Saturday, May 28, 2016

MIRLN --- 8-28 May 2016 (v19.08)

MIRLN --- 8-28 May 2016 (v19.08) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | PODCASTS/MOOCS | RESOURCES | LOOKING BACK | NOTES

Law schools as innovation hubs - the Global Legal Technology Lab (Open Law Lab, 5 May 2016) - Today I had the pleasure of attending an exploratory meeting for a new initiative - the Global Legal Technology Lab . It's a network of law schools, legal technology companies, and other organizations interested in pushing forward new innovations in the legal system - particularly around access to justice. It grew out of meetings at University of Missouri - Kansas City Law School, that the Kauffman Foundation had supported to explore how innovation and technology could be brought to law. But it is not strictly a UMKC, MIT, or Kauffman project. It is meant to be a new network of law schools who build new technologies and launch projects that make the legal system more accessible, efficient, and empowering. Today was about exchanging ideas about projects, and thinking through how the Global Legal Technology Laboratory could operate. One of the driving ideas is to link projects across different schools and silos, stop duplication of efforts, and drive a stronger agenda of what the future of legal education and innovation should look like. The concept is that people at law schools can propose projects, draw upon the GLTL's resources to get more guidance, man/womanpower, and perhaps also funding. These projects could come from hackathons, classes, research, or otherwise. Instead of these projects stalling out after being identified and scoped, the GLTL should help keep their momentum and contribute to their implementation.

top

Restraining order? Don't follow her on Instagram (Newsweek, 10 May 2016) - A clothing designer allegedly attacked his ex-girlfriend last year in New York City, choking her, throwing her to the ground and dragging her by her hair, according to the criminal complaint charging him with misdemeanor assault. About a week later, the woman obtained an order of protection barring the designer, Nicholas Lemons, from contacting her, but he couldn't resist trying to keep tabs on her. Just four months after a Manhattan judge signed the order of protection, Lemons tried to follow his former flame on Instagram, court papers state-leading to another criminal charge the judge said was the first of its kind. Lemons, 34, was charged with criminal contempt in September 2015 for violating the order of protection that forbade him contacting his ex-girlfriend through any means, including electronically. The former model-who posed on the cover of Out magazine in 2006 wearing green briefs and a necklace-argued he didn't violate the restraining order because his follow request merely "triggered a notification by Instagram" and there was no direct contact. But Manhattan criminal court judge Steven Statsinger shot down that argument, ruling against Lemons and marking a new wrinkle in the intersection of the internet and the law. "The situation described here is exactly the same as if the defendant, using his iPhone, had asked Siri to place a call to the complainant, instead of dialing her number himself," Statsinger wrote in his May 2 decision . A Massachusetts family law attorney said he advises all his clients with orders of protection to stay off social media. "If you have to use social media, don't say anything about your ex and don't follow them. And don't ever, ever, ever say anything about the judge," says Alan Pransky , who is not involved in the Lemons case but has handled cases involving domestic violence and internet issues.

top


- and -

Judge scolds litigant for making Facebook account "private" during litigation (Venkat Balasubramani, 16 May 2016) - This is a social media evidence ruling. Plaintiff filed a Fair Housing Act lawsuit alleging that a prospective landlord decline to rent an apartment after learning that two of plaintiff's children would be living with her. The lease denial allegedly caused emotional harm to plaintiff. Defense counsel flagged the issue of plaintiff's social media accounts early, warning plaintiff's counsel that plaintiff's social media accounts would be scrutinized and that she should be warned about "spoilage" [sic]. In the context of another motion, plaintiff acknowledged to the court that she had Facebook and Instagram accounts and that these accounts were "private". Shortly after this filing, defense counsel sought sanctions for spoliation and an injunction prohibiting plaintiff from accessing her social media accounts. [ Spoiler alert : the court denies the requested injunction.] In a supporting declaration, defense counsel averred that he had viewed plaintiff's social media accounts and observed posts "disappearing from view". In defendant's view, these posts were relevant to plaintiff's claims for emotional distress and might counter-indicate that she suffered emotional distress as a result of being unable to rent the apartment in question. The posts also allegedly demonstrated that plaintiff was not separated from her family, which was the supposed cause of her emotional distress. The court holds an evidentiary hearing at which two lawyers and the plaintiff testify. According to one of the lawyers for the defense, she accessed plaintiff's accounts at one point despite not being "friends" with plaintiff. She later looked at the accounts and saw many posts were missing. The Plaintiff also testified that, to her knowledge, she never deleted anything. She did hide a few posts from her timeline which appeared there because she had been tagged by others. She said she thought she originally set her Facebook account to private and she merely double checked this after defendant filed its spoliation motion. Counsel for plaintiff offered to provide to defense counsel a copy of plaintiff's entire Facebook account. * * *

top

Autonomous cars require a self-driven legal hybrid teams (ReadWrite, 10 May 2016) - Business and law have gone hand-in-hand since the concept of law was invented. Virtually every industry in the business world has its own set of unique legal issues. For the emerging business of autonomous vehicles - with all the regulatory hurdles and business model crossovers - it looks like it's becoming even more important to have a focused legal team. This is why many auto-industry serving law firms across the nation are forming special autonomous vehicle teams to better serve clients as they build their autonomous vehicle products and services and work them through the legal red tape to bring them to market. In a recent interview with Crain's Detroit business , Jennifer Dukarski from the Ann Arbor-based law firm Butzel Long described the work of its dedicated autonomous vehicle team as, "very traditional legal issues, but with very new context." While the debate rages on in states and throughout the Federal government as to what new laws and/or regulations need to apply to this new type of vehicle, companies depend on law firms to not only help them navigate the constantly-changing legal waters, but to take part in the business deals that help make innovation in the new space possible.

top

Immediate action for human resource departments on the Defend Trade Secrets Act (Patently-O, 11 May 2016) - Starting May 12, 2016 all employers will be required by Federal Law to provide a notice-of-immunity to employees and contractors "in any contract or agreement with an employee [or independent contractor] that governs the use of a trade secret or other confidential information." (If the DTSA is enacted as expected.) The Defend Trade Secrets Act (DTSA) amends 18 U.S.C. 1832 to provide limited whistle blower immunity. The headline for the provision is "immunity from liability for confidential disclosure of a trade secret to the government or in a court filing." Thus, an action that would otherwise count as trade secret misappropriation will be immunized if the disclosure: (A) is made (i) in confidence to a Federal, State, or local government official, either directly or indirectly, or to an attorney; and (ii) solely for the purpose of reporting or investigating a suspected violation of law; or (B) is made in a complaint or other document filed in a lawsuit or other proceeding, if such filing is made under seal. The statute is clear that the immunity extends to protect against both state and federal law; both civil and criminal allegations. Under the provision, employers are required to provide notice of the immunity "in any contract or agreement with an employee [or independent contractor] that governs the use of a trade secret or other confidential information." The statute suggests that this may be done via reference to a policy document rather than restating the entire immunity provisions in each agreement.

top

- and -

Defend Trade Secrets Act of 2016: Markup and commentary (Patently-O, 12 May 2016) - President Obama has signed the Defend Trade Secrets Act of 2016 (DTSA) into law. The new law creates a private cause of action for trade secret misappropriation that can be brought in Federal Courts and with international implications. I have created a mark-up (with commentary) of the new law that shows how the DTSA's amendments to the Economic Espionage Act (EEA). * * *

top

Negotiating key cyber exclusions (Holland & Knight, 11 May 2016) - * * * The following is intended to cover some tips on how to negotiate the exclusion section of a cyber liability insurance policy. Although the tips below are limited to the exclusions section, it is not the only section of a cyber pol- icy that must be negotiated. * * *

top

Disaggregation of legal information an opportunity for all (Kevin O'Keefe, 11 May 2016) - Shaunna Mireau , ‎Director of Knowledge Management and Process Improvement at Field Law, reports on an interesting development on the reporting of UK law.

Per a recent press release from ICLR (The Incorporated Council of Law Reporting for England and Wales): [ICLR] has started the process of disaggregating its law reports from the online services operated by LexisNexis and Thomson Reuters in Australia, Canada, New Zealand and the United States. Subscribers to these services based elsewhere in the world will not be affected. The process of removing ICLR content from these providers will take effect on 1 January 2017. Thereafter, the ICLR - the publisher of the English official series, The Law Reports - will provide its case law service directly to lawyers, judges, academics and students in these regions through its established online platform, ICLR Online. * * *

top

Hail and farewell to the Google books case (James Grimmelmann, 11 May 2016) - "The petition for a writ of certiorari is denied. Justice Kagan took no part in the consideration or decision of this petition." With that two-sentence order, the Supreme Court brought the long-running Google Books case to a close on April 18. After ten years, two lawsuits, one failed settlement , a parallel case against Google's library partners , and five landmark copyright decisions there is nothing more for the courts to say. Google Books is legal. Full stop. If the news felt a bit anticlimactic, it wasn't just because of the Supreme Court's dull legalese. Google's scanning project and the subsequent lawsuits once commanded the attention of the publishing and library worlds. But over the years they became peripheral. As Google copied some 20 million volumes from library shelves, the sky did not fall on publishers, or copyright owners. Rather, the end of the litigation merely confirmed a few realities of modern publishing. * * *

top

Understanding cybersecurity threats in law practice (Special Counsel, 12 May 2016) - Organized, financially motivated hackers have turned their attention on the latest soft target: law firms. Even before the Panama Papers leak, a number of high-profile breaches put the legal profession on notice. Why do hackers target law offices in cybersecurity attacks? Because they house some of the most sensitive information in the world. Although some savvy companies have established honey pots full of false data to mislead and misdirect cyber hackers, law offices typically lack such decoys. In fact, the honesty fostered by attorney-client privilege means law offices frequently guard information that is both very sensitive and quite authentic. "Hackers know they are probably getting the real deal," says Vincent Polley, president of KnowConnect PLLC and co-editor of the ABA Cybersecurity Handbook ." That means the information hackers do find [in law firm systems] is going to be even higher value than they might otherwise get." It's the 21st century equivalent of raiding Fort Knox. "What is a law firm's wealth? Proprietary information. Its clients' secrets," says Christopher F. Smith, director, cybersecurity strategy at SAS . "To a hacker, information is money. That's why law firms make such alluring targets." Below are some guidelines to better understand cybersecurity threats and attacks and coping with the situation. * * *

top

- and -

Did the Panama Papers end the honeymoon for law firms? (Security Current, 16 May 2016) - Try and do an information security risk assessment of a law firm your company uses. Give them an InfoSec security questionnaire to fill out and request key information security documents. And if they host a lot of your sensitive data ask for a SOC2 report or even a penetration test report. What are the chances you will not get a major push back? What about your right to audit? Can you come onsite and validate some key security controls? Do you think law firms have had a free pass? Do you think the Panama Papers lawsuit will change anything? Do you think cyber crooks will take a peek at law firms more now - especially knowing how much sensitive data about people and corporations they may have? Is it all just about contractual terms and conditions? Many of the bigger law firms have indeed taken information security seriously and thus have a sound information security program in place. But, as is with many industries, the real challenges continue to haunt in particular the medium and small firms, some of which have significant engagements with many big companies putting sensitive data at risk.

top

Federal Circuit: Software and data structures are not inherently abstract (Patently-O, 12 May 2016) - In a rare win for a software patentee, the Federal Circuit has rejected a lower court ruling that Enfish's "self-referential" database software and data-structure invention is ineligible under 35 U.S.C. § 101 as effectively an abstract idea.[1] The apparent saving-grace of the claims here is that the improvement is directed to the database operation and is not tied to the business improvement or economic activity: In this case . . . the plain focus of the claims is on an improvement to computer functionality itself, not on economic or other tasks for which a computer is used in its ordinary capacity. Accordingly, we find that the claims at issue in this appeal are not directed to an abstract idea within the meaning of Alice. Rather, they are directed to a specific improvement to the way computers operate, embodied in the self-referential table.

top

Want a security clearance? Feds will now check Facebook and Twitter first (WaPo, 13 May 2016) - The government will start scanning Facebook, Twitter, Instagram and other social media accounts of thousands of federal employees and contractors applying and re-applying for security clearances in a first-ever policy released Friday. Federal investigators looking at applicants' backgrounds to determine their trustworthiness will not ask for passwords or log in to private accounts, limiting their searches to public postings. And when they find information that has no relevance to whether they should have access to classified information, it will be wiped from government servers, the policy promises.

top

Federal Acquisition Regulation; Basic safeguarding of contractor information systems (FedReg, 16 May 2016) - DoD, GSA, and NASA are issuing a final rule amending the Federal Acquisition Regulation (FAR) to add a new subpart and contract clause for the basic safeguarding of contractor information systems that process, store or transmit Federal contract information. * * * This final rule has basic safeguarding measures that are generally employed as part of the routine course of doing business. DoD, GSA, and NASA published a proposed rule in the Federal Register at 77 FR 51496 on August 24, 2012, to address the safeguarding of contractor information systems that contain or process information provided by or generated for the Government (other than public information). This proposed rule had been preceded by DoD publication of an Advance Notice of Proposed Rulemaking (ANPR) and notice of public meeting in the Federal Register at 75 FR 9563 on March 3, 2010, under Defense Federal Acquisition Regulation Supplement (DFARS) Case 2008-D028, Safeguarding Unclassified Information. * * * This rule, which focuses on ensuring a basic level of safeguarding for any contractor system with Federal information, reflective of actions a prudent business person would employ, is just one step in a series of coordinated regulatory actions being taken or planned to strengthen protections of information systems.

top

Federal judge says internet archive's Wayback machine a perfectly legitimate source of evidence (TechDirt, 18 May 2016) - Those of us who dwell on the internet already know the Internet Archive's " Wayback Machine " is a useful source of evidence. For one, it showed that the bogus non-disparagement clause KlearGear used to go after an unhappy customer wasn't even in place when the customer ordered the product that never arrived. It's useful to have ways of preserving web pages the way they are when we come across them, rather than the way some people would prefer we remember them, after vanishing away troublesome posts, policies, etc. Archive.is performs the same function. Screenshots are also useful, although tougher to verify by third parties. So, it's heartening to see a federal judge arrive at the same conclusion, as Stephen Bykowski of the Trademark and Copyright Law blog reports : The potential uses of the Wayback Machine in IP litigation are powerful and diverse. Historical versions of an opposing party's website could contain useful admissions or, in the case of patent disputes, invalidating prior art. Date-stamped websites can also contain proof of past infringing use of copyrighted or trademarked content. The latter example is exactly what happened in the case Marten Transport v. PlatForm Advertising , an ongoing case in the District of Kansas. The plaintiff, a trucking company, brought a trademark infringement suit against the defendant, a truck driver job posting website, alleging unauthorized use of the plaintiff's trademark on the defendant's website. To prove the defendant's use of the trademark, the plaintiff intended to introduce at trial screenshots of defendant's website taken from the Wayback Machine, along with authenticating deposition testimony from an employee of the Internet Archive. The defendant tried to argue that the Internet Archive's pages weren't admissible because the Wayback Machine doesn't capture everything on the page or update every page from a website on the same date. The judge, after receiving testimony from an Internet Archive employee, disagreed. He found the site to a credible source of preserved evidence -- not just because it captures (for the most part) sites as they were on relevant dates but, more importantly, it does nothing to alter the purity of the preserved evidence.

top

Coming soon: An online network exclusively for in-house counsel (Robert Ambrogi, 18 May 2016) - Launching this summer is an online networking community where only in-house counsel will be allowed to participate. Called In the House, the professional networking site will be the online companion to the eponymous In the House networking organization for in-house counsel that has been operating since 2011. The purpose of the In the House networking site will be to provide members with a forum for freely exchanging ideas, asking questions, and requesting referrals in a confidential and secure environment. The new site will be formally unveiled at an all-day event for in-house counsel in New York City on June 20. The site will launch in late June or early July. The In the House organization was founded in 2011 by Christopher Colvin, then an attorney with an AmLaw 100 firm and now a partner at the IP law firm Eaton & Van Winkle . He saw in-house counsel as isolated from their peers at other companies and believed they would benefit from a networking forum. The organization sponsors educational and social programs for in-house lawyers and provides various practice-support materials and resources. It says it has 23,000 members. Access to the site will be free for any in-house counsel who registers. For an annual fee of $95, in-house counsel can purchase a full membership, which gives them access to the site, free attendance at live events, and other members-only materials. The site is being built on a platform provided by HighQ , a company that provides secure collaboration platforms and data rooms for law firms, investment banks and corporations. * * * From what little I know about this site so far, it sounds similar in concept to Legal OnRamp , a professional networking and collaboration site started in 2007 by the general counsel of nine blue chip companies, led by Mark Chandler, general counsel at Cisco. Its goal similarly was to create an online collaboration and content-sharing network primarily for in-house counsel, although membership could also be granted to outside counsel based on the fit of their practice and their willingness to contribute to the site. Legal OnRamp's CEO was Paul Lippe, a former general counsel who is now familiar to many for the column he writes for the ABA Journal, The New Normal . Legal OnRamp eventually morphed into a company, OnRamp Systems, that marketed several collaboration and analysis tools for corporate counsel and their outside firms. While the focus turned more to the products, the network continues to operate.

top

Free WiFi, phone chargers, cooler design - can NYC make buses hip? (CSM, 18 May 2016) - The Metropolitan Transportation Authority (MTA) has embarked on an ambitious plan to modernize public transportation in New York. On Tuesday, New York Gov. Andrew Cuomo (D) announced the first next-generation public transit bus had arrived in New York City. The bus is the first of 75 that will be launched this year to address a growing problem of out-dated and overcrowded transport in the region with more modern designs and digital features to satisfy an increasingly wired public. The MTA is the largest transportation network in the country, commuting over a 5,000-square-mile area with 15.2 million people. In total, the agency has a fleet of 5,667 buses that service more than on an average weekday, according to MTA statistics. Of those, 2,042 buses are now set to be replaced with new, high-tech models over the next five years. All of the new buses will have free WiFi for passengers and USB charging ports line the top of the buses above the windows. Thousands of buses new and old will also be fitted with new information screens. Also at the announcement event, a new free app that will allow riders to buy tickets for metro and train lines via their phones was shown to have successfully passed its first field test. It would be available for all riders by the end of 2016. The new buses and MTA eTix app are just one part of a bold and expensive ( $29 billion ) new Capital Project that was passed in October 2015 to revitalize the MTA.

top

Elsevier buys SSRN (Cory Doctorow on Boing Boing, 18 May 2016) - Elsevier is one of the world's largest scholarly publishers and one of the most bitter enemies that open access publishing has; SSRN is one of the biggest open access scholarly publishing repositories in the world: what could possibly go wrong? As renowned security academic Matt Blaze pointed out in a series of tweets , there is a common misconception about the role scholarly publishers play in research: the publishers don't pay a cent towards the research, nor do they compensate the researchers for publishing their work; but they do represent a huge cost-center for scholarly institutions in the form of subscription charges, which continue to increase far ahead of inflation. Scholarly publishers are in the business of charging money to show the public the results of research that the public paid to undertake. Elsevier says that nothing will change at SSRN, but there's good cause to be skeptical: it's like if Monsanto bought out your favorite organic farm co-op. Meanwhile, Scihub , a brazen and comprehensive repository of copyright-infringing papers from publishers like Elsevier, has become the major source of reference materials for millions around the world, with inbound links from technical discussions and the New York Times -- there's a confrontation on the horizon, there. Finally, Elsevier and the other scholarly publishers are potentially in a lot of legal trouble. Until recently, the typical academic employment agreement assigned all rights to scholars' work to their institution -- the university or college. But the contracts that scholars signed with the scholarly presses assigned copyright to them -- these are the copyrights that the publishers now assert when they fight over sites like Scihub. The problem is that if the scholars were in a work-made-for-hire situation with their employers, then they didn't have title to the copyright when they signed their contracts. That means that nearly all the publications in the journals before a certain year infringed on university copyrights. Since copyright is strict liability (that is, even if you think you're not infringing, you're still liable for damages) and since it's subject to high statutory damages ($150,000/work!) and since it lasts so long (meaning that all those works are still in copyright, still being infringed upon today), that means that the universities are owed several multiples of the total planetary GDP, each by all the major scholarly presses. That's a hell of a bargaining chip.

top

- and -

Sci-Hub and academic identity theft: An open letter to university faculty everywhere (Scholarly Kitchen, 19 May 2016) - Dear Colleagues: All of you, upon being hired at your institution, were probably assigned a network ID and password. These constitute your network identification credentials - the way in which your campus's computer and security systems recognize you as someone with a particular set of rights to see, use, and manipulate information stored on the campus's network. Your ID and password are probably also what allow you to gain off-site access to licensed information resources purchased on your behalf by the library: online journals and databases, ebooks, and other scholarly products licensed for campus use. At some time in the last year or so, you may have been contacted by an organization called Sci-Hub , which has been providing free access to published scholarship by (among other strategies) gathering the network authentication credentials of faculty members at institutions around the world and using those credentials to copy licensed scholarly publications and create an open database of them. Sometimes Sci-Hub's representatives gather these faculty credentials by simply asking for them, and sometimes they reportedly send deceptive "phishing" messages designed to trick you into sharing those credentials. (Sci-Hub's founder denies that they do this "through the Sci-Hub website"; an interesting three-way email exchange between Sci-Hub, a university administrator who believes his faculty were targeted by Sci-Hub, and an interested third party can be found here .) So far, the Sci-Hub database reportedly contains roughly 50 million articles, most of them obtained by allegedly illegal means . You may well sympathize with Sci-Hub's goal of providing free access to high-cost scholarly and scientific information; after all, there are problems with the current system of scholarly communication, and the high cost of access is one of them. By freeing published scholarship from the chains of toll access and copyright protection and making them freely available to all, it can feel like you are helping a Robin Hood figure rob from the rich and give to the poor. However, by giving someone your network credentials, you're doing something else as well: you're sharing with that person the ability to do lots of interesting things that have nothing to do with providing access to published scholarship. Depending on how access is configured on your campus, these may include: * * *

top

Legal first: California court holds inaccessible website violates ADA (Frederick & Byron, 19 May 2016) - In what appears to be the first court decision of its kind, a California state court held not only that the Americans with Disabilities Act (ADA) applies to websites, but also that in the case of Colorado Bag'n Baggage, the website design and features were sufficiently inaccessible to blind users (using screen reader technology) that the site owner violated ADA as well as the California Unruh Act and is liable for monetary damages and injunctive relief. To review the full option, see Davis v. BMI/BMD Travelware, San Bernardino Superior Court, California, March 21, 2016. * * * Unfortunately, as the opinion is relatively brief, it does not shed much light as to the specific standards or requirements applicable to websites. For example, is WCAG 2.0 AA the standard as has been suggested by some commentators? Or some other standard?

top

Classified legislation: Tracking Congress's library of secret law (Lawfare, 19 May 2016) - Most citizens assume that all of the law Congress writes is public. That is not, in fact, true. Our general norm of publishing law has a significant and largely overlooked legislative exception: classified addenda associated with three annual national security acts. If a four decade-old practice holds, the Intelligence Authorization Act (IAA), the National Defense Authorization Act (NDAA), and the Department of Defense Appropriations Act (DODAA) now moving through Congress will all do part of their lawmaking inside these classified documents. Usually, when people discuss secret law, they are referring to classified or otherwise unpublished presidential orders, Justice Department memoranda, or Foreign Intelligence Surveillance Court decisions. In a recent article , I conclude that this claim of secret law's existence is generally credible and important, and that secret law is being produced by Congress as well. To date, Congress's classified lawmaking has received scant attention outside of a small circle of legislators, committee staff, White House and agency officials, and budgeteers. Yet the public record shows that these addenda govern enormously consequential classified U.S. government activities, including surveillance, covert action, and the use of missile-armed drones. By using the term "secret law" to describe what Congress is doing here, I do not mean to suggest anything nefarious. Having served in all three branches of government, including in the Intelligence Community, I have the greatest regard for the public servants who draft and implement secret law, and for the very real national security considerations that drive its creation. I mean only that there is a body of law that meets the following definition: legal authorities that require compliance that are classified or otherwise unpublished. In this post I outline the origins, purposes, and dilemmas of these classified legal authorities, and the varieties of legislative references to them. I summarize the findings of my empirical analysis , recently published in the Harvard National Security Journal . The addenda are an example of a broader three-branch phenomenon of non-published law that we can reasonably term secret law―one with which the nation needs to come to terms. * * *

top

The slippery business of plagiarism (InsideHigherEd, 24 May 2016) - Plagiarism is a widespread problem around the world. It can take various forms - copying and pasting text without acknowledging its source, "recycling" or self-plagiarism (presenting the same paper several times as original), purchasing papers from an agency or a ghostwriter and submitting them as one's own. With the benefit of new technologies, cheating is booming, such that some countries are describing a 'plagiarism epidemic'. In the United Kingdom, for example, almost 50,000 university students were caught cheating from 2012 to 2015. This is only the reported cases - how many more cases remain undetected? Students, especially those who come from corrupt environments where plagiarism is prevalent but ignored or seen as a trivial offense, need better guidance about the consequences of violating the rules of academic integrity. For example, during the academic year 2014-2015, the Department of Immigration in Australia cancelled 9,250 international student visas - plagiarism was one of the reasons cited in addition to other forms of academic misconduct[2]. Students need to understand that plagiarism during the course of their university studies could have significant repercussions - not only in the short-term, but also for their future careers Some famous politicians have been implicated in plagiarism scandals. Following the public scandal revolving around plagiarism identified in their dissertations, German Defense Minister Karl-Theodor zu Guttenberg resigned in 2011 and German Education Minister Annette Schavan in 2013. Evidence of plagiarism was found in the dissertation of Ursula von der Leyen, the current German Defense Minister. Igor Danchenko and Clifford Gaddy, scholars at the Brookings Institute, found extensive plagiarism in the dissertation of Russian President, Vladimir Putin, "Strategic Planning of the Reproduction of the Mineral Resource Base of a Region under Conditions of the Formation of Market Relations (St. Petersburg and Leningrad Oblast)," which he'd successfully defended at the St. Petersburg Mining Institute in 1997. U.S. Vice President Joe Biden was thwarted by a plagiarism scandal that dated back to his law school years and that ended his 1988 presidential campaign. [ Polley : In 2006, I spotted evidence of repeated plagiarism in a draft article submitted by a law professor . Talk about modeling bad behavior.]

top

Apps in Law -- new website reviewing apps for lawyers (iPhone JD, 26 May 2016) - Apps in Law is a new website which launched this week and which highlights the best apps for lawyers. The site is published by Brett Burney , an e-discovery consultant based in Ohio who has long had his thumb on the pulse of legal technology. Burney was the chair of ABA TECHSHOW in 2015, and because Burney and I have given presentations together in the past, I know first-hand that he knows his stuff - especially when it comes to Apple technology. The format of Apps in Law is to provide a short, focused review of helpful apps, accompanied by a short, fast-paced video showing off the app. The website debuts with reviews of GoodReader (one of the most useful apps in my law practice), Noteshelf, Week Calendar and iAnnotate.

top

NOTED PODCASTS/MOOCS

Long Now (11 May 2016) The Long Now Foundation is making its video archive of the Seminars About Long-Term Thinking (SALT) freely available on its website and on the new Apple apps , allowing people to stream the SALT Seminars on Apple TV and their iOS devices. The free iOS apps feature videos of The Long Now Foundation's latest Seminars, including those by author and Nobel prize winner Daniel Kahneman; author Neil Gaiman; English composer and record producer Brian Eno; oceanographer Sylvia Earle; biotechnologist, biochemist and geneticist, Craig Venter; WIRED's founding executive editor Kevin Kelly; author and MacArthur Fellow Elaine Pagels; Zappos CEO Tony Hsieh; biologist Edward O. Wilson; author and food activist Michael Pollan; and psychologist Dr. Walter Mischel, creator of The Marshmallow Test. The Long Now Foundation Seminars, which are hosted by Stewart Brand, are online and available in the iTunes store as a free app and audio podcast . The iOS app initially launched with 50 Seminars, with new videos added monthly as part of the Foundation's ongoing lecture series. The Seminars are free to watch, and are made available through the generous donations of the members and sponsors of The Long Now Foundation. [ Polley : I've been a paying member here for years; their monthly seminars are usually fantastic; they do not typically address legal matters, but I highly recommend them; I'm planning on visiting their space The Interval when I'm in San Francisco for the ABA Annual meeting.]

top

RESOURCES

Samuelson on copyright's Merger Doctrine (MLPB, 10 May 2016) - Pamela Samuelson, University of California, Berkeley, School of Law, is publishing Reconceptualizing Copyright's Merger Doctrine in volume 63 of the Journal of the Copyright Society of the U.S.A. Here is the abstract: Under the merger doctrine of U.S. copyright law, courts sometimes find original expression in a work of authorship to be "merged" with the idea expressed, when that idea is incapable of being expressed, as a practical matter, in more than one or a small number of ways. To be true to the principle that copyright law does not extend its protection to ideas, courts have held in numerous cases that the merged expression is unprotectable by copyright law. This Article, which memorializes the 2015 Brace Lecture, identifies and dispels eight myths about the merger doctrine, including the myth that the doctrine was borne in the Supreme Court's Baker v. Selden decision. It also discusses merger in relation to other copyright doctrines, such as scenes a faire, originality, and the exclusion of processes embodied in copyrighted works. Finally, it considers various functions of the merger doctrine, such as averting unwarranted monopolies, policing the boundaries between copyright and patent law, and enabling the ongoing progress of knowledge.

top

Intelligence services, peer constraints, and the law (Lawfare, 10 May 2016) - Zachary Goldman and Samuel Rascoff recently released Global Intelligence Oversight: Governing Security in the Twenty-First Century . The edited volume "is a comparative investigation of intelligence oversight systems in democratic countries, which focuses on some of the new dynamics shaping and constraining intelligence services, and the range of purposes a holistic approach to oversight should serve." This week, Lawfare is hosting a mini-forum where contributing authors discuss their chapters. As Lawfare readers know, the post-9/11 years have been replete with substantive public debates about the legality, morality, and public wisdom of various U.S. intelligence activities, ranging from the NSA's electronic surveillance to the CIA's detention, interrogation, and rendition program. Nor have the intelligence activities of other states been immune from scrutiny: surveillance by the UK's Government Communications Headquarters, Israel's alleged targeting of Iranian nuclear scientists, and Russian and Chinese cyber-espionage have all come under the microscope. Alongside debates about the substance of intelligence activities are debates about the role and efficacy of intelligence oversight in constraining and modulating these intelligence activities. When most people think about intelligence community oversight, they tend to focus on domestic actors and to analyze overseers prescribed in law: parliamentary committees, inspectors general, and courts. These days, they might also think about the media and non-governmental organizations, which play a less formalized but important watchdog role over intelligence activities. Yet even this range and quantity of oversight frequently proves insufficient and unsatisfying in capturing some of the most prominent forces that shape and regulate intelligence activities.

top

What Consumers "Buy" When They Buy Digital Media (Public Citizen, 21 May 2016) - Aaron Perzanowski of Case Western Reserve and Chris Jay Hoofnagle of Berkeley have written What We Buy When We 'Buy Now', 165 University of Pennsylvania Law Review (Forthcoming 2017 ), Here's the abstract: Retailers such as Apple and Amazon market digital media to consumers using the familiar language of product ownership, including phrases like "buy now," "own," and "purchase." Consumers may understandably associate such language with strong personal property rights. But the license agreements and terms of use associated with these transactions tell a different story. They explain that ebooks, mp3 albums, digital movies, games, and software are not sold, but merely licensed. The terms limit consumers' ability to resell, lend, transfer, and even retain possession of the digital media they acquire. Moreover, unlike physical media products, access to digital media is contingent - it depends on shifting business models, the success and failure of platforms, and often on the maintenance and availability of DRM authentication systems years after the consumer clicked "buy now."

This article presents the results of the first-ever empirical study of consumers' perceptions of the marketing language used by digital media retailers. We created a fictitious Internet retail site, surveyed a nationally representative sample of nearly 1300 online consumers, and analyzed their perceptions through the lens of false advertising and unfair and deceptive trade practices. The resulting data reveal a number of insights about how consumers understand and misunderstand digital transactions. A surprisingly high percentage of consumers believe that when they "buy now," they acquire the same sorts of rights to use and transfer digital media goods that they enjoy for physical goods. The survey also strongly suggests that these rights matter to consumers. Consumers are willing to pay more for them and are more likely to acquire media through other means, both lawful and unlawful, in their absence. Our study suggests that a relatively simple and inexpensive intervention - adding a short notice to a digital product page that outlines consumer rights in straightforward language - is an effective means of significantly reducing consumers' material misperceptions.
 Sales of digital media generate hundreds of billions in revenue, and some percentage of this revenue is based on deception. Presumably, if consumers knew of the limited bundle of rights they were acquiring, the market could drive down the price of digital media or generate competitive business models that offered a different set of rights. We thus turn to legal interventions, such as state false advertising law, the Lanham Act, and federal unfair and deceptive trade practice law as possible remedies for digital media deception. Because of impediments to suit, including arbitration clauses and basic economic disincentives for plaintiffs, we conclude that the Federal Trade Commission (FTC) could help align business practices with consumer perceptions. The FTC's deep expertise in consumer disclosures, along with a series of investigations into companies that interfered with consumers' use of media through digital rights management makes the agency a good fit for deceptions that result when we "buy now."

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Court rules Google cache constitutes fair use (EFF, 25 Jan 2006) -- A federal district court in Nevada has ruled that the Google Cache feature does not infringe U.S. copyright law. The ruling clarifies the legal status of several common search engine practices and could influence future court cases, including the lawsuits brought by book publishers against the Google Library Project. Case name is Field v. Google. Decision at http://www.eff.org/IP/blake_v_google/google_nevada_order.pdf

[ Polley : amusing that this EFF link has rotted!]

top

MySpace moves into digital music business (Reuters, 2 Sept 2006) -- MySpace, the wildly popular online teen hangout, said on Friday it will make its first move into the digital music business by selling songs from nearly 3 million unsigned bands. MySpace is the latest company to try to take on Apple Computer Inc.'s iTunes Music Store, but unlike many other start-up rivals, it already boasts 106 million users, as well as the backing of parent company News Corp. "The goal is to be one of the biggest digital music stores out there," MySpace co-founder Chris DeWolfe told Reuters. "Everyone we've spoken to definitely wants an alternative to iTunes and the iPod. MySpace could be that alternative." In the past year, MySpace.com has become the single most visited Internet address among U.S. Web users, according to Hitwise, with mainly teenagers and young adults using the site to socialize, share music and photographs. Before the end of 2006, De Wolfe said MySpace will offer independent bands that have not signed with a record label a chance to sell their music on the site. MySpace says it has nearly 3 million bands showcasing their music. Songs can be sold on the bands' MySpace pages and on fan pages, in non-copyright-protected MP3 digital file format, which works on most digital players including Apple's market-dominating iPod.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. Aon's Technology & Professional Risks Newsletter

5. Crypto-Gram, http://www.schneier.com/crypto-gram.html

6. Steptoe & Johnson's E-Commerce Law Week

7. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

8. The Benton Foundation's Communications Headlines

9. Gate15 Situational Update Notifications, http://www.gate15.us/services.html

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose.

top

Saturday, May 07, 2016

MIRLN --- 17 April – 7 May 2016 (v19.07)

MIRLN --- 17 April - 7 May 2016 (v19.07) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | LOOKING BACK | NOTES

Target's cyber insurance: a $100 million policy vs. $300 million (so far) in costs (Patterson Belknap, 7 April 2016) - When it comes to buying cyber insurance, businesses can take comfort that they have mitigated the financial risks that come with a data breach. Just not all of them. Target Corporation's high-profile hack is a case in point. In a securities filing last week, Target said costs associated with its 2013 holiday season data breach - which exposed the personal information of more than 100 million customers - are approaching $300 million. As of January 2016, Target has incurred $291 million in breach-related costs including legal fees, crisis communications and forensics costs. Of that amount, less than one-third or about $90 million is expected to be covered by cyber insurance. At the time of the breach, Target had $100 million in cyber insurance coverage from multiple underwriters, on top of a $10 million deductible. According to its public filings, Target's cyber insurance policy contained a $50 million sublimit for settlements with payment card networks. In 2015, Target entered into settlement agreements with all four of its major credit card providers, which are in various stages of court approval. Visa, for example, cut a $67 million deal with Target. MasterCard later entered into a $19 million settlement. But Target hasn't disclosed whether its settlements with the credit card companies will come from a portion of the cyber insurance, subject to the sublimit, or if those settlements will be funded by other sources (such as its corporate general liability policy or from its operations). And the financial pain isn't close to over. Although Target has resolved many of the more than 100 lawsuits filed after the breach, it still faces several shareholder class action lawsuits, a separate lawsuit filed in Canada and ongoing investigations by State Attorneys General and the U.S. Federal Trade Commission. Several industry analysts forecast that Target's breach-related losses will reach $1 billion. After disclosure of the breach in early 2014, Target's profit was cut in half - down 46 percent over the same period the year before.

- and -

Federal appeals court holds data breach class action triggers insurer's duty to defend under general liability policy (Holland & Hart, 15 April 2016) - A federal court of appeals held that general insurance policies cover a data breach class action in a case that is highly likely to impact how courts throughout the country resolve insurance claims related to cyberattacks and policy renewal negotiations. On April 11, 2016, the United States Court of Appeals for the Fourth Circuit upheld a trial court's finding that Travelers Indemnity Company of America is required to defend Portal Healthcare Solutions, LLC in a class action filed in New York. In the original case, two plaintiffs filed a class action alleging that Portal failed to safeguard their confidential medical records when they were made publicly accessible on the internet. Travelers filed a separate action seeking a declaratory judgment that it was not required to defend Portal. Travelers argued that the class representatives had not alleged that Portal had "published," given "undue publicity," or "disclosed" the plaintiffs' information to any third party, to trigger coverage under the policies. Applying Virginia law, the trial court disagreed, finding that it was required to follow the "Eight Corners Rule" by looking to the four corners of the class action complaint to determine whether it alleged grounds for liability "potentially or arguably covered" by the four corners of the insurance policies. The trial court concluded that since the policies did not define the operative terms "publication," "unreasonable publicity," or "disclose," those terms would be given their plain and ordinary meaning. Citing common dictionaries, the court found that the tort alleged in the class action - i.e., exposing the plaintiffs' medical records online - constituted publication, unreasonable publicity, and disclosure of the medical records even if the only individuals who actually saw the records were the plaintiffs. Thus, the court concluded, Travelers was required to provide a defense to Portal. The Fourth Circuit upheld the trial court's ruling, holding that the trial court correctly applied the Eight Corners Rule, particularly because "under Virginia law, an insurer's duty to defend an insured is broader than its obligation to pay or indemnify an insured" and that "the insurer must use language clear enough to avoid ambiguity if there are particular types of coverage that it does not want to provide." Although the Fourth Circuit was interpreting Virginia law, most jurisdictions throughout the United States - including Utah - apply the Eight Corners Rule and, even where the rule is articulated differently, as in Colorado, courts universally hold that insurance companies have a broad duty to defend. The ruling has significant implications for claims under existing or prior policies. First, companies that are or have been the target of cyberattacks likely have a strong claim that their existing general insurance policies cover any ensuing litigation related to the cyberattacks. Because a company may not discover that it was the target of a cyberattack until months or years afterwards, insurance companies will likely have to cover significant claims covered by current or prior policies for years to come. [ See also Do you need cyber insurance or will your CGL policy be enough? (Womble Carlyle, 25 April 2016)]

Santa Clara County: High-tech police spying rules take shape (Mercury News, 18 April 2016) - Santa Clara County officials are poised to approve sweeping rules governing police use of cell phone trackers and other spying technology that advocates say will be a model for the nation but that cops worry could hamper investigations. "Santa Clara County is asking and answering the right questions," said Nicole Ozer of the ACLU's Northern California chapter. "It's going to be a model for moving forward for other cities and counties." But the sheriff's and district attorney's offices have both said that the ordinance could prove cumbersome because of the need to report on what's being done in the field with surveillance technology. County Supervisor Joe Simitian's proposal for an electronic surveillance ordinance has been in the works since late 2014. Such privacy concerns have garnered greater scrutiny in Santa Clara County since then because of the sheriff's plan, since suspended, to quietly acquire a cellphone tracking device commonly called a Stingray. Similar conflicts over police spying and privacy have arisen numerous times locally and around the nation. Examples include the San Jose Police Department's acquisition of a drone, the use and retention of information captured on license plate readers and the creation of a "Domain Awareness Center" electronic information aggregation hub in Oakland. * * * Simitian's ordinance, which is being finalized and expected to go before the full board sometime in May, goes much further and mandates that government agencies publicly establish a policy before any new surveillance technology is acquired or used. It also requires annual reports on how the technology is used and what the results have been. What makes it different from other ordinances around the nation is that rather than target named gadgets, the language encompasses any surveillance-related technology, including what can't be foreseen. Simitian has called it "future-proof."

New data: Americans are abandoning wired home internet (WaPo, 18 April 2016) - For the most part, America's Internet-usage trends can be summed up in a few phrases. The Internet is now so common as to be a commodity; the rich have better Internet than the poor; more whites have Internet than do people of color ; and, compared with low-income minorities, affluent whites are more likely to have fixed, wired Internet connections to their homes. But it may be time to put an asterisk on that last point, according to new data on a sample of 53,000 Americans. In fact, Americans as a whole are becoming less likely to have residential broadband, the figures show: They're abandoning their wired Internet for a mobile-data-only diet - and if the trend continues, it could reflect a huge shift in the way we experience the Web. The study, which was conducted for the Commerce Department by the U.S. Census Bureau, partly reaffirms what we already knew. Low-income Americans are still one of the biggest demographics to rely solely on their phones to go online. Today, nearly one-third of households earning less than $25,000 a year exclusively use mobile Internet to browse the Web. That's up from 16 percent of households falling in that category in 2013. And they're often cited as evidence of a major digital divide; struggling families with little money to afford a home Internet subscription must resort to free public WiFi at libraries and even McDonald's to do homework, look for jobs and find information. But as the chart above shows, even people with higher incomes are ditching their wired Internet access at similar or even faster rates compared with people who don't earn as much. In 2013, 8 percent of households making $50,000 to $75,000 a year were mobile-only. Fast-forward a couple of years, and that figure now stands at 18 percent. Seventeen percent of households making $75,000 to $100,000 are mobile-only now, compared with 8 percent two years ago. And 15 percent of households earning more than $100,000 are mobile-only, vs. 6 percent in 2013.

9 years prison, $1.7 million fine for malicious law firm insider (Dark Reading, 18 April 2016) - A former IT engineer for a Dallas law firm was sentenced to 115 months in prison and ordered to pay $1.697 million in restitution for a destructive computer attack he committed against his former employer in 2011. The sentencing comes in the wake of a flurry of attacks on law firms and the highly publicized leak at Panamanian law firm Mossack Fonseca . Anastasio N. Laoutaris, 41, of Spring, Texas, was an IT engineer for Locke Lord LLP from 2006 to August 2011. On Dec.1 and Dec. 5, 2011, four months after his employment there ended, Laoutaris accessed Locke Lord's systems without authorization and according to court documents, issued commands that caused "significant damage" to the network, "including deleting or disabling hundreds of user accounts, desktop and laptop accounts, and user e-mail accounts." Laoutaris was convicted of two counts of intentionally accessing a computer network without authorization and intentionally issuing commands and codes that caused damage to the network.

State data breach notification laws just got crazier (Law Technology Today, 19 April 2016) - * * * Tennessee recently added even more complexity to these complicated, confusing and outright contradictory state requirements. Effective July 1, 2016, the Tennessee definition of what constitutes a "breach of the security of the system" that triggers notice includes not only the loss of unencrypted data but encrypted data as well (if that data includes personally identifiable information of Tennesseans). Tennessee is the first state in the country to eliminate a safe harbor from data breach notice obligations where the breach involves encrypted data. All the other states with data breach notification statutes specifically provide this safe harbor from notice for encrypted data. The Tennessee action is all the more amazing given that encryption of personal data is a data security best practice, particularly for data in transit and is the current state of the art. * * * On its face, the Tennessee law still provides that a notice of a breach requires that the unauthorized access of data "materially compromise the security, confidentiality or integrity of personal information" and that notice is required where personal information is "reasonably believed to have been acquired". In doing so, Tennessee's law is consistent with that of some 41 other states all of whom provide a safe harbor for encrypted data. Under these "risk of harm analysis" statutes, its indeed possible to argue that where the data is encrypted, then there is no such material compromise and no reasonable belief that personal information has been acquired. But in Tennessee at least, the burden of showing these criteria are met is now higher since losing encrypted data is no longer per se exempt from notice requirements. * * *

Lawyers accused of Facebook spying can face ethics complaint, state high court rules (WSJ, 19 April 2016) - New Jersey's highest court ruled Tuesday that two defense lawyers accused of spying on a plaintiff's Facebook page can be prosecuted for attorney misconduct. The case dealt with what the court described as a "novel ethical issue." Two defense attorneys in New Jersey are accused of snooping on the private Facebook account of a plaintiff suing their client. The Facebook account was at first publicly viewable. But after the plaintiff tightened the settings and put his profile page behind a privacy wall, the lawyers didn't stop monitoring it. A paralegal at their firm was able to get access by sending a Facebook friend request to the plaintiffs without revealing her employer. The New Jersey Supreme Court wasn't deciding if the two lawyers violated ethics or should face sanction. The court was ruling on whether the head of the state's attorney disciplinary body could prosecute the lawyers for alleged Facebook spying after a regional disciplinary body chose to drop the case. The local body didn't think the lawyers' actions, even if proven, constituted unethical conduct. The director of the New Jersey Office of Attorney Ethics, an arm of the state judiciary, disagreed and filed a complaint against the defense attorneys. The state's high court Tuesday unanimously ruled that the misconduct case could go forward. ( You can read the opinion here .) * * * Bar association guidelines have discouraged lawyers from monitoring personal profile pages of jurors, witnesses and opposing parties if access to the content requires special permission.

Federal judge rules FBI didn't have proper warrant to hack child porn site (TechCrunch, 20 April 2016) - A federal judge ruled today that the FBI did not obtain the proper warrant before hacking a child porn website and that the evidence it collected against one of the defendants, Alex Levin, must be suppressed. The case centers on a child porn site called Playpen, which was hosted on a hidden Tor service intended to conceal users' identities. The FBI seized the site's server in February of last year, but instead of shutting it down, the agency continued to run the site on its own server for several weeks. During that period, the FBI implemented its own hacking tool, referred to as a network investigative technique (NIT), to collect the IP addresses of visitors to the site. The FBI is thought to have obtained thousands of IP addresses during the investigation. One of the IP addresses allegedly belonged to Levin, a Massachusetts man who is charged with possession of child pornography. Levin's public defender successfully argued that the warrant the FBI used to authorize the NIT was not valid because it was issued by a magistrate judge in Virginia, and Levin's computer - located at his home in Massachusetts - was outside that judge's jurisdiction. In today's ruling, Judge William G. Young said that the evidence against Levin, including "eight media files allegedly containing child pornography," must be suppressed. "The court concludes that the NIT Warrant was issued without jurisdiction and thus was void," Young wrote. "It follows that the resulting search was conducted as though there were no warrant at all." Young also expressed skepticism at the ethics of the FBI running a child porn site. "Unlike those undercover stings where the government buys contraband drugs to catch the dealers, here the government disseminated child obscenity to catch the purchasers - something akin to the government itself selling drugs to make the sting," he wrote. [ Polley : Recent USSC proposed changes to FRCrimPro Rule 41 reportedly would change this outcome. See , following two stories.]

- and -

Privacy watchdogs vow to fight 'dystopian' Rule 41 (Kaspersky's ThreatPost, 2 May 2016) - The Supreme Court is moving to expand the FBI's hacking authority with Criminal Rule 41, an amendment to federal criminal procedures that makes it easier for the FBI to access computers remotely when their locations are unknown. Privacy watchdogs are blasting the proposed change saying it would allow the government to hack into phones and seize computers remotely. The change was issued by the Supreme Court last week and now heads to Congress, which has until Dec. 1 to either block or pass the provision. The controversial Rule 41 attempts to make it easier for law enforcement to track down cyber criminals who use tools such as Tor, botnets or malware to mask their true location. Rule 41 allows law enforcement to request from judges a warrant that permits the use of remote access tools "to search electronic storage media and to seize or copy electronically stored information located within or outside that district." Typically, a judge's authority to authorize search warrants is limited by his or her jurisdiction. Rule 41 allows judges to issue a search warrant across state lines to penetrate computers outside their jurisdiction or even outside the U.S. EFF along with privacy advocates Access Now are both fighting Rule 41 and submitted joint testimony to the Advisory Committee on Criminal Rules. * * * Rule 41 goes too far, according to Senator Ron Wyden, a Democrat from Oregon. In a statement issued last week he said, "Under the proposed rules, the government would now be able to obtain a single warrant to access and search thousands or millions of computers at once; and the vast majority of the affected computers would belong to the victims, not the perpetrators, of a cybercrime." Wyden plans to introduce legislation to reverse the Rule 41 amendment.

- and -

TOR and VPN users will be target of government hacks under new spying rule (TechWorm, 2 May 2016) - * * * The new rule will affect millions of Tor and VPn users. Many Facebook users are already preferring Tor to surf FB. As of April, over one million people use Tor just to browse Facebook, the social media giant noted in a blog post. Rule 41, in its current form, stipulates that magistrate judges can only authorize searches within their own jurisdiction. The amendment would allow them to issue warrants to hack into and seize information on a computer if its location has been "concealed through technical means." Absence of opposition to the rule could mean that we have a subversive spying campaign against Tor and VPN users around the world without even the user knowing it.

How M&A activity can open the door to cyber threats (Security Week, 21 April 2016) - Mergers and acquisitions (M&A) can be exciting, offering companies a significant platform for growth. According to the Deloitte M&A Index 2016, global M&A activity reached record-breaking deal values in 2015 at over $4 trillion, with the resulting deals expected to add $1.5 to $1.9 trillion in value to these companies. But while mergers and acquisitions propel companies forward, the M&A process also fuels significant opportunities for cyber criminals. Failure to secure sensitive information during this time opens the door to threat actors looking to profit by exploiting financial markets and proprietary intellectual property (IP). Understanding the cyber risks present along the M&A process is the first step toward mitigating the risk. While each process will have its own nuances, all tend to follow five general stages. Along each stage new risks emerge and advanced attackers, well-versed in corporate espionage techniques, stand to profit. Here's a brief look at each of the stages and the types of risks and possible degradations in security posture that may occur. * * *

- and -

Cybersecurity is an enterprise risk in M&A deals (BNA, 25 April 2016) - Companies involved in a merger or acquisition must be cognizant of cybersecurity risks or face possible grave financial and reputational harm, privacy attorneys told Bloomberg BNA. To avoid potential pitfalls, companies on both sides of the deal need to pay close attention to insider threats and cybersecurity risks involved in the due diligence process. Merging companies must also prepare for the potential hazards incorporating new technology into an existing company. Ultimately the acquiring company needs to appropriate the necessary level of cybersecurity threat prevention spending. Cybersecurity issues in a deal are "calibrated to the nature of the business being acquired, such as whether the target has confidential materials and personally identifiable information," Jeffrey P. Cunard of Debevoise & Plimpton's Cybersecurity & Data Privacy practice, in Washington, said. * * * [ Polley : The ABA's Cyberspace Law Committee, at invitation from DHS, is working on a best-practices guide for cybersecurity considerations in M&A transactions. For more info, email me.]

Court: Border search warrant exception beats Riley in the 'constitution-free zone' (TechCrunch, 22 April 2016) - The Supreme Court declared in 2014 that law enforcement could no longer perform searches of cellphones incident to arrest without a warrant. The exceptions to this ruling are making themselves apparent already. The area of the United States where the Constitution does not apply -- while still being fully within the borders of the US -- apparently exempts law enforcement from following this ruling in regards to cellphone searches. The Southern District of California has come to the conclusion that border searches are not Fourth Amendment searches and that the government has no need to seek a warrant before searching a cellphone. The court notes the Riley decision says one thing but the "border exception" says another: Heading in one direction is the Supreme Court's bright line rule in Riley: law enforcement officers must obtain a warrant to search a cell phone incident to an arrest. Heading on a different course is the border search exception. The border search exception describes an exception to general Fourth Amendment principles. It is the notion that the government may search without a warrant anyone and anything coming across its border to protect its national sovereignty. Balancing the two competing interests in this case, the court ultimately finds the government's national security interest outweighs citizens' privacy interests. As it weighs this against cases dealing with more elaborate and lengthy device searches at the border, the court basically finds that if the Fourth Amendment is violated by "cursory" searches of devices, it is only violated a little.

Startup plans to rate lawyers based on court records and win-loss stats (Robert Ambrogi, 25 April 2016) - Two Harvard University undergraduates are preparing to launch a website that will rate lawyers based on publicly available court records. The site, called Legalist , will mine and analyze court records in order to match clients with lawyers who win similar cases based on details and location. It will also profile litigators' win-loss records. The site is currently in beta testing and its developers hope to launch it in late summer or early fall. The testing phase is using only Massachusetts cases and the initial launch will start with Massachusetts lawyers. The developers plan to then begin rolling out the service to other states, beginning with the most-populous ones. * * *

LexisNexis unveils visualization map feature for case law research (Robert Ambrogi, 27 April 2016) - A new visualization tool for case law research in Lexis Advance is being announced today by LexisNexis Legal & Professional . Called Search Term Maps, the tool color codes and maps your search terms so that you can more easily assess the significance of a case and navigate to key passages. Search Term Maps is being rolled out now in limited release and will be added as core functionality to all Lexis Advance accounts later this summer, LexisNexis said. The new tool places a Search Term Location Bar at the top of every case and also within each item in your search results. It also color-codes each of up to five search terms. The location bar shows where in the case each of the color-coded terms appears. This lets you quickly see where terms appear, how often they appear and where terms are clustered within the case.

Verizon's 2016 Data Breach Investigations Report released (Ride the Lightning, 27 April 2016) - Verizon's 2016 Data Breach Investigations Report has been released and may be downloaded here . I will take time to read the entire report, but Dark Reading reported yesterday that legitimate user credentials were used in most data breaches, with 63% of them using weak, default or stolen passwords. Marc Spitler, senior manager at Verizon Security Research, and co-author of the report, found the high percentage startling. Stolen credentials topped the list of threat action types among attacks that used legitimate credentials, followed by malware, phishing and keyloggers. The report draws from more than 100,000 security incidents worldwide in 2015, 3,141 of which were actual data breaches.

The government wants your fingerprint to unlock your phone. Should that be allowed? (LA Times, 30 April 2016) - As the world watched the FBI spar with Apple this winter in an attempt to hack into a San Bernardino shooter's iPhone , federal officials were quietly waging a different encryption battle in a Los Angeles courtroom. There, authorities obtained a search warrant compelling the girlfriend of an alleged Armenian gang member to press her finger against an iPhone that had been seized from a Glendale home. The phone contained Apple's fingerprint identification system for unlocking, and prosecutors wanted access to the data inside it. It marked a rare time that prosecutors have demanded a person provide a fingerprint to open a computer, but experts expect such cases to become more common as cracking digital security becomes a larger part of law enforcement work. The U.S. Supreme Court has held that police can search phones with a valid warrant and compel a person in custody to provide physical evidence such as fingerprints without a judge's permission. But some legal experts say there should be a higher bar for biometric data because providing a fingerprint to open a digital device gives the state access to a vast trove of personal information and could be a form of self-incrimination. "It isn't about fingerprints and the biometric readers," said Susan Brenner, a law professor at the University of Dayton who studies the nexus of digital technology and criminal law, but rather, "the contents of that phone, much of which will be about her, and a lot of that could be incriminating." But Albert Gidari, the director of privacy at Stanford Law School's Center for Internet and Society, said the action might not violate the 5th Amendment prohibition of self-incrimination. "Unlike disclosing passcodes, you are not compelled to speak or say what's 'in your mind' to law enforcement," Gidari said. "'Put your finger here' is not testimonial or self-incriminating." [ Polley : The law here has been pretty settled, but Prof. Brenner makes a good point; maybe the law here shouldn't be so settled. See also 2.5-year-old article Apple's fingerprint id may mean you can't 'take the Fifth' (Marcia Hofmann in Wired, 12 Sept 2013)]

Introducing TACC (InsideHigherEd, 2 May 2016) - It is with pleasure that I introduce a unique, new information management and cybersecurity program hosted by the University of Massachusetts Amherst: Trust, Assurance and Cybersecurity Certificate Program ! As a bona fide academic program consisting of four courses and 15 credits, it is unique because it occupies a space between matriculated degree programs in cybersecurity and non-academic "little c" certificates such as CISSP or SANS. It is also much more than cybersecurity. Trust and assurance speak to Internet governance, law, policy, regulatory compliance, information privacy and security management. Hence the name, and acronym, TACC. TACC is designed to fill gaps in the academic understanding and working practice of information risk management. Long recognized as a moving target, information management has remained for over a decade in the top tier of IT issues for higher education … and for corporate American writ large. Intervening issues such as the Apple iPhone case for electronic surveillance or GAFE for consumer and enterprise privacy, for example, intersect with the requirements for sound privacy and security practices in formation of cloud computing contracts. In a world without global Internet governance, cybersecurity remains a paramount challenge. The course work for TACC touches on all of these issues as well as in the implementation of risk assessment and operational policy, technical cybersecurity and information management programs in a corporate environment - including profit and not-for-profit institutions, education and government.

Rethinking knowledge in the internet age (David Weinberger writing on LARB, 2 May 2016) - The internet started out as the Information Highway, the Great Emancipator of knowledge, and as an assured tool for generating a well-informed citizenry. But, over the past 15 years, that optimism has given way to cynicism and fear - we have taught our children that the net is a swamp of lies spun by idiots and true believers, and, worse still, polluted by commercial entities whose sole aim is to have us click to the next ad-riddled page. Perhaps our attitude to the net has changed because we now see how bad it is for knowledge. Or perhaps the net has so utterly transformed knowledge that we don't recognize knowledge when we see it. For philosopher Michael P. Lynch, our fears are warranted - the internet is a wrong turn in the history of knowledge. "Information technology," Professor Lynch argues in his new book, The Internet of Us , "while expanding our ability to know in one way, is actually impeding our ability to know in other, more complex ways." He pursues his argument with commendable seriousness, clarity, and attunement to historical context - and yet he misses where knowledge actually lives on the net, focusing instead on just one aspect of the phenomenon of knowledge. * * * [ Polley : interesting and thoughtful.]

The Australian government decides it's really into Bitcoin (Mashable, 3 May 2016) - Is it because the creator of Bitcoin could, just maybe, be an Aussie ? The day after the mysterious Craig Wright told news outlets he was the father of Bitcoin, which many people continue to very much doubt , the Australian government included a number of crypto-currency-friendly measures in its 2016 budget. Tuesday night local time, the government repeated its proposal, first announced by Treasurer Scott Morrison in March, to end the double taxation of Bitcoin in Australia. The Australian Taxation Office currently treats Bitcoin as a commodity rather than a currency, meaning both the Bitcoin transaction and the goods purchased are liable for a 10% Goods and Services Tax (GST). In its budget, the government also flagged that Data61, the data innovation arm of Australia's peak science body, the CSIRO, would investigate the possible use of the blockchain in the public and private sector. A number of Australian banks have already indicated their interest in the technology.

Long-form reading shows signs of life in our mobile news world (Pew Research, 5 May 2016) - In recent years, the news media have followed their audience's lead and gone mobile, working to make their reporting accessible to the roughly seven-in-ten American adults who own a smartphone. With both a smaller screen size and an audience more apt to be dipping in and out of news, many question what kind of news content will prevail. One particular area of uncertainty has been the fate of long, in-depth news reports that have been a staple of the mainstream print media in its previous forms. These articles - enabled by the substantial space allotted them - allow consumers to engage with complex subjects in more detail and allow journalists to bring in more sources, consider more points of view, add historical context and cover events too complex to tell in limited words. A unique, new study of online reader behavior by Pew Research Center, conducted in association with the John S. and James L. Knight Foundation, addresses this question from the angle of time spent with long- versus short-form news. It suggests the answer is yes: When it comes to the relative time consumers spend with this content, long-form journalism does have a place in today's mobile-centric society. To understand how mobile users interact with news, the study utilized audience behavior metrics provided by the web analytics firm Parse.ly , a company that supplies real-time and historical analytics to a broad mix of digital publishers, including over 170 top media companies. The analysis finds that despite the small screen space and multitasking often associated with cellphones , consumers do spend more time on average with long-form news articles than with short-form. Indeed, the total engaged time with articles 1,000 words or longer averages about twice that of the engaged time with short-form stories: 123 seconds compared with 57. This gap between short- and long-form content in engaged time remains consistent across time of day and the pathway taken to get to the news story. However, when looking solely within either short- or long-form content, engaged time varies significantly depending on how the reader got to the article, whether it is midday or evening, and even what topic the article covers, according to the study. * * *

RESOURCES

Simonson on the right to record the police (MLPB, 15 April 2016) - Jocelyn Simonson, Brooklyn Law School, is publishing Beyond Body Cameras: Defending a Robust Right to Record the Police in volume 104 of the Georgetown Law School (2016). Here is the abstract: This symposium essay articulates and defends a robust First Amendment right to record the police, up to the point that the act of filming presents a concrete, physical impediment to a police officer or to public safety. To the extent that courts have identified the constitutional values behind the right to record, they have for the most part relied on the idea that filming the police promotes public discourse by facilitating the free discussion of governmental affairs. Like limiting the gathering of news, limiting the filming of the police constricts the information in the public sphere from which the public can draw and debate. I contend that this account of the constitutional values behind the right to record is correct but incomplete, for it sets aside the ways in which the act of recording an officer in the open is a form of expression in the moment, a gesture of resistance to the power of the police over the community. In order to flesh out this function of civilian recording as resistance, this essay contrasts civilian filming of the police with the use of police-worn body cameras: while both forms of film are useful to deter misconduct and document police activity, only civilian filming allows civilians to express ownership over their streets and neighborhoods. Ultimately, I argue that a jurisprudence of the right to record should account for both the benefits to public discourse and the in-the-moment communication to officers that can be found when civilians record the police.

CRS - Protection of Trade Secrets: Overview of Current Law and Legislation (BeSpacific, 25 April 2016) - Protection of Trade Secrets: Overview of Current Law and Legislation, Brian T. Yeh, Legislative Attorney. April 22, 2016.

Copyright Holders, Publicity Rights Holders, and the First Amendment (MLPB, 28 April 2016) - Reid K. Weisbord, Rutgers Law School (Newark), is publishing A Copyright Right of Publicity in volume 84 of the Fordham Law Review (2016). Here is the abstract: This Article identifies a striking asymmetry in the law's disparate treatment of publicity-rights holders and copyright holders. State-law publicity rights generally protect individuals from unauthorized use of their name and likeness by others. Publicity-claim liability, however, is limited by the First Amendment's protection for expressive speech embodying a "transformative use" of the publicity-rights holder's identity. This Article examines for the first time a further limitation imposed by copyright law: when a publicity-rights holder's identity is transformatively depicted in a copyrighted work without consent, the author's copyright can produce the peculiar result of enjoining the publicity-rights holder from using or engaging in speech about her own depiction. This Article offers novel contributions to the literature on copyright overreach and: (1) identifies a legal asymmetry produced in the interplay of publicity rights, copyright law, and the First Amendment; (2) examines the burdens on constitutionally protected speech, autonomy, and liberty interests of publicity-rights holders when copyright law prevents or constrains use of their own depiction; and (3) outlines a framework for recognizing a "copyright right of publicity" to exempt the publicity-rights holder's use from copyright infringement liability. Notably, this Article contributes uniquely to the literature by including a special first-person narrative from an internationally recognized celebrity whose persona was prominently depicted without prior notice or consent in a wide-release feature film.

The Fourth Amendment in the Information Age (by ODNI's GC, Bob Litt; 28 April 2016) - Office of the Director of National Intelligence General Counsel Robert Litt has published a new essay in The Yale Law Journal that will likely be of interest to Lawfare readers. Entitled "The Fourth Amendment in the Information Age" , it begins: To badly mangle Marx, a specter is haunting Fourth Amendment law-the specter of technological change. In a number of recent cases, in a number of different contexts, courts have questioned whether existing Fourth Amendment doctrine, developed in an analog age, is able to deal effectively with digital technologies. Justice Sotomayor, for example, wrote in her concurrence in United States v. Jones, a case involving a GPS tracking device placed on a car, that "the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties . . . is ill suited to the digital age." And in Riley v. California, the Chief Justice more colorfully rejected the government's argument that a search of a cell phone was equivalent to a search of a wallet. That is like saying a ride on horseback is materially indistinguishable from a flight to the moon. Both are ways of getting from point A to point B, but little else justifies lumping them together. Modern cell phones, as a category, implicate privacy concerns far beyond those implicated by the search of a cigarette pack, a wallet, or a purse. I intend to discuss the application of the Fourth Amendment in the information age, and I want to start with two important caveats. First, I am not proposing a comprehensive theory of Fourth Amendment law. Rather, I want to offer some tentative observations that might be explored in shaping a productive response to the challenges that modern technology creates for existing legal doctrine. In particular, I would like to suggest that the concept of "reasonable expectation of privacy" as a kind of gatekeeper for Fourth Amendment analysis should be revisited. Second, these thoughts are not informed by deep research into the intent of the Framers, or close analysis of case law or academic scholarship. Rather, they derive from almost forty years of experience in law enforcement and intelligence. But, despite Justice Oliver Wendell Holmes's adage about the life of the law, I hope that they have some foundation in logic as well.

The Post-Riley Search Warrant: Search Protocols and Particularity in Cell Phone Searches (Adam Gershowitz in Vanderbilt Law Review, 19 April 2016) - Abstract: Last year, in Riley v. California, the Supreme Court required police to procure a warrant before searching a cell phone. Unfortunately, the Court's assumption that requiring search warrants would be "simple" and very protective of privacy was overly optimistic. This article reviews lower court decisions in the year since Riley and finds that the search warrant requirement is far less protective than expected. Rather than restricting search warrants to the narrow evidence being sought, some magistrates have issued expansive warrants authorizing a search of the entire contents of the phone with no restrictions whatsoever. Other courts have authorized searches of applications and data for which no probable cause existed. And even when district and appellate courts have found these overbroad search warrants to be defective, they have almost always turned to the good faith exception to save the searches and allow admission of the evidence. This Article calls on courts to take the Fourth Amendment's particularity requirement seriously before issuing search warrants for cell phones. Just as magistrates cannot authorize police to search for a fifty-inch television in a microwave, nor should officers be permitted to rummage through all of the files on a cell phone when a narrower search will suffice. In order to effectuate the privacy guarantee in Riley, this Article proposes two approaches to narrow cell phone search warrants. First, I argue that judges should impose search protocols that specify in advance exactly how police should execute warrants and sift through electronic data. Second, this Article challenges the common assumption that all cell phone searches require full forensic analysis. In many cases involving street crimes, magistrates should initially restrict warrants to a manual search of the particular functions or applications for which there is probable cause. These two ex ante restrictions on cell phone searches will protect privacy and prevent overuse of the good faith exception, while still permitting police to examine all data they have probable cause to investigate.

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs

United States Supreme Court approves electronic discovery amendments to FRCP (April 14, 2006) -- On Wednesday, April 12, 2006, the United States Supreme Court approved, without comment or dissent, the entire package of proposed amendments to the Federal Rules of Civil Procedure concerning the discovery of "electronically stored information." The package includes revisions and additions to Rules 16, 26, 33, 34, 37, and 45, as well as Form 35. The proposed amendments were transmitted to the Supreme Court last September, after the Judicial Conference unanimously approved them. The new rules and amendments have now been transmitted to Congress and will take effect on December 1, 2006, unless Congress enacts legislation to reject, modify, or defer the amendments. The amendments may be accessed on the U.S. Court's Federal Rulemaking website at: http://www.uscourts.gov/rules/newrules6.html#cv0804 [ Polley in 2016 : It's priceless that this USSC URL is broken]

Yellow Pages publisher feeling the heat from online alternative (ARS Technica, 7 July 2006) -- Sooner or later, all "old media" companies find themselves threatened by a site or phenomenon on the Internet. We've seen it happen with the music industry, TV, newspapers, and many others. Sometimes, it takes a while for the old guard to discover what's happening-that appears to be the case with Yell, which calls itself the world's largest yellow pages publisher. The problem-from Yell's point of view-is Yellowikis, a wiki-based business directory available in several languages and containing listings for several different countries. The directory publisher is accusing Yellowikis of "misrepresentation," maintaining that the site's name "constitutes an 'instrument of fraud.'" At first glance, it seems like a case of an elephant feeling threatened by a gnat. Yellowikis has only been operating since January 2005, has around 5,000 listings, and is run entirely by volunteers. In contrast, Yell had revenues of US$2.4 billion during 2005. However, Yellowikis offers something a telephone directory publisher cannot: dynamic, customizable content. In contrast, once a yellow pages business directory is published, that's it until the next edition. Yell wants Yellowikis to pay damages and surrender the domain name, perhaps so it can launch a wiki-like service. As "Yellow Pages" is a trademarked name in the UK and Yellowikis refers to itself as "Yellow Pages for the 21st Century," the small wiki may find itself embroiled in an expensive legal fight. Even if Yell wins or forces a settlement, it won't change the fact that the business model of selling advertising, printing it in gigantic phone books, and dropping yellow pages directories off on front porches is endangered. Many directory publishers realize this and have developed an online presence that mixes paid placements in with search results. Others, like Verizon, are getting out of the yellow pages business altogether.

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. Aon's Technology & Professional Risks Newsletter

5. Crypto-Gram, http://www.schneier.com/crypto-gram.html

6. Steptoe & Johnson's E-Commerce Law Week

7. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

8. The Benton Foundation's Communications Headlines

9. Gate15 Situational Update Notifications, http://www.gate15.us/services.html

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.