Saturday, December 01, 2012

MIRLN --- 11-30 November 2012 (v15.16)

MIRLN --- 11-30 November 2012 (v15.16) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

NEWS | PODCASTS | LOOKING BACK | NOTES

Annual Incident Report 2011 (European Network & Information Security Agency, 11 Oct 2012) - For the first time in the EU, in spring 2012, national reports about security incidents were provided to ENISA and the European Commission, under Article 13a of the Framework Directive (2009/140/EC). This is a new article in the EU legal framework for electronic communications. In this new ENISA document, we analyse the 51 received incident reports, dealing with severe outages of electronic communication networks or services. ENISA will publish a similar overview and analysis, yearly, following subsequent rounds of annual summary reporting by the NRAs in the EU Member States. The next report will be published in spring 2013, and will summarize and analyse incidents that occurred in 2012. Full report (in English) here .

top

Megaupload Case Has Far-Reaching Implications for Cloud-Data Ownership Rights (Wired, 7 Nov 2012) - There's more at stake in the Megaupload case than the freedom of founder Kim Dotcom and his indicted file-sharing associates. The privacy and property rights of its 60 million users are also in jeopardy, as well as the privacy and property rights of anyone who stores data in the cloud, according to the Electronic Frontier Foundation, which is representing one of Megaupload's users in a lawsuit against the government that could set a precedent for cloud users in general. A hearing on the issue in Virginia federal court is expected to be set any day. The problem lies in the fact that there is currently no clear process for owners to retrieve property that federal prosecutors effectively seized when they shuttered the file-sharing and cyberlocker service last January over issues of alleged copyright infringement. And even if a system is put in place for users to get back their files, it's likely the data would first need to be reviewed by the government or a third party to determine if any of the data infringed copyrights, says EFF attorney Julie Samuels, because the government would oppose returning such data to account holders. [A]fter EFF filed papers on behalf of Kyle Goodwin, an Ohio man whose property was seized in the Megaupload case, a judge tentatively blocked the hosting company from deleting data and ordered the government, Dotcom's legal counsel and EFF to come up with suggestions about how to return property to Megaupload users, if at all.

top

RIM Good for Secret Jobs: BlackBerry 10 Cleared for Restricted Data (The Register, 8 Nov 2012) - BlackBerry 10 has passed the US Federal Information Processing Standard (FIPS) certification, meaning devices based on the platform can be used to send classified data between government agents. Despite a drop in US government uptake of its kit, this is still something unique to RIM. Apple and Android have both made huge strides in security, but only RIM has ever managed to get a mobile platform through the FIPS 140-2 process, which is managed by National Institute of Standards and Technology and recognised by the US and Canadian governments. The classification permits the transit of documents up to "restricted" level, so RIM's devices will be turning up in some halls of power, if not all of them.

top

The Ethics of Facebook-Stalking University Applicants (Rey Junco, Berkman, 8 Nov 2012) - Recently, Kaplan Test Prep released data from a survey showing how college admissions officers check applicant profiles in order to make admissions decisions . This isn't a new phenomenon: since 2008, I've been answering questions about whether residence life, judicial affairs, and other university departments should monitor their students' Facebook accounts. Here are some reasons why I think such evaluations of applicant Facebook profiles is unethical * * * [Polley: interesting; applicable to employers' social media review procedures, too.]

top

"Involuntary Porn" Site Tests the Boundaries of Legal Extortion (ArsTechnica, 13 Nov 2012) - In the era of Polaroid cameras, you didn't have to worry too much about a racy snapshot you took in the privacy of your bedroom becoming available to the general public. But thanks to the rise of digital cameras and the Internet, that's now a real risk. Hackers, disgruntled exes, and other vindictive individuals who gain access to your compromising digital snapshots can share them with the world with a single click. Recently, a number of websites have sprung up to cash in on the public humiliation of others. One of the first such sites was IsAnyoneUp, which solicited nude pictures of ordinary Americans submitted by third parties. To maximize the humiliation, the photos were posted along with identifying details such as name and home town. The site's owner, Hunter Moore, reportedly raked in thousands of dollars a month in advertising revenue, and he made the rounds on television talk shows defending his site. Moore finally shuttered the site earlier this year, but others have jumped in to fill the sordid niche he pioneered. One such site is the creatively named IsAnybodyDown. Like the original, it features naked pictures of ordinary Americans, generally submitted without the subjects' consent, as well as personal information such as their names, hometowns, phone numbers, and screenshots of their Facebook pages. If you think IsAnyoneUp couldn't be any sleazier, then IsAnybodyDown's seems determined to prove you wrong. A link on IsAnybodyDown reading "Get Me Off This Site!" leads to the website of "Takedown Hammer," an "independent third party team" that, for a modest fee of $250, will "issue a successful content removal request on your behalf." It brags of 90 successful removals from IsAnybodyDown.com. It seems pretty obvious that "Takedown Hammer" isn't actually independent of IsAnybodyDown. Indeed, copyright and First Amendment attorney Marc Randazza has found circumstantial evidence that IsAnybodyDown and Takedown Hammer are, in fact, both owned by a man named Craig Brittain. [Polley: see also The Guy Behind Two 'Revenge Porn' Sites Says Government Protects His Work (Business Insider, 29 Nov 2012)]

top

Establishment Opens Door for MOOCs (InsideHigherEd, 14 Nov 2012) - The clearest path to college credit for massive open online courses may soon be through credit recommendations from the American Council of Education (ACE), which announced Tuesday that it will work with Coursera to determine whether as many as 8-10 MOOCs should be worth credit. The council is also working on a similar arrangement with EdX, a MOOC-provider created by elite universities. The Bill & Melinda Gates Foundation is funding that effort as part of $3 million in new, wide-reaching MOOC-related grants, including research projects to be led by ACE , the Association of Public and Land-grant Universities (APLU) and Ithaka S+R, a research group that will team up with the University System of Maryland to test and study the use of massive open online courses across the system. Until now, MOOCs have been a source of fascination mostly because they make teaching by top-notch professors at prestigious universities free and available on the Internet to students anywhere, including in developing countries. Most MOOCs from high-profile providers such as Coursera, EdX, Udacity and Udemy feature upper-division material aimed at students looking to hone their skills or who are merely curious. Tuesday's rollout, however, helps open the door to the courses' use by credit-seeking students, particularly the growing adult student market. And the new round of grantees includes 10 institutions that the Gates Foundation has tapped to develop introductory and remedial courses, which often trip up low-income and first-generation college students. Perhaps most importantly, Tuesday's announcements signal that traditional higher education (represented by ACE and APLU) and Gates, the primary force behind the national college "completion agenda," both believe in the disruptive potential of MOOCs.

top

Terrorist Attack on Power Grid Could Cause Broad Hardship, Report Says (NYT, 14 Nov 2012) - Terrorists could black out large segments of the United States for weeks or months by attacking the power grid and damaging hard-to-replace components that are crucial to making it work, the National Academy of Sciences said in a report released Wednesday. While the report is the most authoritative yet on the subject, the grid's vulnerability has long been obvious to independent engineers and to the electric industry itself, which has intermittently tried, in collaboration with the Department of Homeland Security, to rehearse responses. Of particular concern are giant custom-built transformers that increase the voltage of electricity to levels suited for bulk transmission and then reduce voltage for distribution to customers. Very few of those transformers are manufactured in the United States, and replacing them can take many months. The National Academy of Sciences report mainly refers to less sophisticated attacks but also warns of cyberattacks or infiltration of the grid's transmission operators. "Even a few pernicious people in the wrong place are a potential source of vulnerability," it said. The report was completed in 2007, and after reviewing it, the Department of Homeland Security decided to classify its contents. The version released on Wednesday is redacted to avoid handing terrorists a "cookbook" on how to disrupt the grid, the report said.[Polley: thanks to @RolandTrope for this story]

top

Email Users Can't Count On Privacy Protections (WSJ, 14 Nov 2012) - One of the lessons from the unfolding case of the former director of the Central Intelligence Agency, David Petraeus, is that privacy protections for even the most sophisticated users of consumer-email services actually protect very little. In response to a Florida woman's complaints that she had received threatening emails, the Federal Bureau of Investigation gained access to the emails of Paula Broadwell, a writer who allegedly set up Gmail accounts under aliases to conduct an affair with Mr. Petraeus. To do so, the FBI received search warrants from a judge, according to U.S. officials. But other clues in the FBI investigation could be garnered without a warrant in an era when personal communication has shifted to centralized websites like Google Inc. and Facebook Inc., where messages rarely get truly deleted and all online communications carry a number of digital footprints. The U.S. and foreign governments now make a regular habit of seeking data about people from Internet giants, and those requests are on the rise. Google, one of the few tech companies that discloses details about the requests, this week said that in the first half of 2012, it received 7,969 such requests from U.S. authorities-nearly 34% more than it received in the first half of 2011. Google said it complied with 90% of those requests. In the U.S., the Fourth Amendment requires government agents to obtain a warrant from a judge before searching physical property. But under a 1986 law, the Electronic Communications Privacy Act, or ECPA, a warrant isn't typically required to access emails older than six months old because they are considered to be "abandoned."

top

- and -

When Will our Email Betray Us? An Email Privacy Primer in Light of the Petraeus Saga (EFF, 14 Nov 2012) - The unfolding scandal that led to the resignation of Gen. David Petraeus, the Director of the Central Intelligence Agency, started with some purportedly harassing emails sent from pseudonymous email accounts to Jill Kelley. After the FBI kicked its investigation into high gear, it identified the sender as Paula Broadwell and, ultimately, read massive amounts of private email messages that uncovered an affair between Broadwell and Petraeus (and now, the investigation has expanded to include Gen. John Allen's emails with Kelley). We've received a lot of questions about how this works-what legal process the FBI needs to conduct its email investigation. The short answer? It's complicated. * * * Compared to identifying information, ECPA provides more legal protection for the contents of your email, but with gaping exceptions. While a small but increasing number of federal courts have found that the Fourth Amendment requires a warrant for all email, the government claims ECPA only requires a warrant for email that is stored for 180 days or less. But as the Department of Justice Manual for searching and seizing email makes clear, the government believes this only applies to unopened email. Other email is fair game with only a subpoena, even if the messages are less than 180 days old. According to reports, Petraeus and Broadwell adopted a technique of drafting emails, and reading them in the draft folder rather than sending them. The DOJ would likely consider draft messages as "opened" email, and therefore not entitled to the protection of a search warrant. In a nutshell, although ECPA requires a warrant for the government to obtain the contents of an email stored online for less than 180 days, the government believes the warrant requirement doesn't apply for email that was opened and left on the server - the typical scenario for webmail systems like Gmail - even if the messages are less than 180 days old. So, under the government's view, so long as the emails had been opened or were saved in the "drafts" folder, only a subpoena was required to look at contents of Broadwell's email account. * * * [Polley: there's more here, and worth parsing.]

top

Google Will Not be Prosecuted for Street View Wi-Fi Sniffing in Germany (ComputerWorld, 15 Nov 2012) - The public prosecutor in Hamburg has decided not to start a criminal investigation into the way Googles' Street View cars gathered data from unencrypted Wi-Fi networks in Germany, the lawyer who requested the inquiry said Thursday. In 2010 Google acknowledged that its Street View cars collected data such as MAC addresses and SSIDs (service set identifiers) as well as personal payload data from Wi-Fi networks. Payload data can include email, passwords and medical data. The public prosecutor's office said it cannot pursue a criminal investigation into Google's Street View Wi-Fi sniffing. The prosecutor's office was unable to find any violation of criminal standards by Google in the way the company stores SSIDs, MAC addresses or payload data, it said in a letter sent *** on Thursday.

top

Seattle's 'Creepy Cameraman' Questions Our Comfort With Being Watched (Seattle Times, 18 Nov 2012) - At first, University of Washington professor Odai Johnson thought it was some art student's prank. One day last summer, right in the middle of class, a young man opened the door, stuck in a camera and began filming. Johnson asked him to leave. He refused. Johnson closed the door on him. He re-entered. All the while, Johnson's drama students looked unsure and nervous, frozen in a state of unease. "I confronted the man and told him his actions were an intrusion into our space, that he had no permission to insert himself and his camera and take whatever images he was gathering for whatever uses pleased him," Johnson told me over email. He "never stated his reasons, never asked for cooperation or permission. Just pointed and aimed and shot." You can see the whole exchange yourself on YouTube, where the cameraman - whoever he is - has posted video of this and other, similar confrontations with unwilling subjects around Seattle. A shopper leaving a store by Almvig's. A man on his cellphone outside a University Village Starbucks. A cab driver who, taking a wild guess as to why a camera is in his face, blurts, "I'm white! I'm not an African driver!" When asked what he's doing, the cameraman says he's "taking a video." When asked why, he says, "Why not?" When told he doesn't have permission, he says, "Oh, OK" and, to his subjects' confusion, irritation and rage, keeps filming. Is this a social experiment or some jerk having fun? Commenters are giving mixed reviews, calling the videos everything from horrific to hilarious, and their creator everything from a moron to a genius. Let's start with what's legal. I was struck, watching the videos, by the rights people think they have. Apart from the classrooms, a Scientology building and what appears to be a community center, the cameraman films in public. "This is America and I have a choice that you do not take a picture of me," a woman from a research institute tells him. But they're on the sidewalk. Her only choice is to walk away. Renowned Seattle science fiction author Neal Stephenson has been called a technology prophet for predicting in his 1992 classic, "Snow Crash," so much of what gadgets and the Web would make possible. In the book, characters called "gargoyles" walk around in special suits that let them record and upload everything around them, permission be damned. On a panel at the school just last month, University of Washington law professor Ryan Calo talked to Stephenson about the implications of his latest book - "REAMDE." Calo has his own fascination with the intersection of privacy and surveillance. As it stands, privacy law can do nothing about the creepy cameraman or the pervasive public surveillance he seems to represent. But what if the law changed? That may seem counterintuitive when technology is bursting our lives wide open, and the advice from experts is to be aware of it and deal with it. But Calo cited a recent Supreme Court case involving the use of a GPS tracking device in which five justices expressed concern over continuous surveillance. He thinks change can happen. I think he might be right.

top

Fourth Amendment Implications of Using "Moocherhunter" To Locate the User of An Unsecured Wireless Network (Volokh Conspiracy, Orin Kerr, 19 Nov 2012) - In United States v. Stanley, 2012 WL 5512987 (W.D.Pa. Nov. 14, 2012) (Conti, J.) , the district court evaluated a novel Fourth Amendment question: Does tracing the location of a user of an unsecured wireless network constitute a Fourth Amendment search? The court's answer: No. In this case, a Pennsylvania state police officer investigating the distribution of child pornography over peer-to-peer software learned that a computer at a particular IP address was sharing images of child pornography. The investigator, Erdley, obtained a search warrant to search the home associated with the IP address. The search was unsuccessful, however, and Erdley concluded that someone nearby was using the wireless connection from the home that had been left unsecured. With the consent of the homeowner, Kozikowski, Erdley used a software program called "Moocherhunter" to find the physical location of the individual who was accessing the network. Moocherhunter works by measuring the distance between the wireless router and the computer connecting to it: By moving the antenna of the wireless router, and knowing the MAC address of the computer connected to the wireless router, Erdley was able to trace the location of the computer connecting to the wireless router to a specific apartment. Erdley then obtained a search warrant and searched the apartment, finding child pornography on the computer of the defendant, Richard Stanley. The District Court ruled that use of Moocherhunter was not a search under Smith v. Maryland, 442 U.S. 735 (1979): Based upon Smith's rationale, the court finds Stanley did not have a legitimate expectation of privacy in the wireless signal he caused to emanate from his computer to the Kozikowski wireless router or in the signal being sent from the router back to his computer, and therefore, Erdely's use of Moocherhunter™ did not constitute a search in violation of the Fourth Amendment. Stanley argued that Moocherhunter was like the thermal imager in Kyllo v. United States, 533 U.S. 27 (2001), but the district court disagreed.

top

Engaging Facebook Friends Doesn't Violate Non-Solicitation Clause (Eric Goldman, 19 Nov 2012) - This case involves an employer's attempt to enforce a non-compete and a non-solicitation clause against a hair stylist. I'm especially interested in the court's discussion about the non-solicitation clause--a provision that might even be enforceable in California. From the court's distillation, it seems like the employer overreached quite a bit here, such as with this example: Four days after Ms. DiFonzo resigned from Invidia, David Paul Salons, her new employer, posted a "public announcement" on Ms. DiFonzo's Facebook page, noting DiFonzo's new affiliation with David Paul....In the comment section below that post, Ms. Kaiser [a hair salon customer] posted a comment which said, "See you tomorrow Maren [DiFonzo]!" See anything remotely resembling a solicitation here? Fortunately, the court doesn't either. Cf. Enhanced Network Solutions v. Hypersonic Technologies. The former employer next argued "Ms. DiFonzo has become Facebook 'friends' with at least eight clients of Invidia." Overall, having hair salon employees develop social media connections with customers sounds like a positive thing as it's likely to improve customer loyalty. For example, if customers are disloyal to their hair stylist and post photos of their new haircuts, they will be outing themselves to their hair stylist. And if the hair salon employee and the customer are bona fide friends (not the fake form of friendship so rampant on Facebook), then that relationship isn't "owned" by anyone.

top

Modria Launches A "Fairness Engine" For Online Dispute Resolution (TechCrunch, 19 Nov 2012) - Earlier this morning, we got an email from a lady whose account was mistakenly charged a few times too many by an online pet food store. There is little we can do about that, but it's a clear sign that even today, resolving those kinds of online disputes is still hard. Modria wants to change this with the help of its Fairness Engine . The privately funded company, which was founded in 2011, says that its cloud-based service helps "all parties involved in an online dispute to the table quickly and lets them arrive at an equitable solution that helps save costs and increase brand loyalty." The team behind the service already helped companies like eBay and PayPal solve more than 400 million cases. Indeed, Modria founder and CEO Colin Rule spent eight years as the Director of Online Dispute Resolution for eBay and PayPal. Modria helps businesses flag and diagnose customer issues and knows enough about the legal technicalities behind these problems to speed up the negotiation process. The tool uses four different modules for diagnosis, negotiation, mediation and arbitration.

top

Corbis and the Public Domain (MLPB, 20 Nov 2012) - Tanya Asim Cooper, University of Alabama School of Law, has published Corbis & Copyright?: Is Bill Gates Trying to Corner the Market on Public Domain Art? in volume 16 of the Intellectual Property Law Bulletin (2011). Here is the abstract. Art has the power to stir our emotions, evoke a physical response, and transport us to a different world. It can inspire and transform us. For all of those precious qualities, the public relies upon knowing that once the artist's exclusive rights to the artwork elapse, the "art must ultimately belong to us all." The notion that artwork eventually belongs to the public is paramount because art, like books and music, represents a collective experience that helps define what it means to be human. Thus, once the artist has enjoyed her exclusive rights to that art, it should belong to no one individual, but to everyone. This article argues that Corbis's copyright claim in its digitized reproductions of public domain art is suspect and concludes by discussing the ramifications for the public domain when Corbis asserts copyright protection for its public domain digital copies. Given the power and influence that Bill Gates and his company Corbis have on the market for public domain art, it behooves the public to be aware of this issue.

top

Navigating the Legal Pitfalls of Augmented Reality (Mashable, 21 Nov 2012) - The power of AR, particularly for marketers, is its ability to overlay highly relevant, timely and interactive data about specific products or services within a user's live physical environment. For example, companies are using AR to transform home or online shopping by bringing to life static, two-dimensional images ― see Ikea's 2013 catalog and Phillips TV Buying Guide mobile app ― or leveraging geolocational data to augment users' real-world retail experiences with instant data on pricing, reviews or special discounts (such as IBM's personal shopping assistant ). If you're considering whether to add an AR app to your marketing mix, be aware that traditional advertising law principles still apply, and that both federal and state regulators are keeping a watchful eye on AR's potential impact on consumer privacy. A unique aspect of AR is that it allows retailers to give online or mobile shoppers a realistic, up-close, three-dimensional or enhanced view of their products prior to purchase (think virtual dressing rooms ). If your AR app is used to promote or drive sales for a particular product, be sure to avoid overstating or exaggerating the features, functions or appearances of the product, or leaving out material information that could sway the consumer's purchasing decision. In September, the Federal Trade Commission (FTC) published a marketing guide for mobile app developers. It clarifies that long standing truth-in-advertising standards apply in the virtual world to the same extent as in the real world. The key takeaway: Disclosures must be clear and conspicuous. That is, you should look at your app from the perspective of the average user and ensure that disclosures are big and clear enough so that users actually notice them and understand what they say. Another rule of thumb is to keep your disclosures short and simple, and use consistent language and design features within your app. Before launching your app, carefully consider how best to make necessary disclosures visible and accessible in the AR context. You can expect more guidance on disclosures in the near future when the FTC releases its updated Dot Com Disclosures Guide .

top

Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act (SSRN; University of Amsterdam, 27 Nov 2012) - Abstract: Institutions have started to move their data and ICT operations into the cloud. It is becoming clear that this is leading to a decrease of overview and control over government access to data for law enforcement and national security purposes. This report looks at the possibilities for the U.S. government to obtain access to information in the cloud from Dutch institutions on the basis of U.S. law and on the basis of Dutch law and international co-operation. It concludes that the U.S. legal state of affairs implies that the transition towards the cloud has important negative consequences for the possibility to manage information confidentiality, information security and the privacy of European end users in relation to foreign governments.

top

Pinterest's Accounts and Terms of Service for Businesses and their Potential Impact on Sweepstakes, Contests, and Other Promotions (Information Law Group, 27 Nov 2012) - On November 14, 2012, Pinterest, Inc. revamped the Terms of Service ("Terms") for Pinterest.com ("Pinterest") and created new business only accounts ("Business Accounts") to be governed by the site's new Business Terms of Service ("Business Terms"). Although commercial use of the service was always encouraged by Pinterest, its Acceptable Use Policy and prior versions of its Terms of Service seemingly prohibited commercial use of the service. The creation of Business Accounts makes clear that commercial activity is not only encouraged, but explicitly allowed on Pinterest. The new features available for Business Accounts include: * * * The primary impetus for the creation of Business Accounts appears to be a means of providing guidance on how to best use Pinterest to advertise your brand (see Pinterest's document which explains how to maximize Pinterest features to your brand's advantage). There is, however, limited guidance on what you can and cannot do on the service or when referencing Pinterest in marketing materials (also, Pins from Business Accounts are still subject to Pinterest's Acceptable Use Policy and Pin Etiquette Policy ). Pinterest provides this guidance in its new Logos, Trademarks and Marketing Guidelines .

top

YouTube Expands Captioning for Six New Languages (Washington Post, 28 Nov 2012) - YouTube announced Wednesday that it is expanding support for its automatic captioning service for six European languages. The company said that its service will now display captions in German, Italian, French, Portuguese, Russian and Dutch. That brings the total number of languages up to 10: YouTube already generates automatic captions for English, Japanese, Korean and Spanish. As with the current languages, viewers will be able to see the captions by clicking the "CC" button in the lower right-hand corner of eligible videos. The company provides the auto-captions as a baseline transcript of what's going in its videos. However, since speech recognition technology isn't perfect, it also provides editing tools to improve the quality of the captions on its site. Content creators can download their automatic captions to edit them or do so right on YouTube videos. They can also upload their own scripts or transcripts to sync with videos on the site. Those interested in captioning their videos can use free sites and services to generate transcripts. The deaf community advocacy group, Telecommunications for the Deaf and Hard of Hearing, Inc. has a list of resources for people looking for online captioning tools and information.

top

Online Rain: Survey Says a Virtual Presence May Pay (ABA Journal, 28 Nov 2012) - The ABA's 2012 Legal Technology Survey Report documents some good news from survey respondents who use Web 2.0 services in their practices-double-digit percentages reported they had clients who retained them directly or via referral as a result of the lawyers' use of online services. Results from the last three years of survey reports show (in the main) continued growth in the number of positive responses to questions about gaining clients through the use of blogs; social networks including Avvo, Facebook, LawLink, Legal OnRamp, LinkedIn, Martindale-Hubbell Connected and Plaxo; and microblogs like Twitter. Among the many other details in the six-volume study, 50 percent of respondents who blog reported spending less than one hour a week maintaining their legal- topic blogs. [Polley: @edadams reports " 11% of lawyers get business from Twitter, up from 0% 2 years ago. "]

top

Unsubscribe Confirmation Texts Get FCC OK (Benton Foundation, 29 Nov 2012) - The Federal Communications Commission granted a request by SoundBite Communications, Inc. (SoundBite) and confirm that sending a one-time text message confirming a consumer's request that no further text messages be sent does not violate the Telephone Consumer Protection Act (TCPA) or the FCC's rules as long as the confirmation text has the specific characteristics described in the petition. The ruling will allow organizations that send text messages to consumers from whom they have obtained prior express consent to continue the practice of sending a final, one-time text to confirm receipt of a consumer's opt-out request-a widespread practice among businesses, non-profit organizations, and governmental entities, which many parties in this proceeding, including a consumer group, assert is good consumer policy. The FCC emphasized that the ruling applies only when the sender of text messages has obtained prior express consent, as required by the TCPA and Commission rules, from the consumer to be sent text messages using an automatic telephone dialing system or "autodialer." The ruling ensures that wireless consumers will continue to benefit from the TCPA's protection against unwanted autodialed texts, while giving them certainty that their opt-out requests are being successfully processed.

top

Official Syrian Web Sites Hosted in U.S. (NYT, 29 Nov 2012) - Even as Syrians lost access to the Internet on Thursday, people outside the country could still browse the Syrian government's many Web sites for much of the day because they are hosted in foreign countries, including the United States. By nightfall, after being contacted by The New York Times, several host companies said they were taking down those sites. They and similar companies had been identified in reports published by Citizen Lab, a research laboratory that monitors North American Web service providers that host Syrian Web sites. For example, the Web site of SANA, the Syrian state news agency, is hosted by a Dallas company, SoftLayer Technologies. It is one of a handful of Internet providers based in the United States that sell their services, often unknowingly, to Web sites operated by the government of President Bashar al-Assad. HostDime.com in Orlando, Fla., hosts the Web site of Syria's Ministry of Religious Affairs. Jumpline.com hosts the site of the country's General Authority for Development. The government of Hama, a city that has seen heavy clashes between rebels and government troops, operated its Web site through WeHostWebSites.com in Denver. An executive order by President Obama prohibits American companies from providing Web hosting and other services to Syria without obtaining a license from the Treasury Department. On Thursday, State Department officials confirmed that providing the services was a violation of the United States sanctions. "Our policies are designed to assist ordinary citizens who are exercising their fundamental freedoms of expression, assembly and association," a spokesman, Mark C. Toner, said.

top

Patent Prosecutors Licensing of Copyrights for Prior Art Submissions (Patently-O, 29 Nov 2012) - The Copyright Clearance Center (CCC) is a collective agent for many copyright holders and serves as a one-stop-shop for folks to license copyrights for use. CCC offers licenses to many (perhaps most) of the academic publications (non-patent literature) submitted to the USPTO under the Rule 56 duty of disclosure. In recent years, CCC has implemented a buffet license approach that allows a business to use their entire catalog for a fixed negotiated price. Until recently, few patent law firms have seen any copyright infringement risk associated non-patent prior art because the copies are most typically obtained from a licensed database and the submission to the PTO and file-copies are both likely fair use and therefore would not constitute copyright infringement. Thus, most firms have developed their its patent prosecution practices with an implicit belief that its prosecution related uses of scientific journal articles are noninfringing uses of the articles. In the spring of 2012, the publisher John Wiley began suing patent law firms - taking the contrary view that (1) making file copies; (2) sharing copies with clients; and (3) submitting copies to the USPTO each constitute actionable copyright infringement. These lawsuits are ongoing. The CCC license would allow both internal copying and submitting copies to the USPTO, although it does not allow the sharing copies with clients. Of course, these actions were all previously thought to be fair use. Professor Jamie Boyle has an interesting essay from 2007 discussing the problems with this license. His main point is that once we start paying for fair use material it stops being fair use going forward and moves toward a "culture of permission" that, in his view, is normatively bad. * * * [Polley: interesting discussion; I had dealings with CCC for my corporate employer some time ago.]

top

The Mosaic Theory of the Fourth Amendment (Volokh Conspiracy, Orin Kerr, 29 Nov 2012) - The Michigan Law Review has posted the final version of my latest article, The Mosaic Theory of the Fourth Amendment, 111 Mich. L. Rev. 311 (2012) , on its website. Here's the abstract: In the Supreme Court's recent decision on GPS surveillance, United States v. Jones, five justices authored or joined concurring opinions that applied a new approach to interpreting Fourth Amendment protection. Before Jones, Fourth Amendment decisions had always evaluated each step of an investigation individually. Jones introduced what we might call a "mosaic theory" of the Fourth Amendment, by which courts evaluate a collective sequence of government activity as an aggregated whole to consider whether the sequence amounts to a search. This Article considers the implications of a mosaic theory of the Fourth Amendment. It explores the choices and puzzles that a mosaic theory would raise, and it analyzes the merits of the proposed new method of Fourth Amendment analysis. The Article makes three major points. First, the mosaic theory represents a dramatic departure from the basic building block of existing Fourth Amendment doctrine. Second, adopting the mosaic theory would require courts to answer a long list of novel and challenging questions. Third, courts should reject the theory and retain the traditional sequential approach to Fourth Amendment analysis. The mosaic approach reflects legitimate concerns, but implementing it would be exceedingly difficult in light of rapid technological change. Courts can better respond to the concerns animating the mosaic theory within the traditional parameters of the sequential approach to Fourth Amendment analysis.

top

Insurance Coverage for Data Breach Claims (The Corporate Counselor, Nov 2012) - The risk of a data breach is not limited to financial institutions or businesses engaged exclusively in e-commerce. Any business that accepts credit cards as a form of payment, which includes practically every business on earth, is at risk. In fact, smaller-sized brick and mortar business are frequently targets of hackers who assume, rightly or wrongly, that such businesses lack the ability to detect and prevent theft of customer data. Like any potentially catastrophic problem, insurance can be at least a partial solution. This article examines insurance coverage for data breaches. In-house counsel may be surprised to learn that coverage for data breaches is not limited to specialty policies, and can often be found under standard CGL or property insurance policies. Any time a potential data breach occurs, it is essential for an insured to consider all forms of insurance that it carries and to provide prompt notice to its insurer(s) of any policy that even potentially could apply.

top

Who's Tracking Your Reading Habits? An E-Book Buyer's Guide to Privacy (EFF, 29 Nov 2012) - The holiday shopping season is upon us, and once again e-book readers promise to be a very popular gift. Last year's holiday season saw ownership of a dedicated e-reader device spike to nearly 1 in 5 Americans, and that number is poised to go even higher. But if you're in the market for an e-reader this year, or for e-books to read on one that you already own, you might want to know who's keeping an eye on your searching, shopping, and reading habits. As we've done since 2009, again we've taken some of the most popular e-book platforms and combed through their privacy policies for answers to common privacy questions that users deserve to know. In many cases, these answers were frustratingly vague and long-winded. In nearly all cases, reading e-books means giving up more privacy than browsing through a physical bookstore or library, or reading a paper book in your own home. Here, we've examined the policies of Google Books , Amazon Kindle , Barnes & Noble Nook , Kobo , Sony , Overdrive , Indiebound , Internet Archive , and Adobe Content Server for answers to the following questions:

  • Can they keep track of searches for books?

· Can they monitor what you're reading and how you're reading it after purchase and link that information back to you? Can they do that when the e-book is obtained elsewhere?

· What compatibility does the device have with books not purchased from an associated eBook store?

· Do they keep a record of book purchases? Can they track book purchases or acquisitions made from other sources?

· With whom can they share the information collected in non-aggregated form?

· Do they have mechanisms for customers to access, correct, or delete the information?

· Can they share information outside the company without the customer's consent?

top

French CNIL Publishes English Language Compliance Guides (Hogan Lovells, 30 Nov 2012) - France's data protection authority, the Commission Nationale de l'Informatique et des Libertés (CNIL), released on November 14, 2012 English-language versions of its compliance guides for businesses. The first guide, "Methodology for Privacy Risk Management" , provides step-by-step guide for identifying risks and prioritising remedial actions. The second guide, " Measures for the Privacy Risk Treatment ", provides practical guidance on issues such as data deletion, anonymisation, encryption, providing right of access to data subjects, handing data breaches, and protecting against cyber attacks. This second guide provides useful ross-references to security standards published by the French agency for computer security, the ANSSI .

top

NOTED PODCASTS

How to Make Your Research Open Access (Whether You're at Harvard or Not) (Berkman, 23 Oct 2012, 63 minutes) - How do you make your own work open access (OA)? The question comes up from researchers at schools with good OA policies (like Harvard and MIT) and at schools with no OA policies at all. We invite you to join Peter Suber and Stuart Shieber of the Harvard Open Access Project, the Berkman Center community, and Office for Scholarly Communication in an open forum on the Harvard OA policies, concrete steps for making your work OA, and questions on any aspect of OA, especially from the perspective of publishing researchers. [Polley: pretty interesting stuff, with implications for the ABA's publishing strategies. The discussion about Reed Elsevier's default rule on republishing/deposit was pretty surprising to me, and the idea of publishing fee impositions on the author , as a way to pay the bills, was interesting.]

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

PHILIPS SAYS COPY-PROTECTED CDS HAVE NO FUTURE (Head-Fi, 2 Jan. 2002) -- Philips, the inventor of the Compact Disc, does not expect controversial attempts by the music industry to introduce CD "copy protection" technologies to last very long, because of consumer complaints. Philips is opposed to the use of copy protection systems. The technology is designed to stop CDs playing or being copied on personal computers but it can also prevent them from playing on many normal systems. As inventor of the CD standard and the industry's licensing body, Philips could refuse to license such copy protected discs as genuine CDs, or pursue some other legal obstruction to the practice. But Gary Wirtz, general manager of the Philips Copyright Office at its headquarters in the Netherlands, believes that copy protection technology will fail all by itself. "Any kind of legal action would take years and we don't expect these [discs] to last that long," Wirtz told New Scientist. "At the moment we are trying to reason with people rather than sue them." Wirtz believes that consumer complaints should put music companies off the technique. He adds: "It's not going to work, because any hacker can still make copies. It's only going to effect legitimate consumers and we know there have already been considerable complaints."

top

E-MAIL OVERLOAD IS A MYTH, STUDY SAYS (Washington Post, 9 Dec 2002) -- Most American workers are not -- repeat not -- overwhelmed by stuffed e-mail inboxes or vast amounts of spam, according to a new study that contradicts conventional wisdom that e-mail has become a major burden on people's lives. About 60 percent of workers surveyed for the study by the Washington-based Pew Internet & American Life Project said they receive an average of 10 or fewer messages per day. Pew's conclusions, however, do not match the findings of other organizations that study Internet use. "It makes no sense to me," said Maurene C. Grey, research director of Gartner Inc., a research firm in Stamford, Conn. "We've found workers are extremely overloaded. My gut reaction was who in the world were they interviewing? I would seriously question the results of that study." http://www.washingtonpost.com/wp-dyn/articles/A24684-2002Dec7.html [Editor's note (2002): Time travel -- that's the only explanation. Pew somehow interviewed email users in 1996.]

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. The Benton Foundation's Communications Headlines

11. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

No comments: