MIRLN --- 1-21 Nov 2015 (v18.16)
- Cops are asking Ancestry.com and 23andMe for their customers’ DNA
- 3D printed organs face uncertainty in patent law language
- Attorney-Client privilege and work-product doctrine upheld for materials associated with internal data breach investigation
- Time Warner Cable wants to end the hated set-top box once and for all
- Jury: Cox illegally forced customers into renting its set-top box
- Public company boards increase time & resources on cyber-security, yet lack mitigation strategies
- Trying to crack open Congress’s confidential think tank after a century of secrecy
- Language of protest
- Artificial-intelligence institute launches free science search engine
- Academia, a social network for scientific studies, looks to score the best papers
- The trust machine
- Balancing privacy with data collection in Allstate mobile app
- Half of US companies have already filed a cyber insurance claim, driving up rates
- TPP will ban rules that require source-code disclosure
- US tries, and fails, to block “import” of digital data that violates patents
- T-Mobile will let customers stream HBO, Netflix And ESPN without racking up data charges
- Microsoft seeks to dispel cloud mistrust in Europe with German trustee model
- ALM/LEXIS deal good news for some, but not for others
- Lawyer who photographed and tweeted evidence from trial may face sanctions
- As celebrities impose photography restrictions, news organizations push back
- Ethical and risk management issues for law firms that adopt a “BYOD” approach to mobile technology
- Pentagon purges HTML from .mil emails
- Beneath New York Public Library, shelving its past for high-tech research stacks
- Feds bugged steps of Silicon Valley courthouse
- Your phone is listening-literally listening-to your TV
Cops are asking Ancestry.com and 23andMe for their customers’ DNA (Fusion.net, 16 Oct 2015) - When companies like Ancestry.com and 23andMe first invited people to send in their DNA for genealogy tracing and medical diagnostic tests, privacy advocates warned about the creation of giant genetic databases that might one day be used against participants by law enforcement. DNA, after all, can be a key to solving crimes. It “has serious information about you and your family,” genetic privacy advocate Jeremy Gruber told me back in 2010 when such services were just getting popular. Now, five years later, when 23andMe and Ancestry both have over a million customers, those warnings are looking prescient. “Your relative’s DNA could turn you into a suspect,” warns Wired , writing about a case from earlier this year, in which New Orleans filmmaker Michael Usry became a suspect in an unsolved murder case after cops did a familial genetic search using semen collected in 1996. The cops searched an Ancestry.com database and got a familial match to a saliva sample Usry’s father had given years earlier. Usry was ultimately determined to be innocent and the Electronic Frontier Foundation called it a “ wild goose chase ” that demonstrated “the very real threats to privacy and civil liberties posed by law enforcement access to private genetic databases.” The FBI maintains a national genetic database with samples from convicts and arrestees, but this was the most public example of cops turning to private genetic databases to find a suspect. But it’s not the only time it’s happened, and it means that people who submitted genetic samples for reasons of health, curiosity, or to advance science could now end up in a genetic line-up of criminal suspects. Both Ancestry.com and 23andMe stipulate in their privacy policies that they will turn information over to law enforcement if served with a court order. 23andMe says it’s received a couple of requests from both state law enforcement and the FBI, but that it has “successfully resisted them.” 23andMe’s first privacy officer Kate Black, who joined the company in February, says 23andMe plans to launch a transparency report, like those published by Google, Facebook and Twitter, within the next month or so. The report, she says, will reveal how many government requests for information the company has received, and presumably, how many it complies with. ( Update: The company released the report a week later.) * * * If the idea of investigators poking through your DNA freaks you out, both Ancestry.com and 23andMe have options to delete your information with the sites. 23andMe says it will delete information within 30 days upon request.
3D printed organs face uncertainty in patent law language (3D Print, 21 Oct 2015) - Nothing is ever as simple as it seems. With over 100,000 people on waiting lists at any given time for organ transplants in the United States alone, the possibility that organs will be able to be 3D printed seems heaven sent. We’ve seen the dramatic contributions 3D printing has made to other areas of medicine and to someone waiting for a life saving transplant procedure, the only question is simple and straightforward: ‘how quickly can we perfect this?’ Assuming that something as complex as printing human organs might actually be within the realm of possibilities, however, doesn’t mean that there aren’t external roadblocks. One of those comes in the form of patent laws. Yes, you read that right. The key here is that the development of the processes and technology that will be required to execute such a complex task requires a great deal of capital investment. A lot of money needs to be poured into the research and there is no guarantee of success. This means that if Company X invests hundreds of millions of dollars in technology development, they will want to have exclusive rights to sell that technology, something that is guaranteed by a patent. Patents in the case of medicine are not new-pharmaceutical companies use them to protect their own research and development investments-instead it is the nature of the patent that is so unusual. When printing human organs, however, you enter into a new and rarely before explored area of patent law will require a great deal of trial and error refinement. Current patent law states that “no patent may issue on a claim directed to or encompassing a human organism.” This language in the patent law was introduced in 2011 and so you might be tempted to think that it must be all cleared up and spelled out in great detail. Unfortunately that isn’t the case. In fact, there isn’t even any definition of what constitutes a ‘human organism’ something that could range from a single cell to any one of us. Having such lack of precision in the statue will cause patent lawyers to have to tell their clients that they simply cannot determine whether or not the advances they make in the 3D printing of human organs will be something that they will be able to patent. The ambiguity in the code will require a number of decisions on the parts of the courts in order to clarify. That is a process that will take no small amount of time. Instead, it will undoubtedly slow down both the access to funding for this research, as investors face an even more uncertain future for returns, and the implementation of the technologies themselves as their status gets tied up in lengthy legal maneuvers.
