Saturday, May 07, 2011

MIRLN --- 17 April – 7 May 2011 (v14.06)

MIRLN --- 17 April - 7 May 2011 (v14.06) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

o Police Use Data Shared by TomTom GPS Users to Set Targeted Speed Traps

o Password Protected? Can a Password Save Your Cell Phone from the Search Incident to Arrest Doctrine?

o Atoms vs. Bits: Your Phone in the Eyes of the Law

o Telling Traces

NEWS | PODCASTS | RESOURCES | DIFFERENT | LOOKING BACK | NOTES

US Police Increasingly Peeping At E-Mail, Instant Messages (TechWorld, 12 April 2011) - Law enforcement organizations are making tens of thousands of requests for private electronic information from companies such as Sprint, Facebook and AOL, but few detailed statistics are available, according to a privacy researcher. Police and other agencies have "enthusiastically embraced" asking for e-mail, instant messages and mobile-phone location data, but there's no U.S. federal law that requires the reporting of requests for stored communications data, wrote Christopher Soghoian, a doctoral candidate at theSchool of Informatics and Computing at Indiana University, in a newly published paper. "Unfortunately, there are no reporting requirements for the modern surveillance methods that make up the majority of law enforcement requests to service providers and telephone companies," Soghoian wrote. "As such, this surveillance largely occurs off the books, with no way for Congress or the general public to know the true scale of such activities." That's in contrast to traditional wiretaps and "pen registers," which record non-content data around a particular communication, such as the number dialed or e-mail address that a communication was sent to. The U.S. Congress mandates that it should receive reports on these requests, which are compiled by the Administrative Office of the U.S. Courts, Soghoian wrote. If law enforcement wants to intercept e-mail or instant messages in real-time, they are required to report it. Since 1997, federal law enforcement has requested real-time intercepts only 67 times, with state law enforcement agents obtaining 54 intercept orders. Soghoian wrote that those low figures may seem counterintuitive given the real-time nature of electronic communications. But all of the communications are stored, he noted. "It is often cheaper and easier to do it after the fact rather than in real-time," Soghoian wrote. Cox Communications, a major U.S. service provider, charges $3,500 for a wiretap and $2,500 for a pen register. Account information, however, costs a mere $40. Soghoian found through his research that law enforcement agencies requested more than 30,000 wiretaps between 1987 and 2009. But the scale of requests for stored communications appears to be much greater. Citing a New York Times story from 2006, Soghoian wrote that AOL was receiving 1,000 requests per month.

top

Google Wi-Fi Judge Asks if Packet Sniffing Is Spying (Wired, 18 April 2011) - The question of whether Google is liable for damages for secretly intercepting data on open Wi-Fi routers across the United States is boiling down to the definition of a "radio communication." That appears to be the legal theory embraced by the Silicon Valley federal judge presiding over nearly a dozen combined lawsuits seeking damages from Google for eavesdropping on open Wi-Fi networks from its Street View mapping cars. The cars had been equipped with Wi-Fi-sniffing hardware to record the names and MAC addresses of routers to improve Google location-specific services. But those cars were also capturing the contents of internet packets that were sent over unencrypted Wi-Fi as they drove by, something the company said was an accidental leftover from testing. While the company quickly admitted that it had made a mistake and temporarily grounded its fleet of mapping vehicles last year, the company was confronted with a number of investigations around the world, as well as class-action lawsuits that were joined in San Jose, California. The lawsuits are being heard by U.S. District Judge James Ware. At the center of the legal flap is whether Google breached the Wiretap Act. The answer is important not only to Google, but to the millions who use open, unencrypted Wi-Fi networks at coffee shops, restaurants or any other business trying to attract customers. Google said it is not illegal to intercept data from unencrypted, or non-password-protected Wi-Fi networks. Plaintiffs' lawyers representing millions of Americans whose internet traffic was sniffed by Google think otherwise, and are seeking unspecified damages. Judge Ware, however, suggested the answer to the far-reaching privacy dilemma lies in an unanswered question. He has asked each side to define "radio communication" (.pdf) as it applies to the Wiretap Act, and wants to know whether home Wi-Fi networks are "radio communications" under the Wiretap Act. In response, Google wrote last week that open Wi-Fi networks are akin to "radio communications" like AM/FM radio, citizens' band and police and fire bands - and are "readily accessible" to the general public. Indeed, packet-sniffing software, such as Wireshark and Firesheep, is easily available online. Hence, because unencrypted Wi-Fi signals travel over the radio spectrum, they are not covered by the Wiretap Act, (.pdf) Google responded.

top

Social Networking, Users, and Reasonable Expectations of Privacy Under the Fourth Amendment (Media Law Prof Blog, 18 April 2011) - Junichi P. Semitsu, University of San Diego School of Law, has published From Facebook to Mug Shot: How the Dearth of Social Networking Privacy Rights Revolutionized Online Government Surveillance in volume 31 of the Pace Law Review (2011). Here is the abstract: "Each month, Facebook's half billion active users disseminate over 30 billion pieces of content. In this complex digital ecosystem, they live a parallel life that, for many, involves more frequent, fulfilling, and compelling communication than any other offline or online forum. But even though Facebook users have privacy options to control who sees what content, this Article concludes that every single one of Facebook's 133 million active users in the United States lack a reasonable expectation of privacy from government surveillance of virtually all of their online activity. 

