Saturday, January 31, 2015

MIRLN --- 11-31 January 2015 (v18.02)

MIRLN --- 11-31 January 2015 (v18.02) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)

permalink

READER COMMENTS | NEWS | RESOURCES | DIFFERENT | LOOKING BACK | NOTES

READER COMMENTS

Apropos MIRLN 18.01's story "How IBM shrunk a complex contract down to 2 pages", see: IBM's 2-page cloud services agreement [found by MIRLN reader Prof. Jane Winn ]

- and -

Plenty of room for improvement: my critique of IBM's new two-page cloud-services contract (Ken Adams, 29 Dec 2015) - Assuming that you get rid of the dead wood, make appropriate trade-offs, and don't lose anything vital, shorter is good. Apparently the response has been positive. Indeed, the new contract resulted in IBM's being named a finalist in IACCM's Innovation Awards, in the operational improvement category. The article quotes the head of the IBM team as saying that the new contract uses "concise, plain language." Doubtless it's more concise and plainer than what came before, but there's plenty of room for improvement. How much room? [ Updated December 29, 2014: At the request of @tieguy , I created PDFs that includes all the comments. Go here for a PDF with the comments on separate pages; go here for a PDF with connector lines between the comments and the related text, but with smaller text as a result.] Go here to see my annotated PDF. Thanks to dozens of comments, it's awash with fluorescence. (To read my comments, you'll have to download the PDF and open it with whatever PDF-reading software you prefer. In the comments, "MSCD" refers to the third edition of A Manual of Style for Contract Drafting .) [spotted by MIRLN reader Bob Rath .]

top

NEWS

The sneakiest way prosecutors get a guilty verdict: PowerPoint (Wired, 23 Dec 2014) - In Washington state earlier this month, an appeals court threw out a murder conviction based on shoddy work by the defense. But the court also took the prosecutor to task for something even stranger: a bad PowerPoint presentation. The prosecutor had dressed up her closing argument to the jury with a series of slides, complete with "sound effects and animation," the appellate court wrote. On one slide, footprints materialized across the bottom of the screen. Other slides exhibited "concentric rings of a target," with each ring corresponding to an item of evidence; the defendant's name, Sergey Fedoruk, was in the bull's-eye. The prosecution's final slide, the pièce de résistance, opened with a header that said "Murder 2." Then, under the header, a single word flashed, in all capital letters, in 96-point red type: GUILTY. As the word flashed, the prosecutor told the jury: "The defendant is guilty, guilty, guilty." At least 10 times in the last two years, US courts have reversed a criminal conviction because prosecutors violated the rules of fair argument with PowerPoint. In even more cases, an appellate court has taken note of such misconduct while upholding the conviction anyway or while reversing on other grounds (as in the case of Sergey Fedoruk). Legal watchdogs have long asserted that prosecutors have plenty of ways to quietly put their thumb on the scales of justice -such as concealing exculpatory evidence, eliminating jury-pool members based on race, and so on. Now they can add another category: prosecution by PowerPoint. "It's the classic 'A picture is worth a thousand words,'" said Eric Broman, a Seattle attorney who focuses on criminal appeals. "Until the courts say where the boundaries are, prosecutors will continue to test the boundaries."

top

Ex-Microsoft Bug Bounty dev forced to decrypt laptop for Paris airport official (The Register, 6 Jan 2015) - Paris airport security went one step further than simply asking a security expert to power up her laptop - they requested she type in her password to decrypt her hard drive and log into the machine. Katie Moussouris, chief policy officer at HackerOne, and best known as the woman behind Microsoft's Bug Bounty Program, was en route back to the US from the CCC hacking conference. She complied with the request in order not to miss her flight. The computer never left her possession and the security agent never fully explained the request, according to Moussouris, and there's no question that HackerOne customers' vulnerability reports were exposed - no exploits were stored on the device. Nonetheless, the incident at Charles de Gaulle airport has sparked a lively debate among privacy and security advocates. Moussouris has put together a blog post explaining her experience: * * *

top

FCC launches its own probe into AT&T's throttling practices (GigaOM, 9 Jan 2015) - The Federal Communications Commission is investigating whether AT&T misled its customers over its throttling policies, which restrict network speeds on unlimited data customers after they've hit a certain threshold each month. The Federal Trade Commission also filed a lawsuit against AT&T over the practice in October, but of the two agencies, it seems Ma Bell would prefer that the FCC do the investigating. AT&T disclosed the FCC probe in a motion to the dismiss the FTC's lawsuit (first spotted by Ars Technica ). AT&T argued that it's not subject to the FTC's jurisdiction because of its "common carrier" status as a regulated phone service provider. That jurisdiction lies with the FCC, which has launched its own investigation, AT&T claimed. "The FTC seeks to litigate the very same issues in an inappropriate parallel proceeding," AT&T said in the motion to dismiss file this week . But how safe AT&T would be under the FCC's eye remains to be seen. FCC Chairman Tom Wheeler has come down hard on the carriers over their throttling practices . And AT&T may be taking a risk by arguing its common carrier status. Currently, mobile broadband isn't considered a common carrier service the same way regular telephone networks are considered utilities, but the Obama administration wants data services to be reclassified to make the internet neutral ground for all web services. Wheeler has said he will bring a net neutrality proposal to a vote on February 26.

top

Hackers release Swiss bank data over $12k unpaid ransom (Bloomberg, 9 Jan 2015) - A hacking group leaked identifying details about 30,000 clients of a small Swiss bank, after Banque Cantonale de Geneve declined the group's request to pay a ransom. The hackers' asking price for continued privacy: Ten. thousand. euros. The hack and its seemingly small-scale demand -- $12,000 at current exchange rates -- speak to the prevalence and ease of a rapidly growing extortion industry that deals in stolen or hijacked data.

top

What it means when law firms and startups give away legal documents (TechCrunch, 10 Jan 2015) - Over the past five years, law firms in Silicon Valley, New York and Boston have put online - for free - the documents that startups need to execute basic legal transactions. New sites, Cooley GO and WHLaunch , join first-movers Founders' Workbench and Start-Up Forms Library , to enable entrepreneurs to incorporate their company, secure early-stage financing, hire employees and compensate them with stock options. SeriesSeed.com has emerged as an industry standard for documenting seed investments, and StartupCompanyLawyer.com offers answers to over 100 frequently asked questions, along with a term-sheet generator. But as big law firms mimic their small clients' "freemium" business development model, they face increasing competition from startup companies seeking to disrupt the legal industry. I interviewed several lawyers working on these sites, founders of two startups in the legal space, and a law professor surveying the changing landscape. They reflected on the evolving business of law, how startups consume legal products, and what it all means for law firms and the emerging companies they serve. * * *

top

Non Practicing Entities in Europe (Patently-O, 11 Jan 2015) - Non practicing entities (NPEs) are a familiar part of the IP landscape in Europe, just as they are in the US. However, NPE activity has historically been lower in Europe. This article analyses the present situation in Europe compared to the US. In addition, we analyse how NPE activity might develop in Europe with the anticipated arrival of the Unified Patents Court (UPC). There are various factors in a patent system that might influence or encourage activity by a NPE. A non-exhaustive list of possible factors is outlined below, and Europe is compared against the US * * *

top

Why tort liability for data breaches won't improve cybersecurity (Stewart Baker on Volokh Conspiracy, 11 Jan 2015) - Government policymakers have been hoping for twenty years that companies will be driven to good cybersecurity by the threat of tort liability. That hope is understandable. Tort liability would allow government to get the benefit of regulating cybersecurity without taking heat for imposing restrictions directly on the digital economy. Those who see tort law as a cybersecurity savior are now getting their day in court. Literally. Mandatory data breach notices have led, inevitably, to data breach class actions. And the class actions have led to settlements. And those freely negotiated deals set what might be called a market price for data breach liability, a price that can be used to decide how much money a company ought to spend on security. So, how much incentive for better security comes from the threat of data breach liability? Some, but not much. As I've been saying for a while, the actual damages from data breaches are pretty modest in dollar terms, and the pattern of losses makes it very hard to sustain a single class, something that forces up the cost of litigation for the plaintiffs. You can see this pattern in recent data breach settlements. I put this chart together for a talk on the subject at the Center for Strategic and International Studies. While the settlements below all have complications (Sony's settlement was mostly in free game play, for example), they all cap the defendants' total liability. And what's striking about the caps is how low a price these agreements set, especially on an individual basis, where $2.50 per victim looks to set the high end and 50 cents the low. Of course, to determine how much you spend annually to avoid that liability, a company would have to discount the settlement price by the probability of a breach in any given year. Even Sony doesn't have a breach every year, so a probability adjustment cuts the value of avoiding liability to something between a half and a tenth. At those prices, I wouldn't expect much change in corporate cybersecurity budgets.

top

- and -

Cyber in top 5 business risks (Intelligent Insurer, 14 Jan 2015) - The risk of cyber crime and IT failures has continued its rapid rise, moving into the top five business risks globally for the first time. This is according to Allianz's risk barometer, which added that in Germany, the UK and the US cyber risks are among the top three corporate risks. Globally, cyber crime was ranked as the eighth business risk in 2014 and 15th in 2013.

top

- and -

Here's how insurance will respond to the Sony cyber hack (Insurance Business, 14 Jan 2015) - The Sony Pictures cyber attack of seven weeks ago represented a game-changer in the recent string of data breaches that have plagued high-profile companies like Target, Home Depot and Dairy Queen. With repercussions ranging from entertainment industry rumors to potential matters of national security, the breach was a strong reminder of just what's at risk when hackers attack. It was also a test of the strength of cyber liability insurance. Though cyber insurance products have been circulating since the mid-1990s, industry analysts have expressed concern that low levels of loss data and widespread appetite for the risk may lead to insufficient pricing. And in the wake of a particularly large event-like the Sony hack-would policy limits be enough? In this case, the answer appears to be yes. Sony Pictures CEO Michael Lynton revealed this week that the cyber attack would be completely covered by insurance and will not mean any more cost-cutting for the company. "I would say the cost is far less than anything anybody is imagining and certainly shouldn't be anything that is disruptive to our budget," Lynton told Reuters. Though declining to reveal the exact cost of the breach, he confirmed it is "well within the bounds of insurance." The attack reached into huge amounts of data, including email, sensitive employee data and pirated copies of new movies, and famously limited the release of the comedy "The Interview"-which depicts the assassination of North Korean leader Kim Jong-Un-to independent theaters and video-on-demand services. All told, some experts have put the cost of the breach at $100 million. That figure could include computer repair or replacements, lost productivity and any steps taken to improve security and prevent a future attack. According to Lynton, cyber insurance will cover all such expenses.

top

- and -

Treasury official advocates for cyber insurance (Manatt, 15 Jan 2015) - Reflecting the continued regulatory focus on cyber risks, Deputy Secretary of the Treasury Sarah Raskin has some advice for banks: buy cyber insurance. Speaking at the Texas Bankers' Association Executive Leadership Cybersecurity Conference, Raskin said the lesson from recent high-profile data breaches (including JPMorgan Chase's 83 million hacked records) should be consideration of cyber risk insurance. In addition to the financial recovery the insurance can provide, the underwriting process itself can help financial institutions more adequately assess their risk level and cybersecurity controls, she said. Focusing her remarks on the cybersecurity of the nation's banks, Raskin first explained the mission of the U.S. Department of the Treasury: "Our ultimate goal is to instill confidence and show that the government - working in appropriate collaboration with the private sector - is defending the American public from damage caused by cyber attacks." To that end, Raskin provided a checklist with ten questions for CEOs, with concrete steps for banks to take before an attack occurs. The road map began with some baseline protections intended to prevent penetration of networks and systems as well as limit damage in the event of unauthorized access.

top

NJ law requires insurers to encrypt (Gov Info Security, 12 Jan 2015) - A New Jersey law that will go into effect in July requires health insurers in the state to encrypt personal information that they store in their computers - a stronger requirement than what's included in HIPAA. The new law, signed by N.J. governor Chris Christie last week, was triggered by a number of health data breaches in the state, including the 2013 Horizon Blue Cross Blue Shield of New Jersey breach affecting 840,000 individuals. That breach involved the theft of two unencrypted laptops. The new law states: "Health insurance carriers shall not compile or maintain computerized records that include personal information, unless that information is secured by encryption or by any other method or technology rendering the information unreadable, undecipherable, or otherwise unusable by an unauthorized person.

top

First day of class for hybrid JD (InsideHigherEd, 13 Jan 2015) - William Mitchell College of Law's hybrid J.D. program -- the first of its kind to be approved by the American Bar Association -- launched on Monday with 85 students. The four-year program blends online courses with nine scheduled campus visits and externships in the students' communities. The college also offers a traditional J.D. program. "The aspiring lawyers are medical doctors, college professors, bankers, baggage handlers, mothers and fathers, from 31 states and two countries," the college said in a press release. "They range in age from 22 to 67. At least 35 have advanced degrees -- including 14 M.B.A. degrees, five medical doctors and five Ph.D. degrees. Forty-five percent of the students are women and 19 percent are people of color."

top

Johnson & Johnson will make clinical data available to outside researchers (NYT, 15 Jan 2015) - The health care giant Johnson & Johnson has agreed to make detailed clinical trial data on its medical devices and diagnostic tests available to outside researchers through a collaboration with Yale University , making it the first large device manufacturer to systematically make such data public. The announcement came on the same day that the Institute of Medicine, of the National Academy of Sciences, called on all sponsors of clinical trials to share detailed study data with outside researchers and recommended that such data be made available within 30 days of a product's approval. The dual developments are part of a broader shift toward making clinical trial data more publicly available and follows years in which the industry resisted calls to share its research with outsiders, claiming such moves would expose trade secrets and violate patient privacy. Medtronic , another large device maker, had previously allowed Yale to evaluate data on a controversial spinal treatment, but the agreement with Johnson & Johnson is the first time a device manufacturer has made data available in a systematic way. "I think what's remarkable is that we are now seeing very basic principles of the responsible conduct of research - which should best serve society - becoming mainstream by a whole range of organizations, including industry," said Dr. Harlan M. Krumholz, a longtime advocate for data transparency who is director of the Yale University Open Data Access project, which is overseeing the Johnson & Johnson collaboration. In a policy that takes effect this year, the European Medicines Agency, which oversees drug approvals in Europe, will publish detailed study data for every newly approved drug, and the American and European pharmaceutical trade groups have issued policies favoring data sharing. But adoption by individual companies has been sporadic, and their policies on making their data public vary widely.

top

Wolfram|Alpha iOS app is a Swiss Army Knife for lawyers (Robert Ambrogi, 15 Jan 2015) - If ever there was a Swiss Army knife of an app for lawyers, it is the Wolfram Lawyer's Professional Assistant . This multi-function app for iPad and iPhone can perform calendar computations, fee calculations, settlement calculations, interest-rate calculations and more. Use it to research historical weather information or population demographics. Look up legal terms and statutes of limitation. The list of what it can do goes on. * * * [ Polley : NO! - I usually like Ambrogi's postings and have trusted his recommendations. If you trust mine, don't waste your time/$ on this app.]

top

California Bar offers a reason to keep your website and blog separate (MyShingle, 16 Jan 2015) - Should a law firm blog be incorporated into a website or function as a freestanding entity? That's a question that's been asked almost since the beginning of time, with at least two experts - Sam Glover and Kevin O'Keefe endorsing separation for a variety of different reasons. But now, a recent California ethics decision offers yet another reason for lawyers to maintain their blog's independence. The California decision addresses whether blogs constitute advertising, and analyzes a couple of different fact patterns. The California bar concludes that a freestanding blog offering informational or educational materials that is free standing, intended to enhance the lawyer's education in the community and doesn't include any "call us now for help" solicitations is not subject to bar advertising rules. By contrast, that same blog, if included as part of a law firm website would be deemed advertising essentially be association and subject to the same regulations as the parent site.

top

Need some espionage done? Hackers are for hire online (NYT, 16 Jan 2015) - A man in Sweden says he will pay up to $2,000 to anyone who can break into his landlord's website. A woman in California says she will pay $500 for someone to hack into her boyfriend's Facebook and Gmail accounts to see if he is cheating on her. The business of hacking is no longer just the domain of intelligence agencies, international criminal gangs, shadowy political operatives and disgruntled "hacktivists" taking aim at big targets. Rather, it is an increasingly personal enterprise. At a time when huge stealth attacks on companies like Sony Pictures, JPMorgan Chase and Home Depot attract attention, less noticed is a growing cottage industry of ordinary people hiring hackers for much smaller acts of espionage. A new website, called Hacker's List, seeks to match hackers with people looking to gain access to email accounts, take down unflattering photos from a website or gain access to a company's database. In less than three months of operation, over 500 hacking jobs have been put out to bid on the site, with hackers vying for the right to do the dirty work. It is done anonymously, with the website's operator collecting a fee on each completed assignment. The site offers to hold a customer's payment in escrow until the task is completed. In light of the novelty of the site, it's hard to say whether it violates any laws. Arguably some of the jobs being sought on Hacker's List - breaking into another person's email account - are not legal. The founders of Hacker's List, however, contend that they are insulated from any legal liability because they neither endorse nor condone illegal activities. The website includes a 10-page terms and conditions section to which all users must agree. It specifically forbids using "the service for any illegal purposes." Some experts say it is not clear whether Hacker's List is doing anything wrong in serving as a meeting ground for hackers and those seeking to employ them. The website, which is registered in New Zealand, is modeled after several online businesses in which companies seeking freelancers can put projects out to bid. Some have compared the service to a hacker's version of the classified advertising website Craigslist. Hacker's List even has a Twitter account (@hackerslist), where it announces the posting of new hacking assignments. Still, the three founders of Hacker's List are not willing to go public with their own identities - at least not yet.

top

Google goes public with more Windows bugs (Computerworld, 16 Jan 2015) - Google this week let fly two new disclosures of Windows vulnerabilities before Microsoft was able to patch them, marking the third and fourth times it's done so in the past 17 days. The bugs were revealed Wednesday and Thursday on Google's Project Zero tracker. The more serious of the two allows an attacker to impersonate an authorized user, and then decrypt or encrypt data on a Windows 7 or Windows 8.1 device. Google reported that bug to Microsoft on Oct. 17, 2014, and made some background information and a proof-of-concept exploit public on Thursday. Project Zero is composed of several Google security engineers who investigate not only the company's own software, but that of other vendors as well. After reporting a flaw, Project Zero starts a 90-day clock, then automatically publicly posts details and sample attack code if the bug has not been patched. The team's previous disclosures of Windows bugs -- one on Dec. 29, 2014, the second on Jan. 11, 2015 -- led Microsoft to blast Google for putting its Windows customers at risk because neither vulnerability had been patched by the deadlines.

top

US Drug Enforcement Agency halts huge secret data program (Reuters, 16 Jan 2015) - The U.S. Drug Enforcement Administration has halted a secret, nearly 15-year program that collected virtually all data on international calls between the United States and certain countries, according to documents and officials familiar with the matter. The sweeping bulk DEA database program was stopped in September 2013, shortly after elements were revealed by Reuters and then The New York Times, according to a redacted court filing made public on Thursday and U.S. officials. The program, run by DEA's Special Operations Division, collected international U.S. phone records to create a database primarily used for domestic criminal cases - not national security investigations, according to records and sources involved. DEA shared this information with other law enforcement agencies, including the FBI, IRS, Homeland Security, and intelligence agencies, according to records reviewed by Reuters. "The American people deserve to know that the DEA engaged in the bulk collection of their international phone records in routine criminal investigations without judicial review," said Democratic Senator Patrick Leahy, who had urged the DEA to end the program. A Justice Department spokesman said on Friday that the DEA no longer collects the data and that "all of the information has been deleted." Two people briefed on the DEA program said that it began in the late 1990s. Records show it involved the use of administrative subpoenas, which can be issued by federal agents - rather than grand jury subpoenas, which must be approved by prosecutors, or search warrants, which must be approved by a federal judge. The court document made public on Thursday was an affidavit by a DEA official in an export violations case against Shantia Hassanshani, arrested in Los Angeles in 2013. In that case, DEA officials linked a phone number in Iran to a Google Voice number assigned to Hassanshani. His lawyer was not available for comment.

top

- and -

License plate data lets cops spy on US drivers at record rates (GigaOM, 27 Jan 2015) - A new investigation shows the scale of surveillance on U.S. highways is more extensive than many previously imagined, thanks to a license plate database that allows federal and local law enforcement to watch cars and even drivers in real time. According to documents reviewed by the Wall Street Journal , the database was created by the Drug Enforcement Agency to track cartel activity, but it soon came to comprise millions of records that are regularly shared with police forces across the country: The Justice Department has been building a national database to track in real time the movement of vehicles around the U.S., a secret domestic intelligence-gathering program that scans and stores hundreds of millions of records about motorists […] The DEA program collects data about vehicle movements, including time, direction and location, from high-tech cameras placed strategically on major highways. Many devices also record visual images of drivers and passengers, which are sometimes clear enough for investigators to confirm identities. The database was created to help the DEA carry out civil forfeitures , a controversial practice that involves taking cash, vehicles and property from individuals suspected of ties to drug-related activity without basic due process. But soon all sorts of state and local law enforcement groups joined into the effort, tapping into the database for a wide variety of purposes, according to the Journal.

top

- and -

Surveillance and the chilling effect on speech (MLPB, 28 Jan 2015) - Margot E. Kaminski, Ohio State University Law School & Yale University Law School, and Shane Witnov, University of California, Berkeley, School of Law, have published The Conforming Effect: First Amendment Implications of Surveillance, Beyond Chilling Speech in volume 49 of the University of Richmond Law Review (2015). Here is the abstract: First Amendment jurisprudence is wary not only of direct bans on speech, but of the chilling effect. A growing number of scholars have suggested that chilling arises from more than just a threat of overbroad enforcement - surveillance has a chilling effect on both speech and intellectual inquiries. Surveillance of intellectual habits, these scholars suggest, implicates First Amendment values. However, courts and legislatures have been divided in their understanding of the extent to which surveillance chills speech and thus causes First Amendment harms. This article brings First Amendment theory into conversation with social psychology to show that not only is there empirical support for the idea that surveillance chills speech, but surveillance has additional consequences that implicate multiple theories of the First Amendment. We call these consequences "the conforming effect." Surveillance causes individuals to conform their behavior to perceived group norms, even when they are unaware that they are conforming. Under multiple theories of the First Amendment - the marketplace of ideas, democratic self-governance, autonomy theory, and cultural democracy - these studies suggest that surveillance's effects on speech are broad. Courts and legislatures should keep these effects in mind.

top

Google is now a more trusted source of news than the websites it aggregates (Quartz, 20 Jan 2015) - Here is some sobering news for anyone in the journalism industry: Online search engines have overtaken traditional media as the most trusted source for general news and information, according to a global survey of 27,000 people by Edelman, a public relations firm. The trust gap between traditional media and search engines is even more pronounced among millennials. The biggest search engine is, of course, Google. And the striking thing is that Google does not actually report on anything, but instead serves up links to stories on a mix of other sites that users, apparently, trust less than the aggregator itself. The search engine also serves, for better or worse, as the simplest and quickest way to find most things online, including news. (Yahoo, its smaller rival, has been getting into direct content creation, including news.) Getting an at-a-glance look at a wide range of stories deemed relevant by a search-engine algorithm-be they from traditional news outlets, blogs, advertisements, and much else besides-is more comforting to the curious reader, it seems, than simply pulling up a single news outlet's site (or indeed picking up a newspaper or turning on the TV). Perhaps more reassuring, from the journalist's perspective, is that traditional media are still more trusted than the flotsam and jetsam on social media, according to the study, although faith in the latter is rising quickly. At the same time, big social media sites like Facebook are becoming increasingly important sources of referral traffic for traditional media sites. So the lines are increasingly blurry there as well.

top

Every Khan Academy course is now available on the iPad for the first time (The Verge, 20 Jan 2015) - Two technology trends are inescapable: people want to do everything online, and they want to do those things on a mobile device. Education and learning are no exception - online universities and other teaching aids have proliferated in the last decade, and tablets like the iPad have often been lauded as highly useful (albeit expensive) teaching tools. Not-for-profit organization Khan Academy has the first part of that equation down - it was started in 2008 to provide learning tools, videos, and exercises to anyone who wanted them, for free. And while Khan Academy has had an iOS app since 2012, it has typically not offered the full experience found on its website. All of its videos were available, but none of its thousands of training exercises were offered to iOS users. That all changes today with the introduction of a completely redesigned app for the iPad - now, everything that lives on the site is also available to iPad users. That includes some 150,000 learning exercises, content that product director Matt Wahl said was "where the majority of people spend their time on Khan Academy today." Rather than just port all of the exercises to the app, Khan Academy took the time to add some iPad-specific features to make the experience fit the platform better. When looking at a demo for some geometry questions, Wahl showed me how you could touch and manipulate geometric figures to help answer the questions. Another math-specific feature coming to the iPad app is the so-called "friendly guide." The guide analyzes the questions you answer correctly and incorrectly as well as how long it takes you to answer and then suggests other exercises that'll help you in areas you're not as strong with. And all your progress now gets synced back and forth between the iPad and the desktop, as long as you log in with a Khan Academy account.

top

HarvardX for alumni (InsideHigherEd, 21 Jan 2015) - In the spring of 2014 HarvardX and the Harvard Alumni Association launched HarvardX for Alumni . If HarvardX is new to you, as it was to many of our alumni, it is a University-wide strategic initiative to enable our faculty to build and create online learning experiences that would also transform residential learning and enable groundbreaking research in online pedagogies. Much of the HarvardX online offerings are distributed by edX , the Harvard and MIT founded MOOC platform. Why should the rich community of learning that so many alumni cherish end with graduation? Indeed, this was an opportunity to redefine the idea of life-long learning as a life-long relationship with Harvard. To meet his vision, the resulting HarvardX for Alumni, a 4-month 'beta' that blended online and in-person experiences, took advantage of new learning technologies to engage alumni who wanted to keep on learning---together---thereby growing and evolving their personal networks. Over this past summer we had the time to crunch the data, reflect, and share our observations on the experimental endeavor. With nearly 15,000 alumni (over 20,000 when guests are included) registrations via Harvard's alumni website and over 10,000 (12,000 with guests) completed enrollments (those who went on to take the course) on the edX platform, HarvardX for Alumni is one of the largest centralized Harvard alumni programs, in terms of participation, to date. Moreover, in addition to the online elements, HarvardX for Alumni also took advantage of the Harvard club network (essentially facilitating meet-ups so alumni could watch and discuss courses together in real time) and sent the faculty involved to select clubs for in-person talks. This first expression of the program was an important experiment: we presented it to our alumni, clubs, and internal stakeholders as a way to explore, together, how to think about digital engagement. * * *

top

European law gives a more expansive reading, alas, to jurisdiction over Internet activities (David Post on Volokh Conspiracy, 22 Jan 2015) - A few days ago I noted a recent California Court of Appeal ruling holding that an Internet posting (on a Facebook page, in that instance) that was accessible in California and caused harm to California residents was not a sufficient basis for finding that the defendant was subject to the personal jurisdiction of the California courts. As I pointed out, this ruling continued a trend in US courts rejecting the more expansive "effects test" for personal jurisdiction - a test that in my view is a "a wildly inappropriate doctrine for the Internet Age; if you're subject to jurisdiction where the "effects" of your actions or communications are felt, then given that the "effects" of communications over the Internet can plausibly be felt everywhere and anywhere, simultaneously and instantaneously, the [effects test] has the potential to nullify any and all limits on personal jurisdiction and subject everyone to jurisdiction everywhere - not a reasonable outcome." Interestingly, along comes the European Court of Justice with a ruling endorsing (at least in the copyright context) this very test (and, therefore, that unreasonable outcome). [The opinion in the case, Hejduk v EnergieAgentur.NRW GmbH, is available here; people unfamiliar with reading CJEU decisions might find Martin Husovec's excellent summary write-up easier to digest and understand]. In short, because the allegedly infringing content was available on a website that was accessible in Austria (the plaintiff's country of residence, and the location of the court in which she sued), the damage occurred in Austria, and jurisdiction over the action is proper in Austria. The "targeting" or "purposeful availment" requirement that is so central to U.S. law before a court can find jurisdiction doesn't apply: * * *

top

Amazon announces self-publishing program for education (InsideHigherEd, 24 Jan 2015) - Retail giant Amazon wants to attract more academics to self-publish their textbooks through the Kindle Direct Publishing (KDP) program, and on Thursday, the company announced KDP EDU , a division of that program focused on education. Scholars who choose to self-publish through the program can use Amazon's software, called the Kindle Textbook Creator, to convert their work into files readable on the Kindle app, which is available on most smartphones, tablet and computers. The app enables students to highlight text, add notes and quickly look up dictionary definitions within their textbooks.

top

How to subpoena information from Facebook and other social networks (Lawyerist, 26 Jan 2015) - So is social media information accessible via civil subpoena? Who knows. Courts are all over the place with it. That said, Keith Lee reviews the relevant law and links to subpoena information for all the popular social networks in his "Social Media Subpoena Guide, 2015 Edition."

top

Privacy and data security moving up on the list of issues in M&A transactions (Inside Counsel, 27 Jan 2015) - Privacy and data security issues do not yet loom large on M&A parties' radar screens, but the regulatory environment and customers might soon change that. About two-thirds of the respondents in Dykema's 10th annual M&A survey said that cybersecurity ranks about the same this year in terms of their due diligence focus, but the other third is paying more attention this year than last.

The field is broad and the environment is changing, so M&A professionals could be forgiven for wondering which issues should be on their radar. Here are some issues that often escape attention but can be major problems if not addressed early and well. * * * [ Polley : The ABA's Cyberspace Law Committee is working on a comprehensive M&A cybersecurity guide, at DHS's invitation. For more info, or to get involved, contact Roland Trope .]

top

Drone maker updates firmware on all drones to stop any flights in DC (Techdirt, 29 Jan 2015) - You may have heard the news recently about how a drunk employee of the National Geospatial-Intelligence Agency (can't make this crap up) accidentally flew a DJI Phantom II drone onto White House property, leading to a general collective freakout over the security implications of these personal helicopters. In response to this, President Obama has called for more drone regulations -- which may or may not make sense -- but it needs to be remembered that the FAA has been refusing to actually release any rules for quite some time. But beyond the call for regulations, the drone's maker, DJI has decided to do a little self-regulation in the form of automatically pushing out some new firmware that blocks the drone from flying in downtown DC: "The updated firmware (V3.10) will be released in coming days and adds a No-Fly Zone centered on downtown Washington, DC and extends for a 25 kilometer (15.5 mile) radius in all directions. Phantom pilots in this area will not be able to take off from or fly into this airspace."

top

Law firm founds project to fight revenge porn (NYT, 29 Jan 2015) - A California law student and a Virginia man dated for about six months after meeting through an online dating service. The fallout from the breakup, however, has gone on far longer, as the former boyfriend faces federal criminal charges over posting nude selfies and a sexually explicit video of the woman on pornographic websites. Now the former boyfriend has a new problem: A big law firm recently has come to the law student's aid and is suing him in federal court in Los Angeles. The woman's lawsuit , filed under a pseudonym to protect her privacy, seeks damages for violating United States copyright law by posting the video and photos without her permission and also causing her emotional distress. The lawsuit reflects a battle line that is being drawn in an age when it is not uncommon for couples to share nude photos digitally, and just as easy for a jilted lover to find a pornographic website willing to post them online. The litigation is the handiwork of a new initiative by K&L Gates, a Pittsburgh-based law firm. Begun in late September, its Cyber Civil Rights Legal Project has roughly 50 lawyers at the firm volunteering their time. The "Jane Doe" complaint filed on behalf of the law student is among the first lawsuits filed by the K&L clinic, which is working with about 100 victims of "revenge porn," a type of online harassment that involves the non-consensual posting of sexually explicit material - often involving a former girlfriend or a spouse. The program is believed to be the first of its kind at a major United States law firm and is led by David A. Bateman, a partner in the firm's Seattle office, and Elisa J. D'Amico, a litigator in the firm's Miami office. Most of its clients come through the program's website or referrals from two national advocacy groups for victims of revenge porn, the Cyber Civil Rights Initiative and Without My Consent.

top

New web service serves as 'ethics ER' for lawyers (Robert Ambrogi, 29 Jan 2015) - A former American Bar Association ethics lawyer has launched a web service that serves as an "emergency room" for lawyers who need immediate assistance with legal ethics issues. The site, ER for Lawyers , provides ethics research to lawyers nationwide. The site's founder, Kathryn A. Thompson, is an Illinois lawyer who formerly served eight years as ETHICSearch counsel for the ABA's Center for Professional Responsibility . There, she fielded ethics hotline inquiries from lawyers, judges and other legal professionals. The site is the first-ever privately operated nationwide ethics research service for attorneys, Thompson says. Lawyers can use ER for Lawyers to request research on any topic related to legal ethics and professional responsibility. Thompson will research the issue and provide a memo reporting her conclusions (for a fee, of course). Thompson is careful to say that she does not provide legal advice, only research: ER for Lawyers assists attorneys in identifying and researching the ethics issues relevant to their particular fact pattern. Our work product is intended to provide a form of self-help to lawyers and does not advocate a particular course of conduct. Thus, ER for Lawyers does not advise attorneys regarding the use or legal effect of the research, recommend a specific course of action to follow or express an opinion on whether a lawyer's described or alleged conduct constitutes a violation of a state's rules of professional conduct. If that paragraph sounds as if it was written by an ethics lawyer, then I suppose that's a good thing in this context. The site goes on to suggest that lawyers consider retaining legal counsel in their jurisdiction if they find themselves "unable to understand, assimilate or apply the information set forth in the research report."

top

RESOURCES

ICYMI: Casetext - free legal research and online lawyer community (JurisPage, 26 Nov 2014) - In the past we've reviewed free legal research tools like Google Scholar . Upon the launch of Google Scholar, many attorneys (myself included) thought it would be an amazing free resource that could potentially diminish Westlaw and Lexis' stranglehold on the legal research market. But Google Scholar never added the headnotes / Shepardizing features that Westlaw and Lexis Nexis have that make them so valuable. The manpower that Westlaw and Lexis have, with its army of legal research slaves, is far superior to the un-annotated case text of Scholar. And though Scholar is free, sifting through cases to find relevant points of law is just not an efficient use of time. People pay Westlaw and Lexis because they make finding the right case easy. So is there a free, good-quality legal research source out there that has a library of annotations and a large case database? Yep. It's called Casetext. Casetext is a legal research platform and online community with over five million cases, an ever-expanding library of case briefs, and a very large, active user community. Casetext is a legal research resource that provides case summaries, key facts of each case, annotations provided by its crowdsourced community of over 200,000 visitors each month (think Wikipedia for case law), and advanced search tools. Oh yeah, and it's free. "Our goal is to make all the world's laws free and understandable," said co-founder Jake Heller. They're on their way - Casetext has nearly all federal cases, and many state law cases free for the public and searchable through an open legal research database. Although PACER should have done this, Casetext is actually making it happen. [ Polley : MIRLN will be integrated in Casetext.]

top

Teaching with technology (InsideHigherEd, 28 Jan 2015) - Inside Higher Ed is pleased to release Teaching With Technology , our latest compilation of articles. The booklet is free and you may download a copy here . And you may sign up here for a free webinar on Feb. 17 at 2 p.m. Eastern about the themes of the booklet. From the booklet: The use of technology to deliver instruction is an idea whose time has come - though the extent of its use varies greatly. At some institutions, professors do little more than use learning management systems to record attendance and grades and to communicate with students. At the other end of the scale, millions of students study entirely online. For the great middle, though, professors are increasingly using their LMS and other technology tools to do things that don't simply replace paperwork. They are bringing together students from across the country or around the world. They are "flipping the classroom" and using class time for group work or student presentations, rather than for lecture. They are using simulations, videos and an ever-growing list of tools. And they are doing so in courses that are entirely online, entirely in person and in hybrid formats. As students, faculty members, and institutions evaluate various approaches to teaching with technology, tough questions are being asked about effectiveness. Not only do colleges look for efficiencies and cost savings, but they want to see demonstrable impact on retention and completion rates. With colleges facing more and more pressure on those statistics, choices about technology strategies matter more than ever.
The articles in this compilation show a range of strategies used by very different kinds of institutions, and with varying degrees of success. There are no silver bullets, but there are lots of promising experiments. Inside Higher Ed will continue to track these issues and we welcome your reactions to these articles and your suggestions for other areas of coverage.

top

DIFFERENT

Giving away 'The Story of Civilization' (InsideHigherEd, 19 Jan 2015) - This weekend I gave away The Story of Civilization. These books have followed me over 3 states, 4 moves, and the raising of 2 children. Every year I mean to crack into the 11 volume set. Each year I failed. I had purchased the full series at a used bookstore (for maybe $100 bucks) back in 1997, and it has sat on my bookshelf ever since. [ Polley : I've read 9.5 of the 11 volume set, making steady progress. Beautiful prose, with wit, erudition, and humor.]

top

LOOKING BACK - MIRLN TEN YEARS AGO

(note: link-rot has affected about 50% of these original URLs)

Google finds its map service (CNET, 8 Feb 2005) -- In its latest play in the ongoing search wars, Google on Tuesday quietly launched a beta site for a new map service. Google Maps offers maps, driving directions and the ability to search for local businesses. The search giant appears to be working with TeleAtlas for the mapping products. Neither Google nor TeleAtlas could be reached for comment. The service offers a few tweaks to standard mapping products. Someone using the service can click and drag the maps, instead of having to click and reload, for example, and magnified views of specific spots pop up in bubbles. The new map service supports Internet Explorer and Mozilla browsers. It covers the United States, Puerto Rico and parts of Canada. The ongoing search battles between Google and companies like Yahoo and Microsoft have led to new features and enhancements coming out almost weekly. Localization and mapping products have been a particular focus because they're popular with advertisers. Even Amazon.com has gotten into the game, offering a service through its A9.com search unit that shows digital photos of storefronts in its U.S. business listings.

top

U.S. agencies earn d-plus on computer security (SiliconValley.com, 16 Feb 2005) -- The overall security of computer systems inside the largest U.S. government agencies improved marginally since last year but still merits only a D-plus on the latest progress report from Congress. The departments of Transportation, Justice and the Interior made remarkable improvements, according to the rankings, which were compiled by the House Government Reform Committee and based on reports from each agency's inspector general. But seven of the 24 largest agencies received failing grades, including the departments of Energy and Homeland Security. The Homeland Security Department encompasses dozens of agencies and offices previously elsewhere in government but also includes the National Cyber Security Division, responsible for improving the security of the country's computer networks. ``Several agencies continue to receive failing grades, and that's unacceptable," said Rep. Tom Davis, R-Va., the committee's chairman. ``We're also seeing some exceptional turnarounds." Davis said troubling areas included lax security at federal contractor computers, which could be used to break into government systems; a lack of contingency plans for broad system failures and little training available for employees responsible for security. The Transportation Department improved from a D-plus to an A-minus; the Interior Department, which failed last year, improved to a C-plus; and the Justice Department rose from a failing grade to B-minus. The poor grades effectively dampen efforts by U.S. policy makers to impose new laws or regulations to compel private companies and organizations to enhance their own security. Industry groups have argued that the government needs to improve its own computer security before requiring businesses to make such changes.

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, http://www.sans.org/newsletters/newsbites/

4. NewsScan and Innovation, http://www.newsscan.com

5. Aon's Technology & Professional Risks Newsletter

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. Steptoe & Johnson's E-Commerce Law Week

8. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

9. The Benton Foundation's Communications Headlines

10. Readers' submissions, and the editor's discoveries

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

No comments: