Saturday, March 14, 2015

MIRLN --- 22 Feb - 14 March 2015 (v18.04)

MIRLN --- 22 Feb - 14 March 2015 (v18.04) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | LOOKING BACK | NOTES

Lawsuits' lurid details draw an online crowd (NYT, 22 Feb 2015) - Intimate, often painful allegations in lawsuits - intended for the scrutiny of judges and juries - are increasingly drawing in mass online audiences far from the courthouses where they are filed. When a former saleswoman at Zillow sued the real estate website in December, describing X-rated messages from male colleagues, her court filing drew hundreds of thousands of readers, causing an instant public relations crisis for the company. The papers in a sexual harassment suit filed last summer against Tinder , the dating app, circulated in a popular Buzzfeed post . And a lawyer for a fired University of Minnesota-Duluth women's hockey coach who is planning a lawsuit knows what the initial complaint will need: a clear narrative and damning details. More and more, the first court filings in gender-related suits, often allegations that inspire indignation, are winning wide readerships online before anyone steps foot in a courtroom. As a result, plaintiffs are finding themselves with unexpected support - and greater-than-ever power to ruin reputations. Panicky defendants are left trying to clear their names from accusations that sometimes are unsubstantiated. Judges and law professors, watching the explosion of documents online, fear such broad exposure is throwing court proceedings off track and changing the nature of how civil suits are meant to unfold. "It's not clear that lighting a match and dropping it in the public sphere is going to be a reliable way to bring closure," said Jonathan Zittrain, a Harvard professor of Internet law who compared the practice to the old campus tactic of scrawling the names of alleged rapists on women's bathroom walls. Though all sorts of legal records circulate online - the document website Scribd has more than six million - those involving gender or claims of sexual misconduct tend to resonate more widely than complex corporate litigation or low-level disputes. Lawsuit papers are generally public, but before the advent of electronic filing, most of them remained stuffed inside folders and filing cabinets at courthouses. Now some plaintiffs' lawyers, calculating that they will be protected from defamation suits when making charges in civil complaints, distribute the first filings online as a way of controlling the narrative. But more often, electronic case databases, blogs and social media propel a case into the spotlight even when the parties are not public figures.

top

Wall St. and law firms plan cooperative body to bolster online security (NYT, 23 Feb 2015) - The threat of ever-larger online attacks is bringing together Wall Street banks and the big law firms that do work for them in an alliance that could result in some sharing of basic information about digital security issues. For nearly a year, banks and law firms have discussed setting up a legal group that would be affiliated with the banking industry's main forum for sharing information about threats from hackers, online criminals and even nation states - the Financial Services Information Sharing and Analysis Center . Several people briefed on those discussions said those talks would most likely lead to the establishment of such a group by the end of the year, a recognition that hackers are increasingly focusing on big law firms to glean information about their corporate clients. Law enforcement agencies have long been concerned about the vulnerability of United States law firms to online attacks because they are seen by hackers and nations bent on corporate espionage as a rich repository of company secrets, business strategies and intellectual property. But attacks on law firms often go unreported because the firms are private and not subject to the same kind of data-breach reporting requirements as public companies that handle sensitive consumer information. Over the last several months, Mandiant, the security firm that is a division of FireEye, has been advising a half-dozen law firms that were the subject of a breach, said a person briefed on the matter who spoke on the condition of anonymity. Mandiant, during a recent presentation at a legal conference, said many of the bigger hackings of law firms had ties to the Chinese government, which was seeking information on patent applications, trade secrets, military weapons systems and contract negotiations. The law firm group under consideration would be set up as an organization to share and analyze information and would permit firms to share anonymously information about hackings and threats on computer networks in much the same way that bank and brokerage firms share similar information with the financial services group. And while the two groups would not necessarily share information with each other, the law firms would have access to some of the resources of the financial center, which has existed since 1999 and is one of the better-funded industry threat-sharing organizations. [ Polley : I'm helping the ABA assess whether/how it might facilitate similar ISAC-like activities; we fear that most firms (other than the very largest) wouldn't grok the value-proposition. Reactions?]

top

- and -

Law firms to share info about cyber threats (The Hill, 5 March 2015) - Leading international law firms are moving to share information on hacking threats, a step that could revolutionize how the legal industry copes with attempted cyberespionage. The threat-sharing forum, which is expected to launch in late spring, will mimic the system used by banks and financial institutions to help each other guard against cyberattacks. The legal group is expected to have between six and 12 initial members, according to The American Lawyer , which reported the news on Thursday. Five founding members were named: Sullivan & Cromwell, Debevoise & Plimpton, Paul Weiss Rifkind Wharton & Garrison, Allen & Overy and Linklaters. The decision to move forward on a threat-sharing forum highlights the pressure facing law firms to protect clients' secrets. Hackers, including teams sponsored by the Chinese government, have found law firms to be a less-guarded "back door" for gathering information on major U.S. companies. While banks and financial institutions have hardened cybersecurity, law firms' protections are typically less sophisticated. In the new forum, law firm leaders will be able to anonymously share information about hacking attempts and cyber vulnerabilities for an annual membership fee. The group will be organized as an offshoot of the Financial Services Information Sharing and Analysis Center, the threat-sharing forum for the banking industry, and will have access to some of its data.

top

- and -

Most big firms have had some hacking (Bloomberg, 10 March 2015) - Data breaches don't just affect retailers and banks. Most big law firms have been hacked, too. While cybercrime has plagued U.S.-based law firms quietly for close to a decade, the frequency of attempts and attacks has been increasing substantially. Numbers aren't available, since unlike hacking at financial institutions law firms have no legal obligations to disclose cybercrimes to the public. But experts say that these crimes have increased, particularly at firms whose practices involve government contracts or mergers and acquisitions, especially when non-U.S. companies or countries are involved. "Law firms are very attractive targets. They have information from clients on deal negotiations which adversaries have a keen interest in," according to Harvey Rishikof, co-chair of the American Bar Association's Cybersecurity Legal Task Force. "They're a treasure trove that is extremely attractive to criminals, foreign governments, adversaries and intelligence entities." While Cisco Systems Inc. ranks law firms as the seventh most-vulnerable industry to "malware encounters" in its 2015 "Annual Security Report," other statistics are more striking. At least 80 percent of the biggest 100 law firms have had some sort of breach, Peter Tyrrell, the chief operating officer of Digital Guardian, a data security software company, said in a telephone interview. Stewart Baker, a partner at Steptoe & Johnson LLP, said the number may be even higher. In an interview Tuesday he recounted what an agent from the Federal Bureau of Investigation told him: Virtually all of the biggest firms have faced some sort of data breach. [ Polley : This is all hearsay; aside from the Tyrrell quote, there's zero new here, and his quote is bare. I don't think Bloomberg should have run this, but I'm including it here anyway - grain of salt.]

top

New study provides cybersecurity insights for corporate counsel (Hogan Lovells, 24 Feb 2015) - A recently-released research study published by Indiana University's Bloomington School of Law highlights the rising importance of cybersecurity law and provides current insights on the role lawyers are playing to help protect companies from cyber threats. The study, entitled " The Emergence of Cybersecurity Law ," is based on a survey of corporate law departments as well as interviews conducted with lawyers, consultants, and academic experts. The report finds that although companies increasingly recognize the importance of cybersecurity, few are fully prepared to face the challenge. Substantial numbers of corporate leaders lack confidence in their organizations' level of preparedness-in part the result of a shortfall of cybersecurity literacy within organizations. While cybersecurity may once have been the domain of IT professionals, companies now recognize that having legal and other disciplines engaged is also necessary. The implication is that lawyers must master the patchwork of legal issues and regulations relevant to cybersecurity risk management, while developing sufficient technical vocabulary to ask the right questions of their IT counterparts. Despite the accelerating frequency of cybersecurity incidents, the report finds that companies still too often turn to lawyers only as a reactive measure rather than as part of a proactive process. To help companies protect their employees and customers from cyber threats, the report recommends that corporate counsel follow a 10-point cybersecurity agenda first proposed in 2012 by Hogan Lovells Partner Harriet Pearson: * * *

top

The "browsewrap"/"clickwrap" distinction is falling apart (Eric Goldman, 24 Feb 2015) - It is somewhat surprising that, in 2015, courts are still hashing out online consumer contract formation issues. After all, the seminal case, Specht v. Netscape , was decided over a dozen years ago. Yet, a few recent cases show that companies often don't get the contracting process right. In all or most of these cases, the companies are trying to push the disputes into arbitration (on an individual, rather than a class-wide basis). So the result of a flawed contract formation often means that a company has to litigate a claim in court rather than a more convenient and less expensive forum. * * * {case discussion and analysis}