Based on Facebook's own interpretations of federal privacy laws, a warrant is only necessary to compel disclosure of inbox and outbox messages less than 181 days old. Everything else can be obtained with subpoenas that do not even require reasonable suspicion. Accordingly, over the last six years, government agents have worked the beat by mining the treasure trove of personal and confidential information on Facebook. 

But while Facebook has been justifiably criticized for its weak and shifting privacy rules, this Article demonstrates that even if it adopted the strongest and clearest policies possible, its users would still lack reasonable expectations of privacy under federal law. First, federal courts have failed to properly adapt Fourth Amendment law to the realities of Internet architecture. Since all Facebook content has been knowingly exposed to at least one third party, the Supreme Court's current Fourth Amendment jurisprudence does not clearly stop investigators from being allowed carte blanche to fish through the entire site for incriminating evidence. Second, Congress has failed to meaningfully revise the Electronic Communications Privacy Act (ECPA) for over a quarter century. Even if the ECPA were amended to cover all Facebook content, its lack of a suppression remedy would be one of several things that would keep Facebook a permanent open book. Thus, even when the government lacks reasonable suspicion of criminal activity and the user opts for the strictest privacy controls, Facebook users still cannot expect federal law to stop their private content and communications from being used against them. 

This Article seeks to bring attention to this problem and rectify it. It examines Facebook's architecture, reveals the ways in which government agencies have investigated crimes on social networking sites, and analyzes how courts have interpreted the Fourth Amendment and the ECPA. The Article concludes with an urgent proposal to revise the ECPA and reinterpret Katz before the Facebook generation accepts the Hobson's choice it currently faces: either live life off the grid or accept that using modern communications technologies means the possibility of unwarranted government surveillance."

top

Righthaven Reeling: Secret Doc Could Doom a Copyright Troll (ArsTechnica, 18 April 2011) - If a company's entire business model is predicated on bringing copyright infringement lawsuits, you might expect that company to make sure it actually has the right to sue first. But a newly unsealed court document casts some doubt on Righthaven's rights; defense attorneys are already using the new document to say that Righthaven cases are a "sham" and are "invalid." And Righthaven's moves to keep this document secret have angered the judge in the case, who ripped into Righthaven in spectacular fashion last Thursday as he unsealed the document. In just over a year, Righthaven has sued several hundred people for copyright infringement over newspaper articles and photographs. The company's epic run of copyright trollery has produced some preposterous cases-suing an Ars Technica writer, suing a paper's own sources for an article, suing nonprofits without warning or takedown requests-and judges have ruled against Righthaven several times on fair use grounds. Still, leaving aside questions of ethics and tactics, it was widely assumed that Righthaven actually had the standing to sue. After Righthaven's Strategic Alliance Agreement was unsealed in a Nevada federal court last week, however, defense attorneys have savaged the company, saying that its copyrights are a "sham" and are "invalid." Lawyers in several different cases have already moved for dismissals and fees. The agreement was revealed (late) during discovery in a Righthaven lawsuit against Democratic Underground. Righthaven is currently attempting to dismiss the suit, but Democratic Underground lawyers won't let them, asking instead for the court to first rule on the issue of fair use in the case. Righthaven has repeatedly tried to dismiss lawsuits that weren't going well rather than let them come to judgment. The agreement describes a 50/50 revenue split between Righthaven and Stephens Media. In addition, the agreement appears to give Righthaven only the right to sue over the story or photograph at issue, but not to exploit it in any other way. Past court cases have ruled that companies cannot bring copyright suits unless they control one of the "exclusive rights" enumerated in the Copyright Acts, rights including copying, distribution, public performance, etc. The "right to sue" is not among them. "Righthaven has been conveyed no rights in the work at issue other than the right to sue for infringement," argue Democratic Underground's lawyers, "a fact that renders the assignment to Righthaven invalid."

top

Steven Bradbury on Cybersecurity (Lawfare, 18 April 2011) - The Harvard National Security Journal has just posted a very interesting essay by Steven Bradbury entitled The Developing Legal Framework for Defensive and Offensive Cyber Operations . (Steve was my successor in running the Office of Legal Counsel for the last four and a half years of the Bush administration.) Steve says he is "not a noted expert on cybersecurity," but then adds that he "did have occasion to advise on cybersecurity issues" while in OLC. As the head of OLC he wrote an important opinion on the legality of the EINSTEIN 2.0 intrusion detection system for government networks (a decision affirmed and elaborated upon by my colleague David Barron when he was running OLC for the Obama administration.) Part of Steve's essay tracks his OLC opinion in explaining why EINSTEIN 2.0 is consistent with the Fourth Amendment and relevant statutes. But Steve goes beyond that opinion and addresses several further issues. He emphasizes that he is "speaking only for [himself] - not for my law firm and not for any current or former client." Nonetheless, the issues he addresses, and the tentative answers he gives, shed more light on the cybersecurity legal issues facing the government, and how the government might be thinking about them, than any source I know. For example, Steve argues that EINSTEIN 2.0 can be expanded to private entities like Defense contractors. "It should be pretty straightforward to do so," he maintains, "provided the network is owned or operated by a single entity or group of entities and is set up like an intranet with a limited set of authorized users, and provided the operator can agree by contract or can be required by regulation to use log-on banners and user agreements like those employed by the federal agencies participating in EINSTEIN." But Steve is skeptical that EINSTEIN 2.0 can be extended to "the public Internet itself." More interesting than Steve's comments on EINSTEIN 2.0 are what he says about offensive cyber operations, including covert cyber-operations, the Title 10 v. 50 debate as it applies to cyber, customary law limitations on cyber operations, and legal issues related to "using offensive cyber capabilities to block or disrupt the servers overseas where WikiLeaks is holding the sensitive U.S. information." The essay is a must-read for those interested in legal issues related to cybersecurity.

top

Best Practices for Keeping Your Home Network Secure (NSA, April 2011) - The cyber threat is no longer limited to your office network and work persona. Adversaries realize that targets are typically more vulnerable when operating from their home network

since there is less rigor associated with the protection, monitoring, and maintenance of most home networks. Home users need to maintain a basic level of network defense and hygiene for both themselves and their family members when accessing the Internet. [Editor: contains common-sense recommendations.]

top

ACLU: Michigan Cops Stealing Drivers' Phone Data (CNET, 19 April 2011) - The Michigan State Police have started using handheld machines called "extraction devices" to download personal information from motorists they pull over, even if they're not suspected of any crime. Naturally, the ACLU has a problem with this. The devices, sold by a company called Cellebrite, can download text messages, photos, video, and even GPS data from most brands of cell phones. The handheld machines have various interfaces to work with different models and can even bypass security passwords and access some information. The problem as the ACLU sees it, is that accessing a citizen's private phone information when there's no probable cause creates a violation of the Constitution's 4th Amendment, which protects us against unreasonable searches and seizures. To that end, it's petitioning the MSP to turn over information about its use of the devices under the Freedom of Information Act. The MSP said it's happy to comply, that is, if the ACLU provides them with a processing fee in excess of $500,000. That's more than $100,000 for each of the five devices the MSP says it has in use.

top

- and -

Police Use Data Shared by TomTom GPS Users to Set Targeted Speed Traps (Law.com, 3 May 2011) - Companies that ask you to allow them to collect information about your use of their product may have good intentions, but sometimes purchasers of that information may have other plans. For example, when you sign up for the TomTom GPS device service, the company asks you if it is OK if they collect "travel time information," and most users agree to this. TomTom says it uses this information to "create high quality traffic information and to route you around traffic jams and get you to your destination as quickly and safely as possible." So far, so good, right? TomTom also sometimes makes this information available to local governments and authorities so that authorities can "better understand where congestion takes place, where to build new roads and how to make roads safer." Again, no problem. Last week, however, TomTom's CEO Harold Goddijn wrote a letter to the company's customers letting them know that, in at least some areas, local police have used the data in an "unforeseen" way that may make TomTom users wish they had never agreed to share information: to place speed cameras where the shared TomTom data shows average speed is higher than the legally allowed speed limit. In his letter, Goddijn writes that TomTom "fully understands some of customers do not like this and we will amend the licensing conditions to stop this type of usage in near future." PC Mag reports that TomTom started selling traffic data to governments earlier this year as a way to supplement weak earnings. After a Dutch newspaper reported that Dutch police were using the data to target speed traps, however, customers became upset, prompting Goddijn's letter.

top

- and -

Password Protected? Can a Password Save Your Cell Phone from the Search Incident to Arrest Doctrine? (SSRN, Adam Gershowitz, 31 August 2010) - Abstract: "Over the last few years, dozens of courts have authorized police to conduct warrantless searches of cell phones when arresting individuals. Under the so-called search incident to arrest doctrine, police are free to search text messages, call histories, photos, voicemails, and a host of other data if they arrest an individual and remove a cell phone from his pocket. Given that courts have offered little protection against cell phone searches, this article explores whether individuals can protect themselves by password protecting their phones. The article concludes, unfortunately, that password protecting a cell phone offers minimal legal protection. In conducting a search incident to arrest, police may attempt to hack or bypass a password. Because cell phones are often found in arrestees' pockets, police may take the phones to the police station where computer savvy officers will have the time and technology to unlock the phone's contents. And if police are themselves unable to decipher the password, they may request or even demand that an arrestee turn over his password without any significant risk of the evidence on the phone being suppressed under the Miranda doctrine or as a Fifth Amendment violation. In short, while password protecting a cell phone may make it more challenging for police to find evidence, the password itself offers very little legal protection. Accordingly, legislative or judicial action is needed to narrow the search incident to arrest doctrine with respect to cell phones."

