Saturday, June 24, 2017

MIRLN --- 4-24 June 2017 (v20.09)

MIRLN --- 4-24 June 2017 (v20.09) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | LOOKING BACK | NOTES

Governments may be big backers of the blockchain (The Economist, 1 June 2017) - In the hills overlooking Tbilisi, Georgia's capital, sits a nondescript building housing rows of humming computer servers. The data centre, operated by the BitFury Group, a technology company, was built to "mine" (cryptographically generate) bitcoin, the digital currency. But now it also uses the technology underlying bitcoin, called the "blockchain", to help secure Georgian government records. Experts are eyeing the experiment for proof of whether blockchain technology could alter the infrastructure of government everywhere. While the blockchain originally sought a foothold in financial services, and digital currencies attracted early attention from investors, now interest in using the technology in the public sector is growing. Brian Forde, a blockchain expert at the Massachusetts Institute of Technology, argues that governments will drive its adoption-an ironic twist for something that began as a libertarian counter model to centralised authority. Backers say it can be used for land registries, identity-management systems, health-care records and even elections. Fans argue that, if properly implemented, distributed ledgers can bring improvements in transparency, efficiency and trust. Naysayers respond that wider adoption may reveal security flaws. It is certainly early days for the blockchain: some compare it to the internet in the early 1990s, so growing pains are sure to follow. And blockchains can always be only part of the solution: no technology can turn crooked leaders straight and keep them, for instance, from feeding in spurious data. Creating robust standards will also take time. And integrating databases across vast and complex bureaucracies will need huge investment. Yet governments do not seem fazed. According to a recent IBM survey of government leaders (conducted by the Economist Intelligence Unit, our sister company), nine in ten government organisations say they plan to invest in blockchain technology to help manage financial transactions, assets, contracts and regulatory compliance by next year. top

- and -

The world's largest CSDs are forming a new Blockchain consortium (Coindesk, 5 June 2017) - Some of the world's biggest central securities depositories (CSDs) are uniting to build their own blockchain consortium. Informally called the CSD Working Group on DLT, and comprised of institutions tasked with holding vast amounts of the world's financial instruments, the fledgling consortium is emerging from talks that have been ongoing since last year. While the formal membership of the group has yet to be revealed, CoinDesk has learned that early participants of the exploratory effort met last month in London and that the work is ongoing. Hosted by 'Big Four' consulting firm EY, the meeting was designed to give the companies, including the DTCC, Canada's CDS, the Moscow Exchange Group and South Africa's Strate, a better understanding of how blockchain technology might change their roles in the future. What started as informal conversations last October have since evolved into the more formal working group, with members including Russia's National Securities Depository, Switzerland's SIX Securities Services, the Nordic subsidiary of Nasdaq and Chile's DCV. Last week, members of the group published the first results of its partnership: a document describing the product requirements for a proxy voting solution for general meetings, built using distributed ledger technology and 'synchronized' with Swift's messaging standard. Using an unspecified technology, the proposal requires that the platform should accommodate up to 100,000 voting parties and conduct at least 50 transactions per second. While the official stated objective of the working group is to demonstrate the business value of the technology, Duvanov and Strate CEO Monica Singer revealed to CoinDesk that that is only part of the minimum viable product being tested. And, though not every member of the working group appears to have been involved in the London meeting, a second objective of the group is to show the value of collaboration in its own right. [ Polley : Spotted by MIRLN reader John Muller ] top

- and -

Accenture, Microsoft team up on blockchain-based digital ID network (Reuters, 19 June 2017) - Accenture Plc and Microsoft Corp are teaming up to build a digital ID network using blockchain technology, as part of a United Nations-supported project to provide legal identification to 1.1 billion people worldwide with no official documents. The companies unveiled a prototype of the network on Monday at the UN headquarters in New York during the second summit of ID2020, a public-private consortium promoting the UN 2030 Sustainable Development Goal of providing legal identity for everyone on the planet. The project aims to help individuals such as refugees prove who they are in order to gain access to basic services such as education and healthcare. * * * The new platform will connect existing record-keeping systems of commercial and public entities through blockchain, allowing users to access to their personal information wherever they are. For example, refugees who have fled their country leaving behind birth or education paper certificates would still be able to provide proof of those credentials through the system. One of the main advantages of blockchain is that it allows systems of different organizations to communicate with each other, Yorke Rhodes, global business strategist at Microsoft, said in an interview. The prototype was built on top of an existing Accenture platform, which powers the biometric identity management system used by the UN High Commissioner for Refugees. top

Grad students as peer reviewers: the pros and cons (Chronicle of Higher Ed, 1 June 2017) - A good peer reviewer is hard to find. Does it make sense to expand the search to graduate students? At some journals, editors say, that idea is an absolute nonstarter. But at others, with the number of article submissions on the rise, editors are increasingly asking graduate students to act as referees. A discussion about the value of that practice cropped up Wednesday on the philosophy blog Daily Nous, where Jc Beall, a professor of philosophy at the University of Connecticut, posed the question and listed some pros and cons. On the one hand, he wrote, there's a supply-and-demand argument for enlisting graduate students: There is "so much publishing that there's no alternative but to enlist as many recruits as possible." Beyond that, peer review offers the potential to "expose the grad students to cutting-edge ideas in the latest submitted drafts." But Mr. Beall found more "strong reasons" to question the practice. Graduate students "already have too little time for their own work," he wrote. "Why should they be given work that few want in the profession?" What's more, they have not yet been fully accepted into the faculty, "but are being asked to serve anyhow." Mr. Beall said the use of graduate students as peer reviewers "appears to be gaining the feel of normalcy." Is it becoming more widespread? The Chronicle reached out to some editors to see how common the practice is. * * * top

Researchers use ridesharing cars to sniff out a secret spying tool (Wired, 2 June 2017) - Law enforcement's use of the surveillance devices known as stingrays, fake cell towers that can intercept communications and track phones, remains as murky as it is controversial, hidden in non-disclosure agreements and cloak-and-dagger secrecy. But a group of Seattle researchers has found a new method to track those trackers: by recruiting ridesharing vehicles as surveillance devices of their own. For two months last year, researchers at the University of Washington paid drivers of an unidentified ridesharing service to keep custom-made sensors in the trunks of their cars, converting those vehicles into mobile cellular data collectors. They used the results to map out practically every cell tower in the cities of Seattle and Milwaukee-along with at least two anomalous transmitters they believe were likely stingrays, located at the Seattle office of the US Customs and Immigration Service, and the Seattle-Tacoma Airport. Beyond identifying those two potential surveillance operations, the researchers say their ridesharing data-collection technique could represent a relatively cheap new way to shed more light on the use of stingrays in urban settings around the world. "We wondered, how can we scale this up to cover an entire city?" says Peter Ney, one of the University of Washington researchers who will present study at the Privacy Enhancing Technology Symposium in July. He says they were inspired in part by the notion of "wardriving," the old hacker trick of driving around with a laptop to sniff out insecure Wi-Fi networks. "Actually, cars are a really good mechanism to distribute our sensors around and cast a wide net." top

Whose authorization matters-the third-party accounts of former employees (Lawfare, 5 June 2017) - Two district courts in Virginia have parsed out a distinction regarding email access to the third-party accounts of former employees: following the employee's termination, who is allowed to access the account and whose permission is required? The answer depends on how personal the account was. [ Polley : quite interesting, with detailed case descriptions and compare-and-contrast analysis.] top

A guide to the ethics of cloud computing for lawyers (Ride the Lightning, 6 June 2013) - It remains astonishing to us that so many lawyers fear the cloud. While we understand the desire to control your own data, as a rule, most clouds will protect law firm data better than the law firms would. By a lot! That is particularly true of solo, small and mid-sized law firms. One of the questions we hear most often is "What does my state say about the ethics of cloud computing?" Actually, we are surprised that a number of states have not spoken on that issue, especially given the prevalence of cloud computing and attorneys' concerns about it. One good resource comes from the ABA's Legal Technology Resource Center, which maintains a map showing you which states have spoken about the ethics of cloud computing, accompanied by a quick reference guide to those states that have spoken on the issue. Check out this page on Cloud Ethics Opinions if you are unsure about your state's position on the ethics cloud computing. top

Coursera closes $64 million round of funding (InsideHigherEd, 8 June 2017) - Online education provider Coursera said Wednesday that it had raised another $64 million, bringing its total equity funding to more $210 million. The company said in a blog post that intends to use the funding to "accelerate our product innovation efforts, grow our high-quality and stackable degree portfolio, and build business and government partnerships in order to address the needs of a global work force." In addition to expanding in the corporate education market, Coursera this spring signaled that it plans to partner with member universities to launch more fully online degree programs. top

The secret social media lives of teenagers (NYT, 7 June 2017) - Earlier this week, Harvard University revealed that it had rescinded admissions offers to at least 10 students who shared offensive images within what they thought was a private Facebook group chat. The students posted memes and images that mocked minority groups, child abuse, sexual assault and the Holocaust, among other things. Sharing videos, images and memes creates the opportunity for an instantaneous positive feedback loop that can perpetuate poor decision making. In an environment where teens spend around nine hours using some form of online media every day, it doesn't take long for them to be influenced by an "all-about-the-likes" sense of values that can potentially lead to life-altering decisions. I've spent nearly two decades working with teens on organization and time-management in the heart of the Silicon Valley, and many teen girls tell me they have a real Instagram account ("rinsta") for a wider audience and then keep a "finsta" (friends-only or "fake" Instagram) for their closest friends. Many teens use shortened versions of their names or aliases for finsta accounts, which they often see as an opportunity to share a less edited, less filtered version of their lives. They might spend a lot of time trying to capture the perfect Instagram photo for the "rinsta," which reaches a wider general audience, while a finsta might reveal, as one high school sophomore girl declared, "my innermost thoughts." Like the teens in the Harvard Facebook group chat, those using finsta accounts can have a false sense of confidence to say and do things they might not want a wider audience to see. And because so much of today's teen social media use is rooted in a fear of getting caught, many teens have detoured their online activity to different ways of cloaked communication. Closed and secret Facebook groups are one way teens (and adults!) privatize communication to a select group - a closed group feels more private because it allows an administrator to approve new users and monitor content. Secret Facebook groups remain unsearchable, and members can only be added or invited by another member. Another trick is to use hidden apps like Calculator% and Calculator+ that look like regular calculators, but require users to enter their passcodes to reveal a back storage area containing private photos. Also popular with secretive teens are storage apps like Vaulty, which allows users to hide photos and videos, and also has a "mug shot" feature, which takes a photo of anyone who tries to access the app using an incorrect password. Vaulty's most clever trick? Users can create two passwords for one vault, with each password tied to specific levels of access. So, a parent who insists that a teen hand over the password still might be getting limited access. Some teens just hide apps within folders on their phones. Parents wondering if their children are hiding something might look for a cleared search history and an unexplainable spike in data usage as potential red flags. * * * top

Facebook knows what you're doing during commercial breaks (Recode, 8 June 2017) - You know how sometimes you still watch live TV? And how if you're watching live TV, sometimes a commercial comes on? Well, guess what happens then? If you're reading this, you know. But now Facebook wants to spell it out for you: You ignore the commercials and you look at your phone. Here's the graphic version of this story: Facebook says it tracked the behavior of 537 people who told the company they watched "the season premiere of a popular TV show" last fall. This bar chart measures Facebook usage over time. See the spikes? Those are commercial breaks: * * * And just to beat it into the ground, Facebook tracked usage for people who didn't watch the show. No spikes, just steady liking and sharing. Yes, it's a small survey, conducted by Facebook, about a single show last year. On the other hand, since it's only measuring Facebook usage, it probably understates the case. If you factor in Twitter, texting, Clash of Clans and everything else you can do with your phone when a commercial comes on, those spikes would likely be much sharper. Those graphs come via a longer blog post/op-ed from Facebook today, which is theoretically about the state of video advertising, and which offers advice about how to make effective ads. It also includes some new video stats from the company. Among them: On average, Facebook users watch autoplay video for 16.7 seconds per clip; they watch autoplay video ads for 5.7 seconds. But Facebook's big takeaway here is clear, and it's the same takeaway Facebook has been offering for years: Advertisers should move their spending away from TV, because consumers have moved their attention away from TV. And if advertisers are going to move their dollars away from TV, Facebook is ready to take those dollars. top

Lawmakers want notice when Pentagon uses cyber weapons (NextGov, 8 June 2017) - Defense Department officials would be required to notify congressional overseers within 48 hours of launching any sensitive cyber operation under legislation introduced Thursday by top lawmakers on the House Armed Services Committee. The law would apply to both offensive and defensive cyber operations that leave DOD networks and produce effects outside locations where the U.S. is engaged in a hot war. The law would not apply to covert actions, which are typically conducted by intelligence agencies rather than the uniformed military. That means the Stuxnet attack against Iran's nuclear capability, which is among the best-known offensive cyber operations and widely believed to have been launched, in part, by U.S. intelligence agencies, would not fall under the law's requirements. The law would also require the Pentagon to notify the House and Senate Armed Services Committees about any reviews of cyber weapons to determine if they can be used under international law. top

How tech sleuths cracked the mysterious code that turns your printer into a spying tool (WaPo, 9 June 2017) - You wouldn't have noticed it unless you knew where - and how - to look, but the top-secret National Security Agency document leaked to the Intercept and published Monday contained a clue that may have led authorities to its source. Spread throughout the pages were barely visible yellow dots, each less than a millimeter in diameter, repeated over and over in the same rectangular pattern. You could see them by zooming in on the pages and adjusting the color. Or, if you had the original printed papers, you could have inspected them with a magnifying glass and a blue LED light. They're called tracking dots or microdots. Nearly every color printer on the market is equipped with a feature that covertly prints them. They encode any page that comes out of a printer with a serial number, date and time that can be interpreted using a simple cipher. Printer manufacturers are not required to tell customers the feature exists. Although the FBI has signaled otherwise, some experts have speculated that such dots may have helped investigators track down and arrest Reality Leigh Winner, the government contractor who was charged this week with leaking the NSA's highly classified report. Printer manufacturers have used the dots in some form or another for decades, but they were only revealed to the public fairly recently, when privacy advocates and cybersecurity researchers took notice. PC World was among the first publications to bring them to light. In a 2004 article in the magazine, a senior researcher at Xerox named Peter Crean described the hidden markings in detail. The technology had been developed about 20 years before, he said, to allay government officials' fears that copy machines could be used to counterfeit money or forge documents. Xerox created an in-house encoding system and agreed to share information about it with authorities. Other companies followed suit. * * * [ Polley : B&W printers?] top

In Watergate, one set of facts. In Trump era, take your pick. (NYT, 11 June 2017) - Forget Deep Throat, the anonymous senior F.B.I. official whom history so fondly remembers for guiding Carl Bernstein and Bob Woodward through the corruption scandal and cover-up that began with a break-in at the Democratic National Committee and ended with President Richard M. Nixon's resignation. We now have "the deep state," the scheming coterie in the intelligence community supposedly seeking to take down the president to protect its own power, as the viral Web conspiracy goes. Watergate unfolded in a much simpler time in the media industry. There were three major news networks and PBS; a major paper or three in every city; and a political dynamic in which leaders duked it out by day and dined together at night. They did so on a solid foundation of agreed-upon facts and a sense of right and wrong that was shared if not always followed. The Trump-Russia scandal is breaking during a time of informational chaos, when rival versions of reality are fighting for narrative supremacy. The causes are legion: The advent of right-wing talk radio and Fox News; the influence of social sites like Facebook, Twitter, Reddit; and the mainstreaming of conspiracy sites like InfoWars, which had almost five million visitors in the last month. By allowing partisans to live in their separate informational and misinformational bubbles, and, in some cases, to allow real news to be rendered as false - and false news to be rendered as true - they have all contributed to the calcification of the national divide. Mainstream journalism, a shiny and ascendant conveyor of truth during Watergate, is in a battered state after decades of economic erosion, its own mistakes and the efforts of partisan wrecking crews to discredit its work, the most recent one led by the president himself. All of it gives the Trump White House something Nixon never had: a loyal media armada ready to attack inconvenient truths and the credibility of potentially damning witnesses and news reports while trumpeting the presidential counternarrative, at times with counterfactual versions of events. Review papers from the Nixon White House and you can see just how much Nixon and his team pined for a media environment resembling the one today. "Nixon was always complaining that he had no defenders," John Dean, the former Nixon White House counsel, and current CNN contributor, told me Friday. As a memo from one adviser read in 1970: "The lens through which our message gets through is a distorted lens," therefore "we ought to give consideration to ways and means if necessary to acquire either a government or other network through which we can tell our story." When a separate memo presented a more detailed plan for a pro-administration news service, White House records show, another adviser, Roger E. Ailes, raised his hand to start it . The plan fizzled, but Mr. Ailes, who died last month, would start the Fox News Channel some 25 years later. top

Belonging online and in the library (InsideHigherEd, 12 June 2017) - Librarians have been thinking quite a bit about their library as a place in the last decade or so. They also try to make their digital spaces convenient for users to orient themselves and get to the information they seek (while also placating the marketing folks who decide what the institutional website should look like). Though we try to make the library where I work a hospitable place with a user-friendly website, I wonder what it looks like to students who are new to the place. When I was an undergraduate I made a nest in my university library. I actually liked writing papers and when I needed a break I'd browse some random part of the stacks: Hakluyt's Voyages - that looks cool. Huh, An Elementary Welsh Grammar. Wonder if I could learn Welsh? I didn't like it when a uniformed guard busted me for having food in my carrel, yet I never felt like I didn't belong there. He was the one who seemed out of place. But I was a weird kid, and privileged, growing up with the unquestioned expectation that I would have a university library in my future and it would feel like home. Kate Bowles, who writes elegantly about higher education at Music for Deckchairs , recently posted essay on "kith," the sense of place and belonging that goes along with kin, our family relationships. (I'd never actually thought about the meaning of the first half of "kith and kin.") She quotes Susan Beal: "Kith is not only the place you know and love, but the place that knows and loves you back." In the essay Bowles examines what that means in terms of "digital citizenship" from her perspective in Australia where actual citizenship has become a fraught subject, a category of exclusion, as perhaps it always has been though not necessarily recognized as such. I'm thinking about this as I start to plan a course that will use digital humanities tools to explore identity and the internet. I know from experience that what seems obvious and comfortable to me is a matter of familiarity. It's hard work for many students who would rather not be doing it anyway, and thinking about what happens to their data when they use social media is deeply uncomfortable, as is discussing their multiple social media identities. Those are private except for their close friends and the numerous invisible data-mining companies that exploit those identities and relationships. * * * [ Polley : Resonated with me.] top

