Saturday, January 31, 2015

MIRLN --- 11-31 January 2015 (v18.02)

MIRLN --- 11-31 January 2015 (v18.02) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

READER COMMENTS | NEWS | RESOURCES | DIFFERENT | LOOKING BACK | NOTES

READER COMMENTS

Apropos MIRLN 18.01's story "How IBM shrunk a complex contract down to 2 pages", see: IBM's 2-page cloud services agreement [found by MIRLN reader Prof. Jane Winn ]

- and -

Plenty of room for improvement: my critique of IBM's new two-page cloud-services contract (Ken Adams, 29 Dec 2015) - Assuming that you get rid of the dead wood, make appropriate trade-offs, and don't lose anything vital, shorter is good. Apparently the response has been positive. Indeed, the new contract resulted in IBM's being named a finalist in IACCM's Innovation Awards, in the operational improvement category. The article quotes the head of the IBM team as saying that the new contract uses "concise, plain language." Doubtless it's more concise and plainer than what came before, but there's plenty of room for improvement. How much room? [ Updated December 29, 2014: At the request of @tieguy , I created PDFs that includes all the comments. Go here for a PDF with the comments on separate pages; go here for a PDF with connector lines between the comments and the related text, but with smaller text as a result.] Go here to see my annotated PDF. Thanks to dozens of comments, it's awash with fluorescence. (To read my comments, you'll have to download the PDF and open it with whatever PDF-reading software you prefer. In the comments, "MSCD" refers to the third edition of A Manual of Style for Contract Drafting .) [spotted by MIRLN reader Bob Rath .]

top

NEWS

The sneakiest way prosecutors get a guilty verdict: PowerPoint (Wired, 23 Dec 2014) - In Washington state earlier this month, an appeals court threw out a murder conviction based on shoddy work by the defense. But the court also took the prosecutor to task for something even stranger: a bad PowerPoint presentation. The prosecutor had dressed up her closing argument to the jury with a series of slides, complete with "sound effects and animation," the appellate court wrote. On one slide, footprints materialized across the bottom of the screen. Other slides exhibited "concentric rings of a target," with each ring corresponding to an item of evidence; the defendant's name, Sergey Fedoruk, was in the bull's-eye. The prosecution's final slide, the pièce de résistance, opened with a header that said "Murder 2." Then, under the header, a single word flashed, in all capital letters, in 96-point red type: GUILTY. As the word flashed, the prosecutor told the jury: "The defendant is guilty, guilty, guilty." At least 10 times in the last two years, US courts have reversed a criminal conviction because prosecutors violated the rules of fair argument with PowerPoint. In even more cases, an appellate court has taken note of such misconduct while upholding the conviction anyway or while reversing on other grounds (as in the case of Sergey Fedoruk). Legal watchdogs have long asserted that prosecutors have plenty of ways to quietly put their thumb on the scales of justice -such as concealing exculpatory evidence, eliminating jury-pool members based on race, and so on. Now they can add another category: prosecution by PowerPoint. "It's the classic 'A picture is worth a thousand words,'" said Eric Broman, a Seattle attorney who focuses on criminal appeals. "Until the courts say where the boundaries are, prosecutors will continue to test the boundaries."

top

Ex-Microsoft Bug Bounty dev forced to decrypt laptop for Paris airport official (The Register, 6 Jan 2015) - Paris airport security went one step further than simply asking a security expert to power up her laptop - they requested she type in her password to decrypt her hard drive and log into the machine. Katie Moussouris, chief policy officer at HackerOne, and best known as the woman behind Microsoft's Bug Bounty Program, was en route back to the US from the CCC hacking conference. She complied with the request in order not to miss her flight. The computer never left her possession and the security agent never fully explained the request, according to Moussouris, and there's no question that HackerOne customers' vulnerability reports were exposed - no exploits were stored on the device. Nonetheless, the incident at Charles de Gaulle airport has sparked a lively debate among privacy and security advocates. Moussouris has put together a blog post explaining her experience: * * *

top

FCC launches its own probe into AT&T's throttling practices (GigaOM, 9 Jan 2015) - The Federal Communications Commission is investigating whether AT&T misled its customers over its throttling policies, which restrict network speeds on unlimited data customers after they've hit a certain threshold each month. The Federal Trade Commission also filed a lawsuit against AT&T over the practice in October, but of the two agencies, it seems Ma Bell would prefer that the FCC do the investigating. AT&T disclosed the FCC probe in a motion to the dismiss the FTC's lawsuit (first spotted by Ars Technica ). AT&T argued that it's not subject to the FTC's jurisdiction because of its "common carrier" status as a regulated phone service provider. That jurisdiction lies with the FCC, which has launched its own investigation, AT&T claimed. "The FTC seeks to litigate the very same issues in an inappropriate parallel proceeding," AT&T said in the motion to dismiss file this week . But how safe AT&T would be under the FCC's eye remains to be seen. FCC Chairman Tom Wheeler has come down hard on the carriers over their throttling practices . And AT&T may be taking a risk by arguing its common carrier status. Currently, mobile broadband isn't considered a common carrier service the same way regular telephone networks are considered utilities, but the Obama administration wants data services to be reclassified to make the internet neutral ground for all web services. Wheeler has said he will bring a net neutrality proposal to a vote on February 26.

top

Hackers release Swiss bank data over $12k unpaid ransom (Bloomberg, 9 Jan 2015) - A hacking group leaked identifying details about 30,000 clients of a small Swiss bank, after Banque Cantonale de Geneve declined the group's request to pay a ransom. The hackers' asking price for continued privacy: Ten. thousand. euros. The hack and its seemingly small-scale demand -- $12,000 at current exchange rates -- speak to the prevalence and ease of a rapidly growing extortion industry that deals in stolen or hijacked data.

top

What it means when law firms and startups give away legal documents (TechCrunch, 10 Jan 2015) - Over the past five years, law firms in Silicon Valley, New York and Boston have put online - for free - the documents that startups need to execute basic legal transactions. New sites, Cooley GO and WHLaunch , join first-movers Founders' Workbench and Start-Up Forms Library , to enable entrepreneurs to incorporate their company, secure early-stage financing, hire employees and compensate them with stock options. SeriesSeed.com has emerged as an industry standard for documenting seed investments, and StartupCompanyLawyer.com offers answers to over 100 frequently asked questions, along with a term-sheet generator. But as big law firms mimic their small clients' "freemium" business development model, they face increasing competition from startup companies seeking to disrupt the legal industry. I interviewed several lawyers working on these sites, founders of two startups in the legal space, and a law professor surveying the changing landscape. They reflected on the evolving business of law, how startups consume legal products, and what it all means for law firms and the emerging companies they serve. * * *

top

Non Practicing Entities in Europe (Patently-O, 11 Jan 2015) - Non practicing entities (NPEs) are a familiar part of the IP landscape in Europe, just as they are in the US. However, NPE activity has historically been lower in Europe. This article analyses the present situation in Europe compared to the US. In addition, we analyse how NPE activity might develop in Europe with the anticipated arrival of the Unified Patents Court (UPC). There are various factors in a patent system that might influence or encourage activity by a NPE. A non-exhaustive list of possible factors is outlined below, and Europe is compared against the US * * *

top

Why tort liability for data breaches won't improve cybersecurity (Stewart Baker on Volokh Conspiracy, 11 Jan 2015) - Government policymakers have been hoping for twenty years that companies will be driven to good cybersecurity by the threat of tort liability. That hope is understandable. Tort liability would allow government to get the benefit of regulating cybersecurity without taking heat for imposing restrictions directly on the digital economy. Those who see tort law as a cybersecurity savior are now getting their day in court. Literally. Mandatory data breach notices have led, inevitably, to data breach class actions. And the class actions have led to settlements. And those freely negotiated deals set what might be called a market price for data breach liability, a price that can be used to decide how much money a company ought to spend on security. So, how much incentive for better security comes from the threat of data breach liability? Some, but not much. As I've been saying for a while, the actual damages from data breaches are pretty modest in dollar terms, and the pattern of losses makes it very hard to sustain a single class, something that forces up the cost of litigation for the plaintiffs. You can see this pattern in recent data breach settlements. I put this chart together for a talk on the subject at the Center for Strategic and International Studies. While the settlements below all have complications (Sony's settlement was mostly in free game play, for example), they all cap the defendants' total liability. And what's striking about the caps is how low a price these agreements set, especially on an individual basis, where $2.50 per victim looks to set the high end and 50 cents the low. Of course, to determine how much you spend annually to avoid that liability, a company would have to discount the settlement price by the probability of a breach in any given year. Even Sony doesn't have a breach every year, so a probability adjustment cuts the value of avoiding liability to something between a half and a tenth. At those prices, I wouldn't expect much change in corporate cybersecurity budgets.

