Saturday, December 01, 2012

MIRLN --- 11-30 November 2012 (v15.16)

MIRLN --- 11-30 November 2012 (v15.16) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | PODCASTS | LOOKING BACK | NOTES

Annual Incident Report 2011 (European Network & Information Security Agency, 11 Oct 2012) - For the first time in the EU, in spring 2012, national reports about security incidents were provided to ENISA and the European Commission, under Article 13a of the Framework Directive (2009/140/EC). This is a new article in the EU legal framework for electronic communications. In this new ENISA document, we analyse the 51 received incident reports, dealing with severe outages of electronic communication networks or services. ENISA will publish a similar overview and analysis, yearly, following subsequent rounds of annual summary reporting by the NRAs in the EU Member States. The next report will be published in spring 2013, and will summarize and analyse incidents that occurred in 2012. Full report (in English) here .

top

Megaupload Case Has Far-Reaching Implications for Cloud-Data Ownership Rights (Wired, 7 Nov 2012) - There's more at stake in the Megaupload case than the freedom of founder Kim Dotcom and his indicted file-sharing associates. The privacy and property rights of its 60 million users are also in jeopardy, as well as the privacy and property rights of anyone who stores data in the cloud, according to the Electronic Frontier Foundation, which is representing one of Megaupload's users in a lawsuit against the government that could set a precedent for cloud users in general. A hearing on the issue in Virginia federal court is expected to be set any day. The problem lies in the fact that there is currently no clear process for owners to retrieve property that federal prosecutors effectively seized when they shuttered the file-sharing and cyberlocker service last January over issues of alleged copyright infringement. And even if a system is put in place for users to get back their files, it's likely the data would first need to be reviewed by the government or a third party to determine if any of the data infringed copyrights, says EFF attorney Julie Samuels, because the government would oppose returning such data to account holders. [A]fter EFF filed papers on behalf of Kyle Goodwin, an Ohio man whose property was seized in the Megaupload case, a judge tentatively blocked the hosting company from deleting data and ordered the government, Dotcom's legal counsel and EFF to come up with suggestions about how to return property to Megaupload users, if at all.

top

RIM Good for Secret Jobs: BlackBerry 10 Cleared for Restricted Data (The Register, 8 Nov 2012) - BlackBerry 10 has passed the US Federal Information Processing Standard (FIPS) certification, meaning devices based on the platform can be used to send classified data between government agents. Despite a drop in US government uptake of its kit, this is still something unique to RIM. Apple and Android have both made huge strides in security, but only RIM has ever managed to get a mobile platform through the FIPS 140-2 process, which is managed by National Institute of Standards and Technology and recognised by the US and Canadian governments. The classification permits the transit of documents up to "restricted" level, so RIM's devices will be turning up in some halls of power, if not all of them.

top

The Ethics of Facebook-Stalking University Applicants (Rey Junco, Berkman, 8 Nov 2012) - Recently, Kaplan Test Prep released data from a survey showing how college admissions officers check applicant profiles in order to make admissions decisions . This isn't a new phenomenon: since 2008, I've been answering questions about whether residence life, judicial affairs, and other university departments should monitor their students' Facebook accounts. Here are some reasons why I think such evaluations of applicant Facebook profiles is unethical * * * [Polley: interesting; applicable to employers' social media review procedures, too.]

top

"Involuntary Porn" Site Tests the Boundaries of Legal Extortion (ArsTechnica, 13 Nov 2012) - In the era of Polaroid cameras, you didn't have to worry too much about a racy snapshot you took in the privacy of your bedroom becoming available to the general public. But thanks to the rise of digital cameras and the Internet, that's now a real risk. Hackers, disgruntled exes, and other vindictive individuals who gain access to your compromising digital snapshots can share them with the world with a single click. Recently, a number of websites have sprung up to cash in on the public humiliation of others. One of the first such sites was IsAnyoneUp, which solicited nude pictures of ordinary Americans submitted by third parties. To maximize the humiliation, the photos were posted along with identifying details such as name and home town. The site's owner, Hunter Moore, reportedly raked in thousands of dollars a month in advertising revenue, and he made the rounds on television talk shows defending his site. Moore finally shuttered the site earlier this year, but others have jumped in to fill the sordid niche he pioneered. One such site is the creatively named IsAnybodyDown. Like the original, it features naked pictures of ordinary Americans, generally submitted without the subjects' consent, as well as personal information such as their names, hometowns, phone numbers, and screenshots of their Facebook pages. If you think IsAnyoneUp couldn't be any sleazier, then IsAnybodyDown's seems determined to prove you wrong. A link on IsAnybodyDown reading "Get Me Off This Site!" leads to the website of "Takedown Hammer," an "independent third party team" that, for a modest fee of $250, will "issue a successful content removal request on your behalf." It brags of 90 successful removals from IsAnybodyDown.com. It seems pretty obvious that "Takedown Hammer" isn't actually independent of IsAnybodyDown. Indeed, copyright and First Amendment attorney Marc Randazza has found circumstantial evidence that IsAnybodyDown and Takedown Hammer are, in fact, both owned by a man named Craig Brittain. [Polley: see also The Guy Behind Two 'Revenge Porn' Sites Says Government Protects His Work (Business Insider, 29 Nov 2012)]

top

Establishment Opens Door for MOOCs (InsideHigherEd, 14 Nov 2012) - The clearest path to college credit for massive open online courses may soon be through credit recommendations from the American Council of Education (ACE), which announced Tuesday that it will work with Coursera to determine whether as many as 8-10 MOOCs should be worth credit. The council is also working on a similar arrangement with EdX, a MOOC-provider created by elite universities. The Bill & Melinda Gates Foundation is funding that effort as part of $3 million in new, wide-reaching MOOC-related grants, including research projects to be led by ACE , the Association of Public and Land-grant Universities (APLU) and Ithaka S+R, a research group that will team up with the University System of Maryland to test and study the use of massive open online courses across the system. Until now, MOOCs have been a source of fascination mostly because they make teaching by top-notch professors at prestigious universities free and available on the Internet to students anywhere, including in developing countries. Most MOOCs from high-profile providers such as Coursera, EdX, Udacity and Udemy feature upper-division material aimed at students looking to hone their skills or who are merely curious. Tuesday's rollout, however, helps open the door to the courses' use by credit-seeking students, particularly the growing adult student market. And the new round of grantees includes 10 institutions that the Gates Foundation has tapped to develop introductory and remedial courses, which often trip up low-income and first-generation college students. Perhaps most importantly, Tuesday's announcements signal that traditional higher education (represented by ACE and APLU) and Gates, the primary force behind the national college "completion agenda," both believe in the disruptive potential of MOOCs.

top

Terrorist Attack on Power Grid Could Cause Broad Hardship, Report Says (NYT, 14 Nov 2012) - Terrorists could black out large segments of the United States for weeks or months by attacking the power grid and damaging hard-to-replace components that are crucial to making it work, the National Academy of Sciences said in a report released Wednesday. While the report is the most authoritative yet on the subject, the grid's vulnerability has long been obvious to independent engineers and to the electric industry itself, which has intermittently tried, in collaboration with the Department of Homeland Security, to rehearse responses. Of particular concern are giant custom-built transformers that increase the voltage of electricity to levels suited for bulk transmission and then reduce voltage for distribution to customers. Very few of those transformers are manufactured in the United States, and replacing them can take many months. The National Academy of Sciences report mainly refers to less sophisticated attacks but also warns of cyberattacks or infiltration of the grid's transmission operators. "Even a few pernicious people in the wrong place are a potential source of vulnerability," it said. The report was completed in 2007, and after reviewing it, the Department of Homeland Security decided to classify its contents. The version released on Wednesday is redacted to avoid handing terrorists a "cookbook" on how to disrupt the grid, the report said.[Polley: thanks to @RolandTrope for this story]

top

Email Users Can't Count On Privacy Protections (WSJ, 14 Nov 2012) - One of the lessons from the unfolding case of the former director of the Central Intelligence Agency, David Petraeus, is that privacy protections for even the most sophisticated users of consumer-email services actually protect very little. In response to a Florida woman's complaints that she had received threatening emails, the Federal Bureau of Investigation gained access to the emails of Paula Broadwell, a writer who allegedly set up Gmail accounts under aliases to conduct an affair with Mr. Petraeus. To do so, the FBI received search warrants from a judge, according to U.S. officials. But other clues in the FBI investigation could be garnered without a warrant in an era when personal communication has shifted to centralized websites like Google Inc. and Facebook Inc., where messages rarely get truly deleted and all online communications carry a number of digital footprints. The U.S. and foreign governments now make a regular habit of seeking data about people from Internet giants, and those requests are on the rise. Google, one of the few tech companies that discloses details about the requests, this week said that in the first half of 2012, it received 7,969 such requests from U.S. authorities-nearly 34% more than it received in the first half of 2011. Google said it complied with 90% of those requests. In the U.S., the Fourth Amendment requires government agents to obtain a warrant from a judge before searching physical property. But under a 1986 law, the Electronic Communications Privacy Act, or ECPA, a warrant isn't typically required to access emails older than six months old because they are considered to be "abandoned."

