Saturday, July 18, 2015

MIRLN --- 28 June – 18 July 2015 (v18.10)

MIRLN --- 28 June - 18 July 2015 (v18.10) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | PODCASTS/MOOCS | RESOURCES | LOOKING BACK | NOTES

Study: Cyber risks overshadow corporate board security confidence (Networkworld, 23 June 2015) - Directors of U.S. businesses are pretty confident they can understand corporate security risks, but corporate security pros are not so sure their boards really get it, according to a survey of both board members and C-level security executives. While 70% of board members say they understand the risks, only 43% of hired corporate security professionals agree, according to a Ponemon Institute study polling 245 board members and 409 IT security pros that was sponsored by Fidelis Cybersecurity. Based on this finding the study concludes that, "more communication between the board and the IT function is sorely needed." There are other gaps between what board members think and what CIOs, CSOs and CISOs think. For example, 59% of board members say they believe their governance of cybersecurity practices is effective; only 18% of IT pros agree. In ranking that effectiveness, boards, on average, give themselves an 8.1 on a scale of 10 while the IT pros give them a 6.2, the study says. IT pros should brief their boards regularly on attacks and breaches the company has suffered, the report recommends. Doing so may actually protect companies from falling afoul of regulations and laws that oversee corporate cyber security. Asked whether their organizations suffered data breaches that resulted in lost or stolen records, 59% of board members said yes vs. 71% of security pros, which may reveal a lack of effective reporting to the boards by their hired IT pros. The gap is even larger for breaches involving the theft of intellectual property where 23% of board members thought their firm's intellectual property had been breached while 54% of IT respondents thought so.

top

Encryption conniption (ABA Journal, July 2015) - In 1999, ABA Formal Opinion 99-413 approved the use of unencrypted email for the transmission of confidential information with the caveat that under circumstances where the information to be communicated is highly sensitive the lawyer should forgo email, just as he would from making a phone call or sending a fax, and consult with the client about the best way to transmit the information. * * * The ever-developing nature of technology presents a moving target for those charged with setting ethics standards of competence and confidentiality. Changes in the form and manner of transmission of electronic communications force constant re-evaluation of the security of the exchange. Shared email accounts, shared passwords, shared computers, email accounts associated with an employer where the employee has no expectation of privacy see , e.g., ABA Formal Opinion 11-459 (2011), public computers, the idea of cloud computing, the prevalence of wi-fi connections at coffee shops and other public locations and the subsequent use of unsecured networks, the increase in hacking of institutions and individuals and information harvesting by government agencies such as the NSA all suggest that the expectation of privacy is open to question. The potential for unauthorized receipt of electronic data has caused some experts to revisit the topic and issue opinions suggesting that in some circumstances, encryption or other safeguards for certain email communications may be required. A discussion on recent developments in confidentiality at this year's ABA Center for Professional Responsibility's National Conference on Professional Responsibility featured one speaker who highlighted a pendulum-swinging trend among ethics committees that are revisiting the question of whether lawyers should be required to use encryption when emailing clients. As reported in the Lawyers' Manual : * * *

top

Americans' Internet Access: 2000-2015 (Pew Research Center, 26 June 2015) - The Pew Research Center's unit studying the internet and society began systematically measuring internet adoption among Americans in 2000. Since then, Pew Research has conducted 97 national surveys of adults that have documented how the internet has become an integral part of everyday life across diverse parts of society. A new analysis of 15 years-worth of data highlights several key trends: For some groups, especially young adults, those with high levels of education, and those in more affluent households, internet penetration is at full saturation levels. For other groups, such as older adults, those with less educational attainment, and those living in lower-income households, adoption has historically been lower but rising steadily, especially in recent years. At the same time, digital gaps still persist. In this report, we cover some of the major demographic trends that lie beneath the topline adoption numbers and highlight: * * * [ Polley : Pretty interesting top-level stuff - e.g., I was impressed to see that seniors are up to 58% internet penetration, from 14% in 2000.]

top

New case highlights deep hole in cyber insurance policies (Farella Braun, 29 June 2015) - Insurance policies covering data breach liability began appearing roughly ten years ago. We noted then a troublesome provision in some forms that seemed to exclude coverage for the insured's failure to maintain data security - in other words, the very risk the insured was seeking to insure. We'll call it the "Mistake Exclusion." One AIG form from 2006, for example, excluded coverage arising out of "your failure to take reasonable steps to use, design, maintain and upgrade your security." A 2009 Darwin form excluded coverage for any claim arising out of "any failure of an Insured to continuously implement the procedures and risk controls identified in the Application for this insurance." But isn't liability insurance supposed to do just that - protect against the insured's mistakes, innocent or negligent? We hoped and expected that as the market for these policies matured, savvy brokers and risk managers would insist that these Mistake Exclusions be removed or substantially narrowed. But that has not happened. We now have the first case we are aware of by an insurer seeking to enforce a Mistake Exclusion. In Columbia Casualty Company v. Cottage Health Systems , filed May 7, 2015 in the U.S. District Court in Los Angeles, Columbia seeks to enforce an exclusion barring coverage for a data breach claim arising out of any "failure of an Insured to continuously implement the procedures and risk controls identified in the Insured's application for this Insurance and all related information submitted to the Insurer in conjunction with such application whether orally or in writing." * * * Columbia's and other insurers' Mistake Exclusions underscore just how immature the cyber insurance market still is. They reflect insurers' lack of confidence in their ability to underwrite cyber risks, motivating them to try to shift that very risk back onto their insured. A similar dynamic took place in the nascent market for technology errors and omissions policies. Eventually, though, insurers realized that they could rely on their insureds' own competitive need for quality control and claim mitigation procedures to control the risk of claims for defective products. The same is now becoming true regarding cyber security.

top

Feds: App secretly hijacked phones to mine digital money (Nextgov, 29 June 2015) - A smartphone app secretly hijacked its users' devices to mine for digital currencies for its developer, federal and state regulators alleged Monday. The process drained batteries and used up mobile data, potentially causing users to incur fees by going over their monthly data limits, the Federal Trade Commission and the New Jersey Attorney General's office said. The "Prized" app advertised that consumers could earn points playing games that they could then use on rewards, such as clothes or gift cards. The company also promised it was free from any malware or viruses, according to the government's complaint . But instead, the app took control of the user's computing power to secretly mine for virtual currencies, including DogeCoin, LiteCoin, and QuarkCoin, the regulators said. The government's complaint doesn't mention Bitcoin, the most popular virtual currency.

top

Second Circuit grants rehearing in Ganias computer search and seizure case (Orin Kerr, 29 June 2015) - Big news in the field of computer search and seizure today: The Second Circuit has granted rehearing in the full case of United States v. Ganias , the blockbuster case from last year on access to overseized files . I blogged about Ganias here and here when it came down, and I have been finishing up an article draft - which I was planning to post on SSRN later in the week - that focuses extensively on how courts should interpret and build on Ganias . Time to rewrite the draft, as the entire case will now go before the en banc court now for a September argument.

Notably, the DOJ's petition for rehearing in the case was limited to the remedy question of whether the exclusionary rule applied. In contrast, the Second Circuit granted rehearing on the whole case - 4th Amendment violation and remedy.

top

Survey finds [only] 66 percent of Netflix subscribers using pay TV (Telecompetitor, 1 July 2015) - Greater numbers of Netflix subscribers are "cutting the cord" on pay-TV providers. Surveying 829 Netflix subscribers, Cut Cable Today found that two-thirds maintain pay-TV service subscriptions - cable or satellite. But nearly one in 10 of those (9 percent) said they intend to cancel their pay-TV subscriptions sometime over the next year. Furthermore, 16 percent said they are unsure if they will keep their pay-TV subscriptions.

top

Crowdsourcing legal research website adds writing tool that 'could be a game-changer' (ABA Journal, 2 July 2015) - The free legal research website Casetext, which uses crowdsourcing to annotate cases, has launched a new writing tool that publishes lawyers' articles and links them to cases they cite. The new LegalPad application "could be a game-changer in how lawyers publish and share articles about the law," according to LawSites by Robert Ambrogi . Users can write articles that are shared with like-minded Casetext community groups based on practice areas and interests. There are links to cases discussed in the articles, and the cases will in turn link to articles. Casetext founder Jake Heller tells LawSites that his goal is for Casetext to become a place to build legal commentary as well as a tool for legal research. A Casetext press release points out that lawyers who publish articles on the website can build reputations in their specialty areas. LegalPad also serves as a legal writing tool. When an article writer types in a case name, it is supplied in correct Bluebook form with a hyperlink to the case. A writer can select text from the case, and it will be inserted in the article. Writers will be able to choose the Casetext communities where their articles will appear. LegalTech News , the Legal Insider and Inside Counsel also have stories on LegalPad. "Legal writing is exceptionally hard. You feel constantly buried in dozens of sources, trying to keep quotes and citations straight," Heller said in the press release. "We crafted technology to help writers focus on what matters most: developing their message."

top

- and -

Striking a blow against legalese: Adobe's legal department open sources its plain-English style guide (Robert Ambrogi, 15 July 2015) - Adobe's legal department is striking a blow against legalese today. It is releasing to the legal community at large the style guide it developed to help its own inhouse staff write legal documents in plain English and avoid legalese. Adobe is releasing The Adobe Legal Department Style Guide (embedded below) under a Creative Commons Attribution-NonCommercial-Share Alike 4.0 International License so that others in the legal industry can use and adapt it for their own legal departments and law firms. "We want to release this under a Creative Commons attribution and let others take our work product and make it their own in the hope that as a profession we'll change the way we communicate," Michael Dillon, Adobe's senior vice president, general counsel and corporate secretary, told me in an interview last week. "When you write a blog, you write to be engaging and accessible, but we don't write our legal documents that way" said Dillon, who was one of the first GCs in the U.S. to have his own blog and who still writes both for his personal blog and an Adobe blog . "So we've tried to rethink the way we're writing everything." To accomplish this, Dillon assembled a global team of a half-dozen "very passionate people" within his legal department. He also brought in outside experts such as Bryan Garner , often considered the leading authority on clear and effective legal writing. The result, not surprisingly, is a succinct, accessible guide of just 30 pages - a sort-of Strunk and White for the legal profession. It is a guide not only to language but also to layout, with a section detailing basic design principles to enhance the readability of documents such as contracts.

top

Sony data breach suit to proceed (Steptoe, 2 July 2015) - The U.S. District Court for the Central District of California ruled, in Corona v. Sony Pictures Entertainment, Inc. , that former Sony employees may proceed with their negligence and other claims against the company for failing to prevent the theft of their financial, medical, and other personal information. The theft was part of a cyberattack by North Korea on Sony's databases and the release of embarrassing emails from Sony executives and other information on the Internet. Bucking the trend in similar data breach cases, the court found that the threat of future harm resulting from the theft was sufficient to meet the "certainly impending" harm standard established by the Supreme Court in Clapper v. Amnesty International USA . The court also held that costs incurred by the plaintiffs to protect against identity theft constituted cognizable injury sufficient to state a negligence claim. And it held that the "economic loss" doctrine did not bar the suit because plaintiffs had adequately alleged a "special relationship" with Sony based in part on the foreseeability of the breach in light of Sony's past data breaches and its alleged failure to take adequate preventative steps.

top

FTC releases new data security guide: 50 mistakes to avoid in 10 lessons (Cooley, 2 July 2015) - The Federal Trade Commission (FTC) has brought over 50 cases against companies that put consumer data at unreasonable risk. On June 30, 2015, the FTC released a guide titled Start with Security that summarizes 10 lessons the FTC has culled over the course of these cases. These lessons can help your business protect consumer data, confidential data, and other proprietary information (together "sensitive information"). These lessons can also help you avoid FTC investigation. Data breaches and other consumer information issues are serious public relations problems, and the FTC has enforcement authority that includes the ability to obtain civil penalties for violations of FTC orders. This alert first explains the general principles underlying the lessons. Then, it lists the 10 lessons, explains them, and points you to additional resources the FTC has made available. Finally, it provides information about ways to follow up if you still have questions or concerns. * * *

top

CCBE wins case against the Dutch State on surveillance of lawyers (Global Legal Post, 3 July 2015) - The District Court of The Hague has ruled that surveillance of lawyers by intelligence agencies constitutes an infringement of fundamental rights and orders the State to stop all surveillance of lawyers' communications. The Court was questioned on the legality of eavesdropping on lawyers' calls and communications by domestic intelligence agencies in a challenge brought against the Dutch State by the law firm Prakken d'Oliveira, the Dutch Association of Criminal Defence Lawyers (NVSA), and the Council of Bars and Law Societies of Europe (CCBE). In its verdict, the Court recognised that the ability to communicate confidentially with a lawyer is a fundamental right which is currently being breached by Dutch surveillance policy. The Court ordered the Dutch government to stop all interception of communications between clients and their lawyers under the current regime within six months. The Dutch State has six months to adjust the policy of its security agencies regarding the surveillance of lawyers and ensure that an independent body exercises effective prior control in order to prevent or stop tapping of lawyer-client conversations. Under the existing policy, only a government minister may give the authorisation to conduct surveillance, while monitoring by a Supervisory Committee (CTIVD) only takes place after the fact. This is judged insufficient by the court.

top

Think your firm is HIPAA-compliant? Steps to make sure (Attorney at Work, 6 July 2015) - If any of your clients are involved with health care, you know how highly regulated the field is. You may think you are complying with all the regulations and have lock-tight security measures in place at your firm. But you could be wrong. When you work with PHI, you need to keep your firm steps ahead of hackers and away from accidental data breaches - and be aware of your responsibilities. As a law firm "business associate" handling PHI, you need to understand what the government expects of you, and where you may be vulnerable. Security for PHI is governed under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Omnibus Rule and the Health Information Technology for Economic and Clinical Health Act (HITECH). Under these rules, "covered entities" such as health plans, health care clearinghouses and medical providers can share PHI with their business associates, including law firms. If your firm receives any personal health information from a client who is a covered entity, you become a business associate. When that happens, you need to execute a business associate agreement (BAA) that guarantees your firm will keep the information safe and only use it for the purposes for which you were engaged. BAAs carry very high expectations and severe penalties for failure to comply. * * *

top

'Hackers' give orders to German missile battery (The Local, 7 July 2015) - German-owned Patriot missiles stationed in Turkey were briefly taken over by hackers, according to media reports on Tuesday. The attack took place on anti-aircraft 'Patriot' missiles on the Syrian border. The American-made weapons had been stationed there by the Bundeswehr (German army) to protect Nato ally Turkey. According to the civil service magazine , the missile system carried out "unexplained" orders. It was not immediately clear when these orders were carried out and what they were.

top

- and -

Software bug prompts Range Rover recall (BBC, 13 July 2015) - Land Rover is recalling more than 65,000 cars to fix a software bug that can "unlatch" the vehicles' doors. Drivers would get no dashboard warning that the doors of their car had been unlocked, the firm said. Land Rover said the recall was not related to widely-reported problems with keyless ignition and locking systems on some luxury cars that had made them favourites with car thieves. Last year car thieves were found to be targeting some models of Range Rovers and BMW X5s because they found it easy to unlock the vehicles. It is believed that a handheld "black box" was being used by some gangs to unlock and start cars that had keyless ignition systems. Some newspapers reported that insurers were unwilling to extend cover to Range Rover owners unless they could park in secure, off-street car parks. Other insurance firms insisted on the use of tracking systems that could help find a car if it was stolen. "It's been known for over a year that keyless entry and ignition systems possess certain vulnerabilities," said a spokesman for Thatcham Research which gathers data on car crime.

top

Lawyer is disbarred for 'social media blitz' intended to influence custody case and top state court (ABA Journal, 8 July 2015) - A divided Louisiana Supreme Court has disbarred a lawyer who used Twitter and an online petition to urge readers to contact two judges she accused of being unwilling to consider the evidence in two custody cases involving allegations of child sexual abuse. The supreme court disbarred 52-year-old lawyer Joyce Nanine McCool in a June 30 opinion (PDF), noted by the Legal Profession Blog . A hearing board and the disciplinary board had recommended a suspension of a year and a day, but the four-justice majority on the state supreme court said disbarment was warranted. Three dissenters would have imposed lesser discipline. The majority opinion said McCool displayed an "utter lack of remorse" and a "defiant attitude" by asserting her actions had First Amendment protection. According to the court, McCool's social media postings contained many "false, misleading and inflammatory statements" about the way two judges were handling the cases. Among the untrue statements were assertions that judges had refused to admit audio recordings of children talking about alleged abuse, although the recordings were not offered into evidence at that time. The court also said McCool had solicited others to make ex parte contact with the judges-and with the state supreme court-to express their feelings about the cases, which were sealed domestic proceedings.

top

Hackers of Apple, Facebook seen as independent group seeking money (NYT, 8 July 2015) - A hacking group best known for breaking into top-tier technology companies Apple Inc, Facebook Inc and Twitter Inc more than two years ago is now believed to be one of a handful of highly skilled independent gangs pursuing corporate secrets for profit. According to new research from the largest U.S. security software vendor, Symantec Corp, the group appears to be among the few that display significant talent without backing from a national government. The group stays below the radar with a small number of carefully targeted attacks. "They are very focused, wanting everything valuable from the top companies of the world," said Vikram Thakur, a Symantec senior manager. "The only way they could use it, in our opinion, is through some financial market or by selling it." Thakur said Symantec and other security companies such as FireEye Inc were tracking less than a half dozen such groups, including one called FIN4. FIN4 has less technical skill but uses knowledge of the investment banking world and strong social engineering, or trickery, to harvest email credentials and discover material financial information. The U.S. Securities and Exchange Commission is investigating some FIN4 breaches at large, publicly traded companies. Symantec said its group, which it calls Morpho, dropped out of sight for months after press accounts of the Silicon Valley breaches in early 2103 shone a light on their techniques, which included use of a previously unknown "zero-day" flaw in Oracle's Java platform. In a paper being released Wednesday, Symantec said Morpho came back from its absence to breach a small number of additional technology companies. It has also gone after the pharmaceutical industry and airlines, typically hitting multiple competitors in a sector and infecting a very few machines, usually in the research departments. Morpho has breached about 49 organizations that Symantec knows about since 2012, with the number penetrated each year rising to 14 by 2015.

top

- and -

Symantec report suggests hackers' motives are blurring (NYT, 8 July 2015) - A group of financially motivated hackers has been infiltrating major corporations and stealing valuable intellectual property, a sign that the motives and techniques of different types of online criminals are starting to blur, researchers at a computer security company will announce in a report on Wednesday. Typically, criminal hackers steal passwords and personal data from companies with poor security so that they can break into more valuable sites, or simply sell those passwords and Social Security numbers on the black market. But the report, by Symantec, the computer security company, suggests that a group it calls Morpho is after intellectual property, possibly to sell it to competitors or nation states. Symantec said the group had attacked multibillion-dollar companies in the Internet, software, pharmaceutical, legal and commodities fields. * * * Researchers found evidence that the group's hackers did careful reconnaissance before grabbing valuable trade secrets. In some cases, the researchers had indications that they had succeeded in intercepting company emails, and business databases containing legal and policy documents, financial records, product descriptions and training documents. In one case, researchers found that the group managed to compromise a physical security system that monitors employee and visitor movements around some corporate buildings. [ Polley : the emphasis is mine. A related story is more precise: " one of [Morpho's] latest attacks took place in June 2015 in the Central Asian offices of a global law firm. "

top

FFIEC releases cybersecurity assessment tool (Steptoe, 16 July 2015) - The Federal Financial Institutions Examination Council has released a Cybersecurity Assessment Tool to help financial institutions identify cybersecurity risks and evaluate their preparedness to address them. The Assessment is designed to inform and enhance financial institutions' risk management strategies, and will be updated as financial institutions' vulnerabilities and cyber threats evolve over time. Along with the Assessment Tool itself, the FFIEC released a companion "Overview for Chief Executive Officers and Boards of Directors" and explanatory guides to ease the process of using the Tool. Institutions will be able to provide comments on the Assessment Tool after a notice is published in the Federal Register. [ Polley : FFEIC's tool is here .]