top

- and -

Cyber in top 5 business risks (Intelligent Insurer, 14 Jan 2015) - The risk of cyber crime and IT failures has continued its rapid rise, moving into the top five business risks globally for the first time. This is according to Allianz's risk barometer, which added that in Germany, the UK and the US cyber risks are among the top three corporate risks. Globally, cyber crime was ranked as the eighth business risk in 2014 and 15th in 2013.

top

- and -

Here's how insurance will respond to the Sony cyber hack (Insurance Business, 14 Jan 2015) - The Sony Pictures cyber attack of seven weeks ago represented a game-changer in the recent string of data breaches that have plagued high-profile companies like Target, Home Depot and Dairy Queen. With repercussions ranging from entertainment industry rumors to potential matters of national security, the breach was a strong reminder of just what's at risk when hackers attack. It was also a test of the strength of cyber liability insurance. Though cyber insurance products have been circulating since the mid-1990s, industry analysts have expressed concern that low levels of loss data and widespread appetite for the risk may lead to insufficient pricing. And in the wake of a particularly large event-like the Sony hack-would policy limits be enough? In this case, the answer appears to be yes. Sony Pictures CEO Michael Lynton revealed this week that the cyber attack would be completely covered by insurance and will not mean any more cost-cutting for the company. "I would say the cost is far less than anything anybody is imagining and certainly shouldn't be anything that is disruptive to our budget," Lynton told Reuters. Though declining to reveal the exact cost of the breach, he confirmed it is "well within the bounds of insurance." The attack reached into huge amounts of data, including email, sensitive employee data and pirated copies of new movies, and famously limited the release of the comedy "The Interview"-which depicts the assassination of North Korean leader Kim Jong-Un-to independent theaters and video-on-demand services. All told, some experts have put the cost of the breach at $100 million. That figure could include computer repair or replacements, lost productivity and any steps taken to improve security and prevent a future attack. According to Lynton, cyber insurance will cover all such expenses.

top

- and -

Treasury official advocates for cyber insurance (Manatt, 15 Jan 2015) - Reflecting the continued regulatory focus on cyber risks, Deputy Secretary of the Treasury Sarah Raskin has some advice for banks: buy cyber insurance. Speaking at the Texas Bankers' Association Executive Leadership Cybersecurity Conference, Raskin said the lesson from recent high-profile data breaches (including JPMorgan Chase's 83 million hacked records) should be consideration of cyber risk insurance. In addition to the financial recovery the insurance can provide, the underwriting process itself can help financial institutions more adequately assess their risk level and cybersecurity controls, she said. Focusing her remarks on the cybersecurity of the nation's banks, Raskin first explained the mission of the U.S. Department of the Treasury: "Our ultimate goal is to instill confidence and show that the government - working in appropriate collaboration with the private sector - is defending the American public from damage caused by cyber attacks." To that end, Raskin provided a checklist with ten questions for CEOs, with concrete steps for banks to take before an attack occurs. The road map began with some baseline protections intended to prevent penetration of networks and systems as well as limit damage in the event of unauthorized access.

top

NJ law requires insurers to encrypt (Gov Info Security, 12 Jan 2015) - A New Jersey law that will go into effect in July requires health insurers in the state to encrypt personal information that they store in their computers - a stronger requirement than what's included in HIPAA. The new law, signed by N.J. governor Chris Christie last week, was triggered by a number of health data breaches in the state, including the 2013 Horizon Blue Cross Blue Shield of New Jersey breach affecting 840,000 individuals. That breach involved the theft of two unencrypted laptops. The new law states: "Health insurance carriers shall not compile or maintain computerized records that include personal information, unless that information is secured by encryption or by any other method or technology rendering the information unreadable, undecipherable, or otherwise unusable by an unauthorized person.

top

First day of class for hybrid JD (InsideHigherEd, 13 Jan 2015) - William Mitchell College of Law's hybrid J.D. program -- the first of its kind to be approved by the American Bar Association -- launched on Monday with 85 students. The four-year program blends online courses with nine scheduled campus visits and externships in the students' communities. The college also offers a traditional J.D. program. "The aspiring lawyers are medical doctors, college professors, bankers, baggage handlers, mothers and fathers, from 31 states and two countries," the college said in a press release. "They range in age from 22 to 67. At least 35 have advanced degrees -- including 14 M.B.A. degrees, five medical doctors and five Ph.D. degrees. Forty-five percent of the students are women and 19 percent are people of color."

top

Johnson & Johnson will make clinical data available to outside researchers (NYT, 15 Jan 2015) - The health care giant Johnson & Johnson has agreed to make detailed clinical trial data on its medical devices and diagnostic tests available to outside researchers through a collaboration with Yale University , making it the first large device manufacturer to systematically make such data public. The announcement came on the same day that the Institute of Medicine, of the National Academy of Sciences, called on all sponsors of clinical trials to share detailed study data with outside researchers and recommended that such data be made available within 30 days of a product's approval. The dual developments are part of a broader shift toward making clinical trial data more publicly available and follows years in which the industry resisted calls to share its research with outsiders, claiming such moves would expose trade secrets and violate patient privacy. Medtronic , another large device maker, had previously allowed Yale to evaluate data on a controversial spinal treatment, but the agreement with Johnson & Johnson is the first time a device manufacturer has made data available in a systematic way. "I think what's remarkable is that we are now seeing very basic principles of the responsible conduct of research - which should best serve society - becoming mainstream by a whole range of organizations, including industry," said Dr. Harlan M. Krumholz, a longtime advocate for data transparency who is director of the Yale University Open Data Access project, which is overseeing the Johnson & Johnson collaboration. In a policy that takes effect this year, the European Medicines Agency, which oversees drug approvals in Europe, will publish detailed study data for every newly approved drug, and the American and European pharmaceutical trade groups have issued policies favoring data sharing. But adoption by individual companies has been sporadic, and their policies on making their data public vary widely.

top

Wolfram|Alpha iOS app is a Swiss Army Knife for lawyers (Robert Ambrogi, 15 Jan 2015) - If ever there was a Swiss Army knife of an app for lawyers, it is the Wolfram Lawyer's Professional Assistant . This multi-function app for iPad and iPhone can perform calendar computations, fee calculations, settlement calculations, interest-rate calculations and more. Use it to research historical weather information or population demographics. Look up legal terms and statutes of limitation. The list of what it can do goes on. * * * [ Polley : NO! - I usually like Ambrogi's postings and have trusted his recommendations. If you trust mine, don't waste your time/$ on this app.]

top

California Bar offers a reason to keep your website and blog separate (MyShingle, 16 Jan 2015) - Should a law firm blog be incorporated into a website or function as a freestanding entity? That's a question that's been asked almost since the beginning of time, with at least two experts - Sam Glover and Kevin O'Keefe endorsing separation for a variety of different reasons. But now, a recent California ethics decision offers yet another reason for lawyers to maintain their blog's independence. The California decision addresses whether blogs constitute advertising, and analyzes a couple of different fact patterns. The California bar concludes that a freestanding blog offering informational or educational materials that is free standing, intended to enhance the lawyer's education in the community and doesn't include any "call us now for help" solicitations is not subject to bar advertising rules. By contrast, that same blog, if included as part of a law firm website would be deemed advertising essentially be association and subject to the same regulations as the parent site.