Attorney-Client privilege and work-product doctrine upheld for materials associated with internal data breach investigation (Hunton & Williams, 27 Oct 2015) - On October 23, 2015, the United States District Court for the District of Minnesota, in large part, upheld Target’s assertion of the attorney-client privilege and work-product protections for information associated with a privileged, internal investigation of Target’s 2013 data breach. The plaintiffs contended that the challenged information was not protected by the attorney-client privilege or the work-product doctrine because “Target would have had to investigate and fix the data breach regardless of any litigation, to appease its customers and ensure continued sales, discover its vulnerabilities, and protect itself against future breaches.” Target countered that there was a two-track investigation. The first track was an ordinary-course-of-business investigation, involving, among other things, a forensic investigator’s non-privileged report for the card brands. The second track, part of which included a different team from the same forensic investigator, was created at the request of Target’s in-house lawyers and its retained outside counsel. The purpose of the second-track investigation was to educate the attorneys about aspects of the breach so that they could provide Target with informed legal advice. Although the same forensic investigator was used for both tracks, Target explained that it only claimed privilege and work-product protections for certain information related to the second-track investigation. Target provided evidence that the forensic teams did not communicate with each other about the substance of the second-track, attorney-directed investigation. After an in-camera inspection, the court found that the majority of the information was shielded from disclosure. The most notable findings were: * * *
Time Warner Cable wants to end the hated set-top box once and for all (WaPo, 29 Oct 2015) - Time Warner Cable has a plan to kill the set-top box—that clunky piece of equipment that many cable companies force you to rent for hundreds of dollars a year. The company has been testing a version of a streaming video app in New York City this week, and although it’s a limited trial run, TWC chief executive Rob Marcus has much wider ambitions for the service. “Where we’re headed,” Marcus said on an investor call Thursday, “is the ability of customers to access the complete video product without having to rent a set-top box from us, whether they use a Roku or another [Internet Protocol]-enabled device.” Ultimately, TWC customers will be able to get all the same channels through the app that they currently get through their physical set-top box. While some companies may envision keeping the box around while also offering a streaming app, TWC believes it could save a lot of money by not having to pay for and rent out boxes at all (not to mention the time-consuming installation service that comes with it).
- and -
Jury: Cox illegally forced customers into renting its set-top box (WaPo, 30 Oct 2015) - A federal jury in Oklahoma has awarded $6.31 million to a group of cable TV customers after it found that Cox Communications broke federal antitrust law. Cox unfairly forced customers to rent its set-top box as a condition of receiving premium cable service, the jury ruled. Refusing the box meant being unable to access Cox’s interactive channel guide and on-demand video, according to the original complaint . Not only did tying premium service to set-top boxes limit features for subscribers who wanted to use third-party boxes, but Cox unfairly profited from customers who rented its own set-top box (and may have been forced into the decision against their will), according to the class action. A congressional probe this year found that consumers pay more than $230 a year renting set-top boxes from their cable companies.
Public company boards increase time & resources on cyber-security, yet lack mitigation strategies (BDO, October 2015) - According to a new survey by BDO USA, LLP, one of the nation’s leading accounting and consulting organizations, more than two-thirds (69%) of public company board members report that their board is more involved with cybersecurity than it was 12 months ago and a similar percentage (70%) say they have increased company investments to defend against cyber-attacks during the past year, with an average budget expansion of 22 percent. Despite this increase in awareness and resources, just one-third (34%) of corporate directors report that they have documented and developed solutions to protect their business’s critical digital assets. Moreover, less than half (45%) have a cyber-breach response plan in place and only one-third (35%) of directors say their company has developed cyber-risk requirements for their third-party vendors. [ Polley : Spotted by MIRLN reader Gordon Housworth ]
Trying to crack open Congress’s confidential think tank after a century of secrecy (WaPo, 29 Oct 2015) - The secrecy that has traditionally surrounded Congress’s in-house think-tank is under fire from advocates of open government, who argue that the research conducted on major issues of public policy - from environmental protection to immigration - should at long last be made public. For 101 years, the Congressional Research Service has conducted studies for members of the Senate and House, and the findings have remained confidential unless the lawmakers release the research themselves. The aim is to allow senators and House members to pursue potentially controversial issues without fear of criticism from political opponents. Sometimes lawmakers request the studies; sometimes researchers do them in anticipation of congressional interest. The secrecy of the work conducted by the 400 analysts of the CRS was underscored this fall in a “policy statement” circulated to staff, urging confidentiality to maintain good relations with lawmakers. But a coalition of librarians, open-government advocates and advocates against wasteful spending, who are pressing for an end to what they call excessive secrecy in Congress’s research arm, which operates with a $100 million annual budget. “We believe Congress should provide a central online source for timely public access to CRS reports,” a group of retired and former research service employees and dozens of open government groups wrote last week in a letter to Congressional leaders. “That would place all members of the public on an equal footing to one another with respect to access.” The group said some support to members of Congress should remain under wraps through briefings and memos. But the advocates said the public is denied access to a large body of research that, while available to congressional staff, lobbyists and some journalists, through leaks “with no expectation of confidentiality,” never makes it to the public.
