Saturday, December 12, 2015

MIRLN --- 22 Nov – 12 Dec 2015 (v18.17)

MIRLN --- 22 Nov - 12 Dec 2015 (v18.17) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | FUN | LOOKING BACK | NOTES

Jake Heller's Casetext: Opening up the law (Stanford, 11 Nov 2015) - Jake Heller, JD '10, is very much a product of Silicon Valley. He grew up in Cupertino and learned to program when he was 9. And he feels passionate about the Internet and the free and open exchange of ideas and information it has spawned, with crowdsourcing constantly improving all sorts of tools used at home and at work every day. "I'm used to the best sources of information being built by communities and to the information being freely available," he says. "Yelp has replaced Zagat, Wikipedia replaced Britannica. And information on those sites isn't static-with community input, it is constantly updating and improving." When Heller arrived at Stanford Law for the start of his legal education, he was surprised by the stark contrast between the way lawyers access legal information and how people share information everywhere else. "I quickly learned how different and relatively inaccessible legal information is. You had to have a Lexis account to read essential court documents. And those huge costs put real pressure on attorneys across the market, from the biggest firms to legal aid work." The need for court cases to be publicly-and freely-available was driven home for him when he took the Community Law Clinic and worked closely with public service lawyers. "They told me they could only afford 20 minutes of Lexis a day. And there was no free alternative. I thought that these are public documents and need to come out from behind the paywall." Today, Casetext, the company that Heller founded in 2013, has broken through that paywall, allowing some 500,000 users a month-up from 250,000 users a month just last February and still growing-to not only read cases but to share case annotations and fuller explanations. Heller is building a community of legal experts across all practice areas-and opening it up for all to use.

top

1 in 5 legal departments have social media crises plans (Corporate Counsel, 19 Nov 2015) - When something went wrong at a company, it used to be that members of the public didn't find out about it until they opened the morning paper or turned on the evening news. Not so anymore. Now, through the magic of social media, the public may find out about a corporate problem before employees of the company are even informed. And while ever-present social media allows news of a crisis to percolate quickly, sometimes the problems can be blamed on social media itself. Take the British retailer, HMV, which received unwanted attention when some employees "live tweeted" getting fired. Or the time a Kitchenaid Inc. employee accidentally published an insensitive tweet about President Barack Obama on the company's corporate account. With the power of social media in mind, public relations company Weber Shandwick, along with KRC Research, recently surveyed a number of in-house lawyers from Fortune Global 1000 companies in the United States and the United Kingdom to see how they were handling social media in the crisis context. The answer seems to be that many cases the legal department is not so engaged.

top

Stampery now lets you certify documents using the blockchain and your real identity (TechCrunch, 20 Nov 2015) - Shortly after participating in our Battlefield competition at Disrupt SF, Stampery raised $600,000 from Draper Associates with Boost VC, Blockchain Capital and Di­-Ann Eisnor also participating. As a reminder, Stampery lets you certify any document by sending an email attachment to your personal Stampery email address. You can also use the company's website, integrate Stampery in your product thanks to the API, or certify your documents in your Dropbox account directly. Stampery is also working on other services, such as Box. The company plans to replace notaries by leveraging bitcoin's blockchain. Stampery issues legally binding proofs for all your sensitive documents. If you need to certify that you are viewing an unmodified document later on, you can prove the existence, integrity and ownership of this document by exploring the blockchain. Like with good old notaries, Stampery can help you with intellectual property cases, a will, an oath, a contract and more. By making it much easier to certify documents, Stampery hopes that it is going to become a habit. You can do everything from your computer, you don't have to physically see a notary. Recently, the company updated its API to allow anybody to stamp an unlimited amount of documents in the blockchain. Stampery also introduced a new way to prove the real identity of a document author. The company is linking a government ID with the blockchain in order to retrieve this ID later and notarize document using a real, proven identity.

top

What will you do when your law firm is breached? (Sharon Nelson at Senseient.com, 20 Nov 2015) - Note that we did NOT title this article, "What Will You Do If Your Law Firm is Breached?" The reason is simple - experiencing a data breach is not an "if" - it is a "when." Just ask the IRS and the Office of Personnel Management. Mind you, their approach to information security was sloppy. Lawyers cannot afford, ethically, to have slipshod security when protecting confidential data. * * *

top

Comcast may have found a major net neutrality loophole (Wired, 20 Nov 2015) - Comcast may have found a major loophole in the Federal Communication Commission's network neutrality regulations. Earlier this month the company launched a new streaming video service for Comcast broadband customers called Stream TV. The service, which is only available in the greater Boston and Chicago areas so far, allows you to watch HBO as well as live local television stations on your computer, tablet or laptop. The catch is that the service will only work from your home. That may sound like a big limitation, but it comes with a big perk for some users: Stream TV won't count towards the 300GB data limit imposed on some Comcast broadband users. Since users who exceed that 300GB threshold are charged an extra $10 for every extra 50GB they use, up to $30 per month1, the $15-a-month Stream TV offering could be appealing to users worried that other video services, such as Netflix or Sling TV, will eat through their data allotment. Comcast says this isn't a violation of network neutrality law because, although you're viewing Stream TV on your computer via your Comcast broadband connection, the service isn't technically offered over the Internet, but over Comcast's cable television network, much like its Xfinity Xbox 360 service, which allowed Xbox users to view video that didn't count against their data limits and was shuttered last summer.

top

Comcast injects copyright warnings into browsers, raising privacy concerns (ZDnet, 23 Nov 2015) - If Comcast thinks you're downloading copyrighted material, you can be sure it'll let you know. But how it does it has raised questions over user privacy. The cable and media giant has been accused of tapping into unencrypted browser sessions and displaying warnings that accuse the user of infringing copyrighted material -- such as sharing movies or downloading from a file-sharing site. Jarred Sumner, a San Francisco, Calif.-based developer who published the alert banner's code on his GitHub page , told ZDNet in an email that this could cause major privacy problems. Sumner explained that Comcast injects the code into a user's browser as they are browsing the web, performing a so-called "man-in-the-middle" attack. * * * "This probably means that Comcast is using [deep packet inspection] on subscriber's internet and/or proxying subscriber internet when they want to send messages to subscribers," he said. "That would let Comcast modify unencrypted traffic in both directions."

top

Is a lawyer ethically required to replace hacked client funds? It depends. (Ride The Lightning, 24 Nov 2015) - On October 23, the North Carolina State Bar answered that question with an "it depends" ethics opinion which is well summarized by Bloomberg BNA . If the lawyer has taken reasonable information security measures, the lawyer has no ethical duty to replace client monies stolen from a trust account when a hacker breaks into a network. Bear in mind that the opinion is not addressing a lawyer's legal liability in such situations. However, lawyers do have to restore client funds if they failed to take reasonable steps that could have prevented the theft. It adds that lawyers must help clients in several ways when a theft occurs. As explained in North Carolina Formal Ethics Op. 2011-7 (2012), safety measures for online banking include strong password policies and procedures, the use of encryption and security software, hiring a technology expert for advice and making sure relevant firm members and staffers are trained on and abiding by the security procedures.

top

Sixth Circuit appeals court prepares to consider the privacy implications of mugshots (TechDirt, 25 Nov 2015) - The Sixth Circuit Court of Appeals is preparing for an en banc hearing on whether there is a privacy interest inherent in mugshots, or whether they are simply public records that can be obtained with an FOIA request. For the most part, mugshots have been considered public records. This has led to a shady mugshot-posting cottage industry, as well as an equally-shady mugshot-removal cottage industry. Whatever success these businesses enjoy is mostly due to a flaw in public perception. Despite the nation's justice system being built on the presumption of innocence, a large percentage of the population views "arrested and charged" as being no different than "found guilty." (Federal law enforcement databases -- used for background checks -- reinforce this perception by entering arrested persons' info when booking, but routinely failing to remove it when charges are dropped or the person is found innocent.) Despite these flaws, there is a public interest in arrest and booking information, not necessarily because the public deserves to know every detail of every mundane arrest, but because findings to the contrary lend themselves to the burial of information that is definitely in the public's interest, like information pertaining to the alleged criminal acts of their public servants. The information under dispute in this case involves a federal law enforcement agency and the indictment of three local law enforcement officers . * * *

top

LabMD wins huge victory in FTC's own backyard (Steptoe, 25 Nov 2015) - After years of trying to get federal courts to step in and stop the Federal Trade Commission's administrative action against it for allegedly inadequate data security, LabMD has finally scored a major win against the Commission ‒ in the very administrative proceedings it tried so hard to avoid. An Administrative Law Judge has ordered that the complaint against the medical testing company be dismissed because the FTC staff had failed to show that LabMD's computer security practices had caused or were "likely" to cause substantial injury to consumers. The ALJ's decision is a major embarrassment for the Commission, because it shows that the FTC's case against LabMD was built largely upon falsified evidence from a company that was trying to pressure LabMD into hiring it to help with its computer security. LabMD and its CEO are now doubling down by suing three FTC lawyers and unnamed "Doe" defendants for their role in the enforcement action, alleging that the defendants violated their First, Fourth, and Fifth Amendment rights.

top

Dems go digital with whip operation (The Hill, 30 Nov 2015) - The newest tool deployed by House Democrats' whip operation: the text message. With lawmakers and their staffers frequently communicating on their iPhones, iPads and Android devices through text message, Minority Whip Steny Hoyer (D-Md.) has turned to SMS to get a quicker, more accurate vote count on critical bills. It's the latest development in the evolution of Democrats' electronic whipping system, launched four years ago as a way for the caucus to tap into modern technology to carry out a century-old tradition. For decades, whipping votes had been a tedious process. Lieutenants on the vote-counting team would track down their assigned members -usually on the floor - survey them on how they planned to vote, scribble it down on a paper whip card, then return the card to the whip's office, where votes would be manually entered into the system. Democrats' new operation works like this: Before important votes, members of the whip team receive a text message or email on their smartphones that contains a customized link. That link opens an electronic whip card in a Web browser with the names of three to five members. After conferring with their assigned lawmakers, the whips record the responses - yes, lean yes, no, lean no and undecided - have the option of adding a note, and press send.

top

The National Security Letter spy tool has been uncloaked, and it's bad (ArsTechnica, 30 Nov 2015) - The National Security Letter (NSL) is a potent surveillance tool that allows the government to acquire a wide swath of private information-all without a warrant. Federal investigators issue tens of thousands of them each year to banks, ISPs, car dealers, insurance companies, doctors, and you name it. The letters don't need a judge's signature and come with a gag to the recipient, forbidding the disclosure of the NSL to the public or the target. For the first time, as part of a First Amendment lawsuit, a federal judge ordered the release of what the FBI was seeking from a small ISP as part of an NSL. Among other things, the FBI was demanding a target's complete Web browsing history, IP addresses of everyone a person has corresponded with, and records of all online purchases, according to a court document unveiled Monday. All that's required is an agent's signature denoting that the information is relevant to an investigation. "The FBI has interpreted its NSL authority to encompass the websites we read, the Web searches we conduct, the people we contact, and the places we go. This kind of data reveals the most intimate details of our lives, including our political activities, religious affiliations, private relationships, and even our private thoughts and beliefs," said Nicholas Merrill, who was president of Calyx Internet Access in New York when he received the NSL targeting one of his customers in 2004. The FBI subsequently dropped demands for the information on one of Merrill's customers, but he fought the gag order in what turned out to be an 11-year legal odyssey just to expose what the FBI was seeking. He declined to reveal the FBI's target.

top

Open-source software use: A growing concern for general counsels (ABA December 2015) - According to the Black Duck 2015 Future of Open Source Survey , 78 percent of companies use significant amounts of open-source software in their development, and that percentage is steadily rising. While license compliance continues to be top of mind for many lawyers, a related issue-the potential security implications of increased open-source usage-is also now becoming clear. It's critical for general counsels to understand the importance of this emerging challenge, learn what it means for their companies' bottom lines and understand how they can help drive the conversation about open-source security among their company's senior leadership. Acknowledging the increasing role of open source, GCs play a critical part in helping their organizations deploy systems and methods for tracking and managing the open-source code introduced into their organizations. Without a systematic process for identifying and tracking an organization's open-source use, it can be nearly impossible for an organization to know what open source it is using and where and how open-source software is deployed in the code base. This lack of visibility hampers compliance with applicable open-source licenses and, typically, an organization's governance policies. Often, software development groups select and deploy open-source components without proper legal and engineering vetting-which can cause important licensing obligations and code quality and security issues to be overlooked. * * *

top

Do we need a new judicial fast lane to combat trade secret theft? (Eric Goldman, 1 Dec 2015) - I've previously described the Defend Trade Secrets Act as "the most important intellectual property development you aren't paying attention to." The bill would create a new federal trade secret law that would dramatically change trade secret practice throughout the country. Given the importance of trade secrets to most businesses and our economy generally, even minor changes to trade secret law have potentially outsized consequences. Yet, given the bill's implications, the Defend Trade Secrets Act is generating surprisingly little public discussion. Supporting the Defend Trade Secrets Act are a few big businesses (and their representatives) with large trade secret portfolios, who like the idea of getting more powerful tools to squash defendants. Opposing the bill are many academics, who object to a variety of problems with the bill. Virtually everyone else has stayed on the sidelines or is not aware of the bill at all. The Defend Trade Secrets Act includes a proposed new judicial "fast lane" for trade secret owners to pursue trade secret thieves by seizing key assets on an "ex parte" basis, i.e., without telling the person whose assets are going to be seized that a court proceeding is adjudicating their rights. The proposed "fast lane" stands out for several reasons. First, it is doctrinally unprecedented; no other federal or state trade secret law includes a similar ex parte provision. Second, it visually dominates the bill, taking up over 40% of the bill's text. Third, the fast lane would suspend typical due process requirements of giving defendants notice of judicial proceedings against them and an opportunity to be heard in court. Without these due process elements, the risk of judicial errors goes up substantially. Fourth, unless the provision is calibrated perfectly, it will be misused for anti-competitive purposes. I have just published an article, " Ex Parte Seizures and the Defend Trade Secrets Act ," in the Washington & Lee Law Review Online detailing the case against this new judicial fast lane-and against ex parte proceedings in trade secret cases generally. The article highlights several key drafting mistakes, shows how the provision doesn't actually redress its primary use case, and explains why ex parte proceedings in trade secret cases are more problematic than complementary ex parte seizure procedures for trademarks and copyrights. More generally, given the unavoidable "he said/she said" nature of most trade secret litigation, any ex parte procedure in trade secret cases is fraught with unusual peril. That's a good reason to scale back ex parte mechanisms in trade secret cases, not expand them.