top

Need some espionage done? Hackers are for hire online (NYT, 16 Jan 2015) - A man in Sweden says he will pay up to $2,000 to anyone who can break into his landlord's website. A woman in California says she will pay $500 for someone to hack into her boyfriend's Facebook and Gmail accounts to see if he is cheating on her. The business of hacking is no longer just the domain of intelligence agencies, international criminal gangs, shadowy political operatives and disgruntled "hacktivists" taking aim at big targets. Rather, it is an increasingly personal enterprise. At a time when huge stealth attacks on companies like Sony Pictures, JPMorgan Chase and Home Depot attract attention, less noticed is a growing cottage industry of ordinary people hiring hackers for much smaller acts of espionage. A new website, called Hacker's List, seeks to match hackers with people looking to gain access to email accounts, take down unflattering photos from a website or gain access to a company's database. In less than three months of operation, over 500 hacking jobs have been put out to bid on the site, with hackers vying for the right to do the dirty work. It is done anonymously, with the website's operator collecting a fee on each completed assignment. The site offers to hold a customer's payment in escrow until the task is completed. In light of the novelty of the site, it's hard to say whether it violates any laws. Arguably some of the jobs being sought on Hacker's List - breaking into another person's email account - are not legal. The founders of Hacker's List, however, contend that they are insulated from any legal liability because they neither endorse nor condone illegal activities. The website includes a 10-page terms and conditions section to which all users must agree. It specifically forbids using "the service for any illegal purposes." Some experts say it is not clear whether Hacker's List is doing anything wrong in serving as a meeting ground for hackers and those seeking to employ them. The website, which is registered in New Zealand, is modeled after several online businesses in which companies seeking freelancers can put projects out to bid. Some have compared the service to a hacker's version of the classified advertising website Craigslist. Hacker's List even has a Twitter account (@hackerslist), where it announces the posting of new hacking assignments. Still, the three founders of Hacker's List are not willing to go public with their own identities - at least not yet.

top

Google goes public with more Windows bugs (Computerworld, 16 Jan 2015) - Google this week let fly two new disclosures of Windows vulnerabilities before Microsoft was able to patch them, marking the third and fourth times it's done so in the past 17 days. The bugs were revealed Wednesday and Thursday on Google's Project Zero tracker. The more serious of the two allows an attacker to impersonate an authorized user, and then decrypt or encrypt data on a Windows 7 or Windows 8.1 device. Google reported that bug to Microsoft on Oct. 17, 2014, and made some background information and a proof-of-concept exploit public on Thursday. Project Zero is composed of several Google security engineers who investigate not only the company's own software, but that of other vendors as well. After reporting a flaw, Project Zero starts a 90-day clock, then automatically publicly posts details and sample attack code if the bug has not been patched. The team's previous disclosures of Windows bugs -- one on Dec. 29, 2014, the second on Jan. 11, 2015 -- led Microsoft to blast Google for putting its Windows customers at risk because neither vulnerability had been patched by the deadlines.

top

US Drug Enforcement Agency halts huge secret data program (Reuters, 16 Jan 2015) - The U.S. Drug Enforcement Administration has halted a secret, nearly 15-year program that collected virtually all data on international calls between the United States and certain countries, according to documents and officials familiar with the matter. The sweeping bulk DEA database program was stopped in September 2013, shortly after elements were revealed by Reuters and then The New York Times, according to a redacted court filing made public on Thursday and U.S. officials. The program, run by DEA's Special Operations Division, collected international U.S. phone records to create a database primarily used for domestic criminal cases - not national security investigations, according to records and sources involved. DEA shared this information with other law enforcement agencies, including the FBI, IRS, Homeland Security, and intelligence agencies, according to records reviewed by Reuters. "The American people deserve to know that the DEA engaged in the bulk collection of their international phone records in routine criminal investigations without judicial review," said Democratic Senator Patrick Leahy, who had urged the DEA to end the program. A Justice Department spokesman said on Friday that the DEA no longer collects the data and that "all of the information has been deleted." Two people briefed on the DEA program said that it began in the late 1990s. Records show it involved the use of administrative subpoenas, which can be issued by federal agents - rather than grand jury subpoenas, which must be approved by prosecutors, or search warrants, which must be approved by a federal judge. The court document made public on Thursday was an affidavit by a DEA official in an export violations case against Shantia Hassanshani, arrested in Los Angeles in 2013. In that case, DEA officials linked a phone number in Iran to a Google Voice number assigned to Hassanshani. His lawyer was not available for comment.

top

- and -

License plate data lets cops spy on US drivers at record rates (GigaOM, 27 Jan 2015) - A new investigation shows the scale of surveillance on U.S. highways is more extensive than many previously imagined, thanks to a license plate database that allows federal and local law enforcement to watch cars and even drivers in real time. According to documents reviewed by the Wall Street Journal , the database was created by the Drug Enforcement Agency to track cartel activity, but it soon came to comprise millions of records that are regularly shared with police forces across the country: The Justice Department has been building a national database to track in real time the movement of vehicles around the U.S., a secret domestic intelligence-gathering program that scans and stores hundreds of millions of records about motorists […] The DEA program collects data about vehicle movements, including time, direction and location, from high-tech cameras placed strategically on major highways. Many devices also record visual images of drivers and passengers, which are sometimes clear enough for investigators to confirm identities. The database was created to help the DEA carry out civil forfeitures , a controversial practice that involves taking cash, vehicles and property from individuals suspected of ties to drug-related activity without basic due process. But soon all sorts of state and local law enforcement groups joined into the effort, tapping into the database for a wide variety of purposes, according to the Journal.

top

- and -

Surveillance and the chilling effect on speech (MLPB, 28 Jan 2015) - Margot E. Kaminski, Ohio State University Law School & Yale University Law School, and Shane Witnov, University of California, Berkeley, School of Law, have published The Conforming Effect: First Amendment Implications of Surveillance, Beyond Chilling Speech in volume 49 of the University of Richmond Law Review (2015). Here is the abstract: First Amendment jurisprudence is wary not only of direct bans on speech, but of the chilling effect. A growing number of scholars have suggested that chilling arises from more than just a threat of overbroad enforcement - surveillance has a chilling effect on both speech and intellectual inquiries. Surveillance of intellectual habits, these scholars suggest, implicates First Amendment values. However, courts and legislatures have been divided in their understanding of the extent to which surveillance chills speech and thus causes First Amendment harms. This article brings First Amendment theory into conversation with social psychology to show that not only is there empirical support for the idea that surveillance chills speech, but surveillance has additional consequences that implicate multiple theories of the First Amendment. We call these consequences "the conforming effect." Surveillance causes individuals to conform their behavior to perceived group norms, even when they are unaware that they are conforming. Under multiple theories of the First Amendment - the marketplace of ideas, democratic self-governance, autonomy theory, and cultural democracy - these studies suggest that surveillance's effects on speech are broad. Courts and legislatures should keep these effects in mind.

top

Google is now a more trusted source of news than the websites it aggregates (Quartz, 20 Jan 2015) - Here is some sobering news for anyone in the journalism industry: Online search engines have overtaken traditional media as the most trusted source for general news and information, according to a global survey of 27,000 people by Edelman, a public relations firm. The trust gap between traditional media and search engines is even more pronounced among millennials. The biggest search engine is, of course, Google. And the striking thing is that Google does not actually report on anything, but instead serves up links to stories on a mix of other sites that users, apparently, trust less than the aggregator itself. The search engine also serves, for better or worse, as the simplest and quickest way to find most things online, including news. (Yahoo, its smaller rival, has been getting into direct content creation, including news.) Getting an at-a-glance look at a wide range of stories deemed relevant by a search-engine algorithm-be they from traditional news outlets, blogs, advertisements, and much else besides-is more comforting to the curious reader, it seems, than simply pulling up a single news outlet's site (or indeed picking up a newspaper or turning on the TV). Perhaps more reassuring, from the journalist's perspective, is that traditional media are still more trusted than the flotsam and jetsam on social media, according to the study, although faith in the latter is rising quickly. At the same time, big social media sites like Facebook are becoming increasingly important sources of referral traffic for traditional media sites. So the lines are increasingly blurry there as well.

top

Every Khan Academy course is now available on the iPad for the first time (The Verge, 20 Jan 2015) - Two technology trends are inescapable: people want to do everything online, and they want to do those things on a mobile device. Education and learning are no exception - online universities and other teaching aids have proliferated in the last decade, and tablets like the iPad have often been lauded as highly useful (albeit expensive) teaching tools. Not-for-profit organization Khan Academy has the first part of that equation down - it was started in 2008 to provide learning tools, videos, and exercises to anyone who wanted them, for free. And while Khan Academy has had an iOS app since 2012, it has typically not offered the full experience found on its website. All of its videos were available, but none of its thousands of training exercises were offered to iOS users. That all changes today with the introduction of a completely redesigned app for the iPad - now, everything that lives on the site is also available to iPad users. That includes some 150,000 learning exercises, content that product director Matt Wahl said was "where the majority of people spend their time on Khan Academy today." Rather than just port all of the exercises to the app, Khan Academy took the time to add some iPad-specific features to make the experience fit the platform better. When looking at a demo for some geometry questions, Wahl showed me how you could touch and manipulate geometric figures to help answer the questions. Another math-specific feature coming to the iPad app is the so-called "friendly guide." The guide analyzes the questions you answer correctly and incorrectly as well as how long it takes you to answer and then suggests other exercises that'll help you in areas you're not as strong with. And all your progress now gets synced back and forth between the iPad and the desktop, as long as you log in with a Khan Academy account.

