MIRLN --- 11-30 September 2011 (v14.13)

MIRLN --- 11-30 September 2011 (v14.13) --- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: http://twitter.com/vpolley #mirln)

NEWS | PODCASTS | LOOKING BACK | NOTES

Report - A Call to Courage: Reclaiming Our Liberties Ten Years After 9/11 (ACLU, 7 Sept 2011) - An ACLU report release to coincide with the 10th anniversary of 9/11 warns that a decade after the attacks, the United States is at risk of enshrining a permanent state of emergency in which core values must be subordinated to ever-expanding claims of national security. The report, entitled, “A Call to Courage: Reclaiming Our Liberties Ten Years after 9/11,” explores how sacrificing America’s values - including justice, individual liberty, and the rule of law - ultimately undermines safety. The report begins with an examination of the contention that the U.S. is engaged in a “war on terror” that takes place everywhere and will last forever, and that therefore counterterrorism measures cannot be balanced against any other considerations such as maintaining civil liberties. The report states that the United States has become an international legal outlier in invoking the right to use lethal force and indefinite military detention outside battle zones, and that these policies have hampered the international fight against terrorism by straining relations with allies and handing a propaganda tool to enemies. Taking on the legacy of the Bush administration’s torture policy, the report warns that the lack of accountability leaves the door open to future abuses. “Our nation’s official record of this era will show numerous honors to those who authorized torture - including a Presidential Medal of Freedom - and no recognition for those, like the Abu Ghraib whistleblower, who rejected and exposed it,” it notes. Concluding with the massive expansion of surveillance since 9/11, the report delves into the many ways the government now spies on Americans without any suspicion of wrongdoing, from warrantless wiretapping to cell phone location tracking - but with little to show for it. “The reality is that as governmental surveillance has become easier and less constrained, security agencies are flooded with junk data, generating thousands of false leads that distract from real threats,” the report says. Full report here .

top

Criminal Prohibitions on the Publication of Classified Defense Information (Congressional Research Service, 8 Sept 2011) - The online publication of classified defense documents and diplomatic cables by the organization WikiLeaks and subsequent reporting by The New York Times and other news media have focused attention on whether such publication violates U.S. criminal law. The suspected source of the material, Army Private Bradley Manning, has been charged with a number of offenses under the Uniform Code of Military Justice (UCMJ), including aiding the enemy, while a grand jury in Virginia is deciding whether to indict any civilians in connection with the disclosure. A number of other cases involving charges under the Espionage Act demonstrate the Obama Administration’s relatively hard-line policy with respect to the prosecution of persons suspected of leaking classified information to the media. This report identifies some criminal statutes that may apply, but notes that these have been used almost exclusively to prosecute individuals with access to classified information (and a corresponding obligation to protect it) who make it available to foreign agents, or to foreign agents who obtain classified information unlawfully while present in the United States. Leaks of classified information to the press have only rarely been punished as crimes, and we are aware of no case in which a publisher of information obtained through unauthorized disclosure by a government employee has been prosecuted for publishing it. There may be First Amendment implications that would make such a prosecution difficult, not to mention political ramifications based on concerns about government censorship. To the extent that the investigation implicates any foreign nationals whose conduct occurred entirely overseas, any resulting prosecution may carry foreign policy implications related to the exercise of extraterritorial jurisdiction and whether suspected persons may be extradited to the United States under applicable treaty provisions. [Editor: Yochai Benkler has a working draft article titled “A Free Irresponsible Press: Wikileaks And The Battle Over The Soul Of The Networked Fourth Estate” here .]

top

‘Find My Car’ App Can Also Catch Crooks (Sydney Morning Herald, 9 Sept 2011) - [Y]ou’ll never lose your car in the shopping centre again - and police now have at their fingertips technology to track down stolen and unregistered vehicles. Westfield Bondi Junction in Sydney recently added to its iPhone app the functionality for shoppers to find their parked car by entering its license plate number. The idea behind it is that if a shopper forgets where they parked then they can find their car using the app, which also lets users find out the opening hours of each retailer, see special offers and search for a store’s location in the shopping centre. But Westfield said police could also use it to find stolen or unregistered vehicles. In a statement, NSW Police said it worked closely with security at Westfield Bondi Junction and utilised their technology “when required”. See also http://www.theregister.co.uk/2011/09/14/find_my_car_fail/

top

This Post Should Be Considered Off the Record (TechPresident, 14 Sept 2011) - Staffers for Sen. Sheldon Whitehouse, Democrat of Rhode Island, don’t mind if you read as they pass along hurricane updates or chat with other folks on Twitter. They’ll even plug someone’s business. Just don’t talk about what you read: Whitehouse’s communications director, Seth Larson, deputy press secretary, Richard Pezzillo, and new media director (!), Catherine Algeri, have disclaimers in their Twitter profiles that declare their posts - on public, unprotected accounts - to be off the record. Disclaimers in Twitter profiles are common. People from ABC News’ senior White House correspondent Jake Tapper to Gerrit Lansing, press secretary at the Republican-controlled House Budget Committee, sport a tag of the tweets-are-mine-alone and/or retweets-aren’t-endorsements category. But “off the record?” On Twitter? That’s a new one on me. Update : Looks like Whitehouse’s staff have decided to go public - their “off the record” pleas were gone from their Twitter profiles not long after I posted this piece.

top

Court Allows Recovery of Lost Business and Investigation Costs Under CFAA (Steptoe, 15 Sept 2011) - According to a recent decision, Mobil Mark, Inc., v. Paskosz, prospective plaintiffs worried that they cannot show sufficient damage or losses to state a civil claim under the Computer Fraud and Abuse Act (CFAA) should simply hire an expensive investigator. Earlier this month, the U.S. District Court for the Northern District of Illinois found that the cost of a company’s investigation into a former employee’s alleged data theft, and resulting lost customers and sales opportunities, can be counted as “losses” for purposes of the CFAA’s $5,000 damage or loss minimum for pursuing a civil claim. While courts have been notoriously split over what exactly constitutes compensable “damage” or “loss” under the Act, this ruling continues what seems to be somewhat of a trend of increasingly expansive readings of the statute. This is good news for employers who want to use the CFAA to go after rogue employees and possibly their competitors.

