOKING BACK | NOTES

Jake Heller's Casetext: Opening up the law (Stanford, 11 Nov 2015) - Jake Heller, JD '10, is very much a product of Silicon Valley. He grew up in Cupertino and learned to program when he was 9. And he feels passionate about the Internet and the free and open exchange of ideas and information it has spawned, with crowdsourcing constantly improving all sorts of tools used at home and at work every day. "I'm used to the best sources of information being built by communities and to the information being freely available," he says. "Yelp has replaced Zagat, Wikipedia replaced Britannica. And information on those sites isn't static-with community input, it is constantly updating and improving." When Heller arrived at Stanford Law for the start of his legal education, he was surprised by the stark contrast between the way lawyers access legal information and how people share information everywhere else. "I quickly learned how different and relatively inaccessible legal information is. You had to have a Lexis account to read essential court documents. And those huge costs put real pressure on attorneys across the market, from the biggest firms to legal aid work." The need for court cases to be publicly-and freely-available was driven home for him when he took the Community Law Clinic and worked closely with public service lawyers. "They told me they could only afford 20 minutes of Lexis a day. And there was no free alternative. I thought that these are public documents and need to come out from behind the paywall." Today, Casetext, the company that Heller founded in 2013, has broken through that paywall, allowing some 500,000 users a month-up from 250,000 users a month just last February and still growing-to not only read cases but to share case annotations and fuller explanations. Heller is building a community of legal experts across all practice areas-and opening it up for all to use.

top

1 in 5 legal departments have social media crises plans (Corporate Counsel, 19 Nov 2015) - When something went wrong at a company, it used to be that members of the public didn't find out about it until they opened the morning paper or turned on the evening news. Not so anymore. Now, through the magic of social media, the public may find out about a corporate problem before employees of the company are even informed. And while ever-present social media allows news of a crisis to percolate quickly, sometimes the problems can be blamed on social media itself. Take the British retailer, HMV, which received unwanted attention when some employees "live tweeted" getting fired. Or the time a Kitchenaid Inc. employee accidentally published an insensitive tweet about President Barack Obama on the company's corporate account. With the power of social media in mind, public relations company Weber Shandwick, along with KRC Research, recently surveyed a number of in-house lawyers from Fortune Global 1000 companies in the United States and the United Kingdom to see how they were handling social media in the crisis context. The answer seems to be that many cases the legal department is not so engaged.

top

Stampery now lets you certify documents using the blockchain and your real identity (TechCrunch, 20 Nov 2015) - Shortly after participating in our Battlefield competition at Disrupt SF, Stampery raised $600,000 from Draper Associates with Boost VC, Blockchain Capital and Di­-Ann Eisnor also participating. As a reminder, Stampery lets you certify any document by sending an email attachment to your personal Stampery email address. You can also use the company's website, integrate Stampery in your product thanks to the API, or certify your documents in your Dropbox account directly. Stampery is also working on other services, such as Box. The company plans to replace notaries by leveraging bitcoin's blockchain. Stampery issues legally binding proofs for all your sensitive documents. If you need to certify that you are viewing an unmodified document later on, you can prove the existence, integrity and ownership of this document by exploring the blockchain. Like with good old notaries, Stampery can help you with intellectual property cases, a will, an oath, a contract and more. By making it much easier to certify documents, Stampery hopes that it is going to become a habit. You can do everything from your computer, you don't have to physically see a notary. Recently, the company updated its API to allow anybody to stamp an unlimited amount of documents in the blockchain. Stampery also introduced a new way to prove the real identity of a document author. The company is linking a government ID with the blockchain in order to retrieve this ID later and notarize document using a real, proven identity.

top

What will you do when your law firm is breached? (Sharon Nelson at Senseient.com, 20 Nov 2015) - Note that we did NOT title this article, "What Will You Do If Your Law Firm is Breached?" The reason is simple - experiencing a data breach is not an "if" - it is a "when." Just ask the IRS and the Office of Personnel Management. Mind you, their approach to information security was sloppy. Lawyers cannot afford, ethically, to have slipshod security when protecting confidential data. * * *

top

Comcast may have found a major net neutrality loophole (Wired, 20 Nov 2015) - Comcast may have found a major loophole in the Federal Communication Commission's network neutrality regulations. Earlier this month the company launched a new streaming video service for Comcast broadband customers called Stream TV. The service, which is only available in the greater Boston and Chicago areas so far, allows you to watch HBO as well as live local television stations on your computer, tablet or laptop. The catch is that the service will only work from your home. That may sound like a big limitation, but it comes with a big perk for some users: Stream TV won't count towards the 300GB data limit imposed on some Comcast broadband users. Since users who exceed that 300GB threshold are charged an extra $10 for every extra 50GB they use, up to $30 per month1, the $15-a-month Stream TV offering could be appealing to users worried that other video services, such as Netflix or Sling TV, will eat through their data allotment. Comcast says this isn't a violation of network neutrality law because, although you're viewing Stream TV on your computer via your Comcast broadband connection, the service isn't technically offered over the Internet, but over Comcast's cable television network, much like its Xfinity Xbox 360 service, which allowed Xbox users to view video that didn't count against their data limits and was shuttered last summer.

top

Comcast injects copyright warnings into browsers, raising privacy concerns (ZDnet, 23 Nov 2015) - If Comcast thinks you're downloading copyrighted material, you can be sure it'll let you know. But how it does it has raised questions over user privacy. The cable and media giant has been accused of tapping into unencrypted browser sessions and displaying warnings that accuse the user of infringing copyrighted material -- such as sharing movies or downloading from a file-sharing site. Jarred Sumner, a San Francisco, Calif.-based developer who published the alert banner's code on his GitHub page , told ZDNet in an email that this could cause major privacy problems. Sumner explained that Comcast injects the code into a user's browser as they are browsing the web, performing a so-called "man-in-the-middle" attack. * * * "This probably means that Comcast is using [deep packet inspection] on subscriber's internet and/or proxying subscriber internet when they want to send messages to subscribers," he said. "That would let Comcast modify unencrypted traffic in both directions."

top

Is a lawyer ethically required to replace hacked client funds? It depends. (Ride The Lightning, 24 Nov 2015) - On October 23, the North Carolina State Bar answered that question with an "it depends" ethics opinion which is well summarized by Bloomberg BNA . If the lawyer has taken reasonable information security measures, the lawyer has no ethical duty to replace client monies stolen from a trust account when a hacker breaks into a network. Bear in mind that the opinion is not addressing a lawyer's legal liability in such situations. However, lawyers do have to restore client funds if they failed to take reasonable steps that could have prevented the theft. It adds that lawyers must help clients in several ways when a theft occurs. As explained in North Carolina Formal Ethics Op. 2011-7 (2012), safety measures for online banking include strong password policies and procedures, the use of encryption and security software, hiring a technology expert for advice and making sure relevant firm members and staffers are trained on and abiding by the security procedures.

top

Sixth Circuit appeals court prepares to consider the privacy implications of mugshots (TechDirt, 25 Nov 2015) - The Sixth Circuit Court of Appeals is preparing for an en banc hearing on whether there is a privacy interest inherent in mugshots, or whether they are simply public records that can be obtained with an FOIA request. For the most part, mugshots have been considered public records. This has led to a shady mugshot-posting cottage industry, as well as an equally-shady mugshot-removal cottage industry. Whatever success these businesses enjoy is mostly due to a flaw in public perception. Despite the nation's justice system being built on the presumption of innocence, a large percentage of the population views "arrested and charged" as being no different than "found guilty." (Federal law enforcement databases -- used for background checks -- reinforce this perception by entering arrested persons' info when booking, but routinely failing to remove it when charges are dropped or the person is found innocent.) Despite these flaws, there is a public interest in arrest and booking information, not necessarily because the public deserves to know every detail of every mundane arrest, but because findings to the contrary lend themselves to the burial of information that is definitely in the public's interest, like information pertaining to the alleged criminal acts of their public servants. The information under dispute in this case involves a federal law enforcement agency and the indictment of three local law enforcement officers . * * *

top

LabMD wins huge victory in FTC's own backyard (Steptoe, 25 Nov 2015) - After years of trying to get federal courts to step in and stop the Federal Trade Commission's administrative action against it for allegedly inadequate data security, LabMD has finally scored a major win against the Commission ‒ in the very administrative proceedings it tried so hard to avoid. An Administrative Law Judge has ordered that the complaint against the medical testing company be dismissed because the FTC staff had failed to show that LabMD's computer security practices had caused or were "likely" to cause substantial injury to consumers. The ALJ's decision is a major embarrassment for the Commission, because it shows that the FTC's case against LabMD was built largely upon falsified evidence from a company that was trying to pressure LabMD into hiring it to help with its computer security. LabMD and its CEO are now doubling down by suing three FTC lawyers and unnamed "Doe" defendants for their role in the enforcement action, alleging that the defendants violated their First, Fourth, and Fifth Amendment rights.

top

Dems go digital with whip operation (The Hill, 30 Nov 2015) - The newest tool deployed by House Democrats' whip operation: the text message. With lawmakers and their staffers frequently communicating on their iPhones, iPads and Android devices through text message, Minority Whip Steny Hoyer (D-Md.) has turned to SMS to get a quicker, more accurate vote count on critical bills. It's the latest development in the evolution of Democrats' electronic whipping system, launched four years ago as a way for the caucus to tap into modern technology to carry out a century-old tradition. For decades, whipping votes had been a tedious process. Lieutenants on the vote-counting team would track down their assigned members -usually on the floor - survey them on how they planned to vote, scribble it down on a paper whip card, then return the card to the whip's office, where votes would be manually entered into the system. Democrats' new operation works like this: Before important votes, members of the whip team receive a text message or email on their smartphones that contains a customized link. That link opens an electronic whip card in a Web browser with the names of three to five members. After conferring with their assigned lawmakers, the whips record the responses - yes, lean yes, no, lean no and undecided - have the option of adding a note, and press send.

top

The National Security Letter spy tool has been uncloaked, and it's bad (ArsTechnica, 30 Nov 2015) - The National Security Letter (NSL) is a potent surveillance tool that allows the government to acquire a wide swath of private information-all without a warrant. Federal investigators issue tens of thousands of them each year to banks, ISPs, car dealers, insurance companies, doctors, and you name it. The letters don't need a judge's signature and come with a gag to the recipient, forbidding the disclosure of the NSL to the public or the target. For the first time, as part of a First Amendment lawsuit, a federal judge ordered the release of what the FBI was seeking from a small ISP as part of an NSL. Among other things, the FBI was demanding a target's complete Web browsing history, IP addresses of everyone a person has corresponded with, and records of all online purchases, according to a court document unveiled Monday. All that's required is an agent's signature denoting that the information is relevant to an investigation. "The FBI has interpreted its NSL authority to encompass the websites we read, the Web searches we conduct, the people we contact, and the places we go. This kind of data reveals the most intimate details of our lives, including our political activities, religious affiliations, private relationships, and even our private thoughts and beliefs," said Nicholas Merrill, who was president of Calyx Internet Access in New York when he received the NSL targeting one of his customers in 2004. The FBI subsequently dropped demands for the information on one of Merrill's customers, but he fought the gag order in what turned out to be an 11-year legal odyssey just to expose what the FBI was seeking. He declined to reveal the FBI's target.

top

Open-source software use: A growing concern for general counsels (ABA December 2015) - According to the Black Duck 2015 Future of Open Source Survey , 78 percent of companies use significant amounts of open-source software in their development, and that percentage is steadily rising. While license compliance continues to be top of mind for many lawyers, a related issue-the potential security implications of increased open-source usage-is also now becoming clear. It's critical for general counsels to understand the importance of this emerging challenge, learn what it means for their companies' bottom lines and understand how they can help drive the conversation about open-source security among their company's senior leadership. Acknowledging the increasing role of open source, GCs play a critical part in helping their organizations deploy systems and methods for tracking and managing the open-source code introduced into their organizations. Without a systematic process for identifying and tracking an organization's open-source use, it can be nearly impossible for an organization to know what open source it is using and where and how open-source software is deployed in the code base. This lack of visibility hampers compliance with applicable open-source licenses and, typically, an organization's governance policies. Often, software development groups select and deploy open-source components without proper legal and engineering vetting-which can cause important licensing obligations and code quality and security issues to be overlooked. * * *

top

Do we need a new judicial fast lane to combat trade secret theft? (Eric Goldman, 1 Dec 2015) - I've previously described the Defend Trade Secrets Act as "the most important intellectual property development you aren't paying attention to." The bill would create a new federal trade secret law that would dramatically change trade secret practice throughout the country. Given the importance of trade secrets to most businesses and our economy generally, even minor changes to trade secret law have potentially outsized consequences. Yet, given the bill's implications, the Defend Trade Secrets Act is generating surprisingly little public discussion. Supporting the Defend Trade Secrets Act are a few big businesses (and their representatives) with large trade secret portfolios, who like the idea of getting more powerful tools to squash defendants. Opposing the bill are many academics, who object to a variety of problems with the bill. Virtually everyone else has stayed on the sidelines or is not aware of the bill at all. The Defend Trade Secrets Act includes a proposed new judicial "fast lane" for trade secret owners to pursue trade secret thieves by seizing key assets on an "ex parte" basis, i.e., without telling the person whose assets are going to be seized that a court proceeding is adjudicating their rights. The proposed "fast lane" stands out for several reasons. First, it is doctrinally unprecedented; no other federal or state trade secret law includes a similar ex parte provision. Second, it visually dominates the bill, taking up over 40% of the bill's text. Third, the fast lane would suspend typical due process requirements of giving defendants notice of judicial proceedings against them and an opportunity to be heard in court. Without these due process elements, the risk of judicial errors goes up substantially. Fourth, unless the provision is calibrated perfectly, it will be misused for anti-competitive purposes. I have just published an article, " Ex Parte Seizures and the Defend Trade Secrets Act ," in the Washington & Lee Law Review Online detailing the case against this new judicial fast lane-and against ex parte proceedings in trade secret cases generally. The article highlights several key drafting mistakes, shows how the provision doesn't actually redress its primary use case, and explains why ex parte proceedings in trade secret cases are more problematic than complementary ex parte seizure procedures for trademarks and copyrights. More generally, given the unavoidable "he said/she said" nature of most trade secret litigation, any ex parte procedure in trade secret cases is fraught with unusual peril. That's a good reason to scale back ex parte mechanisms in trade secret cases, not expand them.

top

Hillary Clinton is getting crushed on social media, captured in one word cloud (WaPo, 1 Dec 2015) - * * * Above is a word cloud of all mentions related to Hillary Clinton during the month of November, through midnight Eastern time. The graphic, via our analytics partners at Zignal Labs , does not exactly highlight the kinds of words you want to see if you work at Clinton headquarters in Brooklyn. It's driven by the intense dislike for Clinton by activists on the left and the right, but mainly the right. Their constant drumbeat of criticism overwhelms any positive buzz that the Democratic frontrunner gets from her fans. One negative post on a critical, obscure web site, for instance, got mentioned more than 45,000 times on Twitter. Many of the other Clinton items mentioned most frequently link back to staunchly conservative sites. Democratic challenger Bernie Sanders actually garnered more attention online than Clinton during the past month. The Vermont senator was mentioned more than 2.8 million times across all forms of media, compared with 2.2 million mentions for Clinton. And the Sanders mentions tended to be more positive. A viral Vine video showing a kid's eyes perking up at a rally when the senator calls for removing the federal prohibition on marijuana was shared more than 110,000 times on Twitter alone last month. The clip, posted by a Los Angeles radio station, has now been viewed more than 25 million times: * * *

top

Target will pay banks $39.4 million for data breach losses (Venture Beat, 2 Dec 2015) - Target Corp has agreed to pay $39.4 million to resolve claims by banks and credit unions that said they lost money because of the retailer's late 2013 data breach. The settlement filed on Wednesday resolves class-action claims by lenders seeking to hold Target responsible for their costs to reimburse fraudulent charges and issue new credit and debit cards. Target has said at least 40 million credit cards were compromised in the breach, and that as many as 110 million people may have suffered the theft of personal information such as email addresses and phone numbers. The Minneapolis-based retailer has taken steps to avoid a recurrence, including being among the first U.S. retailers to install microchip-enabled card readers at all stores. Wednesday's settlement calls for Target to pay as much as $20.25 million to banks and credit unions, and $19.11 million to reimburse MasterCard Inc card issuers. Target had reached a similar accord with MasterCard in April, but it was rejected the next month when card issuers deemed the sum too low. The settlement won preliminary approval from U.S. District Judge Paul Magnuson in St. Paul, Minnesota, who called it "fair, reasonable and adequate," court records showed. A hearing on final approval was scheduled for May 10, 2016. Earlier this year, Target agreed to pay Visa Inc card issuers as much as $67 million over the breach and reached a $10 million settlement with shoppers. The latter accord won court approval last month. Last week, Target said it has spent $290 million related to the breach, and expects insurers to reimburse $90 million. It still faces shareholder lawsuits, as well as probes by the Federal Trade Commission and state attorneys general, over the breach.

top

11th Circuit deepens the circuit split on applying the private search doctrine to computers (Orin Kerr at WaPo, 2 Dec 2015) - On Tuesday, the 11th Circuit handed down a new computer search decision, United States v. Johnson , that both sharpens and deepens the circuit split on how the private search doctrine of the Fourth Amendment applies to computers. Johnson isn't a likely candidate for Supreme Court review. But it does leave the private search doctrine in computer searches ripe for Supreme Court review in other cases working their way through the courts. Here's a quick summary of the issue, which I first wrote about in detail in a 2005 article . Because the Fourth Amendment applies only to the government and its agents, the Fourth Amendment is not triggered when private parties not associated with the government conduct searches. When a private party conducts a search and finds evidence of crime, the private party often goes to the police and voluntarily shows the police what she has found. The Supreme Court uses what I have called the "private-search reconstruction" doctrine to regulate what the police are allowed to see without a warrant. The police can reconstruct the private party search, seeing what the private party saw, but they can't exceed the search the private party conducted. On to the important legal question: When a private party searches a computer, sees a suspicious file and reports the finding to the police, what kind of government search of the computer counts as merely reconstructing the private search and what kind of search counts as exceeding the private search? The question comes up frequently in cases involving images of child pornography discovered on a phone, laptop or storage drive. The issue boils down to identifying the right unit of measurement to describe the private search. For example, if the private party saw one file in one folder in the computer, should we say that only the one file was searched, so that the police can see only that one file, and anything else exceeds the private search? If only part of the file was observed, should we say that the police can see only the part of the file that was observed? Alternatively, should we say that the one folder was searched, so the police can see anything in that folder? Or should we say that the entire computer was searched, so the police can search the entire computer? * * *

top

Comcast, NBC add video descriptions to 'The Wiz Live!' (Multichannel, 2 Dec 2015) - Billing it as a first for a live entertainment broadcast show in the U.S., Comcast said it will include video descriptions with NBC's production of The Wiz Live!, an element that will make the show accessible to people who are blind or visually impaired. During NBC's live broadcast, set to start Thursday, Dec. 3 (also the International Day of Persons with Disabilities) at 8 p.m. ET, the video description component will provide a narration track that's included between the natural pauses in dialogue that describes visual elements of show, such as facial expressions, settings, information about costumes, and stage direction (this brief video offers a more thorough explanation). Comcast and NBC, which are partnering with Descriptive Video Works, said the described broadcast of The Wiz Live! is a national pilot program that will be available wherever SAP (secondary audio program) feeds are available. "Comcast's commitment to include video description with the performance of The Wiz Live! is ground-breaking," said Kim Charlson, president of The American Council of the Blind (ACB). "The path to accessibility is a journey of inclusion of all audiences. Just like the yellow brick road is the path to the heartfelt wishes of Dorothy and her friends, the blindness community is very happy to travel on this new path with Comcast and NBC." The effort follows other features and technologies Comcast has launched to help make its video service more accessible to people with disabilities, including a "talking guide" for its X1 platform , a voice-enabled TV menu and interface, and a voice-controlled remote control.

top

Fog computing (Cebe's Claude Baudoin, 3 Dec 2015) - In case you haven't seen this yet, Cisco has created the term "fog computing" for a computing architecture, particularly related to Internet of Things (IoT), in which computing and storage are widely distributed to the "edges" of a network, while communicating with central resources in a traditional data center or in the cloud. An application of the fog computing concept is to discard data captured by a sensor that's within the normal range, and only send abnormal data points to a supervisory system, thus saving bandwidth and central computing and storage resources. Whether "fog computing" will stay is unknown yet. The words make a nice reference to cloud computing, but Cisco's "Internet of Everything" (IoE) has failed to challenge the well-know IoT term.

top

A brief history of technology assisted review (Robert Ambrogi, 3 Dec 2015) - Technology-assisted review (TAR) is now so widely used in e-discovery and so widely accepted by judges that one federal magistrate-judge recently declared it to be "black letter law." But it was only three years earlier when that same judge, Andrew J. Peck, issued the first decision ever to approve the use of TAR. And it has been just five years since the terms "TAR" and "predictive coding" first began to filter into the legal profession's vernacular. So, how did TAR take root among lawyers? And how did it become so widespread so quickly? That is the topic of an article I wrote together with Thomas C. Gricks III, a former e-discovery litigator who is now director, professional services, at Catalyst . The article was recently published by the ABA's Law Technology Today. Find it here: A Brief History of Technology Assisted Review .

top

Court: Breaking your employer's computer policy isn't a crime (EFF, 3 Dec 2015) - The United States Court of Appeals for the Second Circuit issued an opinion rejecting the government's attempt to hold an employee criminally liable under the federal hacking statute-the Computer Fraud and Abuse Act ("CFAA")-for violating his employer-imposed computer use restrictions. The decision is important because it ensures that employers and website owners don't have the power to criminalize a broad range of innocuous everyday behaviors, like checking personal email or the score of a baseball game, through simply adopting use restrictions in their corporate policies or terms of use. The case, United States v. Gilberto Valle , received a lot of attention in the press because it involved the so-called "cannibal cop"-a New York City police officer who was charged with conspiracy to kidnap for posts he wrote on fetish websites about cannibalism. Valle was also charged with violating the CFAA for accessing a police database to look up information about people without a valid law enforcement purpose, in violation of NYPD policy. The jury convicted Valle on all counts, but the trial court reversed the jury's conspiracy verdict, stating that "the nearly yearlong kidnapping conspiracy alleged by the government is one in which no one was ever kidnapped, no attempted kidnapping ever took place, and no real-world, non-Internet-based steps were ever taken to kidnap anyone." The trial court ultimately found that holding Valle guilty of conspiracy to kidnap would make him guilty of thoughtcrime. But the trial court upheld the CFAA conviction. And on appeal, we filed an amicus brief with the Second Circuit, urging the court to overturn the lower court's dangerous ruling. We argued that the lower court's ruling would make criminals out of millions of innocent individuals, and the Second Circuit agreed-throwing out Mr. Valle's CFAA conviction and joining two other federal circuit courts in rejecting the government's attempt to expand the reach of the vaguely worded federal statute.

top

Landlines no longer a "dominant" service (US Telecom, 3 Dec 2015) - The portion of U.S. households using landlines for voice service has fallen below half for the first time, according to the latest data (link is external) on household voice telephony choices from the Centers for Disease Control. This is because more and more American households are cutting the cord for voice services and using only wireless telephones. Based on a USTelecom analysis of the new CDC data, by the middle of 2015 the U.S. likely reached the cross-over point where more than half of telephone households were wireless-only and less than half used landlines. In any case, the U.S. almost certainly will have reached that point by the end of this year. As Federal Communications Commission (FCC) Commissioner Mike O'Reilly suggested in a recent blog (link is external), traditional wireline voice carriers are no longer dominant providers and should not be singled out for more burdensome regulation.

top

The United States Postal Service will now email you your mail (Quartz, 6 Dec 2015) - The US Postal Service is testing a "notification" service that emails customers images of the envelopes of their letter-size mail. The service, called Informed Delivery, will send out an email to customers each morning with that day's mailbox contents. The images are only of the exterior front side, and the mail will not be opened. Informed Delivery has been live in seven Northern Virginia zip codes since 2014 and is now expanding to the New York City metro area, with more coverage planned in 2016. The service is free, but customers have to sign up online . It is not available to businesses and will not apply to packages, though the agency said it may include scans of catalogs and magazines in the future. In 2013, the postal service acknowledged that it photographs every letter and package mailed in the US. The process helps it sort mail, according to the postmaster general. But the USPS has also provided the photos to law-enforcement agencies in criminal cases, including ricin-laced letters sent to US president Barack Obama and Michael Bloomberg, then mayor of New York City. Its mail-tracking program was created after the anthrax attacks in 2001, which killed five people, including two postal workers. [ Polley : This looks "live" now - has anybody had experience with it? I'm not sure I grok the purpose.]

top

CSIRO v. Cisco: The convergence of RAND and non-RAND royalties for Standards-Essential Patents (Patently-O, 7 Dec 2015) - In Commonwealth Scientific and Industrial Research Organisation v. Cisco Systems, Inc . (Fed. Cir., Dec. 1, 2015), the Federal Circuit established important new guidelines for the calculation of "reasonable royalty" damages for standards-essential patents (SEPs), even in the absence of the patent holder's commitment to license on reasonable and nondiscriminatory (RAND) terms. Chief Judge Prost, writing for a panel that also included Judges Dyk and Hughes, found that Chief Judge Leonard Davis of the Eastern District of Texas erred by failing, among other things, to account for the "standard-essential status" of a Commonwealth Scientific (CSIRO) patent infringed by Cisco. The decision signals another important step toward the convergence of "reasonable royalty" damages in RAND and other patent cases. * * *

top

K&L Gates takes CLE on-demand (LegalTech News, 7 Dec 2015) - With platforms like Pandora and YouTube offering content at a whim, the concept of on-demand content has become more of a given than novelty. This led international firm K&L Gates to ask, why can't the same be true for continuing legal education (CLE)? K&L Gates announced on Dec. 7 the launch of its On-Demand CLE Center, a collection of nearly 50 CLE courses accessible by users at any time from both computers and mobile devices. Designed with in-house counsel in mind, the courses offered include recordings of previous programs and provide "accreditation for CLE and continuing education courses in states throughout the U.S.," officials said in a statement. In a conversation with Legaltech News, K&L Gates chief marketing officer Jeff Berardi espoused the virtues of on-demand and easily accessible content for legal professionals. "What we've found is that our clients are just so time pressed [that] they really are looking for something like this," he said. "That's why we provided it to them. And it's not just for clients. It's for anyone who's interested in these subjects, and it's a way for us to build relationships with people." The On-Demand CLE Center functions as an addition to the K&L Gates HUB, providing users with previously recorded sessions that they can listen to at their own convenience. HUB is an offering by the firm that provides a multitude of content that, according to its website, "provides timely insight on critical issues at the intersection of business and law." The content is arranged by industry sector rather than practice group or by the internal structure of a firm, an organizational method that Berardi said was unique for a law firm. Officials said that its content spans more than 30 industry sectors.

top

LegalZoom is acquiring a UK law firm (ABA Journal, 8 Dec 2015) -- LegalZoom has already been approved in the United Kingdom as an alternative business structure. But its expansion plans don't end there. The online legal document company announced plans on Thursday to acquire a U.K. law firm, Beaumont Legal, report Legal Futures , the Law Society Gazette , the Los Angeles Business Journal and the Yorkshire Post . A press release is here. LegalZoom chief executive Craig Holt said the plan is to build "a unique, next generation law firm" that is a blend of technology, lawyers and other expertise. Beaumont Legal is "an important piece of that jigsaw," he said in the press release. Beaumont Legal, known for its conveyancing practice, currently has more than 150 employees. Managing partner Nick Masheder plans to hire additional "forward-thinking, innovative individuals who want to be part of something truly special." The plan is subject to regulatory approval. The acquisition will be funded by private equity, according to the Law Society Gazette.

top

DHS giving firms free penetration tests (Krebs on Security, 8 Dec 2015) - The U.S. Department of Homeland Security (DHS) has been quietly launching stealthy cyber attacks against a range of private U.S. companies - mostly banks and energy firms. These digital intrusion attempts, commissioned in advance by the private sector targets themselves, are part of a little-known program at DHS designed to help "critical infrastructure" companies shore up their computer and network defenses against real-world adversaries. And it's all free of charge (well, on the U.S. taxpayer's dime). KrebsOnSecurity first learned about DHS's National Cybersecurity Assessment and Technical Services (NCATS) program after hearing from a risk manager at a small financial institution in the eastern United States. The manager was comparing the free services offered by NCATS with private sector offerings and was seeking my opinion. I asked around to a number of otherwise clueful sources who had no idea this DHS program even existed. DHS declined requests for an interview about NCATS, but the agency has published some information about the program. According to DHS, the NCATS program offers full-scope penetration testing capabilities in the form of two separate programs: a "Risk and Vulnerability Assessment," (RVA) and a "Cyber Hygiene" evaluation. Both are designed to help the partner organization better understand how external systems and infrastructure appear to potential attackers.

top

New Google Apps feature helps businesses keep sensitive information out of emails (TechCrunch, 9 Dec 2015) - Google is launching a new privacy tool for Google Apps Unlimited users today. The new Data Loss Prevention feature will make it easier for businesses to make sure that their employees don't mistakenly (or not so mistakenly) email certain types of sensitive information to people outside of the company. Businesses that subscribe to this plan for their employees now have the option to turn on this tool and select one of the new predefined rules that, for example, automatically reject or quarantine any email that contains a social security or credit card number. Businesses can choose from these predefined rules and also set up custom detectors (a confidential project keyword, for example). Google says its working on adding more predefined rules, too. Google created a set of pre-defined rules for data like social security numbers in the U.S., Canada and France, driver's license and National Health Service numbers in the U.K., as well as for all credit card numbers, bank routing numbers and Swift codes for bank account numbers. It's worth noting that Google will scan both the email body and attachments for potential matches. Rules can be applied to incoming and outgoing messages. Admins are also able to apply these rules to specific departments and employees. For internal messages, they are also able to add a line like "[Internal Only]" to emails that contain information that would have been rejected if the sender had tried to send this email to an external recipient.

top

RESOURCES

Campus Open-Access Policy Implementation Models and Implications for IR Services (Berkman's E. Duranceau and S. Kriegsman, Dec 2015) - * * * Implementation of campus open-access policies in the United States is still a relatively new-though increasingly widespread-activity. According to the Registry of Open Access Repositories Mandatory Archiving Policies (ROARMAP), U.S. campus policies have grown to include 73 campuses1 (Figure 1), with steady increases since 2009, when the Harvard Faculty of Arts and Sciences adopted the first such policy in the United States. There was particularly dramatic growth in 2013, the last complete year measured. While short summaries of some individual libraries' approaches to implementing these policies have begun to be published, a sense of the overall landscape of policy implementation has only begun to emerge. As more campuses adopt open-access policies, sharing implementation methods and models is increasingly critical. As Shannon Kipphut-Smith notes in her summary of Rice University's implementation experience, libraries faced with the need to set up brand-new procedures find themselves in a "nuanced" environment without a roadmap. Their library, like others implementing policies, "had never before conducted activities similar to the implementation of the OA policy," so they found that "practically every activity has been experimental." Here, in attempt to build that needed roadmap, we provide a snapshot of the open- access policy implementation landscape by evaluating data from a survey of Coalition of Open Access Policy Institutions (COAPI) and characterizing each library's OA policy implementation models for its campus. * * *

top

The First Amendment right of college athletes to use social media (MLPB, 1 Dec 2015) - Meg Mary Margaret Penrose, Texas A&M University School of Law, has published Sharing Stupid $H*T with Friends and Followers: The First Amendment Rights of College Athletes to Use Social Media at 17 SMU Science and Technology Law Review 449 (2014). Here is the abstract: This paper takes a closer look at the First Amendment rights of college athletes to access social media while simultaneously participating in intercollegiate athletics. The question posed is quite simple: can a coach or athletic department at a public university legally restrict a student-athlete's use of social media? If so, does the First Amendment provide any restraints on the type or length of restrictions that can be imposed? Thus far, neither question has been presented to a court for resolution. However, the answers are vital, as college coaches and athletic directors seek to regulate their athletes in a constitutional manner.

top

A Guide To Broadcasters' Obligations During Election Campaigns (Benton Foundation, 4 Dec 2015) - Now that NBC stations have reportedly given free air time to five Republican presidential candidates because of Donald Trump's recent appearance on "Saturday Night Live"(1), this is a good time to take a look at the Federal Communications Commission's regulation of political broadcasting matters. Some of these requirements can get very complicated, so this is necessarily a broad overview which does not deal with many details that arise in the implementation of these principles. There are two important preliminary points. First, although this post refers to "broadcasters," some of these rules also apply to satellite services DishTV and DirecTV and to the local operations of cable systems. For the sake of simplicity, this post will not deal with these circumstances. Second, there is a tendency to focus upon major federal elections, especially Presidential races. In fact, many of the most important applications of these rules are at the local level, especially in smaller communities, where a local station can have a powerful influence over city council, mayoral and similar races. * * *

top

FUN

Check out our 2015 gifts for lawyers (gallery) (ABA Journal, 10 Dec 2015) - What should you get for the lawyer in your life? Are they a tech geek? A fashion plate? A bookworm? A beer connoisseur? We've combed the Internet to find a wide variety of options for the 2015 holiday season, and compiled them into the 2015 Gifts for Lawyers photo gallery . Want further ideas? Our Gifts for Lawyers Pinterest board may just have what you're looking for. We also published an ad supplement in the December 2015 issue of the ABA Journal, full of other ideas. [ Polley : pretty cool list.]

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Sue companies, not coders (Bruce Schneier, 20 Oct 2005) -- At a security conference last week, Howard Schmidt, the former White House cybersecurity adviser, took the bold step of arguing that software developers should be held personally accountable for the security of the code they write. He's on the right track, but he's made a dangerous mistake. It's the software manufacturers that should be held liable, not the individual programmers. Getting this one right will result in more-secure software for everyone; getting it wrong will simply result in a lot of messy lawsuits. To understand the difference, it's necessary to understand the basic economic incentives of companies, and how businesses are affected by liabilities. In a capitalist society, businesses are profit-making ventures, and they make decisions based on both short- and long-term profitability. They try to balance the costs of more-secure software -- extra developers, fewer features, longer time to market -- against the costs of insecure software: expense to patch, occasional bad press, potential loss of sales. The result is what you see all around you: lousy software. Companies find that it's cheaper to weather the occasional press storm, spend money on PR campaigns touting good security, and fix public problems after the fact than to design security right from the beginning.

top

Shareholders sue Choicepoint (ComputerWorld, 7 March 2005) -- Shareholders are suing ChoicePoint Inc. and its top executives after the company's share price fell sharply following news that identity thieves had gained access to personal information about some U.S. residents that was held by the personal data vendor. A class-action lawsuit has been filed in U.S. District Court for the Central District of California on behalf of those who bought ChoicePoint shares between April 22, 2004, and March 3, 2005, Radnor, Pa.-based law firm Schiffrin & Barroway LLP said in a statement Friday. The suit charges Alpharetta, Ga.-based ChoicePoint and three top executives with keeping key information from the public in an effort to artificially inflate the price of the company's stock. Specifically, the suit alleges that the defendants knew that ChoicePoint's measures to protect its data were inadequate, that the company knew it was selling data to illegal enterprises, that security breaches had occurred twice before and that the company had exposed more than 500,000 people to the threat of identity theft, according to the statement. The suit seeks to recover damages for the shareholders.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. Steptoe & Johnson's E-Commerce Law Week

8. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

9. The Benton Foundation's Communications Headlines

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

Saturday, November 21, 2015

MIRLN --- 1-21 Nov 2015 (v18.16)

MIRLN --- 1-21 Nov 2015 (v18.16) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | PODCASTS/MOOCS | RESOURCES | LOOKING BACK | NOTES

Cops are asking Ancestry.com and 23andMe for their customers' DNA (Fusion.net, 16 Oct 2015) - When companies like Ancestry.com and 23andMe first invited people to send in their DNA for genealogy tracing and medical diagnostic tests, privacy advocates warned about the creation of giant genetic databases that might one day be used against participants by law enforcement. DNA, after all, can be a key to solving crimes. It "has serious information about you and your family," genetic privacy advocate Jeremy Gruber told me back in 2010 when such services were just getting popular. Now, five years later, when 23andMe and Ancestry both have over a million customers, those warnings are looking prescient. "Your relative's DNA could turn you into a suspect," warns Wired , writing about a case from earlier this year, in which New Orleans filmmaker Michael Usry became a suspect in an unsolved murder case after cops did a familial genetic search using semen collected in 1996. The cops searched an Ancestry.com database and got a familial match to a saliva sample Usry's father had given years earlier. Usry was ultimately determined to be innocent and the Electronic Frontier Foundation called it a " wild goose chase " that demonstrated "the very real threats to privacy and civil liberties posed by law enforcement access to private genetic databases." The FBI maintains a national genetic database with samples from convicts and arrestees, but this was the most public example of cops turning to private genetic databases to find a suspect. But it's not the only time it's happened, and it means that people who submitted genetic samples for reasons of health, curiosity, or to advance science could now end up in a genetic line-up of criminal suspects. Both Ancestry.com and 23andMe stipulate in their privacy policies that they will turn information over to law enforcement if served with a court order. 23andMe says it's received a couple of requests from both state law enforcement and the FBI, but that it has "successfully resisted them." 23andMe's first privacy officer Kate Black, who joined the company in February, says 23andMe plans to launch a transparency report, like those published by Google, Facebook and Twitter, within the next month or so. The report, she says, will reveal how many government requests for information the company has received, and presumably, how many it complies with. ( Update: The company released the report a week later.) * * * If the idea of investigators poking through your DNA freaks you out, both Ancestry.com and 23andMe have options to delete your information with the sites. 23andMe says it will delete information within 30 days upon request.