Legal analytics vs. legal research: What's the difference? (ABA's Law Tech Today, 12 June 2017) - For hundreds of years, litigators have served their clients by applying facts to law using legal reasoning. To identify relevant law-statutes, cases, rules-to apply to the facts of a case, lawyers conduct legal research. Performing accurate legal research remains a core skill of successful lawyering. But over the past few years a new tool has appeared in litigators' toolkits: legal analytics. Legal analytics involves mining data contained in case documents and docket entries, and then aggregating that data to provide previously unknowable insights into the behavior of the individuals (judges and lawyers), organizations (parties, courts, law firms), and the subjects of lawsuits (such as patents) that populate the litigation ecosystem. Litigators use legal analytics to reveal trends and patterns in past litigation that inform legal strategy and anticipate outcomes in current cases. While every litigator learns how to conduct legal research in law school, performs legal research on the job (or reviews research conducted by associates or staff), and applies the fruits of legal research to the facts of their cases, many may not yet have encountered legal analytics. Data-driven insights from legal analytics do not replace legal research or reasoning, or lawyers themselves. They are a supplement, both prior to and during litigation. Think of legal analytics as Moneyball for lawyers. Just as a Moneyball approach to managing a baseball team supplements the hard-earned wisdom of managers, scouts, and team executives with data-driven insights, legal analytics supplements a lawyer's legal wisdom. * * * top

Modria, innovator of online dispute resolution, is acquired by Tyler Technologies (Bob Ambrogi, 12 June 2017) - Modria , a pioneering company in the field of online dispute resolution, has been acquired by Tyler Technologies , a company that develops software products for local governments. Modria will become part of Tyler's Courts and Justice Division, where Modria's technology will be used to help courts more efficiently handle large volumes of disputes. Modria was founded in 2011 by Colin Rule, who earlier designed and ran eBay's ODR system, considered the most successful ODR system in the world, and Chittu Nagarajan, the woman who formerly ran the largest ODR system in Asia. Modria's ODR platform has been used by a number of e-commerce sites as well as by innovative sites designed to provide alternatives to litigation, such as the Rechtwijzer site in the Netherlands, developed by HiiL and the Dutch Legal Aid Board to provide dispute resolution for divorce and separation, landlord-tenant and employment disputes. Modria's platform has also been adopted by various tax assessors in the United States and Canada to resolve property tax appeals. Rule will remain with Tyler as vice president of online dispute resolution. Modria will be shutting down its e-commerce customers and focusing entirely on courts and ADR organizations, Rule told me. top

Schools tap secret spectrum to beam free internet to students (Wired, 12 June 2017) - In places like Albemarle County, where school officials estimate up to 20 percent of students lack home broadband, all the latest education-technology tools meant to narrow opportunity and achievement gaps can widen them instead. So, rather than wait for reluctant commercial internet providers to expand their reach, the district is trying an audacious solution. They're building their own countywide broadband network. Still in its early stages, this ambitious project relies on a little-known public resource - a slice of electromagnetic spectrum the federal government long ago set aside for schools - called the Educational Broadband Service (EBS). Some internet-access advocates say EBS is underutilized at best, and wasted at worst, because loose regulatory oversight by the FCC has allowed most of the spectrum to fall into the hands of commercial internet companies. The resulting spectrum scarcity may be the most daunting of the legal, technical and monetary challenges faced by any district hoping to create its own broadband network. But a few pioneering districts have shown that it's possible, and Albemarle County has joined a nascent trend of districts trying to build their own bridges across the digital divide. top

Homeland Dems seek answers about Trump officials and encrypted app (NextGov, 1 June 2017) - Top Democrats on the Homeland Security Committee are asking inspectors general at 24 federal agencies to investigate whether Trump administration officials are skirting federal records laws by using encrypted and vanishing messaging apps. The committee's current and former ranking members, Sens. Claire McCaskill, D-Mo., and Tom Carper, D-Del., also want the IGs to investigate whether top agency officials are barring staffers from responding to information requests from congressional Democrats. That request follows a Politico report that Trump administration lawyers advised agencies to ignore Democratic requests. The senators collected the requests into a single, alphabetically arranged document that runs to 120 pages, beginning with the Agriculture Department IG and ending with Veterans Affairs. top

US internet company refused to participate in NSA surveillance, documents reveal (ZDnet, 14 June 2017) - A US company refused to comply with a top-secret order that compelled it to facilitate government surveillance, according to newly declassified documents. It's thought to be only the second instance of an American company refusing to comply with a government surveillance order. The first was Yahoo in 2008 . It was threatened with hefty daily fines if it didn't hand over customer data to the National Security Agency. While the company was not named in the 2014-dated document, released Wednesday, it's thought that it may be an internet provider or a tech company -- rather than a telecoms provider. The news comes from a collection of documents that were declassified and released as part of a Freedom of Information lawsuit filed by the Electronic Frontier Foundation and the American Civil Liberties Union. All of the documents relate to the government's use of the so-called Section 702 statute , named after its place in the law books, a provision of the Foreign Intelligence Surveillance Act. The statute authorizes the collection of data on foreign persons overseas who use US tech and telecoms services. According to the document , the unnamed company's refusal to participate in the surveillance program was tied to an apparent expansion of the foreign surveillance law, details of which were redacted by the government prior to its release, as it likely remains classified. While tech companies and internet providers are required to provide the government access to customer data when requested, they have the right to push back on the government's demands by bringing a challenge before the Foreign Intelligence Surveillance Court, which oversees and authorizes the government's surveillance activities. But despite the company's efforts to argue that the surveillance order was unlawful, the company was later forced to comply by the court. [ Polley : Spotted by MIRLN reader Gordon Housworth ] top

Pirate Bay may finally be sunk after EU copyright ruling (ArsTechnica, 14 June 2017) - Infamous BitTorrent tracker site The Pirate Bay can be found liable of copyright violations even if it doesn't host any infringing content, Europe's top court has ruled. "Making available and managing an online platform for sharing copyright-protected works, such as 'The Pirate Bay,' may constitute an infringement of copyright," the Court of Justice of the European Union (CJEU) said in its judgment on Wednesday. "Even if the works in question are placed online by the users of the online sharing platform, the operators of that platform play an essential role in making those works available." The ruling isn't only good news for copyright lawyers, but it also paves the way for ISPs across Europe to choke access to The Pirate Bay, which started life in Sweden in 2003 and has undergone a number of high-profile legal battles-including prison time for its founders, after they were found guilty of being accessories to breaching copyright laws in 2009. The CJEU's ruling appears to be suggesting that TPB operators offer functions that go beyond a search engine such as Google. Observers have already been wondering if the judgment will spill over into areas where sites might fall under the court's definition, which states: "the making available and management of an online sharing platform must be considered to be an act of communication for the purposes of the directive." top

Reed Smith releases data breach notification app (Ride the Lightning, 15 June 2017) - On June 12 th , global law firm Reed Smith announced the release of a free app to help companies apply complex state laws to basic data breach facts. The app is call Breach RespondeRS. Nearly every state in the United States has a data security breach law, requiring notice when certain personal information is lost, stolen, or misused. But the many laws differ in small but crucial respects, making it difficult to get to a bottom line. According to Reed Smith, Breach RespondeRS is the first app of its kind prompting companies to answer basic fact questions and immediately get a response as to the likelihood that notification is required. The app's release was accompanied by an animated video short showing how Breach RespondeRS can aid in both post-incident response as well as pre-incident assessment for identifying risks under different scenarios to help companies prepare accordingly. top

- and -

Cooley is updating its packet of startup tips and financing documents (TechCrunch, 20 June 2017) - Cooley is putting out a new package of seed investment documents for public viewing on its " GO" microsite, the firm said today. It's a way for entrepreneurs and early-stage investors and business owners to access what the firm considers to be best practices for early-stage investment and to streamline the process for committing capital at the seed stage. The firm said its new release was prompted by the increase in convertible notes for early-stage financing. Because the investment structure is so popular, and relatively uncomplicated, it's quickly becoming a default structure for early-stage financing. The documents that Cooley is making public are the same ones it uses in the hundreds of transactions the firm has completed for startups. The new documents also will be available on GitHub, where Cooley's documents have received several comments from the community. The company said that the new documents will act as a "fork" of the original GitHub repository under open source licenses and on the Cooley GO website. Other documents that support signing agreements for seed-stage deals also are available on the Cooley site. Any new business owner who wants can access and amend the Series Seed "Notes" and equity financing documents directly through Cooley GO's document generators. top

European Parliament committee recommends end-to-end encryption for all electronic communications (Tom's Hardware, 16 June 2017) - The European Parliament's (EP's) Committee on Civil Liberties, Justice, and Home Affairs released a draft proposal for a new Regulation on Privacy and Electronic Communications. The draft recommends a regulation that will enforce end-to-end encryption on all communications to protect European Union citizens' fundamental privacy rights. The committee also recommended a ban on backdoors. * * * top

A GOP voter-targeting firm was doing massive data analysis on Reddit (The Verge, 19 June 2017) - A conservative analytics firm apparently scraped a huge trove of Reddit data as part of its voter-targeting efforts. As reported by Gizmodo , GOP-contracted company Deep Root Analytics accidentally put a folder titled "reddit" on a publicly accessible web server along with other internal records, which cyber risk analyst Chris Vickery discovered last week. It contains 170GB of data from several subreddits, but no indication of how Deep Root might be using the information. The subreddits in question range from innocuous to controversial. One was the banned subreddit r/fatpeoplehate, which Gizmodo speculates was picked for its connection to Trump fans - a FiveThirtyEight analysis of r/The_Donald members found that outside explicitly political subreddits, these users overlapped most strongly with r/fatpeoplehate members. But Deep Root also collected information from mountain-biking and Spanish-speaking subreddits, which have no such connection. Deep Root leaked profiles of nearly 200 million potential voters as well, and it's possible that it was trying to match names to Reddit profiles - which would give them a deep look at the preferences of specific voters. Gizmodo notes that the Obama campaign matched voter records with Facebook profiles, but it's unclear that someone could do the same with Reddit, where few people operate under their real names. The company could also simply be looking for correlations in Reddit users' interests, which could help predict which messages will resonate with specific categories of voters. All we can say for sure from this leak is that political analysts are watching Reddit - which, given its prominence during the election, isn't a surprise. top

NSA opens GitHub account, lists 32 projects developed by the agency (Hacker News, 20 June 2017) - The National Security Agency (NSA) - the United States intelligence agency which is known for its secrecy and working in the dark - has finally joined GitHub and launched an official GitHub page. The NSA employs genius-level coders and brightest mathematicians, who continually work to break codes, gather intelligence on everyone, and develop hacking tools like EternalBlu e that was leaked by the Shadow Brokers in April and abused by the WannaCry ransomware last month to wreak havoc worldwide. The intelligence agency mostly works in secret, but after Edward Snowden leaks in 2013, the NSA has started (slowly) opening itself to the world. It joined Twitter in the same year after Snowden leaks and now opened a Github account. GitHub is an online service designed for sharing code amongst programmers and open source community, and so far, the NSA is sharing 32 different projects as part of the NSA Technology Transfer Program ( TTP ), while some of these are 'coming soon.' " The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace," the agency wrote on the program's page . top

Know the odds: The cost of a data breach in 2017 (Security Intelligence, 20 June 2017) - We've all heard that when it comes to experiencing a data breach, the question is not if it will happen, but when . You may be wondering about the actual odds of it happening to your organization. Think about it this way: The chances of being struck by lightning this year are 1 in 960,000. When it comes to experiencing a data breach, according to the Ponemon Institute's " 2017 Cost of Data Breach Study: Global Overview ," the odds are as high as 1 in 4. Therefore, organizations must understand the probability of being attacked, how it affects them and, even more importantly, which factors can reduce or increase the impact and cost of a data breach. Sponsored by IBM Security and independently conducted by the Ponemon Institute, the 12th annual "Cost of Data Breach Study" is out. The findings revealed that the average total cost of a data breach is $3.62 million in 2017, a decrease of 10 percent over last year. Additionally, the global average cost per record for this year's report is $141, which represents a decrease of 11.4 percent over last year. Despite the reduction in cost, the average size of a data breach increased by 1.8 percent to 24,089 records. The influencers that impact the cost of a data breach are driven by the country and the IT initiatives underway. The good news is that organizations can take measures to minimize cost and impact. The 2017 "Cost of Data Breach Study" found that having access to an internal or outsourced incident response team has been the top cost-reducing factor for three years running. An incident response team typically accelerates the time frame in which security events can be contained, which is a significant factor in reducing the overall cost of a breach. top

The Supreme Court establishes a First Amendment framework for social media (Benton Foundation, 21 June 2017) - On June 19, 2017, the Supreme Court of the United States used an unlikely vehicle to expand the scope of First Amendment protection for Internet users. In Peckingham v. North Carolina , speaking for five members of the Court, Justice Anthony Kennedy started with the general principle that the Court has always recognized the "fundamental principle of the First Amendment ... that all persons have access to places where they can speak and listen, and then, after reflection, speak and listen once more." Then, using soaring language that will surely be widely quoted in future cases, he said: While in the past there may have been difficulty in identifying the most important places (in a spatial sense) for the exchange of views, today the answer is clear. It is cyberspace--the "vast democratic forums of the Internet" in general, and social media in particular. The case arose as a challenge to a North Carolina statute that prohibits registered sex offenders from accessing social media sites. In 2002, Lester Peckingham, who was 21 years years-old at the time, pleaded guilty to taking indecent liberties with a 13 year-old girl. He received a suspended jail sentence and completed a term of probation. Eight years later, Peckingham was convicted of violating the social media statute after a police officer saw Peckingham's Facebook post joyfully announcing dismissal of a speeding ticket. The Court unanimously found North Carolina's law to be unconstitutional. This is the second important Supreme Court opinion addressing the role of the Internet in American life. The first, Reno v. ACLU , was issued in 1997, during the Internet's dial-up era. Its depiction of the Internet as a medium deserving the same high degree of First Amendment protection as traditional print media played an essential role in the legal framework for the Internet's evolution over the last two decades. Justice Kennedy's Peckingham decision consciously builds upon Reno 's recognition of the Internet as offering "relatively unlimited low-cost capacity for communication of all kinds," specifically citing how people use Facebook ("users can debate religion and politics with close friends ... or share vacation photos"), LinkedIn ("users can look for work [or] advertise for employees") and Twitter ("users can petition their elected representatives and otherwise engage with them in a direct manner") as examples. Justice Kennedy stressed the importance of insuring that the law leave ample room for the further evolution of the Internet's platform for free expression. top

Remember when you called someone and heard a song? (Motherboard, 21 June 2017) - Liam Paris, a 21-year-old who lives in Brooklyn, NY, was in eighth grade when he bought "Can't Tell Me Nothing" by Kanye West as his first ringback tone-the song that played when someone called him. If you were youngish in the early 2000s, you probably remember this phenomenon-calling a friend's cell phone, and instead of hearing the standard ring, you heard a pop song. Called ringback tones, this digital music fad allowed cell phone owners to subject callers to their own musical preference. Ringback tones were incredibly trendy in the early and mid-2000's, but have since tapered off nearly to oblivion. Though almost nobody is buying ringbacks anymore, plenty of people still have them from back in the day. The first ringtones debuted in the 1960s on landline phones (remember those?), and became a big money-maker for wireless carriers and the music industry. Ringback tones piggy-backed on this idea several decades later, and would also come to be a cash cow. A patent for contemporary ringback tone technology was filed in the US in 2001 , though earlier ringback technology had been used previously in the US and abroad. Verizon Wireless became the first US national carrier to offer ringback tones in 2004, when ringtones were a multi-billion dollar -a-year industry. Ringback tone sales grew quickly in the early 2000's, holding strong until 2008, when sales plummeted dramatically as cell phone users began taking advantage of other new products, according to a statement emailed to Motherboard. By 2014, ringback sales got so low that AT&T, the nation's second largest wireless provider, stopped selling ringback tones. Verizon, the largest wireless provider in the US, did not respond to request for comment for this story, but still sells ringback tones for $1.99. top

FBI agent shares cybersecurity tips for big law (Bloomberg, 22 June 2017) - Corporate clients are now checking to ensure their law firms are taking steps to secure valuable information. In April, the Association of Corporate Counsel issued its first-ever guidance on what data security measures in-house counsel should expect from their firms, Bloomberg BNA reported . Aristedes Mahairas, special agent-in-charge in the cyber division of the New York City's FBI field office, has spoken with many Big Law firms about their security vulnerabilities and believes the reported cases are just the tip of the iceberg. "A lot of this takes place without a lot of public scrutiny, but there's no doubt that someone out there is compromised and in pretty bad shape," he told Big law Business during a recent interview at the FBI's downtown Manhattan office. "They should be concerned because there's nothing saying a law firm can't be sued either for breach of fiduciary duty." Though law firms haven't dominated cybersecurity headlines, recent data breaches against Mossack Fonseca, Cravath, and Weil Gotshal have sent a clear signal that lawyers - and the client data they possess - are real targets. Mahairas, who earned his J.D. from New York Law School, began working at the FBI in 1996 as an undercover field officer in New York City. After stints in Bulgaria and Greece and on the Joint Terrorism Task Force, he was appointed special agent in charge of the Special Operations/Cyber Division of the New York Field Office in 2015. The following interview has been edited for length and clarity. * * * top

Avvo, LegalZoom, Rocket Lawyer declared off-limits (Law.com, 2 June 2017) - A joint opinion by three New Jersey Supreme Court committees has blacklisted three web-based services that match litigants with attorneys because of concerns over illicit fee-sharing and referral fees. Avvo facilitates improper fee-splitting, while LegalZoom and Rocket Lawyer operate legal service plans that aren't registered with the judiciary, according to the June 21 opinion, issued by the Advisory Committee on Professional Ethics, the Committee on Attorney Advertising and the Committee on the Unauthorized Practice of Law. The opinion decrees that "New Jersey lawyers may not participate in the Avvo legal service programs because the programs improperly require the lawyer to share a legal fee with a nonlawyer in violation of Rule of Professional Conduct 5.4(a), and pay an impermissible referral fee in violation of Rule of Professional Conduct 7.2(c) and 7.3(d)." It adds: "The Committees further find that LegalZoom and Rocket Lawyer appear to operate legal service plans through their websites but New Jersey lawyers may not participate in these plans because they are not registered with the Administrative Office of the Courts in accordance with Rule of Professional Conduct 7.3(e)(4)(vii)." top

