**************Introductory Note**********************
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by http://www.knowconnect.com.
Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.
Recent MIRLN issues are archived at www.knowconnect.com/mirln.
**************End of Introductory Note***************
VA. PRIVACY ADVOCATE GETS PARTIAL WIN IN SSN POSTINGS CASE (AP, 22 August 2008) - A privacy advocate who challenged a Virginia law against posting Social Security numbers on the Internet won a partial victory Friday when a federal judge ruled her Internet postings are protected by the Constitution. U.S. District Judge Robert Payne ruled that the law barring such postings is unconstitutional as applied to B.J. Ostergren’s current and past Web site postings, but he stopped short of overturning the law. Payne said he would need further briefing on whether to issue a more far-reaching injunction concerning future postings of Social Security numbers by Ostergren or others. On her site, Ostergren has posted public documents — primarily land records — containing the Social Security numbers of prominent people and court officials. Her purpose is to demonstrate that government has failed to protect individuals’ privacy. She claimed in her lawsuit that government can’t publish the information and then punish citizens for distributing it. Payne agreed, saying Ostergren’s activities were protected by the First Amendment. “It is difficult to imagine a more archetypal instance of the press informing the public of government operations through government records than Ostergren’s posting of public records to demonstrate the lack of care being taken by the government to protect the private information of individuals,” Payne wrote. http://ap.google.com/article/ALeqM5jiGOcctpSb22Nw59ozzMFCW2hv7gD92NM65G0
- and -
JONES DAY SUES OVER WEBSITE POSTING ATTORNEY HOME PURCHASE INFO (ABA Journal, 11 Sept 2008) - Jones Day has sued a website that highlights lawyers—even posting their photos and linking to firm biographies—and other professionals who buy and sell their homes in Chicago, Las Vegas, St. Louis and South Florida. After two Jones Day associates were featured on the BlockShopper site, the Cleveland-based BigLaw firm sued, reports the National Law Journal in an article reprinted in New York Lawyer (reg. req.). It is alleging service mark infringement in the federal lawsuit, which was filed in U.S. District Court for the Northern District of Illinois and also asserts claims for federal false designation of origin and unfair business practices under the Illinois Uniform Deceptive Trade Practices Act, among other issues, the legal publication reports. The suit seeks an injunction, damages and attorney fees. After a Neal Gerber & Eisenberg associate’s home purchase was featured on BlockShopper, managing partner Jerry Biederman says, the law firm is looking into whether the posting violates privacy rights as well as intellectual property rights. http://www.abajournal.com/weekly/law_firm_sues_over_website_posting_attorney_home_purchase_info
- and -
SHEBOYGAN WOMEN FILES LANDMARK CASE OVER WEB LINKS (Milwaukee Journal, 23 August 2008) - Can a city stop people from posting a link to its Web site? That’s the question at the center of a federal lawsuit brought by a Sheboygan woman against the mayor and other officials there, in what appears to be a first-of-its-kind case, according to an Internet law expert. Jennifer Reisinger says the Sheboygan city attorney ordered her to remove from her Web site a link to the city’s police department, in what she believes was retaliation for her support of recalling Mayor Juan Perez, according to the suit filed last week. Bruce Boyden, an assistant law professor at Marquette University who specializes in Internet law and copyright, called the case novel. “If this goes all the way to trial and produces a decision, I believe this would be a first in United States,” he said. Boyden said some companies require other Web sites to get permission to link to them, but he knew of no companies, much less a government body, that have tried to enforce violations of that condition if the links didn’t infringe on a copyright or trademark. http://www.jsonline.com/story/index.aspx?id=786584
ABA ETHICS COMMITTEE ISSUES OPINION DETAILING LAWYER RESPONSIBILITIES WHEN OUTSOURCING LEGAL WORK DOMESTICALLY OR INTERNATIONALLY (ABA, 25 August 2008) - U.S. lawyers are free to outsource legal work, including to lawyers or nonlawyers outside the country, if they adhere to ethics rules requiring competence, supervision, protection of confidential information, reasonable fees and not assisting unauthorized practice of law. Those are the conclusions of the American Bar Association Standing Committee on Ethics and Professional Responsibility, which describes outsourcing as a salutary trend in a global economy. Many lawyers do outsource work, using lawyers or nonlawyers as independent contractors, hiring them directly or through intermediaries and on temporary or ongoing bases, says the committee. Outsourcing can reduce client costs and enable small firms to provide labor intensive services such as large, discovery intense litigation, even though the firms might not maintain sufficient ongoing staff to handle the work, according to a new ethics opinion issued today. Ethics Opinion 08-451 details ethics obligations of lawyers and firms that do elect to outsource legal work. http://www.abanet.org/abanet/media/release/news_release.cfm?releaseid=435 Opinion at http://www.abanet.org/cpr/08-451.pdf
RESEARCHER MINES BLOGS, SOCIAL NETWORKS TO ACCESS BANK ACCOUNTS (ComputerWorld, 25 August 2008) - A recent Google search of MySpace Inc.’s popular social networking site for several variations of terms describing a person’s maternal grandparents returned more than 11,000 search results. The search by security researcher and author Herbert Thompson illustrates the growing security threat posed by the massive amount of personal information posted on social networks, forums, blogs and other Web 2.0 destinations. Thompson sent the search results to Computerworld. Posting seemingly innocuous information -- like a mother’s maiden name or a pet’s name -- could help a crook access personal data stored by banks, financial services firms and other companies, Thompson said. Many companies typically ask for such information from clients to reset a password on an account, he noted. With her permission, Thompson accessed a friend’s bank account in an hour and a half after mining her personal blog personal for details like her birth date, birthplace, father’s middle name and pet’s name. He used the data to reset her e-mail password and gain access to an e-mail from her bank with instructions on how to reset her account password. Thompson said in an interview that cybercriminals are increasingly mining personal data splashed throughout the Web 2.0 world. He noted that the questions that banks have long used to reset or recover passwords were typically seen as difficult for thieves to answer. Now, however, the answers to the questions are often readily available to crooks because so many people are now blogging about their personal lives or are creating personal profiles that are rife with this type of information, he noted. As proof, Thompson pointed to the fact that thieves on underground forums typically charge 10 to 12 times more for stolen credit card numbers with the mother’s maiden name or a pet’s name of the owner than for the credit card alone. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9113405&source=NLT_AM&nlid=1 Scientific American article here: http://www.sciam.com/article.cfm?id=anatomy-of-a-social-hack
- and (older article) -
MAPPING COMPUTER TECHNIQUES TO THE REAL WORLD (NewSmart, 18 May 2008) - As a recent Times article describes, shopping plazas are now using cell-phone tracking technology to map shoppers’ activities and movement patterns. The “Path Intelligence” hardware used to track the movements works like this:
* A cell-phone-wielding shopper enters the shopping plaza.
* Path Intelligence monitors mounted throughout the plaza detect that a new mobile phone is in the vicinity and log its IMEI code.
* As the shopper moves around the mall, his or her movements are continuously triangulated by the multiple Path Intelligence units, allowing movements to be mapped and saved for later analysis.
The good news: it’s totally private, there isn’t any (automated) way to map a particular record in the Path Intelligence logs to an actual person. The resulting logs can be analyzed for shopping patterns (where people go after visiting a certain store, peak hours of traffic, most popular regions, etc.) later on, providing valuable intelligence and allowing for improvements.
The bad news: The Path Intelligence logs -- in-conjunction with other monitoring techniques such as cashier timestamps, credit card log, video surveillance, etc. -- can result in the identification of the persons associated with logged behavior in the system; posing a real and tangible privacy/Big Brother concern.
The weird news: Everything in the above scenario can be directly mapped to an exact counterpart in the current web-tracking solutions in use:
* Shopper - Visitor to a site
* Mall/Shopping Plaza - Website
* IMEI code - IP Address (unique, but not personally identifying on its own)
* Path Intelligence - One of the many web-statistics companies http://neosmart.net/blog/2008/mapping-computer-techniques-to-the-real-world/
DATA BREACHES HAVE SURPASSED LEVEL FOR ALL OF ‘07, REPORT FINDS (Washington Post, 26 August 2008) - More data breaches have been reported so far this year than in all of 2007, according to a report released yesterday by a nonprofit group that works to prevent fraud. Identity Theft Resource Center of San Diego found that 449 U.S. businesses, government agencies and universities have reported a loss or theft of consumer data this year. Last year, the center tallied 446 breaches involving 127 million consumer records. About 90 million of those records were attributed to a single retail chain, TJX, which operates T.J. Maxx stores. Officials said they do not know whether there have been more breaches this year or if there is better reporting of the incidents. So far this year, at least 22 million consumer records have been the target of data breaches, according to the report. But resource center founder Linda Foley cautioned that the true number of records affected is likely far higher, noting that in 41 percent of the cases the number of consumer records affected was not disclosed. What’s more, Foley said, many businesses are not reporting data breaches or are not aware of them. In addition, she said, a single breach report often involves data belonging to multiple businesses. http://www.washingtonpost.com/wp-dyn/content/article/2008/08/25/AR2008082502496.html
REPORT: RIAA WINS CASE OVER ERASED HARD DRIVE (CNET, 26 August 2008) - The recording industry appears to have won a closely watched copyright infringement case over charges of evidence tampering. Judge Neil Wake ruled on Monday that Jeffery Howell, a defendant in Atlantic v. Howell, had willfully and intentionally destroyed evidence related to his peer-to-peer activities after being notified of pending legal action by the RIAA, according to a Tuesday report by Ars Technica. Furthermore, since it was done in bad faith, it “therefore warrants appropriate sanctions,” the site reported. The RIAA sued Pamela and Jeffrey Howell for copyright infringement in 2006, claiming that the husband and wife had used Kazaa to make copyrighted files available for download. In a deposition, Jeffrey Howell admitted to loading the file-sharing software onto his computer. He said, however, that the songs listed in the complaint were for personal use and that he had not placed the files in the program’s shared folder. He said the recordings were copies made from CDs he owned placed on the computer for personal use, not copies downloaded from Kazaa. RIAA accused Howell of destroying evidence on four occasions after being served with the lawsuit, the site reported. RIAA experts found that Howell uninstalled Kazaa and reformatted his hard drive, Ars Technica reported. “Defendant’s intentional spoliation of computer evidence significantly prejudices plaintiffs because it puts the most relevant evidence of their claim permanently beyond their reach,” the RIAA reportedly argued. “The deliberate destruction...by itself, compels the conclusion that such evidence supported plaintiffs’ case.” http://news.cnet.com/8301-1023_3-10026694-93.html
BIGLAW FIRM RECRUITS ON FACEBOOK (ABA Journal, 26 August 2008) - Screen shot of firm’s Facebook page. Looking for a way to better promote itself to the next generation of lawyers, Curtis, Mallet-Prevost, Colt & Mosle has launched a Facebook page as part of its broader law school recruiting efforts. “We are pleased to be capitalizing on the popularity of the most widely used social networking site,” Nancy Delaney, a Curtis partner who is a member of the firm’s personnel committee, says in a release (PDF) about the page. “As a Firm, we recognized the power of this format of communication and the wide use being made of it by future lawyers.” As of this posting, the page had 32 fans. The page promotes the 178-year-old firm with historical information and the benefits of starting a career in New York. It also includes links to news, awards, policies and questions and answers about other office locations and on-campus schedules. On his LawSites blog, Robert Ambrogi posits that Curtis may be the first Am Law 200 firm to feature Facebook as a central recruiting tool. http://www.abajournal.com/weekly/biglaw_firm_recruits_on_facebook
PUBLIC, PRIVATE SECTORS AT ODDS OVER CYBER SECURITY (LA Times, 26 August 2008) - Three very big and very different computer security breaches that have dominated recent headlines did more than show how badly the Internet needs major repairs. They also exposed the huge rift between corporate America and the federal government over who should fix it, cyber-security experts say. In the last few months, law enforcement officials cracked an international ring that tapped customer databases and trafficked in tens of millions of credit card numbers; a researcher uncovered a major flaw that permits hackers to steer some Web surfers to fake versions of popular websites filled with malicious software; and computer assaults, which some researchers said they had traced back to Russia’s state-run telecommunications firms, crippled websites belonging to the country of Georgia. Yet the episodes did little to boost cyber security higher on the agendas of the federal government or the two major presidential candidates. “Nothing is happening,” said Jerry Dixon, the former director of the National Cyber Security Division at the Department of Homeland Security. “This has got to be in the top five national security priorities.” Dixon is just one of hundreds of technology executives and experts who have been saying for years that Washington needs to do much more to protect consumers, businesses and the government itself from attacks by criminal hackers and those supported by rival nations. The government has largely argued that the private sector is better suited to tackle the broader problem. But big corporations say it’s too big for them to handle. They say the Internet’s technical underpinnings, which are loosely administered by the Commerce Department, need a major overhaul to eliminate vulnerabilities. Why such a persistent disconnect? It’s partly because cyber security crosses so many lines in the executive branch. Homeland Security oversees protection of government networks, and the Federal Bureau of Investigation and Secret Service pursue cyber crimes. When those cases lead to other countries, the State Department must get involved. More important, most of the Internet’s infrastructure -- the big computers and data pipes through which our bits travel -- is in private hands. http://www.latimes.com/business/la-fi-security26-2008aug26,0,2021258.story
SPANNING THE GLOBE TO BRING YOU THE CONSTANT VARIETY OF ... DATA PROTECTION LAWS (Steptoe & Johnson’s E-Commerce Law Week, 28 August 2008) - New data protection requirements are being considered all over, including in Australia, Mexico, Turkey, South Korea, Peru, and Vietnam. The Australian Law Reform Commission has recommended several amendments to that country’s Privacy Act, including mandatory notification to individuals affected by data breaches that pose a “real risk of serious harm” and a reworking of the rules governing cross-border data flows. Meanwhile, Mexican lawmakers are drafting a data protection law based loosely on Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). The Turkish government is also reportedly ready to get on the data protection bandwagon, stating that it hopes to enact an EU-ready data protection law sometime this fall. And South Korea, Peru, and Vietnam have announced that they are considering data protection measures that would be consistent with privacy principles promoted by the Asia-Pacific Economic Cooperation forum. South Korea’s draft legislation would also require businesses to notify individuals whose personal data has been breached. If adopted, these data protection measures could cause headaches for international companies, which might be required to comply with different rules for the handling of personal information in the various countries where they do business. All these measures therefore bear close watching. http://www.steptoe.com/publications-5495.html
ANOTHER COURT PROTECTS ANONYMOUS SPEECH ONLINE (Steptoe & Johnson’s E-Commerce Law Week, 28 August 2008) - Many courts have held that plaintiffs must meet a heightened evidentiary standard before they can compel ISPs or others to identify someone who has posted allegedly illegal or tortious material online. But there has been disagreement over what the standard should be. In Quixtar Inc. v. Signature Management Team, LLC, another federal court called the “summary judgment standard” first articulated by the Delaware Supreme Court in Doe v. Cahill the “correct standard.” As we have previously reported, the Cahill standard requires plaintiffs to make out a prima facie case before courts will compel discovery of an anonymous individual’s identity. The Quixtar court ruled that persons challenging the unmasking of anonymous third-party bloggers should be given an opportunity to notify the bloggers, so that they can contest the discovery of their identities. The court also held that the bloggers could raise their objections under pseudonyms, and noted that it would assess any objections under the Cahill summary judgment standard. http://www.steptoe.com/publications-5495.html
MUCH ADO ABOUT TEXT SEARCHING (Law.com, 28 August 2008) - The biggest cost of litigation today is the cost of discovery. And the biggest cost of discovery is the cost of retrieving, reviewing and producing responsive documents stored electronically, while not producing those responsive documents that are privileged or contain work product. Since many cases involve amounts at issue that e-discovery costs could easily dwarf -- and since almost all cases settle -- the challenge is to select a search and review methodology that is rational and proportionate to the amount at issue and, most importantly, that will provide parties and counsel with reasonable assurance that they are meeting their discovery obligations and containing their costs. From the earliest stages of e-discovery, parties and counsel yearn for predictability. With the marketplace awash in e-discovery technology and service vendors, and with commentators and conferences daily promoting “cutting-edge” e-discovery strategies, surprisingly, fundamental issues relating to search methodology can be overlooked. Two recent decisions by Magistrate Judge John M. Facciola and Magistrate Judge Paul W. Grimm, knowledgeable and active jurists in the area of e-discovery, address these fundamentals. Facciola’s decision in Equity Analytics LLC v. Lundin, 248 F.R.D. 331 (D.D.C. 2008), and Grimm’s in Victor Stanley Inc. v. Creative Pipe Inc., No. MJG-06-2662, 2008 WL 2221841 (D. Md. May 29, 2008), teach that, whatever position lawyers advocate concerning search and review methodology, they must demonstrate with robust record evidence why the methodology is appropriate, how it will achieve the proper objective and why it should be ordered instead of the methodology advocated by the other side. http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202424101819&rss=newswire
SETTLEMENT OVER TARGET’S WEB SITE MARKS A WIN FOR ADA PLAINTIFFS (Law.com, 28 August 2008) - Resolving a lawsuit that caught the attention of online retailers across the United States, Target Corp. will pay out $6 million in damages and make its Web site fully accessible to blind customers as part of a class action settlement filed on Wednesday. The National Federation of the Blind, which sued the Minneapolis-based corporation in 2006 in San Francisco federal court for maintaining a site that blind people said they couldn’t use, will also be paid to oversee the changes and train the coders responsible for reprogramming the site. The case will “send a message to the entire Internet industry that access for people with disabilities is not only good business sense but an absolutely legal civil right; it’s mandatory,” said Laurence Paradis, a lawyer at Berkeley, Calif.-based Disability Rights Advocates who worked on the case. Target released a statement saying it was “pleased to have resolved the matter” and has made changes to its Web site “to improve the experience for guests who require assistive technology.” Stanley Jaskiewicz, a Philadelphia-based e-commerce attorney who has written about the Target case, said the suit has been on the business world’s radar since 2006 and that Wednesday’s settlement will send a signal. http://www.law.com/jsp/article.jsp?id=1202424114568&rss=newswire
LINES AND BUBBLES AND BARS, OH MY! NEW WAYS TO SIFT DATA (Int’l Herald Tribune, 31 August 2008) - People share their videos on YouTube and their photos at Flickr. Now they can share more technical types of displays: graphs, charts and other visuals they create to help them analyze data buried in spreadsheets, tables or text. At an experimental Web site, Many Eyes, (www.many-eyes.com), users can upload the data they want to visualize, then try sophisticated tools to generate interactive displays. These might range from maps of relationships in the New Testament to a display of the comparative frequency of words used in speeches by Senators Hillary Rodham Clinton and Barack Obama. The site was created by scientists at the Watson Research Center of IBM in Cambridge, Massachusetts, to help people publish and discuss graphics in a group. Those who register at the site can comment on one another’s work, perhaps visualizing the same information with different tools and discovering unexpected patterns in the data. Collaboration like this can be an effective way to spur insight, said Pat Hanrahan, a professor of computer science at Stanford whose research includes scientific visualization. “When analyzing information, no single person knows it all,” he said. “When you have a group look at data, you protect against bias. You get more perspectives, and this can lead to more reliable decisions.” http://www.iht.com/articles/2008/08/31/technology/31novel.php
MAN WHO POSTED UNRELEASED GUNS N’ ROSES SONGS ONLINE IS CHARGED (SiliconValley.com, 1 Sept 2008) - When five FBI agents arrested Kevin Cogill at his Culver City apartment, it marked the newest weapon in the entertainment industry’s war on piracy: felony charges against small-time bootleggers. Cogill posted nine leaked songs from an unreleased Guns N’ Roses album that has been in the works for more than a decade on his music blog in June. The site crashed under the traffic, and he removed the songs after a few hours when the Los Angeles-based rock band’s lawyers complained. Now he faces up to three years in prison and $250,000 in fines. Last week he became the first Californian charged under a 3-year-old federal anti-piracy law that makes it a felony to distribute a copyrighted work on computer networks before its release. “In the past, these may have been viewed as victimless crimes,” said Craig Missakian, an assistant U.S. attorney in Los Angeles who built the case with the FBI and recording industry investigators. “But in reality, there’s significant damage. This law allows us to prosecute these cases.” http://www.siliconvalley.com/news/ci_10358404?nclick_check=1
ABA SAYS RIAA FILE SHARING WATCHERS SHOULDN’T NEED PRIVATE INVESTIGATORS’ LICENSES (TechDirt, 28 August 2008) - We’ve seen a few cases against the RIAA in which either state officials or defendants will point out that the RIAA’s hired hands in tracking down file sharers -- companies like MediaSentry -- are violating state laws requiring private investigators’ licenses for certain activities. Now, the American Bar Association (ABA) has put out a report suggesting that this is silly, and that states and judges shouldn’t require such companies to have a PI’s license. While I’m a bit surprised at myself, I actually agree with the ABA. As distasteful as the RIAA’s legal strategy is, and as flimsy as the evidence is that these company’s collect, going after them for not having a PI’s license is focusing on a loophole, not the actual merits. And, honestly, most of these requirements for PI licenses are really just a way to create artificial scarcity in the PI business, not actually a way to ensure safety or quality. http://techdirt.com/articles/20080827/2143312115.shtml Related Wired story: http://blog.wired.com/27bstroke6/2008/08/do-riaa-snoops.html ABA report: http://blog.wired.com/27bstroke6/files/aba_report_and_resolution.pdf
- but -
MICHIGAN LAW PASSED REQUIRING MEDIASENTRY TO HAVE PI LICENSE (ArsTechnica, 5 Sept 2008) - The RIAA’s campaign against filesharers follows a standard procedure: find a computer offering files for download, get a court to force the ISP or organization that provided the computer’s IP address to reveal the computer’s owner, and then sue the owner. The group has contracted with MediaSentry to do the work of identifying the infringing computers, but that company’s methods have been called into question in a number of states that have licensing requirements for private investigators that include the computer-based snooping required to gather the data. Michigan was one such state and, if there was any doubt about the licensing issue there, it’s gone now: the state passed a law that specifically calls for computer forensics groups to be licensed. To an extent, the law is somewhat redundant. Michigan’s Department of Labor and Economic Growth is responsible for licensing private investigators and, in February, it determined that the company was acting as an unlicensed private investigator. The Department recommended that the anonymous state resident that filed the complaint contact his local prosecutor if he/she wanted to press the matter. Despite this ominous warning flag, the RIAA’s lawsuits in the state have continued apace. But, if MediaSentry felt it could successfully challenge the Department of Labor’s decision if called on it, its chances of doing so dropped precipitously. In May, with no one in the press apparently noticing, Michigan enacted a revision to its licensing requirements, entitled “An act to license and regulate professional investigators.” A reader of Recording Industry vs The People apparently did notice, and tipped off the blog; a copy of the legislation is being hosted by intellectual property attorney Ray Beckerman. http://arstechnica.com/news.ars/post/20080905-michigan-law-passed-requiring-mediasentry-to-have-pi-license.html Statute here: http://beckermanlegal.com/Documents/MichiganStatute_080528.pdf
WASHINGTON STATE COURT DEALS A BLOW TO ONE-SIDED EULAS (Ars Technica, 1 Sept 2008) - Anyone who has even a cursory familiarity with modern technology is undoubtedly familiar with one-sided terms of service agreements. Everything from bank accounts to phone service now requires consumers to accept that any contract disputes will be handled on the service provider’s terms, which typically specify arbitration in a venue of the corporation’s choosing. But the Supreme Court of Washington has now provided consumers in that state with some relief, ruling that the state’s Consumer Protection Act makes lopsided service agreements void. The case started when one Michael McKee signed up for AT&T long distance service in 2002. Although McKee lives outside of the city of Wenatchee, he wound up being assessed a monthly utility tax specific to that city. McKee was finally able to determine that the company assessed these taxes based on ZIP codes, regardless of whether the ZIP fell entirely within the city limits. He responded by filing a class-action lawsuit; AT&T responded by attempting to compel binding arbitration, per its customer service agreement. The appeals ultimately made their way to the Washington Supreme Court. That court has now returned a unanimous ruling that reaffirms the decisions of lower courts: AT&T’s service terms are, in legal terms, “unconscionable,” meaning that no reasonable individual would have agreed to them had he or she realized their full scope. The specific issues, however, only apply to Washington State. The ruling was based in part on which state laws apply. AT&T’s contract stipulated New York, where it is incorporated, while McKee alleged violations of Washington’s robust consumer-protection laws. http://arstechnica.com/news.ars/post/20080901-washington-court-deals-a-blow-to-unconscionable-eulas.html Decision here: http://www.courts.wa.gov/opinions/pdf/810061.opn.pdf
APPEALS COURT SMACKS DOWN JUDGE FOR RELYING ON WIKIPEDIA (ArsTechnica, 2 Sept 2008) - References to information at Wikipedia have shown up in various inappropriate places, from homework assignments to college term papers. But there’s one place that it seems everyone can agree that it doesn’t belong: the US court system. The US Court of Appeals for the 8th Circuit, ruling in an immigration case, has agreed with the Board of Immigration Appeals in finding that a reliance on information in Wikipedia is insufficient grounds for a ruling. Nevertheless, it sent the case back to the Board, requesting that it clarify its decision. The decision, filed late last week, stems from a case where an individual entered the country using a forged passport, and then applied for asylum based on the threat of torture if she were returned to her place of origin. Her application for asylum, and the processing of her case by the immigration courts, hinge on a personal identification document called a laissez-passer issued by the Ethiopian government. The Department of Homeland Security, wishing to deny the asylum claim, argued that the laissez-passer was insufficient as a form of identification. Excerpts from Wikipedia apparently provided at least some of the information used by the DHS position to support its position. An immigration judge ruled in favor of the DHS, finding that the individual, Lamilem Badasa, had not established her identity, and could not be granted asylum. http://arstechnica.com/news.ars/post/20080902-appeals-court-smacks-down-judge-for-relying-on-wikipedia.html
LAW FIRM WEBSITES LAG: SPEND MORE, BUT THINK FIRST, EXPERTS SAY (ABA Journal, 4 Sept 2008) - Although law firms are far more focused on the Internet than they were a few years ago, experts say many still have a lot to learn about marketing themselves online, and that their websites could use improvement. Some law firms, for instance, feature streaming video, podcasts, RSS feeds and law blogs on their websites as a matter of course. But a surprising number of major players don’t, lagging considerably behind the marketing efforts of their corporate counterparts, reports the Am Law Daily. And it’s not just the medium but the message that often presents a problem: “Most law firm sites are like law firm brochures—they’re all about the law firm, they’re not very client-sensitive,” says Charles “Biff” Maddock of the Altman Weil legal consulting firm. “In most cases, they’re pretty boring. And they really don’t give you a reason to come back over and over again.” Part of the issue may be the money involved. Forget about expecting to spend a mere $50,000 to create an appealing law firm website, Jeff Yerkey, a founding partner at Charette Communication Design tells Am Law. A reasonable price range is $80,000 to $1 million, depending on the size of the firm and the scope of its marketing efforts, he says. But Stephen Roussan, president of the Web development firm ICVM, puts the price tag at a more modest $10,000 to $200,000. He says that the first step, before spending a lot of money, should be figuring out what message the firm is trying to convey. Otherwise, the firm runs the risk of winding up with an expensive, visually impressive site that looks much like other such sites. “The single most important exercise,” he says, “is to have an introspective discussion about what your firm is about and what makes your firm different from other firms, and really present that as part of your brand.” http://www.abajournal.com/weekly/law_firm_websites_lag_spend_more_but_think_first_experts_say [Editor: Amen to the brand-analysis recommendations. I profited from that at KnowConnect, and highly recommend the process (if you can find creative, law-oriented professionals to help, as I did).]
BRINGING HISTORY ONLINE, ONE NEWSPAPER AT A TIME (Google, 8 Sept 2008) - For more than 200 years, matters of local and national significance have been conveyed in newsprint -- from revolutions and politics to fashion to local weather or high school football scores. Around the globe, we estimate that there are billions of news pages containing every story ever written. And it’s our goal to help readers find all of them, from the smallest local weekly paper up to the largest national daily. The problem is that most of these newspapers are not available online. We want to change that. Today, we’re launching an initiative to make more old newspapers accessible and searchable online by partnering with newspaper publishers to digitize millions of pages of news archives. Let’s say you want to learn more about the landing on the Moon. Try a search for [Americans walk on moon] on Google News Archive Search, and you’ll be able to find and read an original article from a 1969 edition of the Pittsburgh Post-Gazette. Not only will you be able to search these newspapers, you’ll also be able to browse through them exactly as they were printed -- photographs, headlines, articles, advertisements and all. This effort expands on the contributions of others who’ve already begun digitizing historical newspapers. In 2006, we started working with publications like the New York Times and the Washington Post to index existing digital archives and make them searchable via the Google News Archive. Now, this effort will enable us to help you find an even greater range of material from newspapers large and small, in conjunction with partners such as ProQuest and Heritage, who’ve joined in this initiative. One of our partners, the Quebec Chronicle-Telegraph, is actually the oldest newspaper in North America—history buffs, take note: it has been publishing continuously for more than 244 years. You’ll be able to explore this historical treasure trove by searching the Google News Archive or by using the timeline feature after searching Google News. Not every search will trigger this new content, but you can start by trying queries like [Nixon space shuttle] or [Titanic located]. Stories we’ve scanned under this initiative will appear alongside already-digitized material from publications like the New York Times as well as from archive aggregators, and are marked “Google News Archive.” Over time, as we scan more articles and our index grows, we’ll also start blending these archives into our main search results so that when you search Google.com, you’ll be searching the full text of these newspapers as well. This effort is just the beginning. As we work with more and more publishers, we’ll move closer towards our goal of making those billions of pages of newsprint from around the world searchable, discoverable, and accessible online. http://googleblog.blogspot.com/2008/09/bringing-history-online-one-newspaper.html
- and -
TRIBUNE BLAMES GOOGLE FOR UAL BANKRUPTCY STORY (Washington Post, 10 Sept 2008) - Tribune Co on Wednesday blamed technology owned by search engine company Google Inc for treating an outdated story about UAL Corp’s bankruptcy as current, breaking news. Tribune said in a press release it had identified problems with Google’s “Googlebot” technology months ago and asked the company to stop using it to “crawl” for stories on its website. The Chicago-based publisher said it believes Google continued using the technology to identify stories and make them available as search results on its Google News site, and that Google continues to misclassify stories. A 2002 Chicago Tribune story about the airline UAL declaring bankruptcy caused the company’s stock to lose nearly all of its value after an investment firm posted it on the Bloomberg financial news service on Monday. The story appeared over the weekend on an inner page of the website of Tribune’s South Florida Sun-Sentinel newspaper in Fort Lauderdale. Google News then featured it in its search results, where it was discovered by Miami Lakes, Florida,-based investment firm Income Securities Advisers. http://www.washingtonpost.com/wp-dyn/content/article/2008/09/10/AR2008091003087.html
FEDS FINALLY PUT TEETH INTO HIPAA ENFORCEMENT (Computerworld, 8 Sept 2008) - A data security audit that the U.S. Department of Health and Human Services conducted at Piedmont Hospital in Atlanta last year was widely viewed within the health care industry as a harbinger of further actions by the federal government to enforce HIPAA’s security and privacy rules. Eighteen months after HHS quietly began the Piedmont audit, there hasn’t been much evidence of stepped-up enforcement. But now a stringent “resolution agreement” signed in July by the agency and Seattle-based Providence Health & Services is generating the same kind of buzz among health care providers that the Piedmont audit did. On July 15, Providence agreed to adopt a so-called corrective action plan (CAP) and pay $100,000 to settle what HHS described as “potential violations” of the Health Insurance Portability and Accountability Act’s requirements for safeguarding electronic patient data. The resolution agreement — the first of its kind under HIPAA — stemmed from the loss or theft of laptops, optical discs and backup tapes containing the unencrypted medical records of more than 386,000 Providence patients. On several occasions in 2005 and 2006, equipment was reported missing after workers took it out of the office with them. Under the CAP, Providence has to revamp its security policies to include physical protections for portable devices and for the off-site transport and storage of backup media. It also is required to implement technical safeguards, such as encryption and password protection. And the not-for-profit health system, which has operations in five western states, must conduct random compliance audits and submit compliance reports to HHS for the next three years. In addition, the agreement calls for Providence’s chief information security officer to personally validate that all required policies have been put in place and that all employees have been trained on adhering to them. The CISO also has to attest that all backup media and portable devices containing health information protected by HIPAA are properly secured. Significantly, the CAP precludes Providence Health from contesting the validity of or appealing any of its obligations under the agreement. The settlement is getting considerable attention within the health care industry because of the tough terms and conditions that the deal imposed on the provider. http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=Security&articleId=325376&taxonomyId=17&pageNumber=1 Provident CAP here: http://www.dhhs.gov/ocr/privacy/enforcement/agreement.pdf
MARK USE IN META TAGS, HIDDEN ON WEB SITE IS ‘WILLFUL’ MISUSE VIOLATING LANHAM ACT (BNA’s Internet Law News, 11 Sept 2008) - BNA’s Electronic Commerce & Law Report reports that the First Circuit Court of Appeals has ruled that an online business that used a competitor’s trademark in its Web site meta tags and elsewhere hidden on the Web page content “willfully” infringed the mark under the Lanham Act. Case name is Venture Tape Corp. v. McGills Glass Warehouse.
NEW COURT DECISION AFFIRMS THAT 4TH AMENDMENT PROTECTS LOCATION INFORMATION (EFF, 11 Sept 2008) - In an unprecedented victory for cell phone privacy, a federal court has affirmed that cell phone location information stored by a mobile phone provider is protected by the Fourth Amendment and that the government must obtain a warrant based on probable cause before seizing such records. The Department of Justice (DOJ) had asked the federal court in the Western District of Pennsylvania to overturn a magistrate judge’s decision requiring the government to obtain a warrant for stored location data, arguing that the government could obtain such information without probable cause. The Electronic Frontier Foundation (EFF), at the invitation of the court, filed a friend-of-the-court brief opposing the government’s appeal and arguing that the magistrate was correct to require a warrant. Wednesday, the court agreed with EFF and issued an order affirming the magistrate’s decision. EFF has successfully argued before other courts that the government needs a warrant before it can track a cell phone’s location in real-time. However, this is the first known case where a court has found that the government must also obtain a warrant when obtaining stored records about a cell phone’s location from the mobile phone provider. http://www.eff.org/press/archives/2008/09/11
ONE IN FIVE BOSSES SCREEN APPLICANTS’ WEB LIVES (Washington Post, 11 Sept 2008) - Written references could become old hat for hiring managers with one in five saying they use social networking sites to research job candidates -- and a third of them dismissing the candidate after what they discover. A survey by online job site CareerBuilder.com of 3,169 hiring managers found 22 percent of them screened potential staff via social networking profiles, up from 11 percent in 2006. An additional nine percent said they don’t currently use social networking sites like Facebook or MySpace to screen potential employees but they do plan to start. The survey found that 34 percent of the managers who do screen candidates on the Internet found content that made them drop the candidate from any short list. The top area for concern among the hiring managers with 41 percent citing this as a downfall were candidates posting information about drinking or using drugs. The second area with 40 percent of concern were candidates posting provocative or inappropriate photographs or information. Other areas of concern to arise from social network sites were poor communication skills, lying about qualifications, candidates using discriminatory remarks related to race, gender or religion, and an unprofessional screen name. But the survey found hiring managers scouring social network pages was not all bad with 24 percent of these managers saying they found content to help them solidify their decision to hire that candidate. http://www.washingtonpost.com/wp-dyn/content/article/2008/09/11/AR2008091101374.html
U.N. AGENCY EYES CURBS ON INTERNET ANONYMITY (CNET, 12 Sept 2008) - A United Nations agency is quietly drafting technical standards, proposed by the Chinese government, to define methods of tracing the original source of Internet communications and potentially curbing the ability of users to remain anonymous. The U.S. National Security Agency is also participating in the “IP Traceback” drafting group, named Q6/17, which is meeting next week in Geneva to work on the traceback proposal. Members of Q6/17 have declined to release key documents, and meetings are closed to the public. The potential for eroding Internet users’ right to remain anonymous, which is protected by law in the United States and recognized in international law by groups such as the Council of Europe, has alarmed some technologists and privacy advocates. Also affected may be services such as the Tor anonymizing network. “What’s distressing is that it doesn’t appear that there’s been any real consideration of how this type of capability could be misused,” said Marc Rotenberg, director of the Electronic Privacy Information Center in Washington, D.C. “That’s really a human rights concern.” Nearly everyone agrees that there are, at least in some circumstances, legitimate security reasons to uncover the source of Internet communications. The most common justification for tracebacks is to counter distributed denial of service, or DDoS, attacks. But implementation details are important, and governments participating in the process -- organized by the International Telecommunication Union, a U.N. agency -- may have their own agendas. A document submitted by China this spring and obtained by CNET News said the “IP traceback mechanism is required to be adapted to various network environments, such as different addressing (IPv4 and IPv6), different access methods (wire and wireless) and different access technologies (ADSL, cable, Ethernet) and etc.” It adds: “To ensure traceability, essential information of the originator should be logged.” Adding to speculation about where the U.N. agency is heading are indications that some members would like to curb Internet anonymity more broadly:
• An ITU network security meeting a few years ago concluded that anonymity should not be permitted. The summary said: “Anonymity was considered as an important problem on the Internet (may lead to criminality). Privacy is required but we should make sure that it is provided by pseudonymity rather than anonymity.”
• A presentation in July from Korea’s Heung-youl Youm said that groups such as the IETF should be “required to develop standards or guidelines” that could “facilitate tracing the source of an attacker including IP-level traceback, application-level traceback, user-level traceback.” Another Korean proposal -- which has not been made public -- says all Internet providers “should have procedures to assist in the lawful traceback of security incidents.”
• An early ITU proposal from RAD Data Communications in Israel said: “Traceability means that all future networks should enable source trace-back, while accountability signifies the responsibility of account providers to demand some reasonable form of identification before granting access to network resources (similar to what banks do before opening a bank accounts).” http://news.cnet.com/8301-13578_3-10040152-38.html
VA. BAN ON SPAM IS RULED UNLAWFUL (Washington Post, 13 Sept 2008) - The Virginia Supreme Court yesterday ruled that the state’s anti-spam law, designed to prevent the sending of masses of unwanted e-mail, violates the First Amendment right to freedom of speech. Virginia Attorney General Robert F. McDonnell (R) promptly said he would appeal the case to the U.S. Supreme Court. The law was one of the first enacted in the United States to stem the overwhelming tide of unwanted e-mail. The 2004 trial in Loudoun County of mass e-mailer Jeremy Jaynes resulted in the first felony conviction in the country for spamming. But the state Supreme Court said the law doesn’t make any distinction between types of e-mail or types of speech, and so it was unconstitutional. The ruling came on an appeal of Jaynes’s conviction. Jaynes had sent the mass e-mails anonymously by using false Internet addresses, and the court said that speech is also protected by the First Amendment. Justice G. Steven Agee, who has since moved to the U.S. Court of Appeals for the 4th Circuit, wrote the unanimous opinion for the court. “The right to engage in anonymous speech, particularly anonymous political or religious speech, is ‘an aspect of the freedom of speech protected by the First Amendment,’ “ Agee wrote, citing a 1995 U.S. Supreme Court case. “By prohibiting false routing information in the dissemination of e-mails,” the court ruled, Virginia’s anti-spam law “infringes on that protected right.” Agee noted that “were the ‘Federalist Papers’ just being published today via e-mail, that transmission by ‘Publius’ would violate the [Virginia] statute.” The court determined that the law does not limit its restrictions on spam to commercial or fraudulent e-mail or to such unprotected speech as obscenity or defamation. Many other states and the federal government drafted anti-spam laws after Virginia, but often specifically restricted the regulations to commercial e-mails, the court found. The ruling affects only the Virginia statute. http://www.washingtonpost.com/wp-dyn/content/article/2008/09/12/AR2008091201211.html?nav=rss_technology Opinion here: http://www.courts.state.va.us/opinions/opnscvwp/1062388.pdf
**** NOTED PODCASTS ****
LAWRENCE LESSIG - CODING AGAINST CORRUPTION (IT Conversations) - Government corruption affects all aspects of society. At the 2008 O’Reilly ETech Conference, Lawrence Lessig discusses government corruption, especially in the United States Congress. What does government get right, wrong, and where does dependence compromise effective government? Also, Lessig announces a new project designed to signal congress’ support for reform, called Change Congress. http://itc.conversationsnetwork.org/shows/detail3772.html
**** RESOURCES ****
U.S. ARMY FIELD MANUAL SECTION ON KNOWLEDGE MANAGEMENT (DoD, 30 August 2008) - This manual [FM 6.01-1] provides doctrine for the organization and operations of the knowledge management (KM) section. It establishes the doctrinal principles, tactics, techniques, and procedures necessary to effectively integrate KM into the operations of brigades, divisions, and corps. http://www.fas.org/irp/doddir/army/fm6-01-1.pdf
**** BOOK REVIEW ****
IN-HOUSE COUNSEL’S ESSENTIAL TOOLKIT (ABA press) – This boxed set of seven paperback volumes (and accompanying CD-ROM with forms and policies) is a terrific desk reference for the in-house practitioner. (I had such a job for 20 years.) Produced by the Corporate Counsel committee in the ABA’s Business Law Section, this 2007 publication is a practical guide for in-house counsel in small to medium-sized law departments, covering matters that frequently arise. The toolkit is divided into individual volumes addressing:
* Training outside counsel
* Litigation
* IP
* Employment law
* Corporate compliance and ethics
* Corporate governance
* General business contracts
Each volume contains introductory discussion, annotated form agreements and policies, alternative provisions, and practice tips. Available through the ABA Web Store at http://www.abanet.org/abastore/productpage/5070553
SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. BNA’s Internet Law News, http://ecommercecenter.bna.com.
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
7. McGuire Wood’s Technology & Business Articles of Note, http://tinyurl.com/ywsusp
8. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/.
10. Readers’ submissions, and the editor’s discoveries.
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.
Saturday, September 13, 2008
Saturday, August 23, 2008
MIRLN 2-23 August 2008 (v11.11)
**************Introductory Note**********************
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by http://www.knowconnect.com.
Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.
Recent MIRLN issues are archived at www.knowconnect.com/mirln.
**************End of Introductory Note***************
CLARIFICATIONS SOUGHT ON DATA MINING (FCW, 24 July 2008) - Clarification is needed for the definition of data mining and the rules governing it, civil libertarians and academics said today. Several experts at a Homeland Security Department conference on implementing privacy protections in government data mining expressed concerns that the meaning of data mining was misunderstood, or had not been fully explained, thus leading to confusion or potential violations of privacy rights. In the legislation that established DHS, Congress required the department to “establish and utilize…a secure communications and information technology infrastructure, including data mining and other advanced analytical tools, in order to access, receive and analyze data.” However, according to some experts, there’s confusion over what constitutes data mining, causing misperceptions. Some experts were worried that the lack of an agreed-upon definition and specific rules governing different types of data mining, including the use of commercial data, increases the risk of privacy violations. “What’s important here is that we not reflexively say that data mining is bad…but we need to have in place the rules of the road here…about when data can be collected, how it can be used,” said Barry Steinhardt, director of the Technology and Liberty Project at the American Civil Liberties Union. “We have not really had that discussion about what the rules of the road are.” In its 2007 annual report to Congress on the department’s data mining activities, DHS’ privacy office said that “it is important to note that no consensus exists on what constitutes ‘data mining.” http://www.fcw.com/online/news/153267-1.html
OUTSOURCE YOUR CHORES — AND FEEL GOOD WHILE YOU’RE AT IT (New York Times, 30 July 2008) - Ted Moorhouse wants you to outsource your next Excel mail merge or graphic design chore — and in the process give students in developing countries the chance to improve their lives. Mr. Moorhouse’s new project, Serebra Connect, is an auction site for services. Buyers post a task and sellers bid to complete the job. It’s a similar model to the popular freelance marketplace Elance — but with a feel-good twist. Most of the people bidding on the jobs are students in developing countries who have taken a course from the Serebra Learning Corporation, the e-learning company where Mr. Moorhouse is chairman and chief executive. He started Serebra Connect in October to help these students use their new skills. Sample tasks posted on the site: creating a logo for a dental practice, translating e-books from Arabic to English and building a Web site with Flash. The average price is $200. It is free to post or bid on a task. The buyer sends the payment to Serebra to hold until the task is completed. Serebra then takes a 10 percent to 15 percent cut and sends the money to the seller via PayPal or MasterCard’s Payoneer. Sellers on the site are rated on a five-star scale based on reviews from buyers as well as how many Serebra courses they have completed. Serebra Connect is still tiny. It has 6,500 sellers: 4,000 in developing countries and the rest from the United States, Canada and Europe. Only 65 tasks have so far been completed and 40 more are in the queue. When a Madison, Wis., company posted a PowerPoint project that would have cost $2,000 in Madison, a woman in the Philippines offered to do it for $200, 10 times her $22-a-month pay as a teacher. Serebra itself posted a task to the site when it needed a new logo, after getting a local quote of $7,500. Someone in Mozambique designed it for $200, and Serebra was so happy with the finished product that the company is continuing to work with the designer. http://bits.blogs.nytimes.com/2008/07/30/outsource-your-chores-and-feel-good-while-youre-at-it/
LAWYERS TO NAME DEFENDANTS IN AUTOADMIT CASE (Yale Daily News, 31 July 2008) - Anonymous commenting may have just gotten a little less anonymous. With the help of a subpoena issued six months ago, attorneys for two Yale Law School students have succeeded in unmasking several anonymous users of the Web forum AutoAdmit whom the women are suing for defamation. Some of the defendants will finally be named when the students soon file an amended complaint, said their attorney, Stanford Law Professor Mark Lemley, who declined to comment further. While this development does not break any new legal ground, several experts interviewed said, it is one of the few, and certainly one of the highest-profile, examples of defamation lawsuits that have successfully pierced the veil of online anonymity. In 2005, sexually explicit and derogatory posts targeting three female Yale Law students appeared on AutoAdmit, an online community where law students can discuss law-school admissions and law-firm life. Two of the students, who remain unnamed in the suit, filed against the 39 authors of the allegedly defamatory posts. Since a federal judge in New Haven granted subpoenas of Internet service providers last January, several of those comments have been successfully traced through their electronic footprints. One of those authors was “AK47,” who, in 2007, posted that women with one of the Yale Law students’ names “should be raped” and said that he and that student were “gay lovers.” John Williams, a court-appointed lawyer who represented AK-47, whom he has never met and whose identity he does not know, said he was disappointed by the judge’s decision to sustain the subpoena, which he said went beyond where any other court has gone. http://www.yaledailynews.com/articles/view/24842
COMPANIES STRUGGLE TO PROTECT DATA (PW World, 3 August 2008) - A staggering 94 percent of companies admit that they are powerless to prevent confidential data from leaving their company by e-mail, according to a new study from Mimecast. The survey was carried out by Emedia on behalf of the e-mail management provider, and interviewed 125 IT managers in the United Kingdom. It found that only 6 percent of respondents were confident that anyone attempting to send confidential information by e-mail out of the organization, would be prevented from doing so. The study also showed that 32 percent of companies would not even be aware that confidential information had been leaked, and therefore would be unable to take steps to minimize the damage or track down the source of the information. However 62 percent said they would be able to retrospectively identify the e-mail leak once the information had been sent, but they did confess to being unable to prevent its disclosure. http://www.pcworld.com/article/149327/2008/08/.html?tk=rss_news
WHAT HAVE THEY GOT AGAINST OWLS? (Nat’l Law Journal, 4 August 2008) - This might be the best part of the Department of Justice’s report of its probe into its improper hiring practices: Jan Williams, who preceded Monica Goodling as the White House liaison to the department, was asked about the LexisNexis search string she and possibly others used to plumb the political leanings of potential hires. Williams denied ever using the “search string” herself, but her handing-the-reins-over e-mail to Goodling said: “This is the lexis nexis search string that I use for AG appointments.” The string, which summarizes (neatly if depressingly) our recent political history, reads as follows: [first name of a candidate] and pre/2 [last name of a candidate] w/7 bush or gore or republican! or democrat! or charg! or accus! or criticiz! or blam! or defend! or iran contra or clinton or spotted owl or florida recount or sex! or controvers! or racis! or fraud! or investigat! or bankrupt! or layoff! or downsiz! or PNTR or NAFTA or outsourc! or indict! or enron or kerry or iraq or wmd! or arrest! or intox! or fired or sex! or racis! or intox! or slur! or arrest! or fired or controvers! or abortion! or gay! or homosexual! or gun! or firearm! The report concluded, among other things, that Goodling and Williams violated federal law, that Williams lied to investigators, and that Goodling committed misconduct. http://www.law.com/jsp/nlj/PubArticleNLJ.jsp?id=1202423465060 [Editor: a search-string as an attribute… BTW, I’d fail this one, and I don’t know owls from awl.]
2ND CIRCUIT BACKS CABLEVISION’S REMOTE RECORDER AGAINST PROGRAMMERS’ LAWSUIT (Law.com, 5 August 2008) - Cablevision’s proposed remote storage digital video recorder system does not violate the Copyright Act, a federal appeals court ruled Monday. The 2nd U.S. Circuit Court of Appeals overturned a grant of summary judgment to film and TV producers who claimed Cablevision’s system would directly infringe their copyrights by making unauthorized reproductions and by engaging in public performances. Judges John M. Walker Jr., Robert D. Sack and Debra Ann Livingston decided the appeal in The Cartoon Network v. CSC Holdings Inc., 07-1480-cv. Walker wrote for the court. Unlike TiVo and other digital video recorder systems that are run through boxes attached to televisions, Cablevision’s remote storage system, RS-DVR, would allow customers without a set-top box to record programming on hard drives maintained by the company at a remote location. Programming copyright holders sued in the Southern District of New York, where Judge Denny Chin granted them summary judgment and enjoined Cablevision from operating the system unless it obtained the necessary licenses from content providers. Chin agreed with the plaintiffs that Cablevision would commit direct infringement by copying at two points in the process -- first by briefly storing data on what is called a primary ingest buffer and, second, by sending the programs onto its Arroyo Server hard disks. The judge also agreed that by transmitting the data from the hard disks to customers, who are armed only with a remote, the company would directly infringe on the copyright holders’ exclusive right of public performance. But the circuit was persuaded there was no copying because of the short time the data reside in the buffers. “Given that the data reside in no buffer for more than 1.2 seconds before being automatically overwritten ... . we believe that the copyrighted works here are not ‘embodied’ in the buffers for a period of more than transitory duration, and therefore are not ‘fixed’ in the buffers,” he said. The circuit then turned to the question of whether the data stored on the Arroyo Server hard disks triggered direct liability for Cablevision, with the key question being who is actually making the copy -- Cablevision or the consumer. Walker cautioned that the court’s holding “does not generally permit content delivery networks to avoid all copyright liability by making copies of each item of its content and associating one unique copy with each subscriber to the network, or by giving their subscribers the capacity to make their own individual copies. http://www.law.com/jsp/article.jsp?id=1202423528890
- and -
NEW MAGAZINE-SHARING SITE MAY VIOLATE COPYRIGHTS (AP, 15 August 2008) - The magazine industry, already facing a decline in newsstand sales and falling ad revenue, is being besieged by a new foe: digital piracy. A fledgling Web site called Mygazines.com encourages people to copy and upload popular magazines that are currently on newsstands. Visitors can read high-quality digital copies of dozens of current titles, including People, Men’s Health and The Economist, in their entirety. The site, with some 16,000 registered users as of Friday, is a “flagrant” violation of copyright laws, according to legal experts — but it is run by an offshore company of specious origin, making it difficult to shut down. “It’s pretty hard to see how it’s anything other than a straightforward set of copyright violations,” said Jeffrey Cunard, an intellectual property lawyer with Debevoise & Plimpton LLP in Washington. “There are entire magazines with no commentary, no criticism — clearly not a case of classic fair use.” The Mygazines site said in a July 29 press release announcing its launch that its copies are no different from magazines shared in a doctor’s office or salon. Cunard rejected that argument because the site makes available copies of paid-for content — not the actual product. “The first-sale doctrine says that once I buy a physical copy of something, I can do whatever I want with it — except copy it,” he said. Several magazine publishers said they are aware of the site and are considering legal action. “We take our intellectual property seriously and are considering appropriate action on this matter,” The Economist said in an e-mail statement. Dawn Bridges, a spokeswoman for Time Warner Inc.’s Time division, said the publisher of People, Sports Illustrated and other titles is investigating its options, including ways to have the site shut down. The challenge for the magazine publishers is that Mygazines’s domain name is registered in the Caribbean island nation of Anguilla, which is a British overseas territory, and thus outside of the jurisdiction of U.S. copyright law. Publishers could have recourse if the company uses servers physically in the United States. They also could sue the company in U.S. courts because content is available to Americans, but they would not be able to force Mygazines representatives to show up — nor collect any damages for any ruling made in absentia. Repeated attempts to contact representatives of Mygazines.com went unanswered. Registration records show the domain name is owned by “John Smith” of Salveo Ltd., based in The Valley, Anguilla. The address listed is a post office box, and the phone number rang unanswered. Registration companies require that domain buyers use their actual names and contact information, but the submitted information is rarely checked. http://news.yahoo.com/s/ap/20080815/ap_on_hi_te/magazines_online_piracy Related CNET story discussion: “There is a hitch in the case against Mygazines, however. Mygazines is registered in the Caribbean island of Anguilla and hosted in Sweden, by the notorious PRQ. The Stockholm-based PRQ is owned by the founders of BitTorrent tracker site Pirate Bay and is known for hosting other dubious sites. With its domain name registered abroad and its servers beyond U.S. borders as well, Mygazines seems to have slipped around the jurisdiction of U.S. copyright law. Even though publishers could pursue legal action against the site for material available in the U.S., there’d be no way to get representatives for the company to court or to collect damages.” - http://news.cnet.com/8301-13578_3-10018462-38.html
WHO CAN YOU SUE? CLICK HERE (Time, 6 August 2008) - As if there weren’t enough people out there suing each other, now a Florida attorney has come up with a way to make the process even easier. Beginning next month, anyone with access to the Internet should be able to log onto WhoCanISue.com. The new website plans to help consumers determine whether they actually have a case and help them find an attorney from a list of lawyers who advertise their expertise on the website. The attorneys will pay an annual fee of $1,000 to appear on the site, plus an additional amount of their own choosing that will determine how prominently they appear in the listings on the site. The website will vet the attorneys to make sure they are in good standing with their state bar associations. Curtis A. Wolfe, formerly general counsel for Fort Lauderdale-based private equity firm Ener1 Group and the founder of WhoCanISue.com, plans to unveil the new website in September. But he will begin signing up attorneys to advertise on the site when the American Bar Association convenes it annual meeting in New York City on Thursday. Wolfe’s website is not the first of its kind. His most direct competition includes SueEasy.com and LegalMatch.com, among others. But Wolfe says his service — which is free to the consumer — differs from the others in that he will provide real-time access to attorneys. After consumers answer a set of general questions about their grievances, they will be given some guidance about whether they might have a case worth pursuing; if they do, they will be immediately put in touch with an interested attorney. http://www.time.com/time/nation/article/0,8599,1829725,00.html
THIRD CIRCUIT REVIVES BREACH OF CONTRACT CLAIMS IN DATA BREACH CASE (Steptoe & Johnson’s E-Commerce Law Week, 7 August 2008) - Another decision last month by the Third Circuit held that two banks that issued Visa credit cards to consumers whose card information was compromised by a data breach at BJ’s Wholesale Club can pursue breach of contract claims against Fifth Third Bank, which processed BJ’s Visa transactions. The court reversed a district court decision that the two issuing banks were not third-party beneficiaries of an agreement between Visa and Fifth Third that required Fifth Third to ensure that BJ’s not retain cardholder information. However, the court also held that the “economic loss rule” barred the issuing banks’ negligence claims. While the Third Circuit’s rulings on the breach of contract claims mark a win for Sovereign and the Pennsylvania State Employees Credit Union, they will likely do little to improve other plaintiffs’ odds of recovering in similar cases involving credit and debit card information. As the court noted, the Visa Operating Regulations have been amended since the BJ’s breach to explicitly preclude third-party beneficiary claims. This revision to the Operating Regulations led a federal court in Massachusetts to rule in 2007 that a putative class of Visa card issuers could not claim third party beneficiary status in a case arising from the breach of credit card information stored by retailer The TJX Companies, Inc. http://www.steptoe.com/publications-5463.html Third Circuit opinion here: http://www.ca3.uscourts.gov/opinarch/063392p.pdf