top

- and -

When Will our Email Betray Us? An Email Privacy Primer in Light of the Petraeus Saga (EFF, 14 Nov 2012) - The unfolding scandal that led to the resignation of Gen. David Petraeus, the Director of the Central Intelligence Agency, started with some purportedly harassing emails sent from pseudonymous email accounts to Jill Kelley. After the FBI kicked its investigation into high gear, it identified the sender as Paula Broadwell and, ultimately, read massive amounts of private email messages that uncovered an affair between Broadwell and Petraeus (and now, the investigation has expanded to include Gen. John Allen's emails with Kelley). We've received a lot of questions about how this works-what legal process the FBI needs to conduct its email investigation. The short answer? It's complicated. * * * Compared to identifying information, ECPA provides more legal protection for the contents of your email, but with gaping exceptions. While a small but increasing number of federal courts have found that the Fourth Amendment requires a warrant for all email, the government claims ECPA only requires a warrant for email that is stored for 180 days or less. But as the Department of Justice Manual for searching and seizing email makes clear, the government believes this only applies to unopened email. Other email is fair game with only a subpoena, even if the messages are less than 180 days old. According to reports, Petraeus and Broadwell adopted a technique of drafting emails, and reading them in the draft folder rather than sending them. The DOJ would likely consider draft messages as "opened" email, and therefore not entitled to the protection of a search warrant. In a nutshell, although ECPA requires a warrant for the government to obtain the contents of an email stored online for less than 180 days, the government believes the warrant requirement doesn't apply for email that was opened and left on the server - the typical scenario for webmail systems like Gmail - even if the messages are less than 180 days old. So, under the government's view, so long as the emails had been opened or were saved in the "drafts" folder, only a subpoena was required to look at contents of Broadwell's email account. * * * [Polley: there's more here, and worth parsing.]

top

Google Will Not be Prosecuted for Street View Wi-Fi Sniffing in Germany (ComputerWorld, 15 Nov 2012) - The public prosecutor in Hamburg has decided not to start a criminal investigation into the way Googles' Street View cars gathered data from unencrypted Wi-Fi networks in Germany, the lawyer who requested the inquiry said Thursday. In 2010 Google acknowledged that its Street View cars collected data such as MAC addresses and SSIDs (service set identifiers) as well as personal payload data from Wi-Fi networks. Payload data can include email, passwords and medical data. The public prosecutor's office said it cannot pursue a criminal investigation into Google's Street View Wi-Fi sniffing. The prosecutor's office was unable to find any violation of criminal standards by Google in the way the company stores SSIDs, MAC addresses or payload data, it said in a letter sent *** on Thursday.

top

Seattle's 'Creepy Cameraman' Questions Our Comfort With Being Watched (Seattle Times, 18 Nov 2012) - At first, University of Washington professor Odai Johnson thought it was some art student's prank. One day last summer, right in the middle of class, a young man opened the door, stuck in a camera and began filming. Johnson asked him to leave. He refused. Johnson closed the door on him. He re-entered. All the while, Johnson's drama students looked unsure and nervous, frozen in a state of unease. "I confronted the man and told him his actions were an intrusion into our space, that he had no permission to insert himself and his camera and take whatever images he was gathering for whatever uses pleased him," Johnson told me over email. He "never stated his reasons, never asked for cooperation or permission. Just pointed and aimed and shot." You can see the whole exchange yourself on YouTube, where the cameraman - whoever he is - has posted video of this and other, similar confrontations with unwilling subjects around Seattle. A shopper leaving a store by Almvig's. A man on his cellphone outside a University Village Starbucks. A cab driver who, taking a wild guess as to why a camera is in his face, blurts, "I'm white! I'm not an African driver!" When asked what he's doing, the cameraman says he's "taking a video." When asked why, he says, "Why not?" When told he doesn't have permission, he says, "Oh, OK" and, to his subjects' confusion, irritation and rage, keeps filming. Is this a social experiment or some jerk having fun? Commenters are giving mixed reviews, calling the videos everything from horrific to hilarious, and their creator everything from a moron to a genius. Let's start with what's legal. I was struck, watching the videos, by the rights people think they have. Apart from the classrooms, a Scientology building and what appears to be a community center, the cameraman films in public. "This is America and I have a choice that you do not take a picture of me," a woman from a research institute tells him. But they're on the sidewalk. Her only choice is to walk away. Renowned Seattle science fiction author Neal Stephenson has been called a technology prophet for predicting in his 1992 classic, "Snow Crash," so much of what gadgets and the Web would make possible. In the book, characters called "gargoyles" walk around in special suits that let them record and upload everything around them, permission be damned. On a panel at the school just last month, University of Washington law professor Ryan Calo talked to Stephenson about the implications of his latest book - "REAMDE." Calo has his own fascination with the intersection of privacy and surveillance. As it stands, privacy law can do nothing about the creepy cameraman or the pervasive public surveillance he seems to represent. But what if the law changed? That may seem counterintuitive when technology is bursting our lives wide open, and the advice from experts is to be aware of it and deal with it. But Calo cited a recent Supreme Court case involving the use of a GPS tracking device in which five justices expressed concern over continuous surveillance. He thinks change can happen. I think he might be right.

top

Fourth Amendment Implications of Using "Moocherhunter" To Locate the User of An Unsecured Wireless Network (Volokh Conspiracy, Orin Kerr, 19 Nov 2012) - In United States v. Stanley, 2012 WL 5512987 (W.D.Pa. Nov. 14, 2012) (Conti, J.) , the district court evaluated a novel Fourth Amendment question: Does tracing the location of a user of an unsecured wireless network constitute a Fourth Amendment search? The court's answer: No. In this case, a Pennsylvania state police officer investigating the distribution of child pornography over peer-to-peer software learned that a computer at a particular IP address was sharing images of child pornography. The investigator, Erdley, obtained a search warrant to search the home associated with the IP address. The search was unsuccessful, however, and Erdley concluded that someone nearby was using the wireless connection from the home that had been left unsecured. With the consent of the homeowner, Kozikowski, Erdley used a software program called "Moocherhunter" to find the physical location of the individual who was accessing the network. Moocherhunter works by measuring the distance between the wireless router and the computer connecting to it: By moving the antenna of the wireless router, and knowing the MAC address of the computer connected to the wireless router, Erdley was able to trace the location of the computer connecting to the wireless router to a specific apartment. Erdley then obtained a search warrant and searched the apartment, finding child pornography on the computer of the defendant, Richard Stanley. The District Court ruled that use of Moocherhunter was not a search under Smith v. Maryland, 442 U.S. 735 (1979): Based upon Smith's rationale, the court finds Stanley did not have a legitimate expectation of privacy in the wireless signal he caused to emanate from his computer to the Kozikowski wireless router or in the signal being sent from the router back to his computer, and therefore, Erdely's use of Moocherhunter™ did not constitute a search in violation of the Fourth Amendment. Stanley argued that Moocherhunter was like the thermal imager in Kyllo v. United States, 533 U.S. 27 (2001), but the district court disagreed.

top

Engaging Facebook Friends Doesn't Violate Non-Solicitation Clause (Eric Goldman, 19 Nov 2012) - This case involves an employer's attempt to enforce a non-compete and a non-solicitation clause against a hair stylist. I'm especially interested in the court's discussion about the non-solicitation clause--a provision that might even be enforceable in California. From the court's distillation, it seems like the employer overreached quite a bit here, such as with this example: Four days after Ms. DiFonzo resigned from Invidia, David Paul Salons, her new employer, posted a "public announcement" on Ms. DiFonzo's Facebook page, noting DiFonzo's new affiliation with David Paul....In the comment section below that post, Ms. Kaiser [a hair salon customer] posted a comment which said, "See you tomorrow Maren [DiFonzo]!" See anything remotely resembling a solicitation here? Fortunately, the court doesn't either. Cf. Enhanced Network Solutions v. Hypersonic Technologies. The former employer next argued "Ms. DiFonzo has become Facebook 'friends' with at least eight clients of Invidia." Overall, having hair salon employees develop social media connections with customers sounds like a positive thing as it's likely to improve customer loyalty. For example, if customers are disloyal to their hair stylist and post photos of their new haircuts, they will be outing themselves to their hair stylist. And if the hair salon employee and the customer are bona fide friends (not the fake form of friendship so rampant on Facebook), then that relationship isn't "owned" by anyone.

top

Modria Launches A "Fairness Engine" For Online Dispute Resolution (TechCrunch, 19 Nov 2012) - Earlier this morning, we got an email from a lady whose account was mistakenly charged a few times too many by an online pet food store. There is little we can do about that, but it's a clear sign that even today, resolving those kinds of online disputes is still hard. Modria wants to change this with the help of its Fairness Engine . The privately funded company, which was founded in 2011, says that its cloud-based service helps "all parties involved in an online dispute to the table quickly and lets them arrive at an equitable solution that helps save costs and increase brand loyalty." The team behind the service already helped companies like eBay and PayPal solve more than 400 million cases. Indeed, Modria founder and CEO Colin Rule spent eight years as the Director of Online Dispute Resolution for eBay and PayPal. Modria helps businesses flag and diagnose customer issues and knows enough about the legal technicalities behind these problems to speed up the negotiation process. The tool uses four different modules for diagnosis, negotiation, mediation and arbitration.

top

Corbis and the Public Domain (MLPB, 20 Nov 2012) - Tanya Asim Cooper, University of Alabama School of Law, has published Corbis & Copyright?: Is Bill Gates Trying to Corner the Market on Public Domain Art? in volume 16 of the Intellectual Property Law Bulletin (2011). Here is the abstract. Art has the power to stir our emotions, evoke a physical response, and transport us to a different world. It can inspire and transform us. For all of those precious qualities, the public relies upon knowing that once the artist's exclusive rights to the artwork elapse, the "art must ultimately belong to us all." The notion that artwork eventually belongs to the public is paramount because art, like books and music, represents a collective experience that helps define what it means to be human. Thus, once the artist has enjoyed her exclusive rights to that art, it should belong to no one individual, but to everyone. This article argues that Corbis's copyright claim in its digitized reproductions of public domain art is suspect and concludes by discussing the ramifications for the public domain when Corbis asserts copyright protection for its public domain digital copies. Given the power and influence that Bill Gates and his company Corbis have on the market for public domain art, it behooves the public to be aware of this issue.

top

Navigating the Legal Pitfalls of Augmented Reality (Mashable, 21 Nov 2012) - The power of AR, particularly for marketers, is its ability to overlay highly relevant, timely and interactive data about specific products or services within a user's live physical environment. For example, companies are using AR to transform home or online shopping by bringing to life static, two-dimensional images ― see Ikea's 2013 catalog and Phillips TV Buying Guide mobile app ― or leveraging geolocational data to augment users' real-world retail experiences with instant data on pricing, reviews or special discounts (such as IBM's personal shopping assistant ). If you're considering whether to add an AR app to your marketing mix, be aware that traditional advertising law principles still apply, and that both federal and state regulators are keeping a watchful eye on AR's potential impact on consumer privacy. A unique aspect of AR is that it allows retailers to give online or mobile shoppers a realistic, up-close, three-dimensional or enhanced view of their products prior to purchase (think virtual dressing rooms ). If your AR app is used to promote or drive sales for a particular product, be sure to avoid overstating or exaggerating the features, functions or appearances of the product, or leaving out material information that could sway the consumer's purchasing decision. In September, the Federal Trade Commission (FTC) published a marketing guide for mobile app developers. It clarifies that long standing truth-in-advertising standards apply in the virtual world to the same extent as in the real world. The key takeaway: Disclosures must be clear and conspicuous. That is, you should look at your app from the perspective of the average user and ensure that disclosures are big and clear enough so that users actually notice them and understand what they say. Another rule of thumb is to keep your disclosures short and simple, and use consistent language and design features within your app. Before launching your app, carefully consider how best to make necessary disclosures visible and accessible in the AR context. You can expect more guidance on disclosures in the near future when the FTC releases its updated Dot Com Disclosures Guide .

top

Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act (SSRN; University of Amsterdam, 27 Nov 2012) - Abstract: Institutions have started to move their data and ICT operations into the cloud. It is becoming clear that this is leading to a decrease of overview and control over government access to data for law enforcement and national security purposes. This report looks at the possibilities for the U.S. government to obtain access to information in the cloud from Dutch institutions on the basis of U.S. law and on the basis of Dutch law and international co-operation. It concludes that the U.S. legal state of affairs implies that the transition towards the cloud has important negative consequences for the possibility to manage information confidentiality, information security and the privacy of European end users in relation to foreign governments.

top

Pinterest's Accounts and Terms of Service for Businesses and their Potential Impact on Sweepstakes, Contests, and Other Promotions (Information Law Group, 27 Nov 2012) - On November 14, 2012, Pinterest, Inc. revamped the Terms of Service ("Terms") for Pinterest.com ("Pinterest") and created new business only accounts ("Business Accounts") to be governed by the site's new Business Terms of Service ("Business Terms"). Although commercial use of the service was always encouraged by Pinterest, its Acceptable Use Policy and prior versions of its Terms of Service seemingly prohibited commercial use of the service. The creation of Business Accounts makes clear that commercial activity is not only encouraged, but explicitly allowed on Pinterest. The new features available for Business Accounts include: * * * The primary impetus for the creation of Business Accounts appears to be a means of providing guidance on how to best use Pinterest to advertise your brand (see Pinterest's document which explains how to maximize Pinterest features to your brand's advantage). There is, however, limited guidance on what you can and cannot do on the service or when referencing Pinterest in marketing materials (also, Pins from Business Accounts are still subject to Pinterest's Acceptable Use Policy and Pin Etiquette Policy ). Pinterest provides this guidance in its new Logos, Trademarks and Marketing Guidelines .

top

YouTube Expands Captioning for Six New Languages (Washington Post, 28 Nov 2012) - YouTube announced Wednesday that it is expanding support for its automatic captioning service for six European languages. The company said that its service will now display captions in German, Italian, French, Portuguese, Russian and Dutch. That brings the total number of languages up to 10: YouTube already generates automatic captions for English, Japanese, Korean and Spanish. As with the current languages, viewers will be able to see the captions by clicking the "CC" button in the lower right-hand corner of eligible videos. The company provides the auto-captions as a baseline transcript of what's going in its videos. However, since speech recognition technology isn't perfect, it also provides editing tools to improve the quality of the captions on its site. Content creators can download their automatic captions to edit them or do so right on YouTube videos. They can also upload their own scripts or transcripts to sync with videos on the site. Those interested in captioning their videos can use free sites and services to generate transcripts. The deaf community advocacy group, Telecommunications for the Deaf and Hard of Hearing, Inc. has a list of resources for people looking for online captioning tools and information.

top

Online Rain: Survey Says a Virtual Presence May Pay (ABA Journal, 28 Nov 2012) - The ABA's 2012 Legal Technology Survey Report documents some good news from survey respondents who use Web 2.0 services in their practices-double-digit percentages reported they had clients who retained them directly or via referral as a result of the lawyers' use of online services. Results from the last three years of survey reports show (in the main) continued growth in the number of positive responses to questions about gaining clients through the use of blogs; social networks including Avvo, Facebook, LawLink, Legal OnRamp, LinkedIn, Martindale-Hubbell Connected and Plaxo; and microblogs like Twitter. Among the many other details in the six-volume study, 50 percent of respondents who blog reported spending less than one hour a week maintaining their legal- topic blogs. [Polley: @edadams reports " 11% of lawyers get business from Twitter, up from 0% 2 years ago. "]

top

Unsubscribe Confirmation Texts Get FCC OK (Benton Foundation, 29 Nov 2012) - The Federal Communications Commission granted a request by SoundBite Communications, Inc. (SoundBite) and confirm that sending a one-time text message confirming a consumer's request that no further text messages be sent does not violate the Telephone Consumer Protection Act (TCPA) or the FCC's rules as long as the confirmation text has the specific characteristics described in the petition. The ruling will allow organizations that send text messages to consumers from whom they have obtained prior express consent to continue the practice of sending a final, one-time text to confirm receipt of a consumer's opt-out request-a widespread practice among businesses, non-profit organizations, and governmental entities, which many parties in this proceeding, including a consumer group, assert is good consumer policy. The FCC emphasized that the ruling applies only when the sender of text messages has obtained prior express consent, as required by the TCPA and Commission rules, from the consumer to be sent text messages using an automatic telephone dialing system or "autodialer." The ruling ensures that wireless consumers will continue to benefit from the TCPA's protection against unwanted autodialed texts, while giving them certainty that their opt-out requests are being successfully processed.

top

Official Syrian Web Sites Hosted in U.S. (NYT, 29 Nov 2012) - Even as Syrians lost access to the Internet on Thursday, people outside the country could still browse the Syrian government's many Web sites for much of the day because they are hosted in foreign countries, including the United States. By nightfall, after being contacted by The New York Times, several host companies said they were taking down those sites. They and similar companies had been identified in reports published by Citizen Lab, a research laboratory that monitors North American Web service providers that host Syrian Web sites. For example, the Web site of SANA, the Syrian state news agency, is hosted by a Dallas company, SoftLayer Technologies. It is one of a handful of Internet providers based in the United States that sell their services, often unknowingly, to Web sites operated by the government of President Bashar al-Assad. HostDime.com in Orlando, Fla., hosts the Web site of Syria's Ministry of Religious Affairs. Jumpline.com hosts the site of the country's General Authority for Development. The government of Hama, a city that has seen heavy clashes between rebels and government troops, operated its Web site through WeHostWebSites.com in Denver. An executive order by President Obama prohibits American companies from providing Web hosting and other services to Syria without obtaining a license from the Treasury Department. On Thursday, State Department officials confirmed that providing the services was a violation of the United States sanctions. "Our policies are designed to assist ordinary citizens who are exercising their fundamental freedoms of expression, assembly and association," a spokesman, Mark C. Toner, said.

top

Patent Prosecutors Licensing of Copyrights for Prior Art Submissions (Patently-O, 29 Nov 2012) - The Copyright Clearance Center (CCC) is a collective agent for many copyright holders and serves as a one-stop-shop for folks to license copyrights for use. CCC offers licenses to many (perhaps most) of the academic publications (non-patent literature) submitted to the USPTO under the Rule 56 duty of disclosure. In recent years, CCC has implemented a buffet license approach that allows a business to use their entire catalog for a fixed negotiated price. Until recently, few patent law firms have seen any copyright infringement risk associated non-patent prior art because the copies are most typically obtained from a licensed database and the submission to the PTO and file-copies are both likely fair use and therefore would not constitute copyright infringement. Thus, most firms have developed their its patent prosecution practices with an implicit belief that its prosecution related uses of scientific journal articles are noninfringing uses of the articles. In the spring of 2012, the publisher John Wiley began suing patent law firms - taking the contrary view that (1) making file copies; (2) sharing copies with clients; and (3) submitting copies to the USPTO each constitute actionable copyright infringement. These lawsuits are ongoing. The CCC license would allow both internal copying and submitting copies to the USPTO, although it does not allow the sharing copies with clients. Of course, these actions were all previously thought to be fair use. Professor Jamie Boyle has an interesting essay from 2007 discussing the problems with this license. His main point is that once we start paying for fair use material it stops being fair use going forward and moves toward a "culture of permission" that, in his view, is normatively bad. * * * [Polley: interesting discussion; I had dealings with CCC for my corporate employer some time ago.]

top

The Mosaic Theory of the Fourth Amendment (Volokh Conspiracy, Orin Kerr, 29 Nov 2012) - The Michigan Law Review has posted the final version of my latest article, The Mosaic Theory of the Fourth Amendment, 111 Mich. L. Rev. 311 (2012) , on its website. Here's the abstract: In the Supreme Court's recent decision on GPS surveillance, United States v. Jones, five justices authored or joined concurring opinions that applied a new approach to interpreting Fourth Amendment protection. Before Jones, Fourth Amendment decisions had always evaluated each step of an investigation individually. Jones introduced what we might call a "mosaic theory" of the Fourth Amendment, by which courts evaluate a collective sequence of government activity as an aggregated whole to consider whether the sequence amounts to a search. This Article considers the implications of a mosaic theory of the Fourth Amendment. It explores the choices and puzzles that a mosaic theory would raise, and it analyzes the merits of the proposed new method of Fourth Amendment analysis. The Article makes three major points. First, the mosaic theory represents a dramatic departure from the basic building block of existing Fourth Amendment doctrine. Second, adopting the mosaic theory would require courts to answer a long list of novel and challenging questions. Third, courts should reject the theory and retain the traditional sequential approach to Fourth Amendment analysis. The mosaic approach reflects legitimate concerns, but implementing it would be exceedingly difficult in light of rapid technological change. Courts can better respond to the concerns animating the mosaic theory within the traditional parameters of the sequential approach to Fourth Amendment analysis.

top

Insurance Coverage for Data Breach Claims (The Corporate Counselor, Nov 2012) - The risk of a data breach is not limited to financial institutions or businesses engaged exclusively in e-commerce. Any business that accepts credit cards as a form of payment, which includes practically every business on earth, is at risk. In fact, smaller-sized brick and mortar business are frequently targets of hackers who assume, rightly or wrongly, that such businesses lack the ability to detect and prevent theft of customer data. Like any potentially catastrophic problem, insurance can be at least a partial solution. This article examines insurance coverage for data breaches. In-house counsel may be surprised to learn that coverage for data breaches is not limited to specialty policies, and can often be found under standard CGL or property insurance policies. Any time a potential data breach occurs, it is essential for an insured to consider all forms of insurance that it carries and to provide prompt notice to its insurer(s) of any policy that even potentially could apply.

top

Who's Tracking Your Reading Habits? An E-Book Buyer's Guide to Privacy (EFF, 29 Nov 2012) - The holiday shopping season is upon us, and once again e-book readers promise to be a very popular gift. Last year's holiday season saw ownership of a dedicated e-reader device spike to nearly 1 in 5 Americans, and that number is poised to go even higher. But if you're in the market for an e-reader this year, or for e-books to read on one that you already own, you might want to know who's keeping an eye on your searching, shopping, and reading habits. As we've done since 2009, again we've taken some of the most popular e-book platforms and combed through their privacy policies for answers to common privacy questions that users deserve to know. In many cases, these answers were frustratingly vague and long-winded. In nearly all cases, reading e-books means giving up more privacy than browsing through a physical bookstore or library, or reading a paper book in your own home. Here, we've examined the policies of Google Books , Amazon Kindle , Barnes & Noble Nook , Kobo , Sony , Overdrive , Indiebound , Internet Archive , and Adobe Content Server for answers to the following questions:

  • Can they keep track of searches for books?

· Can they monitor what you're reading and how you're reading it after purchase and link that information back to you? Can they do that when the e-book is obtained elsewhere?

· What compatibility does the device have with books not purchased from an associated eBook store?

· Do they keep a record of book purchases? Can they track book purchases or acquisitions made from other sources?

· With whom can they share the information collected in non-aggregated form?

· Do they have mechanisms for customers to access, correct, or delete the information?

· Can they share information outside the company without the customer's consent?

top

French CNIL Publishes English Language Compliance Guides (Hogan Lovells, 30 Nov 2012) - France's data protection authority, the Commission Nationale de l'Informatique et des Libertés (CNIL), released on November 14, 2012 English-language versions of its compliance guides for businesses. The first guide, "Methodology for Privacy Risk Management" , provides step-by-step guide for identifying risks and prioritising remedial actions. The second guide, " Measures for the Privacy Risk Treatment ", provides practical guidance on issues such as data deletion, anonymisation, encryption, providing right of access to data subjects, handing data breaches, and protecting against cyber attacks. This second guide provides useful ross-references to security standards published by the French agency for computer security, the ANSSI .

top

NOTED PODCASTS

How to Make Your Research Open Access (Whether You're at Harvard or Not) (Berkman, 23 Oct 2012, 63 minutes) - How do you make your own work open access (OA)? The question comes up from researchers at schools with good OA policies (like Harvard and MIT) and at schools with no OA policies at all. We invite you to join Peter Suber and Stuart Shieber of the Harvard Open Access Project, the Berkman Center community, and Office for Scholarly Communication in an open forum on the Harvard OA policies, concrete steps for making your work OA, and questions on any aspect of OA, especially from the perspective of publishing researchers. [Polley: pretty interesting stuff, with implications for the ABA's publishing strategies. The discussion about Reed Elsevier's default rule on republishing/deposit was pretty surprising to me, and the idea of publishing fee impositions on the author , as a way to pay the bills, was interesting.]

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

PHILIPS SAYS COPY-PROTECTED CDS HAVE NO FUTURE (Head-Fi, 2 Jan. 2002) -- Philips, the inventor of the Compact Disc, does not expect controversial attempts by the music industry to introduce CD "copy protection" technologies to last very long, because of consumer complaints. Philips is opposed to the use of copy protection systems. The technology is designed to stop CDs playing or being copied on personal computers but it can also prevent them from playing on many normal systems. As inventor of the CD standard and the industry's licensing body, Philips could refuse to license such copy protected discs as genuine CDs, or pursue some other legal obstruction to the practice. But Gary Wirtz, general manager of the Philips Copyright Office at its headquarters in the Netherlands, believes that copy protection technology will fail all by itself. "Any kind of legal action would take years and we don't expect these [discs] to last that long," Wirtz told New Scientist. "At the moment we are trying to reason with people rather than sue them." Wirtz believes that consumer complaints should put music companies off the technique. He adds: "It's not going to work, because any hacker can still make copies. It's only going to effect legitimate consumers and we know there have already been considerable complaints."

top

E-MAIL OVERLOAD IS A MYTH, STUDY SAYS (Washington Post, 9 Dec 2002) -- Most American workers are not -- repeat not -- overwhelmed by stuffed e-mail inboxes or vast amounts of spam, according to a new study that contradicts conventional wisdom that e-mail has become a major burden on people's lives. About 60 percent of workers surveyed for the study by the Washington-based Pew Internet & American Life Project said they receive an average of 10 or fewer messages per day. Pew's conclusions, however, do not match the findings of other organizations that study Internet use. "It makes no sense to me," said Maurene C. Grey, research director of Gartner Inc., a research firm in Stamford, Conn. "We've found workers are extremely overloaded. My gut reaction was who in the world were they interviewing? I would seriously question the results of that study." http://www.washingtonpost.com/wp-dyn/articles/A24684-2002Dec7.html [Editor's note (2002): Time travel -- that's the only explanation. Pew somehow interviewed email users in 1996.]

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. The Benton Foundation's Communications Headlines

11. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

Posted by at No comments:

Saturday, November 10, 2012

MIRLN --- 21 October – 10 November 2012 (v15.15)

MIRLN --- 21 October - 10 November 2012 (v15.15) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

permalink

NEWS | PODCASTS | RESOURCES | FUN | LOOKING BACK | NOTES

Cyberattacks in U.S. Cost an Average $8.9 Million Annually to Clean Up, Study Says (Network World, 8 Oct 2012) - According to a survey of 56 corporate and governmental organizations conducted by the Ponemon Institute, the average amount they paid for all the costs associated with cyberattacks was $8.9 million during the past year. That's up 6% from the previous year's study. And for the first time, Ponemon expanded the survey to other countries, including the United Kingdom, Germany, Australia and Japan. Costs ascribed to cyberattacks in those locales was significantly lower: $5.9 million in Germany and $5.1 million in Japan, for example. The study, sponsored by HP Enterprise Security, offers some explanation for why the U.S. cybercrime figure is far higher. "We found that U.S. companies were much more likely to experience the most expensive types of cyber attacks, which are malicious insiders, malicious code and web-based incidents," the report says. In the U.K. and Australia, where cybercrime costs per year were $3.2 million and $3.3 million respectively, denial-of-service attacks were more commonplace. German companies were the least likely to experience malicious code and denial-of-service, while Japanese companies least likely to experience malicious insiders and Web-based attacks. The study cited five "external" cost factors associated with cybercrime: business disruption, information loss or theft, revenue loss, equipment damages and "other." The "internal cost" factors were detection, investigation and escalation, containment, recovery and subsequent efforts to ward off future attacks.

top

Cyber Pain is Insurers' Gain (Australian Financial Review, 16 Oct 2012) - Major Australian companies are scrambling to secure cyber insurance to cover themselves for hundreds of millions of dollars in losses in the wake of the Alan Jones social media campaign and a string of shareholder class actions for data security breaches. In a flying visit to Australia, global cyber insurance practice leader at insurance giant Aon, Kevin Kalinich, has met with leading Australian companies across banking, superannuation, retail and healthcare, as they hit the panic button over new technology risks. Cyber insurance has exploded from a $200 million market just four years ago and is soon expected to reach $1 billion a year in premiums. "The top 70 advertisers for the radio station had attacks on their emails, on their social media systems, on their call centres, so the developments in technology has created new exposures that were not present 10 years ago, five years ago, even three years ago," Mr Kalinich said. "There are a number of cases going through the courts now where insurers are denying coverage rather than willingly paying for a large catastrophic loss [unless they have specific cyber insurance]," Mr Kalinich said. The companies Aon met this week are taking up coverage of up to $100 million - the average loss in Australia for a data breach is $2.16 million - but are increasingly seeking to ensure they are covered for social media risks as well, including Facebook, Twitter and the risk of online activists. "If you can demonstrate to the underwriters that you have good training and practices with your employees, then you can cover defamation, slander, libel, copyright, trademark. They can be included in the cyber liability placement but you have to have good practices in place," he said.

top

Pacemaker Hack Can Deliver Deadly 830-Volt Jolt (Computerworld, 17 Oct 2012) - Pacemakers from several manufacturers can be commanded to deliver a deadly, 830-volt shock from someone on a laptop up to 50 feet away, the result of poor software programming by medical device companies. The new research comes from Barnaby Jack of security vendor IOActive, known for his analysis of other medical equipment such as insulin-delivering devices. Several medical manufacturers are now selling bedside transmitters that replace the wand and have a wireless range of up to 30 to 50 feet. In 2006, the U.S. Food and Drug Administration approved full radio-frequency based implantable devices operating in the 400MHz range, Jack said. With that wide transmitting range, remote attacks against the software become more feasible, Jack said. Upon studying the transmitters, Jack found the devices would give up their serial number and model number after he wirelessly contacted one with a special command. With the serial and model numbers, Jack could then reprogram the firmware of a transmitter, which would allow reprogramming of a pacemaker or ICD in a person's body. A successful attack using the flaw "could definitely result in fatalities," said Jack, who has notified the manufacturers of the problem but did not publicly identify the companies. In a video demonstration, Jack showed how he could remotely cause a pacemaker to suddenly deliver an 830-volt shock, which could be heard with a crisp audible pop.

top

Outsourcing Privacy (InsideHigherEd, 22 Oct 2012) - After several years of negotiating, a dozen colleges have reached an agreement with Microsoft that could inspire more institutions to outsource their internal communications and data storage systems to the company and its far-flung servers - even when those systems hold sensitive student and research data. Since 2010 Microsoft had been in talks with a dozen universities about drawing up a standard contract that would address colleges universities' obligations to federal privacy laws such at the Family Education Rights and Privacy Act (FERPA), and the Health Insurance Portability and Accountability Act (HIPAA). The idea was to eliminate the tedium and expense of negotiating around these compliance issues with each and every university client. Now, after several years, those talks have finally born fruit, according to Tracy Futhey, the chief information officer at Duke University. Microsoft on Friday announced that it had signed up Duke, Emory and Thomas Jefferson Universities and the Universities of Iowa and Washington for its new, cloud-based e-mail and work software, Office365. The deals will save the universities on infrastructure costs by migrating various internal communication and data systems to Microsoft's servers - a move that would have been virtually impossible without resolving FERPA and HIPAA concerns.

top

Pinterest: Fair Use of Images, Building Communities, Fan Pages, Copyright (Berkman's CMLP, 22 Oct 2012) - When using Pinterest (and Flickr and YouTube and Facebook and on and on), what copyright, fair use, trademark and other issues weigh on building communities and corporate use of fan pages and social media generally? A hypothetical "Company" has plans for its Pinterest "community", and in particular, wonders about these situations:

  • Using Images of Identifiable People
  • Fair Use and Images

· Trademarks: When is a "Fair Use" Argument Strongest?

· Why Attribution and Linking to Original Sources is Important

3 introductory questions: Question #1 : Someone used to be a paid Company sponsor or spokesperson. They are no longer. Can the Company continue to post a photo of the old sponsor to Pinterest? Short Answer: If the contract with the sponsor expressly permits it, yes. Ordinarily, the contract would specify engagement for limited time, and that would prohibit rights to use images beyond the contract period. But it really depends on what the contract says. Q uestion #2 : Can the Company post a photo of a fan of the Company? Short Answer: Express consent is required, either through a release or the fan's agreement (whenever the photo is submitted) to terms of service. Exceptions are discussed below. Question #3 : Can the Company post a photo of a Coca-Cola bottle on its Pinterest page? Short Answer: If the use of the image does not suggest (implicitly or explicitly) endorsement or association, then yes. Below is discussion of these issues, with "Guidelines" at the end.

top

A Healthy Reminder From Amazon: You Don't Buy Ebooks, You Rent Them (GigaOM, 22 Oct 2012) - Sometimes the language we use fails to capture the essence of what we're doing when we are online, or lulls us into a false sense of security about our behavior and what it means. For example, we've gotten pretty used to the idea that we can "buy" ebooks from Amazon: we just click a button and pay with a credit card and there it is on our Kindle. Except that we aren't really buying it in the traditional sense of the word; we are merely renting it, or paying for access to it under a specific set of circumstances - and a recent incident in which a woman's account was blocked and all of her books removed without explanation is a healthy reminder of that. Norwegian technology blogger Martin Bekkelund describes how his friend Linn Jordet Nygaard found that her Amazon account had been shut down and access to all of her Kindle books (about 60 of them) had been blocked. Although some initial reports said that her books had been wiped from her device remotely - echoing an earlier incident several years ago, in which Amazon deleted copies of 1984 and Animal Farm from users' Kindles because of a licensing error - it later emerged that Nygaard's Kindle had malfunctioned, but she still wasn't able to access her books even through her account.

top

FTC Recommends Best Practices for Companies That Use Facial Recognition Technologies (FTC, 22 Oct 2012) - The Federal Trade Commission today released a staff report "Facing Facts: Best Practices for Common Uses of Facial Recognition Technologies" for the increasing number of companies using facial recognition technologies, to help them protect consumers' privacy as they use the technologies to create innovative new commercial products and services. Facial recognition technologies have been adopted in a variety of contexts, ranging from online social networks and mobile apps to digital signs, the FTC staff report states. They have a number of potential uses, such as determining an individual's age range and gender in order to deliver targeted advertising; assessing viewers' emotions to see if they are engaged in a video game or a movie; or matching faces and identifying anonymous individuals in images. Facial recognition also has raised a variety of privacy concerns because - for example - it holds the prospect of identifying anonymous individuals in public, and because the data collected may be susceptible to security breaches and hacking.

top

Hebrew U. Loses Lawsuit Over Einstein's Image (InsideHigherEd, 23 Oct 2012) - A federal judge has rejected a lawsuit by Hebrew University of Jerusalem against GM for the auto company's use of an Albert Einstein image pasted onto a muscled physique, The Detroit News reported. Hebrew University said that Einstein's will gave it rights to the use of his image. In this case GM used the image in an ad that ran in People magazine with the tag line "Ideas are sexy too." Judge Howard Matz ruled that GM was within its rights. "[Einstein] did become the symbol and embodiment of genius. His persona has become thoroughly ingrained in our cultural heritage. Now, nearly 60 years after his death, that persona should be freely available to those who seek to appropriate it as part of their own expression, even in tasteless ads," he ruled.