RESOURCES

Surveillance Intermediaries ( Alan Z. Rozenshtein in the Stanford Law Review, forthcoming 2018) - Abstract: Apple's 2016 fight against a court order commanding it to help the FBI unlock the iPhone of one of the San Bernardino terrorists exemplifies how central the question of regulating government surveillance has become in American politics and law. But scholarly attempts to answer this question have suffered from a serious omission: scholars have ignored how government surveillance is checked by "surveillance intermediaries," the companies like Apple, Google, and Facebook that dominate digital communications and data storage, and on whose cooperation government surveillance relies. This Article fills this gap in the scholarly literature, providing the first comprehensive analysis of how surveillance intermediaries constrain the surveillance executive. In so doing, it enhances our conceptual understanding of, and thus our ability to improve, the institutional design of government surveillance. Surveillance intermediaries have the financial and ideological incentives to resist government requests for user data. Their techniques of resistance are: proceduralism and litigiousness that reject voluntary cooperation in favor of minimal compliance and aggressive litigation; technological unilateralism that designs products and services to make surveillance harder; and policy mobilization that rallies legislative and public opinion to limit surveillance. Surveillance intermediaries also enhance the "surveillance separation of powers"; they make the surveillance executive more subject to inter-branch constraints from Congress and the courts, and to intra-branch constraints from foreign-relations and economics agencies as well as the surveillance executive's own surveillance-limiting components. The normative implications of this descriptive account are important and cross-cutting. Surveillance intermediaries can both improve and worsen the "surveillance frontier": the set of tradeoffs - between public safety, privacy, and economic growth - from which we choose surveillance policy. And while intermediaries enhance surveillance self-government when they mobilize public opinion and strengthen the surveillance separation of powers, they undermine it when their unilateral technological changes prevent the government from exercising its lawful surveillance authorities. top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Michigan man dodges prison in theft of Wi-Fi (CNET, 22 May 2007) -- A Michigan man who used a coffee shop's unsecured Wi-Fi to check his e-mail from his car could have faced up to five years in prison, according to local TV station WOOD. But it seems few in the village of Sparta, Mich., were aware that using an unsecured Wi-Fi connection without the owner's permission--a practice known as piggybacking--was a felony. Each day around lunch time, Sam Peterson would drive to the Union Street Cafe, park his car and--without actually entering the coffee shop--check his e-mail and surf the Net. His ritual raised the suspicions of Police Chief Andrew Milanowski, who approached him and asked what he was doing. Peterson, probably not realizing that his actions constituted a crime, freely admitted what he was doing. "I knew that the Union Street had Wi-Fi. I just went down and checked my e-mail and didn't see a problem with that," Peterson told a WOOD reporter. Milanowski didn't immediately cite or arrest Peterson, mostly because he wasn't certain a crime had been committed. "I had a feeling a law was being broken," the chief said. Milanowski did some research and found Michigan's "Fraudulent access to computers, computer systems, and computer networks" law, a felony punishable by five years in prison and a $10,000 fine. Milanowski, who eventually swore out a warrant for Peterson, doesn't believe Milanowski knew he was breaking the law. "In my opinion, probably not. Most people probably don't." Indeed, neither did Donna May, the owner of the Union Street Cafe. "I didn't know it was really illegal, either," she told the TV station. "If he would have come in (to the coffee shop), it would have been fine." But apparently prosecutors were more than aware of the 1979 law, which was revised in 2000 to include protections for Wi-Fi networks. "This is the first time that we've actually charged it," Kent County Assistant Prosecutor Lynn Hopkins said, adding that "we'd been hoping to dodge this bullet for a while." top

Whole Foods CEO panned Wild Oats on web (Reuters, 12 July 2007) - The chief executive of Whole Foods Market Inc. posted messages on a Yahoo! chat forum under an alias for years, talking up his own company while predicting a bleak future for Wild Oats Markets Inc., the rival it has since sought to acquire. Company CEO John Mackey posted messages on a Yahoo! financial forum under the user name "rahodeb," according to a court document filed by the U.S. Federal Trade Commission and postings on Yahoo! Mackey's messages painted a bright future for Whole Foods, the largest U.S. natural and organic grocer, and downplayed the threat posed by competitors. "The writing is on the wall. The end game is now underway for (Wild Oats) .... Whole Foods is systematically destroying their viability as a business - market by market, city by city," Mackey wrote in a March 28, 2006 posting. It was cited by the FTC as part of a lawsuit aimed at blocking Whole Foods' planned $565 million (278 million pounds) acquisition of Wild Oats on grounds the deal would hobble competition and increase prices to consumers. "Bankruptcy remains a distinct possibility (for Wild Oats) IMO if the business isn't sold within the next few years," rahodeb said in another March 29, 2006 posting on Yahoo! Whole Foods confirmed Mackey had made the "rahodeb" postings between 1999 and 2006. It said references to those comments were among millions of documents the company provided to the FTC as part of the agency's antitrust lawsuit. In a statement, the company said Mackey posted comments under an alias "to avoid having his comments associated with the company and to avoid others placing too much emphasis on his remarks." top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. Aon's Technology & Professional Risks Newsletter

5. Crypto-Gram, http://www.schneier.com/crypto-gram.html

6. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

7. The Benton Foundation's Communications Headlines

8. Gate15 Situational Update Notifications, http://www.gate15.us/services.html

9. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

Saturday, June 03, 2017

MIRLN --- 14 May – 3 June 2017 (v20.08)

MIRLN --- 14 May - 3 June 2017 (v20.08) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | LOOKING BACK | NOTES

Tor books launching "Tor Labs", a new serialized fiction podcast imprint (TOR, 1 May 2017) - Tor Books, a leading global publisher of science fiction and fantasy, announced today that it is launching TOR LABS, a new imprint emphasizing experimental approaches to genre publishing, beginning with original dramatic podcasts. Helmed by Senior Editor Marco Palmieri and Editor Jennifer Gunnels, Tor Labs will debut this summer with Steal the Stars , a science fiction audio drama which will be produced in partnership with Gideon Media and written by Mac Rogers, the award-winning writer of the global hit podcast thrillers, The Message and LifeAfter . * * * Steal the Stars is a noir science fiction thriller in 14 episodes, airing weekly from August 2 - November 1, 2017, and available worldwide on all major podcast distributors through the Macmillan Podcast Network. It will be followed immediately by a novelization of the entire serial from Tor Books, as well as an ads-free audio book of the podcast from Macmillan Audio. [ Polley : emphasis supplied; not sure how this'll work.] top

6th Circuit nominee wrote more than 400 blog posts under pseudonym; should they sink his nomination? (ABA Journal, 2 May 2017) - The blogger who identified himself as "G. Morris" on the blog Elephants in the Bluegrass was actually John K. Bush, a partner and co-chair of the litigation department at Bingham Greenebaum Doll in Louisville, Kentucky. Bush disclosed his blogging in a Senate Judiciary Committee questionnaire after he was nominated to the Cincinnati-based 6th U.S. Circuit Court of Appeals earlier this month, BuzzFeed News reports. Bush wrote more than 400 blog posts from 2007 to 2016 on the blog founded by his wife, lawyer Bridget Bush, according to BuzzFeed. In his blog posts. Bush called for repeal and replacement of the Affordable Care Act, opposed public financing of political campaigns, and wrote that the two greatest tragedies in the United States were slavery and abortion. He also called U.S. Sen. Ted Cruz a sore loser. The Alliance for Justice calls Bush's blog posts "inflammatory and, often, offensive" in a post at its Justice Watch blog. The blog asserts that Bush's posts raise serious concerns about whether Bush will be able to approach the issues with an open mind, and they should disqualify him for a seat on the federal bench. "While Bush pontificates on a broad swath of issues," Justice Watch says, "one common theme runs throughout his writings: Bush displays a remarkable contempt for any issue he deems liberal or progressive." top

Hackers face $8.9 million fine for law firm breaches (Dark Reading, 9 May 2017) - Three Chinese stock traders were ordered to pay $8.9 million in fines and penalties for hacking into two law firms and stealing information on upcoming mergers and acquisitions and then leveraging the information to trade stocks. A federal court in New York ordered Iat Hong, Bo Zheng, and Hung Chin to pay fines, as well as Hong's mother Sou Cheng Lai who held a bank account where the proceeds from the stock sales were kept, according to a copy of the judgment posted by SC Media. The three hackers installed malware on the law firms' computer networks, enabling them to view emails on mergers and acquisitions in which the firms were involved. With the information, the attackers purchased stock in at least three public companies prior to their merger announcements, according to the Securities and Exchange Commission (SEC), which filed the lawsuit against the hackers . The hackers shelled out roughly $7.5 million within a month's time to buy shares in Altera prior to its 2015 acquisition by Intel. The defendants also snapped up shares in Borderfree before its 2015 buyout by Pitney Bowes, and also acquired shares in InterMune before its 2014 merger deal with Roche, according to the SEC. With these transactions, the trio racked up nearly $3 million in illegal profits, the SEC stated. top

- and -

Breaches can crater companies' stock by 5% (Dark Reading, 15 May 2017) - Public companies that suffer a breach get hit with a double whammy of not only dealing with the attack but also face the prospect of their stock price falling an average of 5% on the day of the breach, according to a survey by the Ponemon Institute and commissioned by Centrify. The study looked at a survey of 1,331 security and IT employees, senior level marketers and corporate communications professionals and consumers. Some 31% of customers affected by a public firm's breach dropped their relationship with the company post-breach, resulting in a 7% customer churn rate. Meanwhile, companies with an inadequate security posture encountered as much as a 7% stock drop on the day of the breach, and 120 days after the attack the stock did not regain its previous level before the breach. Companies with a high security posture only encountered up to a 3% stock drop and were able to regain and move to higher levels 120 days after the attack. Only 20% of CMOs and 5% of IT professionals indicate they would be concerned about the impact of a breach on the company's stock price. Read more about the survey here . top