top

iPhones Secretly Track Their Users' Locations (CNN, 20 April 2011) - Apple devices appear to be tracking their owners' locations and storing data about people's whereabouts without their knowledge, according to a report posted Wednesday on a site called iPhone Tracker. The unauthorized surveillance started in June 2010, when the latest version of Apple's mobile operating system was released, according to two researchers who say they discovered a hidden tracking file and posted it out of concern for users. Apple has not responded to the allegations. The researchers have posted a program online that will let any iPhone user see a map of his or her location over time, going back to June, when iOS 4.0 was released. The program's developers, listed as Alasdair Allan and Pete Warden, say this data is stored on a person's iPhone or 3G-enabled iPad and on computers that are synced with those devices. There's no evidence, they say, that the data is also transmitted to Apple as it's collected. "Cell phone providers collect similar data almost inevitably as part of their operations, but it's kept behind their firewall. It normally requires a court order to gain access to it, whereas this is available to anyone who can get their hands on your phone or computer," they write. [Editor: Wow! I ran the referenced program - on my Macintosh it pulled the phone's GPS data from a backup file on the laptop, and then graphed it onto a map, which you can zoom in, temporally and/or positionally; somehow it shows me in Canada, where I know my phone has not been. Related NYT story here:http://www.nytimes.com/2011/04/21/business/21data.html?_r=1 Apple's official Q&A on April 27 doesn't seem to explain why they've associated date/time with location. On May 4, Apple released a software update to reduce the location cache size, disable it when "Location Services" are off, and to stop backing up the cache to connected computers. See also Bought Your Child An iPhone? Stalk Them With Footprints (TechCrunch, 5 May 2011)]

top

- and -

Atoms vs. Bits: Your Phone in the Eyes of the Law (The Atlantic, 26 April 2011) - On the last Friday in November in 2007, James Nix was riding shotgun in a car driving through the streets of Albany, Oregon, a freeway passthrough town between Salem and Eugene. Nix had several outstanding warrants for possession of a controlled substance, endangering the welfare of a minor and violating his parole on an earlier drug conviction. Earlier that day, an Albany police officer saw Nix take a call on his cell and then immediately after sell drugs to someone in classic hand-to-hand, money for drugs, switch. So, he'd tipped off another officer by the name of Jones to watch for the car. After investigating Nix for several weeks, they were going to make an arrest. Officer Jones pulled Nix's friend over in a lawful traffic stop and Nix bolted. He didn't get far before being apprehended, though, and Jones patted him down, finding 22 clear plastic baggies often associated with drug dealing, $370 in cash and a cellphone. Jones said while he counted the money, the phone rang "continually." With enough evidence to make an arrest for selling drugs, Jones called Nix's investigators, who told him to deliver the phone to the Albany PD's mobile phone expert. Without a warrant, the forensics analyst searched the entire contents of the phone and "found text messages that he believed were drug related and images 'consistent with methamphetamine.'" They were subsequently used against Nix in a trial which found him guilty. Ask yourself: Do you think it was OK for the police to search the contents of Nix's phone without a warrant? It's a complicated issue. We have rules against warrantless searches for good reason. On the other hand, law enforcement doesn't want to lose the ability to do everything it can to catch people they think are criminals. Here's the legal issue at the heart of the case, which will be argued before the Oregon Supreme Court next week. We all know that the Fourth Amendment to the Constitution protects everyone from "unreasonable" search and seizure. Since the 18th century, though, many cases have touched on how to define what is and is not unreasonable. Under English common law, it was generally considered reasonable for the police to search you while you were being arrested. It became known as the "search incident to arrest exception" and has been around in American law for well over 100 years. The big change to the exception came in the 1969 case Chimel vs. California, which laid out a key exception to the exception. Namely, if a suspect was arrested in his home, the police couldn't search his whole house. As Wikipedia summarizes it, the police could only search, "the area within the immediate control of the suspect," or as James Nix's attorney Bronson James more colorfully put it, there is a "wingspan rule." If you can reach it, the cops can search it.

top

- and -

Telling Traces (IT Conversations podcast by Deborah Estrin, 30 March 2011) - As an expert in localization and sensory networks Deborah Estrin explains what can be learned and shared in the richness of digital traces of activity. She talks about GIS potential for improving commute patterns as well as calculating one's carbon footprint. The ability to corral data and mash up with maps and analytics empowered high school students to accurately estimate and share their carbon impact. Tracing of individual activity does not just involve automated traces but also experience sampling. A patient's struggle with diabetes and hypertension can yield opportunities to help patients having difficulty with side effects of medications. Self analytics may be prescribed to monitor effects or drug interactions in real-time. This has the potential to prevent a day from being interrupted or lost entirely because of medication challenges. Estrin contends that the capacity of our pretransactional information to be as private or as public we care top make it has drawbacks that users should be circumspect about. If recordable, thoughts, feelings and their biological indicators, probably should not be stored on a cell phone. Use of secure cloud storage could be effective in managing personal information in educated ways and using best practices.

top

E-Discovery Audio Search (KM World, 20 April 2011) - ZyLAB has unveiled its Audio Search Bundle, a desktop software product engineered to identify relevant audio clips from multimedia files and from business tools such as fixed-line telephone, VOIP, mobile and specialist platforms such as Skype or MSN Live. It is designed for technical and non-technical users involved in legal disputes, forensics, law enforcement and lawful data interception to search, review and analyze audio data with the same ease as more traditional forms of electronically stored information (ESI). ZyLAB says Audio Search Bundle transforms audio recordings into a phonetic representation of the way in which words are pronounced, so that investigators can search for dictionary terms as well as proper names, company names or brands without the need to "re-ingest" the data.