top

Fair Use and MOOCs (InsideHigherEd, 24 Feb 2015) - As Fair Use Week begins , Francesca Giannetti and David Hunter considers the use of readily and legally available digital media for MOOCs. Their experience stems from assisting a University of Texas professor with an online jazz appreciation course. In helping University of Texas at Austin professor Jeff Hellmer identify and include audio and video recordings as he set up his jazz appreciation course, first offered January 2014, Francesca Giannetti and I considered numerous streaming or downloading possibilities. To rely on fair use in the context of an open educational resource, where the course audiovisuals would be posted on YouTube, was untested legal ground. In our view Professor Hellmer's uses were fair, such as 7-10 seconds of a song, embedded in a lecture, to illustrate a point. But a potential problem existed inasmuch as a challenge by a content owner would require removal of specific material, which would ruin the lecture, unless the institution was ready to be sued or file a declaratory judgment action against the accuser. At that time we had not witnessed the example of Lawrence Lessig, who, when served in August 2013 with a take-down request by Liberation Music Pty Ltd., countered with a declaratory judgment request, and was successful. We knew that Sony BMG, for example, tolerates nothing as fair, even if we were to utilize DMCA Section 512's provision to counterclaim fair use, with a full explanation. When the question becomes "is it worth engaging in a lawsuit to prove that 7 seconds of a song, used transformatively to illustrate a point is fair, or do we take down that audiovisual?", most of us don't enjoy the luxury of the resources to file the lawsuit. During course development the MOOC platform's technicians highlighted the audio and video that was available through YouTube, and agreed to make the links inactive after a relatively short period. Of course, the files were still available on YouTube itself after that time, so it remained possible for students to return to them directly. This illustrates a balance of practicality and limitation of risk in the ever-changing and challenging environment of information provision of recorded sound and video. This provision remains the property of multi-national businesses that have very little interest in encouraging the educational use of their property, and even less in admitting that fair use principles apply to current modes of delivery.

top

Target data breach price tag: $252 million and counting (Mintz Levin, 26 Feb 2015) - In a recently-released Form 8-K filing announcing fourth quarter and year-end financial results , Target Corporation reported that expenses incurred in 2014 relating to its 2013 data breach totaled over $191 million. Those expenses were offset by $46 million in insurance proceeds, resulting in a $145 million charge against Target's 2014 operating results. The expenses incurred in 2014 were in addition to $61 million in breach-related expenses incurred in 2013 which, after receipt of $44 million in insurance proceeds, yielded $17 million in net breach-related expenses for Target in 2013. In all, Target has incurred $252 million in costs arising from the data breach through the end of 2014 which, after receipt of $90 million in insurance proceeds, has resulted in total net expenses to Target in 2013 and 2014 of about $162 million.

top

Data security is becoming the sparkle in Bitcoin (NYT, 1 March 2015) - Some couples opt for a traditional wedding, while others go for the Elvis impersonator in Las Vegas. But David Mondrus and Joyce Bayo may be the first to have incorporated Bitcoin. Before about 50 guests at a Walt Disney World hotel in Florida recently, the couple used a Bitcoin automated teller machine to record their written vows on the currency's so-called block chain - an open ledger that permanently stores information. "A diamond is forever, a marriage is forever, but when was the last time anyone looked at their wedding vows?" Mr. Mondrus said. "This technology allows us to get that data and store it in a way that is retrievable and noncorruptible." As Bitcoin's price has declined over the last year, critics have been quick to declare the virtual currency dead. Bitcoin's true value, though, might be not in the currency itself but in the engine that makes it possible. Underlying Bitcoin - created as a way to make payments directly, anonymously and outside government control - is the block chain, a decentralized database that is driven by cryptography. Explaining how the block chain works can tangle the tongues of even those who are most enthusiastic about Bitcoin. Most resort to metaphors or diagrams. At a basic level, the block chain is a searchable ledger where all transactions are confirmed, in a matter of minutes, by a network of computers working to perform complex algorithms. Each part of the network maintains a copy of the ledger. About six times an hour, a new group of accepted transactions - a block - is created, added to the chain and broadcast to the other parts of the network. In this manner, all transactions are recorded and linked and thus can be traced. It is nearly impossible to modify past blocks in the chain. By simply downloading the Bitcoin software, anyone can gain access to the block chain, search it and submit transactions to the network. Entrepreneurs worldwide are now working to harness that technology for use beyond Bitcoin transactions. The block chain, they say, could ultimately upend not only the traditional financial system but also the way people transfer and record financial assets like stocks, contracts, property titles, patents and marriage licenses - essentially anything that requires a trusted middleman for verification. * * * [ Polley : also see IBM reported to be developing blockchain-based currency transaction system (Slashdot, 13 March 2015)]

top

NYPD to conduct "virtual stakeouts," get alerts on wanted cars nationwide (ArsTechnica, 2 March 2015) - The New York Police Department (NYPD) will soon have the ability to track stolen or wanted cars even if they are well outside of the five boroughs. The NYPD is set to sign a $442,500 deal over three years with Vigilant Solutions to subscribe to the company's massive private automated license plate reader (ALPR or LPR) database, according to a recent contract awards hearing . The database reportedly contains 2.2 billion records. Neither the NYPD nor Vigilant Solutions immediately responded to Ars' request for comment. The company already makes its database available to other law enforcement agencies across the country, but the NYPD is likely the largest local client agency. "Vigilant Video is compiling a vast database tracking Americans' movements, and it's no surprise that one of the most prolific users of surveillance, the NYPD, would seek to access it," Catherine Crump , a law professor at the University of California, Berkeley, told Ars. "But this data raises profound privacy issues, for the first time enabling the mass tracking of Americans, and we haven't even begun to have a meaningful conversation about what the appropriate uses are for this type of data."

top

Judge halts movie industry-backed probe against Google (GigaOM, 2 March 2015) - A federal judge has agreed to put the brakes on an investigation into Google by Mississippi Attorney General Jim Hood after the company complained that Hood's inquiry was an illegal censorship campaign cooked up by Hollywood. In a Monday ruling, U.S. District Judge Henry T. Wingate issued an order that will temporarily bar Hood from forcing Google to comply with the terms of a 79-page subpoena. "Today, a federal court entered a preliminary injunction against a subpoena issued by the Mississippi Attorney General. We're pleased with the court's ruling, which recognizes that the MPAA's long-running campaign to censor the web-which started with SOPA-is contrary to federal law," Google wrote in an update to an earlier blog post describing the case. The ruling by Judge Wingate came from the bench, and a written version is expected to follow in the next week or two. The ruling is a major victory for Google, which filed a lawsuit challenging Hood's 79-page subpoena in December. The ostensible goal of the subpoena is to help Hood discover if Google is violating Mississippi laws by exposing internet users to drugs and pornography. Google, however, filed a court challenge on the ground Hood overstepped federal laws that shield internet companies from liability for what others post online. The case has also taken on an air of intrigue in light of a secret scheme, known as " Project Goliath ," that came to light as a result of the massive hack on Sony in December 2014. Documents disclosed by the hack suggested that the Attorney General's campaign against Google was being underwritten by the Motion Picture Association of American, and even involved movie industry lawyers drafting legal papers for the state. The company has characterized the state investigation as a dirty-tricks campaign by the movie industry to promote the goals of a failed anti-piracy law known as SOPA.

top

Hillary's emails 'not technically illegal' (The Hill, 3 March 2015) - Hillary Clinton's exclusive use of a personal email account to conduct official business as secretary of State caused seems to have stayed within the law, experts say. "What she did was not technically illegal," said Patrice McDermott, a former National Archives staffer and the head of the Open The Government coalition, a transparency group. However, "it was highly inappropriate and it was inappropriate for the State Department to let this happen," she said. A Clinton spokesman defended the practice as routine and said that the former first lady obeyed "both the letter and spirit of the rules." "Like secretaries of State before her, she used her own email account when engaging with any department officials," spokesman Nick Merrill said in a statement. "For government business, she emailed them on their department accounts, with every expectation they would be retained." White House spokesman Josh Earnest said that the Obama administration had given "very specific guidance" telling all agencies that staffers should use their official email accounts when conducting official business, and that any business conducted through personal email accounts be "preserved consistent with the Federal Records Act." Last November, Obama signed into law a bill requiring government emails dealing with an official matter sent from a personal account to be forwarded to an official email account within 20 days. That law and previous guidance issued by the National Archives have attempted to clarify the rules, but it was never expressly mandated that top-level officials use government-issued accounts. "There was no prohibition on using a non-State.gov account for official business as long as it was preserved," State Department spokeswoman Marie Harf said on Tuesday.

top

Law firms clash over laptops taken by departing lawyers (ABA Journal, 3 March 2015) - A battle over laptops taken by lawyers to a new law firm failed to reach a settlement last week during a three-hour session before a magistrate judge. The suit by Pennsylvania insurance boutique Nelson Brown Hamilton & Krekstein initially sought the return of laptops taken by 14 departing lawyers to Lewis, Brisbois, Bisgaard & Smith, the National Law Journal (sub. req.) reports. The suit seeks damages under the Computer Fraud and Abuse Act. After the suit was filed last May, Lewis Brisbois returned the laptops, but erased and preserved the information they held, the story says. Now both law firms have hired computer experts to determine what information was on the devices. The departing lawyers had represented hacked companies, and Nelson Brown says sensitive information such as Social Security numbers may have been saved on the laptops. The firm also says the devices may have contained confidential client lists and legal strategies. Lewis Brisbois contends the lawyers needed to use the laptops to complete client matters after Nelson Brown fired the chair of its data privacy practice. Jana Lubert, general counsel at Lewis Brisbois, told the National Law Journal that the laptops weren't stolen. "It is important to note that at no time before or after the lawyers left Nelson Levine, which occurred over a year ago, was the data itself ever viewed by anyone who was not privileged and authorized to see it," Lubert said.

