MIRLN

MIRLN --- 1-21 Jan 2012 (v15.01)

2012-01-21T07:30:00.001-05:00

MIRLN --- 1-21 Jan 2012 (v15.01) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

permalink

NEWS | LOOKING BACK | NOTES

Ruling by Justice Dept. Opens a Door on Online Gambling
Publishers vs. Libraries: An E-Book Tug of War
Cyber Threat to Power Grid Puts Utility Investors at Risk
440,783 "Silent SMS" Used to Track German Suspects in 2010
ABA Identity Management Legal Task Force Posts First Draft
How the US Pressured Spain to Adopt Unpopular Web Blocking Law
Promoting Vetted News Content on Social Media (or, How Not to Give Your Lawyer a Heart Attack)
Feds Want Judge to Force Suspect to Give Up Laptop Password
Man Convicted of Murder Gets Retrial After Virus Eats Transcripts
FedRAMP Security Controls Unveiled
Who Owns Your Employee's LinkedIn Connections at Your Law Firm?
Lockdown - The Coming War On General-Purpose Computing
Mass Ct: ZIP Code is Personal Identification Info Under Credit Card Statute But Plaintiff Must Still Allege Harm
ECJ Confirms IP Addresses are "Personal Data"
US Killer Spy Drone Controls Switch to Linux
Obama Administration Says Constitution Protects Cell Phone Recordings
FOIA Documents Reveal Homeland Security is Monitoring Political Dissent
E-Mail After Work Hours? That's Overtime, Says [Brazilian] Law
World Bank Assumes Control of Google Map Data
Legal Ethics to Go, Thanks to New Bar App
Authentication of Primary Legal Materials and Pricing Options
Thou Shalt Not Tweet To Strangers... and Other Foolishness from the Florida Bar
Third Circuit Says Data Breach Plaintiffs Lack Standing Absent Misuse of Data

Ruling by Justice Dept. Opens a Door on Online Gambling (NYT, 24 Dec 2011) - The Justice Department has reversed its long-held opposition to many forms of Internet gambling, removing a big legal obstacle for states that want to sanction online gambling to help fix their budget deficits. The legal opinion , issued by the department's office of legal counsel in September but made public on Friday, came in response to requests by New York and Illinois to clarify whether the Wire Act of 1961, which prohibits wagering over telecommunications systems that cross state or national borders, prevented those states from using the Internet to sell lottery tickets to adults within their own borders. Although the opinion dealt specifically with lottery tickets, it opened the door for states to allow Internet poker and other forms of online betting that do not involve sports. Many states are interested in online gambling as a way to raise tax revenue.

top

Publishers vs. Libraries: An E-Book Tug of War (NYT, 24 Dec 2011) - Last year, Christmas was the biggest single day for e-book sales by HarperCollins. And indications are that this year's Christmas Day total will be even higher, given the extremely strong sales of e-readers like the Kindle and the Nook. Amazon announced on Dec. 15 that it had sold one million of its Kindles in each of the three previous weeks. E-books and audio books on the Web site of the New York Public Library. Publishers are waiting for an industrywide approach to e-lending to gel. But we can also guess that the number of visitors to the e-book sections of public libraries' Web sites is about to set a record, too. And that is a source of great worry for publishers. In their eyes, borrowing an e-book from a library has been too easy. Worried that people will click to borrow an e-book from a library rather than click to buy it, almost all major publishers in the United States now block libraries' access to the e-book form of either all of their titles or their most recently published ones. Borrowing a printed book from the library imposes an inconvenience upon its patrons. "You have to walk or drive to the library, then walk or drive back to return it," says Maja Thomas, a senior vice president of the Hachettte Book Group, in charge of its digital division. And print copies don't last forever; eventually, the ones that are much in demand will have to be replaced. "Selling one copy that could be lent out an infinite number of times with no friction is not a sustainable business model for us," Ms. Thomas says. Hachette stopped making its e-books available to libraries in 2009. E-lending is not without some friction. Software ensures that only one patron can read an e-book copy at a time, and people who see a long waiting list for a certain title may decide to buy it instead. Explaining Simon & Schuster's policy - it has never made its e-books available to libraries - Elinor Hirschhorn, executive vice president and chief digital officer, says, "We're concerned that authors and publishers are made whole by library e-lending and that they aren't losing sales that they might have made in another channel."

top

Cyber Threat to Power Grid Puts Utility Investors at Risk (Forbes, 27 Dec 2011) - The electric-utility industry's concerns about cyber security has escalated sufficiently for several investor-owned utilities to include cyber-attacks as a material risk factor in recent filings with the U.S. Securities and Exchange Commission. In November, Consolidated Edison of New York, a large electric and gas utilities serving customers in New York City and Westchester County, included cyber-attacks as a risk factor that could affect investors quarterly report (10-Q) for the first time. Con Edison's 10-Q stated: "A Cyber Attack Could Adversely Affect the Companies. The Utilities and other operators of critical energy infrastructure may face a heightened risk of cyber attack. In the event of such an attack, the Utilities and the competitive energy businesses could have their operations disrupted, property damaged and customer information stolen; experience substantial loss of revenues, response costs and other financial loss; and be subject to increased regulation, litigation and damage to their reputation." Although Con Edison is not the first utility to disclose cyber-security a serious threat in SEC filings, it is perhaps the first to describe cyber-attacks as a stand-alone risk category. For example, Pepco Holdings, a large power and gas utility serving customers in Delaware, the District of Columbia, Maryland and New Jersey, includes cyber-attacks in a broader, catch-all disclosure about terrorism and other mega-catastrophes.

top

440,783 "Silent SMS" Used to Track German Suspects in 2010 (F-Secure, 29 Dec 2011) - The 28th Chaos Communication Congress ( 28C3 ) is currently underway in Berlin and on Tuesday, researcher Karsten Nohl gave a presentation called: Defending mobile phones. If you have an hour, it's worth watching . But one of the most interesting things, from our point of view, was Nohl's brief reference to recent reports (Dec. 13th) about various German police authorities having used nearly half a million "Silent SMS" to track suspects in 2010.  So we did a web search and found nothing about it in the English language press. However, Wikipedia's SMS entry has (had) this:   "Silent messages, often called silent SMS, stealth SMS, or stealthy ping, will not show up on the display, neither  is there an acoustical signal when they are received. However, at the mobile provider some data is created  (for example, the subscriber identification IMSI). This kind of message is sent especially by the police to locate  a person or to create a complete movement profile of a person. In Germany in the year 2010, nearly half a  million "silent SMSs" were sent by the federal police, the customs, and the secret service "Office for Protection  of the Constitution." So what exactly does this mean?   Well, basically, various German law enforcement agencies have been "pinging" mobile phones. Such pings only reply whether or not the targeted resource is online or not, just like an IP network ping from a computer would.   But then after making their pings, the agencies have been requesting network logs from mobile network operators. The logs don't reveal information from the mobile phones themselves, but they can be used to locate the cell towers through which the pings traveled. And thus, can be used to track the mobile targeted.

top

ABA Identity Management Legal Task Force Posts First Draft (SecureIDNews, 2 Jan 2012) - The first draft of the American Bar Association Task Force Report tentatively titled "Solving the Legal Challenges of Online Identity Management" has been posted on the Task Force Web site for review and comment. It is set out in three parts, as three separate documents:

1. Part 1: Identity Management Fundamentals and Terminology

2. Part 2: Legal Regulation of, and Barriers to, Identity Management

3. Part 3: Structuring the Legal Framework for an Identity System

The three documents can be downloaded here . The documents are located on the right side of the page, immediately under the heading "Resources and Drafts." The draft is still preliminary but are supposed to act as a starting point for discussion. The task force wants to move ahead quickly so input and suggested revisions are welcome, says Tom Smedinghoff, a partner at Edwards Wildman Palmer LLP and chairman of the group.

top

How the US Pressured Spain to Adopt Unpopular Web Blocking Law (Ars Technica, 6 Jan 2012) - Though a deeply divided Congress is currently considering Internet website censorship legislation, the US has no such official policy-not even for child porn, which is voluntarily blocked by some ISPs. Nor does the US have a government-backed "three strikes" or "graduated response" system of escalating warnings to particular users accused of downloading music and movies from file-sharing networks. Yet here was the ultimatum that the US Embassy in Madrid gave the Spanish government in February 2008: adopt such measures or we will punish you. Thanks to WikiLeaks, we have the text of the diplomatic cable announcing the pressure tactics. "We propose to tell the new government that Spain will appear on the Watch List if it does not do three things by October 2008. First, issue a [Government of Spain] announcement stating that Internet piracy is illegal, and that the copyright levy system does not compensate creators for copyrighted material acquired through peer-to-peer file sharing. Second, amend the 2006 "circular" that is widely interpreted in Spain as saying that peer-to-peer file sharing is legal. Third, announce that the GoS [Government of Spain] will adopt measures along the lines of the French and/or UK proposals aimed at curbing Internet piracy by the summer of 2009." See also EFF's posting on this -- https://www.eff.org/deeplinks/2012/01/spains-ley-sinde-new-revelations

top

Promoting Vetted News Content on Social Media (or, How Not to Give Your Lawyer a Heart Attack) (CMLP, 5 Jan 2012) - By now, it is a given that many journalists have a regular presence on social networking services. The value of social media for gathering information, developing the journalist's public persona, and promoting the journalist's work is well-recognized. And although many news outlets have established guidelines and policies regarding behavior on social media, most outlets still permit journalists substantial discretion as to the tone and content of their tweets and posts. Special concerns arise, however, when you use social media to promote articles that have been vetted by your attorneys. To understand these concerns, it helps to understand more about what media lawyers are looking for when we perform prepublication review of an article. Although there are numerous issues that we might consider, media lawyers are primarily concerned with any statements in an article that might adversely affect the reputation of identifiable people or companies. Of course, a great deal of sound journalism can be damaging to reputation, including stories about political corruption, unfair business practices, or criminal activity. The lawyer's concern is normally not whether such stories are newsworthy (that is up to you and your editor), but whether there is adequate factual support for the statements in your article. Thus, on the most basic level, our review involves identifying the individuals and companies at issue in an article and the factual support for statements about those people. We give particular attention to people who are not the main focus of the article, because it is sometimes the case that less time is given to researching facts about secondary parties. Errors about these side players in a story can also generate legal claims, and sometimes your lawyer might suggest cutting references in your article to secondary parties if it seems that the facts about those people are underdeveloped. On a deeper level, we are concerned with the overall context and gist of the article. Because defamation claims can arise not only from the explicit text of an article but also from reasonable inferences drawn from the text, we want to be sure that there are no inferences that an audience could draw from your article that you do not intend. To that end, we might suggest language changes or restructuring of the article to eliminate juxtapositions of fact and other contextual clues that make it appear that an article is suggesting more than it can actually support. Our goal in this process is risk management: We try to enable you to publish everything that you want to publish while moderating any risks involved.

top

Feds Want Judge to Force Suspect to Give Up Laptop Password (Wired, 5 Jan 2012) - Federal prosecutors want a judge to order a Colorado woman to provide the password to decrypt her laptop, which the government seized with a search warrant. With backup from digital rights groups, the woman is fighting the feds, arguing that being forced to provide her password violates the Fifth Amendment's protection against forced self-incrimination. Colorado U.S. District Judge Robert Blackburn is expected to rule any day on whether to force defendant Ramona Fricosu to decrypt her Toshiba Satellite M305, which authorities seized from her in 2010 with a court warrant while investigating financial fraud. The case is being closely watched by digital rights groups, as the issue has never been squarely weighed in on by federal courts, and the Supreme Court has never addressed the issue. But a factually similar dispute involving child pornography ended with a Vermont federal judge ordering the defendant to decrypt the hard drive of his laptop. While that case never reached the Supreme Court, it differed from the Fricosu matter because U.S. border agents already knew there was child porn on the computer because they saw it while the computer was running during a 2006 routine stop along the Canadian border. The Electronic Frontier Foundation's Marcia Hoffman said (.pdf) in a court filing that the very act of requiring Fricosu to input her password into the laptop would be incriminating "because it might reveal she had control over the laptop and the data there." Assistant U.S. Attorney Patricia Davies said (.pdf) said there is no Fifth Amendment breach, and that it might "require significant resources and may harm the subject computer" if it tried to crack the encryption. [Editor: seems to me that there was some decent case-law on this 15 years ago, arising in the context of former Oregon Senator Bob Packwood's diary; my recollection is sketchy, but revolves around the argument that if you've NEVER written down the password, being forced to divulge it is testimonial action, protected by the 5 ^th. OTOH, if you have written it down, being compelled to hand it over is not protected testimonial action.]

top

Man Convicted of Murder Gets Retrial After Virus Eats Transcripts (The Register, 5 Jan 2012) - A US man who had been convicted on a second-degree murder charge will get a new trial after a computer virus destroyed transcripts of court proceedings. Randy Chaviano, of Hialeah, Florida, was given a life sentence for the fatal shooting of Carlos Acosta after he was convicted by a Miami jury in July 2009. An appeal was lodged when it was discovered that only a partial record of the trial that led to Chaviano's conviction could be found. In the circumstances the Third District Court of Appeal had no option but to strike the conviction and order a fresh trial. Court stenographers normally record proceedings on both paper and digital disk. But Terlesa Cowart, stenographer at Chaviano's 2009 trial, forgot to bring enough rolls of paper and relied on digital recordings alone to chronicle proceedings. She transferred this data to her PC and erased it from the stenograph. Bad move. The PC subsequently became infected by an unidentified virus, causing the destruction of the records. No secure backup was taken, so the state will be put through the expense of a second trial that will cause, at the very least, inconvenience for witnesses and heartache for the victim's family.

top

FedRAMP Security Controls Unveiled (GovInfoSecurity, 9 Jan 2012) - The federal government has issued some 170 controls for FedRAMP, the program designed to vet cloud computing providers for federal government agencies. The security controls for the Federal Risk and Authorization Management Program, or FedRAMP, align with the National Institute of Standards and Technology Special Publication 800-53 Revision 3 for low and moderate impact systems. Cloud computing providers must implement these security controls in order for them to receive authorization to provide cloud services to federal agencies. Writing in a blog posted on the Federal Chief Information Officers Council website, Department of Homeland Security CIO Richard Spires said the security controls approved by the board create a baseline of controls to properly address the unique elements of authorizing cloud products and services, including multi-tenancy, control of an infrastructure and shared resource pooling. "This baseline serves all federal agencies and [cloud service providers], to which additional controls may be added by agencies to meet specific requirements," Spires said. Implementation of the FedRAMP security controls will be detailed in the several documents to be released before the initial operating capability of the program later this year. Those documents will align with the NIST SP 800-37 Risk Management Framework and include * * *. [Editor: see also "Questions to Ask of Cloud Vendors" by Mintz Levin on 19 Dec 2011 here: http://www.privacyandsecuritymatters.com/2011/12/things-to-do-in-2012-questions-to-ask-of-cloud-vendors/?elq_mid=17029&elq_cid=996107#page=1 ]

top

Who Owns Your Employee's LinkedIn Connections at Your Law Firm? (Kevin O'Keefe, 10 Jan 2012) - Last month I asked who owns the Twitter followers at your law firm? My question was precipitated by the Phonedog.com lawsuit in which an employer claims the employer owns the Twitter account started by an ex-employee while still an employee. The Wall Street Journal's Joe Palazzolo reports before we had an employer's claim to Twitter followers, we had a company claiming the right to a fired employee's LinkedIn account and the ex-employee's connections. Upon being sued by the ex-employee to get her account back, the company filed a counterclaim alleging, among other things, that the connections were trade secrets. Philadelphia employment lawyer, Eric Meyer, summarized the company's claim. "The defendants claim that Dr. Eagle's LinkedIn connections belong to them and that Dr. Eagle effectively stole those connections. The defendants also claim that Dr. Eagle now reaps the benefit of the time and effort that the defendants previously put into maintaining her LinkedIn account. (The new owners contend that former employees of Edcomm were required to utilize an Edcomm template when creating LinkedIn accounts, use an Edcomm email address, and permit Edcomm to monitor their Linkedin pages)." [Editor: see also posting on InsideHigherEd -- http://www.insidehighered.com/blogs/who-owns-twitter-account ]

top

Lockdown - The Coming War On General-Purpose Computing (Cory Doctorow, 11 Jan 2012) - General-purpose computers are astounding. They're so astounding that our society still struggles to come to grips with them, what they're for, how to accommodate them, and how to cope with them. This brings us back to something you might be sick of reading about: copyright. But bear with me, because this is about something more important. The shape of the copyright wars clues us into an upcoming fight over the destiny of the general-purpose computer itself. In the beginning, we had packaged software and we had sneakernet. We had floppy disks in ziplock bags, in cardboard boxes, hung on pegs in shops, and sold like candy bars and magazines. They were eminently susceptible to duplication, were duplicated quickly, and widely, and this was to the great chagrin of people who made and sold software. Enter Digital Rights Management in its most primitive forms: let's call it DRM 0.96. They introduced physical indicia which the software checked for-deliberate damage, dongles, hidden sectors-and challenge-response protocols that required possession of large, unwieldy manuals that were difficult to copy. [Editor: 2007 Pioneer Award winner Cory Doctorow writes up his keynote presentation from the Chaos Communication Congress. Very interesting piece; it got a fair amount of coverage in the blogosphere.]

top

Mass Ct: ZIP Code is Personal Identification Info Under Credit Card Statute But Plaintiff Must Still Allege Harm (Eric Goldman's blog, 10 Jan 2012) - Last year, the California Supreme Court held that a ZIP Code is personal identification information for purposes of a statute which restricted the type of information a retailer could collect: " California Supreme Court Rules That a ZIP Code is Personal Identification Information -- Pineda v. Williams-Sonoma ." A federal court in Massachusetts recently construed a similar Massachusetts statute to reach the same conclusion, albeit for different reasons. But having found that the retailer in this case technically violated the statute, the court dismisses the case on the basis that the plaintiff failed to allege a cognizable injury. The new case is Tyler v. Michaels Stores, Inc. , 2012 WL 32208 (D. Mass.; Jan. 6, 2012)

top

ECJ Confirms IP Addresses are "Personal Data" (A&L Goodbody, 13 Jan 2012) - As we reported recently, the CJEU held in Scarlet Extended SA ("Scarlet") v Societe belge des auteurs, compositeurs et editeurs ("SABAM"), Case C-70/10 that an order requiring a Belgian internet service provider to filter certain peer to peer files is not permissible under EU law. The CJEU found that any national measures to protect copyright must "strike a fair balance between the protection of copyright and the protection of the fundamental rights of individuals who are affected by such measures". This case is also noteworthy for its landmark decision that internet protocol addresses constitute "protected personal data". The CJEU held that the injunction sought, requiring installation of the contested filtering system, "would involve a systematic analysis of all content and the collection and identification of users' IP addresses from which unlawful content on the network is sent. Those addresses are protected personal data because they allow those users to be precisely identified." This decision is particularly interesting as Charlton J., in EMI Records (Ireland) Limited v Eircom Limited [2010[] IEHC 108, held that an IP address was not "personal data" under the Data Protection Act 1988-2003, in circumstances where it was collected by a record company and provided to Eircom, in order for Eircom to deal with the owner of the IP address in accordance with the 'three strikes' scheme. Charlton J. concluded that as the name and address of the owner of the IP address was unlikely to come into the possession of the record company, since it was a matter for Eircom to deal the relevant person, the IP address in and of itself did not constitute "personal data" in the hands of the record company. Different positions have been adopted by the Member States on this issue, despite the Article 29 Working Party issuing an Opinion (Opinion 4/2007 on the concept of Personal Data) which states that it considers IP addresses as constituting "personal data". The Working Party stated this was "especially in those cases where the processing of IP addresses is carried out with the purpose of identifying the users of the computer (for instance, by copyright holders in order to prosecute computer users for violation of intellectual property rights)." The CJEU's clarification that IP addresses are "personal data" should ensure a more consistent interpretation is adopted across the EU in the future. Interestingly, the European Commission's draft EU Data Protection Regulation, which has been leaked ahead of scheduled publication on Data Protection Day, 28 January 2012, also indicates that IP addresses constitute "personal data".

top

US Killer Spy Drone Controls Switch to Linux (The Register, 12 Jan 2012) - The control of US military spy drones appears to have shifted from Windows to Linux following an embarrassing malware infection. Ground control systems at Creech Air Force Base in Nevada, which commands the killer unmanned aircraft, became infected with a virus last September. In a statement at the time the Air Force dismissed the electronic nasty as a nuisance and said it posed no threat to the operation of Reaper drones, but the intrusion was nonetheless treated seriously. "The ground system is separate from the flight control system Air Force pilots use to fly the aircraft remotely; the ability of the pilots to safely fly these aircraft remained secure throughout the incident," it said. The discovery of the virus was nonetheless hugely embarrassing for the Air Force. The credential-stealing malware, first reported by Wired, made its way from a portable hard drive onto ground systems, which control the drones' weapons and surveillance functions. Portable disks are used to load map updates and transfer mission videos from one computer to another, Defense News added.

top

Obama Administration Says Constitution Protects Cell Phone Recordings (Ars Technica, 13 Jan 2012) - The Obama administration has told a federal judge that Baltimore police officers violated the First, Fourth, and Fourteenth Amendments by seizing a man's cell phone and deleting its contents. The deletions were allegedly in retaliation for the man's use of the phone to record the officers' arrest of his friend. According to the Maryland ACLU, this is the first time the Obama Justice Department has weighed in on whether the Constitution protects citizens' right to record the actions of police with their cell phones. * * * The filing is the latest sign of an emerging consensus that the First Amendment protects the right to record the public conduct of government officials with a cell phone. Last week, the Boston PD was forced to admit its officers acted improperly when they arrested a man for recording an arrest, after the First Circuit Court of Appeals ruled against the city. And while Judge Richard Posner worried that a right to record the police will lead to excessive "snooping around," his fellow judges on the Seventh Circuit seemed sympathetic to the ACLU's argument that Illinois's strict wiretapping statute violates citizens First Amendment rights.

top

FOIA Documents Reveal Homeland Security is Monitoring Political Dissent (EPIC, 13 Jan 2012) - As the result of EPIC v. DHS, a Freedom of Information Act lawsuit , EPIC has obtained nearly thee hundred pages of documents detailing a Department of Homeland Security's surveillance program. The documents include contracts and statements of work with General Dynamics for 24/7 media and social network monitoring and periodic reports to DHS. The documents reveal that the agency is tracking media stories that "reflect adversely" on DHS or the U.S. government. One tracking report -- "Residents Voice Opposition Over Possible Plan to Bring Guantanamo Detainees to Local Prison-Standish MI" -- summarizes dissent on blogs and social networking cites, quoting commenters. EPIC sent a request for these documents in April 2004 and filed suit against the agency in December. For more information, see EPIC: EPIC v. Department of Homeland Security: Media Monitoring .

top

E-Mail After Work Hours? That's Overtime, Says [Brazilian] Law (CNET, 14 Jan 2012) - The liberty some seem to enjoy most is yours. As recessions hit and profit pressures become the sole reason for existence, bosses seem to believe that they own workers--until they discard them for younger, fresher models Now a curiously human law has reared its head in Brazil. According to the Associated Press , this law says that if a company e-mails you after your allotted working hours, then this is the same as if one's supervisor is giving one an instruction to perform a certain work task. Ergo, argue Brazilian labor lawyers, if a worker receives such an e-mail and has to act on it, he or she qualifies for overtime pay.

top

World Bank Assumes Control of Google Map Data (ReadWriteWeb, 16 Jan 2012) - Google announced a partnership with the World Bank today to make Google Map Maker data more accessible to government organizations in disaster scenarios. Google Map Maker is the tool for crowd-sourcing the editing and maintenance of Google's world map. Its user-generated data include locations of hospitals, schools, settlements, water sources and minor roads. Access to these data will help governments, NGOs, researchers and individuals plan without waiting for the changes to be approved and added to the official maps. World Bank partner organizations, such as government and U.N. agencies, can contact World Bank offices to request access to the data. Kenya, South Sudan, Tanzania, Sierra Leone, Ghana, Zambia, Nigeria, Democratic Republic of Congo, Moldova, Mozambique, Nepal and Haiti will pilot the project. This partnership could improve response time and effectiveness in crises in underserved areas of the world. It's just a shame that Google has decided to compete with Ushahidi and other open-source efforts to solve this problem. Access to Google Map Maker data is privileged, and Google has chosen the mother of all elite gatekeepers, the World Bank, to facilitate this program.

top

Legal Ethics to Go, Thanks to New Bar App (Robert Ambrogi, 16 Jan 2012) - A new mobile app introduced this week by the New York State Bar Association lets lawyers search and access ethics opinions from their mobile phones. The NYSBA Mobile Ethics App includes the state bar's catalog of more than 900 legal ethics opinions, dating back to 1964. The app allows users to search for an opinion by keyword, retrieve it by opinion number, or browse a list of categories such as "attorney advertising," "concurrent representation" and "non-refundable retainer." Results show both a digest of the opinion and its full text. It can notify you when new opinions are added.

top

Authentication of Primary Legal Materials and Pricing Options (BeSpacific, 17 Jan 2012) - "The recent passage of the Uniform Electronic Legal Material Act (UELMA) has brought to the forefront the issue of costs of authenticating primary legal materials in electronic format. This white paper briefly reviews five methods of electronic authentication. These methods are based on trustworthiness, file types, effort to implement, and volume of electronic documents to be authenticated. Six sample solutions are described and their relative costs are compared. The white paper also frames the legal landscape and background of authentication for primary legal materials in electronic format, and provides context and points to applicable resources. The aim of this collective effort is to promote the understanding of costs related to authentication and invite further discussion on the issue...It is not intended to offer legal advice. Please consult an attorney for assistance with specific concerns or advice."

top

Thou Shalt Not Tweet To Strangers... and Other Foolishness from the Florida Bar (Kevin O'Keefe, 18 Jan 2012) - "The Standing Committee on Advertising [of the Florida Bar Association] has reviewed the networking media, and issues the following guidelines for lawyers using them." Whew, I was wondering when someone would get around to reviewing all of the social media and social networking sites on the Internet as well as review all the various methods of engagement and interaction that come with them. A lot of lawyers like me were out here in the wilderness of social networking and social media relying solely on our common sense, good judgment, and existing ethics guidelines for guidance on how to ethically use the Internet today. What a foolhardy approach. Now we have the all knowing wise men and women of the Florida Bar's 'Standing Committee on Advertising' commanding as of January 10, 2012, that: "Invitations sent directly from a social media site via instant messaging to a third party to view or link to the lawyer's page on an unsolicited basis are solicitations in violation of Rule 4-7.4(a), unless the recipient is the lawyer's current client, former client, relative, or is another lawyer." And commanding: "Pages of individual lawyers on social networking sites that are used solely for social purposes to maintain social contact with family and close friends [presumably Facebook], are not subject to the lawyer advertising rules."

top

Third Circuit Says Data Breach Plaintiffs Lack Standing Absent Misuse of Data (Eric Goldman, 18 Jan 2012) - Ceridian is a payroll processing firm. Reilly and Pluemacher were employees of a law firm that was a Ceridian customer. In December 2009, Ceridian suffered a "security breach." A hacker infiltrated Ceridian's system and gained access to information belonging to 27,000 employees at 1,900 companies. After investigating, Ceridian sent a letter to the affected individuals, letting them know that their personal information, including "first name, last name, social security number and, in several cases, birth date and/or bank account" information was accessed. Ceridian provided the affected individuals one year of free credit monitoring and identity theft protection. (It's unclear as to whether plaintiffs took advantage of this, but they alleged that they spent money for monitoring efforts.) The Third Circuit focuses on the issue of whether plaintiffs have standing. The court canvasses the precedent and says most courts addressing standing for data breach plaintiffs have concluded that plaintiffs lack standing because the harm is too speculative. The court agrees: "Here, no evidence suggests that the data has been--or will ever be--misused. The present test is actuality, not hypothetical speculations concerning the possibility of future injury."

top

LOOKING BACK

UCITA CHANGES FAIL TO APPEASE (Computerworld, 7 Jan.2002) -- The drafters of the controversial UCITA software licensing law have done an about-face on some of its key provisions, including recommending a ban on remote system shut-offs by software vendors. But the changes don't appear to go far enough to win support from businesses fighting state-by-state adoption of the measure. "These changes are not meaningful. They are more window dressing than real substance," said Elaine McDonald, an attorney at Principal Financial Group in Des Moines, Iowa, which is a member of a broad coalition of businesses and groups opposing the measure. The Uniform Computer Information Transactions Act has been under attack by library and consumer groups and by companies, including giants such as The Boeing Co. in Chicago and Caterpillar Inc. in Peoria, Ill., all of which maintain that the law gives too much power to vendors. Opponents blocked UCITA in every state where it was introduced last year. Facing the possibility that UCITA could die, its drafting committee met last month and adopted a series of amendments intended to win support. In particular, the committee reversed course on the so-called self-help provision, which would have allowed vendors to remotely turn off systems in a contract dispute without court intervention. Vendors would now have to go to court when such disputes arise. "I do know that some of the changes that are being proposed will result in satisfying the concerns of some," said Carlyle Ring Jr., chairman of the UCITA drafting committee of the National Conference of Commissioners on Uniform State Laws, a Chicago-based organization that spearheads commercial law adoption in the U.S. "Others are not going to be as satisfied," he said. UCITA provides a framework for licensing contracts that lack certain specific provisions. Opponents say UCITA's default provisions grant several questionable rights to software publishers. http://www.computerworld.com/s/article/67149/UCITA_Changes_Fail_to_Appease

top

MORTGAGE VENDOR WILL ALLOW ELECTRONIC SIGNATURES ON MORTGAGE APPLICATIONS (CNN, 22 Jan. 2002) -- Mortgage vendor Quicken Loans Inc. is deploying what may be the first electronic signature network for high-value business-to-consumer transactions. Starting this spring, the company will let loan seekers use electronic signatures to complete and submit mortgage applications immediately after being preapproved online, without requiring the usual paperwork and ink signatures. Unlike emerging efforts to implement electronic signatures in other consumer settings, Quicken's loan process won't require consumers to use private keys, download digital certificates or use specialized signing software to authenticate themselves. Instead, the company will combine information provided by the consumer during the loan application process with a unique user name and information such as details of an auto loan to authenticate users. Quicken's effort shows that some corporations may finally be working through the technical, regulatory and legal concerns related to the use of electronic signatures in high-value consumer transactions, said Avivah Litan, an analyst at Stamford, Connecticut-based Gartner Inc. "As far as I know, Quicken Loans is the first application to implement e-signatures in high-value B2C transactions," she said. http://www.cnn.com/2002/TECH/ptech/01/22/quicken.loans.idg/index.html

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. BNA's Internet Law News, http://ecommercecenter.bna.com

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. Readers' submissions, and the editor's discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

MIRLN --- 4-31 December (v14.17)

2011-12-31T06:30:00.001-05:00

MIRLN --- 4-31 December (v14.17) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

permalink

New EU Directive on Consumer Rights Affects Website Terms
iCloud to the Rescue?
Red Cross Wants Real Life Laws Enforced Within Virtual Worlds
The Trespass Tort Versus the CFAA: A Response to the Oracle Amicus Brief in Nosal
Cut-and-Paste Reveals Redacted Info on Apple Smartphone Market in Federal Judge's Opinion
Oregon Judge Rules Bloggers Aren't Journalists
Does a Naked Retweet Carry an Endorsement by a Lawyer or Law Firm?
DARPA Unshredding Contest
Feds Launch Cloud Security Standards Program
Privacy Fades in Facebook Era
Law Firms and Social Media: A Match Not Yet Made in Heaven

Are You Following Your Clients On Twitter?
LexisNexis and Vizibility Release Research Results on the Use of Social Media Within Law Firms

Some Facts About Carrier IQ
YouTube for Schools and Lecture Capture

M.I.T. Expands Its Free Online Courses

UK Judge Sanctions Live-Tweeting for Reporters

Is It Enough to Tell Jurors Not to Tweet?

Court Denies Motion to Provide Access to Social Networking Sites in Civil Discovery
Judge Dismisses Twitter Stalking Case
It's Official: The LAPD Ain't Going to Google
Breach Response: The Legal View
PATRIOT Act Continues To Harm US Businesses: BAE Refuses To Use MS Cloud Over PATRIOT Act Fears
The Online Media Legal Network Celebrates its Second Birthday!
Metropolitan Museum Provides a Trove of Images for Google Goggles
Don't Break the Internet
Do Individuals Have "A Right To Be Forgotten"?
NewtGingrich.com, Occupied
The PeaceTones Legal Empowerment Project
Volkswagen Agrees to Curb Company E-Mail in Off Hours

New EU Directive on Consumer Rights Affects Website Terms (IT Law Group, 8 Nov 2011) - In late October 2011, the European Council of Ministers formally adopted the new EU Consumer Rights Directive . The new Directive will drastically affect the rules that apply to online shopping. Numerous provisions will also apply to both the online and the offline markets. The Directive is intended to protect "consumers," i.e., all natural persons who are acting for purposes that are outside their trade, business, craft, or profession. It creates new obligations for "traders," a broad term that encompasses all categories of persons who sell products or services. The Directive defines the term "trader" as any natural or legal person who is acting, directly or indirectly for purposes relating to his/its trade, business, craft of profession in relations to contracts covered by the Directive. These contracts include: sales contracts, service contracts, distance contracts, off-premises contracts, and public auction contracts that are concluded between a trader and a consumer. US companies that operate websites that sell to European customers, as well as their affiliates who make direct sales to EU consumers, must start evaluating the numerous consequences that the implementation of the Directive on Consumer Rights will have on their operations. The consequences include: * * *

top

iCloud to the Rescue? (Digital Samurai, 11 Nov 2011) - We doubt it, but let's slow down and stop drinking the Apple Kool-Aid. There are some very interesting items in the T&C (Terms & Conditions) that most people don't even read. The tendency is to click, click, click just to get to the end quickly. The T&C for iCloud is around 12-13 pages long, depending on the device used to view it. So let's dive right into some of the "features" presented in the T&C and what they may mean. First, you are required to have a compatible device, duh? It also states that "…certain software (fees may apply)…" whatever that means. There are a lot of words about the location-based services and what Apple and its partners can do with the collected data. Make sure you understand the cloud collects GPS location, crowd-sourced Wi-Fi information, device ID, Apple ID, etc. That sounds like enough information to be personally identifiable to us. There are no words on how long they store the data, if at all, but we're pretty sure they don't throw it away after processing. You can opt out of the collection by not using any location-based services, which we doubt many will do. Apple doesn't take any responsibility for the integrity of any content stored in iCloud. In other words, you are on your own so don't assume that you can actually use any of the data that you may transmit to iCloud. There's a whole sentence in capital letters that states "…Apple does not guarantee or warrant that any content you may store or access through the service will not be subject to inadvertent damage, corruption, loss, or removal in accordance…" Geez, you call that a backup solution? Apparently not, since a few pages later they say "You are responsible for backing up, to your own computer or other device, any important documents, images or other Content that you store or access via the Service." One of the more disturbing provisions states that Apple will give your data to any law enforcement authority, government official or third party if they feel it appropriate, necessary or legally required. That's pretty scary and there is nothing that says Apple will even give you notice that they are giving over your data. Apparently your data is not encrypted in iCloud or Apple has the decryption keys, which still means unintended parties can see your data. This means that iCloud is NOT an acceptable service for attorneys that keep client information on their iDevices.

top

Red Cross Wants Real Life Laws Enforced Within Virtual Worlds (TechDirt, 5 Dec 2011) - Kotaku has published an article in which the International Committee of the Red Cross proposes that real life laws such as the Geneva and Hague Conventions should be enforced within video games . Before you get too riled up, they are not proposing that video game players be locked up and punished for war crimes for actions performed within the game, but are rather proposing that game designers program those conventions into the games: " In computer and video games, violence is often shown and the players become 'virtually violent'. However, such games are not zones free of rules and ethics. It would be highly appreciated if games reproducing armed conflicts were to include the rules which apply to real armed conflicts. These rules and values are given by international humanitarian law and human rights law. They limit excessive violence and protect the human dignity of members of particularly vulnerable groups. " These types of arguments are very similar to the arguments made by those who have requested laws regulating violence in video games in the past. Those people argued that the lack of consequences in the game would influence player behavior in real life. We know that the US Supreme Court rejected those arguments as the science behind them was not sound. But we all know that pesky court rulings never get in the way of those who want to control human behavior. The Red Cross is looking to have game developers to voluntarily include these laws within the game world noting that some developers already take the time to do it. If that fails, it has no qualms about getting the government involved: "One possible course of action could be to encourage game designers/producers to incorporate IHL in the development and design of video games, while another could be to encourage governments to adopt laws and regulations to regulate this ever-growing industry."

top

The Trespass Tort Versus the CFAA: A Response to the Oracle Amicus Brief in Nosal (Volokh Conspiracy, 5 Dec 2011) - In a recently-filed amicus brief submitted by Oracle America Inc. before the en banc Ninth Circuit in United States v. Nosal , the important Computer Fraud and Abuse Act case I have blogged a lot about, Oracle makes the following argument about interpreting "access" and "authorization" in the context of the CFAA. The CFAA's prohibition on exceeding authorized access and access without authorization is modeled on trespass principles, the brief reasons, so the scope of the CFAA should be interpreted by reference to the trespass principles articulated in the Restatement (Second) of Torts. According to the Oracle brief, this means that (a) computer owners can condition access to their computers using express restrictions like Terms of Service, but (b) express restrictions are only enforceable in some circumstances. The brief summarizes when express restrictions can be enforced under the tort of trespass. [Editor: interesting argument, well-presented.]

top

Cut-and-Paste Reveals Redacted Info on Apple Smartphone Market in Federal Judge's Opinion (ABA Journal, 6 Dec 2011) - A federal judge's opinion in Apple's patent infringement suit against Samsung Electronics was formatted in a way that exposed redacted information. The mistaken revelation in the opinion issued Friday by U.S. District Judge Lucy Koh discussed Apple studies showing its customers are unlikely to switch to Samsung's Android devices, Reuters reports. The redacted portions also included some details on Apple's licensing deals with Nokia and IBM. The redacted material was revealed when the opinion, released in PDF format, was cut and pasted into another document. According to Reuters, the redactions reveal courts' predilection to seal materials in intellectual property cases. The story quotes Emory law professor Timothy Holbrook, who said he didn't see any apparent trade secrets in the redactions. "Most of it just seems like it was sealed out of an abundance of caution," he said. Koh's opinion denied Apple's request for a preliminary injunction in its suit claiming Samsung's Galaxy products infringe patents for the iPhone and iPad. The opinion revealing the information was sealed and a new version was posted about four hours later.

top

Oregon Judge Rules Bloggers Aren't Journalists (CNET, 7 Dec 2011) - A U.S. District Court judge in Portland, Ore., ruled that a blogger who wrote about an investment firm that subsequently accused her of defamation must pay the company $2.5 million because she's a blogger who doesn't legally qualify as a journalist. Crystal Cox, whose blogs are a mixture of fact, opinion, and commentary, wrote several posts that were critical of Obsidian Finance Group and its co-founder, Kevin Padrick. In one blog post , Cox accused Padrick of fraud while serving as trustee in a real estate bankruptcy case. The firm considered the posts defamatory and filed a $10 million lawsuit (PDF) against Cox in January. The blog the court focused on during the case was more factual in tone, suggesting she had an inside source who was leaking her information. Obsidian demanded she reveal the source of her information to prove its veracity. Cox, who acted as her own attorney in the case, refused to reveal her source, arguing that she was afforded the same protections as journalists under Oregon's Shield Law.

top

Does a Naked Retweet Carry an Endorsement by a Lawyer or Law Firm? (Kevin O'Keefe, 7 Dec 2011) - Does a retweet mean an endorsement of something that was tweeted by someone else or a simple "check this out?" That's a question journalists are trying to answer that also applies to some law firms. Last month the Associated Press released modified guidelines for social media (pdf), including a specific section on retweeting. [Editor: Interesting exploration of the issues.]

top

DARPA Unshredding Contest (Bruce Schneier, 8 Dec 2011) - DARPA held an unshredding contest, and there's a winner : "Lots of experts were skeptical that a solution could be produced at all let alone within the short time frame," said Dan Kaufman, director, DARPA Information Innovation Office. "The most effective approaches were not purely computational or crowd-sourced, but used a combination blended with some clever detective work. We are impressed by the ingenuity this type of competition elicits."

top

Feds Launch Cloud Security Standards Program (Computerworld, 8 Dec 2011) - Federal agencies will soon have a government-wide security standard for assessing, authorizing and monitoring cloud products and services. Federal CIO Steven VanRoekel Thursday unveiled the Federal Risk and Authorization Management Program (FedRAMP), which establishes a set of baseline security and privacy standards that all cloud service providers will need to meet in order to sell their products to government agencies. The program requires that all federal agencies use only FedRAMP-certified cloud services and technologies for public clouds, private clouds, hybrid clouds and community clouds. The program also covers all cloud service models, including Software as a Service (SaaS) and Platform as a Service (PaaS). FedRAMP will also provide federal agencies with standard procurement language to use in requests for proposals from cloud service vendors. A Joint Authorization Board, comprising of security experts from the Department of Homeland Security (DHS), General Services Administration (GSA) and the Department of Defense will be responsible for updating the FedRAMP security requirements on an ongoing basis. A group of third-party assessors hired from the private sector will be responsible for independently assessing cloud service providers and certifying their compliance with the standards. The Federal CIO council, a group of government IT executives that set federal IT management practices, will publish an initial set of baseline security and privacy controls for cloud providers within 30 days, VanRoekel said in a White House Office of Management and Budget memorandum ( download pdf ) sent on Thursday to federal agency CIOs. [Europeans considering cloud services may find the ENISA (the European Network and Information Security Agency) guide to "Cloud Computing Risk Assessment" useful:

http://www.enisa.europa.eu/act/rm/files/deliverables/cloud-computing-risk-assessment ]

top

Privacy Fades in Facebook Era (NYT, 11 Dec 2011) - As much as it pains me to say this: privacy is on its deathbed. I came to this sad realization recently when a stranger began leaving comments on photos I had uploaded to Instagram, the iPhone photo-sharing app. After several comments - all of which were nice - I began wondering who this person was. Now the catch here is that she had used only a first name on her Instagram profile. You would think a first name online is enough to conceal your identity. Trust me, it's not. So I set out, innocently and curiously, to figure who she was. I knew this person lived in San Francisco, from her own photos. At first I tried Google, but a first name and city were not enough to narrow it down. Then I went to her photos and looked for people whom she had responded to in the comments. Eventually I found a conversation with someone clearly her friend. I easily found that person's full name, went to the person's Facebook friend list and searched for my commenter's first name. There it was: a full name. With that, I searched Google and before I knew it, I had this person's phone number, home address and place of employment. Creepy, right? I even had a link to a running app that she uses that showed the path of her morning run. This took all of 10 minutes. "We used to have privacy through obscurity online, so even if people had that information out there, the steps that it would take to aggregate it all were too great," said Elizabeth Stark, a lecturer in law at Stanford who teaches about privacy on the Internet. "Previously you could have searched every photo on the Internet for a photo of Nick Bilton until you eventually found one, but that would take a lifetime. Now, facial recognition software can return more images about someone instantly." [Editor: try it - go to http://images.google.com/ and click on the camera icon in the search bar to search-by-image. It worked for one of my own images. There are similar services - e.g. www.tineye.com ]

top

Law Firms and Social Media: A Match Not Yet Made in Heaven (WJS, 12 Dec 2011) - While a number of global law firms have dipped their toes in the social media pool, relatively few have taken the plunge into genuine interactivity, according to an audit released today by LexisNexis Martindale-Hubbell. The company looked at how 110 global law firms used LinkedIn, Twitter, YouTube and other social media from April to mid-May of 2011. The upshot? "It's just getting going," said Bryn Hughes, the company's marketing and communications manager in international markets. "For the legal sector, I think they are slow to adapt to new technology." Firms appear interested in using social media as a marketing platform, particularly outfits based in places with excellent internet penetration: New York, Canada, the United Kingdom and Western Europe. Still, most of those surveyed use social networks as one-way channels to distribute company news, and few embraced blogging and YouTube or integrated social media widget into firm web sites, the audit found. Hughes said that lawyers he had spoken with seem interested in using social media, but remained cautious about liability, client confidentiality and the potential embarrassment of posting erroneous statements online. Here's the snapshot of the findings:

77% of firms surveyed had profiles on LinkedIn
31% used Twitter
29% used Facebook
10.9% used YouTube
8% had official firm blogs
7% used social media widgets to integrate firm web sites

top

- and -

Are You Following Your Clients On Twitter? (Kevin O'Keefe, 20 Dec 2011) - Good attorneys and law firms are always looking for ways to stay in touch in with their clients. Weeks can go by without meeting a client on an active matter. Months or a year can by without talking to a client for which you have no matters pending. How do you stay in touch? Many law firms send out newsletters and alerts, arguably to share helpful information, with the intent to keep 'mind share.' That's a one-way broadcast style of communicating. You're not engaging the client, listening to the client, nor meeting them on their turf. An easy way to stay in touch with clients is to follow them on Twitter. It's becoming more and more common that people have Twitter accounts, whether business leaders or consumers. Look up your clients on Twitter. Look in their LinkedIn profile for their Twitter handle. Start following your clients.

top

- and -

LexisNexis and Vizibility Release Research Results on the Use of Social Media Within Law Firms (PR Newswire, 21 Dec 2011) - Vizibility Inc. and LexisNexis announced today the results of a survey conducted to shed light on the use of social media in legal services marketing. To illustrate the findings, the results have been released as an infographic . The research suggests a high degree of reliance on broadly defined social media marketing programs, with 81% of survey participants reporting they already use social media marketing tools and another 10.1% saying they plan to deploy social media marketing elements within six months. Furthermore, reliance on social media tools and how they're measured differ significantly by firm size. The survey found that a clear majority of participants consider social media an important part of their overall marketing strategy, with nearly half (48.5%) reporting that social media is "somewhat important" while another 31% believe the tools are "extremely important" to their total marketing efforts. A minority, 5% of responding firms, report not using social media. "You have to measure the results from social media to justify it. Our new data reveals a split between small and large firms in social media marketing objectives," noted Lawyers.com(SM) Editor in Chief and LawMarketing Blog author Larry Bodine. "For example, among small firms, almost 71% of participants in practices with five or fewer attorneys said that they rely on social media marketing to generate new business. In contrast, among respondents from big firms with 100 or more attorneys, only 37% measure social media success this way. Large firms better get smart about social media if they expect it to produce new work."

top

Some Facts About Carrier IQ (EFF, 13 Dec 2011) - There has been a rolling scandal about the Carrier IQ software installed by cell phone companies on 150 million phones, mostly within the United States. Subjects of outright disagreement have included the nature of the program, what information it actually collects, and under what circumstances. This post will attempt to explain Carrier IQ's architecture, and why apparently conflicting statements about it are in some instances simultaneously correct. The information in this post has been synthesised from sources including Trevor Eckhart, Ashkan Soltani, Dan Rosenberg, and Carrier IQ itself.

top

YouTube for Schools and Lecture Capture (InsideHigherEd, 13 Dec 2011) - YouTube announced YouTube for Schools today, a variant of YouTube designed to be more education friendly. This site seems primarily aimed at the primary and secondary market, although higher ed may find some things to like. If a school signs up for the service it can upload videos that are then displayed without any non-educational videos (or commenting). The YouTube University site has playlists for arts, business, education, engineering, history, humanities, languages, law, mathematics, medicine, science and social sciences.

top

- and -

M.I.T. Expands Its Free Online Courses (NYT, 19 Dec 2011) - While students at the Massachusetts Institute of Technology pay thousands of dollars for courses, the university will announce a new program on Monday allowing anyone anywhere to take M.I.T. courses online free of charge - and for the first time earn official certificates for demonstrating mastery of the subjects taught. "There are many people who would love to augment their education by having access to M.I.T. content, people who are very capable to earn a certificate from M.I.T.," said L. Rafael Reif, the provost, in a conference call with reporters Friday. M.I.T. led the way to an era of online learning 10 years ago by posting course materials from almost all its classes. Its free OpenCourseWare now includes nearly 2,100 courses and has been used by more than 100 million people. But the new "M.I.T.x" interactive online learning platform will go further, giving students access to online laboratories, self-assessments and student-to-student discussions. Mr. Reif and Anant Agarwal, director of the Computer Science and Artificial Intelligence Lab, said M.I.T.x would start this spring - perhaps with just one course - but would expand to include many more courses, as OpenCourseWare has done. "The technologies available are much more advanced than when we started OpenCourseWare," Mr. Agarwal said. "We can provide pedagogical tools to self-assess, self-pace or create an online learning community." The M.I.T.x classes, he said, will have online discussions and forums where students can ask questions and, often, have them answered by others in the class. M.I.T. said its new learning platform should eventually host a virtual community of learners around the world - and enhance the education of M.I.T.'s on-campus students, with online tools that enrich their classroom and laboratory experiences. The development of the new platform will be accompanied by an M.I.T.-wide research initiative on online teaching and learning, including grading by computer. And because the M.I.T.x platform will be available free to people around the world, M.I.T. officials said they expected that other universities would also use it to offer their own free online courses.

top

UK Judge Sanctions Live-Tweeting for Reporters (Mashable, 14 Dec 2011) - A high-ranking UK judge has issued official guidelines that allow journalists to live-tweet public court proceedings in England and Wales without seeking permission. The practice guidance allows journalists to issue live, text-based communications on mobile phones and other Internet-connected devices, including emails, tweets and Facebook status updates. Reporters won't be able to share Twitpics or sound bites over the social web, however; photography and sound recording on these (and other) devices still needs court approval. These new sanctions do not extend to the public. Public attendees will still need to seek permission to use their mobile devices for text-based communications - and any other purpose - during court sessions.

top

- and -

Is It Enough to Tell Jurors Not to Tweet? (CMLP, 19 Dec 2011) - The Arkansas Supreme Court has reversed a murder conviction - and death sentence - in a case where one juror tweeted during trial, while another fell asleep. Both these problems, the court said, constituted juror misconduct requiring reversal and a new trial. Erickson Dimas-Martinez v. State , 2011 Ark. 515 (Dec. 8, 2011). The Supreme Court was particularly concerned about one of the juror's tweets, "Its over," sent 50 minutes before the jury informed the court that it had agreed on a sentence. As a result of this tweet, the court said, followers of the juror's Twitter feed - including, the court said, at least one journalist (with the online magazine Ozarks Unbound ) - "had advance notice that the jury had completed its sentencing deliberations before an official announcement was made to the court." Dimas-Martinez's lawyers also pointed out that the tweeting juror tweeted during trial despite continued admonitions to the jury throughout the trial warning them not to do so, and that he continued tweeting after the trial judge specifically told him to stop after defense lawyers discovered an earlier tweet. (That one said, "Choices to be made. Hearts to be broken. We each define the great line.") The case raises the question of whether admonishing jurors to not use the Internet and social media is effective. The Arkansas Supreme Court expressed its clear concern, and suggested that measures more drastic than admonitions may need to be taken: "[W]e take this opportunity to recognize the wide array of possible juror misconduct that might result when jurors have unrestricted access to their mobile phones during a trial. Most mobile phones now allow instant access to a myriad of information. Not only can jurors access Facebook, Twitter, or other social media sites, but they can also access news sites that might have information about a case. There is also the possibility that a juror could conduct research about many aspects of a case. Thus, we refer to the Supreme Court Committee on Criminal Practice and the Supreme Court Committee on Civil Practice for consideration of the question of whether jurors' access to mobile phones should be limited during a trial." It is worth noting that while the jurors in this murder trial were told not to tweet about the trial, it does not appear, based on the admonitions repeated in the Arkansas Supreme Court's decision, that they were told why.

top

Court Denies Motion to Provide Access to Social Networking Sites in Civil Discovery (Volokh Conspiracy, 14 Dec 2011) - The decision by the Pennsylvania Court of Common Pleas is Arcq v. Fields (Dec. 8), and it distinguishes Largent v. Reed (blogged about recently here ) on the ground that the party seeking discovery lacked a sufficient good-faith basis for requesting access to the private portion of the other side's social networking accounts. In Largent, and in other cases, the party seeking discovery saw the public portion of her adversary's Facebook account, and therefore had a basis to conclude that there may be relevant information in the private portions of the account. In Arcq, by contrast, the party seeking discovery made a blanket request for access to all of the other side's social networking accounts, and yet didn't know if his adversary even had any such accounts. The court in Arcq concludes that because the moving party did not first see the public portion of his adversary's site, he lacks a good-faith basis to believe that there is relevant evidence in the private portions and therefore the motion to access the social networking sites is denied.

top

Judge Dismisses Twitter Stalking Case (NYT, 15 Dec 2011) - In a case with potentially far-reaching consequences for freedom of expression on the Internet, a federal judge on Thursday dismissed a criminal case against a man accused of stalking a religious leader on Twitter, saying that the Constitution protects "uncomfortable" speech on such bulletin-boardlike sites. The government had accused the defendant, William Lawrence Cassidy, of harassing and causing "substantial emotional distress" to a Buddhist religious leader named Alyce Zeoli. He had posted thousands of messages about her, some predicting her violent death. He lived in California, she in Maryland. In his 27-page order, Judge Roger W. Titus wrote that "while Mr. Cassidy's speech may have inflicted substantial emotional distress, the government's indictment here is directed squarely at protected speech: anonymous, uncomfortable Internet speech addressing religious matters." In his order, Judge Titus drew an analogy to the colonial period, when the Bill of Rights was written. A blog, he said, is like a bulletin board that a person of that time might have planted in his front yard. "If one colonist wants to see what is on another's bulletin board, he would need to walk over to his neighbor's yard and look at what is posted, or hire someone else to do so," he offered. With Twitter, he went on, news from one colonist's bulletin board could automatically show up on another's. The postings can be "turned on or off by the owners of the bulletin boards," he wrote. In other words, one can disregard what is posted on a bulletin board. "This is in sharp contrast to a telephone call, letter or e-mail specifically addressed to and directed at another person," he concluded. Hanni Fakhoury, a lawyer with the Electronic Frontier Foundation, based in San Francisco, which filed a brief in support of the defendant's motion to dismiss the case, said he was heartened by the distinction that the judge drew between speech on a public platform, versus through e-mail or telephone. The order is among the first to address a recently expanded cyberstalking law and, as such, could have important repercussions. "This is an area where there has been very little case law," said Eugene Volokh, a law professor at the University of California, Los Angeles. "It is likely to be quite influential." Judge's order is here .

top

It's Official: The LAPD Ain't Going to Google (GigaOM, 15 Dec 2011) - After a long-running controversy, the 13,000 employees of the Los Angeles Police Department will definitely not move to Google Apps. And that's final. On Wednesday, the Los Angeles City Council voted to officially kill a proposed deployment of Google Apps to the LAPD. The city's other 17,000 employees-those outside law enforcement - will keep using Gmail, the Los Angeles Times reported last night. Two years ago, the LA-Google deal, with CSC acting as contractor, was trumpeted by Google to show that Google Apps - Gmail, specifically - was ready for use by large organizations. But the LAPD had misgivings about how secure Gmail is. For law enforcement and court officials who must deal with sensitive information - evidence, names of confidential informants, etc. - security is critical. Because the LAPD must communicate with the FBI and other federal law enforcement agencies, its communications must meet federal Criminal Justice Information Security standards, as well - something no cloud-based mail is yet able to do. That means the issue is not be as much about Gmail per se as cloud-based email, in general, a fact conceded privately by even some of Google's largest competitors. A spokeswoman for LA city council president Eric Garcetti reiterated that today. "This is about the security of cloud. There are federal as well as local security requirements that must be met," she said.

top

Breach Response: The Legal View (BankInfoSecurity, 15 Dec 2011) - As legal issues surrounding data breaches become increasingly complex, more organizations are turning to attorneys for post-breach response, says Lisa Sotto, a managing partner for New York-based law firm Hunton & Williams. Complying with a multitude of regional and international laws when consumers' personal information is compromised is critical. And depending on the size and reach of the organization breached, that could mean complying with dozens of mandates and regulations in various parts of the country and world. Sotto, who focuses on privacy and information security, says the role of attorneys has changed significantly in recent years. After a data breach, attorneys handle many facets during the response process. "A lawyer who's well-versed in managing data breaches knows that she or he needs to manage really much more than the straight legal compliance issues," Sotto says in an interview with BankInfoSecurity's Tracy Kitten [transcript below]. Attorneys' duties post-breach typically include: forensics investigations; managing public relations; managing media issues generally; hiring and training call-center agents; retaining a mail house; retaining a credit monitoring and identity protection service; and dealing with the inevitable fallout of a data breach internally. "And of course, the lawyers also need to set things up to try to mitigate the risk of litigation that typically follows a security incident," Sotto says.

top

PATRIOT Act Continues To Harm US Businesses: BAE Refuses To Use MS Cloud Over PATRIOT Act Fears (TechDirt, 15 Dec 2011) - Following on recent reports that, under the PATRIOT Act, European companies that use Microsoft's cloud offerings in Europe might find their data subject to US government snooping and seizure, it appears that some rather large European companies are rethinking their cloud deployment plans. UK defense contracting giant BAE had apparently planned to start using Microsoft Office 365, until it was pointed out that this could make their documents subject to US snooping under the PATRIOT Act... and the company changed its plans . At what point do PATRIOT Act supporters realize that such broad provisions don't help the US at all, but only lead to situations like this, where business is driven elsewhere. [Editor: see complementary story at ArsTechnica here .]

top

The Online Media Legal Network Celebrates its Second Birthday! (Berkman, 15 Dec 2011) - We are pleased to announce that the Online Media Legal Network, the Citizen Media Law Project's legal referral service, is now two years old! The OMLN was started in Dec. 2009 as a way to help online journalism ventures and digital media creators find lawyers experienced in the sorts of legal issues media ventures face and to provide legal services on a pro bono or reduced-fee basis. Now, two years later, the OMLN has a network of 232 lawyers in 49 states and the District of Columbia who are willing to offer their services to needy citizen journalists and online publishers. And help they have: as of Dec. 9, the OMLN has over 170 clients and has found counsel for 347 different legal matters, ranging from setting up a business to authoring website terms of use to defending clients against defamation claims. We commemorated the event with a talk this week as part of the Berkman Center's Tuesday Luncheon Series, where we discussed the history of the OMLN, how the OMLN works, and what we've learned from it. [Editor: fairly dry podcast is here .]

top

Metropolitan Museum Provides a Trove of Images for Google Goggles (NYT, 16 Dec 2011) - Over the past year visual-art obsessives have been having a field day with the feature of the Google smart-phone app called Google Goggles, which allows a user to shoot a picture of something - a painting, a photograph, a poster - and in seconds see an identification of the image and a list of search results for more information about it. The app, which was introduced for Android phones in late 2009 and last year for the iPhone, has been getting much better recently at digging up the title, artist and art-historical provenance of the work that the phone camera is looking at. Part of the credit for that can go to holders of huge art-image databases like the J. Paul Getty Museum, which provided Google several months ago with access to several hundred images from its collection, becoming the first museum to do so. Now the Metropolitan Museum of Art has gotten involved. It announced Friday that it has supplied more than 76,000 images of paintings, drawings, prints and photographs in its collection to the project, meaning that if you come across a reproduction of a painting that rings a bell - like "Juan de Pareja" - but can't remember who painted it, your phone can tell you within seconds that it was Diego Velázquez. The app then directs you to the work on the Met's site, for example, which tells you where to find the painting in the museum and gives you much more information about it. (Two-dimensional works function best with the app; it tends to struggle with sculpture, so the Met has so far stuck to paintings and other works on flat surfaces.)

top

Don't Break the Internet (Profs Lemley, Levine & Post, in Stanford Law Review, 19 Dec 2011) - Two bills now pending in Congress-the PROTECT IP Act of 2011 (Protect IP) in the Senate and the Stop Online Piracy Act (SOPA) in the House-represent the latest legislative attempts to address a serious global problem: large-scale online copyright and trademark infringement. Although the bills differ in certain respects, they share an underlying approach and an enforcement philosophy that pose grave constitutional problems and that could have potentially disastrous consequences for the stability and security of the Internet's addressing system, for the principle of interconnectivity that has helped drive the Internet's extraordinary growth, and for free expression. [Editor: full paper here .]

top

Do Individuals Have "A Right To Be Forgotten"? (MLPB, 19 Dec 2011) - Jef Ausloos, Electronic Frontier Foundation, has published The 'Right to Be Forgotten' - Worth Remembering? in Computer Law & Security Review (2012). Here is the abstract: "In the last few years there has been a lot of buzz around a so-called 'right to be forgotten.' Especially in Europe, this catchphrase is heavily debated in the media, in court and by regulators. Since a clear definition has not emerged (yet), the following article will try to raise the veil on this vague concept. The first part will weigh the right's pros and cons against each other. It will appear that the 'right to be forgotten' clearly has merit, but needs better definition to avoid any negative consequences. As such, the right is nothing more than a way to give (back) individuals control over their personal data and make the consent regime more effective. The second part will then evaluate the potential implementation of the right. Measures are required at the normative, economical, technical, as well as legislative level. The article concludes by proposing a 'right to be forgotten' that is limited to data-processing situations where the individual has given his or her consent. Combined with a public-interest exception, this should (partially) restore the power balance and allow individuals a more effective control over their personal data." Paper is here .

top

NewtGingrich.com, Occupied (Washington Post, 21 Dec 2011) - When you go to NewtGingrich.com right now, you might end up on the Washington Post. The pro-Democratic super PAC American Bridge has bought the domain and programmed it to redirect to various Web sites, a clever attack on the former House speaker. The link might take you to Freddie Mac 's Web site, Tiffany's , information about Greek cruises , or to the ad Gingrich cut with former House Speaker Nancy Pelosi in favor of addressing climate change. Sometimes the page goes to a Post article about his campaign's June implosion . American Bridge has now put NewtGingrich.com on Craigslist , jokingly offering to sell the site for somewhere between $10,000 and a million dollars to "someone with greater need than us." The only other candidate whose .com website remains unclaimed by the candidate is Texas Gov. Rick Perry's RickPerry.com. For a few months, that site redirected to the campaign website of Rep. Ron Paul (R-Texas); it now goes to a generic page. As the Post reported recently , web domains are a new battleground in the 2012 campaign. Anonymous proxies often make it hard to determine which campaign is behind attack Web sites.

top

The PeaceTones Legal Empowerment Project (Robert Ambrogi, 22 Dec 2011) - On the latest Lawyer2Lawyer podcast , we look at Peacetones , an initiative of the Internet Bar Organization to empower artists in the developing world with legal and technology tools to bring their music to the world online. Also in the program, we share a holiday treat from a great songwriter and longtime friend, attorney Larry Savell . Read more about this week's show and listen to the full program at the Legal Talk Network . [Editor: I'm on the board of InternetBar.org, where MIRLN is mirrored.]

top

Volkswagen Agrees to Curb Company E-Mail in Off Hours (NYT, 23 Dec 2011) - Volkswagen has agreed to deactivate e-mails for its German staff members' company BlackBerrys when they are off duty. Under an agreement reached this week with labor representatives, staff members at Volkswagen will receive e-mails via BlackBerry from half an hour before they start work until half an hour after they finish, and will be in blackout mode the rest of the time, a spokesman for the company said. The new e-mail protocol for Europe's biggest automaker applies to staff members covered by collective bargaining, so it would seem that board-level executives will still be attached to their BlackBerrys. Very few companies have taken such drastic measures to force workers toward a better work-life balance. Deutsche Telekom, the telecommunications company, introduced a "smart device policy" last year that calls on workers to claim communication-free time when they are off work, in exchange for a promise that management will not expect them to read e-mail or pick up the phone at all times. "Mobile communication devices offer a great amount of freedom, but also embody the risk of no longer being able to switch off," the company said. In Europe's biggest economy, where burnout is blamed for almost 10 million sick days a year, labor representatives want to limit the amount of time that employees spend responding to e-mails on weekends and during vacation. Bitkom, a German technology organization, published a study this year showing that 88 percent of German workers are reachable for clients, colleagues and bosses by e-mail or mobile phone outside of working hours, compared with 73 percent two years ago. [Editor: see related story from MIRLN 14.16 involving Atos.]

top

NOTED PODCASTS

Universal Access to All Knowledge (Long Now Foundation; Brewster Kahle; 94 minutes) - As founder and librarian of the storied Internet Archive (deemed impossible by all when he started it in 1996), Brewster Kahle has practical experience behind his universalist vision of access to every bit of knowledge ever created, for all time, ever improving. He will speak to questions such as these: Can we make a distributed web of books that supports vending and lending? How can our machines learn by reading these materials? Can we reconfigure the information to make interactive question answering machines? Can we learn from past human translations of documents to seed an automatic version? And, can we learn how to do optical character recognition by having billions of correct examples? What compensation systems will best serve creators and networked users? How do we preserve petabytes of changing data?

top

RESOURCES

Defending Privacy at the U.S. Border: A Guide for Travelers Carrying Digital Devices (EFF guide, December 2011) - Legal analysis and presentation of technical measures to protect information from border search.

top

BOOKS

In Search of Jefferson's Moose (book by David Post, Dec 2011) - In 1787, Thomas Jefferson, then the American Minister to France, had the "complete skeleton, skin & horns" of an American moose shipped to him in Paris and mounted in the lobby of his residence as a symbol of the vast possibilities contained in the strange and largely unexplored New World. Taking a cue from Jefferson's efforts, David Post, one of the nation's leading Internet scholars, here presents a pithy, colorful exploration of the still mostly undiscovered territory of cyberspace--what it is, how it works, and how it should be governed.

top

DIFFERENT

Mysterious Paper Sculptures (Central Station, August 2011) - Those of you who don't keep up with Edinburgh's literary world through Twitter may have missed the recent spate of mysterious paper sculptures appearing around the city. [Editor: Whimsical charming story about a mysterious library visitor, bearing gifts.]

top

LOOKING BACK - MIRLN TEN YEARS AGO

SOFTWARE ENABLES HANDS-FREE FLIGHT New technology from the NASA Ames Research Center allows a pilot to land a plane just by waving his hands around in the air. Rather than grasping the controls, the pilot dons a sleeve made out of a pair of old exercise tights with a series of metal buttons sewn on. The buttons pick up electrical signals from the nerves controlling the pilot's arm, and is capable of interpreting the signals precisely enough to land a plane safely. The real goal of the experiment is not hands-free flight, but using nerve signals to control equipment such as nanomachines without surgical implants. The technique could also eventually replace keyboards or joysticks, and prove useful for astronauts wielding tools while wearing bulky spacesuits. "This is a fundamentally new way to communicate with machines," says Charles Jorgensen, head of NASA Ames' neuroengineering lab. The technique has been tested in a simulated environment to land a damaged aircraft, with problems ranging from locked rudder controls to full hydraulic failure. In each case, the landing was successful, says Jorgensen. ("Hands-off Approach" New Scientist 2 Feb 2001) http://www.newscientist.com/article/dn387-handsoff-approach.html

top

IT SECURITY GROUP GEARS UP (ZDnet, 6 February 2001) The IT Information Sharing and Analysis Center (ISAC) will use an anonymizing service when they begin sharing information on attacks and defenses next month. However, many companies are uncomfortable sharing information about their vulnerabilities with each other and with the government. Computer Associates, Microsoft, Oracle and 16 other major technology companies have put up $650,000 for the center's first year. The center is an outgrowth of a four-year, federal effort to secure the nation's critical information infrastructure against criminals, terrorist and garden-variety hackers. Internet Security Systems of Atlanta will run the operation. http://www.zdnet.com/zdnn/stories/news/0%2C4586%2C2682476%2C00.html [URL expired]

top

NOTES

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. BNA's Internet Law News, http://ecommercecenter.bna.com

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. Readers' submissions, and the editor's discoveries.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

MIRLN --- 13 November 2011 – 3 December (v14.16)

2011-12-03T06:27:00.000-05:00

MIRLN --- 13 November 2011 - 3 December (v14.16) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

permalink

COMMENTS | NEWS | PODCASTS | LOOKING BACK | NOTES

Utah Mayor Used Alias To Write Upbeat News Stories
Stanford Law Review Online Launched - Offers Timely Legal Analysis
Site to Resell Music Files Has Critics

Authors Guild: Kindle Owners' Lending Library Is "Nonsense"
Cambridge University Press to Try Renting Academic Articles

Title Firm Sues Bank Over $207k Cyberheist
Pentagon: Offensive Cyber Attacks Fair Game
Righthaven Case Ends in Victory for Fair Use
Fair Use In European Law
Can A Copyright Be Assigned By Email?
New Version of NC SaaS Ethics Opinion
Findlaw Legal Pulse as Launched - Aggregates Topical News and Social Media
Panel Admonishes Criminal Defense Attorney For Blog Naming Clients, Omitting Disclaimer
EU Privacy Law is No Excuse for Spoliation of Evidence
Digital Downloads Sub for Weighty Scores
Web Poster's Anonymity Preserved By Appellate Decision
French IT Company Declares The Email Dead
Cablegate One Year Later: How WikiLeaks Has Influenced Foreign Policy, Journalism, and the First Amendment
D.C. Courts Fight the Future in New Rule Limiting Electronic-Device Use in Courthouse
Complaint: Medical "Copyright Over Your Comments" Contracts Are Illegal

Medical Justice Capitulates by "Retiring" Its Anti-Patient Review Contracts

MyShingle Comments on Proposed Model Rule 5.3 [by] ABA Commission on Ethics 20/20
A Note to Our Readers About Comments
Carrier IQ Tracking Scandal Spirals Out of Control
France Still In Search Of Perfect Cookie
U.S. Publishes Final Rules on Student Privacy Law

ANNOUNCEMENT

(for ABA members)

On 24 October 2011, Dan Schwartz sent the following blast to an audience of ABA technology leaders. If you should have been on that list, consider yourself added. The more the merrier: " Dear Fellow ABA Member -- We all get a lot of ABA related e-mail. But, as members of the Standing Committee on Technology and Information Systems (SCOTIS), we ask for your indulgence for one more to introduce something, we believe, will offer great value to all of us and the ABA: an ABA Technology Stakeholders Community. What would YOU like to see the ABA do with technology? Join our forum. It's easy and it's free. (No lifetime commitment necessary, either). Use the following, easy-to-remember link and become engaged in the discussion: http://ambar.org/techatstake and feel free to share it with other ABA members via e-mail, Twitter, Facebook, LinkedIn, Google+ or whatever other tool you like to use. We are reaching out to you because we have identified you as a technology stakeholder within the ABA. Whether through your position, your section, or just interest, we are trying to build a new community within the ABA -- one that isn't based on Section, but rather a love for and an interest in technology. Through a new technology forum (and eventually, some new-fangled way to communicate) we hope to reach out to various groups, to solicit input and discussion on important subjects, and share useful information. Ultimately, we hope that this forum will provide meaningful input to the ABA and its members, and be a place where ABA members can share information and discuss solutions to the technology issues the ABA faces.

top

COMMENTS

re " Employers Demanding the Right to Remotely Wipe Employees' Phones " from MIRLN 14.05, a reader comments: Last summer [XYZ Co] changed its policy, and so will pay phone charges (including data), and the carrier will give you a "free phone", however if you want a smartphone to read email, then the employee is supposed to by the phone, but XYZ has a similar sting: "(1) I agree to allow XYZ to install or uninstall software as necessary to remotely manage and secure my PDA or mobile device; (2) I agree not to uninstall or disable XYZ installed software; (3) XYZ accepts no liability for loss of data or functionality on my PDA or mobile device; and (4) Upon ceasing to work for XYZ I accept that ALL data may be wiped from my PDA or mobile device." My 3.5yr XYZ owned smartphone died on Wednesday, so I'm a little hesitant about giving XYZ the rights to control my equipment, or even make the device stop functioning at my expense.

top

NEWS

Utah Mayor Used Alias To Write Upbeat News Stories (NPR, 11 Nov 2011) - Disguising himself with an alias, the mayor of Utah's second-largest city has been writing upbeat freelance articles about his town for area news outlets because he claimed the media spent too much time on crime coverage. He unapologetically revealed himself this week, insisting the balance was needed. "I thought about all the people just reading about crime in our city and nothing better," West Valley City Mayor Mike Winder said Friday. "I'm trying to stand up for us because we do get the short end of the stick negative stories." Winder had been writing under the name Richard Burwash, an alias he actually swiped from a real man, a one-time professional tennis player from California that he found on the Internet. He said getting stories published by the Deseret News, KSL-TV's website and a community weekly was as easy as setting up a Gmail account and Facebook page. He communicated with editors by email and phone, never showing his face. As an unpaid writer for several months earlier this year, the so-called Burwash even quoted himself as mayor in some stories. In one published piece, he wrote about the opening of a Buddhist Temple in his Salt Lake City suburb, quoting himself as saying, "We applaud any time a group builds a place to celebrate peace and to encourage people to live better lives." [Editor: See also " Google+ Launches Guide for Politicians and Candidates " (Mashable, 28 Nov 2011)]

top

Stanford Law Review Online Launched - Offers Timely Legal Analysis (Stanford, 11 Nov 2011) - The Stanford Law Review (SLR) launched a new website today, the Stanford Law Review Online offering timely, short-format, law-review-quality legal analysis. The site hosts perspectives , where multiple scholars weigh in on legal issues in the news (similar to newspaper op-eds for readers with a legal background). The new site also provides a forum to respond to law review articles published in the journal edition of SLR . The goal of the website is to provide a more flexible outlet to publish short, original legal scholarship and commentary on a faster time-frame with the same editorial quality that is the hallmark of the Stanford Law Review . The first perspective, California's De Facto Sentencing Commissions , by Stanford Law Professor Robert Weisberg is available online today.

top

Site to Resell Music Files Has Critics (NYT, 14 Nov 2011) - Music fans looking to clear out some clutter can always try to sell their old CDs. But can someone resell an old digital music file of "Thriller" that's languishing on a computer? A legitimate secondhand marketplace for digital music has never been tried successfully, in part because few people think of reselling anything that is not physical. But last month a new company, ReDigi, opened a system that it calls a legal and secure way for people to get rid of unwanted music files and buy others at a discount. The service has already drawn concern from music executives and legal scholars, who say it is operating in a gray area of the law. Last Thursday the Recording Industry Association of America, which represents the major record companies, sent ReDigi a cease-and-desist letter, accusing it of copyright infringement. John Ossenmacher, ReDigi's chief executive, contends that the service complies with copyright law, and that its technology offers safeguards to allay the industry's concerns that people might profit from pirated music. "ReDigi is a marketplace that gives users tools to be in compliance with copyright law," he said. "Before I put a file up for sale ReDigi says you will need to delete them, and if not it won't take them." When a user wants to upload a song for sale, ReDigi analyzes its metadata - a kind of digital fingerprint - to verify that it came from an official store like iTunes or Amazon. (It does not accept files ripped from a CD, or others whose provenance it considers suspect.) A desktop program then deletes any copies left on a user's computer, and can detect if that user tries to add copies later. Songs on the service, which is based in Cambridge, Mass., cost 79 cents, as much as 50 cents less than the price of new tracks at iTunes. ReDigi users also get coupons worth 20 cents for each song upload for sale, effectively reducing the cost of a track to 59 cents. ReDigi's fee ranges from 5 to 15 percent, a spokeswoman said. The company also plans to open a similar market for e-books, Mr. Ossenmacher said. ReDigi says it is legal under the first-sale doctrine, the idea that once someone buys a copyrighted item like a CD or book, that buyer is free to resell it. But legal scholars say that the law is unclear when it comes to digital goods because transferring a digital file from one party to another usually involves making a copy of it, something generally not allowed under copyright law. "The real challenge for the first-sale doctrine in the digital environment," said Mark A. Lemley, a professor at Stanford Law School, "is that courts have generally said that if you've gone beyond using your copy, and made a new copy, then you're outside the scope of the doctrine." Jason M. Schultz, an assistant professor of law at the University of California, Berkeley, said there were aspects to the first-sale law that may apply to digital goods, but have been largely untested in the courts. The recording industry association's letter to ReDigi, a copy of which was obtained by The New York Times, says that the company violates copyright by making copies of files, and by providing 30-second samples of songs without licenses. A spokeswoman for ReDigi said on Friday that the company had not received the letter.

top

- and-

Authors Guild: Kindle Owners' Lending Library Is "Nonsense" (PaidContent.org, 15 Nov 2011) - The Authors Guild is taking a stand against the Kindle Owners' Lending Library, Amazon's new initiative allowing Kindle-owning Prime members to borrow free e-books. Amazon (NSDQ: AMZN) is "boldly breaching its contracts" with publishers, the Guild contends, in "an exercise of brute economic power." The Kindle Owners' Lending Library contains over 5,000 titles, many of which are being included without publisher permission. In those cases, Amazon is simply buying a copy of the book at the wholesale price any time a Prime member borrows it (hence no "big six" publishers' titles are in the program, since they set their own e-book prices). When the program first launched, many publishers did not even know that their books were included. The Association of Author Representatives and others have raised questions over how authors whose books are included will be paid. The Authors Guild contends that the publishers who willingly included their books in the lending library (and were paid a hefty sum by Amazon to do so) are in the wrong: "While these publishers generally have the right to license e-book uses for many of their authors' titles (just as most trade publishers do), our reading of the standard terms of these contracts is that they do not have the right to do so without the prior approval of the books' authors."

top

- and -

Cambridge University Press to Try Renting Academic Articles (ArsTechnica, 30 Nov 2011) - Ars' science articles link to the academic papers that are being discussed, and based on reader comments, people have a clear interest in looking over the publications. Unfortunately, that interest often runs into a significant hurdle, one that can be summarized as "they expect me to pay $30 to read that?" Now, one academic publisher is experimenting with a system that might get a few more people reading its products: it's offering to rent access to the articles. The publisher, Cambridge University Press, isn't a major force in the world of academic journals; many of its offerings, such as the Journal of Helminthology and the American Journal of Alternative Agriculture, appeal to very niche audiences. But it appears to be a reasonable attempt to find a balance somewhere between strict article purchasing and an open access model. Under the plan, users would pay a moderate fee for one-time access (£3.99/$5.99/€4.49) to a PDF of the article. They won't be able to save, print, or copy any of the text-just display it in their browser. Cambridge University Press plans on adding support for mobile browsers shortly. The prices still seem a bit high for a casual reader, but it's certainly a significant step down from the typical prices (for the journals in question, it represents an 86 percent discount). On its own, Cambridge University Press doesn't publish enough material that this will significantly change academic publishing. The best hope for this effort to have a larger impact would be if it inspired a larger publisher to perform a similar experiment.

top

Title Firm Sues Bank Over $207k Cyberheist (KrebsOnSecurity, 14 Nov 2011) - A title insurance firm in Virginia is suing its bank after an eight-day cyber heist involving more than $2 million in thefts and more than $200,000 in losses last year. In an unusual twist, at least some of the Eastern European thieves involved in the attack have already been convicted and imprisoned for their roles in the crime. Sometime before June 2010, crooks infected computers of Vienna, Va. based Global Title Services with the ZeuS Trojan, giving them direct access to the company's network and online banking passwords at then-Chevy Chase Bank (now Capital One). On June 1, 2010, the thieves made their move, and began sending a series of unauthorized wire transfers to money mules, individuals who were hired to help launder the funds and relay them to crooks overseas. The first three wires totaled more than $200,000. When Global Title's owner Priya Aurora went to log in to her company's accounts 15 minutes prior to the first fraudulent transfers went out, she found the account was locked: The site said the account was overdue for security updates. When Aurora visited the bank local Chase branch to get assistance, she was told she needed to deal with the bank's back office customer service. Between June 2 and June 8, the thieves would send out 15 more wires totaling nearly $1.8 million. The bank ultimately was able to reverse all but the first three fraudulent wires on June 1. Global Title is suing Capital One, alleging the bank failed to act in good faith and failed to implement commercially reasonable security procedures for its online banking clients. The lawsuit notes that at the time of the breach, Capital One's online banking system used single-factor authentication; it allowed commercial clients to log in and to transfer millions of dollars using nothing more than a username and password.

top

Pentagon: Offensive Cyber Attacks Fair Game (Washington Post, 15 Nov 2011) - The Pentagon has laid out its most explicit cyberwarfare policy to date, stating that if directed by the president, it will launch "offensive cyber operations" in response to hostile acts. Those hostile acts may include "significant cyber attacks directed against the U.S. economy, government or military," Defense Department officials stated in a long-overdue report to Congress released late Monday. But the report is still silent on a number of important issues, such as rules of engagement outside designated battle zones - a sign of how challenging the policy debate is in the newest and most complex realm of warfare. The statements are consistent with preexisting policy, but have never before been stated quite so explicitly, even in the Pentagon's recently released cyberspace strategy . That strategy focused on the importance of deterring attacks by building defenses that would "deny" adversaries the benefits of success. In the latest report, the Pentagon states that adversaries threatening a crippling cyber attack against the United States "would be taking a grave risk."

top

Righthaven Case Ends in Victory for Fair Use (EFF, 18 Nov 2011) - In a victory for fair use, the publisher of the Las Vegas Review-Journal, Stephens Media, filed papers yesterday conceding that posting a short excerpt of a news article in an online forum is not copyright infringement. The concession will result in entry of a judgment of non-infringement in a long-running copyright troll case that sparked the dismissal of dozens of baseless lawsuits filed by Righthaven LLC. The case began when the online political forum Democratic Underground -- represented by the Electronic Frontier Foundation (EFF), Fenwick & West LLP, and attorney Chad Bowers -- was sued by Righthaven for a five-sentence excerpt of a Review-Journal news story that a user posted on the forum with a link back to the newspaper's website. Democratic Underground countersued, asking the court to rule that the excerpt did not infringe copyright and is a fair use of the material, and brought Righthaven-backer Stephens Media into the case.

top

Fair Use In European Law (Media Law Prof Blog, 21 Nov 2011) - P. B. Hugenholtz and Martin Senftleben, University of Amsterdam, have published Fair Use in Europe: In Search of Flexibilities. Here is the abstract: "There appear to be good reasons and ample opportunity to (re)introduce a measure of flexibility in the national copyright systems of Europe. The need for more openness in copyright law is almost self-evident in this information society of highly dynamic and unpredictable change. A historic perspective also suggests that copyright law, particularly in the civil law jurisdictions of Europe, has lost much of its flexibility in the course of the past century. By contrast, with the accelerating pace of technological change in the 21st Century, and in view of the complex process of law making in the EU, the need for flexible copyright norms both at the EU and the national level is now greater than ever. Against this background, the authors argue that the EU copyright acquis leaves considerably more room for flexibilities than its closed list of permitted limitations and exceptions suggests. In the first place, the enumerated provisions are in many cases categorically worded prototypes rather than precisely circumscribed exceptions, thus leaving the Member States broad margins of implementation. In the second place, the EU acquis leaves ample unregulated space with regard to the right of adaptation that has so far remained largely unharmonized. A Member State desiring to take full advantage of all policy space available under the Information Society Directive, might achieve this by literally transposing the Directive's entire catalogue of exception prototypes into national law. In combination with the three-step test, this would effectively lead to a semi-open norm almost as flexible as the fair use rule of the United States. Less ambitious Member States seeking to enhance flexibility while keeping its existing structure of limitations and exceptions largely intact, can explore the policy space left by distinct exception prototypes. In addition, the unharmonized status of the adaptation right would leave Member States free to provide for limitations and exceptions permitting, for example, fair transformative uses in the context of producing and disseminating user-generated content." The paper is here .

top

Can A Copyright Be Assigned By Email? (Eric Goldman's blog, 21 Nov 2011) - Can a copyright be assigned by an exchange of emails? Section 204(a) of the Copyright Act provides that a transfer of copyright ownership is not valid unless an instrument of conveyance, or a note or memorandum of the transfer, is in writing and signed by the owner of the rights conveyed or by such owner's duly authorized agent. The 11th Circuit has recently affirmed a lower court's decision that an exchange of emails was sufficient to constitute a contract to assign a copyright. The court's decision, however, does not seem to adequately address whether the email exchange satisfies the "writing" requirement in Section 204. Vergara Hermosilla v. The Coca Cola Company, No. 11-11317 (11th Cir. Nov. 3, 2011).

top

New Version of NC SaaS Ethics Opinion (VirtualLawPractice, 22 Nov 2011) - The NC Bar has published the revised version of it proposed ethics opinion entitled "Subscribing to Software as a Service While Fulfilling the Duties of Confidentiality and Preservation of Client Property", 2011 FEO 6 on the website. It will also be published in the next issue of the NC State Bar Journal . You can read some of the history of this opinion in this post . After a year or more of subcommittee review and revision, this latest version will hopefully be the final one that the Ethics Committee recommends for adoption by the Council at their January meeting. The subcommittee removed the list of minimum requirements for the selection of a technology vendor. Many of the items on the list had raised concern as detailed here by myself and others. The new version of the opinion sticks with the "reasonable care" standard requiring the attorney to do his or her due diligence in researching the technology and any third-party provider. The proposed opinion states: "…a law firm may use SaaS if reasonable care is taken to minimize the risks of inadvertent disclosure of confidential information and to protect the security of client information and client files. A lawyer must fulfill the duties to protect confidential client information and to safeguard client files by applying the same diligence and competency to manage the risks of SaaS that the lawyer is required to apply when representing clients." The opinion then goes on to state that because technology and security risks change so rapidly, the opinion will not include minimum requirements that might quickly become outdated and create a false sense of security for practitioners. Instead, they suggest that in order to conduct due diligence the attorney can 1) look for confidentiality provisions in the vendor's user agreement or SLA, 2) review the SLA and any security policies, 3) evaluate how the vendor has stored secures the data and 4) review how the vendor backs up the data.

top

Findlaw Legal Pulse as Launched - Aggregates Topical News and Social Media (BeSpacific, 22 Nov 2011) - News release : "FindLaw.com is introducing FindLaw Legal Pulse , a new content area that offers continuously updated legal headlines from around the world, along with news, photo feeds and analysis from such sources as Reuters, the Associated Press, New York Times and Washington Post. The content covers a broad range of law-related topics -- everything from Supreme Court decisions to legislative updates, everyday legal issues and even sports and celebrity news. FindLaw Legal Pulse offers tangible user benefits -- the news is up-to-date, comes from a rich variety of sources, and is tailored to audiences with legal interests." [Editor: so far, I'm not impressed - the above-the-fold stories (styled "Editor's Picks") haven't changed in a week.]

top

Panel Admonishes Criminal Defense Attorney For Blog Naming Clients, Omitting Disclaimer (BNA, 23 Nov 2011) - A criminal defense attorney who blogs about criminal proceedings, including his clients' cases, violated Virginia lawyer conduct rules by including clients' names in blog posts without their consent, a Virginia State Bar disciplinary committee determined in an order released Nov. 8 (In re Hunter, Virginia State Bar, 3d Dist. Comm., VSB No. 11-032-084907, 11/8/11). The panel also found that the attorney's blog, This Week in Richmond Criminal Defense, hosted on his law firm's website, constitutes advertising and therefore should have included a disclaimer required by rules governing lawyer advertising. The panel's order publicly admonishes the attorney, Horace F. Hunter, and warns that further ethics violations will result in more serious sanctions. "Respondent's website discusses information regarding his clients' cases, the disclosure of which would be embarrassing or be likely to be detrimental to the client," the committee's opinion states. "Respondent did not receive consent from any of the clients listed in the postings on the respondent's web page prior to disseminating such case information."

top

EU Privacy Law is No Excuse for Spoliation of Evidence (Steptoe, 23 Nov 2011) - European Union requirements to delete personal data once it is "no longer necessary" for business purposes do not excuse a company from U.S. law regarding spoliation of evidence. A decision last month by the U.S. District Court for the Northern District of California in IO Group Inc., et al. v. GLBT Ltd., et al., rejected a British website operator's argument that its intentional destruction of emails relevant to copyright infringement litigation could not be considered spoliation of evidence because it was done per the requirements of the U.K. Data Protection Act 1998. This decision highlights the fact that U.S. courts often will not excuse noncompliance with U.S. law on grounds that complying would result in a violation of foreign law - a conundrum that is increasingly faced by companies that have data stored abroad but are subject to U.S. jurisdiction.

top

Digital Downloads Sub for Weighty Scores (NYT, 24 Nov 2011) - Digital gadgetry has increasingly been making its mark on classical music performance. It hit a milestone this week at the New York Philharmonic. Jeffrey Kahane, the pianist and conductor who is making a guest appearance at the orchestra, used an iPad on Tuesday instead of a score to lead the orchestra in a Mozart symphony. It was a first for the orchestra, the Philharmonic said. Mr. Kahane said it was also his debut with the device in such a major setting. Mr. Kahane conducted from a harpsichord, improvising an accompanying part, or continuo, to the symphony. The sight of a computer tablet sitting atop a quintessentially nonelectronic instrument made of wood, strings and plectrums for plucking them was incongruous. Musicians more and more are using iPads and laptops instead of traditional paper scores, especially pianists. The Borromeo String Quartet makes it a regular practice. Wireless foot pedals or a quick screen tap make it easier to turn pages. Downloading scores for study or performance saves about 30 or 40 pounds of luggage while on the road, said Mr. Kahane, who is music director of the Los Angeles Chamber Orchestra. Mr. Kahane said the iPad would be impractical for a Mahler symphony, say, with its much larger scoring, and there is the danger of equipment malfunction. But tapping also eliminates the possibility of turning two pages at once, tearing out a leaf or pulling the whole score off the stand, as can happen, he said. He uses a stylus or other program features to mark the scores, many of which he downloads from open-source sites. Mr. Kahane said he had about 100 scores on his iPad, including Mozart's Symphony No. 33, the work played on Tuesday and scheduled for performances on Friday, Saturday and Tuesday.

top

Web Poster's Anonymity Preserved By Appellate Decision (Chicago Tribune, 26 Nov 2011) - The name of an anonymous Web poster who ridiculed a former Buffalo Grove trustee's 15-year-old son does not have to be revealed, an appellate court has ruled in a case closely watched for its implications for Internet anonymity. "Encouraging those easily offended by online commentary to sue to find the name of their 'tormentors' would surely lead to unnecessary litigation and would also have a chilling effect on the many citizens who choose to post anonymously" on newspaper websites, the Illinois First District Appellate Court ruled. Putting publishers and website hosts in the position of "cyber-nanny" is "a noxious concept that offends our country's long history of protecting anonymous speech," Justice Terrence Lavin wrote.

top

French IT Company Declares The Email Dead (Business Insider, 28 Nov 2011) - The CEO of one of Europe's largest IT companies has told his staff they are to stop emailing each other stating that it is no longer an "appropriate" communication tool. The Telegraph reports that Thierry Breton, CEO of Atos, wants to abandon email all together within 18 months. Instead, he wants to promote instant messaging and the good old fashioned spoke word. The Wall Street Journal reports that Breton hasn't sent a work email for three years. Now, France's former finance minister is hoping to pass his ethos on to his employees stating to the Telegraph: "It is not normal that some of our fellow employees spend hours in the evening dealing with their emails." "The email is no longer the appropriate (communication) tool." The newspaper also reported that only 11 percent of French 11 to 19-year-olds utilize email as a communication method. [Editor: Atos was part of Schlumberger, where I worked for 2 decades. They aren't (usually) crazy; maybe this story is incomplete. See also the story below under " LOOKING BACK "]

top

Cablegate One Year Later: How WikiLeaks Has Influenced Foreign Policy, Journalism, and the First Amendment (EFF, 28 Nov 2011) - One year ago today, WikiLeaks started publishing a trove of over 250,000 leaked U.S. State Department cables, which have since formed the basis of reporting for newspapers around the globe. The publication has given the public a window into the inner workings of government at an unprecedented scale, and in the process, has transformed journalism in the digital age. In recognition, WikiLeaks founder Julian Assange was just awarded Australia's version of the Pulitzer Prize, in addition to the Martha Gellhorn journalism prize he won in the United Kingdom earlier this year. As Salon's Glenn Greenwald observed, "WikiLeaks easily produced more newsworthy scoops over the last year than every other media outlet combined." Yet at the same time, the Justice Department has been investigating WikiLeaks for criminal violations for doing what other media organizations have been doing in the U.S. for centuries-publishing truthful information in the public interest. Here is a look at Cablegate's impact on journalism surrounding six countries central to U.S. foreign policy, and why it is vital for the media to stand up for WikiLeaks' First Amendment right to publish classified information.

top

D.C. Courts Fight the Future in New Rule Limiting Electronic-Device Use in Courthouse (Berkman CMLP, 28 Nov 2011) - The Blog of the Legal Times reports that the Superior Court of the District of Columbia - the local trial court for the nation's capital - has issued a new administrative order regarding use of electronic devices in the courthouse. And like other courts, the new rules impose a class system of "haves" and "have nots" - favored types of the people can have and use the devices, while everyone else can not. The rules also contain an archaic view of electronic devices that effectively means that even when the rules allow them to be used, they cannot be used for any modern, web-based functions. Unlike most other "state" courts , the D.C. Superior Court maintains an almost complete ban on photography in court. See D.C. Super. Ct. R. Crim. Proc. 53(b); D.C. Super. Ct. R. Civil Proc. 203(b); D.C. Super. Ct., Juv. Proceed. R. 53(b), and D.C. Super. Ct. Dom. Rels. R. 203(b). The Radio Television Digital News Association points out a limited exception to the ban: the juvenile and criminal court rules permit photography "in any office or other room of the courthouse" with the consent of the person in charge of the office or room and the person or people being photographed. In practice, this means that all such devices must be left outside the courthouse, or checked with court officers at the entrances. The new order , Admin. Order 11-17 (D.C. Super. Nov. 9, 2011) continues this policy, by generally requiring that "before entering any courtroom, everyone shall turn off all electronic devices in his or her possession. Pocket-sized electronic devices shall be turned off and stowed so that they are not visible." The order's definition of "electronic device" is expansive, and includes all types of cameras (whether film or digital), cell phones, computers, analog or digital recorders, MP3 players, "and any other device that is capable of receiving, transmitting, or recording messages, images, sounds, data, or other information by electronic means". The order specifically mentions that it covers "all members of the media and students, who may take notes manually," but the order also provides that "[m]embers of the media may be given permission by the presiding judicial officer to use electronic devices in the courtroom for official business." While the order says that this requirement applies to "everyone," it does not really apply to every person in the courthouse. The order goes on to state that "[t]his prohibition does not include a litigant representing himself or herself and to whom the court has given permission to use an electronic device or any person appearing before a judicial officer in the well of the courtroom if authorized by the presiding judicial officer to use an electronic device in the courtroom." The order also exempts "[m]embers of the Bar or other individuals who are authorized to sit in designated rows of the courtroom (such as pretrial service officers, probation officers, supervision officers, or social workers in court on official business)."

top

Complaint: Medical "Copyright Over Your Comments" Contracts Are Illegal (ArsTechnica, 29 Nov 2011) - When our own Timothy B. Lee stepped into a Philadelphia dentist's office earlier this year, he had an unpleasant experience : the dentist required him to sign over control of all copyright in future online commentary related to that dentist. Here's how Tim described the visit: "When I walked into the offices of Dr. Ken Cirka, I was looking for cleaner teeth, not material for an Ars Technica story. I needed a new dentist, and Yelp says Dr. Cirka is one of the best in the Philadelphia area. The receptionist handed me a clipboard with forms to fill out. After the usual patient information form, there was a "mutual privacy agreement" that asked me to transfer ownership of any public commentary I might write in the future to Dr. Cirka. Surprised and a little outraged by this, I got into a lengthy discussion with Dr. Cirka's office manager that ended in me refusing to sign and her showing me the door." The contract in question came from Medical Justice , which claims to be "relentlessly protecting physicians from frivolous lawsuits." Over the last few years, the company has pioneered a strange niche in the medical business: providing contractual templates that first barred patients from commenting about their doctors online and later gave doctors the power to veto negative reviews. Is this legal? The Center for Democracy & Technology (CDT) filed a complaint today with the Federal Trade Commission (FTC) arguing that Medical Justice was itself engaging in "deceptive and unfair business practices" through the sale of these contracts. The complaint argues that Medical Justice is "engaging in a deceptive business practice by selling contracts which are themselves deceptive to doctors and patients as to whether they are legally enforceable." CDT asks that Medical Justice be barred from selling these kinds of contracts to doctors, that it alert doctors who have already purchased them that the contracts are "likely unenforceable and illegal," and that it give up all money earned from the sale of the contracts.

top

- and -

Medical Justice Capitulates by "Retiring" Its Anti-Patient Review Contracts (Eric Goldman, 1 Dec 2011) - It's been a rough week for Medical Justice, the company that tries to help doctors suppress patient reviews. First, the Center for Democracy and Technology filed an FTC complaint alleging three main points: (1) Medical Justice deceives doctors by selling them contracts that don't work as promised, (2) the effort to suppress patient reviews is unfair under Sec. 5 of the FTC Act, and (3) Medical Justice violates the endorsement/testimonial guidelines through efforts that appear to create fake reviews for doctors. See the CDT announcement . Second, Public Citizen filed a declaratory judgment action against a dentist who tried to use Medical Justice's contract to suppress a patient's review. The dentist didn't actually sue the patient, but he did send over a draft complaint. The DJ complaint touches on a number of interesting issues, including contract unconscionability and dentist ethics, but the copyright angles are perhaps the most interesting. See the Public Citizen announcement . Both CDT and Public Citizen acknowledge the DoctoredReviews website , which Jason Schultz, two Berkeley students and I launched a half-year ago as a way of calling attention to the problems being created by Medical Justice's contracts. Although I'm delighted that the website was helpful to them, I'm even more grateful that they took the website's advocacy and turned it into action. While the FTC complaint and lawsuit work their way through the system, they have already been effective: after going through multiple iterations of its review-suppression contracts, Medical Justice apparently threw in the towel and admitted it is dropping the contracts altogether. Timothy B. Lee at Ars Technica reports: "While we believe these agreements are honest, ethical, and legal, we are going to use this situation as an opportunity to retire these written agreements used since 2007," MJ CEO Jeffrey Segal told Ars on Wednesday. He claims that MJ will recommend to doctors that they stop using the agreements, and that patients will not be asked to sign any such agreements in the future."

top

MyShingle Comments on Proposed Model Rule 5.3 [by] ABA Commission on Ethics 20/20 (Carolyn Elefant, 30 Nov 2011) - Below is my final set of comments on the ABA Commission on Ethics 20/20′s proposals. My comments address the Commission's proposal to subject lawyers to the same level of supervisory oversight for passive cloud services as for human, non-legal service providers. For reasons discussed in this post , I strongly oppose any additional requirements which pose additional burdens on lawyers who seek to use the cloud. Moreover, I just don't see the need to extend the oversight and supervisory obligations of Model Rule 5.3 to passive services, except if the point is backlash against the cloud . Think about it - lawyers have long been permitted to rely on services like banking, phones and computerized legal research without the need for an express directive to oversee and instruct these vendors. As my comments discuss, lawyers must act prudently in selecting any service - that's not just an ethical mandate, but simple common business sense. We can't run effective profitable practices if we employ phone service that goes down every two days or legal research tools that produce inaccurate results. Do we really need more ethics rules governing selection of passive services? In addition, as my comments point out, it may well be impossible for lawyers - and particularly solos to meet the active oversight and instruction requirements proposed in Model Rule 5.3. Solos lack the bargaining power to force vendors to modify their services to our liking. So why impose a requirement that can't be enforced? You can read my full comments at the end of this post, and my earlier comments here .

top

A Note to Our Readers About Comments (NYT Managing Editor, 30 Nov 2011) - Today we are introducing enhancements to our comment system to improve the community experience across NYTimes.com. The first thing you'll probably notice is an entirely new design, which for the first time brings our readers' comments onto the same page as the article or blog post. This improves the old system, which relegated them to a separate page. We are also adding new functions. Comments are now threaded, giving readers the ability to respond to one another. In addition, we've added tie-ins to social media: comments, both yours and others', can now be shared to Twitter and Facebook. And finally, we are introducing a program for "trusted" commenters -- those who have maintained a history of posting outstanding comments on the site. Submissions from these members of our community will not be moderated in advance. Trusted commenter status is offered by invitation only. ( Read more about this program .) We look forward to hearing from you. Please leave your reactions and questions about the new system in the thread below. We'll do our best to respond to as many as possible.

top

Carrier IQ Tracking Scandal Spirals Out of Control (Mashable, 1 Dec 2011) - Carrier IQ, a diagnostic tool installed in millions of smartphones all over the world, is gathering a lot of info about your activity - possibly even recording keystrokes, content of SMS messages and more - and sending it to a third party. It's present on nearly all Android devices, but not Galaxy Nexus, Google Nexus One, Nexus S, or the Motorola Xoom. It's also present on iOS devices, but it seems to be active only when the device is in diagnostic mode. This is the short version of what is quickly becoming a very complicated story with huge implications for user privacy. Carrier IQ is a tool whose primary purpose is recording various info which helps carriers improve the quality of service for their customers. In October, researcher Trevor Eckhart discovered that Carrier IQ is recording, among other things, your every keystroke and possibly sending it back to Carrier IQ's servers. Carrier IQ responded by sending Ekchart a cease & desist letter and publishing a media alert, in which it claims the company is "not recording keystrokes or providing tracking tools." Fast forward to this week, when Eckhart posted video evidence (below) suggesting that Carrier IQ is recording keystrokes and reading incoming SMS messages on Android, more precisely on an HTC EVO 3D. Worse, the app cannot be stopped or removed by the user. While this doesn't prove that Carrier IQ is actually sending the data back to Carrier IQ's servers, it's definitely disconcerting to see all this done by an app which is completely out of users' control. Many questions are still left unanswered. We don't know what Carrier IQ does with the data it collects, or whether it sends keystrokes, SMS messages or other info back to Carrier IQ's servers. We don't know the nature of the deal between Carrier IQ and - seemingly - most of the world's carriers, since almost every device which is sold together with a carrier contract has the app installed. We'll keep you updated as the story unfolds.

top

France Still In Search Of Perfect Cookie (Steptoe, 1 Dec 2011) - France's data protection agency, the Commission National de l'Informatique et des Libertés, has released yet more guidance on acceptable practices for implementing amendments to EU privacy law that requires website operators to obtain user consent prior to the installation of cookies. The latest set of guidelines reiterates the data regulator's intent to strictly apply active consent requirements in enforcing France's laws implementing the EU e-Privacy Directive, once again reminding website operators that browser settings alone are not sufficient to fulfill EU privacy obligations. This statement goes further than the agency's September guidance in clarifying what measures are necessary to comply with EU requirements by providing examples of adequate and inadequate website consent mechanisms. Even the loquacious Proust didn't need this many words to describe his wondrous madeleine in In Search of Lost Time.

top

U.S. Publishes Final Rules on Student Privacy Law (InsideHigherEd, 2 Dec 2011) - The U.S. Education Department today published final rules to update the Family Educational Rights and Privacy Act, making relatively few substantive changes from proposed regulations that drew significant comment and quite a bit of criticism from some college groups. The rules give colleges and universities more latitude to share student-level information with state agencies and others, without student consent.

top

NOTED PODCASTS

World of Lawcraft (Berkman Center, 4 Nov 2011; 32 minutes) - Video games aren't just, well, fun and games. When you pop open a video game - be it Farmville on Facebook for your smartphone or World of Warcraft on your $10,000 immersive gaming setup - you are entering into any number of different terms and conditions agreements about behavior and property that govern your playtime. But questions have started to arise as more and more games build the concept of virtual property into their play. New powers, levels, avatars, privileges - who do those things belong to, and under what jurisdiction do they fall? Greg Lastowka is a professor of law at Rutgers University and author of the book Virtual Justice: The New Laws of Online Worlds . Lastowka has given a great deal of thought to the virtual worlds of video games, and documented some of the cases where the laws of the game and the laws of real life clash, sometimes violently. [Editor: Interesting discussion, but I was surprised that he didn't touch on money-laundering issues in MMORPG environments. On that subject, Neal Stephenson's new book, REAMDE , is a pretty interesting read.]

top

Michael Nielsen on Doing Science in the Open (Berkman Center, 25 Oct 2011; 72 minutes) - Consider the Polymath Project, an ongoing experiment in "massively collaborative" mathematical problem solving. The idea is to use online tools like blogs and wikis to collaboratively attack difficult mathematical problems. Michael Nielsen - author of the book Reinventing Discovery and an advocate of open science - discusses how online tools like the Polymath Project can be used to transform the way we humans work together to make scientific discoveries, and how the normally conservative scientific culture can become more open. [Editor: The podcast implicates knowledge-production (if not management) in the distributed academic sphere, with crowdsourcing, Communities of Practice, and cultural enablers/barriers. There's an interesting post by Nick Milton parsing some of the implications for knowledge management - " It's Not Always Experts Who Have the Answers ."]

top

LOOKING BACK

SHORT MESSAGING MAKES A DENT IN E-MAIL USE E-mail use has fallen by 5% this year in the U.K., due to the popularity of short text messaging via mobile phones. According to a report for Barclays bank, the drop was even more dramatic -- 10% -- among 18- to 24-year-olds. "Young people aren't giving up on the Internet," says Barclays e-commerce chief Simon Newman. "They take what they want out of it and move on to other high-tech media for convenience and leisure." (Ananova 30 Mar 2001) http://www.ananova.com/news/story/sm_259919.html

top

POORER COUNTRIES GET FREE E-ACCESS TO MEDICAL JOURNALS (Washington Post 9 Jul 2001) -- Mirroring the drug industry's newfound commitment to make medicines for AIDS, malaria and tuberculosis more widely available to Third World countries, six publishing houses recently announced they will provide free electronic access to about 1,000 medical journals to medical schools, research laboratories and government health departments in poorer countries. Institutions in countries in which the per-capita gross national product (GNP) is less than US$1,000 a year will receive the journals free. In countries where the per-capita GNP is US$1,000 to US$3,000, there would be a minimal charge. http://www.washingtonpost.com/wp-dyn/articles/A33714-2001Jul8.html

top

NOTES

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. BNA's Internet Law News, http://ecommercecenter.bna.com

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. Readers' submissions, and the editor's discoveries.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

MIRLN --- 23 October – 12 November 2011 (v14.15)

2011-11-12T06:11:00.006-05:00

MIRLN --- 23 October - 12 November 2011 (v14.15) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

permalink

NEWS | NOTED PODCASTS | DIFFERENT | LOOKING BACK | NOTES

Lawmakers' Websites Improving, Report Finds
FBI Going to Court More Often to Get Personal Internet-Usage Data
Nasdaq Server Breach: 3 Expected Findings
Make or Buy in the Age of the Free-Agent Lawyer
When Secrets Aren't Safe With Journalists
A "Wow": CEO Pushes Reg FD Limits on Twitter
Insulin Pump Hack Delivers Fatal Dosage Over the Air
NIST Publishes Guide for Monitoring Security in Information Systems
Data Breach Mitigation Costs Were Cognizable Damages
Regulating Network Neutrality
UK Cops Using Fake Mobile Phone Tower to Intercept Calls, Shut Off Phones
Homeland Security Reviews Social Media Guidelines

CIA Following Twitter, Facebook

Our Pleasure to Serve You: More Lawyers Look to Social Networking Sites to Notify Defendants
Open Secret: Cisco Site Shares Privacy Approach

TRUSTe to Issue Free Privacy Policy Creation Starter Kit for Mobile Developers

Keeping Up with the Joneses-How Far Does the 'Reasonable Expectation of Privacy' Go?

