MIRLN --- 19 August - 8 September 2012 (v15.12)
NEWS | LOOKING BACK | NOTES
- Software Can Be a "Good" under the California UCC
- Huge Jump in Number of Fines for UK Data Breaches
- Pipeline Cybersecurity: Federal Policy
- A MOOC Without an Instructor
- Shrinkwrap Licenses and IP
- Political Junkies Take Note: YouTube Launches New Elections Hub
- No Privacy Claim Against Netflix for Disclosing Viewing Histories and Instant Queue Titles Through Netflix-Enabled Devices
- New Documents Show That Feds Share License Plate Scanning Data With Insurance Firms
- YouTube Will Now Let Mobile Users Choose Whether to Watch Ads
- U.S. Becomes First Participant in APEC Cross-Border Privacy Rules System
- Judge Rules EBay Not Covered By Americans With Disabilities Act
- Announcing a Guide to Reporting at the 2012 Republican and Democratic National Conventions
- The State of Cybersecurity Disclosure: Is Congressional Action Next?
- SEC Guidance on Cyber-Disclosure Becomes Rule for Google
- White House Plans to Regulate Contractor Computer Security
- How Do You Say 'Public Forum Doctrine' in Hawaiian?
- Federal Court Allows Service of Complaint and Summons Via Yahoo Email Account
- Federal CIO Council Releases BYOD Toolkit
- Posner on "Staleness" of Digital Evidence
- Facebook and Twitter: A No-No for Federal Jurors
- The Feds Try Again, But Just Won't Say Why
- Judge Dismisses BancorpSouth Defense in Online Theft Suit
- How Copyright Has Driven Online Streaming Innovators Insane
- Manual Examines How International Law Applies to Cyberwarfare
- E-Mail Service for All Documents in Florida Cases
- FTC Publishes Guide to Help Mobile App Developers Observe Truth-in-Advertising, Privacy Principles
- Police Seizure of Text Messages Violated 4th Amendment, Judge Rules
- FBI vs. Google: The Legal Fight to Unlock Phones
Software Can Be a "Good" under the California UCC (Charlie Bieneman, 9 August 2012) - Sale of a software license constituted sale of a "good" for purposes of applying the California UCC. Gross v. Symantec Corp. , No. C 12-00154 CRB (N.D. Cal. July 31, 2012). A putative class action plaintiff sued Symantec, alleging that a free trial for its software "was essentially a scam, and that the software does not increase security." Among other causes of action, the plaintiff alleged a breach of the express warranties set forth in the California Uniform Commercial Code, Cal. Com. Code § 2312 . The court held that, in California, the UCC applied to this type of software transaction, and UCC warranties could govern the license. Symantec argued that the California UCC "only covers the sale of goods, which excludes licenses for the use of intellectual property, like Symantec's software." Citing RRX Indus., Inc. v. Lab-Con, Inc., 772 F.2d 543, 546 (9th Cir. 1985), the court acknowledged that "[s]oftware transactions often straddle the line between goods and services, so courts look to the 'essence of the agreement' to determine how best to characterize the transaction." The transaction here was similar to a retail purchase of licensed software at a bricks and mortar store, to which the Ninth Circuit had previously suggested the California UCC would apply. The present software transaction "resembles the sale in RRX Industries, except that it doesn't include the installation, training, maintenance, and upgrading services that might have jeopardized the applicability of the California UCC in that case."
Huge Jump in Number of Fines for UK Data Breaches (Help New Security, 15 August 2012) - The Information Commissioner's Office (ICO) has revealed a huge increase in the number of penalties handed out for organisations in breach of the Data Protection Act. Over the last year, ICO has issued 68 warning notices for data security lapses, which is up 48 percent from the same point last year. Its fines reached nearly £2m over the last year. According to these figures, the ICO has also increased the amount and frequency of fines it hands out, with 15 fines totalling £1.8m imposed over the past year - a significant increase on the mere six fines totalling £431,000 it handed out in the previous year.
Pipeline Cybersecurity: Federal Policy (CRS Report, 16 August 2012) - The vast U.S. network of natural gas and hazardous liquid pipelines is integral to U.S. energy supply and has vital links to other critical infrastructure. While an efficient and fundamentally safe means of transport, this network is vulnerable to cyber attacks. In particular, cyber infiltration of supervisory control and data acquisition (SCADA) systems could allow successful "hackers" to disrupt pipeline service and cause spills, explosions, or fires-all from remote locations. In March 2012, the Department of Homeland Security (DHS) reported ongoing cyber intrusions among U.S. natural gas pipeline operators. These intrusions have heightened congressional concern about cybersecurity in the U.S. pipelines sector. The Transportation Security Administration (TSA) is authorized by federal statute to promulgate pipeline physical security and cybersecurity regulations, if necessary, but the agency has not issued such regulations. TSA officials assert that security regulations could be counterproductive because they could establish a general standard below the level of security already in place for many pipelines. An April 2011 White House proposal and the Cybersecurity Act of 2012 (S. 2105) both would mandate cybersecurity regulations for privately owned critical infrastructures sectors like pipelines. A revised version of S. 2105, S. 3414, would permit the issuance of regulations but would focus on voluntary cybersecurity measures. While the pipelines sector has many cybersecurity issues in common with other critical infrastructure sectors, it is somewhat distinct in several ways * * *
A MOOC Without an Instructor (InsideHigherEd, 21 August 2012) - There's a new kind of massive open online course (MOOC), and it lacks an instructor, The New York Times reported. The course will combine existing materials from the Massachusetts Institute of Technology OpenCourseware project, quizzes from Codeacademy and study groups from Open Study, and will be coordinated by Peer 2 Peer University. With those services, organizers said, an instructor (while central to other MOOC offerings) won't be necessary. The first offering will be on a computer programming language and is called "A Gentle Introduction to Python." InsideHigherEd's take on the program: http://www.insidehighered.com/blogs/hack-higher-education/mechanical-mooc
Shrinkwrap Licenses and IP (MLPB, 21 August 2012) - Mark A. Lemley, Stanford Law School, has published Intellectual Property and Shrinkwrap Licenses. Here is the abstract: Intellectual property -- right, wrong, or indifferent -- is well on its way to becoming irrelevant in the computer world. The reason is that the debate over the appropriate scope of intellectual property protection for computer software largely ignores the role of contract law in setting rights. Software vendors are attempting en masse to "opt out" of intellectual property law by drafting license provisions that compel their customers to adhere to more restrictive provisions than copyright (and even patent) law would require. These software license agreements are of two types: bargained agreements for custom software, and unbargained "shrinkwrap licenses" imposed on mass-market purchasers. As software has become a mass-market commodity, the shrinkwrap license has tended to predominate. Can software vendors really avoid the rules of intellectual property law entirely? Can they "pick and choose" among the rights and responsibilities of copyright law, adopting copyright when it suits their purposes and discarding it otherwise? By and large, the answer to these questions has depended on whether and under what conditions shrinkwrap licenses are enforceable. This article discusses the theoretical arguments in favor of and against enforcing such shrinkwrap license terms. After weighing these arguments, I conclude that shrinkwrap licenses should not be effective to alter the balance of rights created under federal law. Paper here .
Political Junkies Take Note: YouTube Launches New Elections Hub (LA Times, 22 August 2012) - Political junkies will soon have a new place to get their campaign coverage fix. YouTube on Wednesday launched an Elections Hub to provide extensive online campaign coverage. The new channel will feature political reporting and analysis from such established sources as ABC News, Al Jazeera English, The New York Times, Wall Street Journal and Univision, together with popular online sources Philip DeFranco and BuzzFeed. In a reflection of the Internet's growing importance as a source of news for viewers younger than 30, YouTube's Elections Hub will offer live coverage of the Republican and Democratic national conventions and, for the first time, provide live streaming of the presidential and vice presidential debates. "We've seen there is a huge demand for political news on YouTube," said Olivia Ma, YouTube's news and politics manager. The campaigns of President Barack Obama and his likely Republican challenger, Mitt Romney, have uploaded more than 600 videos to their respective YouTube channels since April 2011, Ma said. Those campaign videos, and others mentioning the two presidential candidates, have collectively attracted almost 2 billion views on YouTube, she said. With Election Hub, viewers will select the coverage they want to follow from a menu of options. Once they've made a choice, they'll be able to watch live and on-demand campaign coverage -- and participate in discussions.
No Privacy Claim Against Netflix for Disclosing Viewing Histories and Instant Queue Titles Through Netflix-Enabled Devices (Eric Goldman's blog, 22 August 2012) - This is a putative class action under the Video Privacy Protection Act alleging Netflix violated the VPPA (and Cal. Civ. Code 1799.3) by .. get this .. freely displaying, to a subscriber's family members, a subscriber's "recently watched" and "instant queue titles" on the subscriber's Netflix-Enabled Device. I'm surprised the court didn't just enter a three word order ("WTF") dismissing the claim. Netflix allows you to register devices that can access your Netflix account. Once you enter your password, you need not keep entering it in again. Plaintiffs alleged that this was a problem because a subscriber's family members could then access the device and see a subscriber's "recently watched" and "instant queue" titles without entering a password. Netflix did not contest that the VPPA applies to streaming video providers. As cited by the court, a different judge in the Northern District of California recently concluded that Hulu was subject to the VPPA regardless of the fact that it offers streaming services and doesn't charge its customers for some of its services. Nevertheless, the court says that plaintiffs cannot state a claim because the disclosures in question were made to the customers themselves (i.e., through their devices). Although not determinative, the court notes that Netflix's privacy policy tells users that if they share their devices or passwords with others, they take "full responsibility for their actions." Case is Mollett v. Netflix , 11-CV-01629 (N.D. Cal.; Aug 17, 2012)
New Documents Show That Feds Share License Plate Scanning Data With Insurance Firms (TechDirt, 22 August 2012) - It's one thing for governments to make use of license plate scanning equipment to catalog what cars are crossing their borders. But it takes it to a whole different level to then share that data with insurance firms . However, it appears that's exactly what the US government is doing. A Freedom of Information Act request by privacy group EPIC, discovered that US Customs (part of Homeland Security) is sharing license plate scans with the National Insurance Crime Bureau (NICB), which is actually an organization made up of just about every insurance company. The reasons for such sharing of info may appear to be noble. It's technically to try to spot stolen vehicles: The purpose of furnishing LPR information is to verify that vehicles departing from and arriving into the United States are not stolen vehicles. NICB has access to unique information regarding stolen vehicles, as well as the means of exchanging information regarding stolen vehicles with member insurance company Special Investigative Units and Federal and State law enforcement authorities.
YouTube Will Now Let Mobile Users Choose Whether to Watch Ads (NYT, 22 August 2012) - People often visit Web sites on their mobile phones as much or more than they do on computers. But that leaves Web companies with a challenge: how to make money on phones, where there is less space for advertisements and people have less patience for them? YouTube thinks it has an answer. On Wednesday, it introduced a new kind of ad for its mobile site that lets viewers choose whether or not to watch a video ad, and only charges advertisers if the ad is watched. This type of ad, which YouTube calls TrueView, has been available on computers since late 2010. It is well-suited for viewers using mobile devices, Google executives said, when they are often crunched for time and have little patience for unwanted interruptions.
U.S. Becomes First Participant in APEC Cross-Border Privacy Rules System (Steptoe, 23 August 2012) - The United States has been approved as the first formal participant in the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules system (CBPR). The CBPR system is a self-regulatory initiative designed to enhance the protection of consumer data moving between APEC member nations through a voluntary but enforceable code of conduct implemented by participating businesses. The FTC was also named as the system's first privacy enforcement authority. This move brings the system one step closer to implementation. Although certification under the CBPR system may require many U.S.-based companies to make significant changes to their current data privacy practices, participation in the system will allow for more efficient and secure data exchange with other APEC economies.
Judge Rules EBay Not Covered By Americans With Disabilities Act (OnlineMediaDaily, 23 August 2012) - Siding with eBay, a federal judge has dismissed allegations that the online auction violated the Americans with Disabilities Act by requiring sellers to use a telephone to verify their identities. U.S. District Court Judge Edward Davila in San Jose, Calif., ruled that the federal law -- which prohibits discrimination against people with disabilities -- doesn't apply to online companies like eBay. The 1990 statute says it applies to "places of public accommodation." The ruling, issued earlier this month, dismissed the bulk of a potential class-action lawsuit filed in 2010 by Melissa Earll. She alleged that as a "profoundly deaf" person, she was unable to register with eBay because the company verifies identity through telephone calls. eBay allegedly gives prospective merchants passwords over the telephone; the registrants must then enter those passwords online. Davila dismissed all of Earll's claims and ruled that she can't refile allegations relating to the ADA. "Because Earll will not be able to overcome the fact that the ADA does not apply to eBay.com by amending her complaint, leave to amend is not appropriate," Davila wrote. The decision is at odds with a recent ruling against Netflix, issued by U.S. District Court Judge Michael Ponsor in Massachusetts. That decision allowed the National Association of the Deaf to proceed with its lawsuit alleging that Netflix violates the ADA by failing to provide closed captioning online.
Announcing a Guide to Reporting at the 2012 Republican and Democratic National Conventions (CMLP, 23 August 2012) - As you may have seen on our home page today, the DMLP has released a Guide to Reporting at the 2012 Republican and Democratic National Conventions . I wanted to share a little more about why and how we decided to release this document. As we mentioned already, the conventions are creatures of chaos. Thousands of journalists and even more demonstrators will descend upon these cities. These crowds are typically met with an overwhelming police presence, and the clashes between protesters and the police typically result in numerous arrests. Avoiding police detention as a journalist is often a challenge, as a large tangle of laws regulates crowd behavior, and police often enforce these complex laws with sweep arrests of whole crowds. Many experienced journalists are not strangers to such tough situations, but the nature of the conventions as "national special security events" presents special concerns, especially around the norms journalists establish with local law enforcement. The Secret Service takes the lead during these national security events, and the normal journalist-police relationships that allow journalists to report from over police lines are likely to be jettisoned in favor of a strict enforcement of the law. It is vitally important for journalists to understand the fundamental mechanics of the law while on the ground, so they can be aware of when their actions risk arrest. To that end, we have provided this guide as an overview of the various legal issues presented at the RNC and DNC. Topics in the guide include an overview of basic press freedoms, a discussion of what pack in order to prepare for the situation on the ground, information as to how crowd assembly and speech is regulated (so a journalist can be aware of when police may take action against a crowd of demonstrators), laws related to recording in public, a walkthrough on how to react to interactions with the police, and a review on how your rights change when you are reporting on private land. The guide covers the law in both Tampa and Charlotte as it exists today, with helpful information drawn in from reports on past conventions. The guide is designed to allow the reader to engage at whatever the depth he or she needs. You can review the entire document , or turn to the a summary section at the front and refer to the main text as you like; readers can engage at whatever depth they need. (There's even a one-sheet printout for those that just want to have something to reference while on the ground in Tampa and Charlotte.) We have tried to make the law as clear as it can be, and noted how the police have handled enforcing the law at previous conventions, and where journalists ran into trouble.
The State of Cybersecurity Disclosure: Is Congressional Action Next? (CorporateCounsel.net, 24 August 2012) - It is now going on a year since the SEC issued CF Disclosure Guidance: Topic No. 2, Cybersecurity , and since that time I have been interested in seeing how the Staff has followed up on the guidance in the course of the 10-K review process. It turns out that much like after the Commission issued its interpretive release on climate change disclosures back in 2010, there hasn't been a huge uptick in the number of comments directed at the topic. The Staff has said that the main focus of comments in this area has been on situations where there has been some reported breach, and the Staff is thus particularly interested in seeing specific disclosure about that breach and the related risk or MD&A disclosure. Given this focus, there have not been many instances that I have come across where the Staff is just fishing for cybersecurity disclosures, or commenting specifically on the sometimes vague or generalized risk factors that many issuers have now added. It seems that perhaps Congress isn't too satisfied with the SEC' cybersecurity disclosure efforts, because a provision in the cybersecurity bill that stalled in Congress before the August recess addresses the SEC's guidance and implementation efforts in a "sense of Congress" statement. Notably, Section 415 of S. 3414 observes that information security risks and related events that are material to investors should be disclosed, and to this end the SEC (not later than 1 year from enactment) should evaluate existing guidance, including CF Disclosure Guidance: Topic No. 2, to determine whether the guidance should be updated or issued as an interpretive release. Under the Senate bill, the SEC would also have to provide an annual report to Congress describing the types of security risks and related events disclosed by issuers in the prior year, whether the Staff required additional information of issuers, any awareness efforts undertaken by the SEC , and any enforcement actions relating to disclosure requirements for information security risks. Could a new "Form CS" be too far behind?
- and -
SEC Guidance on Cyber-Disclosure Becomes Rule for Google (Bloomberg, 29 August 2012) - Securities and Exchange Commission guidelines on when companies should disclose cyber-attacks have become de facto rules for at least six companies, including Google Inc. and Amazon (AMZN).com Inc., agency letters show. The six companies were asked to break silence and tell investors in future filings that intruders had breached their computer systems, according to the SEC letters. Companies such as Amazon argued that the attacks weren't important enough to reveal. Hacking admissions can hurt reputations, give competitors useful information and trigger investor litigation. Before the requests, Seattle-based Amazon, the largest Internet retailer, hadn't said in its reports that cyber-thieves had raided its Zappos.com unit, stealing addresses and some credit card digits from 24 million customers in January. In April, Amazon was asked by the SEC to disclose the cyber-raid in its next quarterly filing, which it did. Google (GOOG), the world's biggest search engine, agreed in May to put its previously disclosed cyber-assault in an earnings report. American International Group Inc. (AIG), Hartford Financial Services Group Inc. (HIG), Eastman Chemical Co. (EMN) and Quest Diagnostics Inc. (DGX) were also prodded to improve disclosures of cyber-risks, according to SEC letters available on the regulator's website. The SEC instituted a voluntary disclosure plan in an October advisory. This year, the SEC sent dozens of letters to some companies, asking about cyber-security disclosures and later pushing companies to disclose, spokesman John Nester said. "It's not a rule, but the SEC, by taking a policy position, can effectively create a rule," said Peter Henning, a former SEC lawyer who teaches at Wayne State University in Detroit. "It lets companies know what it would like to happen." Nester declined to say how many companies had been told to disclose in future filings. The SEC disclosure letters aren't all public yet.
- and -
White House Plans to Regulate Contractor Computer Security (NextGov, 27 August 2012) - The Obama administration has drafted plans to require federal contractors to adopt specific cybersecurity safeguards for company equipment that transmits government information. The proposed regulations come as the White House considers issuing an executive order that would regulate computer security at all critical businesses. Industry backlash stopped Congress from mandating such reforms. NASA, the Defense Department and the General Services Administration, which purchases goods and services for agencies across government, released the draft rules Friday. Under the plan, doing business with the government would be contingent on agreeing to protect corporate-owned devices and federal data on websites. This regulation "would add a contract clause to address requirements for the basic safeguarding of contractor information systems that contain or process information provided by or generated for the government (other than public information)," the proposal states. The provision calls for only a few computer protections and leaves vendors substantial flexibility, which troubles some computer security experts. Specifically, the administration wants "current and regularly updated" malware blockers, such as antivirus or antispyware mechanisms, as well as "prompt" installation of software patches and other security updates. Federal data posted to company Web pages must be secured through passwords or other technological restrictions. Information and equipment also would have to be sheltered by one physical element, such as a locked case, and one digital defense, such as a login. Alan Paller, research director for the SANS Institute who frequently advises the administration, called the plan "worse than useless."
How Do You Say 'Public Forum Doctrine' in Hawaiian? (CMLP, 27 August 2012) - It is ridiculously easy to create an online forum. Even just a few years ago, you had to have a fairly high level of technical savvy to put together such a thing - maybe some php or other coding skills, certainly a solid grip on html at the very least. But now, thanks to the likes of Facebook, Google, and plenty of other online megacorporations, all it takes is a few mouse clicks. And as a result, more government entities than ever are getting in on the action and creating forums -- in a technological sense -- for public debate. But are they also creating public forums in a legal sense? In the physical world, when the government sets aside space as free for public use, it is not allowed to discriminate based on the viewpoints that members of the public might express in such spaces. But does that principle extend by analogy to virtual spaces hosted by government agencies? That's the issue highlighted by a case filed just last week in federal court in Hawaii, in which Christopher Baker and Derek Scammon, as well as the Hawaii Defense Foundation (a pro-gun organization), are suing the Honolulu Police Department for constitutional violations after the HPD apparently removed the individual plaintiffs' comments from the Department's Facebook "fan" page. According to the complaint, Baker and Scammon both made a series of posts this past January on the wall of the HPD's " official Facebook page ," challenging the HPD on a variety of topics, including self-defense, illegal searches and seizures, and the like. Although the HPD initially responded to the plaintiffs' posts on the forum, it eventually began deleting their posts as violations of the HPD's forum guidelines, and ultimately banned the pair from the page. And appropriately enough, the case looks like it's going to boil down to a question of whether, in creating its forum on Facebook, the HPD also was creating a public forum in the legal sense. If it did, the HPD will be severely limited in the sorts of content management that it can perform in regard to deleting posts or banning commenters on the page without running afoul of core civil rights like those the plaintiffs are suing over.
Federal Court Allows Service of Complaint and Summons Via Yahoo Email Account (Internet Cases, 28 August 2012) - The government filed a civil suit against defendant for violation of the federal Commodity Exchange Act and related regulations. Try as it may, the government could not successfully serve the complaint and summons by traditional means. So the government asked the court for leave to file the papers via defendant's Yahoo email account. The court granted the motion. During an earlier state investigation, defendand had provided a Yahoo email address while testifying under oath. The government claimed that it had sent several messages to the same account, each time getting a confirmation receipt indicating the message had been read on a Blackberry using the Digicel network. The evidence in the record showed that Digicel is a provider of network services in the Caribbean, Central and South America. Federal Rule of Civil Procedure Rule 4(f)(3) authorizes a court to order an alternate method for service to be effected upon defendants located outside the United States, provided that such service (1) is not prohibited by international agreement and (2) is reasonably calculated to give notice to the defendant consistent with its constitutional due process rights. In evaluating whether email service in this case would run afoul of international law, the court found that the Hague Convention did not apply because defendant's precise location was not known - the only information in the record was that he was in the Caribbean, Central or South America. The Inter-American Convention on Letters Rogatory did not prohibit email service in this case, as that Convention would not necessarily preclude service by means outside the scope of its terms. The court found that email service was also reasonably calculated to give notice to defendant, based on the facts in the record. Here, the government showed that the still-active Yahoo email address about which defendant swore under oath was reasonably calculated to give notice of the action against him and an opportunity to respond. Case is U.S. Commodity Futures Trading Comm'n v. Rubio, 2012 WL 3614360 (S.D.Fla., August 21, 2012)
Federal CIO Council Releases BYOD Toolkit (Information Law Group, 28 August 2012) - Bring Your Own Device ("BYOD") is the latest overnight IT sensation. But like most "overnight sensations" the foundational work took years before now familiar names "suddenly" hit the bright lights. In broader response to the ongoing Consumerization of Information Technology trend ("COIT"), no less than the Federal government has jumped on the BYOD bandwagon. Last week the Federal CIO Council released a BYOD resource toolkit for agencies contemplating BYOD programs. You can download the Toolkit in PDF at http://www.cio.gov/byod-toolkit.pdf or view it online . Not surprisingly, the CIO Council views BYOD as "a growing trend that is still in its infancy, but shows early promise as a driver of cost savings, increased productivity, and improved user experience." [Editor: for law firms, see Littler's terrific analysis and resource, included in MIRLN 15.09 ]
Posner on "Staleness" of Digital Evidence (Volokh Conspiracy, Orin Kerr, 28 August 2012) - When the government seeks to establish probable cause that evidence or contraband is inside a home, it sometimes has to deal with concerns of "staleness." Staleness refers to the possibility that evidence or contraband previously located in the home is no longer there, because over time evidence can be moved or destroyed. In today's opinion in United States v. Seiver , Judge Posner argues that concerns over staleness are rarely relevant in cases involving digital evidence. The issue arose in a child pornography case, in which the defendant argued that evidence of child pornography receipt and possession had become "stale" because seven months had passed before the warrant was obtained. Posner rejected the argument: When you delete a file, it goes into a "trash" folder, and when you direct the computer to "empty" the trash folder the contents of the folder, including the deleted file, disappear. But the file hasn't left the computer. The trash folder is a waste paper basket; it has no drainage pipe to the outside. The file seems to have vanished only because the computer has removed it from the user interface and so the user can't "see" it any more. Virginia M. Kendall & T. Markus Funk, Child Exploitation and Trafficking 275-76 (2012); United States v. Flyer, 633 F.3d 911, 918 (9th Cir. 2011); United States v. Gourde, 440 F.3d 1065, 1071 (9th Cir. 2006) (en banc). But it's still there, and normally is recoverable by computer experts until it's overwritten because there is no longer unused space in the computer's hard drive. "Staleness" is highly relevant to the legality of a search for a perishable or consumable object, like cocaine, but rarely relevant when it is a computer file. Computers and computer equipment are "not the type of evidence that rapidly dissipates or degrades." United States v. Vosburgh, 602 F.3d 512, 529 (3d Cir. 2010). Because of overwriting, it is possible that the deleted file will no longer be recoverable from the computer's hard drive. And it is also possible that the computer will have been sold or physically destroyed. And the longer the interval between the uploading of the material sought as evidence and the search of the computer, the greater these possibilities. But rarely will they be so probable as to destroy probable cause to believe that a search of the computer will turn up the evidence sought[.]
Facebook and Twitter: A No-No for Federal Jurors (Mashable, 28 August 2012) - Were you hoping to waste away your hours of jury duty on Facebook or Twitter? Federal judges are hoping you won't, and have a new list of instructions from the Federal Judicial Conference Committee on how to discourage social networking in the courthouse throughout cases. While you may just be browsing breaking news or your friends' updates, judges are concerned you'll engage in external research or leak details about the case. The new guidelines , drafted in June and issued Friday, instruct judges how to best deter jurors from using Twitter, LinkedIn , Facebook or YouTube to research and communicate about the cases for which they're serving. Judges are told to review these instructions before the trial, at the close of each day before they return home, at the end of the case and at any other time deemed appropriate. "Jurors should be told why refraining from use of social media promotes a fair trial," said Judge Julie Robinson, the Conference Committee on Court Administration and Case Management chair, in a statement. "Finally, jurors should know the consequences of violations during trial, such as mistrial and wasted time." These instructions follow the results of a national survey of federal judges who reported that juror use of social media was most often reported by a fellow juror. Judges are encouraged to ask jurors to out fellow jurors who violate the instructions against social networking.
- and -
The Feds Try Again, But Just Won't Say Why (CMLP, 31 August 2012) - The federal courts have revised the jury instructions released in 2010 to address jurors' use of the internet and social media. But while the revised version is more specific about what activities jurors should avoid, they are still inadequate. This is because they are still in the form of a command -- "thou shalt not" -- but do not explain to jurors why they should not discuss the case or do research online. Instead, in the revised instructions -- which are suggested, not mandatory -- judges are asked to tell jurors, "I expect you will inform me as soon as you become aware of another juror's violation of these instructions." According to a U.S. Judicial Conference press release , the revised instructions are based on the findings of a 2011 Federal Judicial Center study (pdf) which found that most federal judges who reported becoming aware of juror use of social media during trial found out from fellow jurors. What the press release does not mention is that of the 508 federal judges who responded to the survey, only 30 (six percent) said that they had experienced jurors using social media during trials and deliberations. This led the study 's author to conclude that "detected social media use by jurors is infrequent, and that most judges have taken steps to ensure jurors do not use social media in the courtroom."
Judge Dismisses BancorpSouth Defense in Online Theft Suit (Computerworld, 29 August 2012) - A federal judge has rejected BancorpSouth's plan to use contractual agreements with customers as a shield against liability claims stemming from an online heist of some $440,000 that was illegally wire-transferred from the account of one of the bank's commercial customers in March 2010. The customer, Choice Escrow and Title LLC in Springfield, Mo., filed a lawsuit Tupelo, Miss,-based BancorpSouth in November 2010 alleging that the bank failed to implement commercially reasonable security measures as defined in the Funds Transfer Act provisions of the Uniform Commercial Code (UCC). BancorpSouth countersued earlier this year arguing that Choice Escrow was solely responsible for the breach because it allowed hackers to gain access to legitimate login credentials. The bank contended that Choice Escrow signed a contract that included an agreement not to hold BancorpSouth responsible for losses stemming from the a failure to use the online services in a secure manner. In its lawsuit, BankcorpSouth said Choice Escrow should be held liable for legal costs and other expenses for breaching the terms of the contract by filing claims against the bank. In a four-page ruling last week, Judge John Maughmer of the U.S. District Court for the Western District of Missouri rejected the bank's claims, ruling that Funds Transfer Act provisions preempted any other agreement between Choice Escrow and Bancorp South. The judge did note that both sides in the dispute had made convincing arguments to support their case. "The Court having read the briefing of the parties finds this to be a very close call," Maughmer said. "On one hand, it seems obvious that the drafters of the UCC wanted banking sector parties to be protected from common law negligence claims and to encourage uniformity and consistency," Maughmer said. "On the other hand, it seems unlikely that the drafters of the UCC wanted to discourage business entities from freely exercising their rights to contract the terms of their relationships."
How Copyright Has Driven Online Streaming Innovators Insane (TechDirt, 31 August 2012) - A little over four years ago, we wrote about the Second Circuit appeals court's ruling in the case over the legality of Cablevision's remote DVR. As we said at the time, the court came to the right result -- the remote DVR was perfectly legal -- but had to twist itself into all sorts of crazy contortions to make that argument fit within the confines of copyright law. That's because of the nature of copyright law itself, which is almost always reactive to technological changes and, because of that, always gets twisted up when important, useful and disruptive innovations come along. As we noted four years ago, copyright law "is simply not set up" to handle something like a remote DVR. Even though a home DVR is clearly legal, and the only real difference between one at home and one in the cloud is the length of the cord between the DVR and the TV, the legal arguments to make them both legal are quite twisted. Since then, we've seen a whole bunch of startups try to offer variations of streaming video online -- often relying on that quite twisted ruling in Cablevision. Each time we write about them -- companies like ivi, Zediva and Aereo -- we tend to note that all of them are doing incredibly inefficient and convoluted things on the back-end to try to stay within the confines of the law, as established by the Cablevision ruling. But to any objective observer considering what makes the most sense for a company and its users, all of the Rube Goldbergian designs of these companies seem entirely pointless. The goal is the same: to reasonably offer streaming services that match what people can do at home with a DVR or a DVD player -- but it has to be twisted to make that work within the whacked out language of the law. And that's because the law is never written with innovation in mind. Quite the opposite. The history of copyright law is that every time something new comes along, Congress duct tapes on some new "right" to make it work. The 1909 Copyright Act was driven by the scary, scary invention of the player piano, which was going to wipe out the sheet music business or something. But the internet mucks with all of that -- in part by bringing together different roles that had previously been separate. The end result is that different aspects of copyright law may or may not apply, depending on where you sit. Law professor James Grimmelmann has picked up on this and written an absolutely brilliant piece over at Ars Technica, where he dives into the nitty gritty details of all of this to explain how copyright law for streaming went insane . [Editor: I've been following this mess for nearly a decade - MIRLN 14.09 has a related story .]
Manual Examines How International Law Applies to Cyberwarfare (CIO Magazine, 3 Sept 2012) - A cybersecurity think tank has published a manual studying how international law applies to conflicts in cyberspace, where the laws of conventional warfare are more difficult to apply. The manual comes from experts working with the Cooperative Cyber Defense Center of Excellence (CCDCOE), an institute based in Tallinn, Estonia, founded in 2008 that assists NATO with technical and legal issues associated with cyberwarfare-related issues. The center's 215-page study, called the "Tallinn Manual on the International Law Applicable to Cyber Warfare" and published by Cambridge University Press, is intended as a reference for legal advisers for government agencies. It examines existing international law that allows countries to legally use force against other nations, as well as laws governing the conduct of armed conflict. "One of the challenges states face in the cyber environment is that the scope and manner of international law's applicability to cyber operations where in offense or defense has remained unsettled since their advent," wrote Michael N. Schmitt, project director and chairman of the International Law Department at the U.S. Naval War College, in the manual's introduction. "The threshold questions are whether the existing law applies to cyber issues at all, and, if so, how." The Tallinn Manual was written by a group of experts from nations including Australia, Canada, the U.S., the Netherlands and the U.K. The manual is not NATO's official doctrine but a compilation of views.
E-Mail Service for All Documents in Florida Cases (Futurelawyer, 4 Sept 2012) - E-Mail Service for All Documents in Florida Cases . Well, it's here. Florida attorneys have been busy lately modifying their word processor signature blocks with email addresses, or notifying attorneys in pending cases of their email address. Starting today, all pleadings must be served on opposing counsel via email; but, I suspect that many attorneys will also continue to serve paper copies while the system gears up. Later in the year, it will likely come to pass that Florida lawyers will also be efiling documents with the court system. Welcome to the future.
FTC Publishes Guide to Help Mobile App Developers Observe Truth-in-Advertising, Privacy Principles (BeSpacific, 5 Sept 2012) - "The Federal Trade Commission has published a guide to help mobile application developers observe truth-in-advertising and basic privacy principles when marketing new mobile apps . The FTC's new publication, Marketing Your Mobile App: Get It Right from the Start , notes that there are general guidelines that all app developers should consider.
Police Seizure of Text Messages Violated 4th Amendment, Judge Rules (ArsTechnica, 5 Sept 2012) - At 6:08am, on October 4, 2009, Trisha Oliver frantically called 911 from her apartment in Cranston, Rhode Island when her six-year-old son, Marco Nieves, stopped breathing. The Fire Department took Marco to Hasbro Children's Hospital, where he was found to be in full cardiac arrest. He died 11 hours later. By 6:20am, Sgt. Michael Kite of the Cranston Police Department had arrived at the apartment, where he found Oliver, her boyfriend Michael Patino, and their 14-month-old daughter, Jazlyn Oliver. Kite observed a couple of stripped beds and linens on the floor, a trash can with vomit inside it, dark brown vomit in a toilet, and, crucially, a cell phone on the kitchen counter. Kite picked up the cell phone, and it was at that point-in the just-released opinion of a Rhode Island state court-that police proceeded to mangle a murder case and violate Patino's Fourth amendment rights by viewing text messages without a warrant. Kite viewed a text message on the phone, which was owned by Trisha Oliver, reading "Wat if I got 2 take him 2 da hospital wat do I say and dos marks on his neck omg." The message was sent from Oliver to Patino, although the sending of the message apparently failed. There were other messages on the phone "with profane language and references to punching Marco-three times-the hardest of which was in the stomach," according to court records. Patino was arrested and charged with murder. Kite claims he picked up the phone because it was "beeping," and that he thought it might help get in touch with the boy's birth father. But yesterday, Rhode Island Superior Court Associate Justice Judith Savage threw out nearly all of the evidence police collected from that point on, including the contents of cell phones, phone records and communications provided by Verizon, T-Mobile, and Sprint Nextel, landline phone records, and even Patino's "confession for the death of Marco Nieves." Savage said almost all the evidence obtained by police was "tainted by the illegal search made by Sgt. Kite or the other illegal searches and seizures of cell phones and their contents."
FBI vs. Google: The Legal Fight to Unlock Phones (WSJ, 6 Sept 2012) - A legal battle is brewing between technology companies and the U.S. government over whether law-enforcement agents have the right to obtain passwords to crack into smartphones of suspects. Google Inc. earlier this year refused to unlock an alleged pimp's cellphone powered by its Android software-even after the Federal Bureau of Investigation obtained a search warrant. Google's unusual and controversial challenge to the search warrant indicates how murky the legal standards are for new technologies such as smartphones. Under the Supreme Court's so-called Third Party Doctrine, government agents can often obtain data stored with third parties without obtaining a search warrant. But that standard doesn't take into account data as sensitive as a password-which can be the key to unlocking a larger trove of information such as emails, texts, calls and address lists. Asking a third party for a password "is awfully new and aggressive," said Paul Ohm, associate professor at the University of Colorado Law School and former federal prosecutor. "Generally, we don't like the FBI to have access to our keys even with a warrant."
LOOKING BACK - MIRLN TEN YEARS AGO
(note: link-rot has affected about 50% of these original URLs)
CITIBANK BANS CREDIT CARDS FROM USE IN WEB GAMBLING (New York Times, 15 June 2002) -- Citibank has agreed to block use of its credit cards for Internet gambling transactions. The decision came after regulators from New York State told Citibank that it could face criminal prosecution for aiding in the promotion of online gambling, which is illegal in the state. Citibank joins a handful of other major credit card issuers, including ProvidianBank, that have already said they will try to block use of their cards for Internet gambling. Citibank, with 33 million Visa and MasterCard holders, is the nation's largest credit card issuer. Other banks have said they are blocking the transactions because of the unclear legal status of online gambling, but also because of the financial realities that many customers refuse to pay gambling charges, often arguing that someone else used their card to place the bet. But the Citibank decision raises another possible stumbling block for banks that allow their cards to be used for online gambling transactions - the prospect of criminal prosecution. http://www.nytimes.com/2002/06/15/business/15GAMB.html
ISRAELI DEVICE DETECTS CELL PHONES ACTING AS BUGS (New York Times, 10 June 2002) -- Imagine your company is holding secret talks to buy another firm when your main competitor suddenly snaps it up from under your nose, apparently aware of all the details of the negotiations. While you instigate a widespread investigation, the culprit could be nothing more sinister than a cell phone ``accidentally" left in the corner of the room, placed in a plant pot or taped under the boardroom table. With a slight modification, cell phones become high-quality bugs. An owner can call the phone from anywhere in the world without it emitting a ringing tone while its screen remains blank, apparently turned off. ``The beauty of the cell phone as a bug is that it's an innocent looking and ubiquitous object," said Ben Te'eni, co-founder of Netline Communications Technologies, which has developed a device for detecting cell phone communications, especially from cell phones in apparently dormant mode. http://www.nytimes.com/reuters/technology/tech-tech-israel-netline.html
NOTES
MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.
Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.
SOURCES (inter alia):
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu
2. InsideHigherEd - http://www.insidehighered.com/
3. SANS Newsbites, sans@sans.org
4. NewsScan and Innovation, http://www.newsscan.com
5. Aon's Technology & Professional Risks Newsletter
6. Crypto-Gram, http://www.schneier.com/crypto-gram.html
7. McGuire Wood's Technology & Business Articles of Note
8. Steptoe & Johnson's E-Commerce Law Week
9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/
10. The Benton Foundation's Communications Headlines
11. Readers' submissions, and the editor's discoveries
This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.
PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top
No comments:
Post a Comment