top

HarvardX for alumni (InsideHigherEd, 21 Jan 2015) - In the spring of 2014 HarvardX and the Harvard Alumni Association launched HarvardX for Alumni . If HarvardX is new to you, as it was to many of our alumni, it is a University-wide strategic initiative to enable our faculty to build and create online learning experiences that would also transform residential learning and enable groundbreaking research in online pedagogies. Much of the HarvardX online offerings are distributed by edX , the Harvard and MIT founded MOOC platform. Why should the rich community of learning that so many alumni cherish end with graduation? Indeed, this was an opportunity to redefine the idea of life-long learning as a life-long relationship with Harvard. To meet his vision, the resulting HarvardX for Alumni, a 4-month 'beta' that blended online and in-person experiences, took advantage of new learning technologies to engage alumni who wanted to keep on learning---together---thereby growing and evolving their personal networks. Over this past summer we had the time to crunch the data, reflect, and share our observations on the experimental endeavor. With nearly 15,000 alumni (over 20,000 when guests are included) registrations via Harvard's alumni website and over 10,000 (12,000 with guests) completed enrollments (those who went on to take the course) on the edX platform, HarvardX for Alumni is one of the largest centralized Harvard alumni programs, in terms of participation, to date. Moreover, in addition to the online elements, HarvardX for Alumni also took advantage of the Harvard club network (essentially facilitating meet-ups so alumni could watch and discuss courses together in real time) and sent the faculty involved to select clubs for in-person talks. This first expression of the program was an important experiment: we presented it to our alumni, clubs, and internal stakeholders as a way to explore, together, how to think about digital engagement. * * *

top

European law gives a more expansive reading, alas, to jurisdiction over Internet activities (David Post on Volokh Conspiracy, 22 Jan 2015) - A few days ago I noted a recent California Court of Appeal ruling holding that an Internet posting (on a Facebook page, in that instance) that was accessible in California and caused harm to California residents was not a sufficient basis for finding that the defendant was subject to the personal jurisdiction of the California courts. As I pointed out, this ruling continued a trend in US courts rejecting the more expansive "effects test" for personal jurisdiction - a test that in my view is a "a wildly inappropriate doctrine for the Internet Age; if you're subject to jurisdiction where the "effects" of your actions or communications are felt, then given that the "effects" of communications over the Internet can plausibly be felt everywhere and anywhere, simultaneously and instantaneously, the [effects test] has the potential to nullify any and all limits on personal jurisdiction and subject everyone to jurisdiction everywhere - not a reasonable outcome." Interestingly, along comes the European Court of Justice with a ruling endorsing (at least in the copyright context) this very test (and, therefore, that unreasonable outcome). [The opinion in the case, Hejduk v EnergieAgentur.NRW GmbH, is available here; people unfamiliar with reading CJEU decisions might find Martin Husovec's excellent summary write-up easier to digest and understand]. In short, because the allegedly infringing content was available on a website that was accessible in Austria (the plaintiff's country of residence, and the location of the court in which she sued), the damage occurred in Austria, and jurisdiction over the action is proper in Austria. The "targeting" or "purposeful availment" requirement that is so central to U.S. law before a court can find jurisdiction doesn't apply: * * *

top

Amazon announces self-publishing program for education (InsideHigherEd, 24 Jan 2015) - Retail giant Amazon wants to attract more academics to self-publish their textbooks through the Kindle Direct Publishing (KDP) program, and on Thursday, the company announced KDP EDU , a division of that program focused on education. Scholars who choose to self-publish through the program can use Amazon's software, called the Kindle Textbook Creator, to convert their work into files readable on the Kindle app, which is available on most smartphones, tablet and computers. The app enables students to highlight text, add notes and quickly look up dictionary definitions within their textbooks.

top

How to subpoena information from Facebook and other social networks (Lawyerist, 26 Jan 2015) - So is social media information accessible via civil subpoena? Who knows. Courts are all over the place with it. That said, Keith Lee reviews the relevant law and links to subpoena information for all the popular social networks in his "Social Media Subpoena Guide, 2015 Edition."

top

Privacy and data security moving up on the list of issues in M&A transactions (Inside Counsel, 27 Jan 2015) - Privacy and data security issues do not yet loom large on M&A parties' radar screens, but the regulatory environment and customers might soon change that. About two-thirds of the respondents in Dykema's 10th annual M&A survey said that cybersecurity ranks about the same this year in terms of their due diligence focus, but the other third is paying more attention this year than last.

The field is broad and the environment is changing, so M&A professionals could be forgiven for wondering which issues should be on their radar. Here are some issues that often escape attention but can be major problems if not addressed early and well. * * * [ Polley : The ABA's Cyberspace Law Committee is working on a comprehensive M&A cybersecurity guide, at DHS's invitation. For more info, or to get involved, contact Roland Trope .]

top

Drone maker updates firmware on all drones to stop any flights in DC (Techdirt, 29 Jan 2015) - You may have heard the news recently about how a drunk employee of the National Geospatial-Intelligence Agency (can't make this crap up) accidentally flew a DJI Phantom II drone onto White House property, leading to a general collective freakout over the security implications of these personal helicopters. In response to this, President Obama has called for more drone regulations -- which may or may not make sense -- but it needs to be remembered that the FAA has been refusing to actually release any rules for quite some time. But beyond the call for regulations, the drone's maker, DJI has decided to do a little self-regulation in the form of automatically pushing out some new firmware that blocks the drone from flying in downtown DC: "The updated firmware (V3.10) will be released in coming days and adds a No-Fly Zone centered on downtown Washington, DC and extends for a 25 kilometer (15.5 mile) radius in all directions. Phantom pilots in this area will not be able to take off from or fly into this airspace."

top

Law firm founds project to fight revenge porn (NYT, 29 Jan 2015) - A California law student and a Virginia man dated for about six months after meeting through an online dating service. The fallout from the breakup, however, has gone on far longer, as the former boyfriend faces federal criminal charges over posting nude selfies and a sexually explicit video of the woman on pornographic websites. Now the former boyfriend has a new problem: A big law firm recently has come to the law student's aid and is suing him in federal court in Los Angeles. The woman's lawsuit , filed under a pseudonym to protect her privacy, seeks damages for violating United States copyright law by posting the video and photos without her permission and also causing her emotional distress. The lawsuit reflects a battle line that is being drawn in an age when it is not uncommon for couples to share nude photos digitally, and just as easy for a jilted lover to find a pornographic website willing to post them online. The litigation is the handiwork of a new initiative by K&L Gates, a Pittsburgh-based law firm. Begun in late September, its Cyber Civil Rights Legal Project has roughly 50 lawyers at the firm volunteering their time. The "Jane Doe" complaint filed on behalf of the law student is among the first lawsuits filed by the K&L clinic, which is working with about 100 victims of "revenge porn," a type of online harassment that involves the non-consensual posting of sexually explicit material - often involving a former girlfriend or a spouse. The program is believed to be the first of its kind at a major United States law firm and is led by David A. Bateman, a partner in the firm's Seattle office, and Elisa J. D'Amico, a litigator in the firm's Miami office. Most of its clients come through the program's website or referrals from two national advocacy groups for victims of revenge porn, the Cyber Civil Rights Initiative and Without My Consent.

top

New web service serves as 'ethics ER' for lawyers (Robert Ambrogi, 29 Jan 2015) - A former American Bar Association ethics lawyer has launched a web service that serves as an "emergency room" for lawyers who need immediate assistance with legal ethics issues. The site, ER for Lawyers , provides ethics research to lawyers nationwide. The site's founder, Kathryn A. Thompson, is an Illinois lawyer who formerly served eight years as ETHICSearch counsel for the ABA's Center for Professional Responsibility . There, she fielded ethics hotline inquiries from lawyers, judges and other legal professionals. The site is the first-ever privately operated nationwide ethics research service for attorneys, Thompson says. Lawyers can use ER for Lawyers to request research on any topic related to legal ethics and professional responsibility. Thompson will research the issue and provide a memo reporting her conclusions (for a fee, of course). Thompson is careful to say that she does not provide legal advice, only research: ER for Lawyers assists attorneys in identifying and researching the ethics issues relevant to their particular fact pattern. Our work product is intended to provide a form of self-help to lawyers and does not advocate a particular course of conduct. Thus, ER for Lawyers does not advise attorneys regarding the use or legal effect of the research, recommend a specific course of action to follow or express an opinion on whether a lawyer's described or alleged conduct constitutes a violation of a state's rules of professional conduct. If that paragraph sounds as if it was written by an ethics lawyer, then I suppose that's a good thing in this context. The site goes on to suggest that lawyers consider retaining legal counsel in their jurisdiction if they find themselves "unable to understand, assimilate or apply the information set forth in the research report."

top

RESOURCES

ICYMI: Casetext - free legal research and online lawyer community (JurisPage, 26 Nov 2014) - In the past we've reviewed free legal research tools like Google Scholar . Upon the launch of Google Scholar, many attorneys (myself included) thought it would be an amazing free resource that could potentially diminish Westlaw and Lexis' stranglehold on the legal research market. But Google Scholar never added the headnotes / Shepardizing features that Westlaw and Lexis Nexis have that make them so valuable. The manpower that Westlaw and Lexis have, with its army of legal research slaves, is far superior to the un-annotated case text of Scholar. And though Scholar is free, sifting through cases to find relevant points of law is just not an efficient use of time. People pay Westlaw and Lexis because they make finding the right case easy. So is there a free, good-quality legal research source out there that has a library of annotations and a large case database? Yep. It's called Casetext. Casetext is a legal research platform and online community with over five million cases, an ever-expanding library of case briefs, and a very large, active user community. Casetext is a legal research resource that provides case summaries, key facts of each case, annotations provided by its crowdsourced community of over 200,000 visitors each month (think Wikipedia for case law), and advanced search tools. Oh yeah, and it's free. "Our goal is to make all the world's laws free and understandable," said co-founder Jake Heller. They're on their way - Casetext has nearly all federal cases, and many state law cases free for the public and searchable through an open legal research database. Although PACER should have done this, Casetext is actually making it happen. [ Polley : MIRLN will be integrated in Casetext.]

top

Teaching with technology (InsideHigherEd, 28 Jan 2015) - Inside Higher Ed is pleased to release Teaching With Technology , our latest compilation of articles. The booklet is free and you may download a copy here . And you may sign up here for a free webinar on Feb. 17 at 2 p.m. Eastern about the themes of the booklet. From the booklet: The use of technology to deliver instruction is an idea whose time has come - though the extent of its use varies greatly. At some institutions, professors do little more than use learning management systems to record attendance and grades and to communicate with students. At the other end of the scale, millions of students study entirely online. For the great middle, though, professors are increasingly using their LMS and other technology tools to do things that don't simply replace paperwork. They are bringing together students from across the country or around the world. They are "flipping the classroom" and using class time for group work or student presentations, rather than for lecture. They are using simulations, videos and an ever-growing list of tools. And they are doing so in courses that are entirely online, entirely in person and in hybrid formats. As students, faculty members, and institutions evaluate various approaches to teaching with technology, tough questions are being asked about effectiveness. Not only do colleges look for efficiencies and cost savings, but they want to see demonstrable impact on retention and completion rates. With colleges facing more and more pressure on those statistics, choices about technology strategies matter more than ever.
The articles in this compilation show a range of strategies used by very different kinds of institutions, and with varying degrees of success. There are no silver bullets, but there are lots of promising experiments. Inside Higher Ed will continue to track these issues and we welcome your reactions to these articles and your suggestions for other areas of coverage.

top

DIFFERENT

Giving away 'The Story of Civilization' (InsideHigherEd, 19 Jan 2015) - This weekend I gave away The Story of Civilization. These books have followed me over 3 states, 4 moves, and the raising of 2 children. Every year I mean to crack into the 11 volume set. Each year I failed. I had purchased the full series at a used bookstore (for maybe $100 bucks) back in 1997, and it has sat on my bookshelf ever since. [ Polley : I've read 9.5 of the 11 volume set, making steady progress. Beautiful prose, with wit, erudition, and humor.]

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Google finds its map service (CNET, 8 Feb 2005) -- In its latest play in the ongoing search wars, Google on Tuesday quietly launched a beta site for a new map service. Google Maps offers maps, driving directions and the ability to search for local businesses. The search giant appears to be working with TeleAtlas for the mapping products. Neither Google nor TeleAtlas could be reached for comment. The service offers a few tweaks to standard mapping products. Someone using the service can click and drag the maps, instead of having to click and reload, for example, and magnified views of specific spots pop up in bubbles. The new map service supports Internet Explorer and Mozilla browsers. It covers the United States, Puerto Rico and parts of Canada. The ongoing search battles between Google and companies like Yahoo and Microsoft have led to new features and enhancements coming out almost weekly. Localization and mapping products have been a particular focus because they're popular with advertisers. Even Amazon.com has gotten into the game, offering a service through its A9.com search unit that shows digital photos of storefronts in its U.S. business listings.

top

U.S. agencies earn d-plus on computer security (SiliconValley.com, 16 Feb 2005) -- The overall security of computer systems inside the largest U.S. government agencies improved marginally since last year but still merits only a D-plus on the latest progress report from Congress. The departments of Transportation, Justice and the Interior made remarkable improvements, according to the rankings, which were compiled by the House Government Reform Committee and based on reports from each agency's inspector general. But seven of the 24 largest agencies received failing grades, including the departments of Energy and Homeland Security. The Homeland Security Department encompasses dozens of agencies and offices previously elsewhere in government but also includes the National Cyber Security Division, responsible for improving the security of the country's computer networks. ``Several agencies continue to receive failing grades, and that's unacceptable," said Rep. Tom Davis, R-Va., the committee's chairman. ``We're also seeing some exceptional turnarounds." Davis said troubling areas included lax security at federal contractor computers, which could be used to break into government systems; a lack of contingency plans for broad system failures and little training available for employees responsible for security. The Transportation Department improved from a D-plus to an A-minus; the Interior Department, which failed last year, improved to a C-plus; and the Justice Department rose from a failing grade to B-minus. The poor grades effectively dampen efforts by U.S. policy makers to impose new laws or regulations to compel private companies and organizations to enhance their own security. Industry groups have argued that the government needs to improve its own computer security before requiring businesses to make such changes.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. Steptoe & Johnson's E-Commerce Law Week

8. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

9. The Benton Foundation's Communications Headlines

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

Saturday, January 10, 2015

MIRLN --- 21 December – 10 January 2015 (v18.01)

MIRLN --- 21 December - 10 January 2015 (v18.01) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | LOOKING BACK | NOTES

How IBM shrunk a complex contract down to 2 pages (Corporate Counsel, 16 Dec 2014) - To Neil Abrams, assistant general counsel at IBM, better service to his clients and the customers means keeping it simple. That's why a team spearheaded by Abrams earned international recognition for taking dozens of pages of complex contracts for cloud services and reducing them to a simple, two-page document. Abrams told CorpCounsel.com that the complex contracts for some 150 cloud services were creating a frustrating roadblock for customers last year. The contracts would end up in the hands of their lawyers, who would want to negotiate the wording, tying up lawyers on both sides. "We developed a plan to cover only those things we considered essential," Abrams said, "and we used concise, plain language." It took his team about two months to boil down all the key points into the two-page document, to work it through the business side and translate it into more than 20 languages. How did they do it? "That was challenging," he concedes. "We wouldn't reuse any preexisting contract clauses. And we had to avoid the common technique in contract drafting of cross-referencing or hyperlinking and incorporating other documents by reference." Most companies also require a separate "professional services" contract that gives a detailed description of what the company is going to do. But the simplified IBM contract also covers services. And Abrams' team included intellectual property indemnification in the contract-"though most cloud providers do not provide that," he said. "We learned that using a shorter contract takes a lot less time for the customers-and their lawyers," he explained. "And where there needs to be some negotiation, they can do that faster too." He said the response has been positive from customers and internal clients, including the IBM sales team. And the International Association for Contract and Commercial Management named the company a finalist for its 2014 Innovation Award for Operational Improvement for "boldly and rapidly transforming its cloud computing contract process." The success of this novel bit of contract work also earned Abrams something else. When he began the task, he was the head lawyer for software. Now he is an assistant GC assigned to look for ways to transform the client experience, including simplifying more contracts. His latest project: A four-page contract released a few months ago that covers IBM's entire product line. Such contracts once averaged about 30 pages. This one allows a customer to choose the parts that apply to the product he wants. [ Polley : I'd love to see a copy, if anybody has one.]

top

A 'partial win' for publishers (InsideHigherEd, 20 Dec 2014) - While academic publishers on Friday notched a rare win in the ongoing legal debate about digital access to copyrighted works, proponents of fair use said the opinion in Cambridge v. Patton recognizes that colleges and universities can legally create digital reserves of books in their collections. In a unanimous decision, a three-judge panel of the U.S. Court of Appeals for the 11th Circuit, which covers Alabama, Georgia and Florida, rejected a broad ruling on how to determine fair use. The decision guarantees the case has a long and litigious road ahead of it by reversing the district court's opinion and sending the case back for further deliberations. Rather than strike a decisive blow against fair use, the legal concept that places some limits on the rights of copyright holders, the appeals court instead issued a stern warning against quick-fix, one-size-fits-all solutions to legal disputes -- specifically, the idea that copying less than a chapter or 10 percent of a book automatically protects an institution from a lawsuit. The court also came away "persuaded" that the Copyright Act of 1976 contains specific protections for colleges and universities, noting that Congress "devoted extensive effort to ensure that fair use would allow for educational copying under the proper circumstances."

top

Free hotel Wi-Fi coming, with strings attached (LA Times, 21 Dec 2014) - Starwood Hotels & Resorts Worldwide Inc., with more than 1,200 properties including the brands W, Westin, Sheraton, Four Points and St. Regis, announced last week that standard in-room Internet will be free to all Starwood Preferred Guest members starting Feb. 2. The move mirrors a decision announced last month by Marriott International to offer free standard Wi-Fi to members of its loyalty rewards program, starting in January. With the Starwood offer, loyalty reward members get the Wi-Fi if they book through Starwood's online sites or the SPG app. Without a loyalty membership, guests pay up to $20 per day for basic Wi-Fi service, with even higher prices for Internet with premium speeds.

top

- but, on the other hand -

Google, wireless industry not down with Marriott's Wi-Fi blocking plan (Re/code, 22 Dec 2014) - Microsoft and Google don't agree on much, but they've presented a united front against the hotel industry, which is trying to convince government regulators to give them the option of blocking guests from using personal Wi-Fi hotspots. The tech companies recently joined the wireless industry's lobbying group and a handful of other parties in opposing the hotel industry's petition, which seeks the Federal Communications Commission's permission to block personal Wi-Fi networks on their properties. This summer, the American Hospitality & Lodging Association and Marriott International asked the FCC to declare that a hotel operator can use equipment to manage its network even if it "may result in 'interference with or cause interference' to a [wireless device] being used by a guest on the operator's property." "Wi-Fi network operators should be able to manage their networks in order to provide a secure and reliable Wi-Fi service to guests on their premises," they argued. At the time, Marriott was under investigation for a March 2013 consumer complaint for allegedly blocking guests from using their smartphones as personal Wi-Fi hotspots in the convention space at Opryland. The Marriott-owned Gaylord Opryland Hotel and Convention Center tech staff was using a monitoring system that de-authenticated guests' personal Wi-Fi hot spots. Meanwhile, the hotel was charging exhibitors and attendees anywhere from $250 to $1,000 for Wi-Fi service, the FCC said. In October, Marriott settled an FCC complaint about the practice for $600,000 but argued that it hadn't broken the law and was using technology to protect guests from "rogue wireless hotspots that can cause degraded service, insidious cyber attacks and identity theft."

top

Hack attack causes 'massive damage' at steel works (BBC, 22 Dec 2014) - A blast furnace at a German steel mill suffered "massive damage" following a cyber attack on the plant's network, says a report . Details of the incident emerged in the annual report of the German Federal Office for Information Security (BSI). It said attackers used booby-trapped emails to steal logins that gave them access to the mill's control systems. This led to parts of the plant failing and meant a blast furnace could not be shut down as normal. The unscheduled shutdown of the furnace caused the damage, said the report.

top

A corporate counsel's guide to cyber insurance (Davis Wright Tremaine, 29 Dec 2014) - On an almost daily basis, you are reminded of why you should worry about the security of your company's data and information systems. Whether it be from headlines in hard copy, broadcast, or online media, your senses have been slammed with one sensational story after another about increasingly massive data breaches. You may have even read about malware that continues to morph once it tunnels into a system, allowing it to evade detective software. You have seen serious economic and reputational damage done to businesses because cyber thugs launched an attack against their digital infrastructure. You have also seen class actions filed by consumers, derivative actions filed by investors, and enforcement actions taken by regulatory agencies. With each new headline and regulatory settlement, you have developed an increased sense of urgency to better protect the financial health of your business as it confronts increasingly dangerous cyber threats. Where do you begin? The obvious first steps will involve the development and implementation of strategies to mitigate the risk of harm by continuously strengthening the security of your company's information systems. Unfortunately, the technology behind the cyber threats has proven to be dangerously resilient, which means there will always be risk that cannot be mitigated by technology. What should you do about this risk? Consider transferring it to cyber insurance. * * * [ Polley : Nothing particularly new here, but a useful, workmanlike post.]

top

FBI on watch as hackers' victims weigh illegal retaliation (LA Times, 30 Dec 2014) - The hacked are itching to hack back. So say a dozen security specialists and former law enforcement officials who described an intensifying sense of unease inside many companies after the recent breach of Sony Corp.'s networks. U.S. officials have shown little appetite to intervene as banks, retailers, casinos, power companies and manufacturers have been targeted by foreign-based hackers. Private-sector companies doing business in the U.S. have few clear options for striking back on their own. That has led a growing number of companies to push the limits of existing laws to consider ways to break into hackers' networks to retrieve stolen data or even knock computers offline to stop attacks, the cybersecurity professionals said in interviews. Some companies are enlisting cybersecurity firms, many with military or government security ties, to walk them through options for disrupting hacker operations or peering into foreign networks to find out what intellectual property the hackers may have stolen. In one case, the FBI is looking into whether hackers working on behalf of any U.S. financial institutions disabled servers that were being used by Iran to attack the websites of major banks last year, according to two people familiar with the investigation. JPMorgan Chase & Co. advocated such a move in a closed meeting in February 2013, these people said. A bank spokeswoman said no action was ever taken. Federal investigators are still trying to determine who was responsible, the people said. "It's kind of a Wild West right now," said Rep Michael McCaul (R-Texas), chairman of the House Homeland Security Committee. Some victim companies may be conducting offensive operations "without getting permission" from the federal government, he said. [ Polley : "Permission"? The government can give permission to break the law?] After the Sony attacks, someone appears to have struck back. Fake copies of "Fury," "Annie" and other leaked films began appearing this month on file-sharing sites, slowing the computers of people trying to download the movies and crippling torrent sites disseminating the files, said Tal Klein, vice president of strategy at Adallom Inc., a Palo Alto, Calif., security company. The fake files have now largely been eliminated as file-sharing sites have used rating systems to blacklist the decoys, he said. Sony declined to comment on the fakes or on any steps the company is taking to recover from the breach. In February 2013, U.S officials met with bank executives in New York. There, a JPMorgan official proposed that the banks hit back from offshore locations, disabling the servers from which the attacks were being launched, according to a person familiar with the conversation, who asked not to be identified because the discussions were confidential.

top

Court permits banks' negligence claims against Target for data breach (Steptoe, 31 Dec 2014) - The U.S. District Court for the District of Minnesota has denied Target's motion to dismiss negligence claims alleged by five banks following the December 2013 hacking incident that compromised the personal and financial information of approximately 110 million customers. According to the class action complaint, filed in In re: Target Corporation Customer Data Security Breach Litigation on behalf of all financial institutions whose customers made Target purchases during the relevant period, the data breach caused the banks to suffer substantial losses such as the costs of reissuing credit and debit cards, notifying customers about the breach and addressing their complaints, monitoring accounts for fraud, and reimbursing customers affected by it. The court ruled that the banks had sufficiently alleged that Target had breached a duty of care under state law in that the harm to the banks was caused and exacerbated by Target's actions and inactions.

top

9 maps that explained the Internet in 2014 (Washington Post, 31 Dec 2014) - This was a big year for the Internet, from the U.S. debate over net neutrality to proposals to shift control of the worldwide Web to the global community. Here are maps that can help you understand how the Internet worked and how people used it in 2014 * * * See also Mapping the world's 4.3 billion Internet addresses (Washington Post, 7 Jan 2015)

top

100 years of law (ABA Journal, 1 January 2015) - It goes without saying that the world was a vastly different place in 1915 than it is today. But while the events of that year now carry the echoes of history, they also predicted some of the upheaval of the coming century. A year earlier, the outbreak of war in Europe, which quickly spread to the Middle East, Africa and parts of Asia, had shattered the last lingering vestiges of innocence that characterized the Victorian Age. But in 1915, World War I-called the Great War because no one imagined such a conflagration could happen again-unleashed the horrors of modern warfare. During that year, Germany introduced poison gas as a weapon, and 1,198 passengers died when the Lusitania was sunk on May 7 by a German submarine. By the end of the year, the British Army had begun testing the first prototype tanks. But 1915 carried hints of change, as well. In January, the first coast-to-coast telephone call was made by Alexander Graham Bell in New York City and his assistant Thomas Watson in San Francisco. In February, the first stone of the Lincoln Memorial was put into place. Babe Ruth hit his first major league home run. Ford rolled the millionth car off its assembly line at the River Rouge plant in Detroit. And on Oct. 25, Lyda Conley became the first Native American woman to be admitted to practice before the Supreme Court. The American Bar Association was perhaps thinking about the future as well at its 1914 annual meeting when the executive committee was authorized to provide for the publication of a journal with announcements and transactions of the association, including the work of various affiliated bodies. The committee "took favorable action, and the establishment of the quarterly, of which this constitutes the first number, is the result," states the foreword to the ABA Journal 's first issue, which was published in January 1915. "The Journal will henceforth be sent to every member of the American Bar Association, without any additional charge. He pays for it by paying his annual dues, which are now $6." The main articles in that first issue were committee reports to the Conference of Commissioners on Uniform State Laws. The issue carried one advertisement, a special offer to ABA members from the Lord Baltimore Press to purchase the Court of Claims Digest for $5.

top

Senators question FBI's legal reasoning behind cell-tower spoofing (Washington Post, 2 Jan 2015) - Two U.S. senators are questioning whether the FBI has granted itself too much leeway on when it can use decoy cellphone towers to scoop up data on the identities and locations of cellphone users. The lawmakers say the agency now says it doesn't need a search warrant when gathering data about people milling around in public spaces. Sen. Patrick Leahy (D-Vt.) and Chuck Grassley (R-Iowa), the chairman and ranking member on the Senate Judiciary Committee respectively, have written a letter to Attorney General Eric Holder and Department of Homeland Security Jeh Johnson about the use of the surveillance technology called an IMSI catcher, though also referred to by the trade name "Stingray." [ Polley : What wouldn't be a "public space"?

top

Who's responsible when your semi-autonomous shopping bot purchases drugs online? (Slashdot, 5 Jan 2015) - Who's responsible when a bot breaks the law? A collective of Swiss artists faced that very question when they coded the Random Darknet Shopper, an online shopping bot, to purchase random items from a marketplace located on the Deep Web, an area of the World Wide Web not indexed by search engines. While many of the 16,000 items for sale on this marketplace are legal, quite a few are not; and when the bot used its $100-per-week-in-Bitcoin to purchase a handful of illegal pills and a fake Hungarian passport, the artists found themselves in one of those conundrums unique to the 21st century: Is one liable when a bunch of semi-autonomous code goes off and does something bad? In a short piece in The Guardian, the artists seemed prepared to face the legal consequences of their software's actions, but nothing had happened yet-even though the gallery displaying the items is reportedly next door to a police station. In addition to the drugs and passport, the bot ordered a box set of The Lord of the Rings, a Louis Vuitton handbag, a couple of cartons of Chesterfield Blue cigarettes, sneakers, knockoff jeans, and much more. [ Polley : Spotted by MIRLN reader Mike McGuire ; see " Looking Back " below for a related Steptoe post 10 years ago.]

top

Google's 'security princess' helped White House after hack (Mashable, 6 Jan 2015) - After hackers breached its internal network in late October, the White House got the help of a Google security engineer, Parisa Tabriz, the company's self-proclaimed "security princess." Tabriz was tapped by the newly founded U.S. Digital Service, a tech task force for the government which launched in August, as a consultant for a "Top Secret / Classified project" to improve the network of the White House and the Executive Office of the President, according to an earlier version of her own resume , which has since been edited. Tabriz's work for the White House on computer security has not been publicly reported before. Her resume entry was spotted on Monday by American Civil Liberties Union Principal Technologist Christopher Soghoian, who in the past exposed the FBI hacking techniques scouring the LinkedIn profiles of government contractors. Hours after Soghoian's tweet, and after Mashable reached out for comment, Tabriz edited her resume removing the reference to the "Top Secret / Classified project." [ oops ]

top

Ford tries to shut down independent repair tool with copyright (EFF, 6 Jan 2015) - At EFF, we think people ought to be able to understand how their devices work and repair them without asking permission of the manufacturer. We also think independent repair companies should to be able to compete with manufacturers in the aftermarket. Simply put, you should be able to fix your stuff or choose someone you trust to do it for you. The Ford Motor Company, however, takes a different view. It recently sued Autel, a manufacturer of third-party diagnostics for automobiles, for creating a diagnostic tool that includes a list of Ford car parts and their specifications. Ford claims that it owns a copyright on this list of parts, the "FFData file," and thus can keep competitors from including it in their diagnostic tools. It also claims that Autel violated the anti-circumvention provisions of the Digital Millennium Copyright Act by writing a program to defeat the "encryption technology and obfuscation" that Ford used to make the file difficult to read.

top

The drugs that companies promote to doctors are rarely breakthroughs (NYT, 7 Jan 2015) - For more than five decades, the blood thinner Coumadin was the only option for millions of patients at risk for life-threatening blood clots. But now, a furious battle is underway among the makers of three newer competitors for the prescription pads of doctors across the country. The manufacturers of these drugs - Pradaxa, Xarelto and Eliquis - have been wooing physicians in part by paying for meals, promotional speeches, consulting gigs and educational gifts. In the last five months of 2013, the companies spent nearly $19.4 million on doctors and teaching hospitals, according to ProPublica's analysis of federal data released last fall. The information, from a database known as Open Payments, gives the first comprehensive look at how much money drug and device companies have spent working with doctors. What it shows is that the drugs most aggressively promoted to doctors typically aren't cures or even big medical breakthroughs. Some are top sellers, but most are not. Instead, they are newer drugs that manufacturers hope will gain a foothold, sometimes after failing to meet Wall Street's early expectations. * * * Largely absent from the top of the list were drugs that cure disease, such as a new class of hepatitis C treatments, or those that significantly extend life, particularly for cancer patients. If a drug is either the first to treat a disease or is much better than existing drugs, said Dr. Sidney Wolfe, the founder and now senior adviser to Public Citizen's Health Research Group, "they 'sell themselves' on the merits of their unique benefits." [ Polley : Thanks to open-data initiatives.]

top

Robert Half can't stop former employees from telling the world where they used to work (Eric Goldman, 7 Jan 2015) - As the saying goes, a business' most important asset is its people. That maxim applies with extra force in the staffing industry, where people literally are its business. Perhaps that explains why Robert Half, a leading staffing company, uses an unusually aggressive contract clause to hamper departed employees. A recent federal court decision rejected the overreaching contract clause, but the court ruling highlights the regulatory challenges to preserving employee mobility. Paragraph 13 of Robert Half's contract with its employees says: After termination of Employee's employment with Employer, Employee shall not indicate on any stationary, business card, advertising, solicitation or other business materials that Employee is or was formerly an employee of Employer, any of its divisions, or any of the RHI Companies except in the bona fide submission of resumes and the filling out of applications in the course of seeking employment. I don't believe this clause is typical for employment contracts. I didn't find similar clauses either in Westlaw's database of litigated cases or Google searches. There's a good reason paragraph 13 isn't common. Read literally, it seems to say that departed Robert Half employees can't tell prospective customers that they used to work for Robert Half. For example, this clause apparently applies to a former employee's LinkedIn profile and biography posted to a new employer's website. So what could the former Robert Half employee say about his or her work history? Maybe: "I worked at a leading staffing company for X years"? That's more mysterious than enlightening.

top

Bank of America shifts compliance team out of legal unit after OCC pressure (Reuters, 7 Jan 2015) - Under pressure from its U.S. regulator, Bank of America has shifted its compliance group from its legal department to its risk oversight group, a source familiar with the matter said. The move comes as federal regulators have warned big banks to adopt more ethical internal cultures or they could be broken up to make them easier to manage. Officials with the Office of the Comptroller of the Currency (OCC), which in September finalized "heightened expectations" guidelines for the way large banks manage their risks, discussed the matter with Bank of America officials in December. Soon after that meeting, the bank decided to switch its compliance group to the risk control area, said the source, who spoke on condition of anonymity citing a lack of authorization to speak publicly on the matter. The OCC pressed for the move out of a belief that the legal group was focused on minimizing the application of rules, the source said.

top

'Family Law' is second in series of Uniform Law Commission apps (Robert Ambrogi, 8 Jan 2015) - A Boston-based developer of legal apps, Lawyer-Apps , has partnered with the Uniform Law Commission , the organization that drafts uniform laws and promotes their adoption by states, to release an iPad app, Family Law , that provides mobile access to the full text of the ULC's family law acts, including the official comments and annual updates. Released this week, the app is the second to be jointly developed by Lawyer-Apps and the ULC. They previously released the Trust & Estates app, which provides the full text of the ULC's trust and estate acts. The app is fully searchable or can be browsed on a section-by-section basis. The app also includes citations and links to state statutes based on the uniform acts for easy comparison. The app costs $9.99, which includes annual updates to uniform text and continuously updated enactment data. It is available for iPad only. Lawyer-Apps has also developed a series of apps in conjunction with the American Law Institute (ALI) based on the Uniform Commercial Code: Secured Transactions , Instruments-Deposits-Funds , and Sales & Leases .

top

Armed attacks in cyberspace: A reply to Admiral Stavridis (Lawfare, 8 Jan 2015) - Last week, Admiral (Ret.) James Stavridis, former NATO Supreme Allied Commander and presently Dean of the Fletcher School of Law and Diplomacy at Tufts University, correctly expressed concern that "unlike sea, air and land, much of cyberspace's doctrine remains undefined, to include even the most fundamental of terms. We do not even have an agreed-upon definition of what constitutes an attack in cyberspace-and it is high time we did." His article, appearing in Signal, identified a key real-world shortcoming of international law as applied to cyber activities. The lawyers cannot state with any certainty when a cyber operation trips over Article 51 's "armed attack" threshold thereby allowing the victim State to respond with either kinetic or cyber force. His frustration is palpable and rightly so. A former consumer of legal advice at the highest level of international security affairs, he understands first-hand the dilemma of being expected to effectively handle a sensitive situation without a clear rule book. As senior officers tend to do, he identified a problem and has set out to solve it. In fact, an unofficial rule book exists. The Tallinn Manual on the International Law Applicable to Cyber Warfare is the product of a three-year NATO Cooperative Cyber Defense Center of Excellence sponsored effort to offer a restatement of law, by a group of international legal scholars and cyber technical experts (the "International Group of Experts," IGE). The Manual sets forth the logic behind its 95 rules and, in an extensive accompanying commentary, highlights those issues that remain unsettled in the law. * * * [Admiral Stavridis' view] is a concerning sentiment because decision-makers like the Admiral and their lawyers are precisely the Tallinn Manual's target audience. It is especially troubling because his opinion deservedly carries enormous weight in the policy and operational communities . . . and he badly misconstrued the position of the IGE. As director of the project, allow me to clarify the position of the experts on the issue of armed attack. * * *

top

LegalZoom gets OK to operate in UK (ABA Journal, 8 Jan 2015) - An online purveyor of self-help legal documents such as living trusts and wills has gotten a green light to operate in the United Kingdom as an alternative business structure. LegalZoom has been licensed with the Solicitors Regulation Authority and will partner with the QualitySolicitors law firm network, reports the Law Society Gazette . LegalZoom is the first U.S.-based company approved to operate as an ABS in the U.K., the article notes. Craig Holt, who founded QualitySolicitors, is in charge of LegalZoom's operations in the U.K. He said the company plans to take an innovative approach to help fill an existing gap in affordable legal services. "An ABS provides broader freedom in how we work with lawyers, and we expect increasing levels of partnership in the U.S. and the U.K.," Holt told the Gazette.

top

RESOURCES

Surveillance law videos for non-lawyers (Volokh Conspiracy, 4 Jan 2015) - Jonathan Mayer has posted a series of short YouTube videos about surveillance law that he created for a Stanford Coursera course. The videos are intended for non-lawyers, so the content is particularly easy to follow. If you're interested in learning about surveillance law but you're not sure where to start, the videos are definitely worth checking out .

top

Cybersecurity and the use of emerging technologies, Part 2 (ABA's Peter Geraghty, Center for Professional Responsibility, Jan 2015) - [ Polley : good discussion of outsourcing, social media, and metadata issues]

top

Ryan on open access to legal scholarship (Legal Theory Blog, 19 Dec 2014) - Christopher J. Ryan (Higher Education Policy and Law (Peabody College)) has posted Not-So-Open Access to Legal Scholarship: Balancing Stakeholder Interests with Copyright Principles (Richmond Journal of Law and Technology, Vol. 20, No. 1, 2013) on SSRN. Here is the abstract: At its core, open access, particularly public access to scholarly research, is grounded in considerations of transparency, accountability, democratic legitimacy, and the fulfillment of perhaps the most fundamental function of academia - providing educational service for the public. This article discusses the role that open access plays and should play in academic legal scholarship. Specifically, this article defines the Open Access Movement and the benefits of open access to scholarship, describes the current methods of accessing academic scholarship, discusses issues related to ownership of scholarly works and the interests of authors, and provides recommendations for ensuring open access to legal scholarship. In particular, the article identifies elements of existing solutions that should be combined to create a policy that can provide open access to such scholarship while handling the interests of scholars, institutions, publishers, and the public.

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

9-11 Commissioner calls for end to ISACs (InfoWorld, 18 Feb 2005) -- The U.S. government's policy of relying on voluntary, industry-led information sharing and analysis centers, or ISACs, is not working and should be discontinued or reformed, according to Jamie Gorelick, a member of the 9-11 Commission. ISACs lack the organization and funding to work effectively and pass on vital security intelligence to the U.S. federal government about threats to the nation's critical infrastructure. Their failure poses a threat to national security, Gorelick said during a panel discussion at the RSA Conference in San Francisco. However, the head of at least one ISAC says the organizations are working well, despite continued skepticism of government demands for information on security breaches. The ISAC system was created by Presidential Decision Directive 63 (PDD 63), which was issued by President Bill Clinton in 1998. PDD 63 called for the creation of ISACs to encourage private sector cooperation and information sharing with the federal government on issues related to the nation's critical infrastructure. Today there are ISACs for the food, water and energy sectors, as well as the information technology, telecommunications, chemical and financial services industries. "I don't think the model of ISACs works," Gorelick said. "Asking industries to fund their own ISACs as they wish and in a disorganized fashion will not get us where we need to go." In particular, Gorelick objected to the requirement that critical industries fund and operate their own ISACs without government oversight. The U.S. government should provide funding and a reliable communications system for each ISAC, rather than requiring them to "pass the hat" to raise operating funds, she said. The government should also provide a single point of contact for ISACs that can be a "quarterback" for the various industry groups and win the support of senior executives within different industry sectors, she said. However, the president of one prominent ISAC thinks Gorelick is mistaken in her notion that the groups are not working. "(Gorelick) is unfortunately mistaken in her perception," said Guy Copeland, vice president of Information Infrastructure Advisory Programs at Computer Sciences Corp. and president of the Information Technology ISAC (IT-ISAC). "We've never received any funding from the government, and we're stronger because of it."

top

Spiders can enter contracts too! (Steptoe & Johnson's E-Commerce Law Week, 28 April 2005) -- It wouldn't be unheard-of for a web surfer to accept the terms of a Terms of Use or "click-through" agreement without actually reading it ... and then for a court to hold him to the terms of that agreement. So is there a difference if his automated software tool does the "clicking" -- also without actually reading the agreement? Not according to the US District Court for the Northern District of California. In Cairo, Inc. v. CrossMedia Services, Inc., the court held that automated software tools called "spiders" can legally consent to the terms of use or terms of service agreements on websites they visit -- thereby committing their operators to the terms of those agreements and subjecting them to liability for violations. (The case breaks new legal ground, but the court designates its opinion as "unpublished," which usually means that the ruling has little or no precedential impact. In this case, it may mean that the court lacks confidence in its judgment -- or simply that no one has yet asked the court to publish the opinion.)

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. Steptoe & Johnson's E-Commerce Law Week

8. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

9. The Benton Foundation's Communications Headlines

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top