top

Another "Round" of Data Insecurity (Steptoe's E-Commerce Law Week, 21 April 2011) - The Massachusetts Attorney General has reached a settlement with the Briar Group LLC, the owner of bars and restaurants in the Boston area, over a data breach in 2009 that exposed over 120,000 debit and credit card accounts of customers. The AG alleged that Briar had engaged in "unfair and deceptive practices" under Massachusetts law by accepting customers' payment cards without taking reasonable steps to secure the customers' personal information. Notably, the breach occurred before the effective date of Massachusetts' data security regulations. But, just as the FTC has done at the federal level, the Massachusetts AG determined that the lack of what she considered reasonable security measures constituted a violation of the law. In addition to paying a civil fine of $110,000, Briar must comply with the Massachusetts data security regulations and the Payment Card Industry Data Security Standards - which, of course, it is required to do, anyway.

top

Courtroom Social Media Lab Readies for May 2 Launch (Ambrogi, 22 April 2011) - An innovative experiment that will turn a working Massachusetts courtroom into a test lab for social media in the courts is gearing up to launch on May 2. Once it starts, most of what happens in the courtroom at Quincy District Court will be streamed live over the Web for anyone to see. In addition, a designated area of the courtroom will be reserved for bloggers and citizen journalists. The courtroom will be equipped with WiFi to access the Internet. Originally named "Order in the Court 2.0," the project has now been renamed OpenCourt. Its website, when it launches, will be at OpenCourt.us. The camera providing the live feed will be controlled by the judge, who will be able to turn it off in certain circumstances. The camera will be turned off for most domestic violence cases and also in any proceedings where state law or court rules prohibit cameras. In addition, the judge will be able to turn off the camera as a matter of judicial discretion. The video feed will be archived and will be available for use by news organizations, bloggers and others. [Editor: see also Take Peek Into Your Local Courtroom with OpenCourt (ReadWriteWeb, 3 May 2011)]

top

The New York Times' Cascade: Data Visualization for Tweets (Mashable, 22 April 2011) - The research and development department of The New York Times has recently been pondering the life cycle of the paper's news stories in social media - specifically, on Twitter. Cascade is a project that visually represents what happens when readers tweet about articles. Even now, however, Cascade is more than just a nifty data visualization. Some journalists think it also gives us new ways of to think about and optimize for sharing and engagement on the social web, especially since it helps identify the most influential sharers, the more shareable terms, and more. Its creators write on the project's website that Cascade "links browsing behavior on a site to sharing activity to construct a detailed picture of how information propagates through the social media space. While initially applied to New York Times stories and information, the tool and its underlying logic may be applied to any publisher or brand interested in understanding how its messages are shared." [Editor: includes interesting 4-minute video.]

top

Ubuntu Linux Boosted by 10,000 Seat PC Win (IT World, 22 April 2011) - Canonical has taken the wraps off a morale-boosting deal that has seen German insurance giant LVM Versicherungen convert 10,000 PCs to use Ubuntu Linux across the company's operations. The project included the conversion of 3,000 desktop and laptop computers in LVM's Muenster HQ with a further 7,000 in the company's agencies around Germany. The core software used by the company is LAS, a Java-based claims-processing application of its own design, backed by Lotus Notes, Adobe's Reader and the OpenOffice suite. The news isn't entirely a surprise given that LVM has been using Ubuntu for some time. But converting a company's entire install base to use the software is still a modest coup. LVM is also a demanding environment for any OS. The company's workforce is bolstered by a small army of self-employed and mobile sales representatives that sell insurance at street and living room level. The LAS system is described as being used by the sales team in an 'always-on' configuration. The official release made no mention of the operating system being displaced but Techworld understands these were running older versions of Windows in recent years.

top

Tech landscape 2011: Top product picks; Rise of Mac viruses; Security for thumbdrives, iPhone; and more (ABA Journal, 26 April 2011) - It's once again time to catch up on the latest-greatest and not so great-in legal technology for attorneys, especially those in solo and small firms. And for that, we turn to authors of the 2011 Solo and Small Firm Legal Technology Guide: Critical Decisions Made Simple-Sharon D. Nelson, John W. Simek and Michael C. Maschke. [Editor: includes recommendations for computerized case management systems.]

top

Biz Cards Go Digital: Firm Adds QR Codes to Business Cards (ABA Journal, 27 April 2011) - A 55-member law firm in northern Virginia is giving its lawyers the option of adding a "Quick Response Code" to their business cards to make it easier to share contact information with colleagues and clients. The Washington Post notes in a brief that while QR codes are common in Europe and Asia, the practice is only recently gaining traction in the United States. The Fairfax-based firm Odin Feldman Pittleman is promoting its adoption of the QR code in a news release (PDF). QR codes, when scanned by smartphones, can transfer more data than could fit on a typical business card and is used as a convenient way to automatically transfer names, addresses and other contact information to digital address books. [Editor: I dropped physical address info from my business cards in 1996; the QR idea is au courant but too late? See " QR Code Resume Makes Your Embossed Paper Look Lame" for more. See also story below about "Bumping" phones to make payments.]