OHIO OFFICIAL SUES E-VOTING VENDOR FOR LOST VOTES (Computerworld, 8 August 2008) - Ohio Secretary of State Jennifer Brunner has filed a lawsuit against an electronic-voting machine vendor, saying the vendor should pay damages for dropped votes in the state’s March primary election. E-voting machines from Premier Election Solutions, formerly known as Diebold Election Systems, dropped hundreds of votes in 11 Ohio counties during the primary election, as the machine’s memory cards were uploaded to vote-counting servers, Brunner’s office said. Officials in Brunner’s office later discovered the dropped votes in other counties after voting officials in Butler County discovered about 150 dropped votes, said Jeff Ortega, Brunner’s assistant director of communications. Brunner’s lawsuit, filed in Franklin County Common Pleas Court in Ohio on Wednesday, is a counter claim to an earlier lawsuit filed by Premier. In May, Premier filed a lawsuit against Brunner’s office and Cuyahoga County, Ohio, seeking a judgment that Premier did not violate any contracts or warranties. Brunner’s lawsuit accuses Premier of not fulfilling its contracts with election officials. The lawsuit also alleges breach of warranty and fraud. Premier e-voting machines are used in half of Ohio’s 88 counties. Butler County officials discovered the dropped votes in post-election checks. That set off a statewide investigation, which found dropped votes in 11 other counties, according to information from Brunner’s office. Butler County officials sent letters to Premier on April 4 and 9, seeking an explanation for the dropped votes, and on May 16, Premier issued a report, suggesting human error or conflicts with antivirus software were to blame. Brunner and Butler County officials have suggested that the May report and a follow-up issued by Premier lacked evidence that antivirus software caused the problems. A Premier report on May 29 suggested counties disable antivirus software on vote-tabulation servers, but the servers had been certified in Ohio with the antivirus software installed, Brunner said. In December, Brunner’s office issued a report questioning the security of touch-screen e-voting machines like those sold by Premier. Machines from Premier and two other vendors had “critical security failures,” the report said. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9112041&source=rss_topic17
US WARNS OLYMPIC TRAVELLERS ABOUT ELECTRONIC ESPIONAGE (VUnet, 11 August 2008) - In a strongly worded warning, the US government advised people visiting Beijing for the start of the Olympic Games that they should trust no-one with their electronic devices. The National Counterintelligence Executive warning was issued on Thursday and warns that while government officials and senior business executives are most at risk, no-one should consider themselves too small a target. “Security services and criminals can track your movements using your mobile phone or PDA and can turn on the microphone in your device even when you think it’s off. To prevent this, remove the battery,” the warning reads. “Security services and criminals can also insert malicious software into your device through any connection they control.” Travellers are advised to not take electronic devices into the country unless absolutely necessary. They should also assume that their hard drive has been copied if the device is examined by customs or in their hotel room if it is searched. It also warns about the use of USB thumb drives in China, saying they may have malware installed on them. Travellers are also advised to change all passwords immediately on their return home. http://www.vnunet.com/vnunet/news/2223619/warns-olympic-travellers-us-china Warning here: http://www.ncix.gov/publications/reports/traveltips.pdf
COURT DISMISSES L’OREAL CLAIMS AGAINST EBAY (Reuters, 12 August 2008) - A Belgian court on Tuesday dismissed all of the claims of cosmetics maker L’Oreal brought against eBay over the sale of fake fragrances and cosmetic products on online auction sites, eBay said in a statement. L’Oreal started legal action in France, Belgium, Germany, Britain and Spain in September 2007, alleging the online auctioneer did not do enough to combat the sale of counterfeits. None of the other courts have ruled on the case yet. The Belgian court ruled that eBay was not obliged to take action to fight counterfeiting, but eBay spokeswoman Sravanthi Agrawal stressed that the company cooperated with rights owners to tackle the sale of fake goods. She added that the company clamped down on all cases of counterfeiting notified to it by the firms concerned, even though it did not have a legal obligation to do so. L’Oreal said in a statement it would appeal against the decision. http://uk.news.yahoo.com/rtrs/20080812/tot-uk-belgium-loreal-ebay-566e283.html
MINNESOTA COURT SAYS KEYWORD ADVERTISING IS TM USE IN COMMERCE--HYSITRON V. MTS (Eric Goldman blog, 11 August 2008) - Hysitron Inc. v. MTS Systems Corp., 2008 WL 3161969 (D. Minn. Aug. 1, 2008). In a brief and pedestrian opinion, another court outside the Second Circuit said that buying a trademarked keyword is “use in commerce” under the Lanham Act even if the trademark doesn’t appear in the ad copy. The court says: “This Court adopts the majority view that using a trademark to generate advertising constitutes a “use in commerce” under the Lanham Act. This approach adheres to the plain meaning of the Lanham Act’s definition of “use in commerce.” The language used in the definition suggests that a “use in commerce” is not limited to affixing another’s mark to one’s own goods but also encompasses any use of another’s mark to advertise or sell one’s own goods and services.” The court is right about the majority vote, but it’s hardly a strong majority. According to my count, the vote was 7-to-6 before this ruling. However, all 6 no votes are in the 2d Circuit, so geographically there is a stronger basis to characterize the rule as the majority rule. The court also denied the defense SJ motion because more discovery is required to determine consumer confusion. http://blog.ericgoldman.org/archives/2008/08/minnesota_court.htm
WEB PRIVACY ON THE RADAR IN CONGRESS (New York Times, 11 August 2008) - Here are some things Internet users can discover about Kiyoshi Martinez, a 24-year-old man from Mokena, Ill., from some of his recent posts online. He watched “The Colbert Report” on Tuesday night, he likes the musician Lenlow and he received bottles of olive oil and vinegar for his birthday. Mr. Martinez has Facebook and LinkedIn pages, a Twitter account and a Web site that includes his résumé. So it is surprising to learn that Mr. Martinez, an aide in the Illinois Senate, is also vigilant about his privacy online. “I’m pretty aware of the fact that anything you do on the Internet pretty much should just be considered public,” Mr. Martinez said. While he knows that companies are collecting his data and often tracking his online habits so they can show him more relevant ads, he said, he would like to see more transparency “about what the company intends to do with your data and your information.” Those same questions of data collection and privacy policies are attracting the attention of Congress, too. There is no broad privacy legislation governing advertising on the Internet. And even some in the government admit that they do not have a clear grasp of what companies are able to do with the wealth of data now available to them. http://www.nytimes.com/2008/08/11/technology/11privacy.html?_r=1&ref=technology&oref=slogin
AIR FORCE SUSPENDS ‘CYBER COMMAND’ PROGRAM (Information Week, 13 August 2008) - Putting on hold a major cyberwarfare initiative less than two months before it was scheduled to become operational, the Pentagon this week said it is delaying and reviewing the future of the Air Force’s controversial “Cyber Command” program. Provisionally created last year to coordinate and initiate the defense of U.S. military computer networks and to launch offensive attacks on enemy IT systems, the Cyber Command has been based at Barksdale Air Force Base in Louisiana. The command’s Web site says its mission is “To secure our nation by employing world-class cyberspace capabilities to control cyberspace, create integrated global effects, and deliver sovereign options.” The Army, Navy, and Air Force have been engaged in a tug-of-war over the leadership role in the U.S. military’s cyberwarfare initiatives. The Navy has created both the Network Warfare Command and the Space and Naval Warfare Systems Center to develop technology and policies for confronting adversaries in cyberspace. The Defense Advanced Research Projects Agency, or DARPA, has also announced plans to develop a “National Cyber Range,” a virtual network environment for cyberwar simulation. In March, the U.S. Department of Homeland Security hosted Cyber Storm II, a networking war game involving about 40 private-sector companies including Cisco, Juniper Networks, and Dow Chemical. The exercise came shortly after the Pentagon reported that China’s People’s Liberation Army was intent on expanding its capabilities for cyberwarfare. Reports from the Caucasus indicate that the Russian began its assault on neighboring Georgia with a cyberattack intended to disable the smaller country’s computer networks. http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=210003721&cid=RSSfeed_IWK_News
FREE LICENSES UPHELD (Lessig Blog, 13 August 2008) - So for non-lawgeeks, this won’t seem important. But trust me, this is huge. I am very proud to report today that the Court of Appeals for the Federal Circuit (THE “IP” court in the US) has upheld a free (ok, they call them “open source”) copyright license, explicitly pointing to the work of Creative Commons and others. (The specific license at issue was the Artistic License.) This is a very important victory, and I am very very happy that the Stanford Center for Internet and Society played a key role in securing it. In non-technical terms, the Court has held that free licenses such as the CC licenses set conditions (rather than covenants) on the use of copyrighted work. When you violate the condition, the license disappears, meaning you’re simply a copyright infringer. This is the theory of the GPL and all CC licenses. Put precisely, whether or not they are also contracts, they are copyright licenses which expire if you fail to abide by the terms of the license. Important clarity and certainty by a critically important US Court. http://lessig.org/blog/2008/08/huge_and_important_news_free_l.html and http://www.nytimes.com/2008/08/14/technology/14commons.html Opinion here: http://www.cafc.uscourts.gov/opinions/08-1001.pdf
COURT RULES SENDING EMAILS TO FORUM SATISFIES JURISDICTION TEST (BNA’s Internet Law News, 14 August 2008) - BNA’s Electronic Commerce & Law Report reports that an Idaho federal court has ruled that sending over 100 e-mails to individuals known to be located in Idaho is enough to satisfy the due process “purposeful availment” requirement for finding jurisdiction there. The court said that Idaho jurisdiction was proper over an individual accused of intentionally sending bulk e-mails to Idaho residents when the sender knew of the recipients’ location, and when the harm the recipients suffered was directly related to the e-mails. Case name is Melaleuca v. Hansen.
COURTS JUST CAN’T AGREE ON WHEN EMPLOYEE ACCESS TO COMPUTER IS “AUTHORIZED” UNDER CFAA (Steptoe & Johnson’s E-Commerce Law Week, 14 August 2008) - Courts continue to disagree over whether an employee violates the Computer Fraud and Abuse Act (CFAA) when he accesses a company computer with authorization but then steals information for some nefarious purpose. In Black & Decker (US), Inc. v. Smith, a federal court in Tennessee ruled that a disloyal employee who allegedly copied confidential Black & Decker (B&D) information before being terminated did not access this information “without authorization” or “exceed” his authorized access within the meaning of the CFAA, since he was permitted access to the information while employed. But, in Mintel International Group, Ltd. v. Neergheen, a federal court in Illinois held that an employee might have “exceeded authorized access” by sending confidential information from his workplace computer to his personal email address before leaving the company. http://www.steptoe.com/publications-5479.html
AT&T MULLS WATCHING YOU SURF (New York Times, 14 August 2008) - AT&T is “carefully considering” monitoring the Web-surfing activities of customers who use its Internet service, the company said in a letter in response to an inquiry from the House Committee on Energy and Commerce. While the company said it hadn’t tested such a system for monitoring display advertising viewing habits or committed to a particular technology, it expressed much more interest in the approach than the other big Internet providers who also responded to the committee’s letter. AT&T did however promise that if it does decide to start tracking its customers online, it will “do so the right way.” In particular, the advertising system will require customers to affirmatively agree to have their surfing monitored. This sort of “opt-in” approach is preferred by privacy experts to the “opt-out” method, practiced by most ad targeting companies today, which records the behavior of anyone who doesn’t explicitly ask to not to be tracked. http://bits.blogs.nytimes.com/2008/08/14/att-wants-to-watch-you-read-ads/
- and -
VERIZON: WE NEED FREEDOM TO DELAY P2P TRAFFIC WHEN NECESSARY (ArsTechnica, 21 August 2008) - There has “always been a requirement for network management,” said Verizon CTO Richard Lynch Tuesday at the Progress & Freedom Foundation’s annual Aspen conference on tech policy, even in the analog age. In the wake of the FCC’s recent Comcast decision, debates over “network management” have escaped the engineers’ offices and now take place even among skeptical consumers who worry about what such management will do to their Internet connections. Lynch laid out Verizon’s view on the matter: time-sensitive packets like VoIP should be prioritized over less-sensitive packets like P2P, but the company remains committed to “deliver any and all data requested by our customers.” Thanks to its fiber-to-the-home commitment, Verizon doesn’t face the same congestion issues that plague many cable operators. While current cable networks may share a single uplink between several hundred homes, Verizon’s fiber nodes serve an average of only 32 homes—and the uplink has more bandwidth to begin with. Verizon can currently offer 50Mbps symmetric connections, with 100Mbps connections already in trials, and it can add capacity on lit fiber simply by turning on additional wavelengths. But Lynch rejects the idea that the only acceptable form of network management is none at all—that is, that Verizon and other ISPs should all commit to delivering all packets, all the time, with zero delay. http://arstechnica.com/news.ars/post/20080821-verizon-we-need-freedom-to-delay-p2p-traffic-when-necessary.html
FEC ELATES STRANGE BEDFELLOWS WITH POLITICAL BLOGGING RULING (ArsTechnica, 15 August 2008) - The arch-conservative Heritage Foundation and a pro–Barack Obama blogger found common cause for celebration this week when the Federal Election Commission ruled that former Iowa Democratic Party Chairman Gordon Fischer, author of Iowa True Blue, is not subject to campaign finance restrictions, however partisan his posts. The FEC has repeatedly held that ordinary bloggers are subject to the “media exemption” that permits journalists and editorial writers to support or oppose candidates without tallying their expenses as campaign contributions. But late last year, Hillary Clinton supporter Kirk Tofte nevertheless filed a complaint against Fischer, arguing that his site was no longer a mere political blog, but a “direct arm of the Obama for President campaign.” The FEC rejected Tofte’s argument wholesale, noting that there was no hard evidence of coordination, but that even if there had been, Fischer’s speech would remain protected. Paid ads run by a campaign are still covered, of course, but it would be difficult to do online journalism if bloggers were barred from contacting campaigns or quoting their materials. http://arstechnica.com/news.ars/post/20080815-fec-elates-strange-bedfellows-with-political-blogging-ruling.html
SEC PROVIDES GUIDANCE REGARDING USE OF COMPANY WEBSITES TO DISCLOSE INFORMATION FOR INVESTORS (Duane Morris advisory, 15 August 2008) - The Securities and Exchange Commission (the “SEC”) has published an interpretive release, Commission Guidance on the Use of Company Web Sites, Release No. 34-58288 (the “Release”), providing guidance to companies and issuers of securities on the use of company websites to disclose information to investors. The Release, which became effective August 7, 2008, is intended to encourage companies to develop their websites in compliance with the federal securities laws so that such websites can serve as effective analytical tools for investors by being a vital source of information about a company’s business, financial condition and operations. The Release is intended to provide guidance to those companies that are utilizing websites to supplement their required SEC filings. Since the adoption of the Securities Act of 1933 and the Securities Exchange Act of 1934 (the “Exchange Act”), the foundation of securities regulation in the United States has rested upon timely disclosure of relevant information to investors and the securities markets. Historically, companies have disclosed information to investors and the markets by mailing reports to stockholders, filing periodic reports with the SEC and issuing press releases. As technology has advanced, the Internet, the SEC’s Electronic Data Gathering, Analysis and Retrieval (“EDGAR”) system, and electronic communications have modernized the disclosure system. More and more investors are turning to the Internet and company websites as their main source of information before making investment decisions. The Release provides guidance to companies posting information on their websites, including (1) when information posted on their website is considered “public” for purposes of the “fair disclosure” requirements of Regulation FD; (2) the application of the antifraud provisions of the federal securities laws to information posted on company websites; (3) the types of controls and procedures advisable with respect to posting information; and (4) the appropriate format of the information presented on the website. Full Duane Morris analysis here: http://www.duanemorris.com/alerts/alert2948.html; SEC Release here: http://www.sec.gov/rules/interp/2008/34-58288.pdf ; Earlier MIRLN post on the subject here: http://www.knowconnect.com/mirln/article/mirln_13_july_2_august_2008_v1110/]
WOMAN CAN SUE OVER YOUTUBE CLIP DE-POSTING (SF Gate, 20 August 2008) - In a victory for small-time music copiers over the entertainment industry, a federal judge ruled Wednesday that copyright holders can’t order one of their songs removed from the Web without first checking to see if the excerpt was so small and innocuous that it was legal. The ruling by U.S. District Judge Jeremy Fogel of San Jose was the first in the nation to require the owner of the rights to a creative work to consider whether an online copy was a “fair use” - a small or insignificant replication that couldn’t have affected the market for the original - before ordering the Web host to take it down. A 1998 federal law authorized copyright holders to issue takedown orders whenever they see an unauthorized version of their work on the Internet without having to sue and prove a case of infringement. Some advocates of Internet users’ rights - including the Electronic Frontier Foundation, which represented the individual user in this case - contend the procedure has been abused. The case dates from February 2007, when Stephanie Lenz, a writer and editor from Gallitzin, Pa., made a video of her 13-month-old son cavorting to Prince’s song “Let’s Go Crazy” and posted the 29-second clip on YouTube. Four months later, Universal Music Corp., which owns the rights to the song, ordered YouTube to remove the video and nearly 200 others involving Prince compositions. Lenz, exercising her rights under the same 1998 law, notified YouTube several weeks later that her video was legal and ordered it restored. YouTube complied after waiting two weeks, as required by law, to see whether Universal would sue Lenz for infringement. Lenz then sued Universal in Northern California, YouTube’s home district, for her costs, claiming the music company had acted in bad faith by ordering removal of a video that - she contended - was obviously a fair use of the song and had no commercial value. http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/08/20/BAU412FKRL.DTL Earlier MIRLN post on the subject here: http://www.knowconnect.com/mirln/article/mirln_13_july_2_august_2008_v1110/ ; Eric Goldman has an analysis of this case here: http://blog.ericgoldman.org/archives/2008/08/fair_use_its_th.htm
BAIDU CACHE OFFERS MORE EVIDENCE OF UNDERAGE CHINESE GYMNASTS (ArsTechnica, 20 August 2008) - One of the controversies that’s been swirling around the Chinese Olympic Games since they began is the age of several of China’s gymnasts. According to Chinese officials (and, of course, official passports and ID cards), both He Kexin and Jiang Yuyuan are 16, and therefore old enough to compete in the Olympic Games. Unfortunately for China, there’s a growing body of evidence pointing in the opposite direction, including online evidence a gumshoe hacker discovered lurking in the cache of Baidu, China’s equivalent of Google. If these allegations prove true, it would scarcely be the first time China has lied about the age of an athlete. In 2000—three years after the minimum qualifying age for Olympic Gymnastic competition was raised to 16—Chinese gymnast Yang Yun won a bronze medal for her performance on the uneven bars. Yang’s passport showed her as 16 years old at the time, but the gymnast herself later admitted on Chinese national television that she and her coaches had lied about her age, and that she had been just 14 at the time. There’s also evidence that Chinese gymnast Li Ya was just 13 when she competed at the World Championships in Anaheim back in 2003. A story that ran Beijing Evening News on December 2, 2007, reported that He Kexin was 13, while the New York Times turned up evidence in other Chinese papers that cited her age as 14, with a birth date of January 1, 1994. Currently, He’s passport lists her date of birth as January 1, 1992. Similarly, Jiang Yuyuan’s own national identification card lists her birth date as October 1, 1993. Now, new information gathered from Baidu’s cache further confirms these allegations. Over at Stryde Hax, the anonymous author describes his search for official information on He Kexin’s real birth date. Google, rather suspiciously, has been scrubbed clean—searching the engine’s cache reveals references to He Kexin, but He’s name and data have been removed. As for Baidu, the main search function returns only government-approved data—a spreadsheet that purports to show information on Kexin has also been deleted—but checking the engine’s cache proves that a copy of the document is still preserved. He Kexin’s age, as listed in the preserved copy of an official Chinese document? 14. http://arstechnica.com/news.ars/post/20080820-evidence-of-age-fraud-mounts-china-insists-gymnasts-are-16.html Washington Post calls it cheating and credits the caching discovery: http://www.washingtonpost.com/wp-dyn/content/article/2008/08/22/AR2008082201782.html?nav=rss_email/components
FRENCH HIGH COURT UPHOLDS MONITORING OF EMPLOYEE’S INTERNET USE (Steptoe & Johnson’s E-Commerce Law Week, 21 August 2008) - French workers recently lost their cherished right to work only 35 hours per week. And as a result of a recent ruling by France’s highest court, they may have to spend those hours actually working rather than playing solitaire online. Last month, the Cour de Cassation Chamber Sociale ruled that employers can monitor their employees’ workplace Internet use. Past rulings had suggested that an employer may not access information that an employee stored on his or her workplace computer and clearly marked as personal, unless the employee is present and consents to the search. However, in Franck L. v. Entreprise Martin, the court ruled that an employer may generally access an employee’s computer hard drive without the employee’s knowledge or presence for the purpose of monitoring the employee’s Internet use. The court reasoned that any websites accessed using a workplace computer during business hours are “presumed to be of a professional character,” and that employers may therefore review records of the employee’s Internet use without the employee present. Accordingly, it upheld defendant Entreprise Martin’s firing of former IT manager Franck L., who was let go after Entreprise Martin’s review of his web browsing revealed that he had spent large amounts of work time browsing non-work-related websites. http://www.steptoe.com/publications-5488.html
COURT SAYS EBAY IS A CRIMINAL ENTERPRISE. SERIOUSLY. (Steptoe & Johnson’s E-Commerce Law Week, 21 August 2008) - A federal court in California recently held that eBay’s allegedly false statements about the safety of its “Live Auction” service can support a claim against the company under section 1962(c) of the Racketeer Influenced and Corrupt Organizations Act (RICO), a statute originally designed to go after organized crime. Although the case involves a civil suit, the court’s ruling in Mazur v. eBay Inc. amounts to a remarkable statement that eBay’s description of its auction service constitutes criminal behavior. While the Federal Trade Commission has brought actions for “unfair” or “deceptive” acts in commerce against companies whose actual privacy practices did not live up to their stated policies, allowing RICO actions to be brought on the basis of similar misstatements is a giant leap -- and could have enormous negative ramifications for websites. http://www.steptoe.com/publications-5488.html Opinion here: http://www.steptoe.com/assets/attachments/3504.pdf
**** NOTED PODCASTS ****
CLOUD COMPUTING AND THE PRIVACY OF REMOTELY STORED INFORMATION (State of the Net West 2008; Santa Clara University podcast, 67 minutes; 11 August 2008) -- Panelists including SalesForce.com’s David Schellhase discuss the extant legal framework implicated by some cloud computing applications. File is named “Third Panel and Closing.MP3” and resides here: http://deimos.apple.com/WebObjects/Core.woa/Browse/scu.edu.1423301783.01423301792.1623272573?i=1912410655 Related 6 minute NPR broadcast on 21 August is here: http://www.npr.org/templates/story/story.php?storyId=93841182
DON’T TALK TO THE POLICE (Prof. James Duane, 31 May 2008; 27 minute video podcast) - recommended by Bruce Schneier: “This is an engaging and fascinating video presentation by Professor James Duane of the Regent University School of Law, explaining why -- in a criminal matter -- you should never, ever, ever talk to the police or any other government agent. It doesn’t matter if you’re guilty or innocent, if you have an alibi or not -- it isn’t possible for anything you say to help you, and it’s very possible that innocuous things you say will hurt you. Definitely worth half an hour of your time. http://video.google.com/videoplay?docid=-4097602514885833865 And this is a video of Virginia Beach Police Department Officer George Bruch, who basically says that Duane is right. http://video.google.com/videoplay?docid=6014022229458915912&q=&hl=en“. Editor: Entertaining; his demonstration is convincing, and he doesn’t even touch on the old “it’s the lie that’ll get you, especially with a federal agent.” His closing Justice Jackson quote is telling. The police officer’s presentation also is good.]
SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. BNA’s Internet Law News, http://ecommercecenter.bna.com.
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
7. McGuire Wood’s Technology & Business Articles of Note, http://tinyurl.com/ywsusp
8. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
9. Readers’ submissions, and the editor’s discoveries.
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.
MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by http://www.knowconnect.com.
Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at http://www.abanet.org/dch/committee.cfm?com=CL320000 (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.
Recent MIRLN issues are archived at www.knowconnect.com/mirln.
**************End of Introductory Note***************
CLARIFICATIONS SOUGHT ON DATA MINING (FCW, 24 July 2008) - Clarification is needed for the definition of data mining and the rules governing it, civil libertarians and academics said today. Several experts at a Homeland Security Department conference on implementing privacy protections in government data mining expressed concerns that the meaning of data mining was misunderstood, or had not been fully explained, thus leading to confusion or potential violations of privacy rights. In the legislation that established DHS, Congress required the department to “establish and utilize…a secure communications and information technology infrastructure, including data mining and other advanced analytical tools, in order to access, receive and analyze data.” However, according to some experts, there’s confusion over what constitutes data mining, causing misperceptions. Some experts were worried that the lack of an agreed-upon definition and specific rules governing different types of data mining, including the use of commercial data, increases the risk of privacy violations. “What’s important here is that we not reflexively say that data mining is bad…but we need to have in place the rules of the road here…about when data can be collected, how it can be used,” said Barry Steinhardt, director of the Technology and Liberty Project at the American Civil Liberties Union. “We have not really had that discussion about what the rules of the road are.” In its 2007 annual report to Congress on the department’s data mining activities, DHS’ privacy office said that “it is important to note that no consensus exists on what constitutes ‘data mining.” http://www.fcw.com/online/news/153267-1.html
OUTSOURCE YOUR CHORES — AND FEEL GOOD WHILE YOU’RE AT IT (New York Times, 30 July 2008) - Ted Moorhouse wants you to outsource your next Excel mail merge or graphic design chore — and in the process give students in developing countries the chance to improve their lives. Mr. Moorhouse’s new project, Serebra Connect, is an auction site for services. Buyers post a task and sellers bid to complete the job. It’s a similar model to the popular freelance marketplace Elance — but with a feel-good twist. Most of the people bidding on the jobs are students in developing countries who have taken a course from the Serebra Learning Corporation, the e-learning company where Mr. Moorhouse is chairman and chief executive. He started Serebra Connect in October to help these students use their new skills. Sample tasks posted on the site: creating a logo for a dental practice, translating e-books from Arabic to English and building a Web site with Flash. The average price is $200. It is free to post or bid on a task. The buyer sends the payment to Serebra to hold until the task is completed. Serebra then takes a 10 percent to 15 percent cut and sends the money to the seller via PayPal or MasterCard’s Payoneer. Sellers on the site are rated on a five-star scale based on reviews from buyers as well as how many Serebra courses they have completed. Serebra Connect is still tiny. It has 6,500 sellers: 4,000 in developing countries and the rest from the United States, Canada and Europe. Only 65 tasks have so far been completed and 40 more are in the queue. When a Madison, Wis., company posted a PowerPoint project that would have cost $2,000 in Madison, a woman in the Philippines offered to do it for $200, 10 times her $22-a-month pay as a teacher. Serebra itself posted a task to the site when it needed a new logo, after getting a local quote of $7,500. Someone in Mozambique designed it for $200, and Serebra was so happy with the finished product that the company is continuing to work with the designer. http://bits.blogs.nytimes.com/2008/07/30/outsource-your-chores-and-feel-good-while-youre-at-it/
LAWYERS TO NAME DEFENDANTS IN AUTOADMIT CASE (Yale Daily News, 31 July 2008) - Anonymous commenting may have just gotten a little less anonymous. With the help of a subpoena issued six months ago, attorneys for two Yale Law School students have succeeded in unmasking several anonymous users of the Web forum AutoAdmit whom the women are suing for defamation. Some of the defendants will finally be named when the students soon file an amended complaint, said their attorney, Stanford Law Professor Mark Lemley, who declined to comment further. While this development does not break any new legal ground, several experts interviewed said, it is one of the few, and certainly one of the highest-profile, examples of defamation lawsuits that have successfully pierced the veil of online anonymity. In 2005, sexually explicit and derogatory posts targeting three female Yale Law students appeared on AutoAdmit, an online community where law students can discuss law-school admissions and law-firm life. Two of the students, who remain unnamed in the suit, filed against the 39 authors of the allegedly defamatory posts. Since a federal judge in New Haven granted subpoenas of Internet service providers last January, several of those comments have been successfully traced through their electronic footprints. One of those authors was “AK47,” who, in 2007, posted that women with one of the Yale Law students’ names “should be raped” and said that he and that student were “gay lovers.” John Williams, a court-appointed lawyer who represented AK-47, whom he has never met and whose identity he does not know, said he was disappointed by the judge’s decision to sustain the subpoena, which he said went beyond where any other court has gone. http://www.yaledailynews.com/articles/view/24842
COMPANIES STRUGGLE TO PROTECT DATA (PW World, 3 August 2008) - A staggering 94 percent of companies admit that they are powerless to prevent confidential data from leaving their company by e-mail, according to a new study from Mimecast. The survey was carried out by Emedia on behalf of the e-mail management provider, and interviewed 125 IT managers in the United Kingdom. It found that only 6 percent of respondents were confident that anyone attempting to send confidential information by e-mail out of the organization, would be prevented from doing so. The study also showed that 32 percent of companies would not even be aware that confidential information had been leaked, and therefore would be unable to take steps to minimize the damage or track down the source of the information. However 62 percent said they would be able to retrospectively identify the e-mail leak once the information had been sent, but they did confess to being unable to prevent its disclosure. http://www.pcworld.com/article/149327/2008/08/.html?tk=rss_news
WHAT HAVE THEY GOT AGAINST OWLS? (Nat’l Law Journal, 4 August 2008) - This might be the best part of the Department of Justice’s report of its probe into its improper hiring practices: Jan Williams, who preceded Monica Goodling as the White House liaison to the department, was asked about the LexisNexis search string she and possibly others used to plumb the political leanings of potential hires. Williams denied ever using the “search string” herself, but her handing-the-reins-over e-mail to Goodling said: “This is the lexis nexis search string that I use for AG appointments.” The string, which summarizes (neatly if depressingly) our recent political history, reads as follows: [first name of a candidate] and pre/2 [last name of a candidate] w/7 bush or gore or republican! or democrat! or charg! or accus! or criticiz! or blam! or defend! or iran contra or clinton or spotted owl or florida recount or sex! or controvers! or racis! or fraud! or investigat! or bankrupt! or layoff! or downsiz! or PNTR or NAFTA or outsourc! or indict! or enron or kerry or iraq or wmd! or arrest! or intox! or fired or sex! or racis! or intox! or slur! or arrest! or fired or controvers! or abortion! or gay! or homosexual! or gun! or firearm! The report concluded, among other things, that Goodling and Williams violated federal law, that Williams lied to investigators, and that Goodling committed misconduct. http://www.law.com/jsp/nlj/PubArticleNLJ.jsp?id=1202423465060 [Editor: a search-string as an attribute… BTW, I’d fail this one, and I don’t know owls from awl.]
