MIRLN --- 2-22 April 2017 (v20.06) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)
NEWS | RESOURCES | LOOKING BACK | NOTES
- UK barrister fined after 'confidential' information leaked in home computer update
- First Amendment institute sues government over records related to border device searches
- Microsoft closing down CodePlex, tells devs to move to GitHub
- Indiana: Ban on broadcasting trials doesn't bar live-tweeting
- Texas Supreme Court is skeptical about Wikipedia as a dictionary
- Encryption policy and freedom of the press
- Susman Godfrey is sanctioned for wrong line spacing in brief
- New insurance covers cyber risks for the wealthy
- Programmer faces federal charges for creating software used by hackers
- Canadian Mounties own up: Yes, we own 10 IMSI-catchers
- Unpaywall scours the web for free versions of scientific papers
- European Commission may join Gates Foundation and Wellcome Trust in becoming an open access publisher
- Institute announces new open access policy for all MIT authors
- Tearing down science's citation paywall, one link at a time
- FBI, DHS disagree on when to tell victims they've been hacked
- New Tenn. law: No breach notice needed if data encrypted
- Company boards lack deep security knowledge - survey
- Roku TVs can now detect what you're watching on cable to see if it's available on Netflix
- Uber reportedly tracked Lyft drivers using a secret software program named 'Hell'
- Inmates built computers hidden in ceiling, connected them to prison network
- How The New York Times decides which stories to link to (and which ones to match)
- Another trick to try to get mainstream media articles deindexed by Google
- New apps from MIT fill your waiting moments with learning opportunities
- Who controls the blockchain?
UK barrister fined after 'confidential' information leaked in home computer update (LegalTechNews, 27 March2017) - A recent decision and fine against a barrister by the U.K.'s Information Commissioner regarding confidential information provides some important lessons for both U.S. and U.K. attorneys. The confidential information belonged to as many as 250 individuals, "including vulnerable adults and children," and was "uploaded to the internet when the barrister's husband updated software on the couple's home computer," according to a statement from the Information Commissioner's Office (ICO) which is the data protection authority in the U.K. The lawyer, described as a "senior barrister" who specializes in family law, was fined £1,000 by the ICO. In addition, Kim Roberts, counsel at King & Spalding's U.K. office, said the ICO's action shows the office "will intervene to fine organizations and individuals and will exemplify cases where careless practices fail to protect personal data, particularly where that data is sensitive in nature." It is noteworthy, too, the lawyer was self-employed. "Even as in this case, where the lawyer was a self-employed barrister rather than working in a corporate environment, he or she must follow practices which protect the personal data of clients in carrying out their work," Roberts cautioned. "In this case, insufficient care was taken when using a home computer which failed to protect the data concerned. The barrister, although self-employed, was subject to the guidelines that had been set down by the governing professional body and which were not fully followed." [ Polley : Odd reporting; it seems that the lawyer's spouse updated software on the lawyer's computer, which caused the compromise.]
First Amendment institute sues government over records related to border device searches (TechDirt, 31 March 2017) - Columbia University's Knight First Amendment Institute wants to know why device searches at the border have skyrocketed since the beginning of this year. As was reported earlier this month, the number of devices searched in February 2017 equals the total searched in all of 2015. Even last year's jump from 5,000 to 25,000 searches looks miniscule in comparison. Border device searches are on track to more than double last year's numbers. The Knight First Amendment Institute filed FOIA requests with the DHS, ICE, and CBP for "statistical, policy, and assessment records" related to the steep increase in device searches. It's also looking for any legal interpretations the agencies might have on hand that explain their take on the Supreme Court's Riley decision, which instituted a warrant requirement for cell phone searches. It asked for expedited handling given the significant public interest in all things immigration and border-related, which has climbed along with the device searches thanks to several presidential directives, some of which are being challenged in court. As the lawsuit [PDF] notes, the public definitely should be apprised of the policies and procedures governing border device searches. If there's been an increase in searches, the public should be made aware of why this is happening, as well as their rights and remedies when it comes to entering or leaving the United States. The suit also points out that several recent reports suggest devices have been taken by government agents by force, or "consent" obtained through threats of further detention and/or violence.
Microsoft closing down CodePlex, tells devs to move to GitHub (ArsTechnica, 31 March 2017) - Microsoft announced Friday that CodePlex, the company's open source project-hosting service, will be closed down. Started in 2006 , the service offered an alternative to SourceForge. It was based initially on Microsoft's Team Foundation Server source control and later added options to use Subversion, Mercurial, and Git . At the time, there weren't a tremendous number of good options for hosting projects. SourceForge was the big one, but it always seemed light on feature development and heavy on advertising. CodePlex on the Web was much more attractive and less cluttered. The use of TFS for source control meant it also had strong integration in Visual Studio. But these days, GitHub is the default choice for most open source projects. This applies to Microsoft, too; the company is using GitHub to host projects such as .NET and its Chakra JavaScript engine . Activity on CodePlex has declined, with fewer than 350 projects seeing code commits over the last 30 days. Accordingly, Microsoft has decided to stop running the service. From today, new projects can no longer be created. In October, all projects will be set to read-only. On December 15, CodePlex will be shut down completely, and the website will be replaced with a static archive. Projects and sources will still be browsable online, but the source control system will no longer be operational. GitHub is the preferred new home for CodePlex projects, and there's a straightforward import process that will copy CodePlex-hosted source and documentation to GitHub. Microsoft is also building a tool to migrate issues, though that's not ready yet. Projects can also be migrated to services such as Bitbucket. This will be appealing to those using Mercurial source control with CodePlex, as Bitbucket supports Mercurial in addition to the more common Git.
Indiana: Ban on broadcasting trials doesn't bar live-tweeting (Volokh/WaPo, 3 April 2017) - So an Indiana judicial ethics commission opined in an opinion that was posted on Westlaw: Rule 2.17 of the Code of Judicial Conduct requires judges to prohibit the broadcast of court proceedings except under a narrow set of exceptions. … The Commission's view is that microblogging, tweeting, or electronically relaying a written message does not constitute broadcasting under Rule 2.17, unless the transmitted message contains video or audio of court proceedings or a link to videotaped court testimony. I leave to others the question of whether outright broadcasting of trials should be allowed, but I thought this interpretation of what counts as "broadcast[ing]" in the Twitter age was interesting (and, I think, correct).
- and -
Texas Supreme Court is skeptical about Wikipedia as a dictionary (Eric Goldman on TechDirt, 12 April 2017) - This is an interesting opinion from the Texas Supreme Court on citing Wikipedia as a dictionary . The underlying case involves an article in D Magazine titled "The Park Cities Welfare Queen." The article purports to show that the plaintiff, Rosenthal, "has figured out how to get food stamps while living in the lap of luxury." After publication, evidence emerged that the plaintiff had not committed welfare fraud. She sued the magazine for defamation. The appeals court denied the magazine's anti-SLAPP motion in part because it held the term "Welfare Queen," as informed by the Wikipedia entry, could be defamatory. The Texas Supreme Court affirms the anti-SLAPP denial, but it also criticizes the appeals court for not sufficiently examining the entire article's gist. Along the way, the court opines on the credibility and validity of Wikipedia as a dictionary. TL;DR = the Supreme Court says don't treat Wikipedia like a dictionary.
Encryption policy and freedom of the press (Schneier, 4 April 2017) - Interesting law journal article: " Encryption and the Press Clause ," by D. Victoria Barantetsky. Abstract: Almost twenty years ago, a hostile debate over whether government could regulate encryption -- later named the Crypto Wars -- seized the country. At the center of this debate stirred one simple question: is encryption protected speech? This issue touched all branches of government percolating from Congress, to the President, and eventually to the federal courts. In a waterfall of cases, several United States Court of Appeals appeared to reach a consensus that encryption was protected speech under the First Amendment, and with that the Crypto Wars appeared to be over, until now. Nearly twenty years later, the Crypto Wars have returned. Following recent mass shootings, law enforcement has once again questioned the legal protection for encryption and tried to implement "backdoor" techniques to access messages sent over encrypted channels. In the case, Apple v. FBI, the agency tried to compel Apple to grant access to the iPhone of a San Bernardino shooter. The case was never decided, but the legal arguments briefed before the court were essentially the same as they were two decades prior. Apple and amici supporting the company argued that encryption was protected speech. While these arguments remain convincing, circumstances have changed in ways that should be reflected in the legal doctrines that lawyers use. Unlike twenty years ago, today surveillance is ubiquitous, and the need for encryption is no longer felt by a seldom few. Encryption has become necessary for even the most basic exchange of information given that most Americans share "nearly every aspect of their lives -- from the mundane to the intimate" over the Internet, as stated in a recent Supreme Court opinion. Given these developments, lawyers might consider a new justification under the Press Clause. In addition to the many doctrinal concerns that exist with protection under the Speech Clause, the Press Clause is normatively and descriptively more accurate at protecting encryption as a tool for secure communication without fear of government surveillance. This Article outlines that framework by examining the historical and theoretical transformation of the Press Clause since its inception.
Susman Godfrey is sanctioned for wrong line spacing in brief (ABA Journal, 4 April 2017) - A federal judge in Manhattan has fined Susman Godfrey $1,048.09 for wrong spacing in a brief that allowed the law firm to cram more words into its argument on behalf of Amazon Web Services Inc. U.S. District Judge Victor Marrero said the law firm used 24-point spacing, rather than double spacing, allowing it to exceed the court's 25-page limit, Law360 (sub. req.) reports. According to Marrero, the court's individual rules of practice require all memoranda to be "double-spaced and in 12-point font with 1-inch margins."
New insurance covers cyber risks for the wealthy (Cyberscoop, 5 April 2017) - Some of the wealthiest Americans can now expand their home insurance packages to include expert advice and technology to protect them against cyberattacks, as well as a variety of complimentary or reimbursable services if they do get hacked. AIG said it this week would be offering a "Family CyberEdge" product to existing customers of their Private Client Group, as an add-on to the home insurance packages it already sells. The Private Client Group caters to families with a net worth of more than $1 million and includes 40 percent of the individuals on the Forbes 400 list of the richest Americans. The Family CyberEdge package includes a wide range of "risk mitigation services," including an audit of personal mobile devices, home networks, wireless access points and social media, banking and other secure online accounts. There is training and advice for family members about online security, and continuous monitoring that assesses the security for, and tracks the availability of, personal information online. Advice provided by fraud and ID theft experts from the identity and data defense specialist CyberScout; and threat intelligence from K2 Intelligence - an investigative, compliance and cyberdefense services firm - rounds out the preventive end of the package.
Programmer faces federal charges for creating software used by hackers (ABA Journal, 5 April 2017) - An Arkansas programmer who created software that is popular with hackers is facing federal charges of conspiracy, and aiding and abetting computer intrusions. Taylor Huddleston created a remote administration tool called NanoCore that has been linked to computer hacks in at least 10 countries, the Daily Beast reports. The case raises a novel question, according to the article: When is a programmer criminally responsible for the actions of their users? Huddleston, a high school dropout, developed the program in hopes that it could lift him out of poverty and get him out of a run-down trailer where he lived on his mother's property. His hope, he said, was that his $25 program could be used by IT administrators, parents keeping track of their children's online activity, and others who didn't have a lot of money to spend on remote-access capability. He eventually bought a $60,000 home with proceeds from NanoCore and an anti-piracy program he created called Net Seal. Prosecutors pointed out that Huddleston announced and supported NanoCore on HackForums.net. They raided his home in December, arrested him in February, and are seeking forfeiture of his home in Hot Springs, Arkansas. "It would soon become clear," the Daily Beast reports, that HackForums "was a terrible place to launch a legitimate remote administration tool. There aren't a lot of corporate procurement officers on HackForums. Instead, many of Huddleston's new customers had purely illicit uses for a slick remote-access tool. In short order, Huddleston found himself routinely admonishing people not to use his software for crime." Huddleston eventually removed his product's capability to steal passwords and log keystrokes, and he would log in and disable the software when he discovered a buyer was using it for hacking. Unhappy hackers eventually distributed pirated versions of Huddleston's software online.
Canadian Mounties own up: Yes, we own 10 IMSI-catchers (The Register, 5 April 2017) - The Royal Canadian Mounted Police has 'fessed up to a long-held suspicion that it uses Stingray-style equipment to track mobile phones. At the same time, in an interview with public broadcaster CBC, Chief Superintendent Jeff Adam says IMSI (international mobile subscriber identity)-catchers that CBC News believes it spotted in Ottawa didn't belong to any government agency - sparking concerns about who might have been snooping on government or commercial communications in the capital. The RCMP says its use of IMSI-catchers is limited: it deployed the fake base stations 24 times in 2015 and 19 times in 2016, said Adam - whose remit includes technical investigation services - in the hour-long interview. CBC News kicked off a furore when it reported evidence of IMSI-catchers in the vicinity of government buildings in Ottawa. Security minister Ralph Goodall has referred the matter to the Mounties and the Canadian Security Intelligence Service for investigation. Adam told CBC that "It's a security risk when it is used in proximity to government and/or any other commercial enterprises." Without specifying his concerns in detail, Adam warned that those deploying IMSI-catchers could be attempting more than surveillance: "There is equipment out there that is not limited in its capturing of communications between devices."
Unpaywall scours the web for free versions of scientific papers (TechCrunch, 5 April 2017) - The science publishing world is a complex one, but the pendulum is currently swinging away from the paywalled mega-journals of the last decade to a more open model - but it can still be hard to find a full copy of an article you need on short notice. Unpaywall is a browser plug-in that identifies the paper you're looking for, then checks whether it's available for free anywhere on the web. Install the plug-in in Firefox or Chrome, and when you arrive at a page summarizing or showing part of an article, a little lock icon appears telling you whether you can get it somewhere else for free. For instance, on this paper the icon is grey (it's still only available behind the paywall), but here (also at Nature), it's green. Clicking it brings me to a PDF version hosted at Arxiv. * * *
- and -
European Commission may join Gates Foundation and Wellcome Trust in becoming an open access publisher (TechDirt, 6 April 2017) - Open access isn't a new idea -- the term was first defined back in 2002 , and arguably the first examples go back even further to the founding of arXiv.org in 1991 (pdf). And yet progress towards making all academic knowledge freely available has been frustratingly slow, largely because hugely-profitable publishers have been fighting it every inch of the way. In response to that intransigence, academics have come up with a variety of approaches, including boycotts , mass cancellation of subscriptions, new kinds of overlay journals and simply making everything available with or without permission. Here's another interesting move to open up publishing , reported by the journal Science: One of Europe's biggest science spenders could soon branch out into publishing. The European Commission, which spends more than €10 billion annually on research, may follow two other big league funders, the Wellcome Trust and the Bill & Melinda Gates Foundation, and set up a "publishing platform" for the scientists it funds, in an attempt to accelerate the transition to open-access publishing in Europe. It was quite surprising to see the Wellcome Trust start its own rapid-publishing unit, called Wellcome Open Research , a move that seems to have encouraged the Bill & Melinda Gates Foundation to follow suit with the similar Gates Open Research platform, due to start publishing later this year. For the EU's main executive body to do the same is even more extraordinary. It's true that there has been no official announcement about the European Commission's publishing move, but the Science article suggests that it is likely: * * *
- and -
Institute announces new open access policy for all MIT authors (MIT News, 6 April 2017) - Thanks to the efforts of Cara Manning PhD '16, the MIT Libraries, and many others across the Institute, MIT is launching a new way for authors of scholarly articles to legally hold onto rights to reuse and post their articles, and for others to more easily build on that work. As of this month, all MIT authors, including students, postdocs, and staff, can opt in to an open access license . * * * "We'd long heard from MIT authors who were not faculty that they'd like a policy so they would be more assured of their rights to share their work. But there was no clear path to extend the policy to those authors," says Ellen Finnie, head of scholarly communications and collections strategy at the MIT Libraries. "The faculty adopted the policy in 2009 as a faculty policy, and they were not positioned to create a blanket policy for other groups at MIT. There were governance questions about who could create a policy that would apply by default for graduate students." After Manning and Finnie met in 2015, Finnie and attorney Jay Wilcoxson from the Office of General Counsel came up with the idea for an opt-in license - a voluntary agreement that an individual MIT author can sign and that applies to scholarly articles written while at MIT. "We thought that an optional license would offer the power of an open access policy for authors not covered by the faculty policy. It's exciting to see the license now available to all MIT authors," says Finnie. The opt-in language mirrors that of the faculty policy and was vetted across campus by groups including the Office of General Counsel, Faculty Policy Committee, Committee on Intellectual Property, and Graduate Student Council, which has long supported making student work more accessible to the public. The license can be used by authors who are employed by, have an academic instructional staff or academic research staff (e.g., postdoc) appointment from, or are registered as a student at MIT, and applies to articles written while at the Institute.
- and -
Tearing down science's citation paywall, one link at a time (Wired, 7 April 2017) - To scientists, citations are currency. No, you can't use them to put gas in your car or food on your table. But surviving in academia means publishing papers people want to read and, more to the point, cite in their own research. Citations establish credibility, and determine the impact of a given paper, researcher, and institution. Simply put, they fundamentally shape what people believe. The problem with this lies in determining who's citing whom. Over the last few decades, only researchers with subscriptions to two proprietary databases, Web of Science and Scopus, have been able to track citation records and measure the influence of a given article or scientific idea. This isn't just a problem for scientists trying to get their resumes noticed; a citation trail tells the general public how it knows what it knows, each link a breadcrumb back to a foundational idea about how the world works. On Thursday, a coalition of open data advocates, universities, and 29 journal publishers announced the Initiative for Open Citations with a commitment to make citation data easily available to anyone at no cost. "This is the first time we have something at this scale open to the public with no copyright restrictions," says Dario Taraborelli, head of research at the Wikimedia Foundation, a founding member of the initiative. "Our long-term vision is to create a clearinghouse of data that can be used by anyone, not just scientists, and not just institutions that can afford licenses."
FBI, DHS disagree on when to tell victims they've been hacked (Cyberscoop, 6 April 2017) - Competing interests exist between two of the predominant federal agencies tasked with stopping hackers from attacking the U.S., officials say, and that dynamic shapes how and when the government notifies Americans if they've been breached. The Homeland Security Department and FBI follow distinctly different missions, and this extends into cyberspace, according to John Felker, director of the National Cybersecurity and Communications Integration Center. NCCIC is DHS's around-the-clock office for incident awareness and response. Occasionally, DHS's efforts to rapidly deploy software updates and immediately notify a victim when a cybersecurity incident occurs clashes with the FBI's work to fully investigate and ultimately prosecute cybercriminals, Felker said Thursday. "There's always going to be some tension between our mission space at DHS, which is asset response, threat mitigation - stop the bleeding, if you will - and law enforcement's threat response, which is to catch a bad guy and make a successful prosecution," Felker said during McAfee's Security through Innovation conference hosted by CyberScoop and FedScoop. "It's not easy and it's case-by-case. The challenge we have is to keep a relationship that is open and honest and transparent between us." "Even in the last couple weeks we've had a few knock-down, drag-outs about cases that are going on, but it is what it is," Felker said. "We'll work through it." Ongoing negotiations effectively determine when DHS will rapidly reach out to a victim or, on the other hand, if the FBI will be afforded a grace period to collect evidence and gain new insight.
New Tenn. law: No breach notice needed if data encrypted (Bloomberg, 6 April 2017) - Companies don't need to notify Tennessee citizens of personal data breaches if the information was encrypted, under a new law that took effect April 4 and clarifies confusion created by a 2016 amendment. The measure reinstates language in the state's data breach notice law to remove any doubt that companies do not need to give notice of an encrypted data breach, unless the encryption key is also breached. It took effect with Gov. Bill Haslam's (R) signature. Tennessee adopted a breach notification law in 2005 that specifically exempted to providing notice if the breached data were encrypted. But in 2016, the law was amended to remove the exemption. The 2016 amended law, however, still mentioned in another section that encryption was a positive means of protecting data. This created confusion for companies about whether they could still avoid providing notice if the data were encrypted.
Company boards lack deep security knowledge - survey (BizCommunity, 7 April 2017) - According to a recent National Association of Corporate Directors (NACD) survey, although almost 90% of directors at public companies claim their board discusses cyber risk regularly, only 14% have deep knowledge of the topic. Lutz Blaeser, MD of Intact Software Distribution, says that 60% of respondents said they find overseeing cyber risk a challenge. "Just over half of publicly listed companies, reported that cyber risk oversight falls on the audit committee, and 96% of directors that took the survey said the full board takes on the big picture risks that could impact their organisation's strategic direction." The survey, says Blaeser, also highlighted that the most common board cyber-risk oversight practices are reviewing the organisation's approach to protecting its most critical assets, followed by reviewing the technical infrastructure used to protect those assets.
Roku TVs can now detect what you're watching on cable to see if it's available on Netflix (The Verge, 11 April 2017) - Televisions with Roku's software preinstalled can now automatically detect what you're watching via cable, satellite, or an antenna. The new feature, coming to Roku TVs as part of a the latest operating system update , is called "More Ways to Watch" and is designed to show you whenever a show or movie you've got on can also be streamed using popular services like Netflix, Hulu, and Amazon Video. This could allow you to watch an in-progress episode from the beginning, find other episodes of a series, or view recommendations for similar content. Roku uses Automatic Content Recognition (ACR) technology to recognize what's currently being viewed in your living room. Somewhat creepy, yet also helpful! Not that the creepy side is stopping other companies from doing the same thing. Roku is at least being careful about how it's all being implemented. More Ways to Watch requires customers to opt-in once the feature is rolled out or whenever they perform an initial out-of-box setup on a Roku TV. Only Roku TVs are doing this right now; your streaming set-top box isn't (yet) detecting what you're watching.
Uber reportedly tracked Lyft drivers using a secret software program named 'Hell' (TechCrunch, 12 April 2017) - Another day, another revelation of an ethically questionable business practice by Uber. This time The Information reports that Uber secretly tracked Lyft drivers using an internal software program it dubbed Hell. Hell not only let Uber see how many Lyft drivers were available for rides and what their prices were, but also figure out which ones were double-dipping by driving for Uber, too. This meant Uber had data that made it easier to offer those drivers incentives to switch over to Uber exclusively. The software was called Hell in reference to "God View," its tool for tracking the location of customers (God View, also called "Heaven," was infamously abused by Uber employees to stalk journalists, celebrities and ex-girlfriends). Hell originated after Uber created fake rider accounts on Lyft and used software to trick Lyft's system into thinking those riders were in certain locations. This allowed Uber to see the eight closest available Lyft drivers to each fake rider. Then Uber executives realized that Lyft had assigned a numerical user ID to each of its drivers. This bonanza allowed them to start long-term tracking of Lyft drivers and deduce who also drove for Uber. Once Uber knew when and where they tended to log onto Lyft, the company was able to offer drivers incentives-including financial bonuses-created to convince them to use only Uber.
Inmates built computers hidden in ceiling, connected them to prison network (ArsTechnica, 12 April 2017) - Inmates at a medium-security Ohio prison secretly assembled two functioning computers, hid them in the ceiling, and connected them to the Marion Correctional Institution's network. The hard drives were loaded with pornography, a Windows proxy server, VPN, VOIP and anti-virus software, the Tor browser, password hacking and e-mail spamming tools, and the open source packet analyzer Wireshark. That's according to a new report (PDF) from the Ohio Office of the Inspector General, which concluded that the geeky inmates obtained the parts from an onsite computer skills and electronics recycling program. The agency's IT department, according to the report, initially was alerted to a connected device, using a contractor's stolen credentials, that had "exceeded a daily Internet usage threshold." The computers were operational for about four months. After a three-week search, they were discovered above a training room closet in an area off limits to unsupervised inmates. Ultimately, the authorities traced cable from a networking switch to find the devices that were assembled with discarded computers from an Ohio aircraft parts company and an Ohio school district. A forensic analysis of the hard drives found that they were loaded with "malicious" software and that inmates used the computers to apply for credit cards, research tax-refund fraud, search inmate records, and obtain prison access passes for restricted areas. "Additionally, articles about making home-made drugs, plastics, explosives, and credit cards were discovered," according to the report.
How The New York Times decides which stories to link to (and which ones to match) (Poynter, 17 April 2017) - Even though The New York Times has a staff of more than 1,000 journalists that produce roughly 230 articles per day - the equivalent of a daily Harry Potter book - there's some stories they just can't get. Controversial (but worthy) opinion pieces, harrowing first-person accounts and profiles of reclusive celebrities all exist beyond the walled garden of nytimes.com. In years past, The Times might've ignored these stories, rolled them into a longer article or tried to match them. Now, they just link out. Along with colleague Michelle Dozois, Times Senior Digital Strategist Anna Dubenko publishes a twice-weekly roundup of stories under a made-to-share headline that signals temporary relief from the unending torrent of news from the capital: " 15 great stories that have nothing to do with politics ," reads one. " Take a break from politics with these 12 stories. " " Sick of politics? Try these great reads ." The curation strategy might seem contradictory for a newspaper whose business depends on attracting readers and holding them on The Times' owned-and-operated platforms. Why link out when you could flood the masses with Times journalism? But the articles are part of a plan to create habitual users of The New York Times who will return to the newspaper for news they actually want to consume - regardless of who made it. "It might sound a bit ambitious or crazy to say, but it's sort of my dream to really compete with what I think is a broken News Feed," Dubenko said. "...The idea behind curation at The Times is: What if your really smart, funny, charming, friend - me - gave you recommendations of what to read without all of the craziness that you might get in your News Feed?" The latest of these efforts is " Right and Left: Partisan Writing You Shouldn't Miss ," a twice-weekly roundup of political writing from both sides of the ideological spectrum. With the debut of hyperpartisan news sites and the rise of filter bubbles on social media, many centrist news organizations have launched initiatives aimed at dispelling the political myopia that afflicts us all. BuzzFeed has "Outside Your Bubble," a feature that exposes its audience to viewpoints outside their personal ideologies. The Guardian has " Burst Your Bubble ," a weekly guide to the right-wing media commentariat. But where The New York Times roundup differs from its competition is that Dubenko is interested in both the left- and the right-wing. And she's trying to find writers who are actually interested in convincing readers who may not agree with them. * * * [ Polley : very interesting]
Another trick to try to get mainstream media articles deindexed by Google (Volokh/WaPo, 18 April 2017) - I've been blogging over the past several months about people using various tactics to try to get Google to "deindex" Web pages - remove them from Google indexes, so that Google users won't see them in search results. If you send Google a court order finding the material on some pages to be defamatory, Google will consider deindexing those pages, on the theory that the court order is fairly reliable evidence that the pages are indeed inaccurate and libelous. But the consequence is that people have been using various stratagems to deindex material even when there's little reason for such confidence. Here's another twist, which some people have used to try to deindex mainstream news articles (though without any success, to my knowledge, because Google seems skeptical of these particular requests) - they (a) sue the people quoted in the articles, (b) get stipulations from the people recanting their allegations, (c) get court orders based on those recantations and then (d) try to use those court orders to deindex an entire article. Now, if a media organization gets such a recantation from one of the sources they quote, the editors would reasonably ask: Was the source lying then, or is he lying now? If the editors are persuaded that the recantation is accurate, they might well publish a correction, or revise or even take down the original article. But if they think that the original report was accurate, and the recantation was coerced using a lawsuit, they might stand by their story. When a plaintiff sues the source, though, gets a stipulation and submits the order to Google with a deindexing request, the plaintiff is trying to short-circuit the news organization's review of the matter. Instead, the plaintiff wants to just get the original story hidden, with no independent evaluation of whether the story was and continues to be correct. Consider, for example, Ball v. Saurman . A Ventura County Star article had quoted Sandee Saurman as sharply criticizing J. Kiely Ball's hearing aid company. Ball sued Saurman, who eventually agreed to a stipulation in which she stated that her original allegations were false. A court then issued an injunction, which was submitted to Google for deindexing of the newspaper article. If the Court of Appeal decision were upheld, Google would have had to deindex the Ventura County Star article even though neither the Star nor Google had an opportunity to independently examine Saurman's recantation. * * *
New apps from MIT fill your waiting moments with learning opportunities (TechCrunch, 18 April 2017) - MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) has come up with a way to fill those few seconds of waiting everyone experiences while their social media apps load, or their phone connects to WiFi. It may not seem like much, but filling these gaps can [have] a significant aggregate effect, given how much time we spend on our devices. To fill this time with productive learning opportunities, CSAIL came up with WaitSuite, a collection of apps that work on desktop or mobile, offering up educational micro-moments where you can brush up on second language vocab skills and more in the time between everything else. MIT's work here isn't unprecedented: They cite apps like Duolingo that already offer up short-term learning opportunities tied to devices like smartphones that we have with us everywhere. WaitSuite targets even more fleeting moments, like while you're waiting for your phone or computer to connect to a WiFi network, or while you're waiting for someone to text you back. WaitSuite also covers the time spent fetching emails, waiting for an elevator to arrive, and waiting for various kinds of content to load on your phone. The system is simple, and basically presents you with a vocabulary word to translate, with a simple text entry field. This could be repurposed to learn specific lingo for various fields of study and work, or for SAT prep and more, but language learning was an easy target because of the flash card-like experience. The system also automatically detects if your device is looking for a WiFi connection, or if your phone can detect Bluetooth iBeacons that indicate you're near an elevator, and the automatic nature is key - users don't have to think about what app to open, it's presented instantly, letting them direct their full attention to that learning task for the few seconds they typically have to wait during these activities. A side benefit of the apps was that users still paid attention to their original task: When they fill these moments with things like browsing social media, they tend to get lost in that secondary activity, but with these quick learning moments, they return their attention more fully to what they were doing in the first place.
Who controls the blockchain? (HBR, 19 April 2017) - Blockchain networks tend to support principles, like open access and permissionless use, that should be familiar to proponents of the early internet. To protect this vision from political pressure and regulatory interference, blockchain networks rely on a decentralized infrastructure that can't be controlled by any one person or group. Unlike political regulation, blockchain governance is not emergent from the community. Rather, it is ex ante, encoded in the protocols and processes as an integral part of the original network architecture. To be a part of a community supporting a blockchain is to accept the rules of the network as they were originally established. In a blockchain transaction, you don't have to trust your counterpart to perform their obligations or properly record transactional data, since these processes are standardized and automated, but you do have to trust that the code and the network will function as you expect. And just how immutable are blockchain ledger entries if the network becomes politicized? As it turns out, not very. * * * [ Polley : First time I've seen a blockchain article in Harvard Business Review.]
RESOURCES
Fair Use, Notice Failure, and the Limits of Copyright as Property (BU Law Review) - Abstract: If we start with the assumption that copyright law creates a system of property rights, to what extent does this system give adequate notice to third parties regarding the scope of such rights, particularly given the prominent role played by the fair use doctrine? This essay argues that, although the fair use doctrine may provide adequate notice to sophisticated third parties, it fails to provide adequate notice to less sophisticated parties. Specifically, the fair use doctrine imposes nearly insuperable informational burdens upon the general public regarding the scope of the property entitlement and the corresponding duty to avoid infringement. Moreover, these burdens have only increased with changes in technology that enable more, and more varied, uses of copyrighted works. The traditional response to uncertainty in fair use has been to suggest ways of curing the notice failure by providing clearer rules about what is and is not permitted. This essay suggests, however, that these efforts to reinforce the property framework feel increasingly strained and fail to reflect how copyright law is actually experienced by the general public. Indeed, the extent of the notice failure is such that it may be time to stop treating copyright like a property right, at least for certain classes of users. The essay ends by suggesting a number of alternative frameworks that would seek to regulate public behavior regarding copyrighted works without imposing the unrealistic informational burdens required by a system of property rights.
Encryption Workarounds (Bruce Schneier & Orin Kerr, Georgetown Law Journal) - Abstract: The widespread use of encryption has triggered a new step in many criminal investigations: the encryption workaround. We define an encryption workaround as any lawful government effort to reveal an unencrypted version of a target's data that has been concealed by encryption. This essay provides an overview of encryption workarounds. It begins with a taxonomy of the different ways investigators might try to bypass encryption schemes. We classify six kinds of workarounds: find the key, guess the key, compel the key, exploit a flaw in the encryption software, access plaintext while the device is in use, and locate another plaintext copy. For each approach, we consider the practical, technological, and legal hurdles raised by its use. The remainder of the essay develops lessons about encryption workarounds and the broader public debate about encryption in criminal investigations. First, encryption workarounds are inherently probabilistic. None work every time, and none can be categorically ruled out every time. Second, the different resources required for different workarounds will have significant distributional effects on law enforcement. Some techniques are inexpensive and can be used often by many law enforcement agencies; some are sophisticated or expensive and likely to be used rarely and only by a few. Third, the scope of legal authority to compel third-party assistance will be a continuing challenge. And fourth, the law governing encryption workarounds remains uncertain and underdeveloped. Whether encryption will be a game-changer or a speed bump depends on both technological change and the resolution of important legal questions that currently remain unanswered.
LOOKING BACK - MIRLN TEN YEARS AGO
(note: link-rot has affected about 50% of these original URLs)
Public access group defies copyright to post Smithsonian images online (Canada.com, 18 May 2007) -- Grabbing pictures of iconic Smithsonian Institution artifacts just got a whole lot easier. Before, if you wanted to get a picture of the Wright Brothers' plane, you could go to the Smithsonian Images website and pay for a print or high-resolution image after clicking through several warnings about copyrights and other restrictions - and only if you were a student, teacher or pledging not to use it to make money. Now, you can just go to the free photo-sharing website flickr.com. A nonprofit group is challenging the copyrights and restrictions on images being sold by the Smithsonian. But instead of going to court, the group downloaded all 6,288 photos online and posted them Wednesday night on the free Internet site. "I don't care if they sell the photos, but then once they sell it, they can't say you can't reuse this photo," said Carl Malamud, co-founder of the group Public.Resource.Org, advocates for posting more government information online. "You're not allowed to chill debate by telling people they can't use something because it's under copyright when that's not true." Most images the Smithsonian is selling, including photos of artifacts and historic figures, are not protected by copyright, Malamud said. But the Smithsonian site carries copyright notices and other warnings that would discourage most people from using historic images that should be publicly available, he said.
State Department launches first blog (US Department of State, 25 Sept 2007) - Welcome to the State Department's first-ever blog, Dipnote. As a communicator for the Department, I have the opportunity to do my fair share of talking on a daily basis. With the launch of Dipnote, we are hoping to start a dialogue with the public. More than ever, world events affect our daily lives-what we see and hear, what we do, and how we work. I hope Dipnote will provide you with a window into the work of the people responsible for our foreign policy, and will give you a chance to be active participants in a community focused on some of the great issues of our world today… [ Polley (in 2017): ironic that the link has rotted.]
NOTES
MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.
Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.
SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu
2. InsideHigherEd - http://www.insidehighered.com/
3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/
4. Aon's Technology & Professional Risks Newsletter
5. Crypto-Gram, http://www.schneier.com/crypto-gram.html
6. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/
7. The Benton Foundation's Communications Headlines
8. Gate15 Situational Update Notifications, http://www.gate15.us/services.html
9. Readers' submissions, and the editor's discoveries
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top