top

- and -

The Use and the Fury: Faulkner Estate's New Enforcement Efforts (Baker & Hostetler, 4 Nov 2012) - In a pair of lawsuits filed about a week ago, Faulkner Literary Rights, LLC ("Faulkner Literary"), the owner of the literary rights to the late William Faulkner's works, sued Sony Picture Classics ("Sony"), as well as Northrop Grumman Corporation ("Northrop Grumman") and Washington Post Company ("Washington Post") in the federal district court for the district of Mississippi. In both cases, Faulkner Literary brought claims for copyright infringement, unfair competition under the Lanham Act and state law claims for quotations from Faulkner's works. In the first lawsuit, Faulkner Literary claims that Woody Allen's latest hit, Midnight in Paris uses, without authorization, a quote from the Faulkner novel Requiem for a Nun. The line in Requiem for a Nun-a book approximately 250 pages long-is "The past is never dead. It's not even the past." In Midnight in Paris, the lead character, Gil Pender, played by Owen Wilson, is able to time travel between current day Paris and Paris of the 1920's. At one point he exclaims: "The past is not dead! Actually, it's not even past. You know who said that? Faulkner. And he was right. And I met him, too. I ran into him at a dinner party." Midnight in Paris lasts 94 minutes, and the accused dialogue only a few seconds.

top

- and -

Stupid Lawyer Tricks (And How the PTO Could Help Stop Them) (EFF, 30 Oct 2012) - We've seen some absurd trademark threats in recent years, but this one sets the bar at a new low: The Village Voice is suing Yelp for trademark infringement based on Yelp's creation of various "Best of" lists. Yes, that's correct, the publisher behind the paper (as well as several other weeklies around the U.S.) has managed to register trademarks in the term "Best of " in connection with several cities, including San Francisco, Miami, St. Louis and Phoenix. And it now claims that Yelp's use of those terms infringes those trademarks and deceives consumers. Right. First, a practical question: deceives consumers about what? Trademark law is supposed to ensure that consumers can trust that the goods and services they buy come from the sources they expect, e.g., that the Pepsi you just bought really was manufactured by Pepsi. That helps consumers, because it gives mark-owners an incentive to maintain the expected level of quality. And it helps mark-owners, because they can build customer loyalty and good will. But you don't need a survey or even a lawyer to figure out that no one actually thinks the Village Voice is associated with Yelp because both publish "best of" lists - not least because no one associates the term "Best of" with any particular news source. Second, the more important question: What is going on at the Patent and Trademark Office? For decades, folks have been complaining (with good reason) that the patent examiners need to do a better job of screening out bogus patent applications. It's clear that the problem extends to the trademark side as well. The PTO has allowed companies and individuals to register marks in any number of obviously generic and/or descriptive terms, such as " urban homestead " (to refer to urban farms), " gaymer " (to refer to gay gamers), and " B-24 " (to refer to model B-24 bombers). Once a mark is registered, it is all too easy for the owner to become a trademark bully. And while companies like Yelp have the resources to fight back (as we expect it will), small companies and individuals may not. Just as dangerous, the trademark owner may go upstream, to intermediaries like Facebook who have little incentive to do anything other than take down an account or site that's accused of infringement.

top

Risks of Data Portability (Bruce Schneier, 24 Oct 2012) - Peter Swire and Yianni Lagos have pre-published a law journal article on the risks of data portability. It specifically addresses an EU data protection regulation, but the security discussion is more general. ...Article 18 poses serious risks to a long-established E.U. fundamental right of data protection, the right to security of a person's data. Previous access requests by individuals were limited in scope and format. By contrast, when an individual's lifetime of data must be exported 'without hindrance,' then one moment of identity fraud can turn into a lifetime breach of personal data. They have a point. If you're going to allow users to download all of their data with one command, you might want to double- and triple-check that command. Otherwise it's going to become an attack vector for identity theft and other malfeasance.

top

Study Finds Significant Juror Interest In Internet, But No Use - Yet (Berkman's CMLP, 25 Oct 2012) - A survey of jurors from 15 trials has found that jurors generally understand instructions not to use the Internet or social media to research or communicate about trials, but also that many jurors wish they could use technology to do some sort of research about the cases they sat on. Very few, however, reported that they had violated admonishments not to research or discuss the case with others prior to deliberations, and all of these involved pre-deliberation discussions with either fellow jurors or family members. None involved the internet or social media. questioned impaneled jurors from six criminal and nine civil trials, as well as jurors from the voir dire phase (i.e., including those both ultimately chosen to serve on the jury and those that were not) of these trials plus an additional seven civil cases that settled during jury selection. In all the cases, the jurors were instructed during voir dire and trial not to use the internet or social media to research or communicate about the case. The majority of jurors reported in the survey that they understood these admonitions. Among prospective jurors, 87 percent understood that they should not use the internet or social media to communicate with friends or family or to post information about the case, and two-thirds said that researching the case online would violate the judges' instructions. But that did not mean that they did not want to. Significant percentages of prospective jurors said they wished they could use the internet to research legal terms (44 percent), the case itself (26 percent), the parties (23 percent), the lawyers (20 percent), the judge (19 percent), the witnesses (18 percent), and fellow jurors (7 percent). Eight percent wanted to be able to e-mail family and friends about the case, five percent wanted to connect with a fellow juror online, and three percent wanted to connect with another trial participant. Three percent each wanted to be able to tweet or blog about the trial, and two percent wanted to post something about the trial on a social networking site.

top

Court Instructs Parties to Utilize Predictive Coding, Requires Show of Cause to Avoid It (KL Gates, 26 Oct 2012) - Following argument on partial summary judgment and a motion to dismiss in the Delaware Court of Chancery on Monday, Vice Chancellor J. Travis Laster turned to the topic of a scheduling order and, apparently without outside provocation, addressed the issue of predictive coding: The Court : Thank you. Why don't you all talk about a scheduling order for the litigation on the counterclaims. This seems to me to be an ideal non-expedited case in which the parties would benefit from using predictive coding. I would like you all, if you do not want to use predictive coding, to show cause why this is not a case where predictive coding is the way to go.

I would like you all to talk about a single discovery provider that could be used to warehouse both sides' documents to be your single vendor. Pick one of these wonderful discovery super powers that is able to maintain the integrity of both side's documents and insure that no one can access the other side's information. If you cannot agree on a suitable discovery vendor, you can submit names to me and I will pick one for you.

top

MOOCs for Credit (InsideHigherEd, 29 Oct 2012) - Coursera, the largest provider of massive open online courses (MOOCs), has entered into a contract to license several of the courses it has built with its university partners to Antioch University, which would offer versions of the MOOCs for credit as part of a bachelor's degree program. The deal represents one of the first instances of a third-party institution buying permission to incorporate a MOOC into its curriculum -- and awarding credit for the MOOC -- in an effort to lower the full cost of a degree for students. It is also a first step for Coursera and its partners toward developing a revenue stream from licensing its courses. "It's a very different kind of arrangement than our university partnerships," says Daphne Koller, a Coursera co-founder, who along with her co-founder Andrew Ng has signed deals to host MOOCs from 33 universities on Coursera's platform. Antioch will pay Coursera an undisclosed amount for permission to use several courses, including ones from Duke University and the University of Pennsylvania. The company will share that revenue with the universities, which own intellectual property rights for their courses as part of their contracts with Coursera.

top

Why We Have an Open Wireless Movement (EFF, 30 Oct 2012) - In troubled times, it's important to help each other out. Right now, we're witnessing an unprecedented hurricane hitting the Eastern Seaboard of the United States, and the ensuing damage and power outages are crippling rescue efforts, businesses large and small, and personal communications. Communication is critical in time of crisis, and the Internet allows for the most effective way of getting information in and out. With readily available networks, government officials could use tools like Twitter to quickly spread information, citizen reports could help focus assistance where it is needed most, and social media updates could help reassure friends and loved ones-keeping mobile phone lines open for emergencies. To take advantage of the Internet, people should not have to attempt to skirt restrictive Terms of Service to attempt to tether their smartphones . And tethering would not be necessary if there were ubiquitous open wireless, so that anyone with a connection and power can share their network with the neighborhood. Last year, we wrote a post titled "Why We Need An Open Wireless Movement." Today, EFF is proud to announce the launch of the Open Wireless Movement-located at openwireless.org -a coalition effort put forth in conjunction with nine other organizations: Fight for the Future, Free Press, Internet Archive, NYCwireless, the Open Garden Foundation, OpenITP, the Open Spectrum Alliance, the Open Technology Institute, and the Personal Telco Project.

top

- and -

EFF Launches New Transparency Project (EFF, 2 Nov 2012) - From cell phone location tracking to the use of surveillance drones, from secret interpretations of electronic surveillance law to the expanding use of biometrics, EFF has long been at the forefront of the push for greater transparency on the government's increasingly secretive use of new technologies. With the launch of our new Transparency Project , we've made the information we've received easier to access and added new tools to help you learn about the government and file your own requests for information. The new name-Transparency Project-reflects the fact that EFF's work has expanded far beyond filing and litigating federal Freedom of Information Act requests. While that work still makes up a solid core of what our Transparency Team does, we also seek information from state and local governments, regularly report on transparency issue more broadly, and provide tools to help you find out more about our government and what it's up to. The new Transparency Project section of our website helps to promote these goals. Some of the new features include: * * *

top

Court OKs Warrantless Use of Hidden Surveillance Cameras (CNET, 30 Oct 2012) - Police are allowed in some circumstances to install hidden surveillance cameras on private property without obtaining a search warrant, a federal judge said yesterday. CNET has learned that U.S. District Judge William Griesbach ruled that it was reasonable for Drug Enforcement Administration agents to enter rural property without permission -- and without a warrant -- to install multiple "covert digital surveillance cameras" in hopes of uncovering evidence that 30 to 40 marijuana plants were being grown. Yesterday Griesbach adopted a recommendation by U.S. Magistrate Judge William Callahan dated October 9. That recommendation said that the DEA's warrantless surveillance did not violate the Fourth Amendment , which prohibits unreasonable searches and requires that warrants describe the place that's being searched. Two defendants in the case, Manuel Mendoza and Marco Magana of Green Bay, Wis., have been charged with federal drug crimes after DEA agent Steven Curran claimed to have discovered more than 1,000 marijuana plants grown on the property, and face possible life imprisonment and fines of up to $10 million. Mendoza and Magana asked Callahan to throw out the video evidence on Fourth Amendment grounds, noting that "No Trespassing" signs were posted throughout the heavily wooded, 22-acre property owned by Magana and that it also had a locked gate. Callahan based his reasoning on a 1984 Supreme Court case called Oliver v. United States , in which a majority of the justices said that "open fields" could be searched without warrants because they're not covered by the Fourth Amendment. What lawyers call " curtilage ," on the other hand, meaning the land immediately surrounding a residence, still has greater privacy protections. "Placing a video camera in a location that allows law enforcement to record activities outside of a home and beyond protected curtilage does not violate the Fourth Amendment," Justice Department prosecutors James Santelle and William Lipscomb told Callahan As digital sensors become cheaper and wireless connections become more powerful, the Justice Department's argument would allow police to install cameras on private property without court oversight -- subject only to budgetary limits and political pressure.

top

How to Get Your Readers to Love Paywalls (PaidContent, 31 Oct 2012) - Okay, maybe "love" is too strong a word, but a new study suggests that newspapers enacting paywalls should emphasize financial need, not profit motives, when announcing them to readers. The study, " Paying for What Was Free: Lessons from the New York Times Paywall ," is by Columbia University associate research scientist Jonathan Cook and Indiana University assistant professor Shahzeen Attari. They surveyed 954 New York Times readers shortly after the paper announced , in March 2011, that it would enact a metered paywall, and then again 11 weeks after the paywall was implemented. In the post-paywall survey, participants read one of two "justification" paragraphs, one emphasizing a profit motive and one emphasizing financial need (that paragraph concluded, "if the NY Times does not implement digital subscriptions, the likelihood that it will go bankrupt seems high"). Participants then "rated how the information changed their support for the paywall and their willingness to pay." The results showed that "When participants were provided with a compelling justification for the paywall - that the NYT was likely to go bankrupt without it - their support and willingness to pay increased. In contrast, when participants were provided with a justification that emphasized financial stability, their support and willingness to pay decreased."

top

Minneapolis Police Pushing for More License Plate Data Privacy (ArsTechnica, 1 Nov 2012) - A Minneapolis municipal committee is now advocating on behalf of local police for a change in Minnesota's state law concerning the right to access data collected from license plate readers (LPRs). For now, the city maintains a massive database collected from its 11 LPR readers that hold each license plate number seen, along with the corresponding GPS location data, date, and time for the previous 90 days. In a meeting Thursday, the Committee of the Whole Agenda heard discussions regarding a new proposal from the city police department that would restrict access to license plate reader records. Under the proposed rules, only the police would have access to the entire database, and a non-police individual would only be able to access the data that pertained to his or her car. Currently, a rather liberal open records state law known as the Data Practices Act makes all government data public by default. If approved by the Minneapolis city council, such changes could be put forward to the state legislature as soon as next year. As we reported earlier this year, license plate readers are largely on an unchecked rise throughout the United States. Millions of new records are collected by law enforcement agencies on a daily basis, often with little oversight. The new proposal comes after increased scrutiny over the practice in Minneapolis, after a local reporter managed to track the mayor's movements in August 2012 by filing a request with the police.

top

Another Court Finds Online Statements With Links Are Not Defamatory (Eric Goldman's blog, 1 Nov 2012) - Eric posted about Redmond v. Gawker Media , a California case where the court found that use of links by a Gawker author helped defeat a claim for defamation. This case reaches a similar result. Seldon, proceeding pro se, sued Compass Restaurant and several Jane Does (including an email address) for disseminating an email that allegedly contained multiple defamatory statements about him. You can click through to the decision to see the statements, but among other things the email calls him a "serial suer, scammer, spammer, embezzler, and revenge artist." The email offered a few "supporting links," including an LA Times Article, a few links from Justia, one from Pacer, and one from WIPO. The court says that in determining whether a statement is actionable or a mere statement of opinion, the court looks to the statement overall, in context. An opinion can still be actionable if it implies a basis on undisclosed facts. On the other hand, a statement of opinion that discloses background facts is not actionable. In fact, these statements are more likely to be understood by the audience as mere conjecture. The court concludes (citing to Sandals Resort v. Google ) that the statement in this case falls in the latter category. It is accompanied by articles in the form of links, and the email expressly says that it contains "supporting links". Like the Gawker ruling Eric blogged about, this is a great result for bloggers, and anyone who traffics in links and commentary online. It's also good illustration of how the context rule plays out online. (See also " A Twitter Exception for Defamation? ")

top

Coke Gets Hacked and Doesn't Tell Anyone (Bloomberg, 4 Nov 2012) - FBI officials quietly approached executives at Coca-Cola Co. (KO) on March 15, 2009, with some startling news. Hackers had broken into the company's computer systems and were pilfering sensitive files about its attempted $2.4 billion acquisition of China Huiyuan Juice Group (1886), according to three people familiar with the situation and an internal company document detailing the cyber intrusion. The Huiyuan deal, which collapsed three days later, would have been the largest foreign takeover of a Chinese company at the time. Coca-Cola, the world's largest soft-drink maker, has never publicly disclosed the loss of the Huiyuan information, despite its potential effect on the deal. It is just one in a global barrage of corporate computer attacks kept secret from shareholders, regulators, employees -- and in some cases even from senior executives. When hackers last year waged a large-scale attack on BG Group Plc (BG/), raiding troves of sensitive data, the British energy company never made it public. Luxembourg-based steel maker ArcelorMittal (MT) also kept mum when intruders targeted, among others, its executive overseeing China. As did Chesapeake Energy Corp. (CHK), after cyber attackers made off with files from its investment banking firm about natural gas leases that were up for sale. "Investors have no idea what is happening today," says Jacob Olcott, a former cyber policy adviser to the U.S. Congress. "Companies currently provide little information about material events that occur on their networks." In the U.S., the Securities and Exchange Commission last year said that companies are required to report any material losses from such attacks, and any information "a reasonable investor would consider important to an investment decision." To gain access to confidential deal information, hackers often target links in a chain of outside organizations that handle such information on the company's behalf, such as banks and law firms. China-based cyberthieves, for instance, hacked into the computer networks of seven law firms in 2010 to get more information about BHP Billiton Ltd.'s ultimately unsuccessful $40 billion bid to acquire Canadian company Potash Corp. of Saskatchewan, Inc., Bloomberg reported in January. Intruders took a similar approach last year in a breach that ultimately targeted Chesapeake Energy, the second-largest U.S. natural gas producer, according to a person familiar with the situation and computer logs viewed by Bloomberg News. The logs indicate that Comment group obtained information about Chesapeake's efforts to sell natural-gas leases by hacking into an office of Jefferies Group Inc. (JEF) , which is advising on the sales. [ Polley : long, interesting story. The timing is co-incident with other testimony before the US Senate about the complete penetration of a US law firm's files by Chinese actors; same event?]

top

New Twitter Policy Lets Users See Tweets Pulled Down for Copyright (GigaOM, 4 Nov 2012) - Twitter has made a significant shift in how it responds to copyright complaints. In the past, such complaints caused tweets to vanish without a trace but now people can see the place where a tweet once stood - and the reaction to its disappearance. The tweet announcing the policy suggested it was in the name of "#transparency." This is consistent with other efforts by Twitter to shine light on a copyright process that critics say is susceptible to abuse by content owners. In January, for instance, Twitter published 4,410 DMCA takedown requests it received in the previous year.

top

Verdict Is Out on Virtual Lawyers, But Firms Find Fewer Objections (WSJ, 5 Nov 2012) - Uncertainty about the impact of the presidential election has sent Americans searching for legal advice about everything from green-card sponsorship rules to possible changes to the estate tax. To the surprise of many in the legal establishment, a growing number of those help-seekers are getting their guidance online. In recent years, Web-based attorneys have gone mainstream, with pitches aimed at the cost-conscious. And while critics question whether their advice hits the mark, they concede the online model can work in some relatively simple situations. An in-office consultation can cost as much as $1,000 an hour, though rates vary depending on location and a lawyer's area of expertise. Attorneys on San Francisco-based Pearl.com, in contrast, charge an average of $30 to $40 to answer a range of questions, many of which are basic preliminary inquiries (example: "What's the difference between a will and a trust?"). At Avvo.com, based in Seattle, attorneys provide advice at no cost to promote their practices, and the site makes money through advertising and enhanced listings. For the lawyers, the advantages include savings on overhead, and the possibility of luring more substantial business from customers satisfied with the short answers. Perhaps more disconcerting to purists, some leading players aren't exclusively law-focused. Pearl.com, which says its annual revenue now tops $100 million, also offers assistance from computer technicians and relationship counselors. Avvo.com proffers legal help alongside medical and dental advice (legal questions account for about 80% of its traffic).

top

The FISA Amendments Act Authorizes Warrantless Spying on Americans (Stanford, 5 Nov 2012) - Next week, the lame duck Congress will take up the issue of whether to extend the Foreign Intelligence Surveillance Act (FISA) Amendments Act (FAA) of 2008. The House of Representatives passed a five year extension, but during the floor debate on that bill, lawmakers demonstrated a fundamental misunderstanding about how the FAA affects the privacy of Americans on American soil. Before rubber-stamping the bill, lawmakers in the Senate have the opportunity to address the misunderstanding and better protect American privacy. This post is the first in a series. * * * [ Polley : author Jennifer Granick provides a thoughtful, thorough parsing of the law. In a related vein, see " Looking Back " below, for 2 ten-year-old stories on the subject.]

top

Attorney SEO to be Addressed by Florida Bar (Lawyerist.com, 5 Nov 2012) - As reported by Gary Blankenship in Lawyers must take care on how they drive traffic to their websites : " Using secretive techniques to lure Internet users to a law firm website with false or deceptive information is wrong, members of the Bar's Standing Committee on Advertising agree, but the committee wants more time to research the technical issues before approving an advisory opinion. The committee met September 20 at the Bar's Midyear Meeting in Orlando and reviewed a proposed advertising advisory opinion that addressed hidden text and meta tags (words on a webpage that are not visible to the viewer)." But there's just one problem. These folks don't really seem to know SEO. For example, they seem to imply that the use of the keywords meta tag can be used to optimize positions in search engine results. However, the keywords meta tag is not used by search engines (at least not by Google, at least not since 2009) to rank sites.

top

Social Media, Growing in Legal Circles, Find a Role in Florida Murder Case (NYT, 6 Nov 2012) - When Mark O'Mara agreed to defend George Zimmerman in the Trayvon Martin murder case, one of his first major decisions was to embrace the Internet. He set up a legal defense Web site for his client, a Twitter page and a Facebook account, all with the purpose of countering what he called the "avalanche of misinformation" about the case and Mr. Zimmerman. It was a risky move, unorthodox for a criminal defense lawyer, legal experts said, but a bold one. Late last month, the judge in the case, rebuffing the prosecution, allowed Mr. O'Mara to keep the online presence. In so doing, the judge sanctioned the use of social media in a high-profile murder case that was already steeped in the power of Facebook, Twitter and blogs. Not long after Mr. Martin was shot and killed, protesters took their cues from Facebook and demonstrated across the country. Angry words coursed through Twitter. Mr. Zimmerman, in hiding, started a Web site to raise money. The Martin family's lawyers, who made ample use of traditional media, used Twitter to bring attention to Mr. Martin's death. Social media is playing a role in the courtroom, too. Mr. O'Mara wants to use Mr. Martin's Facebook page and Twitter feed to bolster Mr. Zimmerman's claim of self-defense. But he will most likely face a protracted battle to authenticate the material, in part because Mr. Martin is no longer alive. Last month, the judge allowed Mr. O'Mara to subpoena Twitter and Facebook for the information. In ways large and small, the State of Florida v. George Zimmerman is serving as a modernized blueprint for deploying social media in a murder case.

top

The Lawfare Wiki Document Library (Lawfare, 8 Nov 2012) - The next big phase of Lawfare expansion involves the creation of a large document library-a kind of one-stop-shopping for primary source material in the field of national security law. We are building this library as a wiki in collaboration with the Harvard Law School National Security Research Committee (NSRC), a student practice organization that provides legal research services for academics and policymakers on a variety of national security law issues. The library will be a searchable database of primary source material built in large measure by the Lawfare reader community and curated by Lawfare and the NSRC as a research tool for the scholarly, journalistic, and research communities. Having built the technical architecture, we are now engaged in an early phase of the project-which involves seeding the wiki with a core body of important documents in the field: cases, treaties, statutes, etc. Each document will be accompanied by a summary that explains what it is and why it's important-a summary that the reader community will then be able to edit and expand upon by adding links to major scholarly treatments and the like. We want your help with this initial phase. The more people we can get to summarize documents, the more quickly we can build a first-rate resource that we can then open up to a wider group of contributors. If you're interested in contributing to the document wiki, send an email to Julia Lohmann , Raffaela Wakeman , or Wells Bennett , and they'll assign you one to work on.

top

NOTED PODCASTS

Sending Secrets: Security and Cryptography in a Quantum World (Santa Fe Institute, 2011; 70 minutes) - Caesar shifted each letter three places in the alphabet. Much of modern computer science was born in the effort to break the Nazi Enigma code, and Cold War spies used code books that fit inside a walnut. Nowadays, the cryptography we depend on every day - for instance, to send our credit card information when we buy something on the Web - relies in turn on the mathematics of prime numbers. But in 1994, Peter Shor discovered that a future quantum computer could crack our cryptosystems by breaking large numbers into their prime factors. Cris will start by describing how these cryptosystems work, and how a quantum computer could break them. (Nothing beyond high-school math, he promises!) He'll end by giving a personal view about whether quantum computers can be built - and what kinds of cryptography could remain secure even if and when they are built. [ Polley : This has the first explanation I've understood describing quantum computing, and how it might enable code-breaking. I've just returned from a terrific symposium by the Santa Fe Institute on resilience in complex systems. The Institute is the most catholic, cross-disciplinary gathering I've encountered since the MIT Media Lab, and I strongly encourage you to explore possible collaboration with them.]

top

RESOURCES

Smart Policies for Smartphones: Acceptable Online Activities During Work Hours (IBM, 17 Oct 2012) - IBM has published a social media policy that some think is exemplary for any organization that wants to pursue the dual goals of encouraging employees to engage in social media and protecting the organization's reputation. Current IBM social computing guidelines are here .

top

FUN

New Book: Law of Superheroes (PatentlyO, 25 Oct 2012) - The book that we've all been waiting for is finally out: The Law of Superheroes . I am serious here -- at least that I have been waiting for this book ever since I discussed the project with co-author James Dailey a few years ago when he visited the Mizzou campus. Daily and Ryan Davidson have turned their popular blog ( lawandthemultiverse.com ) into book published by Gotham Books, a division of Penguin. Daily is a patent attorney and the book answers many IP questions that may have vexed comic book readers:

· Does Batman's use of Wayne Enterprises' advanced technologies to stop crimes (at night) negate patentability?

· Does Spiderman infringe any genetic engineering patents?

· In our universe, the Beatles broke up and John Lennon died. However, there are other (far better) universes where that did not happen. What copyright laws would apply when someone wants distribute copies of the Beatles' 40 th Anniversary Album that was brought back from that alternate universe?

One of the book's thirteen chapters focuses on intellectual property. But the book as a whole covers a host of topics ranging from Constitutional law to immigration; from criminal procedure to the legal treatment of non-human intelligence. Great work by Daily and Davidson! I am already looking for Volume II. Law students beware: the book offers a host of original hypothetical questions that would be readily used on final examinations.

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

HOW FAR WILL THE FEDS GO TO PUSH FAVORABLE SURVEILLANCE LAWS? (Steptoe & Johnson's e-Commerce law week, 7 Sept 2002) -- A former member of the Justice Department's Computer Crime and Intellectual Property Section will reveal in a forthcoming law review article that the Department purposely kept hidden a November 2000 order issued by the only federal Magistrate Judge in San Jose, California. The order determined that the old pen register/trap-and-trace provisions of federal surveillance law applied only to telephones and did not authorize government use of pen registers and trap-and-trace devices with respect to electronic communications (like e-mail). The order squarely contradicted DOJ's view of the law. Although this particular issue was resolved in the government's favor by the USA PATRIOT Act last fall, it shows how far the government will go to get ISPs to comply with its surveillance orders. Even though the government was aware of the order, it continued to ask ISPs to install surveillances on e-mail communications under the pen/trap provisions and never mentioned the order. This should serve as a reminder that, when presented with a surveillance order, ISPs and other companies should undertake an independent evaluation of the order's lawfulness rather than simply relying on DOJ's interpretation of the law. http://www.steptoe.com/webdoc.nsf/ListServEntry?OpenForm

top

INTERNET SURVEILLANCE LAW AFTER THE USA PATRIOT ACT: THE BIG BROTHER THAT ISN'T (Orin S. Kerr -- George Washington University Law School) -- Abstract: This article argues that the common wisdom on the USA Patriot Act is wrong. Far from being a significant expansion of law enforcement powers online, the Patriot Act actually changed Internet surveillance law in only minor ways and added several key privacy protections. The article focuses on three specific provisions of the Patriot Act: the provision applying the pen register law to the Internet, the provisions relating to Carnivore, and the new computer trespasser exception to the Wiretap Act. By explaining the basic framework of surveillance law and applying it to the Patriot Act, the author shows how the Internet surveillance provisions of the Patriot Act updated the law in ways that both law enforcement and civil libertarians should appreciate. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=317501

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. The Benton Foundation's Communications Headlines

11. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

Posted by at No comments:
Subscribe to: Posts (Atom)