2ND CIRCUIT BACKS CABLEVISION’S REMOTE RECORDER AGAINST PROGRAMMERS’ LAWSUIT (Law.com, 5 August 2008) - Cablevision’s proposed remote storage digital video recorder system does not violate the Copyright Act, a federal appeals court ruled Monday. The 2nd U.S. Circuit Court of Appeals overturned a grant of summary judgment to film and TV producers who claimed Cablevision’s system would directly infringe their copyrights by making unauthorized reproductions and by engaging in public performances. Judges John M. Walker Jr., Robert D. Sack and Debra Ann Livingston decided the appeal in The Cartoon Network v. CSC Holdings Inc., 07-1480-cv. Walker wrote for the court. Unlike TiVo and other digital video recorder systems that are run through boxes attached to televisions, Cablevision’s remote storage system, RS-DVR, would allow customers without a set-top box to record programming on hard drives maintained by the company at a remote location. Programming copyright holders sued in the Southern District of New York, where Judge Denny Chin granted them summary judgment and enjoined Cablevision from operating the system unless it obtained the necessary licenses from content providers. Chin agreed with the plaintiffs that Cablevision would commit direct infringement by copying at two points in the process -- first by briefly storing data on what is called a primary ingest buffer and, second, by sending the programs onto its Arroyo Server hard disks. The judge also agreed that by transmitting the data from the hard disks to customers, who are armed only with a remote, the company would directly infringe on the copyright holders’ exclusive right of public performance. But the circuit was persuaded there was no copying because of the short time the data reside in the buffers. “Given that the data reside in no buffer for more than 1.2 seconds before being automatically overwritten ... . we believe that the copyrighted works here are not ‘embodied’ in the buffers for a period of more than transitory duration, and therefore are not ‘fixed’ in the buffers,” he said. The circuit then turned to the question of whether the data stored on the Arroyo Server hard disks triggered direct liability for Cablevision, with the key question being who is actually making the copy -- Cablevision or the consumer. Walker cautioned that the court’s holding “does not generally permit content delivery networks to avoid all copyright liability by making copies of each item of its content and associating one unique copy with each subscriber to the network, or by giving their subscribers the capacity to make their own individual copies. http://www.law.com/jsp/article.jsp?id=1202423528890
- and -
NEW MAGAZINE-SHARING SITE MAY VIOLATE COPYRIGHTS (AP, 15 August 2008) - The magazine industry, already facing a decline in newsstand sales and falling ad revenue, is being besieged by a new foe: digital piracy. A fledgling Web site called Mygazines.com encourages people to copy and upload popular magazines that are currently on newsstands. Visitors can read high-quality digital copies of dozens of current titles, including People, Men’s Health and The Economist, in their entirety. The site, with some 16,000 registered users as of Friday, is a “flagrant” violation of copyright laws, according to legal experts — but it is run by an offshore company of specious origin, making it difficult to shut down. “It’s pretty hard to see how it’s anything other than a straightforward set of copyright violations,” said Jeffrey Cunard, an intellectual property lawyer with Debevoise & Plimpton LLP in Washington. “There are entire magazines with no commentary, no criticism — clearly not a case of classic fair use.” The Mygazines site said in a July 29 press release announcing its launch that its copies are no different from magazines shared in a doctor’s office or salon. Cunard rejected that argument because the site makes available copies of paid-for content — not the actual product. “The first-sale doctrine says that once I buy a physical copy of something, I can do whatever I want with it — except copy it,” he said. Several magazine publishers said they are aware of the site and are considering legal action. “We take our intellectual property seriously and are considering appropriate action on this matter,” The Economist said in an e-mail statement. Dawn Bridges, a spokeswoman for Time Warner Inc.’s Time division, said the publisher of People, Sports Illustrated and other titles is investigating its options, including ways to have the site shut down. The challenge for the magazine publishers is that Mygazines’s domain name is registered in the Caribbean island nation of Anguilla, which is a British overseas territory, and thus outside of the jurisdiction of U.S. copyright law. Publishers could have recourse if the company uses servers physically in the United States. They also could sue the company in U.S. courts because content is available to Americans, but they would not be able to force Mygazines representatives to show up — nor collect any damages for any ruling made in absentia. Repeated attempts to contact representatives of Mygazines.com went unanswered. Registration records show the domain name is owned by “John Smith” of Salveo Ltd., based in The Valley, Anguilla. The address listed is a post office box, and the phone number rang unanswered. Registration companies require that domain buyers use their actual names and contact information, but the submitted information is rarely checked. http://news.yahoo.com/s/ap/20080815/ap_on_hi_te/magazines_online_piracy Related CNET story discussion: “There is a hitch in the case against Mygazines, however. Mygazines is registered in the Caribbean island of Anguilla and hosted in Sweden, by the notorious PRQ. The Stockholm-based PRQ is owned by the founders of BitTorrent tracker site Pirate Bay and is known for hosting other dubious sites. With its domain name registered abroad and its servers beyond U.S. borders as well, Mygazines seems to have slipped around the jurisdiction of U.S. copyright law. Even though publishers could pursue legal action against the site for material available in the U.S., there’d be no way to get representatives for the company to court or to collect damages.” - http://news.cnet.com/8301-13578_3-10018462-38.html
WHO CAN YOU SUE? CLICK HERE (Time, 6 August 2008) - As if there weren’t enough people out there suing each other, now a Florida attorney has come up with a way to make the process even easier. Beginning next month, anyone with access to the Internet should be able to log onto WhoCanISue.com. The new website plans to help consumers determine whether they actually have a case and help them find an attorney from a list of lawyers who advertise their expertise on the website. The attorneys will pay an annual fee of $1,000 to appear on the site, plus an additional amount of their own choosing that will determine how prominently they appear in the listings on the site. The website will vet the attorneys to make sure they are in good standing with their state bar associations. Curtis A. Wolfe, formerly general counsel for Fort Lauderdale-based private equity firm Ener1 Group and the founder of WhoCanISue.com, plans to unveil the new website in September. But he will begin signing up attorneys to advertise on the site when the American Bar Association convenes it annual meeting in New York City on Thursday. Wolfe’s website is not the first of its kind. His most direct competition includes SueEasy.com and LegalMatch.com, among others. But Wolfe says his service — which is free to the consumer — differs from the others in that he will provide real-time access to attorneys. After consumers answer a set of general questions about their grievances, they will be given some guidance about whether they might have a case worth pursuing; if they do, they will be immediately put in touch with an interested attorney. http://www.time.com/time/nation/article/0,8599,1829725,00.html
THIRD CIRCUIT REVIVES BREACH OF CONTRACT CLAIMS IN DATA BREACH CASE (Steptoe & Johnson’s E-Commerce Law Week, 7 August 2008) - Another decision last month by the Third Circuit held that two banks that issued Visa credit cards to consumers whose card information was compromised by a data breach at BJ’s Wholesale Club can pursue breach of contract claims against Fifth Third Bank, which processed BJ’s Visa transactions. The court reversed a district court decision that the two issuing banks were not third-party beneficiaries of an agreement between Visa and Fifth Third that required Fifth Third to ensure that BJ’s not retain cardholder information. However, the court also held that the “economic loss rule” barred the issuing banks’ negligence claims. While the Third Circuit’s rulings on the breach of contract claims mark a win for Sovereign and the Pennsylvania State Employees Credit Union, they will likely do little to improve other plaintiffs’ odds of recovering in similar cases involving credit and debit card information. As the court noted, the Visa Operating Regulations have been amended since the BJ’s breach to explicitly preclude third-party beneficiary claims. This revision to the Operating Regulations led a federal court in Massachusetts to rule in 2007 that a putative class of Visa card issuers could not claim third party beneficiary status in a case arising from the breach of credit card information stored by retailer The TJX Companies, Inc. http://www.steptoe.com/publications-5463.html Third Circuit opinion here: http://www.ca3.uscourts.gov/opinarch/063392p.pdf
OHIO OFFICIAL SUES E-VOTING VENDOR FOR LOST VOTES (Computerworld, 8 August 2008) - Ohio Secretary of State Jennifer Brunner has filed a lawsuit against an electronic-voting machine vendor, saying the vendor should pay damages for dropped votes in the state’s March primary election. E-voting machines from Premier Election Solutions, formerly known as Diebold Election Systems, dropped hundreds of votes in 11 Ohio counties during the primary election, as the machine’s memory cards were uploaded to vote-counting servers, Brunner’s office said. Officials in Brunner’s office later discovered the dropped votes in other counties after voting officials in Butler County discovered about 150 dropped votes, said Jeff Ortega, Brunner’s assistant director of communications. Brunner’s lawsuit, filed in Franklin County Common Pleas Court in Ohio on Wednesday, is a counter claim to an earlier lawsuit filed by Premier. In May, Premier filed a lawsuit against Brunner’s office and Cuyahoga County, Ohio, seeking a judgment that Premier did not violate any contracts or warranties. Brunner’s lawsuit accuses Premier of not fulfilling its contracts with election officials. The lawsuit also alleges breach of warranty and fraud. Premier e-voting machines are used in half of Ohio’s 88 counties. Butler County officials discovered the dropped votes in post-election checks. That set off a statewide investigation, which found dropped votes in 11 other counties, according to information from Brunner’s office. Butler County officials sent letters to Premier on April 4 and 9, seeking an explanation for the dropped votes, and on May 16, Premier issued a report, suggesting human error or conflicts with antivirus software were to blame. Brunner and Butler County officials have suggested that the May report and a follow-up issued by Premier lacked evidence that antivirus software caused the problems. A Premier report on May 29 suggested counties disable antivirus software on vote-tabulation servers, but the servers had been certified in Ohio with the antivirus software installed, Brunner said. In December, Brunner’s office issued a report questioning the security of touch-screen e-voting machines like those sold by Premier. Machines from Premier and two other vendors had “critical security failures,” the report said. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9112041&source=rss_topic17
US WARNS OLYMPIC TRAVELLERS ABOUT ELECTRONIC ESPIONAGE (VUnet, 11 August 2008) - In a strongly worded warning, the US government advised people visiting Beijing for the start of the Olympic Games that they should trust no-one with their electronic devices. The National Counterintelligence Executive warning was issued on Thursday and warns that while government officials and senior business executives are most at risk, no-one should consider themselves too small a target. “Security services and criminals can track your movements using your mobile phone or PDA and can turn on the microphone in your device even when you think it’s off. To prevent this, remove the battery,” the warning reads. “Security services and criminals can also insert malicious software into your device through any connection they control.” Travellers are advised to not take electronic devices into the country unless absolutely necessary. They should also assume that their hard drive has been copied if the device is examined by customs or in their hotel room if it is searched. It also warns about the use of USB thumb drives in China, saying they may have malware installed on them. Travellers are also advised to change all passwords immediately on their return home. http://www.vnunet.com/vnunet/news/2223619/warns-olympic-travellers-us-china Warning here: http://www.ncix.gov/publications/reports/traveltips.pdf
COURT DISMISSES L’OREAL CLAIMS AGAINST EBAY (Reuters, 12 August 2008) - A Belgian court on Tuesday dismissed all of the claims of cosmetics maker L’Oreal brought against eBay over the sale of fake fragrances and cosmetic products on online auction sites, eBay said in a statement. L’Oreal started legal action in France, Belgium, Germany, Britain and Spain in September 2007, alleging the online auctioneer did not do enough to combat the sale of counterfeits. None of the other courts have ruled on the case yet. The Belgian court ruled that eBay was not obliged to take action to fight counterfeiting, but eBay spokeswoman Sravanthi Agrawal stressed that the company cooperated with rights owners to tackle the sale of fake goods. She added that the company clamped down on all cases of counterfeiting notified to it by the firms concerned, even though it did not have a legal obligation to do so. L’Oreal said in a statement it would appeal against the decision. http://uk.news.yahoo.com/rtrs/20080812/tot-uk-belgium-loreal-ebay-566e283.html
MINNESOTA COURT SAYS KEYWORD ADVERTISING IS TM USE IN COMMERCE--HYSITRON V. MTS (Eric Goldman blog, 11 August 2008) - Hysitron Inc. v. MTS Systems Corp., 2008 WL 3161969 (D. Minn. Aug. 1, 2008). In a brief and pedestrian opinion, another court outside the Second Circuit said that buying a trademarked keyword is “use in commerce” under the Lanham Act even if the trademark doesn’t appear in the ad copy. The court says: “This Court adopts the majority view that using a trademark to generate advertising constitutes a “use in commerce” under the Lanham Act. This approach adheres to the plain meaning of the Lanham Act’s definition of “use in commerce.” The language used in the definition suggests that a “use in commerce” is not limited to affixing another’s mark to one’s own goods but also encompasses any use of another’s mark to advertise or sell one’s own goods and services.” The court is right about the majority vote, but it’s hardly a strong majority. According to my count, the vote was 7-to-6 before this ruling. However, all 6 no votes are in the 2d Circuit, so geographically there is a stronger basis to characterize the rule as the majority rule. The court also denied the defense SJ motion because more discovery is required to determine consumer confusion. http://blog.ericgoldman.org/archives/2008/08/minnesota_court.htm
WEB PRIVACY ON THE RADAR IN CONGRESS (New York Times, 11 August 2008) - Here are some things Internet users can discover about Kiyoshi Martinez, a 24-year-old man from Mokena, Ill., from some of his recent posts online. He watched “The Colbert Report” on Tuesday night, he likes the musician Lenlow and he received bottles of olive oil and vinegar for his birthday. Mr. Martinez has Facebook and LinkedIn pages, a Twitter account and a Web site that includes his résumé. So it is surprising to learn that Mr. Martinez, an aide in the Illinois Senate, is also vigilant about his privacy online. “I’m pretty aware of the fact that anything you do on the Internet pretty much should just be considered public,” Mr. Martinez said. While he knows that companies are collecting his data and often tracking his online habits so they can show him more relevant ads, he said, he would like to see more transparency “about what the company intends to do with your data and your information.” Those same questions of data collection and privacy policies are attracting the attention of Congress, too. There is no broad privacy legislation governing advertising on the Internet. And even some in the government admit that they do not have a clear grasp of what companies are able to do with the wealth of data now available to them. http://www.nytimes.com/2008/08/11/technology/11privacy.html?_r=1&ref=technology&oref=slogin
AIR FORCE SUSPENDS ‘CYBER COMMAND’ PROGRAM (Information Week, 13 August 2008) - Putting on hold a major cyberwarfare initiative less than two months before it was scheduled to become operational, the Pentagon this week said it is delaying and reviewing the future of the Air Force’s controversial “Cyber Command” program. Provisionally created last year to coordinate and initiate the defense of U.S. military computer networks and to launch offensive attacks on enemy IT systems, the Cyber Command has been based at Barksdale Air Force Base in Louisiana. The command’s Web site says its mission is “To secure our nation by employing world-class cyberspace capabilities to control cyberspace, create integrated global effects, and deliver sovereign options.” The Army, Navy, and Air Force have been engaged in a tug-of-war over the leadership role in the U.S. military’s cyberwarfare initiatives. The Navy has created both the Network Warfare Command and the Space and Naval Warfare Systems Center to develop technology and policies for confronting adversaries in cyberspace. The Defense Advanced Research Projects Agency, or DARPA, has also announced plans to develop a “National Cyber Range,” a virtual network environment for cyberwar simulation. In March, the U.S. Department of Homeland Security hosted Cyber Storm II, a networking war game involving about 40 private-sector companies including Cisco, Juniper Networks, and Dow Chemical. The exercise came shortly after the Pentagon reported that China’s People’s Liberation Army was intent on expanding its capabilities for cyberwarfare. Reports from the Caucasus indicate that the Russian began its assault on neighboring Georgia with a cyberattack intended to disable the smaller country’s computer networks. http://www.informationweek.com/news/security/government/showArticle.jhtml?articleID=210003721&cid=RSSfeed_IWK_News
FREE LICENSES UPHELD (Lessig Blog, 13 August 2008) - So for non-lawgeeks, this won’t seem important. But trust me, this is huge. I am very proud to report today that the Court of Appeals for the Federal Circuit (THE “IP” court in the US) has upheld a free (ok, they call them “open source”) copyright license, explicitly pointing to the work of Creative Commons and others. (The specific license at issue was the Artistic License.) This is a very important victory, and I am very very happy that the Stanford Center for Internet and Society played a key role in securing it. In non-technical terms, the Court has held that free licenses such as the CC licenses set conditions (rather than covenants) on the use of copyrighted work. When you violate the condition, the license disappears, meaning you’re simply a copyright infringer. This is the theory of the GPL and all CC licenses. Put precisely, whether or not they are also contracts, they are copyright licenses which expire if you fail to abide by the terms of the license. Important clarity and certainty by a critically important US Court. http://lessig.org/blog/2008/08/huge_and_important_news_free_l.html and http://www.nytimes.com/2008/08/14/technology/14commons.html Opinion here: http://www.cafc.uscourts.gov/opinions/08-1001.pdf
COURT RULES SENDING EMAILS TO FORUM SATISFIES JURISDICTION TEST (BNA’s Internet Law News, 14 August 2008) - BNA’s Electronic Commerce & Law Report reports that an Idaho federal court has ruled that sending over 100 e-mails to individuals known to be located in Idaho is enough to satisfy the due process “purposeful availment” requirement for finding jurisdiction there. The court said that Idaho jurisdiction was proper over an individual accused of intentionally sending bulk e-mails to Idaho residents when the sender knew of the recipients’ location, and when the harm the recipients suffered was directly related to the e-mails. Case name is Melaleuca v. Hansen.
COURTS JUST CAN’T AGREE ON WHEN EMPLOYEE ACCESS TO COMPUTER IS “AUTHORIZED” UNDER CFAA (Steptoe & Johnson’s E-Commerce Law Week, 14 August 2008) - Courts continue to disagree over whether an employee violates the Computer Fraud and Abuse Act (CFAA) when he accesses a company computer with authorization but then steals information for some nefarious purpose. In Black & Decker (US), Inc. v. Smith, a federal court in Tennessee ruled that a disloyal employee who allegedly copied confidential Black & Decker (B&D) information before being terminated did not access this information “without authorization” or “exceed” his authorized access within the meaning of the CFAA, since he was permitted access to the information while employed. But, in Mintel International Group, Ltd. v. Neergheen, a federal court in Illinois held that an employee might have “exceeded authorized access” by sending confidential information from his workplace computer to his personal email address before leaving the company. http://www.steptoe.com/publications-5479.html
AT&T MULLS WATCHING YOU SURF (New York Times, 14 August 2008) - AT&T is “carefully considering” monitoring the Web-surfing activities of customers who use its Internet service, the company said in a letter in response to an inquiry from the House Committee on Energy and Commerce. While the company said it hadn’t tested such a system for monitoring display advertising viewing habits or committed to a particular technology, it expressed much more interest in the approach than the other big Internet providers who also responded to the committee’s letter. AT&T did however promise that if it does decide to start tracking its customers online, it will “do so the right way.” In particular, the advertising system will require customers to affirmatively agree to have their surfing monitored. This sort of “opt-in” approach is preferred by privacy experts to the “opt-out” method, practiced by most ad targeting companies today, which records the behavior of anyone who doesn’t explicitly ask to not to be tracked. http://bits.blogs.nytimes.com/2008/08/14/att-wants-to-watch-you-read-ads/
- and -
VERIZON: WE NEED FREEDOM TO DELAY P2P TRAFFIC WHEN NECESSARY (ArsTechnica, 21 August 2008) - There has “always been a requirement for network management,” said Verizon CTO Richard Lynch Tuesday at the Progress & Freedom Foundation’s annual Aspen conference on tech policy, even in the analog age. In the wake of the FCC’s recent Comcast decision, debates over “network management” have escaped the engineers’ offices and now take place even among skeptical consumers who worry about what such management will do to their Internet connections. Lynch laid out Verizon’s view on the matter: time-sensitive packets like VoIP should be prioritized over less-sensitive packets like P2P, but the company remains committed to “deliver any and all data requested by our customers.” Thanks to its fiber-to-the-home commitment, Verizon doesn’t face the same congestion issues that plague many cable operators. While current cable networks may share a single uplink between several hundred homes, Verizon’s fiber nodes serve an average of only 32 homes—and the uplink has more bandwidth to begin with. Verizon can currently offer 50Mbps symmetric connections, with 100Mbps connections already in trials, and it can add capacity on lit fiber simply by turning on additional wavelengths. But Lynch rejects the idea that the only acceptable form of network management is none at all—that is, that Verizon and other ISPs should all commit to delivering all packets, all the time, with zero delay. http://arstechnica.com/news.ars/post/20080821-verizon-we-need-freedom-to-delay-p2p-traffic-when-necessary.html
FEC ELATES STRANGE BEDFELLOWS WITH POLITICAL BLOGGING RULING (ArsTechnica, 15 August 2008) - The arch-conservative Heritage Foundation and a pro–Barack Obama blogger found common cause for celebration this week when the Federal Election Commission ruled that former Iowa Democratic Party Chairman Gordon Fischer, author of Iowa True Blue, is not subject to campaign finance restrictions, however partisan his posts. The FEC has repeatedly held that ordinary bloggers are subject to the “media exemption” that permits journalists and editorial writers to support or oppose candidates without tallying their expenses as campaign contributions. But late last year, Hillary Clinton supporter Kirk Tofte nevertheless filed a complaint against Fischer, arguing that his site was no longer a mere political blog, but a “direct arm of the Obama for President campaign.” The FEC rejected Tofte’s argument wholesale, noting that there was no hard evidence of coordination, but that even if there had been, Fischer’s speech would remain protected. Paid ads run by a campaign are still covered, of course, but it would be difficult to do online journalism if bloggers were barred from contacting campaigns or quoting their materials. http://arstechnica.com/news.ars/post/20080815-fec-elates-strange-bedfellows-with-political-blogging-ruling.html
SEC PROVIDES GUIDANCE REGARDING USE OF COMPANY WEBSITES TO DISCLOSE INFORMATION FOR INVESTORS (Duane Morris advisory, 15 August 2008) - The Securities and Exchange Commission (the “SEC”) has published an interpretive release, Commission Guidance on the Use of Company Web Sites, Release No. 34-58288 (the “Release”), providing guidance to companies and issuers of securities on the use of company websites to disclose information to investors. The Release, which became effective August 7, 2008, is intended to encourage companies to develop their websites in compliance with the federal securities laws so that such websites can serve as effective analytical tools for investors by being a vital source of information about a company’s business, financial condition and operations. The Release is intended to provide guidance to those companies that are utilizing websites to supplement their required SEC filings. Since the adoption of the Securities Act of 1933 and the Securities Exchange Act of 1934 (the “Exchange Act”), the foundation of securities regulation in the United States has rested upon timely disclosure of relevant information to investors and the securities markets. Historically, companies have disclosed information to investors and the markets by mailing reports to stockholders, filing periodic reports with the SEC and issuing press releases. As technology has advanced, the Internet, the SEC’s Electronic Data Gathering, Analysis and Retrieval (“EDGAR”) system, and electronic communications have modernized the disclosure system. More and more investors are turning to the Internet and company websites as their main source of information before making investment decisions. The Release provides guidance to companies posting information on their websites, including (1) when information posted on their website is considered “public” for purposes of the “fair disclosure” requirements of Regulation FD; (2) the application of the antifraud provisions of the federal securities laws to information posted on company websites; (3) the types of controls and procedures advisable with respect to posting information; and (4) the appropriate format of the information presented on the website. Full Duane Morris analysis here: http://www.duanemorris.com/alerts/alert2948.html; SEC Release here: http://www.sec.gov/rules/interp/2008/34-58288.pdf ; Earlier MIRLN post on the subject here: http://www.knowconnect.com/mirln/article/mirln_13_july_2_august_2008_v1110/]
WOMAN CAN SUE OVER YOUTUBE CLIP DE-POSTING (SF Gate, 20 August 2008) - In a victory for small-time music copiers over the entertainment industry, a federal judge ruled Wednesday that copyright holders can’t order one of their songs removed from the Web without first checking to see if the excerpt was so small and innocuous that it was legal. The ruling by U.S. District Judge Jeremy Fogel of San Jose was the first in the nation to require the owner of the rights to a creative work to consider whether an online copy was a “fair use” - a small or insignificant replication that couldn’t have affected the market for the original - before ordering the Web host to take it down. A 1998 federal law authorized copyright holders to issue takedown orders whenever they see an unauthorized version of their work on the Internet without having to sue and prove a case of infringement. Some advocates of Internet users’ rights - including the Electronic Frontier Foundation, which represented the individual user in this case - contend the procedure has been abused. The case dates from February 2007, when Stephanie Lenz, a writer and editor from Gallitzin, Pa., made a video of her 13-month-old son cavorting to Prince’s song “Let’s Go Crazy” and posted the 29-second clip on YouTube. Four months later, Universal Music Corp., which owns the rights to the song, ordered YouTube to remove the video and nearly 200 others involving Prince compositions. Lenz, exercising her rights under the same 1998 law, notified YouTube several weeks later that her video was legal and ordered it restored. YouTube complied after waiting two weeks, as required by law, to see whether Universal would sue Lenz for infringement. Lenz then sued Universal in Northern California, YouTube’s home district, for her costs, claiming the music company had acted in bad faith by ordering removal of a video that - she contended - was obviously a fair use of the song and had no commercial value. http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/08/20/BAU412FKRL.DTL Earlier MIRLN post on the subject here: http://www.knowconnect.com/mirln/article/mirln_13_july_2_august_2008_v1110/ ; Eric Goldman has an analysis of this case here: http://blog.ericgoldman.org/archives/2008/08/fair_use_its_th.htm
BAIDU CACHE OFFERS MORE EVIDENCE OF UNDERAGE CHINESE GYMNASTS (ArsTechnica, 20 August 2008) - One of the controversies that’s been swirling around the Chinese Olympic Games since they began is the age of several of China’s gymnasts. According to Chinese officials (and, of course, official passports and ID cards), both He Kexin and Jiang Yuyuan are 16, and therefore old enough to compete in the Olympic Games. Unfortunately for China, there’s a growing body of evidence pointing in the opposite direction, including online evidence a gumshoe hacker discovered lurking in the cache of Baidu, China’s equivalent of Google. If these allegations prove true, it would scarcely be the first time China has lied about the age of an athlete. In 2000—three years after the minimum qualifying age for Olympic Gymnastic competition was raised to 16—Chinese gymnast Yang Yun won a bronze medal for her performance on the uneven bars. Yang’s passport showed her as 16 years old at the time, but the gymnast herself later admitted on Chinese national television that she and her coaches had lied about her age, and that she had been just 14 at the time. There’s also evidence that Chinese gymnast Li Ya was just 13 when she competed at the World Championships in Anaheim back in 2003. A story that ran Beijing Evening News on December 2, 2007, reported that He Kexin was 13, while the New York Times turned up evidence in other Chinese papers that cited her age as 14, with a birth date of January 1, 1994. Currently, He’s passport lists her date of birth as January 1, 1992. Similarly, Jiang Yuyuan’s own national identification card lists her birth date as October 1, 1993. Now, new information gathered from Baidu’s cache further confirms these allegations. Over at Stryde Hax, the anonymous author describes his search for official information on He Kexin’s real birth date. Google, rather suspiciously, has been scrubbed clean—searching the engine’s cache reveals references to He Kexin, but He’s name and data have been removed. As for Baidu, the main search function returns only government-approved data—a spreadsheet that purports to show information on Kexin has also been deleted—but checking the engine’s cache proves that a copy of the document is still preserved. He Kexin’s age, as listed in the preserved copy of an official Chinese document? 14. http://arstechnica.com/news.ars/post/20080820-evidence-of-age-fraud-mounts-china-insists-gymnasts-are-16.html Washington Post calls it cheating and credits the caching discovery: http://www.washingtonpost.com/wp-dyn/content/article/2008/08/22/AR2008082201782.html?nav=rss_email/components
FRENCH HIGH COURT UPHOLDS MONITORING OF EMPLOYEE’S INTERNET USE (Steptoe & Johnson’s E-Commerce Law Week, 21 August 2008) - French workers recently lost their cherished right to work only 35 hours per week. And as a result of a recent ruling by France’s highest court, they may have to spend those hours actually working rather than playing solitaire online. Last month, the Cour de Cassation Chamber Sociale ruled that employers can monitor their employees’ workplace Internet use. Past rulings had suggested that an employer may not access information that an employee stored on his or her workplace computer and clearly marked as personal, unless the employee is present and consents to the search. However, in Franck L. v. Entreprise Martin, the court ruled that an employer may generally access an employee’s computer hard drive without the employee’s knowledge or presence for the purpose of monitoring the employee’s Internet use. The court reasoned that any websites accessed using a workplace computer during business hours are “presumed to be of a professional character,” and that employers may therefore review records of the employee’s Internet use without the employee present. Accordingly, it upheld defendant Entreprise Martin’s firing of former IT manager Franck L., who was let go after Entreprise Martin’s review of his web browsing revealed that he had spent large amounts of work time browsing non-work-related websites. http://www.steptoe.com/publications-5488.html
COURT SAYS EBAY IS A CRIMINAL ENTERPRISE. SERIOUSLY. (Steptoe & Johnson’s E-Commerce Law Week, 21 August 2008) - A federal court in California recently held that eBay’s allegedly false statements about the safety of its “Live Auction” service can support a claim against the company under section 1962(c) of the Racketeer Influenced and Corrupt Organizations Act (RICO), a statute originally designed to go after organized crime. Although the case involves a civil suit, the court’s ruling in Mazur v. eBay Inc. amounts to a remarkable statement that eBay’s description of its auction service constitutes criminal behavior. While the Federal Trade Commission has brought actions for “unfair” or “deceptive” acts in commerce against companies whose actual privacy practices did not live up to their stated policies, allowing RICO actions to be brought on the basis of similar misstatements is a giant leap -- and could have enormous negative ramifications for websites. http://www.steptoe.com/publications-5488.html Opinion here: http://www.steptoe.com/assets/attachments/3504.pdf
**** NOTED PODCASTS ****
CLOUD COMPUTING AND THE PRIVACY OF REMOTELY STORED INFORMATION (State of the Net West 2008; Santa Clara University podcast, 67 minutes; 11 August 2008) -- Panelists including SalesForce.com’s David Schellhase discuss the extant legal framework implicated by some cloud computing applications. File is named “Third Panel and Closing.MP3” and resides here: http://deimos.apple.com/WebObjects/Core.woa/Browse/scu.edu.1423301783.01423301792.1623272573?i=1912410655 Related 6 minute NPR broadcast on 21 August is here: http://www.npr.org/templates/story/story.php?storyId=93841182
DON’T TALK TO THE POLICE (Prof. James Duane, 31 May 2008; 27 minute video podcast) - recommended by Bruce Schneier: “This is an engaging and fascinating video presentation by Professor James Duane of the Regent University School of Law, explaining why -- in a criminal matter -- you should never, ever, ever talk to the police or any other government agent. It doesn’t matter if you’re guilty or innocent, if you have an alibi or not -- it isn’t possible for anything you say to help you, and it’s very possible that innocuous things you say will hurt you. Definitely worth half an hour of your time. http://video.google.com/videoplay?docid=-4097602514885833865 And this is a video of Virginia Beach Police Department Officer George Bruch, who basically says that Duane is right. http://video.google.com/videoplay?docid=6014022229458915912&q=&hl=en“. Editor: Entertaining; his demonstration is convincing, and he doesn’t even touch on the old “it’s the lie that’ll get you, especially with a federal agent.” His closing Justice Jackson quote is telling. The police officer’s presentation also is good.]
SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, sans@sans.org.
4. NewsScan and Innovation, http://www.newsscan.com.
5. BNA’s Internet Law News, http://ecommercecenter.bna.com.
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
7. McGuire Wood’s Technology & Business Articles of Note, http://tinyurl.com/ywsusp
8. Steptoe & Johnson’s E-Commerce Law Week, www.steptoe.com
9. Readers’ submissions, and the editor’s discoveries.
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/3.0/us/ or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.
Subscribe to:
Posts (Atom)