Saturday, July 09, 2011

MIRLN --- 19 June 2011 - 9 July (v14.09)

I'm moderating a 90-minute July 26 webinar by SMU, Univ of Texas, and the InternetBar.org on ODR - "The Future Of Justice: How Technology is Shaping the Dispute Resolution Ecosystem". Panelists include Ethan Katsh and Prof. Vikki Rogers; $10 registration ends July 10; $49 thereafter. Join us! http://bit.ly/mzH2Of

NEWS | PODCASTS | RESOURCES | LOOKING BACK | NOTES

Catch Me If You Can (Law Tech News, 1 June 2011) - Could Matthew Kluger, a mergers and acquisitions attorney arrested on April 6, 2011, on charges of insider trading, have been caught before he did so much damage? That was the disturbing question CIOs discussed behind closed doors at many law firms this spring. Although it's possible to discover the kind of information theft that Kluger allegedly committed, the odds are stacked against it, say CIOs, software vendors, analysts, and IT security experts. That has law firms increasingly worried. Kluger's is just the latest in a string of law firm insider trading cases over the last two years, but it has ratcheted up the level of concern throughout BigLaw. Perhaps it's because the case involved three of the most respected firms in the world: Cravath, Swaine & Moore; Skadden, Arps, Slate, Meagher & Flom ; and Wilson Sonsini Goodrich & Rosati. If it happened to them, it could happen to any law firm. What, exactly, happened? Kluger and two accomplices - a Wall Street trader and a mortgage broker - allegedly stole and traded on material nonpublic information about M&A deals over a period of 17 years, according to federal authorities. The trio, facing charges from the U.S. Securities and Exchange Commission and the Department of Justice, allegedly made at least $32 million from the trades. At his most recent employer, Wilson Sonsini, Kluger took information from M&A deals he was not involved with (in an apparent effort to avoid detection), according to the charges. He got the information from the firm's document management system (DMS), say prosecutors. Kluger had access to information on M&A deals in Wilson Sonsini's DMS, but he did not open the documents - to avoid leaving an audit trail that could possibly expose the scheme, prosecutors assert. Instead, he conducted searches and perused titles. "Kluger looked for board resolutions, press releases, and merger agreements because the titles of these documents revealed that specific companies were involved in pending mergers and acquisitions," the charges state (http://1.usa.gov/ltn642). Could someone really get that much information without opening the documents? "Easy," says George Rudoy, CEO of Integrated Legal Technology. "Even with all the effort of organizing ethical walls, I have not heard nor seen firms locking the title of the documents. If you go directly into the document management system, you can read all the titles and in most cases you can read short descriptions even if the document is locked." Remember, when people fill out the titles of documents, they are thinking about how to make the document easier to find, not about how to conceal information. Even if the firm uses code names, as was the case in the Wilson Sonsini files, it's often easy to figure out the codes.

top

Law Firm Not Liable for Purchasing Competitor's Name as Keyword to Drive Traffic to Own Website (ABA Journal, 8 June 2011) - Once upon a time, when bus benches and the yellow pages offered some of the only ways to promote a personal injury firm effectively, competitors tried to crowd each other out or dominate the space with the biggest ad. It wasn't unheard-of to put a billboard up right next to another law firm's offices. And, now that the Internet provides another option, purchasing key words to drive traffic to a website is simply another form of acceptable proximity advertising, a Wisconsin judge has ruled. Although Habush Habush & Rottier had argued that it had a privacy right in the names of its name partners, Milwaukee County Circuit Judge Charles Kahn Jr. effectively told the plaintiff personal injury firm, "Welcome to the 21st century," reports the Milwaukee Journal-Sentinel. While there may be a privacy issue, Kahn held, another law firm's purchase of the names Habush and Rottier as advertising key words on the Internet is a reasonable commercial use. The Habush firm plans to appeal today's ruling, as competitor Cannon & Dunphy celebrated its victory. Kahn was somewhat sympathetic to an argument that it is unethical for a law firm to misrepresent itself by using another law firm's name. However, he said there is no ethical prohibition, at present, against doing so. "The time may come when a legislature, regulatory board or supreme court determines that the conduct at issue in this case is deceptive and misleading and therefore improper," he wrote. "But no such body has yet drawn this conclusion." [Editor: I think I agree that overriding ethical concerns should cause a different result. For good, albeit 15-month-old, summary of social media legal ethics/practice issues look at: http://solopracticeuniversity.com/2010/03/11/a-dozen-social-media-ethics-issues-for-lawyers/ ]

top

NATO Uses Twitter to Help Gather Targets in Libya (Mail & Guardian, 16 June 2011) - NATO is using information gleaned from Twitter to help analysts judge which sites could be targeted by commanders for bombing and missile strikes in Libya. Potentially relevant tweets are fed into an intelligence pool then filtered for relevance and authenticity, and are never passed on without proper corroboration. However, without "boots on the ground" to guide commanders, officials admit that Twitter is now part of the overall "intelligence picture". They said Nato scooped up all the open source information it could to help understand Gaddafi, who is constantly changing his tactics and concealing himself -- and his forces -- in places such as schools and libraries. [NATO] monitors Twitter feeds from Tripoli and other places for "snippets of information". These could then be tested, corroborated or not, by Nato's own sources, including direct lines of communication with the rebels, and imagery and eavesdropping from Nimrod spy planes. Nato is also aware that Gaddafi might be using Twitter to feed false information. "We have to be careful it is not used for propaganda [by Gaddafi's forces]," the Nato official said.

top

Court: Passwords + Secret Questions = 'Reasonable' eBanking Security (June 17, 2011) - A closely-watched court battle over how far commercial banks need to go to protect their customers from cyber theft is nearing an end. Experts said the decision recommended by a magistrate last week - if adopted by a U.S. district court in Maine - will make it more difficult for other victim businesses to challenge the effectiveness of security measures employed by their banks. In May 2009, Sanford, Maine based Patco Construction Co. filed suit against Ocean Bank, a division of Bridgeport, Conn. based People's United Bank. Pacto used online banking primarily to make weekly payroll payments. Patco said cyber thieves used the ZeuS trojan to steal its online banking credentials, and then heisted $588,000 in batches of fraudulent automated clearing house (ACH) transfers over a period of seven days. In the weeks following the incident, Ocean Bank managed to block or claw back $243,406 of the fraudulent transfers, leaving Patco with a net loss of $345,445. Because the available funds in Patco's account were less than the total fraudulent withdrawals, the bank drew $223,237 on Patco's line of credit to cover the transfers. Patco ended up paying interest on that amount to avoid defaulting on its loans. Patco sued to recover its losses, arguing in part that Ocean Bank failed to live up to the terms of its contract when it allowed customers to log in to accounts using little more than a user name and password. On May 27, a magistrate recommended that the court make Patco the loser by denying Pacto's motion for summary judgment and granting the bank's motion. A copy of the recommended decision is available here (PDF).

top

- and -

Bank Left Holding the Bag in Phishing Attack (Steptoe's E-Commerce Law Week, 7 July 2011) - The U.S. District Court for the Eastern District of Michigan has held Comerica Bank responsible for withdrawals made by a hacker who had "phished" a Comerica customer in order to gain access to the customer's accounts. Even though the customer's employee had fallen for the phishing trick - an email made to look like it was from the bank, which asked for confidential account information - the court held that the bank failed to prove that it had acted in accordance with "reasonable commercial standards" when it allowed the hacker's wire transfers to go through. Though the decision in ExperiMetal, Inc., v. Comerica Bank involves an interpretation of Michigan law, that law is based on the Uniform Commercial Code, meaning the decision will have at least persuasive effect in other states. This case underscores the importance for financial institutions of having well-developed procedures for detecting fraudulent transactions as part of their overall security programs. Until an effective means is developed to prevent phishing attacks altogether, some of the defense will need to focus on limiting the damage phishers can do once they are inside the bank's network.

top

What Big Media Can Learn From the New York Public Library (The Atlantic, 20 June 2011) - With all [recent] change -- not to mention a possible $40 million budget cut looming -- it would be no surprise if the library was floundering like the music industry, newspapers, or travel agents. (Hey, man, we all get disintermediated sooner or later.) But that's the wild thing. The library isn't floundering. Rather, it's flourishing, putting out some of the most innovative online projects in the country. On the stuff you can measure -- library visitors, website visitors, digital gallery images viewed -- the numbers are up across the board compared with five years ago. On the stuff you can't, like conceptual leadership, the NYPL is killing it. The library clearly has reevaluated its role within the Internet information ecosystem and found a set of new identities. Let's start from here: One, the New York Public Library is a social network with three million active users and two, the New York Public Library is a media outfit. The library still lends books, but over the past year, the NYPL has established itself as a beacon in the carcass-strewn content landscape with smart e-publications, crowdsourcing projects, and an overall digital strategy that shows a far greater understanding of the power of the Internet than most traditional media companies show. Biblion, a storytelling app whose iPad icon features the lion head, is the flashiest of these efforts. It presents a slice of the library's 1939 World Fair Collection in a format that, while controversial, pushed the traditional boundaries of the e-publication. Moving around the app doesn't feel like flipping through the pages of a museum catalog or crawling around a website. To me, it felt like a native application for the tablet era, a new form for the more spatial experience afforded by the tablet's touchiness. Even for those who didn't like the interface, the question had to be asked: this thing came out of a library? Then there is the library's slick crowdsourcing projects, which allow users to digitize beautiful old menus from New York's restaurants and plot historical maps of the city onto the GPS-enabled digital maps of today. Both projects are both useful and feature user interfaces that best most commercial crowdsourcing applications.

top

The North Carolina Bar's Double Standard for Data and Dollars (Carolyn Elefant, 20 June 2011) - Two months ago, North Carolina released Proposed Formal Ethics Opinion 6 , Subscribing to Software as a Service (SaaS) While Fulfilling the Duties of Confidentiality and Preservation of Client Property. As others, including my Social Media for Lawyers co-author Nicole Black, NC Bar LPM Advisor Eric Mazzone, e-lawyering pioneer Richard Granat and North Carolina virtual lawyer Steph Kimbro have already written, the decision represents a step backward for lawyers - and indeed, may have the effect of precluding lawyers from using popular services like Google docs, Mozy, email or texting even for entirely non-confidential purposes. It's bad enough that North Carolina's proposed opinion will make it nearly impossible for lawyers to take advantage of new technologies that could reduce the cost of legal service. But to add insult to injury, FEO 6′s stringent regulations applies only to use of SaaS (or cloud) vendor services, while giving online banking services for trust account management a pass, in an proposed opinion released the same day, FEO 7 Using Online Banking to Manage a Trust Account. Yet, there's no rational justification for North Carolina to maintain a double-standard for online management of client dollars and client data. North Carolina's proposed FEO 7 requires lawyers using online banking to exercise reasonable care, specifically, taking steps to minimize the risk of loss or theft of client money. Though the Opinion states that lawyers have an affirmative duty to understand the risks of online banking and to employ best practices such as strong password policies, the Opinion goes on to state that: "Understanding the contract with the depository bank and the use of the resources and expertise available from the bank are good first steps toward fulfilling the lawyer's fiduciary obligations." Simply put, lawyers can meet their ethics obligations by relying on banks as a trusted source of information regarding online banking security practices.
Contrast the bar's deferential approach towards online banking with its adversarial attitude towards SAAS companies. Lawyers can't simply rely on a cloud providers' expertise in security practices or on the company's representations regarding its security practices. Instead, lawyers are required (not encouraged, but required!) to:

  • personally, or through a security expert, evaluate the company's measures for safeguarding the physical and electronic security of data, including but not limited to "firewalls, encryption techniques, socket security features, and intrusion-detection systems."
  • investigate a cloud provider's financial history
  • review the cloud provider's security audits, and
  • install special security software to ensure that users connected to cloud vendors are protected against malware and viruses.

top

Expert Assesses Cyberinsurance Market: Demand, Prevention, Recovery (Insurance Journal, 20 June 2011) - Demand for cyberinsurance was rising even before the most recent highly-publicized parade of breaches at major corporations and organizations. After the news of the first major Sony hack but before the subsequent reports involving Sony, Citicorp, the International Monetary Fund and others, Insurance Journal spoke with an expert to gauge how the insurance market for this coverage is doing. James Whetstone, senior vice president and U.S. technology and privacy manager for insurer Hiscox Specialty, is a former technology geek and broker turned underwriter. Hiscox is one of the original underwriters of the coverage. Whetstone says there are almost 30 carriers now offering cyber liability coverage, some more seriously than others. He says these times of claims are when an insurer's commitment to a market can be tested, citing what he calls the "naive" capacity that exists. The coverage has evolved quickly- Whetstone compares the product's acceptance to that of employment practices liability (EPL) coverage- to where cyberinsurance is a "must-have" for most firms today. The underwriting has also changed. "We used to really focus our underwriting attention on how well they could prevent the breach, but we've added another phase to it," says Whetstone. "Not only can you prevent it, but if it happens, how quickly can you respond? Do you have a plan in place? Kind of like a disaster recovery plan or a business continuity plan. It's the same with this incident response plan."

top

Business Must Report Data Breaches to Public, EU Says (ZDnet, 21 June 2011) - Businesses in all sectors will have to tell customers when their data has been exposed in a security breach, EU justice and rights commissioner Viviane Reding has told a gathering of bankers in London. On Monday, Reding said she will extend the breach notification obligations that already apply to telecoms and internet access companies. Such plans have been afoot for at least the last three years. "I intend to introduce a mandatory requirement to notify data security breaches - the same as I did for telecoms and internet access when I was telecoms commissioner, but this time for all sectors, including banking and financial services," Reding said at the British Bankers' Association's Data Protection and Privacy Conference. In support of the proposals, Reding noted recent data thefts that have hit people using PlayStation, Google and Facebook services, saying that such breaches hurt confidence in the internet and in online services.

top

Survey: 90% of Companies Say They've Been Hacked (PC World, 22 June 2011) - If it sometimes appears that just about every company is getting hacked these days, that's because they are. In a new survey ( download .pdf ) of 583 U.S companies conducted by Ponemon Research on behalf of Juniper Networks, 90% of the respondents said their companies' computers were breached at least once by hackers over the past 12 months. Nearly 60% reported two or more breaches over the past year. More than 50% said they had little confidence of being able to stave off further attacks over the next 12 months. Those numbers are significantly higher than similar surveys and suggest that a growing number of enterprises are losing the battle to keep malicious intruders out of their networks. "We expected a majority to say they had experienced a breach," said Johnnie Konstantas, director of product marketing at Juniper. "But to have 90% saying they had experienced at least one breach and more than 50% saying they had experienced two or more, is mind blowing," she said. It suggests "that a breach has become almost a statistical certainty," these days. The organizations that participated in the Ponemon survey cut across both the private sector and government and ranged from relatively small entities with less than 500 employees to enterprises with more than 75,000. The online survey was conducted over a five-day period earlier this month. Roughly half of the respondents blamed resource constraints for their security woes, while about the same number cited network complexity as the primary challenge to implementing security controls. [Editor: see discussion in MILRN 14.08 under "Senators Ask SEC for Guidance on Information Security Risk Disclosure" et al. This is becoming a huge governance issue, I think.]

top

U. of Michigan Library Opens Up Orphan Works (InsideHighedEd, 23 June 2011) - The University of Michigan Library will announce today that it will be allowing authorized library patrons to access all of its digitized "orphan works" in full. Students and guests will now be able to access online any texts they would have been able to find in the stacks, Michigan officials said in a press release. This is the latest step in Michigan's attempts to identify and unlock the orphans -- books whose copyright holders cannot be found or contacted -- in its collection. The university announced last month that it is also working to identify more orphans among the millions of volumes held by HathiTrust Digital Library, a Michigan-based aggregator of university library collections. Other institutions are preparing making their own orphans available to authorized students and researchers, officials said in Wednesday's press release. In light of a federal court's recent rebuke of Google's attempts to sell broad access to orphan works through its controversial Google Books Project, experts have speculated that it may be up to Congress to determine how orphans can and cannot be used. Michigan is not waiting around to open up its own orphans to authorized users, a move that it sees as covered by the "fair use" exemptions to copyright law.

top

Facebook Friend Request to Exec of Represented Corp. May Violate Ex Parte Rule, Opinion Says (ABA Journal, 23 June 2011) - A lawyer who sends a Facebook friend request to executives of a corporation he or she knows is represented by counsel in a litigation matter is violating a legal ethics rule against ex parte communications with parties, the San Diego County Bar Ethics Committee held in an advisory ethics opinion (PDF) last month. However, "nothing in our opinion addresses the discoverability of Facebook ruminations through conventional processes, either from the user-represented party or from Facebook itself," writes the San Diego committee in its opinion. "The conclusion we reach is limited to prohibiting attorneys from gaining access to this information by asking a represented party to give him entry to the represented party's restricted chat room, so to speak, without the consent of the party's attorney. The evidentiary, and even the disciplinary, consequences of such conduct are beyond the scope of this opinion and the purview of this committee." The opinion is billed in a Recorder article as the first to address the issue. But prior ethics opinions in New York and Philadelphia have focused on similar Facebook friending concerns:

Lawyers Can't Friend Potential Witnesses Under False Pretenses, Ethics Opinion Says

Attorney Can't Ask 3rd Party to 'Friend' Witness on Facebook, Opinion Says

Friending a Naive Adverse Witness for Info Could Violate Ethics Rules

[Editor: Eric Goldman's blog also has a useful analysis of the San Diego holding: http://blog.ericgoldman.org/archives/2011/06/san_diego_count.htm]

top

What The Drake Prosecution Was Really About - IG Report Vindicates NSA Whistleblowers (Jesselyn Radack, Daily Kos, 23 June 2011) - The Department of Defense Inspector General just released a heavily redacted version of the Intelligence Audit "Requirements for the TRAILBLAZER and THINTHREAD SYSTEMS." NSA whistleblower Tom Drake served as a critical material witness during the investigation for this report. Drake's reward was an indictment under the Espionage Act. This Report is what the government's case against NSA whistleblower Tom Drake was really about. Drake would have been on trial this week had the Justice Department's case not crumbled two weeks ago in the face of negative judicial rulings and almost universally critical media coverage (chiefly inThe New Yorker and on 60 Minutes, The Washington Post, and Politico). The newly-released IG report completely vindicates Drake, and the Hotline complainants (former NSA officials J. Kirk Wiebe, Bill Binney and Ed Loomis, and former House Intelligence Committee staffer Diane Roark) who raised concerns that the National Security Agency (NSA) was trading the security of the American people for a undeveloped funding vehicle (Trailblazer) that needlessly invaded the privacy of Americans; all the while NSA rejected a viable, cheaper program (ThinThread) that contained privacy protections and was ready to deploy prior to 9/11. My organization, Government Accountability Project (GAP), represents Drake, Binney and Wiebe. [Editor: see discussion and related stories in MIRLN 14.07 about the Drake prosecution.]

top

Court Conducts In Camera Review of Plaintiff's Facebook Page to Resolve Discovery Dispute (Eric Goldman's blog, 24 June 2011) - Background: Discovery disputes over Facebook accounts and whether they are discoverable in civil cases are piling up. Courts and litigants continue to grapple with the central problem that even to the extent the information is properly discoverable, at least some portion of a litigant or party's Facebook's account deserves privacy protection and should also be protected by federal statutes such as the Stored Communications Act. On the other hand, an opposing litigant needs to get access to the Facebook profile in order to determine whether something contained in the account is relevant, in order to articulate a "likely to lead to the discovery of admissible evidence" argument. Courts have come up with interesting and mostly imperfect ways to solve this problem. In one case, a court suggested that the litigants "friend" the court so the court could review the contents of the account which would be visible to the witness's friends. (" Judge Offers to Facebook 'Friend' Witnesses in Order to Resolve Discovery Dispute. ") In this case, the court conducted an in camera review of the plaintiff's Facebook profile and determined what information was discoverable. * * * It still feels awkward that the court took the approach of actually logging in to plaintiff's Facebook account using plaintiff's password. Isn't this a violation of the Facebook terms of service? There's another issue lurking in the background of these disputes that courts will be forced to confront: can a party be forced to consent to disclosure of information that falls under the Stored Communications Act? No case has directly confronted this question, although one court has held that a party's default and fugitive status is not consent. (See " Being a Fugitive is Not Consent for Production under the Stored Communications Act .")

top

Lawsuit: Sony Laid Off Security Staff, Unprepared for PS3 Hacks (ArsTechnica, 24 June 2011) - A new class-action lawsuit has been filed against Sony that claims the company has been negligent with online security, leading to multiple hostile attacks and the loss of customers' private data. The suit claims that personal information-including credit card numbers and expiration dates-were taken from Sony's servers, and cites a number of confidential witnesses who claimed Sony's security was inadequate. Perhaps most damning is the claim that Sony laid off employees working in security before the attacks. "Sony was more concerned about their development server being hacked rather than some consumer's data being stolen," according to a confidential witness quoted in the complaint. "They want to protect themselves and not the people that use their servers." While Sony has always stressed that the company has no reason to believe credit information was compromised, the complaint treats the theft of credit card data as fact. The suit claims that Sony "spent lavishly to secure its proprietary development server containing its own sensitive information," while not providing nearly the same level of security for the information of its customers. The suit asks for "appropriate" restitution for class members, credit-monitoring services, and "exemplary damages" if its found that Sony acted in a reckless or negligent manner.

top

Companies Are Erecting In-House Social Networks (NYT, 26 June 2011) - What would Facebook look like without photos of drunken nights out and tales of misbehaving cats? It might look a lot like the internal social network at the offices of Nikon Instruments. The tone is decidedly businesslike, as employees exchange messages about customer orders, new products and closing deals. And the general rule is that "if you don't want your company president to see it, don't post it," said John G. Bivona, a customer relations manager at Nikon Instruments, which makes microscopes. As social networks increasingly dominate communications in private lives, businesses of all sizes - from tiny start-ups to midsize companies like Nikon to behemoths like Dell - are adopting them for the workplace. Although it is difficult to quantify how many companies use internal social networks, a number of corporate software companies have sensed the opportunity and offer various systems, some free to existing customers, others that charge a fee per user. It's one more instance of how consumer technology trends, like the use of tablet computers, are crossing into office life. Because of Facebook, most people are already comfortable with the idea of "following" their colleagues. But in the business world, the connections are between colleagues, not personal friends or family, and the communications are meant to be about work matters - like team projects, production flaws and other routine business issues. At Nikon, for example, which employs 500 people in offices throughout the United States, Canada and Brazil, a code of conduct for using the service leaves little room for the idle chit-chat that is pervasive on Facebook. Still, it can be tricky to transport the mores and practices of social networking into the office. For instance, some workers prefer to be "lurkers" who read posts rather than write them. Others are just not interested. At Symantec, the computer security company, a few employees initially disliked the idea of an internal social network, but nevertheless used it to air their complaints. Another issue is how to protect corporate secrets. The systems are generally set up so that companies can determine who sees particular files and who belongs to specific groups on the network. Yet problems still arise over where the data is ultimately stored. Some social network providers use their own servers. But that may conflict with the rules of some potential clients that prohibit storing company information outside their firewall, said Susan Landry, an analyst with Gartner. [Editor: these tools dovetail with "knowledge management" processes, facilitating communities of practice and lubricating knowledge-flows. Listen to Harvard Prof. Andrew McAfee's 2009 podcast "Enterprise 2.0: How Organizations Are Exploiting Web 2.0 Technologies and Philosophies", available at KnowConnect.com]

top

'Times' Ticks On (InsideHigherEd, 28 June 2011) - The New York Times Company plans to continue its slow advance into the realm of higher education this fall. It announced today that it is teaming up with the University of Southern California to offer continuing education programs to try to tap a growing market of adults looking to pick up new skills. The new programs will comprise sequences of online courses taught by USC faculty through the Times Company's online learning platform. While the programs will not count toward any degree, they represent the media company's first foray into multicourse online sequences intended to confer a coherent body of knowledge. And that is yet another step toward full-fledged degree programs, which are coming, according to Felice Nudelman, the company's executive director of education. The company is pursuing partnerships that might soon have it stamping its seal on diplomas, Nudelman says. "We intend to grow in that market," she says. "With USC, we are excited with this first step because we are excited about the potential for further depth and collaboration." The Times Company, which has seen its annual revenues fall by about 30 percent in the last five years, has waded into the waters of higher education more deliberately than some of its peers -- most notably the Washington Post Company, which now pays for its journalism operations largely off the back of Kaplan Inc., one of the country's largest degree-granting enterprises. But the Times's activities in higher education have picked up in recent years. The Times Company in 2008 purchased a majority stake inEpsilen, an online learning and social networking platform. It has since teamed up with a number of colleges and universities to offer online courses in which students can earn certificates and, in some cases, transferable credits. The Times Company would not disclose how much money it has been making from its higher ed forays, but Nudelman says it has been "very happy" with the outcome so far. At a time when many institutions are entering into financial partnerships with outside education companies to help grow their online infrastructures, sometimes to the chagrin of traditional faculty, the Times is trying to position itself as an alternative to companies that offer similar services but seem like less natural allies to universities. "It is a model that we find our colleagues in the education sector to be comfortable with, and it's a model that benefits both in terms of revenue," says Nudelman.

top

Newsgathering Law: A Guide for Reporting (Citizen Media Law Project, 28 June 2011) - Post by David Ardia: "I'm excited to announce the latest installment in a series of legal modules we are publishing in conjunction with Poynter's News University. The free course, entitled Newsgathering Law & Liability: A Guide for Reporting , is designed for reporters, citizen journalists and anyone who wants to know more about the laws that relate to gathering content, interviewing sources and handling documents. It's chock full of interactive exercises and quizzes and anyone can enroll at the NewsU site and take the course at their own pace. I co-authored the module with Geanne Rosenberg , Chair of the Department of Journalism and the Writing Professions at the City University of New York's Baruch College. This is our second course module at NewsU. The first, entitled Online Media Law: The Basics for Bloggers and Other Publishers , went live in 2008 and -- shockingly -- is NewsU's most popular legal course. Hopefully we will catch some of that magic with this one."

top

FFIEC Releases Banking Authentication Guidance (DigitalIDNews, 29 June 2011) - The Federal Financial Institutions Examination Council released new guidance for financial institutions on online customer authentication to accounts. The council first releases guidance in 2005 recommending a risk-based approach and telling institutions to provide periodic assessments in response to new threats. The latest report reinforces those expectations. "Financial institutions should perform periodic risk assessments considering new and evolving threats to online accounts and adjust their customer authentication, layered security, and other controls as appropriate in response to identified risks," the supplement states. "It establishes minimum control expectations for certain online banking activities and identifies controls that are less effective in the current environment. It also identifies certain specific minimum elements that should be part of an institution's customer awareness and education program." The new guidance recognizes the emergence of malware and new, more sophisticated man in the middle and man in the browser attacks. The attacks can circumvent one-time pass code tokens and the report recommends anti-malware software, transaction monitoring, out-of-band authentication and secure USB devices. Lacking from the report is any guidance on how financial institutions should do authentication on mobile devices. The FFIEC's Guidance is here: http://images.avisian.com/Auth-ITS-Final_6-22-11_FFIEC_Formated.pdf

top

Olympic Social Media Guidelines In Full: Athlete Photos But No Video (PaidContent.org, 29 June 2011) - News media this week reported next year's London Olympics will allow athletes to tweet from the Summer Games. In fact, that consent was contained in general guidelines applying to all social media, which were issued to athletes back in May and which themselves are a variant of guidelines issued for Vancouver 2010 and, later, the Youth Olympic Games in Lausanne… They are permissive yet notably try to protect broadcasters and sponsors. Video and audio from within venues is banned and other material must be "in a first-person, diary type format and should not be in the role of a journalist". Athletes are forbidden from promoting their sponsors in social media. In parts, the guidelines are loose enough to potentially be contradictory. Athletes are allowed to "post still photographs" from inside venues but not to "distribute these photographs". "Taking Facebook as an example, we would be crazy not to want to be involved in a platform that has half a billion active users - that's one in 12 people in the world," according to IOC communications director Mark Adams. IOC Guidelines are here: http://www.olympic.org/Documents/Games_London_2012/IOC_Social_Media_Blogging_and_Internet_Guidelines-London.pdf

top

U.S. Company Preying on Foreigners Feels the Wrath of the FTC (Steptoe's E-Commerce Law Week, 30 June 2011) - Kryptonite may be Superman's weakness, but it apparently has no effect on the Federal Trade Commission's enforcement powers. The FTC recently reached a settlement with Balls of Kryptonite, a California retailer that had tricked British customers into believing that it was based in England. The enforcement action was brought under Section 5 of the FTC Act, which prohibits unfair or deceptive practices; the Undertaking Spam, Spyware, and Fraud Enforcement With Enforcers beyond Borders Act (U.S. SAFE WEB Act); and the FTC Trade Regulation Rule Concerning the Sale of Mail or Telephone Order Merchandise (Mail Order Rule). The U.S. SAFE WEB Act allows the agency to bring actions against U.S. companies that harm foreign nationals. Balls of Kryptonite was also accused of misrepresenting its participation in the EU-U.S. Safe Harbor Framework. Under the settlement, the company will be banned from using foreign website suffixes (such as ".co.uk"), and will cease certain business practices that were determined to be unfair or deceptive. Balls of Kryptonite will also be fined $500,000. The action represents the first time that the FTC has punished a company under the U.S. SAFE WEB Act for doing harm to foreign nationals.

top

Alarm Over ABA Study of Online Advertising Proves Unfounded (NLJ, 30 June 2011) - The ABA's Commission on Ethics 20/20 caused a minor stir last fall when it launched a study into the ethics of online client development tools including Facebook. The Commission on June 29 released its conclusions, and they are hardly drastic. Rather than develop a new set of rules pertaining specifically to online advertising, the commission recommended several relatively minor clarifications to the existing rules. The point was to offer attorneys more guidance about their ethical responsibilities when it comes to online client development, according to the report submitted by the commission, which is chaired by Wilmer Cutler Pickering Hale and Dorr partner Jamie Gorelick. The commission's Technology Working Group looked at recent surveys of how lawyers use technology, examined marketing Web sites, reviewed litigation and disciplinary proceedings involving online client development, and considered suggestions by other ABA sections. "As a result of these efforts, the commission concluded that no new restrictions on lawyer advertising are required," the panel wrote. "For example, the commission concluded that Rule 7.1's prohibition against false and misleading communications is readily applicable to online advertising and other forms of electronic communications that are used to attract new clients." The relatively small scale of the proposed changes has helped ease the concerns that surfaced among legal marketers in October when the review was announced. Some marketers feared that the inquiry would lead to onerous restrictions, while others applauded the possibility that the ABA would clear up unanswered questions about what is permissible online. Massachusetts lawyer Robert Ambrogi said that the proposals strike a "sensible balance" between the need to regulate lawyer advertising and lawyers' ability to use technology to educate consumers. [Editor: There are some areas of concern in the proposed revised rules - e.g., the requirement that disclaimers be "conspicuously placed" Comment 3 to Rule 1.18. The Commission's Report here: http://www.americanbar.org/content/dam/aba/administrative/ethics_2020/20110629ethics202technologyclientdevelopmentinitialresolutionsandreport.authcheckdam.pdf ]

top

Talking (Exclamation) Points (NYT, 1 July 2011) - In an essay published in 1895 called "How to Tell a Story," Mark Twain chastised writers who use "whooping exclamation-points" that reveal them laughing at their own humor, "all of which is very depressing, and makes one want to renounce joking and lead a better life." One shudders to imagine what Twain would have made of e-mail. Writing is by definition an imperfect medium for relaying the human voice. And in the age of electronic communication, when that voice is transmitted so often via e-mail and text message, many literate and articulate people find themselves justifying the exclamation point to convey emotion, enthusiasm or excitement. Some do so guiltily, as if on a slippery slope to smiley faces. "I've degenerated to the point where I allow one per e-mail, but I don't feel good about it," said Alex Knight, a media and technology investor in Seattle. "If I use one, I will go back and delete the previous ones. It's sort of 'Sophie's Choice.' " In their book "Send: Why People Email So Badly and How to Do It Better," David Shipley and Will Schwalbe say that the exclamation point was originally reserved for an actual exclamation ("My goodness!" or "Good grief!") but that they have become unexpected champions of this maligned punctuation. "We call it the ur emoticon," Mr. Schwalbe said in a recent phone conversation. "In an idealized world, we would all be able to do what our English teachers told us to do, which is to write beautiful prose where enthusiasm is conveyed by word choice and grammar." [Editor: There's quite a bit more here; it's thoughtful and useful.]

top

So Sue Me: Are Lawyers Really the Key to Computer Security? (ArsTechnica, 1 July 2011) - If your code gets hacked, are you the one on the hook? In the early decades of the software industry, the answer was usually "no." Software licenses routinely disclaimed liability, and until recently, security flaws were considered to be just another fact of life. When problems were discovered, companies were expected to fix them quickly, but they were rarely on the hook for the resulting damage. That's changing rapidly. Recently, Sony faced a class action lawsuit for losing the private information of millions of users. And this week, it was reported that Dropbox is already being sued for a recent security breach of its own. It's too early to know if these particular lawsuits will get anywhere, but they're part of a growing trend. As online services become an ever more important part of the American economy, the companies that create them increasingly find that security problems are hitting them where it really hurts: the bottom line. The world in which software companies could safely treat security as an afterthought is gone-but it's not yet clear what will replace it. Class action lawsuits and FTC enforcement actions are two possible mechanisms for getting companies to take security seriously. But there are other candidates, including prospective security audits, education, and data retention rules. The right rules will encourage companies to take security seriously, but too much regulation could unduly hamper the software development process. [Editor: Some leaders in the Intelligence Community are pointing to lawsuits-and the resulting move toward better governance-as a useful security development. Me, too.]

top

Ear! Ear! Podcast Gains Are in the Listening, Not Creating (Dennis Kennedy, 1 July 2011) - Podcasts have become a great way to get free, informative audio programs on a seemingly limitless number of topics, including legal topics. However, most lawyers are not taking full advantage of the potential of podcasts. That might be because most articles about lawyers and podcasting focus on lawyers creating their own podcasts. While podcasting might make sense for a limited number of lawyers, listening to podcasts will have value for many lawyers. In this column, we'll focus on listening to podcasts, how to start listening to podcasts and, if you already do so, how to improve your experience.

top

Job Posting to LinkedIn Group Doesn't Violate Non-Solicitation Clause (Eric Goldman's blog, 3 July 2011) - Enhanced developed software, and had a relationship with Hypersonic, which modified existing software. The two companies often jointly bid on projects together. They were parties to an agreement which contained the following non-solicitation clause: "Employee Protection. During the term of this Agreement and for a period of twelve (12) months from the date of effective date of its termination, unless mutually agreed to in writing otherwise the Parties . . . shall refrain from soliciting or inducing, or attempting to solicit or induce, any employee of the other Party in any manner that may reasonably be expected to bring about the termination of said employee toward that end . . . ." Some time after Enhanced and Hypersonic unsuccessfully bid on a project, Hypersonic posted an open position for an outside sales representative to "its LinkedIn webportal" (which the court describes as "a social internet site that connects businesses and people"). An Enhanced employee saw the posting and informed the President of Hypersonic that he was interested. After this, the employee met with Hypersonic's owner and hammered out a deal. Hypersonic then filed a complaint for declaratory relief regarding the enforceability of the agreement between Hypersonic and Enhanced. (There must have been some sabre-rattling obviously that prompted the filing of the complaint by Hypersonic.) The trial court concludes that Hypersonic did not violate the non-solicitation clause by posting the opening on LinkedIn. The appeals court affirms. The court looks to the dictionary definitions of the relevant terms ("solicit" and "induce") and concludes that Hypersonic did not solicit or induce the Enhanced employee to terminate his relationship with Enhanced: "[t]he record clearly supports that [the employee] made the initial contact with Hypersonic after reading the job posting on a publicly available portal of LinkedIn. In other words, [the employee] solicited Hypersonic." A previous case addressing the question of whether recruiters violated their non-compete clause by "connecting" (on LinkedIn) with candidates who were in discussions with their previous employer settled quietly. Here's Evan Brown's initial post on the case: " Nefarious LinkedIn use finally makes it to the courts ." Here is a copy of the stipulated permanent injunction , which imposes broad restrictions on the defendants' solicitation of certain customers, but interestingly does not mention LinkedIn. [Editor: instant case: Enhanced Network Solutions Group v. Hypersonic Technologies Corp. , 2011 WL 2582870 (Ind. Ct. App. June 30, 2011)]

top

Defense Federal Acquisition Regulation Supplement; Safeguarding Unclassified DoD Information (BeSpacific, 4 July 2011) - "The purpose of this proposed DFARS rule is to implement adequate security measures to safeguard unclassified DoD information within contractor information systems from unauthorized access and disclosure, and to prescribe reporting to DoD with regard to certain cyberintrusion events that affect DoD information resident on or transiting through contractor unclassified information systems. This rule addresses the safeguarding requirements specified in Executive Order 13556, Controlled Unclassified Information. On-going efforts, currently being led by the National Archives and Records Administration regarding controlled unclassified information, may also require future DFARS revisions in this area. This case does not address procedures for Government sharing of cyber security threat information with industry; this issue will be addressed separately through follow-on rulemaking procedures as appropriate." Federal Register Volume 76, Number 125 (Wednesday, June 29, 2011)

top

Unlicensed: Are Google Music and Amazon Cloud Player Illegal? (ArsTechnica, 4 July 2011) - Amazon.com made waves in March when it announced Cloud Player, a new "cloud music" service that allows users to upload their music collections for personal use. It did so without a license agreement, and the major music labels were not amused. Sony Music said it was keeping its "legal options open" as it pressured Amazon to pay up. In the following weeks, two more companies announced music services of their own. Google, which has long had a frosty relationship with the labels, followed Amazon's lead; Google Music Beta was announced without the Big Four on board (read our first impressions). But Apple has been negotiating licenses so it can operate iCloud with the labels' blessing. The different strategies pursued by these firms presents a puzzle. Either Apple wasted millions of dollars on licenses it doesn't need, or Amazon and Google are vulnerable to massive copyright lawsuits. All three are sophisticated firms that employ a small army of lawyers, so it's a bit surprising that they reached such divergent assessments of what the law requires. So how did it happen? And who's right? [Editor: Pretty interesting piece, parsing the reverberations of the MP3 case, Cablevision's user-dedicated remote-storage DVR service, de-duplication thinking, and possible litigation strategies of Google and Amazon.]

top

Google Loses Street View Battle, But Did It Win Wiretap War? (Steptoe's E-Commerce Law Week, 7 July 2011) - In a recent ruling from the Northern District of California, a federal judge dismissed some claims but allowed others to proceed in a case brought against Google for alleged privacy violations in connection with its Street View program. In the class action suit, the plaintiffs brought claims against Google for violations of the wiretap portions of the federal Electronic Communications Privacy Act (ECPA) and various state laws that allegedly occurred when Google collected private information from unencrypted wireless networks while its specially outfitted cars drove through neighborhoods across the country, taking pictures for Google Street View. The court in In re Google Inc. Street View Electronic Communications Litigation allowed the plaintiffs' ECPA claim to go forward, but dismissed their state law claim. Although most attention in the media will focus on the court's ruling on the ECPA claim, the more consequential aspect of the ruling may be the court's decision that ECPA preempts state wiretap statutes, and that plaintiffs therefore could not bring claims against Google for violations of those statutes. As we recently reported, most courts have found that ECPA does not preempt state law. But now that another federal court has found that ECPA does preempt state wiretap laws, more courts could follow suit. This is a big deal for communications providers that want to monitor communications for purposes of network security or behavioral advertising, for example, since some state wiretap laws are more restrictive than ECPA. It also matters for employers who want to monitor employee communications. Ultimately, the preemption question will have to be resolved by the circuit courts, the Supreme Court, or Congress.

top

NOTED PODCASTS

Joi Ito: How to Save the Internet from its Success (Radio Open Source, 7 June 2011; 28 minutes) - If the Internet dream could take human form, it might look and sound a lot like cheerful, boyish, 44-year-old Joi Ito, the new director of the fantasy factory known as the MIT Media Lab. Like the Web, he's everywhere and nowhere - often, in fact, 30,000 feet in the air, circumnavigating the planet every couple of weeks, but wrapped always in a digital cloud of conversation and omnidirectional exploration.

top

Seth Flaxman & Paul Schreiber on a Netflix for Voting (Berkman, 24 May 2011; 61 minutes) - TurboVote is a service that makes voting by mail and voter registration as simple as renting a DVD with Netflix. Seth Flaxman - Co-Founder and Executive Director of Democracy Works (and a former Berkman Center intern) - and Paul Schreiber - one of the software engineers behind Barack Obama's 2008 presidential campaign - talk about how, in two months for spare change, TurboVote built what the government couldn't do for any price, and discuss the project's legal, technical and philosophical issues.

top

RESOURCES

Know Your Rights! (EFF, June 2011) - Your computer, your phone, and your other digital devices hold vast amounts of personal in- formation about you and your family. This is sensitive data that's worth protecting from prying eyes - including those of the government. The Fourth Amendment to the Constitution protects you from unreasonable government searches and seizures, and this protection extends to your computer and portable devices. But how does this work in the real world? What should you do if the police or other law enforcement officers show up at your door and want to search your computer? EFF has designed this guide to help you understand your rights if officers try to search the data stored on your computer or portable electronic device, or seize it for further examination somewhere else.

top

LOOKING BACK - MIRLN TEN YEARS AGO

THE CHANGING MOVIE RENTAL BUSINESS In the four years since movies in digital video disk (DVD) format have been on the market, the VHS rental business has been stagnant. DVD sales have outpaced rental revenue by more than four to one in total dollars, and in a dramatic shift in video economics many movie studios are now selling their DVDs to Wal-Mart, Target, and other retailers for approximately the same price they charge a rental chain such as block buster. Warner Home Video president Warren Lieberfarb says, "We are trying to drive this to be a mass distributed, high-volume impulse purchase, like a trade softback or paperback book. Ultimately, DVDs will be distributed as ubiquitously as paperback books." Lieberfarb predicts that the lower prices of DVD movies means that "Blockbuster is finished," but Blockbuster chairman John Antioco disagrees: "DVD sales will never replace rentals. If Warner lowers the price, that will be the best news I have heard in a long time. We can lower our price somewhat to the renter and our margins would improve." (New York Times 16 Apr 2001) http://www.nytimes.com/2001/04/16/business/16DISC.html

top

CAR SPY PUSHES PRIVACY LIMIT (ZDNET News, 20 June 2001) -- Car renters beware: Big Brother may be riding shotgun. In a case that could help set the bar for the amount of privacy drivers of rental cars can expect, a Connecticut man is suing a local rental company, Acme Rent-a-Car, after it used GPS (Global Positioning System) technology to track him and then fined him $450 for speeding three times. The case underscores the ways that new technologies can invade people's privacy, said Richard Smith, chief technologist at the not-for-profit Privacy Foundation. "Soon our cell phones will be tracking us," he said. "GPS could be one more on the checklist here. Frankly, giving out speeding tickets is the job of the police, not of private industry." http://www.zdnet.com/zdnn/stories/news/0,4586,2778752,00.html

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln. Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. BNA's Internet Law News, http://ecommercecenter.bna.com

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. Readers' submissions, and the editor's discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

Posted by at No comments:

Saturday, June 18, 2011

MIRLN --- 29 May - 18 June 2011 (v14.08)

MIRLN --- 29 May - 18 June 2011 (v14.08) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

NEWS | RESOUCRES | LOOKING BACK | NOTES

Chronicle of Higher Education Issue Focuses On Copyright (Media Law Prof Blog, 31 May 2011) - In this week's issue of the Chronicle of Higher Education, "The Copyright Rebellion: A Special Report." The issue includes two articles by Marc Parry, " Supreme Court Takes Up Scholars Rights ," and " Out of Fear, Colleges Lock Books and Images Away From Scholars ," and Jeffrey R. Young's " Pushing Back Against Legal Threats By Pushing Fair Use Forward. " (Subscription may be required).

top

HHS Proposes Changes To HIPAA Privacy Rule (Information Week, 31 May 2011) - The U.S. Dept. of Health and Human Services has proposed changes to the Health Insurance Portability and Accountability Act privacy rule that would provide individuals with more details about who accessed their electronic health information and disclosures of the e-health data. The changes to the HIPAA privacy rule are being proposed by HHS' Office for Civil Rights in accordance with accounting disclosure requirements mandated by the HITECH Act. The proposed changes would revise HIPAA's privacy rule by dividing it into two separate rights for individuals: "an individual's right to an accounting of disclosures" and "individual's right to an access report, which would include electronic access by both workforce members and persons outside the covered entity." The proposed rule said "the purpose of these modifications is, in part, to implement the statutory requirement under the HITECH Act to require covered entities and business associates to account for disclosures of protected health information to carry out treatment, payment, and health care operations if such disclosures are through an electronic health record," said the proposed rule.

top

NYT Learns of Goldman Trader's Legal Defense from Discarded Laptop (ABA Journal, 1 June 2011) - The New York Times has learned about the legal defenses for a Goldman Sachs trader from a discarded laptop discovered in a garbage area of a New York apartment building. An artist and filmmaker gave legal materials from the laptop to the newspaper, saying a friend had discovered the computer in the garbage and given it to her in 2006, the New York Times reports. Even after artist Nancy Cohen obtained the laptop, email messages for the defendant, Fabrice Tourre, continued streaming into the computer, the story says. The documents include draft replies by Allen & Overy to a Securities and Exchange Commission lawsuit against Tourre, a midlevel executive at Goldman. The replies point the finger at other Goldman employees, including two lawyers, who worked on the same targeted deal as Tourre. Cohen said she ignored the streaming messages until she heard news reports about Tourre and decided to turn over the materials to the Times. The Times cited the documents in a story that questioned why Tourre was the only individual at Goldman and across Wall Street sued by the SEC for selling a mortgage securities investment. "How Mr. Tourre alone came to be the face of mortgage-securities fraud has raised questions among former prosecutors and congressional officials about how aggressive and thorough the government's investigations have been into Wall Street's role in the mortgage crisis," the newspaper says.

top

Yahoo! Entitled to Immunity for Disclosing User Information in Response to Subpoena (Eric Goldman's blog, 1 June 2011) - Sams v. Yahoo!, Inc. , CV-10-5897-JF(HRL) (N.D. Cal.; May 18, 2011) -- Fayelynn Sams sued Yahoo!, contending that Yahoo! improperly produced information in response to a subpoena which requested information regarding Sams's account. She brought a putative class action asserting a variety of claims, including a state law privacy claim, breach of contract, breach of the duty of good faith and fair dealing, and claims under the Electronic Communications Privacy Act. The court finds that Yahoo! is entitled to immunity under the Electronic Communications Privacy Act's immunity provisions and dismisses the case.

top

How the Library Of Congress is Building the Twitter Archive (O'Reilly Radar, 2 June 2011) - In April 2010, Twitter announced it was donating its entire archive of public tweets to the Library of Congress. Every tweet since Twitter's inception in 2006 would be preserved. The donation of the archive to the Library of Congress may have been in part a symbolic act, a recognition of the cultural significance of Twitter. Although several important historical moments had already been captured on Twitter when the announcement was made last year (the first tweet from space , for example, Barack Obama's first tweet as President, or news of Michael Jackson's death), since then our awareness of the significance of the communication channel has certainly grown. That's led to a flood of inquiries to the Library of Congress about how and when researchers will be able to gain access to the Twitter archive. These research requests were perhaps heightened by some of the changes that Twitter has made to its API and firehose access . But creating a Twitter archive is a major undertaking for the Library of Congress, and the process isn't as simple as merely cracking open a file for researchers to peruse. I spoke with Martha Anderson, the head of the library's National Digital Information Infrastructure and Preservation Program (NDIIP), and Leslie Johnston, the manager of the NDIIP's Technical Architecture Initiatives, about the challenges and opportunities of archiving digital data of this kind.

top

Is Social Networking Destroying Restrictive Covenants? (Roetzel & Andress, 2 June 2011) - A year ago, a lawsuit filed in the U.S. District Court for the District of Minnesota by a staffing firm against a former employee hired by a competitor brought to the forefront the potential pitfalls of social networking sites in the context of restrictive covenants. In that case, TEKsystems, Inc. v. Hammernick, the employer alleged that its former employee violated the noncompete and nonsolicitation covenants in her employment contract by utilizing LinkedIn to connect with her former co-workers and clients. In particular, the employer claimed that the former employee used LinkedIn to connect with a current employee of the staffing firm to see if he was "still looking for opportunities," and to invite him to visit her new office at the rival staffing firm.

top

Corporate Lawyer Creates Wiki to Share Legal Forms (Robert Ambrogi, 3 June 2011) - A new legal wiki, Standardforms.org , has been launched to provide a free depository of sophisticated legal documents. Notably, the site is not intended to serve as a cache of ready-to-use legal forms. Instead, its founder hopes that the wiki feature - which allows anyone to add and edit forms - will provide a vehicle for lawyers to improve the forms and lead to a consensus of what they should say. Here is how the site's founder describes it: : This wiki is a simulation of what lawyers call "the market". It is a sandbox in which you can draft legal agreements the way you think they should look like. Others can disagree either by further revising the wording or by leaving comments. That same process happens every time a legal agreement is being negotiated. Here it is done in the open - for everyone to see and participate. The goal is find a consensus of what should and what should not be in legal agreements." The wiki has fewer than 10 forms posted so far. They include a mutual nondisclosure agreement, Series A term sheet, certificate of incorporation, Series A preferred stock purchase agreement, merger agreement and credit agreement. The wiki's developer, Florian Feder , is assistant vice president and counsel at Brown Brothers Harriman. He describes himself as "interested in the art (science?) of contract drafting and in ways of making this process more efficient with the help of new technologies."

top

LawPivot Expands Reach to Spread Knowledge as a Service (GigaOM, 3 June 2011) - LawPivot, a Google Ventures-funded legal Q&A startup targeting small companies, is broadening its reach by becoming part of partnering with Microsoft's BizSpark program. BizSpark aims to connect startups with technology, investors and other resources to help get their businesses off the ground. Last month, LawPivot expanded beyond its Silicon Valley roots into major metropolitan areas across the country. As LawPivot - which is similar in design to crowdsourcing services such as Quora or LinkedIn Answers but focused on legal advice - continues to grow, it could help lead a movement toward true Knowledge as a Service.

top

GSA's Apps.gov Offers Info and Links to Free Social Media Applications for Government Agencies (BeSpacific, 4 June 2011) - Via GSA's Apps.gov : "Social media apps make it easier to create and distribute content and discuss the things we care about and help us get the job done. Social media includes various online technology tools that enable people to communicate easily and share information. Social media includes text, audio, video, images, podcasts, and other multimedia communications." This site lists, and links to, 55 free apps in categories including: Analytics and Search Tools, Blogs and microblogs, Bookmarking/Sharing, Display of Multimedia, Data, Maps, Document Sharing on Websites, Idea Generation/General Discussion, In-depth Discussion Tools, Social Networks, Video, Photo, Audio Hosting/Sharing, and Wikis.

top

Inciting a Revolution: The Investor Spring (NYT, 5 June 2011) - The Arab Spring gave Joseph W. O'Donnell an idea about, of all things, his investments. Mr. O'Donnell, a retired chief executive of the J. Walter Thompson Company, and a man who picks his own stocks, figured that if Twitter, Facebook and other social media could help oppressed citizens in Tunisia and Egypt rally for change, they could help disenfranchised individual investors too. You know, the folks who own shares in publicly traded companies but rarely get a say in how those companies are run. Mr. O'Donnell found a group of like-minded people at the InvestorVillage Web site. All of them own shares in the Celgene Corporation, a bio-pharmaceutical company based in Summit, N.J., and all of them have been dismayed by what they see as outsize executive pay at the company, whose stock price has returned little over the last five years. Celgene shares were trading at about $59 on Friday - roughly where they were at the end of 2006. Given that this is a drug stock, there have been many ups and downs over that time, of course. But returns have been slim for shareholders who held on throughout that period. While Celgene's executive pay was relatively stable from 2007 to 2009, last year it ramped up considerably, according to company filings. The top four executives received a total of $24.6 million in 2010, up 30 percent from the amount paid to the four highest-paid executives during the previous year. The company's stock price, by comparison, rose a mere 5 percent last year. With last year's Dodd-Frank legislation and regulatory rules requiring that companies put their pay practices to an advisory vote of shareholders at least once every three years, Mr. O'Donnell thought 2011 could be the moment to rally investors on the issue. An Investor Spring, as it were, just in time for Celgene's annual meeting on June 15. Reaching out to fellow holders, Mr. O'Donnell quickly hit pay dirt. David Sobek, an associate professor of political science at Louisiana State University, agreed to develop a Web site, www.sobekanalytics.com/celgshareholders, to attract other dissatisfied Celgene investors. To keep the group from being hijacked by gadflies, the organizers specifically asked those interested in joining to refrain from "personally directed or emotional attacks" because they would "detract from the possibility that our concerns will be seriously considered by existing directors and/or institutions." After several months of outreach, Mr. O'Donnell and Mr. Sobek say that they received commitments from investors holding 2.7 million shares. These investors have promised to vote against Celgene's pay practices and all directors up for re-election who have sat on the board's compensation committee. http://www.nytimes.com/2011/06/05/business/05gret.html?scp=2&sq=Celgene&st=cse

top

- and -

SEC Cans Web Campaign to Buy Beer Company (AP, 9 June 2011) - It seemed like an innovative way to buy a beer company: Start an online campaign to purchase the iconic Pabst Brewing Co. and sell shares on Facebook and Twitter to cover the $300 million cost. Michael Migliozzi II and Brian William Flatow found 5 million people who said they would invest a total of $200 million. But the federal government halted the venture after it informed the two men of one major oversight - they neglected to register the public offering with the Securities and Exchange Commission, a violation of federal law. The SEC said Wednesday that it reached a settlement with the two advertising executives. The men, who never collected any money, agreed to stop selling shares to the public. The case spotlights a growing challenge for regulators, who must patrol business online ventures and ferret out scams disguised as stock offerings. The SEC has an entire enforcement unit devoted to Internet surveillance with a staff of more than 200 people. The CyberForce has flagged numerous instances of unregistered securities sales online. But Scott Friestad, an associate director in the SEC's enforcement division, called the beer campaign "fairly new." He said he couldn't recall another instance of someone selling shares online to buy an existing company.

top

Crime to Post Images That Cause "Emotional Distress" "Without Legitimate Purpose" (Volokh Conspiracy, 6 June 2011) - Friday, a new Tennessee law was changed to provide (new material italicized):

(a) A person commits an offense who intentionally:

(4) Communicates with another person or transmits or displays an image in a manner in which there is a reasonable expectation that the image will be viewed by the victim by [by telephone, in writing or by electronic communication] without legitimate purpose:

(A) (i) With the malicious intent to frighten, intimidate or cause emotional distress; or

(ii) In a manner the defendant knows, or reasonably should know, would frighten, intimidate or cause emotional distress to a similarly situated person of reasonable sensibilities; and

(B) As the result of the communication, the person is frightened, intimidated or emotionally distressed.

So the law now applies not just to one-to-one communication, but to people's posting images on their own Facebook pages, on their Web sites, and in other places if (1) they are acting "without legitimate purpose," (2) they cause emotional distress, and (3) they intend to cause emotional distress or know or reasonably should know that their action will cause emotional distress to a similarly situated person of reasonable sensibilities. So,

· If you're posting a picture of someone in an embarrassing situation - not at all limited to, say, sexually themed pictures or illegally taken pictures - you're likely a criminal unless the prosecutor, judge, or jury concludes that you had a "legitimate purpose."

· Likewise, if you post an image intended to distress some religious, political, ethnic, racial, etc. group, you too can be sent to jail if governments decisionmaker thinks your purpose wasn't "legitimate." Nothing in the law requires that the picture be of the "victim," only that it be distressing to the "victim."

· The same is true even if you didn't intend to distress those people, but reasonably should have known that the material - say, pictures of Mohammed, or blasphemous jokes about Jesus Christ, or harsh cartoon insults of some political group - would "cause emotional distress to a similarly situated person of reasonable sensibilities."

· And of course the same would apply if a newspaper or TV station posts embarrassing pictures or blasphemous images on its site.

Pretty clearly unconstitutional, it seems to me.

top

A New Way To Transfer Copyright Via Shrink Wrap License Agreements (Media Law Prof Blog, 7 June 2011) - Andrew P. Connors has published Dissecting Electronic Arts' Spore: An Analysis of the Illicit Transfer of Copyright Ownership of User-Generated Content in Computer Software at 4 Liberty University Law Review 405 (2010). Here is the abstract: "This Note addresses the legality of a new kind of "shrink-wrap" End User License Agreement (EULA) contained within a computer software installation that purports to transfer copyright in works created with the software from the user of the software to the manufacturer of the software. This Note analyzes the enforceability of this type of contract in the context of Electronic Arts' much-lauded computer game, Spore. Rather than a conventional game that relies on in-house graphic designers and animators for its content, Spore relies on the collective creativity of its millions of users to make most of the content in the game. By way of a built-in three dimensional modeler, users create advanced three-dimensional objects, including virtual organisms, buildings, vehicles, and spaceships, which are uploaded to a central server and distributed to all game users. Subsequently, the individual users download copies of these uploaded objects on their local machines automatically. Hence, the users interact with content created by other users, rather than the graphic designers and animators employed by the computer game manufacturer. Because case law supports the enforcement of this kind of "shrink-wrap" license, this unique EULA represents a novel threat to the intellectual property interests of authors of creative works. Hence, this Note argues that Congress should amend Title 17, Chapter 2 of the United States Code in order to preclude the enforcement of this type of contract, to the extent that it misappropriates the legitimate intellectual property interests of authors of creative works and subverts the policy underlying federal copyright protection."

top

An Amazing Visualization Of The U.S. Labor Market Over The Past 150 Years (Business Insider, 7 June 2011) - In 1850 nearly half of Americans worked on a farm. Today that share is less than two percent. Technological and economic development have led to a massive decrease in farmers and laborers. At the same time the service sector has surged, with vast increases in office jobs. The following charts from the UC Berkeley Visualization Labs show every occupation's share of the labor force over time, with male workers in blue and female in red. You can see an interactive chart here or click on to see close-ups of the biggest labor shifts.

top

Copyright and Fictional Characters (Media Law Prof Blog, 7 June 2011) - Tabrez Ahmad and Debmita Mondal, both of KIIT University Law School, have published The Conflicting Interests in Copyrightability of Fictional Characters . Here is the abstract: "The commercial and popular appeal of fictional characters far surpasses the characters' role within the original work, and so it is important to ensure that the characters' creators are fairly and uniformly protected from unauthorized exploitation of their creations. This paper is based on the intellectual property law protection that could be granted to graphic and fictional characters that are part of our daily lives. Although fictional characters have become an increasingly pervasive part of the world today, they still do not enjoy well-defined legal protection against infringement. The judgments of various courts have been dealt with in detail to determine the attitude of the courts with regard to this kind of protection. An attempt has been made to find out how distinctly delineated must the story be told from a fictional character to avoid copyright violation. The courts have not been hesitant to develop various tests over the ages to determine whether a character is well delineated or not. So such tests have been vividly dealt in this paper and their sources have been stressed back to respective cases. If the character is found to be extremely well-developed, unique and has a personality different from other characters, only then is a copyright protection granted to such a fictional character. 

The paper has been broadly divided into three sections: Part 1 - Dealing with the concept of fictional characters, their components and types, Part 2 - The concepts copyrightability of characters and infringement of such copyright referring to the relevant cases, Part 3 - A comparative study between alternative protection available under other IP regimes and copyright law, Part 4 - the Indian scenario, and finally, the conclusion. Thus, this article tends to explore the availability and weaknesses of copyright law and alternative doctrines in protecting fictional characters, and briefly examines the argument for establishing a separate legal category specifically for fictional characters."

top

E-Mail Accounts, The Warrant Requirement, and the Territorial Limits of Court Orders (Volokh Conspiracy, 7 June 2011) - My friend Jennifer Granick points me to an interesting new case, Hubbard v. Myspace (S.D.N.Y. June 1, 2011) , that touches on a fascinating Fourth Amendment question: What are the territorial limits of search warrants for Fourth Amendment purposes? To be clear, the Hubbard case itself involved a statutory challenge, not a constitutional one. The plaintiff sued MySpace for complying in California with a state warrant issued in Georgia that was faxed to MySpace in California on the ground tat the Stored Communications Act, 18 U.S.C. 2703, did not allow MySpace to comply with the out-of-state warrant. As a statutory claim, the argument was pretty clearly incorrect. But at the end of his opinion (p.11) Judge Kaplan touches on a really interesting issue: What about the Fourth Amendment? Specifically, the interesting issue is this: If the Fourth Amendment imposes a warrant requirement on government access to an e-mail account, which I think it does and the Sixth Circuit has expressly so held , is the warrant requirement satisfied by an out-of-state warrant from a jurisdiction far away with no authority to actually compel compliance with the warrant? Or is the warrant requirement only satisfied by a warrant issued locally, or at least in the same state or federal district? This issue generally doesn't come up in traditional physical investigations because the police will get a local warrant to physically search a local location, and arrests generally don't require warrants. But warrants for e-mail accounts are unusual: The police obtain the warrant and fax it to the ISP, and the Stored Communications Act contemplates out of state warrants. ISPs usually don't have to comply with out of state warrants, as they are out of state and not binding on them: But the question I'm interested in here is, does the out of state warrant satisfy the warrant requirement? I would think the best answer is that the warrant requirement does not have a territorial limit: For Fourth Amendment purposes, the warrant requirement is satisfied so long as a neutral and detached magistrate somewhere has found probable cause, established particularity, and signed the warrant authorizing the disclosure. I think that for a few reasons. First, the Eighth Circuit has expressly approved of the constitutionality of an out-of-state e-mail warrant in one case, United States v. Bach , which involved a Minnesota state warrant for an e-mail account that was faxed to Yahoo in California. Although Bach did not discuss the extraterritorial nature of the warrant, the approval of the facts of that case hints that the extraterritorial nature of the warrant doesn't matter. Second, I think the territorial limits of courts to issue warrants is at least arguably the kind of statutory limit on state power that the Supreme Court has said is irrelevant to Fourth Amendment reasonableness in Virginia v. Moore, 128 S.Ct. 1598 (2008). Third, cases from the wiretapping context have held that judges in one district can authorize intercepts in other districts. See, e.g., United States v. Ramirez, 112 F.3d 849 (7th Cir. 1997) (Posner, J.)

top

National Archives hires 1st 'Wikipedian in Residence' (Archivalia, 7 June 2011) - "The National Archives has appointed its first "Wikipedian in Residence" to help connect with the Wikipedia community. The Archives announced Wednesday that Dominic McDevitt-Parks was hired to help shape the Internet's leading online encyclopedia. He is a graduate student in history and archives management at Simmons College in Boston. The paid summer intern position is based at the Archives II facility in College Park, Md. The Archives says McDevitt-Parks has more than seven years of Wikipedia editing experience. His job will be to foster collaboration between the Wikipedia community and the National Archives. That could include using some of Wikipedia's tools for ongoing digitization projects at the archives.

top

How Facebook Can Put Google Out Of Business (Business Insider, 8 June 2011) - I was surprised to hear former Google CEO Eric Schmidt publicly lament lost opportunities and missed chances to catch Facebook the other day. I used to envy Google and the vast digital empire that Schmidt commanded. Google had one of the most intricate monopolies of all time. It had the most impressive dataset the world had ever seen; the most sophisticated algorithm to make sense of it; an audience of a billion users expressing their interest; and more than a million advertisers bidding furiously to reach those consumers at just the right moment. I used to think that Google was unstoppable. Until I realized one very important thing: Despite the fact that Google goes to great lengths to keep its index fresh by indexing pages that often change every hour, or even every few minutes, and despite its efforts at realtime search (including searching the Twitter firehose), its dominant dataset is dead, while the Web is-each day more so than the last-vibrantly and energetically alive. Facebook's data allows it to do more than just guess what its customers might be interested in; the company's data can help it know with greater certainty what its customers are really interested in. And this key difference could potentially give Facebook a tremendous advantage in search when it eventually decides to move in that direction. If Google's business has been built on choosing which Web pages, out of all those in the universe, are most likely to appeal to any given (but anonymous) query string, think about this: Facebook already knows, for the most part, which pages appeal to whom-specifically and directly. And, even more powerfully, Facebook knows each of our individual and collective behavior patterns well enough to predict what we'll like even without us expressing our intent. Think of it: Facebook can apply science that is analogous to what Amazon uses to massively increase purchase likelihood by suggesting and responding to every minute interactive cue. Whereas Amazon relies on aggregate behavior, Facebook adds in the intimate patterns of each individual-along with their friends and the behavioral peers they've never met all around the world. And each of them is logged in and identified as a real person.

top

Buying Personal Names for Keyword Ads Isn't a Publicity Rights Violation (Eric Goldman, 9 June 2011) - A Wisconsin court has said that a keyword advertiser didn't violate publicity rights by buying a person's name for keyword advertising. Although the propriety of keyword advertising on a third party trademark has been hotly contested since at least 2004, I believe this is the first ruling addressing the publicity rights issue. The legal novelty of the ruling makes it an important early precedent, but the opinion is not especially persuasive. To me, the judge seemed overwhelmed by both the challenging legal doctrines and technology at issue in this case. In response, the judge issued one of the most citation-free opinions of its length that I have ever seen. This is not a scholarly opinion, and that makes less likely to influence other courts. It also means that an appellate court will likely give this opinion relatively low deference. The fact that the court dismissed the lawsuit is, on its face, good news for both search engines and advertisers. However, I thought the judge's arguments were questionable and, at least at one crucial juncture, internally inconsistent. The ruling turned on a specific word in the Wisconsin publicity rights statute, and courts applying other statutes can easily distinguish this opinion if they want to rule for the plaintiffs. Therefore, this ruling could morph from a defense win into a plaintiff's friend depending on how future courts rely on and interpret it. Habush v. Cannon , 09-CV-18149 (Wis. Cir. Ct. June 8, 2011). The June 2010 denial of the motion to dismiss. A good overview article from when the complaint was filed.

top

- and -

Trademark Owner Sues Over Alleged Twittersquatting (Eric Goldman, 9 June 2011) - The last big tussle over twittersquatting, and infringement through use of a trademark or name in a twitter handle was between Tony La Russa and the person who operated a fake account in La Russa's name. La Russa sued Twitter but his lawsuit ended in a whimper, when he dropped the complaint. A couple of days ago, Coventry First, "a leading company in the life settlement industry" brought suit against unnamed defendants over the @coventryfirst twitter account. It has not named Twitter and looks like it's going after the person(s) behind the account. You can access a copy of the complaint here , and Exhibit A, which contains a screenshot of the account here . You don't see many lawsuits of this nature so this one surprised me. The part that shocked me is that the twitter account was recently established and had 14 tweets and 5 followers at the time the complaint was filed (and now has 3 followers). The account has minimal activity and likely no effect whatsoever on Coventry First's business and affairs. It probably comes up when you do a search for "Coventry First," but it doesn't look like it's garnered much interest. There's also no indication from the complaint that Coventry First tried to utilize Twitter's complaint mechanism or otherwise brought up any issues it had with the person who runs the @coventryfirst Twitter account. Coventry First's complaint suffers from many of the failings as La Russa's or any other complaint against a squatter or infringer on Twitter--there is no indication that the allegedly infringing Twitter account is being used for any commercial purpose. @coventryfirst is not selling or promoting any products or services. It's tough to see how this can amount to trademark infringement or unfair competition under the Lanham Act. In addition to trademark claims, Coventry First also asserts a claim for unjust enrichment. It's entirely unclear how anything @coventryfirst does amounts to unjust enrichment. Twitter accounts aren't exactly moneymakers on their own, and if anything, the person behind @coventryfirst has spent a few hours setting up the account and has generated zero dollars from it. Coventry First, LLC v. Does , 11-cv-03700-JS (complaint filed June 7, 2011)

top

Regulators Pressure Banks After Citi Data Breach (Reuters, 9 June 2011) - Major U.S. banks came under growing pressure from banking regulators to improve the security of customer accounts after Citigroup Inc became the latest high-profile victim of a cyber attack. While Citigroup insisted the breach had been limited, experts called it the largest direct attack on a major U.S. financial institution, and said it could prompt an overhaul of the banking industry's data security measures. The Federal Deposit Insurance Corp, the nation's primary regulator, is preparing new measures on data security. Its chairman Sheila Bair said on Thursday she may ask "some banks to strengthen their authentication when a customer logs onto online accounts."

top

- and -

Senators Ask SEC for Guidance on Information Security Risk Disclosure (CorporateCounsel.net, 9 June 2011; guest blog courtesy of Jim Brashear, General Counsel, Zix Corporation) - The news media recently have reported many high-profile breaches of corporate data security. These incidents should prompt securities lawyers to focus on the potential materiality of public companies' risks concerning data security, data privacy and data breaches and the necessary disclosures when those risks are material. Why are data breaches potentially material? As the Inside Investor Relations blog points out, "hackers can bring down your networks - and your stock price." A data breach can remove an competitive advantage, through the loss of proprietary information. A data breach can seriously impair a company's brand and reputation. If consumers or business partners lose confidence in the ability of a company to protect information, they may move their data and business elsewhere. In a May 11th letter to SEC Chair Mary Schapiro, five Democrat members of the Senate Committee on Commerce, Science & Transportation asked the SEC to "issue guidance regarding disclosure of information security risk, including material network breaches." The letter opines that "Federal securities law obligates the disclosure of any material network breach, including breaches involving sensitive corporate information that could be used by an adversary to gain competitive advantage in the marketplace, affect corporate earnings, and potentially reduce market share." [Original emphasis] The letter cites a 2009 survey by Hiscox which concluded that 38% of Fortune 500 companies made a "significant oversight" by not mentioning privacy or data security exposures in their public filings. The letter criticizes the lack of disclosure about steps being taken by companies to reduce those risk exposures. One might expect the SEC Staff to be particularly sensitive to the adverse impacts of a data breach that exposes consumers' personal information. After all, the SEC's own employees were recently affected by a data breach when the Department of the Interior's National Business Center sent out SEC employees' social security numbers and other payroll information in unencrypted emails. In light of the potential materiality of these issues, forward-thinking securities counsel have already been advising clients about the need to include in their public disclosure discussions about material data security, privacy and data breach risks. See, for example, the client advisory by Sullivan & Worcester, which provides several examples of SEC rules applicable to data security, privacy and data breach risk disclosure. We expect that more firms will begin advising public company clients to focus on the potential materiality of their risks concerning data security, data privacy and data breaches and to craft necessary disclosures when those risks are material. [Editor: see MIRLN 14.03 , where we reported that Baker Hughes decided a successful attack on their systems wasn't "material"; and MIRLN podcast 14.04 where I talked about this disclosure/governance issue.]

top

- and -

IMF Reports Cyberattack Led to 'Very Major Breach' (NYT, 11 June 2011) - The International Monetary Fund, still struggling to find a new leader after the arrest of its managing director last month in New York, was hit recently by what computer experts describe as a large and sophisticated cyberattack whose dimensions are still unknown. The fund, which manages financial crises around the world and is the repository of highly confidential information about the fiscal condition of many nations, told its staff and its board of directors about the attack on Wednesday. But it did not make a public announcement. Several senior officials with knowledge of the attack said it was both sophisticated and serious. "This was a very major breach," said one official, who said that it had occurred over the last several months. Because the fund has been at the center of economic bailout programs for Portugal, Greece and Ireland - and possesses sensitive data on other countries that may be on the brink of crisis - its database contains potentially market-moving information. It also includes communications with national leaders as they negotiate, often behind the scenes, on the terms of international bailouts. Those agreements are, in the words of one fund official, "political dynamite in many countries." It was unclear what information the attackers were able to access. The concern about the attack was so significant that the World Bank, an international agency focused on economic development, whose headquarters is across the street from the I.M.F. in downtown Washington, cut the computer link that allows the two institutions to share information.

top

- and -

Ensuring the Supply Chain is Cost-Friendly -- and Protected (SC Magazine, 13 June 2011) - According to a survey conducted by Purdue University and the Center for Education and Research in Information Assurance and Security (CERIAS) in association with McAfee, as much as $1 trillion of intellectual property is stolen by cybercriminals each year. Is this figure not enough to suggest that an out-of sight, out-of-mind placement of security in favor of cost-cutting could actually prove to be more costly for the automotive industry in the long run? The automotive industry relies heavily on its secure and reliable communications for key business operations, such as supply chain management via electronic data interchange (EDI), computer aided design (CAD), computer aided engineering (CAE), and product data management (PDM). One could say that the systems and data that enable these communications are the lifeblood of the automotive supply chain, potentially even the automotive industry. However, as the industry struggles to operate more efficiently with fewer expenses, these collaboration and document exchange services become a very large and natural target for cutting costs. In an attempt to formally find ways to cut costs associated with the enablement of these services, the Automotive Industry Action Group (AIAG) established a committee in the latter part of 2010 that is designed to bring together a number of global industry representatives with the goal of identifying cost-effective alternatives to dedicated private collaboration networks. This committee recently met with other global industry representatives during the recent "Collaborative Supply Chain Data Network Connectivity" event held in Southfield, Mich. It should come as no surprise that the topic of cost-cutting ran hot through most of the sessions and conversations during the event. Unfortunately, it appeared that the main discussion point of savings and the associated discussions surrounding the adoption of new technologies as a way to reduce costs have pushed the topics of security and reliability to the side. As described by McAfee in its 2011 report , "Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency," the globalization and commoditization of IT have driven businesses to store increasing amounts of precious corporate data in the cloud. As this shift has taken place, cybercriminals have discovered new ways to target this precious data, both from inside and outside the organization. More pointedly, in 2010 alone, the U.S. Secret Service handled cybercrime violations totaling over $500 million in actual fraud loss.

top

Two-Hundred Year Old Document Declassified (Lawfare, 9 June 2011) - No, it's not a Mel Brooks-Carl Reiner routine. It's a story over at Secrecy News , where Steve Aftergood reports: "The National Security Agency announced yesterday that it has declassified a report that is over two hundred years old. The newly declassified report, entitled "Cryptology: Instruction Book on the Art of Secret Writing," dates from 1809. It is part of a collection of 50,000 pages of historic records that have just been declassified by NSA and transferred to the National Archives. The NSA said the new release demonstrated its "commitment to meeting the requirements" of President Obama's January 2009 Memorandum on Transparency and Open Government. The bulk of the newly released documents are from World War II and the early post-War era. (NSA itself was established in 1952.) A list of titles released to the National Archives is here . Last April, the Central Intelligence Agency declassified several documents on the use of "invisible ink" that dated from the World War I era. But those were not even a century old." You can't make this stuff up.

top

Do Police Officers Conducting a Search Have Fourth Amendment Rights Not To Be Secretly Taped by Government? (Volokh Conspiracy, 10 June 2011) - No, says the district court in United States v. Wells, 2011 WL 2259748 (N.D. Okla. May 12, just posted on Westlaw). Here's the situation: A Tulsa police officer is being investigated for supposedly stealing money and drugs. The FBI sets up a sting, in which an undercover officer plays a drug dealer. The officer and his colleagues show up to the motel room where the sting is happening, arrest the undercover officer, take him outside, get his consent to search the room, and then search it. In the meantime, they are videotaped and audiotaped searching the room. Their lawyers seek to exclude the videotapes, because the videotapes supposedly violated the officers' Fourth Amendment rights. The court doesn't buy it. Even though guests sometimes have Fourth Amendment rights to be presumptively free of surveillance when they're staying at a friend's home - or in a motel - these weren't ordinary guests.

top

Coming To A Bar Near You: Facial Recognition & Real-Time Data (ReadWriteWeb, 10 June 2011) - Facial recognition and detection software is a hot button issue on the Web right now. Facebook has stirred a hornets nest by using facial recognition with users' pictures, asking people to tag their friends. Google has said that is a line of creepy it will not cross. Facial detection software is not just limited to the Web though. A new startup in Chicago called SceneTap uses facial detection and people-counting cameras to scope out your local bar to tell you "what is going on." What is the male-to-female ratio at your favorite club? Who is buying drinks? SceneTap cameras see it all and provide the data to users and bar owners. Seem a little creepy? Maybe not as much as you might think. SceneTap's stated goal is to give real-time information into your local bar scene. As such, it is a location-based service that gives you information, deals and social media connections, location information and more. It is kind of like Yelp plus Foursquare plus Groupon with Facebook and Twitter integration, operating in real-time. According to founder and CEO Cole Harper, the footage collected by SceneTap is not meant to be looked at by anyone. There is a demarcation between "facial detection" and "facial recognition" that SceneTap says it does not cross. The way it works is that there is a camera facing the door of the bar. A person comes in and the camera creates a box around the face, analyzing the eyes, nose and facial structure. It takes that data and scans it through a database to find the most similar type of match. Are you a 25-year-old female? That is what the SceneTap camera is trying to find out. The cameras are not monitored by people and information is not stored. Bar owners do not have access to the feeds as the stream is encrypted from the backend. SceneTap does technically have access to the visual feed but Harper says that it would only be used for maintenance.

top

Social Media Join Toolkit for Hunters of Disease (NYT, 13 June 2011) - On a chilly February night in Los Angeles, attendees at the DomainFest Global Conference crushed together in a tent at the Playboy Mansion for cocktails and dancing. Two days later, Nico Zeifang, a 28-year-old Internet entrepreneur from Germany, woke up with chest pains, chills and a soaring fever. Four colleagues shared his symptoms, Mr. Zeifang soon learned. So he did what any young techie would: He logged on to Facebook and posted a status update. "Domainerflu count," it said. "Who else caught the disease at D.F.G.?" Within hours, 24 conference attendees from around the world added themselves to Mr. Zeifang's Facebook list; within a week, the number climbed to 80. Many of them "friended" him to get information and to compare notes on their fevers and phlegmy coughs. Almost everyone, it seemed, had a theory about the source of the infection. Many suspected the artificial fog that permeated the tent. Los Angeles County health authorities and the federal Centers for Disease Control and Prevention stepped in to investigate a few days later. By that time, victims from across the globe already had arrived at their own diagnosis - legionellosis - and had posted their own Wikipedia entry on the outbreak. The C.D.C. officer assigned to the Los Angeles case did not show up at Mr. Zeifang's doorstep with a black bag. Instead, she joined his Facebook page, read up on everyone's symptoms, recommended certain diagnostic tests and referred the victims to the agency's online questionnaire.

top

Iceland Crowdsources Its Constitution (Mashable, 13 June 2011) - As it drafts the country's new governing document, Iceland's Constitutional Council is turning to social media sites to make the process transparent and to collect input from the public. The council has made a draft of the document available online and is accepting recommendations for amending it. "It is possible to register through other means, but most of the discussion takes place via Facebook," Berghildur Bernhardsdottir, a spokeswoman for the constitutional review project, told the Associated Press. Recommendations need to be approved by local staff before being passed on to the council and posted online for discussion, but suggestions then approved by the council are added to the draft of the document. Suggestions from the public that have been added thus far include livestock protection and a clause that specifies who owns the country's natural resources (the nation), according to the AP.

top

New York's Highest Court Interprets 47 U.S.C. § 230 Broadly (Volokh Conspiracy, 14 June 2011) - The case is Shiamili v. The Real Estate Group of New York, Inc. , decided today. Defendants, who are apparently real estate brokers, ran a blog. Several people posted pseudonymous comments critical of Shiamili, another real estate broker. Defendants left those comments up, and even reposted one of the comments as a separate post, with a heading and an illustration provided by defendants. Shiamili sued the defendants. The court held that the defendants were protected by 47 U.S.C. § 230 , which generally immunizes Internet content providers from being held liable for posts by other service providers. And the court held this even though the defendants deliberately reproduced one of the comments in a separate post: The defendants did not become "content providers" by virtue of moving one of the comments to its own post. Reposting content created and initially posted by a third party is well-within "a publisher's traditional editorial functions" (Zeran, 129 F3d at 330). Indeed, this case is analogous to others in which service providers have been protected by section 230 after reposting or otherwise disseminating false information supplied by a third party. To cite only a few examples, in Ben Ezra, Weinstein, and Co., Inc. v Am. Online Inc. (206 F3d 980 [10th Cir 2000]) the defendant service provider would publish updated securities information supplied by third parties and derived from a variety of stock exchanges and markets. Plaintiff sued the provider for publishing inaccurate information concerning the price and share volume of plaintiff's stock. The Tenth Circuit found that the inaccurate information was "created" by third parties, and the web provider was not "responsible, in whole or in part, for [its] creation and development" (id. at 986). The Ninth Circuit reached the same result in Batzel (333 F3d at 1018), cited with approval in Roommates.com (521 F3d at 1170). There, the editor of an email newsletter received a tip and incorporated it into the newsletter, adding a headnote. The tip proved false, but the Ninth Circuit found that section 230 protected the editor from being sued for libel because he had been "merely editing portions of an e mail and selecting material for publication" (Batzel, 333 F3d at 1031). Similarly, in DiMeo (248 Fed Appx at 281) - a case quite like this one - the plaintiff sued for defamation based on comments left by anonymous users on defendant's website, where defendant could "select which posts to publish and edit[ed] their content" (DiMeo v Max, 433 F Supp 2d 523, 530 [ED Pa 2006]). The Third Circuit found that "the website posts ... constitute information furnished by third party information content providers" (248 Fed Appx at 282). The judges agreed that 47 U.S.C. § 230; didn't immunize defendants for "the heading, sub-heading, and illustration that accompanied the reposting" - they themselves created that material. But the judges split 4-3 on whether those particular items were defamatory; the majority say they weren't, and the dissenters said they were.

top

Major Internet Service Providers Cooperating with NSA on Monitoring Traffic (Washington Post, 16 June 2011) - Three of the nation's largest Internet service providers are cooperating with a new National Security Agency program to sift through the traffic of major defense contractors with the goal of blocking cyberattacks by foreign adversaries, senior defense and industry officials say. The novel program, which began last month on a voluntary, trial basis, relies on sophisticated NSA data sets to identify malicious programs slipped into the vast stream of Internet data flowing to the nation's largest defense firms. Such attacks, including one last month against Bethesda-based Lockheed Martin, are nearly constant as rival nations and terrorist groups seek access to U.S. military secrets. "We hope the . . . cyberpilot can be the beginning of something bigger," Deputy Defense Secretary William J. Lynn III said at a global security conference in Paris on Thursday. "It could serve as a model that can be transported to other critical infrastructure sectors, under the leadership of the Department of Homeland Security." The prospect of an NSA role in the monitoring of Internet traffic already had raised concerns among privacy activists, and Lynn's suggestion that the program might be extended beyond the work of defense contractors threatened to raise the stakes further. [Editor: I find this very ominous; the cure will be worse than the disease.]

top

RESOURCES

Three-Volume History of Counterintelligence (Bruce Schneier, 1 June 2011) - CI Reader: An American Revolution Into the New Millennium , Volumes I , II , and III is published by the U.S. Office of the National Counterintelligence Executive.

top

LOOKING BACK

BIG STINK OVER A SIMPLE LINK (Wired, 6 Dec. 2001) -- KPMG, an international services firm, prides itself on its "e-business" savvy, and it charges companies boatloads to improve their "new economy" businesses. But this week several website owners were wondering whether KPMG's Internet acumen was really worth anything at all, as it announced a policy that seemed to breach the most basic freedom on the Web -- the freedom to link to any site you want to. In a letter to a consultant in Britain who runs a personal website that has not been especially nice to KPMG, the company said it had discovered a link on his site to www.kpmg.com, and that the website owner, Chris Raettig, should "please be aware such links require that a formal Agreement exist between our two parties, as mandated by our organization's Web Link Policy." http://www.wired.com/news/business/0,1367,48874,00.html

top

PAY UP--AND WHILE YOU'RE AT IT, SHUT UP: What is the future of copyright online? Let's hope it's not as simple as reading the writing on the iCopyright contract. Under a rights agreement drafted by iCopyright.com, the Albuquerque Journal has begun to charge website operators $50 per link to one of its articles. In addition to forking over the cash, the terms of the agreement require that the linker agree not to say anything "derogatory" about the article itself, "the author, the publication that contains the article, or anyone depicted in the content." Fortunately, the Albuquerque Journal's demand for payment--and no back talk--is likely to add up only to wishful thinking. "It's far from clear that they could take any legal action against someone who chose to link freely," says Wendy Seltzer, a Harvard/Berkman Center fellow. "Publishers will have more leverage using technology than the law--for example, by offering stable URLs or convenient displays only to those who pay the desired fee." http://www.wired.com/news/business/0,1367,40850,00.html

top

NOTES

MIRLN (Misc. IT Related Legal News) is a free e-newsletter published every three weeks by Vince Polley at KnowConnect PLLC. You can subscribe to the MIRLN distribution list by sending email to Vince Polley ( mailto:vpolley@knowconnect.com?subject=MIRLN ) with the word "MIRLN" in the subject line. Unsubscribe by sending email to Vince with the words "MIRLN REMOVAL" in the subject line.

Recent MIRLN issues are archived at www.knowconnect.com/mirln . Get supplemental information through Twitter: http://twitter.com/vpolley #mirln.

SOURCES (inter alia):

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu

2. InsideHigherEd - http://www.insidehighered.com/

3. SANS Newsbites, sans@sans.org

4. NewsScan and Innovation, http://www.newsscan.com

5. BNA's Internet Law News, http://ecommercecenter.bna.com

6. Crypto-Gram, http://www.schneier.com/crypto-gram.html

7. McGuire Wood's Technology & Business Articles of Note

8. Steptoe & Johnson's E-Commerce Law Week

9. Eric Goldman's Technology and Marketing Law Blog, http://blog.ericgoldman.org/

10. Readers' submissions, and the editor's discoveries.

This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA.

PRIVACY NOTICE: Addresses and other personal information provided during the subscription process will be kept confidential, and will not be used for any other purpose. top

Posted by at 2 comments:
Subscribe to: Posts (Atom)