en vpolley@knowconnect.com Copyright 2008 2008-11-15T12:54:00-07:00 http://www.knowconnect.com/mirln/article/mirln_26_october_15_november_2008_v1115/ http://www.knowconnect.com/mirln/article/mirln_26_october_15_november_2008_v1115/#When:12:54:00Z U.S. ARMY WARNS OF TWITTERING TERRORISTS (CNET, 26 Oct 2008) - The U.S. intelligence community is concerned that terrorists might use micro-blogging tool Twitter to coordinate attacks, according to a purported draft Army intelligence report posted on the Web. The report--present by the 304th Military Intelligence Battalion and posted to the Federation of American Scientists Web site--examines the possible ways terrorists could use mobile and Web technologies such as the Global Positioning System, digital maps, and Twitter mashups to plan and execute terrorist attacks. The report, which appears to have been first presented earlier this month, was reported Friday by Wired magazine’s Noah Shachtman. A chapter titled “Potential for Terrorist Use of Twitter,” presents general, introductory information on Twitter and how it works, and describes how the service was used to report details of a recent earthquake in Los Angeles and by activists at the Republican National Convention. The report goes on to say: “Twitter is already used by some members to post and/or support extremist ideologies and perspectives. Extremist and terrorist use of Twitter could evolve over time to reflect tactics that are already evolving in use by hacktivists and activists for surveillance. This could theoretically be combined with targeting.” The report also described scenarios in which terrorists could leverage “potential adversarial use of Twitter,” such as planning ambushes or detonating explosives. http://news.cnet.com/8301-1009_3-10075487-83.html?part=rss&subj=news&tag=2547-1009_3-0-20 CISCO STUDY HIGHLIGHTS COMMON FAILURES OF ENTERPRISE SECURITY POLICIES (eWeek, 28 Oct 2008) - As actor Paul Newman’s character said in “Cool Hand Luke”: “What we’ve got here is a failure to communicate.” The well-known quip is relevant to IT security in many enterprises. According to a survey by InsightExpress, one of the key issues surrounding IT is that many employees simply do not understand or know the security policies their company has in place. The survey was sponsored by Cisco Systems and gathered responses from more than 2,000 employees and IT professionals in 10 countries. What was found was disturbing, if not startling—when asked if their companies had a security policy, there was a 20 to 30 percent gap between what IT professionals said and what other employees said. The largest gaps—31 percent—were in companies in the United States, Brazil and Italy. Taken at face value, what this means is that many employees are oblivious to the security policies a company has in place. Most of the time security policies were passed along to employees via e-mail; an easy way of disseminating information perhaps, but not necessarily the most effective. Beyond the communication factor, there is also a gap between IT’s perceptions of why policies are violated and employees’ true motivations. When employees were asked why they broke security policies, the most popular responses in all 10 countries were either that the policies don’t align with the realities of their job, they need access to applications not included in the policy, or both. When IT pros were asked why employees violated policy, the most popular answers were variations on the theme of apathy and a lack of awareness. http://www.eweek.com/c/a/Security/Cisco-Study-Highlights-Common-Failures-of-Enterprise-Security-Policies/ AUTHORS, PUBLISHERS SETTLE COPYRIGHT SUIT AGAINST GOOGLE (SiliconValley.com, 28 Oct 2008) - Consumers may soon be able to search, preview and buy millions of hard-to-find books, thanks to a deal announced Tuesday between Google and major copyright holders. The deal, which settles a 3-year-old lawsuit, allows Google to scan in and make available any out-of-print book that still has a valid copyright. It can offer subscriptions to universities to its database of such books, sell online access to individual tomes and eventually let consumers print books on demand. “Readers are . . . big winners under the settlement,” said Roy Blount Jr., president of the Authors Guild, which had sued Google. Their dispute, which also involved book publishers, focused on Google’s Book Search program launched in late 2004. It scanned in books from the libraries of such universities as Harvard, Stanford and the University of Michigan to make those libraries more easily searchable for the general public, even displaying snippets of books in response to queries. But Google launched the program without getting the permission of publishers and authors. Rights holders objected to the service, charging that Google stood to profit from their works without compensating them. The Authors Guild and a collection of publishers sued Google in 2005 in U.S. District Court in New York. Under the settlement, which still needs court approval, Google has agreed to pay about $125 million. It will give copyright holders an upfront payment of about $45 million, agree to share proceeds from future book-search-derived revenue and help establish a registry of rights holders to collect and distribute those proceeds. Google will have few limitations on books that are out of print. Unless rights holders explicitly ask Google not to, the company will be able scan such books, display up to 20 percent of their contents and sell subscriptions or individual access to them. The company will be able to do similar things with in-print books, but only with the explicit permission of authors and publishers. http://www.siliconvalley.com/news/ci_10835920?nclick_check=1 Settlement here: http://www.steptoe.com/assets/attachments/3632.pdf OUTSOURCING, OPEN SOURCE AND BUDGET CUTS (InsideHigherEd, 29 Oct 2008) - It turns out information technology wasn’t immune to the past year’s worsening economic conditions. As colleges across the country adjust their budgets and prepare for possible belt tightening ahead, support for campus network and computing functions could take a hit. The evidence can be found in the 2008 Campus Computing Project survey of IT in American higher education, released today at the annual Educause conference, held this week in Orlando. The survey also highlights trends that show no signs of slowing down, such as outsourcing of e-mail services and adoptions of mass notification systems for security purposes, and pinpoints some changes to watch for in the future, such as the acceptance of open source and use of clickers in the classroom. This year’s survey, culled from 531 respondents over the Web from September to October of this year, covers the spectrum of institutions from two-year public colleges to doctoral research universities. As with last year, the No. 1 issue on IT administrators’ minds is network and data security, with 20.3 percent saying it topped their list of concerns. More security incidents on campus continue to result from thefts of computers containing sensitive data as well as intentional employee misconduct, a trend the survey first picked up on last year. While hacking and network attacks continue to be the most-reported security breaches, the frequency of such incidents continues to decrease, from over 50 percent of responding institutions in 2005 to just over 25 percent this year. Ever since last year’s shooting deaths at Virginia Tech, colleges have been scrambling to update their emergency response plans and install instant notification systems that contact students via text message, e-mail and even physical loudspeakers. The survey reports that a year and a half later, nationwide progress is almost complete — with 5.5 percent of respondents reporting that they don’t have such a system in place, compared to 25 percent last year. (That number is highest for community colleges, at 13.1 percent without a system, and lowest for private universities, at 2.3 percent.) http://www.insidehighered.com/news/2008/10/29/computing SOCIAL NETWORKS, THE NEXT EDUCATIONAL TOOL? (InsideHigherEd, 30 Oct 2008) - At last year’s Educause conference, in Seattle, educators pondered what to do about students’ technology habits. Should they try to change them? Accept that they’re here to stay? Try to co-opt them? A lot can change in a year. Many colleges seem to have moved on from the question of whether to follow students’ lead on technologies they prefer, from Web-based e-mail to Facebook to text messaging. Now, the dilemma they face is whether to adapt students’ existing habits — of messaging each other, checking each other’s profiles and browsing upcoming parties — to the educational realm. A study conducted this year at Arizona State University sought to take a closer look at first-year students’ use of social networks, mainly Facebook and MySpace. While many of its findings aren’t surprising on the whole, the survey suggests potentially useful conclusions for educators thinking about how to use social networks to reach out to students — both as college applicants and as enrolled pupils. http://www.insidehighered.com/news/2008/10/30/social SOCIAL NETWORKING SITES “GOOD FOR BUSINESSES” (Reuters, 29 Oct 2008) - Good news for workers addicted to Facebook, Bebo and MySpace—a British think-tank says bosses should not stop their staff using social networking sites because they could actually benefit their firms. The report by Demos said encouraging employees to use networking technologies to build relationships and closer links with colleagues and customers could help businesses rather than damage them. Author Peter Bradwell said that while companies were using specific systems to share information, online social networking sites could also play a role, helping with productivity, innovation and democratic working. However, he said there should be practical guidelines to limit non-work usage. “Bans on Facebook or YouTube are in any case almost impossible to enforce; firms may as well try to put a time limit on the numbers of minutes allowed each day for gossiping,” he wrote. “The answer is not to close down staff access to social network platforms, nor is it investing blindly in collaborative platforms. “Rather, we argue that we need to understand how, once we accept the implications of social networks, we can manage the new challenges and trade-offs.” His research concluded that trying to control the use of sites such as Facebook, which alone boasts more than 100 million users worldwide, could even harm organizations. http://tech.yahoo.com/news/nm/20081029/wr_nm/us_britain_facebook_2 COURT RULES INTERACTIVE SITE ALONE NOT ENOUGH FOR JURISDICTION (BNA’s Internet Law News, 30 Oct 2008) – BNA’s Electronic Commerce & Law Report reports that a federal court in Illinois has ruled that the mere existence of an interactive hotel Web site does not give guests a carte blanche to sue the hotel for injuries wherever the Web site is accessible. The court said that Web accessibility alone did not create the minimum contacts required to exercise jurisdiction over an out-of-state defendant in Illinois. Case name is Linehan v. Golden Nugget. “RED FLAG” IDENTITY THEFT RULES APPLY TO UNSUSPECTING BUSINESSES; FTC EXTENDS COMPLIANCE DEADLINE (Duane Morris Client Advisory, 30 Oct 2008) - The FTC recently announced that it would push back the compliance date for its recent “red flag” rules from November 1, 2008 to May 1, 2009. The “red flag” rules and guidelines require financial institutions and creditors to formulate and implement identity theft prevention programs. In a recent enforcement policy statement, the FTC explained that the new rules applied to a wide range of industries and entities, many of which were not aware until very recently that they would be considered a “financial institution” or “creditor” for purposes of the rules. Many of these businesses were generally not required to comply with FTC rules in other contexts and had not been aware of the red flag rules. Additional rules that were published at the same time as the red flag rules apply specifically to credit and debit card issuers and to certain users of consumer reports and still require compliance by November 1, 2008. YOUTUBE DEEP VIDEO LINKS GO LIVE (CNET, 30 Oct 2008) - On Thursday YouTube introduced a new feature which lets users send a link to a video that will start at the precise time they’ve selected. Similar standalone Web services have offered workarounds for such a feature, however YouTube has gone above and beyond by integrating this into the comments section of each video. Any time a user writes in a time in their comment, YouTube’s system will parse it over and create one of these deep links. For example if you say “The explosion in 2:10 blew my mind” the 2:10 becomes a link to that specific part of the video. So far this only works on direct video URLs and not embedded clips. The time you want the video to start must be appended by hand with #t=_m_s at the end. You have control over the minutes and seconds, which are what go where the underscores are. To show you how this works, [t]here’s a quick demo. http://news.cnet.com/8301-17939_109-10079170-2.html?part=rss&subj=news&tag=2547-1_3-0-5 FEDERAL COURT LIMITS PATENTS ON BUSINESS METHODS (New York Times, 31 Oct 2008) - The decade of patents on business methods looks to be ending. Ten years ago, in a case called State Street Bank vs. Signature Financial Group, a federal circuit court found that novel methods for doing business on computers were patentable. That opened the gates to a flood of “business method patents” of features like Amazon.com’s “1-Click” checkout and Priceline.com’s “name your own price” tools, which involve less technological ingenuity than ethereal inventiveness and legal muscle. This year, the State Street ruling was challenged by a closely observed case that is generally known as re Bilski. On Thursday, the dozen judges of the United States Court of Appeals for the Federal Circuit ruled 9 to 3 to reverse the State Street ruling and end the era of business method patents. In the ruling, the judges said that a proper test for determining patent eligibility is whether an invention is tied to a particular machine or whether it transforms a physical article. The decision will probably be appealed to the Supreme Court, but the larger question is whether the Supremes will hear Bilski or simply let business method patents die quietly. (There is some good analysis of the decision at Techdirt, Patently-O and Groklaw.) The impact of the Bilksi decision will probably be felt most in technology circles, where business method patents have been used to build start-ups and conduct cross-licensing agreements, and by small “troll” firms to legally assault large technology companies. The tech giants “will breathe a sigh of relief,” said Kevin G. Rivette, the former vice president for intellectual property strategy at I.B.M. The trolls will now have considerably weaker legal ammunition, he said. http://bits.blogs.nytimes.com/2008/10/30/federal-court-kills-patents-on-business-methods/?pagemode=prints Good analysis of the case here: http://arstechnica.com/news.ars/post/20081030-appeals-court-limits-software-business-method-patents.html GET THE (INSTANT) MESSAGE, DUDE! (ABA Journal, Nov 2008) - Three different times last summer, I was standing in a line behind teenagers and saw one turn to another and say, “I wish my mom texted.” In fairness, I didn’t hear anyone wish his or her lawyer