- and -
Language of protest (InsideHigherEd, 2 Nov 2015) - All six editors and all 31 editorial board members of Lingua, one of the top journals in linguistics, last week resigned to protest Elsevier’s policies on pricing and its refusal to convert the journal to an open-access publication that would be free online. As soon as January, when the departing editors’ noncompete contracts expire, they plan to start a new open-access journal to be called Glossa. The editors and editorial board members quit, they say, after telling Elsevier of the frustrations of libraries reporting that they could not afford to subscribe to the journal and in some cases couldn’t even figure out what it would cost to subscribe. Prices quoted on the Elsevier website suggest that an academic library in the United States with a total student and faculty full-time equivalent number of around 10,000 would pay $2,211 for shared online access, and $1,966 for a print copy. Under “bundling,” in which academic libraries buy many journals together, the total could be less, but the journal might also not make the cut in the decisions of a library under pressure to buy access to journals in many disciplines. And many libraries complain that bundling doesn’t create true savings, as the bundles include many journals they don’t want. [ see also Elsevier battle escalates (InsideHigherEd, 6 Nov 2015); and Elsevier says downloading and content-mining licensed copies of research papers ‘could be considered’ stealing (TechCrunch, 18 Nov 2015)]
- and -
Artificial-intelligence institute launches free science search engine (Nature, 2 Nov 2015) - With Google Scholar, PubMed, and other free academic databases at their fingertips, scientists may feel they have plenty of resources to trawl through the ever-growing science literature. But a search engine unveiled on 2 November by the non-profit Allen Institute for Artificial Intelligence (AI2) in Seattle, Washington, is working towards providing something different for its users: an understanding of a paper’s content. “We’re trying to get deep into the papers and be fast and clean and usable,” says Oren Etzioni, chief executive officer of AI2. The free product, called Semantic Scholar , is currently limited to searching about 3 million open-access papers in computer science. But the AI2 team aims to broaden that to other fields within a year, Etzioni says. His team is well financed: AI2 was founded and is backed by Microsoft co-founder Paul Allen, who has given the institute more than US$20 million since 2013. Semantic Scholar offers a few innovative features, including picking out the most important keywords and phrases from the text without relying on an author or publisher to key them in. “It’s surprisingly difficult for a system to do this,” says Etzioni. The search engine uses similar ‘machine reading’ techniques to determine which papers are overviews of a topic. The system can also identify which of a paper’s cited references were truly influential, rather than being included incidentally for background or as a comparison. “That’s a really good feature,” says Jose Manuel Gomez-Perez, who works on search engines and is director of research and development in Madrid for the software company Expert System. Semantic Scholar also extracts figures from the papers to present in the search result.
- and -
Academia, a social network for scientific studies, looks to score the best papers (TechCrunch, 4 Nov 2015) - It took three years for Richard Price, a PhD in philosophy, to get a paper published. The slow speed of that inspired him to start what is essentially a social network called Academia , where academics can publish their papers and have them reviewed by other experts called editors. Now, Price wants to take the next step to surface the best papers with a score. It’s called PaperRank, and it’s a way to help academics quickly determine the quality and validity of a paper. Experts can already recommend and make comments on papers as a sort of live peer review process, but now those recommendations fit into an algorithm that helps rank the paper. “In the journal model, the editor of the journal is a paid employee of the journal. They go and email a couple people and say, can you peer review this?” Price said. “And then they do it for free. It’s just a sniff test. It’s reading it and saying, yeah, I recommend it. What we thought was, what does peer review look like when you have a network, and that’s what we tried to build.” The number of recommendations a paper has and the scores of the authors recommending the paper determine the paper’s rank. It’s a shot at basically distributing the credentialing process across an entire network, rather than relying on editors emailing various expects to peer review the paper before it ends up in a journal. It’s not entirely dissimilar to Google’s PageRank in terms of the mathematics, Price said, though there are some more nuanced differences.
The trust machine (The Economist, 31 Oct 2015) - Bitcoin has a bad reputation. The decentralised digital cryptocurrency, powered by a vast computer network, is notorious for the wild fluctuations in its value, the zeal of its supporters and its degenerate uses, such as extortion, buying drugs and hiring hitmen in the online bazaars of the “dark net”. This is unfair. Among regulators and financial institutions, scepticism has given way to enthusiasm (the European Union recently recognised it as a currency). But most unfair of all is that bitcoin’s shady image causes people to overlook the extraordinary potential of the “blockchain”, the technology that underpins it. This innovation carries a significance stretching far beyond cryptocurrency. The blockchain lets people who have no particular confidence in each other collaborate without having to go through a neutral central authority. Simply put, it is a machine for creating trust. * * * [ Polley : Excellent, readable article.]