Judges Weigh Phone Tracking

Safe in the Cloud? Online Service Risks Need Care and Coverage

New Study Finds 67 Percent of Cloud Servers are Perceived Vulnerable or Potentially at Risk by IT Personnel

Facebook: Monitoring Juror Social Media Networking Sites; "Friending" Employees of Adverse Parties

Case of Fake Facebook Profile Can Proceed, Judge Rules
Judge Orders Exchange of Facebook and Dating Website Passwords in Custody Fight

Out of the Crowd: Public-Supplied Info Gains Ground in Courts
Why Parents Help Their Children Lie to Facebook About Age: Unintended Consequences of the 'Children's Online Privacy Protection Act'
Feds Drop Plan to Lie in Public-Record Act Requests
Hyperlinks and the First Amendment
Ninth Circuit Affirms Google's Section 230 Win Over a Negative Business Review
Surveillance System May Have Recorded Courthouse Conversations in Violation of Federal Law
Apple's Siri Could Get You into Hot Water Behind the Wheel
FTC Settles with Online Advertiser over Flash Cookie Use
Employers Demanding the Right to Remotely Wipe Employees' Phones?

Lawmakers' Websites Improving, Report Finds (Hillicon Valley, 24 Oct 2011) - The overall quality of congressional websites is on the rise, but many still lack basic educational and transparency features, according to a new report. House websites - including member, committee and leadership office sites - saw some degree of improvement from 2009 to 2011, while the Senate saw a small decline, according to the report released Monday outlining best practices in online communications on Capitol Hill. New members elected in 2010 were also found to have developed much better websites in their first year in office compared with their Senate counterparts, the Congressional Management Foundation (CMF) found. Roughly 61 percent of websites from House freshmen earned high marks for their sites from CMF, versus just 31 percent for new senators. The CMF singled out several lawmakers and committees for excellent online communications, with top marks going to Sen. Mark Begich (D-Alaska) for best Senate member website, and Rep. Paul Ryan (R-Wis.) for best House member website. According to the report, many member websites still do not offer basic information about their activities, the work of Congress or the legislative process. Forty percent of lawmakers did not post information on bills members have sponsored or co-sponsored in the current session of Congress, and 44 percent did not post information on the legislator's voting record, according to the report. Forty-seven percent did not post information on how a bill becomes a law, and 67 percent did not provide guidance for communicating with the member office. Lawmakers did take better advantage of social media tools, however, as the use of such technology by congressional offices rose exponentially.

top

FBI Going to Court More Often to Get Personal Internet-Usage Data (Washington Post, 25 Oct) - The FBI is increasingly going to court to get personal e-mail and Internet usage information as service providers balk at disclosing customer data without a judge's orders. Investigators once routinely used administrative subpoenas, called national security letters, seeking information about who sent and received e-mail and what Web sites individuals visited. The letters can be issued by FBI field offices on their own authority, and they obligate the recipients to keep the requests secret. But more recently, many service providers receiving national security letters have limited the information they give to customers' names, addresses, length of service and phone billing records. "Beginning in late 2009, certain electronic communications service providers no longer honored" more expansive requests, FBI officials wrote in August, in response to questions from the Senate Judiciary Committee. This marked a shift from comments made last year by Obama administration officials, who asserted then that most service providers were disclosing sufficient information when presented with national security letters. Investigators seeking more expansive information over the past two years have turned to court orders called business record requests. In the first three months of this year, more than 80 percent of all business record requests were for Internet records that would previously have been obtained through national security letters, the FBI said. The FBI made more than four times as many business records requests in 2010 than in 2009: 96 compared with 21, according to Justice Department reports.

top

Nasdaq Server Breach: 3 Expected Findings (Information Week, 25 Oct 2011) - Remember the Nasdaq breach? [Reported in MIRLN 14.05 ] It's worse than previously thought. Last week, two experts with knowledge of Nasdaq OMX Group's internal investigation said that while attackers hadn't directly attacked trading servers, they had installed malware on sensitive systems, which enabled them to spy on dozens of company directors. "God knows exactly what they have done. The long-term impact of such [an] attack is still unknown," cyber security expert Tom Kellermann, CTO of AirPatrol, told Reuters, which reported the experts' findings. In February 2011, Nasdaq OMX Group had confirmed that its servers had been breached, and suspicious files found on servers associated with Directors Desk, which is a Web-based collaboration and communications tool for senior executives and board members to share confidential information. The product has about 10,000 users, according to the company's website. At the time, Nasdaq said that it had discovered the attack in October 2010, immediately removed the suspicious files, and launched an investigation, saying "at this point there is no evidence that any Directors Desk customer information was accessed or acquired by hackers." But it wasn't clear how long the malicious files may have resided on Nasdaq's systems. Indeed, based on past breaches, many businesses fail to spot when they've been hacked, at least right away. Interestingly, Nasdaq didn't immediately inform customers about the breach, after the FBI--which is investigating the matter, together with the National Security Agency--asked it to delay doing so, so as to not impede its investigation. Furthermore, because of that investigation, Nasdaq hasn't publicly released many details about the attack. But based on recent news reports, as well as likely attack scenarios, we'll likely see these three findings * * *

top

Make or Buy in the Age of the Free-Agent Lawyer (ABA Journal, 26 Oct 2011) - At all stages of a company's life cycle, leadership continually asks the classic "Make or Buy" question. When should a company hire and develop expertise internally, and when does it make more sense to outsource tasks and purchase professional services? When it comes to legal needs, every company has its own pressure points. Mature companies mostly tie in-house headcount to revenue metrics or benchmark against industry norms. Start-ups are more interesting to follow with respect to make or buy decisions, because their behavior usually reflects a cultural choice. Case in point, the fastest growing company in the United States, GroupOn, didn't hire its first General Counsel until June, 2011. Based on GroupOn's revenue history and the huge amount of private equity in play, that's pretty late in the game. Given GroupOn's truly unique culture, which feeds on humor and independent thinking, I suspect that leadership was in no rush to build a law department. The need for policies and procedures does not necessarily equate to a desire for policies and procedures. Eventually, however, most $1 billion-plus companies hire at least one attorney to manage legal services delivery, and of course, many have law departments of significant size. In the "New Normal," the make or buy question expands. For companies with law departments, the objective for chief legal officers goes well beyond the old school notion of justifying additional headcount and then lobbying for it. Instead, progressive law departments are asking simply, "how can we make more in-house?" Taking more work inside does not automatically equate to hiring more attorneys. Instead, an evolving range of options are now in play. For example, many larger law departments have developed brand new job descriptions for tech-savvy operations professionals. This is the kind of quasi-legal role envisioned by Richard Susskind in The End of Lawyers? The objective in creating this position is to incorporate large-scale cost savings via the proper use of knowledge management systems, eBilling software, content providers and more. [Editor: Interesting; Come to think of it, I guess that much of my practice is as such an "adjunct".]

top

When Secrets Aren't Safe With Journalists (NYT OpEd by Chris Soghoian, 26 Oct 2011) - Brave journalists have defied court orders and have even been jailed rather than compromise their ethical duty to protect sources. But as governments increasingly record their citizens' every communication - even wiretapping journalists and searching their computers - the safety of anonymous sources will depend not only on journalists' ethics, but on their computer skills. Sadly, operational computer security is still not taught in most journalism schools, and poor data security practices remain widespread in news organizations. Confidential information is sent over regular phone lines and via text messages and e-mail, all of which are easy to intercept. Few journalists use secure-communication tools, even ones that are widely available and easy to use. Government officials often attempt to get journalists to reveal their sources by obtaining subpoenas and compelling testimony and the required telecommunications records. But sometimes that's not even necessary, because sources have already been exposed by their own lax communications. And then there is illicit monitoring - I believe that American journalists should assume that their communications are being monitored by their government - and possibly other governments as well. As an expert on privacy and government surveillance, I regularly speak with journalists at major news organizations, here and abroad. Of the hundreds of conversations I've had with journalists over the past few years, I can count on one hand the number who mentioned using some kind of intercept-resistant encrypted communication tools. Even when journalists try to do the right thing, they still make dangerous mistakes, like relying on Skype. Skype is slightly more secure than phones but is by no means safe from snooping - which can be done with commercially available interception software.

top

A "Wow": CEO Pushes Reg FD Limits on Twitter (CorporateCounsel.net, 27 Oct 2011) - This blog from Dominic Jones of IR Web Report is a "must" read. I'm going to tease it out by excerpting the first few paragraphs below: ALAN Meckler, CEO of WebMediaBrands Inc. (NASDAQ: WEBM), may be single-handedly redefining how corporate executives in the buttoned-down world of public companies communicate with their investors. The 64-year-old media entrepreneur, whose company owns interests in a number of online businesses and blogs, has been using Twitter to talk about his micro-cap company in ways that have stunned some observers and even drawn questions from the SEC. While some in the conservative world of corporate disclosure have speculated about how Twitter might meet the SEC's Reg FD requirements , Meckler appears to have made up his mind that Twitter is as good a channel as any to break news about everything from pending acquisitions to his next quarter's results. The result is that investors in WEBM are being treated to a new level of access to their chief executive and board chairman, as well as unprecedented commentary and news about the company's business in a real-time, abbreviated format that was previously unheard of.

top

Insulin Pump Hack Delivers Fatal Dosage Over the Air (The Register, 27 Oct 2011) - In a hack fitting of a James Bond movie, a security researcher has devised an attack that hijacks nearby insulin pumps, enabling him to surreptitiously deliver fatal doses to diabetic patients who rely on them. The attack on wireless insulin pumps made by medical devices giant Medtronic was demonstrated Tuesday at the Hacker Halted conference in Miami. It was delivered by McAfee's Barnaby Jack, the same researcher who last year showed how to take control of two widely used models of automatic teller machines so he could to cause them to spit out a steady stream of dollar bills. Jack's latest hack works on most recent Medtronic insulin pumps, because they contain tiny radio transmitters that allow patients and doctors to adjust their functions. It builds on research presented earlier this year that allowed the wireless commandeering of the devices when an attacker was within a few feet of the patient, and knew the serial number of his pump. Software and a special antenna designed by Jack allows him to locate and seize control of any device within 300 feet, even when he doesn't know the serial number.

top

NIST Publishes Guide for Monitoring Security in Information Systems (BeSpacific, 28 Oct 2011) - Information Security Continuous Monitoring (ISCM) for Information Systems and Organizations (NIST Special Publication [SP] 800-137): "Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. This publication specifically addresses assessment and analysis of security control effectiveness and of organizational security status in accordance with organizational risk tolerance. Security control effectiveness is measured by correctness of implementation and by how adequately the implemented controls meet organizational needs in accordance with current risk tolerance (i.e., is the control implemented in accordance with the security plan to address threats and is the security plan adequate).3 Organizational security status is determined using metrics established by the organization to best convey the security posture of an organization's information and information systems, along with organizational resilience given known threat information."

top

Data Breach Mitigation Costs Were Cognizable Damages (CCH Financial Privacy Law Guide, 31 Oct 2011) - The U.S. Court of Appeals for the First Circuit determined that out-of-pocket mitigation costs of credit and debit card replacement and credit insurance incurred by data breach victims were reasonably foreseeable expenses and, therefore, constituted a cognizable harm under Maine law. The breach involved a Maine-based supermarket chain operator's electronic payment processing system that resulted in the theft of 4.2 million credit and debit card numbers. The First Circuit reversed a federal district court's dismissal of negligence and implied contract claims arising from the data breach, in which it had determined that the alleged injuries were too unforeseeable and speculative to be cognizable under Maine law. Anderson v. Hannaford Brothers Co. [Analysis by Edwards Wildman here: http://www.edwardswildman.com/newsstand/detail.aspx?news=2659&elq_mid=16289&elq_cid=996107 ]

top

Regulating Network Neutrality (Media Law Prof Blog, 31 Oct 2011) - Eric Null, Cardozo Law School, has published The Difficulty with Regulating Network Neutrality, at 29 Cardozo Arts and Entertainment Law Journal 459 (2011). Here is the abstract: Network neutrality is, and has been, an essential design element of the Internet. Increasingly, there has been pressure to move from a neutral network to a network that is optimized for particular functions (such as video streaming), and technology has responded to that call through the creation of a powerful technology called Deep-Packet Inspection. DPI allows access providers to directly violate the neutrality principle because it provides a mechanism for unequal treatment of content. The tension between network neutrality and DPI is significant - so much so that the Federal Communications Commission ("FCC") has intervened. The FCC recently published its final Report and Order for Preserving the Open Internet in the Federal Register, which establishes a general principle that neutrality should be safeguarded. Despite this safeguard, the FCC provided for a reasonable network management exception to neutrality, which allows access providers to treat content unequally if the provider is reasonably managing its network. The reasonable network management exception is a broad exception. However, a broad exception, potentially overbroad, may not be the most prudent form for regulating network neutrality. To determine what form is appropriate for network neutrality regulation, one should engage in a rules-versus-standards analysis specifically in this context. There is no obvious choice, but context can provide useful background when determining whether to regulate with rules or standards. Network neutrality regulation should be written as a rule, not a standard. Establishing a rule-like regulation will deter non-neutral behavior by access providers, and will preserve the Internet's neutral architecture and the benefits that equal treatment of content provides. In addition, rule-like regulations reduce the burden placed on enforcers, typically users, of the regulation. For these reasons, the reasonable network management exception should also be worded like a rule; those arguing for a broad, standard-like exception have not successfully demonstrated why a broad exception is required. Paper is here .

top

UK Cops Using Fake Mobile Phone Tower to Intercept Calls, Shut Off Phones (Wired, 31 Oct 2011) - Britain's largest police force has been using covert surveillance technology that can masquerade as a mobile phone network to intercept communications and unique IDs from phones or even transmit a signal to shut off phones remotely, according to the Guardian. The system, made by Datong in the United Kingdom, was purchased by the London Metropolitan police, which paid $230,000 to Datong for "ICT hardware" in 2008 and 2009. The portable device, which is the size of a suitcase, pretends to be a legitimate cell phone tower that emits a signal to dupe thousands of mobile phones in a targeted area. Authorities can then intercept SMS messages, phone calls and phone data, such as unique IMSI and IMEI identity codes that allow authorities to track phone users' movements in real-time, without having to request location data from a mobile phone carrier. In the case of intercepted communications, it is not clear whether the network works as a blackhole where intercepted messages go to die, or whether it works as a proper man-in-the-middle attack, by which the fake tower forwards the data to a real tower to provide uninterrupted service for the user. In addition to intercepting calls and messages, the system can be used to effectively cut off phone communication, such as in a war zone where phones might be used as a trigger for an explosive device, or for crowd control during demonstrations and riots where participants use phones to organize. A spokesman for the U.S. Secret Service verified to CNET that the agency has done business with Datong, but would not say what sort of technology it bought from the company. The FBI is known to use a similar technology called Triggerfish, which also pretends to be a legitimate cell tower base station to trick mobile phones into connecting to it. The Triggerfish system, however, collects only location and other identifying information, and does not intercept phone calls, text messages, and other data. [Related Wired article on FBI's use of such towers here .]

top

Homeland Security Reviews Social Media Guidelines (AP, 31 Oct 2011) - The wave of uprisings across North Africa and the Middle East that have overturned three governments in the past year have prompted the U.S. government to begin developing guidelines for culling intelligence from social media networks, a top Homeland Security official said Monday. Department of Homeland Security Undersecretary Caryn Wagner said the use of such technology in uprisings that started in December in Tunisia shocked some officials into attention and prompted questions of whether the U.S. needs to do a better job of monitoring domestic social networking activity. "We're still trying to figure out how you use things like Twitter as a source," she said. "How do you establish trends and how do you then capture that in an intelligence product?" Wagner said the department is establishing guidelines on gleaning information from sites such as Twitter and Facebook for law enforcement purposes. Wagner says those protocols are being developed under strict laws meant to prevent spying on U.S. citizens and protect privacy, including rules dictating the length of time the information can be stored and differences between domestic and international surveillance. Wagner said the Homeland Security department, established after the 9/11 attacks, is not actively monitoring any social networks. But when the department receives information about a potential threat, contractors are then asked to look for certain references within "open source" information, which is available to anyone on the Internet.

top

- and -

CIA Following Twitter, Facebook (AP, 4 Nov 2011) - In an anonymous industrial park in Virginia, in an unassuming brick building, the CIA is following tweets - up to 5 million a day. At the agency's Open Source Center, a team known affectionately as the "vengeful librarians" also pores over Facebook, newspapers, TV news channels, local radio stations, Internet chat rooms - anything overseas that anyone can access and contribute to openly. From Arabic to Mandarin Chinese, from an angry tweet to a thoughtful blog, the analysts gather the information, often in native tongue. They cross-reference it with the local newspaper or a clandestinely intercepted phone conversation. From there, they build a picture sought by the highest levels at the White House, giving a real-time peek, for example, at the mood of a region after the Navy SEAL raid that killed Osama bin Laden or perhaps a prediction of which Mideast nation seems ripe for revolt. Yes, they saw the uprising in Egypt coming; they just didn't know exactly when revolution might hit, said the center's director, Doug Naquin. The center already had "predicted that social media in places like Egypt could be a game-changer and a threat to the regime," he said in a recent interview with The Associated Press at the center. CIA officials said it was the first such visit by a reporter the agency has ever granted. The CIA facility was set up in response to a recommendation by the 9/11 Commission, with its first priority to focus on counterterrorism and counterproliferation. But its several hundred analysts - the actual number is classified - track a broad range, from Chinese Internet access to the mood on the street in Pakistan. The center's analysis ends up in President Barack Obama's daily intelligence briefing in one form or another, almost every day.

top

Our Pleasure to Serve You: More Lawyers Look to Social Networking Sites to Notify Defendants (ABA Journal, Oct 2011) - Although Jessica Mpafe had not seen her husband in years, she assumed he moved back to West Africa's Ivory Coast. Mpafe of Minnesota had no physical address to serve him with divorce papers. So she asked the court whether she could send the notice by general delivery, where the post office holds mail until the recipient calls for it. Kevin S. Burke, the Hennepin County, Minn., judge presiding over the case, thought that would be a waste of postage. "General delivery made sense 100 years ago, but let's be real," says Burke, implying that few use it anymore. Nor did the judge trust publishing legal notices in a trade paper when the defendant can't be located. "Nobody, particularly poor people, is going to look at the legal newspaper to notice that their spouse wants to get divorced," Burke says. On May 10 the judge wrote an order authorizing Mpafe to serve notice of process to her husband by email, "Facebook, Myspace or any other social networking site." His order stated that while the court allowed service by publication in a legal newspaper, it was unlikely the respondent would see it. "The traditional way to get service by publication is antiquated and is prohibitively expensive," Judge Burke wrote. "Service is critical, and technology provides a cheaper and hopefully more effective way of finding respondent." It was something of a radical move. While courts in Australia, Canada, New Zealand and the United Kingdom embrace electronic legal notice, it's rare in the United States. Many state and federal statutes disallow electronic service of process, lawyers say. In federal cases, some attorneys cite Federal Rule of Civil Procedure 4(f)(3), which allows service only for foreign defendants "by other means not prohibited by international agreement, as the court orders." In a 2002 case, the 9th U.S. Circuit Court of Appeals at San Francisco upheld a default judgment against Rio International Interlink, a Costa Rican gambling website that was served electronically after traditional methods failed. The trademark infringement action was brought by Rio Properties Inc., a Las Vegas hotel and casino. The defendant, wrote Judge Stephen S. Trott, "had neither an office nor a door; it had only a computer terminal. ... When faced with an international e-business scofflaw playing hide-and-seek with the federal court, email may be the only means of effecting service of process."

top

Open Secret: Cisco Site Shares Privacy Approach (ABA Journal, Oct 2011) - Safeguarding information from the onslaught of rapidly advancing technologies that track, store and share sensitive data is one of the greatest concerns among businesses and law firms. Internet giant Cisco Systems feels it has found a collaborative approach to privacy, and it's sharing its story right out there on the Web. "Privacy is an evolving area and there's going to be a lot of changes to come. So let's share our best practices," says Van Dang, Cisco's deputy general counsel. Dang recently launched a cloud-based privacy portal on her company's website so clients and corporations can explore Cisco's privacy and compliance programs, as well as comment about their own best practices. The portal contains compliance reference materials such as agreement templates and security checklists, and it also promotes Cisco products. The portal hosts a community forum to encourage feedback, and it links to law firm and industry blogs on privacy and security issues. Dang hopes to eventually build a fully interactive platform that allows law firms to create and add their own content directly on the site. Developed during a nine-week flurry by Dang and a team of Cisco professionals last winter, the project is intended to help legal departments and law firms offer greater client and consumer protection with fewer resources, while creating collaborative industry standards for best practices. The Cisco privacy portal is here .

top

- and -

TRUSTe to Issue Free Privacy Policy Creation Starter Kit for Mobile Developers (ReadWriteWeb, 2 Nov 2011) - Internet privacy solutions provider TRUSTe is concerned that mobile apps do not have built-in privacy solutions. TRUSTe claims that 77% of all mobile applications lack privacy policies that can allow users to decide how they want to share data third parties. As such, TRUSTe is coming out with a free privacy policy for mobile developers later this month. Essentially what TRUSTe is coming out with is a privacy policy wizard or starter kit for mobile developers that do not have policies in place for their apps. Developers are led through a set of questions defining what their apps do and do not do in terms of privacy and at the end of the quiz, TRUSTe gives them a line of code that links to the apps privacy policy. The free version does not give a developer a certified TRUSTe privacy seal and there is potential for abuse of the system by creating a privacy policy with an app that does not follow those guidelines.

top

Keeping Up with the Joneses-How Far Does the 'Reasonable Expectation of Privacy' Go? (ABA Journal, by Erwin Chemerinsky, 1 Nov 2011) - One of the most difficult, and potentially most important cases of the U.S. Supreme Court term will be argued on Nov. 8. United States v. Jones involves the question of whether it is a search or seizure within the meaning of the Fourth Amendment when the police plant a GPS device on a person's vehicle and monitor it for 24 hours a day, for 28 days. Since Katz v. United States, decided in 1967, the Supreme Court has defined the protections of the Fourth Amendment in terms of the "reasonable expectation of privacy." But how does that apply in this situation? On the one hand, the court has long held that people have no expectation of privacy for their public activities. The police could have followed Jones' car on public streets for a month, perhaps by using undercover officers, and no one would have contended that there was a search or seizure that required a warrant. On the other hand, people have the expectation that police are not planting a device on their car to monitor their every move. As technology develops, police are gaining more ability to follow anyone at any time. A great deal of personal information can be learned by following someone for weeks. Yet, said Chief Judge Alex Kozinski of the 9th U.S. Circuit Court of Appeals, "There is something creepy and un-American about such clandestine and underhanded behavior." Kozinski, dissenting from denial of en banc rehearing in the 2010 case, United States v. Pineda-Moreno, added, "To those of us who have lived under a totalitarian regime, there is an eerie feeling of déjà vu." [Editor: excellent, readable explication of the case.]

top

- and -

Judges Weigh Phone Tracking (WSJ, 9 Nov 2011) - State and federal authorities follow the movements of thousands of Americans each year by secretly monitoring the location of their cellphones, often with little judicial oversight, in a practice facing legal challenges. Electronic tracking, used by police to investigate such crimes as drug dealing and murder, has become as routine as "looking for fingerprint evidence or DNA evidence," said Gregg Rossman, a prosecutor in Broward County, Fla. The use of cellphone tracking by authorities is among the most common types of electronic surveillance, exceeding wiretaps and the use of GPS tracking, according to a survey of local, state and federal authorities by The Wall Street Journal. The widening practice also presents one of the biggest privacy questions in a generation: Do police need a search warrant to follow a person's minute-by-minute movements using satellite or cellphone technology? Al Gidari, a partner at law firm Perkins Coie whose clients include mobile carriers, told Congress last year that wireless service providers receive an "astronomical" number of requests for user records-including location. "It is not uncommon for law enforcement to ask for a phone to be" tracked every 15 minutes, he said. Little is known about the practice because tracking requests are typically sealed from public view. While search warrants are generally delivered to people whose property is being searched, most people whose phones are targeted never learn about it. They typically find out only if they are charged with a crime and their tracking data are used as evidence against them. The Journal identified more than 1,000 instances of cellphone tracking in several large U.S. cities last year through open-records requests and court documents. The data showed that the practice is a widely and increasingly used police tool. Magistrate Stephen Smith of Houston, Texas, who approves such surveillance orders, has been studying the available data and estimates that federal courts alone issue 20,000 to 30,000 cellphone tracking orders annually. By comparison, federal and state courts approved 3,194 wiretaps in 2010, according to federal records.

top

Safe in the Cloud? Online Service Risks Need Care and Coverage (ABA Journal, 1 Nov 2011) - Document security, always a law practice issue, has come to the forefront as law firms and their clients consider using online-based software for business uses. Most often called cloud computing or software as a service, the process involves using the Internet to access useful applications. Rather than purchasing and installing the necessary software for a firm's private computer system, users upload information onto the Internet-"the cloud"-where it is stored with a software service. "Certain levels of security will depend on the company you are dealing with and on the underlying cloud provider," says Arlen Tanner, an attorney at Shook, Hardy & Bacon in Kansas City, Mo., who specializes in business records management. "Most cloud-based services are small startup companies leasing space on a large cloud, such as from Google, Amazon, Microsoft or IBM. Cloud service providers like Dropbox, for example, store your data on storage they lease from a major cloud provider." Lawyers whose security measures prove inadequate for protecting client confidences are vulnerable to malpractice lawsuits. Liability depends on whether a lawyer has reasonable practices in place to protect against a breach of client confidences. A firm's current malpractice insurance coverage for "errors and omission could cover some aspects of damages arising from a data breach depending on the factual circumstances, but it most likely doesn't cover the type of expenses that can arise in the aftermath," says Brant Weidner, a claims manager for Beazley Group in Chicago, a Lloyd's of London syndicate offering lawyers' professional liability insurance, including specialty lines for cyber- and data-related losses. "The fixes that clients demand or the law requires when a breach occurs are very specific and expensive." Weidner advises asking insurers what losses are covered for cyberattacks. "Lawyers should have coverage specifically designed to deal with the losses that can arise in the event of a data breach: That means notifying clients that data has been disclosed, credit monitoring if necessary, and hiring a computer security expert to figure out why there was a breach. There is also the possibility of civil fines for violations. All of these costs can have not only financial but also professional consequences," he says. "Beyond the costs," Weidner says, "firms also need to consider whether they have exercised reasonable care, and they need to know what reasonable care looks like."

top

- and -

New Study Finds 67 Percent of Cloud Servers are Perceived Vulnerable or Potentially at Risk by IT Personnel (Ponemon Institute, 2 Nov 2011) - Dome9 Security ™, the leading provider of cloud security management for public and private clouds, as well as for dedicated and virtual private servers (VPS), and the Ponemon Institute, a privacy and information management research firm, today announced the results of a first-of-its-kind cloud security study, which found that 67 percent of IT security respondents report that their organization is very vulnerable or vulnerable because cloud ports and firewalls are not adequately secured. Furthermore, 54 percent of respondents said their organizations' IT personnel are not knowledgeable or have no knowledge about the potential risk of open firewall ports in their cloud environments. The study "Cloud Security: Managing Firewall Risks" was independently conducted by the Ponemon Institute, one of the world's foremost authorities on data security and privacy, and was sponsored by Dome9 Security. The research was conducted to determine the challenges organizations face when managing access and securing firewalls and ports in cloud environments. The study analyzed responses from 682 IT and IT security practitioners in the United States working in organizations that use hosted or cloud servers (dedicated or virtual private servers). On average, respondents have more than 10 years of IT or IT security experience, and 40 percent come from organizations with 5,000 employees or more in globally dispersed locations. "We believe this is the first study to look at the risk to cloud security because of unsecured ports and firewalls, and the results are very revealing," said Dr. Larry Ponemon, founder and chairman of the Ponemon Institute. "It is commonly accepted that organizations believe they struggle with security in the cloud, but this study gets to a root of the problem. For example, more than half of the respondents said it is very likely or likely that administrative cloud server ports left open for access expose the organization to increased hacker attacks and security exploits. Nineteen percent say these exploits have already happened." For a copy of the study, see: http://www.dome9.com/resources/ponemon-cloud-security-study

top

Facebook: Monitoring Juror Social Media Networking Sites; "Friending" Employees of Adverse Parties (ABA Journal, Nov 2011) - You are representing a client in a personal injury matter. During pre trial voir dire proceedings and during the trial itself, can you search for and monitor jurors' and potential jurors' Twitter accounts and social network Internet postings? What are your obligations should you uncover evidence of juror misconduct? You represent a client in a wrongful discharge matter against the client's former employer. You have reason to believe that certain high-level employees of the employer are dissatisfied and may be likely to post unfavorable comments about the employer on their private social networking pages. Can you send a "friend" request to these employees to gain access to their private social media pages? Since the publication of the last Eye on Ethics column on Facebook, November of 2010, "Facebook: State Bar Opinions Address Information Gathering," there have been some new state bar opinions that have addressed various issues that relate to social networking. The topics covered include monitoring jurors' social network and Internet postings, and whether a lawyer can "friend" high-level employees of an adverse represented party. [Editor: usefully parses recent NY County Opinion, and another by the San Diego County Bar.]

top

- and -

Case of Fake Facebook Profile Can Proceed, Judge Rules (Law.com, 3 Nov 2011) - A woman accused of impersonating her boyfriend on a fake Facebook page and posting inflammatory comments can be prosecuted for identity theft, a judge ruled Wednesday in a case that could have wider implications for cyber-speech. Dana Thornton was indicted last year on one count of fourth-degree identity theft, a crime punishable by a maximum 18-month prison term upon conviction. Assistant Prosecutor Robert Schwartz said she created the Facebook page using photos and personal information about her ex-boyfriend, a police detective in northern New Jersey, and posted comments purported to be from him. According to grand jury testimony recited in court Wednesday, among the comments posted on the page were that the ex-boyfriend, a narcotics detective, was "high all the time," had herpes and frequented prostitutes and escort services. At issue is a New Jersey law that makes it illegal to impersonate someone "for the purpose of obtaining a benefit for himself or another or to injure or defraud another." Bradley Shear, a Bethesda, Md., lawyer who works on online issues, said he expects to see more cases like this one in the near future. The New Jersey case could be a difficult prosecution, he said, because of the way the state's law is written. "This specific situation sounds like it may be better handled in civil rather than criminal court," he said. "It's very tough to say this is a violation of the law." It is, however, a violation of Facebook's terms of service, he said. So far, only California and New York have laws specifically banning online identity theft. Shear said those states are leading the way largely because of the large number of celebrities who live in them. But he said such laws can get tricky to enforce because it's legally thorny when the alleged offender is out of state.