texted, but I have heard several lawyers tell me their clients want them to use instant messaging. Studies indicate that 2 trillion (yes, trillion) instant messages were sent in 2007. There is a generational aspect to instant messaging, as anyone whose cell plan includes a teenager well knows. However, instant messaging has become increasingly common in the business setting and among cell phone users. And the growing frustration with e-mail has led to use of messaging as an alternative. But some law firms actually prohibit the use of instant messages. It’s time to rethink that approach because lawyers can no longer ignore the medium of messaging. What do you need to know and how should you get started? First and foremost, treat messaging as a serious communication medium—not a fad or toy. Messaging has powerful benefits in many settings, and it addresses problems shared by both e-mail and telephone. http://www.abajournal.com/magazine/get_the_instant_message_dude/ GOOGLE CHANGES JOTSPOT PRIVACY SETTINGS AFTER COMPLAINT (CNET, 31 Oct 2008) - Google said Friday that it was modifying the privacy settings on its JotSpot online collaboration service after a researcher discovered that user e-mail addresses and names were being exposed to the Web without user consent. Ben Edelman, Harvard Business School professor and security researcher, posted a blog entry on Thursday showing how JotSpot user names and e-mail addresses were easily accessible on Google search. After being contacted by CNET News, Google issued a statement disavowing any responsibility by saying that the administrators of the JotSpot groups were responsible for setting the privacy controls. If the information was exposed on the Internet it was because the administrators had made it public. Not satisfied with that response, Edelman pointed out the flaws with that excuse in an update to his original post. JotSpot users didn’t agree to have their names and e-mails made public and Edelman talked to several who said they indeed did not grant consent. Administrator permission is not sufficient to justify the practice, and administrators are not party to the privacy policy “contract” between JotSpot and the users, he added. In addition, Edelman found that the language relaying this responsibility to administrators was not clear and likely led to administrators mistakenly exposing the information to the Web without meaning to. http://news.cnet.com/8301-1009_3-10080549-83.html NO MORE PIRATED DVDS FROM CHINA...MAYBE (CNET, 31 Oct 2008) – If you’ve been copying DVDs using some made-in-China DVD player, think about taking good care of the device, as you might not be able to buy a replacement. The Motion Picture Association of America on Friday announced that its member companies have won a breach of contract lawsuit against China-based DVD player manufacturer Gowell Electronics Limited. The U.S. District Court for the Central District of California issued a permanent injunction that prohibits the manufacturer from violating any term of the Content Scramble System license agreement. The lawsuit started in June of 2008 after an MPAA investigation revealed that Gowell was manufacturing and selling DVD players that lacked the appropriate implementation of the CSS license agreement. CSS technology is a security measure that controls unauthorized access to and copying of copyrighted content on DVDs. The CSS license mandates the content protection that enables film studios to provide consumers with more than 84,000 DVD titles, including 12,000 new titles last year alone. The motion picture studios are third-party beneficiaries of the CSS license and may enforce it against licensees who fail to comply with its terms. While this is the ninth such case in which a court has issued a permanent injunction banning future violations of the license, this time the plaintiffs are allowed to review and test any new or re-engineered products that incorporate the CSS technology before going to market. http://news.cnet.com/8301-1023_3-10080559-93.html PROPELLED BY INTERNET, BARACK OBAMA WINS PRESIDENCY (Wired, 4 Nov 2008) - Barack Obama was elected the 44th president of the United States Tuesday night, crowning an improbable two-year climb that owes much of its success to his command of the internet as a fundraising and organizing tool. Both Obama and Republican rival John McCain relied on the net to bolster their campaigns. But Obama’s online success dwarfed his opponent’s, and proved key to his winning the presidency. Volunteers used Obama’s website to organize a thousand phone-banking events in the last week of the race—and 150,000 other campaign-related events over the course of the campaign. Supporters created more than 35,000 groups clumped by affinities like geographical proximity and shared pop-cultural interests. By the end of the campaign, myBarackObama.com chalked up some 1.5 million accounts. And Obama raised a record-breaking $600 million in contributions from more than three million people, many of whom donated through the web. “He’s run a campaign where he’s used very modern tools, spoke to a new coalition, talked about new issues, and along the way, he’s reinvented the way campaigns are run,” says Simon Rosenberg, president and founder of the nonprofit think-tank NDN, and a veteran of Bill Clinton’s first presidential campaign. “Compared to our 1992 campaign, this is like a multi-national corporation versus a non-profit.” Ironically, it was McCain who first saw the internet’s potential in a presidential race, running an experimental set of targeted banner ads during his doomed 1999 primary battle against George W. Bush. But eight years later, Obama finally teased out the net’s full potential as an election tool. The campaign’s commitment to online organizing took shape during the primaries, when it hired online director Joe Rospars, a veteran of Howard Dean’s web-heavy 2004 campaign, and lured Facebook co-founder Chris Hughes to build its own social networking site, myBarackObama.com. Hughes was intrigued by the challenge. “We were going to be taking on some of the biggest names in politics,” Hughes recalled in an interview last week. As the presidential race heated up, the internet grew from being the medium of a core group of political junkies to a gateway for millions of ordinary Americans to participate in the political process, donating odd amounts of their spare time to their candidate through online campaign tools. Obama’s campaign carefully designed its web site to maximize group collaboration, while at the same time giving individual volunteers tasks they could follow on their own schedules. The scale of Obama’s campaign reached massive proportions. By Election Day, for example, it was asking its cadres of volunteers to make a million phone calls to get out the vote. In addition to fostering grassroots supporters with its social networking tool, the Obama campaign contacted hard-to-reach young voters through text messages, collecting thousands of numbers at rallies and sending out texts at strategic moments to ask for volunteer help or remind recipients to vote. The campaign also launched web pages and online action groups to fight the underground, e-mail whisper campaigns and robo-calls that surfaced in battleground states. In one effort, the campaign urged supporters to send out counterviral e-mails responding to false rumors about Obama’s personal background and tax policies. http://blog.wired.com/27bstroke6/2008/11/propelled-by-in.html and Youth Turnout Rate Rises to at Least 52%: http://www.civicyouth.org/ ; Transition website goes live on 6 November: http://change.gov/ IN ERA OF BLOG SNIPING, COMPANIES SHOOT FIRST (New York Times, 5 Nov 2008)—During past downturns, layoffs were mostly a private affair. Big companies tended to issue vague press releases filled with jargon about “downsizing,” and start-ups often gave people the pink slip without telling the world anything at all. Not anymore. In the age of transparency, the layoff will be blogged. Elon Musk, chief executive of the electric-car company Tesla Motors in San Carlos, Calif., said that he had no choice other than to blog about the Oct. 15 layoffs at the closely watched company — even though some employees had not yet been told they were losing their jobs. Valleywag, a Silicon Valley gossip blog owned by Gawker Media, had already published the news, and it was being picked up by traditional media reporters, Mr. Musk said. “We had to say something to prevent articles being written that were not accurate.” Blogging about staff cuts is particularly prevalent in Silicon Valley, where tech gossip sites pounce on every rumor and Web-savvy employees broadcast their every thought on personal blogs and Twitter feeds. Companies feel pressure to break bad news on their own blogs so that they can better control the message. However, experts in human resources and public relations say it is only a matter of time before companies of all sizes and in all industries will feel compelled to blog about painful news. http://www.nytimes.com/2008/11/05/technology/start-ups/05blog.html?_r=2&ref=business&oref=slogin&oref=slogin WIFI GAINS STRENGTH IN CITIES (Washington Post, 5 Nov 2008) - Over the past three years, large cities and rural towns promised to bring WiFi to every street corner, park bench and doorstep. The wireless service was to be the key to extending cheap Internet access to underserved areas and low-income neighborhoods. But the efforts largely fell flat as Internet service providers abandoned the projects, which proved to be far more expensive than expected, leaving cities such as Philadelphia and Chicago—as well as Alexandria and Arlington—disconnected and discontent. Many municipalities decided to move forward by investing in the technology themselves. The souring economy has further encouraged some cities to experiment with building their own networks as a way to spur economic development. Having a stake in the network means police officers, building inspectors and paramedics, for example, can access the network while working in the field, and the government can sell excess capacity to residents and businesses. Some communities are providing free WiFi to attract shops and offices to slumping areas. Such experiments come as federal officials try to shape broadband policies. The United States has fallen behind other countries in terms of broadband speed and reach, according to the Organization for Economic Cooperation and Development, an international organization. http://www.washingtonpost.com/wp-dyn/content/article/2008/11/04/AR2008110403443.html BEFORE YOU CLICK ‘BUY,’ SEARCH FOR COUPONS (CNET, 6 Nov 2008) - There I was, about to order something from Buy.com for Mrs. Cheapskate (am I way ahead on holiday shopping? Yes I am!), when I noticed the ever-popular Promotion Code box. Rats, I thought--I don’t have a promotion code. But then, a light bulb: maybe the Web does. A quick Google search later (“Buy.com promotion code”), I’d snagged a 5-percent-off coupon. Total savings: $7.50. Not a fortune by any stretch, but a pretty good return on my 30-second Google effort. There’s also a site called DealLocker that collects coupons under one roof for easier searching and browsing. I’ve done this a few times before. While at the checkout page for an online store, I’ll pop open a new browser tab and search for coupon codes. Sometimes the results are fruitful, like today, but not always. Sometimes the codes are expired or invalid. But, hey, it never hurts to try. The moral of the story: a few minutes of searching can often save you a few bucks--and maybe even more than a few. Give it a try the next time you buy. http://news.cnet.com/8301-13845_3-10083201-58.html?part=rss&subj=news&tag=2547-1_3-0-5 HALLIBURTON TRIES TO PATENT FORM OF PATENT TROLLING (Techdirt, 7 Nov 2008) - We see all sorts of ridiculous patent applications and patents, but my favorites tend to be the patents that have to do with patents themselves (such as the patent app on a method for filing a patent). However, the folks over at Patently-O have highlighted a fascinating patent application from an attorney at Halliburton, which appears to be an attempt to patent the process of patent trolling. The application covers, quite explicitly, having a company (we’ll say Company A) that does not invent something, find a company (Company B) that did invent something, but chose to use trade secret protection, rather than patents. Then, the Company A files a patent covering Company B’s technology, and then use the issued patent to get money out of Company B. http://techdirt.com/articles/20081107/0118162765.shtml Application at http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=/netahtml/PTO/search-bool.html&r=1&f=G&l=50&co1=AND&d=PG01&s1=20080270152&OS=20080270152&RS=20080270152 FAIR USE GROUP COMES UP WITH CLASSROOM COPYRIGHT PRIMER (ArsTechnica, 11 Nov 2008) - As various forms of media have gone digital, it has become far easier to make exact copies of material, including material that happens to be under copyright. Content owners have attempted to restrict the copying of this media through laws like the DMCA and legal campaigns against file-sharing, but these efforts have often ignored the concept of fair use entirely. A group of academics involved in media studies has now issued a series of fair use best practices, some of which apply to an audience well beyond the group that drafted the document. The field of media studies is expected to be especially sensitive to fair use, as the text of the guidelines notes. The basic material it covers will often be covered by copyright, meaning that even the preparing of a course outline or readying lecture materials will often involve making copies of copyrighted text, images, music, or videos. Any class assignments are likely to require that their students wind up duplicating copyrighted works, too. As a result, it’s no surprise that the field is especially sensitive to copyright and fair use. http://arstechnica.com/news.ars/post/20081111-fair-use-group-comes-up-with-classroom-copyright-primer.html [The referenced best practice resource is here: ]http://www.centerforsocialmedia.org/resources/publications/code_for_media_literacy_education/] AFTER BANNING YOUTUBE, MILITARY LAUNCHES TROOPTUBE (Washington Post, 11 Nov 2008) - The U.S. military, with help from Seattle startup Delve Networks, has launched a video-sharing Web site for troops, their families and supporters, a year and a half after restricting access to YouTube and other video sites. TroopTube, as the new site is called, lets people register as members of one of the branches of the armed forces, family, civilian Defense Department employees or supporters. Members can upload personal videos from anywhere with an Internet connection, but a Pentagon employee screens each for taste, copyright violations and national security issues. Part of Delve’s work was to build speedy tools for approving and sorting incoming videos. Its technology also crunches video files into several sizes and automatically plays the one that best suits viewers’ Internet connection speeds. But the startup’s real forte is making sure searches on the site turn up the best video results. Delve’s system turns a video’s sound into a text transcript. It pares unimportant words like “this” and “that,” then compares what’s left against a massive database of words commonly uttered in proximity to each other, collected from crawling hundreds of millions of Web pages. http://www.washingtonpost.com/wp-dyn/content/article/2008/11/11/AR2008111101741.html GOOGLE USES SEARCHES TO TRACK FLU’S SPREAD (New York Times, 12 Nov 2008) - There is a new common symptom of the flu, in addition to the usual aches, coughs, fevers and sore throats. Turns out a lot of ailing Americans enter phrases like “flu symptoms” into Google and other search engines before they call their doctors. Tests of the new Web tool from Google.org, the company’s philanthropic unit, suggest that it may be able to detect regional outbreaks of the flu a week to 10 days before they are reported by the Centers for Disease Control and Prevention. In early February, for example, the C.D.C. reported that the flu cases had recently spiked in the mid-Atlantic states. But Google says its search data show a spike in queries about flu symptoms two weeks before that report was released. Its new service at google.org/flutrends analyzes those searches as they come in, creating graphs and maps of the country that, ideally, will show where the flu is spreading. The C.D.C. reports are slower because they rely on data collected and compiled from thousands of health care providers, labs and other sources. Some public health experts say the Google data could help accelerate the response of doctors, hospitals and public health officials to a nasty flu season, reducing the spread of the disease and, potentially, saving lives. Google Flu Trends avoids privacy pitfalls by relying only on aggregated data that cannot be traced to individual searchers. To develop the service, Google’s engineers devised a basket of keywords and phrases related to the flu, including thermometer, flu symptoms, muscle aches, chest congestion and many others. Google then dug into its database, extracted five years of data on those queries and mapped it onto the C.D.C.’s reports of influenzalike illness. Google found a strong correlation between its data and the reports from the agency, which advised it on the development of the new service. http://www.nytimes.com/2008/11/12/technology/internet/12flu.html?_r=1&hp&oref=slogin TEXAS COURT DECLINES NOTICE OF WIKIPEDIA ENTRY (BNA’s Internet Law News, 13 Nov 2008) - BNA’s Electronic Commerce & Law Report reports that the Texas Court of Criminal Appeals held Oct. 23 in an unpublished opinion that the fact that anyone can anonymously edit content on Wikipedia makes content on the site inappropriate for judicial notice. Case name is Flores v. State. FOR A WASHINGTON JOB, BE PREPARED TO TELL ALL (New York Times, 13 Nov 2008) - Want a top job in the Obama administration? Only pack rats need apply, preferably those not packing controversy. A seven-page questionnaire being sent by the office of President-elect Barack Obama to those seeking cabinet and other high-ranking posts may be the most extensive — some say invasive — application ever. The questionnaire includes 63 requests for personal and professional records, some covering applicants’ spouses and grown children as well, that are forcing job-seekers to rummage from basements to attics, in shoe boxes, diaries and computer archives to document both their achievements and missteps. Only the smallest details are excluded; traffic tickets carrying fines of less than $50 need not be reported, the application says. Applicants are asked whether they or anyone in their family owns a gun. They must include any e-mail that might embarrass the president-elect, along with any blog posts and links to their Facebook pages. The application also asks applicants to “please list all aliases or ‘handles’ you have used to communicate on the Internet.” http://www.nytimes.com/2008/11/13/us/politics/13apply.html?_r=1&hp&oref=slogin NIST OFFERS GUIDELINES FOR SECURING CELL PHONES AND PDAS (Steptoe & Johnson’s E-Commerce Law Week, 13 Nov 2008) - The National Institute of Standards and Technology recently released a set of “Guidelines on Cell Phone and PDA Security.” These guidelines note that the size, portability, and wireless interfaces of cell phones and PDAs can expose these devices to loss, theft, unauthorized access, malware, spam, and electronic eavesdropping and tracking. In an effort to mitigate these threats, the guidelines recommend that organizations encrypt any sensitive information stored on cell phones or PDAs, use passwords and other means of authentication to control access to these devices, and establish a “mobile device security policy,” among other actions. While the guidelines were prepared for use by Federal agencies, NIST notes that they may also be used by business and other nongovernmental organizations. The guidelines could thus offer another source for future courts and regulators to consult when determining whether a company had “adequate” security measures in place when they suffered a data breach. http://www.steptoe.com/publications-5706.html NIST guidelines here: http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf [Editor: among the recommendations are: “enable non-cellular wireless interfaces only when needed” and “minimize functionality”.] CORPORATE GOVERNANCE OF PUBLIC WEB SITES (Law.com, 14 Nov 2008) - The Securities and Exchange Commission’s interpretive guidance released in August on the use of company Web sites for compliance with the disclosure requirements under the Securities Exchange Act of 1934 and the antifraud provisions of the securities laws highlights the need to include Web site review as part of a public company’s corporate governance program. This SEC Web site release is part of the SEC’s continued efforts to promote the use of a company Web site as a disclosure vehicle for the dissemination of important information to investors. The release focuses on the SEC’s existing position that provisions of the federal securities laws apply to information posted on or hyperlinked to the company’s Web site. From a corporate governance perspective, as the corporate Web site and securities regulatory compliance become more intertwined, the Web site not only serves as a communications medium, but also as a compliance tool that has to be appropriately managed. This article describes methods of effectively complying with the new SEC guidance related to company Web sites. http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202426010486&rss=newswire RESOURCES WHY I BLOG (by Andrew Sullivan, The Atlantic, November 2008) – Interesting, useful perspective on becoming a blogger. http://www.theatlantic.com/doc/200811/andrew-sullivan-why-i-blog E-DISCOVERY LEGAL GUIDES (Law.com, 7 Nov 2008) - Lawyer Michael Arkfeld is a leading expert on electronic data discovery and author of the treatise, Arkfeld on Electronic Discovery and Evidence. Recently, Arkfeld (a member of Law Technolony News’s Editorial Advisory Board) launched a comprehensive e-discovery Web site, Arkfeld’s eLawExchange. A standout feature of this free site is a database of e-discovery case law and rules from all 50 states. Enter a keyword and select a state to find the applicable entries, or simply select a state to find all cases from that jurisdiction. A second database contains information on individuals and companies that provide EDD services and consulting. Other features of the site include articles on EDD and a collection of “litigation intelligence links” to Web resources that are particularly useful to litigators. http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202425845155&rss=newswire eLawExchange (free registration required): http://www.elawexchange.com/ MIRLN 2008-11-15T12:54:00-07:00 http://www.knowconnect.com/mirln/article/mirln_5_25_october_2008_v1114/ http://www.knowconnect.com/mirln/article/mirln_5_25_october_2008_v1114/#When:11:41:00Z ELECTION NOTES Yesterday’s New York Times Editorial begins with: “Hyperbole is the currency of presidential campaigns, but this year the nation’s future truly hangs in the balance.” Of course your vote is important. AARP has produced a short video, which you can tailor for your own audience: http://aarpvote08.com/?d=VmluY2UgUG9sbGV5. US ELECTION MAPS (going back to the year 1789): http://www.270towin.com/ VIDEOING YOUR VOTE (Harvard’s Citizen Media Law Project; 4 minutes YouTube): http://www.youtube.com/watch?v=DKhTNNXJIJQ Reference materials at http://www.citmedialaw.org/legal-guide/documenting-your-vote START OF MIRLN NEWS FBI Creates Knowledge Wiki (FCW, 26 Sept 2008) - The FBI is testing a new collaborative internal Web site, or wiki, called Bureaupedia that officials say will enable users to create an encyclopedia of lessons learned, best practices and subject-matter expertise. Officials see Bureaupedia as a knowledge management tool that will let agents and analysts share their experiences to ensure that their accumulated insight remains after they retire. The project is a collaborative effort between FBI’s chief knowledge officer and chief technology officer. “An agent that retires after 30 years leaves with all of that — what we call a tacit knowledge — everything leaves with him,” said Zalmai Azmi, FBI’s chief information officer, who will be retiring in October. That includes “best practices, things that he did differently, things that he wishes he had done differently.” The FBI’s new wiki uses the same open-source software as Wikipedia, and after the test period is complete, the agency will launch it on the FBI’s secure intranet, FBINet. Azmi said Bureaupedia gives the FBI a platform for capturing knowledge and information that otherwise might not be available. The information will be useful for the next administration and available through Bureaupedia, he said. An FBI spokesman said Bureaupedia will also let users link to articles in Intellipedia, the Office of the Director of National Intelligence’s wiki for the intelligence community. “The bureau has a lot of information,” Azmi said. “We have petabytes of data. Bringing all of that [onto] what we call an information grid so we can easily search is our goal for the future.” http://www.fcw.com/online/news/153926-1.html CALIFORNIA MAKES IT A CRIME TO ‘SKIM’ RFID TAGS (ComputerWorld, 2 Oct 2008) - This week, California became the second state to enact a law making it illegal to steal data from radio frequency identification (RFID) cards. The law sets a penalty that includes a maximum fine of $1,500 and up to a year in prison for someone convicted of surreptitiously reading information from an RFID card. The California bill makes exceptions for certain emergency situations, such as permitting a health care worker to scan someone’s RFID-enabled health card in order to help the person. Also, police officers would be allowed to view information on an RFID card with a warrant. Earlier this year, Washington became the first state to pass a law against the theft of RFID data. Washington’s law makes it a class C felony to steal data from an RFID card specifically for the purpose of fraud, identity theft or other illegal purposes. If convicted under the law, a person could receive up to five years in prison and be fined as much as $10,000. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9116133&source=rss_news CONGRESSMEN FINALLY ALLOWED ON YOUTUBE (CNET, 3 Oct 2008) - Members of Congress can finally use Web sites like YouTube, after committees in both the House and Senate adopted new rules allowing members to post content outside of the .gov domain, as long as it is for official purposes. The House Rules Committee approved the change for the House of Representatives on Thursday, while the Senate Rules and Administration Committee adopted the new rules on September 19. “In addition to their official (house.gov) Web site, a member may maintain another Web site(s), channel(s) or otherwise post material on third-party Web sites,” the new House rules read. They also allow members to provide links to or embed outside content on their official sites, provided they include an exit notice indicating the visitor is leaving the House. The Senate rules also allow for links to be added to official sites. They allow senators to use any third-party site of their choice, but the senators will have an “approved list” of sites for reference. House Speaker Nancy Pelosi (D-Calif.) called the change “a significant step forward toward bringing House rules into the multimedia age and allowing for members to effectively communicate with their constituents online.” Many members of Congress have, in spite of the rules, already been posting content to YouTube. http://news.cnet.com/8301-13578_3-10058034-38.html HOLLYWOOD SWOOPS ON PLAYSCHOOLS (Times of London, 5 Oct 2008) - Playschools have been given an unexpected lesson on copyright law after a company representing Hollywood studios demanded that each child pay a fee of €3 plus 17.5% Vat per year to watch DVDs in their playgroup. The Motion Picture Licensing Company (MPLC), which collects royalties on behalf of companies such as Walt Disney, Universal and 20th Century Fox, wrote to 2,500 playschools last month warning that it is illegal to show copyrighted DVDs in public without the correct license. The letter was sent with the approval of the Irish Preschool Play Association (IPPA), which represents the schools and their 50,000 children. The MPLC had wanted €10, plus Vat per year for each child, but the IPPA negotiated for the lower fee. Despite the reduction, playschool managers have reacted angrily to the offer of an “umbrella license” which “gives you access to 1000s of films”. “To be honest, when I got the letter with the IPPA newsletter I laughed and binned it,” said Paula Doran, manager of Kiddies Korner, a community playschool in Shankill, south Dublin. “If we brought in something like that the parents would have to pick up the costs. But I don’t like the way they went about it — once you signed up they’d automatically take money out of your account every year.” http://www.timesonline.co.uk/tol/news/world/ireland/article4882658.ece US NATIONAL SECURITY AGENCY RELEASES SECURE SOFTWARE PROJECT TO OPEN SOURCE COMMUNITY (EarthTimes, 6 Oct 2008) - The development of highly secure, low defect software will be dramatically helped by the release of the Tokeneer research project to the open source community by the US National Security Agency (NSA). The project materials, including requirements, security target, specifications, designs, source code, and proofs are now available at http://www.adacore.com/tokeneer. The Tokeneer project was commissioned by the NSA from UK-based Praxis High Integrity Systems as a demonstrator of high-assurance software engineering. Developed using Praxis’ Correctness by Construction (CbyC) methodology it uses the SPARK Ada language and AdaCore’s GNAT Pro environment. The project has demonstrated how to meet or exceed Evaluation Assurance Level (EAL) 5 in the Common Criteria thus demonstrating a path towards the highest levels of security assurance. The unprecedented release of the project into the open source community aims to demonstrate how highly secure software can be developed cost-effectively, improving industrial practice and providing a starting point for teaching and academic research. Originally showcased in a conference paper in 2006, it has the long-term aim of improving the development practices of NSA’s contractors. Tokeneer was created as a fixed-price project, taking just 260 person days to create nearly 10,000 lines of high-assurance code, achieving lower development costs than traditional methods per line of code. http://www.earthtimes.org/articles/show/us-national-security-agency-releases,567377.shtml REPORT: DATA BREACHES EXPOSE ABOUT 30M RECORDS IN ‘08 (Washington Post, 6 Oct 2008) - U.S. corporations, governments and universities reported a record 516 consumer data breaches in the first nine months of this year, incidents prompted chiefly by hackers and employee theft, according to a report released today by a nonprofit group that works to prevent fraud. The Identity Theft Resource Center, of San Diego, found that this year’s data breach tally has easily eclipsed 2007’s 446 incidents. At an average of 57 caches of consumer data reported lost or stolen each month, U.S. organizations are on track to divulge at least 680 breaches by the end of 2008. About 80 percent of the breaches involved digital records, while the remainder stemmed from the loss, theft or exposure of paper-based records. A description of each incident is available in the Identity Theft Resource Center ‘s 2008 Breach List. Some 30 million records on consumers have been exposed so far this year. But experts say that figure almost certainly masks a much larger problem, as there is currently no federal requirement for organizations that experience a data breach or loss to acknowledge precisely how many consumers nationwide may have been affected. http://voices.washingtonpost.com/securityfix/2008/10/516_data_breaches_in_2008_expo.html E-TEXTBOOKS FOR ALL (InsideHigherEd, 7 Oct 2008) - Many observers, both in academe and in the publishing industry, believe it’s only a matter of time before electronic textbooks become the norm in college. Some campuses in particular may already be getting a glimpse of the future through partnerships with individual publishers or with consortiums. Such deals tend to offer students a choice in addition to their current options in the hope that they’ll opt for the cheaper alternative. In contrast to that model, and through a partnership with the publisher John Wiley & Sons, an experiment soon to be underway at the University of Texas at Austin will shift certain classes entirely to e-textbooks. Beginning next semester, for the initial pilot phase of one to two years, the university will cover the electronic materials for the approximately 1,000 students enrolled in a handful of courses in largely quantitative subjects such as biochemistry and accounting. By purchasing in bulk on a subscription model, the university initially hoped for a “per student per book” cost of $25 to $45. (Wiley hasn’t publicized a final price range, so it’s unclear whether it will be that low.) The idea of the “beta test,” as the university dubs it, is to see how students and faculty respond to e-textbooks and to decide whether they could be deployed on a larger scale. http://www.insidehighered.com/news/2008/10/07/ut SEVENTH CIRCUIT RULES THAT WARRANTS FOR ELECTRONICALLY STORED COMMUNICATIONS ARE VALID NATIONWIDE (Steptoe & Johnson’s E-Commerce Law Week, 9 Oct 2008) - The Seventh Circuit recently ruled that the broader territorial jurisdiction rules that apply to warrants for the disclosure of stored communications under the Electronic Communications Privacy Act (ECPA) override the territorial restrictions on search warrants established in the Federal Rules of Criminal Procedure. In United States v. Berkos, the court found that ECPA section 2703(a) permits a court with jurisdiction over an offense to issue a search warrant for the disclosure, in any jurisdiction, of electronic communications held in storage by a communication provider for 180 days or less—despite the fact that Federal Rule of Criminal Procedure 41(b) authorizes search warrants only for property “within the district.” The Seventh Circuit therefore upheld a district court’s ruling that a search warrant issued by a Judge in Illinois, where an investigation into the defendant’s failure to pay child support was ongoing, was valid in Texas, where it was served on a company that hosted the defendant’s websites. Given the clear language of section 2703 and the fact that at least one other federal court has reached a similar conclusion, the Seventh Circuit’s ruling is unsurprising. Nonetheless, communications providers should be aware that they can expect to be served with warrants for stored communications from any federal court in the country. http://www.steptoe.com/publications-5616.html Ruling here: http://www.steptoe.com/attachment.html/3556/527d.pdf CT RULES SEARCH ENGINE CACHING NOT INFRINGING WHEN SITE FAILS TO OPT-OUT (BNA’s Internet Law News, 10 Oct 2008) - BNA’s Electronic Commerce & Law Report reports that a federal court in Pennsylvania has ruled that a copyright owner who makes his works freely available online and who does not opt out of search engine caching cannot successfully argue that search engines directly infringed his copyright by displaying cached copies. The court said that a copyright owner who chose not to opt out of caching had impliedly licensed search engines to create caches. Case name is Parker v. Yahoo! Inc. BUSH SIGNS CONTROVERSIAL ANTI-PIRACY LAW (Washington Post, 13 Oct 2008) - President George W. Bush signed into law on Monday a controversial bill that would stiffen penalties for movie and music piracy at the federal level. The law creates an intellectual property czar who will report directly to the president on how to better protect copyrights both domestically and internationally. The Justice Department had argued that the creation of this position would undermine its authority. The law also toughens criminal laws against piracy and counterfeiting, although critics have argued that the measure goes too far and risks punishing people who have not infringed. The Recording Industry Association of America and Motion Picture Association of America backed the bill, as did the U.S. Chamber of Commerce. Richard Esguerra, spokesman for the Electronic Frontier Foundation, said he was relieved to see lawmakers had stripped out a measure to have the Justice Department file civil lawsuits against pirates, which would have made the attorneys “pro bono personal lawyers for the content industry.” http://www.washingtonpost.com/wp-dyn/content/article/2008/10/13/AR2008101301551.html GERMAN COURT: GOOGLE IMAGE THUMBNAILS INFRINGE ON COPYRIGHT (ArsTechnica, 13 Oct 2008) - As much as people complain about the challenges of balancing copyrights and fair use in the US, overseas courts have been happy to provide examples that remind us that some aspects of US copyright law are actually fairly liberal. The latest such reminder comes courtesy of a case in Germany that revisits an issue that appears settled in the US: the right of image search services to create thumbnails from copyrighted works to display with the search results. The German courts have now determined that this is not OK in Germany, where Google has just lost two copyright suits over image thumbnails. This is not the first tussle of this sort that Google has been involved with. The company had initially lost a copyright case based on its creation of thumbnails from porn site Perfect 10, but ultimately prevailed on appeal in that case. Although the appeal did not clarify all the legal issues, it did determine that the creation of thumbnails fell within the exceptions granted by US copyright law for transformative use. http://arstechnica.com/news.ars/post/20081013-german-court-google-image-thumbnails-infringe-on-copyright.html Google appeals: http://www.siliconvalley.com/news/ci_10736872 OPENOFFICE.ORG LAUNCHES FIRST NATIVE MAC OS X SUITE (Computer World, 14 Oct 2008) - OpenOffice.org yesterday released the first version of its open-source application suite written for Mac OS. OpenOffice.org issued a beta of its flagship suite five months ago, but yesterday’s release marked the first final code from the open-source project that doesn’t require Mac users to install X11, a Unix windowing environment. The new OpenOffice.org 3.0 only runs on Intel-based Macs; systems powered by the older PowerPC processors can download and run an older 2.x edition that requires X11. OpenOffice.org 3.0 includes a slew of new features and improvements to the suite’s word processing, spreadsheet, presentation and database applications. Other enhancements and additions include support for the new file formats that debuted in Microsoft Office 2007 and Microsoft Office for Mac 2008. OpenOffice.org is one of the few rivals of Microsoft Corp.’s market-leading suite, Microsoft Office. The current Mac version, Office 2008 for Mac, starts at $149. Apple Inc. also sells a suite, dubbed iWork ‘08, that offers a word processor, spreadsheet and presentation maker. iWork retails for $79 for a single-user license, $99 for a five-license family pack. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117144&source=rss_news MASSACHUSETTS FORCES BUSINESSES TO IMPLEMENT SWEEPING INFORMATION SECURITY MEASURES BY JANUARY 1, 2009 (Duane Morris Client Alert, 14 Oct 2008) - The Commonwealth of Massachusetts recently adopted regulations requiring all businesses that own, license, store or maintain personal information about a resident of Massachusetts to adopt a comprehensive, written information security program. The security program must include a computer security system that encrypts all records and files containing personal information, including all employee and consumer information. http://www.duanemorris.com/alerts/alert3005.html EXCEL ERROR LEAVES BARCLAYS WITH MORE LEHMAN ASSETS THAN IT BARGAINED FOR (ComputerWorld, 14 Oct 2008) - A reformatting error in an Excel spreadsheet has cropped up in the largest bankruptcy case in U.S. history, prompting a legal motion by Barclays Capital Inc. to amend its deal to buy some of the assets of Lehman Brothers Holdings Inc. The law firm representing Barclays filed the motion on Friday in U.S. Bankruptcy Court for the Southern District of New York, seeking to exclude 179 Lehman contracts that it said were mistakenly included in the asset purchase agreement. The firm — Cleary Gottlieb Steen & Hamilton LLP — said in the motion that one of its first-year law associates had unknowingly added the contracts when reformatting a spreadsheet in Excel. According to the motion, Barclays sent the spreadsheet containing the list of contracts to Cleary Gottlieb at 7:48 p.m. EDT on Sept. 18. The spreadsheet — which contained almost 1,000 rows of data with a total of more than 24,000 individual cells — needed to be reformatted and converted into a PDF file so it could be posted on the bankruptcy court’s Web site before midnight. At 11:37 p.m., Cleary Gottlieb sent the converted file to the court, the motion said. However, contracts that had been marked as “hidden” in the spreadsheet when it was received by the law firm were added to the purchase offer during the reformatting process, according to the motion. Those contracts weren’t supposed to be part of the deal; they also were marked with an “N” for “No” in the original version of the spreadsheet, Cleary Gottlieb said in the motion. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9117143&source=NLT_PM&nlid=8 Clear y Gottlieb motion here: http://abovethelaw.com/Barclays%20Relief%20Motion.pdf THE MET OPERA WILL OFFER PERFORMANCES ON THE WEB (New York Times, 14 Oct 2008) - In the Metropolitan Opera’s relentless quest to exploit all media, the company next Wednesday will start making many video and audio broadcasts available for Internet streaming on demand. Met Player, as the service is called, will be available through the Met’s Web site, metopera.org. At its inauguration, on the 125th anniversary of the Met’s first show, users will be able to choose from 13 high-definition video performances, 37 standard video recordings and 120 audio broadcasts dating to 1937. The company said it planned to add performances regularly, drawing on its vast historical archives and its continuing high-definition broadcasts. The catalog features classics like a “Lucia di Lammermoor” performance with Joan Sutherland and one with Maria Callas; a “Walküre” with Birgit Nilsson as Brünnhilde; a “Trovatore” with Leontyne Price and Franco Corelli; and a “Carmen” with Rosa Ponselle, in one of her rare full-length recorded performances. More recently, there are the “Tristan und Isolde” with Deborah Voigt and Robert Dean Smith, conducted by James Levine, and “I Puritani” with Anna Netrebko, each in high definition. For $3.99 or $4.99 per streamed opera, users will have a six-hour window in which to listen to or watch a production, once it has started. A monthly subscription for $14.99 brings unlimited streaming, while a yearly subscription costs $149.99. The technical demands are relatively substantial for the high-definition videos and what the Met calls “optimal” performance: a broadband connection, naturally, as well as a fast processor (2.0 GHz Dual Core) and one gigabyte of RAM. Computers less than two years old are recommended. http://www.nytimes.com/2008/10/15/arts/music/15met.html?_r=2&partner=rssuserland&emc=rss&oref=slogin&oref=slogin YOUTUBE, PBS URGE PEOPLE TO RECORD VOTING (SiliconValley.com, 15 Oct 2008) - If voters see problems on Election Day, YouTube and PBS want them to whip out their video cameras and throw the footage onto a new Web site for documenting voters’ experiences on Nov. 4. But the organizations also have a stern warning for overzealous would-be documentarians: Be careful of state laws about filming in or near polling places or you might wind up tossed out or in handcuffs. PBS and YouTube, Mountain View, Calif.