Balancing privacy with data collection in Allstate mobile app (CSO Online, 2 Nov 2015) - Allstate Insurance Co. developed Drivewise, a usage-based insurance (UBI) program, to collect telematics information about customers’ driving behavior, such as braking, speed and driving time of day. Originally enabled by a device that plugs into a customer’s vehicle, the company has since developed Drivewise Mobile. This app collects the same information via a driver’s smartphone as long as the phone is in the vehicle. Although other insurance companies have similar telematics offerings, Allstate is the first major insurer to collect telematics information exclusively through a smartphone app. The app also allows Allstate to have a more interactive experience with its customers. Allstate says it currently has 820,000 customers actively participating in its Drivewise program. Ginger Purgatorio, vice president of Allstate’s Drivewise program, acknowledges that there were challenges to getting Drivewise up to full speed. * * * Allstate had created a device that plugged directly into a port underneath a vehicle’s steering column, explains Purgatorio. Similar to other insurance companies, that device fed information about the driver’s driving habits back to Allstate, which use the data to come up with a score that could influence that driver’s insurance costs. But Allstate wanted to share more of that driving information with the drivers themselves, Purgatorio explains, so in 2010 the company created a web interface that allowed customers to log in and see details about their driving practices. That helped connect Allstate with its customers on a whole new level, Purgatorio says, but it still required initiative on the customers’ part. So company leaders had the idea to develop Drivewise Mobile, which provides not only details about the driver’s driving habits but delivers related information in near real-time right to the driver’s smartphone. * * *
Half of US companies have already filed a cyber insurance claim, driving up rates (Insurance Business, 6 Nov 2015) - More than half of US businesses now carry some form of cyber insurance coverage - and a new report from Wells Fargo suggests they’re using it. According to a study of 100 middle market companies and large corporations, 85% of respondents carry cyber and data privacy policies and nearly half (44%) have already filed a claim as a result of a breach. Unfortunately, that influx of probable payouts is likely to push coverage costs even higher. Already, the recent rash of high-profile hacking events and data breaches has triggered significant premium increases and heightened deductibles among cyber insurers. Average rates for retailers jumped 32% during the first half of 2015 alone, and many healthcare companies are seeing their premiums triple at renewal time. Deductibles, meanwhile, are now reaching into the $25 million territory for coveted $100 million policies. This is a problem for insurance agents, who already struggle to sell large cyber policies to businesses wary of the price tag. In fact, the Wells Fargo survey reveals that among midsize corporations, a full 42% say their biggest challenge when purchasing coverage is cost.
TPP will ban rules that require source-code disclosure (BoingBoing, 6 Nov 2015) - As we pick through the secret, 2,000-page treaty , we’re learning an awful lot of awfulness, but this one is particularly terrible. As software becomes more tightly integrated into cars and buildings and medical devices (and everything else), many governments have enacted procurement policies requiring contractors to disclose and/or publish the sourcecode of the products they supply to public bodies. For example, if Volkswagen were to supply a fleet of diesels to the National Parks Service, the government might tell them that they have to turn over their source-code so that it can be audited for “defeat devices,” or Chrysler might have to disclose source on their jeeps before they’re sold to the Army, which could result in them being made secure against over-the-Internet attacks on steering and brakes. If this sounds weird, think of other kinds of procurement. If a government commissions a private contractor to produce a building, the contractor wouldn’t be allowed to keep the mathematics used to calculate load-stresses a secret (even if having proprietary engineering principles could make the firm for money). The firmware for an engine or an HVAC system could render cars and buildings unusable or even deadly—why should public money be spent on infrastructure produced with secretive and opaque methodologies? As we saw with the VW “defeat device,” disclosure and publication of software is also necessary for a thorough evaluation of regulated devices, like emissions systems. It would be reasonable for regulators to demand that source code for these sorts of devices be made available for public inspection as a condition of approval for use within a nation’s borders. Under TPP, such requirements will be banned. The article in question could well have been written by a Microsoft lobbyist. It carves out “critical infrastructure” (power plants), but leaves intact cars, HVAC, medical devices, and even databases used to store sensitive public information. * * *
US tries, and fails, to block “import” of digital data that violates patents (Ars Technica, 10 Nov 2015) - A federal appeals court today struck down an International Trade Commission (ITC) ruling in a patent case that attempted to block electronic transmissions of digital data from overseas. The ITC’s authority to prevent importation of “articles” applies only to material things, not digital transmissions, the US Court of Appeals for the Federal Circuit ruled. (Consumer advocacy group Public Knowledge posted the ruling’s text .) “The Commission’s decision to expand the scope of its jurisdiction to include electronic transmissions of digital data runs counter to the ‘unambiguously expressed intent of Congress,’” Chief Circuit Judge Sharon Prost wrote for the court in a 2-1 decision. “This decision is a big win for the open Internet,” said Charles Duan, director of Public Knowledge’s Patent Reform Project. “By rejecting the ITC’s attempt to expand its jurisdiction, the Federal Circuit helps to ensure that Internet users have unfettered access to the free flow of information that has proved so useful for innovation and free expression.” The case began with Align Technology alleging that ClearCorrect violated patents related to orthodontic appliances known as aligners, which are placed on patients’ teeth in order to straighten them. ClearCorrect’s process for making the aligners involves facilities in both the US and Pakistan, which is where the digital importation comes in. “ClearCorrect US scans physical models of the patient’s teeth and creates a digital recreation of the patient’s initial tooth arrangement,” today’s ruling explained. “This digital recreation is electronically transmitted to ClearCorrect Pakistan, where the position of each tooth is manipulated to create a final tooth position.” ClearCorrect Pakistan then creates digital data models and “transmits these digital models electronically to ClearCorrect US. ClearCorrect US subsequently 3D prints these digital models into physical models.” [ see also Federal Circuit bites back against USITC expansion into electronic importation (Patently-O, 10 Nov 2015)]
