Saturday, July 15, 2017

MIRLN --- 25 June - 15 July 2017 (v20.10)

MIRLN --- 25 June - 15 July 2017 (v20.10) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | RESOURCES | DIFFERENT | LOOKING BACK | NOTES

US Government wants to permanently legalize the right to repair (Motherboard, 22 June 2017) - In one of the biggest wins for the right to repair movement yet, the US Copyright Office suggested Thursday that the US government should take actions to make it legal to repair anything you own, forever-even if it requires hacking into the product's software. Manufacturers-including John Deere, Ford, various printer companies, and a host of consumer electronics companies-have argued that it should be illegal to bypass the software locks that they put into their products, claiming that such circumvention violated copyright law. This means that for the last several years, consumer rights groups have had to repeatedly engage in an "exemption" process to Section 1201 of the Digital Millennium Copyright Act. Essentially, the Librarian of Congress decides which circumventions of copyright should be lawful-for example, unlocking your cell phone or hacking your tractor to be able to repair the transmission. But these exemptions expire every three years, and require going through a protracted legal process to earn. Additionally, a separate exemption is required for each product category-right now it's legal to hack software to repair a car, but not to repair a video game console. top

Under pressure, Western tech firms bow to Russian demands to share cyber secrets (Reuters , 23 June 2017) - Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found. Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country. The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any "backdoors" that would allow them to burrow into Russian systems. But those inspections also provide the Russians an opportunity to find vulnerabilities in the products' source code - instructions that control the basic operations of computer equipment - current and former U.S. officials and security experts said. top

Police get broad phone and computer hacking powers in Germany (ZDnet, 23 June 2017) - Germany's coalition government has significantly increased police hacking powers by slipping a last-minute amendment into a law that's nominally supposed to deal with driving bans. While the police have so far only been allowed to hack into people's phones and computers in extreme cases, such as those involving terrorist plots, the change allows them to use such techniques when investigating dozens of less serious offences. In Germany, the authorities' hacking tools are widely known as Staatstrojanern , or state trojans. This term essentially refers to malware that the police can use to infect targets' devices, to give them the access they need to monitor communications and conduct searches. The types of crime where investigators can now use this malware are all of the variety where existing law would allow them to tap a suspect's phone. These range from murder and handling stolen goods to computer fraud and tax evasion. According to the government, the spread of encrypted communications makes traditional wiretapping impossible, so the authorities need to be able to bypass encryption by directly hacking into the communications device. top

U.S. cyber insurance continues to grow, according to Fitch Ratings (Property Casualty 360, 23 June 2017) - Cyber insurance direct written premium volume for the property & casualty (P&C) industry grew by 35% in 2016 to $1.35 billion, according to "Cyber Insurance Market Share and Performance," a new report from Fitch Ratings . "Take-up rates for cyber insurance are increasing with frequent reports of computer hacking incidents, including: network intrusions and data theft, as well as high-profile ransomware attacks that are leading corporations to search for broader insurance protection against cyber threats," said Jim Auden, managing director, Fitch Ratings. The largest cyber insurance writers are American International Group, Inc., XL Group Ltd, and Chubb Limited. These companies had a combined market share of approximately 40% at year-end 2016. The top 15 writers of cyber held approximately 83% of the market in 2016. However, over 130 distinct insurance organizations reported writing cyber premiums for the year. The industry statutory direct loss ratio for stand-alone cyber insurance improved in 2016 to 45% from 50% a year earlier. However, the ultimate profitability of the P&C industry's cyber insurance efforts will take some time to assess as the market matures and future cyber-related loss events emerge. top

Regulators enlist corporate lawyers in joint response to cyberattacks (ABA Journal, 26 June 2017) - Responding quickly to an identity theft, ransomware or other computer attack means having a plan in place. And as participants in the National Institute on Cybersecurity Law learned, that includes a plan to send in the feds. "Figure out if you have to report that breach to my office or other regulators, state and federal," was the advice from Iliana Peters, who's responsible for health care data privacy at the U.S. Department of Health and Human Services. Peters was on a panel of six current and former regulators assembled by the ABA Section of Litigation on Thursday in Chicago. "We want to be sure that entities are prepared to implement these kind of response plans," Peters said. "As it's happening is not the time to be doing that, to be figuring out how you're going to respond." Reporting an incident can bring in experts to evict cyber squatters, said Lucia Ziobro, the head of an FBI internet crime unit. One company's general counsel turned FBI agents away after a security breach, she recalled. For the next week, the lawyer traded messages online with the chief executive and technology executives about what to do next. Meanwhile, hackers monitored the discussion, and covered their tracks. When the feds returned, Ziobro said, "all the evidence we could have collected was gone." Regulators, for their part, are more focused on prevention than prosecution. But they don't like surprises. "If we see a news report and we don't have a breach report from you, it is very likely that we will open an investigation proactively," Peters said. Travis LeBlanc, a former chief enforcer for the Federal Communications Commission and the high-tech crime unit of the California Attorney General's Office , stressed that there's little downside to calling in federal or state regulators, who are constrained by law in what information they can share. "So often we hear from companies that they are afraid to report to the FBI or to the Secret Service or the eCrime unit in California," LeBlanc said. "Not one time did we ever on the civil side receive information about a criminal incident from a criminal law authority that resulted in an investigation. "It's very important that when a company is a victim of a crime, it should feel that it can go to the appropriate governmental authority without being chilled by the possibility of regulatory action." top

Detecting riots with Twitter (Cardiff Univ, 26 June 2017) - Social media can be an invaluable source of information for police when managing major disruptive events, new research from Cardiff University has shown. An analysis of data taken from the London riots in 2011 showed that computer systems could automatically scan through Twitter and detect serious incidents, such as shops being broken in to and cars being set alight, before they were reported to the Metropolitan Police Service. The computer system could also discern information about where the riots were rumoured to take place and where groups of youths were gathering. The new research, published in the peer-review journal ACM Transactions on Internet Technology, showed that on average the computer systems could pick up on disruptive events several minutes before officials and over an hour in some cases. * * * The researchers used a series of machine-learning algorithms to analyse each of the tweets from the dataset, taking into account a number of key features such as the time they were posted, the location where they were posted and the content of the tweet itself. Results showed that the machine-learning algorithms were quicker than police sources in all but two of the disruptive events reported. top

Defense contractors will be held to higher cyber standards (GoveconWire, 26 June 2017) - Defense contractors will soon be held to the same cybersecurity standards that the Defense Department has implemented in recent years, according to a top IT official at the Pentagon. "The cyberthreat is not going away; we have to defend our networks and systems, and you're part of that defense," acting DOD CIO John Zangardi said Friday. "DOD is facing the same threats that you are. And with these regulations, we are asking to implement some of the same defenses as we are implementing for the department's networks." Reporting," a new DOD regulation, will go into effect for how contractors respond to and report cyber incidents., and defense contractors have until the end of calendar year 2017 to begin complying. top

- and -

The Pentagon says it will start encrypting soldiers' emails next year (Motherboard, 6 July 2017) - For years, major online email providers such as Google and Microsoft have used encryption to protect your emails as they travel across the internet. That technology, technically known as STARTTLS , isn't a cutting edge development-it's been around since 2002. But since that time the Pentagon never implemented it. As a Motherboard investigation revealed in 2015 , the lack of encryption potentially left some soldiers' emails open to being intercepted by enemies as they travel across the internet. The US military uses its own internal service, mail.mil , which is hosted on the cloud for 4.5 million users. But now the Defense Information Systems Agency or DISA, the Pentagon's branch that oversees email, says it will finally start using STARTTLS within the year, according to a letter from DISA. top

DLA Piper hit by cyber attack, phones and computers down across the firm (Law.com, 27 June 2017) - DLA Piper has been hit by a major cyber attack, which has knocked out phones and computers across the firm. The shutdown appears to have been caused by a ransomware attack, similar to the WannaCry attack that hit organizations such as the NHS last month. DLA's phone system has not been working for much of the day and partners say they have been instructed to turn off their computers as a precaution. Offices in the UK, Europe, the Middle East and the US called by Legal Week all seem to have been affected, with some inside the firm saying email and phone systems have been affected with other systems then locked down as a precaution. top