top

Feds say they finally have a database of every cyber job in government (NextGov, 3 March 2015) - The federal government is finally getting a sense of the size, shape and skills of its cybersecurity workforce. "Preliminary analysis" of a new database of all cyber jobs governmentwide, which went live in January, indicates employees doing cybersecurity work hail from more than 100 different job categories scattered across agencies. In other words, it just might take a village to do cybersecurity in the federal government. The new information about the cyber database comes from a Feb. 27 report to Congress from the White House on the implementation of the 2002 E-Government Act. The report did not provide specifics on the total size of the federal cyber workforce. It's also unclear if the cyber database, which is hosted by the Office of Personnel Management, will be open to public view. It's not readily visible on OPM's website, and an agency spokesman did not immediately respond to Nextgov's request for more information. It remains to be seen just how reliable the database's information will be. About one-fourth of agencies missed a deadline last September to report information about their cyber workers because of software problems, officials said at the time.

top

Google's quest to make art available to everyone was foiled by copyright concerns (Washington Post, 4 March 2015) - When Google launched its "Art Project" four years ago, it touted it as a huge boon for freedom of information and cultural connectivity. But if you peek into any of the museums on Google Street View now, you'll notice lots of big, blurred rectangles where paintings should be - the result of a copyright system that keeps even important artworks from being viewed publicly. Since 2013, the Spanish artist Mario Santamaría has been documenting these blurred works in a series he calls "Righted Museum." He's spotted them in L.A.'s Getty Center and Madrid's Thyssen Museum; in the National Gallery of Denmark, the National Gallery of Art in the U.S., the Art Institute of Chicago, the Indianapolis Museum. And he posts his new finds daily to Tumblr , where several have recently bubbled up to semi-viral fame - an oddly evocative record of every time the noble quest to free the world's cultural artifacts couldn't quite be maintained. * * * Museums [] can definitely make bank off these paintings: first by charging admission to see them, and then by demanding hefty licensing fees of people who want to reprint them in studies or books. So for years, many museums have had what Techdirt once called an " ownership mentality " - the attitude that no one should be allowed to photograph, or even sketch , any valuable piece the museum owns. [ Polley : very interesting piece.]

top

Canadian bloke refuses to hand over phone password, gets cuffed (The Register, 5 March 2015) - A 38-year-old Canadian citizen has been arrested for refusing to hand over his smartphone's password to border agents. Alain Philippon, of Sainte-Anne-des-Plaines in Quebec, arrived at Halifax international airport in Canada from the Dominican Republic on Wednesday - and was selected by the Canada Border Services Agency for further screening. In the course of that search he was asked to provide the password for his phone but refused. He was charged with "hindering or preventing border officers from performing their role," according to CBC . If found guilty, Philippon could face a fine of anywhere between CAN$1,000 and CAN$25,000 (US$19,900, £13,000) as well as a possible one-year jail sentence. * * * In the United States, where the same issue has received some attention, the law allows Homeland Security to search electronic devices. Senior staff attorney at the ACLU in Northern California, Michael Risher, told The Register that there is an important distinction between the right of the authorities to search your possessions, and the ability to force someone to provide their password to gain access to an electronic device. The former comes under Fourth Amendment rights (unreasonable searches and seizures) and the latter under the Fifth Amendment (not be compelled to be a witness against yourself). At the border, the authorities have significant leeway over fourth amendment rights, i.e. they are allowed to search your possessions, but not over fifth amendments rights, so, in Risher's eyes at least, they cannot compel you to hand over your password. [ Polley : It's not that simple, I think.]

top

Now corporate drones are spying on cell phones (Bruce Schneier, 5 March 2015) - The marketing firm Adnear is using drones to track cell phone users : The capture does not involve conversations or personally identifiable information, according to director of marketing and research Smriti Kataria. It uses signal strength, cell tower triangulation, and other indicators to determine where the device is, and that information is then used to map the user's travel patterns. "Let's say someone is walking near a coffee shop," Kataria said by way of example. The coffee shop may want to offer in-app ads or discount coupons to people who often walk by but don't enter, as well as to frequent patrons when they are elsewhere. Adnear's client would be the coffee shop or other retailers who want to entice passersby. The system identifies a given user through the device ID, and the location info is used to flesh out the user's physical traffic pattern in his profile. Although anonymous, the user is "identified" as a code. The company says that no name, phone number, router ID, or other personally identifiable information is captured, and there is no photography or video. Does anyone except this company believe that device ID is not personally identifiable information?

top

Investigator admits guilt in hiring of a hacker (NYT, 6 March 2015) - A private investigator who has done work for small New York City law firms that specialize in personal injury and medical malpractice litigation pleaded guilty on Friday in federal court in Manhattan to one charge of conspiracy in hiring a hacker to help with his investigation. The guilty plea, by Eric Saldarriaga, an investigator from Queens, stems from an inquiry by federal prosecutors and the Federal Bureau of Investigation into the so-called hacker-for-hire business. Mr. Saldarriaga entered his plea before Judge Richard J. Sullivan of Federal District Court in Manhattan. In the court proceeding and a five-page "criminal information" charge, the clients of Mr. Saldarriaga were not identified. The charge said Mr. Saldarriaga, 41, operated under the alias "Emmanuela Gelpi" in seeking out the services of hackers to help him gain "unauthorized access" to at least 60 email accounts. The investigation of Mr. Saldarriaga and his company, Iona Research and Security Services, could now turn attention onto some of his clients, assuming they were aware he was hiring hackers to break into email accounts. In a posting on an older Yahoo message board used by private investigators, Mr. Saldarriaga said his company did work for about 20 law firms. Last month, federal prosecutors in San Francisco, in an unrelated case, announced the indictment of two private investigators and two computer hackers on charges that they had illegally entered email and Skype accounts to gather information for matters they were working on for clients. Some of the illegally gathered information was intended to support a lawsuit, authorities said. In that case, there has been no indication that the private investigators were working on behalf of a particular law firm.

top

How 2 legal cases may decide the future of Open Source software (CIO, 6 March 2015) - The days of open source software free lunches are rapidly coming to an end, and that means enterprises that fail to stick to the terms of open source licenses can expect to be sued. That's the stark warning from Mark Radcliffe, a licensing expert and partner at law firm DLA Piper. "We are entering a different era for open source, shifting from a special universe where people were cooperative and collaborative to a more hard-nosed commercial one," he explains. "Now people are applying the same criteria for the enforcement of their open source software rights as for proprietary software, and looking at how they can use them strategically in their business." Radcliffe says this shift is only just beginning, but for evidence he points to the case of Versata v. Ameriprise. In summary, Versata's proprietary software product, Distribution Channel Management (DCM), used an open source XML parsing utility that was licensed under GPLv2 from a company called XimpleWare. (XimpleWare also offers its utility with a commercial license to companies that don't want to be subject to an open source license, but Versata did not use that commercial license.) The problem came when Versata licensed its DCM software to financial services company Ameriprise, and subsequently sued Ameriprise for allowing a subcontractor to decompile Versata's software -- a move Versata contended was a breach of license. Ameriprise then countersued. Because Versata's software included open source software licensed under the GPLv2 and was a derivative work, Ameriprise alleged, the whole of Versata's DCM product came under the GPLv2 license, and therefore Ameriprise or its subcontractor could decompile and modify the software at will. It turns out that the text of the GPLv2 license, the required copyright notices and a copy of the source code -- all of which should normally be included with GPLv2 software -- had been stripped out of the open source portion of DCM somewhere along the line, Radcliffe says. It is not clear who did it or why, or whether it was done inadvertently. "The point is that Versata did not appear to have a process for managing open source software. They ignored it, and their contracts were not set up for it," he says. Radcliffe recommends that companies have an internal process for managing open source software -- not just from internal developers, but also from software that comes with acquisitions or from consultants.

top

PreCheck expansion plan raises privacy concerns (NYT, 9 March 2015) - The idea raised alarms among privacy advocates: Social media postings would be fair game for private companies doing background checks on people applying for the PreCheck security program, under a government request made in December. Not long after, the Transportation Security Administration last month abruptly withdrew that request for proposals. Among those concerned was Thomas P. Bossert, a security consultant and a former Homeland Security aide to President George W. Bush, who said it represented a "massive expansion and outsourcing of the government's data-mining." That doesn't mean the idea has gone away, however. The T.S.A. said in a filing that it had sent the request for proposals back for revisions because of "some difficulties" with the language, as the agency proceeds with its plan to hire private companies to get more travelers into PreCheck, which now has about 950,000 members. The request for proposals was posted Dec. 22 on a government website for businesses seeking federal contracts, and withdrawn on Feb. 7. A section of it described the scope of personal data that private companies could use to evaluate PreCheck applicants, who pay $85 for the enrollment process. Besides criminal and other governmental records, companies could also use "other publicly available information such as directories, press reports, location data and information that individuals post on blogs and social media sites" for background checks, the guidelines said. Data about retail purchases could also be considered.

top

Tech blog GigaOM abruptly shuts down (NYT, 9 March 2015) - GigaOM , a pioneering technology blog that became a fixture in Silicon Valley and claimed 6.4 million monthly readers, abruptly announced on Monday that it would shut down. The site, which was founded in 2006, seemed to have been stopped dead in its tracks - earlier Monday, it had been posting articles, most recently on Apple. News of its closure was first broken on Twitter by those connected with it, but was confirmed shortly afterward by its founder, the tech journalist and venture capitalist Om Malik. "GigaOM is winding down and its assets are now controlled by the company's lenders," he said. "It is not how you want the story of a company you founded to end." Mr. Malik did not specify a reason for the publication's closing. But a separate statement, attributed to its management, said that it "recently became unable to pay its creditors in full at this time." The site, long known for both its business and consumer-facing technology posts, had been open to experimentation in its business model. Like other media start-ups, GigaOM hosted a series of technology conferences that charged high prices for admission. The company offered a white-paper research business, and also sold advertising. [ Polley : Too bad - GigaOM has long been a good source for MIRLN material.]

top

CCC on rights and licensing for Open Access publishing (Publishing Perspectives, 11 March 2015) - Open Access (OA) publishing and licensing models for academic, scientific, medical and other research based journal publishing can be a baffling topic for many. And "if you are confused, then you are only beginning to understand the problem," says Christopher Kenneally, Director, Business Development, for Copyright Clearance Center . Ultimately, it all depends on what you mean by "open." "There are a multitude of definitions," says Kenneally. "It varies by what funder mandates apply. In the UK, the Wellcome Trust, which is a significant funder of research in the UK and around the world, has issued mandates stating that if you receive money, the published results of that research much be published on what is the 'Gold Road' of Open Access - free and available publicly online, for example." In the US, the federal government has different policies regarding research it has funded, as does the government of China, which has recently issued some requirements for articles published through open access. But don't confuse "open" with "free," as there are fees involves. Once the article has been accepted via peer review journal, the author can make the article available typically through Open Access by paying an Author Processing Charge (APC) and fees that can range from hundreds or thousands of dollars. Typically this is paid by the author or the author's institution. Furthermore, "Policies of the publishers apply as well…and anything to do with copyright and licensing can get really complicated, really fast. We are trying to offer as much information about this as possible at Copyright Clearance Center, as we see education as part of our mandate." To this end, CCC has partnered with ALPSP - the Association of Learned and Professional Society Publishers - to offer OpenAccessResources.org , a free site with information on OA and it offers information by region.

top

New iPhone app for Capitol Hill insiders hopes to be the digital smoke-filled room (Washington Post, 11 March 2015) - In today's digital age, it's almost impossible to keep conversations private. Every thought shared, even under the auspices of privacy - a personal e-mail, a friends-only Facebook status - could easily become public. That pressure keeps people on Capitol Hill from connecting in any real way. Or at least that's the rationale behind former Hill staffer Ted Henderson's latest smartphone app. Henderson, who created Capitol Bells, an iPhone app that tracks floor votes taken in real time , has a new toy called Cloakroom that allows anyone with a congressional e-mail address or who is physically on Capitol Hill (lobbyist, reporters, tourists) to anonymously join conversations to see what Hill people are buzzing about. In its infancy, it appears users are primarily using it to joke in a safe space. One person under the alias "senmenendez" posted, "Anyone have a good lawyer? Asking for a friend." Then "schock" responds: "I've got a guy," and "govmcdonnell" writes, "Don't look at me." Another user wants the best war stories on "SJL" - Rep. Sheila Jackson Lee (D-Tex.). Someone responds about the one with the tequila in the House gallery. Another says an intern dumped a huge stack of constituent mail in the trash in front of visitors from their district. Another wants to know if anyone got sick from the "grill special at the Dirksen cafeteria." Henderson hopes Hill types will eventually use it for more serious debates on policy, but generally he just wants it to create a community.

top

Court awards first-ever damages for false copyright infringement takedown notice (Steptoe, 12 March 2015) - The U.S. District Court for the Northern District of California, in Automattic Inc. v. Nick Steiner , has awarded total damages of $25,084 to a blogger and the operator of blogging platform Wordpress.com for "lost work and time" spent responding to a fraudulent takedown notice for copyright infringement. This appears to be the first time a court has awarded such damages under the Digital Millennium Copyright Act, given the difficulty of demonstrating that such false claims are knowingly made.

top

RESOURCES

Cybersecurity (new "Hub" by K&L Gates) - Cyberattacks are on the rise with unprecedented frequency, sophistication, and scale and are pervasive across industries and geographical boundaries. In the wake of more frequent and severe incidents, regulators around the world have implemented changes to address these heightened risks. Here, we present ways to address and mitigate cyberrisks. [ Polley : Do any MIRLN readers have experience with these K&L Gates " hubs "? Feedback, please.]

top

2014 state of the law regarding internet intermediary liability for user-generated content (Cathy Gellis in The Business Lawyer, Winter 2014-2015) - Summary of recent case law and legislative efforts regarding Internet intermediaries hosting user-generated content. Covers 47 U.S.C. Section 230 and 17 U.S.C. Section 512, as well as other peripheral issues.

top

An analysis of the Right to be Forgotten ruling (MLPB, 3 March 2015) - W. Gregory Voss, Toulouse Business School, has published The Right to Be Forgotten in the European Union: Enforcement in the Court of Justice and Amendment to the Proposed General Data Protection Regulation at 18 Journal of Internet Business Law (July 2014). Here is the abstract: This article analyzes the famous Google Spain case (May 13, 2014) of the Court of Justice of the European Union and its recognition of a form of "the right to be forgotten", allowing individuals to request the delisting of their personal data from search engines if certain conditions are met. In doing so, it puts the right to be forgotten into the context of ongoing discussions on reform of the European Union's data protection Framework and amendments in the European Parliament to the Proposed General Data Protection Regulation.

top

The TSA'S FAST personality screening program violates the Fourth Amendment (Bruce Schneier, 6 March 2015) - New law journal article: " A Slow March Towards Thought Crime: How the Department of Homeland Security's FAST Program Violates the Fourth Amendment ," by Christopher A. Rogers. From the abstract: FAST is currently designed for deployment at airports, where heightened security threats justify warrantless searches under the administrative search exception to the Fourth Amendment. FAST scans, however, exceed the scope of the administrative search exception. Under this exception, the courts would employ a balancing test, weighing the governmental need for the search versus the invasion of personal privacy of the search, to determine whether FAST scans violate the Fourth Amendment. Although the government has an acute interest in protecting the nation's air transportation system against terrorism, FAST is not narrowly tailored to that interest because it cannot detect the presence or absence of weapons but instead detects merely a person's frame of mind. Further, the system is capable of detecting an enormous amount of the scannee's highly sensitive personal medical information, ranging from detection of arrhythmias and cardiovascular disease, to asthma and respiratory failures, physiological abnormalities, psychiatric conditions, or even a woman's stage in her ovulation cycle. This personal information warrants heightened protection under the Fourth Amendment. Rather than target all persons who fly on commercial airplanes, the Department of Homeland Security should limit the use of FAST to where it has credible intelligence that a terrorist act may occur and should place those people scanned on prior notice that they will be scanned using FAST.

top

Better sharing through licenses? Measuring the influence of Creative Commons licenses on the usage of Open Access monographs (JLSC, 10 March 2015) - Abstract: Open Access and licenses are closely intertwined. Both Creative Commons (CC) and Open Access seek to restore the balance between the owners of creative works and prospective users. Apart from the legal issues around CC licenses, we could look at role of intermediaries whose work is enabled through CC licenses. Does licensing documents under Creative Commons increase access and reuse in a direct way, or is access and reuse amplified by intermediaries?

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Controversial terror database matrix shuts down (AP, 18 April 2005) -- A three-year-old crime and terrorism database that came under fire for sharing and collecting personal information was closed down Friday because a federal grant ran out. Elements of the Multistate Anti-Terrorism Information Exchange - Matrix - may live on if individual states decide to fund it on their own, said Bob Cummings, executive vice president for the Institute for Intergovernmental Research in Tallahassee, which helped coordinate the Matrix network. "We're winding up the project today. The system that the federal government has basically paid for, the application itself to the users and the states, will either be assumed by the states or will no longer exist," he said. Matrix was down to four participants - Pennsylvania, Florida, Ohio and Connecticut - after several states opted out due to privacy concerns, legal issues or cost. It operated with grant money from the departments of Justice and Homeland Security, but that funding expired Friday. "They can put a good face on it, saying that the grant ran out, but frankly if there wasn't growing opposition to this kind of intrusive, investigatory technique, the funding wouldn't have run out," said Howard Simon, executive director for the Florida American Civil Liberties Union.

top

Legal online music stores make some gains (Reuters, 7 June 2005) -- Legal online music stores have gained a solid foothold against free file-sharing networks, according to new data released on Tuesday. The beleaguered music industry has been pursuing a carrot and stick strategy of supporting legal alternatives such as Apple's iTunes, RealNetworks's Rhapsody and Napster, while filing a barrage of lawsuits against people and services that share music illicitly online. According to data from market research firm NPD Group Inc, the efforts are bearing fruit: iTunes has surged to a tie for second place as the most popular online music source, with 1.7 million U.S. households downloading at least one song in March. That put it neck and neck with the peer-to-peer service LimeWire and slightly behind another P2P service, WinMX, which has 2.1 million households. "Legal services offer some obvious advantages: they're spyware free, and it's very quick and easy to get what you want," said NPD's Isaac Josephson. "The older, more affluent demographics are already a bit more inclined to go for convenience over free, and when you raise the legal issues that's an important tipping point." About 4 percent of Internet-enabled U.S. households used a legal online music store in March, according to NPD.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. Steptoe & Johnson's E-Commerce Law Week

8. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

9. The Benton Foundation's Communications Headlines

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top