T-Mobile will let customers stream HBO, Netflix And ESPN without racking up data charges (Re/Code, 10 Nov 2015) - T-Mobile will allow some subscribers to stream video from 24 popular services without burning through their data caps. The nation’s third-largest wireless carrier is looking to gain competitive advantage over rivals Sprint, AT&T and Verizon by giving its customers the ability to stream videos on their smartphones and tablets without generating data charges. Subscribers can choose among popular streaming services including Netflix, HBO Now, HBO Go, Watch ESPN, Fox Sports and Hulu. Notable omissions from the list include YouTube, the world’s biggest video site, and Facebook and Snapchat, both of which have made big pushes into video in the last year. “Video streams free,” T-Mobile CEO John Legere said Tuesday. “Binge on. Start watching your shows, stop watching your data.” Legere’s offer applies to customers who pay for at least three gigabytes of data a month. The promotion is certain to generate complaints from critics who think it violates net neutrality principles, and implicitly favors video services that have agreements with T-Mobile. But Legere brushed aside net neutrality concerns, arguing that his carrier will treat all video services equally when it comes to delivering their data. [ Polley : and, a few days later: Comcast launches streaming TV service that doesn’t count against data caps (ArsTechnica, 19 Nov 2015)]
Microsoft seeks to dispel cloud mistrust in Europe with German trustee model (TechCrunch, 11 Nov 2015) - Microsoft has moved to dispel European mistrust of U.S.-operated cloud services by announcing a plan to offer cloud services, including Azure, Office 365 and Dynamics CRM Online, from data centers in Germany that are also operated by a third party company - in a so called trustee model. Commenting on the launch in a statement, CEO Satya Nadella, said the trustee model will offer customers in German and Europe “choice and trust in how their data is handled and where it is stored”. The forthcoming Microsoft Cloud in Germany will be offered to customers of its cloud services as another option for local data storage, with Microsoft name-checking target sectors with particular concerns for the security of data, such as finance, health and the public sector. It also noted a 2015 BITKOM study which found a large majority (83 per cent) of German enterprises expect a cloud provider to operate local data centers in Germany. Microsoft said its ‘cloud in Germany’ will launch in the second half of 2016, and will be operated under German law by T-Systems, a subsidiary of telco Deutsche Telekom. The two data centers will be based in Magdeburg and Frankfurt am Main, with Microsoft stressing this “data trustee” model means it will not have any access to customer data without the consent of the trustee, and that it cannot therefore be compelled - “even by a third party” - to hand over customer data.
ALM/LEXIS deal good news for some, but not for others (Robert Ambrogi, 11 Nov 2015) - Legal news company ALM and legal research company LexisNexis this week announced an expansion of their content licensing agreement that is good news for LexisNexis subscribers but not so good news for the rest of the legal community. Since 2011, LexisNexis has had the exclusive license to archived content from all ALM publications, which include The American Lawyer, Corporate Counsel, The National Law Journal, Legaltech News, the Law.com website, and a number of other regional and specialty publications. Yesterday’s announcement extends this relationship for an unspecified term and also opens opportunities for direct integration of ALM content into LexisNexis legal research products. According to the press release , the way ALM content is delivered through LexisNexis Newsdesk will be streamlined so it is delivered directly from ALM. Direct integration will also mean that case law references within ALM online publications will link directly to the actual cases in Lexis Advance, according to the release. LexisNexis users will be able to use a single password to access all LexisNexis and ALM content. All of which is good news if you happen to be a LexisNexis subscriber. However, if you are not, it means that you will be shut out of the archives of the most extensive legal news organization in the country. Even ALM’s own paid subscribers will not have access to ALM content after it has been online for 180 days. Any legal news reported in an ALM publication will effectively disappear after six months to anyone who is not a LexisNexis subscriber. According to Lenny Izzo, president of ALM’s Legal Media Division, LexisNexis gets all the ALM content as it is published on ALM’s sites. The content remains available on ALM sites for 180 days, after which only a brief abstract is viewable with a referral link to the full text in LexisNexis. LexisNexis is the exclusive provider for ALM archived content older than 180 days.
Lawyer who photographed and tweeted evidence from trial may face sanctions (ArsTechnica, 12 Nov 2015) - A Chicago lawyer who took photos and tweeted them from a federal courthouse is in serious hot water. US District Chief Judge Ruben Castillo has ordered (PDF) Vincent “Trace” Schmeltz III to appear in his courtroom later this month and explain why he shouldn’t face sanctions. Chicago-based ethics lawyers told the National Law Journal that Schmeltz could face a censure, reprimand, or fine. He could also be subject to separate discipline from state officials who regulate the bar. Schmeltz took the photos last month during the United States v. Coscia trial, a closely watched case that involved the first trial over what’s called “spoofing,” a term for buying a futures contract with the intent of canceling it later. On November 3, Michael Coscia, a high-frequency trader at the Chicago Mercantile Exchange, was convicted by a jury on 12 counts of fraud and spoofing. During the trial, Schmeltz tweeted and blogged updates of what was happening, according to the order. On October 28, he published nine tweets, each one including a photograph of evidence shown in court. One such tweet read: “Coscia averaging over 10k in profits a day when manually doing what he wanted his algos to do. #HFT #cosciatrial” An FBI special agent who was observing the trial saw Schmeltz using a “handheld device” to take photographs of the evidence being displayed on courtroom monitors. Later, court officials looked over the tweets that Schmeltz had posted on his Twitter account, @TraceSchmeltz. The tweets have since been deleted. The order to show cause points out that US District Judge Harry Leinenweber, who oversaw the Coscia trial, didn’t allow any use of “text-based technology” in court. A four-foot sign posted outside his courtroom reminded visitors that “PHOTOGRAPHING, RECORDING OR BROADCASTING IS PROHIBITED.” Rules on devices vary among federal courthouses. In Chicago, devices may be brought into court, but audio or visual recording is prohibited. Other federal courts don’t allow devices to be brought in at all. Schmeltz didn’t respond to inquiries from NLJ , but earlier in the week he told The Chicago Tribune that he simply hadn’t noticed the signage, and it was one of his first times in court on a case that wasn’t his own. He only photographed evidence on-screen, not witnesses or jurors, he noted. “I’m not used to being a spectator,” Schmeltz told the newspaper. “It’s a lesson learned on my part.”
As celebrities impose photography restrictions, news organizations push back (Poynter, 12 Nov 2015) - The changing power dynamic between news outlets and stars might be behind the recent rise of restrictive photography contracts concocted by musicians seeking ever-greater control over their likenesses as they tour the U.S. In the last year alone, several prominent performers - including Taylor Swift, the Foo Fighters and Janet Jackson - have clashed with the media after imposing strict rules that would strip news photographers of rights to their own images. A new frontier in this battle opened earlier today when a group of journalism advocacy organizations issued an open letter to performers protesting the onset of onerous photography contracts. The letter, which Poynter is a signatory to, calls on artists to collaborate with journalists to draft mutually beneficial photo contracts and abandon conditions that would infringe on photographers’ rights: Photos and videos have never been treated as a subject’s intellectual property under U.S. Copyright law. They are always owned by the photographer or his/her employer. Demands for full or partial ownership equate to the taking of our members’ work in exchange for a glimpse of a performer’s. More than 10 organizations, including the National Press Photographers Association, the American Society of News Editors, the Society of Professional Journalists and the Online News Association, have signed the letter, which also calls on performers to do away with provisions that require photographers to submit photos for approval before they can be published. Today’s letter was preceded by controversy stemming from the photography agreement for Jackson’s “Unbreakable” Tour. The contract allows photographers just 30 seconds to shoot her concert and requires them to forego rights to their images . The dispute over these contracts gets to the heart of the press’ right to publish true and accurate images, said Mickey Osterreicher, the lawyer for the NPPA. Provisos that allow celebrities to pick and choose which photos readers see amounts to permitting them to filter reality.
Ethical and risk management issues for law firms that adopt a “BYOD” approach to mobile technology (Steven Puiszis in the ABA’s Journal of the Professional Lawyer, Nov 2015) - The BYOD trend has slowly made its way to the legal profession. BYOD has become a viable option for lawyers and law firms for several reasons. First, it theoretically limits a law firm’s capital outlays and investment costs as the firm’s lawyers purchase the devices on their own. * * * The proliferation of mobile devices, however, triggers a number of unique risks for lawyers and law firms, especially in light of our ethical obligation to competently safeguard client information under the Model Rules of Professional Conduct. Superimposed on a lawyer’s ethical duty to safeguard client information are the statutory obligations imposed by state and federal laws and regulations to protect various categories of personally identifying information, non-public financial information and protected health information. * * * This article will outline the ethical risks triggered by BYOD and provide suggestions towards developing a comprehensive data security policy for mobile de- vices that will help mitigate the risks posed by the adoption of a BYOD approach to mobile technology. Part II addresses the impact of technology on the legal profession and discusses how technology has fundamentally altered the delivery of legal services. Part III reviews the lawyer’s duty of competence and addresses how that duty includes knowing the risks and benefits of technology and what that ethical duty entails. Part IV outlines the various risks triggered by the adoption of a BYOD approach to mobile technology. Part V addresses a lawyer’s ethical duty to safeguard information and communications against technology-based risks, and Part VI outlines a law firm’s obligation to have measures in place that provide reasonable assurance that its lawyers are conforming to the Rules of Professional Conduct and that the conduct of its non-lawyer assistants is compatible with those professional obligations. Part VI also includes a discussion of ethics opinions addressing cloud computing because mobile devices and the cloud go hand in hand. Part VII of this article provides recommendations for law firms adopting a BYOD approach to mobile technology, and this article concludes with a sample policy addressing data security for mobile devices in Part VIII.
Pentagon purges HTML from .mil emails (FCW, 12 Nov 2015) - The Pentagon is tightening the screws on its campaign to improve email security. A department-wide policy will soon be in effect to render Web links unclickable in emails to .mil addresses, Richard Hale, DOD deputy CIO for cybersecurity, told FCW. The move adds an extra layer of security to anti-phishing measures already in place at the Pentagon. The new policy, which was coordinated between Hale’s office and U.S. Cyber Command, has been rolled out gradually and is already in place for much of the .mil domain, Hale said. For at least some users, outside emails are being flagged in the subject line as coming from a “Non-DOD Source.” Hale told FCW that after reviewing a series of anti-phishing measures already in place, officials decided that a more stringent approach was needed. “For years we have had an email policy that says we will not render HTML email,” he said, but certain email clients still include active links in their emails.
Beneath New York Public Library, shelving its past for high-tech research stacks (NYT, 15 Nov 2015) - As they skate or snack in Bryant Park, visitors might dismiss the stately New York Public Library next door as a dog-eared relic in an age of digital information. But unbeknown to most of them, 17 feet below ground, in a concrete bunker worthy of the White House, the library is expanding and updating one of the most sophisticated book storage systems in the world. Since March, after abandoning a much-criticized plan to move the bulk of its research collection to New Jersey, the library has been working instead to create a high-tech space underground for the 2.5 million research works long held in its original stacks. The books will begin arriving in April, and by the end of spring library officials expect to be using a new retrieval system to ferry the volumes and other materials from their 84 miles of subterranean shelving, loaded into little motorized carts - a bit like miniaturized minecars carrying nuggets of research gold. To fit all the books in the allotted space, the library will have to abandon its version of the Dewey Decimal System , in which shelving is organized by subject, in favor of a new “high-density” protocol in which all that matters is size. Books will be stacked by height and tracked by bar code rather than by a subject-based system. Librarians nationwide are embracing size-based systems as they retool their research collections, which unlike books that circulate, cannot leave the premises or be browsed by hand. “It’s a lot better,” said Carolyn Broomhead, the library’s research community manager. “Things don’t get squished together and are much easier to find and track.” Soon, just below where skaters sip cocoa, a nerve center of librarians, curators and clerks, working at computer terminals in a constant 65-degree environment (with 40 percent humidity), will receive electronic requests for the research books and other items. The retrieval system aims to get the materials from shelf to scholar in less than 40 minutes.