- and -

66% of US law firms reported a breach in 2016 (HelpNetSecurity, 6 July 2017) - The majority of US-based law firms are not only exposed in a wide variety of areas, but in many cases, unaware of intrusion attempts. These findings were based on Logicforce survey data from over 200 law firms, anonymous system monitoring data and results from their on-site assessments. Approximately 40% of law firms in the study underwent at least one client data security audit, and Logicforce predicts this will rise to 60% by the end of 2018. Key findings: (1) An average of 10,000 intrusions occur every day at law firms; (2) Both large and small firms are equally at risk of being hacked; (3) 95% of assessed law firms were not compliant with their own data security policies and 100% were not compliant with those of their clients; and (4) 40% of firms were breached without knowing it in 2016. top

Digital field trip (InsideHigherEd, 28 June 2017) - For the 24 students in Virginia Miller's Principles of Chemistry 1 class at Montgomery College last fall, almost every lesson featured a "trip" to a world-class museum. Miller transformed her traditional, face-to-face course through the use of an expansive digital collection from the Smithsonian Institution in Washington, D.C. "It almost looks like a digital museum exhibit," the associate professor said of the five "collections" of chemistry-related space imagery that she curated from Smithsonian's online archives and turned into homework assignments for her students. "These objects jump out at you. You think, 'Let me click on this; this looks worth exploring.' … [Students] enjoyed the visual nature of it." Miller is one of approximately a dozen faculty members and instructors from the suburban Washington, D.C. community college who are using the Smithsonian's 19-month-old digital Learning Lab to enhance classes they have taught, lecture- or lab-style, for years. The lab features exhibits, documents, videos, blogs, podcasts and photographs from the Smithsonian's collections. Miller and her colleagues, who are participating in beta testing of the Learning Lab along with a group of high school teachers, teach science, math, nutrition, journalism, art history, music, mythology, developmental English and other subjects. They were tasked with centering at least one assignment on Smithsonian research or exhibits available through the digital lab relevant to classroom lessons. top

Google's DeepMind and UK hospitals made illegal deal for health data, says watchdog (The Verge, 3 July 2017) - A deal between UK hospitals and Google's AI subsidiary DeepMind "failed to comply with data protection law," according to the UK's data watchdog. The Information Commissioner's Office (ICO) made its ruling today after a year-long investigation into the agreement, which saw DeepMind process 1.6 million patient records belonging to UK citizens for the Royal Free Trust - a group of three London hospitals. The deal was originally struck in 2015, and has since been superseded by a new agreement. At the time, DeepMind and the Royal Free said the data was being shared to develop an app named Streams, which would alert doctors if patients were at risk from a condition called acute kidney injury. An investigation by the New Scientist revealed that the terms of the agreement were more broad than hand been originally implied. DeepMind has since made new deals to deploy Streams in other UK hospitals. top

Supreme Court unanimously overturns North Carolina's ban on social-media use by sex offenders (David Post/WaPo, 3 July 2017) - A few weeks ago, the Supreme Court released its opinion in Packingham v. North Carolina , holding 8-0 that a North Carolina law prohibiting previously convicted sex offenders from accessing or using "social networking" websites violates the First Amendment. The law in question made it a felony for a registered sex offender "to access a commercial social networking Web site* where the sex offender knows that the site permits minor children to become members or to create or maintain personal Web pages." The statute was purportedly designed to prevent ex-offenders from "gathering information about minors on the Internet" and using that information to make inappropriate or unlawful contact with them. All eight Justices agreed (with us) that the statute was not sufficiently "narrowly tailored" to serve that purpose. It wasn't even a close call. The court (Justice Anthony M. Kennedy writing for himself and Justices Ruth Bader Ginsburg, Stephen G. Breyer, Elena Kagan and Sonia Sotomayor, with Justice Samuel A. Alito Jr. concurring joined by Chief Justice John G. Roberts Jr. and Justice Clarence Thomas) described the statutory prohibition as "unprecedented in the scope of First Amendment speech it burdens.": [S]ocial media users employ these websites to engage in a wide array of protected First Amendment activity on topics "as diverse as human thought." … Social media allows users to gain access to information and communicate with one another about it on any subject that might come to mind. By prohibiting sex offenders from using those websites, North Carolina with one broad stroke bars access to what for many are the principal sources for knowing current events, checking ads for employment, speaking and listening in the modern public square, and otherwise exploring the vast realms of human thought and knowledge. These websites can provide perhaps the most powerful mechanisms available to a private citizen to make his or her voice heard. They allow a person with an Internet connection to "become a town crier with a voice that resonates farther than it could from any soapbox." … [T]o foreclose access to social media altogether is to prevent the user from engaging in the legitimate exercise of First Amendment rights. [ Polley : Sweeping and important language.] top

Veterans get a legal checkup with new online tool (Law.com, 5 July 2017) - "Checkups" are obviously common in health care, but the idea of doing a preventive screening for potential issues has applications in law as well, especially in access to justice efforts. A new legal "checkup" tool for veterans, a collaborative project between the American Bar Association (ABA), legal insurance group ARAG Legal and legal innovation group CuroLegal, aims to help veterans "check up" some of the legal issues they may be facing. Nicole Bradick, chief strategy officer at CuroLegal, said the tool, called Veterans Legal Checkup , was designed in alignment with current ABA president Linda Klein's institution of the ABA Veterans Legal Services Initiative. The tool, as its name plainly suggests, is designed for veterans, but Bradick explained that it looks at a few different service areas in particular. "We spoke with a lot of veterans' legal experts, and they highlighted employment, family law and housing as the three biggies," Bradick said. Accordingly, the tool's questionnaire steps users through questions that could bring to light issues veterans face in these areas, like eviction, emergency housing, fair pay, and spousal support. Veterans Legal Checkup is essentially a guided interview; users who access the tool are taken through a number of potential legal issues one question at a time to see if they may have an outstanding legal matter. If the tool can identify a potential claim, it provides a step-by-step walkthrough of the actions users can take to remedy the matter, including useful resources on how to prepare documents and scaffolding for what to say if you call a local legal aid organization. If the tool is unable to identify a particular legal concern, it provides some contact information for a local legal aid agency, paired for some suggestions for what to say when you call. * * * top

Wall Street Journal shuts down its law blog (Bob Ambrogi, 5 July 2017) - Sad news in the legal blogging world, as the Wall Street Journal on Monday shut down its Law Blog , which has regularly covered and broke legal news since its launch in 2006. The closing came as part of the news organization's shut down of eight blogs on Monday covering a range of topics, according to the NiemanLab . top

Why all federal agencies should break and inspect secure traffic (NextGov, 5 July 2017) - The data breach that rocked the Office of Personnel Management in 2015 resulted in the theft of an estimated 21.5 million records, including personally identifiable information such as Social Security numbers, names, dates, places of birth, addresses, fingerprint images and background check data. It's billed as the cyberattack that shocked the U.S. government , and it was discovered when a security engineer decrypted and inspected a portion of the SSL traffic that traverses the agency's network and noticed some odd outbound traffic. Hackers had used SSL encryption to shield their activity and to cloak a piece of malware designed to give them access to the agency's servers. They used that malware to steal mountains of data. Had that engineer not decrypted and inspected the network's SSL traffic, that malware may have continued to go unnoticed, making the already monstrous breach more catastrophic. As evidenced by the OPM data breach, one attack method modern hackers use to infiltrate federal networks is encrypted streams. Essentially, they use secure, encrypted traffic to obfuscate malware. Advanced adversaries don't want to something that jumps out at security engineers. There are no shiny, blinking lights that say they're performing a malicious activity. They want to hide among the noise and use SSL encryption for camouflage. SSL traffic has become the largest network blind spot for government and federal agencies. A Ponemon Institute survey titled "Hidden Threats in Encrypted Traffic" found 50 percent of malware attacks are expected to be delivered via encrypted channels and 80 percent of organizations are not inspecting their SSL traffic. And of the public-sector respondents indicating they had been attacked, 43 percent of those attacks are believed to have used encryption to evade detection. top