top

NHL Restricts Players’ Use of Social Media on Game Days (Thestar.com, 15 Sept 2011) - Thou shalt not Twitter during the game. Or before it. Or after it. Or during team meetings. The NHL and its Players’ Association have put together a new social media policy, that sets a blackout period when cannot use applications such as Twitter and Facebook. Basically, players may not tweet or use social media from two hours before the puck drop until after their media requirements are completed after the game. There is no blanket off-day restriction, but the league wants players to act “appropriately” and “not disclose competitively sensitive team info,” deputy commissioner Bill Daly told the Star. The league is asking players to speak, text or tweet on social media with the same caution they would speak in front of microphones, understanding what they say is public and for-the-record. A violation would subject the players to an undisclosed punishment. NHL on-ice officials are not allowed to tweet or “maintain any social media accounts,” Daly told the Star.

top

Executives May Be Too Confident on Cybersecurity, Survey Finds (NYT, 15 Sept 2011) - Every week comes a new report warning how vulnerable consumers, companies and government agencies are to hackers bent on breaching computer systems and extracting sensitive data. This week came a somewhat unusual report, compiled by the global consulting firm PricewaterhouseCoopers. It surveyed more than 9,000 executives in over 130 countries and found them confident in their ability to secure their information systems and bullish about cybersecurity spending. In the survey, released Thursday, 43 percent of respondents said they had confidence in their security protocols and 50 percent said they expected their companies to spend increasing amounts of money on cybersecurity. Digital hubris can be dangerous, though. PricewaterhouseCoopers parsed the data more closely. They asked the executives about the precautions they were taking. It turned out that only 13 percent of those surveyed had actually done what the consulting firm considered to be adequate - meaning they had an overall security strategy, they had reviewed the effectiveness of their strategy and they knew precisely the types of breaches that had already hit them over the last 12 months. Even as the use of social networks has proliferated, barely one in three respondents said their companies had a policy governing their employees’ use of tools like Facebook and LinkedIn. Social media, the report’s authors concluded, is a double-edged sword for many companies. “It’s a great business opportunity,” Mark Lobel, a principal at PricewaterhouseCoopers, said by phone. “It’s also a terrible avenue for data loss and data leakage.” Driving the spending on security was the prospect of cyber-espionage, or snooping on sensitive company and government data, everything from blueprints of fighter jets to confidential information about mergers and acquisitions. But only 16 percent of respondents said they were prepared for cyber-espionage.

top

Amazon Cloud Earns Key FISMA Government Security Accreditation (ArsTechnica, 15 Sept 2011) - Amazon has earned the FISMA security accreditation from the US General Services Administration, a key endorsement for its cloud security model that could increase adoption among federal agencies. FISMA, the Federal Information Security Management Act, is the fifth major certification or accreditation Amazon has gained for its Web Services business featuring the Elastic Compute Cloud infrastructure-as-a-service platform. “FISMA Moderate Authorization and Accreditation requires AWS to implement and operate an extensive set of security configurations and controls,” Amazon said in an announcement today . “This includes documenting the management, operational, and technical processes used to secure the physical and virtual infrastructure as well as conducting third party audits. This is the first time AWS has received a FISMA Moderate authority to operate.” Amazon already counted the likes of NASA’s Jet Propulsion Laboratory and Treasury.gov as customers, so the company wasn’t exactly struggling to land big names. But adding to its roster of accreditations could help Amazon EC2 attract more mission-critical use cases. FISMA certification had already been obtained by Google for its Apps service and by Microsoft for its cloud infrastructure and its BPOS-Federal service. Prior to today, Amazon achieved compliance with the SAS 70 Type II auditing standard, the HIPAA health data privacy act, PCI DSS credit card standards, and the ISO 27001 international security standard. The new FISMA certification covers Amazon EC2, Amazon’s Simple Storage Service, the Virtual Private Cloud, and the services’ underlying infrastructure.

top

FISMA Mandates Monthly Security Reports For Agencies (Information Week, 15 Sept 2011) - Federal agencies must begin reporting security data to an online compliance tool as part of fiscal year 2011 requirements for the Federal Information Security Management Act (FISMA). The Department of Homeland Security (DHS) outlined new requirements for FISMA, the National Institute of Standards and Technology (NIST) security standard for federal IT solutions. One of them calls for agencies to establish monthly data feeds to CyberScope, a compliance tool developed to help the feds to better and more actively monitor cybersecurity.

top

IRS Clarifies: Work Cellphones Are Not Taxable Perks (Hillicon Valley, 16 Sept 2011) - The Internal Revenue Service issued a notice Wednesday clarifying that employer-provided cellphones are not taxable perks. The Small Business Jobs Act of 2010 removed cellphones from the definition of “listed property,” a category that normally requires additional record keeping by taxpayers. The IRS notice clarified that as a result of the law, when a business provides an employee with a cellphone to use for work, that phone is generally not a taxable benefit. The IRS also sent a memo to its examiners to explain the rule change. CTIA, a wireless trade association, praised the move. “I’m glad the IRS has finally had the last word on repeal of a rule that might have made sense in the late 1980s, but made no sense at all in today’s mobile, always-connected world,” wrote CTIA President Steve Largent in a blog post.

top

Symantec Survey Finds Emails Are No Longer the Most Commonly Specified Documents in eDiscovery Requests (Symantec press release, 19 Sept 2011) - Symantec Corp. (Nasdaq: SYMC) today announced the findings of its 2011 Information Retention and eDiscovery Survey which examined how enterprises manage their ever-growing volumes of electronically stored information and prepare for the eventuality of an eDiscovery request . The survey of legal and IT personnel at 2,000 enterprises worldwide found email is not the primary source of records companies must produce, and more importantly, respondents who employ best practices for records and information management are significantly less at risk of court sanctions or fines. “The fact that email is no longer the primary source of information for an eDiscovery request is a significant change from what has been the norm over the past several years,” said Dean Gonsowski, eDiscovery Counsel at Symantec. “With the wide variety of sources in play, including loose documents, structured data, SharePoint content and even social media, it is not enough for legal and IT to simply focus upon email alone. It’s critical for the two departments to work together to develop and implement an effective information retention policy.”

top

Using Technology to Improve Client Service (ABA’s Catherine Sanders Reach, 19 Sept 2011) - Everywhere you look, people are using technology outside the confines of the workplace. And no matter what type of clients you serve, it’s likely they want to be able to use the same technologies for similar conveniences when they’re working with you. Here are some suggestions for incorporating technology tools to give your clients enhanced options so you can meet-and even exceed-their expectations.

top

Abuse of Trust? (InsideHigherEd, 19 Sept 2011) - Less than a week after the University of Michigan brushed off a lawsuit by the Authors Guild over the university’s move to make copyrighted “orphan” works in its digital collection freely available to students and faculty, the Michigan Library suspended the practice Friday, admitting “serious” flaws in its process for identifying orphans. Friday’s mea culpa followed a public flogging of the library and its nonprofit digital consortium, HathiTrust, at the hands of the Authors Guild, in which the guild quickly tracked down the owners of the copyrights on several works that HathiTrust had categorized as “orphans”—books and articles that are in copyright but whose copyright owners cannot be located or identified. “The close and welcome scrutiny of the list of potential orphan works has revealed a number of errors, some of them serious,” the Michigan library wrote in its statement. “This tells us that our pilot process is flawed.” The librarians said they had “learned from [their] mistakes” and have “already begun an examination of our procedures to identify the gaps that allowed volumes that are evidently not orphan works to be added to the list.” The HathiTrust’s Orphan Works Project—a Michigan-led effort to identify and increase access to the orphans from the consortium’s digital library—has been suspended until the university can come up with “a more robust, transparent, and fully documented process” for making sure works are genuinely orphaned before categorizing them as such. The Authors Guild, along with authors’ associations in Australia and Quebec and a handful of individual authors, had filed suit last Monday against the HathiTrust, Michigan, and several other university libraries heavily involved in the Orphan Works Project. The plaintiffs claimed that by establishing its own set of procedures for clearing orphan works for wider accessibility, the libraries were taking copyright into their own hands. They argued that the orphans should stay under lock and key until Congress passes legislation governing how orphan works can be identified and displayed. Michigan and other HathiTrust supporters argued that giving faculty members and students access to digital orphan works was protected by the “fair use” provisions of U.S. copyright law. But the Authors Guild struck back on its blog, calling into question the integrity of Michigan’s process for attempting to find the copyright holders for its orphan candidates. In a series of “gotcha” blog posts, the guild documented its own efforts to find the copyright holders for HathiTrust orphans. It quickly tracked down several authors that HathiTrust had apparently been unable to reach. [Editor: EFF has a different perspective - see No Authors Have Been Harmed in the Making of This Library (EDD, 15 Sept 2011) - “We’ve been puzzling over the Author’s Guild’s decision to sue several university libraries for participating in the digitization and storage of millions of works (largely in connection with the Google Books project) and making scans of some of those works available to the academic community. Simply put, it appears that the Guild is dead set on wasting time and money addressing imaginary harms, whether or not its efforts might actually benefit either its members or the public.” InsideHigherEd runs yet another perspective here .]

top

Broadband Under The Sea: Where Do Those Cables Go? (GigaOM, 20 Sept 2011) - Want to know how your email packets from Rhode Island make it over to South Africa? Or what about your VoIP call from Hong Kong to Honolulu? Now there’s a map for that, thanks to the folks at Telegeography who have rolled out an interactive tool that shows you the location of various undersea cables. These cables are the links that connect the Internet across oceans and continents, and typically they only get noticed when they go down. For the truly nerdy, this makes awesome wall art (you can put it next to your spectrum allocation chart!), but if you’re more like the rest of the population, it’s a fun resource to turn to the next time a woman panning for copper cuts a cable, you’re looking for a good place to base a data center, or you want to see how interconnected we are. For example, Hillsboro, Ore., should be known as Cabletown given that three cables land there: more than any other city in the U.S. That and other fun facts await you, although I’d like a better search function so I could easily see how many cables Google has invested in, for example. Map here . [Editor: the article on this is Neal Stephenson’s “Mother Earth, Mother Board” from Wired from 1996 - here .]

top

Non-Marketing Uses of Social Media for Lawyers (Dennis Kennedy, 20 Sept 2011) - Since Tom Mighell and I haven’t gotten much chance over the last year or so to write together, we jumped at the chance to write an article on “non-marketing” uses of social media for lawyers for the ABA’s Law Practice Today webzine. Then we realized that volunteering to write an article is far easier than finding the time to actually write it. The result, however, is an article we really liked and one we’ve gotten some great feedback on. It’s called “Not Your Marketer’s Social Media: Ten Ways Lawyers Can Benefit from Non-Marketing Uses of Social Media. The article grew out of our podcast called “Using Social Media for Non-Marketing” and expands on some of the ideas in the podcast and adds a few new things. The main idea is that lawyers can benefit from social media in many different ways and that the over-attention on using social media for marketing to potential clients has a limiting effect on ways that lawyers think they might use social media. The article is an attempt to “think different” about social media - in practical ways that match your own personality and approach - and to go back to the basics on social media. Then, see what evolves from uses that best fit your own approach and comfort. Check out the new article and let us know what you think about it. [Editor: for example, I find about 1/3 of the stories in MIRLN thru social media tools, and I broadcast MIRLN-related items on Twitter with #mirln.]

top

Account Deactivation and Content Removal: Guiding Principles and Practices for Companies and Users (Berkman guide, 20 Sept 2011) - This report explores these dilemmas and recommends principles, strategies, and tools that companies and users alike can adopt to mitigate the negative effects of account deactivation and content removal. Through case examples, we outline the ways in which platform providers can have a positive impact on user trust and behavior by being more clear and consistent in developing ToU and other policies, responding to and evaluating suspected violations, and providing opportunities for recourse and appeal. We also highlight concrete actions that users can take to educate themselves about how the moderation, takedown, and abuse-prevention mechanisms work for the services they use, provide and communicate context where necessary, and engage with companies and other users around such issues. From the activist who communicates with her network via her Facebook account, the user who posts documentary-style videos to YouTube or the citizen journalist who raises awareness with photos uploaded to Flickr, platforms that host user-generated content are increasingly used by a range of civic actors in innovative ways: to amplify voices, organize campaigns and coordinate disaster response, and advocate around issues of common concern. However, while the online space may be perceived as a public commons, private entities play a role in shaping online activity, behavior, and content via Terms of Use (ToU), community guidelines, and other mechanisms of control. Platform providers often enforce such rules in response to potential threats, misuse, or ToU violations; users must observe them or risk losing their accounts, their contacts, or their ability to post content. The clarity, transparency, and consistency of how such terms are established and implemented are important to all users, but for the growing number of human rights activists who depend on web 2.0 platforms for core elements of their work-and for whom removed content and deleted accounts can have severe consequences-the stakes are much higher. For platform providers, enforcing site guidelines can require balancing complex and often competing considerations, including supporting community norms and innovative user activity, while maintaining a safe and secure online environment, protecting the free expression and privacy rights of users while enforcing legal standards or responding to government pressure, and accounting for the potential risks faced by activists. Guide is here .

top

Full List of Sites the US Air Force Blocked to Hide from Wikileaks Info; Includes NY Times & The Guardian (TechDirt, 20 Sept 2011) - When the State Department cables leaked via Wikileaks, some government employees and agencies were put in a tough position, in that they couldn’t officially view those documents, since they were still classified. As we’ve noted in the past, this is stupid. In business, any boilerplate non-disclosure agreement says that if some info becomes public due to a third party, the NDA no longer applies. The US government, for reasons that escape me, refuses to do the same thing for classified info that leaks—even after the press has run stories on it. We heard all sorts of bizarre stories about government agencies trying to block access to this content which was everywhere, including reports that any Techdirt article that mentioned “Wikileaks” in the title was blocked from Defense Department computers. Jason Smathers decided to submit a Freedom of Information Act request (via the awesome Muckrock.com platform) to the US Air Force to find out what sites it was blocking. And while the Air Force initially denied the request, on appeal it just changed its mind and handed over the list, which you can see below. Most of the blocked URLs are to various Wikileaks mirror sites, but it also covers the major media properties that Wikileaks initially worked with on releasing these documents, including the NY Times and The Gu[a]rdian.

top

Apple and Dropbox Join Fight to Reform Electronic Privacy Law (EFF, 22 Sept 2011) - In April we launched “Who Has Your Back” , a campaign calling on major Internet companies like Google, Amazon and Microsoft to stand with their users when it comes to government demands for users’ data. Today, we’re pleased to see that two of the thirteen companies highlighted in our petition , Apple and Dropbox, have agreed to one of our requests: that they stand up for user privacy in Congress by joining the Digital Due Process coalition. Digital Due Process is a diverse coalition of privacy advocates like EFF, ACLU and the Center for Democracy & Technology and major companies like AT&T, eBay and Comcast that has come together with the shared goal of modernizing surveillance laws for the Internet age. The DDP coalition is especially focused on pressing Congress to update the woefully-outdated Electronic Communications Privacy Act or “ECPA.”

top

Is it Possible to Secure Law Firm Data? (slaw, 22 Sept 2011) - To answer the question, we interviewed our friend and colleague Matt Kesner, the CIO of Fenwick & West LLP, a West Coast law firm representing high tech and bio-tech clients. Matt has “walked the walk” when it comes to security and protecting data. Is the data at a law firm really different or are there “special” considerations when dealing with security within a law firm? Matt suggested that there are a lot of tensions at play within a law firm. There’s always the tension between IT and end-users. The end-users are more difficult to tame and are more independent than most other users. They don’t necessarily want to comply with the stated policies and procedures, thereby making security a more difficult task. Also, they tend to be driven by what the client wants, which may be in contradiction to the security procedures of the firm. The press hasn’t really identified many data breaches that have involved law firms. Since law firms are very much reputation based, they are not all that willing to publicize any data breach that may have occurred. Current data breach laws have changed that practice, but we still don’t hear of many specifics concerning law firms. Matt acknowledged that there have been two breaches at his own firm. His advice for security is to learn lessons from breaches so you can avoid a recurrence - at least a recurrence of the same sort of attack. Fortunately for Matt’s firm, the security incidents did not involve access to their network. Both occurrences involved their website, which was hosted externally. We are aware of some other firms being compromised, primarily through mobile devices and unprotected laptops. Matt confirmed that law firms are seeing an increase in hacking attempts. Reviews of his own firm’s logs show repeated “door rattles” and attempted infiltration of the network. They are being probed a lot more often, tested with various scripts being used to determine vulnerabilities and have experienced a higher proportion of successful malware and phishing attacks against their users. Many attacks appear to be originating from China, which is consistent with our experiences gleaned from security investigations involving these attacks. Our own government has cautioned us that every cell phone and smart phone that goes into China has spyware downloaded on it by the Chinese communications infrastructure. This spyware pretty much has unfettered access to the data that you are sending and receiving even if it is encrypted in transit. Another concern is bringing laptops to China. Matt advised us to weigh the laptop before and after taking it to China as many times hardware monitoring devices will be installed in the laptop itself. He also suggested taking a disposable cell phone when traveling to China. Many in the security field have stated that we are seeing activity from China’s “C-level” (rookie) hackers since law firm systems are fairly easy to penetrate. China isn’t even wasting the efforts of their “B-level” or “A-level” teams when attacking U.S. systems. Essentially, China’s entry level hackers are practicing on U.S. law firm networks before “graduating” to more advanced hacking activities. Matt told us that Chinese students actually take hacking classes and hack Western websites as part of their homework. Pretty scary stuff.

top

Newly Released Documents Reveal Defense Department Intelligence Violations (EFF, 22 Sept 2011) - EFF just received documents that reveal additional post-9/11 Defense Department misconduct, including attempts by the Army to investigate participants at a conference on Islamic law at the University of Texas Law School and Army-issued National Security Letters (NSLs) to telecommunications providers in violation of the law.

top

Even If You Cancel Your OnStar Service, The Company Will Still Track (And Sell) Your Location (TechDirt, 22 Sept 2011) - GM subsidiary OnStar is apparently alerting its customers that even if they decide to cancel their service in the future, OnStar will still track information about them—and, of course, potentially sell that data: “What’s changed [is that if] you want to cancel your OnStar service, we are going to maintain a two-way connection to your vehicle unless the customer says otherwise.” OnStar is spinning this as a plan to make it “easier to re-enroll” as a customer, but it also seems to admit that there’s demand out there for the data that OnStar collects, so it has plenty of incentive to get more such data, even from non-customers. Of course, they don’t even seem to acknowledge the creepiness factor of canceling a service, and then still having that service track your every move. [GM stops - 27 Sept 2011]

top

Author Sues Production Company For Copyright Infringement For Changing The Script It Optioned From Him (TechDirt, 22 Sept 2011) - While significant parts of the rest of the world include a “moral rights” component to copyright (which covers things like proper attribution), the US has always avoided it—even though it’s supposedly required by the Berne Convention, of which the US is a participant. The US has mainly gotten around this because it’s the US and it ignores international agreements when it wants to—but also because it put in a tiny bit of moral rights in extremely limited circumstances that are so rare you’ll almost never, ever hear about them. However, it does appear that some are trying to sneak in a form of moral rights via contract. 

 Copycense points us to the news of a writer, Matthew Jones, who is suing the people who optioned his screenplay (which was based on his own novel, Boot Tracks ) for changing the screenplay without his permission. He apparently wrote into the contract that such changes could not be made without his permission—and yet the screenplay was changed to help get funding. There’s an obvious contractual breach in there, but Jones is also claiming copyright infringement, suggesting that, by breaking the agreement, they were also creating an unauthorized derivative work. In this case, it’s a little more confusing, because there’s some question as to when the producer and director actually exercised the option to buy the screenplay/make the film. Either way, it may make for an interesting case and it makes me wonder if we’ll start to see more efforts by content creators to enforce such moral-like rights via contract.

top

More Offices Let Workers Choose Their Own Devices (NYT, 23 Sept 2011) - Throughout the information age, the corporate I.T. department has stood at the chokepoint of office technology with a firm hand on what equipment and software employees use in the workplace. They are now in retreat. Employees are bringing in the technology they use at home and demanding the I.T. department accommodate them. The I.T. department often complies. Some companies have even surrendered to what is being called the consumerization of I.T. At Kraft Foods, the I.T. department’s involvement in choosing technology for employees is limited to handing out a stipend. Employees use the money to buy whatever laptop they want from Best Buy, Amazon.com or the local Apple store. “We heard from people saying, ‘How come I have better equipment at home?’ “ said Mike Cunningham, chief technology officer for Kraft Foods. “We said, hey, we can address that.” Encouraging employees to buy their own laptops, or bring their mobile phones and iPads from home, is gaining traction in the workplace. A survey published on Thursday by Forrester Research found that 48 percent of information workers buy smartphones for work without considering what their I.T. department supports. By being more flexible, companies are hoping that workers will be more comfortable with their devices and therefore more productive. Corporate I.T. departments often resist allowing consumer technology on their networks because of security concerns. “They’re over the denial and anger stage, and now they are in the acceptance and ‘How can we help?’ stage,” said Mr. Schadler, who co-wrote the book “Empowered,” which addresses consumer technology in the workplace. “What broke the camel’s back was the iPad, because executives brought it into the company and said ‘Hey, you’ve got to support this.’” Kraft’s program is not quite companywide, however. Executives who handle confidential information, people who use laptops to operate production equipment, and most factory workers are ineligible. “It’s a relatively small part of the company,” Mr. Cunningham. “But it addresses the majority of the noise and complaining.” [Editor: Even law firms are doing this; Wilson Sonsini’s CIO, Phillip Hoare, is one of the early forward-thinkers here, and is crafting a process that helps assure security and confidentiality, even on employee-owned smart devices. Kudos.]

top

Three Emerging Cyber Threats (Bruce Schneier, 23 Sept 2011) - On Monday I participated a panel at the Information Systems Forum in Berlin. The moderator asked us what the top three emerging threats were in cyberspace. I went last, and decided to focus on the top three threats that are not criminal: (1) The Rise of Big Data . By this I mean industries that trade on our data. These include traditional credit bureaus and data brokers, but also data-collection companies like Facebook and Google. They’re collecting more and more data about everyone, often without their knowledge and explicit consent, and selling it far and wide: to both other corporate users and to government. Big data is becoming a powerful industry, resisting any calls to regulate its behavior. (2) Ill-Conceived Regulations from Law Enforcement. We’re seeing increasing calls to regulate cyberspace in the mistaken belief that this will fight crime. I’m thinking about data retention laws, Internet kill switches , and calls to eliminate anonymity . None of these will work, and they’ll all make us less safe.
 (3)The Cyberwar Arms Race. I’m not worried about cyberwar , but I am worried about the proliferation of cyber weapons. Arms races are fundamentally destabilizing, especially when their development can be so easily hidden. I worry about cyberweapons being triggered by accident, cyberweapons getting into the wrong hands and being triggered on purpose, and the inability to reliably trace a cyberweapon leading to increased distrust. Plus, arms races are expensive.—That’s my list, and they all have the potential to be more dangerous than cybercriminals.

top

Facebook Hosts 4% Of All Photos Ever Taken In History (TechDirt, 24 Sept 2011) - For all the talk of how content creation is going down the drain due to lax copyright enforcement, it seems that everywhere we look, we just keep seeing more and more and more content creation. The latest is a report that Facebook currently hosts 4% of all photos ever taken . Specifically, it hosts 140 billion photos out of 3.5 trillion photos taken in history. Now, obviously, technology change is at work here. Photography really only showed up for real about a century and a half ago, and didn’t really hit the mainstream until less than a century ago. And, of course, for most of that time it involved (sometimes expensive) film and the expensive step of processing it. Photography has exploded over the last decade or so with the rise of digital cameras, and, of course, high quality digital cameras built into mobile phones. 

But, really, that raises a bigger point: the tools of creation for all sorts of things have been changing rapidly and making it easier and cheaper to create content, whether it’s a photograph, a song, a movie, a book or.. well… just about anything. We’re being inundated with new creative works… at the same time we’re being told that content creation is dying. Now, to be fair, much of the content production we’re talking about is amateur production, but some of that is of fantastic quality, and is leading people into professional content creation roles. But, I guess this raises a separate question. What is the real purpose of copyright? Is it only to incentivize professional content creation , or to incentivize content creation overall? Given the stated purpose is to “promote the progress,” and to provide the public with more content, I would argue the goal is to promote more overall content, and it seems that technology is doing a much better job of that than copyright.

top

Metropolitan Museum Unveils Revamped Web Site (NYT, 26 Sept 2011) - The Metropolitan Museum of Art, which has been trying to rebrand itself over the last year as a visitor-friendly art behemoth, unveiled a redesigned Web site on Monday, the first time the site has been thoroughly updated in more than a decade. It includes several new features that are beginning to become standard for large museums, like a zoomable, clickable floor plan similar to one the Art Institute of Chicago created two years ago. The Met’s version allows prospective visitors to look closely at almost 400 galleries to see what to expect, and visitors already at the museum to use smartphones on parts of the site to find their way to favorite artworks. The site also shows off the results of a huge undertaking ordered by Thomas P. Campbell, the museum’s director: that the curatorial departments make images and information available online for all of the almost two million items in the collection. About 340,000 comprehensive entries for objects are included on the revamped site, 200,000 of which have been created over the last nine months. The site also has a new multimedia section, making videos, recorded lectures, interactive educational programs and other digital projects more easily accessible.

top

In China, Business Travelers Take Extreme Precautions to Avoid Cyber-Espionage (Washington Post, 26 Sept 2011) - Packing for business in China? Bring your passport and business cards, but maybe not that laptop loaded with contacts and corporate memos. China’s massive market beckons to American businesses - the nation is the United States’ second-largest trading partner - but many are increasingly concerned about working amid electronic surveillance that is sophisticated and pervasive. Security experts also warn about Russia, Israel and even France, which in the 1990s reportedly bugged first-class airplane cabins to capture business travelers’ conversations. Many other countries, including the United States, spy on one another for national security purposes. But China’s brazen use of ­cyber-espionage stands out because the focus is often corporate, part of a broader government strategy to help develop the country’s economy, according to experts who advise American businesses and government agencies. “I’ve been told that if you use an iPhone or BlackBerry, everything on it - contacts, calendar, e-mails - can be downloaded in a second. All it takes is someone sitting near you on a subway waiting for you to turn it on, and they’ve got it,” said Kenneth Lieberthal, a former senior White House official for Asia who is at the Brookings Institution. Some industrial cyber-espionage takes place in the U.S corporate world, experts say, but not nearly to the extent found in China. Also, the U.S. government reportedly does not conduct economic espionage on behalf of U.S. industry. Travelers there often tote disposable cellphones and loaner laptops stripped of sensitive data. Some U.S. officials take no electronic gear. And a few corporate executives detour to Australia rather than risk talking business in a bugged Chinese hotel room. Other travelers hide files on thumb drives, which they carry at all times and use only on off-line computers. One security expert, who spoke on the condition of anonymity to avoid drawing scrutiny from the Chinese government, buys a new iPad for each visit, then never uses it again. “It’s real easy for them [the Chinese] to read everything that goes in and out of the country because the government owns all the networks,” said Jody Westby, chief executive of Global Cyber Risk, a consulting firm. “The real problem here is economic espionage,” she said. “There are countries where the search for economic information and high-value data is so aggressive that companies or people are very hesitant about taking their laptops to those countries.” Business travelers began adopting such safety measures for China several years ago, experts say. On the eve of the 2008 Beijing Olympics, Joel Brenner, then the U.S. national counterintelligence executive, first issued government safety guidance to overseas travelers, with such tips as: “If you can do without the device, don’t take it.”

top

Firings, Discipline Over Facebook Posts Leads to Surge in Legal Disputes (Business Insider, 26 Sept 2011) - In the age of instant tweets and impulsive Facebook posts, some companies are still trying to figure out how they can limit what their employees say about work online without running afoul of the law. Confusion about what workers can or can’t post has led to a surge of more than 100 complaints at the National Labor Relations Board - most within the past year - and created uncertainty for businesses about how far their social media policies can go. “Employers are struggling to figure out what the right policies are and what they should do when these cases arise,” said Michael Eastman, labor law policy director at the U.S. Chamber of Commerce. In one case, a Chicago-area car salesman was fired after going on Facebook to complain that his BMW dealership served overcooked hot dogs, stale buns and other cheap food instead of nicer fare at an event to roll out a posh new car model. The NLRB’s enforcement office found the comments were legally protected because the salesman was expressing concerns about the terms and conditions of his job, frustrations he had earlier shared in person with other employees. But the board’s attorneys reached the opposite conclusion in the case of a Wal-Mart employee who went on Facebook to complain about management “tyranny” and used an off-color Spanish word to refer to a female assistant manager. The worker was suspended for one day and disqualified from seeking promotion for a year. The board said the postings were “an individual gripe” rather than an effort to discuss work conditions with co-workers and declined to take action against the retailer. Those cases are among 14 investigations the board’s acting general counsel, Lafe Solomon, discussed in a lengthy report last month on the rise in social media cases. Solomon says federal law permits employees to talk with co-workers about their jobs and working conditions without reprisal - whether that conversation takes place around the water cooler or on Facebook or Twitter. “Most of the social media policies that we’ve been presented are very, very overbroad,” Solomon said in an interview. “They say you can’t disparage or criticize the company in any way on social media, and that is not true under the law.” The number of cases spiked last year after the board sided with a Connecticut woman fired from an ambulance company after she went on Facebook to criticize her boss. That case settled earlier this year, with the company agreeing to change its blogging and Internet policy that had banned workers from discussing the company over the Internet. The National Labor Relations Act protects both union and nonunion workers when they engage in “protected concerted activity” - coming together to discuss working conditions. But when online comments might be seen by hundreds or thousands of eyeballs, companies are concerned about the effect of disparaging remarks. Doreen Davis, a management-side labor lawyer based in Philadelphia, said many of her corporate clients are often “surprised and upset” when they learn they can’t simply terminate employees for talking about work online. “All of us on the management side are being inundated with calls and inquiries from clients about this,” Davis said. “A lot of companies want their social media policies reviewed or they want to establish one for the first time.” But the NLRB’s Solomon also warns workers that not everything they write on Facebook or Twitter will be permissible under the law just because it discusses their job. “A lot of Facebook, by its very nature, starts out as mere griping,” Solomon said. “We need some evidence either before, during or after that you are looking to your fellow employees to engage in some sort of group action.”

top

Marine Corps Social Media Principles Manual (BeSpacific, 27 Sept 2011) - “The Marine Corps must continuously innovate to communicate in media-intensive environments, to remain the nation’s force in readiness. This mission is based on the Marine Corps Vision and Strategy 2025 and the public affairs tasks outlined in the Marine Corps Service Campaign Plan for 2009-2015. While building and launching a social media program or accessing a favorite social media site can sometimes be fast, easy, and inexpensive. Existing rules for public affairs as well as personal conduct still apply. The Marine Corps encourages Marines to explore and engage in social media communities at a level they feel comfortable with. The best advice is to approach online communication in the same way we communicate in person - by using sound judgment and common sense, adhering to the Marine Corps’ core values of honor, courage and commitment, following established policy, and abiding by the Uniform Code of Military Justice (UCMJ). The social media principles provided in this handbook are intended to outline how our core values should be demonstrated, to guide Marines through the use of social media whether personally involved or when acting on behalf of the Marine Corps.” Manual here .

top

Better Ideas Through Failure (WSJ, 27 Sept 2011) - To pitch a prospective client for her ad agency, Amanda Zolten knew she a had to take a risk. But the client’s product-kitty litter-posed a unique challenge. Lucy Belle, Ms. Zolten’s cat, furnished the answer. Before she and her team met with six of the company’s executives, Ms. Zolten buried Lucy Belle’s mess in a box of the company’s litter and pushed it under the conference-room table. No one noticed until Ms. Zolten pointed it out-and the fact that no one had smelled it. Shocked, several executives pushed back from the table. Two left the room. After a pause, those who remained started laughing, says Ms. Zolten, a senior vice president with Grey New York. “We achieved what we hoped, which was creating a memorable experience,” she says. She won’t know for a few weeks whether Grey won the business. But her boss, Tor Myhren, has already named Ms. Zolten the winner of his first quarterly “Heroic Failure” award-for taking a big, edgy risk. Amid worries that we are becoming less innovative, some companies are rewarding employees for their mistakes or questionable risks. The tactic is rooted in research showing that innovations are often accompanied by a high rate of failure. “Failure, and how companies deal with failure, is a very big part of innovation,” says Judy Estrin of Menlo Park, Calif., a founder of seven high-tech companies and author of a book on innovation. Failures caused by sloppiness or laziness are bad. But “if employees try something that was worth trying and fail, and if they are open about it, and if they learn from that failure, that is a good thing.”

top

Taking A Computer Out of Screensaver Mode to See Suspect’s Facebook Wall Is a Fourth Amendment Search (Volokh Conspiracy, 27 Sept 2011) - The legal question: When a computer is in screensaver mode, does a police officer’s touching a key or moving the mousepad in order to reveal the contents of the screen constitute a Fourth Amendment “search”? The facts: The local police received a few citizen calls about a threat posted on Craigslist regarding possible planned violence at a local shopping mall. The police contacted Craiglist and obtained contact information for the person who posted the threat. They visited the man at his home, and the man invited the officers inside. While the officers were present in the home, an officer saw a laptop computer that was either off or in screensaver mode. The officer touched a key or moved the mousepad, and the computer came out of screensaver mode. The officer could then see the contents of the screen, and those contents revealed the suspect’s Facebook wall. The Facebook wall contained a “status update” in which the suspect discussed the mall and wrote that another mall was next, and it also showed that the defendant had “liked” a group about the need to change the mall. The police arrested the suspect and took a way the computer. After being charged with making a threat, the suspect-turned-defendant moved to suppress the information relating to the threat found on the computer. He argued, among other things, that taking his computer out of screensaver mode to see the Facebook Wall was a “search” that required some sort of justification under the Fourth Amendment. The ruling:” In United States v. Musgrove , 2011 WL 4356521 (E.D.Wis. 2011) (Joseph, M.J.): Whether there is a search here is a close call because the officer did not actively open any files. A truly cursory inspection-one that involves merely looking at what is already exposed to view, without disturbing it-is not a “search” for Fourth Amendment purposes. Arizona v. Hicks, 480 U.S. 321, 328 (1987). However, this is not such a case. By touching a key or moving the mouse, the officer put into view the Facebook wall, which was not previously in view. Though a close call, the Court concludes that this was a search, however minimal, which required further authority, a warrant or consent. The government submits that the officer’s manipulation of the computer was for the purpose of seizing the computer, not to conduct a preliminary search. However, intent is not generally relevant in assessing whether a search ensued. See, e.g., United States v. Mann, 592 F.3d 779, 784 (7th Cir.2010)(citing Platteville Area Apt. Ass’n v. City of Platteville, 179 F.3d 574, 580 (7th Cir.1999)). The Court therefore recommends that the defendant’s Facebook wall be suppressed.”

top

Bankrupt Borders Sells Customer Data to Barnes & Noble (EPIC, 28 Sept 2011) - A bankruptcy court in New York has approved the sale of customer information, including email addresses, phone numbers, mailing addresses, and birthdates, from Borders to Barnes & Noble, following an earlier determination that the transfer violated Border’s privacy policy. The judge has now required that former Borders customers receive an email notification and that the companies place prominent notices on their web sites and take outs ads in USA Today. Customers will have 15 days to opt-out of the transfer.

top

Which Telecoms Store Your Data the Longest? Secret Memo Tells All (Wired, 28 Sept 2011) - The nation’s major mobile-phone providers are keeping a treasure trove of sensitive data on their customers, according to newly-released Justice Department internal memo that for the first time reveals the data retention policies of America’s largest telecoms. The single-page Department of Justice document, “ Retention Periods of Major Cellular Service Providers ,” (.pdf) is a guide for law enforcement agencies looking to get information - like customer IP addresses, call logs, text messages and web surfing habits - out of U.S. telecom companies, including AT&T, Sprint, T-Mobile and Verizon. The document, marked “Law Enforcement Use Only” and dated August 2010, illustrates there are some significant differences in how long carriers retain your data. Verizon, for example, keeps a list of everyone you’ve exchanged text messages with for the past year, according to the document. But T-Mobile stores the same data up to five years. It’s 18 months for Sprint, and seven years for AT&T. That makes Verizon appear to have the most privacy-friendly policy. Except that Verizon is alone in retaining the actual contents of text messages. It allegedly stores the messages for five days, while T-Mobile, AT&T, and Sprint don’t store them at all. The document was unearthed by the American Civil Liberties Union of North Carolina via a Freedom of Information Act claim. (After the group gave a copy to Wired.com, we also discovered it in two other places on the internet by searching its title.) “People who are upset that Facebook is storing all their information should be really concerned that their cell phone is tracking them everywhere they’ve been,” said Catherine Crump, an ACLU staff attorney. “The government has this information because it wants to engage in surveillance.” The biggest difference in retention surrounds so-called cell-site data. That is information detailing a phone’s movement history via its connections to mobile phone towers while its traveling. Verizon keeps that data on a one-year rolling basis; T-Mobile for “a year or more;” Sprint up to two years, and AT&T indefinitely, from July 2008.

top

Pennsylvania Appeals Court Rules Text Messages Were Inadmissible Hearsay (ABA Journal, 28 Sept 2011) - A Pennsylvania appeals court has overturned a woman’s drug conviction because text messages on her phone were admitted as evidence at trial. The Pennsylvania Superior Court said there was no showing that the defendant wrote the 13 drug-related text messages and they were inadmissible hearsay, the Legal Intelligencer reports. The defendant, Amy Koch, had been convicted of possession with intent to deliver marijuana and possession of marijuana as an accomplice. The trial court had reasoned that doubts about the identity of the sender or recipient of text messages went to the weight of the evidence rather than admissibility. “We disagree,” the appeals court opinion said. “Authentication is a prerequisite to admissibility. … Circumstantial evidence, which tends to corroborate the identity of the sender, is required.” Such authentication evidence was not offered in Koch’s case, the court said. “Glaringly absent in this case is any evidence tending to substantiate that appellant wrote the drug-related text messages. No testimony was presented from persons who sent or received the text messages. There are no contextual clues in the drug-related text messages themselves tending to reveal the identity of the sender.” [Editor: I wonder if her phone was password-protected, or was useable by anyone.]

top

Our Pleasure to Serve You: More Lawyers Look to Social Networking Sites to Notify Defendants (ABA Journal, 1 Oct 2011) - Although Jessica Mpafe had not seen her husband in years, she assumed he moved back to West Africa’s Ivory Coast. Mpafe of Minnesota had no physical address to serve him with divorce papers. So she asked the court whether she could send the notice by general delivery, where the post office holds mail until the recipient calls for it. Kevin S. Burke, the Hennepin County, Minn., judge presiding over the case, thought that would be a waste of postage. “General delivery made sense 100 years ago, but let’s be real,” says Burke, implying that few use it anymore. Nor did the judge trust publishing legal notices in a trade paper when the defendant can’t be located. “Nobody, particularly poor people, is going to look at the legal newspaper to notice that their spouse wants to get divorced,” Burke says. On May 10 the judge wrote an order authorizing Mpafe to serve notice of process to her husband by email, “Facebook, Myspace or any other social networking site.” His order stated that while the court allowed service by publication in a legal newspaper, it was unlikely the respondent would see it. “The traditional way to get service by publication is antiquated and is prohibitively expensive,” Judge Burke wrote. “Service is critical, and technology provides a cheaper and hopefully more effective way of finding respondent.” It was something of a radical move. While courts in Australia, Canada, New Zealand and the United Kingdom embrace electronic legal notice, it’s rare in the United States. Many state and federal statutes disallow electronic service of process, lawyers say. In federal cases, some attorneys cite Federal Rule of Civil Procedure 4(f)(3), which allows service only for foreign defendants “by other means not prohibited by international agreement, as the court orders.”

top

NOTED PODCASTS

The Hacker’s Aegis - Protecting Hackers From Lawyers (Berkman podcast, 18 July 2011, 68 minutes) - Research on software security vulnerabilities is a valuable example of peer production. However, hackers are often threatened with intellectual property lawsuits by companies who want to keep flaws secret. Oliver Day - a senior security researcher for Internet titan Akamai - and Derek Bambauer - a professor of internet law at Brooklyn Law School - propose a liability shield for security research to improve cybersecurity in a world dependent on cloud computing and mobile platforms. [Editor: thought-provoking discussion, including a strawman framework for publicizing bugs, and the liability implications for vendors who fail to fix them. Intriguing, half-formed discussion of what motivates vendors to sue bug-discoverers.]

top

LOOKING BACK - MIRLN TEN YEARS AGO

THE PHANTOM EDIT (Salon.com, 5 November 2001)—“Star Wars: Episode 1 - The Phantom Menace” was widely panned by both critics and fans, but some fans did not take the film sitting down. Shortly after the film’s release on video, a fan who calls himself the “Phantom Editor” re-cut the movie, making it shorter and crisper - and, yes, Jar Binks is mostly cut out of the re-edit. Shortly thereafter, other fans created still other cuts of the movie using the very digital editing technology of which George Lucas is so enamored. An underground online trading network sprung up and flourished, and eventually people began to sell their re-edited versions - much to the alarm of Lucasfilm’s copyright lawyers. Salon looks at this major shift in the artistic landscape, the first time movie fans have seized the power to re-imagine and possibly improve upon the work of the professionals. http://www.salon.com/ent/movies/feature/2001/11/05/phantom_edit/index.html

top

CHINESE WILL BE MOST-USED LANGUAGE ON WEB BY 2007 Chinese will top English as the most-used language on the Web by 2007, according to forecasts by the World Intellectual Property Organization. Currently, a slim majority of the world’s 460-million-plus Internet users are from English-speaking backgrounds, but by next year most Internet users will have a mother tongue other than English, and by 2003 a third of users will be communicating in another language online. The development will bring a proliferation of multilingual domain technical problems and disputes over the use of trademarks as domain names, says WIPO. (Financial Times 7 Dec 2001) http://news.ft.com/news/industries/internet&e-commerce

top