Feds bugged steps of Silicon Valley courthouse (Ars Technica, 17 Nov 2015) - Defense attorneys have asked a federal judge to throw out more than 200 hours of conversations FBI agents recorded using hidden microphones planted near the steps of a county courthouse in Silicon Valley. The lawyers are representing defendants accused of engaging in an illicit real estate bid-rigging and fraud conspiracy. The steps to the San Mateo County courthouse are frequently the scene of public auctions for foreclosed homes. Federal prosecutors have admitted that on at least 31 occasions in 2009 and 2010, FBI agents used concealed microphones to record auction participants as they spoke, often in hushed voices with partners, attorneys, and others. Because the federal agents didn’t obtain a court order, the defense attorneys argue the bugging violated Constitutional protections against unreasonable searches and seizures. In a court brief filed Friday in the case, attorneys wrote: It bears repeating that this particular public place was immediately outside a courthouse. Defendants’ expectation that discreet conversations outside a courthouse would remain private is surely one that society is prepared to recognize as reasonable. Private affairs are routinely discussed as citizens, their lawyers, and even judges walk to and from court, and lawyers often take clients aside outside the courthouse for privileged conversations. “Common experience” and “everyday expectations” teach that individuals frequently have private conversations near the courthouse despite the public’s access to this location, and expect that such conversations are not subject to the type of dragnet electronic eavesdropping that took place in this case. According to the filing, agents planted eavesdropping devices in at least three locations: a metal sprinkler box attached to a wall near the courthouse entrance, a large planter box to the right of the courthouse entrance, and vehicles parked on the street in front of the courthouse entrance.
Your phone is listening-literally listening-to your TV (The Atlantic, 19 Nov 2015) - The TV is on in the background, and you’re replying to a quick email on your phone nearby. You don’t know it, but the devices are communicating. During a commercial, the TV emits an inaudible tone and your phone, which was listening for it, picks it up. Somewhere far away, a server makes a note: Both devices probably belong to you. This information about which devices belong to whom is immensely valuable to advertisers hoping to target ads specifically to you. In a simpler time, targeted marketing was easy. Most people had a computer at work and maybe another at home. If you sent an email about your new cat, ads for cat food started cropping up. If you searched for Thanksgiving recipes, Safeway coupons for turkeys appeared in your Facebook newsfeed. Those were good days for advertisers tracking Internet users. It wasn’t so hard to find what people were up to online, because most routinely used just one or two connected devices. But now, between laptops, phones, tablets, wearables, and Internet-enabled cars and TVs, advertisers have access to more information than ever before for ad targeting. They just need to figure out which devices live under the same roof. According to a filing from the Center from Democracy and Technology, a digital human rights and privacy advocacy organization, companies have figured out how to use inaudible sounds to establish links between devices. Here’s how software from SilverPush, a leading provider of “audio beacons,” works: When you visit a website that uses SilverPush tracking technology, the site causes your device to emit an inaudible ultrasonic sound. If any other devices you’ve got lying around-a laptop, a phone, a tablet-has an app installed that includes SilverPush code, it’s listening for that sound. If it hears it, SilverPush knows that the two devices are close to one another and, presumably, belong to the same person. More recently, SilverPush expanded into television advertising: Certain TV commercials include an ultrasonic audio beacon. Any nearby devices running SilverPush software will be listening for the beacon-if a device hears it, it records the match, allowing the company to figure out what ads users watch and for how long, and add that information to the user’s profile.
The Mozilla Delphi cybersecurity study: Towards a user centric cybersecurity policy agenda (Berkman, 29 Sept 2015; 70minutes) - Researcher Camille François leads a discussion of the “ Mozilla Delphi Cybersecurity 1.0. Study: Towards A User Centric Policy Framework “ with Berkman community members Josephine Wolff , Andy Ellis , and Bruce Schneier , who participated in the study. Camille worked for several months with the Mozilla Foundation to orchestrate the study and resulting report. The study used a modified version of the Delphi research technique. More than 30 leading cybersecurity experts from a wide variety of backgrounds - including academia, civil liberties, government and military, security, and technology - participated in the study. Using a pseudonymous format to encourage candid feedback and open dialogue on the issues, the study tackles the following questions: what is the role of policy in cybersecurity? How consensual is the definition of cybersecurity? What are the current priorities for cybersecurity policy? Which issues get too little or too much attention? What are measures that a diverse set of cybersecurity actors can agree on as being both feasible and desirable? The study produced a map of priorities, issues, and solutions for cybersecurity that highlights consensus and dissensus in the space. Join us to discuss the lessons learned in this process and the report’s findings.
Cell phone location tracking laws by state (ACLU, interactive map; Nov 2015) - The map below details the status of cell phone location tracking laws by state. Click on any highlighted state for more information * * *
Negotiating rights to use spatial data (MLPB, 16 Nov 2015) - Teresa Scassa, University of Ottawa, Common Law Section, is publishing Navigating Legal Rights in Spatial Media in Understanding Spatial Media (Kitchin, Lauriault, & Wilson, eds., Sage Publishing, 2016). Here is the abstract: The collection or generation of spatial data is often the result of a significant investment of time, money and labour. As a result, compilations of spatial data have been routinely treated as a form of property. The propertization of data allows an owner to construct fences around the data so as to exclude unauthorized uses. There have been significant debates over access to and use of spatial data resources, particularly those that are in the hands of governments. Many (though not all) governments assert intellectual property rights over their data, and do so as a means of control. The open data movement has pushed for a relinquishment of this control, and this has resulted in the release of government datasets under licenses that contain few if any restrictions. The rapidly evolving data landscape and the ways in which the data revolution is changing both the delivery of government services and the kind and quantity of data generated by these services are poised to transform how ownership of and access to data is negotiated between data owners and data users. In the context of public services, ownership and control issues will be complicated by the presence of private sector companies who partner in the collection and generation of data. This chapter considers the interrelationship between claims to property rights in data and rights to access and use that data in a rapidly changing data environment.
The “where” problem of territory, jurisdiction, and data in cyberspace (Lawfare, 9 Nov 2015) - Jennifer C. Daskal (Washington College of Law, American University) has a forthcoming paper in Yale Law Journal on the vexing question of territoriality and data ( current draft is available on SSRN.com ), “The Un-Territoriality of Data.” This paper focuses on one important aspect of the “where” of electronic data given the nature of today’s Internet technologies - the US Constitutional Fourth Amendment territoriality issues of search and seizure. Here is the SSRN abstract: Territoriality looms large in our jurisprudence, particularly as it relates to the government’s authority to search and seize. Fourth Amendment rights turn on whether the search or seizure takes place territorially or extraterritorially; the government’s surveillance authorities depend on whether the target is located within the United States or without; and courts’ warrant jurisdiction extends, with limited exceptions, only to the border’s edge. Yet the rise of electronic data challenges territoriality at its core. Territoriality, after all, depends on the ability to define the relevant “here” and “there,” and it presumes that the “here” and “there” have normative significance. The ease and speed with which data travels across borders, the seemingly arbitrary paths it takes, and the physical disconnect between where data is stored and where it is accessed, critically test these foundational premises. Why should either privacy rights or government access to sought-after evidence depend on where a document is stored at any given moment? Conversely, why should State A be permitted to unilaterally access data located in State B, simply because technology allows it to do so, without regard to State B’s rules governing law enforcement access to data held within its borders? This article tackles these challenges. It explores the unique features of data, and highlights the ways in which data undermines long-standing assumptions about the link between data location and the rights and obligations that ought to apply. Specifically, it argues that a territorial-based Fourth Amendment fails to adequately protect “the people” it is intended to cover. On the flip side, the article warns against the kind of unilateral, extraterritorial law enforcement that electronic data encourages - in which nations compel the production of data located anywhere around the globe, without regard to the sovereign interests of other nation-states.
“Information as Speech” and the First Amendment (MLPB, 17 Nov 2015) - Kyle Langvardt, University of Detroit Mercy School of Law, is publishing The Doctrinal Toll of ‘Information as Speech’ in volume 47 of the Loyola University Chicago Law Journal (2015). Here is the abstract: The courts over the past two decades have reached a near-consensus that computer code, along with virtually every flow of data on the Internet, is “speech” for First Amendment purposes. Today, newer information technologies such as 3D printing, synthetic biology, and digital currencies promise to remake whole other spheres of non-expressive economic activity in the Internet’s image. The rush to claim First Amendment protections for these non-expressive but code-dependent technologies has already begun with a lawsuit claiming First Amendment privileges for the Internet distribution of 3D-printable guns. Many similar suits will surely follow, all pursuing the common dream of a future-shocked Lochner for a highly-informatized and thoroughly-deregulated economy. This Article argues that the theory of these lawsuits poses little genuine risk to the regulatory state. Instead, the threat is to the clarity and strength of core First Amendment principles. In theory, courts will test regulations of technologies such as digital currencies under the same strict standards that define mainstream First Amendment doctrine. But pragmatic concerns about the government’s ability to regulate economic affairs will put pressure on the same courts to dilute those standards in practice. Over time, these diluted strains will find their way back to the mainstream of First Amendment litigation. The Article concludes with recommendations to mitigate the damage.
LOOKING BACK - MIRLN TEN YEARS AGO
(note: link-rot has affected about 50% of these original URLs)
New rule says agencies must build cyber security into acquisition planning (SANS NewsBytes, 30 September 2005) As of September 30, 2005, contracting officers at federal agencies are required to incorporate cyber security requirements in their acquisition planning. The Federal Acquisitions Regulation Council issued an interim rule and will accept comments on the rule through November 29, 2005. The rule says that acquisition professionals must get advice from IT security specialists, requires contracting officers to abide by FIPS standards and to incorporate “appropriate agency security policy and requirements in IT acquisition.”
Pentagon cut and paste (Asia Times, 5 May 2005)—Talk about rebel technology: the Pentagon this week was not overwhelmed by a dirty bomb or a jet converted into a missile, but by a simple cut and paste job. Like anyone else, the Pentagon uses Adobe Acrobat. At first, the 42 pages of the report which would supposedly shed some light on the March 4 killing of Italian secret agent Nicola Calipari and the wounding of kidnapped journalist Giuliana Sgrena in Baghdad showed up on the Centcom website as a PDF file heavily censored with large sections blacked out - including the significant omission, among others, of the names of all the soldiers involved in the shooting, as well as entire pages. But because the Pentagon failed to save the file properly, all it took was for someone to cut and paste the document into a word-processing application to give Italy and the rest of the world access to the full, uncensored version.