top

Hillary Clinton is getting crushed on social media, captured in one word cloud (WaPo, 1 Dec 2015) - * * * Above is a word cloud of all mentions related to Hillary Clinton during the month of November, through midnight Eastern time. The graphic, via our analytics partners at Zignal Labs , does not exactly highlight the kinds of words you want to see if you work at Clinton headquarters in Brooklyn. It's driven by the intense dislike for Clinton by activists on the left and the right, but mainly the right. Their constant drumbeat of criticism overwhelms any positive buzz that the Democratic frontrunner gets from her fans. One negative post on a critical, obscure web site, for instance, got mentioned more than 45,000 times on Twitter. Many of the other Clinton items mentioned most frequently link back to staunchly conservative sites. Democratic challenger Bernie Sanders actually garnered more attention online than Clinton during the past month. The Vermont senator was mentioned more than 2.8 million times across all forms of media, compared with 2.2 million mentions for Clinton. And the Sanders mentions tended to be more positive. A viral Vine video showing a kid's eyes perking up at a rally when the senator calls for removing the federal prohibition on marijuana was shared more than 110,000 times on Twitter alone last month. The clip, posted by a Los Angeles radio station, has now been viewed more than 25 million times: * * *

top

Target will pay banks $39.4 million for data breach losses (Venture Beat, 2 Dec 2015) - Target Corp has agreed to pay $39.4 million to resolve claims by banks and credit unions that said they lost money because of the retailer's late 2013 data breach. The settlement filed on Wednesday resolves class-action claims by lenders seeking to hold Target responsible for their costs to reimburse fraudulent charges and issue new credit and debit cards. Target has said at least 40 million credit cards were compromised in the breach, and that as many as 110 million people may have suffered the theft of personal information such as email addresses and phone numbers. The Minneapolis-based retailer has taken steps to avoid a recurrence, including being among the first U.S. retailers to install microchip-enabled card readers at all stores. Wednesday's settlement calls for Target to pay as much as $20.25 million to banks and credit unions, and $19.11 million to reimburse MasterCard Inc card issuers. Target had reached a similar accord with MasterCard in April, but it was rejected the next month when card issuers deemed the sum too low. The settlement won preliminary approval from U.S. District Judge Paul Magnuson in St. Paul, Minnesota, who called it "fair, reasonable and adequate," court records showed. A hearing on final approval was scheduled for May 10, 2016. Earlier this year, Target agreed to pay Visa Inc card issuers as much as $67 million over the breach and reached a $10 million settlement with shoppers. The latter accord won court approval last month. Last week, Target said it has spent $290 million related to the breach, and expects insurers to reimburse $90 million. It still faces shareholder lawsuits, as well as probes by the Federal Trade Commission and state attorneys general, over the breach.