- and -

Cyberattacks once again roil Hollywood, but can anything be done about it? (LA times, 23 May 2017) - Like most large corporations, major Hollywood studios are fond of outsourcing. From coming attraction trailers that are designed to draw audiences into cinemas to eye-popping 3-D visual effects that burst off the screen, studios routinely farm out large chunks of work to vendors around the globe who compete to provide lowest-cost solutions. And therein lies a big cybersecurity problem, according to experts. Hackers increasingly are targeting these vendors to pilfer movies and TV series prior to their releases. The cyberthieves are betting - correctly in some cases - that lax network security at these vendors will allow easy access to content that they can hold hostage for a ransom. That was the case with two recent cyberattacks aimed at Walt Disney Co. and Netflix. The streaming company said that the hack of the TV series "Orange I s the New Black" occurred at a production vendor that works with other TV studios. While details of the Disney attack are murky, Chief Executive Bob Iger told employees last week that hackers claimed to have stolen a movie and are threatening to release it in segments until their demands for ransom were met. The hack involved the new "Pirates of the Caribbean" sequel set for release Friday and occurred at a post-production facility located outside the studio, according to people familiar with the matter who were not authorized to speak about it. * * * The Netflix attack was claimed by a hacker known as the Dark Overlord, which offered its signature "business proposal," as it calls it, to several healthcare and financial firms after claiming access to their confidential files. Episodes from the new season of "Orange Is the New Black" were uploaded after the company refused to pay the ransom. It remains unclear whether Disney has paid the ransom to the hackers who claimed to seize its upcoming summer blockbuster "Pirates of the Caribbean: Dead Men Tell No Tales." So far, it does not appear that the film has been distributed online. Experts in cybersecurity say that studios need to better manage the network security of third-party companies, many of which are small firms that don't have the resources to defend against sophisticated attacks. Those companies often have temporary employees working on individual projects. The studios "need to have visibility into the info ecosystems of their partners. They need to look at what their partners' networks are like," said Alexander Heid, chief research officer at Security Scorecard, a New York-based network security firm that rates and monitors third-party vendors. He said hackers often use phishing techniques to infiltrate systems but are increasingly taking advantage of password re-use - when people use the same password across multiple accounts. top

- and -

Top-five critical security controls to consider for corporate counsel evaluations (InsideCounsel, 23 May 2017) - Corporations consider many different factors when deciding whether to hire a law firm. Fees, clients, industry knowledge and capabilities have always been important aspects of the hiring process. Security wasn't usually a major factor, and law firms used to fly under the radar when it came to questions about keeping client data secure. That has all changed. Now, law firm security breaches regularly make headlines . Large and respected firms have been "weak links" for malicious exploitation, and their clients can pay the price with publicly exposed information about cases, strategies, acquisitions, intellectual property and more. Corporate counsel, and the C-suite to which they report, are becoming increasingly mindful of this risk. They are starting to demand that their outside counsel adhere to strict security protocols and undergo in-depth evaluations. One way law firms can address clients' security concerns is to apply Critical Security Controls. These controls are established by the Center for Internet Security (CIS) and are designed to be a "concise, prioritized set of cyber practices created to stop today's most pervasive and dangerous cyber attacks," according to the organization. Experts from around the world are called on to develop, refine and validate the controls. In order to prepare for any grilling by corporate legal departments, here are the top-five CIS controls law firms should consider. By anticipating these questions and preparing to address concerns, firms will offer a secure relationship with corporate clients and score a competitive advantage. * * * top

- and -

UK cyber chief says directors are devolving responsibility for hacks (The Telegraph, 25 May 2017) - GCHQ has demanded that directors start taking charge of cyber security, warning that they are "devolving responsibility" for protecting businesses from hackers. Ciaran Martin, the head of the agency's National Cyber Security Centre (NCSC), said it is unacceptable for boards to plead ignorance about the threat from cyber attacks. It comes after this month's debilitating "WannaCry" ransomware outbreak , which caused chaos in the NHS and brought operations at factories and train stations to a halt. "Our business leaders need to stop saying that cyber security is too complicated - and stop devolving responsibility," Mr Martin said at The Telegraph Cyber Security conference. "Boards must start to treat cyber threats with the same level of critical importance as they do financial or legal issues. It needs to be unthinkable that a board member would say that cyber issues are too complex for them to make judgements about." top

HP issues fix for 'keylogger' found on several laptop models (ZDnet, 12 May 2017) - An audio driver installed in several HP laptops contains a keylogger-type feature that records every keystroke entered into the computer into a log file, according to a security researcher. Swiss security firm Modzero said in a security advisory Thursday that the keylogger activity was discovered in the Conexant HD audio driver package (version 1.0.0.46 and earlier), found on dozens of HP business and enterprise laptop models, including HP Elitebook, ProBook, and ZBook models -- including the latest Folio G1 laptop. Anyone (or malware) with local access to the user's files on an affected computer, could obtain passwords, visited web addresses, private messages, and other sensitive information. HP has since rolled out patches to remove the keylogger, which will also delete the log file containing the keystrokes. HP vice-president Mike Nash said on a call after-hours on Thursday that a fix is available on Windows Update and HP.com for newer 2016 and later affected models, with 2015 models receiving patches Friday. He added that the keylogger-type feature was mistakenly added to the driver's production code and was never meant to be rolled out to end-user devices. The pre-installed audio driver installs a driver located in the Windows system folder, which is scheduled to start every time the user logs in. Modzero describes the application as a crude way to check to see if a hotkey was pressed by monitoring "all keystrokes made by the user to capture and react to functions such as microphone mute/unmute keys/hotkey." The application then logs each keystroke into an unencrypted log file stored in the user's home directory. The log file is overwritten every time the user logs in. In the case that a log file doesn't exist, Modzero says that the driver's API can allow malware to "silently capture sensitive data by capturing the user's keystrokes." top

Cord cutting is surging with 58% of US cord cutters cancelling pay-tv in the past two years (TeleCompetitor, 12 May 2017) - Over half of U.S. cord cutters (51.8%) canceled their pay-TV service subscriptions in 2015 and 2016, according to new market research TDG (The Diffusion Group). One-third did so last year, TDG said. TDG predicted that high prices and the growing popularity of on-demand OTT (Over the Top) video service alternatives would fuel a rapid rise in cord cutting and come to haunt cable, satellite, and telco pay-TV providers nearly a decade ago, TDG co-founder and principal Michael Greeson pointed out. The shift also would be accompanied by declining ARPU (average revenue per user) among existing video subscribers, TDG forecast. Having attained mainstream market status, the wide-scale availability of OTT video alternatives, such as Netflix and Amazon Prime, continues to prod viewers to reassess the value, and need, for cable and other legacy pay-TV services, Greeson continues. "Spending $70+/month for service that provides 2X value seems odd when you can pay $10/month for a service with 1X value," he notes. top

The US standards office wants to do away with periodic password changes (Quartz, 12 May 2017) - New guidelines from the US National Institute of Standards and Technology (NIST), expected to be released this summer, suggest that periodic password changes are no longer necessary. The report also recommends changes to several other password policies that have become antiquated in the modern computing environment: (a) Allow at least 64 characters in length to support the use of passphrases; (b) Encourage users to make memorized secrets as lengthy as they want, using any characters they like (including spaces), thus aiding memorization; (c) Do not impose other composition rules (e.g. mixtures of different character types) on memorized secrets. * * * The NIST just finished taking comments on its guidelines from the public, which it's now publicly reviewing on GitHub. The new standards will initially apply only to government agencies and contractors, but many organizations in the private sector tend to follow the agency's lead on security standards. With any luck, you too may soon stop seeing that annoying password-change pop-up on your work computer. top

Under Trump, inconvenient data is being sidelined (WaPo, 14 May 2017) - The Trump administration has removed or tucked away a wide variety of information that until recently was provided to the public, limiting access, for instance, to disclosures about workplace violations, energy efficiency and animal-welfare abuses. Some of the information relates to enforcement actions taken by federal agencies against companies and other employers. By lessening access, the administration is sheltering them from the kind of "naming and shaming" that federal officials previously used to influence company behavior, according to digital experts, activists and former Obama administration officials. The Occupational Safety and Health Administration, for instance, has dramatically scaled back on publicizing its fines against firms. And the Agriculture Department has taken ­offline animal-welfare enforcement records, including abuses in dog breeding operations and horse farms that alter the gait of horses through the controversial practice of "soring" the animals' legs. In other cases, the administration appears to be dimming the prior spotlight on the background and conduct of top officials. The administration no longer publishes online the ethics waivers granted to appointees who would otherwise be barred from joining the government because of recent lobbying activities. Nor is the White House releasing logs of its visitors, making it difficult for the public to keep track of who is stopping by to see President Trump's inner circle. The administration has also removed websites and other material supporting Obama-era policies that the White House no longer embraces. Gone, for instance, is a White House Web page that refugees fleeing Syria and other embattled nations. top

Here's how Facebook knows who you meet in real life (Vocativ, 16 May 2017) - A couple months ago a friend and I went to Colombia for vacation. While we were at the beach one day, we met a group of people and spent several hours hanging out with them. We never exchanged phone numbers or email addresses, we didn't share much information about ourselves other than our names and where we lived, and we didn't connect on social media. I didn't even have my phone on me at the time. However, when I got back to New York and checked Facebook, I saw that two of the people we met popped up in my "People You May Know" recommendations. Weird, I thought. Actually, it's creepy. Is Facebook tracking my every step? Facebook's brand is based on the community it creates, and its mission is to connect everybody in the world. So it only makes sense that the platform frequently suggests new friends for users to add to their networks. But in the past, the company's suggestions for connecting users have raised some eyebrows. For example, take the story about a psychiatrist who claimed her patients were popping up on her list of suggested friends (and on each other's lists) after visiting her office, which is obviously problematic for medical privacy reasons. The psychiatrist is far from the only Facebook user to discover mysterious friend suggestions - for years there have been stories of people who go on dates, attend parties or browse through a book store only to see people they interacted with in person pop up in their Facebook at a later date. None of these connections are coincidences, of course. So how does it happen? * * * top

- and -

Google can now track your offline purchases (Extreme Tech, 24 May 2017) - Google runs the world's largest and most profitable online ad network, but the lion's share of ad dollars still go to TV. The search giant is looking to change that by associating online ads with purchases in the real world - your purchases. Google has partnered with companies responsible for tracking purchase data, which gives it access to about 70 percent of all US credit and debit card transactions . This all comes off as a little creepy, but Google is adamant that it's not creepy at all. Right now, Google and other online advertisers lack the data to draw a strong connection between online ads and purchases in real life. Google has the tools to track what you buy online, assuming you remain logged into your account and choose to share your browsing data. Offline, Google can do little more than track your location to guess at what you're buying and peek at data from Android Pay. Google's hope is that offline purchase data will confirm that the ads you see online do, in fact, influence what you buy in real life. That could tempt companies to increase ad spending online, which would be a windfall for Google. This new wealth of data from brick-and-mortar merchants will allow Google to associate your real life purchases with the ads it shows you online. For instance, if you clicked on an ad while searching for a new camera, but didn't buy anything, the advertiser would conclude the ad didn't work. However, what if you went to the advertiser's physical store and bought it? That's potentially even more valuable to the advertiser, but Google needs a way to connect those two actions. Google says it anonymizes the data it uses to identify users in ad tracking by converting all personal information to a string of characters. Neither Google nor third-parties can connect that value to a real person. So, technically all an advertiser knows is that unique ID saw an ad online and then showed up in a store to buy something. The only difference now is that your unique ID will be popping up in real life. If you're still getting the heebie-jeebies from this, Google does include ample privacy tools to limit what data it can collect and use. Swing by your Google Dashboard and log in with your account. You can turn off ad personalization and use your activity controls to stop Google from collecting data from searches, location, and more. Keep in mind, many Google services will be less useful if you turn these features off. Alternatively, you can simply stay logged out of Google unless you specifically need to access your account. top

Blockchain technology and insurance (Hunton & Williams, 17 May 2017) - Many commentators have predicted that the use of blockchain technology will greatly expand in the coming years. They envision uses in all types of business, including the healthcare sector, financial services arena, and supply chains. * * * In January, Accenture and McLagan released a report finding that blockchain may "reduce infrastructure costs for eight of the world's ten largest investment banks by an average of 30 percent, translating to $8 billion to $12 billing in annual cost savings for those banks." Earlier this year, Accenture teamed up with BP, BNY Mellon, Intel, JP Morgan, Microsoft, Thomson Reuters, and UBS, among others, to form an alliance to works towards putting blockchain to use for businesses. While blockchain is said to increase security, the technology is not without its risks. See Hunton's article regarding blockchain and security risks, which can be found here . In 2015, Interpol said that hackers could use blockchain to transfer malware to computers. In 2013, a blockchain in the Mt. Gox Bitcoin exchange, which was handling 70% of all bitcoin transactions, suffered a glitch resulting in Bitcoin temporarily shedding a quarter of its value. Thus, companies should consider how their insurance policies and particularly how their cyber insurance policies can protect them against risks arising out of the use of blockchain technology. To take one example, one insurer's policy form provides coverage for the "failure or violation of the security of a Computer System," and defines "Computer System" to include "'cloud computing'" and other hosted resources operated by a third party service provider . . . ." It is not clear whether the insurer would consider blockchain technology to fall within this definition, particularly because blockchains are peer-to-peer networks not operated by a third-party. top

Feds are using Stingray cell-trackers to find undocumented immigrants (The Verge, 19 May 2017) - As Immigration and Customs Enforcement steps up its deportation efforts, the agency is turning to a controversial surveillance device. According to a report by The Detroit News , local agents recently used a cell-site simulator (also known as a Stingray) to locate a Salvadorean restaurant worker, tracing his cell-phone signal to a home in the Detroit metro area. It's one of the first cases of ICE using Stingrays under the Trump administration, raising new questions about the federal use of the device for civil immigration enforcement. Typically used to locate devices tied to a specific phone number, cell-site simulators have been the subject of significant controversy in recent years. The devices work by mimicking the signal of a cell tower, then collecting information from every device that attempts to connect. As a result, they can disrupt cell service in areas where they are used, and often collect vast amounts of information from non-targeted phones. Use of the devices is widespread within law enforcement, but remained secret for many years. The devices were only made public after a protracted legal appeal resulting from a fraud case . Among other projects, the US Marshals service deployed the devices from small, low-flying planes as a way of locating a single fugitive in a dense urban area. The Department of Homeland Security (which includes ICE) operates at least 124 Stingray devices, according to a congressional report last year . In 2015, DHS issued an agency-wide policy requiring a search warrant to deploy the devices. ICE has arrested 41,300 people for deportation since Trump's inauguration, according to recently released statistics . More than 10,000 of those people had no criminal conviction, a sign of the agency's new focus on available targets rather than criminal offenders. top

Why the US government open sources its code (Slashdot, 21 May 2017) - He's been the White House technology advisor since 2015, and this month Alvand Salehi delivered a keynote address at OSCON about the U.S. government's commitment to open source software. An anonymous reader quotes OpenSource.com: The Federal Source Code Policy, released in August 2016, was the first U.S. government policy to support open source across the government... All new custom source code developed by or for the federal government must be available to all other federal agencies for sharing and reuse; and at least 20% of new government custom-developed code must be released to the public as open source . It also established Code.gov as a platform for access to government-developed open source code and a way for other developers to participate. Before this policy was released, agencies were spending a lot of money to redevelop software already in use by other government agencies. This initiative is expected to save the government millions of dollars in wasteful and duplicative spending on software development. Because of this, Salehi said, open source is not a partisan issue, and "Code.gov is here to stay." Another benefit: Releasing open source code allows the government to benefit from the brainpower of developers across the country to improve their code. Code.gov points potential contributors to their code repository on GitHub . top

Vermont DMV caught using illegal facial recognition program (Vocativ, 24 May 2017) - The Vermont Department of Motor Vehicles has been caught using facial recognition software - despite a state law preventing it. Documents obtained by the American Civil Liberties Union of Vermont describe such a program, which uses software to compare the DMV's database of names and driver's license photos with information with state and federal law enforcement. Vermont state law , however, specifically states that "The Department of Motor Vehicles shall not implement any procedures or processes… that involve the use of biometric identifiers." The program, the ACLU says, invites state and federal agencies to submit photographs of persons of interest to the Vermont DMV, which it compares against its database of some 2.6 million photos and shares potential matches. Since 2012, the agency has run at least 126 such searches on behalf of local police, the State Department, FBI, and Immigrations and Customs Enforcement. Vermonters are hardly alone in being unwitting entrants in a facial recognition database. Due to law enforcement information sharing practices, half of all U.S. citizens' photographs - whether from a driver's license, state ID, or passport - are in some sort of police database, according to a 2016 Georgetown University study. top

Sanborn fire insurance maps now online (Library of Congress, 25 May 2017) - The Library of Congress has placed online nearly 25,000 Sanborn Fire Insurance Maps, which depict the structure and use of buildings in U.S. cities and towns. Maps will be added monthly until 2020, for a total of approximately 500,000. The online collection now features maps published prior to 1900. The states available include Arizona, Arkansas, Colorado, Delaware, Iowa, Kentucky, Louisiana, Michigan, Nebraska, Nevada, North Dakota, South Dakota, Vermont, Wisconsin and Wyoming. Alaska is also online, with maps published through the early 1960s. By 2020, all the states will be online, showing maps from the late 1880s through the early 1960s. In collaboration with the Library's Geography and Map Division, Historical Information Gatherers digitized the Sanborn Fire Insurance Maps during a 16-month period at the Library of Congress. The Library is in the process of adding metadata and placing the digitized, public-domain maps on its website. The Sanborn Fire Insurance Maps are a valuable resource for genealogists, historians, urban planners, teachers or anyone with a personal connection to a community, street or building. The maps depict more than 12,000 American towns and cities. They show the size, shape and construction materials of dwellings, commercial buildings, factories and other structures. They indicate both the names and width of streets, and show property boundaries and how individual buildings were used. House and block numbers are identified. They also show the location of water mains, fire alarm boxes and fire hydrants. In the 19th century, specialized maps were originally prepared for the exclusive use of fire insurance companies and underwriters. Those companies needed accurate, current and detailed information about the properties they were insuring. The Sanborn Map Company was created around 1866 in the United States in response to this need and began publishing and registering maps for copyright. The Library of Congress acquired the maps through copyright deposit, and the collection grew to 700,000 individual sheets. The insurance industry eventually phased out use of the maps and Sanborn stopped producing updates in the late 1970s. The Library's Geography and Map Division is among the world's largest map collections, holding some six million cartographic items in various languages dating from the 14th century to the present. Some of its most important collections are available online at loc.gov/maps/collections/ . Further information about the Geography and Map Division can be found at loc.gov/rr/geogmap/ . top

Man fined by Swiss court for 'liking' defamatory comments on Facebook (The Guardian, 30 May 2017) - A Swiss court has fined a man for "liking" defamatory comments on Facebook , in what is believed to be the first case of its kind. According to a statement from the Zurich district court, the 45-year-old defendant accused an animal rights activist, Erwin Kessler, of racism and antisemitism and hit the "like" button under several comments from third parties about Kessler that were deemed inflammatory. The comments were made in 2015 during heated discussions on a range of Facebook groups about which animal welfare groups should be permitted to take part in a vegan street festival, the Swiss daily Tages Anzeiger reported. Kessler sued more than a dozen people who took part in those exchanges, a lawyer for one of the defendants, Amr Abdelaziz, said. Several people have already been convicted in the case, mainly for comments they made. It appears the man convicted on Monday was the first to be sanctioned merely for "liking" comments made by others. The court said it did not matter that the comments had not originated from the defendant, whose name was not given. By clicking the like button, "the defendant clearly endorsed the unseemly content and made it his own," the court statement said. top

Pagefreezer provides court-admissible on-demand website and social media evidence (Lawyerist, 30 May 2017) - It is getting more and more important for attorneys to be able to collect social media and website evidence in a format that can be used in litigation. Many types of cases-employment, personal injury, online harassment-can turn on social media posts. Attorneys are faced with a problem: how can they prove something appeared on a website or social media account on a certain day or time when the content of those pages changes constantly? Enter PageFreezer Legal . PageFreezer Legal makes it very simple to collect website and social media evidence in a format that is admissible in court proceedings. Attorneys can just visit legal.pagefreezer.com and type the link of the webpage or social media account they need to capture. PageFreezer Legal then provides, within one business day, time-stamped and digitally signed screen captures in PDF format. The report also includes the HTML source code, including metadata, and a full collection report. A notarized affidavit is also available. Once collected, the information can easily be imported into most eDiscovery programs. top

Parents have no right to dead child's Facebook account, German court says (Reuters, 31 May 2017) - A German court rejected a mother's demand on Wednesday that Facebook grant her access to her deceased daughter's account. In the ruling, which overturned a lower court's decision, the Berlin appeals court said the right to private telecommunications extended to electronic communication that was meant only for the eyes of certain people. Privacy remains a sensitive issue in Germany due to extensive surveillance by Communist East Germany's Stasi secret police and by the Nazi era Gestapo. Memories of espionage were stirred anew by Edward Snowden's 2013 revelations of prying by the United States. In the Facebook case, the mother of a 15-year-old who was hit and killed by a subway train in Berlin in 2012 had sought access to her daughter's account to search for clues as to whether the girl had committed suicide. Facebook had refused access to the account, which had been memorialized, meaning it was effectively locked and served as a message board for friends and family to share memories. A regional court in Berlin had ruled in favor of the mother in late 2015, saying that the daughter's contract with Facebook passed to her parents according to German laws on inheritance. The appeals court said on Wednesday that the right to private telecommunications outweighed the right to inheritance, and that the parents' obligation to protect their daughter's rights expired with her death. top

Flight delay? Get reimbursed with this clever app (Mashable, 31 May 2017) - When it launched in 2013, AirHelp made a simple promise: Report your flight disasters to the company's customer service agents, and they'll litigate against airlines on your behalf. You don't have to pay a penny-unless they manage to get you a settlement. And when they do, the service takes a 25 percent cut. Simple. On Tuesday, the three-year-old company is taking its next step toward seamless airline compensation with an expansion of its namesake app. Offered free on the iTunes and Android Play stores, the app used to require that travelers fill out a short survey and provide a description of their issue to initiate a claim; now, travelers can simply scan an image of their boarding pass and let AirHelp take care of the rest. With the information from your boarding pass stored in the AirHelp system, the company can track your flight for delays, cancelations, and overbooking so claims can get rolling before you pick up the phone. "Before we came along, people didn't know about their rights at all," said AirHelp Chief Executive Officer Henrik Zillmer. "Most people don't know the law-and even if they did, they might not know what they're entitled to. It's actually very complicated, and that's why we exist." Now, roughly one in three Europeans is aware of air passenger rights, according to Zillmer. "We still have a huge educational learning curve ahead of us." To date, AirHelp has processed claims for 2 million air passengers for a total compensation of $195 million. (Zillmer said the average payout runs from $500 to $600, often divided among multiple family members flying together and filing a joint claim.) The boarding pass scanner, he said, will make it easier to help more people more efficiently. "Now we can instantly tell you how the laws are applied in your circumstance and what the airline owes you in your situation," said Zillmer of the feature, saying it takes just two or three seconds to file a claim. Though the process was never terribly cumbersome, he says that every additional survey question prompts drop off, and automatic tracking means passengers will get pop-up notifications when they're eligible for compensation. All they have to do is give AirHelp permission-with one tap-to go after their case. "It's like AAA for air passengers," joked Zillmer. So what are you entitled to? If you're flying into, out of, or within Europe-or on a Europe-based carrier-chances are you're entitled to more than you think. In those cases, travelers are entitled to as much as 600 euros ($670) for flight delays, depending on the length of the delay and the travel distance. Regulations in the U.S. are less generous towards passengers. Domestic travelers aren't subject to compensation for traditional flight delays-but tarmac delays and involuntary boarding denials (which happen when your flight is oversold and you're forced to give up your seat) can warrant a payout of up to $1,350. So do lost, delayed, or damaged luggage claims-for which AirHelp can secure up to $1,220 in reparations. The catch, said Zillmer, is that you need receipts to show the value of what was inside your luggage if anything has gone missing. Elsewhere, legislation varies. But AirHelp, which offered support only for European flights at its inception, can now handle claims in more than 30 countries around the world-and in 15 languages. (The company breaks down regional differences in clear terms here .) top

BC's small claims disputes go online today (CBC, 1 June 2017) - British Columbians will be able to resolve their small claims disputes on or under $5,000 through an online tribunal starting today . According to the tribunal, the digital project is a first in Canada where small claims disputes will be filed, negotiated and resolved almost exclusively online. Telephone and mail services will be available for anyone without Internet access. Shannon Salter, the chair of the Civil Resolution Tribunal, says she hopes the online system will be faster than the current system and increase access to justice. Salter says the online system will also have a "solution explorer" to begin the process which is free for anyone use. "[There are] basic, plain language questions and answers to give you free legal information about your claim as well as things like template letters you can use to try and resolve it yourself," she said. top

RESOURCES

Made with Creative Commons (Slashdot, 28 May 2017) - ChristianVillum writes: Creative Commons staff-members Sarah Hinchliff Pearson and Paul Stacey have now published Made With Creative Commons , the awaited book they successfully funded on Kickstarter in 2015 . "Made With Creative Commons is a book about sharing," explains the book's description. "It is about sharing textbooks, music, data, art, and more. People, organizations, and businesses all over the world are sharing their work using Creative Commons licenses because they want to encourage the public to reuse their works, to copy them, to modify them... But if they are giving their work away to the public for free, how do they make money? "This is the question this book sets out to answer. There are 24 in-depth examples of different ways to sustain what you do when you share your work. And there are lessons, about how to make money but also about what sharing really looks like -- why we do it and what it can bring to the economy and the world. Full of practical advice and inspiring stories, Made with Creative Commons is a book that will show you what it really means to share." There's free versions in PDF, ePub, and MOBI formats for downloading from the Creative Commons site, and there's also an edit-able version on Google Docs. A small Danish non-profit publisher named Ctrl+Alt+Delete Books is also publishing print copies of the book under a Creative Commons license "to ensure easy sharing," and is making the book available on Amazon or through the publisher's own web site . top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Feds give web access to lobbying records (NBC, 1 June 2007) -- The Justice Department has launched a searchable online database that tracks the activities of foreign governments and companies lobbying the U.S. government. Previously, people seeking this information had to phone the Justice Department or visit its office in person to get public disclosure documents, which representatives of foreign entities are required to provide under the Foreign Agents Registration Act, or FARA. Passed in 1938, FARA requires all individuals acting as agents of foreign entities in a political or quasi-political capacity to disclose their relationship, activities, receipts and payments supporting the activities. Under a federal law enacted in 1995, Congress also requires lobbyists working for American companies, associations and other entities to disclose activities that could influence members of the executive and legislative branches. Those public documents are available online through a Senate Web site. The new Justice Department site, fara.com, also provides links to lobbying statutes, semiannual reports to Congress and access to registration forms for filing purposes. "This Web site is a significant step in the effort to ensure transparency in the world of foreign-influenced lobbying," Kenneth L. Wainstein, assistant attorney general for national security, said in a statement. The agency said some documents are still unavailable online due to potential privacy issues. However, they can still be accessed at the FARA public office. top

Legal departments tell firms: Get on the tech train (Law.com, 21 Feb 2007) -- When Aon Corp. slashed its outside counsel roster from about 400 to 23 law firms in 2005, it quizzed the firms about their tech offerings. "We asked them about extranets, e-billing and litigation management," says David Cambria, director of legal operations at the Chicago-based insurance giant. But Cambria says that he didn't really care whether firms had all of those products. He had another agenda: "I wanted to know if [the firms] were playing in the same pool as me," says Cambria. When they crafted the tech section of their request for proposal, Cambria and his colleagues started from the assumption that all the firms they were interviewing had experienced, capable lawyers. But "we wanted to take it to a higher level, and the most successful firms were the ones that told us how they'd help us do what we do better, with technology," he says. What's changed? Traditionally a cost center, legal departments have come under increasing pressure to keep costs down at the same time that they're struggling to keep their technology current. "General counsel are being held to budgets," says Woods Abbott, senior manager of legal operations-corporate at Raytheon Co. This year's survey, our fourth in which we queried the technology heads of Fortune 500 corporations, shows that in many respects, law departments have had a technical awakening, and finally are getting the goodies everyone else in corporate America takes for granted. top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. Aon's Technology & Professional Risks Newsletter

5. Crypto-Gram, http://www.schneier.com/crypto-gram.html

6. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

7. The Benton Foundation's Communications Headlines

8. Gate15 Situational Update Notifications, http://www.gate15.us/services.html

9. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top