top

Feds to Remotely Uninstall Coreflood Bot from Some PCs (Computerworld, 27 April 2011) - Federal authorities will remotely uninstall the Coreflood botnet Trojan from some infected Windows PCs over the next four weeks. Coreflood will be removed from infected computers only when the owners have been identified by the Department of Justice (DOJ) and they have submitted an authorization form to the FBI. The DOJ's plan to uninstall Coreflood is the latest step in a coordinated campaign to cripple the botnet, which controls more than 2 million compromised computers. Two weeks ago, the DOJ and the FBI obtained an unprecedented temporary restraining order that allowed them to seize five command-and-control (C&C) servers that managed Coreflood. Since then, the U.S. Marshal's Service has operated substitute C&C servers that have disabled the bot on most infected PCs. Those actions have reduced Coreflood by 90% in the U.S. and nearly 75% in other countries, but the government wanted to do more.

top

Why We Need An Open Wireless Movement (EFF, 27 April 2011) - If you sometimes find yourself needing an open wireless network in order to check your email from a car, a street corner, or a park, you may have noticed that they're getting harder to find.

Stories like the one over the weekend about a bunch of police breaking down an innocent man's door because he happened to leave his network open, as well as general fears about slow networks and online privacy, are convincing many people to password-lock their WiFi routers. The gradual disappearance of open wireless networks is a tragedy of the commons, with a confusing twist of privacy and security debate. This essay explains why the progressive locking of wireless networks is harmful - for convenience, for privacy and for efficient use of the electromagnetic spectrum. We will need a political and technological "Open Wireless Movement" to reverse the degradation of this indispensable component of the Internet's infrastructure. Part of the task will simply be reminding people that opening their WiFi is the socially responsible thing to do, and explaining that individuals who choose to do so can enjoy the same legal protections against liability as any other Internet access provider. Individuals, including Bruce Schneier and Cory Doctorow, have laid some of the groundwork. It's time to spread the message far and wide. But an Open Wireless Movement will also need to do technical work: we need to build new technologies to ensure that people have an easy way to share a portion of their bandwidth without affecting the performance of their own network connections while at the same time ensuring that there is absolutely no privacy downside to running an open wireless network. [Editor: I agree completely; part of my home WiFi network is open.]

top

Bank Lets Customers Pay Friends By Bumping iPhones (Mashable, 29 April 2011) - ING Direct customers can now transfer payments to friends with the bump of a cellphone - no account numbers needed. The bank released an updated version of its iPhone app [iTunes link] on Wednesday morning that integrates an API from Bump Technologies, a startup that makes it easy to transfer information between phones by tapping them together. Previously Bump's technology has been used to exchange contact information, photos and music between users. This is the first time that a bank has leveraged it for person-to-person payments. Many banks (including ING Direct) are experimenting with another technology called near field communication (NFC), which could one day power phone-to-phone transactions. But there are a limited number of NFC-enabled devices in the market, and security standards have yet to emerge. Bump is much simpler. The startup's app and API recognize tapping motions and maps them. When a Bump is recognized, a signal is sent to cloud servers that match it with another Bump that occurred at the exact same place and time. It decides those two Bumps are a match, and exchanges information between them. In ING's case, each user will need to log into his or her secure account to send or receive payment. Bump's role is to ID participants in a person-to-person transaction instead of requiring them to type and verify account numbers.

top

Amazon's Cloud Crash Destroyed Many Customers' Data (MSNBC, 29 April 2011) - In addition to taking down the sites of dozens of high-profile companies for hours (and, in some cases, days), Amazon's huge EC2 cloud services crash permanently destroyed some data. Amazon has yet to fully explain what happened when its mission-critical and supposedly bomb-proof systems crashed, but the explanation will be important. As will the explanation for how the company could have permanently destroyed some of its customers data.

top

The Latest from the NLRB on Social Media (Littler, 2 May 2011) - The National Labor Relations Board created a stir in late 2010 by filing an unfair labor practice charge against ambulance company, AMR, for firing an employee who, among other things, called her supervisor a "mental patient" in a Facebook post read by many co-workers. As it turns out, the "Facebook case" was just the beginning of what appears to be a trend by the Board, subsequently joined by unions, to restrict employers' ability to promulgate and enforce social media policies that, in the Board's view, impinge on employees' rights under the National Labor Relations Act. Several recent developments provide a window into the Board's intentions. Last week, the NLRB's Hartford Regional Director, who was responsible for filing the Facebook case, provided useful information about the Board's intentions, both in comments and in handout materials, while speaking on a panel for the Connecticut Bar Association. Below are some of the highlights: * * * [Guidelines, 4 recent filed complaints, best-practices for disclaimers, litigation strategy] * * * In a development that could resonate beyond social media, the Regional Director also revealed that the Regions, at the direction of the Board's Acting General Counsel, are filing complaints to set the stage to reverse the Board's December 2007 decision in Register Guard . In that case, a Republican-dominated Board held that an employer can lawfully impose a broad ban on employee's use of the corporate e-mail system for solicitations and other non-business reasons as long as the policy on its face does not discriminate against union activity and is enforced in a non-discriminatory manner. A reversal of Register Guard could severely crimp employers' ability to regulate employees' social media activity while using corporate electronic resources.

top

EPIC Proposes "Fair Information Practices" for Google (BeSpacific, 3 May 2011) - "Today EPIC submitteddetailed comments on a landmark privacy agreement that requires Google to adopt a "Comprehensive Privacy Plan" to safeguard the privacy and personal information of Internet users. In comments to the Federal Trade Commission, EPIC recommended that the FTC require Google to adopt and implement comprehensive Fair Information Practices http://www.bespacific.com/mt/archives/027172.html

top

New Legal Networking Site Seeks to Keep it Simple (Robert Ambrogi, 5 May 2011) - At the PLI seminar on social media I attended yesterday in New York, one of the speakers, Kelly Hoey, remarked, "I don't ever again want to have to fill out another social media profile." Well Kelly, meet Lawford, a new professional networking site for lawyers that fills out your profile for you. This week marks the private-beta launch of Lawford. Lawford's developers have the ambitious goal of building the largest legal networking platform in the world. In fact, they say that they hope someday to have every lawyer in the world become a contributing part of the site. [See original article for an invite code.] Given the tough time other legal-vertical networking sites have had building up any critical mass of users, not to mention the ABA's recent shuttering of its networking site, Lawford has its work cut out for it. That said, it is approaching the legal market in a unique way, one that cuts out much of the work of joining a professional network. Recognizing that lawyers are tight on time, Lawford aims to make the sign-up process as painless as possible. To do this, it has assembled data on literally every lawyer in the United States. What that means is that it knows who you are before you ever tell it a thing about yourself.

top

Tattoo Design May Halt the Release of Hangover II (CaseClothesed, 5 May 2011) - Tattoo Artist S. Victor Whitmill is suing Warner Bros. Entertainment for using his "art work" on their film "The Hangover Part II." Whitmill originally created the tattoo piece on Mike Tyson's face, and now a main character in "The Hangover Part II" movie is using the same tattoo on his face. Whitmill states that he owns the artwork and the copyright in the original tattoo, and the unauthorized placing of the exact tattoo on another character constitutes copyright infringement. Are tattoos protected, and should Warner Bros. have contacted Whitmill to obtain permission to use it in the film? Maggie Sicklinger recently wrote an article pertaining to this issue, clickhere to read it. The article stated that the Ninth Circuit recently decided in Anderson v. City of Hermosa Beach No. 08-56914, that tattooing is an expressive activity similar to pen and ink drawings, and therefore entitled to full First Amendment protection! Copyright protection extends to expressive work "fixed" in a tangible medium and according to this case, artwork on the body of a person is copyright protected.

top

Applying the Rules of Evidence Related to Authentication to Online Sources (Volokh Conspiracy, 6 May 2011) - Evidence law has special rules that require someone who wants to introduce a document to first introduce "foundation" evidence that shows the document was indeed written by the person who supposedly wrote it; this is called "authentication." Griffin v. State, decided by Maryland's highest court on April 28, has an interesting discussion of how those rules play out with regard to online sources. The case itself involved the authentication of a MySpace Web page, but the discussion can apply to many other online sources as well. Note that this is a different matter than deciding the reliability of an online source, or the admissibility in other respects of an online source (e.g., whether the source contains inadmissible hearsay). It is also a different matter than deciding the factual authenticity of the source given a dispute about the foundation evidence (e.g., if A denies that he wrote a Web page, but B testifies that he had heard A say he did write the Web page). The question is simply what factual foundation - however disputed that factual foundation might be - has to be presented before the document can even be introduced into evidence. It would then be up to the jury to resolve any factual disputes related to that foundation evidence. Here's the court's discussion of some ways that Web page such as a Myspace page can be authenticated in the legal sense, so that the sites' contents can be introduced as evidence: * * *

top

Archiving the Web for Scholars (InsideHigherEd, 6 May 2011) - Many scholars, while struggling to find and patch together the surviving fragments of historical documents, have probably longed for a time machine. In the era of Internet research, they might finally get their wish. Sort of. The Internet Archive, a nonprofit founded in 1996, has provided libraries and other institutions with the tools to preserve "the ephemera of the Web" - websites and their various documents, images, videos, and links - not just by caching a snapshot of the "landing page," but by copying and preserving entire domains that researchers can navigate just as they would have at any point in the site's history - even if the site moves, changes, or disappears. Many libraries are beginning to use the Internet Archive, and its popular WayBack Machine, to develop scholar-friendly archives of websites. The organization currently hosts collections of archived websites for more than 60 different colleges and universities. The idea is essentially to preserve websites the way libraries have long preserved newspapers via microform. As the Internet has increasingly become society's medium of record, it has become common for the authors of scholarly papers to cite Web content that has no corresponding print documents. (Several academic style guides recently added guidelines for citing Twitter and Facebook content.) Web addresses have become so unreliable that the Modern Language Association recently stopped requiring scholars to include URLs when citing websites, instructing them instead to include information that might help readers hunt down the site with search engines. It would be simpler, of course, if they could just cite a library archive where the relevant version of the website is preserved in suspended animation, Wolven says.

top

NOTED PODCASTS

Hearsay Culture - Interview with Prof. David Post (56 minutes; 12 April 2011) - Interview with Prof. David Post of Temple University Beasley School of Law, author of In Search of Jefferson's Moose: Notes on the State of Cyberspace. [Editor: fairly interesting discussion of Jeffersonian precepts, in the context of "The Law of the Horse", et al.]

top

RESOURCES

Privacy Protections for Personal Information Online (CRS, 6 April 2011) - There is no comprehensive federal privacy statute that protects personal information. Instead, a patchwork of federal laws and regulations govern the collection and disclosure of personal information and has been addressed by Congress on a sector-by-sector basis. Federal laws and regulations extend protection to consumer credit reports, electronic communications, federal agency records, education records, bank records, cable subscriber information, video rental records, motor vehicle records, health information, telecommunications subscriber information, children's online information, and customer financial information. Some contend that this patchwork of laws and regulations is insufficient to meet the demands of today's technology. Congress, the Obama Administration, businesses, public interest groups, and citizens are all involved in the discussion of privacy solutions. This report examines some of those efforts with respect to the protection of personal information. This report provides a brief overview of selected recent developments in the area of federal privacy law. This report does not cover workplace privacy laws or state privacy laws.

top

The Path of Internet Law: An Annotated Guide to Legal Landmarks (forthcoming Duke Law & Tech Review, 3 April 2011) - Abstract: "In the classic holiday film "It's a Wonderful Life," a disillusioned George Bailey (played by Jimmy Stewart) makes a wish that he had never lived. Clarence, the Angel in training, grants George his wish and shows him how life in his hometown would have been different if he had never been born. Our Article asks how the law of intellectual property and legal research have been reshaped by the creation of the Internet. This Article provides guideposts for the best legal resources for Internet law to assist busy lawyers and legal academics in tracing the past, present, and future path of Internet Law. This Article unfolds in three parts: Part I traces the path of the history of the Internet as a technology. Part II is a brief timeline of Internet case law and statutory developments for Internet-related intellectual property (IP) law developments. This part of the article highlights intellectual property, but our broader point is that Internet law illuminates every substantive and procedural aspect of U.S. law. During this formative period, the Internet reshaped the path of each branch of the law of intellectual property. Part III presents an annotated guide to the best research resources to assist academics and policymakers in tracing the future path of Internet Law. The future path of Internet law will be less U.S. centric, therefore we review the best available sources for tracing the path of Internet law in a global setting. Finally, we conclude by hazarding some predictions based upon the "sibylline leaves" gathered from extant Internet case law and statutory developments about the future of Internet law."

top

DIFFERENT

Google Map Maker and Admissions (InsideHigherEd, 21 April 2011) - Strategic Enrollment Management (SEM) professionals should be some of the most tech-savvy student affairs practitioners at your campus. With useful technologies being released seemingly on a daily basis, it is crucial that SEM directors, especially those who work in Admissions, be plugged in to new ways that technology can be used to market their campuses. One of the most popular posts on my personal blog is also one of the simplest -- "Campus maps and Google." The post is essentially a snapshot of how some schools use the Google Maps API to create a custom Google map for their campus. Numerous institutions use this option for their campus map. This week,Google announced the availability of Google Map Maker for the United States. Google Map Maker allows users to label building locations, create unique paths/shortcuts, and label the outline of buildings. It's evident that Google recognizes the potential benefit for higher education institutions. The "getting started" web page for Google Map Maker features a section for " Schools and Universities." With Google Map Maker, anyone with a Google account can create custom content on top of your institution's Google Map presence. While the potential for amazing user-generated content is massive, it will be interesting to see if Admissions personnel will utilize Map Maker content.

top

LOOKING BACK - MIRLN TEN YEARS AGO

ONE-THIRD OF ONLINE AMERICA IS ON AMERICA ONLINE A new study by market research firm Jupiter Media Metrix says that 33% of the time Americans spent online last month was spent at services offered by AOL Time Warner, while America Online competitors lagged far behind: Yahoo at 7% and Microsoft sites at 6%. And why are all these people online at AOL? They've got messages. Instant messaging and e-mail accounted for half of all the minutes spent on AOL. A Jupiter senior industry analyst explained: "What this shows is the power of the AOL business model. AOL mixes a content service with an access business and a software business. That mix allows them to control the environment you're living in much more than their competitors do, leading to more time with AOL." (Washington Post 27 Feb 2001) http://washingtonpost.com/wp-dyn/articles/A58901-2001Feb26.html

top

PRINCETON PROFESSOR BOWS TO RECORDING INDUSTRY (Salon.com, 26 April 2001) -- Bowing to the threat of legal action from the recording industry, a Princeton computer scientists decided against presenting a paper Thursday on how the research team he led broke security on digital music. Edward Felten, an associate professor in Princeton University's computer science department, had remained mum for days on whether he would present the paper at the International Information Hiding Workshop, announced he would not make the information public because threats of legal action had been made against the authors. Early this month, the Secure Digital Music Initiative Foundation -- which has ties with the Recording Industry Association of America -- sent Felten a letter suggesting he could be sued if he released information on how "watermarks" encrypted into digital music files could be broken. http://www.salon.com/tech/wire/2001/04/26/riaa/index.html [Editor: I'll be with Ed next month at the Privacy Law Scholars Conference; Ed now is the FTC's chief technologist.]

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln. Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. BNA's Internet Law News, http://ecommercecenter.bna.com

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. Law.com

11. Readers' submissions, and the editor's discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose . top

No comments: