MIRLN --- 24 July - 13 August 2016 (v19.11) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)
NEWS | PODCASTS/MOOCS | LOOKING BACK | NOTES
- Blockchain buzz: How the blockchain stands to change legal tech
- Steptoe & Johnson to expand blockchain practice, accept bitcoin payments
- The Scope of edX
- FCC selects Swedish firm to run sensitive national database routing phone calls
- A hackable election? 5 things to know about e-voting
- Social media property rights
- Justices show how disclosing revisions offers (confers?) benefits
- Overview and analysis of PPD-41: US Cyber Incident Coordination
- FTC fires warning shot on international privacy rules
- Judge blasts FBI for bugging courthouse, throws out 200 hours of recordings
- Judge declines to enforce Uber's terms of service
- How Brazil is trying (and failing) to keep drones away from the Olympics
- Unsporting rule? Olympic policy bars companies from tweeting about the Games
- Smaller firms may risk losing clients over cybersecurity
- Tenth Circuit: Accessing email is a 'search' under the Jones trespass test
- American Bar Association votes to DRM the law, put it behind a EULA
- A speech code for lawyers, banning viewpoints that express 'bias,' including in law-related social activities
- Publishers association sends whiny complaint letter to dean after academic librarian discusses Sci-Hub
- ECJ limits applicability of data protection rules to websites
- For AVVO, bad ethics news but good litigation news
- The next frontier of online activism is 'woke' chatbots
Blockchain buzz: How the blockchain stands to change legal tech (LegalTechNews, 20 July 2016) - At times in legal tech, technologies don't live up to the hype surrounding them. However, this isn't the case with blockchains , and according to Tom Brooke, partner at Brooke & Brooke, the technology is where "we really are hacking the law." In "Legal Tooklit for the 21st Century: Smart Contracts and the Blockchain," a session at the 2016 Legal Hackers International Summit in Brooklyn, New York, a panel of legal tech experts convened to clear up what Brooke referred to as "buzz and hype" that blockchain is "going to take over the law." Blockchains aren't "really smart" or "contracts," Brooke explained, but instead are "akin to a database," the "key idea" that is whatever content is uploaded to the blockchain is shared, a concept he likened to Napster. "The innovation with the blockchain was the ability to keep all those distributed computers in sync." "What you put on the blockchain, you can always see it there," Brooke said. This has "basically created a revolution, and I think it's going to have a profound effect on law and change everything." Under the guidance of scientist and lecturer Dazza Greenwood, the MIT Media Lab has released lawchain.org, a prototype effort for testing whether "blockchain's immutable record capability can be used for legal requirements" for collecting and distributing records currently met by archivists, Greenwood said. Doing so provides "a copy ledger of the blockchain in every running instance" of user upload, and because it's a text file, "it's not that big to have a record of every transaction." Many are interested in putting the authoritative versions of statutes and regulations online, "but having an authoritative version requires the ability to demonstrate" that the record was enacted by legislators, Greenwood explained. While websites provided by city, state and federal agencies can provide text copies of the law, the information has no authoritative value, and thus couldn't be entered as evidence into a case. "It's just not real. You can't depend on it." To this end, Greenwood's team hopes to "test a hash or a record of the law" and mandates for upload to a blockchain, which would in theory provide "an archive system that anyone can demonstrate at no cost" that a statute was enacted at a certain time.
- and -
Steptoe & Johnson to expand blockchain practice, accept bitcoin payments (LegalTechNews, 10 August 2016) - Law firm Steptoe & Johnson announced the expansion of its blockchain practice to assist clients looking to develop and deploy blockchain-empowered applications . Blockchains, which use an algorithm-based security mechanism called cryptographic hashing to "time stamp" and validate transactions, are the technology behind the digital currency bitcoin. Alan Cohn, of counsel at Steptoe & Johnson, noted that with the expansion, the firm is "taking the step from being counsel to the bitcoin and blockchain industry , to being counsel to companies across all industries who will be affected by the many applications for blockchain and distributed ledger technology." The firm's expansion comes less than a year after Steptoe co-launched the Blockchain Alliance, which brings together blockchain companies, law enforcement and regulatory agencies to promote the application of digital currency and blockchain technology. Cohn explained that blockchain applications can include "smart contracts, digital rights management, payment processing, and other applications across a range of industries including financial services and insurance, transportation, energy and government services, just to name a few." Alongside the expansion of its practice, Steptoe & Johnson also announced it will soon accept bitcoin as payment for fees, in a move to more deeply immerse itself in the technology.
The Scope of edX (InsideHigherEd, 21 July 2016) - My college is a member of the edX Consortium , so I pay attention to who is on the edX platform. Thankfully for all of us, MOOCs no longer suck up the higher ed change oxygen. Those of us participating in the open online education movement never bought into the hype. We never thought that MOOCs would disrupt higher ed. We create open online courses because offering educational opportunities to the world's learners is both aligned with our missions, and because we think that participating in this movement is a good way to learn about learning. Even though we may hear less about MOOCs than we once did, that does not mean that we should not pay attention to where this movement is going. Let me share some edX numbers that blew my mind: * * *
FCC selects Swedish firm to run sensitive national database routing phone calls (WaPo, 22 July 2016) - The Federal Communications Commission this week selected a Swedish-owned firm to run a sensitive national database that routes billions of phone calls across the country, apparently satisfied that the award would not jeopardize national security. The vote by the five commissioners clears the way for Telcordia, owned by Ericcson and based in New Jersey, to proceed with the challenging task of building a system that can track calls and text messages by nearly every phone number in North America while ensuring the data remains secure. The database handles the intercarrier routing of calls and texts for more than 650 million U.S. phone numbers and for more than 2,000 carriers. If numbers are scrambled or deleted, a massive communications breakdown could occur. The database is particularly important for the FBI and other law enforcement agencies that query the database every day, several million times a year, in the course of criminal and intelligence investigations to track which phone company provides service for a particular number. Security experts say that if a foreign spy agency wants to know which of its agents the United States has under surveillance, it could attempt to hack the system to see what numbers the FBI has wiretaps on. The system includes the phone number, database and the platform that tells law enforcement which carrier owns which number.
A hackable election? 5 things to know about e-voting (Computer World, 22 July 2016) - As the U.S. heads toward an especially contentious national election in November, 15 states are still clinging to outdated electronic voting machines that don't support paper printouts used to audit their internal vote counts. E-voting machines without attached printers are still being used in a handful of presidential swing states, leading some voting security advocates to worry about the potential of a hacked election. Some makers of e-voting machines, often called direct-recording electronic machines or DREs, are now focusing on other sorts of voting technology, including optical scanners. They seem reluctant to talk about DREs; three major DRE vendors didn't respond to questions about security. Here are five things to know about DREs: * * *
Social media property rights (Norton Rose, 25 July 2016) - The number of people using social media these days is staggering. For instance, Facebook has 1.65 billion monthly active users as of March 31, 2016. As such, the ability to reach such a broad consumer base through social media is becoming increasingly important to businesses. Companies are no doubt eager to create social media pages that generate "followers" and "likes" that may, in turn, generate profits. As the number of "followers" and "likes" of a page increase, so do potential issues surrounding ownership of these aspects of social media pages. The current state of the law regarding social media and property rights is unsettled, so companies must be vigilant and keep up-to-date with any new developments in order to protect themselves in the event of a potential dispute. Recent cases shed some light on the current legal landscape regarding property rights and social media, which may provide some guidance for companies operating social media pages. * * *
Justices show how disclosing revisions offers (confers?) benefits (NYT, 25 July 2016) - Supreme Court opinions are not set in stone. Justices keep editing them after they are issued, correcting factual errors and even misstatements of law. For decades, those changes were made largely out of sight. But in October, on the first day of the term, the court announced that it would start disclosing after-the-fact changes to its decisions. As of this month, the court's website had flagged revisions to seven of them. The most extensive changes came on the last day of the term, in a blockbuster ruling that struck down two parts of a Texas abortion law . In the version of the majority opinion released on the morning of June 27, Justice Stephen G. Breyer wrote that "neither of these provisions offers medical benefits sufficient to justify the burdens upon access that each imposes." A little after 6 p.m., according to the court's website, Justice Breyer revised the sentence, choosing a different verb : "confers" instead of "offers." "Neither of these provisions," he now said, "confers medical benefits sufficient to justify the burdens upon access that each imposes." He changed four other passages, too, expanding here and clarifying there. The same-day revisions suggested that the editing of the opinion had gone down to the wire, and then across it. A couple of years ago, Richard J. Lazarus, a law professor at Harvard, revealed that the court had routinely been revising its decisions , altering them without public notice weeks, months and sometimes years after they were first issued. Professor Lazarus urged the justices to disclose the changes. "The court can both make mistakes and admit mistakes without placing its institutional integrity at risk," he wrote in The Harvard Law Review . To its credit, the court - never one for rapid change - listened. Justice Breyer's revisions appeared to be stylistic. Others during the term corrected legal and factual errors. On the last day of June, for instance, a deputy solicitor general Michael R. Dreeben, wrote a letter to the court saying there had been a mistake in a decision issued a few weeks before . He asked the court to fix the error, and, a week later, it did .
Overview and analysis of PPD-41: US Cyber Incident Coordination (Lawfare, 27 July 2016) - Hot on the heels of the DNC hack, the White House today released Presidential Policy Directive/PPD-41 : United States Cyber Incident Coordination. The Directive clarifies and codifies lines of responsibility as they apply to "significant" cyber incidents, which are defined as a "3" or more on a spectrum of consequences that runs from 0 (e.g., "inconsequential") through 5 (e.g., "imminent threat to national…stability"). The framework and architecture specified in the PDD, which will apply irrespective of whether the targeted entity lies in the public or private sector, assigns lead response roles as follows: the Department of Justice will lead the investigative component, the Department of Homeland Security will lead on asset protection, and the Office of the Director of National Intelligence will lead intelligence support activities. In addition, the NSC's Cyber Response Group will drive national policy coordination, while national operations coordination is to be achieved through a (Cyber) Unified Coordination Group, composed at minimum of "Federal lead agencies for threat response, asset response, and intelligence support." * * *
FTC fires warning shot on international privacy rules (Steptoe, 28 July 2016) - The Federal Trade Commission issued warning letters to 28 companies that claim certified participation in the Asia-Pacific Economic Cooperative Cross-Border Privacy Rules system on their websites but do not appear to have met the requirements, such as undergoing a review by an APEC-recognized Accountability Agent, to make that claim. The APEC privacy system is a regulatory initiative designed to facilitate the protection of consumer data transferred across the APEC region, consisting of 21 Pacific Rim member states, including the United States. The warning letters came the same week that the United States and European Union finalized the Privacy Shield, which assumes an active role by the FTC in enforcing U.S. companies' claims that they comply with the Shield's requirements for protecting personal data concerning EU residents.
Judge blasts FBI for bugging courthouse, throws out 200 hours of recordings (ArsTechnica, 2 August 2016) - The FBI violated the Fourth Amendment by recording more than 200 hours of conversation at the entrance to a county courthouse in the Bay Area, a federal judge has ruled. Federal agents planted the concealed microphones around the San Mateo County Courthouse in 2009 and 2010 as part of an investigation into alleged bid-rigging at public auctions for foreclosed homes. In November, lawyers representing five defendants filed a motion arguing that the tactic was unconstitutional, since the Fourth Amendment bans unreasonable searches. "[T]he government utterly failed to justify a warrantless electronic surveillance that recorded private conversations spoken in hushed tones by judges, attorneys, and court staff entering and exiting a courthouse," US District Judge Charles Breyer wrote in an order (PDF) published yesterday. "Even putting aside the sensitive nature of the location here, Defendants have established that they believed their conversations were private and they took reasonable steps to thwart eavesdroppers." Breyer concluded that the disputed evidence must be suppressed.
Judge declines to enforce Uber's terms of service (Venkat Balasubramani, 3 August 2016) - This is an antitrust case against Travis Kalanick, the founder of Uber, alleging that Mr. Kalanick "orchestrated and participated in an antitrust conspiracy." Uber moved successfully to intervene, and then moved to force arbitration (Mr. Kalanick joined in this motion). The court denies the motion to compel arbitration, finding fault with Uber's contract formation process. If the parties did not form an enforceable agreement, then there is no basis to compel arbitration. Uber's contracting process at the time required someone to input their payment details, and then "register" to form an account. The text under the "register" button said: By creating an Uber account, you agree to the Terms of Service and Privacy Policy. The terms of service and privacy policy were links, and if a user clicked on the links, he or she is taken to a screen where they must press another button to access the terms. Plaintiff said he does not recall the hyperlink or clicking it, and Uber did not contest this. The court starts by noting the familiar labels ascribed to these agreements ("clickwrap" or "click-through" and "browsewrap") and says clickwrap agreements "are more readily enforceable" because the user is on inquiry notice of the agreement. The court says that Uber's is not a clickwrap agreement: * * *
How Brazil is trying (and failing) to keep drones away from the Olympics (The Verge, 8 August 2016) - On Friday, more than 60,000 people packed into Rio's Maracanã stadium for the opening ceremony of the 2016 Olympic Games - but above their heads, something disconcerting was happening. Observers reported as many as three drones hovering above the stadium, triggering a security panic that reached all the way to the teams providing protection for visiting heads of state. It was the exact scenario Brazilian security had hoped to avoid - but despite the latest equipment and months of preparation, keeping drones out of an open-air stadium is still an extremely difficult job. Behind the scenes, Brazilian authorities have taken bold new steps to keep drones away from designated Olympic areas, but not all of the new measures are effective. The country has partnered with drone manufacturers like DJI to update the onboard software with Olympic geofences, preventing drones from flying in the forbidden areas. But not every manufacturer has taken up the self-imposed limits, so to stop other drones, the Brazilian military has purchased new devices to jam drone-control signals in mid-flight. These jamming devices required the telecom regulators to grant the military new legal authorities over the civilian airwaves. It's an aggressive step, and one that many observers worry could lay the groundwork for cell-service blackouts after the games have finished. Ultimately, the drones above the stadium dispersed on their own, but the military had other systems in place if they didn't. A recent Vice report found the Brazilian military has purchased eight DroneBlocker devices from a company called IACT, motivated by concerns from the 2014 World Cup in which one team was accused of spying on practice sessions with a drone . The DroneBlocker devices work by blasting incoming drones with radio signals, effectively jamming the signal from the controller. The army also obtained new legal powers in order to use the devices, which has raised significantly more controversy. On February 1st, Brazil's national telecom agency officially authorized the armed forces to jam radio signals during the Olympic games. Crucially, the authorization made no reference to drones specifically, leading many observers to worry the same authorization could be used to stifle the anti-Olympic protests that occurred in advance of the games.
- and -
Unsporting rule? Olympic policy bars companies from tweeting about the Games (LA Times, 11 August 2016) - At the Olympics in Rio de Janiero, athletes from around the world are posting tweets, photos and observations between training and competing. Missing from their social media updates: any mention of companies that are not part of the exclusive club of official Olympic sponsors. That's because of Rule 40, a section of the Olympic Charter that bars such businesses from mentioning the Olympics or the athletes they sponsor in any way from July 27 to August 24. Athletes are likewise not allowed to acknowledge their sponsors during that period. The rule extends to social media, where banned words include the wholly expected (such as "Olympics," "medal" and "Rio") and the vague (including "performance, "challenge" and effort"). Companies aren't even allowed to retweet news stories about the Olympics. It's an effort to protect official sponsors, such as McDonald's, Coca-Cola and Nike, which pay handsomely for the privilege of exclusive marketing during the Olympics. Official sponsorships can reportedly cost as much as $200 million, and such deals amount to more than 40% of Olympic revenues, according to the International Olympic Committee. But comparatively few Olympic athletes hold contracts with official sponsors. Many afford a lifestyle of training and competing through deals with smaller brands, which are shut out from even mentioning the athletes during the few weeks when casual sports fans might care about hurdlers or modern pentathletes. This year, however, companies and athletes are harnessing social media to fight back. Some Olympians have tried to highlight the silliness of barring athletes from digital free speech. "How amazing is this!" tweeted Jade Lally, a British discus thrower, after posting a photo of a good luck card. "It's for that thing [winking face emoji] I'm doing this summer [winking face] in South America [winking face] #Rule40". Brooks Running Co., which sponsors a dozen athletes competing in the Summer Games in Rio, kicked off a stealth war against Rule 40 this summer on Instagram and Twitter. The Seattle sportswear company also created a website, rule40.com, that sought to educate people, along with providing slogans that can be posted to social media to mock the rule. During the Olympic track and field trials in July, Brooks hired trucks that drove around Eugene, Ore., with similar messages. "good luck, you know who you are, on making it you know where," one reads. Instead of the Olympics, the ad refers to a "generic worldwide quadrennial sporting event." Jesse Williams, Brooks' senior sports marketing manager, said the company came up with the idea last winter after kicking around ways to spotlight how Rule 40 unfairly penalizes athletes who are not famous.
Smaller firms may risk losing clients over cybersecurity (NY Law Journal, 9 August 2016) - The price of effective cybersecurity can be daunting for small and midsized law firms. But the cost of inaction could be even greater, as more clients threaten to abandon firms that don't meet their data-privacy standards. Cybersecurity fears are not new, but clients have begun to look far more closely at their outside law firms' data policies, said Dan Safran, president and CEO of the legal project management and technology company Legal Shift. For small and midsize firms that have neglected the issue due to the price tag, that could be a problem. "Four to five years ago … you could essentially get away with, 'yeah, we're working on it,'" Safran said. "I do know of firms that are not necessarily being completely truthful. They know now that they just can't fake it." Lawyers and consultants said clients are taking notice of law firm breaches that made headlines in recent years. But they said many firms don't act unless they feel their business is truly in danger. "What's happened now is that clients are basically going to law firms and saying, 'we expect you to be as security conscious as we are,' " Safran said. "If they don't comply, they can lose the work." He was working with a law firm where one client brought in about 10 percent of the firm's revenue, he said. That client hired a third-party auditor to examine the firm's data privacy policies, but the firm didn't take the audit seriously. A year later, when the auditor came back, Safran said the client found that the firm didn't meet its standards. "They realize that the firm had done nothing, and they went back to the partner at the firm and said basically, 'you're going to lose all of our business,' " he said. The lawyer who represented that client, who also had the firm's biggest book of business, threatened to leave as well, Safran said. Quickly thrown into "emergency mode," the firm took measures to comply with the client's policies.
Tenth Circuit: Accessing email is a 'search' under the Jones trespass test (Orin Kerr, 9 August 2016) - Judge Neil Gorsuch is one of my favorite judges, and I don't lightly or often take issue with his opinions. But on Friday, Gorsuch handed down an important Fourth Amendment case that has a somewhat puzzling section with far-reaching implications. The case, United States v. Ackerman , considers how the Fourth Amendment applies to a child pornography detection system set up by Internet service providers and the National Center for Missing and Exploited Children (NCMEC). The opinion holds that NCMEC is governed by the Fourth Amendment and that it cannot open emails that providers did not themselves open without triggering the Fourth Amendment. I don't have a difficulty with that conclusion. On the other hand, I was puzzled by the panel's alternative holding that reached the latter result a second time under the United States v. Jones trespass test. That alternative holding isn't necessarily wrong, but it takes a lot of non-obvious steps without much explanation. With my apologies for writing a post that may be of interest only to the serious Fourth Amendment nerds among the readership, I thought I would say more about why that second holding matters and why I'm puzzled by it. * * *
American Bar Association votes to DRM the law, put it behind a EULA (BoingBoing, 10 August 2016) - Rogue archivist Carl Malamud writes, "I just got back from the big debate on is free law like free beer that has been brewing for months at the American Bar Association over the question of who gets to read public safety codes and on what terms." I was granted what is known as the "privilege of the floor" to speak before the House of Delegates at their Annual Meeting. The ABA Journal has a summary of the floor debate. With a couple dozen resolutions on the table and some really inspirational speeches by all sorts of pretty amazing folks (the presidents of the ABA are pretty inspirational!), this was the only resolution that had any significant debate. We went at it for over 30 minutes. In my remarks I made the point that this resolution was perhaps well-intentioned, but bought into a really dangerous idea that somehow DRM-based access to the law from an exclusive private provider is "good enough." I was actually joined by the standards establishment in arguing strenuously that "read only access" simply doesn't exist and DRM is futile. A law is either public or it isn't. (And if a law isn't public, it isn't a law!) The other side argued that DRM-based access is good enough for ordinary people, and felt that setting that as a minimum floor for access was a good thing. Today, many public safety standards have no access at all for the general public (although I'm proud to have 980 of the laws in question on my web site for access with no restriction and with significant transformation in your ability to use them), so Resolution 112 is sort of a step forward. For that I'm pleased. In a 146-210 vote, we lost our motion to take a deep breath and ask ourselves if maybe the current "split the baby" solution wasn't settling for something pretty bad and maybe we could do better. Although there were 6 ABA Sections that were the sponsors of the resolution (including, believe it or not, Civil Rights and Social Justice!), I suspect that very few of the task force members that did this thing has ever looked at a "read only access" standard, let alone our transformed version. What struck me the most was the continual mention by the American Bar Association speakers of two things: "rule of law" and "we must embrace technology." I think the question of who gets to read the law is at the very heart of those two important themes, and I got to make my case before 550 of the top lawyers in the country, most of whom had not heard of this issue before. It was worth it. [ Polley : A sorry day and Solomon-like "compromise"; very disappointing. See also After debate, ABA House calls for publication of privately drafted standards used in legislation (ABA Journal, 9 August 2016)]
- and -
A speech code for lawyers, banning viewpoints that express 'bias,' including in law-related social activities (Eugene Volokh, 10 August 2016) - The American Bar Association has adopted a new provision in its Model Rules of Professional Conduct - an influential document that many states have adopted as binding on lawyers in their state. I blogged about it when it was just proposed, in slightly different form, but I thought it was worth repeating my analysis now that the ABA is formally recommending it to state bars and state courts. Here is the relevant text (emphasis added): * * * So say that some lawyers put on a Continuing Legal Education event that included a debate on same-sex marriage, or on whether there should be limits on immigration from Muslim countries, or on whether people should be allowed to use the bathrooms that correspond to their gender identity rather than their biological sex. In the process, unsurprisingly, the debater on one side said something that was critical of gays, Muslims or transgender people. If the rule is adopted, the debater could well be disciplined by the state bar: * * * Or say that you're at a lawyer social activity, such as a local bar dinner, and say that you get into a discussion with people around the table about such matters - Islam, evangelical Christianity, black-on-black crime, illegal immigration, differences between the sexes, same-sex marriage, restrictions on the use of bathrooms, the alleged misdeeds of the 1 percent, the cultural causes of poverty in many households, and so on. One of the people is offended and files a bar complaint. Again, you've engaged in "verbal . . . conduct" that the bar may see as "manifest[ing] bias or prejudice" and thus as "harmful." This was at a "social activit[y] in connection with the practice of law." The state bar, if it adopts this rule, might thus discipline you for your "harassment." And, of course, the speech restrictions are overtly viewpoint-based: If you express pro-equality viewpoints, you're fine; if you express the contrary viewpoints, you're risking disciplinary action.
Publishers association sends whiny complaint letter to dean after academic librarian discusses Sci-Hub (TechCrunch, 10 August 2016) - It's no secret that big publishing companies (especially academic publishing companies) really really dislike Sci-Hub. Sci-Hub, of course, is the quite interesting site that enables academics to access and share PDFs of published scientific research. We've written about it a bunch, including Elsevier's ridiculous legal crusade against the site, which has only served to act as a huge advertisement for the site. As we noted, using copyright to shut down Sci-Hub seemed to go entirely against the purpose of copyright, which was officially designed to promote "learning" and scientific knowledge. Nonetheless, the publishers really, really hate it. But even so, it seems pretty ridiculous for the Association of American Publishers (AAP) to freak out so much about an academic librarian just mentioning Sci-Hub while on a panel discussion, that it would send an angry letter to that librarian's dean. But, that's exactly what AAP did, in complaining about comments by librarian Gabriel Gardner to his dean, Roman Kochan, at the University Library for California State University. The letter, signed by AAP President Thomas Allen seems to suggest that any moderately positive comment about Sci-Hub should be banished from any academic discussion: I am disappointed to learn that a librarian from California State University, Long Beach, Gabriel Gardner, recently praised the notorious pirate site Sci-Hub and recommended that attendees at a session use the site. Mr. Gardner was a panelist at the American Library Association's session "Resource Sharing in Tomorrowland - a Panel Discussion About the Future of interlibrary Loan" at the association's annual conference in Orlando. On the panel he said, essentially, "Try it, you'll like it." Sci-Hub has been enjoined from further operation as an unlawful enterprise that has committed mass theft of copyrighted material. Sci-Hub should not be equated with any legitimate interlibrary loan or open access publishing practices.
ECJ limits applicability of data protection rules to websites (Steptoe, 11 August 2016) - Last month, the European Court of Justice ruled, in Verein für Konsumenteninformation v. Amazon EU Sàrl, that a country's data protection laws do not apply to an ecommerce company simply because the company's website is accessible to consumers in that country. Rather, those laws apply only if the company processes data "in the context of the activities of an establishment situated in that Member State." The decision bolsters the ECJ's previous decision in Weltimmo s.r.o. v. Nemzeti Adatvédelmi és Információszabadság Hatóság and is a win for ecommerce companies, allowing them to operate across EU borders without worrying about being bound by the varying laws of every jurisdiction in which their websites are accessible.
For AVVO, bad ethics news but good litigation news (Robert Ambrogi, 11 August 2016) - Recent legal developments have brought both good news and bad news for Avvo. Let's start with the bad news. Earlier this year, Avvo launched Avvo Legal Services , a service offering fixed-fee, limited-scope legal help through a network of attorneys. Some commentators and readers expressed concern that this arrangement could constitute inappropriate fee sharing. Avvo's CEO Mark Britton and General Counsel Josh King dismissed that, maintaining that the arrangement is OK because the marketing fee is paid as a separate transaction. Now, one ethics panel says otherwise. The South Carolina Bar's Ethics Advisory Committee issued an opinion last month ( Ethics Advisory Opinion 16-06 ) concluding that Avvo Legal Services violates the prohibition of sharing fees with a non-lawyer. * * * Now On to Avvo's Good News: A California attorney has dropped his putative class action against Avvo in which he claimed that by using attorneys' names and likenesses on its website, Avvo was violating California's laws on rights of publicity and unfair competition. Aaron H. Darsky, a San Francisco litigator, agreed to dismiss the case after Avvo brought a motion to strike the complaint under California's anti-SLAPP law, according to Avvo's press release. Courthouse News Service, quoting Avvo GC Josh King, reports that Darsky agreed to dismiss the case to avoid paying Avvo's attorneys' fees after a judge indicated his claims couldn't hold up. U.S. District Judge Haywood Gilliam made "very, very clear" that he would rule in Avvo's favor, King told Courthouse News. The order of dismissal was entered by Judge Gilliam on Aug. 2. A similar class action remains pending in Illinois, according to Courthouse News.
The next frontier of online activism is 'woke' chatbots (WaPo, 11 August 2016) - A Twitter bot, by its very nature, cannot actually be "woke." The term refers to an awareness of social injustice - and bots, well, they're just lines of code. But since early June, an account called @StayWokeBot has been doing its best to help keep others aware. The bot, a collaboration between activists DeRay Mckesson and Sam Sinyangwe and the tech cooperative Feel Train, is intended to protect and maintain morale among the black protest community. As of this writing, the bot does two things, though it may do more in the future: When a Twitter user initially follows @StayWokeBot, it auto-tweets them a singsong affirmation; when a follower tweets at the bot with his or her state, it responds with contact information for that state's senators and a prompt to ask them to vote in favor of two gun-control measures. These sorts of repetitive, exhausting social media tasks - rallying the community, calling for action, facing down the angry @-replies of haters and critics - have long been the undertaking of activists themselves. But there's a growing understanding that this work takes a lot of time, not to mention a profound emotional and psychological toll. And bots, of all things, could be the ones to absorb that kind of emotional labor. This idea, that bots could serve as a sort of proxy or extension of human activists, is a subtle shift from the activist and protest bots of the past. Historically, the best-known and most-publicized ones have focused on one of two tasks: inserting themselves into strangers' conversation to correct "bad" speech, or alerting followers to the latest occurrence of some repetitive, ongoing event. Those bots @congressedits , @NRA_tally , @droptheIbot , the list goes on - are all about getting the word out to as many people as possible. @StayWokeBot is still interested in awareness, of course - but it's far more focused on the needs of the activist. Kazemi and his Feel Train partner, Courtney Stanton, made the bot according to Mckesson and Sinyangwe's specifications. Thanks to their collaboration, encouraging people to call their senators on an issue is now as easy as updating a Google spreadsheet . In theory, that should cut down on the sheer amount of time activists need to spend cheerleading (and shield them from at least some of their inevitable hate tweets). The big question, of course, is whether these bots actually work - and the jury's still out on that. @StayWokeBot has only 3,000 followers after more than two months, and few of them seem interested in the bot's current call to action. In April 2015, a team at Microsoft created a project very similar to @StayWokeBot, which tweeted at users in Latin America and asked them to brainstorm solutions to government corruption. Overall, 45 percent of the bots' tweets got a reply - which is good, but not quite good enough to replace humans. * * *
NOTED PODCASTS/MOOCS
Steve Budiansky on "Code Warriors: NSA's Codebreakers and the Secret Intelligence War Against the Soviet Union" (Lawfare, 23 July 2016; 63 minutes) - Steve Budiansky is the author of Code Warriors: NSA's Codebreakers and the Secret Intelligence War Against the Soviet Union . He joined Ben at the Hoover Book Soiree recently for a live conversation about his new book, which studies the National Security Agency's origins in World War II codebreaking and its development throughout the Cold War. Budiansky goes deep into how the organization's history has shaped its mission and culture. It's a fascinating discussion of the NSA's past, present, and future, from the Cold War to the Age of Snowden.
LOOKING BACK - MIRLN TEN YEARS AGO
(note: link-rot has affected about 50% of these original URLs)
Three of four financial institutions suffered external breach in past year (SC Magazine, 14 June 2006) -- More than three out of every four of the world's largest financial institutions experienced an external security breach in the past year, a dramatic increase over 2005, a new survey has revealed. The fourth annual poll, released today by Deloitte Touche Tohmatsu, found that 78 percent of the world's top 100 financial services organizations that responded to the survey confirmed a security breach from outside the organization, up from just 26 percent in 2005. The survey also learned that nearly half of the organizations experienced at least one internal breach, up from 35 percent in 2005. Phishing and pharming were responsible for 51 percent of the external attacks, while spyware and malware accounted for 48 percent. Meanwhile, insider fraud was responsible for 28 percent of the internal breaches and customer data leaks were to blame for 18 percent. "The extent and nature of these security breaches signal a new reality for the global financial services industry," said Ted DeZabala, principal in Deloitte's security services group. "Executing these types of attacks requires significant resources and coordination…Organizations not only face more sophisticated and hard-to-track attacks but are also challenged by increased risk and potential loss." The survey did reveal some good news: Almost 88 percent of organizations said they have implemented a business continuity plan, and 49 percent placed disaster recovery as a top five security initiative. Ninety-five percent of enterprises said their information security budgets have increased in the past year.
Lawyers receiving electronic documents are free to examine 'hidden' metadata: ABA Ethics Opinion (ABA Press Release, 9 Nov 2006) -- Lawyers who receive electronic documents are free to look for and use information hidden in metadata - information embedded in electronically produced documents - even if the documents were provided by an opposing lawyer, according to a new ethics opinion from the American Bar Association. The opinion is contrary to the view of some legal ethics authorities, which have found it ethically impermissible as a matter of honesty for lawyers to search documents they receive from other lawyers for metadata or to use what they find, according to the ABA Standing Committee on Ethics and Professional Responsibility. But the ABA committee said the only provision in the ABA Model Rules of Professional Conduct relevant to the issue merely requires a lawyer to notify the sender when the lawyer receives what the lawyer should reasonably know were inadvertently sent documents. It does not require the recipient to return those documents unread. The committee also made clear that it was not addressing situations in which documents are obtained through criminal, fraudulent, deceitful or otherwise improper conduct. The ABA committee noted metadata is ubiquitous in electronic documents, and includes such information as the last date and time that a document was saved and by whom, data on when it was accessed, the name of the owner of the computer that created the document and the date and time it was created, and a record of any changes made to the document or comments written into it.
NOTES
MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.
Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.
SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu
2. InsideHigherEd - http://www.insidehighered.com/
3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/
4. Aon's Technology & Professional Risks Newsletter
5. Crypto-Gram, http://www.schneier.com/crypto-gram.html
6. Steptoe & Johnson's E-Commerce Law Week
7. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/
8. The Benton Foundation's Communications Headlines
9. Gate15 Situational Update Notifications, http://www.gate15.us/services.html
10. Readers' submissions, and the editor's discoveries
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top