top

3D printed organs face uncertainty in patent law language (3D Print, 21 Oct 2015) - Nothing is ever as simple as it seems. With over 100,000 people on waiting lists at any given time for organ transplants in the United States alone, the possibility that organs will be able to be 3D printed seems heaven sent. We've seen the dramatic contributions 3D printing has made to other areas of medicine and to someone waiting for a life saving transplant procedure, the only question is simple and straightforward: 'how quickly can we perfect this?' Assuming that something as complex as printing human organs might actually be within the realm of possibilities, however, doesn't mean that there aren't external roadblocks. One of those comes in the form of patent laws. Yes, you read that right. The key here is that the development of the processes and technology that will be required to execute such a complex task requires a great deal of capital investment. A lot of money needs to be poured into the research and there is no guarantee of success. This means that if Company X invests hundreds of millions of dollars in technology development, they will want to have exclusive rights to sell that technology, something that is guaranteed by a patent. Patents in the case of medicine are not new-pharmaceutical companies use them to protect their own research and development investments-instead it is the nature of the patent that is so unusual. When printing human organs, however, you enter into a new and rarely before explored area of patent law will require a great deal of trial and error refinement. Current patent law states that "no patent may issue on a claim directed to or encompassing a human organism." This language in the patent law was introduced in 2011 and so you might be tempted to think that it must be all cleared up and spelled out in great detail. Unfortunately that isn't the case. In fact, there isn't even any definition of what constitutes a 'human organism' something that could range from a single cell to any one of us. Having such lack of precision in the statue will cause patent lawyers to have to tell their clients that they simply cannot determine whether or not the advances they make in the 3D printing of human organs will be something that they will be able to patent. The ambiguity in the code will require a number of decisions on the parts of the courts in order to clarify. That is a process that will take no small amount of time. Instead, it will undoubtedly slow down both the access to funding for this research, as investors face an even more uncertain future for returns, and the implementation of the technologies themselves as their status gets tied up in lengthy legal maneuvers.

top

Attorney-Client privilege and work-product doctrine upheld for materials associated with internal data breach investigation (Hunton & Williams, 27 Oct 2015) - On October 23, 2015, the United States District Court for the District of Minnesota, in large part, upheld Target's assertion of the attorney-client privilege and work-product protections for information associated with a privileged, internal investigation of Target's 2013 data breach. The plaintiffs contended that the challenged information was not protected by the attorney-client privilege or the work-product doctrine because "Target would have had to investigate and fix the data breach regardless of any litigation, to appease its customers and ensure continued sales, discover its vulnerabilities, and protect itself against future breaches." Target countered that there was a two-track investigation. The first track was an ordinary-course-of-business investigation, involving, among other things, a forensic investigator's non-privileged report for the card brands. The second track, part of which included a different team from the same forensic investigator, was created at the request of Target's in-house lawyers and its retained outside counsel. The purpose of the second-track investigation was to educate the attorneys about aspects of the breach so that they could provide Target with informed legal advice. Although the same forensic investigator was used for both tracks, Target explained that it only claimed privilege and work-product protections for certain information related to the second-track investigation. Target provided evidence that the forensic teams did not communicate with each other about the substance of the second-track, attorney-directed investigation. After an in-camera inspection, the court found that the majority of the information was shielded from disclosure. The most notable findings were: * * *

top

Time Warner Cable wants to end the hated set-top box once and for all (WaPo, 29 Oct 2015) - Time Warner Cable has a plan to kill the set-top box -- that clunky piece of equipment that many cable companies force you to rent for hundreds of dollars a year. The company has been testing a version of a streaming video app in New York City this week, and although it's a limited trial run, TWC chief executive Rob Marcus has much wider ambitions for the service. "Where we're headed," Marcus said on an investor call Thursday, "is the ability of customers to access the complete video product without having to rent a set-top box from us, whether they use a Roku or another [Internet Protocol]-enabled device." Ultimately, TWC customers will be able to get all the same channels through the app that they currently get through their physical set-top box. While some companies may envision keeping the box around while also offering a streaming app, TWC believes it could save a lot of money by not having to pay for and rent out boxes at all (not to mention the time-consuming installation service that comes with it).

top

- and -

Jury: Cox illegally forced customers into renting its set-top box (WaPo, 30 Oct 2015) - A federal jury in Oklahoma has awarded $6.31 million to a group of cable TV customers after it found that Cox Communications broke federal antitrust law. Cox unfairly forced customers to rent its set-top box as a condition of receiving premium cable service, the jury ruled. Refusing the box meant being unable to access Cox's interactive channel guide and on-demand video, according to the original complaint . Not only did tying premium service to set-top boxes limit features for subscribers who wanted to use third-party boxes, but Cox unfairly profited from customers who rented its own set-top box (and may have been forced into the decision against their will), according to the class action. A congressional probe this year found that consumers pay more than $230 a year renting set-top boxes from their cable companies.

top

Public company boards increase time & resources on cyber-security, yet lack mitigation strategies (BDO, October 2015) - According to a new survey by BDO USA, LLP, one of the nation's leading accounting and consulting organizations, more than two-thirds (69%) of public company board members report that their board is more involved with cybersecurity than it was 12 months ago and a similar percentage (70%) say they have increased company investments to defend against cyber-attacks during the past year, with an average budget expansion of 22 percent. Despite this increase in awareness and resources, just one-third (34%) of corporate directors report that they have documented and developed solutions to protect their business's critical digital assets. Moreover, less than half (45%) have a cyber-breach response plan in place and only one-third (35%) of directors say their company has developed cyber-risk requirements for their third-party vendors. [ Polley : Spotted by MIRLN reader Gordon Housworth ]

top

Trying to crack open Congress's confidential think tank after a century of secrecy (WaPo, 29 Oct 2015) - The secrecy that has traditionally surrounded Congress's in-house think-tank is under fire from advocates of open government, who argue that the research conducted on major issues of public policy - from environmental protection to immigration - should at long last be made public. For 101 years, the Congressional Research Service has conducted studies for members of the Senate and House, and the findings have remained confidential unless the lawmakers release the research themselves. The aim is to allow senators and House members to pursue potentially controversial issues without fear of criticism from political opponents. Sometimes lawmakers request the studies; sometimes researchers do them in anticipation of congressional interest. The secrecy of the work conducted by the 400 analysts of the CRS was underscored this fall in a "policy statement" circulated to staff, urging confidentiality to maintain good relations with lawmakers. But a coalition of librarians, open-government advocates and advocates against wasteful spending, who are pressing for an end to what they call excessive secrecy in Congress's research arm, which operates with a $100 million annual budget. "We believe Congress should provide a central online source for timely public access to CRS reports," a group of retired and former research service employees and dozens of open government groups wrote last week in a letter to Congressional leaders. "That would place all members of the public on an equal footing to one another with respect to access." The group said some support to members of Congress should remain under wraps through briefings and memos. But the advocates said the public is denied access to a large body of research that, while available to congressional staff, lobbyists and some journalists, through leaks "with no expectation of confidentiality," never makes it to the public.

top

- and -

Language of protest (InsideHigherEd, 2 Nov 2015) - All six editors and all 31 editorial board members of Lingua, one of the top journals in linguistics, last week resigned to protest Elsevier's policies on pricing and its refusal to convert the journal to an open-access publication that would be free online. As soon as January, when the departing editors' noncompete contracts expire, they plan to start a new open-access journal to be called Glossa. The editors and editorial board members quit, they say, after telling Elsevier of the frustrations of libraries reporting that they could not afford to subscribe to the journal and in some cases couldn't even figure out what it would cost to subscribe. Prices quoted on the Elsevier website suggest that an academic library in the United States with a total student and faculty full-time equivalent number of around 10,000 would pay $2,211 for shared online access, and $1,966 for a print copy. Under "bundling," in which academic libraries buy many journals together, the total could be less, but the journal might also not make the cut in the decisions of a library under pressure to buy access to journals in many disciplines. And many libraries complain that bundling doesn't create true savings, as the bundles include many journals they don't want. [ see also Elsevier battle escalates (InsideHigherEd, 6 Nov 2015); and Elsevier says downloading and content-mining licensed copies of research papers 'could be considered' stealing (TechCrunch, 18 Nov 2015)]

top

- and -

Artificial-intelligence institute launches free science search engine (Nature, 2 Nov 2015) - With Google Scholar, PubMed, and other free academic databases at their fingertips, scientists may feel they have plenty of resources to trawl through the ever-growing science literature. But a search engine unveiled on 2 November by the non-profit Allen Institute for Artificial Intelligence (AI2) in Seattle, Washington, is working towards providing something different for its users: an understanding of a paper's content. "We're trying to get deep into the papers and be fast and clean and usable," says Oren Etzioni, chief executive officer of AI2. The free product, called Semantic Scholar , is currently limited to searching about 3 million open-access papers in computer science. But the AI2 team aims to broaden that to other fields within a year, Etzioni says. His team is well financed: AI2 was founded and is backed by Microsoft co-founder Paul Allen, who has given the institute more than US$20 million since 2013. Semantic Scholar offers a few innovative features, including picking out the most important keywords and phrases from the text without relying on an author or publisher to key them in. "It's surprisingly difficult for a system to do this," says Etzioni. The search engine uses similar 'machine reading' techniques to determine which papers are overviews of a topic. The system can also identify which of a paper's cited references were truly influential, rather than being included incidentally for background or as a comparison. "That's a really good feature," says Jose Manuel Gomez-Perez, who works on search engines and is director of research and development in Madrid for the software company Expert System. Semantic Scholar also extracts figures from the papers to present in the search result.

top

- and -

Academia, a social network for scientific studies, looks to score the best papers (TechCrunch, 4 Nov 2015) - It took three years for Richard Price, a PhD in philosophy, to get a paper published. The slow speed of that inspired him to start what is essentially a social network called Academia , where academics can publish their papers and have them reviewed by other experts called editors. Now, Price wants to take the next step to surface the best papers with a score. It's called PaperRank, and it's a way to help academics quickly determine the quality and validity of a paper. Experts can already recommend and make comments on papers as a sort of live peer review process, but now those recommendations fit into an algorithm that helps rank the paper. "In the journal model, the editor of the journal is a paid employee of the journal. They go and email a couple people and say, can you peer review this?" Price said. "And then they do it for free. It's just a sniff test. It's reading it and saying, yeah, I recommend it. What we thought was, what does peer review look like when you have a network, and that's what we tried to build." The number of recommendations a paper has and the scores of the authors recommending the paper determine the paper's rank. It's a shot at basically distributing the credentialing process across an entire network, rather than relying on editors emailing various expects to peer review the paper before it ends up in a journal. It's not entirely dissimilar to Google's PageRank in terms of the mathematics, Price said, though there are some more nuanced differences.

top

The trust machine (The Economist, 31 Oct 2015) - Bitcoin has a bad reputation. The decentralised digital cryptocurrency, powered by a vast computer network, is notorious for the wild fluctuations in its value, the zeal of its supporters and its degenerate uses, such as extortion, buying drugs and hiring hitmen in the online bazaars of the "dark net". This is unfair. Among regulators and financial institutions, scepticism has given way to enthusiasm (the European Union recently recognised it as a currency). But most unfair of all is that bitcoin's shady image causes people to overlook the extraordinary potential of the "blockchain", the technology that underpins it. This innovation carries a significance stretching far beyond cryptocurrency. The blockchain lets people who have no particular confidence in each other collaborate without having to go through a neutral central authority. Simply put, it is a machine for creating trust. * * * [ Polley : Excellent, readable article.]

top

Balancing privacy with data collection in Allstate mobile app (CSO Online, 2 Nov 2015) - Allstate Insurance Co. developed Drivewise, a usage-based insurance (UBI) program, to collect telematics information about customers' driving behavior, such as braking, speed and driving time of day. Originally enabled by a device that plugs into a customer's vehicle, the company has since developed Drivewise Mobile. This app collects the same information via a driver's smartphone as long as the phone is in the vehicle. Although other insurance companies have similar telematics offerings, Allstate is the first major insurer to collect telematics information exclusively through a smartphone app. The app also allows Allstate to have a more interactive experience with its customers. Allstate says it currently has 820,000 customers actively participating in its Drivewise program. Ginger Purgatorio, vice president of Allstate's Drivewise program, acknowledges that there were challenges to getting Drivewise up to full speed. * * * Allstate had created a device that plugged directly into a port underneath a vehicle's steering column, explains Purgatorio. Similar to other insurance companies, that device fed information about the driver's driving habits back to Allstate, which use the data to come up with a score that could influence that driver's insurance costs. But Allstate wanted to share more of that driving information with the drivers themselves, Purgatorio explains, so in 2010 the company created a web interface that allowed customers to log in and see details about their driving practices. That helped connect Allstate with its customers on a whole new level, Purgatorio says, but it still required initiative on the customers' part. So company leaders had the idea to develop Drivewise Mobile, which provides not only details about the driver's driving habits but delivers related information in near real-time right to the driver's smartphone. * * *

top

Half of US companies have already filed a cyber insurance claim, driving up rates (Insurance Business, 6 Nov 2015) - More than half of US businesses now carry some form of cyber insurance coverage - and a new report from Wells Fargo suggests they're using it. According to a study of 100 middle market companies and large corporations, 85% of respondents carry cyber and data privacy policies and nearly half (44%) have already filed a claim as a result of a breach. Unfortunately, that influx of probable payouts is likely to push coverage costs even higher. Already, the recent rash of high-profile hacking events and data breaches has triggered significant premium increases and heightened deductibles among cyber insurers. Average rates for retailers jumped 32% during the first half of 2015 alone, and many healthcare companies are seeing their premiums triple at renewal time. Deductibles, meanwhile, are now reaching into the $25 million territory for coveted $100 million policies. This is a problem for insurance agents, who already struggle to sell large cyber policies to businesses wary of the price tag. In fact, the Wells Fargo survey reveals that among midsize corporations, a full 42% say their biggest challenge when purchasing coverage is cost.

top

TPP will ban rules that require source-code disclosure (BoingBoing, 6 Nov 2015) - As we pick through the secret, 2,000-page treaty , we're learning an awful lot of awfulness, but this one is particularly terrible. As software becomes more tightly integrated into cars and buildings and medical devices (and everything else), many governments have enacted procurement policies requiring contractors to disclose and/or publish the sourcecode of the products they supply to public bodies. For example, if Volkswagen were to supply a fleet of diesels to the National Parks Service, the government might tell them that they have to turn over their source-code so that it can be audited for "defeat devices," or Chrysler might have to disclose source on their jeeps before they're sold to the Army, which could result in them being made secure against over-the-Internet attacks on steering and brakes. If this sounds weird, think of other kinds of procurement. If a government commissions a private contractor to produce a building, the contractor wouldn't be allowed to keep the mathematics used to calculate load-stresses a secret (even if having proprietary engineering principles could make the firm for money). The firmware for an engine or an HVAC system could render cars and buildings unusable or even deadly -- why should public money be spent on infrastructure produced with secretive and opaque methodologies? As we saw with the VW "defeat device," disclosure and publication of software is also necessary for a thorough evaluation of regulated devices, like emissions systems. It would be reasonable for regulators to demand that source code for these sorts of devices be made available for public inspection as a condition of approval for use within a nation's borders. Under TPP, such requirements will be banned. The article in question could well have been written by a Microsoft lobbyist. It carves out "critical infrastructure" (power plants), but leaves intact cars, HVAC, medical devices, and even databases used to store sensitive public information. * * *

top

US tries, and fails, to block "import" of digital data that violates patents (Ars Technica, 10 Nov 2015) - A federal appeals court today struck down an International Trade Commission (ITC) ruling in a patent case that attempted to block electronic transmissions of digital data from overseas. The ITC's authority to prevent importation of "articles" applies only to material things, not digital transmissions, the US Court of Appeals for the Federal Circuit ruled. (Consumer advocacy group Public Knowledge posted the ruling's text .) "The Commission's decision to expand the scope of its jurisdiction to include electronic transmissions of digital data runs counter to the 'unambiguously expressed intent of Congress,'" Chief Circuit Judge Sharon Prost wrote for the court in a 2-1 decision. "This decision is a big win for the open Internet," said Charles Duan, director of Public Knowledge's Patent Reform Project. "By rejecting the ITC's attempt to expand its jurisdiction, the Federal Circuit helps to ensure that Internet users have unfettered access to the free flow of information that has proved so useful for innovation and free expression." The case began with Align Technology alleging that ClearCorrect violated patents related to orthodontic appliances known as aligners, which are placed on patients' teeth in order to straighten them. ClearCorrect's process for making the aligners involves facilities in both the US and Pakistan, which is where the digital importation comes in. "ClearCorrect US scans physical models of the patient's teeth and creates a digital recreation of the patient's initial tooth arrangement," today's ruling explained. "This digital recreation is electronically transmitted to ClearCorrect Pakistan, where the position of each tooth is manipulated to create a final tooth position." ClearCorrect Pakistan then creates digital data models and "transmits these digital models electronically to ClearCorrect US. ClearCorrect US subsequently 3D prints these digital models into physical models." [ see also Federal Circuit bites back against USITC expansion into electronic importation (Patently-O, 10 Nov 2015)]

top

T-Mobile will let customers stream HBO, Netflix And ESPN without racking up data charges (Re/Code, 10 Nov 2015) - T-Mobile will allow some subscribers to stream video from 24 popular services without burning through their data caps. The nation's third-largest wireless carrier is looking to gain competitive advantage over rivals Sprint, AT&T and Verizon by giving its customers the ability to stream videos on their smartphones and tablets without generating data charges. Subscribers can choose among popular streaming services including Netflix, HBO Now, HBO Go, Watch ESPN, Fox Sports and Hulu. Notable omissions from the list include YouTube, the world's biggest video site, and Facebook and Snapchat, both of which have made big pushes into video in the last year. "Video streams free," T-Mobile CEO John Legere said Tuesday. "Binge on. Start watching your shows, stop watching your data." Legere's offer applies to customers who pay for at least three gigabytes of data a month. The promotion is certain to generate complaints from critics who think it violates net neutrality principles, and implicitly favors video services that have agreements with T-Mobile. But Legere brushed aside net neutrality concerns, arguing that his carrier will treat all video services equally when it comes to delivering their data. [ Polley : and, a few days later: Comcast launches streaming TV service that doesn't count against data caps (ArsTechnica, 19 Nov 2015)]

top

Microsoft seeks to dispel cloud mistrust in Europe with German trustee model (TechCrunch, 11 Nov 2015) - Microsoft has moved to dispel European mistrust of U.S.-operated cloud services by announcing a plan to offer cloud services, including Azure, Office 365 and Dynamics CRM Online, from data centers in Germany that are also operated by a third party company - in a so called trustee model. Commenting on the launch in a statement, CEO Satya Nadella, said the trustee model will offer customers in German and Europe "choice and trust in how their data is handled and where it is stored". The forthcoming Microsoft Cloud in Germany will be offered to customers of its cloud services as another option for local data storage, with Microsoft name-checking target sectors with particular concerns for the security of data, such as finance, health and the public sector. It also noted a 2015 BITKOM study which found a large majority (83 per cent) of German enterprises expect a cloud provider to operate local data centers in Germany. Microsoft said its 'cloud in Germany' will launch in the second half of 2016, and will be operated under German law by T-Systems, a subsidiary of telco Deutsche Telekom. The two data centers will be based in Magdeburg and Frankfurt am Main, with Microsoft stressing this "data trustee" model means it will not have any access to customer data without the consent of the trustee, and that it cannot therefore be compelled - "even by a third party" - to hand over customer data.

top

ALM/LEXIS deal good news for some, but not for others (Robert Ambrogi, 11 Nov 2015) - Legal news company ALM and legal research company LexisNexis this week announced an expansion of their content licensing agreement that is good news for LexisNexis subscribers but not so good news for the rest of the legal community. Since 2011, LexisNexis has had the exclusive license to archived content from all ALM publications, which include The American Lawyer, Corporate Counsel, The National Law Journal, Legaltech News, the Law.com website, and a number of other regional and specialty publications. Yesterday's announcement extends this relationship for an unspecified term and also opens opportunities for direct integration of ALM content into LexisNexis legal research products. According to the press release , the way ALM content is delivered through LexisNexis Newsdesk will be streamlined so it is delivered directly from ALM. Direct integration will also mean that case law references within ALM online publications will link directly to the actual cases in Lexis Advance, according to the release. LexisNexis users will be able to use a single password to access all LexisNexis and ALM content. All of which is good news if you happen to be a LexisNexis subscriber. However, if you are not, it means that you will be shut out of the archives of the most extensive legal news organization in the country. Even ALM's own paid subscribers will not have access to ALM content after it has been online for 180 days. Any legal news reported in an ALM publication will effectively disappear after six months to anyone who is not a LexisNexis subscriber. According to Lenny Izzo, president of ALM's Legal Media Division, LexisNexis gets all the ALM content as it is published on ALM's sites. The content remains available on ALM sites for 180 days, after which only a brief abstract is viewable with a referral link to the full text in LexisNexis. LexisNexis is the exclusive provider for ALM archived content older than 180 days.

top

Lawyer who photographed and tweeted evidence from trial may face sanctions (ArsTechnica, 12 Nov 2015) - A Chicago lawyer who took photos and tweeted them from a federal courthouse is in serious hot water. US District Chief Judge Ruben Castillo has ordered (PDF) Vincent "Trace" Schmeltz III to appear in his courtroom later this month and explain why he shouldn't face sanctions. Chicago-based ethics lawyers told the National Law Journal that Schmeltz could face a censure, reprimand, or fine. He could also be subject to separate discipline from state officials who regulate the bar. Schmeltz took the photos last month during the United States v. Coscia trial, a closely watched case that involved the first trial over what's called "spoofing," a term for buying a futures contract with the intent of canceling it later. On November 3, Michael Coscia, a high-frequency trader at the Chicago Mercantile Exchange, was convicted by a jury on 12 counts of fraud and spoofing. During the trial, Schmeltz tweeted and blogged updates of what was happening, according to the order. On October 28, he published nine tweets, each one including a photograph of evidence shown in court. One such tweet read: "Coscia averaging over 10k in profits a day when manually doing what he wanted his algos to do. #HFT #cosciatrial" An FBI special agent who was observing the trial saw Schmeltz using a "handheld device" to take photographs of the evidence being displayed on courtroom monitors. Later, court officials looked over the tweets that Schmeltz had posted on his Twitter account, @TraceSchmeltz. The tweets have since been deleted. The order to show cause points out that US District Judge Harry Leinenweber, who oversaw the Coscia trial, didn't allow any use of "text-based technology" in court. A four-foot sign posted outside his courtroom reminded visitors that "PHOTOGRAPHING, RECORDING OR BROADCASTING IS PROHIBITED." Rules on devices vary among federal courthouses. In Chicago, devices may be brought into court, but audio or visual recording is prohibited. Other federal courts don't allow devices to be brought in at all. Schmeltz didn't respond to inquiries from NLJ , but earlier in the week he told The Chicago Tribune that he simply hadn't noticed the signage, and it was one of his first times in court on a case that wasn't his own. He only photographed evidence on-screen, not witnesses or jurors, he noted. "I'm not used to being a spectator," Schmeltz told the newspaper. "It's a lesson learned on my part."

top

As celebrities impose photography restrictions, news organizations push back (Poynter, 12 Nov 2015) - The changing power dynamic between news outlets and stars might be behind the recent rise of restrictive photography contracts concocted by musicians seeking ever-greater control over their likenesses as they tour the U.S. In the last year alone, several prominent performers - including Taylor Swift, the Foo Fighters and Janet Jackson - have clashed with the media after imposing strict rules that would strip news photographers of rights to their own images. A new frontier in this battle opened earlier today when a group of journalism advocacy organizations issued an open letter to performers protesting the onset of onerous photography contracts. The letter, which Poynter is a signatory to, calls on artists to collaborate with journalists to draft mutually beneficial photo contracts and abandon conditions that would infringe on photographers' rights: Photos and videos have never been treated as a subject's intellectual property under U.S. Copyright law. They are always owned by the photographer or his/her employer. Demands for full or partial ownership equate to the taking of our members' work in exchange for a glimpse of a performer's. More than 10 organizations, including the National Press Photographers Association, the American Society of News Editors, the Society of Professional Journalists and the Online News Association, have signed the letter, which also calls on performers to do away with provisions that require photographers to submit photos for approval before they can be published. Today's letter was preceded by controversy stemming from the photography agreement for Jackson's "Unbreakable" Tour. The contract allows photographers just 30 seconds to shoot her concert and requires them to forego rights to their images . The dispute over these contracts gets to the heart of the press' right to publish true and accurate images, said Mickey Osterreicher, the lawyer for the NPPA. Provisos that allow celebrities to pick and choose which photos readers see amounts to permitting them to filter reality.

top

Ethical and risk management issues for law firms that adopt a "BYOD" approach to mobile technology (Steven Puiszis in the ABA's Journal of the Professional Lawyer, Nov 2015) - The BYOD trend has slowly made its way to the legal profession. BYOD has become a viable option for lawyers and law firms for several reasons. First, it theoretically limits a law firm's capital outlays and investment costs as the firm's lawyers purchase the devices on their own. * * * The proliferation of mobile devices, however, triggers a number of unique risks for lawyers and law firms, especially in light of our ethical obligation to competently safeguard client information under the Model Rules of Professional Conduct. Superimposed on a lawyer's ethical duty to safeguard client information are the statutory obligations imposed by state and federal laws and regulations to protect various categories of personally identifying information, non-public financial information and protected health information. * * * This article will outline the ethical risks triggered by BYOD and provide suggestions towards developing a comprehensive data security policy for mobile de- vices that will help mitigate the risks posed by the adoption of a BYOD approach to mobile technology. Part II addresses the impact of technology on the legal profession and discusses how technology has fundamentally altered the delivery of legal services. Part III reviews the lawyer's duty of competence and addresses how that duty includes knowing the risks and benefits of technology and what that ethical duty entails. Part IV outlines the various risks triggered by the adoption of a BYOD approach to mobile technology. Part V addresses a lawyer's ethical duty to safeguard information and communications against technology-based risks, and Part VI outlines a law firm's obligation to have measures in place that provide reasonable assurance that its lawyers are conforming to the Rules of Professional Conduct and that the conduct of its non-lawyer assistants is compatible with those professional obligations. Part VI also includes a discussion of ethics opinions addressing cloud computing because mobile devices and the cloud go hand in hand. Part VII of this article provides recommendations for law firms adopting a BYOD approach to mobile technology, and this article concludes with a sample policy addressing data security for mobile devices in Part VIII.

top

Pentagon purges HTML from .mil emails (FCW, 12 Nov 2015) - The Pentagon is tightening the screws on its campaign to improve email security. A department-wide policy will soon be in effect to render Web links unclickable in emails to .mil addresses, Richard Hale, DOD deputy CIO for cybersecurity, told FCW. The move adds an extra layer of security to anti-phishing measures already in place at the Pentagon. The new policy, which was coordinated between Hale's office and U.S. Cyber Command, has been rolled out gradually and is already in place for much of the .mil domain, Hale said. For at least some users, outside emails are being flagged in the subject line as coming from a "Non-DOD Source." Hale told FCW that after reviewing a series of anti-phishing measures already in place, officials decided that a more stringent approach was needed. "For years we have had an email policy that says we will not render HTML email," he said, but certain email clients still include active links in their emails.

top

Beneath New York Public Library, shelving its past for high-tech research stacks (NYT, 15 Nov 2015) - As they skate or snack in Bryant Park, visitors might dismiss the stately New York Public Library next door as a dog-eared relic in an age of digital information. But unbeknown to most of them, 17 feet below ground, in a concrete bunker worthy of the White House, the library is expanding and updating one of the most sophisticated book storage systems in the world. Since March, after abandoning a much-criticized plan to move the bulk of its research collection to New Jersey, the library has been working instead to create a high-tech space underground for the 2.5 million research works long held in its original stacks. The books will begin arriving in April, and by the end of spring library officials expect to be using a new retrieval system to ferry the volumes and other materials from their 84 miles of subterranean shelving, loaded into little motorized carts - a bit like miniaturized minecars carrying nuggets of research gold. To fit all the books in the allotted space, the library will have to abandon its version of the Dewey Decimal System , in which shelving is organized by subject, in favor of a new "high-density" protocol in which all that matters is size. Books will be stacked by height and tracked by bar code rather than by a subject-based system. Librarians nationwide are embracing size-based systems as they retool their research collections, which unlike books that circulate, cannot leave the premises or be browsed by hand. "It's a lot better," said Carolyn Broomhead, the library's research community manager. "Things don't get squished together and are much easier to find and track." Soon, just below where skaters sip cocoa, a nerve center of librarians, curators and clerks, working at computer terminals in a constant 65-degree environment (with 40 percent humidity), will receive electronic requests for the research books and other items. The retrieval system aims to get the materials from shelf to scholar in less than 40 minutes.

top

Feds bugged steps of Silicon Valley courthouse (Ars Technica, 17 Nov 2015) - Defense attorneys have asked a federal judge to throw out more than 200 hours of conversations FBI agents recorded using hidden microphones planted near the steps of a county courthouse in Silicon Valley. The lawyers are representing defendants accused of engaging in an illicit real estate bid-rigging and fraud conspiracy. The steps to the San Mateo County courthouse are frequently the scene of public auctions for foreclosed homes. Federal prosecutors have admitted that on at least 31 occasions in 2009 and 2010, FBI agents used concealed microphones to record auction participants as they spoke, often in hushed voices with partners, attorneys, and others. Because the federal agents didn't obtain a court order, the defense attorneys argue the bugging violated Constitutional protections against unreasonable searches and seizures. In a court brief filed Friday in the case, attorneys wrote: It bears repeating that this particular public place was immediately outside a courthouse. Defendants' expectation that discreet conversations outside a courthouse would remain private is surely one that society is prepared to recognize as reasonable. Private affairs are routinely discussed as citizens, their lawyers, and even judges walk to and from court, and lawyers often take clients aside outside the courthouse for privileged conversations. "Common experience" and "everyday expectations" teach that individuals frequently have private conversations near the courthouse despite the public's access to this location, and expect that such conversations are not subject to the type of dragnet electronic eavesdropping that took place in this case. According to the filing, agents planted eavesdropping devices in at least three locations: a metal sprinkler box attached to a wall near the courthouse entrance, a large planter box to the right of the courthouse entrance, and vehicles parked on the street in front of the courthouse entrance.

top

Your phone is listening-literally listening-to your TV (The Atlantic, 19 Nov 2015) - The TV is on in the background, and you're replying to a quick email on your phone nearby. You don't know it, but the devices are communicating. During a commercial, the TV emits an inaudible tone and your phone, which was listening for it, picks it up. Somewhere far away, a server makes a note: Both devices probably belong to you. This information about which devices belong to whom is immensely valuable to advertisers hoping to target ads specifically to you. In a simpler time, targeted marketing was easy. Most people had a computer at work and maybe another at home. If you sent an email about your new cat, ads for cat food started cropping up. If you searched for Thanksgiving recipes, Safeway coupons for turkeys appeared in your Facebook newsfeed. Those were good days for advertisers tracking Internet users. It wasn't so hard to find what people were up to online, because most routinely used just one or two connected devices. But now, between laptops, phones, tablets, wearables, and Internet-enabled cars and TVs, advertisers have access to more information than ever before for ad targeting. They just need to figure out which devices live under the same roof. According to a filing from the Center from Democracy and Technology, a digital human rights and privacy advocacy organization, companies have figured out how to use inaudible sounds to establish links between devices. Here's how software from SilverPush, a leading provider of "audio beacons," works: When you visit a website that uses SilverPush tracking technology, the site causes your device to emit an inaudible ultrasonic sound. If any other devices you've got lying around-a laptop, a phone, a tablet-has an app installed that includes SilverPush code, it's listening for that sound. If it hears it, SilverPush knows that the two devices are close to one another and, presumably, belong to the same person. More recently, SilverPush expanded into television advertising: Certain TV commercials include an ultrasonic audio beacon. Any nearby devices running SilverPush software will be listening for the beacon-if a device hears it, it records the match, allowing the company to figure out what ads users watch and for how long, and add that information to the user's profile.

top

NOTED PODCASTS/MOOCS

The Mozilla Delphi cybersecurity study: Towards a user centric cybersecurity policy agenda (Berkman, 29 Sept 2015; 70minutes) - Researcher Camille François leads a discussion of the " Mozilla Delphi Cybersecurity 1.0. Study: Towards A User Centric Policy Framework " with Berkman community members Josephine Wolff , Andy Ellis , and Bruce Schneier , who participated in the study. Camille worked for several months with the Mozilla Foundation to orchestrate the study and resulting report. The study used a modified version of the Delphi research technique. More than 30 leading cybersecurity experts from a wide variety of backgrounds - including academia, civil liberties, government and military, security, and technology - participated in the study. Using a pseudonymous format to encourage candid feedback and open dialogue on the issues, the study tackles the following questions: what is the role of policy in cybersecurity? How consensual is the definition of cybersecurity? What are the current priorities for cybersecurity policy? Which issues get too little or too much attention? What are measures that a diverse set of cybersecurity actors can agree on as being both feasible and desirable? The study produced a map of priorities, issues, and solutions for cybersecurity that highlights consensus and dissensus in the space. Join us to discuss the lessons learned in this process and the report's findings.

top

RESOURCES

Cell phone location tracking laws by state (ACLU, interactive map; Nov 2015) - The map below details the status of cell phone location tracking laws by state. Click on any highlighted state for more information * * *

top

Negotiating rights to use spatial data (MLPB, 16 Nov 2015) - Teresa Scassa, University of Ottawa, Common Law Section, is publishing Navigating Legal Rights in Spatial Media in Understanding Spatial Media (Kitchin, Lauriault, & Wilson, eds., Sage Publishing, 2016). Here is the abstract: The collection or generation of spatial data is often the result of a significant investment of time, money and labour. As a result, compilations of spatial data have been routinely treated as a form of property. The propertization of data allows an owner to construct fences around the data so as to exclude unauthorized uses. There have been significant debates over access to and use of spatial data resources, particularly those that are in the hands of governments. Many (though not all) governments assert intellectual property rights over their data, and do so as a means of control. The open data movement has pushed for a relinquishment of this control, and this has resulted in the release of government datasets under licenses that contain few if any restrictions. The rapidly evolving data landscape and the ways in which the data revolution is changing both the delivery of government services and the kind and quantity of data generated by these services are poised to transform how ownership of and access to data is negotiated between data owners and data users. In the context of public services, ownership and control issues will be complicated by the presence of private sector companies who partner in the collection and generation of data. This chapter considers the interrelationship between claims to property rights in data and rights to access and use that data in a rapidly changing data environment.

top

The "where" problem of territory, jurisdiction, and data in cyberspace (Lawfare, 9 Nov 2015) - Jennifer C. Daskal (Washington College of Law, American University) has a forthcoming paper in Yale Law Journal on the vexing question of territoriality and data ( current draft is available on SSRN.com ), "The Un-Territoriality of Data." This paper focuses on one important aspect of the "where" of electronic data given the nature of today's Internet technologies - the US Constitutional Fourth Amendment territoriality issues of search and seizure. Here is the SSRN abstract: Territoriality looms large in our jurisprudence, particularly as it relates to the government's authority to search and seize. Fourth Amendment rights turn on whether the search or seizure takes place territorially or extraterritorially; the government's surveillance authorities depend on whether the target is located within the United States or without; and courts' warrant jurisdiction extends, with limited exceptions, only to the border's edge. Yet the rise of electronic data challenges territoriality at its core. Territoriality, after all, depends on the ability to define the relevant "here" and "there," and it presumes that the "here" and "there" have normative significance. The ease and speed with which data travels across borders, the seemingly arbitrary paths it takes, and the physical disconnect between where data is stored and where it is accessed, critically test these foundational premises. Why should either privacy rights or government access to sought-after evidence depend on where a document is stored at any given moment? Conversely, why should State A be permitted to unilaterally access data located in State B, simply because technology allows it to do so, without regard to State B's rules governing law enforcement access to data held within its borders? This article tackles these challenges. It explores the unique features of data, and highlights the ways in which data undermines long-standing assumptions about the link between data location and the rights and obligations that ought to apply. Specifically, it argues that a territorial-based Fourth Amendment fails to adequately protect "the people" it is intended to cover. On the flip side, the article warns against the kind of unilateral, extraterritorial law enforcement that electronic data encourages - in which nations compel the production of data located anywhere around the globe, without regard to the sovereign interests of other nation-states.

top

"Information as Speech" and the First Amendment (MLPB, 17 Nov 2015) - Kyle Langvardt, University of Detroit Mercy School of Law, is publishing The Doctrinal Toll of 'Information as Speech' in volume 47 of the Loyola University Chicago Law Journal (2015). Here is the abstract: The courts over the past two decades have reached a near-consensus that computer code, along with virtually every flow of data on the Internet, is "speech" for First Amendment purposes. Today, newer information technologies such as 3D printing, synthetic biology, and digital currencies promise to remake whole other spheres of non-expressive economic activity in the Internet's image. The rush to claim First Amendment protections for these non-expressive but code-dependent technologies has already begun with a lawsuit claiming First Amendment privileges for the Internet distribution of 3D-printable guns. Many similar suits will surely follow, all pursuing the common dream of a future-shocked Lochner for a highly-informatized and thoroughly-deregulated economy. This Article argues that the theory of these lawsuits poses little genuine risk to the regulatory state. Instead, the threat is to the clarity and strength of core First Amendment principles. In theory, courts will test regulations of technologies such as digital currencies under the same strict standards that define mainstream First Amendment doctrine. But pragmatic concerns about the government's ability to regulate economic affairs will put pressure on the same courts to dilute those standards in practice. Over time, these diluted strains will find their way back to the mainstream of First Amendment litigation. The Article concludes with recommendations to mitigate the damage.

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

New rule says agencies must build cyber security into acquisition planning (SANS NewsBytes, 30 September 2005) As of September 30, 2005, contracting officers at federal agencies are required to incorporate cyber security requirements in their acquisition planning. The Federal Acquisitions Regulation Council issued an interim rule and will accept comments on the rule through November 29, 2005. The rule says that acquisition professionals must get advice from IT security specialists, requires contracting officers to abide by FIPS standards and to incorporate "appropriate agency security policy and requirements in IT acquisition."

top

Pentagon cut and paste (Asia Times, 5 May 2005) -- Talk about rebel technology: the Pentagon this week was not overwhelmed by a dirty bomb or a jet converted into a missile, but by a simple cut and paste job. Like anyone else, the Pentagon uses Adobe Acrobat. At first, the 42 pages of the report which would supposedly shed some light on the March 4 killing of Italian secret agent Nicola Calipari and the wounding of kidnapped journalist Giuliana Sgrena in Baghdad showed up on the Centcom website as a PDF file heavily censored with large sections blacked out - including the significant omission, among others, of the names of all the soldiers involved in the shooting, as well as entire pages. But because the Pentagon failed to save the file properly, all it took was for someone to cut and paste the document into a word-processing application to give Italy and the rest of the world access to the full, uncensored version.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. Steptoe & Johnson's E-Commerce Law Week

8. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

9. The Benton Foundation's Communications Headlines

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top