top

11th Circuit deepens the circuit split on applying the private search doctrine to computers (Orin Kerr at WaPo, 2 Dec 2015) - On Tuesday, the 11th Circuit handed down a new computer search decision, United States v. Johnson , that both sharpens and deepens the circuit split on how the private search doctrine of the Fourth Amendment applies to computers. Johnson isn't a likely candidate for Supreme Court review. But it does leave the private search doctrine in computer searches ripe for Supreme Court review in other cases working their way through the courts. Here's a quick summary of the issue, which I first wrote about in detail in a 2005 article . Because the Fourth Amendment applies only to the government and its agents, the Fourth Amendment is not triggered when private parties not associated with the government conduct searches. When a private party conducts a search and finds evidence of crime, the private party often goes to the police and voluntarily shows the police what she has found. The Supreme Court uses what I have called the "private-search reconstruction" doctrine to regulate what the police are allowed to see without a warrant. The police can reconstruct the private party search, seeing what the private party saw, but they can't exceed the search the private party conducted. On to the important legal question: When a private party searches a computer, sees a suspicious file and reports the finding to the police, what kind of government search of the computer counts as merely reconstructing the private search and what kind of search counts as exceeding the private search? The question comes up frequently in cases involving images of child pornography discovered on a phone, laptop or storage drive. The issue boils down to identifying the right unit of measurement to describe the private search. For example, if the private party saw one file in one folder in the computer, should we say that only the one file was searched, so that the police can see only that one file, and anything else exceeds the private search? If only part of the file was observed, should we say that the police can see only the part of the file that was observed? Alternatively, should we say that the one folder was searched, so the police can see anything in that folder? Or should we say that the entire computer was searched, so the police can search the entire computer? * * *

top

Comcast, NBC add video descriptions to 'The Wiz Live!' (Multichannel, 2 Dec 2015) - Billing it as a first for a live entertainment broadcast show in the U.S., Comcast said it will include video descriptions with NBC's production of The Wiz Live!, an element that will make the show accessible to people who are blind or visually impaired. During NBC's live broadcast, set to start Thursday, Dec. 3 (also the International Day of Persons with Disabilities) at 8 p.m. ET, the video description component will provide a narration track that's included between the natural pauses in dialogue that describes visual elements of show, such as facial expressions, settings, information about costumes, and stage direction (this brief video offers a more thorough explanation). Comcast and NBC, which are partnering with Descriptive Video Works, said the described broadcast of The Wiz Live! is a national pilot program that will be available wherever SAP (secondary audio program) feeds are available. "Comcast's commitment to include video description with the performance of The Wiz Live! is ground-breaking," said Kim Charlson, president of The American Council of the Blind (ACB). "The path to accessibility is a journey of inclusion of all audiences. Just like the yellow brick road is the path to the heartfelt wishes of Dorothy and her friends, the blindness community is very happy to travel on this new path with Comcast and NBC." The effort follows other features and technologies Comcast has launched to help make its video service more accessible to people with disabilities, including a "talking guide" for its X1 platform , a voice-enabled TV menu and interface, and a voice-controlled remote control.

top

Fog computing (Cebe's Claude Baudoin, 3 Dec 2015) - In case you haven't seen this yet, Cisco has created the term "fog computing" for a computing architecture, particularly related to Internet of Things (IoT), in which computing and storage are widely distributed to the "edges" of a network, while communicating with central resources in a traditional data center or in the cloud. An application of the fog computing concept is to discard data captured by a sensor that's within the normal range, and only send abnormal data points to a supervisory system, thus saving bandwidth and central computing and storage resources. Whether "fog computing" will stay is unknown yet. The words make a nice reference to cloud computing, but Cisco's "Internet of Everything" (IoE) has failed to challenge the well-know IoT term.

top

A brief history of technology assisted review (Robert Ambrogi, 3 Dec 2015) - Technology-assisted review (TAR) is now so widely used in e-discovery and so widely accepted by judges that one federal magistrate-judge recently declared it to be "black letter law." But it was only three years earlier when that same judge, Andrew J. Peck, issued the first decision ever to approve the use of TAR. And it has been just five years since the terms "TAR" and "predictive coding" first began to filter into the legal profession's vernacular. So, how did TAR take root among lawyers? And how did it become so widespread so quickly? That is the topic of an article I wrote together with Thomas C. Gricks III, a former e-discovery litigator who is now director, professional services, at Catalyst . The article was recently published by the ABA's Law Technology Today. Find it here: A Brief History of Technology Assisted Review .

top

Court: Breaking your employer's computer policy isn't a crime (EFF, 3 Dec 2015) - The United States Court of Appeals for the Second Circuit issued an opinion rejecting the government's attempt to hold an employee criminally liable under the federal hacking statute-the Computer Fraud and Abuse Act ("CFAA")-for violating his employer-imposed computer use restrictions. The decision is important because it ensures that employers and website owners don't have the power to criminalize a broad range of innocuous everyday behaviors, like checking personal email or the score of a baseball game, through simply adopting use restrictions in their corporate policies or terms of use. The case, United States v. Gilberto Valle , received a lot of attention in the press because it involved the so-called "cannibal cop"-a New York City police officer who was charged with conspiracy to kidnap for posts he wrote on fetish websites about cannibalism. Valle was also charged with violating the CFAA for accessing a police database to look up information about people without a valid law enforcement purpose, in violation of NYPD policy. The jury convicted Valle on all counts, but the trial court reversed the jury's conspiracy verdict, stating that "the nearly yearlong kidnapping conspiracy alleged by the government is one in which no one was ever kidnapped, no attempted kidnapping ever took place, and no real-world, non-Internet-based steps were ever taken to kidnap anyone." The trial court ultimately found that holding Valle guilty of conspiracy to kidnap would make him guilty of thoughtcrime. But the trial court upheld the CFAA conviction. And on appeal, we filed an amicus brief with the Second Circuit, urging the court to overturn the lower court's dangerous ruling. We argued that the lower court's ruling would make criminals out of millions of innocent individuals, and the Second Circuit agreed-throwing out Mr. Valle's CFAA conviction and joining two other federal circuit courts in rejecting the government's attempt to expand the reach of the vaguely worded federal statute.