-based Google Inc.’s popular free video-sharing site, have rolled out a new channel on YouTube for cataloguing the short videos voters are encouraged to make about their own experiences or others’ in casting their ballots. The “Video Your Vote” site encourages voters to “document the energy and excitement, as well as any problems you may see” and upload videos between 30 seconds and three minutes long. The site also has links to PBS programs on YouTube and interviews with election experts. Some problems people are encouraged to look out for include excessively long lines, glitches with voting machines or “overly aggressive” voter identification procedures. The site also links to documents from the Citizen Media Law Project outlining problems that might come from trying to record the voting process. For example, Florida, Georgia and Michigan prohibit photos and recording equipment in polling places, while in some other states the law is unclear, according to the group. Other laws restrict activities outside the polling place in designated “buffer zones,” which are typically 100 feet from the entrance or interior voting area. http://www.siliconvalley.com/news/ci_10728274?nclick_check=1 FBI TARGETS RISE IN CYBERCRIME FROM U.S. AND ABROAD (CNET, 15 Oct 2008) - The threat of cybersecurity attacks are on the rise from organized crime, terrorists, and foreign governments, an FBI official warned on Wednesday. There are a “couple dozen” countries interested in breaching U.S. networks, said Shawn Henry, assistant director of the FBI cyber division, though he declined to list any specific countries. The attempted attacks on U.S. networks are “increasingly sophisticated” and “the amount of information that has been stolen is significant,” Henry said. In particular, the use of botnets continues to increase, he said, while companies have lost tens of millions of dollars from “pump and dump” schemes in which criminals buy and sell stocks with other people’s account information harvested online. “A lot of the financial loss we see (due to) organized (crime) has increased because of the greater sense of money to be made, the awareness of the access to a greater rewards,” Henry said. http://news.cnet.com/8301-13578_3-10067330-38.html NEW PCI DATA SECURITY STANDARD MANDATES STRONGER WIRELESS SECURITY (Steptoe & Johnson’s E-Commerce Law Week, 16 Oct 2008) - The Payment Card Industry (PCI) Security Standards Council released version 1.2 of its Data Security Standard (DSS) on October 1. As we have previously reported, the DSS requires all participating “merchants, banks, [and] POS [point of sale] vendors”—as well as their service providers and other contractors—to implement six sets of security requirements: build and maintain a secure network, protect card holder data, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy. The new version of the DSS requires covered entities to ensure that “wireless networks transmitting cardholder data or connected to the cardholder data environment ... use industry best practices (for example, IEEE 802.11i) to implement strong encryption for authentication and transmission.” It also bars covered entities from using WEP security to protect wireless networks after June 30, 2010. In addition to enhancing security for wireless networks, version 1.2 provides standard “attestation of compliance” forms for merchants and service providers and clarifies many existing requirements and procedures. http://www.steptoe.com/publications-5664.html [Editor: How could WEP possibly satisfy a best-practice standard today, much less through June 2010?] E-DECEPTIVE CAMPAIGN PRACTICES TECHNOLOGY REPORT RELEASED (BeSpacific.com, 20 Oct 2008) - “EPIC’s voting project releases the first report on the technology of deceptive campaign practices. Deceptive campaigns are attempts to misdirect voters regarding the voting process for public elections. Deceptive campaign activity can be false statements about polling times, date of the election, or voter identification rules. The EPIC report reviews the potential for abuse of Internet technology in an election context, and makes recommendations on steps that could be taken by Election Protection, Election Administrators, and voters to protect the integrity of the upcoming election. A legal and policy companion of the report was simultaneously released by Common Cause and the Lawyers Committee for Civil Rights Under Law. For more information, see EPIC’s Voting Privacy page and Voting Project.” http://www.bespacific.com/mt/archives/019596.html EPIC report at http://votingintegrity.org/pdf/edeceptive_report.pdf AMERICAN AIRLINES SUES YAHOO OVER SEARCH TERMS (Washington Post, 21 Oct 2008) - American Airlines is suing Yahoo Inc. for trademark infringement, a case similar to one that the nation’s largest airline settled this summer against Google Inc. The airline complains that when computer users enter American’s trademark terms such as AAdvantage, the name of its frequent-flier program, in a search they can be directed to competitors who pay Yahoo for the traffic. American filed its lawsuit last week in U.S. District court in Fort Worth for unspecified damages, legal costs and money to run a “corrective” advertising campaign. Kelley Benander of Yahoo said, “We have confidence in our trademark policies and are prepared to defend them in court.” Yahoo’s policy allows advertisers to use the trademark terms of others only if it refers to the trademark “without creating a likelihood of consumer confusion.” American, a unit of Fort Worth-based AMR Corp., reached a confidential settlement of a similar lawsuit against Google this summer, also in federal court in Fort Worth. Each side agreed to pay its own legal fees, and American got nothing from Google. But Google searches for “American Airlines” or “AAdvantage” no longer produce paid ads along the right side of the portal screen. Google had prevailed in previous lawsuits filed by other companies over their paid search advertising practices using trademark terms. http://www.washingtonpost.com/wp-dyn/content/article/2008/10/21/AR2008102101649.html?sub=AR Eric Goldman’s commentary on this: http://blog.ericgoldman.org/archives/2008/10/american_airlin_2.htm DUTCH YOUTHS CONVICTED OF VIRTUAL THEFT (Washington Post, 21 Oct 2008) - A Dutch court has convicted two youths of theft for stealing virtual items in a computer game and sentenced them to community service. Only a handful of such cases have been heard in the world, and they have reached varying conclusions about the legal status of “virtual goods.” The Leeuwarden District Court says the culprits, 15 and 14 years old, coerced a 13-year-old boy into transferring a “virtual amulet and a virtual mask” from the online adventure game RuneScape to their game accounts. “These virtual goods are goods (under Dutch law), so this is theft,” the court said Tuesday in a summary of its ruling. http://www.washingtonpost.com/wp-dyn/content/article/2008/10/21/AR2008102101209.html - and - ONLINE DIVORCEE JAILED AFTER KILLING VIRTUAL HUBBY (AP, 23 Oct 2008) - A 43-year-old Japanese woman whose sudden divorce in a virtual game world made her so angry that she killed her online husband’s digital persona has been arrested on suspicion of hacking, police said Thursday. The woman, who is jailed on suspicion of illegally accessing a computer and manipulating electronic data, used his identification and password to log onto popular interactive game “Maple Story” to carry out the virtual murder in mid-May, a police official in northern Sapporo said on condition of anonymity, citing department policy. The woman had not plotted any revenge in the real world, the official said. She has not yet been formally charged, but if convicted could face a prison term of up to five years or a fine up to $5,000. Players in “Maple Story” raise and manipulate digital images called “avatars” that represent themselves, while engaging in relationships, social activities and fighting against monsters and other obstacles. The woman used login information she got from the 33-year-old office worker when their characters were happily married, and killed the character. The man complained to police when he discovered that his beloved online avatar was dead. http://www.washingtonpost.com/wp-dyn/content/article/2008/10/23/AR2008102301184.html COMPUTER KEYBOARDS BETRAY USERS’ KEYSTROKES TO RADIO EAVESDROPPERS (Information Week, 21 Oct 2008) - Two Swiss security researchers from the Security and Cryptography Laboratory at the Ecole Polytechnique Federale De Lausanne have published a video demonstrating how the electronic emanations from wired computer keyboards can be deciphered to reveal the user’s keystrokes. Using a laptop connected to a PS/2 keyboard, one of the researchers in the video typed the words, “Trust No One,” in a nod to fans of The X-Files. The video then shows a program receiving data from an eavesdropping antenna and then converting that data into the typed words. “We found four different ways (including the Kuhn attack) to fully or partially recover keystrokes from wired keyboards at a distance up to 20 meters, even through walls,” explain Martin Vuagnoux and Sylvain Pasini in an online post. The Kuhn attack refers to a computer security research paper published in 1998 by Markus G. Kuhn and Ross J. Anderson that describes the threat of a “Tempest virus” that “can attack computers not connected to any communication lines and situated in rooms from which the removal of storage media is prohibited.” http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=211300294&cid=RSSfeed_IWK_News LEGAL P2P USES GROWING 10X FASTER THAN ILLEGAL ONES (ArsTechnica, 22 Oct 2008) - P2P is “starting to see a lot more legitimate uses,” says Frank Dickson of MultiMedia Intelligence. He’s talking about his company’s new report on P2P growth that projects a 400 percent increase in such Internet traffic over the next five years. But more surprising than the growth rate, which has been in decline now for some time, is the fact that it’s P2P’s lawful uses that are seeing the biggest growth. For small content providers, especially companies involved in video, paying for a content delivery network can eat up a significant chunk of revenue. Done right, P2P distribution can save valuable cash for these providers, which is why Dickson sees P2P’s lawful uses growing 10 times faster than its illicit uses. Some of this is no doubt due to the “law of small numbers”; P2P’s legal uses (transferring Linux ISO files, etc.) have always been dwarfed by its usefulness as a distribution mechanism for music and now video content. Thus, when legal applications begin to boom, it’s much easier for them to rack up big percentage numbers. ISPs aren’t necessarily crazy about this shifting of the video burden from company servers (or CDNs) onto a network of decentralized users, since this can strain the network, especially when it comes to upload links. But it’s not as though P2P is the only system straining ISP networks; as users hunger for their Hulu and their YouTube, streaming video has begun to consume shockingly high amounts of bandwidth, too—though almost totally downstream. http://arstechnica.com/news.ars/post/20081022-forecast-legal-p2p-uses-growing-10x-faster-than-illegal-ones.html RESOURCES PODCASTING LEGAL GUIDE (Wiki resource): The purpose of this Guide is to provide you with a general roadmap of some of the legal issues specific to podcasting. EFF has produced a very practical and helpful guide for issues related to blogging generally (http://www.eff.org/bloggers/). This Guide is not intended to duplicate efforts by EFF, and in many cases refers you to that guide for where crossover issues are addressed. Our goal is to complement EFF’s Bloggers FAQ and address some of the standalone issues that are of primary relevance to podcasters, as opposed to bloggers. http://wiki.creativecommons.org/Podcasting_Legal_Guide NOTED PODCASTS TECHNOLOGY’S POTENTIAL TO RESHAPE BUSINESS (Nicholas Carr and Chris Meyer, IT Conversations, 26 June 2008) – Very interesting assessment of how emerging processing hubs, connected by ubiquitous communications, might collapse organizational barriers. The discussion of P&G’s “Connect & Develop” initiative and the InnoCentive experience is fascinating; especially the finding that ideas that arise from outside an organization generally have 200% the ROI of internal ideas. The implications for breaking down barriers give real meat to the bare-bones references to “Web 2.0”, and offer a glimpse of what Google’s 12-year strategic vision might be. Two Stars; 63 minutes. http://itc.conversationsnetwork.org/shows/detail3443.html [Editor: re the InnoCentive reference, you might find interesting a LongNow Foundation podcast by Peter Diamandis on long-term X-Prizes: ]http://fora.tv/media/rss/Long_Now_Podcasts/podcast-2008-09-12-diamandis.mp3] ENTERPRISE SOCIAL SOFTWARE (Christian Gray, Craig Honick; IT Conversations; 14 April 2008) – Very interesting discussion of current uses (and likely expansion) of various “social networking” tools in companies, and the knowledge-management/productivity implications. Discusses how tools (e.g., wikis, instant messaging, twitter, SecondLife, podcasts, blogging) can affect productivity and effect collaboration. Discusses inward-facing uses of these tools (e.g., within the enterprise’s firewall) and outward-facing uses (e.g., facilitating the emergence of customers’ communities). Discusses how some implementations may occur informally (e.g., using no-cost software within a department), and how such efforts may run afoul of company policies (e.g., on IP protection). Two Stars; 48 minutes. http://itc.conversationsnetwork.org/shows/detail3612.html MIRLN 2008-10-25T11:41:00-07:00 http://www.knowconnect.com/mirln/article/mirln_14_september_4_october_2008_v1113/ http://www.knowconnect.com/mirln/article/mirln_14_september_4_october_2008_v1113/#When:12:00:01Z E-VOTING VENDOR: PROGRAMMING ERRORS CAUSED DROPPED VOTES (Network World, 22 August 2008) - An major electronic voting system vendor has changed its story in an attempt to explain how its machines dropped hundreds of votes in Ohio’s March primary elections, saying it was a programming error, not the fault of antivirus software. E-voting machines from Premier Election Solutions, formerly called Diebold Election Systems, dropped hundreds of votes in 11 Ohio counties during the primary election, as the machine’s memory cards uploaded to vote-counting servers. Premier originally blamed conflicts caused by antivirus software from McAfee, but the company this week said a logic error in the machines’ GEMS source code was responsible for the problem. “We now have reason to believe that the logic error in the GEMS code can cause this event when no such antivirus program is installed on the server,” Premier President Dave Byrd wrote in a Tuesday letter to Ohio Secretary of State Jennifer Brunner. “We are indeed distressed that our previous analysis of this issue was in error.” http://www.networkworld.com/news/2008/082208-e-voting-vendor-programming-errors-caused.html JUDGE LIMITS SEARCHES USING CELLPHONE DATA (Washington Post, 12 Sept 2008) - The government must obtain a warrant based on probable cause of criminal activity before directing a wireless provider to turn over records that show where customers used their cellphones, a federal judge ruled Wednesday, in the first opinion by a federal district court on the issue. Judge Terrence F. McVerry of the Western District of Pennsylvania rejected the government’s argument that historical cellphone tower location data did not require probable cause. The ruling could begin to establish the standard for such requests, which industry lawyers say are routine as more people carry cellphones that reveal their locations. Around the country, magistrate judges, who handle matters such as search warrants, have expressed concern about the lack of guidance. http://www.washingtonpost.com/wp-dyn/content/article/2008/09/11/AR2008091103292.html CONGRESS LIMITS SUBJECT MATTER AND INADVERTENT WAIVERS FOR ATTORNEY-CLIENT COMMUNICATIONS AND WORK PRODUCT (WilmerHale Alert, 12 Sept 2008) - On September 8, 2008, the House of Representatives joined the Senate in passing legislation that would create a new Rule of Evidence, Rule 502.1 The Rule will become effective upon the President’s signature. The primary purpose of the Rule is to reduce the costs of time-consuming privilege review. If enacted, the Rule will limit the consequences of both intentional and inadvertent disclosures of attorney-client communications and attorney work product; and allow the parties to create their own waiver rules that are binding on third parties. The theory behind the Rule is that (1) most documents produced in discovery have minimal value; (2) reviewing them in the modern era of email and electronic communication is enormously costly; and (3) attorneys worried about the consequences of waiver for even a single document must engage in time-consuming and costly privilege reviews and make strained privilege claims. The Rule attempts to address these concerns. http://wilmerhaleupdates.com/ve/ZZn90288979VZZ00w808 CANADIAN ELECTION OFFICIALS POKE AROUND FACEBOOK VOTE-SWAPPING GROUP (CBC, 12 Sept 2008) - Canada’s election watchdog is probing whether a vote-swapping group set up on Facebook is illegal or just strategic voting. The online group, titled “Anti-Harper Vote Swap Canada,” is trying to match Canadians who are willing to swap votes to keep the Conservatives from winning a majority in the Oct. 14 federal election. More than 1,200 people had become members of the group by early Friday evening, two days after its creation. The group lists 41 ridings likely to be tight races and encourages members to swap votes in order to stop Tories from winning those seats. http://www.cbc.ca/news/canadavotes/story/2008/09/12/facebook-vote-swap.html Later ruling says vote-swapping is not illegal, per se: http://www.cbc.ca/canada/story/2008/09/17/vote-swapping.html PORN PASSED OVER AS WEB USERS BECOME SOCIAL (Reuters, 16 Sept 2008) - Social networking sites are the hottest attraction on the Internet, dethroning pornography and highlighting a major change in how people communicate, according to a web guru. Bill Tancer, a self-described “data geek,” has analyzed information for over 10 million web users to conclude that we are, in fact, what we click, with Internet searches giving an up-to-date view of how society and people are changing. Some of his findings are great trivia, such as the fact that elbows, belly button lint and ceiling fans are on the list of people’s top fears alongside social intimacy and rejection. Others give an indication of people’s interests or emotions, with an annual spike in searches for anti-depression drugs around Thanksgiving time in the United States. Tancer, in his new book, “Click: What Millions of People are Doing Online and Why It Matters,” said analyzing web searches did not just reflect what was happening online but gave a wider picture of society and people’s behavior. “There are some patterns to our Internet use that we tend to repeat very specifically and predictably, from diet searches, to prom dresses, to what we do around the holidays,” Tancer told Reuters in a telephone interview. Tancer, general manager of global research at Hitwise, an Internet tracking company, said one of the major shifts in Internet use in the past decade had been the fall off in interest in pornography or adult entertainment sites. He said surfing for porn had dropped to about 10 percent of searches from 20 percent a decade ago, and the hottest Internet searches now are for social networking sites. “As social networking traffic has increased, visits to porn sites have decreased,” said Tancer, indicated that the 18-24 year old age group particularly was searching less for porn. http://news.yahoo.com/s/nm/20080916/wr_nm/internet_book_life_dc JUDGE: ‘HEADS WILL ROLL’ OVER WITHHELD E-MAIL (Law.com, 17 Sept 2008) - A discovery disaster threatens to derail the government’s stock options prosecution against McAfee’s former general counsel. Opening arguments had been slated for Wednesday morning in the Kent Roberts case. Instead, federal prosecutors and defense lawyers stunned the court with news that the company had just turned over highly relevant e-mails to the government the night before. Those documents should have been produced in response to a two-year old grand jury subpoena, Assistant U.S. Attorney Laurel Beeler said. Judge Marilyn Hall Patel was less than pleased. She demanded that in-house lawyers from McAfee—along with attorneys from Howrey and Wilson Sonsini Goodrich Rosati—show up the next day to explain why 18 pages of e-mails weren’t turned over to the government until 10:40 p.m. Tuesday night. The judge then dismissed the jury for the day so prosecutors could determine whether any other documents were withheld—and whether the case can proceed. Wilson Sonsini represents McAfee, and Howrey conducted the company’s internal investigation. “Somewhere or another, heads will have to roll, because this is outrageous,” Patel said. http://www.law.com/jsp/article.jsp?id=1202424591001&rss=newswire BEWARE OPEN-SOURCE VIOLATIONS LURKING IN YOUR CODE (Computerworld, 19 Sept 2008) - IT organizations that feel safe from open-source licensing violations might be wise to check their code anyway, because open-source components are rapidly seeping into applications by way of offshore and in-house developers taking shortcuts, as well as a growing population of open-source-savvy grads entering the workforce. “With all of these new aspects, open source is something companies are going to have to get their heads around,” says Anthony Armenta, vice president of engineering at Wyse Technology Inc., a maker of thin clients. It’s not just about unearthing open-source code that’s in violation of licensing, either. Open source must be managed like any other software component as security vulnerabilities arise and patches become available. Wyse has been using Palamida Inc. to track its open-source usage for the past year. Palamida checks code bases against a 6TB library of known open-source projects, fingerprints and binary files. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9115183&source=rss_news CYBER ATTACK DATA-SHARING IS LACKING, CONGRESS TOLD (Washington Post, 19 Sept 2008) - U.S. intelligence agencies are unable to share information about foreign cyber attacks against companies for fear of jeopardizing intelligence-gathering sources and methods, cyber security expert Paul B. Kurtz told lawmakers yesterday. Kurtz, who served on the National Security Council in the Clinton and Bush administrations, spoke at the first open hearing on cyber security held by the House Permanent Select Committee on Intelligence. He and other experts discussed President Bush’s Comprehensive National Cybersecurity Initiative, disclosed in January, which focuses on cyber espionage against government systems and, they said, does not adequately address the private sector. There is no coordinated strategy or mechanism for sharing intelligence about intrusions with companies, nor is there a systematic way for companies to share information with the government, said the panelists, who are members of the Center for Strategic and International Studies commission on cyber security, set up last year to advise the next administration. While certain information must remain classified, “the government needs to do better” at sharing unclassified information about cyber attacks, said Rep. Silvestre Reyes (D-Tex.), who chairs the intelligence committee. “Everyone stands to benefit from an improved two-way information flow.” http://www.washingtonpost.com/wp-dyn/content/article/2008/09/18/AR2008091803730.html TWO-THIRDS OF FIRMS HIT BY CYBERCRIME (Security Focus, 22 Sept 2008) - The Department of Justice released data from its 2005 National Computer Security Survey last week, finding that two-thirds of firms detected at least one cybercrime during that year. More than 7,800 companies responded to the survey, which classified cybercrime into cyber attacks, cyber theft, and other incidents. The survey found that three-quarters of cyber attacks came from external sources, while insiders accounted for the same proportion of cyber thefts. More than half of companies reported a cyber theft to law-enforcement authorities, but only 6 percent of cyber attacks were reported. Computer viruses made up more than half of all cyber attacks. The survey, which was developed by the DOJ’s Bureau of Justice Statistics and the U.S. Department of Homeland Security, found that telecommunications companies and computer-system design businesses were hardest hit by cybercrime. About 90 percent of businesses that suffered an incident sustained monetary loss, and cyber theft accounted for half of the loss, according to the summary. http://www.securityfocus.com/brief/825 Survey here: http://www.ojp.usdoj.gov/bjs/pub/pdf/cb05.pdf GOOGLE BOOK SEARCH NOW FITS ON YOUR BLOG (CNET, 22 Sept 2008) - Google has put out a cool update to its book search service that lets anyone embed entire books, or just book previews on their site. While aimed mainly at online retailers and educational institutes, it’s also a great way to drop entire public domain works onto your blog in case you want to give your visitors something more exciting to flip through than your latest ramblings. The news comes alongside some partnerships including A1Books, Books-A-Million, and The Book Depository. When you’re viewing an indexed title on any of these sites you’ll see a Google preview link that lets you peruse the innards of the book without leaving the sale page. According to a post on Google’s Book Search blog, larger retailers including Powell’s Books, Borders and Buy.com will be added “in the coming weeks.” If you’re wondering why Amazon.com is not one of the online stores to be included, it’s because it’s had this feature since late 2003. Its in-house “search inside” feature is essentially the same, although limited to titles within its catalog. Under Google’s system, any retailer would be able to get this same functionality--including the capability to let readers view the entire work with whatever titles had been indexed. Back in 2006, the two companies traded legal blows due to the suspicion that Google’s book search program was leading towards this functionality. http://news.cnet.com/8301-17939_109-10047943-2.html MLB BACKS DOWN WHEN SOMEONE IT BULLIES EXPLAINS FAIR USE TO THEM (TechDirt, 23 Sept 2008) - For years now, Major League Baseball’s online division, MLB.com, has been over aggressive in claiming ownership and control over anything associated with Major League Baseball—even though court after court has told them they don’t get to control everything. However, MLB just keeps on claiming ownership of things anyway, such as sending out various DMCA takedown notices to YouTube for any clip of baseball put up by anyone else. Larry Lessig has the story, though, of one fan who fought back and filed a detailed counterclaim about how his video was fair use and MLB was repeatedly abusing its power in damaging ways. Amazingly, not only did MLB relent, it featured the video it had just demanded get taken down on its own blog. To be honest, there’s a chance that the two things are unrelated, and the blogger had no idea that the parent company’s lawyers were trying to shut down the video—but the story is a good reminder that if someone is overreaching in their takedown attempts, it can be effective to respond with a counternotice that clearly states the issues. http://techdirt.com/articles/20080922/2002012337.shtml DHS DOCS REVEAL EXPANDED BORDER SEARCH DISCRETION (ArsTechnica, 23 Sept 2008) - Internal Department of Homeland Security Documents obtained by civil rights groups reveal that, since 2000, Customs and Border Patrol guidelines have been loosened to allow border agents significantly more latitude to question and search travelers entering the United States. Prompted by travelers’ reports of border guards increasingly probing into the political views, religious beliefs, and volunteer activities of border crossers, the Asian Law Caucus and Electronic Frontier Foundation sued the DHS in February, seeking the release of records detailing the policies that govern border searches. In June and late July, the groups obtained over 600 pages worth of documents, of which they recently issued a thorough analysis. They found that as border policies were revised in 2000 and again in 2007, restrictions on the examination, seizure, copying, and sharing of travelers’ personal effects and documents were shed. The 2007 guidelines, for example, stipulated that customs officers “may glance at documents and papers to see if they appear to be merchandise” [emphasis added], and permitted close reading only if “an officer reasonably suspects that they relate to” one of several classes of restricted materials. Probable cause, or the consent of the owner, was needed to seize or copy documents. Under the revised rules, officers may seize or copy papers or digital files for the purpose of performing a “thorough border search” without any need for individualized suspicion. The “reasonable suspicion” requirement was also dispensed with as a prerequisite for sharing seized or copied information with other agencies for translation. A memo from the Area Port of Anchorage, however, does establish that an officer who uses an imaging device to copy the contents of a digital storage medium should inform a supervisor of the “circumstances and articulable facts” justifying the copy. http://arstechnica.com/news.ars/post/20080923-dhs-docs-reveal-expanded-border-search-discretion.html EFF: CLAIM THAT CONSENT NEEDED FOR LINKING IS “PREPOSTEROUS” (ArsTechnica, 23 Sept 2008) - Large Chicago law firm Jones Day is suing a tiny Internet startup called BlockShopper over the use of the humble hyperlink. But BlockShopper has picked up a pair of allies in the form of the EFF and Public Citizen, and the two groups jointly filed an amici curiae brief with the court that points out the obvious: “linking is what web sites do—that is, after all, why it is called the ‘World Wide Web’.” BlockShopper’s transgression, such as it is, appears to be the posting of public information. The site shows which partners, lawyers, philanthropists, and executives have purchased properties in specific city neighborhoods, and it incurred Jones Day’s legal wrath after showing the new purchases of two Jones Day lawyers. The company sued on trademark grounds, claiming that the use of its name and web link on the site were illegal. Last Friday, two public interest groups have stepped up to the plate and weighed in on the case because of its implications for the Web. The BlockShopper case has “potentially significant implications for other online speakers,” says their filing, which is putting it mildly. Should the case go in Jones Day’s favor, the entire nature of the Web could be attacked by companies looking to harass bloggers or stifle criticism. Creating a “permission-based” culture of linking would strike at the Web’s key feature. As the filing notes, “if Jones Day’s trademark theory were correct, no news site or blog could use marks to identify markholders, or links to point to further information about the markholders, without risking a lawsuit. “But,” the filing continues, “Jones Day is wrong.” http://arstechnica.com/news.ars/post/20080923-eff-claim-that-consent-needed-for-linking-is-preposterous.html E-DISCOVERY RESPONSE REQUIRES NAVIGATION (New York Law Journal, 23 Sept 2008) - A company that responded to a discovery request by turning over more than 400,000 pages of undifferentiated documents in an electronic format must provide a “modicum” of guidance about how the material was gathered and organized, a federal magistrate judge has ruled. Magistrate Judge David E. Peebles ruled that Pass & Seymour, a Syracuse, N.Y., business, failed to either categorize the information under the document headings requested by Hubbell Incorporated, the defendant in Pass & Seymour’s copyright infringement action, or to organize the data in an intelligible way. Hubbell asked for information in what Magistrate Judge Peebles called 72 “wide-ranging and broadly worded” categories. In response, Pass & Seymour delivered the documents in 220 unlabeled computer folders—the way the company said they were kept in “the ordinary course of business.” Peebles said that was akin to receiving 405,367 pages of documents stuffed into more than 80 bankers’ boxes. As such, the response did not meet the company’s obligation under the recently amended Rule 34(b)(2) of the Federal Rules of Civil Procedure. “A party who in response to a discovery demand has chosen to produce documents as they are ordinarily maintained must do just that - produce the documents organized as they are maintained in the ordinary course of producing party’s business, with at least some modicum of information regarding how they are ordinarily kept in order to allow the requesting party to make meaningful use of the documents,” the magistrate judge wrote in Pass & Seymour v. Hubbell Incorporated, 5:07-cv-00945. To make information meaningful, parties have to provide their adversaries with some context to help them navigate their way through it, according to the magistrate judge. http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202424713079&rss=newswire THOMAS VERDICT OVERTURNED, MAKING AVAILABLE THEORY REJECTED (ArsTechnica, 24 Sept 2008) - Jammie Thomas is off the hook—at least for the time being. Judge Michael J. Davis has overturned a federal jury’s copyright infringement verdict and award of $222,000 in damages to the RIAA. The verdict was handed down last October after a three-day trial and a few hours of deliberations. Judge Davis determined that he gave the jury an erroneous instruction on the question of whether making a file available for download over a P2P network violated the record labels’ distribution right under the Copyright Act. The original jury instructions said that it wasn’t, but, after a hearing outside of the presence of the jury, Judge Davis amended the instruction to follow the RIAA’s theory that making a file available equals infringement. After becoming aware of some case law in the Eighth Circuit, Judge Davis invited both parties to submit briefs on the matter, and held oral arguments in August at which he indicated he was leaning towards overturning the verdict and ordering a new trial. In a 43-page decision released late Thursday, Judge Davis wrote that the jury instruction in question was inaccurate. At issue was what he described as the “plain meaning” of distribution. “The Court’s examination of the use of the term ‘distribution’ in other provisions of the Copyright Act, as well as the evolution of liability for offers to sell in the analogous Patent Act, lead to the conclusion that the plain meaning of the term ‘distribution’ does not includ[e] making available and, instead, requires actual dissemination,” reads Judge Davis’ opinion. http://arstechnica.com/news.ars/post/20080924-thomas-verdict-overturned-making-available-theory-rejected.html Opinion here: http://arstechnica.com/news.media/thomas-ruling-1.pdf AEROSMITH’S TYLER SUES OVER BLOG IMPERSONATIONS (Reuters, 24 Sept 2008) - Aerosmith frontman Steven Tyler on Wednesday sued unknown bloggers who the singer said impersonated him on the Web, writing about the death of his mother and other “intimate details” from his life. In a lawsuit filed in Los Angeles, Tyler, 60, said he didn’t know the real names of those who have impersonated him and girlfriend Erin Brady on the Web, but he believes the same group was responsible for similar postings in 2007. At that time, Tyler asked Google to remove the blogs, and the Internet company complied. The latest batch of impersonator blogs, which show pictures of Tyler, the lead singer for the rock group Aerosmith, were posted at Blogspot.com, the lawsuit said. One posting had 31 entries for 2008, and another written by “Brady” had seven entries in recent months, the lawsuit said. Tyler’s lawsuit accuses the bloggers of public disclosure of private facts, making false statements and misappropriation of likeness. It also seeks an injunction to have the defendants stop impersonating him online or elsewhere. On Wednesday, the blogs Tyler’s lawsuit describes as being written by impostors were unavailable for public viewing. A statement on each of the blog pages said, “This blog is under review due to possible blogger terms of service violations.” http://tech.yahoo.com/news/nm/20080925/wr_nm/us_aerosmithusnet_1 STUDY: WORK E-MAIL USE CREEPS INTO OFF HOURS (AP, 24 Sept 2008) - A study published Wednesday by the Pew Internet and American Life Project shows that workers in general have mixed feelings about the increased use of e-mail and the Internet in the last few years. In a survey of 2,134 adults in March and April, 96 percent used e-mail, the Internet or cell phones. Of them, 80 percent said these technologies have improved their ability to do their jobs, and 58 percent said these tools have given them more control over when to work. But 46 percent also said these devices increase the demands that they work more hours, and 49 percent said that the technologies make it harder to disconnect from work when they should be off. Half of the respondents who were employed and had e-mail said they check their work e-mail on weekends, and a full 22 percent said they checked office e-mail “often” on the weekends, up from 16 percent who said the same thing in 2002. For workers in general, it’s unclear whether e-mail alone is increasing the amount of work. Other studies show that people have worked roughly the same number of hours every week for the last two decades. In the Pew study, 17 percent said e-mail had increased their work hours, while 6 percent said the opposite — that e-mail reduced the time they had to work. http://news.yahoo.com/s/ap/20080924/ap_on_hi_te/tec_workers_e_mail_2 UK FIRMS KEEP SCHTUM ABOUT DATA BREACHES TO CLIENTS (CBR, 24 Sept 2008) - Most companies try to keep data breaches from their clients and half fail to report problems to the police or authorities. Only 40% of the 300 public and private firms surveyed by services organisation Logica said they had told clients of data breaches. What was particularly worrying – and baffling given the high profile data losses reported over the last year – was that 57% had “no idea” or understanding about the impact of such a breach on their company. Half the respondents wanted to pass the buck to the IT department, blaming them for any data security problems. “This complacent attitude not only increases the likelihood of financial and reputational consequences, but also highlights the inadequate security policies and protocols that UK organisations have in place,” said Tim Best, director enterprise security solutions at Logica. This complacency was further demonstrated both by respondents’ attitude to training staff – only 30% educated workers about IT security and information handling regularly – and to data compliance, as only a quarter said they complied to ISO standards for storing personal data. http://security.cbronline.com/news/firms_keep_schtum_about_data_breaches_to_clients CDA SECTION 230 PROTECTS TICKET RESELLING SITE (BNA’s Internet Law News, 25 Sept 2008) - BNA’s Electronic Commerce & Law Report reports that an Oregon Circuit Court has ruled that Section 230 of the Communications Decency Act shields ticket re-seller StubHub Inc. and Internet auction company eBay Inc. from liability for scalped concert tickets sold by third parties on their Web sites. Case name is Fehrs v. StubHub Inc. SEC AND HHS JOIN THE DATA SECURITY POSSE (Steptoe & Johnson’s E-Commerce Law Week, 25 Sept 2008) - No longer willing to let the Federal Trade Commission act as the Lone Ranger of federal data security enforcement, the Securities and Exchange Commission and the Department of Health and Human Services have begun taking action against companies whose data security practices violate the Gramm-Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA), respectively. Earlier this month, LPL Financial Corporation agreed to remedy any deficiencies in its data security policies and procedures identified by an independent consultant and pay $275,000 to settle SEC charges that its failure to implement “adequate” data security allowed hackers to make unauthorized trades in the accounts of LPL’s customers, in violation of the Safeguards Rule of GLBA Regulation S-P. Meanwhile, several members of the Providence health care group agreed this July to adopt new security policies and procedures and pay $100,000 to settle HHS charges that they had failed to adequately secure patient information, in violation of the HIPAA Privacy and Security Rules. In addition to signaling an uptick in data security enforcement by federal regulators, these developments could help refine the working definition of “reasonable” data security that the FTC has adopted in its settlements with alleged violators of the “unfair or deceptive acts or practices” prong of the FTC Act. http://www.steptoe.com/publications-5571.html SEC ADOPTS FINAL RULES MANDATING THE ELECTRONIC FILING AND REVISION OF FORM D (Duane Morris, 26 Sept 2008) - In June 2007, the SEC proposed amendments mandating the electronic filing of Form D together with substantive revisions to the form. In February of this year, those amendments were adopted almost entirely as proposed. Although these final rules embody both substantive and procedural changes, Form D retains its primary purpose as an initial notice form. On September 15, 2008, the SEC’s Form D electronic filing system went online. From that date until March 15, 2009, companies have the option of filing Form D information electronically through the EDGAR system or using a paper Form D. If using the paper form, filers have the option of using the old Form D or the new Form D, which has been revised to include the new information requirements discussed below. However, beginning on March 16, 2009, the SEC will no longer accept paper filing of the Form D, regardless of which form is used. http://www.duanemorris.com/alerts/alert2976.html ALARM SOUNDED ON SECOND-HAND KIT (BBC, 29 Sept 2008) - For less than a pound a security expert has got front-door access to a council’s internal network. For 99p Mr Mason bought what is known as a virtual private network (VPN) server made by the firm Cisco Systems that automates all the steps needed to get remote access to a network. Many staff working overseas or off-site use a VPN to connect back to corporate systems. On powering it his new hardware Mr Mason expected that the device would need network settings to be input but, without prompting, it connected to the last place it was used [the internal network of Kirklees Council in West Yorkshire]. Kirklees council called the discovery “concerning” but said its data had not been compromised. “It is like having a long ethernet cable from the Council office to anywhere where I connected the device,” said Mr Mason. A spokesperson for Cisco Systems said that “we do provide clear guidelines that explain how to reset products to their factory default settings. “If followed correctly, these processes eliminate both the configuration and backup configuration of the product preventing subsequent users from connecting with a previous user’s configuration.” http://news.bbc.co.uk/2/hi/technology/7635622.stm - and - TOP SECRET MI6 CAMERA SOLD TO THE HIGHEST BIDDER ON EBAY (Washington Post, 30 Sept 2008) - A 28-year-old delivery man from the UK who bought a Nikon Coolpix camera for about $31 on eBay got more than he bargained for when the camera arrived with top secret information from the UK’s MI6 organization. Allegedly sold by one of the clandestine organization’s agents, the camera contained named al-Qaeda cells, names, images of suspected terrorists and weapons, fingerprint information, and log-in details for the Secret Service’s computer network, containing a “Top Secret” marking. Once he downloaded the contents onto his computer, he immediately went to the police to explain the situation. The police originally treated it as a joke, but within a week, anti-terror officers started investigating and demanded that he not talk to the media about the contents contained in the camera. Journalist and author Neil Doyle told The Sun that the contents are “MI6 documents relating to an operation against al-Qaeda insurgents in Iraq. It?s jaw-dropping they got into the public domain. “Not only do they divulge secrets about operations, operating systems and previously unheard-of MI6 departments, but they could put lives at risk.” http://www.washingtonpost.com/wp-dyn/content/article/2008/09/30/AR2008093000994_pf.html UPS AND DOWNS OF DISCOVERING ONLINE DATA (Law.com, 29 Sept 2008) - One unanticipated cost of e-business is the expense of responding to subpoenas and proceedings designed to compel companies to disclose confidential data in their possession, such as private consumer information or identifying information as to anonymous posters at company blogs, bulletin boards or Web sites. In such cases, the company is not the target of the legal proceedings by private litigants or government prosecutors but the conduit for the identification of, or evidence against, the target. Under such circumstances, a business faces a Hobson’s choice. It can disclose data it may have received in exchange for a promise to keep it private or a company may try to honor anonymity and, perhaps, individual First Amendment rights by refusing to respond to legal process. Either way, there is both expense and potential exposure to the company. Courts have increasingly established guidelines that may help businesses to determine their responsibilities under these circumstances. http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202424836222&rss=newswire MPAA SUES REALNETWORKS OVER REALDVD RIPPER (Extreme Tech, 30 Sept 2008) - Hollywood’s leading movie studios have sued RealNetworks over its RealDVD software, arguing that the software’s ability to copy DVDs to a hard disk violates the Digital Millennium Copyright Act. The suit asks for a temporary restraining order halting sales of the software, plus damages deriving from profits lost through the sales of the RealDVD software. The lawsuit, filed today in U.S. District Court in Los Angeles, asks for damages and injunctive relief against RealNetworks for violations of the DMCA’s circumvention provisions, as well as a breach of the contract accompanying the DVD’s copy protection license. “RealNetworks’ RealDVD should be called StealDVD,” said Greg Goeckner, executive vice president and general counsel for the Motion Picture Association of America (MPAA), in a statement. “RealNetworks knows its product violates the law and undermines the hard-won trust that has been growing between America’s movie makers and the technology community.” The MPAA’s membership includes Fox, Paramount, The Walt Disney Co., and Warner Bros. RealNetworks filed its own preemptive suit on Tuesday, arguing that its software was protected under the “fair use” statutes of U.S. copyright law. A source close to the MPAA dismissed Real’s suit as a “PR stunt” designed to facilitate piracy. http://news.yahoo.com/s/zd/20080930/tc_zd/232572 FORUM-SELECTION CLAUSE LOCATED ONLINE, INCORPORATED BY REFERENCE IS ENFORCEABLE (BNA’s Internet Law News, 2 Oct 2008) - BNA’s Electronic Commerce & Law Report reports that a federal court in Pennsylvania has ruled that terms of service posted online, incorporated by reference into an online services agreement, were not unconscionable and governed a dispute about the service. Magistrate Judge Lisa Pupo Lenihan explained that forum selection clauses are enforceable unless they are invalid under contract law theories, such as fraud or unconscionability. Case name is PentecostalTempleChurch v. Streaming Faith. SURVEILLANCE OF SKYPE MESSAGES FOUND IN CHINA (New York Times, 2 Oct 2008) - A group of Canadian human-rights activists and computer security researchers has discovered a huge surveillance system in China that monitors and archives certain Internet text conversations that include politically charged words. The system tracks text messages sent by customers of Tom-Skype, a joint venture between a Chinese wireless operator and eBay, the Web auctioneer that owns Skype, an online phone and text messaging service. The discovery draws more attention to the Chinese government’s Internet monitoring and filtering efforts, which created controversy this summer during the Beijing Olympics. Researchers in China have estimated that 30,000 or more “Internet police” monitor online traffic, Web sites and blogs for political and other offending content in what is called the Golden Shield Project or the Great Firewall of China. The activists, who are based at Citizen Lab, a research group that focuses on politics and the Internet at the University of Toronto, discovered the surveillance operation last month. They said a cluster of eight message-logging computers in China contained more than a million censored messages. They examined the text messages and reconstructed a list of restricted words. The list includes words related to the religious group Falun Gong, Taiwan independence and the Chinese Communist Party, according to the researchers. It includes not only words like democracy, but also earthquake and milk powder. (Chinese officials are facing criticism over the handling of earthquake relief and chemicals tainting milk powder.) The list also serves as a filter to restrict text conversations. The encrypted list of words inside the Tom-Skype software blocks the transmission of those words and a copy of the message is sent to a server. The Chinese servers retained personal information about the customers who sent the messages. They also recorded chat conversations between Tom-Skype users and Skype users outside China. The system recorded text messages and Skype caller identification, but did not record the content of Skype voice calls. http://www.nytimes.com/2008/10/02/technology/internet/02skype.html?ref=business MASSACHUSETTS ISSUES SWEEPING DATA SECURITY REGULATIONS, INCLUDING MANDATORY ENCRYPTION (Steptoe & Johnson’s E-Commerce Law Week, 2 Oct 2008) - Massachusetts has issued regulations requiring businesses that own or maintain personal information about state residents to implement comprehensive data security measures. These appear to be the broadest and most detailed data security prescriptions to be imposed at the state or federal level. The regulations also specifically require businesses and other entities, “to the extent technically feasible,” to encrypt “all transmitted records and files containing personal information that will travel across public networks” and “all data to be transmitted wirelessly.” The same entities must also encrypt “all personal information stored on laptops or other portable devices.” Massachusetts thus becomes the second state, after Nevada, to require the use of encryption, and adds to a growing international trend. The regulations will take effect January 1, 2009. http://www.steptoe.com/publications-5601.html Regulations here: http://www.mass.gov/?pageID=ocamodulechunk&L=1&L0=Home&sid=Eoca&b=terminalcontent&f=idtheft_201cmr17&csid=Eoca NIST PUBLISHES SECURITY GUIDANCE FOR WIRELESS LINKS, INDUSTRIAL CONTROLS (GCN, 2 Oct 2008) - The National Institute of Standards and Technology has released three information security documents in its 800 series of special publications; two final guidelines on information security assessment and Bluetooth security, and a draft of guidelines for security industrial control systems. SP 800-121, Guide to Bluetooth Security, has been finalized and describes the security capabilities of Bluetooth technologies and gives recommendations on security them effectively. Bluetooth is an open standards protocol for personal area wireless networking commonly used to connect peripherals with desktop or handheld computing devices. Much of SP 800-121 originally was included in a draft of NIST’s SP 800-48 Revision 1, Wireless Network Security for IEEE 802.11a/b/g and Bluetooth. But because of comments received on that publication, the Bluetooth material has been placed in a separate publication. This document and SP 800-48 Revision 1, which was released in July, replace the original SP 800-48, which dates to 2002. SP 800-115, Technical Guide to Information Security Testing and Assessment, provides guidance for planning and conducting tests, analyzing findings and developing mitigation strategies for risks that are identified. The document gives an overview of key elements of security testing, with the benefits and limitations of different technical testing techniques and recommendations for their use. It replaces SP 800-42, Guidelines on Network Security Testing, which was released in 2003. For effective testing and assessment, NIST recommends that organizations: * Establish an information security assessment policy to identify requirements for executing assessments and provide accountability topics to address organizational requirements, roles and responsibilities, adherence to an established assessment methodology, assessment frequency and documentation requirements. * Implement a repeatable and documented assessment methodology. This enables organizations to maximize the value of assessments while minimizing possible risks introduced by certain technical assessment techniques. Minimizing risk caused by assessment techniques requires skilled assessors, comprehensive assessment plans, logging assessor activities, performing testing off-hours and conducting tests on duplicates of production systems. Organizations need to determine the level of risk they are willing to accept for each assessment and tailor their approaches accordingly. * Determine the objectives of each security assessment. Because no individual technique provides a comprehensive picture of an organization’s security when executed alone, organizations should use a combination of techniques. This also helps organizations to limit risk and resource usage. * Analyze findings and develop risk mitigation techniques to address weaknesses. This includes conducting root cause analysis upon completion of an assessment to translate findings into actionable mitigation techniques. A final draft of SP 800-82, Guide to Industrial Control Systems (ICS) Security, is being released for public comment. Its guidance includes recommendations for security Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS) and other control system configurations such as Programmable Logic Controllers. http://www.gcn.com/online/vol1_no1/47273-1.html?topic=security Standards here: http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf http://csrc.nist.gov/publications/drafts/800-82/draft_sp800-82-fpd.pdf NOTED PODCASTS UNDERSTANDING PRIVACY (IT Conversations, 25 August 2008) – “Privacy is one of the most important concepts of our time, yet it is also one of the most elusive. As rapidly changing technology makes information increasingly available, scholars, activists, and policymakers have struggled to define privacy, with many conceding that the task is virtually impossible. Daniel J. Solove, author of the book Understanding Privacy, joins Phil, Scott, and Ben to give an overview of the difficulties involved in discussions of privacy. He reviews topics from his book and discusses a number of real-world examples on how individuals don’t even know what privacy they may be giving up.” 63 minutes; one star; provides an interesting framework for privacy analysis along four dimensions: Collection, Processing, Dissemination, and Invasion. http://itc.conversationsnetwork.org/shows/detail3805.html MIRLN 2008-10-04T12:00:01-07:00 http://www.knowconnect.com/mirln/article/mirln_24_august_13_september_2008_v1112/ http://www.knowconnect.com/mirln/article/mirln_24_august_13_september_2008_v1112/#When:12:51:00Z VA. PRIVACY ADVOCATE GETS PARTIAL WIN IN SSN POSTINGS CASE (AP, 22 August 2008) - A privacy advocate who challenged a Virginia law against posting Social Security numbers on the Internet won a partial victory Friday when a federal judge ruled her Internet postings are protected by the Constitution. U.S. District Judge Robert Payne ruled that the law barring such postings is unconstitutional as applied to B.J. Ostergren’s current and past Web site postings, but he stopped short of overturning the law. Payne said he would need further briefing on whether to issue a more far-reaching injunction concerning future postings of Social Security numbers by Ostergren or others. On her site, Ostergren has posted public documents — primarily land records — containing the Social Security numbers of prominent people and court officials. Her purpose is to demonstrate that government has failed to protect individuals’ privacy. She claimed in her lawsuit that government can’t publish the information and then punish citizens for distributing it. Payne agreed, saying Ostergren’s activities were protected by the First Amendment. “It is difficult to imagine a more archetypal instance of the press informing the public of government operations through government records than Ostergren’s posting of public records to demonstrate the lack of care being taken by the government to protect the private information of individuals,” Payne wrote. http://ap.google.com/article/ALeqM5jiGOcctpSb22Nw59ozzMFCW2hv7gD92NM65G0 - and - JONES DAY SUES OVER WEBSITE POSTING ATTORNEY HOME PURCHASE INFO (ABA Journal, 11 Sept 2008) - Jones Day has sued a website that highlights lawyers—even posting their photos and linking to firm biographies—and other professionals who buy and sell their homes in Chicago, Las Vegas, St. Louis and South Florida. After two Jones Day associates were featured on the BlockShopper site, the Cleveland-based BigLaw firm sued, reports the National Law Journal in an article reprinted in New York Lawyer (reg. req.). It is alleging service mark infringement in the federal lawsuit, which was filed in U.S. District Court for the Northern District of Illinois and also asserts claims for federal false designation of origin and unfair business practices under the Illinois Uniform Deceptive Trade Practices Act, among other issues, the legal publication reports. The suit seeks an injunction, damages and attorney fees. After a Neal Gerber & Eisenberg associate’s home purchase was featured on BlockShopper, managing partner Jerry Biederman says, the law firm is looking into whether the posting violates privacy rights as well as intellectual property rights. http://www.abajournal.com/weekly/law_firm_sues_over_website_posting_attorney_home_purchase_info - and - SHEBOYGAN WOMEN FILES LANDMARK CASE OVER WEB LINKS (Milwaukee Journal, 23 August 2008) - Can a city stop people from posting a link to its Web site? That’s the question at the center of a federal lawsuit brought by a Sheboygan woman against the mayor and other officials there, in what appears to be a first-of-its-kind case, according to an Internet law expert. Jennifer Reisinger says the Sheboygan city attorney ordered her to remove from her Web site a link to the city’s police department, in what she believes was retaliation for her support of recalling Mayor Juan Perez, according to the suit filed last week. Bruce Boyden, an assistant law professor at Marquette University who specializes in Internet law and copyright, called the case novel. “If this goes all the way to trial and produces a decision, I believe this would be a first in United States,” he said. Boyden said some companies require other Web sites to get permission to link to them, but he knew of no companies, much less a government body, that have tried to enforce violations of that condition if the links didn’t infringe on a copyright or trademark. http://www.jsonline.com/story/index.aspx?id=786584 ABA ETHICS COMMITTEE ISSUES OPINION DETAILING LAWYER RESPONSIBILITIES WHEN OUTSOURCING LEGAL WORK DOMESTICALLY OR INTERNATIONALLY (ABA, 25 August 2008) - U.S. lawyers are free to outsource legal work, including to lawyers or nonlawyers outside the country, if they adhere to ethics rules requiring competence, supervision, protection of confidential information, reasonable fees and not assisting unauthorized practice of law. Those are the conclusions of the American Bar Association Standing Committee on Ethics and Professional Responsibility, which describes outsourcing as a salutary trend in a global economy. Many lawyers do outsource work, using lawyers or nonlawyers as independent contractors, hiring them directly or through intermediaries and on temporary or ongoing bases, says the committee. Outsourcing can reduce client costs and enable small firms to provide labor intensive services such as large, discovery intense litigation, even though the firms might not maintain sufficient ongoing staff to handle the work, according to a new ethics opinion issued today. Ethics Opinion 08-451 details ethics obligations of lawyers and firms that do elect to outsource legal work. http://www.abanet.org/abanet/media/release/news_release.cfm?releaseid=435 Opinion at http://www.abanet.org/cpr/08-451.pdf RESEARCHER MINES BLOGS, SOCIAL NETWORKS TO ACCESS BANK ACCOUNTS (ComputerWorld, 25 August 2008) - A recent Google search of MySpace Inc.’s popular social networking site for several variations of terms describing a person’s maternal grandparents returned more than 11,000 search results. The search by security researcher and author Herbert Thompson illustrates the growing security threat posed by the massive amount of personal information posted on social networks, forums, blogs and other Web 2.0 destinations. Thompson sent the search results to Computerworld. Posting seemingly innocuous information—like a mother’s maiden name or a pet’s name—could help a crook access personal data stored by banks, financial services firms and other companies, Thompson said. Many companies typically ask for such information from clients to reset a password on an account, he noted. With her permission, Thompson accessed a friend’s bank account in an hour and a half after mining her personal blog personal for details like her birth date, birthplace, father’s middle name and pet’s name. He used the data to reset her e-mail password and gain access to an e-mail from her bank with instructions on how to reset her account password. Thompson said in an interview that cybercriminals are increasingly mining personal data splashed throughout the Web 2.0 world. He noted that the questions that banks have long used to reset or recover passwords were typically seen as difficult for thieves to answer. Now, however, the answers to the questions are often readily available to crooks because so many people are now blogging about their personal lives or are creating personal profiles that are rife with this type of information, he noted. As proof, Thompson pointed to the fact that thieves on underground forums typically charge 10 to 12 times more for stolen credit card numbers with the mother’s maiden name or a pet’s name of the owner than for the credit card alone. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9113405&source=NLT_AM&nlid=1 Scientific American article here: http://www.sciam.com/article.cfm?id=anatomy-of-a-social-hack - and (older article) - MAPPING COMPUTER TECHNIQUES TO THE REAL WORLD (NewSmart, 18 May 2008) - As a recent Times article describes, shopping plazas are now using cell-phone tracking technology to map shoppers’ activities and movement patterns. The “Path Intelligence” hardware used to track the movements works like this: * A cell-phone-wielding shopper enters the shopping plaza. * Path Intelligence monitors mounted throughout the plaza detect that a new mobile phone is in the vicinity and log its IMEI code. * As the shopper moves around the mall, his or her movements are continuously triangulated by the multiple Path Intelligence units, allowing movements to be mapped and saved for later analysis. The good news: it’s tot