MIRLN --- 8-28 Jan 2017 (v20.02) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)
NEWS | RESOURCES | LOOKING BACK | NOTES
- Dems, civil libertarians blast fines for live-streaming on House floor
- FTC goes after D-Link for shoddy security in routers, cameras
- A few states now actually help you figure out if you've been hacked
- A lawyer rewrote Instagram's terms of use 'in plain English' so kids would know their privacy rights
- George Washington University Law School launches the Cybersecurity Law Initiative
- Lessons for legal: Inside the cybertheft faced by two large firms
- You've probably never heard of this creepy genealogy site. But it knows a lot about you.
- FBI withdrew national security letter after Cloudflare lawsuit
- New checklist from ABA Cybersecurity Legal Task Force aims to make vendor partnerships safer
- Ethics panel says ok for judge to tweet - within limits
- Obama's cyber legacy: He did (almost) everything right and it still turned out wrong
- Does litigation database belong to law firm or clients? Suit against ex-partners raises the issue
- Deutsche Bank to ban texts and messaging apps
- Corporate legal counsel fret over cybersecurity
- Hackers downloaded US government climate data and stored it on European servers as Trump was being inaugurated
- Three states propose DMCA-countering 'right to repair' laws
- NIST issues two important publications
- Lawsuit challenging PACER fees certified as class action
Dems, civil libertarians blast fines for live-streaming on House floor (The Hill, 4 Jan 2017) - Civil libertarians are blasting new rules from House Republicans that would impose fines on lawmakers who take pictures or live-stream video on the House floor. The fines are intended to prevent a repeat of protests like the sit-in by House Democrats last year calling for gun control legislation after the mass shooting in an Orlando, Fla., nightclub. Democrats broadcast their sit-in on social media, including Periscope and Twitter, after GOP leadership cut the camera feed that was being aired by C-SPAN. Michael Macleod-Ball, a First Amendment attorney for the American Civil Liberties Union, called the new fines an overreaction. "Ultimately what harm was done?" Macleod-Ball said of Democrats broadcasting their sit-in, noting that the House floor is constantly being televised. "I just don't see that there's a huge justification for imposing this penalty," he added. "Adding the penalty is just one further step in the wrong direction. The original rule would have had some chilling effect, the rule with the penalty has a further chilling effect, and because of that we don't think it's a good idea." Before the fines, there were already existing rules against recording on the House floor, but lawmakers rarely faced any consequences for violating it before Tuesday. The new fines are part of a rules package that was opposed by the entire Democratic caucus and just three Republicans. It imposes a $500 fine on lawmakers for their first offense and a $2,500 fine for every subsequent violation. The money would be taken out of a member's salary.
FTC goes after D-Link for shoddy security in routers, cameras (Computer World, 5 Jan 2017) - The U.S. Federal Trade Commission is cracking down on D-Link for selling wireless routers and internet cameras that can easily be hacked, the regulator said Thursday. Thousands of consumers are at risk, the FTC said in a complaint filed against the Taiwanese manufacturer, charging D-Link with repeatedly failing to take reasonable measures to secure the products. The action comes as hackers have been hijacking poorly secured internet-connected products to launch massive cyberattacks that can force websites offline. Recently, a notorious malware known as Mirai has been found infecting routers, cameras, and DVRs built with weak default passwords. In D-Link's case, the company said its products are "easy to secure" and offer "advanced network security." But in the reality, the devices contained preventable security flaws open to easy exploitation, the FTC alleged. Among those flaws were guessable login credentials embedded in D-Link camera software, using the word "guest" for both the username and password. In addition, D-Link also failed to patch vulnerabilities in the product software, including a command injection flaw that would have given hackers remote control over a device. "We can't say whether we will take action against similar companies," an FTC spokesman said on Thursday.
A few states now actually help you figure out if you've been hacked (Wired, 6 Jan 2017) - Thousands of US companies were hacked last year , and each time people's private data was taken. Was yours? You may not know because it's hard to keep track, much less do anything about it when there are so many incidents all the time. But if the data collected on breaches in the US were available to you, it would be a lot easier to check whether you've interacted with compromised businesses and institutions. That data exists. In fact, nearly every US state (47 to be exact) requires companies to disclose when a breach affects their citizens, and most track this data internally. That data is usually a public records request away from you, the consumer, who could actually use it to inform your digital habits. But, recently a small group of states have decided to make breach information freely available to the public. This week, Massachusetts joined them. Massachusetts joins California , Indiana , and Washington in making this data public. The US Department of Health and Human Services has also collected and publicly posted information about patient data breaches since 2009. The DHH data collection is often referred to colloquially as the "Wall of Shame." For Massachusetts, the decision is a way to increase transparency.
A lawyer rewrote Instagram's terms of use 'in plain English' so kids would know their privacy rights (WaPo, 8 Jan 2017) - Members of " Generation Z " can spend up to nine hours a day sharing photos on Instagram, consuming "content" on YouTube and talking to friends on Snapchat. But how much do these teens understand what they've agreed to give up when they start an account with those sites? Probably very little, according to a report released last week - and dense terms and conditions that are "impenetrable and largely ignored" are partly to blame. "'Terms and conditions' is one of the first things you agree to when you come upon a site," Jenny Afia, a privacy lawyer and partner at Schillings law firm in London, told The Washington Post. "But of course no one reads them. I mean, most adults don't read them." Afia was a member of a "Growing Up Digital" task force group convened by the Children's Commissioner for England to study Internet use among teens and the concerns children might face as they grow up in the digital age. The group found more than a third of Internet users are younger than 18, with 12- to 15-year-olds spending more than 20 hours a week online. Most of those children have no idea what their privacy rights are, despite all of them agreeing to terms and conditions before starting their social media accounts, Afia said. The task force, which included experts from the public and private sector, worked for a year and released its report Wednesday. * * * The group ran Instagram's terms and conditions through a readability study and found that it registered at a postgraduate reading level, Afia said. She was tasked with rewriting the company's terms and conditions "in plain English." It took her several hours, she said. "It was doable," Afia said. "But it was quite taxing and definitely time-consuming." The simplified terms of service fit on a single page. * * *
George Washington University Law School launches the Cybersecurity Law Initiative (Lawfare, Orin Kerr, 9 Jan 2017) - I'm pleased to announce the launch of the Cybersecurity Law Initiative , of which I am the director, at George Washington University Law School . For years, GW Law has had strong faculty expertise and curricular offerings in cybersecurity law . We decided to bring that together with a formal initiative that includes affiliated scholars from elsewhere in the university. In the near term, the initiative will include a lecture series that is open to the public on topics of cybersecurity law and technology. It likely will host conferences in the field as well. In the long term, we may end up expanding to include research papers or perhaps a more formal educational component (possibly making cybersecurity law one of the specialty fields offered in GW's LLM program ). For more details - including information about full scholarships available to study cybersecurity law at GW - see the website for the initiative: www.law.gwu.edu/cybersecurity . I'll announce future events for the initiative on the home page and on my Twitter feed . If there's a particularly interesting event, I may also flag it here on the blog.
Lessons for legal: Inside the cybertheft faced by two large firms (American Lawyer, 10 Jan 2017) - The fact that three Chinese nationals profited off of insider-trading information illicitly obtained through the hacking of two U.S.-based law firms is one of few known certainties in yet another successful instance of law firm cyberattacks. While the indictment from U.S. Attorney Preet Bharara of the Southern District of New York did not name the law firms infiltrated, The American Lawyer noted that based on the details in the indictment of the breached firms' involvement in specific mergers and acquisitions (M&A) deals, it can be surmised that the firms are Cravath, Swaine & Moore and Weil, Gotshal & Manges. * * * In the case of the M&A hacks outlined in the indictment, once inside the law firms' servers, cyberattackers planted malware in the network, and extracted sensitive M&A data to their possession-sometimes in large tranches. The indictment notes, for example, that "more than 40 gigabytes of data" was taken from one law firm "over the course of at least eight days." Such theft was possible, Rasmussen explained, because it is not uncommon to see law firms unequipped to notice such large data transfer activity in their network. "Network monitoring is a mostly proactive security control that retains a lot of data and requires a large amount of human capital to digest, triage and analyze," he said, adding that this may be a too much of a cost for legal to shoulder. "Many law firms still must consider the cost benefit of enlarging their internal resources to throw at a potential problem, instead of a known problem, as some firms feel they are not at risk. Current client needs often trump security needs," he added. Supporting his point, Novitex and the Association of Legal Administrators (ALA) recently conducted a survey of over 800 law firms and legal administration professionals worldwide and found that reducing cybersecurity risk came in a distant fourth among top concerns behind increasing net profits, attracting new clients, and bolstering revenues. * * * "A law firm is not going to keep an advanced attacker from getting in the network," Abrenio added. "Therefore, the goal should be to limit what an attacker can do once they get inside the network."
You've probably never heard of this creepy genealogy site. But it knows a lot about you. (WaPo, 12 Jan 2017) - Early Tuesday morning, Anna Brittain got a text from her sister: Did she know about Familytreenow.com? The relatively unknown site, which presents itself as a free genealogy resource, seemed to know an awful lot about her. "The site listed my 3- and 5-year-olds as 'possible associates,' " Brittain, a 30-year-old young-adult fiction writer in Birmingham, Ala., told The Washington Post on Tuesday. Her sister, a social worker who works at a child advocacy center, found the site while doing a regular Internet footprint checkup on herself. "Given the danger level of my sister's occupation," Brittain added, the depth of information available on the genealogy site "scared me to death." There are many "people search" sites and data brokers out there, like Spokeo, or Intelius, that also know a lot about you. This is not news, at least for the Internet-literate. And the information on FamilyTreeNow comes largely from the public records and other legally accessible sources that those other data brokers use. What makes FamilyTreeNow stand out on the creepy scale, though, is how easy the site makes it for anyone to access that information all at once, and free.
FBI withdrew national security letter after Cloudflare lawsuit (ZDnet, 12 Jan 2017) - Cloudflare received a national security letter (NSL) from the United States Federal Bureau of Investigation (FBI) back in February 2013, its transparency report for 2016 has shown, with the company only now able to report the event after being placed under a gag order. The FBI had been seeking the names, addresses, length of service, electronic communications transactional records, transaction and activity logs, and all email header information linked with a certain Cloudflare account, although not the content of those emails. Once served with the NSL, Cloudflare, with the help of the Electronic Frontier Foundation (EFF), filed a lawsuit under seal , successfully getting the FBI to rescind the NSL in July 2013 and withdraw its request for customer information. Consequently, no customer information was ever provided by Cloudflare under the NSL, but the company was required to fulfil the non-disclosure obligations that have now been lifted. "For nearly four years, Cloudflare has pursued its legal rights to be transparent about this request despite the threat of criminal liability. As explained above, the FBI recently removed that gag order, so we are now able to share the redacted text of NSL-12-358696," Cloudflare said in a blog post . The redacted NSL does not show whose account was requested by the FBI, or which FBI agent was involved in making the request.
New checklist from ABA Cybersecurity Legal Task Force aims to make vendor partnerships safer (ABA, 13 Jan 2017) - Imagine this: Your bar association is excited to partner with a new vendor. Its products or services are exactly what's needed to keep the bar's operations running smoothly or to help your members in their practice. The introduction is a big splash, everyone is happy … and then the vendor calls. There's been a data breach. It involves your data. And the truth is, it could just as easily be you having to make that difficult phone call because something on your end has put the vendor at risk. The ABA Cybersecurity Legal Task Force recently released its Vendor Contracting Project: Cybersecurity Checklist to help avoid this and other nightmare scenarios that could occur anytime you-or your members and/or their law firms-do business with an outside partner. Here are just a few of the questions that the checklist indicates are critically important when considering any such partnership: * * *
Ethics panel says ok for judge to tweet - within limits (Bob Ambrogi, 13 Jan 2017) - A judicial ethics panel of the Massachusetts court system has determined that a judge may ethically maintain a Twitter account, but only within certain boundaries, and that a judge must be particularly cautious about selecting accounts to follow on Twitter. The opinion from the Massachusetts Committee on Judicial Ethics does not identify the judge, but says that the judge maintains an active Twitter account and requested the committee's advice concerning the judge's continuing use of Twitter. I was able to find only one Massachusetts state judge who maintains an active Twitter account, Superior Court Judge Shannon Frison . Her Twitter activity matches some of that described by the committee, such as "posts intended to reveal the existence of racism and implicit bias in the courts." Judge Frison is president of the Massachusetts Black Judges Conference. The committee's opinion said that a judge's obligations with regard to Twitter are, broadly speaking, no different than they would be when using any form of social media, although different types of social media pose distinct issues. The committee has previously issued opinions approving judges' use of LinkedIn and Facebook , but as here, also within boundaries. * * *
Obama's cyber legacy: He did (almost) everything right and it still turned out wrong (NextGov, 17 Jan 2017) - The Obama administration made an unprecedented all-fronts effort to secure cyberspace. So, why are we less secure? For eight years, cyberspace proved the Obama administration's most unpredictable adversary, always twisting in new directions and delivering body blows where least expected. The administration took the cyber threat seriously from day one, launching reviews, promulgating policy, raising defenses and punishing cyberspace's most dangerous actors. That included imposing sanctions against Russia and North Korea and indicting government-linked hackers from China and Iran. But, in the end, cyberspace won. President Barack Obama will leave office this week following an election in which digital breaches ordered by Russian President Vladimir Putin helped undermine the losing candidate Hillary Clinton, sowed doubts about the winner Donald Trump's legitimacy and damaged faith in the nation's democratic institutions. When the history of the Obama administration's cyber policy is written, that fact will likely loom larger than anything else, numerous cyber experts and former officials told Nextgov , overshadowing years of hard work to prepare the government and the nation for an age of digital insecurity. It will also likely overshadow the dozens of instances in which Obama officials got the big cyber questions, more or less, right. "He set himself up with all the tools, but he blew this," said Paul Rosenzweig, a deputy assistant secretary at the Department of Homeland Security during the Bush administration. [ Polley : excellent summary.]
Does litigation database belong to law firm or clients? Suit against ex-partners raises the issue (ABA Journal, 19 Jan 2017) - A Boston law firm and six former partners are battling in court over rights to databases for the firm's asbestos and toxic tort cases. The Governo Law Firm and name partner David Governo contend in a lawsuit that the partners took proprietary databases that cost hundreds of thousands of dollars to build, report the Boston Globe and the Boston Business Journal . The former partners, who opened a firm called CMBG3 Law on Dec. 1, claim database information belongs to the firm's clients, who were billed for work associated with the databases. According to the Boston Globe, the suit is "being carefully watched by the city's legal community, which anticipates it may establish case law on the legal and ethical parameters for leaving a law firm in the digital age." In a Jan. 11 decision, Judge Kenneth Salinger of Boston Superior Court refused to issue an injunction for the return of database material. Salinger said both sides presented evidence on whether the database belongs to the firm or its clients, but he was unable to decide the issue on the current record.
Deutsche Bank to ban texts and messaging apps (InfoSecurity, 19 Jan 2017) - German banking giant Deutsche Bank is banning the use of any mobile phone-based messaging which can't be monitored by the lender, in a bid to improve compliance efforts. The new policy was communicated to employees in a memo last Friday, signed by chief operating officer Kim Hammonds and chief regulatory officer, Sylvie Matherat. "We fully understand that the deactivation will change your day-to-day work and we regret any inconvenience this may cause. However, this step is necessary to ensure Deutsche Bank continues to comply with regulatory and legal requirements," it noted, according to reports . The move will effectively ban the use of SMS messages and any third party apps including WhatsApp, Google Talk and Apple's iMessage. It will apparently apply not only to corporate-owned devices but also personal handsets used by staff in the workplace - although it's not clear how the latter will be enforced. The move comes in apparent response to Deutsche Bank's poor record on regulatory compliance, which has cost the lending giant close to $14 billion in fines since 2008, according to Bloomberg data . Some of these fines may have been levied in the past as a result of the bank's failure to produce accurate communications records when asked, it is believed.
Corporate legal counsel fret over cybersecurity (Dark Reading, 20 Jan 2017) - A majority of in-house legal counsels at US corporations view data breaches and cross-border data privacy regulations as among their biggest e-discovery related legal risks. BDO Consulting, a company that provides financial, business, and technology advisory services, recently surveyed over 100 senior legal executives at organizations ranging in size from $100 million to over $5 billion. Seventy four percent, or nearly three in four of the respondents, pointed to data breaches as one of their top data-related risks, while 68% say the legal department in their organization was more engaged with cybersecurity compared to 12 months ago as result of such concerns. "E-discovery systems collect, store and process highly sensitive information that is a potential goldmine for hackers," said Shahryar Shaghaghi, head of BDO International's cybersecurity and technology advisory Services practice in the report . "These systems and the data they contain require strong risk management oversight as well as proper cybersecurity defenses and protocols." In situations where third-party service providers manage the data for enterprises, more than one quarter of the survey respondents (27%) say they are unaware of the risk posed to their organization by third-parties.
Hackers downloaded US government climate data and stored it on European servers as Trump was being inaugurated (Quartz, 21 Jan 2017) - As Donald Trump was sworn into office as the new president of the US on Jan. 20, a group of around 60 programmers and scientists were gathered in the Department of Information Studies building at the University of California-Los Angeles, harvesting government data . A spreadsheet detailed their targets: Webpages dedicated to the Department of Energy's solar power initiative , Energy Information Administration data sets that compared fossil fuels to renewable energy sources, and fuel cell research from the National Renewable Energy Laboratory, to name a few out of hundreds. Many of the programmers who showed up at UCLA for the event had day jobs as IT consultants or data managers at startups; others were undergrad computer science majors. The scientists in attendance, including ecologists, lab managers, and oceanographers, came from universities all over Southern California. A motley crew of data enthusiasts who assemble for projects like this is becoming something of a trend at universities across the country: Volunteer "data rescue" events in Toronto, Philadelphia, Chicago, Indianapolis, and Michigan over the last few weeks have managed to scrape hundreds of thousands of pages off of EPA.gov, NASA.gov, DOE.gov, and whitehouse.gov, uploading them to the Internet Archive . Another is planned for early February at New York University . Hackers, librarians, scientists, and archivists had been working around the clock, at these events and in the days between, to download as much federal climate and environment data off government websites as possible before Trump took office. But suddenly, at exactly noon on Friday as Trump was sworn in, and just as the UCLA event kicked off, some of their fears began to come true: The climate change-related pages on whitehouse.gov disappeared. It's typical of incoming administrations to take down some of their predecessor's pages, but scrubbing all mentions of climate change is a clear indication of the Trump administration's position on climate science.
Three states propose DMCA-countering 'right to repair' laws (SlashDot, 23 Jan 2017) - Automakers are using the Digital Millennium Copyright Act to shut down tools used by car mechanics -- but three states are trying to stop them. An anonymous reader quotes IFixIt.Org: in 2014, Ford sued Autel for making a tool that diagnoses car trouble and tells you what part fixes it. Autel decrypted a list of Ford car parts, which wound up in their diagnostic tool. Ford claimed that the parts list was protected under copyright (even though data isn't creative work) -- and cracking the encryption violated the DMCA. The case is still making its way through the courts. But this much is clear: Ford didn't like Autel's competing tool, and they don't mind wielding the DMCA to shut the company down... Thankfully, voters are stepping up to protect American jobs. Just last week, at the behest of constituents, three states -- Nebraska , Minnesota , and New York -- introduced Right to Repair legislation (more states will follow). These 'Fair Repair' laws would require manufacturers to provide service information and sell repair parts to owners and independent repair shops. Activist groups like the EFF and Repair.org want to "ensure that repair people aren't marked as criminals under the DMCA," according to the site, arguing that we're heading towards a future with many more gadgets to fix. "But we'll have to fix copyright law first."
NIST issues two important publications (Ride the Lightning, 24 Jan 2017) - It is important to take a look at The National Institute of Standards and Technology (NIST) Special Publication 800-160, System Security Engineering (issued in November of 2016), and its draft update to the Framework for Improving Critical Infrastructure Cybersecurity , issued January 10, 2017. Special Publication 800-160 is directed mostly at engineers, but the C-Suite folks need to read it too. One of the main goals of the publication is to push for building security into Internet of Things devices the way that safety features are built into automobiles. NIST is also trying to expedite public and private sectors to immediately address the proliferation of new risks associated with IoT. In addition, NIST 800-160 seems to be a response to the Federal Trade Commission's recent statements on whether complying with NIST standards demonstrates "reasonable security." NIST 800-160 expressly provides a framework for how an organization may show "adequate security," which focuses on the adequacy of the procedures and documentation used to arrive at the ultimate cybersecurity decisions. It focuses heavily on the documentation of "better security practices" as opposed to "perfect security practices." The draft update to the Framework for Improving Critical Infrastructure Cybersecurity provides new details on managing cyber supply chain risks, clarifies key terms, and introduces measurement methods for cybersecurity. The updated framework aims to further develop NIST's voluntary guidance to organizations on reducing cybersecurity risks.
Lawsuit challenging PACER fees certified as class action (Bob Ambrogi, 25 Jan 2017) - A federal lawsuit challenging as excessive the fees charged by PACER, the federal courts' electronic records system, has been certified as a class action. Yesterday, U.S. District Judge Ellen Segal Huvelle in the District of Columbia approved the class of "[a]ll individuals and entities who have paid fees for the use of PACER within the past six years, excluding class counsel and agencies of the federal government." The lawsuit, National Veterans Legal Services Program v. U.S. , claims that PACER's fee schedule is higher than necessary to cover the costs of operating PACER and therefore violates the E-Government Act of 2002, which allows the federal judiciary to charge fees for PACER that are reasonable and "only to the extent necessary." Plaintiffs assert that the judiciary is charging far more than necessary in PACER fees, and that the fees it collects are going to purposes other than PACER, such as courtroom technology, websites for jurors, and bankruptcy notification systems. Judge Huvelle found that the lawsuit meets the requirements for class certification under the Federal Rules of Civil Procedure. In December, Judge Huvelle denied the government's motion to dismiss the suit. Judge Huvelle's memorandum granting class certification is below. (If you have trouble with the PDF viewer, here is a direct link to the PDF .)
RESOURCES
When the mother of invention is a machine, who gets credit? (Singularity Hub, 3 Nov 2016) - What do the Oral-B CrossAction toothbrush, about a thousand musical compositions and even a few recent food recipes all have in common? They were invented by computers, but you won't find a nonhuman credited with any of these creations on U.S. patents. One patent attorney would like to see that changed. Ryan Abbott is petitioning to address what he sees as more than a quirk in current laws but a fundamental flaw in policy that could have wide-ranging implications in areas of patent jurisprudence, economics and beyond if his proposals are adopted. "I argue that we ought to acknowledge a computer as an inventor because it would incentivize the development of creative computers and result in more innovations for society," says Abbott, a professor of law and health sciences at the University of Surrey's School of Law and adjunct assistant professor of medicine at the David Geffen School of Medicine at UCLA. He is also a licensed and board certified physician and registered patent attorney with the U.S. Patent and Trademark Office (USPTO). In a paper recently published in the Boston College Law Review , Abbott offers a framework for revamping how the USPTO approaches nonhuman inventors. The current regulations are outdated and don't recognize that computers are already producing patentable inventions, Abbott says in an interview with Singularity Hub. Abbott notes in the paper, "I Think, Therefore I Invent: Creative Computers and the Future of Patent Law," that early versions of AI, dating back to the 1990s, were independently creating all sorts of things, such as new super-strong materials and devices that search the internet for messages from terrorists. * * * Abbott's solution is to assign patents to the computer's owner, which generally refers to software ownership. He sees other options - such as the developer or user of the AI -as more problematic. For instance, allowing a computer's user to own a patent might compel owners to tighten restrictions or access to their software. * * *
LOOKING BACK - MIRLN TEN YEARS AGO
(note: link-rot has affected about 50% of these original URLs)
Where real money meets virtual reality, the jury is still out (Washington Post, 26 Dec 2006) -- Veronica Brown is a hot fashion designer, making a living off the virtual lingerie and formalwear she sells inside the online fantasy world `. She expects to have earned about $60,000 this year from people who buy her digital garments to outfit their animated self-images in this fast-growing virtual community. But Brown got an unnerving reminder last month of how tenuous her livelihood is when a rogue software program that copies animated objects appeared in Second Life. Scared that their handiwork could be cloned and sold by others, Brown and her fellow shopkeepers launched a general strike and briefly closed the electronic storefronts where they peddle digital furniture, automobiles, hairdos and other virtual wares. As virtual worlds proliferate across the Web, software designers and lawyers are straining to define property rights in this emerging digital realm. The debate over these rights extends far beyond the early computer games that pioneered virtual reality into the new frontiers of commerce. "Courts are trying to figure out how to apply laws from real life, which we've grown accustomed to, to the new world," said Greg Lastowka, a professor at Rutgers School of Law at Camden in New Jersey. "The law is struggling to keep up." U.S. courts have heard several cases involving virtual-world property rights but have yet to set a clear precedent clarifying whether people own the electronic goods they make, buy or accumulate in Second Life and other online landscapes. Also unclear is whether people have any claim when their real-life property is depicted online, for instance in Microsoft's new three-dimensional renderings of actual real estate. The debate is assuming greater urgency as commerce gains pace in virtual reality.
Sweden to set up embassy in Second Life (The Local, 26 Jan 2007) -- Sweden is to become the first country to establish diplomatic representation in the virtual reality world of Second Life, officials said on Friday. "We are planning to establish a Swedish embassy in Second Life primarily as an information portal for Sweden," Swedish Institute (SI) director Olle Wästberg told AFP. The embassy would not provide passports or visas but would instruct visitors how to obtain such documents in the real world and act as a link to web-based information about the Scandinavian country. "Second Life allows us to inform people about Sweden and broaden the opportunity for contact with Sweden easily and cheaply," Wästberg said. The Swedish Institute is an agency of the Swedish foreign ministry tasked with informing the world about Sweden. The ministry fully backed the initiative, he added.
NOTES
MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.
Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.
SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu
2. InsideHigherEd - http://www.insidehighered.com/
3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/
4. Aon's Technology & Professional Risks Newsletter
5. Crypto-Gram, http://www.schneier.com/crypto-gram.html
6. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/
7. The Benton Foundation's Communications Headlines
8. Gate15 Situational Update Notifications, http://www.gate15.us/services.html
9. Readers' submissions, and the editor's discoveries
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top