top

Landlines no longer a "dominant" service (US Telecom, 3 Dec 2015) - The portion of U.S. households using landlines for voice service has fallen below half for the first time, according to the latest data (link is external) on household voice telephony choices from the Centers for Disease Control. This is because more and more American households are cutting the cord for voice services and using only wireless telephones. Based on a USTelecom analysis of the new CDC data, by the middle of 2015 the U.S. likely reached the cross-over point where more than half of telephone households were wireless-only and less than half used landlines. In any case, the U.S. almost certainly will have reached that point by the end of this year. As Federal Communications Commission (FCC) Commissioner Mike O'Reilly suggested in a recent blog (link is external), traditional wireline voice carriers are no longer dominant providers and should not be singled out for more burdensome regulation.

top

The United States Postal Service will now email you your mail (Quartz, 6 Dec 2015) - The US Postal Service is testing a "notification" service that emails customers images of the envelopes of their letter-size mail. The service, called Informed Delivery, will send out an email to customers each morning with that day's mailbox contents. The images are only of the exterior front side, and the mail will not be opened. Informed Delivery has been live in seven Northern Virginia zip codes since 2014 and is now expanding to the New York City metro area, with more coverage planned in 2016. The service is free, but customers have to sign up online . It is not available to businesses and will not apply to packages, though the agency said it may include scans of catalogs and magazines in the future. In 2013, the postal service acknowledged that it photographs every letter and package mailed in the US. The process helps it sort mail, according to the postmaster general. But the USPS has also provided the photos to law-enforcement agencies in criminal cases, including ricin-laced letters sent to US president Barack Obama and Michael Bloomberg, then mayor of New York City. Its mail-tracking program was created after the anthrax attacks in 2001, which killed five people, including two postal workers. [ Polley : This looks "live" now - has anybody had experience with it? I'm not sure I grok the purpose.]

top

CSIRO v. Cisco: The convergence of RAND and non-RAND royalties for Standards-Essential Patents (Patently-O, 7 Dec 2015) - In Commonwealth Scientific and Industrial Research Organisation v. Cisco Systems, Inc . (Fed. Cir., Dec. 1, 2015), the Federal Circuit established important new guidelines for the calculation of "reasonable royalty" damages for standards-essential patents (SEPs), even in the absence of the patent holder's commitment to license on reasonable and nondiscriminatory (RAND) terms. Chief Judge Prost, writing for a panel that also included Judges Dyk and Hughes, found that Chief Judge Leonard Davis of the Eastern District of Texas erred by failing, among other things, to account for the "standard-essential status" of a Commonwealth Scientific (CSIRO) patent infringed by Cisco. The decision signals another important step toward the convergence of "reasonable royalty" damages in RAND and other patent cases. * * *

top

K&L Gates takes CLE on-demand (LegalTech News, 7 Dec 2015) - With platforms like Pandora and YouTube offering content at a whim, the concept of on-demand content has become more of a given than novelty. This led international firm K&L Gates to ask, why can't the same be true for continuing legal education (CLE)? K&L Gates announced on Dec. 7 the launch of its On-Demand CLE Center, a collection of nearly 50 CLE courses accessible by users at any time from both computers and mobile devices. Designed with in-house counsel in mind, the courses offered include recordings of previous programs and provide "accreditation for CLE and continuing education courses in states throughout the U.S.," officials said in a statement. In a conversation with Legaltech News, K&L Gates chief marketing officer Jeff Berardi espoused the virtues of on-demand and easily accessible content for legal professionals. "What we've found is that our clients are just so time pressed [that] they really are looking for something like this," he said. "That's why we provided it to them. And it's not just for clients. It's for anyone who's interested in these subjects, and it's a way for us to build relationships with people." The On-Demand CLE Center functions as an addition to the K&L Gates HUB, providing users with previously recorded sessions that they can listen to at their own convenience. HUB is an offering by the firm that provides a multitude of content that, according to its website, "provides timely insight on critical issues at the intersection of business and law." The content is arranged by industry sector rather than practice group or by the internal structure of a firm, an organizational method that Berardi said was unique for a law firm. Officials said that its content spans more than 30 industry sectors.