top

- and -

Judge Orders Exchange of Facebook and Dating Website Passwords in Custody Fight (ABA Journal, 8 Nov 2011) - A Connecticut judge has ordered lawyers representing a divorcing couple to exchange passwords to their clients' Facebook and dating websites. Judge Kenneth Schluger ordered the password exchange in the divorce of Stephen and Courtney Gallion, according to the Forbes blog The Not-So Private Parts . The judge cautioned in a Sept. 30 order that the exchange should be carried out by the lawyers, and neither spouse may post messages purporting to be the other. Stephen Gallion's lawyer, Gary Traystman, told the blog his client believes the social networking accounts will provide evidence about Courtney Gallion's ability to take care of their children. Stephen Gallion is arguing for full custody. According to the story, other judges have issued similar orders. "In 'normal' discovery, a litigant is usually asked to turn over 'responsive material,' not the keys to access all that material and more," the story says, "but it seems that judges are applying different standards to social networking accounts."

top

Out of the Crowd: Public-Supplied Info Gains Ground in Courts (ABA Journal, 1 Nov 2011) - In past years it wasn't uncommon for a law firm, hired to defend a lucrative patent, to send associates and law clerks on time-consuming, poorly directed missions to scour old filings and Internet databases in search of prior art to determine the origins of the invention in question. No more. Lawyers and clients are harnessing the collective search power of online global communities to uncover a single piece of existing artwork that could turn a multimillion-dollar lawsuit. They're crowdsourcing. Article One Partners develops patent studies that typically run six weeks, and asks targeted communities of scientists and other specialists to find relevant artwork for rewards that range from $5,000 to $50,000, depending on the nature of the dispute. The company then filters the submissions, sends the top selections to the client, and announces the winner of the best entry on its website. Crowdsourcing isn't just for the patent set. Consumer reviews on a social media website provided important evidence in a trademark dispute in June when fast-food chain Chipotle sued another establishment called Chipotles for infringement. One key factor in the court's decision to grant the plaintiff injunctive relief was the actual confusion among consumers demonstrated on customer review sites Urbanspoon and Yelp, where reviews erroneously linked the plaintiff and defendant. "The case gives a good example of how companies (and their competitors) should be aware of how their brands appear in social media," wrote Chicago-based intellectual property lawyer Evan Brown on Internet Cases: A Blog About Law and Technology. Although the Arkansas federal court considered consumer reviews in the Chipotle dispute, crowdsourcing for admissible evidence may be a stretch in future cases as courts are likely to find user comments posted online as hearsay, particularly online user comments with no verifiable identity attached, Brown added. And it's unlikely that an online consumer company like Yelp would comply in a civil suit to turn over commenters' credentials or IP addresses for verification. However, those concerns didn't stop London's Metropolitan Police from posting images taken from British surveillance cameras of alleged rioters on the photo-sharing website Flickr this summer, asking the public to identify people in the photos for arrest. In this way, crowdsourcing was a digital version of circulating wanted posters and collecting the responses-only on a much more visible lamppost.

top

Why Parents Help Their Children Lie to Facebook About Age: Unintended Consequences of the 'Children's Online Privacy Protection Act' (Berkman's community members danah boyd, Eszter Hargittai, Jason Schultz, and John Palfrey; 1 Nov 2011) - Facebook, like many communication services and social media sites, uses its Terms of Service (ToS) to forbid children under the age of 13 from creating an account. Such prohibitions are not uncommon in response to the Children's Online Privacy Protection Act (COPPA), which seeks to empower parents by requiring commercial Web site operators to obtain parental consent before collecting data from children under 13. Given economic costs, social concerns, and technical issues, most general-purpose sites opt to restrict underage access through their ToS. Yet in spite of such restrictions, research suggests that millions of underage users circumvent this rule and sign up for accounts on Facebook. Given strong evidence of parental concern about children's online activity, this raises questions of whether or not parents understand ToS restrictions for children, how they view children's practices of circumventing age restrictions, and how they feel about children's access being regulated. In this paper, we provide survey data that show that many parents know that their underage children are on Facebook in violation of the site's restrictions and that they are often complicit in helping their children join the site. Our data suggest that, by creating a context in which companies choose to restrict access to children, COPPA inadvertently undermines parents' ability to make choices and protect their children's data. Our data have significant implications for policy-makers, particularly in light of ongoing discussions surrounding COPPA and other age-based privacy laws.

top

Feds Drop Plan to Lie in Public-Record Act Requests (Wired, 3 Nov 2011) - Bowing to political pressure, the Justice Department abruptly dropped proposed revisions to Freedom of Information Act rules Thursday that would have authorized the government to inform the public that requested records do not exist even if they do. The proposal would have granted the government a new option to state that documents relevant to a FOIA request did not exist. According to the Justice Department's proposal, if the government believes records should be withheld, the government agency to which the request was made "will respond to the request as if the excluded records did not exist." Under normal practice, which seems Orwellian enough, the government may assert that it can neither confirm nor deny that relevant records exist if the matter involves national security. Civil rights groups, and a host of lawmakers from both sides of the spectrum, had blasted the Justice Department's original proposal .

top

Hyperlinks and the First Amendment (MLPB, 3 Nov 2011) - Anjali Dala, Yale University, Yale Information Society Project, has published Protecting Hyperlinks and Preserving First Amendment Values on the Internet in volume 13 of the University of Pennsylvania Journal of Constitutional Law (May 2011). Here is the abstract: Hyperlinks are critical to communication in part because they facilitate access to information. They provide visitors on one website a way to navigate to internally referenced words, phrases, arguments, and ideas. In addition to being vehicles for communication, this article contends that hyperlinks are communicative in and of themselves. They signal user preferences, democratize the national dialogue, indicate credibility, function as a signature on a virtual petition and help establish virtual associations. This Article presents the first comprehensive examination of First Amendment concerns related to hyperlinks and argues that any judicial or legislative regulation of hyperlinks should be reviewed under a strict scrutiny standard. Nearly 50 years ago, the Supreme Court recognized a constitutional privilege to disseminate information in New York Times v. Sullivan. In Sullivan, the Court extended a constitutional privilege to newspapers because of their role as an incredibly important, unique medium of communication. The same sentiment should extend to protect new media as they emerge. This Article concludes by discussing how a strict scrutiny standard should be applied to claims alleging trademark infringement, e-trespass, copyright infringement, contributory infringement, and contract violation as a result of hyperlink use. Article here .

top

Ninth Circuit Affirms Google's Section 230 Win Over a Negative Business Review (Eric Goldman, 3 Nov 2011) - The Blacks sued Google over a negative third party review of their business published in an unspecified Google property. This lawsuit was obviously preempted by 47 USC 230 from the get-go, so I easily fit my prediction of the case's outcome into a tweet . In August 2010, the district court dismissed the lawsuit on Section 230 grounds in an efficient opinion. The Ninth Circuit didn't find this case any more challenging than the district court did. In a brief unpublished memo opinion, the court upheld the district court's ruling. The main substantive sentence of the Ninth Circuit's opinion: The district court properly dismissed plaintiffs' action as precluded by section 230(c)(1) of the Communications Decency Act ("CDA") because plaintiffs seek to impose liability on Google for content created by a third party. See Fair Hous. Council of San Fernando Valley v. Roommates.com, LLC, 521 F.3d 1157, 1162 (9th Cir. 2008) (en banc) ("Section 230 of the CDA immunizes providers of interactive computer services against liability arising from content created by third parties . . . ."); Carafano v. Metrosplash.com, Inc., 339 F.3d 1119, 1122 (9th Cir. 2003) ("Through [section 230 of the CDA], Congress granted most Internet services immunity from liability for publishing false or defamatory material so long as the information was provided by another party."). Black v. Google, Inc. , 10-16992 (9th Cir. Nov. 1, 2011).

top

Surveillance System May Have Recorded Courthouse Conversations in Violation of Federal Law (ABA Journal, 4 Nov 2011) - A security system installed in June in one or more courthouses in Baldwin County, Ala., included a number of cameras that also recorded audio placed in high-risk areas such as exits and hallways. However, until yesterday no one apparently told lawyers who routinely look for a quiet spot in public areas to confer with clients, according to the Press-Register. Local defense attorneys expressed outrage at the potential breach of attorney-client privilege and the Baldwin County Commission said it had disabled the audio portion of the cameras this week "out of an abundance of caution," the newspaper reports. District Attorney Hallie Dixon said she learned of the audio issue last week and insisted on the shutdown. The county sheriff says the U.S. Attorney's office and the Federal Bureau of Investigation are reviewing the matter. "Just about every lawyer I have talked to has been shocked and outraged," said Daniel Mitchell, a local defense lawyer. "We all knew there were cameras, but no one ever notified anyone that there was more than video monitoring. Our bar association certainly didn't know about it."

top

Apple's Siri Could Get You into Hot Water Behind the Wheel (SiliconValley.com, 7 Nov 2011) - Siri may be a seductively smart companion. But let the new iPhone's voice-activated Gal Friday sit beside you as you drive up Highway 101 and you might get into trouble with the law. Or maybe not. Police say you can talk to Siri while driving. Just don't touch her. "It's legal to talk to Siri, as long as the phone's not in your hand," says San Jose police Lt. Chris Monahan. "But if you ask for directions and she puts them up on her screen for you to read, then California's vehicle code says you're breaking the law." But in an example of the law being a few steps behind the technology it's trying to address, the bill's author says that because Siri is not "a person" the law may not apply at all. "I'm a legislator, not a judge or a law enforcement official," said state Sen. Joe Simitian, D-Palo Alto, who wrote the hands-free and texting laws enacted in 2008 and 2009. "But I don't see how asking Siri for driving instructions and then looking down at the text on the phone is any more of a violation of existing law than reading your GPS device. The law talks about communicating with any 'person.' And if there's one thing we know for sure, it's that Siri is not a person."

top

FTC Settles with Online Advertiser over Flash Cookie Use (WSJ, 8 Nov 2011) - In a case that raises questions about the use of "supercookies" to track users online, the Federal Trade Commission said Tuesday that it reached a settlement with an online advertiser the commission had charged with deceiving customers by using a type of tracker called a Flash cookie. According to the FTC complaint, ScanScout, an advertising network that places video ads on websites, instructed its consumers via its privacy policy page that they could opt out of receiving targeted ads by "changing your browser settings to prevent the receipt of cookies." That turned out not to be the case. ScanScout uses Flash cookies, technology that cannot be removed by changing browser settings for ordinary cookies. The FTC called ScanScout's claims "deceptive." The practice, according to the complaint, ran from at least April 2007 to December 2010. As part of the settlement ScanScout must place a prominent notice on its website saying that the company collects information about user activities, with a link that takes consumers to a mechanism that allows them to prevent the company from collecting more information about the user.

top

Employers Demanding the Right to Remotely Wipe Employees' Phones? (Eric Goldman, 9 Nov 2011) - I got the following email from one of my students (I edited a little to increase the anonymity): "Recently, my spouse's company announced that it is going to implement a new policy regarding those employees using their mobile devices to check company email. These phones are personal phones, and not provided by the company. What they are proposing is that my spouse sign a release that states that the Company has the right to remotely wipe the phone (restoring it to factory settings) if they feel that any of their trade secrets have been compromised, or if the spouse loses/misplaces the phone. My problem with this is that these are personal phones with personal information not connected to her work. Does her company have the right to wield such power, or is this over doing it?" This was the first time I'd ever heard of such a provision. Has this become a new standard, or is this company over-the-top hyper-protective of its trade secrets? As an employee, I would not sign such a release. Further, if I were the employer, I would be reluctant to rely on the release, even if signed, to actually wipe a former employee's phone. If the employee challenged the wipe in court, I would imagine many judges would be reluctant to enforce the release, motivating them to look for reasons not to do so. If nothing else, there's a major due process problem (in the equity sense, not the legal sense). The company is the judge, jury and executioner without ever proving trade secret misappropriation, and carrying out the remote wipe could cause catastrophic data losses for the employee (and possibly for a subsequent employer). This just seems like a bad idea all around. Please email me if you've seen a provision like this in the field before or if you know of any cases/statutes that address the situation. In the email, let me know if I can repost your email here. [Editor: I know of a few law firms that are taking a similar approach.]

top

NOTED PODCASTS

Curation: Beyond the Buzzword (IT Conversations, 26 minutes) - According to Eric Schmidt, "Between the dawn of civilization through 2003, mankind created five exabytes of information. Now that much amount of information is created every two days." Curator Steve Rosenbaum does not seem impressed by this mass of unorganized information. According to Rosenbaum, what humans need is a way to categorize, find, and sort information qualitatively. however, we emphasizes, that this is a job that, at the moment, requires a human instead of a computer. Alluding to our reflexive need to check our emails and the tendency of Google and other search engines to give us far too much information, Rosenbaum dismisses the past standard of 'Content is King.' He instead stresses the importance of curation and human influence on sorting and choosing information. The problem, in his opinion, is combining this quality with computer efficiency. With his own examples of curation, which include a book and a documentary about September 11, 2001, Steve Rosenbaum stresses the importance of creating collections of information, works of art, and culture, and liberating it in a flexible architecture that allows us to consume that information in a way that most makes sense for us. He also discusses the use of modern technology and tablet technology to present new opportunities in dealing with massive amounts of information. [Editor: the idea the "books" are the end-result of terrific curation reminds me of "The Young Lady's Illustrated Primer", an unusual book that is the center point of Neal Stephenson's 2000 novel "The Diamond Age".]

top

Artificial Intelligence - A Legal Perspective (Sanford, Center for Internet & Society, 106minute podcast) - Although we are still waiting on promises of "strong AI" capable of approximating human thought, the widespread use of artificial intelligence has the potential to reshape medicine, finance, war, and other important aspects of society. The Center for Internet and Society, along with the Stanford Law and Technology Association (SLATA), and the Stanford Technology Law Review (STLR) bring together four scholars who have begun to examine the near term, short term, and long term ramifications of artificial intelligence for law and society. This panel follows up on our Legal Challenges in an Age of Robotics panel from November 2009.

top

DIFFERENT

Artists File Lawsuits, Seeking Royalties (NYT, 2 Nov 2011) - When the taxi baron Robert Scull sold part of his art collection in a 1973 auction that helped inaugurate today's money-soused contemporary-art market, several artists watched the proceedings from a standing-room-only section in the back. There, Robert Rauschenberg saw his 1958 painting "Thaw," originally sold to Scull for $900, bring down the gavel at $85,000. At the end of the Sotheby Parke Bernet sale in New York, Rauschenberg shoved Scull and yelled that he didn't work so hard "just for you to make that profit." The uproar that followed in part inspired the California Resale Royalties Act, requiring anyone reselling a piece of fine art who lives in the state, or who sells the art there for $1,000 or more, to pay the artist 5 percent of the resale price. That law is now at the center of three class-action suits brought this month by artists who include Chuck Close and Laddie John Dill and the estate of the sculptor Robert Graham. They have filed suit against the auction powerhouses Sotheby's and Christie's and the online auction site eBay for failure to pay royalties. The suits do not specify damages, nor do they list particular sales of art by California residents. Rather, as Eric George, the lawyer who filed them, explained, the complaints seek to force the auction houses to reveal the identities or locations of sellers, information that is often kept secret. Sotheby's responded to the suit with a terse statement: "We believe the claim is meritless, and it will be vigorously defended." Christie's said that it "views the California Resale Royalties Act as subject to serious legal challenges" and that it "looks forward to addressing these issues in court." The law has so far survived two legal challenges, and experts in art law are divided about whether it might be vulnerable on constitutional grounds. The larger issue of whether visual artists should receive a cut of future sales remains a subject of vigorous debate. Dozens of countries already have a version of a resale royalties law, generally referred to by the French phrase droit de suite. Starting in 2012, Britain and other members of the European Union will adhere to a uniform standard that applies to both living artists and those who have died within the past 70 years. Indeed, Christie's, on its Web site, informs prospective clients that it collects the royalty mandated in Europe at the time of the sale.

top

LOOKING BACK - MIRLN TEN YEARS AGO

POLICE MAKE DOUGHNUT RUN VIA CHOPPER (AP, 5 October 2001) -- Albuquerque police have taken doughnut runs to new heights, swooping down in an official helicopter for a late-night snack. "If they violated policy or procedure, they're going to get disciplined for it," said Lt. Bob Huntsman, department spokesman. "We've worked too hard to make this a professional unit to let lack of common sense tear us down." Keith Turner, who works near a Krispy Kreme doughnut shop, said he was on a break with other people early Thursday when a police helicopter circled and landed in a dirt field nearby. "I was like, `No, they'd better not go and get doughnuts,"' Turner said. As the helicopter idled, someone got out and went into the store, returning 10 or 15 minutes later with a Krispy Kreme box, he said. http://www.salon.com/people/wire/2001/10/05/doughnuts/index.html

top

REPORT: ONLINE BILL PAYMENT GAINING GROUND (Ecommerce Times, 15 October 2001) Although less than 9 percent of those surveyed used online bill payment services, many more are interested in using those services in the future, said a report by the Yankee Group. This year, 8.7 percent of consumers surveyed paid their bills over the Internet, up from 5.1 percent in 2000, Yankee said. "Considering the growth we've seen in the past, it's not a bad growth rate," Yankee director Paul Hughes told the E-Commerce Times. Hughes said that banks, credit-card companies and others have been pushing hard to get customers to pay their bills online, offering incentives like frequent-flyer miles and Web certificates to get people to sign up for e-billing programs. Yankee said that among consumers who used electronic bill-payment services, 28.7 percent cited the convenience of not having to write checks as the primary benefit. Another 14.9 percent said saving time was their main motivation. Hughes said BellSouth, AT&T and American Express are among large billers that have been successful at marketing their online billing services and making them easier to use. Concerns about security are "starting to wane, which is good," said Hughes. http://www.ecommercetimes.com/perl/story/14151.html

top

NOTES

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. BNA's Internet Law News, http://ecommercecenter.bna.com

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. Readers' submissions, and the editor's discoveries.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

MIRLN --- 1-22 October 2011 (v14.14)

2011-10-22T07:24:00.000-04:00

MIRLN --- 1-22 October 2011 (v14.14) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

NEWS | RESOURCES | FUN | LOOKING BACK | NOTES

DHS Creates New Senior Cyber Position In NPPD
Orwell's Armchair
EU Cloud Vendors Liable For Breaches
Federal Reserve Wants to Read Your Facebook Posts
Law School Lets You Apply For College From Smart Phones
Stream Away

Judge Suggests DMCA Allows DVD Ripping if You Own the DVD

How New Labor Guidelines Could Affect Your Social Media Policy
Arrested in Seattle, Computer Security Expert Creates Searchable Website of Police Dashcam Video Log
A Citizen's Guide to Reporting on #OccupyWallStreet
Pentagon Website Covers Guantanamo Trials
FOIA and the Question of Secret Law
FBI To Launch Nationwide Facial Recognition Service
Publisher Claims Ownership of Time-Zone Data
US Power Plants Vulnerable to Cyberattack

Cybercrime Becomes Bigger Threat to Energy Industry than Terrorists
SEC Asks Companies to Disclose Cyber Attacks

RSA Details March Cyberattack, Blames "Nation State" for SecurId Breach
Does Keystroke Monitoring Violate ECPA?
Judge Royce Lambert: No Warrant Needed For Cell Phone Location Data
People Are Starting To Leave Their Facebook Passwords In Their Will
Three Emerging Cyber Threats
How the Top 50 Nonprofits Do Social Media

Feds' Social Media Use Increases
Why I Deleted My Facebook Account

Los Angeles To Google: We Won't Pay For LAPD Seats
Spanish Court Reverses Course: Says Linking To Infringing Material Is A Crime

Supreme Court of Canada Stands Up for the Internet: No Liability for Linking

Cyber Attacks and Warfare
French Cookies Are Beginning to Taste Like British Biscuits

DHS Creates New Senior Cyber Position In NPPD (FederalNewsRadio, 22 Sept 2011) - The Homeland Security Department continues to shift cybersecurity oversight chairs. Suzanne Spaulding is the new deputy undersecretary for the department's National Protection and Programs Directorate (NPPD), according to an email from Rand Beers, DHS under secretary of NPPD, obtained by Federal News Radio. Spaulding replaces Phil Reitinger, who left June 3. Reitinger joined Sony as its chief information security officer in August. "Suzanne brings a wealth of experience, having spent nearly 25 years working on national security issues in the public and private sectors," Beers wrote in the email to staff. "As deputy undersecretary, Suzanne will focus on efforts to reduce risk and enhance the resiliency of critical infrastructure, secure federal facilities, and advance identity management and verification." In her new role, Spaulding will oversee the US-VISIT program, infrastructure protection, the Federal Protective Service and the Office of Risk Management and Analysis. Spaulding is expected to start in early October, Beers said. Along with naming Spaulding, Beers said Greg Schaffer will move into a new position, the deputy undersecretary for cybersecurity on an interim basis. "This position will help the directorate ensure robust operations and strengthened partnerships in the constantly evolving field of cybersecurity," Beers said. Schaffer has been the acting deputy undersecretary and will assume the role of acting deputy undersecretary for cybersecurity until a permanent person is announced in the coming weeks. Spaulding comes to DHS after serving as a principal for the Bingham Consulting Group in Washington. She also was the minority staff director for the House Permanent Select Committee on Intelligence and was the general counsel for the Senate Select Committee on Intelligence. Additionally, Spaulding spent six years at the CIA and served as senior counsel and legislative director for former Sen. Arlen Specter (D-Pa.). [Editor: Suzanne is extremely capable and her background has prepared her well for this role. She's also been very active in the ABA and with the Standing Committee on Law & National Security, where I served with her from 2002-2009.]

top

Orwell's Armchair (by Derek Bambauer, forthcoming U. Chicago Law Review) - Abstract: "America has begun to censor the Internet. Defying conventional scholarly wisdom that Supreme Court precedent bars Internet censorship, federal and state governments are increasingly using indirect methods to engage in "soft" blocking of on-line material. This Article assesses these methods and makes a controversial claim: hard censorship, such as the PROTECT IP Act, is normatively preferable to indirect restrictions. It introduces a taxonomy of five censorship strategies: direct control, deputizing intermediaries, payment, pretext, and persuasion. It next makes three core claims. First, only one strategy - deputizing intermediaries - is limited significantly by current law. Government retains considerable freedom of action to employ the other methods, and has begun to do so. Second, the Article employs a process-based methodology to argue that indirect censorship strategies are less legitimate than direct regulation. Lastly, it proposes using specialized legislation if the U.S. decides to conduct Internet censorship, and sets out key components that a statute must include to be legitimate, with the goal of aligning censorship with prior restraint doctrine. It concludes by assessing how soft Internet censorship affects current scholarly debates over the state's role in shaping information on-line, sounding a skeptical note about government's potential to balance communication." [Editor: recommended by Chris Soghoian]

top

EU Cloud Vendors Liable For Breaches (SC Magazine, 29 Sept 2011) - The European Union will introduce rules that make cloud providers legally liable for data breaches. The Binding Safe Processor Rules (BSPR) will require cloud service providers in the EU to agree to becoming legally liable should any data offences occur at their data centres, lawyers said yesterday. It will effectively act as an accreditation scheme for cloud providers, meaning it will need vendors to sign up to the initiative. Eduardo Ustaran, partner at law firm Field Fisher Waterhouse and driving force behind the new rules, said service providers would likely to sign up because it would give them a selling point. If they refused, they would be seen as unsafe, he said. Vendors must prove their security models were adequate to get accredited. Verizon Business had pushed for the EU to enshrine the BSPR concept in data protection law.

top

Federal Reserve Wants to Read Your Facebook Posts (FCW, 30 Sept 2011) - Complaints on Twitter or Facebook about jobs or rising food prices may become fodder for the Federal Reserve Bank of New York's assessments of the world's current economic conditions. The bank has issued a request for proposals seeking a contractor to help gauge the nation's economic mood by sampling conversations on social media platforms such as Facebook, Twitter, YouTube and blogs. The bank said it wants a Sentiment Analysis and Social Media Monitoring Solution to gather and report data from around the world, in multiple languages, on a continuous basis. The proposal calls for "Social Media Listening Platforms" to be created to "monitor billions of conversations" and generate text analytics. Bank officials state in the RFP that they want to stay current on public opinion, and social media monitoring provides a means to do that. "Social media platforms are changing the way organizations are communicating to the public," the request states. "Conversations are happening all the time and everywhere. There is need for the Communications Group to be timely and proactively aware of the reactions and opinions expressed by the general public as it relates to the Federal Reserve and its actions on a variety of subjects."

top

Law School Lets You Apply For College From Smart Phones (Atlanta TV, 3 Oct 2011) - John Marshall School of Law in Atlanta has taken the act of applying to school and brought it into the new age of technology. John Marshall has introduced a mobile application that allows potential students to apply for law school from the palm of their hand. Prospective students can visit m.johnmarshall.edu from their mobile device from their smart phone or their tablet to apply. "We want students to be able to come to a law school forum, tour our campus, talk to us and apply immediately. If they have to wait until they get home and turn on a computer, they may not apply," Alan Boyer, Associate Dean of Recruitment and Marketing said in a statement released Monday. Students who use their mobile device over the next few weeks to apply to John Marshall will also get a waiver of the customary $50 application fee.

top

Stream Away (Inside Higher Ed, 5 Oct 2011) - A federal judge on Monday threw out a lawsuit by an educational media trade group and one of its constituents against the University of California over the legality of streaming copyrighted videos on secure course websites. While the case was dismissed largely on technical grounds, U.S. District Court Judge Consuelo B. Marshall indicated that streaming a copyrighted work on a secure website is no different from holding a screening in a classroom. "The type of access that students and/or faculty may have, whether overseas or at a coffee shop, does not take the viewing of the DVD out of the educational context," Marshall wrote in her decision. Because the only rights-holding plaintiff in the case, Ambrose Video Publishing, had licensed UCLA to "publicly perform" its videos in the classroom, streaming it on a secure site was also permissible, the judge said. However, legal experts say the decision hardly resolved the central question of whether streaming copyrighted videos in online classrooms is protected under the fair use provisions to U.S. copyright law. The Association for Information and Media Equipment (AIME), along with Ambrose, brought the suit late last year after it found out that the University of California at Los Angeles was facilitating online streaming for its courses. The case attracted a great deal of attention from fair use advocates, who argued -- as did the university -- that allowing students to stream videos via password-protected course websites was no different from convening a group viewing in a classroom, which they argued was covered under fair use. AIME has countered that in order to convert the videos into digital versions that could be streamed, UCLA was copying the videos' content unlawfully.

top

- and -

Judge Suggests DMCA Allows DVD Ripping if You Own the DVD (ArsTechnica, 5 Oct 2011) - A Monday ruling suggests that educational institutions are entitled to stream legally purchased DVDs on campus without the permission of copyright holders. A federal judge dismissed a lawsuit charging UCLA with violating the Digital Millennium Copyright Act and other provisions of copyright law by ripping DVDs and streaming them to students. "UCLA is pleased that the court dismissed the plaintiffs' lawsuit challenging UCLA's practice of streaming previously purchased video content for educational purposes," said Scott Waugh, UCLA executive vice chancellor and provost. "The court ruling acknowledges what UCLA has long believed, that streaming licensed DVDs related to coursework to UCLA students over UCLA's secure network is an appropriate educational use." The lawsuit was brought by a trade association of educational video publishers called the Association for Information Media and Equipment (AIME), and one of its members, Ambrose Video Publishing. The plaintiffs allege that around January 2006, UCLA purchased video streaming software that included a DVD-ripping capability, and began streaming DVDs it had purchased-including some belonging to Ambrose-to members of the UCLA community. Ambrose and AIME sued in December 2010, alleging copyright infringement, breach of contract, and other harms. They argued that UCLA violated the anti-circumvention provisions of the DMCA when it ripped Ambrose's copy-protected DVDs. They also argued that its DVDs are sold under a licensing agreement that prohibits rebroadcast and public display. And they noted that Ambrose was just one of many copyright holders whose works were included in UCLA's 2,500-work streaming library. UCLA countered that copyright's fair use doctrine gives educators broad latitude to publicly perform copyrighted works as part of their instructional activities. They also noted that Ambrose's own catalog states that "All purchases by schools and libraries include public performance rights." As for the DMCA claim, UCLA argued that because the school was the lawful owner of the DVDs at issue, it had a right to access the DVDs and therefore could not have run afoul of the ban on circumventing access-control measures. Judge Consuelo B. Marshall sided with UCLA. He noted that the plaintiffs conceded that UCLA had the right to show its DVDs in the classroom, and ruled that UCLA's streaming service was functionally equivalent. "The type of access that students and/or faculty may have, whether overseas or at a coffee shop, does not take the viewing of the DVD out of the educational context," he wrote. Marshall also ruled that UCLA's copies of the DVDs were incidental to its lawful streaming service, and was therefore fair use. Case is Association For Information Media and Equipment v. University of California

top

How New Labor Guidelines Could Affect Your Social Media Policy (Mashable, 5 Oct 2011) - While social media has been around for a while, there are still aspects of it that are very new, such as policy development. Such policies have to stand the test of time and evolve as the workplace - and the social media platforms and their usage - changes. In August, the National Labor Relations Board (NLRB) released a report on the outcome of investigations into 14 cases involving the use of social media and employers' social media policies. The NLRB is an independent agency in the U.S. government that protects employees' rights to join together to improve wages and working conditions, with or without a union. Here's an overview of the report and some pointers on what your company should consider when it comes to social media policy development.

top

Arrested in Seattle, Computer Security Expert Creates Searchable Website of Police Dashcam Video Log (ABA Journal, 5 Oct 2011) - Arrested three years ago in Seattle when a police officer apparently didn't appreciate his "brainiac" attitude after he was questioned about swatting giant sponge golfballs from bar to bar during a pub crawl, a computer security expert has fought back bigtime. Once the obstruction case against him was dismissed, Eric Rachner pursued a public-disclosure claim against the city's police department over its failure to provide all video camera footage of his arrest, winning a $60,000 judgment. And today he filed suit against the department again, asserting claims in his King County Superior Court complaint (PDF) for false arrest, obstruction of justice, malicious prosecution and "spoliation of video evidence," reports the Seattle Times. But that's not all. Tomorrow the 35-year-old Rachner plans to activate a website that he says will allow arrested citizens and their attorneys to see whether there is any video from the dashboard cameras that police are supposed to activate during arrests. As part of the judgment in his favor in the disclosure suit, Rachner and his lawyer, Cleveland Stockmeyer, were given copies of the department's log of every dashcam arrest video shot by Seattle patrol officers between July 2008 and August of this year. By checking the log, other arrestees and their counsel "might find, as we did in Eric's case, that the video and the police reports were so at odds that they might as well have been from different incidents," Stockmeyer tells the Times. Much of Rachner's latest suit focuses on what he contends is a widespread practice of the department of failing to provide requested dashcam footage not only to arrestees who request it but even to federal investigators. The department, he alleges in the suit, "has had a policy and custom to falsely conceal video when it is requested." Other videos, he claims, have been lost and officers sometimes don't activate the dashcams when they are supposed to, all of which results in a loss of evidence. A local television station filed suit against the police last month, the newspaper says, after learning Rachner had dashcam logs that had been withheld from a reporter.

top

A Citizen's Guide to Reporting on #OccupyWallStreet (Berkman's CMLP, 7 Oct 2011) - We at the Citizen Media Law Project have taken great interest in the ongoing "Occupy Wall Street" protest in New York. Much of what we know about the protest has come from independent reporters and citizen journalists covering the story from the ground. Knowing this, we are alarmed to hear reports of policearresting reporters during the protest. This, of course, could greatly discourage press coverage of this story. In order to encourage citizen reporting from the ground in New York, and to dispel the uncertainties as to the rights of those covering the protest, we have created this special question-and-answer guide regarding covering the protest in New York as a special addendum to our CMLP Legal Guide. For more general information, you can also refer to our guide's section on New York law. Note: This guide specifically addresses the law as it pertains to New York City and the protests currently occurring in Zuccotti Park. The information provided below will not apply with respect to the other #occupy protests throughout the country. While we tried our best to present the law as it generally applies in New York, specific facts and circumstances often alter outcomes in specific cases. Also, this post provides the law as it exists in October of 2011. We do not intend to update this post as the law changes, so if you find yourself returning to this at a later time please note that the law may have changed. PDF version of the CMLP guide here.

top

Pentagon Website Covers Guantanamo Trials (Robert Ambrogi, 7 Oct 2011) - The Department of Defense has launched a website, Military Commissions, devoted to coverage of trials by the military courts in operation at Guantanamo to try accused terrorists. Notably, the site allows users to view and download documents and court filings from the commission cases against specific individuals and to obtain summaries of the charges against them. The site also provides a description of military commissions and how they work. It includes an interesting chart that compares the rules and procedures in military commissions with those in courts-martial and Article III courts. There is also a collection of significant court opinions relating to military commissions and of current and historical documents pertaining to the commissions. There is even a section providing details on travel to Guantanamo Bay. The Pentagon created the site, it says, to help "provide fair and transparent trials of those persons subject to trial by Military Commissions while protecting national security interests."

top

FOIA and the Question of Secret Law (Lawfare, 7 Oct 2011) - Charlie Savage of the New York Times has filed this FOIA suit in an effort to acquire a classified report issued by DOJ and ODNI to Congress "pertaining to intelligence collection authorities" under section 215 of the USA PATRIOT Act (permitting the government to obtain from the FISC an order for the production of "any tangible things" upon a showing of "reasonable grounds" in relation to an international terrorism or counterintelligence investigation). The report appears to have sparked fierce objections from Senators Ron Wyden and Mark Udall, who have asserted in floor debate that the government has a troubling "secret" interpretation of the PATRIOT Act. The suit itself presents the question whether legal analysis, as distinct from details of the program itself, warrants protection under FOIA exemption 1. The complain calls for release of at least a redacted version of the DOJ/ODNI report, if not the whole thing. If successful, of course, this strategy could have significant implications across a range of settings involving internal government legal advice.

top

FBI To Launch Nationwide Facial Recognition Service (NextGov, 7 Oct 2011) - The FBI by mid-January will activate a nationwide facial recognition service in select states that will allow local police to identify unknown subjects in photos, bureau officials told NextGov. The federal government is embarking on a multiyear, $1 billion dollar overhaul of the FBI's existing fingerprint database to more quickly and accurately identify suspects, partly through applying other biometric markers, such as iris scans and voice recordings. Often law enforcement authorities will "have a photo of a person and for whatever reason they just don't know who it is [but they know] this is clearly the missing link to our case," said Nick Megna, a unit chief at the FBI's criminal justice information services division. The new facial recognition service can help provide that missing link by retrieving a list of mug shots ranked in order of similarity to the features of the subject in the photo. Today, an agent would have to already know the name of an individual to pull up the suspect's mug shot from among the 10 million shots stored in the bureau's existing Integrated Automated Fingerprint Identification System. Using the new Next-Generation Identification system that is under development, law enforcement analysts will be able to upload a photo of an unknown person; choose a desired number of results from two to 50 mug shots; and, within 15 minutes, receive identified mugs to inspect for potential matches. Users typically will request 20 candidates, Megna said. The service does not provide a direct match. Michigan, Washington, Florida and North Carolina will participate in a test of the new search tool this winter before it is offered to criminal justice professionals across the country in 2014 as part of NGI. The project, which was awarded to Lockheed Martin Corp. in 2008, already has upgraded the FBI's fingerprint matching service. Local authorities have the choice to file mug shots with the FBI as part of the booking process. The bureau expects its collection of shots to rival its repository of 70 million fingerprints once more officers are aware of the facial search's capabilities. [Editor: reminds me of the premise behind CBS's interesting new show " Person of Interest".]

top

Publisher Claims Ownership of Time-Zone Data (Wired, 9 Oct 2011) - The publisher of a database chronicling historical time-zone data is claiming copyright ownership of those facts, and is suing two researchers for re-purposing it in a free-to-use database relied on by millions of computers. The researchers' publicly available database was being hosted on a server at the Maryland-based National Institutes of Health, which apparently has removed the data at the request of Massachusetts-based publishing house, Astrolabe. The publisher markets its programs to astrology buffs "seeking to determine the historical time at any given time in any particular location, world-wide," and claims ownership to the data in its "AC International Atlas" and "ACS American Atlas" software programs. Astrolabe's federal lawsuit, filed last week, is among the boldest claims of copyright infringement since 2005. That's when Bikram Choudhury, the hot-yoga guru, claimed copyright to his yoga positions. Choudhury had sent cease-and-desist letters ordering studios to stop teaching what he claimed were his copyrighted yoga poses. In an out-of-court settlement, the targeted studios agreed they would not capitalize off of the Bikram brand name. But they were not prohibited from teaching his style of yoga, which was based off of an art form thousands of years old. The suit also faces the tough challenge of overcoming a 1991 Supreme Court decision, concerning a company that harvested listings from a phone company's telephone book and re-published them. The court ruled that "copyright does not extend to facts contained in [a] compilation." Astrolabe claims Arthur Olson, a computer scientist at the National Institutes of Health, and Paul Eggert, a computer scientist at the University of California at Los Angeles, have " unlawfully reproduced the works" (.pdf) and distributed them without permission from the copyright holder. The allegedly infringing database credits the Astrolabe database.

top

US Power Plants Vulnerable to Cyberattack (FT, 11 Oct 2011) - Hundreds of thousands of people in darkness, hospitals in chaos, a banking system under siege - a cyberattack on the US electricity grid could have catastrophic consequences. When federal researchers discovered that outside hackers could take control of the generators used to produce electricity in the US and destroy them, analysts warned that a coordinated assault on the grid could blackout large regions and cause devastation akin to scores of hurricanes striking at once. Regulators asked utilities to fix that design flaw, as they have with others discovered later. Now, four years since that first warning, experts say that power plants - along with financial institutions, transportation systems and other infrastructure - have become even more vulnerable. "The next Pearl Harbor we confront could very well be a cyberattack that cripples our power systems, our grid, our security systems, our financial systems, our governmental system," Leon Panetta, US defence secretary, said at his June confirmation hearing. The economic damage from a single wave of cyberattacks on critical infrastructure could exceed $700bn - or the cumulative toll of 50 major hurricanes ripping into the nation simultaneously, wrote Stanton Sloane when he was chief executive of SRA International. Skeptics argue that the dangers are being talked up by those eager to be hired to help. Other countries, such as the UK, are also exposed, but officials agree that the US is the most vulnerable to cyberattack because its companies and people are so dependent on the internet. [M]ost alarming for the US defence establishment is the lack of security around the electricity grid. Many power plants, as well as factory floors and pipelines, rely on automation equipment that can be reprogrammed remotely yet do not require even the authentication imposed on average computer users, said John Pollet of Red Tiger Security, which has carried out security assessments on more than 150 facilities: "There is a systemic problem" across all manufacturers of the gear. Some control systems can be located with special Google searches and then ordered to shut down or speed up, potentially blowing up a power or water treatment plant, presentations at Black Hat hackers conference showed in August. Many of these control systems were designed before the age of widespread internet connections.

top

- and -

Cybercrime Becomes Bigger Threat to Energy Industry than Terrorists (FuelFix, 13 Oct 2011) - In years past, discussions about security in the energy industry usually focused on protecting refineries from terrorist attacks and overseas workers from kidnapping. Today, the greater threat is the digital theft of competitive information or technical data by outside hackers or unscrupulous employees, speakers at an FBI-sponsored event on energy security said Wednesday. "The shift from physical security to data security has been a significant one for all of us," said Russell Cancilla, Vice President and Chief Security Officer at Baker Hughes. "Theft of intellectual property, state-sponsored corporate espionage, those kinds of things have grown exponentially in recent years." A few well-known incidents in the energy industry occurred in 2008, when computer systems owned by oil companies including ConocoPhillips, Marathon Oil and Exxon Mobil were reportedly hacked by outside forces seeking oil and gas lease bidding information. Sections of the U.S. power grid were also probed by outside forces in recent years, although it does not appear any damage was done. But the energy industry tends to be tight-lipped about such breaches. [Editor: Baker Hughes seems to have evolved their thinking since March's MIRLN 14.04.]

top

- and -

SEC Asks Companies to Disclose Cyber Attacks (Reuters, 13 Oct 2011) - U.S. securities regulators formally asked public companies for the first time to disclose cyber attacks against them, following a rash of high-profile Internet crimes. The Securities and Exchange Commission issued guidelines on Thursday that laid out the kind of information companies should disclose, such as cyber events that could lead to financial losses. Senator John Rockefeller had asked the SEC to issue guidelines amid concern that it was becoming hard for investors to assess security risks if companies failed to mention data breaches in their public filings. "Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark. This guidance changes everything," Rockefeller said in a statement. "It will allow the market to evaluate companies in part based on their ability to keep their networks secure. We want an informed market and informed consumers, and this is how we do it," Rockefeller said in a statement. There is a growing sense of urgency about cyber security following breaches at Google Inc, Lockheed Martin Corp, the Pentagon's No. 1 supplier, Citigroup, the International Monetary Fund and others. Tom Kellermann, chief technology officer of security firm AirPatrol Corp, said that the SEC guidance tells companies to report cyber attacks and disclose steps to remediate problems. "They must also incorporate cyber events into their material risk reports," said Kellermann, who has advised U.S. President Obama on cyber policy. The SEC gets into specifics, telling companies what type of data they might need to provide investors. "Examples of estimates that may be affected by cyber incidents include estimates of warranty liability, allowances for product returns, capitalized software costs, inventory, litigation, and deferred revenue," it says. SEC guidance here: www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm [Editor: there's much to criticize in the guidance - e.g., the seeming requirement fully to disclose exploited vulnerabilities, which might still be exploited - but I think this is a move in the right direction. See article from Hogan Lovells.]

top

RSA Details March Cyberattack, Blames "Nation State" for SecurId Breach (Ars Technica, 12 Oct 2011) - At EMC's RSA Conference Europe in London today, RSA executives shared more details on the cyber attack that stole information on the company's SecurID authentication tokens in March. RSA executive chairman Noviello said at a press conference that two separate hacker groups worked in collaboration with a foreign government, ZDNet UK reports. He would not disclose the parties involved, but said "we can only conclude it was a nation-state sponsored attack." According to RSA executives, no customers' networks were breached as a result of the SecurID data stolen. RSA president Tom Heiser said during a presentation at the conference it was clear that the attack was intended to go after military contractors' data. The coordinated effort, which used a series of spear phishing attacks against RSA employees to penetrate the company's network, posing as people they trusted. The phishing attack installed a "zero-day" exploit to establish a foothold. IDG reported that the exploit used an Excel spreadsheet with an embedded malicious Adobe Flash file. The foothold, and the tag-team attack that followed, were used to gain access to the SecurID data. However, RSA's chief security officer Eddie Schwartz said during the press conference that the intrusion was detected before any customers were attacked. According to RSA executives, the data was used in only one attack on a customer, and that attack was unsuccessful. No other customers were affected, according to RSA, despite reports that several defense contractors, including Lockheed Martin, had experienced breaches.

top

Does Keystroke Monitoring Violate ECPA? (Steptoe, 13 Oct 2011) - A recent federal court decision points out two of the many critical ambiguities in the Electronic Communications Privacy Act (ECPA): what constitutes an "interception" under the Wiretap Act portion of ECPA, and when is an email in "electronic storage" and therefore protected by the Stored Communications Act portion of ECPA? The court in Rene v. G.F. Fishers Inc. held that the use of keystroke logging software to monitor signals sent from a keyboard to a personal computer was not an interception of an electronic communication because it did not occur on "a system affecting interstate or foreign commerce." But the court found that the same actions could violate Indiana's wiretapping law, underscoring again how state laws may be more privacy-protective than ECPA. The court also held that unopened emails in a person's inbox are in "electronic storage" within the meaning of the SCA, and reserved judgment on whether opened emails were also in electronic storage. The storage question is one that has befuddled courts for years.

top

Judge Royce Lambert: No Warrant Needed For Cell Phone Location Data (BLT, 13 Oct 2011) - Prosecutors do not need a warrant to compel a cellular phone service provider to turn over data about call location, a federal judge in Washington said in a ruling unsealed Wednesday. The ruling examines the government's attempt to get data from the undisclosed service provider amid a U.S. Attorney's Office investigation of an armed robbery of an armored truck. Chief Judge Royce Lamberth of U.S. District Court for the District of Columbia redacted the name of the service provider, the target phone number and the name of its alleged user. Lamberth ruled in part for prosecutors, reviving the government's push to obtain cell phone data. The judge reversed a magistrate judge's ruling from August. But Lamberth did not rubberstamp the government's request, submitted under the Stored Communications Act. Instead, he said prosecutors must present additional evidence to prove the requested data is material to the armed robbery investigation. The burden is lower than the one a warrant would require. The dispute gave the court the opportunity to explore the scope of a controversial Washington federal appeals court ruling about the propriety of warrantless GPS surveillance. In ruling against the government in the armed robbery matter, Magistrate Judge John Facciola said the D.C. Circuit's decision in Jones required the government to obtain a warrant to compel the disclosure of the requested cellular data. Lamberth said that Facciola concluded that cell phone data-including the location of the tower that transmitted a call-is "tantamount to the sort of continuous GPS surveillance" at issue in the GPS case. A "reasonable cellular phone customer presumably realizes that his calls are all transmitted by nearby cell-site towers, and that cellular phone companies have access to and likely store data regarding the cell-site towers used to place a customer's calls," Lamberth said. Lamberth said a person's "decision to place a cellular phone call and thus provide information regarding his location to the phone company thus defeats an individual's privacy interest in that information." Lambert's Ruling here.

top

People Are Starting To Leave Their Facebook Passwords In Their Will (Business Insider, 13 Oct 2011) - One in 10 people in the United Kingdom leave their passwords to sites such asFacebook, Flickr, andTumblr in their will, according to a story in the Guardian. Facebook makes it difficult for living members to get the passwords of their deceased relatives. As a result, a "growing numbers of people want their digital identities to be controlled after they are gone," Emma Barnett writes. "They also want their families to have access to personal photos and home videos which are now more commonly being stored in the cloud, rather in a physical album at home." The trend is increasing because people in Britain and all over the world have noticed Facebook walls of the deceased becoming easy targets for hacking and spammers. The European Union is also considering laws that would give living relatives easier access. But for now, an increasing number of wills will include a strange series of letters and numbers (or, you know, something like noah1234).

top

Three Emerging Cyber Threats (Bruce Schneier, 15 Oct 2011) - Last month, I participated in a panel at the Information Systems Forum in Berlin. The moderator asked us what the top three emerging threats were in cyberspace. I went last, and decided to focus on the top three threats that are not criminal: (1) The Rise of Big Data. By this I mean industries that trade on our data. These include traditional credit bureaus and data brokers, but also data-collection companies like Facebook and Google. They're collecting more and more data about everyone, often without their knowledge and explicit consent, and selling it far and wide: to both other corporate users and to government. Big data is becoming a powerful industry, resisting any calls to regulate its behavior. (2) Ill-Conceived Regulations from Law Enforcement. We're seeing increasing calls to regulate cyberspace in the mistaken belief that this will fight crime. I'm thinking about data retention laws, Internet kill switches, and calls to eliminate anonymity. None of these will work, and they'll all make us less safe. (3) The Cyberwar Arms Race. I'm not worried about cyberwar, but I am worried about the proliferation of cyber weapons. Arms races are fundamentally destabilizing, especially when their development can be so easily hidden. I worry about cyberweapons being triggered by accident, cyberweapons getting into the wrong hands and being triggered on purpose, and the inability to reliably trace a cyberweapon leading to increased distrust. Plus, arms races are expensive.

top

How the Top 50 Nonprofits Do Social Media (PhilanTopic, 17 Oct 2011) - We love a good infographic -- especially when it relates to things that interest us, like nonprofits and social media. This one, from craigslist founder Craig Newmark and the folks at craigconnects, kept us busy for a while. Based on an informal audit conducted in August and September, the infographic is intended to answer questions like: Do the highest-earning nonprofits use social media more effectively than nonprofits that earn less? Are those same nonprofits the most "engaging"? How are people using social media to respond to and interacting with large nonprofits? Here are a few key findings:

92 percent of the top 50 nonprofits promote at least one social media presence on their homepage;
PBS has the most followers (840,653) on Twitter;
The American Cancer Society follows the most people/orgs (200,522) on Twitter;
Food for the Poor is the most "talkative" nonprofit on Facebook, with 220 posts over the two-month survey period;
The nonprofit with the highest net income, the YMCA, only posted 19 times to Facebook over the two-month survey period but has more than 24,000 fans.

top

- and -

Feds' Social Media Use Increases (NextGov, 18 Oct 2011) - Federal employees are increasingly turning to social media websites for work and personal use, particularly as more agencies lift restrictions on access, according to a new survey. The new Social Media in the Public Sector study, released Tuesday by Market Connections, found that just 19 percent of agencies ban access to some or all social media websites like Facebook, Twitter and LinkedIn. This is down sharply from 2010, when 55 percent of agencies banned access. The survey, which was conducted in September and drew nearly 900 public sector participants, including 352 federal employees and 272 government contractors, found that 74 percent of all respondents access social media websites at work, while 92 percent access them at home and 70 percent access them on mobile devices. The most widely used mobile devices by feds were the iPhone (53 percent), Blackberry (42 percent), Android (39 percent) and iPad (27 percent). LinkedIn and Twitter showed the biggest gains among social media websites used by federal respondents. Use of LinkedIn by feds, for example, grew from 32 percent in 2010 to 70 percent this year, while Twitter use increased from 30 percent last year to 55 percent this year. Eighty-six percent of federal respondents said they use Facebook, up from 72 percent last year, while 80 percent said they use YouTube, up from 61 percent in 2010, the survey found. Government-specific social networking websites also saw a boost in federal participation. According to the survey, 35 percent of federal workers and 55 percent of contractors said they use GovLoop, while GovTwit is being used by 30 percent of both government and contractor employees. Meanwhile, 37 percent of federal respondents said they are permitted to use social media as representatives of their agency, versus just 9 percent last year. Federal respondents said social media was most useful in helping inform decision making (100 percent), communicating externally with citizens and other agencies (81 percent), communicating with colleagues (78 percent), research (64 percent) and promotion/marketing (61 percent), the survey found.

top

- and -

Why I Deleted My Facebook Account (Bitter Lawyer, 18 Oct 2011) - Two weeks ago today, I did something that I thought was fairly non-controversial (I was wrong, apparently). I deactivated my Facebook account. And not just the half-hearted deactivation option Facebook offers, whereby your account remains saved and can be reactivated at any time-I actually completely deleted my account. Here's the really crazy part: I've spent the last 14 days fielding hundreds of emails from family, friends, and periphery ranging from mere curiosity to utter disbelief that I'm no longer on Facebook. No one can understand why I would ever want to disconnect myself from the (unfortunately) ubiquitous social network. Well, here's why. [Editor: isn't there some irony in the fact that she's blogging about escaping too-much-sharing with the "Screen People"? Still, I take her point.]

top

Los Angeles To Google: We Won't Pay For LAPD Seats (Business Insider, 18 Oct 2011) - One of Google's flagship government customers is trying to get out of paying for part of its contract, saying that Google has been too slow to meet its revised security requirements. Two years ago, Google got the City of LA to switch 30,000 employees from its old email system, Lotus Groupwise, to Gmail. But the deployment is going slower than expected because of additional security requirements by the LA Police Department. The LA Times reported on these problems back in April. Now, an August 2011 letter from Los Angeles CTO Randi Levin shows what the city is demanding. That letter says that CSC has been "unable to complete and comply with all LAPD security requirements" and other agencies that keep criminal records. So the city of LA is refusing to pay for those seats, and asking Google to do the work for free. "There will be no charge to the City for any Google licenses for the LAPD," proposes the letter. LA also wants Google to pay for the Groupwise licenses used by the LAPD through November 12, 2012.

top

Spanish Court Reverses Course: Says Linking To Infringing Material Is A Crime (TechDirt, 19 Oct 2011) - We've noted over and over again that Spanish courts have quite reasonably interpreted Spain's copyright law to mean that a site that just links to infringing content is not liable for the infringement. This makes a lot of sense. You should not blame a third party for the actions of its users. Yet the entertainment industry has made these rulings out to be an absolutely horrible miscarriage of justice, and have -- with the support of the US government -- pushed hard for draconian new copyright laws within the country. While public outcry (and leaked State Dept. cables showing that the US was really behind it) helped derail the effort the first time around, supporters are still trying to push it through. However, while the existing law stands, it's a bit surprising to see that one Spanish court has gone completely in the other direction and found the operators of a couple sites to be guilty of criminal copyright infringement, for which they may face a year in jail, in addition to fines. The lawyer for one of the guys suggests that this ruling is a result of politics, not the law. It's hard not to think that way given how it appears to fly in the face of most other decisions in Spain. I would imagine that there's still going to be an appeal in the case before it's really settled.

top

-but-

Supreme Court of Canada Stands Up for the Internet: No Liability for Linking (Michael Geist, 19 Oct 2011) - The Supreme Court of Canada today issued its much anticipated ruling in Crookes v. Newton, a case that focused on the issue of liability for linking to allegedly defamatory content. The court provided a huge win for the Internet as it clearly understood the significance of linking to freedom of expression and the way the Internet functions by ruling that there is no liability for a mere hyperlink. The key quote from the majority, written by Justice Abella: "I would conclude that a hyperlink, by itself, should never be seen as "publication" of the content to which it refers." This is an enormous win for the Internet since it rightly recognizes that links are just digital references that should not be viewed as republication of the underlying content.

top

Cyber Attacks and Warfare (Media Law Prof Blog, 19 Oct 2011) - Michael Gervais, Yale Law School, has published Cyber Attacks and the Laws of War. Here is the abstract:

"In the past few decades, cyber attacks have evolved from boastful hacking to sophisticated cyber assaults that are integrated into the modern military machine. As the tools of cyber attacks become more accessible and dangerous, it's necessary for state and non-state cyber attackers to understand what limitations they face under international law.   This paper confronts the major law-of-war issues faced by scholars and policymakers in the realm of cyber attacks, and explores how the key concepts of international law ought to apply.   This paper makes a number of original contributions to the literature on cyber war and on the broader subject of the laws of war. I show that many of the conceptual problems in applying international humanitarian law to cyber attacks are parallel to the problems in applying international humanitarian law to conventional uses of force. The differences are in degree, not of kind. Moreover, I explore the types of cyber attacks that states can undertake to abide by international law, and which ones fall short." Paper here.

top

French Cookies Are Beginning to Taste Like British Biscuits (Steptoe, 20 Oct 2011) - By the sound of things, French data protection regulators thought their lawmakers were acting a bit kooky when, as we previously reported, they passed an ordinance providing that consent for the installation of cookies by a website can be inferred by browser settings. In a public statement last month, the Commission Nationale de l'Informatique et des Libertés, France's data protection agency, stated its intention to strictly apply active consent requirements in enforcing the ordinance. Specifically, it said that browser settings allowing all cookies, without making a distinction between their purposes, cannot be deemed a valid consent expressed by the user. This new statement reflects a stricter reading of the requirements of amended EU privacy law than what was apparently expressed by French lawmakers in August, and it would appear to bring France's treatment of cookies more in line with the UK's approach.

top

RESOURCES

Find the Person Behind an Email Address (Digital Inspiration) - You get an email from a person with whom you have never interacted before and therefore, before you reply to that message, you would like to know something more about him or her. How do you do this without directly asking the other person? Web search engines are obviously the most popular place for performing reverse email lookups but if the person you're trying to research doesn't have a website or has never interacted with his email address on public forums before, Google will probably be of little help. No worries, here are few tips and online services that may still help you uncover the identity of that unknown email sender. [Editor: Interesting; the TinEye tool looks scary, and worked when I searched for one of my own head-shots; we're not too far away from full-bore facial recognition tools.]

top

FUN

Wilful vs. Willful (Volokh Conspiracy, 19 Oct 2011) - A student saw "wilful" used in an opinion, and asked whether it was a typo. How things have changed in a few decades! Here's a Google Ngrams graph comparing the use of "wilful" (blue) and "willful" (red) in Google's American English sources * * * "Wilful" was once the only common spelling (and still remains the dominant spelling in British English, again according to Google Ngrams ). But then things changed, and now "willful" is considerably more common. Indeed, a quick Westlaw query suggests that "willful" is 10 times more common in 2011 court opinions. It's thus probably wiser to use "willful," unless one knows that one's audience (say, a judge) has a contrary preference; using the more common spelling is more likely to convey your message without needlessly distracting the reader. Interestingly, the first two references I found for "wilful [sic]" in court cases were in 1962 and 1963, though in those years judicial usage was nearly evenly split between "wilful" and "willful." Those references were the only such "sic" references until 1971, but it the last few years, there have been more than 10 "wilful [sic]" references in court cases per year, which further reflects how dominant "willful" has become.

top

LOOKING BACK

CAMERAS SCANNED FANS FOR CRIMINALS (St. Petersburg Times, 31 Jan. 2001) Were you one of the 100,000 fans and workers to pass through the stadium turnstiles at Sunday's Super Bowl? Did you smile for the camera? Each and every face that entered Raymond James Stadium for the big game was captured by a video camera connected to a law enforcement control room inside the stadium and checked electronically against the computer files of known criminals, terrorists and con artists of the Tampa Police Department, the FBI and other state and local law enforcement agencies. Sunday's Super Bowl was the first major sporting event to adopt the face-matching surveillance system. But the designers of the system expect other security-sensitive sporting events, ranging from the upcoming 2002 Winter Olympics in Salt Lake City to the hooligan-plagued soccer leagues in parts of Europe, to express great interest. http://www.sptimes.com/News/013101/TampaBay/Cameras_scanned_fans_.shtml

top

U.S. CONGRESS EYES VIRTUAL ASSEMBLY OPTIONS Spooked by anthrax in the U.S. Capitol Building, lawmakers are considering an option proposed by the Democratic Leadership Council to convene "an electronic Congress." The DLC says a Web site "could easily be built" that would allow Congress and their staffers to debate, draft legislation and vote over the Internet. Such a site likely would use biometrics or "human verification" procedures to restrict access, and "the best system might require members to spread around the country to go to the nearest state capitol or city hall to use special kiosks there." The proposal, contained in an article titled "Legislating by Any Means Necessary," suggests that the site could be open to the public on "a read-only basis, so citizens could watch their representatives much as they can now on C-SPAN." A DLC staffer who worked on the report says, "This was supposed to be a conversation starter. We put this out there not as a full-baked proposal, not as an end-to-end solution." (Wired News 25 Oct 2001) http://www.wired.com/news/politics/0,1283,47841,00.html

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln. Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. BNA's Internet Law News, http://ecommercecenter.bna.com

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. Readers' submissions, and the editor's discoveries.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

MIRLN --- 11-30 September 2011 (v14.13)

2011-10-01T07:36:00.001-04:00

MIRLN --- 11-30 September 2011 (v14.13) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

NEWS | PODCASTS | LOOKING BACK | NOTES

Report - A Call to Courage: Reclaiming Our Liberties Ten Years After 9/11
Criminal Prohibitions on the Publication of Classified Defense Information
'Find My Car' App Can Also Catch Crooks
This Post Should Be Considered Off the Record
Court Allows Recovery of Lost Business and Investigation Costs Under CFAA
NHL Restricts Players' Use of Social Media on Game Days
Executives May Be Too Confident on Cybersecurity, Survey Finds
Amazon Cloud Earns Key FISMA Government Security Accreditation
FISMA Mandates Monthly Security Reports For Agencies
IRS Clarifies: Work Cellphones Are Not Taxable Perks
Symantec Survey Finds Emails Are No Longer the Most Commonly Specified Documents in eDiscovery Requests
Using Technology to Improve Client Service
Abuse of Trust?
Broadband Under The Sea: Where Do Those Cables Go?
Non-Marketing Uses of Social Media for Lawyers
Account Deactivation and Content Removal: Guiding Principles and Practices for Companies and Users
Full List of Sites the US Air Force Blocked to Hide from Wikileaks Info; Includes NY Times & The Guardian
Apple and Dropbox Join Fight to Reform Electronic Privacy Law
Is it Possible to Secure Law Firm Data?
Newly Released Documents Reveal Defense Department Intelligence Violations
Even If You Cancel Your OnStar Service, The Company Will Still Track (And Sell) Your Location
Author Sues Production Company For Copyright Infringement For Changing The Script It Optioned From Him
More Offices Let Workers Choose Their Own Devices
Three Emerging Cyber Threats
Facebook Hosts 4% Of All Photos Ever Taken In History
Metropolitan Museum Unveils Revamped Web Site
In China, Business Travelers Take Extreme Precautions to Avoid Cyber-Espionage
Firings, Discipline Over Facebook Posts Leads to Surge in Legal Disputes
Marine Corps Social Media Principles Manual
Better Ideas Through Failure
Taking A Computer Out of Screensaver Mode to See Suspect's Facebook Wall Is a Fourth Amendment Search
Bankrupt Borders Sells Customer Data to Barnes & Noble
Which Telecoms Store Your Data the Longest? Secret Memo Tells All
Pennsylvania Appeals Court Rules Text Messages Were Inadmissible Hearsay
Our Pleasure to Serve You: More Lawyers Look to Social Networking Sites to Notify Defendants

Report - A Call to Courage: Reclaiming Our Liberties Ten Years After 9/11 (ACLU, 7 Sept 2011) - An ACLU report release to coincide with the 10th anniversary of 9/11 warns that a decade after the attacks, the United States is at risk of enshrining a permanent state of emergency in which core values must be subordinated to ever-expanding claims of national security. The report, entitled, "A Call to Courage: Reclaiming Our Liberties Ten Years after 9/11," explores how sacrificing America's values - including justice, individual liberty, and the rule of law - ultimately undermines safety. The report begins with an examination of the contention that the U.S. is engaged in a "war on terror" that takes place everywhere and will last forever, and that therefore counterterrorism measures cannot be balanced against any other considerations such as maintaining civil liberties. The report states that the United States has become an international legal outlier in invoking the right to use lethal force and indefinite military detention outside battle zones, and that these policies have hampered the international fight against terrorism by straining relations with allies and handing a propaganda tool to enemies. Taking on the legacy of the Bush administration's torture policy, the report warns that the lack of accountability leaves the door open to future abuses. "Our nation's official record of this era will show numerous honors to those who authorized torture - including a Presidential Medal of Freedom - and no recognition for those, like the Abu Ghraib whistleblower, who rejected and exposed it," it notes. Concluding with the massive expansion of surveillance since 9/11, the report delves into the many ways the government now spies on Americans without any suspicion of wrongdoing, from warrantless wiretapping to cell phone location tracking - but with little to show for it. "The reality is that as governmental surveillance has become easier and less constrained, security agencies are flooded with junk data, generating thousands of false leads that distract from real threats," the report says. Full report here .

top

Criminal Prohibitions on the Publication of Classified Defense Information (Congressional Research Service, 8 Sept 2011) - The online publication of classified defense documents and diplomatic cables by the organization WikiLeaks and subsequent reporting by The New York Times and other news media have focused attention on whether such publication violates U.S. criminal law. The suspected source of the material, Army Private Bradley Manning, has been charged with a number of offenses under the Uniform Code of Military Justice (UCMJ), including aiding the enemy, while a grand jury in Virginia is deciding whether to indict any civilians in connection with the disclosure. A number of other cases involving charges under the Espionage Act demonstrate the Obama Administration's relatively hard-line policy with respect to the prosecution of persons suspected of leaking classified information to the media. This report identifies some criminal statutes that may apply, but notes that these have been used almost exclusively to prosecute individuals with access to classified information (and a corresponding obligation to protect it) who make it available to foreign agents, or to foreign agents who obtain classified information unlawfully while present in the United States. Leaks of classified information to the press have only rarely been punished as crimes, and we are aware of no case in which a publisher of information obtained through unauthorized disclosure by a government employee has been prosecuted for publishing it. There may be First Amendment implications that would make such a prosecution difficult, not to mention political ramifications based on concerns about government censorship. To the extent that the investigation implicates any foreign nationals whose conduct occurred entirely overseas, any resulting prosecution may carry foreign policy implications related to the exercise of extraterritorial jurisdiction and whether suspected persons may be extradited to the United States under applicable treaty provisions. [Editor: Yochai Benkler has a working draft article titled "A Free Irresponsible Press: Wikileaks And The Battle Over The Soul Of The Networked Fourth Estate" here .]

top

'Find My Car' App Can Also Catch Crooks (Sydney Morning Herald, 9 Sept 2011) - [Y]ou'll never lose your car in the shopping centre again - and police now have at their fingertips technology to track down stolen and unregistered vehicles. Westfield Bondi Junction in Sydney recently added to its iPhone app the functionality for shoppers to find their parked car by entering its license plate number. The idea behind it is that if a shopper forgets where they parked then they can find their car using the app, which also lets users find out the opening hours of each retailer, see special offers and search for a store's location in the shopping centre. But Westfield said police could also use it to find stolen or unregistered vehicles. In a statement, NSW Police said it worked closely with security at Westfield Bondi Junction and utilised their technology "when required". See also http://www.theregister.co.uk/2011/09/14/find_my_car_fail/

top

This Post Should Be Considered Off the Record (TechPresident, 14 Sept 2011) - Staffers for Sen. Sheldon Whitehouse, Democrat of Rhode Island, don't mind if you read as they pass along hurricane updates or chat with other folks on Twitter. They'll even plug someone's business. Just don't talk about what you read: Whitehouse's communications director, Seth Larson, deputy press secretary, Richard Pezzillo, and new media director (!), Catherine Algeri, have disclaimers in their Twitter profiles that declare their posts - on public, unprotected accounts - to be off the record. Disclaimers in Twitter profiles are common. People from ABC News' senior White House correspondent Jake Tapper to Gerrit Lansing, press secretary at the Republican-controlled House Budget Committee, sport a tag of the tweets-are-mine-alone and/or retweets-aren't-endorsements category. But "off the record?" On Twitter? That's a new one on me. Update : Looks like Whitehouse's staff have decided to go public - their "off the record" pleas were gone from their Twitter profiles not long after I posted this piece.

top

Court Allows Recovery of Lost Business and Investigation Costs Under CFAA (Steptoe, 15 Sept 2011) - According to a recent decision, Mobil Mark, Inc., v. Paskosz, prospective plaintiffs worried that they cannot show sufficient damage or losses to state a civil claim under the Computer Fraud and Abuse Act (CFAA) should simply hire an expensive investigator. Earlier this month, the U.S. District Court for the Northern District of Illinois found that the cost of a company's investigation into a former employee's alleged data theft, and resulting lost customers and sales opportunities, can be counted as "losses" for purposes of the CFAA's $5,000 damage or loss minimum for pursuing a civil claim. While courts have been notoriously split over what exactly constitutes compensable "damage" or "loss" under the Act, this ruling continues what seems to be somewhat of a trend of increasingly expansive readings of the statute. This is good news for employers who want to use the CFAA to go after rogue employees and possibly their competitors.

top

NHL Restricts Players' Use of Social Media on Game Days (Thestar.com, 15 Sept 2011) - Thou shalt not Twitter during the game. Or before it. Or after it. Or during team meetings. The NHL and its Players' Association have put together a new social media policy, that sets a blackout period when cannot use applications such as Twitter and Facebook. Basically, players may not tweet or use social media from two hours before the puck drop until after their media requirements are completed after the game. There is no blanket off-day restriction, but the league wants players to act "appropriately" and "not disclose competitively sensitive team info," deputy commissioner Bill Daly told the Star. The league is asking players to speak, text or tweet on social media with the same caution they would speak in front of microphones, understanding what they say is public and for-the-record. A violation would subject the players to an undisclosed punishment. NHL on-ice officials are not allowed to tweet or "maintain any social media accounts," Daly told the Star.

top

Executives May Be Too Confident on Cybersecurity, Survey Finds (NYT, 15 Sept 2011) - Every week comes a new report warning how vulnerable consumers, companies and government agencies are to hackers bent on breaching computer systems and extracting sensitive data. This week came a somewhat unusual report, compiled by the global consulting firm PricewaterhouseCoopers. It surveyed more than 9,000 executives in over 130 countries and found them confident in their ability to secure their information systems and bullish about cybersecurity spending. In the survey, released Thursday, 43 percent of respondents said they had confidence in their security protocols and 50 percent said they expected their companies to spend increasing amounts of money on cybersecurity. Digital hubris can be dangerous, though. PricewaterhouseCoopers parsed the data more closely. They asked the executives about the precautions they were taking. It turned out that only 13 percent of those surveyed had actually done what the consulting firm considered to be adequate - meaning they had an overall security strategy, they had reviewed the effectiveness of their strategy and they knew precisely the types of breaches that had already hit them over the last 12 months. Even as the use of social networks has proliferated, barely one in three respondents said their companies had a policy governing their employees' use of tools like Facebook and LinkedIn. Social media, the report's authors concluded, is a double-edged sword for many companies. "It's a great business opportunity," Mark Lobel, a principal at PricewaterhouseCoopers, said by phone. "It's also a terrible avenue for data loss and data leakage." Driving the spending on security was the prospect of cyber-espionage, or snooping on sensitive company and government data, everything from blueprints of fighter jets to confidential information about mergers and acquisitions. But only 16 percent of respondents said they were prepared for cyber-espionage.

top

Amazon Cloud Earns Key FISMA Government Security Accreditation (ArsTechnica, 15 Sept 2011) - Amazon has earned the FISMA security accreditation from the US General Services Administration, a key endorsement for its cloud security model that could increase adoption among federal agencies. FISMA, the Federal Information Security Management Act, is the fifth major certification or accreditation Amazon has gained for its Web Services business featuring the Elastic Compute Cloud infrastructure-as-a-service platform. "FISMA Moderate Authorization and Accreditation requires AWS to implement and operate an extensive set of security configurations and controls," Amazon said in an announcement today . "This includes documenting the management, operational, and technical processes used to secure the physical and virtual infrastructure as well as conducting third party audits. This is the first time AWS has received a FISMA Moderate authority to operate." Amazon already counted the likes of NASA's Jet Propulsion Laboratory and Treasury.gov as customers, so the company wasn't exactly struggling to land big names. But adding to its roster of accreditations could help Amazon EC2 attract more mission-critical use cases. FISMA certification had already been obtained by Google for its Apps service and by Microsoft for its cloud infrastructure and its BPOS-Federal service. Prior to today, Amazon achieved compliance with the SAS 70 Type II auditing standard, the HIPAA health data privacy act, PCI DSS credit card standards, and the ISO 27001 international security standard. The new FISMA certification covers Amazon EC2, Amazon's Simple Storage Service, the Virtual Private Cloud, and the services' underlying infrastructure.

top

FISMA Mandates Monthly Security Reports For Agencies (Information Week, 15 Sept 2011) - Federal agencies must begin reporting security data to an online compliance tool as part of fiscal year 2011 requirements for the Federal Information Security Management Act (FISMA). The Department of Homeland Security (DHS) outlined new requirements for FISMA, the National Institute of Standards and Technology (NIST) security standard for federal IT solutions. One of them calls for agencies to establish monthly data feeds to CyberScope, a compliance tool developed to help the feds to better and more actively monitor cybersecurity.

top

IRS Clarifies: Work Cellphones Are Not Taxable Perks (Hillicon Valley, 16 Sept 2011) - The Internal Revenue Service issued a notice Wednesday clarifying that employer-provided cellphones are not taxable perks. The Small Business Jobs Act of 2010 removed cellphones from the definition of "listed property," a category that normally requires additional record keeping by taxpayers. The IRS notice clarified that as a result of the law, when a business provides an employee with a cellphone to use for work, that phone is generally not a taxable benefit. The IRS also sent a memo to its examiners to explain the rule change. CTIA, a wireless trade association, praised the move. "I'm glad the IRS has finally had the last word on repeal of a rule that might have made sense in the late 1980s, but made no sense at all in today's mobile, always-connected world," wrote CTIA President Steve Largent in a blog post.

top

Symantec Survey Finds Emails Are No Longer the Most Commonly Specified Documents in eDiscovery Requests (Symantec press release, 19 Sept 2011) - Symantec Corp. (Nasdaq: SYMC) today announced the findings of its 2011 Information Retention and eDiscovery Survey which examined how enterprises manage their ever-growing volumes of electronically stored information and prepare for the eventuality of an eDiscovery request . The survey of legal and IT personnel at 2,000 enterprises worldwide found email is not the primary source of records companies must produce, and more importantly, respondents who employ best practices for records and information management are significantly less at risk of court sanctions or fines. "The fact that email is no longer the primary source of information for an eDiscovery request is a significant change from what has been the norm over the past several years," said Dean Gonsowski, eDiscovery Counsel at Symantec. "With the wide variety of sources in play, including loose documents, structured data, SharePoint content and even social media, it is not enough for legal and IT to simply focus upon email alone. It's critical for the two departments to work together to develop and implement an effective information retention policy."

top

Using Technology to Improve Client Service (ABA's Catherine Sanders Reach, 19 Sept 2011) - Everywhere you look, people are using technology outside the confines of the workplace. And no matter what type of clients you serve, it's likely they want to be able to use the same technologies for similar conveniences when they're working with you. Here are some suggestions for incorporating technology tools to give your clients enhanced options so you can meet-and even exceed-their expectations.

top

Abuse of Trust? (InsideHigherEd, 19 Sept 2011) - Less than a week after the University of Michigan brushed off a lawsuit by the Authors Guild over the university's move to make copyrighted "orphan" works in its digital collection freely available to students and faculty, the Michigan Library suspended the practice Friday, admitting "serious" flaws in its process for identifying orphans. Friday's mea culpa followed a public flogging of the library and its nonprofit digital consortium, HathiTrust, at the hands of the Authors Guild, in which the guild quickly tracked down the owners of the copyrights on several works that HathiTrust had categorized as "orphans" -- books and articles that are in copyright but whose copyright owners cannot be located or identified. "The close and welcome scrutiny of the list of potential orphan works has revealed a number of errors, some of them serious," the Michigan library wrote in its statement. "This tells us that our pilot process is flawed." The librarians said they had "learned from [their] mistakes" and have "already begun an examination of our procedures to identify the gaps that allowed volumes that are evidently not orphan works to be added to the list." The HathiTrust's Orphan Works Project -- a Michigan-led effort to identify and increase access to the orphans from the consortium's digital library -- has been suspended until the university can come up with "a more robust, transparent, and fully documented process" for making sure works are genuinely orphaned before categorizing them as such. The Authors Guild, along with authors' associations in Australia and Quebec and a handful of individual authors, had filed suit last Monday against the HathiTrust, Michigan, and several other university libraries heavily involved in the Orphan Works Project. The plaintiffs claimed that by establishing its own set of procedures for clearing orphan works for wider accessibility, the libraries were taking copyright into their own hands. They argued that the orphans should stay under lock and key until Congress passes legislation governing how orphan works can be identified and displayed. Michigan and other HathiTrust supporters argued that giving faculty members and students access to digital orphan works was protected by the "fair use" provisions of U.S. copyright law. But the Authors Guild struck back on its blog, calling into question the integrity of Michigan's process for attempting to find the copyright holders for its orphan candidates. In a series of "gotcha" blog posts, the guild documented its own efforts to find the copyright holders for HathiTrust orphans. It quickly tracked down several authors that HathiTrust had apparently been unable to reach. [Editor: EFF has a different perspective - see No Authors Have Been Harmed in the Making of This Library (EDD, 15 Sept 2011) - "We've been puzzling over the Author's Guild's decision to sue several university libraries for participating in the digitization and storage of millions of works (largely in connection with the Google Books project) and making scans of some of those works available to the academic community. Simply put, it appears that the Guild is dead set on wasting time and money addressing imaginary harms, whether or not its efforts might actually benefit either its members or the public." InsideHigherEd runs yet another perspective here .]

top

Broadband Under The Sea: Where Do Those Cables Go? (GigaOM, 20 Sept 2011) - Want to know how your email packets from Rhode Island make it over to South Africa? Or what about your VoIP call from Hong Kong to Honolulu? Now there's a map for that, thanks to the folks at Telegeography who have rolled out an interactive tool that shows you the location of various undersea cables. These cables are the links that connect the Internet across oceans and continents, and typically they only get noticed when they go down. For the truly nerdy, this makes awesome wall art (you can put it next to your spectrum allocation chart!), but if you're more like the rest of the population, it's a fun resource to turn to the next time a woman panning for copper cuts a cable, you're looking for a good place to base a data center, or you want to see how interconnected we are. For example, Hillsboro, Ore., should be known as Cabletown given that three cables land there: more than any other city in the U.S. That and other fun facts await you, although I'd like a better search function so I could easily see how many cables Google has invested in, for example. Map here . [Editor: the article on this is Neal Stephenson's "Mother Earth, Mother Board" from Wired from 1996 - here .]

top

Non-Marketing Uses of Social Media for Lawyers (Dennis Kennedy, 20 Sept 2011) - Since Tom Mighell and I haven't gotten much chance over the last year or so to write together, we jumped at the chance to write an article on "non-marketing" uses of social media for lawyers for the ABA's Law Practice Today webzine. Then we realized that volunteering to write an article is far easier than finding the time to actually write it. The result, however, is an article we really liked and one we've gotten some great feedback on. It's called "Not Your Marketer's Social Media: Ten Ways Lawyers Can Benefit from Non-Marketing Uses of Social Media. The article grew out of our podcast called "Using Social Media for Non-Marketing" and expands on some of the ideas in the podcast and adds a few new things. The main idea is that lawyers can benefit from social media in many different ways and that the over-attention on using social media for marketing to potential clients has a limiting effect on ways that lawyers think they might use social media. The article is an attempt to "think different" about social media - in practical ways that match your own personality and approach - and to go back to the basics on social media. Then, see what evolves from uses that best fit your own approach and comfort. Check out the new article and let us know what you think about it. [Editor: for example, I find about 1/3 of the stories in MIRLN thru social media tools, and I broadcast MIRLN-related items on Twitter with #mirln.]

top

Account Deactivation and Content Removal: Guiding Principles and Practices for Companies and Users (Berkman guide, 20 Sept 2011) - This report explores these dilemmas and recommends principles, strategies, and tools that companies and users alike can adopt to mitigate the negative effects of account deactivation and content removal. Through case examples, we outline the ways in which platform providers can have a positive impact on user trust and behavior by being more clear and consistent in developing ToU and other policies, responding to and evaluating suspected violations, and providing opportunities for recourse and appeal. We also highlight concrete actions that users can take to educate themselves about how the moderation, takedown, and abuse-prevention mechanisms work for the services they use, provide and communicate context where necessary, and engage with companies and other users around such issues. From the activist who communicates with her network via her Facebook account, the user who posts documentary-style videos to YouTube or the citizen journalist who raises awareness with photos uploaded to Flickr, platforms that host user-generated content are increasingly used by a range of civic actors in innovative ways: to amplify voices, organize campaigns and coordinate disaster response, and advocate around issues of common concern. However, while the online space may be perceived as a public commons, private entities play a role in shaping online activity, behavior, and content via Terms of Use (ToU), community guidelines, and other mechanisms of control. Platform providers often enforce such rules in response to potential threats, misuse, or ToU violations; users must observe them or risk losing their accounts, their contacts, or their ability to post content. The clarity, transparency, and consistency of how such terms are established and implemented are important to all users, but for the growing number of human rights activists who depend on web 2.0 platforms for core elements of their work-and for whom removed content and deleted accounts can have severe consequences-the stakes are much higher. For platform providers, enforcing site guidelines can require balancing complex and often competing considerations, including supporting community norms and innovative user activity, while maintaining a safe and secure online environment, protecting the free expression and privacy rights of users while enforcing legal standards or responding to government pressure, and accounting for the potential risks faced by activists. Guide is here .

top

Full List of Sites the US Air Force Blocked to Hide from Wikileaks Info; Includes NY Times & The Guardian (TechDirt, 20 Sept 2011) - When the State Department cables leaked via Wikileaks, some government employees and agencies were put in a tough position, in that they couldn't officially view those documents, since they were still classified. As we've noted in the past, this is stupid. In business, any boilerplate non-disclosure agreement says that if some info becomes public due to a third party, the NDA no longer applies. The US government, for reasons that escape me, refuses to do the same thing for classified info that leaks -- even after the press has run stories on it. We heard all sorts of bizarre stories about government agencies trying to block access to this content which was everywhere, including reports that any Techdirt article that mentioned "Wikileaks" in the title was blocked from Defense Department computers. Jason Smathers decided to submit a Freedom of Information Act request (via the awesome Muckrock.com platform) to the US Air Force to find out what sites it was blocking. And while the Air Force initially denied the request, on appeal it just changed its mind and handed over the list, which you can see below. Most of the blocked URLs are to various Wikileaks mirror sites, but it also covers the major media properties that Wikileaks initially worked with on releasing these documents, including the NY Times and The Gu[a]rdian.

top

Apple and Dropbox Join Fight to Reform Electronic Privacy Law (EFF, 22 Sept 2011) - In April we launched "Who Has Your Back" , a campaign calling on major Internet companies like Google, Amazon and Microsoft to stand with their users when it comes to government demands for users' data. Today, we're pleased to see that two of the thirteen companies highlighted in our petition , Apple and Dropbox, have agreed to one of our requests: that they stand up for user privacy in Congress by joining the Digital Due Process coalition. Digital Due Process is a diverse coalition of privacy advocates like EFF, ACLU and the Center for Democracy & Technology and major companies like AT&T, eBay and Comcast that has come together with the shared goal of modernizing surveillance laws for the Internet age. The DDP coalition is especially focused on pressing Congress to update the woefully-outdated Electronic Communications Privacy Act or "ECPA."

top

Is it Possible to Secure Law Firm Data? (slaw, 22 Sept 2011) - To answer the question, we interviewed our friend and colleague Matt Kesner, the CIO of Fenwick & West LLP, a West Coast law firm representing high tech and bio-tech clients. Matt has "walked the walk" when it comes to security and protecting data. Is the data at a law firm really different or are there "special" considerations when dealing with security within a law firm? Matt suggested that there are a lot of tensions at play within a law firm. There's always the tension between IT and end-users. The end-users are more difficult to tame and are more independent than most other users. They don't necessarily want to comply with the stated policies and procedures, thereby making security a more difficult task. Also, they tend to be driven by what the client wants, which may be in contradiction to the security procedures of the firm. The press hasn't really identified many data breaches that have involved law firms. Since law firms are very much reputation based, they are not all that willing to publicize any data breach that may have occurred. Current data breach laws have changed that practice, but we still don't hear of many specifics concerning law firms. Matt acknowledged that there have been two breaches at his own firm. His advice for security is to learn lessons from breaches so you can avoid a recurrence - at least a recurrence of the same sort of attack. Fortunately for Matt's firm, the security incidents did not involve access to their network. Both occurrences involved their website, which was hosted externally. We are aware of some other firms being compromised, primarily through mobile devices and unprotected laptops. Matt confirmed that law firms are seeing an increase in hacking attempts. Reviews of his own firm's logs show repeated "door rattles" and attempted infiltration of the network. They are being probed a lot more often, tested with various scripts being used to determine vulnerabilities and have experienced a higher proportion of successful malware and phishing attacks against their users. Many attacks appear to be originating from China, which is consistent with our experiences gleaned from security investigations involving these attacks. Our own government has cautioned us that every cell phone and smart phone that goes into China has spyware downloaded on it by the Chinese communications infrastructure. This spyware pretty much has unfettered access to the data that you are sending and receiving even if it is encrypted in transit. Another concern is bringing laptops to China. Matt advised us to weigh the laptop before and after taking it to China as many times hardware monitoring devices will be installed in the laptop itself. He also suggested taking a disposable cell phone when traveling to China. Many in the security field have stated that we are seeing activity from China's "C-level" (rookie) hackers since law firm systems are fairly easy to penetrate. China isn't even wasting the efforts of their "B-level" or "A-level" teams when attacking U.S. systems. Essentially, China's entry level hackers are practicing on U.S. law firm networks before "graduating" to more advanced hacking activities. Matt told us that Chinese students actually take hacking classes and hack Western websites as part of their homework. Pretty scary stuff.

top

Newly Released Documents Reveal Defense Department Intelligence Violations (EFF, 22 Sept 2011) - EFF just received documents that reveal additional post-9/11 Defense Department misconduct, including attempts by the Army to investigate participants at a conference on Islamic law at the University of Texas Law School and Army-issued National Security Letters (NSLs) to telecommunications providers in violation of the law.

top

Even If You Cancel Your OnStar Service, The Company Will Still Track (And Sell) Your Location (TechDirt, 22 Sept 2011) - GM subsidiary OnStar is apparently alerting its customers that even if they decide to cancel their service in the future, OnStar will still track information about them -- and, of course, potentially sell that data: "What's changed [is that if] you want to cancel your OnStar service, we are going to maintain a two-way connection to your vehicle unless the customer says otherwise." OnStar is spinning this as a plan to make it "easier to re-enroll" as a customer, but it also seems to admit that there's demand out there for the data that OnStar collects, so it has plenty of incentive to get more such data, even from non-customers. Of course, they don't even seem to acknowledge the creepiness factor of canceling a service, and then still having that service track your every move. [GM stops - 27 Sept 2011]

top

Author Sues Production Company For Copyright Infringement For Changing The Script It Optioned From Him (TechDirt, 22 Sept 2011) - While significant parts of the rest of the world include a "moral rights" component to copyright (which covers things like proper attribution), the US has always avoided it -- even though it's supposedly required by the Berne Convention, of which the US is a participant. The US has mainly gotten around this because it's the US and it ignores international agreements when it wants to -- but also because it put in a tiny bit of moral rights in extremely limited circumstances that are so rare you'll almost never, ever hear about them. However, it does appear that some are trying to sneak in a form of moral rights via contract.    Copycense points us to the news of a writer, Matthew Jones, who is suing the people who optioned his screenplay (which was based on his own novel, Boot Tracks ) for changing the screenplay without his permission. He apparently wrote into the contract that such changes could not be made without his permission -- and yet the screenplay was changed to help get funding. There's an obvious contractual breach in there, but Jones is also claiming copyright infringement, suggesting that, by breaking the agreement, they were also creating an unauthorized derivative work. In this case, it's a little more confusing, because there's some question as to when the producer and director actually exercised the option to buy the screenplay/make the film. Either way, it may make for an interesting case and it makes me wonder if we'll start to see more efforts by content creators to enforce such moral-like rights via contract.

top

More Offices Let Workers Choose Their Own Devices (NYT, 23 Sept 2011) - Throughout the information age, the corporate I.T. department has stood at the chokepoint of office technology with a firm hand on what equipment and software employees use in the workplace. They are now in retreat. Employees are bringing in the technology they use at home and demanding the I.T. department accommodate them. The I.T. department often complies. Some companies have even surrendered to what is being called the consumerization of I.T. At Kraft Foods, the I.T. department's involvement in choosing technology for employees is limited to handing out a stipend. Employees use the money to buy whatever laptop they want from Best Buy, Amazon.com or the local Apple store. "We heard from people saying, 'How come I have better equipment at home?' " said Mike Cunningham, chief technology officer for Kraft Foods. "We said, hey, we can address that." Encouraging employees to buy their own laptops, or bring their mobile phones and iPads from home, is gaining traction in the workplace. A survey published on Thursday by Forrester Research found that 48 percent of information workers buy smartphones for work without considering what their I.T. department supports. By being more flexible, companies are hoping that workers will be more comfortable with their devices and therefore more productive. Corporate I.T. departments often resist allowing consumer technology on their networks because of security concerns. "They're over the denial and anger stage, and now they are in the acceptance and 'How can we help?' stage," said Mr. Schadler, who co-wrote the book "Empowered," which addresses consumer technology in the workplace. "What broke the camel's back was the iPad, because executives brought it into the company and said 'Hey, you've got to support this.'" Kraft's program is not quite companywide, however. Executives who handle confidential information, people who use laptops to operate production equipment, and most factory workers are ineligible. "It's a relatively small part of the company," Mr. Cunningham. "But it addresses the majority of the noise and complaining." [Editor: Even law firms are doing this; Wilson Sonsini's CIO, Phillip Hoare, is one of the early forward-thinkers here, and is crafting a process that helps assure security and confidentiality, even on employee-owned smart devices. Kudos.]

top

Three Emerging Cyber Threats (Bruce Schneier, 23 Sept 2011) - On Monday I participated a panel at the Information Systems Forum in Berlin. The moderator asked us what the top three emerging threats were in cyberspace. I went last, and decided to focus on the top three threats that are not criminal: (1) The Rise of Big Data . By this I mean industries that trade on our data. These include traditional credit bureaus and data brokers, but also data-collection companies like Facebook and Google. They're collecting more and more data about everyone, often without their knowledge and explicit consent, and selling it far and wide: to both other corporate users and to government. Big data is becoming a powerful industry, resisting any calls to regulate its behavior. (2) Ill-Conceived Regulations from Law Enforcement. We're seeing increasing calls to regulate cyberspace in the mistaken belief that this will fight crime. I'm thinking about data retention laws, Internet kill switches , and calls to eliminate anonymity . None of these will work, and they'll all make us less safe.  (3)The Cyberwar Arms Race. I'm not worried about cyberwar , but I am worried about the proliferation of cyber weapons. Arms races are fundamentally destabilizing, especially when their development can be so easily hidden. I worry about cyberweapons being triggered by accident, cyberweapons getting into the wrong hands and being triggered on purpose, and the inability to reliably trace a cyberweapon leading to increased distrust. Plus, arms races are expensive. -- That's my list, and they all have the potential to be more dangerous than cybercriminals.

top

Facebook Hosts 4% Of All Photos Ever Taken In History (TechDirt, 24 Sept 2011) - For all the talk of how content creation is going down the drain due to lax copyright enforcement, it seems that everywhere we look, we just keep seeing more and more and more content creation. The latest is a report that Facebook currently hosts 4% of all photos ever taken . Specifically, it hosts 140 billion photos out of 3.5 trillion photos taken in history. Now, obviously, technology change is at work here. Photography really only showed up for real about a century and a half ago, and didn't really hit the mainstream until less than a century ago. And, of course, for most of that time it involved (sometimes expensive) film and the expensive step of processing it. Photography has exploded over the last decade or so with the rise of digital cameras, and, of course, high quality digital cameras built into mobile phones.   But, really, that raises a bigger point: the tools of creation for all sorts of things have been changing rapidly and making it easier and cheaper to create content, whether it's a photograph, a song, a movie, a book or.. well... just about anything. We're being inundated with new creative works... at the same time we're being told that content creation is dying. Now, to be fair, much of the content production we're talking about is amateur production, but some of that is of fantastic quality, and is leading people into professional content creation roles. But, I guess this raises a separate question. What is the real purpose of copyright? Is it only to incentivize professional content creation , or to incentivize content creation overall? Given the stated purpose is to "promote the progress," and to provide the public with more content, I would argue the goal is to promote more overall content, and it seems that technology is doing a much better job of that than copyright.

top

Metropolitan Museum Unveils Revamped Web Site (NYT, 26 Sept 2011) - The Metropolitan Museum of Art, which has been trying to rebrand itself over the last year as a visitor-friendly art behemoth, unveiled a redesigned Web site on Monday, the first time the site has been thoroughly updated in more than a decade. It includes several new features that are beginning to become standard for large museums, like a zoomable, clickable floor plan similar to one the Art Institute of Chicago created two years ago. The Met's version allows prospective visitors to look closely at almost 400 galleries to see what to expect, and visitors already at the museum to use smartphones on parts of the site to find their way to favorite artworks. The site also shows off the results of a huge undertaking ordered by Thomas P. Campbell, the museum's director: that the curatorial departments make images and information available online for all of the almost two million items in the collection. About 340,000 comprehensive entries for objects are included on the revamped site, 200,000 of which have been created over the last nine months. The site also has a new multimedia section, making videos, recorded lectures, interactive educational programs and other digital projects more easily accessible.

top

In China, Business Travelers Take Extreme Precautions to Avoid Cyber-Espionage (Washington Post, 26 Sept 2011) - Packing for business in China? Bring your passport and business cards, but maybe not that laptop loaded with contacts and corporate memos. China's massive market beckons to American businesses - the nation is the United States' second-largest trading partner - but many are increasingly concerned about working amid electronic surveillance that is sophisticated and pervasive. Security experts also warn about Russia, Israel and even France, which in the 1990s reportedly bugged first-class airplane cabins to capture business travelers' conversations. Many other countries, including the United States, spy on one another for national security purposes. But China's brazen use of cyber-espionage stands out because the focus is often corporate, part of a broader government strategy to help develop the country's economy, according to experts who advise American businesses and government agencies. "I've been told that if you use an iPhone or BlackBerry, everything on it - contacts, calendar, e-mails - can be downloaded in a second. All it takes is someone sitting near you on a subway waiting for you to turn it on, and they've got it," said Kenneth Lieberthal, a former senior White House official for Asia who is at the Brookings Institution. Some industrial cyber-espionage takes place in the U.S corporate world, experts say, but not nearly to the extent found in China. Also, the U.S. government reportedly does not conduct economic espionage on behalf of U.S. industry. Travelers there often tote disposable cellphones and loaner laptops stripped of sensitive data. Some U.S. officials take no electronic gear. And a few corporate executives detour to Australia rather than risk talking business in a bugged Chinese hotel room. Other travelers hide files on thumb drives, which they carry at all times and use only on off-line computers. One security expert, who spoke on the condition of anonymity to avoid drawing scrutiny from the Chinese government, buys a new iPad for each visit, then never uses it again. "It's real easy for them [the Chinese] to read everything that goes in and out of the country because the government owns all the networks," said Jody Westby, chief executive of Global Cyber Risk, a consulting firm. "The real problem here is economic espionage," she said. "There are countries where the search for economic information and high-value data is so aggressive that companies or people are very hesitant about taking their laptops to those countries." Business travelers began adopting such safety measures for China several years ago, experts say. On the eve of the 2008 Beijing Olympics, Joel Brenner, then the U.S. national counterintelligence executive, first issued government safety guidance to overseas travelers, with such tips as: "If you can do without the device, don't take it."

top

Firings, Discipline Over Facebook Posts Leads to Surge in Legal Disputes (Business Insider, 26 Sept 2011) - In the age of instant tweets and impulsive Facebook posts, some companies are still trying to figure out how they can limit what their employees say about work online without running afoul of the law. Confusion about what workers can or can't post has led to a surge of more than 100 complaints at the National Labor Relations Board - most within the past year - and created uncertainty for businesses about how far their social media policies can go. "Employers are struggling to figure out what the right policies are and what they should do when these cases arise," said Michael Eastman, labor law policy director at the U.S. Chamber of Commerce. In one case, a Chicago-area car salesman was fired after going on Facebook to complain that his BMW dealership served overcooked hot dogs, stale buns and other cheap food instead of nicer fare at an event to roll out a posh new car model. The NLRB's enforcement office found the comments were legally protected because the salesman was expressing concerns about the terms and conditions of his job, frustrations he had earlier shared in person with other employees. But the board's attorneys reached the opposite conclusion in the case of a Wal-Mart employee who went on Facebook to complain about management "tyranny" and used an off-color Spanish word to refer to a female assistant manager. The worker was suspended for one day and disqualified from seeking promotion for a year. The board said the postings were "an individual gripe" rather than an effort to discuss work conditions with co-workers and declined to take action against the retailer. Those cases are among 14 investigations the board's acting general counsel, Lafe Solomon, discussed in a lengthy report last month on the rise in social media cases. Solomon says federal law permits employees to talk with co-workers about their jobs and working conditions without reprisal - whether that conversation takes place around the water cooler or on Facebook or Twitter. "Most of the social media policies that we've been presented are very, very overbroad," Solomon said in an interview. "They say you can't disparage or criticize the company in any way on social media, and that is not true under the law." The number of cases spiked last year after the board sided with a Connecticut woman fired from an ambulance company after she went on Facebook to criticize her boss. That case settled earlier this year, with the company agreeing to change its blogging and Internet policy that had banned workers from discussing the company over the Internet. The National Labor Relations Act protects both union and nonunion workers when they engage in "protected concerted activity" - coming together to discuss working conditions. But when online comments might be seen by hundreds or thousands of eyeballs, companies are concerned about the effect of disparaging remarks. Doreen Davis, a management-side labor lawyer based in Philadelphia, said many of her corporate clients are often "surprised and upset" when they learn they can't simply terminate employees for talking about work online. "All of us on the management side are being inundated with calls and inquiries from clients about this," Davis said. "A lot of companies want their social media policies reviewed or they want to establish one for the first time." But the NLRB's Solomon also warns workers that not everything they write on Facebook or Twitter will be permissible under the law just because it discusses their job. "A lot of Facebook, by its very nature, starts out as mere griping," Solomon said. "We need some evidence either before, during or after that you are looking to your fellow employees to engage in some sort of group action."

top

Marine Corps Social Media Principles Manual (BeSpacific, 27 Sept 2011) - "The Marine Corps must continuously innovate to communicate in media-intensive environments, to remain the nation's force in readiness. This mission is based on the Marine Corps Vision and Strategy 2025 and the public affairs tasks outlined in the Marine Corps Service Campaign Plan for 2009-2015. While building and launching a social media program or accessing a favorite social media site can sometimes be fast, easy, and inexpensive. Existing rules for public affairs as well as personal conduct still apply. The Marine Corps encourages Marines to explore and engage in social media communities at a level they feel comfortable with. The best advice is to approach online communication in the same way we communicate in person - by using sound judgment and common sense, adhering to the Marine Corps' core values of honor, courage and commitment, following established policy, and abiding by the Uniform Code of Military Justice (UCMJ). The social media principles provided in this handbook are intended to outline how our core values should be demonstrated, to guide Marines through the use of social media whether personally involved or when acting on behalf of the Marine Corps." Manual here .

top

Better Ideas Through Failure (WSJ, 27 Sept 2011) - To pitch a prospective client for her ad agency, Amanda Zolten knew she a had to take a risk. But the client's product-kitty litter-posed a unique challenge. Lucy Belle, Ms. Zolten's cat, furnished the answer. Before she and her team met with six of the company's executives, Ms. Zolten buried Lucy Belle's mess in a box of the company's litter and pushed it under the conference-room table. No one noticed until Ms. Zolten pointed it out-and the fact that no one had smelled it. Shocked, several executives pushed back from the table. Two left the room. After a pause, those who remained started laughing, says Ms. Zolten, a senior vice president with Grey New York. "We achieved what we hoped, which was creating a memorable experience," she says. She won't know for a few weeks whether Grey won the business. But her boss, Tor Myhren, has already named Ms. Zolten the winner of his first quarterly "Heroic Failure" award-for taking a big, edgy risk. Amid worries that we are becoming less innovative, some companies are rewarding employees for their mistakes or questionable risks. The tactic is rooted in research showing that innovations are often accompanied by a high rate of failure. "Failure, and how companies deal with failure, is a very big part of innovation," says Judy Estrin of Menlo Park, Calif., a founder of seven high-tech companies and author of a book on innovation. Failures caused by sloppiness or laziness are bad. But "if employees try something that was worth trying and fail, and if they are open about it, and if they learn from that failure, that is a good thing."

top

Taking A Computer Out of Screensaver Mode to See Suspect's Facebook Wall Is a Fourth Amendment Search (Volokh Conspiracy, 27 Sept 2011) - The legal question: When a computer is in screensaver mode, does a police officer's touching a key or moving the mousepad in order to reveal the contents of the screen constitute a Fourth Amendment "search"? The facts: The local police received a few citizen calls about a threat posted on Craigslist regarding possible planned violence at a local shopping mall. The police contacted Craiglist and obtained contact information for the person who posted the threat. They visited the man at his home, and the man invited the officers inside. While the officers were present in the home, an officer saw a laptop computer that was either off or in screensaver mode. The officer touched a key or moved the mousepad, and the computer came out of screensaver mode. The officer could then see the contents of the screen, and those contents revealed the suspect's Facebook wall. The Facebook wall contained a "status update" in which the suspect discussed the mall and wrote that another mall was next, and it also showed that the defendant had "liked" a group about the need to change the mall. The police arrested the suspect and took a way the computer. After being charged with making a threat, the suspect-turned-defendant moved to suppress the information relating to the threat found on the computer. He argued, among other things, that taking his computer out of screensaver mode to see the Facebook Wall was a "search" that required some sort of justification under the Fourth Amendment. The ruling:" In United States v. Musgrove , 2011 WL 4356521 (E.D.Wis. 2011) (Joseph, M.J.): Whether there is a search here is a close call because the officer did not actively open any files. A truly cursory inspection-one that involves merely looking at what is already exposed to view, without disturbing it-is not a "search" for Fourth Amendment purposes. Arizona v. Hicks, 480 U.S. 321, 328 (1987). However, this is not such a case. By touching a key or moving the mouse, the officer put into view the Facebook wall, which was not previously in view. Though a close call, the Court concludes that this was a search, however minimal, which required further authority, a warrant or consent. The government submits that the officer's manipulation of the computer was for the purpose of seizing the computer, not to conduct a preliminary search. However, intent is not generally relevant in assessing whether a search ensued. See, e.g., United States v. Mann, 592 F.3d 779, 784 (7th Cir.2010)(citing Platteville Area Apt. Ass'n v. City of Platteville, 179 F.3d 574, 580 (7th Cir.1999)). The Court therefore recommends that the defendant's Facebook wall be suppressed."

top

Bankrupt Borders Sells Customer Data to Barnes & Noble (EPIC, 28 Sept 2011) - A bankruptcy court in New York has approved the sale of customer information, including email addresses, phone numbers, mailing addresses, and birthdates, from Borders to Barnes & Noble, following an earlier determination that the transfer violated Border's privacy policy. The judge has now required that former Borders customers receive an email notification and that the companies place prominent notices on their web sites and take outs ads in USA Today. Customers will have 15 days to opt-out of the transfer.

top

Which Telecoms Store Your Data the Longest? Secret Memo Tells All (Wired, 28 Sept 2011) - The nation's major mobile-phone providers are keeping a treasure trove of sensitive data on their customers, according to newly-released Justice Department internal memo that for the first time reveals the data retention policies of America's largest telecoms. The single-page Department of Justice document, " Retention Periods of Major Cellular Service Providers ," (.pdf) is a guide for law enforcement agencies looking to get information - like customer IP addresses, call logs, text messages and web surfing habits - out of U.S. telecom companies, including AT&T, Sprint, T-Mobile and Verizon. The document, marked "Law Enforcement Use Only" and dated August 2010, illustrates there are some significant differences in how long carriers retain your data. Verizon, for example, keeps a list of everyone you've exchanged text messages with for the past year, according to the document. But T-Mobile stores the same data up to five years. It's 18 months for Sprint, and seven years for AT&T. That makes Verizon appear to have the most privacy-friendly policy. Except that Verizon is alone in retaining the actual contents of text messages. It allegedly stores the messages for five days, while T-Mobile, AT&T, and Sprint don't store them at all. The document was unearthed by the American Civil Liberties Union of North Carolina via a Freedom of Information Act claim. (After the group gave a copy to Wired.com, we also discovered it in two other places on the internet by searching its title.) "People who are upset that Facebook is storing all their information should be really concerned that their cell phone is tracking them everywhere they've been," said Catherine Crump, an ACLU staff attorney. "The government has this information because it wants to engage in surveillance." The biggest difference in retention surrounds so-called cell-site data. That is information detailing a phone's movement history via its connections to mobile phone towers while its traveling. Verizon keeps that data on a one-year rolling basis; T-Mobile for "a year or more;" Sprint up to two years, and AT&T indefinitely, from July 2008.