top

CRS report - The Dark Web (BeSpacific, 16 July 2015) - Dark Web , Kristin Finklea, Specialist in Domestic Security. July 7, 2015: " The layers of the Internet go far beyond the surface content that many can easily access in their daily searches. The other content is that of the Deep Web , content that has not been indexed by traditional search engines such as Google. The furthest corners of the Deep Web, segments known as the Dark Web, contain content that has been intentionally concealed. The Dark Web may be used for legitimate purposes as well as to conceal criminal or otherwise malicious activities. It is the exploitation of the Dark Web for illegal practices that has garnered the interest of officials and policy makers. Individuals can access the Dark Web by using special software such as Tor (short for The Onion Router). Tor relies upon a network of volunteer computers to route users' web traffic through a series of other users' computers such that the traffic cannot be traced to the original user. Some developers have created tools-such as Tor2web-that may allow individuals access to Tor-hosted content without downloading and installing the Tor software, though accessing the Dark Web through these means does not anonymize activity. Once on the Dark Web, users often navigate it through directories such as the "Hidden Wiki," which organizes sites by category, similar to Wikipedia. Individuals can also search the Dark Web with search engines, which may be broad, searching across the Deep Web, or more specific, searching for contraband like illicit drugs, guns, or counterfeit money. While on the Dark Web, individuals may communicate through means such as secure email, web chats, or personal messaging hosted on Tor. Though tools such as Tor aim to anonymize content and activity, researchers and security experts are constantly developing means by which certain hidden services or individuals could be identified or deanonymized."

top

The Washington Post tests new 'Knowledge Map' feature (WaPo, 16 July 2015) - Today, The Post began testing a new feature called Knowledge Map, which can be seen in "Why the Islamic State leaves tech companies torn between free speech and security" . Knowledge Map gives readers an easier way to catch up on ongoing stories by quickly and seamlessly providing relevant background, additional information or answers to frequently asked questions, when the reader wants it. As readers will see in today's story, Knowledge Map appears as a series of highlighted links embedded throughout the body of the article. When clicked or tapped, these links instantly surface more information. This additional content offers background and contextual information, as well as related links to other Post content on that subject, allowing users to get up to speed quickly, or dive deeper into a subject. "We're excited to see how readers react to Knowledge Map," said Dr. Sam Han (PhD), Engineering Director for Data Science at The Post. "This iteration sets us up to use data mining techniques to identify and surface contextual content for our readers. We are also working on parallel applications to drive engagement with our native advertising content. Our ultimate goal is to mine big data to surface highly personalized and contextual data for both journalistic and native content. We continue to push the technical boundaries of applied Data Science at The Washington Post."

top

NOTED PODCASTS/MOOCS

Technology in International Arbitration (11 June 2015; 46 minutes) - This multi-location conference - the first of its kind - will examine the feasibility of virtual, or remote arbitration proceedings, where arbitrators, counsel and witnesses are in far-flung locations. The program will begin with a mock cross-examination before an arbitral tribunal, with arbitrators, counsel and witness spread across 13 time zones. It will continue with a panel discussion, again with participants in several different locations, on the technological, practical, and ethical considerations involved in conducting remote arbitrations. Among the issues to be tested and discussed are: * * * For both younger arbitration practitioners and "old hands," this conference will highlight some of the key issues that will likely confront arbitration's stakeholders over the next decades. Attendees (wherever they are) will come away with a substantially greater appreciation for the particulars involved in remote arbitration, the technologies available to them, and the suppliers of that technology. This will also be an historic opportunity to participate in the first multi-location arbitration conference ever. Faculty list is here . Videos are here and here .

top

Internet Giants: The Law and Economics of Media Platforms (Coursera, taught by Randy Picker at Chicago; July 2015) - This will be offered as an On-Demand Course beginning July 13, 2015: This seven-week course will explore the relationship between law and technology with a strong focus on the law of the United States with some comparisons to laws around the world, especially in Europe. Tech progress is an important source of economic growth and raises broader questions about the human condition, including how culture evolves and who controls that evolution. Technology also matters in countless other ways as it often establishes the framework in which governments interact with their citizens, both in allowing speech and blocking it and in establishing exactly what the boundaries are between private life and the government. And technology itself is powerfully shaped by the laws that apply in areas as diverse as copyright, antitrust, patents, privacy, speech law and the regulation of networks. You can see the course syllabus at https://www.coursera.org/course/internetgiants and play the trailer there. The MOOC is free and includes 20 hours of video. One of the virtues of Coursera's new on-demand approach is that people can jump in and just engage with what they want to. [ Polley : Spotted by MIRLN reader Ross Blair ]

top

RESOURCES

The Fair Use App - An Interactive Guide for Filmmakers and Video Creators (New Media Rights, 16 July 2015) - This guide is intended to help you navigate fair use. The guide will walk you through some of the questions you should ask yourself about your video project if you intend to reuse existing content such as images, audio, or video. However, this guide will not be able to give you a simple yes or no answer. Instead, the guide is intended to help you analyze fair use questions; learn what questions to ask; and how to identify possible problems. If you have any specific questions, we encourage you to contact New Media Rights or get specific legal advice from a lawyer.

top

The Law and Ethics of Experiments on Social Media Users (TAP by James Grimmelmann, 20 May 2015) - I have a new paper out in the Colorado Technology Law Journal, The Law and Ethics of Experiments on Social Media Users . It's the scholarly version of my work from last summer on the Facebook and OkCupid experiments. The basic argument should be familiar: running scientific experiments on users without their consent or institutional oversight raises serious ethical and legal concerns. But, thanks to the CTLJ and Paul Ohm's December conference at the University of Colorado, When Companies Study Their Customers , I have taken the opportunity to revise and extend my remarks. It's long for a symposium essay - 23,000 words - and I hope that it can also serve as a reference on last summer's controversy.

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

SUN sets open-source course for Solaris - software giant changing to keep up with competition (San Francisco Chronicle, 26 Jan 2005) -- Sun Microsystems said Tuesday that its Solaris 10 operating system would soon be available on an open-source basis, a move the company hopes will help counter the perception that its technology is too proprietary and pricier than the competition. The decision means the software will be free and that programmers outside Sun will be able to customize and improve it. John Loiacono, executive vice president of software at Sun, said the decision to offer a free version of Solaris is intended to help Sun expand the market for its other programs and its servers. "The more people use Solaris, the more opportunities we have to sell other technologies," he said. Sun chief executive Scott McNealy said the company's technology had never been as closed as its competitors had tried to portray. Still, McNealy said, with many government agencies and corporations demanding open-source alternatives, the company felt it had to open up even further to compete.

top

Texas bill would benefit graduates of online law schools (Chronicle of Higher Education, 11 March 2005) -- A bill working its way through the Texas legislature could give graduates of online law schools more opportunities to practice law. The American Bar Association (ABA) has so far refused to accredit online law schools, saying that they do not train students adequately to practice law. Although the ABA continues to refuse accreditation to online law schools, the organization does accredit institutions that offer some courses online. Currently in Texas, a graduate of an online law school can only take the state's bar exam if he or she has practiced law in another state for at least five years. The proposed law would allow online graduates to take the Texas bar exam if they simply had passed the bar in another state. A small number of other states have similar statutes. California is currently the only state that allows individuals to take the bar exam without having passed another state's bar exam. The bill was prompted by the situation of Julie Drenner, daughter of a state legislator, who graduated from Oak Brook College of Law and Government in California, passed that state's bar exam, and now wants to practice law in Texas. (sub. req'd)

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. Steptoe & Johnson's E-Commerce Law Week

8. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

9. The Benton Foundation's Communications Headlines

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top