top

LegalZoom is acquiring a UK law firm (ABA Journal, 8 Dec 2015) -- LegalZoom has already been approved in the United Kingdom as an alternative business structure. But its expansion plans don't end there. The online legal document company announced plans on Thursday to acquire a U.K. law firm, Beaumont Legal, report Legal Futures , the Law Society Gazette , the Los Angeles Business Journal and the Yorkshire Post . A press release is here. LegalZoom chief executive Craig Holt said the plan is to build "a unique, next generation law firm" that is a blend of technology, lawyers and other expertise. Beaumont Legal is "an important piece of that jigsaw," he said in the press release. Beaumont Legal, known for its conveyancing practice, currently has more than 150 employees. Managing partner Nick Masheder plans to hire additional "forward-thinking, innovative individuals who want to be part of something truly special." The plan is subject to regulatory approval. The acquisition will be funded by private equity, according to the Law Society Gazette.

top

DHS giving firms free penetration tests (Krebs on Security, 8 Dec 2015) - The U.S. Department of Homeland Security (DHS) has been quietly launching stealthy cyber attacks against a range of private U.S. companies - mostly banks and energy firms. These digital intrusion attempts, commissioned in advance by the private sector targets themselves, are part of a little-known program at DHS designed to help "critical infrastructure" companies shore up their computer and network defenses against real-world adversaries. And it's all free of charge (well, on the U.S. taxpayer's dime). KrebsOnSecurity first learned about DHS's National Cybersecurity Assessment and Technical Services (NCATS) program after hearing from a risk manager at a small financial institution in the eastern United States. The manager was comparing the free services offered by NCATS with private sector offerings and was seeking my opinion. I asked around to a number of otherwise clueful sources who had no idea this DHS program even existed. DHS declined requests for an interview about NCATS, but the agency has published some information about the program. According to DHS, the NCATS program offers full-scope penetration testing capabilities in the form of two separate programs: a "Risk and Vulnerability Assessment," (RVA) and a "Cyber Hygiene" evaluation. Both are designed to help the partner organization better understand how external systems and infrastructure appear to potential attackers.

top

New Google Apps feature helps businesses keep sensitive information out of emails (TechCrunch, 9 Dec 2015) - Google is launching a new privacy tool for Google Apps Unlimited users today. The new Data Loss Prevention feature will make it easier for businesses to make sure that their employees don't mistakenly (or not so mistakenly) email certain types of sensitive information to people outside of the company. Businesses that subscribe to this plan for their employees now have the option to turn on this tool and select one of the new predefined rules that, for example, automatically reject or quarantine any email that contains a social security or credit card number. Businesses can choose from these predefined rules and also set up custom detectors (a confidential project keyword, for example). Google says its working on adding more predefined rules, too. Google created a set of pre-defined rules for data like social security numbers in the U.S., Canada and France, driver's license and National Health Service numbers in the U.K., as well as for all credit card numbers, bank routing numbers and Swift codes for bank account numbers. It's worth noting that Google will scan both the email body and attachments for potential matches. Rules can be applied to incoming and outgoing messages. Admins are also able to apply these rules to specific departments and employees. For internal messages, they are also able to add a line like "[Internal Only]" to emails that contain information that would have been rejected if the sender had tried to send this email to an external recipient.

top

RESOURCES

Campus Open-Access Policy Implementation Models and Implications for IR Services (Berkman's E. Duranceau and S. Kriegsman, Dec 2015) - * * * Implementation of campus open-access policies in the United States is still a relatively new-though increasingly widespread-activity. According to the Registry of Open Access Repositories Mandatory Archiving Policies (ROARMAP), U.S. campus policies have grown to include 73 campuses1 (Figure 1), with steady increases since 2009, when the Harvard Faculty of Arts and Sciences adopted the first such policy in the United States. There was particularly dramatic growth in 2013, the last complete year measured. While short summaries of some individual libraries' approaches to implementing these policies have begun to be published, a sense of the overall landscape of policy implementation has only begun to emerge. As more campuses adopt open-access policies, sharing implementation methods and models is increasingly critical. As Shannon Kipphut-Smith notes in her summary of Rice University's implementation experience, libraries faced with the need to set up brand-new procedures find themselves in a "nuanced" environment without a roadmap. Their library, like others implementing policies, "had never before conducted activities similar to the implementation of the OA policy," so they found that "practically every activity has been experimental." Here, in attempt to build that needed roadmap, we provide a snapshot of the open- access policy implementation landscape by evaluating data from a survey of Coalition of Open Access Policy Institutions (COAPI) and characterizing each library's OA policy implementation models for its campus. * * *

top

The First Amendment right of college athletes to use social media (MLPB, 1 Dec 2015) - Meg Mary Margaret Penrose, Texas A&M University School of Law, has published Sharing Stupid $H*T with Friends and Followers: The First Amendment Rights of College Athletes to Use Social Media at 17 SMU Science and Technology Law Review 449 (2014). Here is the abstract: This paper takes a closer look at the First Amendment rights of college athletes to access social media while simultaneously participating in intercollegiate athletics. The question posed is quite simple: can a coach or athletic department at a public university legally restrict a student-athlete's use of social media? If so, does the First Amendment provide any restraints on the type or length of restrictions that can be imposed? Thus far, neither question has been presented to a court for resolution. However, the answers are vital, as college coaches and athletic directors seek to regulate their athletes in a constitutional manner.

top

A Guide To Broadcasters' Obligations During Election Campaigns (Benton Foundation, 4 Dec 2015) - Now that NBC stations have reportedly given free air time to five Republican presidential candidates because of Donald Trump's recent appearance on "Saturday Night Live"(1), this is a good time to take a look at the Federal Communications Commission's regulation of political broadcasting matters. Some of these requirements can get very complicated, so this is necessarily a broad overview which does not deal with many details that arise in the implementation of these principles. There are two important preliminary points. First, although this post refers to "broadcasters," some of these rules also apply to satellite services DishTV and DirecTV and to the local operations of cable systems. For the sake of simplicity, this post will not deal with these circumstances. Second, there is a tendency to focus upon major federal elections, especially Presidential races. In fact, many of the most important applications of these rules are at the local level, especially in smaller communities, where a local station can have a powerful influence over city council, mayoral and similar races. * * *

top

FUN

Check out our 2015 gifts for lawyers (gallery) (ABA Journal, 10 Dec 2015) - What should you get for the lawyer in your life? Are they a tech geek? A fashion plate? A bookworm? A beer connoisseur? We've combed the Internet to find a wide variety of options for the 2015 holiday season, and compiled them into the 2015 Gifts for Lawyers photo gallery . Want further ideas? Our Gifts for Lawyers Pinterest board may just have what you're looking for. We also published an ad supplement in the December 2015 issue of the ABA Journal, full of other ideas. [ Polley : pretty cool list.]

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Sue companies, not coders (Bruce Schneier, 20 Oct 2005) -- At a security conference last week, Howard Schmidt, the former White House cybersecurity adviser, took the bold step of arguing that software developers should be held personally accountable for the security of the code they write. He's on the right track, but he's made a dangerous mistake. It's the software manufacturers that should be held liable, not the individual programmers. Getting this one right will result in more-secure software for everyone; getting it wrong will simply result in a lot of messy lawsuits. To understand the difference, it's necessary to understand the basic economic incentives of companies, and how businesses are affected by liabilities. In a capitalist society, businesses are profit-making ventures, and they make decisions based on both short- and long-term profitability. They try to balance the costs of more-secure software -- extra developers, fewer features, longer time to market -- against the costs of insecure software: expense to patch, occasional bad press, potential loss of sales. The result is what you see all around you: lousy software. Companies find that it's cheaper to weather the occasional press storm, spend money on PR campaigns touting good security, and fix public problems after the fact than to design security right from the beginning.

top

Shareholders sue Choicepoint (ComputerWorld, 7 March 2005) -- Shareholders are suing ChoicePoint Inc. and its top executives after the company's share price fell sharply following news that identity thieves had gained access to personal information about some U.S. residents that was held by the personal data vendor. A class-action lawsuit has been filed in U.S. District Court for the Central District of California on behalf of those who bought ChoicePoint shares between April 22, 2004, and March 3, 2005, Radnor, Pa.-based law firm Schiffrin & Barroway LLP said in a statement Friday. The suit charges Alpharetta, Ga.-based ChoicePoint and three top executives with keeping key information from the public in an effort to artificially inflate the price of the company's stock. Specifically, the suit alleges that the defendants knew that ChoicePoint's measures to protect its data were inadequate, that the company knew it was selling data to illegal enterprises, that security breaches had occurred twice before and that the company had exposed more than 500,000 people to the threat of identity theft, according to the statement. The suit seeks to recover damages for the shareholders.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. Steptoe & Johnson's E-Commerce Law Week

8. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

9. The Benton Foundation's Communications Headlines

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top