Saturday, September 24, 2016

MIRLN --- 4-24 September 2016 (v19.13)

MIRLN --- 4-24 September 2016 (v19.13) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | PODCASTS/MOOCS | BOOK REVIEW | LOOKING BACK | NOTES

NIST publishes major revisions to digital authentication guidance (Federal News Radio, 30 August 2016) - Hoping to balance today's requirements with future needs, the National Institute of Standards and Technology released a major update to Special Publication 800-63 for digital authentication. The third version was published Aug. 30, and divides the digital authentication document into four sections, ranging from credentials that are tied to a specific person to the process of sending those authentication results to the party who needs know that certification. The third revision has already received more than 200 comments. Unlike the original special publication, the third version is split into four documents: digital authentication guidelines, enrollment and identity proofing, authentication and lifecycle management, and federation and assertions. Garcia said identity proofing is "a complete re-write," based off good practices guidance like the kind seen in Canada and the UK.

top

- and -

NIST releases Baldridge-based tool for cybersecurity excellence (NIST, 15 Sept 2016) - The US Commerce Department's National Institute of Standards and Technology (NIST) released today the draft Baldridge Cybersecurity Excellence Builder , a self-assessment tool to help organizations better understand the effectiveness of their cybersecurity risk management efforts. NIST is requesting public comments on the draft document, which blends the best of two globally recognized and widely used NIST resources: the organizational performance evaluation strategies from the Baldridge Performance Excellence Program and the risk management mechanisms of the Cybersecurity Framework .

top

New Mexico high court urges judges to be discreet on social media (ABA Journal, 1 Sept 2016) - For most of its 37-page opinion in State v. Thomas, issued June 20, the New Mexico Supreme Court explained its finding that the convictions of Truett Thomas for murder and kidnapping violated the confrontation clause. The supreme court reversed the convictions and remanded the case for a new trial only on the murder charge because there was insufficient evidence to support the kidnapping conviction. It wasn't until page 31 of the opinion that the justices turned to an issue that might have been a more important factor in the case, if not for the confrontation clause violation. During the trial, Judge Samuel L. Winder of the District Court of Bernalillo County, which encompasses Albuquerque, posted the following statement on a Facebook page created for his unsuccessful re-election campaign: "I am on the third day of presiding over my 'first' first-degree murder trial as a judge." While this was a seemingly innocuous post, Winder later posted the following message after trial but before sentencing: "In the trial I presided over, the jury returned guilty verdicts for first-degree murder and kidnapping just after lunch. Justice was served. Thank you for your prayers." On appeal, "defendant argues that social media postings by the district court judge demonstrate judicial bias," wrote Chief Justice Charles W. Daniels in his opinion for a unanimous court (with one abstention). "During the pendency of the trial, the district court judge posted to his election campaign Facebook page discussions of his role in the case and his opinion of its outcome. Although we need not decide this issue because we reverse on confrontation grounds, we take this opportunity to discuss our concerns over the use of social media by members of our judiciary." Judges "should expect to be the subject of public scrutiny that might be viewed as burdensome if applied to other citizens," stated Daniels, citing Rule 21-102 of the New Mexico Code of Judicial Conduct. "Judges must avoid not only actual impropriety but also its appearance, and judges must 'act at all times in a manner that promotes public confidence in the independence, integrity and impartiality of the judiciary.' These limitations apply with equal force to virtual actions and online comments and must be kept in mind if and when a judge decides to participate in electronic social media." Daniels emphasized that the court was sounding a note of caution to judges. "While we make no bright-line ban prohibiting judicial use of social media," the opinion states, "we caution that 'friending,' online postings and other activity can easily be misconstrued and create an appearance of impropriety. Online comments are public comments, and a connection via an online social network is a visible relationship, regardless of the strength of the personal connection." The New Mexico Supreme Court's opinion echoes the view expressed by the ABA Standing Committee on Ethics and Professional Responsibility in Formal Ethics Opinion 462, issued Feb. 21, 2013. "A judge may participate in electronic social networking," states the committee in Opinion 462, "but as with all social relationships and contacts, a judge must comply with relevant provisions of the Code of Judicial Conduct and avoid any conduct that would undermine the judge's independence, integrity or impartiality, or create an appearance of impropriety."

top

- and -

Florida Bar Social Media presence leads the nation (Future Lawyer, 9 Sept 2016) - Florida Bar social media efforts connect with members and the public . Do you want to change the perception of lawyers in society? Go where the people are. Do you want to communicate with a diverse group of lawyers and keep them up to date daily on news and events that are important to them? Go where they are. Do you want to let the world know that lawyers are ordinary people doing extraordinary things? Go where the world is. Nowadays, the bulletin board is on the Internet, and people, including lawyers, interact on social media; whether it be Twitter, Facebook, Pinterest, Google+, or elsewhere. This article shows why the Florida Bar's social media team has become the national leader in this area. Social media is where everyone goes to get news, and to have conversations about current affairs. Not only should lawyers follow the Florida Bar; but, everyone else can see lawyers in a positive light. Too often the only contact regular citizens have with lawyers and the legal system are sensational stories on the news, or negative interactions with the system. As my mom used to say: "If you don't toot your own horn, no one else will." Congratulations to the Florida Bar social media team. They get it.

top

Military supermarket chain's encryption setup is 'unacceptable,' commissary says (NextGov, 2 Sept 2016) - The Defense Department's $6 billion supermarket chain needs tighter security for the secret keys fastening its hundreds of databases, Pentagon officials say. Currently, those keys-lengthy, computer-generated passwords-essentially are stored underneath the doormat, beside personal and financial data, contracting documents show. "In today's solutions, the keys reside with the data and that is not acceptable," Defense Commissary Agency officials said in a recent request for information from vendors. The data at stake includes encrypted payment card industry, or PCI, data and personally identifiable information, or PII, agency spokesman Kevin Robinson told Nextgov . Scrambled in code indecipherable to hackers, the records contain credit card numbers and security codes from the back of the card, he said. The commissary agency's proposed system would make it possible, say, to deposit keys at DeCA's Fort Lee, Virginia, headquarters for locking and unlocking remote databases at a server farm "in the cloud," the contracting papers said. Beyond using encryption to protect grocery store operations, the military deploys the data-scrambling feature in handheld radios, missile system data links and other communications devices to hide information from foes. While the 250-store grocery chain has not committed to buying anything, officials Aug. 24 said there's a possibility an acquisition will take place in fiscal 2017 . The system, formally dubbed the Enterprise Encryption and Key Management Solution, would consist of commercial, currently available technology that stows encryption keys in a different location than the data in the agency's 629 database environments, officials said.

top

World map shows countries requiring open source software (Slashdot, 3 Sept 2016) - "Europe and South America are the biggest hotspots for open-source use in government," reports Network World, while Bulgaria requires all software written for the government to be FOSS . Slashdot reader alphadogg quotes their report: It's become increasingly common over the past decade or so to see laws being passed to either mandate the use of open-source software or, at the very least, encourage people in government who make procurement decisions to do so. Here's a map of the status of open-source laws around the world .

top

Go to court without leaving home (ABA Journal, 7 Sept 2016) - A few years ago, J.J. Prescott went to court to deal with a traffic ticket. The University of Michigan Law School professor waited four hours to have a very short informal hearing. "Imagine if I lived in a rural area where the courthouse was two hours away," he says. "And as a result, I had to miss an entire day of work to go to court, which, if I were paid by the hour, would equate to $100 or more in lost wages. All of that aggravation, all to come over to have that conversation. "I can't believe that in 50 years, that's how our courts will operate." They might not, and Prescott's work could be a reason why. The U-M Online Court Project, which began with his collaboration with former student Ben Gubernick, created an online platform allowing citizens to resolve smaller legal matters-civil infractions, plus minor warrants and misdemeanors-without having to go to court. Users submit their side of the story and other information, answer questions and eventually hear from a decision-maker. Prescott says at least half of court cases are minor matters that could be resolved simply: "It can happen the way you request an increase in the credit limit on your credit card-at 11 p.m. from your couch." Online interactions have a lot of advantages over the traditional model, Prescott says. They remove barriers caused by poverty, disability and personal obligations; reduce time spent on cases; avoid the intimidation and fear some people feel in courthouses; and sidestep the possibility that the defendant's appearance could create perceived or actual bias. The project was in the beginning stages when Prescott got the ticket. With a grant from the University of Michigan, he had a prototype made and convinced the Michigan state court administrative office to give the project access to court data. Through the university's Office of Technology Transfer, which helps academics build businesses out of their ideas, Prescott launched a startup, Court Innovations Inc., to market the technology and give it a permanent home. He now has the software, Matterhorn, in 15 Michigan district courts and is in talks with other states.

top

EFF to Court: Public's right to access the law should not be blocked by bogus copyright case (EFF, 8 Sept 2016) - On Monday, September 12, Electronic Frontier Foundation (EFF) Legal Director Corynne McSherry will urge a federal court to confirm that the public has a right to access and share the laws, regulations, and standards that govern us and cannot be blocked by overbroad copyright claims. The court in Washington, D.C., is hearing arguments in two cases against EFF client Public.Resource.Org , an open records advocacy website. In these suits , several industry groups claim they own copyrights on written standards for building safety and educational testing they helped develop, and can deny or limit public access to them even after the standards have become part of the law. Standards like these that are legal requirements-such as the National Electrical Code-are available only in paper form in Washington, D.C., in expensive printed books, or through a paywall. By posting these documents online, Public.Resource.Org seeks to make these legal requirements more available to the public that must abide by them. The industry groups allege the postings infringe their copyright, even though the standards have been incorporated into government regulations and, therefore, must be free for anyone to view, share, and discuss. McSherry and co-counsel Andrew Bridges at Fenwick & West will argue at the hearing that our laws belong to all of us and private organizations shouldn't be allowed to abuse copyright to control who can read, excerpt, or share them. They will be assisted by EFF Senior Staff Attorney Mitch Stoltz and Fenwick & West Associate Matthew Becker. [ Polley : see also Carl Malamud has standards (Backchannel, 12 Sept 2016)]

top

Now you can buy a USB stick that destroys anything in its path (ZDnet, 8 Sept 2016) - For just a few bucks, you can pick up a USB stick that destroys almost anything that it's plugged into. Laptops, PCs, televisions, photo booths -- you name it. Once a proof-of-concept, the pocket-sized USB stick now fits in any security tester's repertoire of tools and hacks, says the Hong Kong-based company that developed it. It works like this: when the USB Kill stick is plugged in, it rapidly charges its capacitors from the USB power supply, and then discharges -- all in the matter of seconds. On unprotected equipment, the device's makers say it will "instantly and permanently disable unprotected hardware".

top

Court finds violation of TCPA itself constitutes concrete injury (Steptoe, 8 Sept 2016) - Last month, the U.S. District Court for the Northern District of Illinois held, in Aranda v. Caribbean Cruise Line, Inc. , that a violation of the Telephone Consumer Protection Act (TCPA) constituted a concrete injury that conferred standing without any additional allegations of harm. In doing so, it engaged in an extensive analysis of the Supreme Court's decision in Spokeo, Inc. v. Robins and expressly disagreed with the Central District of California's decision, in Smith v. Aitima Medical Equipment , which had found no standing in similar circumstances. The decision marks an important interpretation of the Supreme Court's muddled decision in Spokeo , which could influence how courts approach standing in cases alleging statutory violations in the future.

top

CFTC imposes cybersecurity rules for U.S. commodities, derivatives firms (SC Magazine, 9 Sept 2016) - The Commodity Futures Trading Commission (CFTC) Thursday approved a set of rules that will require frequent testing of information technology at U.S. commodities and derivatives firms, including exchanges and clearinghouses. Systems will undergo vulnerability testing, penetration testing, controls testing, security incident response testing, and enterprise technology risk assessment, according to a government fact sheet . Key elements of the rules include, specified cybersecurity testing, minimum testing frequency, use of independent contractors, testing scope, and internal reporting, review and remediation. The CFTC's comprehensive approach to this new regulation demonstrates a clear appreciation of the reality that between 40 and 70 percent of data breaches originate from third party vendors and partners, Jeff Hill, director of product management for the security firm Prevalent told SCMagazine.com via emailed comments.

top

- and -

Cybersecurity enhancements proposed for financial firms in New York (SC Magazine, 15 Sept 2016) - Banks and insurance companies in New York will soon be required to adhere to new cybersecurity guidelines, including appointing CISOs. In a statement , Gov. Andrew Cuomo called the proposed new regulations a "first-in-the-nation" initiative to bolster cybersecurity policies at financial institutions licensed in the state. Cuomo's long-awaited guidance for institutions overseen by the New York State Department of Financial Services (NYDFS) will first face a 45-day notice and a request for public comment before adoption procedures commence. The proposed rules are intended to guard consumer data and financial systems from terrorist organizations and other criminal enterprises. They mandate that regulated financial institutions adhere to five principal requirements: * * * [ Polley : John Pescatore of SANS writes : " The proposed regulation sets a very low bar: covered entities must have written policies, a designated CISO, annual pen tests, etc. A few requirements bump it up a bit: CISO must brief the board at least twice per year, for example. However, a requirement for encrypting sensitive data at rest allows compensating controls to be substituted for the first 5 years. Biggest lack: no prioritization of requirements - would be good to see that included or the Critical Security Controls referenced for prioritization. "]

top

This Bill Gates-backed tech startup is on a mission to fundamentally change the way scientists work (Business Insider, 10 Sept 2016) - Meet Ijad Madisch. He's a Berlin-based entrepreneur on a mission to change the way scientists go about their research. The computer science graduate and qualified doctor set up a company called ResearchGate in 2008 when he realised that scientists were making the same mistakes over and over again as a result of not sharing their work publicly. "It's one of the biggest problems we have in the world, especially if we are repeating mistakes made by other scientists that cost us a lot of time and money," Madisch told Business Insider. ResearchGate can be described as a social network for scientists. It started off as a free-to-use platform for academics but it's become increasingly popular with scientists working in corporates, including tech firms like Google and Facebook. There are currently 1,145 Google employees registered on the platform and 199 Facebook employees . In total, ResearchGate boasts over 10 million users. "ResearchGate has become the biggest and most active scientific social network in the world over the last couple of years," claims Madisch. "From the beginning, the focus was on convincing scientists to share publication data." The company claims not to have any competitors but it's worth noting that it was compared to London's Mendeley and San Francisco's Academia.edu in a Times Higher Education article that was published in April. Over the last eight years, tens of millions of pieces of scientific information have been uploaded onto ResearchGate's platform and today more than two million scientific publications are uploaded every month. In addition to publications, scientists are also uploading general articles, conference papers, and raw data. Now the company wants to make it even easier for scientists to collaborate on chunky problems like climate change and illnesses like HIV and cancer. "Recently we launched a 'Project' feature where scientists can collaborate in real time and document what they have found within the experiment," said Madisch.

top

Apple came up with 'AirPods' in 2015 - here's how it kept it under wraps (Business Insider, 12 Sept 2016) - Earlier this week, Apple announced a new type of wireless headphones at a media event in San Francisco. It called them "AirPods." That name would have sounded familiar if you read Apple trademark applications. In fact, it was hiding in plain sight since at least early 2015, when an Apple-aligned holding company first registered the trademark. However, "AirPods" was registered under a dummy corporation called "Entertainment in Flight." In the run-up to Apple's big reveal, Rennick Solicitors trademark lawyer Brian Conroy definitively linked Entertainment in Flight to Apple - and discovered a few other names Apple wanted to make sure it could name future products after, like Beats' EP headphones , which were announced shortly after the event. He also highlighted a number of trademarks Apple didn't announce, but might one day, including "Today at Apple," "Apple Touch Bar," and "Apple Smart Button." "If Apple had just filed all their applications in the US, or wherever, the intrigue [before the iPhone launch] wouldn't be nearly as palpable," Controy told Business Insider. But Conroy is quick to warn that just because a company files a trademark doesn't mean it's planning a product. Here's how Apple hides its trademarks around the world, and how Conroy sleuthed them out. * * *

top

Long-secret Stingray manuals detail how police can spy on phones (The Intercept, 12 Sept 2016) - Harris Corp's Stingray surveillance device has been one of the most closely guarded secrets in law enforcement for more than 15 years. The company and its police clients across the United States have fought to keep information about the mobile phone-monitoring boxes from the public against which they are used. The Intercept has obtained several Harris instruction manuals spanning roughly 200 pages and meticulously detailing how to create a cellular surveillance dragnet. Harris has fought to keep its surveillance equipment, which carries price tags in the low six figures, hidden from both privacy activists and the general public, arguing that information about the gear could help criminals. Accordingly, an older Stingray manual released under the Freedom of Information Act to news website TheBlot.com last year was almost completely redacted. So too have law enforcement agencies at every level, across the country, evaded almost all attempts to learn how and why these extremely powerful tools are being used - though court battles have made it clear Stingrays are often deployed without any warrant. The San Bernardino Sheriff's Department alone has snooped via Stingray, sans warrant, over 300 times . Richard Tynan, a technologist with Privacy International, told The Intercept that the "manuals released today offer the most up-to-date view on the operation of" Stingrays and similar cellular surveillance devices, with powerful capabilities that threaten civil liberties, communications infrastructure, and potentially national security. He noted that the documents show the "Stingray II" device can impersonate four cellular communications towers at once, monitoring up to four cellular provider networks simultaneously, and with an add-on can operate on so-called 2G, 3G, and 4G networks simultaneously. * * * [ Polley : Bruce Schneier linked to this story, with the note: " It's an impressive surveillance device." ]

top

MoMA will make thousands of exhibition images available online (NYT, 14 Sept 2016) - The Museum of Modern Art, which has defined Modernism more powerfully than perhaps any other institution, can often seem monolithic in the mind's eye, essentially unchanged since its doors opened in 1929: a procession of solemn white-box galleries, an ice palace of formalism, the Kremlin (as the artist Martha Rosler once called it) of 20th-century art. But a more complicated story has always been told by the hundreds of thousands of documents and photographs in the museum's archives, a vast accumulation of historical detail that has been accessible mainly to scholars. Beginning Thursday, after years of planning and digitizing, much of that archive will now be available on the museum's website, moma.org , searchable so that visitors can time-travel to see what the museum looked like during its first big show ("Cézanne, Gauguin, Seurat, van Gogh," in the fall of 1929); during seminal exhibitions (Kynaston McShine's " Information " show in 1970, one of the earliest surveys of Conceptual art); and during its moments of high-minded glamour (Audrey Hepburn, in 1957, admiring a Picasso with Alfred H. Barr Jr., the museum's domineering first director). Michelle Elligott, chief of the museum's archives, who undertook the project with Fiona Romeo, the director of digital content and strategy, said that translating documents from the physical to the virtual yielded some real-world historical discoveries. Yes, as the museum has long suspected but could never quite say definitively, Picasso is the artist who has been included in the most exhibitions (more than 320). The digital archive project will include almost 33,000 exhibition installation photographs, most never previously available online, along with the pages of 800 out-of-print catalogs and more than 1,000 exhibition checklists, documents related to more than 3,500 exhibitions from 1929 through 1989. (The project, supported by the Leon Levy Foundation, will continue to add documents from more recent years and also plans to add archives from the museum's film and performance departments.) One of the surprises for regular museum visitors will undoubtedly be the highly varied forms the galleries and exhibition programs have taken since the museum first opened in rented offices on Fifth Avenue and then grew, on 53rd Street, into the shiny, streamlined version that the architects Edward Durell Stone and Philip Johnson helped create.

top

Avvo wins First Amendment fight, as judge compares it to Sports Illustrated (Bob Ambrogi, 14 Sept 2016) - A federal court has dismissed a putative class action against Avvo under the Illinois Right of Publicity Act, ruling that Avvo's lawyer listings are comparable to the editorial content in Sports Illustrated and deserving of the same First Amendment protection. This is the second time in six weeks in which a right-of-publicity class action against Avvo has been dismissed. Lawyer John Vrdolyak filed the lawsuit in the Northern District of Illinois, alleging that Avvo was using his identity for commercial purposes without his consent, in violation of Illinois law. It did this by listing his profile without his consent and by placing paid advertising on his profile page, including advertising by competing lawyers, he contended. But in granting Avvo's motion to dismiss, U.S. District Judge Robert W. Gettleman found that Avvo's lawyer listings constituted non-commercial speech fully protected by the First Amendment. (The full decision is embedded below.)

top

Ninth Circuit tells FTC to back off common carriers (Steptoe, 15 Sept 2016) - The U.S. Court of Appeals for the Ninth Circuit dismissed a case brought by the FTC against AT&T for allegedly violating Section 5(a) of the FTC Act by reducing internet speeds for customers with unlimited data plans once they exceeded certain usage levels (called "data throttling"). At issue in the case was the scope of the exemption to the FTC Act for "common carriers." The FTC argued that while a substantial part of AT&T's activity constitutes common carrier activity, data service was not a common carrier activity at the time AT&T engaged in the alleged activities, so the exemption did not apply to these activities. The Ninth Circuit, however, held that the common carrier exemption is "status-based," not "activity-based"; thus, AT&T, due to its "status" as a common carrier, was exempt from the FTC Act.

top

IP lawyer learns the hard way: Copying Newegg appellate brief is not fair use (Reuters, 15 Sept 2016) - Just a few years ago, the New Jersey intellectual property lawyer Ezra Sutton was on the same side as the online retailer Newegg. Newegg and Sutton's client, the electronics company Sakar International, were among dozens of defendants sued in Texas federal district court by Adjustacam, a patent plaintiff often described as a "troll." Newegg and Sakar refused to settle with Adjustacam, which ended up dropping its case. Sutton worked with Newegg lawyers on separate motions for attorneys' fees from Adjustacam. When the trial judge denied the fee requests, Newegg and Sutton's client both decided to appeal the fee ruling to the Federal U.S. Circuit Court of Appeals. That is when Sutton discovered that Newegg - which is known as a warrior against what it considers unwarranted patent claims - is just as tough on its erstwhile allies as it is on its sworn enemies. As Newegg general counsel Lee Cheng recounts the story, he told Sutton early on that Newegg would be willing to file a joint brief with Sakar if Sakar paid a share of the legal fees. Sutton said no thanks, but, as the filing deadline approached, he came back to Newegg. Cheng agreed to show Sutton a draft of the brief Newegg intended to submit to the Federal Circuit to help him write a complementary brief for Sakar. Instead, the day before Newegg's brief was due, Sutton filed a brief that was largely copied from Newegg's draft. When Newegg realized what he'd done and protested the filing, Sutton withdrew the brief and subsequently filed a shorter version focused on Sakar's argument. That wasn't good enough for Newegg. In February 2015, the company sued Sutton for copyright infringement in Los Angeles federal district court. On Tuesday, U.S. District Judge Terry Hatter ruled that Sutton's copying was not fair use, despite Sutton's arguments that Newegg wasn't harmed by the copying. The judge held Sutton liable for copyright infringement. Damages are to be determined at a trial in December. I've never before seen a case in which a lawyer is on the hook for copying a co-defendant's brief. And after talking Thursday to Sutton and Newegg general counsel Cheng, I have mixed feelings about the outcome. * * *

top

FBI restricts impersonation of journalists (The Hill, 15 Sept 2016) - The FBI is imposing new restrictions making it more difficult for investigators to impersonate journalists, following scrutiny over a 2007 episode in which the bureau posed as a reporter to track a suspected criminal. The FBI did not violate its internal policy during that controversial incident, the Justice Department's Office of the Inspector General claimed in a 30-page report. Yet this June, it implemented an interim policy barring impersonation of a journalist without approval from the FBI's deputy director, the watchdog revealed. The changes are the result of a 2007 incident when FBI investigators wrote a fake AP story and placed it on a website designed to mimic the Seattle Times in order to infect a suspect's computer. A link to the story bearing the headline "Bomb threat at high school downplayed by local police department" was sent to the MySpace page of a student suspected of making multiple threats against the school and launching cyberattacks against its computer network. In followup emails to the student, Charles Jenkins, an FBI investigator portrayed himself as an "AP staff publisher" in order to get Jenkins to click on the link and links to other photographs. The operation became public in 2014 and was immediately attacked by news organizations claiming that it eroded the public's trust in journalists.

top

EU Court: Wi-Fi providers not responsible for illegal downloads (Deutsche Welle, 15 Sept 2016) - The Court of Justice of the European Union (CJEU) issued a decision freeing businesses that provide free Wi-Fi internet access to their customers from being held responsible for copyright infringement committed by their patrons. The decision by the European Court of Justice in Luxembourg serves as a new precedent in case law across the European Union. In 2010, Sony had brought legal proceedings against a shopkeeper in Germany after a customer used free internet access to illegally download a music album covered by Sony's copyright stipulations. The court found that the owner of the business had no say in the perpetrator's decision to illegally download the data in question. The European Court of Justice did concede, however, that those providing free online access could be obliged secure their networks with a password or to have users sign in with their names to establish their identities. The district court in Munich, which initially was in charge of the case, had turned to the CJEU to ask for assistance in the case, as the alleged copyright infringement was covered by European law. The owner of the shop meanwhile commented that he found the court decision to be "disappointing" because it would serve as a further hindrance to establishing free Wi-Fi across Europe. He referred to the ruling as a "partial win."

top

When Alexa is listening, what do you tell houseguests? (Christian Science Monitor, 16 Sept 2016) - Earlier this week, Amazon unveiled its $50 internet-connected personal assistant "so you can add Alexa to any room in your home." Alexa is the online giant's artificial-intelligence powered bot that listens to what you say and answers your commands and questions: What's the weather? How's traffic? Can you order me a large pepperoni pizza? And the low priced Echo Dot, about the size of a hockey puck, means many more homes will soon have on-command digital listening devices that eavesdrop on - and store - family conversations, holiday celebrations, and even off-color comments (and also bickering siblings or quarreling spouses). Sure, it has its conveniences and Star Trek-like appeal and maybe you're OK with potential privacy implications. But what happens if your houseguests aren't? What if your friends think your robot assistant is creepy? Maybe your in-laws worry about the device's Orwellian implications, or your babysitter is concerned about his privacy. So, what are the manners when it comes to connected homes? Are we approaching a time when we'll warn guests, "Be careful what you say, Alexa is listening." Trevor Hughes, chief executive of the International Association of Privacy Professionals (IAPP), says that moment is fast approaching. "We don't have the social norms for someone to say, 'Oh hey, I have my Amazon Echo on, just so you know.' That's not happening," says Mr. Hughes. "Society will have to decide, what are the right norms? What are the right ways to set the dials so we can maintain privacy and also enjoy these new technologies? We can foresee that there will be flash points, but they haven't happened yet." This confusion isn't exclusive to devices such as Echo. Anything connected to the internet and equipped with a microphone poses quandaries of etiquette. Consider connected toys such as the talking Barbie doll that records and stores its conversations with children. Should parents warn their child's playmates that the dolls could be listening in? [ Polley : see also Google backs off on previously announced Allo privacy feature (The Verge, 21 Sept 2016)]

top

Indian court says 'copyright is not an inevitable, divine, or natural right' and photocopying textbooks is fair use (TechDirt, 19 Sept 2016) - Last week there was a big copyright ruling in India, where a court ruled against some big academic publishers in ruling that a photocopying kiosk that sold photocopied chapters from textbooks was not infringing on the copyrights of those publishers . We wrote about this case over three years ago, when it was first filed . It's actually fairly similar to a set of cases in the US that found college copyshops to be infringing -- leading to a massive increase in educational material for college students. The Indian court went the other way. The full ruling takes a fair use-style look at the question, and recognizes that educational purposes are more important than padding the bank account of some big publishers. The ruling is pretty long, but there are a number of good points in there. Here's the one that a bunch of people have been quoting, noting that copyright is not inevitable, divine or a natural right: Copyright, specially in literary works, is thus not an inevitable, divine, or natural right that confers on authors the absolute ownership of their creations. It is designed rather to stimulate activity and progress in the arts for the intellectual enrichment of the public. Copyright is intended to increase and not to impede the harvest of knowledge. It is intended to motivate the creative activity of authors and inventors in order to benefit the public.

top

Lloyd's of London survey reveals nine out of 10 businesses have suffered a major cyber attack (ITProPortal, 20 Sept 2016) - According to a new survey, nine out of 10 big business in Europe have fallen victim to a significant cyber attack during the last five years, though less than half are concerned regarding the possibility of future breaches.

Lloyd's of London conducted a survey of chief executives and senior bosses at 346 European companies with a turnover of €250 million or more. The boss of the company, Inga Beale believes that the results of the survey show that European businesses are "complacent" when it comes to cyber attacks and the damage they could cause their business and brands.

top

- and -

Verizon's statement on Yahoo's data breach is about as rough as it gets (Mashable, 22 Sept 2016) - You don't see corporate statements like this every day. On Thursday, Yahoo admitted that a data breach in 2014 ended up with the theft of far more user data than had been previously thought. By Yahoo's count, some 500 million user accounts had at least some information stolen. That's news to Verizon, the company that acquired Yahoo's core business in July for $4.83 billion but has not yet finalized the acquisition. When reached for comment, Verizon released a pretty stunning statement, claiming it had not been aware of the breach until very recently. "Within the last two days, we were notified of Yahoo's security incident. We understand that Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact. We will evaluate as the investigation continues through the lens of overall Verizon interests, including consumers, customers, shareholders and related communities. Until then, we are not in position to further comment." Among the surprising details, Verizon is claiming that Yahoo only provided notification of the breach in the last two days. TWO DAYS. Yahoo has had a deal with Verizon for an acquisition for two months. Next, Verizon said that even now, the company doesn't really know what's going on. I'm sure it knows more than we do at this point, but you'd imagine that with almost $5 billion on the line, there would be a healthy amount of transparency.

top

University may remove online content to avoid disability law (InsideHigherEd, 20 Sept 2016) - The University of California, Berkeley, has announced that it may eliminate free online content rather than comply with a U.S. Justice Department order that it make the content accessible to those with disabilities. The content in question is all free and is for the general public to use. "The department's findings do not implicate the accessibility of educational opportunities provided to our enrolled students," said a statement on the situation by Cathy Koshland, vice chancellor for undergraduate education. While the university has not made a final decision, she said, it may not be able to afford complying with the Justice Department's recommendations on how to make the online material accessible. The material in question involves courses provided by Berkeley through the edX platform for massive open online courses, and videos on YouTube and iTunes University. The Department of Justice found that much of this online material is in violation of the Americans With Disabilities Act, which requires colleges to make their offerings accessible to people with disabilities. The department investigation followed complaints by two individuals who are deaf -- one of them a faculty member at Gallaudet University and one at its school for elementary and secondary school students. Both said that they are unable to use Berkeley online material because it has not been formatted for use by people with hearing disabilities. Berkeley released the Justice Department letter finding the university in violation of ADA. The letter outlined numerous concerns about issues related to those who are deaf as well as those who have visual disabilities: * * *

top

Court: With 3D printer gun files, national security interest trumps free speech (ArsTechnica, 21 Sept 2016)) - A federal appeals court ruled Tuesday against Defense Distributed, the Texas organization that promotes 3D-printed guns, in a lawsuit that it brought last year against the State Department. In a 2-1 decision, the 5th Circuit Court of Appeals was not persuaded that Defense Distributed's right to free speech under the First Amendment outweighs national security concerns. As Ars reported in February 2016 , the lawsuit, Defense Distributed v. Department of State , centers on whether a website that publishes CAD files-which would enable foreigners outside the US to print a firearm-violates munitions export laws. Fearing a possible lawsuit by the State Department or prosecution by the government, Defense Distributed took the files down three years ago , but they have since reappeared on BitTorrent sites. The federal civil suit originated three years ago when Cody Wilson and his group, Defense Distributed, published designs for the " Liberator ," the world's first 3D-printed handgun. Within months, Defense Distributed received a letter from the United States Department of State's Office of Defense Trade Controls Compliance , stating that 10 files, including the designs of the Liberator, were in violation of the International Traffic in Arms Regulations (ITAR). This letter came despite the fact that these files had already been downloaded hundreds of thousands of times and continue to circulate online. Defense Distributed then re-submitted a "commodity jurisdiction request" to the Department of State, which they hoped would clear the way for the publication of the files. After waiting for two years, Defense Distributed, along with the Second Amendment Foundation, sued the Department of State and argued that the government's action constituted "prior restraint"-preventing publication before it occurs. In the United States, the Supreme Court has generally rejected the concept of prior restraint. However, one member of the 5th Circuit, District Judge Edith Jones, directly disagreed with her colleagues. In a scathing dissent, she called it an "irrational representation" of the export regulations. She also described the government's actions as "pure content-based regulation."

top

A new service just launched that allows voters in key states to register to vote via text message (Business Insider, 22 Sept 2016) - Registering to vote may now be a lot easier for a portion of the roughly 90% of Americans who own a cellphone. The nonprofit group Fight For The Future launched HelloVote on Thursday morning with the goal of boosting voter registration in several key battleground states by allowing voters to register directly via text message or Facebook Messenger. Backed by brands like MTV, Genius, and the Latino Victory Project, the tool is the first major service to offer voter registration through text messaging, a process the company hopes will boost voter registration rolls, particularly among young voters. HelloVote today can register people to vote via SMS or Facebook in six states: Arizona, California, Colorado, Georgia, Massachusetts, and Virginia. HelloVote is only partially operational in other states. Each state maintains its own election laws, and many still require that voters mail in paper registration forms. In these instances, HelloVote's text system fills out the registration form via SMS and creates a printer-friendly version for voters to print out and submit.

top

NOTED PODCASTS/MOOCS

Crypto arg: CA3 judges seemed on board that being forced to enter passcode only testifies to knowing the passcode. (Orin Kerr on Twitter, 8 Sept 2016) - Oral argument here: http://www2.ca3.uscourts.gov/oralargument/audio/15-3537USAv.AppleMacProComputer.mp3

top

BOOKS

Weapons of Math Destruction: The Dark Side of Big Data (review in InsideHigherEd, 21 Sept 2016) - So often when someone starts a Twitter message with the label "Must read" I get defensive. You're not my teacher. I'm a grown up. I get to decide what I'm going to read, thank you very much. But I'm really tempted to start this post with "Must read" because Cathy O'Neil's book, Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy is important and covers issues everyone should care about. Bonus points: it's accessible, compelling, and - something I wasn't expecting - really fun to read. O'Neil is a data scientist who taught at Barnard before being seduced by the excitement of applying mathematics to finance, working for a Wall Street hedge fund before the crash of 2008. One of the things she quickly learned was different from academic mathematics was that employees were treated like members of an Al Qaida cell: the amount of information they could share was strictly limited so that if anyone was captured by a competing firm, they couldn't reveal too much. Also, the scale of their collective if obscure work was ginormous. Subprime mortgages were a three trillion dollar market, but the markets created around them through credit default swaps, synthetic CDOs, and other weird financial inventions based on math and baloney was twenty times that size. As it all began to collapse, the damage cascaded, and people, lots of people, got hurt. These risky financial instruments, like many other proprietary big data projects - what O'Neil calls "weapons of math destruction" - have features in common. They are opaque (few people could understand them even if they weren't trade secrets that cannot be examined by those who are subject to the decisions they make); they work at large scale, and because they are sealed systems, they can't learn from their mistakes. They can do a lot a damage and are bizarrely unaccountable for it, often claiming greater objectivity than the fallible humans who encode them. Her experience in high finance is a cautionary tale because the features that crashed the world economy are present in big data systems that affect our lives in myriad ways, from education to jobs to the criminal justice system to how we are persuaded to vote. * * *

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Free calls from AIM (InternetNews.com, 8 May 2006) -- First came free e-mail addresses, and then came free IM accounts. Later this month, Dulles, Va.-based AOL plans to offer free phone numbers through its instant messenger (AIM). AIM Phoneline brings Internet phone calling to the more than 40 million AOL instant messenger users. Slated to begin May 16 in 50 U.S. markets, the service will offer a free base of features along with a $14.95 fee-based premium option, according to an AOL spokesperson. Based on AIM Triton, AIM Phoneline augments AOL's TotalTalk VoIP offering. AOL will offer Phoneline users free local phone numbers enabling unlimited inbound calls from traditional phones, cell phones and PCs. Cell phone users can receive text messages alerting them when an IM-based call is received, as well as listen to Phoneline voicemail. Along with free phone numbers, AOL will provide AIM users free voicemail. Calls not answered are saved as MP3 files and sent to an AOL or AIM mailbox, according to a company statement. While the differences between AOL's VoIP plans "are kind of subtle," the company wants to be sure all its bases are covered, according to Joe Laszlo, analyst with JupiterResearch.

top

Proposed FEC rules would exempt most political activity on internet (Washington Post, 25 March 2006) -- The Federal Election Commission last night released proposed new rules that leave almost all Internet political activity unregulated except for the purchase of campaign ads on Web sites. "My key goal in this rule-making has been to make sure that the commission establish clear rules to exempt individuals who engage in online politics from campaign finance laws," said Chairman Michael E. Toner, a Republican. "We tried to craft a regulation that would allow the maximum amount of freedom for people as possible," said Commissioner Ellen L. Weintraub, a Democrat. Most bloggers, individual Web users, and such Web sites as Drudge Report and Salon.com are exempted from regulation and will be free to support and attack federal candidates, much as newspapers are allowed. For the most part, leading advocates of the blogger community welcomed the proposed rules. "As a whole, these are rules that I think those who have been fighting regulations are going to be cheering," said Richard L. Hasen, a professor at Loyola Law School in Los Angeles, who runs the Election Law blog. The rules provide "broad exemptions for most political activity on the Internet, and expand the media exemption to the Internet," he said. Hasen and others noted that as technology advances, the regulations will have to be modified. In particular, Hasen said, "as the Internet and TV converge, the FEC or Congress will eventually need to rethink these rules to see if they make sense." "Generally, it's in line with what I think bloggers ask for," said Jerome Armstrong, the founder of the liberal blog MyDD, an adviser to the Howard Dean for president campaign in 2004 and currently an adviser to former Virginia governor Mark R. Warner's political action committee. "They give bloggers the media exemption." Armstrong voiced concern, however, over potential difficulties that could result from a requirement that campaign ads have disclaimers. "The size of a Web ad and the size of blog ad is so small that having to put a disclaimer on it is going to take up all the space," he said.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. Aon's Technology & Professional Risks Newsletter

5. Crypto-Gram, http://www.schneier.com/crypto-gram.html

6. Steptoe & Johnson's E-Commerce Law Week

7. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

8. The Benton Foundation's Communications Headlines

9. Gate15 Situational Update Notifications, http://www.gate15.us/services.html

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

Saturday, September 03, 2016

MIRLN --- 14 August - 3 September 2016 (v19.12)

MIRLN --- 14 August - 3 September 2016 (v19.12) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | DIFFERENT | LOOKING BACK | NOTES

The copyright case that should worry all internet providers (WaPo, 12 August 2016) - Will Internet providers have to start cracking down harder on their own customers for suspected copyright infringement? That's one of the big questions being raised in the wake of an obscure court ruling that finds that Cox Communications is liable for the illegal music and movie downloads of its subscribers. Earlier this week, a federal judge said Cox Communications will have to pay a $25 million penalty that a jury had awarded in December to BMG, the music rights company. BMG had been using a third-party company called Rightscorp to monitor the Internet for filesharing activity and notify Internet providers when it found evidence of it. The expectation was that Cox would pass along Rightscorp's notices to consumers. BMG claimed that Cox was dragging its feet and using a variety of technical means to keep the notices from reaching its affected customers. The court ruled in favor of BMG's argument that Cox should be held liable because it not only knew that its users were illegally downloading copyrighted content, it also took actions that contributed to it. The finding that Cox is liable for its customers' piracy should absolutely worry other Internet providers, according to legal analysts at the consumer group Public Knowledge. The precedent raises fresh questions about what else Internet providers may be liable for beyond copyright, for example, and what the risk of litigation could mean for their ability to grow and provide reliable service to their subscribers. It may also lead to greater monitoring and control of individual customers.

top

Data Breaches in the Board Room: An update on shareholder claims against directors and officers arising from data breaches ( Hogan Lovells, 15 August 2016) - On 7 July 2016, the Federal District Court for the District of Minnesota dismissed four shareholder derivative lawsuits against the directors and officers of Target Corporation arising out of the company's 2013 data breach. These lawsuits were part of a growing trend that has emerged over the past several years: shareholder derivative cases filed against directors and officers in the wake of a data breach alleging claims for breach of fiduciary duty relating to the breach. We discussed this trend after the dismissal of a similar lawsuit against the directors and officers of Wyndham Worldwide Corporation. In that update, we identified steps directors and officers can take to protect themselves from such lawsuits. The dismissal of the Target derivative action provides additional insights into how directors and officers can address cybersecurity events, both prior to and after a breach. * * * The potential for litigation against directors and officers following data breaches remains a serious concern. However, with the dismissals of the Wyndham and now the Target shareholder litigation, boards of directors and management have examples of concrete actions they can take, both before and after a data breach, to demonstrate their diligence and good faith in addressing this growing area of risk. Such attention will benefit the companies they serve, and in the event of a major breach, will help protect the directors and officers from allegations that they did not do enough to prevent the breach or to investigate it.

top

Is projecting a message onto the wall of a building a trespass? A nuisance? (Eugene Volokh, 17 August 2016) - You're running a restaurant - or maybe a mosque or an abortion clinic. Union members stand on a public sidewalk outside the restaurant and project light onto your wall that causes a message to appear on your wall: It says the restaurant got cited for health code violations. Or it says "this business hires scabs." Or anti-Islam protesters project a Muhammad cartoon on the wall, or antiabortion protesters project an image of an aborted fetus. Can you stop this by going to court and getting an injunction, on the theory that the projection onto what is, after all, your wall is a trespass? This issue has come up in at least several recent cases, all involving union speech - but it could equally involve other kinds of protests. The only one I've seen that has yielded written opinions is Int'l Union of Painters & Allied Trades Dist. Council 15 Local 159 v. Great Wash Park, LLC, 2016 WL 4165919 (Nev. Ct. App. July 29) . And one of the opinions is very interesting indeed. * * * Judge Jerome Tao, though, wrote a much longer concurring opinion (in addition to joining the court's opinion) and one that strikes me as very interesting and thoughtful. First, he discussed why this case might be harder than the court's opinion suggests: Virtually all of the "light trespass" cases cited by the parties, and in the court's order, concern the potential trespassory effects of "ambient" light, by which I mean light intended to serve a legitimate ulterior purpose on a nearby property but which incidentally happens to leak or diffuse onto the claimant's property; common examples of this include construction lighting or light reflecting off the screen of a drive-in movie theater. In contrast, this case involves something arguably different: a beam of light specifically and intentionally directed at the Respondents' property and nowhere else that served no purpose other than to intentionally light up the Respondents' building the way the Union wanted. Does this distinction make a difference? It seems to me that it possibly could, and if so then we are presented with a question of first impression, as almost all of the existing case law relates to ambient lighting…. * * *

top

LabMD suffers relapse, as FTC condemns its data security practices (Steptoe, 18 August 2016) - Overruling the surprise decision last year of an administrative law judge, the Federal Trade Commission has held that LabMD's data security practices were "unreasonable" and constituted an "unfair" practice in violation of the FTC Act. The action stems from the unauthorized disclosure in 2008 of a file that contained the names, dates of birth, Social Security numbers, and medical and health insurance information of approximately 9,300 LabMD customers on Limewire, a peer-to-peer file sharing program. The FTC found that LabMD "lack[ed] even basic precautions to protect sensitive consumer information." It also found that the disclosure of the file was itself a substantial harm, that the exposure of the information to other unauthorized parties was "likely to cause substantial harm," and that a showing of economic injury to consumers was unnecessary. This is the first data security case actually litigated before the FTC (rather than settled), so the Commission's decision sets a significant precedent.

top

Study: Consumers spend 50+ hours per week using a 'screen' (Multichannel, 18 August 2016) - Consumers spend more than 50 hours a week using a "screen" -- whether that's a TV, a PC, tablet or smartphone, The Diffusion Group found in a new study that also factors in data from Nielsen. The firm also found that per-capita use of smartphones has grown to 8.6 hours per week, more than the total amount of time consumers spend watching broadband video (8.2 hours). The average screen time spent on social networks now totals about four hours per week, of which 63% is used on services like Instagram (2.5 hours per week), TDG said, noting that these trends are a key reason why a growing number of programmers and media companies are using social-mobile (SoMo) platforms to deliver video. "Screen time is shifting towards mobile. Mobile usage is shifting towards social networking apps. And social networking apps are shifting towards video. All the trends are lining up in favor of massive growth in SoMo Video over the next decade," Joel Espelien, senior analyst with TDG and author of the report - The Future of Smartphone Video 2016-2025 , said in statement.

top

Australia Post details plan to use blockchain for voting (ZDnet, 22 August 2016) - Australia Post is looking to move into the business of running elections, and plans to use the blockchain as a central pillar of its plan. In a submission to the Victorian Electoral Matters Committee , the government-owned postal service said community expectations were driving the push towards digital voting, and it would be looking to put its prior work with blockchain to use. "The emergence of crypto currencies on the technology known as blockchain have highlighted opportunities to repurpose that technology to capture various digital transactions in immutable, distributed and secure ways," Australia Post State Director, Victorian Government and Tasmania, Tim Adamson, said in the submission. "In many ways voting is an ideal use case for blockchain technology application beyond crypto currency." According to Adamson, using the blockchain for voting would allow for a location agnostic, "tamper proof" system that would provide traceability, prevent manipulation, yet allow anonymity, and be resistant to denial of service attacks. Australia Post also detailed how it would handle Australia's preferential system of voting used in parliamentary elections. "We envisage a vote being an electronic transaction whereby a number of voting 'credits' can be 'spent' by the voter to attribute preferences. Permission to vote would be secured through the use of secure digital access keys sent securely to each voter. "A ballot would be cryptographically represented within the blockchain, with each vote linked to the voter through their preference choice stored within the blockchain in a way that anonymises and protects that information from being publically accessible."

top

- and -

FBI detects breaches against two state voter systems (Reuters, 29 August 2016) - The Federal Bureau of Investigation has found breaches in Illinois and Arizona's voter registration databases and is urging states to increase computer security ahead of the November presidential election, according to a U.S. official familiar with the probe. The official, speaking on condition of anonymity, said on Monday that investigators were also seeking evidence of whether other states may have been targeted. Accessing information in a voter database, much of which is publicly accessible, does not necessarily suggest an effort to manipulate the votes themselves. When registering, voters typically provide their names, home addresses, driver's license or identification numbers, and party affiliations. But U.S. intelligence officials have become increasingly worried that hackers sponsored by Russia or other countries may attempt to disrupt the presidential election. Officials and cyber security experts say recent breaches at the Democratic National Committee and elsewhere in the Democratic Party were likely carried out by people within the Russian government. * * * Only five states - New Jersey, Delaware, Georgia, South Carolina and Louisiana - use electronic voting machines without a paper trail, according to a database maintained by Verified Voting, a non-profit organization that aims to improve vote accuracy and transparency. But several state election boards have rejected assistance from the Department of Homeland Security to secure their voting systems, citing fears of a federal takeover of a state-run system, said Susannah Goodman, director of the voting integrity program at Common Cause, a progressive advocacy organization.

top

- and -

Two swing states decline DHS security for voting machines (The Hill, 26 August 2016) - Two swing states, Pennsylvania and Georgia, are declining an offer from the Department of Homeland Security (DHS) to scan their voting systems ahead of the 2016 elections. In August, DHS offered to help states thwart potential hacking amid cybersecurity concerns about just how easily a U.S. election could be manipulated. Georgia and Pennsylvania, however, have opted out. Instead, the two states will rely on their own systems to monitor potential election hacking, reports NextGov. Georgia Secretary of State Brian Kemp cited state sovereignty concerns. "The question remains whether the federal government will subvert the Constitution to achieve the goal of federalizing elections under the guise of security," he told Nextgov in an email. "Designating voting systems or any other election system as critical infrastructure would be a vast federal overreach, the cost of which would not equally improve the security of elections in the United States." Pennsylvania, a battleground state , expressed confidence in its own ability to hold a secure election.

top

MOOCs and beyond (InsideHigherEd, 22 August 2016) - By now we know that MOOCs are not the final answer . Higher education will not be saved (or destroyed) by these massive open online courses that splashed into everyone's consciousness about three years ago. Yes, they provide some fascinating opportunities for expanding access to higher education, for helping us to rethink how teaching and learning works, and for revitalizing the debate about the role of faculty and the power (or futility) of going to college. But most pundits and educators have moved on to the next shiny new fad. This is a mistake. For underneath and behind the scenes, much progress continues to be made.* In fact, I would suggest that it is only now - after three frustrating years where expectations were raised way too high and subsequently plummeted way too low - are we starting to see the real opportunities. This can be seen in the recent announcement by MIT that one of its popular MOOCs (on philosophy) will introduce "instructor grading." As the press release proclaims, "having a trained philosopher [will] provide individual feedback [which] is crucial to knowing how much of the material was truly understood. That engagement is an essential part of the pedagogical experience - just not one learners from Boston to Bangladesh can typically experience together." This is a fascinating development. By now it is crystal clear that MOOCs cannot be compared to traditional courses. Yes, they may replace and/or supplement existing courses, but they are fundamentally different. And that difference is exactly the kind of interactivity - of engagement, feedback, grading - that is at the heart of the give and take of deep learning in higher education. Without such engagement, MOOCs might as well be (and have been compared to) the correspondence courses of the 1800s or your local public radio or TV station. It's just information transfer; not true knowledge development. * * *

top

FBI authorized informants to break the law 22,800 times in 4 years (Daily Dot, 23 August 2016) - Over a four-year period, the FBI authorized informants to break the law more than 22,800 times, according to newly reviewed documents. Official records obtained by the Daily Dot under the Freedom of Information Act ( FOIA ) show the Federal Bureau of Investigation gave informants permission at least 5,649 times in 2013 to engage in activity that would otherwise be considered a crime. In 2014, authorization was given 5,577 times, the records show. USA Today previously revealed confidential informants engaged in "otherwise illegal activity," as the bureau calls it, 5,658 times in 2011. The figure reached 5,939 a year later, according to documents acquired by the Huffington Post. In total, records obtained by reporters confirm the FBI authorized at least 22,823 crimes between 2011 and 2014. (Totals from 2015 were unavailable when the Daily Dot initiated its records request.) Those crimes can have serious and unintended consequences. For example, a Daily Dot investigation found that an FBI informant was responsible for facilitating the 2011 breach of Stratfor in one of the most high-profile cyberattacks of the last decade. While a handful of informants ultimately brought down the principal hacker responsible, the sting also caused Stratfor, an American intelligence firm, millions of dollars in damages and left an estimated 700,000 credit card holders vulnerable to fraud. More recently, in 2013, FBI agents in Louisiana allegedly shot and killed a federal informant , Allen Desdunes, according to court records reviewed by the New Orleans Advocate . Desdunes, 37, reported to the bureau on a daily basis before "reneging on an agreement that had kept him out of jail even after investigators found several thousand dollars worth of heroin in his vehicle," according to the paper. It remains unclear whether Desdunes was permitted to continue dealing drugs while providing the FBI information about his heroin supplier. [ Polley : How does this "permission" actually work? Most of these crimes would be state violations, not federal. Does "permission" work to defeat common-law mens rea , which might be an otherwise required elements of the crime? What happens then in jurisdictions which have gone so "code" that mens rea is not relevant?]

top

Sedona conference publishes draft TAR case law primer (Ride the Lightning, 24 August 2016) - The Sedona Conference has published for comment a Draft TAR Case Law Primer , a comprehensive review of court decisions addressing the use of TAR. You will find information on the Da Silva Moore case, in which technology assisted review was first authorized, disputed issues regarding TAR including efforts by requesting parties (and by courts) to compel the use of TAR, cases that address using search terms to cull the document population before applying TAR, cases, and cases involving disclosure of seed/training/validation sets, advance court approval of the use of TAR and international adoption. The conclusion? TAR is an acceptable search and review methodology with unresolved issues. There is also discussion on using TAR to achieve the goals of Federal Rule 1 (the just, speedy, and inexpensive resolution of legal proceedings) and Rule 26(b)(1) (proportionality). Sedona is encouraging public comment on the Primer as an initial step in developing guidelines for principles for the use of advanced search and review technologies in legal proceedings.

top

All the ways your Wi-Fi router can spy on you (The Atlantic, 24 August 2016) - City dwellers spend nearly every moment of every day awash in Wi-Fi signals. Homes, streets, businesses, and office buildings are constantly blasting wireless signals every which way for the benefit of nearby phones, tablets, laptops, wearables, and other connected paraphernalia. When those devices connect to a router, they send requests for information-a weather forecast, the latest sports scores, a news article-and, in turn, receive that data, all over the air. As it communicates with the devices, the router is also gathering information about how its signals are traveling through the air, and whether they're being disrupted by obstacles or interference. With that data, the router can make small adjustments to communicate more reliably with the devices it's connected to. But it can also be used to monitor humans-and in surprisingly detailed ways. As people move through a space with a Wi-Fi signal, their bodies affect it, absorbing some waves and reflecting others in various directions. By analyzing the exact ways that a Wi-Fi signal is altered when a human moves through it, researchers can "see" what someone writes with their finger in the air, identify a particular person by the way that they walk, and even read a person's lips with startling accuracy-in some cases even if a router isn't in the same room as the person performing the actions. * * *

top

Adwords buys using geographic terms support personal jurisdiction (Eric Goldman, 26 August 2016) - This is a personal jurisdiction case, so I'll get right to the point. If an AdWords advertiser buys keywords that contain geographic terms, the advertiser might face a greater risk of personal jurisdiction in those geographies. It's likely that buying geo-located AdWords ads would also increase that risk, but this case doesn't address that scenario. If you want a little more detail, keep reading. This case is a consumer protection lawsuit against a payday lender, MoneyMutual. The plaintiffs sought personal jurisdiction over the defendant in Minnesota. Among other supporting facts, the plaintiffs alleged that MoneyMutual bought the exact-match keyword phrases "payday loans Minnesota" and "payday loans Minneapolis." MoneyMutual replied that it bought "payday loans [geography]" for lots of different geographies, so this was really a nationwide campaign with multiple local implementations in parallel with each other. The Minnesota Supreme Court doesn't like this argument at all: * * * So the lesson I draw from this: the more your ads are customized to a particular geography, the more likely you'll be liable for personal jurisdiction in that geography. I doubt this will change many advertisers' behaviors, but at least they can and should appreciate those consequences. And if you're a plaintiff trying to reach a remote defendant, your odds of establishing jurisdiction increase if you can show greater geographic scienter by the defendant.

top

Former Justice Department lawyer is censured for telling journalist about wiretap program (ABA Journal, 26 August 2016) - A former Justice Department lawyer has been censured for telling a New York Times reporter about the National Security Agency's warrantless wiretap program. The lawyer, Thomas Tamm, was censured (PDF) on Thursday, report the National Law Journal (sub. req.) and the Legal Profession Blog . Tamm had agreed to accept the censure by the District of Columbia Court of Appeals. Mitigating factors included Tamm's cooperation with ethics authorities, his intent to further compliance with the law by disclosing the information. Tamm had told a reporter about the program in a 2004 call from a pay phone. He suspected the program, used to tap overseas phone calls and emails of terrorism suspects, had illegally bypassed the special intelligence court. Tamm is currently a state public defender in Maryland. One of his lawyers, Paul Kemp, told the National Law Journal that the lawyers were "just glad this nightmare is over for him and his family. … The best news is that it's over, and Tom is a hero for having disclosed what he did in the fashion in which he did it."

top

Here's the tech NBC built to stream the Olympics - now can it replace TV? (The Verge, 26 August 2016) - For NBC, this year's Olympic Games coverage was more than just a series of household rating points; it was a moment of truth in a fast-changing media world. To say the network won silver in prime-time television ratings would be kind: no matter which article you read, it points out that ratings were down by double digits at different points throughout the games. To say the network took home the gold in streaming video would also be an overstatement: online viewership was up, but the online experience wasn't quite ready to replace the traditional TV experience. That doesn't mean the Olympics went unnoticed: Simone Manuel's groundbreaking swim, Michael Phelps' memeworthy game face, and Usain Bolt's grin as he sprinted past his competitor all made it into national conversations. Katie Ledecky became a national hero, the next great American Olympian. But for a multitude of possible reasons - anything from a late-summer start, tape delays, a multi-channel approach, or the notion that younger audiences might just have their heads stuck in a "Facebook bubble or a Snapchat bubble" as NBCUniversal chief Steve Burke actually predicted - fewer people wanted to watch those moments on regular television. In short, a big shift is happening, one that NBC is acutely aware of now that the Olympics have passed. "We're still learning and experimenting," Mark Lazarus, chairman of NBC Sports Group, said in a phone interview with The Verge while the games were still in progress. "This is still a test across so many platforms, and we're going to be learning some lessons that we're going to be using in the future." That future isn't in four years, though, that future is actually now. And at some point, what NBC streams online might have to be more important than what it broadcasts in prime time. This year's Olympics were a demonstration that the technology works - now the trick is figuring out the best way to use it. * * *

top

The American Bar Association should be a champion of open access to law (Lawyerist, 29 August 2016) - Here is the unfortunate way the American Bar Association responded when Wolters Kluwer asked to reprint some of the Model Rules of Professional Conduct in a professional responsibility course book, Ethical Problems In The Practice Of Law : " It is the policy of the ABA and its Center for Professional Responsibility not to permit the reproduction of more than 25% of publications it is selling itself. Moreover, it is the policy of the ABA … not to permit reproduction of the Model Rules without the applicable Comments." In other words, if you want to publish the ethics rules that everyone who takes the Bar Exam is responsible for knowing, you must pay a substantial fee to the ABA. Keep in mind that the reason everyone who takes the Bar Exam is responsible for knowing the model rules is that the ABA includes that requirement its law school accreditation standards . Now the American Bar Association may or may not be in the right as a matter of law (spoiler: probably not ), but it is very much wrong as an example for the profession. n its report on the future of legal services , the ABA Commission on the Future of Legal Services found, among other things, that attempts to introduce technology as a way to solve legal problems are often met with heavy resistance. And hefty price tags from the ABA, it turns out. But there is another obstacle to using technology to increase access to justice: the lack of open access to law. It was a thread running through CodeX , and I've talked about it in-depth with Sarah Glassmeyer and Ed Walters . You can't built great software on top of nothing. Often, you need to incorporate the law, either as law or in the algorithms that power the software. And if you have to pay for the law, you have to charge for the software, which often means you are going to build software for big firms, not for the public. Is the ABA's insistence on licensing the Model Rules the reason we can't close the access-to-justice gap? No. But it sets up the ABA as an obstacle to access, not a champion of access.

top

- and -

Harvard is digitizing nearly 40 million pages of case law so you can access it online and for free (Bostonomix, 30 August 2016) - Not too long ago, a statement like this spoken in the hushed, hallowed hallways of the Harvard Law School library would have been considered heresy: "I think for court decisions, law books are becoming obsolete and even to some some degree a hindrance." That's Adam Ziegler, and he's no heretic. He's the managing director of the Library Innovation Lab at Harvard. Ziegler is leading a team of legal scholars and digital data workers in the lab's Caselaw Access Project . "We want the law, as expressed in court decisions, to be as widely distributed and as available as possible online to promote access to justice by means of access to legal information," Ziegler said. "But also to spur innovation, to drive new insights from the law that we've never been able to do when the law was relegated to paper." Harvard Law's collection, second only to the one kept by the Library of Congress, includes the civil and criminal case law decisions from every state and federal court. Ziegler and his team estimate that across all 43,000 case law books in the collection, each has an average of about 921 pages. That's nearly 40 million pages that need to be digitized. The law school has so many books that the majority are stored in a vast vault in a hidden hilltop repository in Southborough, out of sight and not very accessible to students and scholars. Ziegler says the oldest decision in Harvard's case law collection dates back to Rhode Island's Court of Trials circa 1647. He wants to extend its future forever. * * *

top

- and -

NASA opens up its research online for free (TechDirt, 30 August 2016) - Every once in a while, we get some good news out of a government agency. Based on a 2013 directive from the White House, NASA had finally announced early this year that it would be following the NIH model and making its publicly funded research available for free online. With the only caveat being a restriction on research that relates to national security, NASA has made good on plans to publish the rest of this research on Pubspace, its new publicly-facing portal for sharing this research: Care to learn more about 400-foot tsunamis on Mars? Now you can, after Nasa announced it is making all its publicly funded research available online for free. The space agency has set up a new public web portal called Pubspace, where the public can find Nasa-funded research articles on everything from the chances of life on one of Saturn's moons to the effects of space station living on the hair follicles of astronauts. It's a fine sentiment, as well as a wonderful analogous case to point to when discussing other knowledge that should, but currently isn't, freely available to the public. That NASA's research was long hidden entirely, or hidden behind a paywall, was especially egregious, however, given that this research is publicly funded. And, as even better news, this appears to be becoming something of a practice among the scientific community: The move is part of a trend in the worldwide scientific community towards making knowledge more readily available. In May, EU member states agreed on an initiative to try to make all European scientific papers freely available by 2020. In the meantime, you can enjoy Nasa-funded insights into keeping fit in space, the ages of the lunar seas, and much more. Should keep you occupied for the weekend.

top

- and -

Stupid patent of the month: Elsevier patents online peer review (EFF, 31 August 2016) - On August 30, 2016, the Patent Office issued U.S. Patent No. 9,430,468 , titled; "Online peer review and method." The owner of this patent is none other than Elsevier, the giant academic publisher. When it first applied for the patent, Elsevier sought very broad claims that could have covered a wide range of online peer review. Fortunately, by the time the patent actually issued, its claims had been narrowed significantly. So, as a practical matter, the patent will be difficult to enforce. But we still think the patent is stupid, invalid, and an indictment of the system. Before discussing the patent, it is worth considering why Elsevier might want a government granted monopoly on methods of peer review. Elsevier owns more than 2000 academic journals . It charges huge fees and sometimes imposes bundling requirements whereby universities that want certain high profile journals must buy a package including other publications. Universities , libraries , and researchers are increasingly questioning whether this model makes sense. After all, universities usually pay the salaries of both the researchers that write the papers and of the referees who conduct peer review. Elsevier's business model has been compared to a restaurant where the customers bring the ingredients, do all the cooking, and then get hit with a $10,000 bill. The rise in wariness of Elsevier's business model correlates with the rise in popularity and acceptance of open access publishing. Dozens of universities have adopted open access policies mandating or recommending that researchers make their papers available to the public, either by publishing them in open access journals or by archiving them after publication in institutional repositories. In 2013, President Obama mandated that federally funded research be made available to the public no later than a year after publication, and it's likely that Congress will lock that policy into law . Facing an evolving landscape, Elsevier has sought other ways to reinforce its control of publishing. The company has tried to stop researchers from sharing their own papers in institutional repositories , and entered an endless legal battle with rogue repositories Sci-Hub and LibGen . Again and again, when confronted with the changing face of academic publishing, Elsevier resorts to takedowns and litigation rather than reevaluating or modernizing its business model. * * *

top

ILTA tech purchase survey reveals firms' cloud skepticism, cybersecurity spend and AI interest (LetalTechNews, 30 August 2016) - The current legal tech market is defined by cloud skepticism, security and compliance concerns, and growing interest in AI technology, according to the "2016 ILTA/InsideLegal Technology Purchasing Survey" of 175 ILTA member law firms. Slightly more than half (53 percent) of firms increased their technology budgets in 2016, representing a 12 percent rise compared with 2015. Over one-third (38 percent) of respondents noted their budget stayed the same over the year, while 9 percent said they decreased their tech spend in 2016. In addition, 53 percent of respondents said their annual technology spend translated to between $5,000 to $14,000 per attorney, with 17 percent spending less than $5,000 per attorney and 30 percent spending over $14,000 per attorney. As a percentage of their annual revenues, 52 percent of law firms spent between 2 percent to just under 5 percent of revenue on technology, while 19 percent spent less than 2 percent. In addition, 13 percent of firms budgeted between from 5 to 6 percent of their revenues for technology expenditures. Looking ahead, two-thirds (67 percent) of firms said security management was the biggest challenge facing their operations, while 42 percent cited lack of employee training, and around 40 percent cited risk management, email management or information governance. Their concerns and focus were reflected in their purchases. Over the last 12 months, for example, 44 percent purchased cybersecurity software, 40 percent purchased security assessments, and 27 percent spent on security training. While only 24 percent plan to purchase cybersecurity tools over the next year, demand for security assessments over the next 12 months remained level (42 percent), while demand for security training rose to 33 percent.

top

If your email account is hacked, you should probably tell opposing counsel (Lawyerist, 1 Sept 2016) - A few years ago, there was an ABA ethics opinion that told lawyers that if they thought their email had been hacked, they needed to warn their client about the risks of sending or receiving email. That seemed like a bit of a theoretical worry, but it turns out that that even something like a run-of-the-mill employment discrimination case can lead to an actual court case and an actual loss of money, rather than chin-stroking ethics hypotheticals. The Legal Profession Blog highlighted a recent decision from the United States District Court for the Eastern District of Virginia enforcing a settlement order in a case where a hacker absconded with the funds that the plaintiff received as a settlement. The takeaway: If your email has been hacked and you're expecting a settlement check, make sure you tell opposing counsel to check directly with you about any emails from you. A Virginia lawyer didn't do that, and the hacker used his email account to direct the settlement funds to an offshore bank account. The money was gone, and his client insisted that the settlement be enforced, which would mean the opposing party paid twice. The court said he had nobody to blame but himself because he knew he had been hacked but didn't tell opposing counsel. In sorting out the case, the court looked at whether opposing counsel behaved reasonably in sending the money in the first case. This was necessary because the defense was that somehow opposing counsel should have known the email was shady. But the hacked email bore all signs of being legitimate and believable: "Perhaps the best and most hilarious reason: 'The content of the email was consistent with [the Virginia lawyer's] error-prone typography.'"

top

RESOURCES

Adler on Fair Use and the future of art (MLPB, 23 August 2016) - Amy Adler, New York University School of Law, is publishing Fair Use and the Future of Art in volume 91 of the New York University Law Review (2016). Here is the abstract: Twenty-five years ago, in a seminal article in the Harvard Law Review, Judge Leval changed the course of copyright jurisprudence by introducing the concept of "transformativeness" into fair use law. Soon thereafter, the Supreme Court embraced Judge Leval's new creation, calling the transformative inquiry the "heart of the fair use" doctrine. As Judge Leval conceived it, the purpose of the transformative inquiry was to protect the free speech and creativity interests that fair use should promote by offering greater leeway for creators to build on preexisting works. In short, the transformative standard would ensure that copyright law did not "stifle the very creativity which that law [was] designed to foster." This Article shows that the transformative test has not only failed to accomplish this goal; the test itself has begun to "stifle the very creativity which that law was designed to foster." In the realm of the arts, one of the very areas whose progress copyright law is designed to promote, the transformative standard has become an obstacle to creativity. Artistic expression has emerged as a central fair use battleground in the courts. At the same time that art depends on copying, the transformative test has made the legality of copying in art more uncertain, leaving artists vulnerable to lawsuits under a doctrine that is incoherent and that fundamentally misunderstands the very creative work it governs. The transformative test has failed art. This Article shows why and what to do about it, turning to the art market itself as a possible solution to the failure of the transformative use test.

top

DIFFERENT

How technology hijacks people's minds - from a magician and Google's design ethicist (The Startup, 18 May 2016) - I'm an expert on how technology hijacks our psychological vulnerabilities. That's why I spent the last three years as a Design Ethicist at Google caring about how to design things in a way that defends a billion people's minds from getting hijacked. When using technology, we often focus optimistically on all the things it does for us. But I want to show you where it might do the opposite. * * *

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

NSA might listen to lawyer calls (Wired, 25 March 2006) -- The National Security Agency could have legally monitored ordinarily confidential communications between doctors and patients or attorneys and their clients, the Justice Department said Friday of its controversial warrantless surveillance program. Responding to questions from Congress, the department also said that it sees no prohibition to using information collected under the NSA's program in court. "Because collecting foreign intelligence information without a warrant does not violate the Fourth Amendment and because the Terrorist Surveillance Program is lawful, there appears to be no legal barrier against introducing this evidence in a criminal prosecution," the department said in responses to questions from lawmakers released Friday evening.

top

French parliament dumping Windows for Linux (CNET, 27 Nov 2006) -- France's gendarmes and Ministry of Culture and Communication have done it, and now members of the country's parliament are about to switch to open source. Starting in June 2007, PCs in French deputes' offices will be equipped with a Linux operating system and open-source productivity software. The project, backed by parliament members Richard Cazenave and Bernard Carayon of the Union for a Popular Movement party, will see 1,154 French parliamentary workstations running on Linux, with OpenOffice.org productivity software, the Firefox Web browser and an open-source e-mail client. http://news.com.com/2100-7344_3-6138372.html [ Polley in 2006 : I've installed Linux and OpenOffice on an old PC, too. It was easy, intuitive (well, as intuitive as Microsoft's stuff anyway), and free. OpenOffice documents seem entirely compatible with Microsoft applications. Polley in 2016 : I haven't used Linux since 2006; wonder how the French Parliament is making out.]

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. Aon's Technology & Professional Risks Newsletter

5. Crypto-Gram, http://www.schneier.com/crypto-gram.html

6. Steptoe & Johnson's E-Commerce Law Week

7. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

8. The Benton Foundation's Communications Headlines

9. Gate15 Situational Update Notifications, http://www.gate15.us/services.html

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top