- but -

As elites switch to texting, watchdogs fear loss of transparency (NYT, 6 July 2017) - Secure messaging apps like WhatsApp, Signal and Confide are making inroads among lawmakers, corporate executives and other prominent communicators. Spooked by surveillance and wary of being exposed by hackers, they are switching from phone calls and emails to apps that allow them to send encrypted and self-destructing texts. These apps have obvious benefits, but their use is causing problems in heavily regulated industries, where careful record-keeping is standard procedure. "By and large, email is still used for formal conversations," said Juleanna Glover, a corporate consultant based in Washington. "But for quick shots, texting is the medium of choice." Texting apps are already creating headaches on Wall Street, where financial regulations require firms to preserve emails, instant messages and other business-related correspondence. * * * For now, America's elites seem to be using secure apps mostly for one-on-one conversations, but the days of governance by group text might not be far-off. Last year, a group affiliated with Britain's Conservative Party was discovered to be using a secret WhatsApp conversation to coordinate a pro-"Brexit" messaging campaign, while a separate WhatsApp group was being used by politicians backing the Remain effort. Steve Baker, the Conservative member of Parliament who led the pro-"Brexit" group, told The Telegraph that WhatsApp was "extremely effective" as a tool for political coordination. top

BakerHostetler forms swat team to help clients deal with active ransomware attacks (Ride the Lightning, 10 July 2017) - I am not usually interested in the semi-spammy press releases that flood my Inbox, but one did catch my attention, announcing that BakerHostetler, in the wake of the NotPetya and WannaCry assaults, has established a SWAT team to help clients deal with active ransomware attacks. According to the release, this team is different from a typical incident response team. The SWAT team is comprised of members of several practice groups which have handled thousands of cybersecurity incidents, including hundreds of ransomware matters over the last few years. SWAT Team members address issues that go along with ransomware attacks - like whether or not to pay ransom and how, preserving crucial evidence when systems are down, engagement of law enforcement at the highest levels for support, establishing compliant offline communications because systems are down, leveraging downtime processes from business continuity plans and disaster recovery plans, working with company Boards to remain focused on restoration of services and legal obligations, and developing communications for internal and external parties. I suspect other law firms are forming similar teams - for a need that is now very pressing and didn't exist at all several years ago. Like one of my labs sniffing the air for interesting scents, the firm made a smart move by scanning the horizon for a new legal services opportunity. And that is an essential part of future-proofing firms and keeping legal services relevant. top

NYU releases the largest LiDAR dataset ever to help urban development (TechCrunch, 12 July 2017) - New York University has made available the largest public LiDAR data set ever collected, via its Center for Urban Science and Progress. The laser scanned data, collected using aerial LiDAR instruments, is about 30 times as dense as a typical data set at a resolution of around 300 points per square meter, and covers a 1.5km square region of Dublin's city center. The data was collected by Professor Debra F. Laefer and her NYU CUSP research team, and includes both a top-down view of the roofs and distribution of buildings, as well as info about their vertical surfaces, making it possible to build 3D models of the urban landscape with detail around building measurements, tress, power lines and poles and even curb height, CUSP says. Open access to this scale and quality of data has big implications for researchers working on urban planning and development, and for engineering teams tackling everything from autonomous vehicles, to drone fleet operation, to infectious disease transmission tracking and more. It's something that would understandably be of use if captured for other cities, too - and that's exactly what CUSP hopes to do, with discussions underway to tackle New York City with a similar data imaging project next. If you think you can do something cool with the dataset, go ahead and grab it here - complete with both LiDAR info and related imagery . top

Six major US airports now scan Americans' faces when they leave country (ArsTechnica, 12 July 2017) - The Department of Homeland Security has been pushing a plan that if enacted would require all Americans submit to a facial-recognition scan when departing the country. This step would be a way to expand a 2004 biometric-tracking law meant to target foreigners. According to the Associated Press, which first reported the plan on Wednesday, facial-scanning pilot programs are already underway at six American airports-Boston, Chicago, Houston, Atlanta, New York City, and Washington DC. More are set to expand next year. In a recent privacy assessment, DHS noted that the "only way for an individual to ensure he or she is not subject to collection of biometric information when traveling internationally is to refrain from traveling." In recent years, facial recognition has become more common amongst federal and local law enforcement: a 2016 Georgetown study found that half of adult Americans are already in such biometric databases. "Americans expect when they fly overseas that their luggage is going to be looked into," Harrison Rudolph , a Georgetown legal fellow, told Ars. "What they don't expect is their face is going to be scanned. This is an expansion of a program that was never authorized for US citizens." John Wagner, the Customs and Border Protection official in charge of the program, said that the agency will delete such scans within 14 days. But he also said that the agency may keep scans longer after it goes "through the appropriate privacy reviews and approvals." top

Border Patrol says it's barred from searching cloud data on phones (NBC, 12 July 2017) - U.S. border officers aren't allowed to look at any data stored only in the "cloud" - including social media data - when they search U.S. travelers' phones, Customs and Border Protection acknowledged in a letter obtained Wednesday by NBC News. The letter (PDF), sent in response to inquiries by Sen. Ron Wyden, D-Ore., and verified by Wyden's office, not only states that CBP doesn't search data stored only with remote cloud services, but also - apparently for the first time - declares that it doesn't have that authority in the first place. In April, Wyden and Sen. Rand Paul, R-Ky., introduced legislation to make it illegal for border officers to search or seize cellphones without probable cause. Privacy advocates and former Homeland Security lawyers have said they are alarmed by how many phones are being searched. The CBP letter, which is attributed to Kevin McAleenan, the agency's acting commissioner, is dated June 20, four months after Wyden asked the Department of Homeland Security (PDF) , CBP's parent agency, to clarify what he called the "deeply troubling" practice of border agents' pressuring Americans into providing passwords and access to their social media accounts. McAleenan's letter cites several laws that he contends allow officers to search any traveler's phone without probable cause when the traveler enters or leaves the United States. The agency says the practice protects against child pornography, drug trafficking, terrorism and other threats. But the question of whether that broad authority extends to data linked to on remote servers but not physically stored on a phone had remained unclear, according to privacy advocates like the American Civil Liberties Union and the Electronic Frontier Foundation . McAleenan's letter says officers can search a phone without consent and, except in very limited cases, without a warrant or even suspicion - but only for content that is saved directly to the device, like call histories, text messages, contacts, photos and videos. top

RESOURCES

Big data, data science, and civil rights (Computing Community Consortium, 27 June 2017) - The Computing Community Consortium (CCC) has been working hard on various white papers over the past couple of months and slowly releasing them. You can see all of them here . Today, we highlight another paper, called Big Data, Data Science, and Civil Rights by Solon Barocas, Elizabeth Bradley, Vasant Honavar, and Foster Provost. Government, academia, and the private sector have increasingly recognized that the use of big data and data science in decisions has important implications for civil rights. However, a coherent research agenda for addressing these topics is only beginning to emerge and the need for such an agenda is critical and timely. Big data and data science have begun to profoundly affect decision making because the modern world is more broadly instrumented to gather data-from financial transactions, mobile phone calls, web and app interactions, emails, chats, Facebook posts, Tweets, cars, Fitbits, and on and on. According to this paper, the necessary research agenda should include: * * * [ Polley : Spotted by MIRLN reader Claude Baudoin ] top

A primer on debates over law and ethics of autonomous weapon systems (Lawfare, 5 July 2017) - For Lawfare readers interested in law and regulation of autonomous weapon systems (AWS), we're pleased to note our new essay, recently posted to SSRN , "Debating Autonomous Weapon Systems, Their Ethics, and Their Regulation Under International Law." It appears as a chapter in a just-published volume, The Oxford Handbook of Law, Regulation, and Technology , edited by Roger Brownsword, Eloise Scotfield, and Karen Yeung (Oxford University Press, July 2017). Our chapter can be read on its own as a non-technical and relatively short primer on normative debates over AWS. The book in which it appears addresses emerging technologies and regulation more generally. Some readers might find it interesting to see how debates over the law, regulation, and ethics of AWS compare and contrast with those of other emerging technologies ( Table of Contents tab here ). Although our chapter expresses a point of view on these normative debates (a point of view we've previously conveyed here , here , and elsewhere), it is intended to present, as fairly as we could in a limited space and in non-technical language, the leading positions in the debate. It's not a brief for one side or the other. Teachers looking for a basic introduction to the AWS topic for use in law, international relations, ethics, armed conflict or military studies, etc., might find it useful. top

DIFFERENT

Text this number anything you want and it will text you back art depicting it (Gothamist, 10 July 2017) - There are 34,678 pieces of artwork in SFMOMA's collection, with only about 5% on view at any given time. To get more eyes on the art, they've created a way to discover some of it. Their highly addictive "Send Me" feature allows you to text them what you want to see, and they'll send you back an image of a piece of art depicting that thing, along with some information on the piece. Here's how to make the magic happen: text "send me [x]" to 572-51, and within seconds SFMOMA will text you back a piece of art that, in some way, shows you that thing. X can = a keyword, a color, and even an emoji. In their announcement of the text service, they noted that "studies have shown that the average museum visitor spends approximately seven seconds in front of any artwork," asking, "In a world oversaturated with information... how can we generate personal connections between a diverse cross section of people and the artworks in our collection? How can we provide a more comprehensive experience of our collection?" In the first four days of the project, they received over 12,000 texts. [ Polley : Spotted by MIRLN reader Elizabeth Polley = @ebpolley] top

Specific laws that governs katana/samurai sword ownership (Case Clothesed, July 2017) - In japan, there are certain laws you have to comply with for you to have swords or katana. During the old period in japan, carrying swords in the road is prohibited unless you're a public servant or police. In these days it is hard to find someone who owns a sword. Only those who are associated with the sport Hombu Dojo, or a type of Samurai Sports. Yakuza and other members of the elite community may have access to these swords too. But there are certain laws that restrict the use of this traditional weapon. * * * top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Company will monitor phone calls to tailor ads (New York Times, 24 Sept 2007) - Companies like Google scan their e-mail users' in-boxes to deliver ads related to those messages. Will people be as willing to let a company listen in on their phone conversations to do the same? Pudding Media, a start-up based in San Jose, Calif., is introducing an Internet phone service today that will be supported by advertising related to what people are talking about in their calls. The Web-based phone service is similar to Skype's online service - consumers plug a headset and a microphone into their computers, dial any phone number and chat away. But unlike Internet phone services that charge by the length of the calls, Pudding Media offers calling without any toll charges. The trade-off is that Pudding Media is eavesdropping on phone calls in order to display ads on the screen that are related to the conversation. Voice recognition software monitors the calls, selects ads based on what it hears and pushes the ads to the subscriber's computer screen while he or she is still talking. A conversation about movies, for example, will elicit movie reviews and ads for new films that the caller will see during the conversation. Pudding Media is working on a way to e-mail the ads and other content to the person on the other end of the call, or to show it on that person's cellphone screen. "We saw that when people are speaking on the phone, typically they were doing something else," said Ariel Maislos, chief executive of Pudding Media. "They had a lot of other action, either doodling or surfing or something else like that. So we said, 'Let's use that' and actually present them with things that are relevant to the conversation while it's happening." top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Klein Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. Aon's Technology & Professional Risks Newsletter

5. Crypto-Gram, http://www.schneier.com/crypto-gram.html

6. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

7. The Benton Foundation's Communications Headlines

8. Gate15 Situational Update Notifications, http://www.gate15.us/services.html

9. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top