top

Pennsylvania Appeals Court Rules Text Messages Were Inadmissible Hearsay (ABA Journal, 28 Sept 2011) - A Pennsylvania appeals court has overturned a woman's drug conviction because text messages on her phone were admitted as evidence at trial. The Pennsylvania Superior Court said there was no showing that the defendant wrote the 13 drug-related text messages and they were inadmissible hearsay, the Legal Intelligencer reports. The defendant, Amy Koch, had been convicted of possession with intent to deliver marijuana and possession of marijuana as an accomplice. The trial court had reasoned that doubts about the identity of the sender or recipient of text messages went to the weight of the evidence rather than admissibility. "We disagree," the appeals court opinion said. "Authentication is a prerequisite to admissibility. … Circumstantial evidence, which tends to corroborate the identity of the sender, is required." Such authentication evidence was not offered in Koch's case, the court said. "Glaringly absent in this case is any evidence tending to substantiate that appellant wrote the drug-related text messages. No testimony was presented from persons who sent or received the text messages. There are no contextual clues in the drug-related text messages themselves tending to reveal the identity of the sender." [Editor: I wonder if her phone was password-protected, or was useable by anyone.]

top

Our Pleasure to Serve You: More Lawyers Look to Social Networking Sites to Notify Defendants (ABA Journal, 1 Oct 2011) - Although Jessica Mpafe had not seen her husband in years, she assumed he moved back to West Africa's Ivory Coast. Mpafe of Minnesota had no physical address to serve him with divorce papers. So she asked the court whether she could send the notice by general delivery, where the post office holds mail until the recipient calls for it. Kevin S. Burke, the Hennepin County, Minn., judge presiding over the case, thought that would be a waste of postage. "General delivery made sense 100 years ago, but let's be real," says Burke, implying that few use it anymore. Nor did the judge trust publishing legal notices in a trade paper when the defendant can't be located. "Nobody, particularly poor people, is going to look at the legal newspaper to notice that their spouse wants to get divorced," Burke says. On May 10 the judge wrote an order authorizing Mpafe to serve notice of process to her husband by email, "Facebook, Myspace or any other social networking site." His order stated that while the court allowed service by publication in a legal newspaper, it was unlikely the respondent would see it. "The traditional way to get service by publication is antiquated and is prohibitively expensive," Judge Burke wrote. "Service is critical, and technology provides a cheaper and hopefully more effective way of finding respondent." It was something of a radical move. While courts in Australia, Canada, New Zealand and the United Kingdom embrace electronic legal notice, it's rare in the United States. Many state and federal statutes disallow electronic service of process, lawyers say. In federal cases, some attorneys cite Federal Rule of Civil Procedure 4(f)(3), which allows service only for foreign defendants "by other means not prohibited by international agreement, as the court orders."

top

NOTED PODCASTS

The Hacker's Aegis - Protecting Hackers From Lawyers (Berkman podcast, 18 July 2011, 68 minutes) - Research on software security vulnerabilities is a valuable example of peer production. However, hackers are often threatened with intellectual property lawsuits by companies who want to keep flaws secret. Oliver Day - a senior security researcher for Internet titan Akamai - and Derek Bambauer - a professor of internet law at Brooklyn Law School - propose a liability shield for security research to improve cybersecurity in a world dependent on cloud computing and mobile platforms. [Editor: thought-provoking discussion, including a strawman framework for publicizing bugs, and the liability implications for vendors who fail to fix them. Intriguing, half-formed discussion of what motivates vendors to sue bug-discoverers.]

top

LOOKING BACK - MIRLN TEN YEARS AGO

THE PHANTOM EDIT (Salon.com, 5 November 2001) -- "Star Wars: Episode 1 - The Phantom Menace" was widely panned by both critics and fans, but some fans did not take the film sitting down. Shortly after the film's release on video, a fan who calls himself the "Phantom Editor" re-cut the movie, making it shorter and crisper - and, yes, Jar Binks is mostly cut out of the re-edit. Shortly thereafter, other fans created still other cuts of the movie using the very digital editing technology of which George Lucas is so enamored. An underground online trading network sprung up and flourished, and eventually people began to sell their re-edited versions - much to the alarm of Lucasfilm's copyright lawyers. Salon looks at this major shift in the artistic landscape, the first time movie fans have seized the power to re-imagine and possibly improve upon the work of the professionals. http://www.salon.com/ent/movies/feature/2001/11/05/phantom_edit/index.html

top

CHINESE WILL BE MOST-USED LANGUAGE ON WEB BY 2007 Chinese will top English as the most-used language on the Web by 2007, according to forecasts by the World Intellectual Property Organization. Currently, a slim majority of the world's 460-million-plus Internet users are from English-speaking backgrounds, but by next year most Internet users will have a mother tongue other than English, and by 2003 a third of users will be communicating in another language online. The development will bring a proliferation of multilingual domain technical problems and disputes over the use of trademarks as domain names, says WIPO. (Financial Times 7 Dec 2001) http://news.ft.com/news/industries/internet&e-commerce

top

NOTES

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. BNA's Internet Law News, http://ecommercecenter.bna.com

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. Readers' submissions, and the editor's discoveries.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

MIRLN --- 21 August – 10 September 2011 (v14.12)

2011-09-10T07:30:00.000-04:00

MIRLN --- 21 August - 10 September 2011 (v14.12) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

NEWS | FUN | LOOKING BACK | NOTES

Enter the Cyber-dragon
Stuxnet as Cyberwarfare: Applying the Law of War to the Virtual Battlefield
U.S. Defense Firms Face Relentless Cyberattacks
Duty to Protect the Confidentiality of E-mail Communications with One's Client
Federal Judge Finds Cloud Music Lockers Do Not Violate Copyrights
Khan Academy Integrates With Digital Textbooks
Judge Says Warrant Required For Cell Phone Location Data
Consumer Reviews at "Local" Review Sites Don't Support Jurisdiction
Embedded Serial Number Helps Photographer Find His Stolen Camera
With CIA Help, NYPD Moves Covertly In Muslim Areas
15 Years for Recording a Talk with Cops? Woman Avoids Prison with Acquittal
Law Profs Worry That Plan to Pulp Millions of Federal Court Files Will Destroy Historical Goldmine
4 More Universities Join Effort on 'Orphan Works'
The EFF Reflects On ICE Seizing a TOR Exit Node
Fair Use Face-Off, Canadian Edition
New California Law Prohibits Jurors' Social Media Use
Overreactive Guidance for Social Networking Du Jour -- NLRB Edition
Posting a Privacy Policy May Not Be Enough - NARC to Enforce Industry Principles
Nearly Half of Computer Users Get Software Illegally
The Legality of Government Critical Infrastructure Monitoring
The Spy Who Tweeted Me: Intelligence Community Wants to Monitor Social Media

Enter the Cyber-dragon (Vanity Fair, August 2011) - Hackers have attacked America's defense establishment, as well as companies from Google to Morgan Stanley to security giant RSA, and fingers point to China as the culprit. The author gets an exclusive look at the raging cyber-war-Operation Aurora! Operation Shady rat !-and learns why Washington has been slow to fight back. [Editor: lengthy, readable and comprehensive - has a myriad of details I'd not known, and is well worth your time. We saw this coming back in the early 1990s when I was at Schlumberger; there's even less defense today than then.]

- and -

Stuxnet as Cyberwarfare: Applying the Law of War to the Virtual Battlefield (John Richardson, SSRN, 22 July 2011) - In the field of international humanitarian law, there are a number of questions about the conduct of warfare in the cyber domain. In some cases, answers can be gleaned from treaties and customary international law but in other instances, solutions are seemingly intractable, begging for solutions that may only be answered by technology itself. From a legal perspective, such oversimplifications trivialize humanitarian law as well as other legal constructs already struggling to address complex issues in the cyber realm. It is within this context that this paper focuses on a recent event known as Stuxnet, a computer virus that infected and damaged a nuclear research facility in Natanz, Iran. Reflecting on this particular cyber attack, this paper addresses two IHL issues: Does the Stuxnet attack rise to the level of an armed attack within the meaning of international humanitarian law? If so, did it adhere to the two core principles of IHL, namely distinction and proportionality? This paper finds that the Stuxnet attack does in fact rise to the level of an armed attack within the meaning of IHL and adheres to the principles of distinction and proportionality.

- and -

U.S. Defense Firms Face Relentless Cyberattacks (Reuters, 7 Sept 2011) - U.S. defense industries are facing relentless, sophisticated foreign attacks on their computer networks, a threat company leaders say poses a risk of significant damage and may require the government to take greater protective action. Top U.S. defense contractors speaking at the Reuters Aerospace and Defense Summit said many of the attacks appeared to be state-sponsored and came from multiple countries, but they declined to point a finger at any particular government. "Every defense company is constantly under attack. If anybody tells you they're not, it just means they don't know," said Northrop Grumman (NOC.N) Chief Executive Wes Bush. "It is a threat that is broad-based. It's not just from one source ... and it's just unceasing." David Hess, the president of engine maker Pratt & Whitney, a unit of United Technologies Corp (UTX.N), said he suspected the attacks against his firm's network were coming from "foreign countries" but "none that I'd like to mention." "I can say the attacks are sophisticated," he added. "It's not the result of some guy with sneakers in his cubicle hacking away at a computer screen." Lockheed Martin Corp (LMT.N) Chief Executive Robert Stevens, whose company thwarted a serious cyberattack in late May, said incursions faced by defense industries are "very persistent." To explore ways to cope with the problem, the Pentagon and Department of Homeland Security launched the Defense Industrial Base Cyber Pilot, a program for sharing classified and sensitive data about cyberattacks.

Duty to Protect the Confidentiality of E-mail Communications with One's Client (ABA Formal Opinion 11-459 , 4 August 2011) - A lawyer sending or receiving substantive communications with a client via e-mail or other electronic means ordinarily must warn the client about the risk of sending or receiving electronic communications using a computer or other device, or e-mail account, where there is a significant risk that a third party may gain access. In the context of representing an employee, this obligation arises, at the very least, when the lawyer knows or reasonably should know that the client is likely to send or receive substantive client- lawyer communications via e-mail or other electronic means, using a business device or system under circumstances where there is a significant risk that the communications will be read by the employer or another third party. ABA Journal article (8 Sept) here ; related article about a possible duty to disclose (by employer, who has found employee emails to the employee's counsel) here .

Federal Judge Finds Cloud Music Lockers Do Not Violate Copyrights (ReadWriteWeb, 22 August 2011) - A federal judge in New York ruled today in the defendant's favor on a copyright infringement case brought EMI and 14 record companies against cloud music locker service MP3tunes. Judge William H. Pauley III found that cloud-based music lockers are, for the most part, legally in the clear. The judge found that "MP3tunes did not promote infringement" by offering an open cloud storage service for music, meaning that it, as well as big-name services like Google Music and Amazon Cloud Drive, are on the right side of the law. The record companies claimed that services like these duplicate files in ways that violate copyrights, that they don't do enough to stop repeat infringers, and that playing back songs from a locker constitute a "public performance," which would require a license for the material. The judge rejected all these claims, finding that MP3tunes is protected as a service provider under the Digital Millennium Copyright Act (DMCA). The plaintiffs also argued that works recorded prior to 1972 were not protected by the DMCA, but the judge overturned this charge as well. Overall, this is a resounding victory for cloud locker services and their users, though, as Robertson says, "it was not a complete victory[, and it was] not a final ruling," because some elements can still be appealed. EMI's case relied on several misconstructions of the nature of these services, and the judge turned those aside. EMI claimed that these cloud services host a "master copy" of a file within their service, so that users who upload the same song are just playing one digital copy hosted by the service. Playing that file would constitute a "public performance" that would require a license. But in reality, cloud locker services store individual copies of a user's own music, so they are merely service providers, and they can't be held accountable for copyright violations. [See also "Judge Rules 'Locker' Site is Not Direct Copyright Infringer" (ArsTechnica, 12 July 2011) from MIRLN 14.10 ] and "Unlicensed: Are Google Music and Amazon Cloud Player Illegal? (ArsTechnica, 4 July 2011)" from MIRLN 14.09 .] See also EFF's analysis: https://www.eff.org/deeplinks/2011/08/mp3tunes-victory-music-lockers-is-good -- "*** One of those requirements is that the OSP maintain a repeat infringer policy. We've written before about this somewhat vague provision of the DMCA, and we were happy to see the MP3tunes court reaffirm what we already knew: that an OSP is only required to do 'what it can reasonably be asked to do' and it has 'no affirmative duty to police [its] users.' The court went even further, implying that a repeat infringer policy need only target 'blatant infringers'."

Khan Academy Integrates With Digital Textbooks (Mashable, 22 August 2011) - The 12-minute video lectures that Bill Gates has called "the start of a revolution" will now be linked with the material in some digital textbooks. Etextbook maker Kno announced Monday that it will integrate thousands of tutorial videos from Khan Academy into its books. Khan Academy has been praised and funded by both Gates and Google. At its core, it's a database of instructional YouTube videos that its founder, Salman Kahn, started creating in order to help his cousins with their math homework. Video production quality does not extend beyond the capabilities of Microsoft Paint, but Khan has a knack for making calculus seem like gradeschool math (the archive contains videos on both topics) that has made his tutorials a popular resource for independent learning. Kno will be linking them to its books through a new "smart links" feature. When students click on a Khan Academy tutorial from a new tab on one of Kno's digital pages, Khan's explanation of that topic plays within the book. Kno worked with Kahn Academy to implement its tutorials for the feature's launch. Eventually, Kno Vice President of Marketing Ousama Haffar says, the feature will expand to include other educational images and videos. The digital textbook maker is also adding a 3D feature that allows users to turn images like molecule diagrams into 3D objects that rotate on the page.

Judge Says Warrant Required For Cell Phone Location Data (ArsTechnica, 23 August 2011) - In recent years, the courts have struggled to decide whether the government needs a warrant to access historical records about a cell phone user's location. Some courts have found that when users turn on their cell phones, they "voluntarily" transmit their location to their cell phone providers and thereby waive any expectation of privacy. On Monday, Judge Nicholas Garaufis of the Eastern District of New York soundly rejected this line of reasoning. The federal government had asked the courts to order Verizon Wireless to turn over 113 days of location data about a suspect's cell phone. It did so under a provision of the Stored Communications Act that only requires law enforcement to show that the records are "relevant and material to an ongoing criminal investigation." Does the government violate the Constitution when it obtains location data without meeting the Fourth Amendment's "probable cause" standard? Some courts have found that it does not. But in a 22-page opinion, Judge Garaufis analyzed and rejected these other courts' arguments, holding that law enforcement needs a warrant to obtain months of location data. "The fiction that the vast majority of the American population consents to warrantless government access to the records of a significant share of their movements by 'choosing' to carry a cell phone must be rejected," he wrote. "In light of drastic developments in technology, the Fourth Amendment doctrine must evolve to preserve cell-phone user's reasonable expectation of privacy in cumulative cell-site-location records." Decision here .

Consumer Reviews at "Local" Review Sites Don't Support Jurisdiction (Eric Goldman, 23 August 2011) - It doesn't bring me a lot of joy to blog another Internet jurisdiction case, but the dispute's substantive issues are important enough to blog this case. Wilkerson's daughter won the California lottery. RSL approached her to buy the future payouts for a lump sum. The daughter took RSL's deal, but things didn't go well. In response, her dad posted negative reviews of RSL at Yahoo Local and Yelp. In both cases, the review pages allegedly indicated RSL's location, and Wilkerson's reviews indicated he knew the company was located in Houston. He also tried to drum up interest in a class action suit. RSL sued in Texas state court, and Wilkerson interposed a jurisdictional defense. The majority starts by wisely bypassing the Zippo test. For the number of times it's cited, the Zippo test is often unhelpful and unenlightening. Citing several cases, the majority says the Zippo test would apply to the review site operator but not an individual reviewer: "* * * to the extent that the interactive features of Yahoo! and Yelp are the creations of the owners and operators of those websites, the interactive nature of a large-scale ubiquitous internet presence cannot be fully imputed to an individual user such as Wilkerson for the purpose of determining whether he established minimum contacts with Texas sufficient to justify exercising jurisdiction over him....Thus for purposes of analyzing personal jurisdiction over an individual in a case arising from his internet activity, we decline to reflexively apply the sliding-scale analysis of the interactivity of a commercial internet website to determine jurisdiction over the individual website user." Amen. This year I added the Illinois v. Hemi 7th Circuit jurisdictional ruling, where the court expressly rejected the Zippo test. Perhaps we're seeing the leading edge of anti-Zippo trend. Personally, I wouldn't shed a tear if the Zippo test were retired--permanently. The majority instead turns to the "purposeful availment" test. The majority cites the Calder v. Jones case and notes that it looked at the "effects" of the defendant's action, but it doesn't call its test the "Effects test," and I think that affects the result. A consumer reviewer doesn't avail itself of the laws of the state its target is located in, but it might intentionally cause tortious effects in the state. I think the majority mucked this distinction. Case is Wilkerson v. RSL Funding, LLC , 2011 WL 3516147 (Tex. App. Ct. Aug. 11, 2011)

Embedded Serial Number Helps Photographer Find His Stolen Camera (TechCrunch, 24 August 2011) - A photographer, John Heller, had $9,000 worth of gear stolen at a shoot in Hollywood. After giving up all hope of ever getting his Nikon D3 back, he checked with a site called GadgetTrak that scans Flickr and other image upload sites for photos matching the serial number of his DSLR. In a few seconds he had found shots with serial numbers matching his D3 belonging to a professional photographer. With the help of the police he got his gear back and now the tracking service is a recommend site for LAPD detectives on the hunt for fugitive cameras. Want to give it a try? You can search the service for free. It currently holds 10 million serial numbers and it checks sites like 500px.com and Flickr for recent shots. Also note that you should probably write down your camera's serial number ASAP for this to work correctly at all.

With CIA Help, NYPD Moves Covertly In Muslim Areas (AP, 24 August 2011) - In New Brunswick, N.J., a building superintendent opened the door to apartment No. 1076 one balmy Tuesday and discovered an alarming scene: terrorist literature strewn about the table and computer and surveillance equipment set up in the next room. The panicked superintendent dialed 911, sending police and the FBI rushing to the building near Rutgers University on the afternoon of June 2, 2009. What they found in that first-floor apartment, however, was not a terrorist hideout but a command center set up by a secret team of New York Police Department intelligence officers. From that apartment, about an hour outside the department's jurisdiction, the NYPD had been staging undercover operations and conducting surveillance throughout New Jersey. Neither the FBI nor the local police had any idea. Since the terrorist attacks of Sept. 11, 2001, the NYPD has become one of the country's most aggressive domestic intelligence agencies. A months-long investigation by The Associated Press has revealed that the NYPD operates far outside its borders and targets ethnic communities in ways that would run afoul of civil liberties rules if practiced by the federal government. And it does so with unprecedented help from the CIA in a partnership that has blurred the bright line between foreign and domestic spying. Neither the city council, which finances the department, nor the federal government, which contributes hundreds of millions of dollars each year, is told exactly what's going on.

15 Years for Recording a Talk with Cops? Woman Avoids Prison with Acquittal (ABA Journal, 25 August 2011) - A woman charged under Illinois' obscure eavesdropping law for secretly recording her conversation with two Chicago cops has been acquitted. Jurors acquitted Tiawanda Moore after deliberating less than an hour, the Chicago Tribune reports. She was charged under an Illinois law that bars the recording of public conversations without permission; potential penalties increase to 15 years in prison when cops are secretly recorded. Only a few states have similar laws. Moore recorded her conversation with two officers from the police department's internal investigations unit because she believed they were trying to talk her into dropping a sexual harassment complaint against a patrol officer, the story says. Juror Ray Adams told the Tribune that he and other jurors thought the prosecution was "just a waste of time" and the officers "came across as intimidating and insensitive." Moore's defense relied on an exception that allows recordings based on a reasonable suspicion a crime may be committed. The ACLU filed a suit last year arguing that the law cannot be constitutionally applied to individuals who record police performing public duties in a public place, according to the ACLU of Illinois website . An appeal pending before the Chicago-based 7th U.S. Circuit Court of Appeals seeks to reinstate the suit after a federal judge dismissed it. The case is ACLU v. Alvarez . [Editor: see also Gene Volokh's post " First Amendment Right to Openly Record Police Officers in Public ", parsing the 1st Circuit case of Glik v. Cunniffe .]

Law Profs Worry That Plan to Pulp Millions of Federal Court Files Will Destroy Historical Goldmine (ABA Journal, 25 August 2011) - In the digital age, there's less of a need to keep paper records on hand, and federal officials are in the process of destroying millions of court files in an effort to cut storage costs. But law professors and historians say seemingly mundane material can be a treasure trove of historical information that is forever lost when shredded, pounded to pulp and recycled, the Associated Press reports. Among materials slated for destruction, according to the National Archives and Records Administration, are more than 10 million bankruptcy case files and several million more U.S. District Court district court files dating from 1970 to 1995. Theodore Eisenberg, a Cornell Law School professor who clerked for the late Justice Earl Warren at the U.S. Supreme Court, predicts that "really important" information about historic trends that help determine appropriate policy will be lost as a result of the records destruction.

4 More Universities Join Effort on 'Orphan Works' (InsideHigherEd, 25 August 2011) - Cornell, Duke, Emory and Johns Hopkins University are the latest to make digitized "orphan works" -- those whose copyright holders are not known or reachable -- in their collections available to students, faculty, and authorized users on their campuses. They join the University of Michigan, the University of Wisconsin, and the University of Florida among universities that have opened up their orphan works under the auspices of the educational "fair use" exemption to U.S. copyright law. In the wake of Google's failed attempts to sell access to its massive cache of orphan works, a number of libraries have been working with each other and the Michigan-based HathiTrust Digital Library to identify orphans in their own digital collections and open them up to authorized users for research purposes.

The EFF Reflects On ICE Seizing a TOR Exit Node (Slashdot, 26 August 2011) - "Marcia Hofmann, senior staff attorney at the EFF, gives more information on the first known seizure of equipment in the U.S. due to a warrant executed against a private individual running a Tor exit node. 'This spring, agents from Immigration and Customs Enforcement (ICE) executed a search warrant at the home of Nolan King and seized six computer hard drives in connection with a criminal investigation. The warrant was issued on the basis of an Internet Protocol (IP) address that traced back to an account connected to Mr. King's home, where he was operating a Tor exit relay.' The EFF was able to get Mr King's equipment returned, and Marcia points out that 'While we think it's important to let the public know about this unfortunate event, it doesn't change our belief that running a Tor exit relay is legal.' She also links to the EFF's Tor Legal FAQ . This brings up an interesting dichotomy in my mind, concerning protecting yourself from the Big digital Brother: Running an open Wi-Fi hotspot, or Tor exit node, would make you both more likely to be investigated , and less likely to be convicted , of any cyber crimes." [Editor: OK, I've turned my TOR router back on; already running an open WiFi network.]

Fair Use Face-Off, Canadian Edition (InsideHigherEd, 29 August 2011) - As professors and librarians in the United States await a judge's ruling on a copyright lawsuit by publishers against Georgia State University over its e-reserves practices, a similarly themed battle in Canada has seen a number of high-profile research universities walk out on licensing agreements with that country's major copyright clearinghouse. More than a dozen Canadian universities - including heavyweights such as the University of British Columbia, the University of Calgary and York University - have said they will not renew their agreements with Access Copyright , a government-created nonprofit that sells licenses to its library of copyright-cleared content. The idea of the licenses is to allow professors to include copyrighted works among their course materials without having to ask permission from copyright holders at every turn. But with Access Copyright vying to more than double the fee for its "comprehensive licenses" from $18 to $45 per student, and asking that the organization be allowed to survey their clients' private networks so as to ensure compliance, many universities say they would be happier to drop the clearinghouse licenses and go it alone. The Access Copyright donnybrook and Georgia State lawsuit are unfolding in vastly different legal environments. Canadian copyright law does not include "fair use" exemptions for teaching; its "fair dealing" exemptions provide no special dispensation for educators and only protect scholars who want to make copies for "private study." The standards Access Copyright is using to define "copies" of digital of works - which include storing a copyrighted work on a local device, displaying a copyrighted work on a computer screen, even posting a hyperlink to a copyrighted work without consent - are draconian even compared to the much-ballyhooed standards sought by the publishers suing Georgia State. (And, for obvious jurisdictive reasons, the outcome of each case will not have any legal bearing on the other.) Yet the two cases are similar in that they involve standoffs between copyright clearinghouses - the Georgia State lawsuit is being partially underwritten by the Massachusetts-based Copyright Clearance Center , which plays a similar role stateside as Access Copyright's Canada - that are trying assert themselves in an increasingly digital world, and universities that claim that they are overreaching.

New California Law Prohibits Jurors' Social Media Use (Berkman/CMLP, 1 Sept 2011) - California has adopted a new statute which clarifies that jurors may not use social media and the Internet - such as texting, Twitter, Facebook, and Internet searches - to research or disseminate information about cases, and can be held in criminal or civil contempt for violating these restrictions. The new statute, 2011 Cal. Laws chap. 181 , expands the state's existing jury instructions which currently, at the start of trial and prior to any recesses or breaks, admonish jurors not to discuss the case they are sitting on with each other or anyone else before deliberations. The current instructions make no specific mention of electronic research or communications. The new law also charges court officers to bar jurors from communicating outside the jury room, by electronic or other means, during deliberations. Under the new statute, "willful disobedience by a juror of a court admonishment related to the prohibition on any form of communication or research about the case, including all forms of electronic or wireless communication or research" can be punished as contempt of court, a misdemeanor.

Overreactive Guidance for Social Networking Du Jour -- NLRB Edition (Venkat blog post, 5 Sept 2011) - There has been a steady drumbeat from employment lawyers warning about the increasingly watchful eye of the National Labor Relations Board over so-called "social media terminations"--where a company fires an employee for making a statement about the company on Facebook or Twitter. The NLRB recently issued a report regarding the cases it was involved in. I took a look at the report and was surprised at the types of things the NLRB says that private employers cannot fire employees for. (The report is a quasi-advocacy document. Correction: it does not reflect the views of the NLRB, but those of its General Counsel, who is responsible for prosecuting cases before the NLRB.) Protected activity : Here are a few statements that the NLRB said was "protected activity" and therefore could not justify a firing: (a) salespeople who complained about the quality of snacks furnished by a car dealership-employer at a client event; (b) employees who complained about the employer's tax withholding practices (and the fact that they owed money); (c) social services non-profit's employee who posted that her coworkers did not do enough to help clients; (d) hospital employee who complained about a co-worker's absences; (e) employee who posted a negative remark about a supervisor in response to the supervisor's request for an incident report. Unprotected activity : Here are a few that the NLRB said were not protected activity: (a) posting that a Wal-Mart assistant manager was being a "super mega puta"; (b) Tweets by a journalist that criticized other media outlets and some with sexual content (after being warned); (c) bartender who posted about an employer's tipping policy (in response to a non-employee question); (d) employee who posted on her Senator's wall about government contracts her employer had secured; (e) employee who posted about mentally disabled clients. Overly broad social media policies : The NLRB also offered guidance on when employer social media policies were overly broad: * * * The NLRB's 24 page document purports to provide guidance and promises to be "of assistance to practitioners and human resource professionals," but it left me scratching my head. The report should come with a strong disclaimer that anyone who reads it may find themselves more confused about social media terminations. I get that employees have a right to organize, and employers are prohibited from interfering with the activities of employees which fall into this category, but the report reflects a hyper-nuanced view of what constitutes a complaint about the conditions of someone's employment and what constitutes concerted activity. The report: NLRB Memo - Memorandum OM 11-74 (Aug. 18, 2011) ("Report of the Acting General Counsel Concerning Social Media Cases")

Posting a Privacy Policy May Not Be Enough - NARC to Enforce Industry Principles (InfoLawGroup, 6 Sept 2011) - If your company has a posted privacy policy, it may be a good time to confirm that the cookies, tracking technologies, and other activities currently being used on your web site or sites are still consistent with your existing policy and industry standards. The National Advertising Review Counsel ("NARC") of the Better Business Bureau has recently stated that it will begin enforcing advertising industry privacy principles and publicly naming those companies who either aren't complying with the principles or following their own privacy policies. For the more serious cases, NARC may even refer the matter to the FTC.

Nearly Half of Computer Users Get Software Illegally (Hillicon Valley, 7 Sept 2011) - Nearly half of the world's computer users get most of their software illegally, according to a study released Wednesday by trade group Business Software Alliance. Researchers surveyed 15,000 personal computer users in 32 countries about how they acquire software. They found 47 percent of computer users acquire their software illegally most or all of the time, despite the fact that 71 percent profess support for intellectual property rights. In developing countries, the rates are even higher. In China, an important market for software developers, 86 percent of computer users get most of their software illegally. In Nigeria, the figure is 81 percent. The study found that 34 percent of computer users in the United States acquire their software illegally. According to the study, a majority of the people who acquire their software illegally mistakenly believe the methods are legal.

The Legality of Government Critical Infrastructure Monitoring (Bruce Schneier, 7 Sept 2011) - Mason Rice, Robert Miller, and Sujeet Shenoi (2011), " May the US Government Monitor Private Critical Infrastructure Assets to Combat Foreign Cyberspace Threats? " International Journal of Critical Infrastructure Protection , 4 (April 2011): 3-13. Abstract: The government "owns" the entire US airspaceit can install radar systems, enforce no-fly zones and interdict hostile aircraft. Since the critical infrastructure and the associated cyberspace are just as vital to national security, could the US government protect major assetsincluding privately-owned assetsby positioning sensors and defensive systems? This paper discusses the legal issues related to the government's deployment of sensors in privately owned assets to gain broad situational awareness of foreign threats. This paper does not necessarily advocate pervasive government monitoring of the critical infrastructure; rather, it attempts to analyze the legal principles that would permit or preclude various forms of monitoring.

The Spy Who Tweeted Me: Intelligence Community Wants to Monitor Social Media (Wired, 7 Sept 2011) - A research arm of the intelligence community wants to sweep up public data on everything from Twitter to public webcams in the hopes of predicting the future. The project is the brainchild of the Intelligence Advanced Research Projects Activity, or Iarpa, a relatively new part of the spy community that's supposed to help investigate breakthrough technologies. While other projects exist for predicting political events , the Open Source Indicators program would be perhaps the first that mines data from social media websites. The idea is to use automated analysis to sift through the deluge of publicly available data to help predict significant societal events, like a popular revolution. The nascent project, called "Open Source Indicators," is just the latest move by the national security community to come to grips with the flood of information now available on social media. As Danger Room's Lena Groeger has reported, it's also intended to predict natural disasters or economic disruptions . The science underlying the project is the notion that early indicators of major social upheavals might be hidden in plain, socially-networked sight. "Some of these changes may be indirectly observable from publicly available data, such as web search queries, blogs, micro-blogs, internet traffic, financial markets, traffic webcams, Wikipedia edits, and many others," the announcement, published August 25, says . "Published research has found that some of these data sources are individually useful in the early detection of events such as disease outbreaks, political crises, and macroeconomic trends."

FUN

Our 5 Favorite Lawyer Videos on YouTube (Bitter Lawyer, 7 Sept 2011) - With the launch of YouTube in 2005, lawyers were not far behind in posting cheesy law firm videos. And they continue to post them at an alarming rate, churning out the good, the bad, and the embarrassingly ugly. We recently gave our intern a laptop and a dial-up modem and asked her to search through years of YouTube videos to find the best. The result? Our top five lawyer YouTube videos. While far from perfect, they are definitely full of VHS awesomeness. Enjoy.

LOOKING BACK - MIRLN TEN YEARS AGO

WEB SITES PULL INTELLIGENCE DATA (AP, 4 October 2001) -- Before Sept. 11, you could have visited the Federation of American Scientists' Web site for diagrams and photos of U.S. intelligence facilities. You could have gone to another Web site and learned of gatherings at North Dakota's Minot Air Force Base. And you could have gone online and ordered maps of military installations. No longer. Concerned they could be aiding terrorists, some government and private Web sites have decided to stop sharing quite so much potentially sensitive data. Such measures would not prevent terrorists from turning to libraries or even other Web sites for information that could be useful in attacks. ``But that is not a justification for publishing it in easily accessible ways. Let them work for it," said Steven Aftergood, senior research analyst at the scientists' group. The private organization removed from the Web its research containing locations, building layouts and aerial images of intelligence offices, some unacknowledged by the U.S. government. Also removed were details on nuclear sites abroad. The National Imagery and Mapping Agency suspended online and offline sales of maps of military installations as well as its highest-resolution maps of other U.S. locations. The U.S. Office of Pipeline Safety now restricts its mapping software and pipeline data to industry and government officials, while the Environmental Protection Agency (news - web sites) removed information on chemical plants and their emergency response plans. ``People have a right to know what kinds of risks there are, but unfortunately terrorists are people, too," said Jim Makris, the EPA's emergency coordinator. The reports are still available in EPA reading rooms, but Makris said identification is required. http://dailynews.yahoo.com/h/ap/20011003/tc/attacks_net_censorship_4.html

IP PHONE CALLS ARE SHAKING UP THE TELECOM INDUSTRY One in 33 voice phone calls were transmitted via the Internet last year, and traditional telecom companies are beginning to sit up and take notice. IP (Internet protocol) telephony has made great strides in the last couple of years, eliminating most of the clunky technical features that relegated it to second-tier status. Currently, most user-friendly Internet calling services provide callers with a local access number. The caller dials that number to get a second dial tone, and then completes his or her phone call, using a personal access code. The International Telecommunication Union estimates that by 2004, up to 40% of all international telephone traffic will be Internet-based. "Price and cost savings are driving the market," says ITU official Tim Kelly. An ITU survey found the cost of a one-minute call from the U.S. to Australia over a traditional phone line cost 17 cents, but the price dropped to 8 cents through a Net-based service. (Hollywood Reporter 7 Mar 2001) http://www.hollywoodreporter.com/

NOTES

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. BNA's Internet Law News, http://ecommercecenter.bna.com

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. Readers' submissions, and the editor's discoveries.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose.