en vpolley@knowconnect.com Copyright 2010 2010-03-12T22:36:00-07:00 http://www.knowconnect.com/mirln/article/mirln_21_february_13_march_v1304/ http://www.knowconnect.com/mirln/article/mirln_21_february_13_march_v1304/#When:22:36:00Z (supplemented by related Tweets: http://twitter.com/vpolley) • Many HIPAA Changes Under The HITECH Act Now Effective • Heartland Posts 4Q Loss on Settlement Costs • Widespread Data Breaches Uncovered by FTC Probe • Student Files Petition To Preserve Evidence In Webcam Spying Case o Remotely Spying on Kids with School Laptops • Thousands of Authors Opt Out of Google Book Settlement • Rootkits Work Nicely on Smartphones, Thank You • Social Media Trends at Fortune 100 Companies • Judge Dismisses Defamation Lawsuit Brought Against Boing Boing By Co. Targeting Ads Based on Phone Numbers • ‘Pension Committee’ Clarifies E-Discovery Requirements • Google to Appeal Italian Court Ruling • Step 1 for Legal Holds: Trigger Events • Avatar Rape • New U.S. Military Policy Opens Up Social Media to the Troops • Social Networks Play a Major Part in How We Get News • German Court Overturns Law on Phone, E-Mail Data • Dancing Tot Prevails Over UMG in YouTube Fair Use Case o Viacom: “Fair Use Works For Us,” Unlikely To Sue Bloggers • Trial Judges Impose Penalties for Social Media in the Courtroom • Why We Tweaked Our Copyright Notice • RealNetworks Deal to Discontinue DVD-Copying Software Includes $4.5 Million for Studios’ Legal Tab • FDIC: Hackers Took More Than $120m in Three Months • U.S. Hopes Exports Will Help Open Closed Societies • Law Firms Slow to Awaken to Cybersecurity Threat • European Parliament Rips Global IP Accord • Bad Employee! 12% Knowingly Violate Company IT Policies • 20 Ways to Link Dispersed Legal Departments • HHS Publishes List of Entities Reporting Health Information Breaches • Why Social Media Policies Don’t Work • Instant Ads Set the Pace on the Web NEWS | PODCASTS | RESOURCES | LOOKING BACK | NOTES Many HIPAA Changes Under The HITECH Act Now Effective (McGuire Woods, 18 Feb 2010) - Having reached the one year anniversary of the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, many changes to the HIPAA Privacy and Security Rules are now effective. Unfortunately, since the Department of Health and Human Services has not yet issued guidance with respect to most of these changes, Covered Entities and Business Associates must begin good faith compliance based solely on the language of the HITECH Act. Below are some highlights. http://www.mcguirewoods.com/news-resources/item.asp?item=4555 Heartland Posts 4Q Loss on Settlement Costs (Business Week, 18 Feb 2010) - Heartland Payment Systems Inc. on Thursday posted a fourth-quarter loss and missed Wall Street expectations as it booked charges to settle claims over a data breach. The company, which processes credits card payments, also declared a quarterly dividend of 1 cent per share payable March 15 to shareholders of record on March 5. For the three months ending Dec. 31, the company said it lost $9.6 million, or 26 cents per share. That compared to a profit of $8 million, or 21 cents per share, in the year-ago period. The results included charges of $23.7 million related to settlement offers over a data breach in late 2008. The money went to Visa credit and debit card issuers to cover losses incurred after hackers installed spying software on Heartland’s computer network. Excluding one-time charges, the company earned 16 cents per share for the quarter. On that basis, analysts polled by Thomson Reuters expected a profit of 20 cents per share. http://www.businessweek.com/ap/financialnews/D9DUOVM80.htm Widespread Data Breaches Uncovered by FTC Probe (FTC, 22 Feb 2010) - The Federal Trade Commission has notified almost 100 organizations that personal information, including sensitive data about customers and/or employees, has been shared from the organizations’ computer networks and is available on peer-to-peer (P2P) file-sharing networks to any users of those networks, who could use it to commit identity theft or fraud. The agency also has opened non-public investigations of other companies whose customer or employee information has been exposed on P2P networks. To help businesses manage the security risks presented by file-sharing software, the FTC is releasing new education materials that present the risks and recommend ways to manage them. http://ftc.gov/opa/2010/02/p2palert.shtm Student Files Petition To Preserve Evidence In Webcam Spying Case (SiliconValley.com, 22 Feb 2010) - A student who has accused his suburban Philadelphia school district in a lawsuit of spying on him and other students via their school-issued webcams will ask district officials not to remove any potential evidence from student computers, his lawyer said Monday. Lawyers for the Lower Merion School District are due in federal court on the issue Monday afternoon, on an emergency petition from student Blake Robbins of Penn Valley. Lower Merion officials confirmed last week they had activated the webcams to try to find 42 missing laptops, without the knowledge or permission of students and their families. Both the FBI and local authorities are investigating whether the district broke any wiretap, computer-use or other laws. The American Civil Liberties Union filed a brief in support of the student Monday, arguing that the photo amounts to an illegal search. http://www.siliconvalley.com/latest-headlines/ci_14449371 - and - Remotely Spying on Kids with School Laptops (Schneier, 24 Feb 2010) - It’s a really creepy story. A school issues laptops to students, and then remotely and surreptitiously turns on the camera. (Here’s the lawsuit.) This is an excellent technical investigation of what actually happened. This investigation into the remote spying allegedly being conducted against students at Lower Merion represents an attempt to find proof of spying and a look into the toolchain used to accomplish spying. Taking a look at the LMSD Staff List, Mike Perbix is listed as a Network Tech at LMSD. Mr. Perbix has a large online web forum footprint as well as a personal blog, and a lot of his posts, attributed to his role at Lower Merion, provide insight into the tools, methods, and capabilities deployed against students at LMSD. Of the three network techs employed at LMSD, Mr. Perbix appears to have been the mastermind behind a massive, highly effective digital panopticon. http://www.schneier.com/blog/archives/2010/02/remotely_spying.html [Editor: Schneier’s posting is comprehensive. If the stated facts are true, this is a ground-breaking invasion, and (if understood widely enough) a reasonable ground for US Congressional action.] Thousands of Authors Opt Out of Google Book Settlement (The Guardian, 23 Feb 2010) - Former children’s laureates Quentin Blake, Anne Fine and Jacqueline Wilson, bestselling authors Jeffrey Archer and Louis de Bernières and critical favourites Thomas Pynchon, Zadie Smith and Jeanette Winterson have all opted out of the controversial Google book settlement, court documents have revealed. Authors who did not wish their books to be part of Google’s revised settlement needed to opt out before 28 January, in advance of last week’s ruling from Judge Denny Chin over whether to allow Google to go ahead with its divisive plans to digitise millions of books. The judge ended up delaying his ruling, after receiving more than 500 written submissions, but court documents related to the case show that more than 6,500 authors, publishers and literary agents have opted out of the settlement. As well as the authors named above, these include the estates of Rudyard Kipling, TH White, James Herriot, Nevil Shute and Roald Dahl, Man Booker prizewinners Graham Swift and Keri Hulme, poets Pam Ayres, Christopher Middleton, Gillian Spraggs and Nick Laird, novelists Bret Easton Ellis, James Frey, Monica Ali, Michael Chabon, Philip Hensher and Patrick Gale, historian Simon Sebag Montefiore, biographer Victoria Glendinning and bestselling author of the Northern Lights trilogy Philip Pullman. Ursula K Le Guin, who gained significant author support for her petition calling for “the principle of copyright, which is directly threatened by the settlement, [to] be honoured and upheld in the United States”, also opted out. http://www.guardian.co.uk/books/2010/feb/23/authors-opt-out-google-book-settlement Rootkits Work Nicely on Smartphones, Thank You (Dark Reading, 23 Feb 2010) - Computer scientists at Rutgers University this week are demonstrating ways that rootkits can attack new generations of smart mobile phones. The researchers, who are presenting their findings at a mobile computing workshop in Maryland, are showing how a rootkit could cause a smartphone to eavesdrop on a meeting, track its owner’s travels, or rapidly drain its battery to render the phone useless—all without the user’s knowledge. Rootkit attacks on smartphones—or upcoming tablet computers—could be more devastating because smartphone owners tend to carry their phones with them all of the time, the researchers say. This creates opportunities for potential attackers to eavesdrop, extract personal information from phone directories, or just pinpoint a user’s whereabouts by querying the phone’s GPS receiver. Smartphones also have new ways for malware to enter the system, such as through a Bluetooth radio channel or via text message. http://www.darkreading.com/vulnerability_management/security/client/showArticle.jhtml?articleID=223100433 Social Media Trends at Fortune 100 Companies (Mashable, 23 Feb 2010) - PR firm Burson-Marsteller studied the 100 largest companies in the Fortune 500 list and found that 79% of then use Twitter, Facebook, YouTube or corporate blogs to communicate with customers and other stakeholders. The firm broke its findings down by region (North America, Europe, Asia-Pacific and Latin America) and network. Twitter is the most popular platform that the companies use; two-thirds of the Fortune 100 have at least one Twitter account. Actually, they have an average of 4.2 Twitter accounts. Fifty-four percent have at least one Facebook fan page, 50% have at least one YouTube channel, and 33% have at least one corporate blog. Twenty percent of the companies use all four social media platforms. Social networks like Twitter and Facebook are mostly West-oriented; Asia-Pacific companies don’t use them as much, instead preferring corporate blogs. When they do use Twitter or Facebook, it’s usually to engage consumers in Europe and North America. There are a bunch of other interesting stats in the study — including proof that consumers actually do like to engage with companies via social media, making all those channels worthwhile. We’ve embedded Burson-Marsteller’s presentation below. http://mashable.com/2010/02/23/fortune-100-social-media/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Mashable+(Mashable)&utm_content=Google+Reader Judge Dismisses Defamation Lawsuit Brought Against Boing Boing By Co. Targeting Ads Based on Phone Numbers (Online Media Daily, 23 Feb 2010) - In a victory for Web publisher Boing Boing, a judge in California has dismissed a defamation lawsuit brought by Magic Jack, a company that offers a USB dongle for Voice over Internet Protocol service. Marin County Superior Court Judge Verna Adams ruled that Magic Jack’s complaint—about a Boing Boing item that accused Magic Jack of being a “snoop” because it planned to serve ads based on phone numbers users called—was barred by California’s broad anti-SLAPP (strategic lawsuits against public participation) statute. That law provides for a quick dismissal of lawsuits that are aimed at squelching debate about matters of public interest. http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=123039 ‘Pension Committee’ Clarifies E-Discovery Requirements (Law.com, 23 Feb 2010) - In a bombshell opinion and order issued just weeks ago by U.S. Southern District of New York Judge Shira A. Scheindlin, litigants and lawyers have been admonished (again) about their discovery obligations, particularly, to preserve, collect and produce electronic documents, records and data in their possession, custody, or control. Scheindlin, one of the foremost experts on the law of electronic discovery, was the author of the Zubulake line of decisions that many say ushered in a new era of robust electronic discovery. Now, her new blockbuster is the Pension Committee decision,[FOOTNOTE 1] which carries the picturesque title, “‘Zubulake’ Revisited: Six Years Later.” Pension Committee promises to be a guide and oft-cited framework for complying with electronic discovery requirements. Since the new decision copiously analyzes a series of discovery failures that led to sanctions against numerous plaintiff-companies, it is a practical roadmap on how real people and real attorneys may be confronted by real challenges regarding compliance only to wind up making judgments that come back to haunt them. Pension Committee also is a kind of “how-to” manual setting forth key principles relating to issuing, monitoring, and enforcing litigation holds, discharging preservation and search techniques, and documenting appropriate behind-the-scenes conduct so that the responding party can withstand accusations of insufficient disclosure by the adversary. Then, too, there is advice regarding sanctions, what needs to be proved and by whom, the criteria of “relevance” and “prejudice,” the legal behavior standards of negligence, gross negligence and willfulness, available remedies and, even, the text of an actual spoliation instruction. http://www.law.com/jsp/article.jsp?id=1202444109380&rss=newswire Google to Appeal Italian Court Ruling (The Telegraph, 24 Feb 2010) - The trial centred on footage posted on Google Video that showed a Down’s syndrome teenager being bullied by four other boys at a school in Turin. The footage was uploaded to the site in September 2006, and remained online for two months before being removed following complaints from web users. Prosecutors in Milan brought the case after being contacted by a charity, Viva Down. The court argued that the boy’s privacy had been violated and that Google should have removed the footage quicker than it did. Three Google employees – David Drummond, Peter Fleischer and George Reyes, who has since left the company – were found guilty of failing to apply with the Italian privacy code, and were given six-month suspended sentences. But Google said the ruling was “ludicrous”, and pledged to appeal against a “chilling decision” that had potentially far-reaching implications for scores of websites. http://www.telegraph.co.uk/technology/google/7307442/Google-to-appeal-Italian-court-ruling.html Step 1 for Legal Holds: Trigger Events (Law.com, 24 Feb 2010) - This series of articles provides an overview of the steps necessary to implement a legally defensible, written litigation hold and are based on the “Seven Steps for Legal Holds of ESI and Other Documents” (ARMA International 2009). The seven steps for legal holds are designed to help organizations tackle the seemingly daunting task of implementing written litigation holds. Although this series was conceived months ago, written litigation holds are now more important than ever in light of U.S. District Court Judge Shira Scheindlin’s Opinion and Order in The Pension Committee v. Banc of America, Case No. 05-cv-9016 (SDNY Jan. 11, 2010, as amended Jan. 15, 2010). Her introduction is a fitting opening to the series: In an era where vast amounts of electronic information is available for review, discovery in certain cases has become increasingly complex and expensive. Courts cannot and do not expect that any party can meet a standard of perfection. Nonetheless, the courts have a right to expect that litigants and counsel will take the necessary steps to ensure that relevant records are preserved when litigation is reasonably anticipated, and that such records are collected, reviewed, and produced to the opposing party. As discussed six years ago in the Zubulake opinions, when this does not happen, the integrity of the judicial process is harmed and the courts are required to fashion a remedy. http://www.law.com/jsp/article.jsp?id=1202444383053&rss=newswire [Step 2 “Analyze the Trigger Event”: http://www.law.com/jsp/article.jsp?id=1202444485889&rss=newswire; Step 3 “Define the Scope”: http://www.law.com/jsp/article.jsp?id=1202444602884&rss=newswire; Step 4 “Implementation”: http://www.law.com/jsp/article.jsp?id=1202444715730&rss=newswire; Step 5 “Enforcement”: http://www.law.com/jsp/article.jsp?id=1202444943804&rss=newswire; Step 6 “Modification”: http://www.law.com/jsp/article.jsp?id=1202445338949&rss=newswire; Step 7 “Monitor and Remove”: ]http://www.law.com/jsp/article.jsp?id=1202445425984&rss=newswire] Avatar Rape (InsideHigherEd, 25 Feb 2010) - Avatar harassment and sexual assault remain controversial issues because institutions hosting virtual worlds are not accustomed to dealing with — or even discussing — digital forms of these distressing behaviors. Harassment and assault are frequent infractions in virtual environs, including those frequented by students and professors. London journalist Tim Guest, author of Second Lives: a Journey Through Virtual Worlds, estimated that “about 6.5 percent of logged-in residents” have filed one or more abuse reports in Second Life. By the end of 2006, he writes, Linden Lab, creator of Second Life, “was receiving close to 2,000 abuse reports a day.” Current statistics are unavailable. But you can monitor the types of offenses and where they occurred in Second Life by accessing its community incident report chronicling the 25 most recent infractions and resulting penalties. On Dec. 28, 2009, five of the 25 infractions concerned “indecency: broadly offensive content or conduct”; three, sexual harassment; and two, intolerance. Most penalties included warnings with four one-day suspensions and one three-day suspension. (In fairness, Linden Lab has tried to crack down on these community infractions, hosting guides such as this to inform users about abuse and how to file reports about repeat offenders.) Educational institutions with a presence in or that introduced students to virtual worlds might want to analyze the phenomenon of avatar rape, which presents a unique challenge to traditional jurisprudence. Rape is assumed to be both physical and geographical, as in a crime scene. Both dimensions are missing on the Web. Nevertheless, avatars are symbols of the self. As such, it behooves us to investigate: • How avatar rape happens in virtual worlds. • What concepts and theories apply when the act is neither physical nor geographical. • Why the discussion is even necessary. http://www.insidehighered.com/views/2010/02/25/bugeja New U.S. Military Policy Opens Up Social Media to the Troops (Mashable, 26 Feb 2010) - A new policy released today by the Pentagon has reversed multiple bans on social media websites and tools, effective immediately. This policy includes YouTube, Facebook, MySpace, Twitter, Google Apps, and other social tools. Certain branches of the military, such as the U.S. Marines, ban the use of social media because they are a “proven haven for malicious actors and content and are particularly high risk due to information exposure.” Today’s decision, handed down by the Office of Deputy Secretary of Defense William Lynn, will reverse that ban and others, such as the one the U.S. Army has had on YouTube since 2007. The new policy is far reaching, but as NYT’s At War Blog points out, it isn’t without caveats. The change only affects the military’s non-classified Internet network, known as NIPRNET. It also gives commanders at all levels leeway in temporarily banning specific social tools. In other words, you can expect some commanders to reinstate some of these bans for security reasons. http://mashable.com/2010/02/26/military-social-media/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Mashable+(Mashable)&utm_content=Google+Reader Social Networks Play a Major Part in How We Get News (Mashable, 1 March 2010) - The latest study from Pew Internet analyzes the news consumers in America and various different ways of finding news. Based on a sample of 2,259 adults, the study reveals that three fourths of the people (75%) who find news online get it either forwarded through email or posts on social networking sites, and half of them (52%) forward the news through those means. However, the study also shows that very few people nowadays (7%) are getting information from a single media platform. In fact, nearly half of Americans (46%) claim they get news from four to six media platforms on a typical day. And while TV is still the biggest source of news (78% of Americans say they get news from a local TV station), Internet sits on second place (61% of users get news online), ahead of radio and newspapers. Interestingly enough, relatively few people – only 17 percent – claim they read news in a national newspaper such as the New York Times or USA Today. http://mashable.com/2010/03/01/social-networks-source-news/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Mashable+(Mashable)&utm_content=Google+Reader German Court Overturns Law on Phone, E-Mail Data (AP, 2 March 2010) - Germany’s highest court on Tuesday overturned a law that let anti-terror authorities retain data on telephone calls and e-mails, saying it posed a “grave intrusion” to personal privacy rights and must be revised. The court ruling was the latest to sharply criticize a major initiative by Chancellor Angela Merkel’s government and one of the strongest steps yet defending citizen rights from post-Sept. 11 terror-fighting measures. The ruling comes amid a European-wide attempt to set limits on the digital sphere, that includes disputes with Google Inc. over photographing citizens for its Street View maps. The Karlsruhe-based Federal Constitutional Court ruled that the law violated Germans’ constitutional right to private correspondence and failed to balance privacy rights against the need to provide security. It did not, however, rule out data retention in principle. The law had ordered that all data — except content — from phone calls and e-mail exchanges be retained for six months for possible use by criminal authorities, who could probe who contacted whom, from where and for how long. http://news.yahoo.com/s/ap/20100302/ap_on_hi_te/eu_germany_data_retention Dancing Tot Prevails Over UMG in YouTube Fair Use Case (ArsTechnica, 2 March 2010) - The mother of a dancing toddler is dancing after winning a closely watched copyright case. US District Judge Jeremy Fogel granted partial summary judgment to Stephanie Lenz last week in her battle against Universal Music Group, putting a halt to Universal’s attempts to paint Lenz as having “bad faith” and “unclean hands” in her lawsuit. As a result, the doors have been opened for Lenz to collect attorneys’ fees in her case, though other damages aren’t likely to come Lenz’s way. Universal, the world’s largest music label, had sent a takedown notice to YouTube in 2007 over a video clip of Lenz’s child bouncing to Prince’s “Let’s Go Crazy.” Watching the (now re-uploaded) clip, it’s clear that the music is merely blasting in the background while the video was being recorded and, in some places, the song is barely even recognizable. The initial takedown appears to have been the typical DMCA notice that the labels fire off when they detect a video they believe is infringing, but Lenz pushed back with the help of the Electronic Frontier Foundation. The EFF and Lenz filed a lawsuit against Universal, arguing that the video was “self-evident noninfringing fair use” and the DMCA takedown was bogus. Universal shot back by saying that even if the clip constituted fair use, it was still infringing and therefore the takedown notice was made in good faith. That’s right: Universal said that it was possible for a clip of the music to be used legally (according to US Copyright Law) while also being infringing at the same time, simply because the song itself was copyrighted and owned by Universal. Universal lobbed numerous arguments at Lenz and the EFF over the next two-and-a-half years. Some of these included a strange argument that the DMCA notice in question was not technically a DMCA notice and therefore could not be litigated as one (Judge Fogel flatly rejected this claim), that it was unreasonable to expect Universal to consider fair use before sending takedown notices (also rejected), and that the EFF itself was more interested in “attention-grabbing press releases” that further its own “philosophical objections” than it was in filing legitimate lawsuits. On top of that, Universal made numerous affirmative defenses for its actions by telling the court that Lenz acted in bad faith when uploading the video to YouTube because usage of the site does not constitute “private viewing,” and that her First Amendment rights were not harmed enough to warrant monetary damages. The label also said Lenz had “unclean hands” for making supposedly false allegations in her lawsuit (though Lenz shot back that Universal should seek sanctions against her if it believes she engaged in misconduct). In his ruling last week, Judge Fogel analyzed the arguments over damages, but eventually granted Lenz’ motions for partial summary judgment. The decision will allow Lenz to recover attorneys’ fees from her initial case against the bogus takedown, but not necessarily other damages that may have been incurred while fighting Universal. (In order to win further damages, Lenz would have had to prove that Universal knowingly sent the notice in bad faith.) http://arstechnica.com/tech-policy/news/2010/03/dancing-tot-prevails-over-umg-in-youtube-fair-use-case.ars - and - Viacom: “Fair Use Works For Us,” Unlikely To Sue Bloggers (ArsTechnica, 11 March 2010) - Viacom is unlikely to sue bloggers for posting their own clips of The Daily Show or The Colbert Report, contrary to reports floating around on the Internet. The company clarified its position to Ars on Thursday, noting that it tries to be as permissive as possible when it comes to fair use and that individual bloggers have never been on the studio’s radar. The confusion began when the Hollywood Reporter ran a story on Wednesday titled “Viacom will sue bloggers who post unauthorized ‘Daily Show’ clips,” quoting Viacom spokesperson Tony Fox. “Yes, we intend to do so,” Fox was quoted saying. “My feeling is if (websites) are making money on our copyrighted content, then that is a problem.” http://arstechnica.com/tech-policy/news/2010/03/viacom-fair-use-works-for-us-unlikely-to-sue-over-clips.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss Trial Judges Impose Penalties for Social Media in the Courtroom (Citizen Media Law, 3 March 2010) - As state and federal courts continue to struggle with the use of social media in courtrooms and courthouses, recently state judges in Colorado and Ohio took action against courtroom observers who used social media technology in court. An Ohio judge imposed the more serious penalty against two trial attendees who separately pointed a Flip camera and a cell phone towards to the jury during trial testimony in a murder case. On February 16, Dwayne Davenport went on trial for the fatal shooting of Michael Grissett in East Cleveland on January 16, 2009. (Two other defendants in the case pleaded guilty, and are awaiting sentencing.) As reported by the Cleveland Plain Dealer, on the second day of trial jurors noticed that Andre Block (the defendant’s friend) and Dwight Davenport (the defendant’s cousin), who were seated in the back row of the courtroom observing the trial, were pointing the above-mentioned devices at the jury. After jurors complained to Common Pleas Judge Nancy Margaret Russo, she ordered Block and Dwight Davenport arrested for contempt of court and declared a mistrial in the case. At a hearing on the contempt citation held on February 25, Judge Russo told Block and Dwight Davenport that they were guilty of “intimidating and frightening my jury,” and that their actions had made the jurors fearful of jury service, forcing the mistrial. Block, who used a Flip phone to record about eight minutes of the proceedings, claimed that he was taking video of the defendant, his friend Dwayne Davenport, to remember him in case Davenport was sent to prison. Judge Russo sentenced Block to 60 days in prison. Another recent incident arose during the Colorado murder case against Willie Clark, accused of killing Denver Broncos cornerback Darrent Williams. Judge Christina Habas has imposed strict restrictions (pdf) on trial observers, including a prohibition on all communications from the courtroom, whether by blogging, text messaging, or other means, and a ban on cameras and cell phones from an entire section of the courthouse. Despite these restrictions, numerous signs in the courthouse summarizing the rules, security checkpoints at both the courthouse and courtroom doors, and an announcement of the cell phone ban at the start of proceedings, Robert Forto—who was covering the case for his blog—had his iPhone with him in the courtroom. His daughter called him, then his wife sent him a text message, and then his daughter left a voicemail. Forto texted his daughter, saying “I can’t talk right now.” A sheriff’s deputy saw Forto send the text message and removed Forto from the courtroom and took his cell phone. http://www.citmedialaw.org/blog/2010/trial-judges-impose-penalties-social-media-courtroom?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+CitizenMediaLawProject+(Citizen+Media+Law+Project)&utm_content=Google+Reader Why We Tweaked Our Copyright Notice (ArsTechnica, 3 March 2010) - A couple of weeks ago, we ran an article on the various overbroad copyright notices one finds in books and on TV sports. You know the sort of thing—”any other use of this telecast or any pictures, descriptions, or accounts of the game without the NFL’s consent is prohibited.” The piece focused on a pair of lawyers who had complained about such notices back in 2007, and we wanted to know what had happened with those complaints. The short answer: not much. Readers pointed out that our own footer contains a pretty strong copyright statement of its own: “The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast Digital.” But of course, you can reproduce and distribute and cache much of this information for a variety of reasons under US copyright law. We told readers that we would look into the issue, and Editor-in-Chief Ken Fisher agreed to ask our corporate lawyers about making a small change to the notice. The lawyers had no problem with the proposed change, and we pushed out the updated page code this weekend. The notice now says, “Except where permitted by law, the material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast Digital.” It’s not a major change, and the notice doesn’t alter anyone’s rights under US law one way or the other. We do think it was important to make clear in such notices that there are limits to copyright law, however, and that the company’s claims to its material are not so absolute as such notices can make them sound. http://arstechnica.com/tech-policy/news/2010/03/why-we-tweaked-our-copyright-notice.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss RealNetworks Deal to Discontinue DVD-Copying Software Includes $4.5 Million for Studios’ Legal Tab (Law.com, 4 March 2010) - Good luck trying to burn a copy of your favorite DVD now. RealNetworks agreed to kill DVD-copying software that raised the hackles of movie studios in Hollywood. The company will also pay $4.5 million to cover the studios’ legal fees and costs for the copyright fight that ensued in the Northern District of California. The concessions came in a Monday settlement agreement and a consent judgment, approved by Judge Marilyn Hall Patel on Wednesday. RealNetworks threw in the towel after Patel repeatedly sided with the major movie studios and the DVD Copy Control Association. The judge granted a preliminary injunction against RealNetworks’ software, RealDVD, in August. Patel concluded that it violated the Digital Millennium Copyright Act by circumventing copy control locks on DVDs. She gave little credence to Real’s defense that DVD owners have a fair use right to copy their own movies. The studios were represented by Munger, Tolles & Olson, while Akin Gump Strauss Hauer & Feld represented the DVD CCA. Wilson Sonsini Goodrich & Rosati represented RealNetworks. http://www.law.com/jsp/article.jsp?id=1202445440154&rss=newswire FDIC: Hackers Took More Than $120m in Three Months (Computerworld, 8 March 2010) - Ongoing computer scams targeting small businesses cost U.S. companies $25 million in the third quarter of 2009, according to the U.S. Federal Deposit Insurance Corporation. Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and rose to over $120 million in the third quarter of 2009, according to estimates presented Friday at the RSA Conference in San Francisco, by David Nelson, an examination specialist with the FDIC. The FDIC receives a variety of confidential reports from financial institutions, which allow it to generate the estimates, Nelson said. Almost all of the incidents reported to the FDIC “related to malware on online banking customers’ PCs,” he said. Typically a victim is tricked into visiting a malicious Web site or downloading a Trojan horse program that gives hackers access to their banking passwords. Money is then transferred out of the account using the Automated Clearing House (ACH) system that banks use to process payments between institutions. http://www.computerworld.com/s/article/9167598/FDIC_Hackers_took_more_than_120M_in_three_months?source=rss_news U.S. Hopes Exports Will Help Open Closed Societies (NYT, 8 March 2010) - Seeking to exploit the Internet’s potential for prying open closed societies, the Obama administration will permit technology companies to export online services like instant messaging, chat and photo sharing to Iran, Cuba and Sudan, a senior administration official said Sunday. On Monday, he said, the Treasury Department will issue a general license for the export of free personal Internet services and software geared toward the populations in all three countries, allowing Microsoft, Yahoo and other providers to get around strict export restrictions. The companies had resisted offering such services for fear of violating existing sanctions. But there have been growing calls in Congress and elsewhere to lift the restrictions, particularly after the postelection protests in Iran illustrated the power of Internet-based services like Facebook and Twitter. The Treasury Department’s action follows a recommendation by the State Department in mid-December that the Office of Foreign Assets Control, which is run by the Treasury, authorize the downloading of “free mass-market software” in Iran by Microsoft, Google and other companies. The administration’s blanket waiver does not apply to encryption and other software that makes it harder for the authorities to track people’s Internet activity. That category of technology does not fall within the mass-market services that can be downloaded free from the Internet, he said. But the official said the Treasury would grant licenses to such providers on a case-by-case basis, and would generally look favorably on them. One such service, known as Haystack, is awaiting a waiver from the State Department, and is subsequently likely to obtain a Treasury license. http://www.nytimes.com/2010/03/08/world/08export.html?scp=1&sq=export%20internet%20services&st=cse Law Firms Slow to Awaken to Cybersecurity Threat (Law.com, 9 March 2010) - An oddly worded e-mail was the first sign of something amiss at Los Angeles firm Gipson Hoffman & Pancione. It didn’t read like the messages the firm’s attorneys usually sent each other—didn’t pass the “smell test.” His suspicions raised, the recipient, associate Gregory Fayer, picked up the phone and discovered that the colleague who supposedly sent the e-mail knew nothing of it. Other attorneys at the firm also received the bogus e-mail, which was eventually traced to China—where Gipson Hoffman is litigating a $2.2 billion copyright infringement suit against the government. Fayer was well aware that cyberattackers often use fake e-mail messages to break into computer networks. The firm couldn’t directly link the bogus messages to its lawsuit—the FBI is still investigating the matter—but found it hard to dismiss as mere coincidence. Notably, the episode followed closely on the heels of Google’s announcement that hackers had broken into the Gmail accounts of several Chinese human rights activists. Although the public acknowledgement of the attack was unusual, it was hardly the first time that a law firm has been targeted by a sophisticated network of overseas hackers looking to infiltrate computer systems in order to gather data or monitor attorney activity, according to attorneys and technology experts. Law firms have dealt quietly with cyberattacks for years, but lately those strikes appear to be on the rise, said Marc Zwillinger, a former partner at Sonnenschein Nath & Rosenthal who this month opened Zwillinger Genetski, a Washington law boutique specializing in internet security and data privacy. “The activity focusing on law firms has definitely picked up in the past year or two, compared to what it was,” said Zwillinger, who has advised law firms dealing with cybersecurity breaches. “We’ve been seeing a fair bit of activity where the attacker is looking to acquire information that has strategic value.” Law firms are attractive targets for cyberattackers because they maintain sensitive client information on their systems, according to attorneys and technology consultants. Firms don’t often realize that their computer systems have been infiltrated and rarely go public if they do face a security breach, Zwillinger and other internet security experts said. http://www.law.com/jsp/article.jsp?id=1202445899467&rss=newswire European Parliament Rips Global IP Accord (Wired, 10 March 2010) - The European Parliament delivered a political blow to Hollywood and the Obama administration, voting Wednesday 663 to 13 in opposition to a proposed and secret intellectual property agreement being negotiated by the European Union, United States and a handful of others. Wednesday’s developments concerning the Anti-Counterfeiting and Trade Agreement are substantial because the European Union’s 27 countries vastly outnumber the remaining countries negotiating the deal. They are Australia, Canada, Japan, South Korea, Mexico, Morocco, New Zealand, Singapore, Switzerland and the United States. Ambassador Ron Kirk, the top U.S. trade official, is spearheading the deal that began being crafted under the George W. Bush administration. Kirk’s office declined comment. To be sure, there is a dispute and heavy confusion concerning whether internet service providers under ACTA would be forced to punish customers deemed copyright scofflaws by reducing or eliminating service, according to a string of leaked documents. So parliament members also agreed Wednesday to oppose the measure if it contains so-called “three strikes” or “graduated response” policies — regardless of whether that’s now in the text. And because of the text’s secrecy, parliament on Wednesday also demanded (.pdf) that the private agreement still under negotiation be publicly released. Whether parliament’s action scuttles ACTA is another matter. Michael Geist, a law professor at the University of Ottawa, said in a telephone interview that Wednesday’s resolution also OKs more ACTA global negotiations on behalf of the European Union. Geist said he expects Europe to participate in the next round of ACTA negotiations to get underway April 12 in New Zealand. http://www.wired.com/threatlevel/2010/03/european-parliament-rips-global-ip-accord/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+wired27b+(Blog+-+27B+Stroke+6+(Threat+Level))#ixzz0hoPTuju7 Bad Employee! 12% Knowingly Violate Company IT Policies (ArsTechnica, 10 March 2010) - By now, it’s practically a mantra that the biggest problem with corporate IT security is the employees themselves. However, we usually assume that’s due to ignorant users or poorly enforced policies. Not so for a chunk of the US working population—according to a survey conducted by Harris Interactive, 12 percent admitted to knowingly violating IT policy in order to get work done. http://arstechnica.com/business/news/2010/03/bad-employee-12-knowingly-violate-company-it-policies.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss 20 Ways to Link Dispersed Legal Departments (Law.com, 10 March 2010; by Rees Morrison) - A legal department that speaks with a single voice, thinks with a single mind, and acts like a partnership will outperform one that is fragmented with uneven or inconsistent practices and policies. General counsel of dispersed legal departments, those with lawyers based in several locations around the world, have a particular problem of striving to nurture a sense that members work in a single, unified department. It is true that the larger the department, the more techniques of solidarity help, but even a small department, if its members are not in the same location, can benefit. In this article I discuss 20 techniques, by increasing order of difficulty or cost to bring about, that increase coherence and effectiveness in a spread-out legal department. http://www.law.com/jsp/article.jsp?id=1202445966228&rss=newswire HHS Publishes List of Entities Reporting Health Information Breaches (Steptoe & Johnson’s E-Commerce Law Week, 11 March 2010) - The Department of Health and Human Services has published on its website a list of the breaches of unsecured health information affecting 500 or more individuals that have been reported since the Health Information Technology for Economic and Clinical Health (HITECH) Act took effect in September 2009.  The Federal Trade Commission previously issued its own final rule regarding breaches of unsecured health information by entities not subject to the Health Insurance Portability and Accountability Act.  Breaches affecting more than 500 individuals also must be reported to the FTC, which will maintain a publicly available database of all reported breaches in order to “provide businesses with information about potential sources of data breaches,” keep the public informed, and aid policymakers in developing data breach regulations. http://www.steptoe.com/publications-6696.html Why Social Media Policies Don’t Work (GigaOM, 12 March 2010) - Maybe Thomson Reuters was feeling nostalgic about the flurry of negative attention that both the New York Times and the Washington Post got last year when they came out with policies on the use of social media tools such as Twitter and Facebook. For whatever reason, the wire service recently issued new guidelines for its staff, and they suffer from many of the same problems that both the NYT and WaPo policies did. All of these flaws boil down to one thing: A desire to control something that fundamentally can’t be controlled, and a fear of what happens when that control is lost. Without even bothering to enumerate the positive aspects of social-media use, the policy starts in with the warnings right away: “We want to encourage you to use social media approaches in your journalism but we also need to make sure that you are fully aware of the risks — especially those that threaten our hard-earned reputation for independence and freedom from bias or our brand.” The risks, of course, are everywhere — someone might say something embarrassing, or post a tweet that others could twist to disparage Reuters: “The advent of social media does not change your relationship with the company that employs you — do not use social media to embarrass or disparage Thomson Reuters. Our company’s brands are important; so, too, is your personal brand. Think carefully about how what you do reflects upon you as a professional and upon us as an employer of professionals.” http://gigaom.com/2010/03/12/reuters-and-why-social-media-policies-dont-work/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+OmMalik+(GigaOM)&utm_content=Google+Reader Instant Ads Set the Pace on the Web (NYT, 12 March 2010) - Advertisers have been able to direct online messages based on demographics, income and even location, but one element has been largely missing until recently: immediacy. Advertisers booked slots in advance, and could not make on-the-fly decisions about what ads to show based on what people were doing on the Web. Now, companies like Google, Yahoo and Microsoft let advertisers buy ads in the milliseconds between the time someone enters a site’s Web address and the moment the page appears. The technology, called real-time bidding, allows advertisers to examine site visitors one by one and bid to serve them ads almost instantly. For example, say a man just searched for golf clubs on eBay (which has been testing a system from a company called AppNexus for more than a year). EBay can essentially follow that person’s activities in real time, deciding when and where to show him near-personalized ads for golf clubs throughout the Web. If eBay finds out that he bought a driver at another site, it can update the ad immediately to start showing him tees, golf balls or a package vacation to St. Andrew’s, Scotland, often called the home of golf. If a woman was shopping, eBay could change the ad’s color or presentation. While companies have been plugging real-time bidding for a couple of years, industry heavyweights are now behind it. Google introduced its revised DoubleClick Ad Exchange, offering real-time bidding, in September. Yahoo is testing the process on its Right Media Exchange, and Microsoft on its AdECN exchange. A consumer would barely notice the shift, except that ads might seem more relevant to exactly what they are shopping for. It is another way in which marketers are massaging information — and something that has raised ire in Washington, where the Federal Trade Commission has been holding discussions on tailored advertising. “The fact that you can be auctioned off in 12 milliseconds or less just illustrates how privacy in this country has rapidly eroded,” said Jeffrey Chester, executive director of the consumer group Center for Digital Democracy. http://www.nytimes.com/2010/03/12/business/media/12adco.html?scp=1&sq=instant%20ads&st=Search NOTED PODCASTS This Law is My Law (Berkman Center, 25 Feb 2010) - This week we sit down with Carl Malamud, who with the group Public.Resource.org is pushing to put law in the public domain. We covered the issue of copyright on law a few months ago in Radio Berkman 129, where Steve Schultze introduced us to RECAP – a software that helps legal researchers bypass hefty fees for access to legal documents. There is now a movement afoot, not just to bypass the system that puts law behind a paywall, but to remove it altogether. If you think this is a small issue – note that Americans spend some $10 billion a year just to access legal documents, everything from local building codes to Supreme Court records. The Executive Branch alone pays $50 million to access district court records. Some cash-strapped law schools ration students’ access to per-page charging services for legal records. And journalists, non-profits, and average citizens interested in legal research are feeling just as nickeled-and-dimed by fees. http://cyber.law.harvard.edu/node/5958 [Editor: good 25-minute podcast about PACER/RECAP, Oregon’s copyright claims in its Code, and open access to the law. ONE STAR] RESOURCES Social Networking and Constituent Communications: Member Use of Twitter During a Two-Month Period in the 111th Congress (Congressional Research Service, February 2010) - Beginning with the widespread use of e-mail by Congress in the mid-1990’s, the development of new electronic technologies has altered the traditional patterns of communication between Members of Congress and constituents. Many Members now use e-mail, official websites, blogs, YouTube channels, and Facebook pages to communicate with their constituents--technologies that were either non-existent or not widely available 15 years ago. These technologies have arguably served to enhance the ability of Members of Congress to fulfill their representational duties by providing greater opportunities for communication between the Member and individual constituents, supporting the fundamental democratic role of spreading information about public policy and government operations. In addition, electronic technology has reduced the marginal cost of constituent communications; unlike postal letters, Members can reach large numbers of constituents for a relatively small fixed cost. Despite these advantages, electronic communications have raised some concerns. Existing law and chamber regulations on the use of communication media such as the franking privilege have proven difficult to adapt to the new electronic technologies. This report examines Member use of one specific new electronic communication medium: Twitter. After providing an overview and background of Twitter, the report analyzes patterns of Member use of Twitter during August and September 2009. http://assets.opencrs.com/rpts/R41066_20100203.pdf Data Security, Third-Party Privacy Claims, and Insurance Coverage Under CGL “Personal and Advertising Injury” Coverage (Jones Day, Feb 2010) - For a company faced with a data breach resulting in the possible disclosure of private information, an important question is how, if at all, commercial general liability insurance will respond to third-party claims alleging damages. If your company has specialty coverage for data security loss, cybertheft, or similar liabilities, then your right to coverage might be clear. If you do not have such special coverage available, however, then you might nevertheless have a prospect of recovering defense costs and indemnity under your CGL policy. http://www.jonesday.com/data_security/ [Editor: useful re-survey of the issues and arguments.] FCC Releases Internet Speed Test Tool (Reuters, 11 March 2010) - The U.S. Federal Communications Commission on Thursday launched a broadband test service to help consumers clock the speed of their Internet. Located at the site http://www.broadband.gov, the test is aimed at allowing consumers to compare their actual speeds with the speeds advertised by their providers. The FCC release follows an FCC meeting in September where officials said that actual speeds were estimated to lag by as much as 50 percent during busy hours. “The FCC’s new digital tools will arm users with real-time information about their broadband connection and the agency with useful data about service across the country,” FCC Chairman Julius Genachowski said in a statement. The FCC is also collecting information about where broadband is not available. Consumers can email the FCC at fccinfo@fcc.gov or call the FCC. http://www.washingtonpost.com/wp-dyn/content/article/2010/03/11/AR2010031104824.html LOOKING BACK - MIRLN TEN YEARS AGO First of a Kind Court Ruling Allows Online News Service to “Deep Link” (Financial Times 22 Aug 2000) - A Rotterdam court has ruled against PCM, publisher of most of the Netherlands’ national dailies, which had sought an injunction against Internet upstart Kranten.com, whose Web site consisted largely of news headlines with hyperlinks to the online newspaper sources. PCM had objected to the links going directly to the story pages, rather than to the newspaper’s home page, where advertising revenues are more lucrative. PCM, pointing to the ads that support the Kranten site, had argued that the hyperlink system was analogous to “knocking a hole in a side wall of a café” owned by someone else, and demanding that those who entered through the hole “buy a drink from a stall set up outside.” The court found that PCM could just as easily place ads next to the individual news items, however, and that external links only resulted in increased traffic. PCM is now considering setting up a similar service to retain more control over revenue and content. http://news.excite.com/news/r/000825/11/net-dutch-copyright-dc [link broken] MIRLN 2010-03-12T22:36:00-07:00 http://www.knowconnect.com/mirln/article/mirln_1_20_february_v1303/ http://www.knowconnect.com/mirln/article/mirln_1_20_february_v1303/#When:21:55:00Z • Stolen Twitter Accounts Can Fetch $1,000 • Will Your Big-Screen Super Bowl Party Violate Copyright Law? • UN Calls for Global Cyber Treaty • Wikileaks, Struggling to Make Ends Meet, Begs for Donations • A Breach Too Far • Twitter, Facebook Use Rising Among Gang Members • Firms Worry About Social Networks, But Don’t Block Access • Federal Court Officials Issue Guidance on Jury Use of Blackberries, iPhones, Twitter, LinkedIn Etc. • Brokers Must Think Twice Before Tweeting, Facebooking • Sacrebleu! French High Court Limits Employees’ Privacy Rights in the Workplace • Court’s Decision Would Severely Limit Employer Use of CFAA • TV ‘Anywhere’: AT&T Relents on 3G Slingbox • Google Asks Spy Agency for Help With Inquiry Into Cyberattacks • New Joint Degree Program In Law and Music Business • Ruling: FACTA Does Not Extend to E-Commerce Confirmations • Judges Cannot Be Facebook “Friends” With Attorneys Who Appear Before Them • More on Metadata and Other Electronic Document Issues • Preserving Born-Digital Legal Materials - Where to Start? • UK Court Finds That Simply Linking To Infringing Videos Is Not Infringing • Shell Hit By Massive Data Breach • Photographing Public Art: A Legal Waltz in Seattle • N.Y. City Bar Urges Limiting Personal Data in Civil Filings • Scariest Forum on the Internet? • EU Revises Model Contract Clauses for Data Transfers • More than 75,000 Computer Systems Hacked in One of Largest Cyber Attacks, Security Firm Says • Does Discarding Unallocated Space Deserve Contempt? PROGRAMS | NEWS | BOOK REVIEW | DIFFERENT RESOURCES | LOOKING BACK | NOTES UPCOMING PROGRAMS “Head in the Cloud, Feet in the Rules of Professional Conduct”: Managing the Ethical Risks to Lawyers from Web 2.0 Technologies, Portable Devices, and Cloud Computing, teleconference and live audio webcast (ABA, 3 March 2010) - The program’s full description and registration page is now live at: http://www.abanet.org/cle/programs/t10hcf1.html; faculty include Chris Kelly (candidate for CA Attorney General), Roland Trope, and Vince Polley. The Pace Global Consumer Law Forum and UNCITRAL Collaborate to Present a Colloquium on Global E-Commerce and Online Dispute Resolution—UNCITRAL and the Pace Law School Global Consumer Law Forum are collaborating to present the colloquium “A Fresh Look at Online Dispute Resolution and Global E-Commerce: Toward a Practical and Fair Redress System for the 21st Century Trader (Consumer and Merchant)” to be held at the UN Vienna International Centre on March 29th and 30th. The conference will be held during the same period as the Vis International Arbitration moot and is sponsored by UNCITRAL, Penn State Dickinson School of Law, and the Institute of International Commercial Law at Pace Law School. Leading experts (from government, private sector, academia, and the non-profit sector) will engage in a two-day intensive colloquium analyzing the current cross-border legal frameworks for e-commerce, existing mechanisms for online dispute resolution, and exploring the practicalities of establishing a future global ODR system for both B2B and B2C disputes. For program information, see http://www.pace.edu/page.cfm?doc_id=35508 NEWS Stolen Twitter Accounts Can Fetch $1,000 (ComputerWorld, 29 Jan 2010) - According to researchers at Kaspersky Lab, cybercriminals are trying to sell hacked Twitter user names and passwords on-line for hundreds of dollars. Since 2005, the bad guys have been developing new data-stealing malware that is now a growing problem on the Internet. Some of these programs look for banking passwords, others hunt for on-line gaming credentials. But the fastest-growing data stealers are generic spying programs that try to steal as much information as possible from their victims, said Kaspersky Researcher Dmitry Bestuzhev, speaking at a press event Friday. Bestuzhev has seen Gmail accounts for sale on Russian hacker forums, (asking price 2,500 rubles, or $82) RapidShare accounts going for $5 per month, as well as Skype, instant messaging and Facebook credentials being offered. Asking prices can vary greatly, depending on the name of the account and the number of followers, but attackers are looking for an initial, trusted, stepping stone from which to send malicious Twitter messages and, ideally, infect more machines. Bestuzhev said that one Twitter account, with just over 320 followers, was offered at $1,000 in an underground hacker forum. The user’s name was a simple three letter combination that Bestuzhev thought might make it more valuable to criminals. Compare that to an MSN account, which Bestuzhev has seen priced at €1 ($1.40). “The price for Twitter accounts is really high,” he said. http://www.computerworld.com/s/article/9150001/Stolen_Twitter_accounts_can_fetch_1_000?source=rss_news Will Your Big-Screen Super Bowl Party Violate Copyright Law? (ArsTechnica, 31 Jan 2010) - An offhand comment the other day by a friend caught my attention—”Did you know that you can’t watch the Super Bowl on a TV screen larger than 55 inches? Yeah, it’s right there in the law.” With the Colts and Saints set to do battle in Super Bowl XLIV, this seemed worth looking into as a public service. Could it be that some of those giant flat panel TV sets now finding their way into US living rooms are actually violating copyright law? Copyright law has a huge range of exemptions (like face-to-face classroom teaching), limitations (like fair use), and compulsory licensing schemes (like paying songwriters when you perform a cover version of a tune). Some are well known, but most are of interest only to specialists. US Code Title 17, Chapter 1, Section 110 is called “Limitations on exclusive rights: exemption of certain performances and displays,” and it lays out 12 of these exemptions to copyright restrictions. Are 55+ inch TVs mentioned specifically? They certainly are. TV broadcasts and movie showings can only be displayed so long as “no such audiovisual device has a diagonal screen size greater than 55 inches, and any audio portion of the performance or display is communicated by means of a total of not more than 6 loudspeakers.” So there it is in black and white—a ban on big TVs! Sort of. While my friend was right about what’s contained in the law, it’s important to put the words in context. In this case, the context is exemption number five, which deals with TVs. The exemption opens by saying that turning on a TV set in one’s house does not incur any sort of “public performance” liability under copyright law. So long as you’re using a set that can reasonably be described as “a single receiving apparatus of a kind commonly used in private homes,” you’re in the clear. It all sounds boring and academic, but the NFL famously made waves back in 2007 when it went after an Indianapolis church for hosting a Super Bowl party. Fall Creek Baptist Church planned to 1) charge admission to cover the food bill and 2) show the game on a giant projector system of more than 55 inches. Both were no-nos. In the wake of the NFL’s threat, churches around the country canceled get-togethers that year. Though it was in fact written into copyright law, the NFL’s action generated such bad press that several US Senators pressured the league to change its enforcement practices, law or no law. Sen. Arlen Specter (R-PA, now D-PA) even introduced S. 2591, a bill which singled out “professional football contests” and allowed nonprofit groups to show the games on any size screen. The bill went nowhere, but the NFL did call an audible. In late 2008, the league announced that it was changing its ways and would no longer go after churches simply for using a 55+ inch screen. http://arstechnica.com/tech-policy/news/2010/01/will-your-big-screen-super-bowl-party-violate-copyright-law.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss UN Calls for Global Cyber Treaty (ZDNet, 1 Feb 2010) - The world needs a treaty to prevent cyber attacks becoming an all-out war, the head of the main UN communications and technology agency has warned. International Telecommunications Union secretary general Hamadoun Toure gave his warning on Saturday at a World Economic Forum debate where experts said nations must now consider when a cyber attack becomes a declaration of war. With attacks on Google from China a major talking point in Davos, Toure said the risk of a cyber conflict between two nations grows every year. He proposed a treaty in which countries would engage not to make the first cyber strike against another nation. “A cyber war would be worse than a tsunami — a catastrophe,” the UN official said, highlighting examples such as attacks on Estonia last year. He proposed an international accord, adding: “The framework would look like a peace treaty before a war.” Countries should guarantee to protect their citizens and their right to access to information, promise not to harbour cyber terrorists and “should commit themselves not to attack another”. John Negroponte, former director of US intelligence, said intelligence agencies in the major powers would be the first to “express reservations” about such an accord. Susan Collins, a US Republican senator who sits on several senate military and home affairs committees, said the prospect of a cyber attack sparking a war was now being considered in the United States. “If someone bombed the electric grid in our country and we saw the bombers coming in it would clearly be an act of war. “If that same country uses sophisticated computers to knock out our electricity grid, I definitely think we are getting closer to saying it is an act of war,” Collins said. http://www.zdnet.com.au/news/security/soa/UN-calls-for-global-cyber-treaty/0,130061744,339300673,00.htm?omnRef=1337&omnRef=1337 Wikileaks, Struggling to Make Ends Meet, Begs for Donations (ArsTechnica, 1 Feb 2010) - WikiLeaks—a wiki that made a name for itself by publishing anonymous, classified information—has been temporarily shut down due to its own budget crisis. The Sunshine Press, the nonprofit organization behind WikiLeaks, has decided to cease operations in order to “concentrate on raising the funds necessary” to keep the site going, and is begging for donations lest it be stuck offline forever. For those who aren’t familiar with the Sunshine Press, it was originally started by a group of Chinese dissidents and is made up of human rights activists, investigative journalists, and other concerned citizens around the globe. WikiLeaks regularly publishes information and documents from various governmental entities, corporations, religious organizations, and more, many of which cannot be published by the traditional media—the organization says the goal is to prevent whistle-blowers from being thrown in jail for exposing sensitive information, particularly in China. However, the site is not China-focused; WikiLeaks boasts that its database contains more than 1.2 million leaked documents from around the world. It has generated a fair amount of controversy in the past by publishing a secret Australian Internet blacklist and its decision to auction off a Hugo Chavez aid’s e-mail trove. The site even says it’s currently holding “hundreds of thousands of pages” regarding the US detainee system, the Iraq war, China, and corrupt banks, just waiting to be released. http://arstechnica.com/tech-policy/news/2010/02/wikileaks-struggling-to-make-ends-meet-begs-for-donations.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss [Editor: consider making a donation.] A Breach Too Far (ABA Journal, 1 Feb 2010) - Experts on cybersecurity warn that law firms need to fear the same kind of illegal intrusions into confidential information maintained on their computer systems that already are striking government entities and private corporations with increasing frequency. There is a good reason why law firms are an excellent target for cyberattacks, said Bradford A. Bleier, a unit chief in the Cyber Division of the FBI, who was one of the speakers addressing the issue in November at the 19th Annual Review of the Field of National Security Law. The two-day conference in Washington, D.C., was co-sponsored by the ABA Standing Committee on Law and National Security in conjunction with the law schools at the University of Virginia and Duke University. “Law firms are tremendous concentrations of really critical, private information,” Bleier said, and attacking their computer systems “is an optimal way to obtain commercial and personal information.” Other speakers at the conference said law firms face difficult ethics quandaries in conjunction with thefts of information from their computers. A key question, said Stewart A. Baker, a partner at Steptoe & Johnson in Washington, D.C., is what to tell clients when there has been a breach of confidential information. Baker recounted one incident in which the FBI informed a law firm’s managing partner that it had identified confidential information from the firm in messages being sent to a foreign country. Asked what he would tell his clients, the managing partner reportedly said, “I’m not even sure I’m going to tell my partners.” Under the ABA Model Rules of Professional Conduct, that would have been the wrong answer, said Thomas D. Morgan, a professor who teaches ethics at the George Washington University Law School in Washington, D.C. (The Model Rules have been adopted in full or in part by every state except California.) “The cover-up can be worse than the original offense,” said Morgan, who noted that Model Rule 1.4 (Communications) “means you have an explicit requirement to tell the client because it’s the client who ultimately will have to decide what to do about it.” But despite that mandate of Rule 1.4, there are circumstances that raise questions about when and to what extent it must be followed to the letter, said Stewart, a member of the advisory committee to the Law and National Security Committee. One question, for instance, is whether a law firm has an obligation to inform a client when it can’t be determined whether the client’s information was compromised in a cybersecurity breach. http://www.abajournal.com/mobile/article/a_breach_too_far Twitter, Facebook Use Rising Among Gang Members (SiliconValley.com, 2 Feb 2010) - When a gang member was released from jail soon after his arrest for selling methamphetamine, friends and associates assumed he had cut a deal with authorities and become a police informant. They sent a warning on Twitter that went like this: We have a snitch in our midst. Unbeknownst to them, that tweet and the traffic it generated were being closely followed by investigators, who had been tracking the San Francisco Bay Area gang for months. Officials sat back and watched as others joined the conversation and left behind incriminating information. Law enforcement officials say gangs are making greater use of Twitter and Facebook, where they sometimes post information that helps agents identify gang associates and learn more about their organizations. “You find out about people you never would have known about before,” said Dean Johnston with the California Bureau of Narcotics Enforcement, which helps police investigate gangs. “You build this little tree of people.” http://www.siliconvalley.com/latest-headlines/ci_14318645?nclick_check=1 Firms Worry About Social Networks, But Don’t Block Access (ArsTechnica, 2 Feb 2010) - Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at “alarming” rates over the last 12 months, posing a risk to both users and the companies they work for. Nearly three-quarters of businesses (72 percent) told Sophos that they’re concerned about employee behavior on social networks—and it’s not the HR-related behavior they’re concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009. Given this level of worry over cybersecurity, one would assume that the businesses in question would lock down access to MySpace, Facebook, and Twitter. Not so, according to the report. Almost half of all firms said that they allow their staff unfettered access to Facebook—a 13 percent increase from a year ago. Sophos called this a “grim irony,” though the firm made it clear that it’s wiser to educate employees and apply “social security” methods instead of merely barring staff from using these sites. http://arstechnica.com/business/news/2010/02/firms-worry-about-social-networks-but-not-blocking-access.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss Federal Court Officials Issue Guidance on Jury Use of Blackberries, iPhones, Twitter, LinkedIn Etc. (BNA’s E-Commerce Tech Law, 2 Feb 2010) - According to the Administrative Office of the U.S. Courts, a committee on court administration matters has sent around to all federal trial courts proposed jury instructions that specifically address the influence of mobile communications devices and electronic social media on jury deliberations. The rise of the “connected juror” has bedeviled the judicial system, introducing a host of new opportunities for juror consideration of irrelevant and inadmissible evidence, as well as new opportunities for improper communications with deliberating jurors, as this recent article from the Baltimore sun notes. The proposed jury instructions state the general rule (“You must not conduct any independent research about this case ....”) and then, for the jurors who require additional guidance, move on to the new media specifics (“ In other words, you should not consult dictionaries or reference materials, search the internet, websites, blogs, or use any other electronic tools to obtain information about this case or to help you decide the case are an attempt to fill in what is apparently a deficiency in jurors’ understanding of the general rule that evidence obtained outside of the courtroom may not be considered.”) The proposed rules also mention by name Blackberries, iPhones, text messaging, Twitter, Facebook, My Space, LinkedIn, and YouTube. Prohibiting all of them, if used to learn about, or communicate about the case. http://pblog.bna.com/techlaw/2010/02/us-courts-officials-issue-guidance-on-jury-use-of-blackberries-iphones-twitter-linkedin-etc.html Brokers Must Think Twice Before Tweeting, Facebooking (ArsTechnica, 2 Feb 2010) - If you’re a registered broker or work for firm that sells any sort of investment products, you’ll want to think twice before blurting out anything that could be construed as investment advice on Facebook, Twitter, or any other social networking site. The Financial Industry Regulatory Authority (FINRA) has updated its guidelines for interpreting the rules that govern how brokers present advice to the public to cover online social networks; and, in some cases, the guidelines rely on social network monitoring and archiving technology that doesn’t even exist yet. The new guidelines have two broad effects on the way financial firms use social media. First, the new rules attempt to take the traditional distinction between marketing a brand and hawking specific investment products, and to enforce it in online venues that sport a constantly evolving slate of features and functionality, and where the lines between the personal and the professional—or, the personal and the promotional—aren’t always clear. Take Facebook, for example, where ostensibly personal accounts nonetheless indicate where an individual works. A broker might not only identify himself as an employee of a particular bank or brokerage in his Facebook profile, but he might also be a fan of his employer’s official Facebook page, and belong to various unofficial Facebook groups that use the company’s name and logo. Based on the new guidelines, it appears that the static parts of a Facebook page, like an employee’s personal profile, fall under the FINRA rules that govern firms’ marketing to the public, with the result that they need formal approval before being posted. The dynamic, conversational parts of a page—specifically, Facebook’s wall, a blog’s comments section, and other places where users interact with each other—could constitute a “public appearance” on behalf of the firm, which means posts don’t have to be approved beforehand, but “firms must supervise these interactive electronic communications under NASD Rule 3010 in a manner reasonably designed to ensure that they do not violate the content requirements of FINRA’s communications rules.” When it comes to sorting out which communications are business-related, or even which posts or tweets run afoul of the rules, the FINRA is taking a “we know it when we see it” approach that appears to grant some leeway for interpretation. Phrases like “whether a particular communication constitutes a ‘recommendation’ for purposes of Rule 2310 will depend on the facts and circumstances of the communication,” are typical throughout the document; reference to the specific “facts and circumstances” of a particular communication are common. The point seems to be to err on the side of caution, because it’s not always clear what will get you in trouble. http://arstechnica.com/tech-policy/news/2010/02/brokers-must-think-twice-before-tweeting-facebooking.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss Sacrebleu! French High Court Limits Employees’ Privacy Rights in the Workplace (Steptoe & Johnson’s E-Commerce Law Week, 4 Feb 2010) - The Cour de cassation Chambre sociale, the labor chamber of France’s highest court of appeals, upheld a lower court’s ruling that an employer is entitled to open employee files not marked “private,” even without the employee’s presence or consent. The court’s ruling expands the scope of allowable employer monitoring of employees’ communications in France, and is the latest in a line of cases narrowing the Cassation Court’s 2001 decision in Nikon France SA v. Frédéric O. Nikon established that employees have a right to privacy in personal messages transmitted using a workplace computer, even where an employer has banned non-business use of the computer. Since then, though, the Cassation Court has issued decisions that refined Nikon in favor of employers, including a 2008 ruling that employers had the right to monitor an employee’s Internet usage without the employee’s knowledge or presence, and a 2009 ruling that an employee file could not be considered “private” merely because it was identified by the employee’s initials. http://www.steptoe.com/publications-6612.html Court’s Decision Would Severely Limit Employer Use of CFAA (Steptoe & Johnson’s E-Commerce Law Week, 4 Feb 2010) - A federal district court in Illinois has weighed in on what constitutes “loss” under the Computer Fraud and Abuse Act (CFAA), ruling that civil claims cannot survive absent evidence of “impairment or unavailability of data or interruption of service.” This is an issue that has divided the courts; if the court’s reasoning is sustained on appeal by the Seventh Circuit and adopted by other federal courts of appeal, it would greatly limit the utility of the CFAA to employers. http://www.steptoe.com/publications-6612.html TV ‘Anywhere’: AT&T Relents on 3G Slingbox (Wired, 4 Feb 2010) - In a significant policy reversal, AT&T announced Thursday that it will allow Sling Media’s mobile apps to run on its 3G network. That means owners of various Sling Box devices can watch live, streaming TV, as well as DVR-recorded content and movies downloaded at home using an iPhone app without a Wi-Fi connection. Last May, AT&T claimed the Sling app would “create congestion” on its 3G network. It ran tests in December, and now concludes that “the optimized app can run on its 3G network” and said it has alerted both Apple and Sling to its decision. What changed? In part, the Sling app itself. AT&T’s announcement claims that while the Sling app had always been optimized for 3G, AT&T “worked with” Sling to make it even more efficient (i.e., degraded video and/or audio quality until the Sling app consumed an acceptable amount of bandwidth). SlingPlayer Mobile is one of the most expensive on iTunes — $30 — and it works only if you have Sling hardware at home that costs hundreds of dollars. But it integrates with any video system, including TiVo. Slingbox aficionados have been watching their home channel lineup and programming anywhere in the world on their laptops using downloadable software and, more recently, via a web interface. But there are no monthly fees and no new service to sign up for: You simply run SlingPlayer and watch as if you were home. You can operate your DVR to record programs, play movie rentals and call up video-on-demand, making it all available in your pocket. http://www.wired.com/epicenter/2010/02/att-will-allow-optimized-sling-app-for-iphone/ Google Asks Spy Agency for Help With Inquiry Into Cyberattacks (NYT, 4 Feb 2010) - Google has turned to the National Security Agency for technical assistance to learn more about the computer network attackers who breached the company’s cybersecurity defenses last year, a person with direct knowledge of the agreement said Thursday. The collaboration between Google, the world’s largest search engine company, and the federal agency in charge of global electronic surveillance raises both civil liberties issues and new questions about how much Google knew about the electronic thefts it experienced when it stated last month that it might end its business operations in China. The agreement was first reported on Wednesday evening by The Washington Post. By turning to the N.S.A., which has no formal legal authority to investigate domestic criminal acts, instead of the Department of Homeland Security, which does have such authority, Google is clearly seeking to avoid having its search engine, e-mail and other Web services regulated as part of the nation’s “critical infrastructure.” The United States government has become increasingly concerned about the computer risks confronting energy and water distribution systems and financial and communications networks. Systems designated as critical infrastructure are increasingly being held to tighter regulatory standards. The relationship that the N.S.A. has struck with Google is known as a cooperative research and development agreement, according to a person who has been briefed on the relationship. These were created as part of the Federal Technology Transfer Act of 1986 and are essentially a written agreement between a private company and a government agency to work together on a specific project. They were intended to help accelerate the commercialization of government-developed technology. http://www.nytimes.com/2010/02/05/science/05google.html New Joint Degree Program In Law and Music Business (University of Miami, 8 Feb 2010) - The University of Miami School of Law and the Frost School of Music have launched a new joint degree program in law and music business – the first of its kind in the country – that will enable students to earn a J.D. and a Masters of Music in Music Business and Entertainment Industries. This degree will give future entertainment attorneys a thorough understanding of the music industry. In this specialization, students not only learn the essentials of law, but also the common practices of the music business. Students can complete both degrees in less time while studying at a top law school and one of the best music schools in the country. And, as one of the four top music cities in the U.S. and as the music center for the Latin American Divisions of all major music companies, Miami offers exceptional internship and work opportunities. http://www.law.miami.edu/news.php?article=1455 [Editor: See “Bernstein” story under the Different section below; wonder what he’d have made of this.] Ruling: FACTA Does Not Extend to E-Commerce Confirmations (MultiChannelMerchant, 8 Feb 2010) - Online merchants have dodged another bullet when it comes to the Fair and Accurate Credit Transactions Act (FACTA). In the recent case Shlahtichman v. 1-800 Contacts, Inc., a judge in the Northern District of Illinois ruled in December that FACTA does not apply to electronic displays or e-mail confirmations of Internet transactions. Congress amended the Fair Credit Reporting Act in 2003 by enacting FACTA. Among other things, FACTA restricts the disclosure of consumers’ information on electronically printed receipts provided to cardholders at the point of sale or transaction. Due to confusion of whether FACTA required truncating the credit or debit card number to the last five digits and masking the card’s expiration date, hundreds of class action lawsuits were filed--despite the lack of any actual injuries, such as credit card fraud or identity theft. The epidemic of FACTA lawsuits became so rampant that in May 2008, Congress passed the Credit and Debit Card Receipt Clarification Act to protect merchants that had included expiration dates on receipts from civil FACTA liability. Undaunted, plaintiff’s class action lawyers turned to the Internet in hopes of finding more fertile ground for class action lawsuits. In Shlahtichman, the plaintiff alleged that, after using his credit card to purchase contact lenses over the Internet in June 2009, he received at his home a computer-generated receipt that displayed the expiration date of his credit card. (The Clarification Act only insulates merchants from expiration date liability for receipts printed prior to June 3, 2008). Although suffering no actual damages, the plaintiff sought, on behalf of himself and a class of similarly situated persons, $1,000 per receipt. In dismissing the complaint for failure to state a claim, Judge John Darrah determined that an e-mail order confirmation is not an electronically printed receipt because the “plain meaning of ‘print’ is to transfer information to paper.” The court rejected the plaintiff’s argument that print is more commonly understood as displaying on a computer screen as “unpersuasive.” http://multichannelmerchant.com/ecommerce/news/facta-ruling-ecommerce-confirmations-0208/ Judges Cannot Be Facebook “Friends” With Attorneys Who Appear Before Them (BNA’s Internet Law News, 11 Feb 2010)- BNA’s Electronic Commerce & Law Report reports that a majority of the Florida Supreme Court’s judicial ethics committee has concluded that online “friending” between judges and attorneys who appear before them is inappropriate. A judge who does so conveys or lets the named attorneys convey the impression that the lawyers are in a special position to influence the judge. More on Metadata and Other Electronic Document Issues (ALAS, 12 Feb 2010) - The Arizona Supreme Court recently ruled that metadata embedded in electronic documents is part of the public record and must be disclosed in response to a public records request. See Lake v. City of Phoenix, 218 P.3d 1004 (Ariz. 2009). The ruling involved an employment discrimination suit filed by a former Phoenix police officer. The officer made a public records request, seeking notes his supervisor kept in electronic form related to the officer’s job performance. After reviewing the hard-copy file, the officer suspected that certain notes had been back-dated. He then filed another public records request so that he could review the metadata embedded in the supervisor’s electronic notes. The trial court denied the officer’s request, and the appellate court affirmed, concluding that the public record does not encompass metadata. The Arizona Supreme Court reversed, holding that when a public record is maintained in electronic form, the electronic record, including any metadata, is subject to disclosure under the state’s public records law. The court disagreed with the City of Phoenix’s claim that production of metadata would be an administrative nightmare, finding that unduly burdensome or harassing requests can be addressed under existing law. In a separate development, the Arizona State Bar Commission on the Rules of Professional Conduct endorsed a law firm’s encrypted electronic client file storage system that allows clients to access their files directly. See Arizona Opinion 09-04. The committee had previously determined that electronic storage of client files is permissible, as long as adequate steps are taken to protect file confidentiality. See Arizona Opinion 05-04. The committee approved the firm’s security proposals, but warned that these measures might become inadequate as technology advances over time. http://www.alas.com/articles/enews/lpen10-01-l04.html [Spotted by MIRLN reader Phillip Schmandt of McGinnis, Lochridge.] Preserving Born-Digital Legal Materials - Where to Start? (LLRX.com, 14 Feb 2010) - It’s tempting to begin any discussion of digital preservation and law libraries with a mind-blowing statistic. Something to drive home the fact that the clearly-defined world of information we’ve known since the invention of movable type has evolved into an ephemeral world of bits and bytes, that it’s expanding at a rate that makes it nearly impossible to contain, and that now is the time to invest in digital preservation efforts. But, at this point, that’s an argument that you and I have already heard. As we begin the second decade of the 21st century, we know with certainty that the digital world is ubiquitous because we ourselves are part of it. Ours is a world where items posted on blogs are cited in landmark court decisions, a former governor and vice-presidential candidate posts her resignation speech and policy positions to Facebook, and a busy 21st-century president is attached at the thumb to his Blackberry. http://www.llrx.com/features/borndigital.htm [Editor: Interesting, 30,000 foot survey.] UK Court Finds That Simply Linking To Infringing Videos Is Not Infringing (TechDirt, 15 Feb 2010) - We’ve seen more than a few lawsuits over the years by the entertainment industry against various sites that merely link to infringing content. The entertainment industry likes to make the claim that this is inducing infringement, but if you’re just pointing to a bunch of YouTube videos, it’s difficult to see how that should be considered infringement at all. In one such case, over in the UK, a site called tv-links.co.uk, after years battling this in court, was found not to have infringed on the copyrights of movie studios. The case was brought by FACT, the “Federation Against Copyright Theft,” but had little evidence of any actual infringement being done by the site, who merely linked to videos found on YouTube, Veoh, DailyMotion and other sites. FACT originally claimed that the site “facilitated” copyright infringement on the internet, despite that not being a part of UK law. Eventually, the official charges were “Conspiracy to Defraud and breaches of the Copyright Designs and Patents Act,” which is quite similar to what OiNK’s admin was charged with. And just like how OiNK’s Alan Ellis was found not guilty, the court has sided with TV links, noting that it didn’t actually infringe on anyone’s copyrights directly. Of course, this still took years of having to fight it out in court and a ton of resources—some of which were frozen by a “financial restraining order” during the case itself. http://techdirt.com/articles/20100212/1549298157.shtml Shell Hit By Massive Data Breach (The Register, 15 Feb 2010) - Shell has been hit by a massive data breach - the contact database for 176,000 staff and contractors at the firm has been copied and forwarded to lobbyists and activists opposed to the company. John Donovan, an activist who received the database, said he had voluntarily destroyed the files. But he warned that other copies were available online. The email supposedly comes from 176 “concerned staff” to highlight Shell’s activities in Nigeria. The database is about six months old and could have been released by a recently laid off staff member, or there could really be a rogue campaign group within Shell. Richard Wiseman, chief ethics and compliance officer at Royal Dutch Shell, wrote to staff last week after the breach emerged. He said: “The Global Address List, containing contact information of everyone in Shell and some contractors, joint ventures and other third parties, has been downloaded without authorisation and distributed to some external parties. We do not know who did this. We are investigating and are raising this theft of information with the relevant data protection authorities.” The company played down the security implications of the loss - it is phone and email details rather than real-world addresses. http://www.theregister.co.uk/2010/02/15/shell_data_loss/ Photographing Public Art: A Legal Waltz in Seattle (Citizen Media Law Project, 17 Feb 2010) - To photographer Mike Hipple, the claim is baseless. The photo he took about 10 years ago of a woman standing near the “Dance Steps on Broadway” sculpture in Seattle’s Capitol Hill is an example of fair use. If it’s not, he reasons, the right of all photographers to take pictures in public will be in jeopardy. His photo was, after all, “taken on a public sidewalk, showing a woman interacting with a piece of public art, paid for by public funds. And it only depicts a small portion of the artwork at that,” Hipple wrote. “Now if this doesn’t qualify as fair use of the sculpture, I don’t know what does.” Hipple’s sentiment is shared by many Seattle residents who feel that public art, financed with their tax dollars, should be in the public domain. They paid for it, say residents, so they should be able to photograph it without fear of a lawsuit. Hipple is just a small-guy photographer being bullied by a greedy litigious copyright holder, they say. It’s an understandable sentiment, but not necessarily a solid legal defense. Hipple sold the photo (pictured above) to a stock photography company. Jack Mackie, who created “Dance Steps on Broadway,” demanded that the company remove the photo, claiming that it infringed his copyright by reproducing the sculpture. The company promptly removed the photo, but Mackie sued Hipple last February for selling it in the first place. The lawsuit has outraged scores of residents who find Mackie to be out of step with the public’s interest. Mackie installed the eight sets of inlaid bronze shoe prints, mapping out well-known dances such as the waltz and rumba, in 1982 when the city rebuilt the neighborhood’s sidewalks. Despite receiving public financing for the project, Mackie retained rights to the artwork. Those rights, according to § 106 of the U.S. Copyright Act, include the exclusive right to reproduce the work or to create derivative work from it. http://www.citmedialaw.org/blog/2010/photographing-public-art-legal-waltz-seattle?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+CitizenMediaLawProject+(Citizen+Media+Law+Project)&utm_content=Google+Reader N.Y. City Bar Urges Limiting Personal Data in Civil Filings (Law.com, 18 Feb 2010) - Citing the increasing availability of court documents on the internet, the New York City Bar is urging the courts to adopt a statewide rule that would sharply curtail the inclusion of “sensitive personal information” in civil court filings. Such documents presumptively have been “public records in New York ... accessible to anyone willing to make the trip to a courthouse,” according to a report released last week by the City Bar’s subcommittee on electronic records within the group’s Council on Judicial Administration. With the court system and private companies posting records online, and the difficulty of purging electronically filed information, “[t]he reality is that the notion of privacy of court records is a misnomer,” the report says. The City Bar’s proposal would require that civil court filers omit or redact nine categories of information, including Social Security, taxpayer identification, and driver’s license numbers. The rule also would prohibit the names of minor children, dates of birth, bank and financial account numbers, government-issued identification numbers, and “other identification numbers which uniquely identify an individual” from appearing on civil court filings. Due to the volume of filings in New York, which, according to the subcommittee’s report, “make it unrealistic to expect court personnel” to omit or redact the information, attorneys and other persons filing documents would be responsible for complying with the rule. http://www.law.com/jsp/article.jsp?id=1202443770342&rss=newswire Scariest Forum on the Internet? (InsideHigherEd, 18 Feb 2010) - Just two weeks after its Feb. 2 launch, The Chicago Manual of Style Online’s new discussion forum already features numerous discussions with titles like “ ‘Predecessor to’ or ‘predecessor of’ “? and “Worst online punctuation abuse?” But the most popular thread thus far is titled “I’m afraid to post here.” Its first message: “Could there be a more intimidating place to post?” Other commenters echoed that sentiment: “I do fear a grammatical error in posts here because even if everyone is polite enough to ignore it they will surely notice it,” fretted one. Nevertheless, numerous Chicago Manual acolytes have already managed to overcome their trepidation over airing thoughts in such august grammatical company. While they’ve no doubt been aided in this feat by the lure of $100 in free books (which the press has promised to award at random to one of those who post within 30 days of the forum’s launch), forum users also expressed delight over having “a place to ask questions and enjoy a sense of community with fellow writers and editors,” as one commenter put it. And that’s exactly the goal of the forum, according to the University of Chicago Press’s reference promotions manager, Ellen Gibson: “What we hope to build is a sense of community among our subscribers.” In that regard, the forum seems thus far to be a success: users can ask any and all style-related questions (“Is there a rule about using whether or if?”) and receive quick responses from others, often citing the Manual itself (“From CMOS 5.202: determine whether; determine if. The first phrasing is irreproachable style; the second is acceptable, though less formal”). The press hopes that this function will finally bridge the long-standing gap between the number of questions that Chicago users submit to its Q&A each month (hundreds, Gibson said) and the number that editors can answer (about 10 every month). But the forum isn’t limited to the nitty-gritty of copy editing; it also includes sections where users can post their questions on author relations (“How does one deal with the frustration of continually correcting the same differences in usage without losing one’s temper or alienating the writer?”), professional development (“Have you ever taken a class in copyediting?”) and the publishing industry (“How can publishers best utilize Facebook and Twitter for marketing purposes?”), as well as, of course, miscellaneous (“Best way to develop good grammar habits?”). http://www.insidehighered.com/news/2010/02/18/chicago EU Revises Model Contract Clauses for Data Transfers (Steptoe & Johnson’s E-Commerce Law Week, 18 Feb 2010) - The EU Data Protection Directive restricts transfers of personal data of EU residents to non-EU countries. A common approach for complying with this obligation is for the EU data transferor and the transferee abroad to adopt model contract clauses approved by the European Commission. The European Commission earlier this month adopted a decision approving a new set of model contract clauses for the transfer of personal data from a data controller to a foreign processor (controller-to-controller clauses were previously approved). The new clauses permit the foreign processor to re-transfer data to a sub-processor (the previous version did not permit this), and delete an arbitration provision from the previous version that had never been applied in practice. http://www.steptoe.com/publications-6631.html More than 75,000 Computer Systems Hacked in One of Largest Cyber Attacks, Security Firm Says (Washington Post, 18 Feb 2010) - More than 75,000 computer systems at nearly 2,500 companies in the United States and around the world have been hacked in what appears to be one of the largest and most sophisticated attacks by cyber criminals discovered to date, according to a northern Virginia security firm. The attack, which began in late 2008 and was discovered last month, targeted proprietary corporate data, e-mails, credit-card transaction data and login credentials at companies in the health and technology industries in 196 countries, according to Herndon-based NetWitness. News of the attack follows reports last month that the computer networks at Google and more than 30 other large financial, energy, defense, technology and media firms had been compromised. Google said the attack on its system originated in China. This latest attack does not appear to be linked to the Google intrusion, said Amit Yoran, NetWitness’s chief executive. But it is significant, he said, in its scale and in its apparent demonstration that the criminal groups’ sophistication in cyberattacks is approaching that of nation states such as China and Russia. The intrusion, first reported on the Wall Street Journal’s Web site, was detected Jan. 26 by NetWitness engineer Alex Cox. He discovered the intrusion, dubbed the Kneber bot, being run by a ring based in Eastern Europe operating through at least 20 command and control servers worldwide. The hackers lured unsuspecting employees at targeted firms to download infected software from sites controlled by the hackers, or baited them into opening e-mails containing the infected attachments, Yoran said. The malicious software, or “bots,” enabled the attackers to commandeer users’ computers, scrape them for log-in credentials and passwords—including to online banking and social networking sites—and then exploit that data to hack into the systems of other users, Yoran said. The number of penetrated systems grew exponentially, he said. Among the companies hit were Cardinal Health, located in Dublin, Ohio, and Merck, according to the Wall Street Journal. A spokesman for Cardinal said the firm removed the infected computers as soon as the breach was found. Also affected were educational institutions, energy firms, financial companies and Internet service providers. Ten government agencies were penetrated, none in the national security area, NetWitness said. http://www.washingtonpost.com/wp-dyn/content/article/2010/02/17/AR2010021705816.html?wprss=rss_technology Does Discarding Unallocated Space Deserve Contempt? (Law.com, 19 Feb 2010) - A defendant’s effort to keep sensitive personal and business data from falling into the wrong hands by taking steps to ensure the deletion of files landed him in contempt of Delaware’s Chancery Court, but the court’s conclusion that he violated a status quo agreement places a dubious value on the computer equivalent of a wastepaper basket. In TR Investors LLC v. Genger, No. 3994-VCS, Delaware Court of Chancery (Dec. 9, 2009), the court found defendant Arie Genger in contempt of court for “wiping” the “unallocated space” of the hard drive of his work computer and file server in the face of an order that prohibited him from “tampering with, destroying or in any way disposing of any Company-related documents, books or records.” The court reasoned that e-files that the defendant should have had were missing; such files would have been found in the wiped unallocated space, even if they were in deleted or only temporary form; the order in question prohibited such wiping; and the defendant conducted such wiping in order to destroy the missing files or copies. The consequences of the court’s decision are profound and far-reaching. The court’s reasoning, however, is in my view suspect both technically and legally, and thus bears close scrutiny. http://www.law.com/jsp/article.jsp?id=1202443834708&rss=newswire BOOK REVIEW In the World of Facebook (NY Review of Books, 25 Feb 2010) - Facebook, the most popular social networking Web site in the world, was founded in a Harvard dorm room in the winter of 2004. Like Microsoft, that other famous technology company started by a Harvard dropout, Facebook was not particularly original. A quarter-century earlier, Bill Gates, asked by IBM to provide the basic programming for its new personal computer, simply bought a program from another company and renamed it. Mark Zuckerberg, the primary founder of Facebook, who dropped out of college six months after starting the site, took most of his ideas from existing social networks such as Friendster and MySpace. But while Microsoft could as easily have originated at MIT or Caltech, it was no accident that Facebook came from Harvard. What is “social networking”? For all the vagueness of the term, which now seems to encompass everything we do with other people online, it is usually associated with three basic activities: the creation of a personal Web page, or “profile,” that will serve as a surrogate home for the self; a trip to a kind of virtual agora, where, along with amusedly studying passersby, you can take a stroll through the ghost town of acquaintanceships past, looking up every person who’s crossed your path and whose name you can remember; and finally, a chance to remove the digital barrier and reveal yourself to the unsuspecting subjects of your gaze by, as we have learned to put it with the Internet’s peculiar eagerness for deforming our language, “friending” them, i.e., requesting that you be connected online in some way. [Editor: Interesting, useful review on the evolution of FaceBook, and some possible futures for it.] http://www.nybooks.com/articles/23651 DIFFERENT Bernstein on the Mystery Behind the Music (New York Times, 15 Feb 2010) - Imagine this: you drop onto the sofa on a Sunday afternoon, switch on the TV and see a dapper young man with a baton standing before an orchestra and demonstrating the patterns conductors use to lead music in different meters — two, three, four and five beats to the bar. He directs his players in a few examples, bits of Beethoven’s Ninth and Schubert’s Eighth Symphonies, Prokofiev’s “Peter and the Wolf,” Waldteufel’s “Skater’s Waltz.” Then he ups the ante, showing how these simple gestures, with subtle modification, are used to coax a fluid, lyrical performance; a playful reading; or an urgently dramatic interpretation from an orchestra. For 48 minutes, this young conductor — Leonard Bernstein, caught on film in 1955 — brings you into the musician’s world, talking about how tempo, dynamics and phrasing express a conductor’s feelings and beliefs about a piece, and how that expressivity affects a listener’s perception of the music. And he offers you a glimpse of his preparation for a performance. Even with hundreds of cable channels to choose from today, the likelihood of running into a show like this is slim. But in the 1950s, when American television viewers had three major networks to choose from — CBS, NBC and ABC — classical music was a part of the standard programming mix. Bernstein’s conducting demonstration was one of seven appearances, now on DVD, that he made on “Omnibus,” a 90-minute program that offered segments on science and the arts, particularly music and theater. It ran from 1952 to 1961, and migrated across the networks, from CBS to ABC in 1956, and to NBC in 1957. http://www.nytimes.com/2010/02/16/arts/music/16bernstein.html?emc=eta1 [Editor: off-point, but a charming article. I knew Bernstein a bit back in college, and the part about him moving into “Village Explainer” mode made me smile; the long quote by Tom Wolfe made me laugh.] RESOURCES A Chronology of Legal Technology, 1842-1995 (Robert Ambrogi, 14 Feb 2010) - http://www.legaline.com/2010/02/chronology-of-legal-technology-1842.html FUN Angry Norwegians in scuba gear chase after Google Street View car (BoingBoing, 9 Feb 2010) - Click here to see the image above in the wild. News story, auto-translated to English in the Norwegian newspaper Aftenposten. More on Google Maps. http://www.boingboing.net/2010/02/09/angry-norwegians-in.html LOOKING BACK - MIRLN TEN YEARS AGO LEGAL WORK UP FOR BID (Wall Street Journal, 12 Apr 2000) - The same entrepreneur who came up with the concept of brokering “pollution credits” now has found a new marketplace to tackle—corporate law. He’s planning to soon launch what amounts to an eBay for the legal industry called eLawForum. Clients will post information on their legal needs and solicit bids from competing law firms, which will then have an incentive to offer lower prices to get the work. Preliminary trials of eLawForum have generated an enthusiastic response from participants, and several competing companies, such as iBidLaw.com, are getting ready to launch their own lawyer-brokering ventures. And while some large, established law firms insist their clients would never abandon them for some Web upstart, smaller firms see the online brokerages as a means of entrée to clients they could otherwise never hope to snare. “It is very hard to crack the New York market,” says C. Boyden Gray, partner in a Washington, DC, law firm. “I think this would actually help us (to compete).” http://interactive.wsj.com/articles/SB955495910135240236.htm A NEW CORPORATE TITLE: ‘CHIEF PRIVACY OFFICER’ A new executive position is showing up on the organization charts of companies such as American Express, Citigroup, Prudential, and AT&T: the Chief Privacy Officer, who has broad powers to protect the privacy of consumers who interact with corporate computer systems. George Washington University professor Lance Hoffman says that the new position “attracts people who have a knowledge of history and law. They know something about technology, and they can’t get techno-dazzled by explanations that don’t hold water. They appreciate what technology can do for good and for evil.” (AP/San Jose Mercury News 11 Jul 2000) http://www.sjmercury.com/svtech/news/breaking/merc/docs/032861.htm MIRLN 2010-02-19T21:55:00-07:00 http://www.knowconnect.com/mirln/article/mirln_10_30_january_2010_v1302/ http://www.knowconnect.com/mirln/article/mirln_10_30_january_2010_v1302/#When:21:22:00Z • Heartland, Visa Announce $60 Million Settlement o Heartland Breach Shows Why Compliance Is Not Enough o Data Losses to Incur Fines of Up to £500,000 o The 2009 Ponemon Institute 2009 Annual Study: Cost of a Data Breach • France Ponders Right-To-Forget Law • 10 Tips for Becoming a Smarter, Social Business Person • Swiss Court Declares Transfers of Banking Data to U.S. Authorities Illegal • Court Compares Parties’ Clickwrap Contents, Process In Rejecting Unconscionability Claim • Judge Heaps E-Discovery Costs on Plaintiff • French Court Strikes Down Another SOX Whistleblower Program • U.S. Law Firm That Sued China Reports Cyberattack o US Oil Industry Hit By Cyberattacks: Was China Involved? • Bar Exam Prep Via an iPhone App • California CIO: Open Source Officially Welcome Here • Authenticating Web Pages as Evidence • Learning To Love That Roommate from Hell • Blogs, YouTube Prompt Campaign Finance Ruling • You’ve Been Served • Legal Sites Plan Revamps as Rivals Undercut Price • Courts In Maryland, New Jersey, Florida Declare Mistrials After Juror Internet Research • Sign of the Times: Clorox Seeks Lawyer for Social Media Issues o Company Requires ‘Tweet’ as Part of Law Firms’ RFP Response o Social Networking: A Workplace Policy • Hitting Pause on Class Videos • E-Filing: Then and Now • No Access for the Axis: SourceForge Bows to Government Demands o Cloud Computing and US Export Control Rules • A Little ‘i’ to Teach About Online Privacy • Alaska Superior Court Judge Sides With State, Palin In E-Mail Lawsuit o Michigan State Court Rules that Government Officials’ Personal E-Mails Aren’t Subject to FOIA • S.E.C. Adds Climate Risk to Disclosure List • Connecticut AG the First to File HIPAA Suit NEWS | PODCASTS | RESOURCES | FUN | LOOKING BACK | NOTES Heartland, Visa Announce $60 Million Settlement (BankInfoSecurity, 8 Jan 2010) - Heartland Payment Systems announced today that it will pay Visa-branded credit and debit card issuers up to $60 million to cover losses incurred from the Heartland data breach. It is the largest known settlement amount ever paid to Visa as a result of a breach, eclipsing the TJX settlement of $40.9 million in November 2007. In a statement, Heartland and Visa say the $60 million payment will be subject to certain conditions, including a specified level of participation by Visa issuers. Visa says it will provide issuers details in the coming days. The data breach involved an estimated 130 million credit and debit cards, although not all of them were Visa branded. This settlement with Visa is far larger than Heartland’s $3.6 million settlement with American Express, which was announced in December. http://www.bankinfosecurity.com/articles.php?art_id=2054 - and - Heartland Breach Shows Why Compliance Is Not Enough (ComputerWorld, 6 Jan 2010) - Nearly a year after Heartland Payment Systems Inc. disclosed what turned out to be the biggest breach involving payment card data, the incident remains a potent example of how compliance with industry standards is no guarantee of security. Princeton, N.J.-based Heartland last Jan. 20 disclosed that intruders had broken into its systems and stolen data on what was later revealed to be a staggering 130 million credit and debit cards. That number easily eclipsed the 94 million cards that were compromised in the massive breach disclosed by TJX Companies Inc. in 2007. However, it wasn’t just the scope of the Heartland breach that made it remarkable, but also the company’s insistence that it was certified as fully compliant with the requirements of the Payment Card Industry Data Security Standard (PCI DSS) when it was compromised. http://www.computerworld.com/s/article/9143158/Update_Heartland_breach_shows_why_compliance_is_not_enough?taxonomyId=142 - and - Data Losses to Incur Fines of Up to £500,000 (BBC, 12 Jan 2010) - The Information Commissioner’s Office will be able to issue fines of up to £500,000 for serious data security breaches. The new rule is expected to come into force in the UK on 6 April 2010. It has been approved by Jack Straw MP, Secretary of State for Justice. The size of the fine will be determined after an investigation to assess the gravity of the breach. Other factors will include the size and finances of the organisation at fault. Individual cases will also be assessed on whether the breach was accidental or deliberate, and how much distress the leak of information caused. There have been several high profile data losses in recent years from large organisations including the Ministry of Defence and the DVLA (Driver and Vehicle Licensing Agency). In an official press statement, Information Commissioner, Christopher Graham said he hoped the penalty would encourage companies to comply more closely with the Data Protection Act. http://news.bbc.co.uk/2/hi/technology/8455123.stm - and - The 2009 Ponemon Institute 2009 Annual Study: Cost of a Data Breach (January 26, 2010) - Understanding Financial Impact, Customer Turnover, and Preventive Solutions examines the costs incurred by 45 organizations after experiencing a data breach. Results were not hypothetical responses; they represent the cost estimates of activities resulting from the actual data loss incidents. This is the fifth annual survey of this issues. Breaches included in the survey included ranged from approximately 5,000 records to more than 101,000 records from 15 different industry sectors.” http://www.encryptionreports.com/download/Ponemon_COB_2009_US.pdf [Extremely important annual study, this year with some new findings: e.g., companies that notify victims too quickly incur greater costs; using external consultants to help with breach-response lowers costs significantly; first-timers’ breach costs are higher than those who’ve gone thru earlier responses; pharma/medical companies lose more customers because of breaches] France Ponders Right-To-Forget Law (BBC, 8 January 2010) - From Britney Spears’s musings to the Tiger Woods scandal, information can take a life of its own once it hits the world wide web. B-list celebs and brand-names bustling for public attention can be particularly vulnerable to people with a gripe against them. The impact of all those online revelations has made France consider the length of time that personal information should remain available in the public arena. A proposed law in the country would give net users the option to have old data about themselves deleted. This right-to-forget would force online and mobile firms to dispose of e-mails and text messages after an agreed length of time or on the request of the individual concerned. http://news.bbc.co.uk/2/hi/programmes/click_online/8447742.stm 10 Tips for Becoming a Smarter, Social Business Person (GigaOm, 10 Jan 2010) - The web is filled with social networks: We have Twitter for meeting new people, Facebook for old college buddies, and Bebo for those of us who don’t want to hang out with the mainstream. Those social networks are rarely viewed as corporate services — they’re relaxing at the end of a long workday, not playgrounds for more business activity. But I would argue that social networks provide value to a business person on several levels, whether it be for those furiously working each day in a cubicle or for others closing big deals on the golf course. Social networks can help make you a smarter business person, and there’s a lot of corporate value to be found in them. (Did you know that Dell has made over $6 million from Twitter alone?) It’s time to exploit them for your business, and here’s how * * * http://gigaom.com/2010/01/10/10-tips-for-becoming-a-smarter-social-business-person/ Swiss Court Declares Transfers of Banking Data to U.S. Authorities Illegal (Hunton & Williams, 11 Jan 2010) - On January 8, 2010, the Swiss Federal Administrative Court (“Bundesverwaltungsgericht”) published a decision that declared the transfer of banking data to U.S. law enforcement authorities by the Swiss bank UBS to be illegal. In late 2009, UBS transferred the data of over 300 customers suspected of evading U.S. taxes to the U.S. Department of Justice and Internal Revenue Service following an order issued by the Swiss Financial Market Supervisory Authority (“Finma”) pursuant to an agreement Finma reached with the U.S. authorities. In its decision, dated January 5, the Court found that Finma overstepped its legal authority in ordering the data transfer. Although strictly speaking the Court’s decision was based on Swiss constitutional, administrative and banking secrecy law, rather than data protection law, the decision contains extensive discussion about the fact that the data transfer significantly impaired the customers’ privacy rights as guaranteed by the Swiss constitution and by human rights instruments to which Switzerland is a party. The Swiss government reportedly is considering whether to appeal the decision to the Swiss Supreme Court, and the decision could have important implications for demonstrating the legal difficulties of transferring personal data from Europe to U.S. law enforcement authorities. Lawyers acting for some of the defendants were also reportedly preparing to file criminal charges against UBS executives and Finma employees for transferring the data illegally. http://www.huntonprivacyblog.com/2010/01/articles/information-security/swiss-court-declares-transfers-of-banking-data-to-us-authorities-illegal/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PrivacyInformationSecurityLawBlog+%28Privacy+%26+Information+Security+Law+Blog%29&utm_content=Google+Reader Court Compares Parties’ Clickwrap Contents, Process In Rejecting Unconscionability Claim (BNA’s Internet Law News, 14 Jan 2010) – BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the Southern District of Indiana held Dec. 22 that clickwrap terms of service, which an appliance company employee clicked to accept when signing up for an online advertising program, formed a binding agreement, rejecting a procedural unconscionability challenge. Case name is Appliance Zone LLC v. NexTag Inc. Judge Heaps E-Discovery Costs on Plaintiff (Law.com, 14 Jan 2010) - In an action that electronic discovery experts say may signal a sea change in how legal costs are apportioned after trial, a federal judge in Atlanta has ordered the losing company in a patent infringement action to pay more than $268,000 in costs to its opponents for the services of a computer consultant hired to fulfill broad discovery demands. In a Dec. 30 order, U.S. District Judge Thomas W. Thrash Jr. derided the patent infringement case that Cordele, Ga.-based software company CBT Flint Partners filed in 2007 against California company Cisco IronPort Systems (part of technology giant Cisco Systems) as well as the tactics of CBT’s counsel at Atlanta’s King & Spalding. Thrash stopped short of awarding legal fees in the case, however. Cisco IronPort had requested legal fees of more than $1.2 million and its co-defendant, Return Path, an international e-mail and internet technology vendor, had requested $590,000. Both prevailed in the litigation. In his order, Thrash called CBT’s patent infringement claims “objectively baseless” but found that, “although CBT and counsel exercised poor legal judgment in pursuing this action, there is not clear and convincing evidence that the pre-filing investigation was so pathetic as [to] justify an inference of bad faith.” http://www.law.com/jsp/article.jsp?id=1202437930333&rss=newswire&hbxlogin=1 French Court Strikes Down Another SOX Whistleblower Program (Steptoe & Johnson’s E-Commerce Law Week, 14 Jan 2010) - France’s highest court of appeals has ruled that multinational company Dassault Systèmes violated the law by instituting a whistleblower system that included uses not authorized by France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), and by not notifying employees of their right to access, correct, and object to data collected about them. Dassault, which is listed on the New York Stock Exchange, had adopted its whistleblowing system to comply with the U.S. Sarbanes-Oxley Act (SOX), but extended the reporting requirements beyond financial issues without gaining CNIL’s explicit authorization. The court also found that the company’s requirement that employees obtain permission before using company information violated employees’ free speech rights. http://www.steptoe.com/publications-6567.html U.S. Law Firm That Sued China Reports Cyberattack (Law.com 15 Jan 2010) - A Los Angeles law firm that recently filed a $2.2 billion copyright infringement suit against the People’s Republic of China said that it has become the target of cyberattacks originating in China. “I was the first one to get one of these e-mails,” said Gregory Fayer, a lawyer at Gipson Hoffman & Pancione, which began receiving unsolicited e-mails on its firm computers on Monday. “Something about it didn’t seem right. It didn’t seem quite in the manner in which the person who was supposedly sending it to me would put something, and so I called up the other attorney and said: ‘Did you just send me an e-mail?’ That person said, ‘No.’ That’s how we discovered the first one.” Fayer, who is handling the suit, could not say whether the attacks on the firm were related to it but noted, “It is difficult to believe that the timing is merely coincidental.” The e-mails came the same week that Google Inc. declared that it would stop complying with Chinese censorship requirements for the Internet following reports that several of its computer systems had drawn cyberattacks believed to originate in China. Some of the attacks were aimed at Chinese human rights activists’ Gmail accounts. The firm has contacted the FBI and U.S. Rep. Anna Eshoo, D-Calif., a senior member of the House Permanent Select Committee on Intelligence, who on Tuesday urged companies to come forward about suspected cyberattacks in light of the Google revelation. Fayer said that he and his colleagues already were on “high alert” when the firm filed a $2.2 billion copyright infringement suit on Jan. 5 on behalf of a software firm in Santa Barbara, Calif., against the Chinese government, two Chinese software makers and seven major computer manufacturers that helped distribute Green Dam Youth Escort software. http://www.law.com/jsp/article.jsp?id=1202438338267&rss=newswire&hbxlogin=1 [Editor: GhostNet compromised other US law firms’ files—possibly comprehensively—in early 2009; clients apparently were not informed. The FBI finally issued a warning in early November: ]http://files.knowconnect.com/public/cyber_advisory.pdf] - and - US Oil Industry Hit By Cyberattacks: Was China Involved? (Christian Science Monitor, 25 Jan 2010) - At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage. The oil and gas industry breaches, the mere existence of which has been a closely guarded secret of oil companies and federal authorities, were focused on one of the crown jewels of the industry: valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide, sources familiar with the attacks say and documents obtained by the Monitor show. The companies – Marathon Oil, ExxonMobil, and ConocoPhillips – didn’t realize the full extent of the attacks, which occurred in 2008, until the FBI alerted them that year and in early 2009. Federal officials told the companies proprietary information had been flowing out, including to computers overseas, a source familiar with the attacks says and documents show. The data included e-mail passwords, messages, and other information tied to executives with access to proprietary exploration and discovery information, the source says. What these guys [corporate officials] don’t realize, because nobody tells them, is that a major foreign intelligence agency has taken control of major portions of their network,” says the source familiar with the attacks. “You can’t get rid of this attacker very easily. It doesn’t work like a normal virus. We’ve never seen anything this clever, this tenacious.” http://www.csmonitor.com/USA/2010/0125/US-oil-industry-hit-by-cyberattacks-Was-China-involved [I worked in this sector; we saw national governments trying to access oil field reservoir data back in the 1990s.] Bar Exam Prep Via an iPhone App (LawSites, 18 Jan 2010) - At $999, it is the most expensive app available for the iPhone. But this one may actually be worth it, as TechCrunch reports. Called BarMax CA, it is a full-fledged preparation course for the California bar exam, offered entirely on the iPhone, at a third to a quarter less than the price of a BarBri course. The app was the brainchild of Mike Ghaffary, a graduate of both Harvard Law School and Harvard Business School. He pulled together a team of Harvard law grads to create the app. What does the app offer? A lot, says TechCrunch: “The app is over 1 gigabyte in size, which is the largest application I’ve ever seen. It includes thousands of pages of materials as well as hundreds of hours of audio lectures. It’s all the information you could ever want for the two-month course. And again, it can be done all on your iPhone. That said, if you do want some more tangible paperwork for certain sections, BarMax will send you that electronically as well.” By the end of the year, the company plans to add bar-exam apps for New York and five other states. It may also offer a version for just the multi-state for $500. http://www.legaline.com/2010/01/bar-exam-prep-via-iphone-app.html California CIO: Open Source Officially Welcome Here (ArsTechnica, 20 Jan 2010) - The Chief Information Officer (CIO) of the state of California has issued an IT policy letter to formally affirm that open source software is acceptable for use by government agencies in California. As the state lies crushed beneath the burden of an unprecedented $20 billion deficit, government officials are looking for ways to cut spending and manage infrastructure more efficiently. Reducing vendor lock-in and giving more consideration to free and open source software could help the state improve its financial health. The same dynamic is also true at the national level. Last year, the national governments of Canada and the UK both began formulating open source IT strategies. The US Department of Defense, which has a history of open source advocacy, issued a memo last year highlighting the advantages of open source adoption. http://arstechnica.com/open-source/news/2010/01/california-cio-issues-it-policy-letter-about-open-source.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss Authenticating Web Pages as Evidence (Law.com, 21 Jan 2010) - Plaintiff sues your client, claiming that his injuries have significantly affected his lifestyle. He is unable to work, travel or bowl. Not surprisingly, his spouse alleges loss of consortium. On the eve of trial, you discover pictures and other details on a social networking website about plaintiff’s recent trip to the International Bowling Museum & Hall of Fame, including a picture of plaintiff proudly holding a fluorescent orange bowling ball and a four-foot tall gilded trophy dated four days earlier. As you approach the witness with printouts of the web pages, you are stopped in your tracks: “Objection, lack of foundation.” It is now routine for litigators to conduct internet research to work up a case. Indeed, for many litigators, one of the first things they do is see what is available about the opposing party, searching Google, social networking sites like Twitter, MySpace and Facebook, and the party’s personal websites. During the life of any case, there will likely be valuable information obtained from the internet that will be used at deposition or trial. Commonly, the proponent of online evidence will present a screen shot of the web page, which was either downloaded as a .pdf or printed directly from the website. The process is like taking a photograph of the image as it appears on the monitor. In general, this captures not only the look, but also the download date and the URL. If proper steps are not taken to admit the evidence, the value of this information may be lost. [Editor: article continues usefully.] http://www.law.com/jsp/article.jsp?id=1202439301020&rss=newswire Learning To Love That Roommate from Hell (Steptoe & Johnson’s E-Commerce Law Week, 21 Jan 2010) - Back when it was decided, the Ninth Circuit’s en banc decision in Fair Housing Council of San Fernando Valley v. Roommates.com, LLC struck fear in the hearts of website operators who depend on user-generated content because it seemed to open a gaping hole in the immunity shield provided by section 230 of the Communications Decency Act (47 U.S.C. § 230(c)(1)) (CDA). As we’ve previously reported, the Ninth Circuit held that Roommates.com forfeited its CDA immunity when it “encourag[ed] illegal content” by offering users limited content options via drop-down menus as a precondition for using the service. But since then, most courts have interpreted Roommates.com narrowly, thus assuaging some of the concern that the section 230 aegis would be reduced to tatters. The Fourth Circuit recently continued that trend in Nemet Chevrolet Ltd., et al., v Consumeraffairs.com, Incorporated, rejecting claims that a website acted as an “information content provider”—and thereby lost its immunity—by soliciting, revising, and categorizing consumer complaints in order to “attract attention by consumer class action lawyers.” http://www.steptoe.com/publications-6580.html Blogs, YouTube Prompt Campaign Finance Ruling (CNET, 21 Jan 2010) - The U.S. Supreme Court’s sweeping ruling on Thursday that invalidated large chunks of campaign finance law arose in part from an unlikely source: the emergence of Facebook, YouTube, and blogs, and the decline of traditional media outlets. A 5-4 majority concluded that technological changes have chipped away at the justification for a law that allows individuals to create a blog with opinions about a political candidate--but threatens the ACLU, the National Rifle Association, a labor union, or a corporation with felony charges if they do the same. The now-invalidated law “would seem to ban a blog post expressly advocating the election or defeat of a candidate if that blog were created with corporate funds,” Justice Anthony Kennedy wrote in the majority opinion (PDF). “The First Amendment does not permit Congress to make these categorical distinctions based on the corporate identity of the speaker and the content of the political speech.” Eugene Volokh, a law professor at UCLA, called it the “first appearance” of the word “blog” in a Supreme Court opinion. And Google’s video-sharing site is singled out in the conclusion, with Kennedy writing that “skits on YouTube.com” that cast politicians in an unflattering light could give rise to “felony” charges if a corporation dared to post them. Kennedy added: “Rapid changes in technology--and the creative dynamic inherent in the concept of free expression--counsel against upholding a law that restricts political speech in certain media or by certain speakers. Today, 30-second television ads may be the most effective way to convey a political message. Soon, however, it may be that Internet sources, such as blogs and social-networking Web sites, will provide citizens with significant information about political candidates and issues.” http://news.cnet.com/8301-13578_3-10439023-38.html You’ve Been Served (Tech Bankruptcy blog, 22 Jan 2010) - BBC News reported a couple of months ago about a British court allowing service of a court order using Twitter. Twitter is, for those who do not yet know, an on-line network allowing users to post short messages that are then broadcast to a list of subscribers. In the particular case, a political blogger named Donal Blarney sought an order enjoining another user of the Twitter service. Because the target of the court injunction had not yet actually been identified, the court allowed the injunction to be served via a posting on Twitter. The posting gave notice of the court order and, because twitter postings are very limited in length, contained a link to the order itself. Apparently, according to a story in The Register, the tactic succeeded. The malefactor did in fact receive the notice of the order and agreed to comply with the order. Would similar tactics work in the U.S. Bankruptcy Court? Perhaps in limited circumstances. Fed. R. Civ. P. 5(b)(2)(D) and Fed. R. Bankr. P. 7005 allow service by “electronic means” when the recipient has previously consented in writing. Service is effective on transmission. This rule was designed to allow service by e-mail through the ECF system, but there really is no reason why other means could not be used as well. The catch is, of course, getting that advance written consent. http://tech-bankruptcy.blogspot.com/2010/01/youve-been-served.html Legal Sites Plan Revamps as Rivals Undercut Price (New York Times, 24 Jan 2010) - Westlaw and LexisNexis, the dominant services in the market for computerized legal research, will undergo sweeping changes in a bid to make it easier and faster for lawyers to find the documents they need. Lawyers and researchers paying to go online to find court cases and other legal documents should find better-looking interfaces, more relevant search results and new tools for document-sharing and other collaboration. The changes to the research services are a reaction by Westlaw and LexisNexis to lower-priced — sometimes free — rivals and arrive at a time when law firms are working to cut overhead. The two companies also want to cater to a younger generation of lawyers accustomed to slick Web services and the search interfaces presented by companies like Google and Microsoft. Westlaw will introduce its changes on Feb. 1; LexisNexis has yet to specify a date. Because of advances in computing power and computer science, lawyers can now search all the databases in a given jurisdiction, rather than having to hand-select the pools of information they believe might be relevant to a given case. Most important, according to Mr. Dahn, the WestlawNext service has a revamped search system that allows lawyers to type in general requests, as they might on Google, rather than their typical narrow searches. The search system also relies on algorithms to find documents related to a case that the lawyers may not have thought they needed. http://www.nytimes.com/2010/01/25/technology/25westlaw.html?ref=business Courts In Maryland, New Jersey, Florida Declare Mistrials After Juror Internet Research (Citizen Media Law Project, 25 Jan 2010) - Appeals courts in Maryland and New Jersey appear to be the first to reverse jury verdicts because of social media use by jurors during trial. http://www.citmedialaw.org/blog/2010/courts-maryland-new-jersey-florida-declare-mistrials-after-juror-internet-research?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+CitizenMediaLawProject+(Citizen+Media+Law+Project) Sign of the Times: Clorox Seeks Lawyer for Social Media Issues (ABA Journal, 25 Jan 2010) - Clorox is hiring an in-house lawyer to focus on legal issues surrounding social media. The company’s ad for a social media legal expert is “rather surprising,” but it’s a sign of the times, Advertising Age reports. Many companies already use social media to promote their products, and Clorox is no exception, Advertising Age says. The company has Facebook fan pages for Clorox and Brita, uses Twitter to solicit product ideas, and solicits reader feedback on its new blog Understanding Bleach. A job description posted at JDHunter.com says the new hire at Clorox will be expected to provide legal counsel on managing and securing advertising content “especially as it relates to social media and other Web 2.0 executions, TV and radio.” Among other things, the new lawyer will be expected to draft celebrity talent contracts that apply across multimedia platforms, advise on music and video licensing across platforms, and advise on the application of privacy laws to the collection of consumers’ information. Advertising Age interviewed Jack Greiner, an attorney with Cincinnati’s Graydon Head & Ritchey who listed social media as a specialty on LinkedIn. He said the in-house lawyer may want to tackle the issue of how Clorox employees talk about the company and its products on social media by writing a policy establishing the ground rules. The new lawyer would also be wise to counsel against unwise moves that could be used by competitors to gain attention, he said. As an example, he cites the infringement suit filed by The North Face against a clothing upstart called The South Butt. In the end, he said, The North Face became the butt of South Butt’s joke. http://www.abajournal.com/mobile/article/sign_of_the_times_clorox_seeks_lawyer_for_social_media_issues [Editor: I gave a presentation on this on 12 January; key lesson: be careful of issuing policies that over-restrict use of social media, and of lawyers’ natural, too-conservative tendencies. PowerPoint presentation here: ]http://www.knowconnect.com/policies/cat/e_policy_presentations] - and - Company Requires ‘Tweet’ as Part of Law Firms’ RFP Response (Law.com, 21 Jan 2010) - In a post yesterday, Larry Bodine’s LawMarketing Blog gave us an update on an interesting RFP issued last year by a company called FMC Technologies. The beauty contest is now down to the final cut. Not only did FMC post the RFP on Legal OnRamp, an online social network for in-house lawyers, it also required interested law firms to “state in a Tweet on Twitter (140 character limit) why FMC should hire the law firm.” Keep in mind that this all occurred in May 2009, when Twitter was even more of a mystery to law firms than it is today. Fifty law firms downloaded the two-page RFP, but as Corporate Counsel reporter Amy Miller wrote last June, BigLaw was generally reluctant to participate. Bodine reports that the following eight firms tweeted and made the final cut: • Beirne, Maynard & Parsons • The Law Offices of Tom Fulkerson • Littler Mendelson • Seyfarth Shaw • Summit Law Group • Sutherland Asbill & Brennan • Valorem Law Group • Womble Carlyle Sandridge & Rice FMC’s general counsel, Jeffrey Carr, is on the board of the Association of Corporate Counsel, and has strong views on the existing model for legal service delivery. He views it as unsustainable and states that it is “antiquated, inefficient and ineffective and it fails to deliver value to the client by avoiding—indeed by punishing—those that leverage prior work product, streamline processes and focus on profitability by cost reduction as opposed to top line revenue growth.” Carr says he employed this type of digital/social RFP because he was seeking tech-savvy firms that offered alternative fees and online billing. http://legalblogwatch.typepad.com/legal_blog_watch/2010/01/twitter-required-company-requires-tweet-as-part-of-law-firms-rfp-response.html?utm_source=twitterfeed&utm_medium=twitter - and - Social Networking: A Workplace Policy (Law.com, 22 Jan 2010) - The first part of this article addressed issues surrounding the effect of the internet on hiring and firing in the 21st Century. This article discusses the laws that impact social networking in the workplace and provides guidance on developing a social networking and blogging policy. Many states have enacted off-duty conduct statutes, which prohibit an employer from disciplining an employee for engaging in lawful conduct while away from the employer’s premises. These states include, most notably, California, Colorado and New York. However, these statutes also provide exceptions that allow employers to limit otherwise lawful, off-duty conduct where it creates a material conflict of interest for the employer or is reasonably related to the employee’s job. For example, the New York statute allows an employer to discharge an employee for off-duty conduct that creates a material conflict of interest related to trade secrets, proprietary information, or some other business interest. http://www.law.com/jsp/article.jsp?id=1202439369681&rss=newswire [Editor: much more here.] Hitting Pause on Class Videos (InsideHigherEd, 26 Jan 2010) - In the latest clash of copyright law and instructional technology, the University of California at Los Angeles has stopping allowing faculty members to post copyrighted videos on their course Web sites after coming under fire from an educational media trade group. The policy, enacted earlier this month, has been planned since last fall, when the Association for Information and Media Equipment — a group that protects the copyrights of education media companies — charged the university with violating copyright laws by posting the videos to the password-protected course Web pages without the proper permissions. Copyright law does include exemptions for professors who wish to use audiovisual media “in the course of face-to-face teaching activities of a nonprofit educational institution, in a classroom or similar place devoted to instruction” — so long as the professor is not showing media that he or she knows has been made illegally. The university said streaming the video on a password-protected Web site, where only students who are registered members of the class can access it, satisfies these criteria. But the trade group is arguing that a password-protected space on the Web is not a classroom. “The face-to-face teaching exemption allows a video to be played in class, not streamed to the classroom from a remote location,” Dohra said in an e-mail. “As to the fair use claim, when videos are streamed to students outside the classroom, password protection may limit access to some degree. However, requiring a password doesn’t make an infringement fair use.” http://www.insidehighered.com/news/2010/01/26/copyright E-Filing: Then and Now (New York Law Journal, 26 Jan 2010) - Over the past decade, we have witnessed a technological revolution that has fundamentally changed our lives. We now routinely check the internet for news updates and shop online, not to mention social networking and tweets. Even in the staid and traditional world of justice, we are affected by this revolution. A little over 10 years ago the New York state Legislature enacted Chapter 367 of the Laws of 1999, which created a pilot program to test electronic filing (“e-filing”) in certain civil cases. When the New York State Courts Electronic Filing System was introduced in 1999, only one case was e-filed all year. Ten years later, e-filing by New York’s legal community has increased exponentially. Since 2002, the number of attorneys registered to e-file their cases has grown from 300 to over 13,000 currently registered. As of the end of 2009, over 200,000 cases and over 500,000 documents have been e-filed with the system. After 10 years of acceptance and growth, electronic filing in the state courts significantly advanced with the enactment of Chapter 416 of the Laws of 2009, effective Sept. 1, 2009. With this new legislation, electronic filing now has a permanent place in New York’s legal system. The legislation makes three important changes to New York’s e-filing program. http://www.law.com/jsp/article.jsp?id=1202439497847&rss=newswire No Access for the Axis: SourceForge Bows to Government Demands (ReadWriteWeb, 26 Jan 2010) – SourceForge one of the primary distribution hubs of the open source software movement, has shut its doors to visitors from a number of countries, saying that it is working to be in compliance with existing U.S. laws. In a blog post yesterday, the site responded to rumors around the Twittersphere that various users from outside the U.S. were now unable to access the site. The open source movement has always been community based, working outside of standard boundaries and borders, and some see this as going against those basic tenets. Here is the reasoning for the move in SourceForge’s own words: Since 2003, the SourceForge.net Terms and Conditions of Use have prohibited certain persons from receiving services pursuant to U.S. laws, including, without limitations, the Denied Persons List and the Entity List, and other lists issued by the U.S. Department of Commerce, Bureau of Industry and Security. The specific list of sanctions that affect our users concern the transfer and export of certain technology to foreign persons and governments on the sanctions list. The site began using automatic IP blocking last week and users from a number of countries, including Cuba, Iran, North Korea, Sudan, and Syria, are now unable to access the site. While some are calling foul and declaring the premature death of the open source movement, we have to assume that the technologically savvy users accessing the site would know how to get around a simple IP-based filter. Whether using a tool like Tor or a proxy service like HotSpot Shield, it can’t be all that difficult to access the site. http://www.readwriteweb.com/archives/no_access_for_the_axis.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+readwriteweb+(ReadWriteWeb) - and - Cloud Computing and US Export Control Rules (Roland Trope, 26 Jan 2010) - Enterprises are giving increasing consideration to the promised benefits of renting storage, processing, and applications hosted beyond their premises on third party servers that can be accessed wirelessly (i.e., “cloud computing”). However, there are growing concerns that companies and professionals (e.g., lawyers, doctors, engineers, accountants) may not understand the inherent risks of entrusting sensitive data to the “cloud.” One risk is that enterprises responsible for export-controlled data (i.e., data subject to the “dual-use” controls of the Export Administration Regulations (EAR), or the defense article controls of the International Traffic in Arms Regulations (ITAR)) will belatedly learn that the data they released to the “cloud” has been transferred by the cloud service provider from servers located in the U.S. to servers located overseas without a license and thus in violation of the EAR and/or the ITAR. One cloud service provider, apparently worried about its own potential liability, obtained back in January 2009 an advisory opinion from the Bureau of Industry and Security on the applicability of the EAR to the service provider’s cross-border transfers of customers’ data. http://www.bis.doc.gov/policiesandregulations/advisoryopinions/jan13_2009_ao_on_cloud_grid_computing.pdf The opinion noted that providing computation capacity via the cloud would not be subject to the EAR, but that if the provider “ships or transmits software that is subject to the EAR, an ‘export’ would occur.” The opinion further noted that an export of data via the “cloud” would be for the benefit of the user, not the provider, and that therefore the user (or customer) would be responsible for compliance with the EAR (and, by implication, potentially liable for any noncompliance). Since the ITAR are more restrictive and are interpreted and enforced not by the BIS, but by the State Department’s Directorate of Defense Trade Controls, enterprises should not rely on the BIS opinion for guidance on their responsibilities for ITAR compliance when using “cloud” services. [Roland Trope is a partner in the New York offices of Trope and Schramm LLP, and can be contacted at rltrope@tropelaw.com] A Little ‘i’ to Teach About Online Privacy (New York Times, 27 Jan 2010) – A little blue symbol is carrying big implications. Trying to ward off regulators, the advertising industry has agreed on a standard icon — a little “i” — that it will add to most online ads that use demographics and behavioral data to tell consumers what is happening. Jules Polonetsky, the co-chairman and director of the Future of Privacy Forum, an advocacy group that helped create the symbol, compared it to the triangle made up of three arrows that tells consumers that something is recyclable. The idea was “to come up with a recycling symbol — people will look at it, and once they know what it is, they’ll get it, and always get it,” Mr. Polonetsky said. Most major companies running online ads are expected to begin adding the icon to their ads by midsummer, along with phrases like “Why did I get this ad?” When consumers click on the icon, a white “i” surrounded by a circle on a blue background, they will be taken to a page explaining how the advertiser uses their Web surfing history and demographic profile to send them certain ads. http://www.nytimes.com/2010/01/27/business/media/27adco.html?scp=1&sq=polonetsky&st=cse Alaska Superior Court Judge Sides With State, Palin In E-Mail Lawsuit (JuneauEmpire.com, 25 Jan 2010) - An Alaska judge has sided with former Gov. Sarah Palin in a lawsuit over e-mail, finding that state law doesn’t forbid the use of private e-mail accounts to conduct state business. http://juneauempire.com/stories/012510/sta_554316966.shtml?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+StatelineorgRss-Technology+(Stateline.org+RSS+-+Technology) - and - Michigan State Court Rules that Government Officials’ Personal E-Mails Aren’t Subject to FOIA (AnnArbor.com, 27 Jan 2010) - A sweeping decision released by the Michigan Court of Appeals today places new limits on the state’s Freedom of Information Act, concluding that personal e-mails exchanged between government officials are not subject to disclosure. The ruling stems from a case out of Livingston County Circuit Court involving the Howell Education Association, the Howell Board of Education and Howell Public Schools. The state appeals court ruled this week that e-mails exchanged between teachers union officials on a school district’s computer system are not subject to FOIA. The three-judge panel reversed a lower court ruling from 2007 that found e-mails stored on the school system’s server were public records. According to the new ruling, only records created to further a public institution’s official duties are subject to FOIA and that “personal communication,” even if related to school issues such as union contract negotiations, are exempt. http://www.annarbor.com/news/state-court-rules-that-government-officials-personal-e-mails-arent-subject-to-foia/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+StatelineorgRss-Technology+(Stateline.org+RSS+-+Technology) S.E.C. Adds Climate Risk to Disclosure List (New York Times, 28 Jan 2010) - The Securities and Exchange Commission said on Wednesday for the first time that public companies should warn investors of any serious risks that global warming might pose to their businesses. Although the agency has long required companies to reveal possible financial or legal impacts from a variety of environmental challenges, it has never specifically cited climate change as bringing potentially significant business risks or rewards. The S.E.C., on a party-line 3-2 vote, issued “interpretive guidance” to help companies decide when and whether to disclose matters related to climate change. The commission said that companies could be helped or hurt by climate-related lawsuits, business opportunities or legislation and should promptly disclose such potential impacts. Banks or insurance companies that invest in coastal property that could be affected by storms or rising seas, for example, should disclose such risks, the agency said. http://www.nytimes.com/2010/01/28/business/28sec.html?ref=business [Editor: Why is this in MIRLN? Climate-change risk is more speculative than security-breach risk; Y2K risks were disclosed in 1999, and the SEC may turn its sights now to security-breach risk.] Connecticut AG the First to File HIPAA Suit (Steptoe & Johnson’s E-Commerce Law Week, 28 Jan 2010) - Connecticut Attorney General (and senatorial candidate) Richard Blumenthal has become the first state attorney general to file a complaint for violation of the Health Insurance Portability and Accountability Act (HIPAA). State attorneys general were granted the authority to enforce HIPAA by the Health Information Technology for Economic and Clinical Health (HITECH) Act, which amended HIPAA as part of the American Recovery and Reinvestment Act of 2009. Blumenthal has sued Health Net of the Northeast, Inc., and affiliated and successor companies in federal court in Connecticut after a portable computer disk drive holding the protected health information and other personal information of 1.5 million customers disappeared from the company’s Connecticut office. Blumenthal has also alleged that Health Net violated Connecticut’s breach notification law by delaying notification of affected individuals for six months. Blumenthal is seeking injunctive relief and damages. http://www.steptoe.com/publications-6595.html NOTED PODCASTS BooksAhead.com (Mitch Ratcliffe, IT Conversations) - Calling from the 2010 CES in Las Vegasi, tech journalist Mitch Ratcliffe joins Phil and Scott to discuss the future of books, reading, and publishing. He talks about how his blog Booksahead.com is a platform to discuss authors and publishing, as well as news about the industry. He also reviews new mobile devices, including E-Book readers and tablet computers, as well as the Sophie Project, open source software for writing and reading. http://itc.conversationsnetwork.org/shows/detail4361.html [Interesting 45 minute discussion about an expansive, evolutionary future for e-books, with crowd-sourced annotations, social-network asynch recommendations and discussions, author-feedback systems, and perpetual cloud-libraries. ONE STAR.] Data Mining Spurs Innovation, Threatens Privacy (NPR, 18 Dec 2009; 22 minute audio segment) - By analyzing cell phone movements and online search queries, scientists can monitor traffic in real time and track disease outbreaks more efficiently, but at what cost to privacy? Computer scientists Tom Mitchell and Deborah Estrin discuss the pros and cons of crowd sourcing personal data. http://www.npr.org/templates/story/story.php?storyId=121615586 [Story driven by “Mining Our Reality”, from the 18 December 2009 issue of Science Magazine, and available here: ]http://www.scribd.com/doc/24279809/Mining-our-Reality-by-Tom-Mitchell-Carnegie-Mellon-University] RESOURCES Exclusive First Look: Fastcase iPhone App (Robert Ambrogi’s blog, 25 Jan 2010) - The legal research service Fastcase is preparing to launch an application that will let users research cases and statutes on their iPhones, all for free. The app is awaiting final approval from Apple before it will be available in the App Store. Fastcase granted me an exclusive first look at a pre-release version of the app. Here is what I found. http://www.legaline.com/2010/01/exclusive-first-look-fastcase-iphone.html Panopticlick (by EFF) - Is your browser configuration rare or unique? If so, web sites may be able to track you, even if you limit or disable cookies. Panopticlick tests your browser to see how unique it is based on the information it will share with sites it visits. Click below and you will be given a uniqueness score, letting you see how easily identifiable you might be as you surf the web. http://panopticlick.eff.org/ Google Reader Lets You Subscribe to Any Page on the Web (Mashable, 25 Jan 2010) - RSS technology makes it possible for anyone to keep up with fresh content without having to visit the site in question. Now the same holds for webpages without RSS thanks to a new Google Reader feature. Today Google has rolled out a subtle change to Google Reader that lets you create custom feeds to track pages that don’t already have them. So you can subscribe to updates for any webpage simply by typing the URL into the “Add a subscription” text box. Should you put the new feature to work, you’ll start to receive short snippets for any updates made to the pages, and Google asserts that it’s committed to improving the quality of these tiny blurbs over time. On the flip side, webpage owners can choose to opt out by adjusting a few lines of code. http://mashable.com/2010/01/25/google-reader-custom-feeds/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Mashable+(Mashable) FUN Michael Jackson’s Thriller Inmates, The Sequel: This Is It [VIDEO] (Mashable, 25 Jan 2010) - A new video of hundreds of prison inmates performing a dance routine inspired by the Michael Jackson documentary “This Is It” is something of a sequel to one of the most popular viral videos of all time. Two years ago, a video of 1,500 inmates in the Philippines’ Cebu Provincial Detention and Rehabilitation Center dancing a routine set to Michael Jackson’s “Thriller” was uploaded to YouTube. Since then, it’s reached more than 37 million views. Prison Chief Byron F. Garcia has actually released several videos since “Thriller.” The prison has even become a tourist spot, putting on a monthly performance, selling souvenir shirts and offering visitors chances to have their pictures taken with the dancing inmates. None of the previous videos have come close to the viral success of “Thriller,” though. But now that MJ has sadly passed on, we thought it appropriate to share this performance. It was actually made possible by MJ’s choreographer, Travis Payne. He and two dancers (Daniel Celebre and Dres Reid) taught the inmates all the steps. Go ahead and watch both the dance routine based on “This Is It” (set to “They Don’t Care About Us”) and the classic “Thriller” video below if you like dancing. Hey, we all do — that’s why videos like these are so insanely popular. http://mashable.com/2010/01/25/inmates-this-is-it-michael-jackson/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Mashable+(Mashable) LOOKING BACK - MIRLN TEN YEARS AGO CIA Says Cyber Threat from Russia and China is Developing (24 February 2000) The CIA says that there is evidence of “dedicated offensive cyber warfare programs” in China and Russia. Because they know they would lose in conventional warfare confrontation, the countries are focusing on honing their cyber attack capabilities. The US plans to do the same. http://www.computerworld.com/home/print.nsf/all/000224EF6A http://www.zdnet.com/zdnn/stories/news/0,4586,2445516,00.html MIRLN 2010-01-29T21:22:00-07:00 http://www.knowconnect.com/mirln/article/mirln_20_december_9_january_2010_v1301/ http://www.knowconnect.com/mirln/article/mirln_20_december_9_january_2010_v1301/#When:22:05:00Z • Surveillance Shocker: Sprint Received 8 MILLION Law Enforcement Requests for GPS Location Data in the Past Year • Lawyers Can Post Clients’ Files on Web • Heartland pays Amex $3.6M over 2008 data breach o Massachusetts’s Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift o Even Extortion of Breached Company Doesn’t Help Plaintiff Show Concrete Injury, Court Finds • Should a Case Go Webwide? • Ghostnet and the Unclassified Crisis • Copyright Claim Based on Taping Fashion Show • Background Checks For All With BeenVerified’s iPhone App • Drunk Drivers in Texas to Be Named on Twitter • No Private Right of Action to Enforce Connecticut Electronic Monitoring Statute • Long arm of law reaches into World of Warcraft • Court’s Ruling Holds One Shiny Gift and One Lump of Coal for Employers • Harnessing Free-Flowing Competitive Intelligence Through Social Media Sites • Whatever happened to Second Life? • FTC set to examine cloud computing • Calif. Federal Judge OKs Posting of Prop 8 Trial to YouTube • Ohio Court Gives Criminals Another Reason to Love Their Smart (and Not-So-Smart) Phones • Internet pirates find ‘bulletproof’ havens for illegal file sharing NEWS | PODCASTS | RESOURCES | FUN | LOOKING BACK | NOTES Surveillance Shocker: Sprint Received 8 MILLION Law Enforcement Requests for GPS Location Data in the Past Year (EFF, 1 Dec 2009) - This October, Chris Soghoian — computer security researcher, oft-times journalist, and current technical consultant for the FTC’s privacy protection office — attended a closed-door conference called “ISS World”. ISS World — the “ISS” is for “Intelligence Support Systems for Lawful Interception, Criminal Investigations and Intelligence Gathering” — is where law enforcement and intelligence agencies consult with telco representatives and surveillance equipment manufacturers about the state of electronic surveillance technology and practice. Armed with a tape recorder, Soghoian went to the conference looking for information about the scope of the government’s surveillance practices in the US. What Soghoian uncovered, as he reported on his blog this morning, is more shocking and frightening than anyone could have ever expected. At the ISS conference, Soghoian taped astonishing comments by Paul Taylor, Sprint/Nextel’s Manager of Electronic Surveillance. In complaining about the volume of requests that Sprint receives from law enforcement, Taylor noted a shocking number of requests that Sprint had received in the past year for precise GPS (Global Positioning System) location data revealing the location and movements of Sprint’s customers. That number? EIGHT MILLION. Sprint received over 8 million requests for its customers’ information in the past 13 months. That doesn’t count requests for basic identification and billing information, or wiretapping requests, or requests to monitor who is calling who, or even requests for less-precise location data based on which cell phone towers a cell phone was in contact with. That’s just GPS. And, that’s not including legal requests from civil litigants, or from foreign intelligence investigators. That’s just law enforcement. And, that’s not counting the few other major cell phone carriers like AT&T, Verizon and T-Mobile. That’s just Sprint. Here’s what Taylor had to say; the audio clip is here and we are also mirroring a zip file from Soghoian containing other related mp3 recordings and documents. https://www.eff.org/deeplinks/2009/12/surveillance-shocker-sprint-received-8-million-law Lawyers Can Post Clients’ Files on Web (Arizona Central, 17 Dec 2009) - Lawyers can make their clients’ files available to them on the World Wide Web but only if they take proper safety precautions, the Ethics Committee of the State Bar of Arizona concluded. In a formal written opinion, the panel gave the go-ahead to a lawyer to let clients view and retrieve their own files. Committee members said the plan, as sketched out for them in an inquiry from the attorney, did not run afoul of existing ethics rules about what lawyers must do to safeguard client information. But the committee cautioned that their approval was based on the kind of security the lawyer promised to set up, both in encrypting the files and taking other methods to preclude unauthorized hacking. And the panel also said that the attorney has to conduct periodic reviews to ensure that security precautions in place remain reasonable as technology progresses. This does not mean lawyers have to offer an absolute guarantee that a computer system will be invulnerable to unauthorized access, the committee said. Lawyers are just required to exercise sound professional judgment on what steps are necessary to secure against “foreseeable attempts at unauthorized access.” But the panel said what constitutes “sound professional judgment” is not necessarily based on a judgment that an attorney would reach about what is and is not secure. “It is also important that lawyers recognize their own competence limitations regarding computer security measures,” the opinion states. That requires them to take the necessary time and energy to become competent or to consult available experts in the field. http://www.azcentral.com/business/abg/articles/2009/12/17/20091217abg-fischer1217.html Heartland pays Amex $3.6M over 2008 data breach (Computerworld, 17 Dec 2009) - Heartland Payment Systems will pay American Express $3.6 million to settle charges relating to the 2008 hacking of its payment system network. This is the first settlement Heartland has reached with a card brand since disclosing the incident in January of this year. The U.S. Department of Justice has charged Albert Gonzalez and several other accomplices with the hack, saying that Heartland was one of several companies that the hackers managed to break into using SQL injection attacks. Other alleged victims include 7-Eleven and Hannaford Brothers. In total, the gang managed to steal more than 130 million credit card numbers from Heartland and about 4.2 million from Hannaford, prosecutors allege. Card-issuing banks such as American Express have had to pay the costs of re-issuing credit cards, following the breach, and many banks have sued Heartland to recover these costs. American Express operates its own credit card brand as well, and the settlement may also cover fines incurred there. Heartland has also had to pay out fines assessed by other brands such as Visa and MasterCard. Typically, these card brands levy fines against those responsible for data breaches. In May, Heartland CEO Bob Carr said that his company had set aside $12.6 million to handle charges related to the hack. More than half of that money was to handle fines levied by MasterCard, he said. http://www.computerworld.com/s/article/9142448/Heartland_pays_Amex_3.6M_over_2008_data_breach?source=CTWNLE_nlt_dailyam_2009-12-18 - but - Massachusetts’s Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift (InfoLawGroup, 23 Dec 2009) - While the proverbial jury is still out concerning retailers’ sales success this 2009 holiday season, Massachusetts’s highest court (the Supreme Judicial Court or “Supreme Court” as referenced herein) delivered retailers a significant holiday gift in the form of an opinion slamming the door on some financial institutions seeking to recover reissuance costs arising out a retailer’s payment card data breach. The Cumis Insurance Society, Inc. v. B.J. Wholesale Club, Inc. decision (“Supreme Court Decision”) analyzed and ruled upon most of the mainstream legal theories issuing banks have used to attempt to recover card reissuance costs, including breach of contract under a third party beneficiary theory, fraud, negligence, negligent misrepresentation and breach of unfair/deceptive practices laws (in this case M.G.L. Chapter . 93A, section 11). We have previously commented on multiple decisions involving retailer payment card breaches similar to the BJ Wholesale breach and PCI liability in general, including a 3rd Circuit federal appellate decision that allowed issuing banks to proceed forward with a third party beneficiary breach of contract theory. This blog post dives into and analyzes the Supreme Court Decision, and looks at it in context against similar decisions. Overall, in terms of issuing banks recovering for payment card breaches, the game does not appear to be litigation in the courts, but rather in the backroom contracts and recovery processes contained in the card brand operating regulations that most retailers agree to comply with. http://www.infolawgroup.com/2009/12/articles/pci-1/massachusettss-highest-court-delivers-bj-wholesalers-and-other-retailers-a-data-breach-liability-gift/ - and - Even Extortion of Breached Company Doesn’t Help Plaintiff Show Concrete Injury, Court Finds (Steptoe & Johnson’s E-Commerce Law Week, 31 Dec 2009) - A federal court in Missouri has ruled in Amburgy v. Express Scripts, Inc., that a mere fear of identity theft following a data breach, even after the breached company received an extortion letter threatening public release of the confidential information, is insufficient to establish Article III standing and to state a negligence claim. The plaintiff filed a putative class action suit against a pharmacy benefit management company that suffered a breach of customers’ personal information and then received a letter threatening the public release of the information if the company did not pay the persons responsible for the breach. The plaintiff himself was not named in the extortion letter. Nor did he even allege that his personal information had been breached. Nevertheless, the plaintiff claimed that he and fellow class members feared an “increased risk of future injury” following the extortion threat and had to spend money monitoring their credit. The court found that the plaintiff still had not demonstrated a sufficiently concrete injury to satisfy standing requirements or to state a negligence claim, and strongly suggested that this would doom the plaintiff’s contract claims. http://www.steptoe.com/publications-6550.html Should a Case Go Webwide? (ABA Journal, 21 Dec 2009) - Shortly after oral arguments before the Philadelphia-based 3rd U.S. Circuit Court of Appeals, a marketer for the defense attorney launched a website dedicated to the wrongful-conviction appeal that included everything from court filings to information about the lawyer. The site has received more than 3,400 visitors since April, showing how a case-specific website can help raise the profile of smaller firms, according to Richard Lavinthal, owner of PRforLaw, a Morrisville, Pa.-based legal media relations consulting firm. He developed the site for New York City solo attorney Timothy J. McInnis. But such webpages raise concern among some legal ethicists and marketers, who say the sites could violate rules of professional conduct. Some also argue the marketing tool is inappropriate for a lawyer. http://www.abajournal.com/magazine/article/should_a_case_go_webwide Ghostnet and the Unclassified Crisis (excerpt from coming book by Stewart Baker, 21 Dec 2009) – [Editor: description of the introduction and workings of the surveillance botnet called GhostNet; this excerpt fails to mention that at least one law firm was fully penetrated, resulting in the apparent compromise of all clients files.] http://www.skatingonstilts.com/skating-on-stilts/2009/12/excerpt-7-from-chapter-6-moores-outlaws.html [Editor: some of this was alluded to in MIRLN 12.05; the seminal researcher’s report on GhostNet is here: ]http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network] Copyright Claim Based on Taping Fashion Show (THR Esq, 22 Dec 2009) - A women’s clothing company is suing Canadian Broadcasting Company after a reporter for the television station snuck into a New York fashion show without an invitation and taped the event. According to the complaint filed by Nygard International in New York district court late last week, members of the media who attended the show signed an agreement limiting their right to record the event and distribute footage without written approval. A CBC employee identifying himself as David Common and a cameraman allegedly evaded security and made an unauthorized recording. When asked to leave, the cameraman is said to have refused to go. The event was held on private premises, so one of the grounds for this complaint is trespass. More intriguing, perhaps, Nygard is also claiming that CBC violated the company’s copyright. We’re reminded of professional sporting league’s restrictions on the kind of audio-video content that news outlets can transmit from inside a sporting event. Some leagues even attempt to limit descriptions of an event. However, these events derive significant revenue from big TV rights licensing deals and broadcasters who show up with their own cameras potentially interfere with these licensing arrangements. In this case, Nygard makes the case that it was potentially damaged “because distribution of images of Plaintiff’s fashions prior to the release of those products in the marketplace could give Plaintiff’s competitors an unfair advantage and cause Plaintiff to lose control over its intellectual property, goodwill, and public image.” Fascinating argument, and leaving aside the hot question over the IP protection on fashion designs, it could be interesting to see what a court has to say in this case. Will companies be more aggressive in making copyright claims to protect public image going forward? http://www.thresq.com/2009/12/copyright-fashion-show-television.html [Editor: goes to audience members’ iPhone recording of for-fee CLE events, etc.] Background Checks For All With BeenVerified’s iPhone App (TechCrunch, 22 Dec 2009) - Back in September, we wrote about a new iPhone app that would allow you to run a background check on a new lover. It’s mildly creepy, but also kind of interesting. Unfortunately, that app, DateCheck, also charged an arm and a leg to run the checks. A new one gives you some background checking ability for free. The aptly named Background Check App does exactly what it says: Using data from the site BeenVerified, it allows you to do background checks on people via name queries or their email addresses. And it even allows you to check your contacts on your iPhone with just one click. Just imagine the fun that will bring. But it’s not all free fun. Unfortunately, you only get three free queries a week. After that, you’re prompted to sign up for a BeenVerified account and pay to get unlimited access. Currently, that will cost you $8-a-month. Beyond looking up things such as age, address history, and relatives, Background Check App gives you access to criminal records, the properties associated with a person (and their values), and even scans the social networks to find data about the person there, such as pictures of them. http://www.techcrunch.com/2009/12/22/background-check-iphone-app/ Drunk Drivers in Texas to Be Named on Twitter (Mashable.com, 25 Dec 2009) - Drunk driving in Montgomery County, Texas, this holiday season? Expect to see your name in Tweets, as the local district attorney’s office has vowed to name and shame drunk drivers on Twitter. The tactic, hoping to dissuade drunk drivers using the threat of public humiliation, will see DWI (Driving While Intoxicated) arrests documented on the @MontgomeryTXDAO Twitter account, owned by Montgomery County District Attorney, Brett Ligon. The idea was conceived by County Vehicular Crimes Prosecutor Warren Diepraam, and it’s not entirely new: the information is a matter of public record and some newspapers print the names of people charged with such crimes as a deterrent. Moving the practice to Twitter, however, is somewhat controversial: shaming people who have yet to be found guilty is a concept that some law bloggers are rallying against. http://mashable.com/2009/12/25/drunk-drivers-twitter/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Mashable+%28Mashable%29 No Private Right of Action to Enforce Connecticut Electronic Monitoring Statute (Daniel Schwartz, 29 Dec 2009) - The Connecticut Supreme Court, in a decision that will be officially released on January 5, 2010, has held that employees cannot bring a private right of action against employers that violate the state’s electronic monitoring statute. In Gerardi v. City of Bridgeport, two city fire inspectors were disciplined for improper job performance through the use of GPS devices, allegedly without the employees’ consent. They claimed that the employer violated Conn. Gen. Stat. 31-48d, which prohibits an employer from electronically monitoring an employee’s activities without prior notice, and sought injunctive relief and monetary damages. The employees claimed that even though the statute didn’t contain a private right of action, one should be implied. The Court disagreed. http://ow.ly/QMLm Long arm of law reaches into World of Warcraft (Kokomo Perspective, 31 Dec 2009) - The virtual world of online gaming seems like the perfect place to hide. There is plenty of anonymity, and it’s almost impossible for someone to trace activity back to its source, right? Wrong. Two weeks ago, Howard County Sheriff’s Department deputy Matt Roberson tracked down a wanted fugitive through one of the most popular games on the Internet — World of Warcraft. And he got his man. “We received information that this guy was a regular player of an online game, which was referred to as ‘some warlock and witches’ game,” said Roberson. “None of that information was sound enough to pursue on its own, but putting everything we had together gave me enough evidence to send a subpoena to Blizzard Entertainment. I knew exactly what he was playing — World of Warcraft. I used to play it. It’s one of the largest online games in the world.” Indeed, World of Warcraft is among the most popular online pastimes today, boasting more than 14 million players in dozens of countries — including Canada. But this is the Internet, and Blizzard is in California. Roberson’s subpoena was nothing more than a politely worded request, considering the limits of his law enforcement jurisdiction and the ambiguity of the online world. Blizzard did more than cooperate. It gave Roberson everything he needed to track down Hightower, including his IP address, his account information and history, his billing address, and even his online screen name and preferred server. From there it was a simple matter to zero in on the suspect’s location. “I did a search off the IP address to locate him,” said Roberson. “I got a longitude and latitude. Then I went to Google Earth. It works wonders. It uses longitude and latitude. Boom! I had an address. I was not able to go streetside at the location, but I had him.” Roberson and Rogers contacted the U.S. Marshals, who immediately notified the Royal Canadian Mounted Police and the Canadian Border Services Agency. According to Rogers, Canadian authorities located Hightower in Ottawa, Ontario, and arranged to have him deported. The marshals picked up the suspect in Minneapolis, and Howard County has until Jan. 5 to bring him back here to face charges. http://kokomoperspective.com/news/local_news/article_15a0a546-f574-11de-ab22-001cc4c03286.html Court’s Ruling Holds One Shiny Gift and One Lump of Coal for Employers (Steptoe & Johnson’s E-Commerce Law Week, 31 Dec 2009) - A federal district court in Idaho has ruled in Alamar Ranch, LLC, v. County of Boise that an employee waived the attorney-client privilege by communicating with her lawyer over her employer’s email system, where the employer had a clear policy of monitoring employee communications. Other courts have found reasons not to find a waiver under similar circumstances, so this ruling provides support for employers whose monitoring practices come under fire. But the court also found that other people who communicated with the employee and the lawyer simultaneously did not waive their privilege despite the monitoring policy. This part of the ruling could support claims against an employer by non-employees whose communications with an employee were monitored by the employer. http://www.steptoe.com/publications-6550.html Harnessing Free-Flowing Competitive Intelligence Through Social Media Sites (ABA’s LPM, December 2009) - The Web is a great resource for law firm competitive intelligence (CI). For years, law firm CI analysts have been watching the Web sites of prospective clients and competing firms for any information that can create a competitive advantage for their own firm. This includes monitoring competitor firms’ attorney rosters and tracking trends within other firms based on the publications, press releases and other information posted on their sites. Clients’ and prospective clients’ Web sites are tracked to identify new products, potential litigation issues, and changes within the companies that might enable a firm to capture new work. But for the CI analyst, the disadvantage has been that a lot of the information posted on traditional Web sites is so heavily filtered that it’s ultimately of very little value. The development of Web 2.0 technologies has changed things, however, creating an opportunity to monitor information that doesn’t go through a filter before publication. Resources like social networking sites, “Ning” communities, wikis and blogs encourage the free flow of information, and individuals who were once hidden behind the company’s firewall are conducting all kinds of online conversations outside those walls. For law firm CI analysis, the advent of Web 2.0 has ushered in a whole new era and expanded the abilities to find valuable information that could give the firm a competitive advantage. http://www.abanet.org/lpm/magazine/articles/v35/is7/pg26.shtml [Editor: quite interesting.] Whatever happened to Second Life? (PC Pro, 4 Jan 2010) - It’s desolate, dirty, and sex is outcast to a separate island. Barry Collins returns to Second Life to find out what went wrong, and why it’s raking in more cash than ever before. Three years ago, I underwent one of the most eye-opening experiences of my life – and I barely even left the office. I spent a week virtually living and breathing inside Second Life: the massively multiplayer online world that contains everything from lottery games to libraries, penthouses to pubs, skyscrapers to surrogacy clinics. Oh, and an awful lot of virtual sex. At its peak, the Second Life economy had more money swilling about than several third-world countries. It had even produced its own millionaire, Anshe Chung, who made a very real fortune from buying and selling property that existed only on Second Life servers. Three years on, and the hype has been extinguished. Second Life has seen its status as the web wonderchild supplanted by Facebook and Twitter. The newspapers have forgotten about it, the Reuters correspondent has long since cleared his virtual desk, and you can walk confidently around tech trade shows without a ponytailed “Web 2.0 Consultant” offering to put your company on the Second Life map for the price of a company car. http://www.pcpro.co.uk/features/354457/whatever-happened-to-second-life FTC set to examine cloud computing (The Hill, 4 Jan 2010) - The Federal Trade Commission (FTC) is investigating the privacy and security implications of cloud computing, according to a recent filing with the Federal Communications Commission. The FTC, which shares jurisdiction over broadband issues, says it recognizes the potential cost-savings cloud computing can provide. “However, the storage of data on remote computers may also raise privacy and security concerns for consumers,” wrote David Vladeck, who helms the FTC’s Consumer Protection Bureau. http://thehill.com/blogs/hillicon-valley/technology/74209-ftc-examining-cloud-computing Calif. Federal Judge OKs Posting of Prop 8 Trial to YouTube (Law.com, 7 Jan 2010) - Chief Judge Vaughn Walker made it clear Wednesday that he will forge ahead with televising the federal challenge to Prop 8. But he also signaled he doesn’t want to be the next Lance Ito. The trial, which begins on Monday, will be filmed by court personnel, Walker ruled, but it will not be broadcast live. Instead, the recording will be posted on a YouTube page at some point after the close of the day’s proceedings. Walker declined an offer from In Session (formerly Court TV) to broadcast live, with its own crew. http://www.law.com/jsp/article.jsp?id=1202437693425&rss=newswire&hbxlogin=1 Ohio Court Gives Criminals Another Reason to Love Their Smart (and Not-So-Smart) Phones (Steptoe & Johnson’s E-Commerce Law Week, 8 Jan 2010) - The Supreme Court of Ohio ruled last month in State v. Smith that the warrantless search of a cell phone seized incident to a lawful arrest is prohibited by the Fourth Amendment. The court refused to extend to cell phones the normal doctrine allowing police to search an arrestee’s person and containers found on or near him without obtaining a search warrant, holding that a cell phone is not a “closed container” because it does not hold other “physical objects.” The court also found that cell phones’ “ability to store large amounts of private data gives their users a reasonable and justifiable expectation of a higher level of privacy in the information they contain,” and that police therefore must “obtain a warrant before intruding into the phone’s contents.” http://www.steptoe.com/publications-6558.html Internet pirates find ‘bulletproof’ havens for illegal file sharing (The Guardian, 5 Jan 2010) – Internet pirates are moving away from safe havens such as Sweden to new territories that include China and Ukraine, as they try to avoid prosecution for illegal file sharing, according to experts. For several years, piracy groups that run services allowing music, video and software to be illegally shared online have been using legal loopholes across a wide range of countries as a way of escaping prosecution for copyright infringement. In the last year there has been a significant shift, say piracy experts, as the groups have worked to stay beyond the reach of western law enforcement. The change is rooted in the evolution of “bulletproof hosting”, or website provision by companies that make a virtue of being impervious to legal threats and blocks. Not all bulletproof services are linked to illegal activities, but they are popular among criminal groups, spammers and file-sharing services. Not every controversial service has fled beyond traditional jurisdictions, however. Some problematic hosts still exist in the US, such as the infamous host McColo, which was based in San Jose, California, and remained in operation until last year. Pirate Bay, after its brief excursion to Ukraine, is now run out of a Dutch data centre called CyberBunker, which is based in an old nuclear facility of the 1950s, about 120 miles south-west of Amsterdam. Research published last year showed that most bulletproof hosts are located in China, where criminals are able to take advantage of low costs and legal loopholes to avoid prosecution. http://www.guardian.co.uk/technology/2010/jan/05/internet-piracy-bulletproof NOTED PODCASTS The Rewilding: A Metaphor (IT Conversations; by Karl Schroeder; 24 July 2009) - Long ago, when we started using technology, we lacked the collective cognizance to define the limits we wanted to exercise control within, so we tried controlling everything. The notion of technological advancement was about the degree of control exercised over nature. However, the modern trend indicates an inversion of that philosophy. According to sci-fi author Karl Schroeder, the world is now reaching a point where we are learning when to let go, and that, he says, is working well. http://itc.conversationsnetwork.org/shows/detail4274.html and http://itc.conversationsnetwork.org/audio/download/ITC.oscon-Schroeder-2009.07.24.mp3 [Editor: 15 minute podcast, relevant to Web 2.0 debates about employer loss of control and threats from too much sharing (e.g., at 8m45s and the discussion about “organizational rewilding”. Talks about knowing when to control, and knowing when to leave alone. ONE STAR.] RESOURCES An E-Book Buyer’s Guide to Privacy (EFF, 21 Dec 2009) - As we count down to end of 2009, the emerging star of this year’s holiday shopping season is shaping up to be the electronic book reader (or e-reader). From Amazon’s Kindle to Barnes and Noble’s forthcoming Nook, e-readers are starting to transform how we buy and read books in the same way mp3s changed how we buy and listen to music. Unfortunately, e-reader technology also presents significant new threats to reader privacy. E-readers possess the ability to report back substantial information about their users’ reading habits and locations to the corporations that sell them. And yet none of the major e-reader manufacturers have explained to consumers in clear unequivocal language what data is being collected about them and why. As a first step towards addressing these problems, EFF has created a first draft of our Buyer’s Guide to E-Book Privacy. We’ve examined the privacy policies for the major e-readers on the market to determine what information they reserve the right to collect and share. http://www.eff.org/deeplinks/2009/12/e-book-privacy Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping (Congressional Research Service, 5 Dec 2009) - This report provides an overview of federal law governing wiretapping and electronic eavesdropping. It also appends citations to state law in the area and contains a bibliography of legal commentary as well as the text of the Electronic Communications Privacy Act (ECPA) and the Foreign Intelligence Surveillance Act (FISA). It is a federal crime to wiretap or to use a machine to capture the communications of others without court approval, unless one of the parties has given their prior consent. It is likewise a federal crime to use or disclose any information acquired by illegal wiretapping or electronic eavesdropping. Violations can result in imprisonment for not more than five years; fines up to $250,000 (up to $500,000 for organizations); in civil liability for damages, attorneys’ fees and possibly punitive damages; in disciplinary action against any attorneys involved; and in suppression of any derivative evidence. Congress has created separate but comparable protective schemes for electronic communications (e.g., e-mail) and against the surreptitious use of telephone call monitoring practices such as pen registers and trap and trace devices. Each of these protective schemes comes with a procedural mechanism to afford limited law enforcement access to private communications and communications records under conditions consistent with the dictates of the Fourth Amendment. The government has been given narrowly confined authority to engage in electronic surveillance, conduct physical searches, install and use pen registers and trap and trace devices for law enforcement purposes under the Electronic Communications Privacy Act and for purposes of foreign intelligence gathering under the Foreign Intelligence Surveillance Act. Two FISA provisions, born in the USA PATRIOT Act and dealing with roving wiretaps (section 206) and business records (section 215), are scheduled to expire on December 31, 2009. This report includes a brief summary of the expired Protect America Act, P.L. 110-55 and of the Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008, P.L. 110-261 (H.R. 6304). It is available in an abridged form without footnotes, quotations, or appendices as CRS Report 98-327, Privacy: An Abbreviated Outline of Federal Statutes Governing Wiretapping and Electronic Eavesdropping, by Gina Stevens and Charles Doyle. http://assets.opencrs.com/rpts/98-326_20091203.pdf The Growing Wave of Data Breach Litigation (Risk Management, December 2009) - Data breaches-the theft, loss or unintended exposure of personally identifiable information-have compromised hundreds of millions of personal records in recent years. In 2009, the trend continued with two of the largest breaches in history. In January, as many as 100 million credit card records were exposed when it was discovered that hackers broke into the network of credit card processor Heartland Payment Systems. And in October, the personal information of more than 70 million U.S. military veterans was compromised when an improperly erased hard drive was sent out for repair. These breaches, and others like them, only scratch the surface of the problem. A study by Gartner Inc. found that financial fraud affected 7.5% of all Americans in 2008, and data breaches spawned 19% of that fraud. The Identity Theft Resource Center (ITRC) reported that data breaches in 2008 increased by 47% over the previous year. And by November, the ITRC had reported more than 400 breaches affecting 220 million records in 2009-an amount of records nearly equal to the previous four years combined. Given the scope of the problem, it should be no surprise that data breaches have led to expensive litigation, including attempted class actions. So far, however, these actions have met with little legal success (as distinguished by sizable costs and settlements). But considering the scope of the risk, it would be wise for companies to be familiar with the important decisions in this area. http://www.rmmagazine.com/MGTemplate.cfm?Section=RMMagazine&NavMenuID=128&template=/Magazine/DisplayMagazines.cfm&IssueID=341&AID=4015&Volume=56&ShowArticle=1 FUN The Ten Best Viral Videos of the Decade (Salon.com, 26 Dec 2009) - Long ago — the 90s — the word “viral” applied strictly to illness, and we had only an inkling of how awesome it is to dance at weddings, defy gravity and laugh at the funny things cats and toddlers do. This decade changed that. Though we never want to hear words such as “Miss South Carolina,” “inspirational comedian“ or “Numa Numa“ again, and while we sometimes wonder if those hours spent engrossed in “Planet Unicorn“ were hours squandered, we fully cop to a deep, abiding love for viral video. And what’s not to love? It’s a few moments of the crazy, the joyous and the jaw-dropping plopped into our daily grind, minutes made all the sweeter for their “You have GOT to see this” power to bring people together. These are the ones that made us click Replay again and again. http://www.salon.com/mwt/feature/2009/12/26/decade_viral_video [Editor: my favorite is under Honorable Mentions – “Where the Hell is Matt”] LOOKING BACK - MIRLN TEN YEARS AGO LEGAL BRIEF: LAWYERS CLAIM CREDIT FOR AVERTING Y2K DISASTER—The gentle calendar change on 1 January 2000 having dashed the expectation that the legal community would cash in on a flood of liability lawsuits related to the Y2K computer problem, some lawyers are taking a little credit for saving the world from disaster. Ronald N. Weikers, an attorney who coauthored the book, “Litigating Year 2000 Cases,” says: ““Nobody is going to believe that lawyers are heroes in this case, but we had something to do with it. It’s clear to me and a lot of attorneys that by raising red flags in advance we helped avoid bigger problems down the road.” But Weikers hasn’t given up all hope for a little new business, and tells people who are smug about surviving January 1st that “they shouldn’t rest so assured. They should wait a few months. There’s going to be a flurry of activity.” (Washington Post 10 Jan 2000) http://www.washingtonpost.com/wp-dyn/business/A23690-2000Jan9.html Related blog posting from 8 Jan 2010: http://www.TheCorporateCounsel.net/Blog/2010/01/y2k-tcc-the-november-doc.html MIRLN 2010-01-08T22:05:00-07:00 http://www.knowconnect.com/mirln/article/mirln_29_november_19_december_2009_v1217/ http://www.knowconnect.com/mirln/article/mirln_29_november_19_december_2009_v1217/#When:23:35:00Z • Cyber breaches are a closely kept secret • Obama Wants Computer Privacy Ruling Overturned • Facebook’s Claim of Ownership of Posted Content Does Not Destroy CDA Immunity • EFF sues feds for info on social-network surveillance • Protecting Trademarks In Web 2.0 • Many More Government Records Compromised in 2009 than Year Ago, Report Claims • My K-12 Blind Spot • Google allows publishers to limit free content • Web ad group launches privacy education campaign • Google Wants to Speed Up the Web: Launches Its Own DNS Service o Redirecting DNS Requests Can Harm the Internet, Says ICANN • Risk Avoidance May Explain Why Big Firm Blogs Are Boring, Blogger Says • Yahoo Issues Takedown Notice for Spying Price List • Law profs say e-marriages expand couple’s rights • Local Governments Offer Data to Software Tinkerers • With Lure of Cash, M.I.T. Group Builds a Balloon-Finding Team to Take Pentagon Prize • See That Funny 2D Barcode In The Store Window? It Might Pull Up A Google Listing • New Smithsonian Collection Search • Florida: Judges Cannot be Facebook Friends with Litigants • TSA accidentally reveals airport security secrets • France to Digitize Its Own Literary Works • Amazon Auctions Cloud Computation • Court Finds Personal E-Mail Privileged Even if Sent From Work o Supreme Court to Review Employer Access to Worker Text Messages o Prosecutor’s E-Mail Sent to His Lawyer on a Work Account is Privileged, Court Says • Free App Offers iPhone CLE Courses With Built-In Verification • Ohio justices: Cell phone searches require warrant • App of the Week: Google’s Eyes on the Ground o Privacy fears force search giant to block facial recognition application on Google Goggles • Not Just Drones: Militants Can Snoop on Most U.S. Warplanes • EU Data Protection Meets U.S. Discovery NEWS | PODCASTS | RESOURCES | FUN | LOOKING BACK | NOTES Cyber breaches are a closely kept secret (Reuters, 24 Nov 2009) - Cybercriminals regularly breach computer security systems, stealing millions of dollars and credit card numbers in cases that companies keep secret, said the FBI’s top Internet crimes investigator on Tuesday. For every break-in like the highly publicized attacks against TJX Co (TJX.N) and Heartland Payment (HPY.N), where hacker rings stole millions of credit card numbers, there are many more that never make the news. “Of the thousands of cases that we’ve investigated, the public knows about a handful,” said Shawn Henry, assistant director for the Federal Bureau of Investigation’s Cyber Division. “There are million-dollar cases that nobody knows about.” Companies that are victims of cybercrime are reluctant to come forward out of fear the publicity will hurt their reputations, scare away customers and hurt profits. Sometimes they don’t report the crimes to the FBI at all. In other cases they wait so long that it is tough to track down evidence. “Keeping your head in the sand on filing a report means that the bad guys are out there hitting the next guy, and the next guy after that,” Henry said. He said the cybercrime problem has gotten bigger over the past three years because hackers have changed their attack methods as companies have tightened up security. “It’s absolutely gotten bigger, yes, absolutely,” he said. http://www.reuters.com/article/idUSTRE5AN4YH20091124 Obama Wants Computer Privacy Ruling Overturned (Wired, 25 Nov 2009) - The Obama administration is seeking to reverse a federal appeals court decision that dramatically narrows the government’s search-and-seizure powers in the digital age. Solicitor General Elena Kagan and Justice Department officials are asking the 9th U.S. Circuit Court of Appeals to reconsider its August ruling that federal prosecutors went too far when seizing 104 professional baseball players’ drug results when they had a warrant for just 10. The 9th U.S. Circuit Court of Appeals’ 9-2 decision offered Miranda-style guidelines to prosecutors and judges on how to protect Fourth Amendment privacy rights while conducting computer searches. Kagan, appointed solicitor general by President Barack Obama, joined several U.S. attorneys in telling the San Francisco-based court Monday that the guidelines are complicating federal prosecutions in the West. The circuit, the nation’s largest, covers nine states: Alaska, Arizona, California, Hawaii, Idaho, Montana, Nevada, Oregon and Washington. “In some districts, computer searches have ground to a complete halt,” the authorities wrote. “Many United States Attorney’s Offices have been chilled from seeking any new warrants to search computers.” (.pdf) The government is asking the court to review the case with all of its 27 judges, which it has never done. If the court agrees to a rehearing, a new decision is not expected for years, and the August decision would be set aside pending a new ruling. Either way, the U.S. Supreme Court has the final say. The controversial decision, which the government said was contrary to Supreme Court precedent, outlined new rules on how the government may search computers. (.pdf) http://www.wired.com/threatlevel/2009/11/obama-wants-computer-privacy-ruling-overturned/ Facebook’s Claim of Ownership of Posted Content Does Not Destroy CDA Immunity (Winston & Strawn, 30 Nov 2009) - The New York Supreme Court recently granted Facebook, Inc.’s motion to dismiss a pending defamation action because the court concluded that Facebook was immune from liability under the Communications Decency Act (“CDA”) as an interactive computer service. The plaintiff had alleged that four of her high school classmates created a Facebook group in which her classmates posted defamatory statements regarding the plaintiff. After Facebook moved to dismiss the case based upon CDA immunity, the plaintiff argued that because Facebook’s Terms of Use grant Facebook an ownership interest in the alleged defamatory content, CDA immunity is unavailable to Facebook. The court disagreed and concluded that ownership of posted content is irrelevant to a determination of whether CDA immunity should apply. The court held that as long as the defendant is an interactive computer service and the allegedly defamatory content is provided by a third party, the defendant is immune from liability under the CDA. http://www.winston.com/siteFiles/Publications/Facebook_Alert.html#page=1 EFF sues feds for info on social-network surveillance (CNET, 1 Dec 2009) - The Electronic Frontier Foundation sued the CIA, the U.S. Department of Defense, Department of Justice, and three other government agencies on Tuesday for allegedly refusing to release information about how they are using social networks in surveillance and investigations. The nonprofit Internet rights watchdog group formally asked more than a dozen agencies or departments in early October to provide records about federal guidelines on the use of sites like Facebook, Twitter, and Flickr for investigative or data gathering purposes, according to the lawsuit. The requests were prompted by published news reports about how authorities are using social networks to monitor citizen activities and aid in investigations. For example, according to the lawsuit, government officials have: used Facebook to hunt for fugitives and search for evidence of underage drinking; researched the activities of an activist on Facebook and LinkedIn; watched YouTube to identify riot suspects; searched the home of a social worker because of Twitter messages regarding police actions he sent during the G-20 summit; and used fake identities to trick Facebook users into accepting friend requests. http://news.cnet.com/8301-27080_3-10407224-245.html?part=rss&subj=news&tag=2547-1_3-0-5&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+CnetNewscomMobile+%28CNET+News.com+Front+Door%29 Protecting Trademarks In Web 2.0 (Law.com, 1 Dec 2009) - During the past decade and a half, the internet has grown from a small array of just a few thousand websites to a vast network of hundreds of millions of distinct sites, containing billions of web pages. Although the internet has presented a new frontier for both trademark use and infringement, the growth of social media sites during the past few years has posed particular challenges for brand owners. These sites, which include blogs, virtual worlds, marketplaces, image networks and relative newcomers such as Facebook and Twitter, allow users to interact with each other, effectively building a community. With this landscape changing so rapidly, the first challenge for brand owners is simply to keep up with the evolving technologies and platforms. After all, five years ago, Facebook was a small private network for students at educational institutions and Twitter did not even exist; today, these platforms are a part of the daily lives of millions of users. In order to properly protect their brands and trademarks, brand owners should first plan to conduct regular assessments of the available social networking and Web 2.0 sites, with an eye to determining how popular these sites may be with the brand’s target consumers and the ease of using these sites for infringement purposes. Whether or not brand owners plan to become active in these spaces in the short term, they should keep in mind that their employees and customers may already be avid users of social media. Therefore, brand owners should take care to develop detailed use policies, both for employees and for third parties who may become a part of the user community. These policies should address in what context (if any) employees and third parties are permitted to mention the company and brand name, and, especially, who is authorized to speak on behalf of the company or brand and what internal reviews must take place before content is posted that mentions or concerns a brand (i.e., a review by the company’s legal department or outside counsel). These policies should extend to affiliates and licensees, and should be an element of any legal agreements between the company and third parties regarding brand and trademark use. Although social media can provide many excellent marketing and promotional opportunities for brand owners, entering these spaces can require a large time and financial investment. Thus, brand owners should take care to ensure that they are using the optimal platforms that will build their brands and reach the desired community of users. First, an assessment of the consumer demographic is a critical element of this process. Brand owners should choose the platforms that will reach their target customers and should not feel the need to build a presence on every single available platform. In addition, before committing to a social media initiative, brand owners should keep in mind that users of social media expect regular content updates, and that setting up social media sites and profiles and then neglecting them may do more harm than not using these platforms at all. Any budget for social media should take into account the costs and human capital necessary to maintain and update the content. http://www.law.com/jsp/article.jsp?id=1202435924630&rss=newswire&hbxlogin=1 Many More Government Records Compromised in 2009 than Year Ago, Report Claims (Gov’t Technology, 2 Dec 2009) - If you’re bummed about the data in your department that just got breached, you have some cold comfort. Although the combined number of reported data breaches in the government and the military has dropped in 2009 compared to last year, many more records were compromised in those breaches, according to recent figures compiled by a California nonprofit. As of Tuesday, Dec. 1., the Identity Theft Resource Center (ITRC) reported 82 breaches in U.S. government and military organizations. Although the year isn’t over, that’s fewer than the 110 that occurred in 2008. But here’s the catch: The breaches so far in 2009 have compromised more than 79 million records, whereas fewer than 3 million were hacked in 2008. http://www.govtech.com/gt/articles/734214 My K-12 Blind Spot (InsideHigherEd, 2 Dec 2009) - We are a mixed LMS household. My 7th grader uses Moodle, I use Blackboard. Watching her use of Moodle to hand in her assignments, watch linked videos, download readings, participate in discussions and check her grades is a nightly reminder that utilization of educational technology is not restricted to the post-secondary world. Some of my daughter’s teachers make the sort of use of Moodle that would be a great model faculty members wanting to leverage their campus LMS. Embarrassingly, my knowledge of K-12 utilization of learning technology basically starts and ends from whatever my daughter does while at home. The primary/secondary and post-secondary educational technology communities don’t seem to overlap very much. I get my news from Inside Higher Ed and the Chronicle of Higher Education. EDUCAUSE, my professional organization, defines its mission in part “to advance higher education by promoting the intelligent use of information technology”. The blogs I read tend to be written by people working in higher ed. But in looking at how my daughter’s teachers use Moodle I can’t help to wonder what I’m missing. Is there a great deal of innovation around pedagogy and technology occurring in the K-12 world? What is the penetration of the Learning Management System (LMS) at the secondary level of education? What is the adoption curve? Are there practices in teacher training and support in learning technology that we can learn from and adopt at the college/university level? Does anyone know any good publications that cross the secondary / post-secondary divide? Are there a whole bunch of innovative and disruptive thinkers, writers, and bloggers in middle and high-schools that I don’t know about? http://www.insidehighered.com/blogs/technology_and_learning/my_k_12_blind_spot Google allows publishers to limit free content (AP, 2 Dec 2009) - Google Inc. is allowing publishers of paid content to limit the number of free news articles accessed by people using its Internet search engine, a concession to an increasingly disgruntled media industry. There has been mounting criticism of Google’s practices from media publishers — most notably News Corp. chairman and chief executive Rupert Murdoch — that argue the company is profiting from online news pages. In an official blog posted late Tuesday, Josh Cohen, Google’s senior business product manager, said the company had updated its so-called First Click Free program so publishers can limit users to viewing no more than five articles a day without registering or subscribing. Previously, each click from a user of Google’s search engine would be treated as free. “If you’re a Google user, this means that you may start to see a registration page after you’ve clicked through to more than five articles on the website of a publisher using First Click Free in a day ... while allowing publishers to focus on potential subscribers who are accessing a lot of their content on a regular basis,” Cohen said in the post. Cohen said that Google will also begin crawling, indexing and treating as “free” any preview pages — usually the headline and first few paragraphs of a story — from subscription websites. People using Google would then see the same content that would be shown free to a user of the media site and the stories labelled as “subscription” in Google News. http://news.yahoo.com/s/ap/20091202/ap_on_bi_ge/eu_google_free_news Web ad group launches privacy education campaign (Washington Post, 3 Dec 2009) - A group of leading Internet publishers and digital marketing services on Thursday launched an online campaign to educate consumers about how they are tracked and targeted for pitches on the Web. The Interactive Advertising Bureau, based in New York, unveiled its “Privacy Matters” Web site. The site explains how Internet marketers track where people go and what they do online and then mine that data to serve up targeted ads. The practice, known as behavioral advertising, has raised concerns among privacy watchdogs and lawmakers in Congress. A number of IAB members plan to run banner spots on their Web pages linking back to the Privacy Matters site. Those include Internet-only players such as Yahoo Inc. and Google Inc. and traditional media outlets such as Walt Disney Co. and The New York Times Co. The goal of the program, explained IAB Senior Vice President David Doty, is to describe “in plain English” how online advertising works. Among other things, the Privacy Matters Web site offers explanations of demographic targeting, interest group targeting and data-tracking files known as cookies. The site also informs consumers how they can control the information collected about them by changing their cookies settings. The new campaign is part of a broader self-regulatory push by the Interactive Advertising Bureau and other advertising trade groups that want to head off federal regulation. http://www.washingtonpost.com/wp-dyn/content/article/2009/12/03/AR2009120303517.html Google Wants to Speed Up the Web: Launches Its Own DNS Service (ReadWriteWeb, 3 Dec 2009) - Google just launched the Google Public DNS. Just like OpenDNS, Google Public DNS will allow users to bypass their ISPs Domain Name Servers (DNS). DNS servers are, in many respects, the backbone of the Internet. DNS allows you to type a domain name like http://www.senate.gov into a browser instead of a machine-readable IP number like http://156.33.195.33/. Google’s argues that it wants to give consumers an alternative to their ISPs’ DNS services in order to market the Internet “faster, safer and more reliable.” According to Google product manager Prem Ramaswami, the company’s engineers have been working to improve DNS over the last few months. Instead of performing DNS lookups on an ISP’s DNS server, Google will use its data-center and caching infrastructure to resolve these domain names. http://www.readwriteweb.com/archives/google_launches_google_public_dns_opendns_competitor.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+readwriteweb+%28ReadWriteWeb%29 [COMMENTARY: Michael Fleming, of Larkin Hoffman, comments: “I’ve been using OpenDNS for years. I like it for a number of reasons, including speed, reliability, as well as a sense that it’s less likely to get polluted by a hacker that might gain access to my ISP’s DNS (which, for most ISPs, is rather minimally monitored since they consider it automated, and hence a security risk for its users). If Google upholds those same principles, it’s OK by me. But… One concern is what happens when I type in a non-existent domain. It might just go blank or show a 404 error message. It might try to direct me to something that benefits Google (much akin to the highly complained about thing that NSI did a couple of years ago). It could be something in between, with a little bit of ads and some reasonable suggestions on what I might have meant to type in (which is what OpenDNS does now). Another concern is whether Google may try to influence the DNS by editing out domains it doesn’t like. OpenDNS, as well as most typical DNS providers, will not censor the DNS. Google could choose another policy. It might do so for admirable reasons (such as disabling access to known phishing sites), but that same thought could lead to less admirable reasons (such as disabling access to anonymous communication sites, or sites that a particular government doesn’t like, or the ability to go to bing.com, for example). * * * Done faithfully DNS is innocuous, but since it can be dangerous if misused we should not make decisions to switch lightly.” Another expert comments: “Another worry… DNS provides a centralized and low-bandwidth place for monitoring user behaviour. If you wanted to compile a database of IP addresses and the websites they visit, the DNS server is the best place to do it. Google openly engages in consumer monitoring via their ad and search services. I see no reason why they wouldn’t also retain DNS data.”] - and - Redirecting DNS Requests Can Harm the Internet, Says ICANN (PC World, 25 Nov 2009) - ICANN (Internet Corporation for Assigned Names and Numbers) on Tuesday condemned the practice of redirecting Internet users to a third-party Web site or portal when they misspell a Web address and type a domain name that does not exist. Rather than return an error message for DNS (Domain Name System) requests for nonexistent domains, some DNS operators send back the IP (Internet Protocol) address of another domain, a process known as NXDOMAIN substitution. http://www.pcworld.com/article/183135/redirecting_dns_requests_can_harm_the_internet_says_icann.html Risk Avoidance May Explain Why Big Firm Blogs Are Boring, Blogger Says (ABA Journal, 3 Dec 2009) - An inquiring blogger wants to know: Why are blogs associated with large law firms sometimes so boring, and why did so few appear in the ABA Journal’s Blawg 100? Blogger Mark Herrmann is a partner with Jones Day’s Chicago office who writes for the Drug and Device Law blog. He identified only two blogs on the ABA Journal list that are affiliated with large firms: his blog and SCOTUSblog. Herrmann says successful legal blogs can succeed in three ways: They can be the first source of news, such as the Wall Street Journal’s Law Blog. They can be written by extremely smart people who are paid to “sit around thinking great thoughts,” such as the law professors writing for the Volokh Conspiracy, Concurring Opinions or Prawfs Blog. Or they can have a voice, such as the blog Simple Justice. The voice thing can be a problem for law firm blogs, according to Herrmann, because it’s so risky. Blogging solo practitioners may have to field complaints about their posts, but no one can complain to their colleagues. “Not so for those of us in the AmLaw 200.” The result of risk avoidance: “You strip all humor and provocation out of your posts. You lose your voice. The posts are good. They’re informative. They’re lawyerly. But they’re boring; no one’s drawn to them.” http://www.abajournal.com/news/article/risk_avoidance_may_explain_why_big_firm_blogs_are_boring_blogger_says/?utm_source=feedburner&utm_medium=feed&utm_campaign=ABA+Journal+Daily+News&utm_content=Twitter Yahoo Issues Takedown Notice for Spying Price List (Wired, 4 Dec 2009) - Yahoo isn’t happy that a detailed menu of the spying services it provides law enforcement agencies has leaked onto the web. Shortly after Threat Level reported this week that Yahoo had blocked the FOIA release of its law enforcement and intelligence price list, someone provided a copy of the company’s spying guide to the whistleblower site Cryptome. The 17-page guide describes Yahoo’s data retention policies and the surveillance capabilities it can provide law enforcement, with a pricing list for these services. Cryptome also published lawful data-interception guides for Cox Communications, SBC, Cingular, Nextel, GTE and other telecoms and service providers. But of all those companies, it appears to be Yahoo’s lawyers alone who have issued a DMCA takedown notice to Cryptome demanding the document be removed. Yahoo claims that publication of the document is a copyright violation, and gave Cryptome owner John Young a Thursday deadline for removing the document. So far, Young has refused. Yahoo’s letter was sent on Wednesday, within hours of the posting of Yahoo’s Compliance Guide for Law Enforcement at Cryptome. In addition to copyright infringement, the letter accuses the site of revealing Yahoo’s trade secrets and engaging in “business interference.” According to the letter, disclosure of its surveillance services (.pdf) would help criminals evade surveillance. http://www.wired.com/threatlevel/2009/12/yahoo-spy-prices?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29 Law profs say e-marriages expand couple’s rights (SiliconValley.com, 6 Dec 2009) - A Boston couple wanting to wed under Louisiana’s covenant marriage law, or two New Orleans women seeking to wed in Massachusetts should be able to do so without leaving home, two law professors say. Michigan State University’s Adam Candeub and Mae Kuykendall have started the Legal E-Marriage Project, a clearinghouse for legislative proposals to establish “e-marriages.” “According to the team, the proposal refutes suggestions the state should get out of the marriage business and has the potential to alter the landscape of marriage culture wars,” Michigan State law school spokeswoman Katie Gallagher wrote on the school’s Web site. Candeub and Kuykendall said states should let couples marry under the laws of whatever place they chose. A couple’s physical presence in the state authorizing a marriage has never been a universal rule, the professors said. Couples long have married by proxy, mail and telephone. “The state needs to fight marital fraud, harness modern technology to make marriage more accessible and open its symbolic value to a variety of communities both online and off line,” Kuykendall said. At San Diego’s Thomas Jefferson Law School, professor Bryan Wildenthal called it a “groundbreaking, an innovative approach to the entire issue of how law should regulate family relationships.” Same-sex couples could marry in California under the laws of Massachusetts or Vermont, if the states enacted e-marriage provisions, Candeub and Kuykendall said. A couple’s home state would not necessarily have to recognize the marriage. http://www.siliconvalley.com/news/ci_13939808?nclick_check=1 Local Governments Offer Data to Software Tinkerers (New York Times, 6 Dec 2009) - A big pile of city crime reports is not all that useful. But what if you could combine that data with information on bars, sidewalks and subway stations to find the safest route home after a night out? Stamen Design put together the San Francisco Crimespotting site using information from the city’s police department. DC Bikes, which shows bike paths in the Washington area, and Stumble Safely, which shows the safest way to get home from bars at night there, were both developed using government data. In Washington, a Web site called Stumble Safely makes that possible. It is one example of the kind of creativity that cities are hoping to mobilize by turning over big chunks of data to programmers and the public. Many local governments are figuring out how to use the Internet to make government data more accessible. The goal is to spawn useful Web sites and mobile applications — and perhaps even have people think differently about their city and its government. “It will change the way citizens and government interact, but perhaps most important, it’s going to change the way elected officials and civil servants deliver programs, services and promises,” said Gavin Newsom, the mayor of San Francisco, which is one of the cities leading the way in releasing government data to Web developers. “I can’t wait until it challenges and infuriates the bureaucracy.” Advocates of these open-data efforts say they can help citizens figure out what is going on in their backyards and judge how their government is performing. But programmers have had trouble getting their hands on some data. And some activists and software developers wonder whether historically reticent governments will release data that exposes problems or only information that makes them look good. It is too early to say whether releasing city data will actually make civil servants more accountable, but it can clearly be useful. Even data about mundane things like public transit and traffic can improve people’s lives when it is packaged and customized in an accessible way — a situation that governments themselves may not be equipped to realize. A Web site called CleanScores, for instance, tracks restaurant inspection scores in various cities and explains each violation. After School Special combines data from San Francisco schools, libraries and restaurants so parents can plan after-school activities and see how children’s nutritional options compare by neighborhood. And Trees Near You, available for the iPhone, lets people identify trees on New York streets. By releasing data in easy-to-use formats, cities and states hope that people will create sites or applications that use it in ways City Hall never would have considered. http://www.nytimes.com/2009/12/07/technology/internet/07cities.html With Lure of Cash, M.I.T. Group Builds a Balloon-Finding Team to Take Pentagon Prize (New York Times, 6 Dec 2009) - A group of researchers at the Massachusetts Institute of Technology edged out about 4,300 other teams on Saturday in a Pentagon-sponsored contest to correctly identify the location of 10 red balloons distributed around the United States. The contest, which featured a $40,000 prize, was organized by the Defense Advanced Research Projects Agency, in an effort to develop new ways to understand how information is disseminated through social networks. The winning group, a small team at the M.I.T. Media Laboratory Human Dynamics Group led by a physicist, Riley Crane, took just eight hours and 56 minutes to complete the challenge. The balloons, which were 8 feet in diameter, were arrayed around the country. Some were in highly trafficked locations like Union Square in San Francisco; others were in more obscure places, like Katy Park, a baseball field in the Houston suburbs. The winning researchers, who specialize in studying human interactions that emerge from computer networks, set up a Web site asking people to join their team. They relied on visitors to the Web site to invite their friends. They also sent e-mail messages inviting people to participate and sent a small number of advertisements to mobile phones. They said that they would dole out the prize money both to chains of individuals who referred people who had correct information on the balloons’ locations and to charities. They described their method as a “recursive incentive structure.” http://www.nytimes.com/2009/12/07/technology/internet/07contest.html See That Funny 2D Barcode In The Store Window? It Might Pull Up A Google Listing (TechCrunch, 6 Dec 2009) - What if every store had a bar-code sticker on its window so that you could pull out your iPhone, wave it in front of the bar code and get all sorts of information about that business—the telephone number, photos, customer reviews? Starting on Monday, you’ll be able to do that at up to 190,000 local businesses throughout the U.S. Google has mailed out window stickers with two-dimensional bar codes (aka, QR codes) to the most-searched for or clicked-on businesses in its local business directory. Anyone with a QR code reader in their phone can scan it to call up a Google Mobile local directory page for one of these “Favorite Places,” which generally includes a map, phone number, directions, address, reviews, and a link to the store’s website. (It’s a mobile version of Google Places). Local businesses can also set up coupon offers through their Google directory page, which would turn the QR code into a mobile coupon, and help entice someone standing outside a store to come in: “If you found us on Google, you get 20% off.” Japan is already QR-crazy. Google wants the U.S. to be next. In conjunction with the QR code sticker roll-out, Google is also giving away 40,000 Quickmark QR Code Reader apps for the iPhone, which normally cost $1.99 apiece. But you can use any QR code reader. There are a bunch of free ones, some on Android phones as well. There are now over a million local businesses which have claimed their Google local listing, up from a few hundred thousand last summer. If these QR code stickers become popular in the U.S., it could encourage more small businesses to claim their listings and give Google cleaner data. http://www.techcrunch.com/2009/12/06/google-local-maps-qr-code/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29 New Smithsonian Collection Search (BeSpacific, 7 Dec 2009) - The Collections Search Center provides easy “one-stop searching” of more than 2 million of the Smithsonian’s museum, archives, library and research holdings and collections. The access to more Smithsonian collections via this Search Center is increasing over time. Collections currently available include: 265,900 images, video and sound files, electronic journals and other resources from the Smithsonian’s museums, archives & libraries.” http://www.bespacific.com/mt/archives/022958.html Florida: Judges Cannot be Facebook Friends with Litigants (Social Media Law Student, 9 Dec 2009) - Florida’s Judicial Ethics Advisory Committee responded to a few questions from one Florida judge about the use of social networking sites. The Committee found that judges cannot accept friend requests from litigants in their court. They take special care to note: “This opinion should not be interpreted to mean that the inquiring judge is prohibited from identifying any person as a “friend” on a social networking site. Instead, it is limited to the facts presented by the inquiring judge, related to lawyers who may appear before the judge. Therefore, this opinion does not apply to the practice of listing as “friends” persons other than lawyers, or to listing as “friends” lawyers who do not appear before the judge, either because they do not practice in the judge’s area or court or because the judge has listed them on the judge’s recusal list so that their cases are not assigned to the judge.” It’s pretty clear from this opinion that accepting a request on Facebook, LinkedIn and Myspace from a litigant in the judge’s court are out. The opinion does not just apply to those sites though: “Although Facebook has been used as an example in this opinion, the holding of the opinion would apply to any social networking site which requires the member of the site to approve the listing of a “friend” or contact on the member’s site, if (1) that person is a lawyer who appears before the judge, and (2) identification of the lawyer as the judge’s “friend” is thereafter displayed to the public or the judge’s or lawyer’s other “friends” on the judge’s or the lawyer’s page.” Any sites with a Facebook-like approach will obviously meet the criteria of this opinion. My question is: what about Twitter? If someone is protected on Twitter, they have to approve all followers. However, anybody can see which followers have been approved. So, does that constitute identification as a “friend” on the judge’s page? I think it very well might. You can read the full committee opinion, which also discusses campaign committees, here. http://socialmedialawstudent.com/featured/florida-judges-cannot-be-facebook-friends-with-litigants/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SocialMediaLawStudent+%28Social+Media+Law+Student%29 TSA accidentally reveals airport security secrets (Washington Post, 9 Dec 2009) - The Transportation Security Administration inadvertently revealed closely guarded secrets related to airport passenger screening practices when it posted online this spring a document as part of a contract solicitation, the agency confirmed Tuesday. The 93-page TSA operating manual details procedures for screening passengers and checked baggage, such as technical settings used by X-ray machines and explosives detectors. It also includes pictures of credentials used by members of Congress, CIA employees and federal air marshals, and it identifies 12 countries whose passport holders are automatically subjected to added scrutiny. TSA officials said that the manual was posted online in a redacted form on a federal procurement Web site, but that the digital redactions were inadequate. They allowed computer users to recover blacked-out passages by copying and pasting them into a new document or an e-mail. Current and former security officials called the breach troubling, saying it exposed TSA practices that were implemented after the Sept. 11, 2001, terrorist attacks and expanded after the August 2006 disruption of a plot to down transatlantic airliners using liquid explosives. Checkpoint screening has been a fixture of the TSA’s operations—as well as a lightning rod for public criticism of the agency’s practices. Stewart A. Baker, a former assistant secretary at the Department of Homeland Security, said that the manual will become a textbook for those seeking to penetrate aviation security and that its leaking was serious. “It increases the risk that terrorists will find a way through the defenses,” Baker said. “The problem is there are so many different holes that while [the TSA] can fix any one of them by changing procedures and making adjustments in the process . . . they can’t change everything about the way they operate.” Another former DHS official, however, called the loss a public relations blunder but not a major risk, because TSA manuals are shared widely with airlines and airports and are available in the aviation community. http://www.washingtonpost.com/wp-dyn/content/article/2009/12/08/AR2009120803206_pf.html France to Digitize Its Own Literary Works (New York Times, 14 Dec 2009) - President Nicolas Sarkozy pledged nearly $1.1 billion on Monday toward the computer scanning of French literary works, audiovisual archives and historical documents, an announcement that underscored his government’s desire to maintain control over France’s cultural heritage in an era of digitization. The French National Library announced in August that it was engaged in discussions with Google over the digitization of its collections, part of a global effort by Google to digitize the world’s literary works. This provoked an uproar among French officials and the publishing community here, and the discussions were suspended. “We won’t let ourselves be stripped of our heritage to the benefit of a big company, no matter how friendly, big or American it is,” Mr. Sarkozy said last week, apparently in a reference to Google. The money pledged Monday will finance a public-private partnership that will digitize the nation’s cultural works, Mr. Sarkozy said. Yet that partnership might well involve Google. “The question remains open,” said Bruno Racine, president of the National Library, in a telephone interview. He emphasized the “necessity of a partnership with the private sector” in order to secure the capital needed for vast digitization projects. He put the cost of digitizing the National Library’s collections, which include over 14 million books and several million other documents, at more than $1.5 billion. Those who opposed the National Library’s discussions with Google were concerned primarily with its “dominant place” in the digital market, he said, noting, “It’s not so much that it is a private company.” The French culture minister, Frédéric Mitterrand, met last week with David C. Drummond, a senior vice president and chief legal officer at Google, to express his concerns about a potential collaboration with the company. France has long regarded Google warily. In 2005, French and German leaders announced plans, since abandoned, to develop a multimedia search engine to be called Quaero — “I seek,” in Latin — seen by many as a direct challenge to the company. The French government has also urged the European Union to undertake its own book digitization project. http://www.nytimes.com/2009/12/15/world/europe/15france.html?_r=1 Amazon Auctions Cloud Computation (Information Week, 14 Dec 2009) - Amazon on Monday began offering its Amazon Elastic Compute Cloud (EC2) customers the chance to bid on unused computing capacity. The new purchasing model, called Spot Instances, allows Amazon Web Services (AWS) customers to place bids for computing power and have their jobs processed if their bid exceeds the fluctuating “Spot Price.” “The central concept in this new option is that of the Spot Price, which we determine based on current supply and demand and will fluctuate periodically,” explained Amazon CTO Werner Vogels in a blog post. “If the maximum price a customer has bid exceeds the current Spot Price then their instances will be run, priced at the current Spot Price. If the Spot Price rises above the customer’s bid, their instances will be terminated and restarted (if the customer wants it restarted at all) when the Spot Price falls below the customer’s bid. This gives customers exact control over the maximum cost they are incurring for their workloads, and often will provide them with substantial savings.” Vogels said that bids higher than the Spot Price are only charged at Spot Price rate. Jeff Barr, Amazon Web Services evangelist, explains in a blog post that Spot Instances can be particularly useful for low-priority work that can be deferred until computing demand and price are low. EC2 continues to offer two other pricing methods: On-Demand Instances, which are charged at a published rate, and Reserved Instances, pre-paid at a discounted rate for use up to three years later. Typical jobs for EC2 involve analyzing data sets, media file format conversion, or Web crawling for a search index, for example. Pharmaceutical giant Pfizer has been using AWS—EC2 and other services like S3, SQS, and SimpleDB—to model antibody behavior. http://www.informationweek.com/news/software/web_services/showArticle.jhtml?articleID=222001983&cid=RSSfeed_IWK_News Court Finds Personal E-Mail Privileged Even if Sent From Work (NLJ, 14 Dec 2009) - A federal prosecutor has won his fight to conceal e-mails he sent to his attorney over the government’s computers, contradicting a popular belief that employees have no expectation of privacy on work computers. The U.S. District Court for the District of Columbia ruled on Thursday that Assistant U.S. Attorney Jonathan Tukel had a reasonable expectation of privacy in those e-mails because federal prosecutors were allowed to use work e-mail for personal matters. Therefore, Tukel’s messages to his private lawyer sent from work are covered by the attorney-client privilege and can remain confidential. The party trying to get the e-mails is former federal prosecutor Richard Convertino, who lost his job after his convictions in a high-profile terrorism trial in Detroit were overturned in 2004 due to prosecutorial misconduct. Convertino, who believes he was retaliated against for blowing the whistle on incompetence in the Bush administration’s war on terror, is trying to find out who leaked confidential information about an investigation into his conduct to the Detroit Free Press. Convertino believes Tukel’s e-mails to his lawyer may shed some light on the matter. According to court documents, Tukel was the prosecutor in Detroit who reviewed Convertino’s cases, and he was “one of the original parties that initiated confidential personal matters” related to Convertino. Tukel has denied in an affidavit that he’s the source of the leak. But Convertino still wants the e-mails. He argued that Tukel had no privacy expectations in e-mails sent over a government computer. The court disagreed. “The DOJ maintains a policy that does not ban personal use of the company email. Although the DOJ does have access to personal emails sent through this account, Mr. Tukel was unaware that they would be regularly accessing and saving emails sent from his account. Because his expectations were reasonable, Mr. Tukel’s private emails will remain protected by the attorney-client privilege,” wrote Chief Judge Royce Lamberth. Tukel’s lawyer, James K. Robinson, a partner in the Washington office of Cadwalader, Wickersham & Taft, said the judge got it right—“Where someone who uses their company e-mail, whether with the Justice Department or someone else, intends the communication to be confidential and takes reasonable steps to ensure the confidentiality ... there is no waiver of the attorney-client privilege.” http://www.law.com/jsp/article.jsp?id=1202436284416&rss=newswire&hbxlogin=1 - and - Supreme Court to Review Employer Access to Worker Text Messages (Law.com, 15 Dec 2009) - The U.S. Supreme Court said Monday it will decide how much privacy workers have when they send text messages from company accounts. The justices said they will review a federal appeals court ruling that sided with California police officers who complained that the department improperly snooped on their electronic exchanges. The 9th U.S. Circuit Court of Appeals in San Francisco also faulted the text-messaging service for turning over transcripts of the messages without the officers’ consent. Users of text-messaging services “have a reasonable expectation of privacy” regarding messages stored on the service provider’s network, 9th Circuit Judge Kim Wardlaw said. Both the city and USA Mobility Wireless, Inc., which bought the text-messaging service involved in the case, appealed the 9th Circuit ruling. The justices turned down the company’s appeal, but said they would hear arguments next year in the city’s case. The appeals court ruling came in a lawsuit filed by Ontario police Sgt. Jeff Quon and three others after Arch Wireless gave their department transcripts of Quon’s text messages in 2002. Police officials read the messages to determine whether department-issued pagers were being used solely for work purposes. The city said it discovered that Quon sent and received hundreds of personal messages, including many that were sexually explicit. Quon and the others said the police force had an informal policy of not monitoring the usage as long as employees paid for messages in excess of monthly character limits. http://www.law.com/jsp/article.jsp?id=1202436331177&rss=newswire&hbxlogin=1 - and - Prosecutor’s E-Mail Sent to His Lawyer on a Work Account is Privileged, Court Says (ABA Journal, 15 Dec 2009) - A federal prosecutor’s e-mail to his own lawyer is privileged, even though he sent it from work on a government computer, a federal court has ruled. Because he is allowed to use his work e-mail account for personal communications, assistant U.S. Attorney Jonathan Tukel had a reasonable expectation of privacy in those personal communications, explains the U.S. District Court for the District of Columbia in a written opinion. And because there was a reasonable expectation of privacy, they are confidential attorney-client privileged documents. Another factor in the decision, according to the National Law Journal, is that Tukel wasn’t aware that the government had access to his account and might be looking at his personal e-mail. However, partner James Robinson of Cadwalader Wickersham & Taft, who represents Tukel, called for confidentiality of work e-mail communications to be generally recognized, when they are intended to be confidential. http://www.abajournal.com/news/article/e-mail_sent_to_lawyer_on_work_account_is_privileged_appeals_court_says/?utm_source=feedburner&utm_medium=feed&utm_campaign=ABA+Journal+Daily+News&utm_content=Twitter Free App Offers iPhone CLE Courses With Built-In Verification (ABA Journal, 15 Dec 2009) - Lawyers looking for continuing legal education credit can download a new app that allows them to find courses, listen to audio programs and access materials on their iPhone and iPod touch. Users can set up a free account at West LegalEdcenter to buy programs that can be downloaded using the free app, known as CLE Mobile, according to a Thomson Reuters press release. More than 2,000 audio courses are available. But don’t think that you can get credit just by downloading CLE programs. The app tracks and ensures that the program has played, and randomly verifies interaction in states that require the feature, according to West LegalEdcenter accreditation manager Gina Roers, writing at the center’s CLE Mobile blog. To verify attendance, a bell sounds during the program, and the lawyer has to tap “verify,” according to a CLE Mobile reference guide. When lawyers complete the programs, they can use the app to request CLE credit. A YouTube video shows a lawyer using the program while riding a train, at a coffeeshop and while taking a walk. The app is available from the App Store. http://www.abajournal.com/news/article/free_app_offers_iphone_cle_courses_with_built-in_verification/?utm_source=feedburner&utm_medium=feed&utm_campaign=ABA+Journal+Daily+News&utm_content=Twitter Ohio justices: Cell phone searches require warrant (Washington Post, 15 Dec 2009) - The Ohio Supreme Court said Tuesday police officers must obtain a search warrant before scouring the contents of a suspect’s cell phone, unless their safety is in danger. The American Civil Liberties Union of Ohio described the ruling as a landmark case. The issue appears never to have reached another state high court or the U.S. Supreme Court. The Ohio high court ruled 5-4 in favor of Antwaun Smith, who was arrested on drug charges after he answered a cell phone call from a crack cocaine user acting as a police informant. Officers took Smith’s cell phone when he was arrested and, acting without a warrant and without his consent, searched it. They found a call history and stored numbers that showed Smith had previously been in contact with the drug user. http://www.washingtonpost.com/wp-dyn/content/article/2009/12/15/AR2009121501903.html App of the Week: Google’s Eyes on the Ground (New York Times, 16 Dec 2009) - Google Goggles is a new free app for smartphones using the Android operating system. With its grab bag of features, the app is a bit hard to define. Goggles uses a phone’s camera for data entry, Web searching and shopping, with a little bit of augmented reality thrown in. Here’s how it works. You use your phone to take a photo of a building, artwork, a bar code or some text and Goggles identifies it and brings back Google search results. A photo of a book cover brought back links to where the book is sold online, reviews, a Wikipedia entry on the author and more. A picture of the exterior of a restaurant brings back reviews, links to the restaurant’s Web site and a link to call the place with one click. When the phone is held parallel to the ground, nearby points of interest, like businesses and restaurants, float by on the bottom of the screen in what is called augmented reality. http://www.nytimes.com/2009/12/17/technology/personaltech/17app.html?_r=1&scp=1&sq=google%20goggles&st=cse [Artwork? From museums or galleries? How cool would that be!] - but - Privacy fears force search giant to block facial recognition application on Google Goggles (Daily Mail, 14 Dec 2009) - Privacy concerns have forced Google to delay an expansion of its Goggles service which would have enabled camera-phone users to identify strangers on the street. The experimental Google Goggles application, which was launched last week, allows smart-phone users to search for subjects simply by snapping a picture of them. Users can focus their phone’s camera on an object and Google will try to match portions of the picture with the tens of millions of images in its database. But privacy campaigners have raised fears over the ‘ facial recognition’ potential of the service, which would allow users to track strangers through a photograph. Google, which has confirmed the technology is available but has yet to decide if it will be rolled-out as part of Goggles, has now confirmed that it is blocking aspects of the application until privacy implications have been fully explored. http://www.dailymail.co.uk/sciencetech/article-1235741/Google-Goggles-Search-giant-blocks-facial-recognition-picture-search-app-privacy-concerns.html Not Just Drones: Militants Can Snoop on Most U.S. Warplanes (DangerRoom, 17 Dec 2009) - Tapping into drones’ video feeds was just the start. The U.S. military’s primary system for bringing overhead surveillance down to soldiers and Marines on the ground is also vulnerable to electronic interception, multiple military sources tell Danger Room. That means militants have the ability to see through the eyes of all kinds of combat aircraft — from traditional fighters and bombers to unmanned spy planes. The problem is in the process of being addressed. But for now, an enormous security breach is even larger than previously thought. The military initially developed the Remotely Operated Video Enhanced Receiver, or ROVER, in 2002. The idea was let troops on the ground download footage from Predator drones and AC-130 gunships as it was being taken. Since then, nearly every airplane in the American fleet — from F-16 and F/A-18 fighters to A-10 attack planes to Harrier jump jets to B-1B bombers has been outfitted with equipment that lets them transmit to ROVERs. Thousands of ROVER terminals have been distributed to troops in Afghanistan and Iraq. But those early units were “fielded so fast that it was done with an unencrypted signal. It could be both intercepted (e.g. hacked into) and jammed,” e-mails an Air Force officer with knowledge of the program. In a presentation last month before a conference of the Army Aviation Association of America, a military official noted that the current ROVER terminal “receives only unencrypted L, C, S, Ku [satellite] bands.” So the same security breach that allowed insurgent to use satellite dishes and $26 software to intercept drone feeds can be used the tap into the video transmissions of any plane. The military is working to plug the hole — introducing new ROVER models that communicate without spilling its secrets. “Recognizing the potential for future exploitation the Air Force has been working aggressively to encrypt these ROVER downlink signals. It is my understanding that we have already developed the technical encryption solutions and are fielding them,” the Air Force officer notes. But it won’t be easy. An unnamed Pentagon official tells reporters that “this is an old issue that’s been addressed.” Air Force officers contacted by Danger Room disagree, strongly. “This is not a trivial solution,” one officer observes. “Almost every fighter/bomber/ISR [intelligence surveillance reconnaissance] platform we have in theater has a ROVER downlink. All of our Tactical Air Control Parties and most ground TOCs [tactical operations centers] have ROVER receivers. We need to essentially fix all of the capabilities before a full transition can occur and in the transition most capabilities need to be dual-capable (encrypted and unencrypted).” http://www.wired.com/dangerroom/2009/12/not-just-drones-militants-can-snoop-on-most-us-warplanes/ EU Data Protection Meets U.S. Discovery (Law.com, 18 Dec 2009) - As a result of an increase in U.S. lawsuits requiring the transfer of personal data from France to the United States, the French Data Protection Agency (CNIL) published a recommendation in August 2009, which is designed to offer guidance on data transfers in connection with U.S. civil discovery proceedings.[FOOTNOTE 1] The CNIL’s recommendation expands on the guidelines adopted by the body of European data protection agencies (the Article 29 Data Protection Working Party) in February 2009.[FOOTNOTE 2] EU member states increasingly enforce their data protection laws. For instance, in 2008, the Spanish data protection agency imposed fines amounting in total to €22.6 million. In France and other EU countries, companies are under pressure to comply with U.S. discovery requests, which frequently call for the production of personal data about employees, clients, or customers. The CNIL’s recommendation reflects a tension between a company’s obligation to respond to U.S. discovery requests and its obligation to comply with EU data protection laws. Because data protection laws pursue a legitimate interest and are increasingly enforced in Europe, courts and litigants in the U.S. should take them into account when ordering discovery abroad. * * * The CNIL indicates that, where a person in France engages in a “single and non-massive transfer” of data to the US, which is necessary or legally required for the establishment, exercise, or defense of legal claims, the company responding to the U.S. discovery request does not need to request the CNIL’s prior authorization, but should simply provide advance notice. By contrast, “massive and repeated” transfers of data require the CNIL’s authorization and are only lawful where (i) the recipient of personal data is an entity established in the U.S. that has subscribed to the Safe Harbor Scheme; (ii) the parties have adopted standard contract clauses issued by the European Commission; or (iii) the recipient has a set of strict and binding corporate rules in place providing an adequate level of protection of personal data. The CNIL does not provide guidance regarding the volume of data that would trigger the need for CNIL authorization. http://www.law.com/jsp/article.jsp?id=1202436660249&rss=newswire&hbxlogin=1 NOTED PODCASTS Rethinking Green (Stewart Brand, 9 Oct 2009) - Brand builds his case for rethinking environmental goals and methods on two major changes going on in the world. The one that most people still don’t take into consideration is that power is shifting to the developing world, where 5 out of 6 people live, where the bulk of humanity is getting out of poverty by moving to cities and creating their own jobs and communities (slums, for now). He noted that history has always been driven by the world’s largest cities, and these years they are places like Mumbai, Lagos, Dhaka, Sao Paulo, Karachi, and Mexico City, which are growing 3 times faster and 9 times bigger than cities in the currently developed world ever did. The people in those cities are unstoppably moving up the “energy ladder” to high quality grid electricity and up the “food ladder” toward better nutrition, including meat. As soon as they can afford it, everyone in the global South is going to get air conditioning. The second dominant global fact is climate change. Brand emphasized that climate is a severely nonlinear system packed with tipping points and positive feedbacks such as the unpredicted rapid melting of Arctic ice. Warming causes droughts, which lowers carrying capacity for humans, and they fight over the diminishing resources, as in Darfur. It also is melting the glaciers of the Himalayan plateau, which feed the rivers on which 40% of humanity depends for water in the dry season—the Indus, Ganges, Brahmaputra, Mekong, Irrawaddy, Yangtze, and Yellow. http://www.longnow.org/seminars/02009/oct/09/rethinking-green/ [Editor: This is fascinating, especially given that Brand is extremely thoughtful and credible. Has nothing to do with IT law, but worth your time anyway. 90-minute podcast; ONE-STAR] RESOURCES Disclosure, Deception and Deep-Packet Inspection: The Role of the Federal Trade Commision Act’s Deceptive Conduct Prohibitions in the Net Neutrality Debate (SSRN paper by Prof. Catherine Sandoval) - This Article examines a largely unexplored frontier in the “Net Neutrality” debate: the Federal Trade Commission (FTC) Act’s proscriptions against deceptive conduct as a legal limit on Internet Service Provider (ISP) discrimination against Internet traffic. ISP discrimination against certain types of Internet traffic has blossomed since 2005 when the Federal Communications Commission (FCC), with the Supreme Court’s blessing in NCTA v. Brand X and FCC, relieved ISPs from common-carrier regulations that prohibited discrimination and reclassified ISPs as “information service providers.” This Article argues that the Internet’s architecture and codes presumed common carriage, indicating that the Internet’s design and industry “self-regulation” cannot alone prevent ISPs who control access to the Internet’s physical layer from becoming its gatekeepers. The FTC and FCC must use their respective authority to police the gulf between ISP promises and practices, protect Internet users and competition, and safeguard the Internet itself as a source for innovation and a wide range of speech. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1516705 FUN Most Awesomely Bad Military Acronyms 7 (Danger Room, 1 Dec 2009) - It’s the most wonderful time of the year. Not because of some lame holiday. Because it’s time again for our Most Awesomely bad Military Acronyms (MAMAs). The defense and intelligence establishment is famous for stirring words into an insane alphabet soup of acronyms, abbreviations, and neologisms. For over a year, we’ve been on a quest to find the silliest, most agonizing MAMAs out there. Our latest batch has a heroic bent - the champions of mil-jargon, if you will. Behold! * Communications Electronic Attack with Surveillance And Reconnaissance. (CEASAR) * Game-theoretic Optimal Deformable Zone including Inertia with Local Approach (GODZILA) * Applied Research reGarding Operationally Novel And Unique Technologies (ARGONAUT) * Automated Low-Level Analysis and Description of Diverse Intelligence Video (ALADDIN) * Joint Counter Radio Controlled Improvised Explosive Device Electronic (JCREW) * Bioterrorism Operations Policy for Public Emergency/Chemoterrorism Operations Policy for Public Emergency (BOPPER/COPPER) http://www.wired.com/dangerroom/2009/11/most-awesomely-bad-military-acronyms-7/ LOOKING BACK - MIRLN TEN YEARS AGO HAS GOVERNMENT ENCRYPTION EXPORT POLICY FAILED?—Researchers at George Washington University’s Cyberspace Policy Institute are telling the Senate Commerce Committee that the most powerful encryption software is now widely accessible internationally, despite the Clinton Administration’s efforts to restrict the spread of “strong encryption” technology for fear it would be used by terrorists and criminals. But the U.S. has lost its monopoly on the mathematical algorithms underlying advanced encryption techniques, and 167 products now available internationally use algorithms that can not be decoded by even the largest and most sophisticated computers. (New York Times 10 Jun 99) http://www.nytimes.com/library/tech/99/06/biztech/articles/10code.html MIRLN 2009-12-18T23:35:00-07:00 http://www.knowconnect.com/mirln/article/mirln_8_28_november_2009_v1216/ http://www.knowconnect.com/mirln/article/mirln_8_28_november_2009_v1216/#When:06:57:00Z • Leaked ACTA Internet Provisions: Three Strikes and a Global DMCA • Federal Judge Calls Courtroom Tweets Banned Broadcasts Under Rule 53 • Consent Will be Required for Cookies in Europe o French Senate Issues New Legislation to Amend Data Protection Act: Provisions Include Breach Notice Obligation and Consent for Use of Cookies • Towards a “Privacy Privilege” to Oppose Discovery Requests? • Sticks and Stones – More about Online Reputation Management • Department of Interior Fails Cybersecurity Audit o NIST Drafts Cybersecurity Guidance • World Justice Project Rule of Law Index • Ninth Circuit Ruling Leads to Spike in Class Actions Over Text Messages from Retailers • Employers Win a Round in the Fight over whether Disloyal Employees are “Authorized” to Access Company Computers • Two German Killers Demanding Anonymity Sue Wikipedia’s Parent • W.Va. Supreme Court Opts for E-Mail Secrecy • International Activists Launch New Website to Gather and Share Copyright Knowledge • A Rush to Learn English by Cell • Twitter and the Learning Technology Stream • More Hackers Target Law Firms, Often ‘Spear Fishing’ in Spam E-Mail • Goal of New ABA Website: All the Federal Decisions that are Fit to Print o Bridging the Digital Divide: a New Vendor in Town? Google Scholar Now Includes Case Law o Google Scholar Legal Opinion and Journal Search, ABA LTRC Free Full-Text Law Review/Law Journal Search • Wow! Top Execs Say they are Influenced by Social Networks • In-Q-Tel Invests in Cybersecurity Company • DHS Critical Infrastructure Protection Website Launched • India Establishes Broad Interception, Data Retention, Cyber Security, and Website Blocking Requirements • Some Courts Raise Bar on Reading Employee Email • 200 Web Sites Spread al-Qaida’s Message in English • Military Video System is Like YouTube with Artillery • Memento: Protocol-Based Time Travel for the Web • A Look at Twitter’s Updated Privacy Policy • Law Firm Invokes Privacy Laws in Suing Rival over Search Engine Keywords • Levi’s is Paying Orrick a Flat Fee to Handle all but its IP Work • Wikileaks Releases over Half a Million Pager Messages from 9/11 • Google Profiles turn into OpenIds NEWS | RESOURCES | FUN | LOOKING BACK | NOTES LEAKED ACTA INTERNET PROVISIONS: THREE STRIKES AND A GLOBAL DMCA (EFF, 9 Nov 2009) - Negotiations on the highly controversial Anti-Counterfeiting Trade Agreement (ACTA) began last week in Seoul, Korea. The closed negotiations focused on “enforcement in the digital environment.” Negotiators discussed the Internet provisions drafted by the US government. No text has been officially released, but as Professor Michael Geist and IDG are reporting, leaks have surfaced. The leaks confirm everything we have feared about the secret ACTA negotiations. The Internet provisions have nothing to do with addressing counterfeit products but are all aimed at imposing a set of copyright industry demands on the global Internet, including obligations on ISPs to adopt Three Strikes Internet disconnection policies and a global expansion of DMCA-style TPM laws. For the leaked commission memo: http://www.michaelgeist.ca/content/view/4516/125/ https://www.eff.org/deeplinks/2009/11/leaked-acta-internet-provisions-three-strikes-and- FEDERAL JUDGE CALLS COURTROOM TWEETS BANNED BROADCASTS UNDER RULE 53 (ABA Journal, 9 Nov 2009) - A federal judge in Georgia has banned reporters from sending live-action tweets from his courtroom, saying that Twitter is a form of broadcasting and hence prohibited under Rule 53 of the Federal Rules of Criminal Procedure. But the ruling by U.S. District Judge Clay Land only extends as far as the courtroom door, suggests the Taking Liberties blog of CBS News: “All an intrepid spectator in Judge Clay Land’s courtroom apparently needs to do is write something inside the courtroom, and then step outside before pressing ‘send,’ “ the blog states. The Volokh Conspiracy provides a link to the judge’s four-page order (PDF), which was made last week in response to a request by a Columbus Ledger-Enquirer reporter to tweet about an upcoming trial. http://www.abajournal.com/news/federal_judge_calls_courtroom_tweets_banned_broadcasts_under_rule_53/ CONSENT WILL BE REQUIRED FOR COOKIES IN EUROPE (Out-Law.com, 9 Nov 2009) - A law that demands consent to internet cookies has been approved and will be in force across the EU within 18 months. It is so breathtakingly stupid that the normally law-abiding business may be tempted to bend the rules to breaking point. The fate of Europe’s cookie law became improbably entwined with a debate over file-sharing. To cut a long story short, it broke free. On 26th October, it was voted through by the Council of the EU. It cannot be stopped and awaits only the rubber-stamp formalities of signature and publication. The vote’s result was announced by way of a whisper. It featured at the tail end of an 18-page Council press release (PDF) that first had to address fishing quotas, train driving licences and a maritime treaty with China. I’m afraid we missed it. There was no attempt to bury this news – but the hushed tones of its reporting were consistent with the media attention it has received to date. There has been almost no fuss about this little law, despite the harm it could do to advertising, the lifeblood of online publishing. It also threatens to irritate all web users by appearing at every new destination like an over-zealous security guard. Here’s what’s coming. The now-finalised text says that a cookie can be stored on a user’s computer, or accessed from that computer, only if the user “has given his or her consent, having been provided with clear and comprehensive information”. An exception exists where the cookie is “strictly necessary” for the provision of a service “explicitly requested” by the user – so cookies can take a user from a product page to a checkout without the need for consent. Other cookies will require prior consent, though. So almost every site that carries advertising should be seeking its visitors’ consent to the serving of cookies. It also catches sites that count visitors – so if your site uses Google Analytics or WebTrends, you’re caught. You could seek consent with pop-ups, if you’re happy to ignore accessibility guidelines that discourage pop-ups – though users’ browsers may block pop-ups by default, which risks confusion. Or you could do it with a landing page that contains a load of information and some choices. The choices for users could be: * * * http://www.out-law.com/page-10510 [Spotted by MIRLN reader Michael Fleming of Larkin Hoffman.] - and - FRENCH SENATE ISSUES NEW LEGISLATION TO AMEND DATA PROTECTION ACT: PROVISIONS INCLUDE BREACH NOTICE OBLIGATION AND CONSENT FOR USE OF COOKIES (Hunton & Williams, 17 Nov 2009) - On November 6, 2009, the French Senate proposed a new draft law to reinforce the right to privacy in the digital age (“Proposition de loi visant à garantir le droit à la vie privée à l’heure du numérique”) (the “Draft Law”). Following a Report on the same topic issued last spring, the Senate made concrete proposals with this Draft Law to amend the Data Protection Act. The Draft Law requires that data controllers provide information on their data processing activities to their data subjects in a clear, specific and easily accessible manner. The data subjects would be able to exercise their right of access more easily, including by email. The Draft Law also distinguishes between the data subject’s right to object to the use of his/her personal data for commercial purposes and his/her right to delete his personal data after it has been processed. The Draft Law also proposes an increase in the obligations of data controllers. Organizations with more than fifty employees that either access or process the personal data are required to appoint a data protection officer. In addition to his obligation to inform the data subjects about a data processing activity, a data controller would have to obtain a data subject’s consent to process data (including for the use of cookies), except if a legal exception applies. Data controllers would also have to implement stronger security measures to preserve the security and confidentiality of personal data. In particular, in case of a data security breach, a data controller would have to notify the French data protection authority (“CNIL”), which would then decide whether to inform the data subjects concerned by this breach. Finally, passage of the law would increase the CNIL’s enforcement authority. Fines imposed by the CNIL for violations of the law would be increased to a maximum €600,000 (instead of the current €300,000). http://www.huntonprivacyblog.com/2009/11/articles/enforcement-1/french-senate-issues-new-legislation-to-amend-data-protection-act-provisions-include-breach-notice-obligation-and-consent-for-use-of-cookies/#page=1 TOWARDS A “PRIVACY PRIVILEGE” TO OPPOSE DISCOVERY REQUESTS? (White & Case, 10 Nov 2009) - On July 23, 2009, the French Data Protection Authority [Commission nationale de l’informatique et des libertés (“CNIL”)] released its Deliberation No. 2009-474 concerning recommendations for the transfer of personal data in the context of discovery in US litigation (the “Recommendation”). This Recommendation must be taken into account by all parties that find themselves in the position of transferring documents or other information containing personal data from France to the United States in the discovery or litigation context. In the Recommendation, the CNIL, a governmental agency whose stated goal is in particular to protect individuals with regard to the processing of their personal data in France, has wrestled with the threats posed to personal data privacy by discovery requests served in US civil and commercial litigation. The Recommendation was issued in response to “an increase in the number of matters concerning the transfer of personal data to the United States, filed principally either by French subsidiaries of American companies or by French companies that have commercial ties with the United States, in the context of ‘Discovery’ proceedings before American courts.” For those familiar with the CNIL’s prior Recommendations and privacy-friendly positions, this one will not come as a complete surprise; nonetheless, the Recommendation represents an important new authoritative statement regarding the defense of privacy rights in the discovery context. (The Recommendation does not apply to US criminal litigation or the investigations by governmental agencies.) http://www.whitecase.com/files/Publication/bb6e0abd-1b64-4110-8d9e-90262a7dc057/Presentation/PublicationAttachment/fb2a0260-3ad1-4f93-a550-966d2bb69a4b/alert_paris_IP_english.pdf#page=1 STICKS AND STONES – MORE ABOUT ONLINE REPUTATION MANAGEMENT (ABA’s LTRC, 10 Nov 2009) - When people are searching for information they are most likely to be using Google. According to Experian Hitwise, a global online competitive intelligence service, Google accounted for 71.08 percent of all U.S. searches conducted in September 2009. Therefore, Google’s Reputation Management Advice carries considerable weight. A lawyer’s reputation is his or her stock in trade; making this topic particularly relevant to the legal profession. Following is a collection of resources for lawyers regarding online reputation management: * * * http://new.abanet.org/sitetation/Lists/Posts/Post.aspx?ID=577 DEPARTMENT OF INTERIOR FAILS CYBERSECURITY AUDIT (Information Week, 10 Nov 2009) - The Department of the Interior inspector general has issued a report that’s sharply critical of the agency’s cybersecurity performance, concluding that its efforts fall short of federal government requirements. The recently issued report points to broad problems at the agency, from a decentralized IT organization to “fragmented governance processes.” It says that the agency has “substantially under-qualified” cybersecurity personnel and that its IT leadership hasn’t been as involved in cybersecurity as it should be. “Personnel responsible for management of the IT programs are not accountable for results, and existing investments are not leveraged to their full potential,” the report says. Interior has budgeted $182 million for cybersecurity this year and has 677 employees and contractors devoted to information security and another 3,531 with “significant” responsibilities in that area. The Department of Interior has CIOs for each of its large bureaus, and those CIOs are supposed to have responsibility for their organizations’ IT and cybersecurity. However, the inspector general found that responsibilities were delegated to smaller offices, resulting in inefficiencies and higher costs. The report describes IT and cybersecurity governance at the department as being inefficient, wasteful, and lacking accountability. It says that Interior has been cited for similar problems in the past by the inspector general and by the Government Accountability Office, but that recommendations for fixing the situation haven’t been applied. http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=221601054&cid=RSSfeed_IWK_News [Editor: anybody remember Corbell v. Norton? Fiduciary duty to protect information security?] - and - NIST DRAFTS CYBERSECURITY GUIDANCE (Information Week, 23 Nov 2009) - Draft guidance from the National Institute of Standards and Technology issued last week, pushes government agencies to adopt a comprehensive, continuous approach to cybersecurity, tackling criticism that federal cybersecurity regulations have placed too much weight on periodic compliance audits. The guidance, encapsulated in a draft revision to NIST Special Publication 800-37, will likely be finalized early next year. While federal agencies aren’t required to follow all of its recommendations, NIST is officially charged with creating standards for compliance with the Federal Information Systems Management Act, (FISMA), which sets cybersecurity requirements in government, so this guidance should at the very least be influential. The new document puts more onus on applying risk management throughout the lifecycle of IT systems. “This is part of a larger strategy to try to do more on the front end of security as opposed to just on the back end,” says NIST’s Ron Ross, who is in charge of FISMA guidance at the agency. “We don’t think of security as a separate undertaking, but as a consideration we make in our normal lifecycle processes.” Special Publication 800-37 fleshes out six steps federal agencies should take to tackle cybersecurity: categorization, selection of controls, implementation, assessment, authorization, and continuous monitoring. It improves on earlier guidance by emphasizing making rigorous cybersecurity part and parcel of the deployment and operation of IT systems. The document breaks out its cybersecurity guidance in several steps. http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=221900722&cid=RSSfeed_IWK_News WORLD JUSTICE PROJECT RULE OF LAW INDEX (BeSpacific, 11 Nov 2009) - “The Rule of Law Index is a new tool, created by the WJP [World Justice Project Rule], which measures countries’ adherence to the rule of law...The Rule of Law Index is the first index that examines the rule of law comprehensively. Other indices cover only aspects of the rule of law, such as human rights, commercial law, and corruption. Because the Index looks at the rule of law in practice and not solely as it exists on the books, the Index will be able to guide governments, civil society, NGOs and business leaders in targeting efforts to strengthen the rule of law.” http://www.bespacific.com/mt/archives/022774.html Index materials here: http://www.worldjusticeproject.org/rule-of-law-index NINTH CIRCUIT RULING LEADS TO SPIKE IN CLASS ACTIONS OVER TEXT MESSAGES FROM RETAILERS (Pillsbury, 11 Nov 2009) - In Satterfield v. Simon & Schuster, Inc., 569 F.3d 946 (9th Cir. 2009), the Ninth Circuit held that unsolicited text messages to mobile phones sent by a retailer may constitute a “call” in violation of the Telephone Consumer Protection Act (the “TCPA”). This decision has sparked an increase in consumer class actions filed against retailers who send advertisements to consumers by text message. http://www.pillsburylaw.com/siteFiles/Publications/C6477E2271CD58A3DA7F5B3CED5F6CF3.pdf#page=1 EMPLOYERS WIN A ROUND IN THE FIGHT OVER WHETHER DISLOYAL EMPLOYEES ARE “AUTHORIZED” TO ACCESS COMPANY COMPUTERS (Steptoe & Johnson’s E-Commerce Law Week, 12 Nov 2009) - A federal court in Missouri has weighed in on whether a disloyal employee’s use of his employer’s computer system is acting “without authorization” or “exceed[ing] authorized access,” in violation of the Computer Fraud and Abuse Act. As we’ve previously reported, courts have split on the issue, with many courts (notably the Ninth Circuit) holding that an employee who is permitted to access the system is not acting “without authorization” or in excess of authorization even if he is accessing the system for an illegitimate purpose, such as taking proprietary information to give to a competing firm. The court in Missouri, however, followed the Seventh Circuit’s decision in International Airport Centers, L.L.C., v. Citrin, which held that an employee loses authorization to access company computers when he acts to benefit his own interests, and not those of the company. http://www.steptoe.com/publications-6472.html TWO GERMAN KILLERS DEMANDING ANONYMITY SUE WIKIPEDIA’S PARENT (New York Times, 12 Nov 2009) - Wolfgang Werlé and Manfred Lauber became infamous for killing a German actor in 1990. Now they are suing to force Wikipedia to forget them. The legal fight pits German privacy law against the American First Amendment. German courts allow the suppression of a criminal’s name in news accounts once he has paid his debt to society, noted Alexander H. Stopp, the lawyer for the two men, who are now out of prison. Mr. Stopp has already successfully pressured German publications to remove the killers’ names from their online coverage. German editors of Wikipedia have scrubbed the names from the German-language version of the article about the victim, Walter Sedlmayr. Now Mr. Stopp, in suits in German courts, is demanding that the Wikimedia Foundation, the American organization that runs Wikipedia, do the same with the English-language version of the article. That has free-speech advocates quoting George Orwell. Floyd Abrams, a prominent First Amendment lawyer who has represented The New York Times, said every justice on the United States Supreme Court would agree that the Wikipedia article “is easily, comfortably protected by the First Amendment.” But Germany’s courts have come up with a different balance between the right to privacy and the public’s right to know, Mr. Abrams said, and “once you’re in the business of suppressing speech, the quest for more speech to suppress is endless.” The German law springs from a decision of Germany’s highest court in 1973, said Julian Höppner, a lawyer with the Berlin law firm JBB who has represented the Wikimedia Foundation, though not in this case. Publications generally comply with the law, Mr. Höppner said, by referring to “the perpetrator — or, Mr. L.” But with such a well-known case, he said, expunging the record “is difficult to accomplish — and, morally speaking, rightly so.” http://www.nytimes.com/2009/11/13/us/13wiki.html?_r=1 W.VA. SUPREME COURT OPTS FOR E-MAIL SECRECY (AP, 12 Nov 2009) - The state Supreme Court has ruled that public officials and public employees can keep their personal e-mails secret. The court ruled 4-1 Thursday that none of the 13 e-mails between former Supreme Court Chief Justice Elliott “Spike” Maynard and Massey Energy Chief Executive Don Blankenship are public records. The Associated Press had sued to gain access to the correspondence last year, when Massey had several cases pending before the high court. Kanawha County Circuit Court Judge Duke Bloom ruled that five of the e-mails were public, but that eight were not. Bloom reasoned that the five e-mails were public records because they touched on Maynard’s ultimately unsuccessful campaign in the Democratic primary, in which he ran against two of the justices now sitting on the court. The five e-mails were released after that ruling. But the Supreme Court ruled that Bloom was wrong to release those e-mails, and sent the case back to his court. Justice Margaret Workman was the lone dissenter. In writing for the majority, Justice Robin Davis said “None of the e-mails’ contents involved the official duties, responsibilities or obligations of Justice Maynard as a duly elected member of the court.” Davis’ opinion says that 12 of the e-mails “simply provided URL links to privately operated Internet Web sites that carried news articles,” while the 13th was an “agenda for a meeting being held by a private organization.” This description is not accurate. Of the five e-mails released by Bloom’s order, two contained links not to news articles, but to pages on the Web site of a Huntington law firm, along with comments Maynard wrote about the firm. One e-mail mocked the firm’s advertisements as “unbelievable,” while another slammed the firm for claiming that a fire at Massey’s Aracoma Alma Mine No. 1 that killed two miners could have been prevented. http://www.phillyburbs.com/news/news_details/article/92/2009/november/12/wva-supreme-court-opts-for-e-mail-secrecy.html INTERNATIONAL ACTIVISTS LAUNCH NEW WEBSITE TO GATHER AND SHARE COPYRIGHT KNOWLEDGE (EFF, 13 Nov 2009) - The Electronic Frontier Foundation (EFF), Electronic Information for Libraries (eIFL.net), and other international copyright experts joined together today to launch Copyright Watch—a public website created to centralize resources on national copyright laws at http://www.copyright-watch.org. “Copyright laws are changing across the world, and it’s hard to keep track of these changes, even for those whose daily work is affected by them,” said Teresa Hackett, Program Manager at eIFL.net. “A law that is passed in one nation can quickly be taken up by others, bilateral trade agreements, regional policy initiatives, or international treaties. With Copyright Watch, people can learn about the similarities and differences in national copyright laws, and they can use that information to more easily spot patterns and emerging trends.” Copyright Watch is the first comprehensive and up-to-date online repository of national copyright laws. To find links to national and regional copyright laws, users can choose a continent or search using a country name. The site will be updated over time to include proposed amendments to laws, as well as commentary and context from national copyright experts. Copyright Watch will help document how legislators around the world are coping with the challenges of new technology and new business models. https://www.eff.org/press/archives/2009/11/13 A RUSH TO LEARN ENGLISH BY CELL (Washington Post, 14 Nov 2009) - More than 300,000 people in Bangladesh, one of Asia’s poorest but fastest-growing economies, have rushed to sign up to learn English over their cellphones, threatening to swamp the service even before its official launch Thursday. The project, which costs users less than the price of a cup of tea for each three-minute lesson, is being run by the BBC World Service Trust, the international charity arm of the broadcaster. Part of a British government initiative to help develop English skills in Bangladesh, it marks the first time that cellphones have been used as an educational tool on this scale. Since cellphone services began in Bangladesh just over a decade ago, more than 50 million Bangladeshis have acquired phone connections, including many in remote rural areas. That far outnumbers the 4 million who have Internet access. English is increasingly seen as a key to economic mobility, especially as ever larger numbers of Bangladeshis go abroad to find work unavailable to them at home. An estimated 6.2 million Bangladeshis work overseas, and their nearly $10 billion in annual remittances represent the country’s second-largest source of foreign exchange. However, English is also important for securing jobs at home, where about 70 percent of employers look for workers with “communicative English.” Through its Janala service, the BBC offers 250 audio and text-message lessons at different levels—from basic English conversation to grammar and comprehension of simple news stories. Each lesson is a three-minute phone call, costing about 4 cents. http://www.washingtonpost.com/wp-dyn/content/article/2009/11/13/AR2009111304245.html TWITTER AND THE LEARNING TECHNOLOGY STREAM (InsideHigherEd, 15 Nov 2009) - Twitter is changing how I keep up with the educational technology world. I’m moving from relying on an RSS reader (I use Google Reader) to relying on Twitter subscriptions and hashtags. For the first time I’m wondering if Google should be worried about their core business model, as if my experience is any guide on how we use the Web to understand the world, may be moving away from search and more towards microblogging Twitter clients (I use Twhirl by Seesmic). At EDUCAUSE 09 Twitter was much debated (go watch the fabulous Campbell/Maas point/counterpoint) and extravagantly utilized for sharing and communication (see the #EDUCAUSE09 transcript). I’m pretty certain that Course Management Systems will start to build in Twitter capabilities and that hashtags will automatically be generated for each course. Tweeting will become a standard way for students and instructors to share information, thoughts and links around the course material. Many instructors will become comfortable incorporating and leveraging a Twitter-enabled backchannel to both in-class and out-of-class communication. Scanning the educational technology news stream via a Twitter client vs. relying on an RSS reader means that I look at content that has been recommended by a person. The learning technology community is small enough that I can pretty quickly begin to filter by reputation. If one person consistently links to material that I find useful and interesting then I’m more likely to click on her links. Rather then going to particular blogs, or presentations, or videos, or articles based on the title or site (as I do with an RSS reader), I go because of a colleague’s recommendation. This is a big change, and I’m still getting my head around this shift. My apologies for all those folks like Clay Shriky (and perhaps) you who understood (and blogged about) the implications of microblogging and social media a long time ago. I feel like I’m sort of coming late to this bandwagon. My conversion to information gathering by Twitter client has me wondering about the need to explore this method in course design, faculty training, and student information literacy.http://www.insidehighered.com/blogs/technology_and_learning/twitter_and_the_learning_technology_stream MORE HACKERS TARGET LAW FIRMS, OFTEN ‘SPEAR FISHING’ IN SPAM E-MAIL (ABA Journal, 16 Nov 2009) - Computer hackers are targeting law firms as a potential motherlode of confidential information, often relying on “spear fishing” attacks in which personalized spam e-mail appears to come from a trusted individual. While the e-mail itself doesn’t pose a danger, clicking on a link within the e-mail can invite malicious software into the law firm’s computer system. The trend of focusing hack attacks on law firms began two years ago, according to a FBI advisory, but there has been a “noticeable increase” recently, reports the Associated Press. Law firms representing client corporations that are negotiating major international deals are particularly inviting targets. “Law firms have a tremendous concentration of really critical, private information,” says Bradford Bleier of the FBI’s cyber division. Hence, sneaking into their computer systems “is a really optimal way to obtain economic, personal and personal security-related information.” http://www.abajournal.com/news/more_hackers_target_law_firms_often_spear-fishing_in_spam_e-mail/?utm_source=feedburner&utm_medium=feed&utm_campaign=ABA+Journal+Daily+News&utm_content=Twitter [The FBI advisory is here: http://files.knowconnect.com/public/cyber_advisory.pdf; it was published by the FBI on November 1 entirely without fanfare, and only picked up by the AP after Mr. Bleier talked about it at an ABA meeting on November 13.] GOAL OF NEW ABA WEBSITE: ALL THE FEDERAL DECISIONS THAT ARE FIT TO PRINT (ABA Journal, 17 Nov 2009) - Want to know more about a 9th Circuit opinion on the First Amendment rights of a citizen ejected from a city council meeting for giving a Nazi salute? Or the 5th Circuit opinion allowing a Halliburton employee to sue over her alleged rape in Iraq? You can find those opinions summarized on the new Media Alerts on Federal Courts of Appeals website. Students and professors at four law schools are choosing the opinions most likely to be of interest to journalists and the public for the pilot project, sponsored by the ABA Standing Committee on Federal Judicial Improvements. The website, which officially launches on Wednesday, now covers the U.S. Courts of Appeals for the 3rd, 5th and 9th Circuits. The plan is to add eventually all of the circuits. Judge M. Margaret McKeown of the 9th Circuit, a special adviser to the project, says the idea for the website grew out of some discussions between judges and journalists at a meeting at the First Amendment Center earlier this year. About 60,000 cases are filed every year in the federal courts of appeals, McKeown told the ABA Journal. “Most courts have very good websites, but there is a lot of information out there, so this provides a special niche,” she says. “There is a certain needle-in-the-haystack element for someone to go through them every day in every jurisdiction of interest to find cases.” “Our view is that fair and accurate reporting about the courts is important, both for the public and also in order to emphasize judicial independence,” says McKeown, whose three-year term as chair of the ABA Standing Committee on Federal Judicial Improvements ended in August. Law schools working on the project are the University of Texas School of Law, Temple University Beasley School of Law, the University of Arizona James E. Rogers College of Law, and the University of San Diego School of Law. http://www.abajournal.com/news/goal_of_new_aba_website_all_the_federal_decisions_that_are_fit_to_print/?utm_source=feedburner&utm_medium=feed&utm_campaign=ABA+Journal+Daily+News - and - BRIDGING THE DIGITAL DIVIDE: A NEW VENDOR IN TOWN? GOOGLE SCHOLAR NOW INCLUDES CASE LAW (LLRX, 18 Nov 2009) - An unexpected salvo was fired in the battle to bring case law to the consumer today by none other than Web search giant, Google. The announcement that Google Scholar would now allow for precedent searches set the internet and legal world a buzz. With law firms still being battered by the struggling economy, Google’s move is opportune. Legal researchers are hungry for low cost alternatives to the industry’s major players. Just how Google’s new case offerings and functionality will stack up remains to be seen. Will it be a revolution in the world of case research or just another case of getting for what we pay (or don’t pay, as it may be)? Google is taking on the old adage that ignorance of the law is not a defense when running afoul of it. Its announcement clearly targeted the average person, promising to enable “people everywhere to find and read full text legal opinions from U.S. federal and state district, appellate and supreme courts.” What it may lack in the wide breadth of coverage we have come to expect from major vendors like Westlaw and Lexis, Google makes up for with the simple, popular, and widely-used power of its search engine. Folks who have never touched the other major vendors have almost certainly “googled” something. Thus, though new to the law scene, Google’s brand and familiarity could make it a formidable foe to the industry elite. Searching for case law on Google is simple and versatile. You can search by case name, topic, or even phrase (“separate but equal” is the example they use). All you need to do is go to Google Scholar (http://scholar.google.com) and click the new radio button for “Legal opinions and journals”. It is just that easy. But what of the results? How do they compare to what we in the legal community are accustomed? A simple test of the new search might just surprise you. Take a case like Bowers v. Hardwick, for example - seminal, controversial, and heavily cited. Run it’s name through the Google Scholar search. What you get is almost overwhelming. Yes your search results will return the text of the decision. But that is not all. Decisions, in this case Bowers, can come with official citations and pagination. Key factors for anyone writing and citing to the case. The cases cited in the body of the decision, if Google has them, actually show up as clickable links. That should give the major vendors pause! But this is STILL not all Google Scholar has to offer. If there are legal journals that cite the case you have searched and Google has them, you will see them in your search. By clicking the “How Cited” link next to the case name on the results page, you can see how the document has been cited, where it has been cited, and other related cases. Searching for Bowers brings up a list of cases that have been seminal in the area of privacy rights, for example. Even the footnotes are clickable links! Suffice it to say that Google is on to something really good here. http://www.llrx.com/featres/googlescholarcaselaw - and - GOOGLE SCHOLAR LEGAL OPINION AND JOURNAL SEARCH, ABA LTRC FREE FULL-TEXT LAW REVIEW/LAW JOURNAL SEARCH (ABA’s LTRC, 19 Nov 2009) - Google officially announced adding legal opinion and journal search features to Google Scholar this week, following the ABA Legal Technology Resource Center’s announcement of the release of a free full-text online law review/law journal search engine created using Google Custom Search. What are some differences between the two search engines? Google Scholar legal searches often return a large number of fee-based journal sites and cannot currently be limited to searching free sources only; the LTRC search engine is designed to search free full-text sites. Google Scholar legal searches often return a mix of legal opinions and journal articles and cannot currently be limited to searching journals only; the LTRC search engine is designed to search only law review, law journal, and related article sites. Google Scholar’s options for searching legal opinions are more developed than those for searching legal journals. Searches can be limited to legal opinions and by jurisdiction through the Google Scholar Advanced Search interface. The legal opinions linked to in the search results are free full-text and include pagination. Google Scholar includes a citator feature for legal opinions: clicking on a “How cited” link appearing next to an opinion in the search results leads to a page which displays text snippets from citing paragraphs in citing opinions (no editorial analysis such as treatment is given). “Cited by” and “Related documents” links display lists of citing and related opinions and articles. Information regarding coverage of Google Scholar’s legal opinion database can be found at http://scholar.google.com/intl/en/scholar/help.html under the heading “Which court opinions do you include?” For more legal opinion-related information on the web, also see the ABA Standing Committee on Federal Judicial Improvements’ new Media Alerts on Federal Courts of Appeals website, which features case summaries and information on selected Federal Courts of Appeals cases. http://new.abanet.org/sitetation/Lists/Posts/Post.aspx?ID=581 WOW! TOP EXECS SAY THEY ARE INFLUENCED BY SOCIAL NETWORKS (ZDnet, 18 Nov 2009) - This new research study from the Society for New Communications Research (SNCR) is important because it shows that company executives are influenced by their online networks. And the trend is growing. The influence on business decisions by online communities is at its highest in three years. The research was conducted by Don Bulmer from SAP and Vanessa DiMauro. Here are some key findings from this survey 365 business professionals: Professional decision-making is becoming more social - enter the era of Social Media Peer Groups (SMPG) • Traditional influence cycles are being disrupted by Social Media as decision makers utilize social networks to inform and validate decisions • Professionals want to be collaborative in the decision-cycle but not be marketed or sold to online; however online marketing is a preferred activity by companies. Professional networks are emerging as decision-support tools • Decision-makers are broadening reach to gather information especially among active users Professionals trust online information almost as much as information gotten from in-person • Information obtained from offline networks still have highest levels of trust with slight advantage over online (offline: 92% - combined strongly/somewhat trust; online: 83% combined strongly/somewhat trust) Reliance on web-based professional networks and online communities has increased significantly over the past 3 years • Three quarters of respondents rely on professional networks to support business decisions • Reliance has increased for essentially all respondents over the past three years Social Media use patterns are not pre-determined by age or organizational affiliation • Younger (20-35) and older professionals (55+) are more active users of social tools than middle aged professionals. • There are more people collaborating outside their company wall than within their organizational intranet. http://blogs.zdnet.com/Foremski/?p=953 IN-Q-TEL INVESTS IN CYBERSECURITY COMPANY (Information Week, 18 Nov 2009) - The independent venture arm of the U.S. intelligence community, In-Q-Tel, has invested in cybersecurity company FireEye, the company announced Wednesday. In-Q-Tel and FireEye didn’t disclose terms of the agreement, or which intelligence agencies are particularly interested in the technology. However, in a release, they said that the investment “will extend FireEye’s cyber security product development and stealth malware technical capabilities to protect against cyber threats.” The intelligence community has a clear interest in cybersecurity investment. At a conference earlier this month, deputy secretary of defense William Lynn said that more than 100 foreign intelligence agencies are actively trying to hack into federal government systems. The NSA recently announced plans to build a $1.5 billion cybersecurity data center in Utah. California-based FireEye sells an out-of-band security appliance that monitors all inbound network traffic, employing a blend of signatures and heuristics to analyze traffic for evidence of suspicious behavior. After identifying suspicious traffic, the appliance captures and replays the traffic on virtual machines running in the appliance, which imitate real PCs. If those PCs are compromised, FireEye alerts administrators. By routing the traffic to a virtual machine, FireEye claims it is able to mitigate false positives. The virtual machines are invisible to the customer’s production network. FireEye claims that its products are especially useful for protection against zero-day malware attacks and botnets. http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=221900133&cid=RSSfeed_IWK_News DHS CRITICAL INFRASTRUCTURE PROTECTION WEBSITE LAUNCHED (BeSpacific, 18 Nov 2009) - The nation’s critical infrastructure and key resources (CIKR) include systems and assets, whether physical or virtual, so vital to the United States that their incapacitation or destruction would have a debilitating impact on national security, national economic vitality, or public health and safety. Ensuring CIKR resiliency and protection is essential to our security and way of life. The Department’s Office of Infrastructure Protection leads the coordinated national effort to build resiliency and reduce and mitigate risk across the 18 CIKR Sectors, which include such key areas as food and water, energy, communications and transportation systems, and emergency services. Since the vast majority of the nation’s critical infrastructure is privately owned and operated, strong partnerships between government and private industry are essential to achieve these shared goals.” See also the new CIKR Resource Center, “which includes information about how to sign up for free Web-based seminars on the tools, trends, issues, and best practices for infrastructure protection and resilience; resources concerning potential vulnerabilities for chemical facilities; and details about the National Response Framework, which outlines guidance for all response partners to prepare for and provide a unified response to disasters and emergencies.” http://www.bespacific.com/mt/archives/022838.html and http://training.fema.gov/EMIWeb/IS/IS860a/CIKR/CIKRintro.htm INDIA ESTABLISHES BROAD INTERCEPTION, DATA RETENTION, CYBER SECURITY, AND WEBSITE BLOCKING REQUIREMENTS (Steptoe & Johnson’s E-Commerce Law Week, 19 Nov 2009) - India’s Information Technology (Amendment) Act, 2008, came into effect at the end of last month, instituting significant new requirements governing the interception and decryption of communications, access to stored data, data retention, cyber security, and website blocking. The law also appears to authorize the government to restrict what encryption may be used in India. Regulations implementing many of these requirements have already been “notified,” while other key regulations remain to be issued. Communications providers and other companies that do business in India thus will have to satisfy burdensome new requirements, and may be faced with even more significant restrictions in the near future. http://www.steptoe.com/publications-6482.html SOME COURTS RAISE BAR ON READING EMPLOYEE EMAIL (WSJ, 19 Nov 2009) -Big Brother is watching. That is the message corporations routinely send their employees about using email. But recent cases have shown that employees sometimes have more privacy rights than they might expect when it comes to the corporate email server. Legal experts say that courts in some instances are showing more consideration for employees who feel their employer has violated their privacy electronically. Driving the change in how these cases are treated is a growing national concern about privacy issues in the age of the Internet, where acquiring someone else’s personal and financial information is easier than ever. “Courts are more inclined to rule based on arguments presented to them that privacy issues need to be carefully considered,” said Katharine Parker, a lawyer at Proskauer Rose who specializes in employment issues. In past years, courts showed sympathy for corporations that monitored personal email accounts accessed over corporate computer networks. Generally, judges treated corporate computers, and anything on them, as company property. Now, courts are increasingly taking into account whether employers have explicitly described how email is monitored to their employees. That was what happened in a case earlier this year in New Jersey, when an appeals court ruled that an employee of a home health-care company had a reasonable expectation that email sent on a personal account wouldn’t be read. And last year, a federal appeals court in San Francisco came down on the side of employee privacy, ruling employers that contract with an outside business to transmit text messages can’t read them unless the worker agrees. The ruling came in a lawsuit filed by Ontario, Calif., police officers who sued after a wireless provider gave their department transcripts of an officer’s text messages in 2002. The case is on appeal to the U.S. Supreme Court. Lawyers for corporations argue that employers are entitled to take ownership of the keystrokes that occur on work property. In addition, employers fear productivity drops when workers spend too much time crafting personal email messages. http://online.wsj.com/article/SB125859862658454923.html?mod=article-outset-box [Spotted by MIRLN reader Mathew Lodge of Symantec.] 200 WEB SITES SPREAD AL-QAIDA’S MESSAGE IN ENGLISH (Washington Post, 20 Nov 2009) - Increasing numbers of English-language Web sites are spreading al-Qaida’s message to Muslims in the West. They translate writings and sermons once largely out of reach of English readers and often feature charismatic clerics like Anwar al-Awlaki, who exchanged dozens of e-mails with the Army psychiatrist accused of the Fort Hood shootings. “If you look at the most influential documents in terms of homegrown terrorism cases, it’s not training manuals on building bombs,” Kohlmann said. “The most influential documents are the ones that are written by theological advisers, some of whom are not even official al-Qaida members.” Most of the radical Islamic sites are not run or directed by al-Qaida, but they provide a powerful tool for recruiting sympathizers to its cause of jihad, or holy war, against the United States, experts who track the activity said. The number of English-language sites sympathetic to al-Qaida has risen from about 30 seven years ago to more than 200 recently, said Abdulmanam Almushawah, head of a Saudi government program called Assakeena, which works to combat militant Islamic Web sites. In contrast, Arabic-language radical sites have dropped to around 50, down from 1,000 seven years ago, because of efforts by governments around the world to shut them down, he said. http://www.washingtonpost.com/wp-dyn/content/article/2009/11/19/AR2009111903570.html MILITARY VIDEO SYSTEM IS LIKE YOUTUBE WITH ARTILLERY (Wired, 20 Nov 2009) - Making footage shareable and searchable online has sparked a revolution in the cute animal, stupid human, and delicious tamale communities. New software just might mean a similar upgrade for military video intelligence: Think of it as a real-time YouTube with heavy artillery. The release of the new version has just been announced. The U.S. military’s Task Force ODIN demonstrated the effectiveness of combining the video inputs from networked drones, aircraft and helicopters. When a roadside bomb went off, the team could wind back the video to see who planted it — and where they went. ODIN allegedly assisted in the takedown of thousands of insurgents in Iraq; their counterparts are starting work in Afghanistan. The process of handling, archiving and then searching through a large number of video feeds is a challenging one. That’s one of the reasons why something like YouTube can be so helpful: Instead of having to search through a pile of videotapes, you can just type in a few keywords. Even better, you can search all your friends’ video collections and they can search yours. And this is where a system like adLib produced by EchoStorm Worldwide LLC comes in. It does the same sort of thing for the military by automatically archiving video feeds along with the associated telemetry data. For example, suppose you want to find out what happened at point X at 8:30 yesterday. You don’t even have to know which platforms were in the area at the time. “You can ask for video that matches a specific location using latitude and longitude or the MGRS (Military Grid Reference System) or by clicking and dragging on a map,” David Barton of EchoStorm told Danger Room. http://www.wired.com/dangerroom/2009/11/military-video-system-is-like-youtube-with-artillery/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+wired%2Findex+%28Wired%3A+Index+3+%28Top+Stories+2%29%29 MEMENTO: PROTOCOL-BASED TIME TRAVEL FOR THE WEB (ReadWriteWeb, 20 Nov 2009) - The Web constantly changes and evolves. That, of course, is what makes the Internet so exciting, but it also means that finding older versions of a website is hard. The current push towards the real-time web is making this problem even more apparent. Memento, a project based at Old Dominion University, wants to make it easier to access older versions of a web page without having to go to the Internet Archive. To do this, the project is using a relatively obscure feature of the hypertext transfer protocol (HTTP). The Memento project wants to give browsers a ‘time-travel’ mode. Currently, the only way to find these pages is the Wayback Machine. According to an interview with Memento’s Herbert Van de Sompel, the mission of this project is to make it far easier for users to find older pages without having to go through the hassle of putting the right URL into the Wayback Machine’s search engine. To do this, Van de Sompel and his colleagues are exploiting a feature in the HTTP content negotiation specs that allows them to add date-and-time negotiation to the standard negotiations that already happen whenever your browser connects to a web server. Instead of just asking for the current page, a Memento-enabled browser can also ask for an older version of that page. Some servers and content management systems already offer this feature and the Memento project has developed a demo that shows how this feature would look. According to Van de Sompel, it only takes four extra lines of codes in Apache to make this work. http://www.readwriteweb.com/archives/memento_protocol-based_time_travel_for_the_web.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+readwriteweb+%28ReadWriteWeb%29 A LOOK AT TWITTER’S UPDATED PRIVACY POLICY (Eric Goldman’s blog, 20 Nov 2009) - As noted on Twitter’s blog, Twitter refreshed its privacy policy yesterday. Given that virtually everything Twitter does is placed under the microscope, I’m sure the policy will be pored over in detail. (Here’s a link to the updated policy and a link to the old policy.) General thoughts on the policy: The policy is short, easy to understand, and in plain English. The thrust of the policy is that most users typically use Twitter to publicly disseminate information, and users should expect any of this information to be broadly disseminated. This includes dissemination by Twitter, third party applications, search engines, etc. To the extent you want to restrict use of this information, Twitter gives you the tools to do so in your profile settings. Much of what’s in the policy is very typical of what you would find in the privacy policy of any other website or social network. However, a few things are worth mentioning: 1. Geolocation: The policy provides that you can turn geolocation on and off, and if you have it turned on, your location information is obviously broadcast and also used by Twitter. Geolocation is opt-in and this makes sense. 2. Cookies: The policy also mentions that Twitter places cookies on your computer. Virtually all privacy policies contain this, since most websites use cookies. But for some reason this part of the privacy policy jumped out at me. I guess it’s a reminder of the tremendous advertising power that Twitter could wield. Everyone who uses Twitter expresses their preferences through Twitter, by clicking on links, using applications, and just through general usage. Most people probably do more, such as expressing their food, drink, entertainment, political, and other preferences. (Some more than others.) By being able to identify the computer of someone who expresses those preferences, Twitter can build a valuable network that would be useful to advertisers. I’m not only talking about advertising on Twitter.com (the web client), but also advertising on other websites or networks as well. This is pretty common in the industry, and subject to attack by privacy advocates, some of whom are pushing for an opt-in system for this type of tracking. Thus far Twitter has been free of advertising, but this is likely to change, as indicated by Twitter’s own statements. (See Scoble’s link below.) 3. Metadata: Interestingly, the policy also treats tweet metadata as public information (“information you are asking us to make public”). This seems to create some grey area between information which you broadcast and is truly public, and information which is available to Twitter (but not to your followers) from your use of Twitter. Robert Scoble has a post with comments from Twitter’s COO signaling Twitter’s turn to advertising and possible use of metadata in this context. I didn’t pick up on this at first, but I think this is significant. http://blog.ericgoldman.org/archives/2009/11/a_look_at_twitt_1.htm LAW FIRM INVOKES PRIVACY LAWS IN SUING RIVAL OVER SEARCH ENGINE KEYWORDS (Law.com, 20 Nov 2009) - A lawsuit in Wisconsin is bringing a fresh challenge to the practice of paying for keywords on Google and other search engines to boost one company’s link over a rival’s. The practice has occasionally prompted a rival to file legal challenges alleging trademark infringement. Now a Wisconsin law firm is trying a new angle—accusing its competitor of violating privacy laws. Habush Habush & Rottier is one of Wisconsin’s largest law firms, specializing in personal injury cases. But search for iterations of “Habush” and “Rottier” and a sponsored link for Cannon & Dunphy attorneys often shows up, just above the link for the Habush site. Habush alleges that Cannon paid for the keywords “Habush” and “Rottier,” in effect hijacking the names and reputation of Habush attorneys. Cannon acknowledged paying for the keywords but denied wrongdoing, saying it was following a clearly legal business strategy. The lawsuit was filed Thursday in Milwaukee, where Habush is headquartered. Cannon is based in nearby Brookfield. Habush based its lawsuit on a Wisconsin right-to-privacy statute that prohibits the use of any living person’s name for advertising purposes without the person’s consent. “We believe this is deceptive, confusing and misleading,” firm president Robert Habush said of Cannon’s strategy. “If Bill Cannon thinks this is a correct way to do business he needs to have his moral compass taken to the repair shop.” William Cannon, the founding partner of Cannon & Dunphy, said every business uses the same tactic to remind consumers of their choices. “This is equally available to Habush if he weren’t so cheap to bid on his own name,” Cannon said. One legal expert said it wasn’t clear how successful Habush’s lawsuit would be. Ryan Calo, a fellow at the Center for Internet and Society at Stanford Law School, said the statute seemingly was meant to protect people from having their names and images misused to suggest they endorse or represent something. That’s not the case here, he said. http://www.law.com/jsp/article.jsp?id=1202435677621&rss=newswire LEVI’S IS PAYING ORRICK A FLAT FEE TO HANDLE ALL BUT ITS IP WORK (ABA Journal, 23 Nov 2009) - Orrick, Herrington & Sutcliffe is earning a flat fee to handle all of the legal work worldwide for Levi Strauss & Co., with just one exception. Levi’s is paying Orrick an annual fee in monthly increments for all but its brand protection work, the Recorder (sub. req.) reports. Townsend and Townsend and Crew is handling that aspect of Levi’s legal business. If work needs to be done where Orrick doesn’t have an office, it will hire an outside law firm at its own expense. The arrangement is unusual because it is so all-encompassing, according to Frederick Krebs, president of the Association of Corporate Counsel. “It is still news when a big firm and a big company do a significant amount of work or transactions in that way,” Krebs told the Recorder. Orrick wouldn’t disclose how much the Levi’s deal is worth, but the story calls the deal a “multimillion-dollar arrangement.” Twenty-five percent of revenue comes from alternative billing. Orrick partner Karen Johnson-McKewan worked out the details of the deal. “The core principle that we’re operating with here is that we’re trusting each other,” she told the Recorder. “We all are committed to doing whatever we can to make it work. We know there will be bits and pieces where it may not.” http://www.abajournal.com/weekly/article/levis_is_paying_orrick_a_flat_fee_to_handle_all_but_its_ip_work WIKILEAKS RELEASES OVER HALF A MILLION PAGER MESSAGES FROM 9/11 (ReadWriteWeb, 25 Nov 2009) - Earlier this morning, Wikileaks began to post pager messages that were sent on September 11, 2001. According to Wikileaks, these messages were intercepted by an “organization which has been intercepting and archiving US national telecommunications since prior to 9/11.” Some of these messages are from officials in police and fire departments, though a large number of messages are also from businesses. Others are automated messages to engineers that were sent by computers about network and hardware issues. Wikileaks is posting these messages semi-live - in sync with the events of 9/11. It’s not clear how Wikileaks got this data or who intercepted these messages. This archive is likely to become an invaluable source for anybody who wants to study the events and the public’s reaction on this day. Chances are that conspiracy theorists are already wading through this data looking for an official page that authorized the destruction of Building 7. As is to be expected, the archive includes many Twitter-like messages like “Bush calls World Trade Center crashes apparent terrorist attack.” Others are internal messages from unknown businesses or government departments (“please due to the incidents taking place and with trying to close centers Please do not tie up aol today unless it is business. Thanks”) or personal message (“Things are getting worse....fear is rampid...please call me. HISD are advising to come get children etc.-sm”). This thread on Reddit highlights some of the most interesting (and often shocking) messages. We don’t know the nature of Wikileaks this source yet, so it’s only prudent to treat this data with some skepticism. Wikileaks, however, has a track record of releasing authentic information and it seems unlikely (but not impossible) that somebody would go through the trouble of writing 500,000 pager messages just to be featured on Wikileaks. http://www.readwriteweb.com/archives/wikileaks_releases_over_half_a_million_pager_messages_from_911.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+readwriteweb+%28ReadWriteWeb%29 GOOGLE PROFILES TURN INTO OPENIDS (TechCrunch, 25 Nov 2009) - As part of its push to go more social, Google has been attempting to unify its various account profiles into one Google Profile. And now it’s more useful. Google’s Brad Fitzpatrick has just tweeted out that Google Profiles can now be used as OpenIDs. What this means is that you can sign into any site that accepts OpenID simply by using your Google Profile domain. Luckily, a few months ago Google started allowing these profiles to have vanity URLs, like /mgsiegler, instead of the previous /32090329039402903. Chris Messina, a huge proponent of the open web movement, has just sent out a picture of what signing in with OpenID via your Google Profile looks like. http://www.techcrunch.com/2009/11/25/google-profile-openid/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29 RESOURCES 8 THINGS TO REMEMBER WHEN IMPLEMENTING AN E-MAIL POLICY (Digital Landfill, 12 Nov 2009) – [useful checklist and explication]: http://aiim.typepad.com/aiim_blog/2009/11/8-things-to-remember-when-implementing-an-email-policy.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+EcmIndustryWatch+%28Digital+Landfill%29 [Spotted by MIRLN-reader Claude Baudoin of Cebe KM and IT.] FUN WIFI BODY SCALE AUTO-TWEETS EACH TIME YOU STEP ON IT (Mashable, 10 Nov 2009) - This sounds like our worst nightmare, but a WiFi Body Scale has hit the market, and it’s designed to auto-tweet your every weigh-in along with the number of pounds you need to gain or lose to reach your goal. The enhanced $159.99 scale is available for purchase from the manufacturer’s website. Previously able to record weight data and track it via an iPhone app, the addition of auto-tweeting is apparently a motivational feature to keep you focused on your weight-loss (or gain) goals. Should this seemingly outlandish functionality appeal to you, you can configure your Twitter account for auto-posting on a per weigh-in, daily, weekly, or monthly basis after the initial Twitter activation process. The scale records your body weight, lean & fat mass (ouch), and body mass index, all of which is posted to your personal webpage and/or the iPhone application. http://mashable.com/2009/11/10/wifi-body-scale/ [Editor: Clearly moves Web 2.0 into the TMI space.] LOOKING BACK FORMER VOLUNTEERS SUE AOL, SEEKING BACK PAY FOR WORK (New York Times, 26 May 1999) - Two former volunteers for America Online have filed a lawsuit in Federal Court in Manhattan in an attempt to obtain back wages, saying that they and thousands of other volunteers should have been compensated for their work. The plaintiffs, Kelly Hallisey of Nassau County and Brian Williams of Dallas, allege that AOL violated the Fair Labor Standards Act, a Federal law that mandates a minimum hourly wage for employees, by using volunteers to perform work for the on-line service. They and their lawyer, Leon Greenberg, said they were hoping other volunteers for the on-line service would join the suit, which was filed Monday. The amount of damages sought was not specified. The volunteers, called community leaders, perform a variety of tasks for the service, like moderating on-line discussions and overseeing other volunteers. http://www.nytimes.com/1999/05/26/nyregion/former-volunteers-sue-aol-seeking-back-pay-for-work.html [Editor: today, could the analogue be crowd-sourcing volunteers?] MIRLN 2009-11-28T06:57:00-07:00 http://www.knowconnect.com/mirln/article/mirln_18_october_7_november_2009_v1215/ http://www.knowconnect.com/mirln/article/mirln_18_october_7_november_2009_v1215/#When:21:16:00Z • Heartland Breach: Inside Look at the Plaintiffs’ Case • Site Lets Investors See and Copy Experts’ Trades • Check E-Mail Hourly, Quinn Partner Says, Unless in Court, in Tunnel or Asleep • Baited and Duped on Facebook • Court Rules that Phones Ringing in Public Don’t Infringe Copyright o Apology for Singing Shop Worker • CIA Invests in Firm that Datamines Social Networks o U.S. Navy CIO: Social Media Should Be Part of Military IT Standard o US Department of Defense Embraces Open Source • Web Store Offering New Jersey Shipments Avails Itself of Forum Even Absent Any Sales o Hosting Sponsored Ad Links Targeting New York Not Enough for Jurisdiction There • Data Breach Notification Spreads South of The Border—Way South • SEC Proposes Amending Rules for Internet Availability of Proxy Materials • Microsoft Wants ISO Security Certification for its Cloud Services • Obama’s Ethics Counsel Faces Tough Crowd at ABA Conference • Obama Family Portrait Posted to Flickr • MI5 Comes Out Against Cutting Off Internet Pirates • Privacy Coalition Seeks Investigation of DHS Chief Privacy Office • Social Media and Ed. Tech. Companies • FBI: Cyber Crooks Stole $40m from U.S. Small, Mid-Sized Firms • Study: Facebook, Twitter Use at Work Costs Big Bucks • In Industry First, Voting Machine Company to Publish Source Code • Learning by Degrees • ACC to GCS: Eliminate Software Costs • Survey: Few Companies Addressing Cyberterrorism • Educause Core Data Service Fiscal Year 2008 Summary Report • Ct Rules Facebook Terms Claiming Ownership of User Info Did Not Destroy CDA Protections • Lawyerese Goes Galactic as Contracts Try to Master the Universe • Judge Rules Metadata is Public Record o PA Bar Committee Examines Metadata o Want to Update Your Avvo Listing? If So, Start Policing Client Comments, Opinion Says • EU Sends Conflicting Messages on Keyword Advertising • Amazon Lets Shoppers Pay with a Phrase • Does Cloud Computing Need Malpractice Safeguards? • Lawyers in Discovery Scandal Say Qualcomm Lied • Attorney-Client Privilege in Work E-Mails • Judge Spanks Lawyer for Leaking Personal Details in Brief **** NEWS **** HEARTLAND BREACH: INSIDE LOOK AT THE PLAINTIFFS’ CASE (BankInfoSecurity, 8 Oct 2009) - Prior to the Heartland Payment Systems (HPY) data breach, company executives misrepresented their “state of the art” security measures, says a new document filed in the class action suit against the payments processor. Heartland publicly touted its “multiple layers of security,” and said it placed “significant emphasis on maintaining a high level of security in order to protect the information of our merchants and their customers,” according to the master complaint filed last month in U.S. Southern District Court in Houston. In January, Heartland announced it had been the victim of a data breach that is now recognized as the largest ever reported, impacting more than 130 million consumer credit/debit card accounts. The complaint represents “everything we know about the Heartland data breach so far,” says attorney Richard Coffman, representing the financial institutions suing Heartland for damages. This document lays out for the first time a sequence of events and statements made by Heartland executives about security measures and actions before, during and after the breach. http://www.bankinfosecurity.com/articles.php?art_id=1844 Complaint filing here: http://www.bankinfosecurity.com/external/HEARTLAND-FILING-9_2_09.pdf SITE LETS INVESTORS SEE AND COPY EXPERTS’ TRADES (New York Times, 19 Oct 2009) - The trouble with mutual funds is that investors can feel as though they have put their money in a black box. The 90 million Americans with money in funds know little about fees, what securities their money is invested in and who is in charge. Daniel Carroll, who started investing when he was 15, thinks he has a way to let average investors learn about investing while experts manage the money. In 2008, he started KaChing, a Web site where 400,000 amateur and professional investors manage virtual portfolios. Others have logged on to see what the investors on the site are doing and make the same trades in their own real portfolios. On Monday, KaChing is to add a new twist. Customers can set up brokerage accounts that automatically mirror the trades of a money manager, some of them professionals. “The idea of an asset manager showing all his research, his holdings — it’s unheard-of,” said Mr. Carroll, now 27 and the vice president for business development at KaChing. “In the financial industry, the idea is that information is currency; they protect it with their lives.” KaChing has attracted a roster of prominent early investors from Silicon Valley who have financed the company with $3 million. They include Marc Andreessen, co-founder of Netscape; Kevin Compton of Kleiner Perkins Caufield & Byers; and Jeffrey Jordan, chief executive of OpenTable, the online reservation service. The angel investors have also been investing their own money through KaChing during the pilot period. “The concept is great — the ability to tap into not just the wisdom of the crowd, but to be able to identify and invest with the particular geniuses in the crowd that stand out,” said Mr. Andreessen, who has invested $100,000 using the site. Customers will be able to open a brokerage account with Interactive Brokers and link their account with their choice of investors on KaChing. KaChing charges customers a single management fee of 0.25 percent to 3 percent, set by each investor. KaChing keeps a quarter of the fee, and the investors get the rest. Each time the investors make a trade, KaChing will automatically make the same trades for the customer. Customers can log on whenever they want to check their portfolio’s performance. They can send the investor private messages and receive alerts if the investor does something unusual. With the click of a mouse, customers can stop mirroring an investor. http://www.nytimes.com/2009/10/19/technology/start-ups/19kaching.html?_r=2&scp=1&sq=kaching&st=cse CHECK E-MAIL HOURLY, QUINN PARTNER SAYS, UNLESS IN COURT, IN TUNNEL OR ASLEEP (ABA Journal, 19 Oct 2009) - After doing a great job on a rush project, a relatively new associate at Quinn Emanuel Urquhart Oliver & Hedges made a mistake. He didn’t check his e-mail. As a result, he missed a senior partner’s instruction that he should send out a draft document for client review before calling it a day. Partner A. William Urquhart notes the mistake in an e-mail he sent the next morning to firm attorneys, which is reprinted in Above the Law, and exhorts the troops to pick up the pace as far as electronic message review is concerned. Lawyers should be checking their e-mail hourly, unless they have a very good excuse for not doing so, Urquhart says, such as being in court, in a tunnel or asleep. “One of the last things you should do before you retire for the night is to check your e-mail. That is why we give you BlackBerries,” he writes. http://www.abajournal.com/weekly/check_e-mail_hourly_quinn_partner_says_unless_in_court_in_tunnel_or_asleep [Editor: Law firms have been talking about the need for immediate response—i.e., within 15 minutes—to client emails for years. This (and this story) is nuts. Clients will let you know their response requirements, and one size doesn’t fit all.] BAITED AND DUPED ON FACEBOOK (ComputerWorld, 19 Oct 2009) - When CIO Will Weider encouraged employees at Ministry Health Care and Affinity Health System in Wisconsin to use Facebook to spread the word about new programs and successful projects, he was surprised at the result: Few did so. “I went in there thinking, ‘We’ve turned these people loose; we’ll have 10,000 marketers out there,’ “ Weider says. But the Ministry Health workforce, it turned out, had been well trained to protect sensitive data, and without explicit guidance on what they could say, their first reaction was to share nothing. “We’ve stressed the importance of data security with our employees, particularly when it comes to patient privacy, and it’s kept them from sharing all the great things about work on Facebook,” Weider says. That’s a good problem to have. Many fear that the popularity of social networking—among individuals as well as organizations—will precipitate an increase in social engineering attacks that could result in security breaches that expose corporate data or damage a company’s reputation. But while executives seem to grasp the potential threats of social networking, only a slim majority of organizations seem to feel the need to do something about it. In an exclusive September 2009 Computerworld survey, 53% of the 120 IT professionals polled reported that their organizations have a social media usage policy, while 41% said they don’t and 6% said they weren’t aware of such a policy. And in a July 2009 poll by advertising agency Russell Herder and law firm Ethos Business Law, both based in Minneapolis, 81% of the 438 respondents said they have concerns about social media and its implications for both corporate security and reputation management. However, only one in three said that they have implemented social media guidelines, and only 10% said that they have undertaken related employee training. http://www.computerworld.com/s/article/343908/Baited_and_Duped_on_Facebook?source=CTWNLE_nlt_pm_2009-10-19 COURT RULES THAT PHONES RINGING IN PUBLIC DON’T INFRINGE COPYRIGHT (EFF, 21 Oct 2009) - In June, we reported on ASCAP’s claim that when your cell phone’s musical ringtone sounds in a public place, you are infringing copyright. A federal court firmly rejected that argument last week, ruling that “when a ringtone plays on a cellular telephone, even when that occurs in public, the user is exempt from copyright liability, and the [cellular carrier] is not liable either secondarily or directly.” This is exactly the outcome urged by EFF, Public Knowledge, and the Center of Democracy & Technology in an amicus brief filed in the case. https://www.eff.org/deeplinks/2009/10/court-rules-phones-ringing-public-dont-infringe-co - and - APOLOGY FOR SINGING SHOP WORKER (BBC, 21 Oct 2009) - A shop assistant who was told she could not sing while she stacked shelves without a performance licence has been given an apology. Sandra Burt, 56, who works at A&T Food store in Clackmannanshire, was warned she could be fined for her singing by the Performing Right Society (PRS). However the organisation that collects royalties on behalf of the music industry has now reversed its stance. They have sent Mrs Burt a bouquet of flowers and letter of apology. Mrs Burt, who describes herself as a Rolling Stones fan, said that despite the initial warning from the PRS, she had been unable to stop herself singing at work. The village store where Mrs Burt works was contacted by the PRS earlier this year to warn them that a licence was needed to play a radio within earshot of customers. When the shop owner decided to get rid of the radio as a result, Mrs Burt said she began singing as she worked. http://news.bbc.co.uk/2/hi/uk_news/scotland/tayside_and_central/8317952.stm CIA INVESTS IN FIRM THAT DATAMINES SOCIAL NETWORKS (SlashDot, 20 Oct 2009) - “In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It’s part of a larger movement within the spy services to get better at using ‘open source intelligence’ — information that’s publicly available… Visible Technologies crawls over half a million web 2.0 sites a day, scraping more than a million posts and conversations taking place on blogs, online forums, Flickr, YouTube, Twitter and Amazon. (It doesn’t touch closed social networks, like Facebook, at the moment.) Customers get customized, real-time feeds of what’s being said on these sites, based on a series of keywords. ‘That’s kind of the basic step — get in and monitor,’ says company senior vice president Blake Cahill. Then Visible ‘scores’ each post, labeling it as positive or negative, mixed or neutral. It examines how influential a conversation or an author is. (‘Trying to determine who really matters,’ as Cahill puts it.) Finally, Visible gives users a chance to tag posts, forward them to colleagues and allow them to response through a web interface.” http://yro.slashdot.org/story/09/10/20/1444256/CIA-Invests-In-Firm-That-Datamines-Social-Networks?from=rss - and - U.S. NAVY CIO: SOCIAL MEDIA SHOULD BE PART OF MILITARY IT STANDARD (ReadWriteWeb, 21 Oct 2009) – In a blog post this week, U.S. Navy CIO Rob Carey wrote that social media is a resource for the American military that should be used to build trust and collaboration, both within and outside the organization. In attempts to balance communication, transparency, and operational security, the military has encountered both practical obstacles and general criticism. In a recent podcast, Carey said, “Most social networking tools come with no rules of the road. As the Internet moves towards user-generated content, we thought there was a void we could fill… to mitigate some of the security risks associated with social media.” Beyond risk management, Carey said, “Social media has a powerful collaboration engine associated with it.” Generally, military organizations have the options to reach out directly to large IT companies to configure customized security profiles and inherent OPSEC protection for personnel; traditionally, however, social networks such as Facebook and Twitter have not been particularly receptive to working within that type of culture or framework. From the sharing-and-access social media pole to the security/military pole, both sides are resistant to different approaches to shared and social information. Still, Carey is an advocate for the usefulness of these tools, even behind a military firewall. “We must remain a learning organization. As the Internet evolves, so must our workforce and its associated skills. To that end, we must be able to embrace change,” Carey wrote in his blog post. “Many of our processes are rooted in the Industrial Age and will need to move toward the Information Age to remain relevant in the coming years.” With specific regard to social media and the American military, Carey stated, “Social media is an inherent part of the toolbox for members of the millennial workforce, while baby boomers are just adopting it. Social media tools should become the standard by which we can share and collaborate on information inside and outside the network boundaries.” He also highlighted green initiatives, mobile working, and the use of modern technological tools in recruitment efforts. To see Carey’s office’s Policy and Guidelines for Secure Use of Social Media by Federal Departments and Agencies, click here for a full PDF. http://www.readwriteweb.com/archives/us_navy_cio_social_media_should_be_part_of_militar.php - and - US DEPARTMENT OF DEFENSE EMBRACES OPEN SOURCE (ReadWriteWeb, 28 Oct 2009) - At the US Department of Defense, open source and proprietary software are now on equal footing. According to Defense Department guidance issued yesterday (PDF), open-source software (OSS) should be treated just like any other software product. The document also specifies some of the advantages of OSS for the Department of Defense (DoD). These include the ability to quickly alter the code as situations and missions change, the stability of the software because of the broad peer-review, as well as the absence of per-seat licensing costs. The document also stresses that OSS is “particularly suitable for rapid prototyping and experimentation, where the ability to ‘test drive’ the software with minimal costs and administrative delays can be important.” The DoD already uses some open-source products. This new memorandum is meant to provide guidance on the use of OSS and to clarify some misconceptions. According to the DoD, these misconceptions have hampered “effective DoD use and development of OSS.” One of these misconceptions is that the DoD would have to distribute any changes made to the OSS code. In reality, most open-source licenses permit users to modify code for internal use and these organizations only have to make the changes public if they distribute the code outside of their organizations. http://www.readwriteweb.com/archives/us_department_of_defense_embraces_open_source.php WEB STORE OFFERING NEW JERSEY SHIPMENTS AVAILS ITSELF OF FORUM EVEN ABSENT ANY SALES (BNA’s Internet Law News, 22 Oct 2009) - BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the District of New Jersey has ruled that an interactive website that gives visitors the option of selecting New Jersey as the ship-to destination is evidence of purposeful availment of the new Jersey forum enough to support jurisdiction there, even absent evidence of actual New Jersey sales. The court said that a website offering allegedly counterfeit goods for sale specifically to New Jersey residents was a meaningful contact with the forum that would satisfy the due process clause’s purposeful availment requirement. Case name is Tristar Products Inc. v. SAS Group Inc. - but - HOSTING SPONSORED AD LINKS TARGETING NEW YORK NOT ENOUGH FOR JURISDICTION THERE (BNA’s Internet Law News, 5 Nov 2009) - BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the Southern District of New York has ruled that although some ads on a site sponsoring pay-per-click links may resolve to New York web addresses and companies, that contact will not, without more evidence of direct New York soliciting, support jurisdiction over the website owner there. The court said that simply claiming that sponsored links meant direct solicitation was not convincing. DATA BREACH NOTIFICATION SPREADS SOUTH OF THE BORDER—WAY SOUTH (Steptoe & Johnson’s E-Commerce Law Week, 22 Oct 2009) - Uruguay recently issued mandatory data breach notification provisions as part of regulations implementing its Personal Data Protection Act (Law 18331). Article 8 of the Act (Decree No. 414/009) requires that “[w]henever those responsible for or in charge of a database … learn of security breaches at any stage of the (data) treatment process that have the potential of affecting the rights of the injured parties in a significant way, they must inform them of this incident.” The Act and regulations were adopted as part of Uruguay’s effort to satisfy the EU Directive on Data Protection, No. 95/46/EC, and to become a premiere Latin American outsourcing point for banking, call-center operations, airplane ticket sales, and other international financial and administrative services. Few other countries currently require notification of individuals affected by a data breach; Japan, Norway, and Germany, are among the few that do so, along with 45 U.S. states, the District of Columbia, Puerto Rico, and the U.S. Virgin Islands. Mandatory notification is, however, likely to come to the EU in the next year or two as part of proposed revisions to the EU electronic communications framework. And South Africa’s Protection of Personal Information Bill, which was approved by the Cabinet and is now before Parliament, would make notification mandatory. The spread of such laws makes it all the more imperative for multinational companies to put in place effective data security measures and a response plan to deal with any breaches that do occur. http://www.steptoe.com/publications-6402.html SEC PROPOSES AMENDING RULES FOR INTERNET AVAILABILITY OF PROXY MATERIALS (Duane Morris, 22 Oct 2009) - On October 14, 2009, the U.S. Securities and Exchange Commission (the “SEC”) proposed amendments to the proxy rules under the Securities Exchange Act of 1934 that are intended to provide additional flexibility for issuers and other soliciting persons on the content and format of the Notice of Internet Availability of Proxy Materials (the “Notice”). In an effort to improve the clarity of the Notice and to better educate shareholders about the notice and access model, the SEC has proposed a new rule allowing issuers and other soliciting persons to accompany the Notice with an explanation of the process of reviewing and receiving proxy materials and voting. In addition, SEC Release No. 34-60825 (the “Release”) provides guidance about the current requirement for the Notice to identify matters to be voted upon at the shareholders’ meeting. Furthermore, the SEC has proposed revisions to the Notice delivery deadlines for soliciting persons other than issuers…. http://www.duanemorris.com/alerts/SEC_Internet_Proxy_Materials_3452.html MICROSOFT WANTS ISO SECURITY CERTIFICATION FOR ITS CLOUD SERVICES (ComputerWorld, 23 Oct 2009) - Microsoft Corp. wants to get its suite of hosted messaging and collaboration products certified to the ISO 27001 international information security standard in an effort to reassure customers about the security of its cloud computing services. The move comes at a time of broad and continuing doubts about the ability of cloud vendors in general to properly secure their services. Google Inc., which has made no secret of its ambitions in the cloud computing arena, is currently working on getting its services certified to the government’s Federal Information Security Management Act (FISMA) standards for much the same reason. It’s unclear how much value customers of either company will attach to the certifications, particularly because the specifications were not designed specifically to audit cloud computing environments. Even so, the external validation offered by the standards is likely to put both companies in a better position to sell to the U.S. government market. Speaking with Computerworld this week, Bill Billings, chief security officer of Microsoft Federal, said the company is currently in the process of putting Microsoft’s Business Productivity Online Suite through the ISO 27001 certification process. The hosted service includes Exchange Online, SharePoint Online, Office Live Meeting and Office Communications Online. Billings declined to say just when Microsoft hopes to achieve the certification. The goal is to offer customers, particularly those in the public sector, a higher level of confidence about Microsoft’s cloud services than FISMA certification alone provides, said Teresa Carlson, vice president of Microsoft Federal. “FISMA is outdated. It is largely a paper-based exercise. We want to take it up a notch” by getting ISO 27001 certification, Carlson said. At the same time, Microsoft is also working to get its cloud services certified to the standards prescribed under FISMA; it hopes to complete that task by the end of the year, Carlson said. http://www.computerworld.com/s/article/9139820/Microsoft_wants_ISO_security_certification_for_its_cloud_services?source=CTWNLE_nlt_dailyam_2009-10-23 OBAMA’S ETHICS COUNSEL FACES TOUGH CROWD AT ABA CONFERENCE (NLJ, 23 Oct 2009) - President Barack Obama’s special counsel for ethics and government regulation Thursday afternoon gave an American Bar Association crowd an insider’s perspective into the administration’s thought path as it first embarked on, and now continues to pursue, lobbying reform in Washington. But his remarks did not go unchallenged. Many thought Obama’s promise of reform was just empty campaign rhetoric, said Norman Eisen, but the president in fact has “a deeply held personal view that political systems are susceptible to special interests” and he “speaks of it often.” “The president will hold every government servant to the highest standard of fidelity to the public interest,” Eisen told a crowd of about 40 at the ABA Administrative Law Conference luncheon. “We think it is no accident that we have had one of the most scandal-free starts of any administration in modern history.” Still, critics like Thomas Susman, the ABA’s government affairs office director, who joked when introducing Eisen to the crowd that he was responsible for “vilifying and emasculating” lobbyists, questioned Eisen as to why, if indeed these regulations are intended for the public interest, no distinction is made between corporate lobbyists and those who lobby for public interest causes. Eisen responded by saying that the administration did consider parsing types of lobbying, but in the end, “felt that as a matter of principle, we needed to be consistent in that regulation to have credibility.” Sharing the stage Eisen and Susman, William Luneburg Jr., chair of the ABA’s administrative law and regulatory practice section, which sponsored the event, told Eisen that the definition of, “lobbyist,” should be more consistent because some who don’t register as lobbyists still fit the role and slip through the cracks into government positions. Eisen responded, saying: “We thought it would be too burdensome to establish another regulatory regime” and “we felt that as a matter of workability, that was just too tough.” An audience member also harangued Eisen for not consulting with lobbyists before undertaking reform. Eisen said that in fact the administration did, though only with those whose contribution would have had a valuable impact. The criticism didn’t stop at lunch. Immediately after Eisen’s remarks, a panel discussion assembled down the hall in the Walter E. Washington Convention Center. Panelist Nick Allard, of Patton Boggs, quipped that he was “shocked” to hear Obama’s “fig-leaf counsel” complain about lobbyists because shutting lobbyists out of government is forcing them to cut corners, including unregistering. “Right now it’s popular to make a show of turning lobbyists away from the front door while sending them around the back,” he said. “The dirty little secret is the wink-wink policy toward lobbying encourages people to do things the wrong way.” He urged the lobbying community to self-regulate and hold itself to a higher standard of conduct so the government wouldn’t feel the need to intrude. Melanie Sloan, Executive Director of Citizens for Responsibility and Ethics in Washington (a group that Eisen co-founded), contended that the administration wasn’t doing enough to take the money out of politics. She advocated publicly financed elections, but admitted it seems a political impossibility right now. But small measures, like restricting bundling or forcing disclosure in so-called “Astroturf” lobbying groups would help, she said. Finally, former U.S. Solicitor General and current Harvard Professor Charles Fried addressed the constitutional implications of shutting lobbyists out from government: He said there are none. “The constitutional issue about the Obama executive order that we keep hearing about seems to me a true nothing burger,” he said. “You have the right to petition, you don’t have the right to be heard.” http://www.law.com/jsp/article.jsp?id=1202434891673&rss=newswire&hbxlogin=1 OBAMA FAMILY PORTRAIT POSTED TO FLICKR (Mashable, 23 Oct 2009) - Much was made of Barack Obama’s use of social media in his successful 2008 Presidential campaign. Although it’s now been nearly a year since he was elected, the President and his team continue to make use of the tools that helped him land the job. The latest example: the official Obama family portrait, posted to Flickr on Thursday. The photo is part of the White House Flickr stream, which includes hundreds of sets from the President’s day-to-day engagements around the world. As with all photos posted to the stream, however, users should be aware of the restrictions placed on their use: “This official White House photograph is being made available only for publication by news organizations and/or for personal use printing by the subject(s) of the photograph. The photograph may not be manipulated in any way and may not be used in commercial or political materials, advertisements, emails, products, promotions that in any way suggests approval or endorsement of the President, the First Family, or the White House.” http://mashable.com/2009/10/23/obama-family-portrait/ MI5 COMES OUT AGAINST CUTTING OFF INTERNET PIRATES (The Times, 23 Oct 2009) - The police and intelligence services are calling on the Government to drop plans to disconnect persistent internet pirates because they fear that this would make it harder to track criminals online. Lord Mandelson, the Business Secretary, has vowed to use the Government’s forthcoming Digital Economy Bill to introduce new measures to fight illegal file-sharing of music and films. He has also proposed that persistent pirates should have their internet connections suspended temporarily. But The Times understands that both the security services and police are concerned about the plans, believing that threatening to cut off pirates will increase the likelihood that they will escape detection by turning to encryption. http://www.timesonline.co.uk/tol/news/uk/crime/article6885923.ece PRIVACY COALITION SEEKS INVESTIGATION OF DHS CHIEF PRIVACY OFFICE (BeSpacific, 24 Oct 2009) - “EPIC joined the Privacy Coalition letter sent to the House Committee on Homeland Security urging them to investigate the Department of Homeland Security’s (DHS) Chief Privacy Office. DHS is unrivaled in its authority to develop and deploy new systems of surveillance. The letter cited DHS use of Fusion Center, Whole Body Imaging, funding of CCTV Surveillance, and Suspicionless Electronic Border Searches as examples of where the agency is eroding privacy protections.” http://www.bespacific.com/mt/archives/022652.html#022652 SOCIAL MEDIA AND ED. TECH. COMPANIES (InsideHigherEd, 26 Oct 2009) - Where social media make sense to me are as a method of exposing the fact that organizations are made up of people. I don’t want to read blog posts or Facebook status updates or tweets from Microsoft, Google, Blackboard, Adobe, Apple etc.... But I do want to hear from the people who work at these companies. Particularly the people who work in the education divisions of these companies. The NYTimes has now has a social media editor named Jennifer Preston. In an interview on NYTimes Tech Talk, Preston makes the point that NYTimes reporters can use social media to engage in two-way conversations with a highly motivated community. Part of her job is to encourage this conversation. I think the time has come for companies to bring in their own social media editors. I know some of the people who work in ed. tech companies that we do business with, but I don’t know nearly enough of you. Who are the education leaders, decision makers, program managers, developers, designers, and sales folks at Microsoft? (to pick on one). What do you guys care about? What is driving you crazy? What are you working on? What articles and blogs are you reading right now? What products and services do you use? How did you get into educational technology? What do you hope to leave as your legacy? http://www.insidehighered.com/blogs/technology_and_learning/social_media_and_ed_tech_companies FBI: CYBER CROOKS STOLE $40M FROM U.S. SMALL, MID-SIZED FIRMS (Washington Post, 26 Oct 2009) - Cyber criminals have stolen at least $40 million from small to mid-sized companies across America in a sophisticated but increasingly common form of online banking fraud, the FBI said this week. According to the FBI and other fraud experts, the perpetrators have stuck to the same basic tactics in each attack. They steal the victim’s online banking credentials with the help of malicious software distributed through spam. The intruders then initiate a series of unauthorized bank transfers out of the company’s online account in sub-$10,000 chunks to avoid banks’ anti-money-laundering reporting requirements. From there, the funds are sent to so-called “money mules,” willing or unwitting individuals recruited over the Internet through work-at-home job scams. When the mules pull the cash out of their accounts, they are instructed to wire it (minus a small commission) via services such as MoneyGram and Western Union, typically to organized criminal groups operating in countries like Moldova, Russia and Ukraine. Steve Chabinsky, deputy assistant director of the FBI’s Cyber Division, said criminals involved in these online account takeovers have attempted to steal at least $85 million from mostly small and medium-sized businesses, and have successfully made off with about $40 million of that money. http://voices.washingtonpost.com/securityfix/2009/10/fbi_cyber_gangs_stole_40mi.html STUDY: FACEBOOK, TWITTER USE AT WORK COSTS BIG BUCKS (ComputerWorld, 26 Oct 2009) - A U.K. firm today released a study showing that people who use Facebook, Twitter and other social networks while at work extract a heavy cost on their employers. Employees who use Twitter and other social networks in the office are costing U.K. businesses about 1.38 billion pounds, or more than $2.25 billion a year, according to London-based Morse PLC, an IT services and technology company. Morse surveyed 1,460 office workers and found that 57% browse social networking sites for personal use while in the office. Those workers use social networks an average of 40 minutes a day at work, which adds up to a lost week each year, the survey found. Morse, which commissioned research firm TNS Group to do the study, isn’t alone in its findings. In July, Nucleus Research, an IT research company in Boston, released a study showing that companies where users are free to access Facebook in the workplace lose an average of 1.5% in total employee productivity. The survey also showed that 77% of workers who have a personal Facebook account use it during work hours. Earlier this month, a study commissioned by Robert Half Technology, an IT staffing firm, showed that companies are starting to take on social networkers in their offices. This study found that 54% of U.S. companies had banned office use of social networking sites like Twitter, Facebook, LinkedIn and MySpace while on the job. http://www.computerworld.com/s/article/9139902/Study_Facebook_Twitter_use_at_work_costs_big_bucks?source=CTWNLE_nlt_pm_2009-10-26 IN INDUSTRY FIRST, VOTING MACHINE COMPANY TO PUBLISH SOURCE CODE (Wired, 27 Oct 2009) - Sequoia Voting Systems plans to publicly release the source code for its new optical scan voting system, the company announced Tuesday — a remarkable reversal for a voting machine maker long criticized for resisting public examination of its proprietary systems. The company’s new public source optical-scan voting system, called Frontier Election System, will be submitted for federal certification and testing in the first quarter of next year. The code will be released for public review in November, the company said, on its web site. Sequoia’s proprietary, closed systems are currently used in 16 states and the District of Columbia. The announcement comes five days after a non-profit foundation announced the release of its open-source election software for public review. Sequoia spokeswoman Michelle Shafer says the timing of its release is unrelated to the foundation’s announcement. In the press release announcing the public-source system, a Sequoia vice president is quoted saying that “Security through obfuscation and secrecy is not security.” “Fully disclosed source code is the path to true transparency and confidence in the voting process for all involved,” said Eric Coomer, vice president of research and product development for Sequoia, in the press release. “Sequoia is proud to be the leader in providing the first publicly disclosed source code for a complete end-to-end election system from a leading supplier of voting systems and software.” Sequoia in fact has been a champion of security through obscurity since it’s been selling voting systems. The company has long had a reputation for vigorously fighting any efforts by academics, voting activists and others to examine the source code in its proprietary systems, and even threatened to sue Princeton University computer scientists if they disclosed anything learned from a court-ordered review of its software. http://www.wired.com/threatlevel/2009/10/sequoia/ LEARNING BY DEGREES (Harvard Magazine, Nov/Dec 2009) - the image is grim: “binge and purge” learning. It’s what students do when they cram for a test: consume subject matter in a large lump (binge) and then spit it back on the exam (purge). This mode of study doesn’t seem to produce durable learning. During the past four years, associate professor of surgery B. Price Kerfoot, M.D. ‘96, Ed.M. ‘00, has developed a scheme that’s more like grazing: “spaced education.” More than 10 rigorous studies on medical students and residents using randomized trials have shown its efficacy: it can increase knowledge by up to 50 percent, and strengthen retention for up to two years. Furthermore, students report enjoying spaced education; its website (http://www.spaceded.com) even calls it “addictive.” The website offers, online, the first courses structured in this mode. (Harvard has applied for a patent on the technology, and already licenses it to an Internet start-up company, SpacedEd.) The methodology, which Kerfoot, a urological surgeon, invented, breaks information down into discrete packages and then applies two learning principles that he gleaned from the psychological literature on learning and memory. The first principle is the spacing effect—”When you present and repeat information over intervals of time [as opposed to “binges”], you can increase the uptake of knowledge,” he explains. “And it’s encoded in ways that cause it to be preferentially retained.” The second principle is the testing effect: “When you present information in a ‘test’ format, rather than just reading it, long-term retention is dramatically improved.” http://harvardmagazine.com/2009/11/spaced-education-boosts-learning ACC TO GCS: ELIMINATE SOFTWARE COSTS (Law.com, 27 Oct 2009) - In a market where in-house legal teams must control cost, many are seeking to eliminate it completely, at least with respect to their technology budgets. Despite its placement on the last day of the Association of Corporate Counsel’s annual conference this month, the “InExpensive/Free Applications for Your Law Department” session captivated an audience of more than 100 people for over an hour. Mark Donald, associate general counsel of Baltimore-based Vertis Communications, offered attendees a variety of ideas for leveraging open-source technology to streamline operations and eliminate unnecessary expenses. For example, he encouraged audience members seeking a full-feature, Web-based enterprise document management system to consider the open-source version of KnowledgeTree or the community edition of Alfresco. He similarly recommended that those interested in designing workflow use ProcessMaker and directed audience members to the company’s YouTube channel to see Processmaker in action. Eager to experiment with ProcessMaker “to interface with the sales effort to prepare contracts,” Atlanta-based Polysius Corp. GC Lori Ann Haydu attended this particular session because “I wanted to see how we could do more with less.” That was certainly a theme and Donald provided his peers with options for addressing routine activities with free tools like Open Office, an open-source suite of products for word processing, spreadsheets, presentations and other functions, noting that the program provides “baseline Microsoft Office compatibility and supports redlining very well in instances where one may need to quickly review a document on a computer without Microsoft Word.” And the creation of PDF documents using open-source Cute PDF Writer intrigued audience members. The discussion of PDF Creator, a program that enables users to create and manipulate PDF documents, generated enthusiastic questions from the audience, although the program is not exactly free (a one-year license costs $29.95). Co-presenter Joel Green, GC of Beverly, Mass.-based Altova, offered Web-based resources for finding answers to specific issues, documents and general guidance. He encouraged use of the ACC’s various listservs. In addition, he recommended regional and local meetings of in-house counsel, Legal OnRamp and ABA resources. However, he alerted attendees: “Your competitors or outside counsel may be on those boards as well” and advised them to be circumspect. Green also instructed audience members to read blogs, including The Wall Street Journal’s Law Blog, Patently-O and others written by law firms, including Sheppard Mullin’s blog on government contracts. “Blogs can be useful because they do provide valuable information on a variety of topics.” Another law firm resource included Wilson Sonsini Goodrich & Rosati’s Term Sheet Generator. http://www.law.com/jsp/article.jsp?id=1202434943463&rss=newswire SURVEY: FEW COMPANIES ADDRESSING CYBERTERRORISM (CNET, 28 Oct 2009) - Cyberterrorism is on the rise around the world. But only one-third of companies are tackling it in their disaster recovery plans, says a survey released Tuesday by data center association AFCOM. Although the majority (60.9 percent) of companies questioned see cyberterrorism as a threat to be addressed, “AFCOM’s 2009/2010 Data Center Trends” survey found that only 24.8 percent have adopted it in their policies and procedures manuals. Further, only 19.7 percent provide cyberterrorism training to their employees. Around 82 percent do run background checks on new hires. But that still leaves almost 20 percent of all data centers that don’t perform security checks on new employees, even those working directly with personal, financial, and even military records, noted AFCOM. The U.S. power grid has been especially vulnerable as utility companies rely more on network-based smart-grid technology to manage it. A Wall Street Journal report said spies from Russia and China have already hacked into the grid, leaving behind traces of their activity. In an interview with “60 Minutes” in April, Defense Secretary Robert Gates said that the U.S. is “under cyberattack virtually all the time, every day.” Beyond the AFCOM survey, other reports have also noted flaws among organizations in their approach toward cyberterrorism. http://news.cnet.com/8301-1009_3-10385230-83.html EDUCAUSE CORE DATA SERVICE FISCAL YEAR 2008 SUMMARY REPORT (Educause, 28 Oct 2009) - EDUCAUSE Core Data Service Fiscal Year 2008 Summary Report summarizes much of the data collected through the 2008 EDUCAUSE core data survey about campus information technology (IT) environments at colleges and universities in the U.S. and abroad. The report presents aggregated data and time trends through more than 100 figures and tables and accompanying descriptive text in five areas relevant to planning and managing IT in higher education: IT Organization, Staffing, and Planning; IT Financing and Management; Faculty and Student Computing; Networking and Security; and Information Systems. Appendices include a brief historical context, a list of participating campuses, the 2008 survey instrument, a glossary of terms from the survey, and a crosswalk between survey questions and figures and tables in the report. http://net.educause.edu/coredata/reports/2008/index.asp?bhcp=1 Report here: http://net.educause.edu/ir/library/pdf/PUB8006.pdf CT RULES FACEBOOK TERMS CLAIMING OWNERSHIP OF USER INFO DID NOT DESTROY CDA PROTECTIONS (BNA’s Internet Law News, 29 Oct 2009) - BNA’s Electronic Commerce & Law Report reports that the New York Supreme Court, New York County has ruled that as an interactive computer service, Facebook was immune to defamation claims arising from content posted by its users, regardless of what its terms of service said about it owning user-generated data posted there. Judge Debra A. James said that data ownership does not factor into the analysis of whether an online service qualifies for protections granted to interactive computer services under the Communications Decency Act. Case name is Finkel v. Facebook Inc. LAWYERESE GOES GALACTIC AS CONTRACTS TRY TO MASTER THE UNIVERSE (WSJ, 29 Oct 2009) - Decked out in sequined black and gold dresses, Anne Harrison and the other women in her Bulgarian folk-singing group were lined up to try out for NBC’s “America’s Got Talent” TV show when they noticed peculiar wording in the release papers they were asked to sign. Any of their actions that day last February, the contract said, could be “edited, in all media, throughout the universe, in perpetuity.” She and the other singers, many of whom are librarians in the Washington, D.C., area, briefly contemplated whether they should give away the rights to hurtling their images and voices across the galaxies forever. Then, like thousands of other contestants, they signed their names. Ms. Harrison figured the lawyers for the show were trying to hammer home the point that contestants have no rights to their performances, “but I think they’re just lazy and don’t want to write a real contract,” she says. Lawyers for years have added language to some contracts that stretches beyond the Earth’s atmosphere. But more and more people are encountering such everywhere-and-forever language as entertainment companies tap into amateur talent and try to anticipate every possible future stream of revenue. Experts in contract drafting say lawyers are trying to ensure that with the proliferation of new outlets—including mobile-phone screens, Twitter, online video sites and the like—they cover all possible venues from which their clients can derive income, even those in outer space. FremantleMedia, one of the producers of NBC’s “America’s Got Talent,” declined to comment on its contracts. The space and time continuum has extended to other realms outside the arts, including pickles. A 189-word sentence in a September agreement between Denver-based Spicy Pickle Franchising Inc. and investment bank Midtown Partners & Co.—which has helped raise capital for the sandwich and pickle shops dotted across the region—unconditionally releases Spicy Pickle from all claims “from the beginning of time” until the date of the agreement. “We’re trying to figure out how to cover every possible base as quickly as possible,” says Marc Geman, chief executive officer of Spicy Pickle. “When you start at the beginning of time, that is pretty clear.” As for the wordy language, he says, “the length of the paragraph is only limited by the creativity of the attorney.” [Doesn’t he have this inverted? Creative lawyers write concisely.] http://online.wsj.com/article/SB125658217507308619.html JUDGE RULES METADATA IS PUBLIC RECORD (ArsTechnica, 29 Oct 2009) - The Arizona state Supreme Court has ruled that the metadata attached to public records is itself public, and cannot be withheld in response to a public records request. In the Arizona case, a police officer had been demoted in 2006 after reporting “serious police misconduct” to his superiors. He suspected that the demotion was done in retaliation for his blowing the whistle on his fellow officers, so he requested and obtained copies of his performance reports from the department. Thinking that perhaps the negative performance reports had been created after the fact and then backdated, he then demanded access to the file metadata for those reports, in order to find out who had written them and when. The department refused to grant him access to the metadata, and the matter went to court. After working its way through the court system in a series of rulings and appeals, this past January an Arizona appeals ruled that even though the reports themselves were public records, the metadata was not. It turned out that Arizona state law doesn’t actually define “public record” anywhere, so the appeals court relied on various common law definitions to determine that the metadata, as a mere byproduct of the act of producing a public record on a computer, was not a public record itself. The case was then appealed to the Arizona state Supreme Court, which has now ruled that the metadata is, in fact, a public record just like the document that it’s attached to. http://arstechnica.com/tech-policy/news/2009/10/lobbyists-beware-arizona-rules-metadata-is-public-record.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss and http://www.law.com/jsp/article.jsp?id=1202435052835&rss=newswire - and - PA BAR COMMITTEE EXAMINES METADATA (Sup. Ct. Penn, Oct 2009) - The Committee on Legal Ethics and Professional Responsibility has addressed the issue of lawyer’s responsibilities regarding metadata in Formal Opinion 2009-100, “Ethical Obligations on the Transmission and Receipt of Metadata.” Formal Opinion 2009-100 addresses the responsibilities of both sending and receiving lawyers. The opinion puts particular emphasis on the duties of the sending lawyer to take reasonably diligent steps to prevent the transmission of potentially confidential information. This duty is grounded in Rules 1.1 (Competence) and 1.6 (Confidentiality) of the Rules of Professional Conduct. Comment 4 to Rule 1.6 states, “This prohibition also applies to disclosures by a lawyer that do not in themselves reveal protected information but could reasonably lead to the discovery of such information by a third person.” http://www.padisciplinaryboard.org/newsletters/index.php#story3 Opinion 2009-100 here: http://www.padisciplinaryboard.org/newsletters/2009/pdfs/f2009-100.pdf [Thanks to MIRLN reader Tom Laudise at RCG Information Technology for spotting this story.] - and - WANT TO UPDATE YOUR AVVO LISTING? IF SO, START POLICING CLIENT COMMENTS, OPINION SAYS (ABA Journal, 28 Oct 2009) - South Carolina lawyers tempted to update their listings on websites such as LinkedIn and Avvo should consider a new ethics opinion by the state bar’s Ethics Advisory Committee. The advisory opinion says lawyers who “claim” the website listing by clicking on an “update this listing” link or otherwise adopting the posted information must make sure the material conforms with ethics rules—even information that is posted by others, including clients. The opinion says websites such as Martindale-Hubbell, SuperLawyers, LinkedIn and Avvo may post informational listings about lawyers without their knowledge or consent. Once a lawyer participates in the listing, the rules change. “By claiming a website listing, a lawyer takes responsibility for its content and is then ethically required to conform the listing to all applicable rules,” the opinion says. “The language employed by the website for claiming a listing is irrelevant. (Martindale.com, for example, uses an ‘update this listing’ link for lawyers to claim their listings). Regardless of the terminology, by requesting access to and updating any website listing (beyond merely making corrections to directory information), a lawyer assumes responsibility for the content of the listing.” The content must not be false, misleading, deceptive or unfair, the opinion says. Client testimonials, barred by state ethics rules, should not be solicited or allowed. More general recommendations or statements of approval—client endorsements—may be allowed if they aren’t misleading and don’t create unjustified expectations. “If any part of the listing cannot be conformed to the rules (e.g., if an improper comment cannot be removed), the lawyer should remove his or her entire listing and discontinue participation in the service,” the opinion counsels. Mercer University law professor David Hricik noted the opinion at the blog Legal Ethics Forum. “Frankly, this one baffles me,” Hricik wrote. “I can understand why you can’t ask someone to say something about you that you can’t yourself say, … but am I really under an obligation to make sure nonclients comply with the lawyer advertising rules? Stay tuned, but in the meanwhile, you South Carolina lawyers better go read your various listings, I suppose including Facebook!” http://www.abajournal.com/news/want_to_update_your_avvo_listing_if_so_start_policing_client_comments_opini EU SENDS CONFLICTING MESSAGES ON KEYWORD ADVERTISING (Steptoe & Johnson’s E-Commerce Law Week, 29 Oct 2009) - Two legal opinions in the European Union have reached conflicting conclusions about whether the use of trademarked terms in keyword advertising constitutes trademark infringement. The Paris Tribunal de Grande Instance (TGI) found eBay, Inc., and eBay International AG liable for “counterfeiting” the trademarks of four LVMH Moët Hennessy Louis Vuitton, S.A. (“LVMH”) subsidiaries by purchasing those companies’ trademarked phrases to use as keywords on search engines to draw users to eBay’s auction site. But a few days after the TGI ruling, an Advocate General (AG) of the European Court of Justice (ECJ) issued an advisory opinion in a similar case LVMH had brought in France against Google, Inc., and Google France regarding Google’s AdWords program. The AG opined that Google had not committed trademark infringement by selling trademarked terms as keywords to websites selling counterfeit products, and also that Google should not be considered a “contributory” infringer for facilitating third-party infringement. The AG also stated that advertisers do not infringe trademarks by purchasing those marks as keywords. Should the ECJ follow the advisory opinion, its ruling would likely contradict the TGI ruling against eBay and give eBay strong arguments in its appeal of that ruling. More broadly, the conflicting opinions highlight the opposing views that exist globally on how to regard use of trademarked terms as keywords. http://www.steptoe.com/publications-6433.html AMAZON LETS SHOPPERS PAY WITH A PHRASE (CNET, 29 Oct 2009) - A simple phrase and pin code may be all you need the next time you pay for that book or CD at Amazon. The online retailer on Thursday debuted a new feature called Amazon PayPhrase, designed to let busy shoppers store their name, address, and payment information in a single phrase and pin code. Instead of entering all that data at the online checkout counter, you type your phrase and pin number when it’s time to cough up the cash. PayPhrase doesn’t just work at Amazon--it can be used at any online retailer that lets you pay via Amazon Payments. That covers a range of cyberstores, including Buy.com, J&R Electronics, DKNY, and Car Toys. PayPhrase also omits the need for a user name and password to store your personal info on every shopping site that uses Amazon Payments. However, you will need an Amazon.com account to set up and maintain your phrase. Amazon sees PayPhrase as a benefit to consumers trying to juggle different accounts at different retail sites. “PayPhrase solves the headache of trying to keep track of all the different user names and passwords people use to shop on various sites across the Web,” said Matt Williams, general manager of Amazon PayPhrase, in a statement. “With PayPhrase all you need is one phrase and one PIN to pay online.” http://news.cnet.com/8301-10797_3-10386056-235.html 30-second video explanation: http://www.amazon.com/gp/mpd/permalink/m1L3CVL0TEWNNT DOES CLOUD COMPUTING NEED MALPRACTICE SAFEGUARDS? (CNET, 1 Nov 2009) - Recent failures to protect consumer data stored on the Internet (aka “the cloud”) point to an alarming gap between the value of that data and the care with which some vendors treat that data. Microsoft subsidiary Danger failed to put in even adequate safeguards for its customers’ data. Amazon Web Services failed to discover an obvious problem that kept a loyal customer down for 20 hours. The truth is that cloud computing means that now, more than ever, IT operations is a profession that has a very real economic and quality-of-life effect on its consumers--in very many ways much like health care or the law. I think it’s time we hold ourselves as individual and organizations to similar standards that we expect from doctors, lawyers, and law enforcement. Our ethics must reflect an understanding of the responsibility we are being granted by the rest of society. The instances above are examples of companies failing to follow well-known professional protocols, or putting the needs of the business ahead of the needs of the client. Heck, look at just about any cloud operator’s terms of service, and you see paragraph after paragraph of text that basically states, “If something goes wrong, you can’t blame us.” I think its time to change this attitude. I see a couple of options: http://news.cnet.com/8301-19413_3-10387879-240.html?part=rss&subj=news&tag=2547-1_3-0-5 LAWYERS IN DISCOVERY SCANDAL SAY QUALCOMM LIED (Law.com, 3 Nov 2009) - Lawyers in the Qualcomm discovery scandal claim that the company misled and stonewalled them, ultimately leading to the failure to turn over a mountain of relevant evidence and harsh sanctions from the court. The allegations were made in briefs filed Monday by lawyers from the now-defunct Day Casebeer Batchelder & Madrid, who for the first time are telling their side of what has become the most infamous discovery fiasco in recent times. Qualcomm Inc. was sanctioned by San Diego Magistrate Judge Barbara Major in January 2008 for intentionally withholding “tens of thousands of e-mails” in an infringement case against Broadcom Corp. involving video compression technology patents. The company’s lawyers—six from Day Casebeer and one from Heller Ehrman—were also sanctioned for assisting “Qualcomm in committing this incredible discovery violation,” either knowingly or recklessly, Major wrote at the time. The sanctions were later lifted while the lawyers got a chance to defend themselves. The lawyers argue they shouldn’t be penalized—they were misled by their client. The Day Casebeer lawyers claim that they repeatedly prodded Qualcomm about whether the company had participated in industry meetings at which video compression standards were discussed. The upshot being that if the company had, then Qualcomm may have had no rights to enforce its patents against Broadcom. “Qualcomm’s failure to disclose was not limited to two or three people: Numerous individuals, including engineers in Qualcomm’s Digital Cinema group, managers of Qualcomm’s Standardization Group, and even attorneys in Qualcomm’s legal department, received inquiries from responding attorneys or Qualcomm paralegals about JVT participation and related subjects, but failed to provide critical information they had,” wrote Joel Zeldin, the Shartsis Friese partner who represents three of the Day Casebeer lawyers: partners James Batchelder and Christian Mammen and associate Kevin Leung. H. Sinclair Kerr Jr., a Kerr & Wagstaffe lawyer for former Day Casebeer lawyer Lee Patch, put it more succinctly. “Mr. Patch asked the right people the right questions at the right time and got wrong—no, false—answers.” http://www.law.com/jsp/article.jsp?id=1202435137932&rss=newswire&hbxlogin=1 ATTORNEY-CLIENT PRIVILEGE IN WORK E-MAILS (Law.com, 5 Nov 2009) - There are now several decisions determining whether employees can retain attorney-client privilege for e-mails sent to their lawyers using their employer-provided e-mail addresses and computers—reaching apparently inconsistent conclusions. This article compares and seeks to reconcile the cases, and to assist lawyers in advising clients on how to avoid the risks that such communications pose. The first of these cases, Scott v. Beth Israel Medical Center Inc., 2007 WL 3053351 (N.Y. Sup. Oct. 17, 2007), was previously featured in an article in this column (“Abusive Litigation Tactics and Loss of Privilege,” March 3, 2008), but is revisited here because a New Jersey court recently reached a diametrically opposite conclusion on quite similar facts, in Stengart v. Loving Care Agency Inc., 973 A.2d 390 (N.J. Super. A.D. July 29, 2009). The article also reviews other recent decisions in the same general subject area. http://www.law.com/jsp/article.jsp?id=1202435191463&rss=newswire JUDGE SPANKS LAWYER FOR LEAKING PERSONAL DETAILS IN BRIEF (The Register, 5 Nov 2009) - A judge has chastised a lawyer for including the social security numbers and birthdays of 179 individuals in an electronic court brief, ordering him to pay a $5,000 sanction and provide credit monitoring. US District Judge Michael J. Davis said he was meting out the penalty under his “inherent power,” meaning no one in the court case had filed a motion requesting he do so. In an order issued late last month, he said the move was designed to prevent attorney Vincent J. Moccio from repeating the carelessness again. “The court is deeply concerned with the harmful and widespread ramifications associated with negligent and inattentive electronic filing of court documents,” he wrote. “Although electronic filing significantly improves the efficiency and accessibility of our court system, it also elevates the likelihood of identity theft and damage to personal privacy when lawyers fail to follow federal and local rules.” Davis ordered Moccio to send the individuals a letter informing them that their private information had been made public and that unless they objected within seven days, they would automatically begin receiving a year’s worth of credit monitoring services free of charge. He also ordered the attorney to pay $5,000 to a Saint Paul, Minnesota, food bank. http://www.theregister.co.uk/2009/11/05/judge_sanctions_attorney/ PODCASTS I BOUGHT THE LAW (Harvard’s Berkman Center, 4 Sept 2009) - Steve Schultze is a busy fellow. He is a fellow at the Berkman Center for Internet and Society. He recently joined the Princeton Center for Information Technology Policy as Associate Director. He also is one of the developers behind RECAP – an ambitious and provocative project that seeks to bring publicly available digital court records out from behind a costly paywall. [Interesting 22 minute podcast, delving into the technology and legal issues of PACER’s semi-controversial RECAP pug-in. Original story in MIRNL 12.12 here; related working paper by Schultze here.] http://blogs.law.harvard.edu/mediaberkman/2009/09/04/radio-berkman-129-i-bought-the-law/ LAWYER2LAWYER: E-MAIL AND THE 4TH AMENDMENT (Robert Ambrogi’s LawSites, 5 Nov 2009) - Does the Fourth Amendment’s protection against unreasonable searches and seizures extend to e-mail and data stored in “the cloud”? Surprisingly, the question remains unsettled in the courts. On this week’s legal-affairs podcast Lawyer2Lawyer, we discuss the extent to which e-mail and other online data are protected in both the criminal and civil contexts. Joining us are two experts on the topic: Orin S. Kerr, professor of criminal law at the George Washington University Law School and author of a number of law review articles on the application of the Fourth Amendment to Internet and computer data. Jason Paroff, director of computer forensics operations with the ESI Consulting practice at Kroll Ontrack. http://www.legaline.com/2009/11/lawyer2lawyer-e-mail-and-4th-amendment.html MIRLN 2009-11-06T21:16:00-07:00 http://www.knowconnect.com/mirln/article/mirln_27_september_17_october_2009_v1214_h3/ http://www.knowconnect.com/mirln/article/mirln_27_september_17_october_2009_v1214_h3/#When:20:54:00Z • PCI More of a ‘Check-Box’ than Security for Most Retailers • DHS Privacy Report: Laptop Searches at Airports Infrequent • The Mortgage Machine Backfires • Virtual Town not Like Company Town for Purposes of First Amendment Protection • New Hires to Monitor Outbound E-Mail • Hawaii Supreme Court Disputes Laser Gun Test in Speeding Case • Court Order Served Over Twitter • Amazon Settles Kindle Deletion Lawsuit for $150,000 • Child-Porn Arrests: `Shooting Fish in a Barrel’ • Soon, Bloggers Must Give Full Disclosure • AT&T to Allow Expanded Internet Calling Services on Apple’s iPhone • Post-Breach Fear of Identity Theft Satisfies Standing Requirements, but Fails to Support Negligence and Other Claims o Autumn Brings Amendments to Data Breach Notification Laws o Germany Broaches the Breach Question in the EU • Companies Say No to Friending or Tweeting • E-Discovery Issues with Digital Voicemail • Sidekick Outage Casts Cloud over Microsoft • FBI Uses Facial-Recognition Technology on DMV Photos • Gov’t Unveils New Short URLS o White House Confronts Barriers to Gov 2.0 • Web Content Posted Abroad not Simultaneously Published in America • Libraries and Readers Wade into Digital Lending • LAW.gov Proposes Open-Source Stash of all Primary US Legal Materials NEWS | RESOURCES | BOOK REVIEW | DIFFERENT | LOOKING BACK | NOTES NEWS PCI MORE OF A ‘CHECK-BOX’ THAN SECURITY FOR MOST RETAILERS (Darkreading, 23 Sept 2009) - Nearly 80 percent of retailers and organizations that handle credit card transactions have been hit with a data breach, but more than 70 percent still don’t consider security strategic to their operations, according to a new report released today. This apparent incongruity has more to do with organizations accepting a certain level of risk with doing business on the Internet, says Brian Contos, chief security strategist at Imperva, which commissioned the 2009 PCI DSS Compliance Survey conducted by the Ponemon Institute. “Roughly 30 percent take [PCI security] seriously,” Contos says. “And the others see it as a check box.” But Contos says the 30 percent figure is actually promising: “It’s encouraging to see that many are saying this is not just about compliance, and, ‘I have to make this investment now, anyhow, so I’ll make the best of it.’ That’s reassuring.” The Ponemon study also found 55 percent of organizations focus only on protecting credit card data and don’t bother securing other sensitive customer data, such as Social Security numbers, driver’s license numbers, and bank account information. “We like to think wherever our information is, people are securing it, but that’s not necessarily the case,” Imperva’s Contos says. “Small companies with a limited budget and resources simply don’t generally secure credit card and other supporting information.” Only 28 percent of small businesses in the survey (501 to 1,000 employees) are PCI-compliant, according to the survey, while 70 percent of companies with 75,000 or more employees are. But even the PCI-compliant ones aren’t necessarily more secure if they only treat it as a check-box item to appease the auditors, Contos says. http://www.darkreading.com/security/attacks/showArticle.jhtml;?articleID=220100919&subSection=Attacks/breaches DHS PRIVACY REPORT: LAPTOP SEARCHES AT AIRPORTS INFREQUENT (NetworkWorld, 25 Sept 2009) - The U.S. Department of Homeland Security’s annual privacy report card revealed more details on the agency’s controversial policy involving searches of electronic devices at U.S. borders. The 99-page report, which was released Thursday, also offered details on the agency’s efforts to address privacy risks in social media and the use of imaging technologies that produce whole-body scans at airport security checkpoints. The report is the first DHS privacy assessment released to Congress since the new administration took office. It covers the activities of the DHS Privacy Office between July 2008 and June 2009. Of the more than 144 million travelers that arrived at U.S. ports of entry between Oct. 1, 2008 and May 5, 2009, searches of electronic media were conducted on 1,947 of them, the DHS said. Of this number, 696 searches were performed on laptop computers, the DHS said. Even here, not all of the laptops received an “in-depth” search of the device, the report states. A search sometimes may have been as simple as turning on a device to ensure that it was what it purported to be. U.S. Customs and Border Protection agents conducted “in-depth” searches on 40 laptops, but the report did not describe what an in-depth search entailed. http://www.networkworld.com/news/2009/092509-dhs-privacy-report-laptop-searches.html DHS’s privacy report here: http://www.dhs.gov/xlibrary/assets/privacy/privacy_rpt_annual_2009.pdf THE MORTGAGE MACHINE BACKFIRES (New York Times, 26 Sept 2009) – With the mortgage bust approaching Year Three, it is increasingly up to the nation’s courts to examine the dubious practices that guided the mania. A ruling that the Kansas Supreme Court issued last month has done precisely that, and it has significant implications for both the mortgage industry and troubled borrowers. The opinion spotlights a crucial but obscure cog in the nation’s lending machinery: a privately owned loan tracking service known as the Mortgage Electronic Registration System. This registry, created in 1997 to improve profits and efficiency among lenders, eliminates the need to record changes in property ownership in local land records. “MERS is basically an electronic phone book for mortgages,” said Kevin Byers, an expert on mortgage securities and a principal at Parkside Associates, a consulting firm in Atlanta. In January 2007, [a Court] found that Sovereign’s failure to register its interest with the county clerk barred it from asserting rights to the mortgage after the judgment had been entered. The court also said that even though MERS was named as mortgagee on the second loan, it didn’t have an interest in the underlying property. By letting the sale stand and by rejecting Sovereign’s argument, the lower court, in essence, rejected MERS’s business model. Although the Kansas court’s ruling applies only to cases in its jurisdiction, foreclosure experts said it could encourage judges elsewhere to question MERS’s standing in their cases. http://www.nytimes.com/2009/09/27/business/27gret.html VIRTUAL TOWN NOT LIKE COMPANY TOWN FOR PURPOSES OF FIRST AMENDMENT PROTECTION (BNA’s Internet Law News, 1 Oct 2009) – BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the Northern District of California has ruled that virtual world that includes homes, offices, and shops is simply an entertainment space, not a „company town‰ that would liken the operator to the government for purposes of the First Amendment. The court dismissed a First Amendment claim brought against Sony on finding that Sony was not acting as the government in its virtual world, and was thus not obligated to allow participants the free speech guaranteed by the Constitution. Case name is Estavillo v. Sony Computer Entertainment America. NEW HIRES TO MONITOR OUTBOUND E-MAIL (Law.com, 30 Sept 2009) - The economy has employers extra jittery about company secrets getting out, so nervous that they’re hiring staff just to monitor outbound e-mails. That’s the conclusion of a recent study by Proofpoint, an Internet security and data loss prevention company, which found that 38 percent of large U.S. employers are monitoring outbound e-mail to prevent data leaks, up from 29 percent in 2008. And it’s not just inappropriate use of e-mail that has employers scrutinizing employees. Social networking sites like Twitter and Facebook are also compounding data leak fears, companies reported, with 8 percent saying they had fired an employee for misuse of social networks in the past 12 months. Another 17 percent had disciplined an employee for violating blog or message board policies, up from 11 percent the year before. No surprise, say some employment attorneys, noting the ease with which employees can swipe confidential information or taint a company’s image has Corporate America on edge. “It’s almost impossible to keep up with what might be walking out of the door or sliding out the door,” said Anthony Oncidi, chairman of the labor and employment department in the Los Angeles office of New York-based Proskauer Rose. http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1202434171378 HAWAII SUPREME COURT DISPUTES LASER GUN TEST IN SPEEDING CASE (Honolulu Advertiser, 1 Oct 2009) - The Hawai’i Supreme Court has thrown out a man’s conviction for excessive speeding, a ruling that could put in jeopardy dozens of cases in which drivers have been pulled over by police officers armed with a laser gun. In a ruling released yesterday involving a man accused of exceeding the speed limit by more than 30 mph, the court wrote that prosecutors could not show that the way Honolulu police tested the laser gun used to nab drivers conformed with standards of the device’s manufacturer. HPD does conduct tests on the device, but the court said that without proof that the speed guns were functioning properly, police had no way of proving that the laser was accurately recording speeds of vehicles. At trial, HPD motorcycle Officer Jeremy Franks testified that he was certified to use the laser gun and that he tested the equipment before going on duty on the day of the incident. He testified that the tests were standard and done according to HPD procedures. But the defense argued that there was no evidence to show that the testing practice conformed with the manufacturer’s operating manual. Without this proof that the machine met established standards, the evidence should be thrown out, the defense argued. The justices agreed and said the laser gun reading should not have been admitted in court. http://www.honoluluadvertiser.com/article/20091001/NEWS01/910010353/Hawaii+Supreme+Court+disputes+laser+gun+test+in+speeding+case COURT ORDER SERVED OVER TWITTER (BBC, 1 Oct 2009) - The High Court has given permission for an injunction to be served via social-networking site Twitter. The order is to be served against an unknown Twitter user who anonymously posts to the site using the same name as a right-wing political blogger. The order demands the anonymous Twitter user reveal their identity and stop posing as Donal Blaney, who blogs at a site called Blaney’s Blarney. The order says the Twitter user is breaching the copyright of Mr Blaney. He told BBC News that the content being posted to Twitter in his name was “mildly objectionable”. Mr Blaney turned to Twitter to serve the injunction rather than go through the potentially lengthy process of contacting Twitter headquarters in California and asking it to deal with the matter. UK law states that an injunction does not have to be served in person and can be delivered by several different means including fax or e-mail. Danvers Baillieu, a solicitor specialising in technology, said it was possible for anyone to approach the court about any method of serving an injunction if the traditional methods are unavailable. “The rules already allow for electronic service of some documents, so that they can be sent by e-mail, and it should also be possible to use social networks,” he said. Mr Blaney decided to use Twitter after a recent case in Australia where Facebook was used to serve a court order. http://news.bbc.co.uk/2/hi/8285954.stm AMAZON SETTLES KINDLE DELETION LAWSUIT FOR $150,000 (Information Week, 2 Oct 2009) - Amazon.com has agreed to pay $150,000 to the student who sued the company for deleting his digital copy of George Orwell’s 1984 from his Kindle e-book reading device. In June, Amazon received a demand to remove unauthorized copies of George Orwell’s 1984 and Animal Farm from its Kindle Store. The company then refunded the $0.99 purchase price to customers who had bought the e-books for their Kindle devices and deleted copies of the e-book files for almost 2000 customers. The deletion prompted widespread criticism from Amazon customers, rights advocates, and bloggers, on whom the Orwellian nature of Amazon’s actions were not lost. Two days later, one of the customers stripped of his Kindle copy of 1984, Justin D. Gawronski, sued, in part because the deletion affected annotations about the book he had made using his Kindle. Amazon’s Kindle license agreement makes it clear that e-books bought for the Kindle are licensed rather than owned. The document also claims rights to alter the service. However, lawyers have argued that it’s not clear from the Kindle license agreement that Amazon has the right delete purchased content. As part of the settlement terms, Amazon has agreed not to delete Kindle e-books purchased and used in the US in the future, unless (a) the user consents; (b) the user seeks a refund or an electronic payment fails to clear; (c) a court orders the deletion; or (d) deletion is necessary to protect against malware. This does not apply, however, to software code, “transient content such as blogs,” or “content that the publisher intends to be updated and replaced with newer content as newer content becomes available.” In the case of Kindle newspaper and magazine content subscriptions, content is designed to be deleted, unless the user takes steps to save the content. http://www.informationweek.com/news/internet/ebusiness/showArticle.jhtml?articleID=220300915 CHILD-PORN ARRESTS: `SHOOTING FISH IN A BARREL’ (Washington Post, 5 Oct 2009) - When a single Florida county arrested 45 men and boys from all walks of life last June on charges of downloading child pornography, some people worried the place had become a haven for deviants. But top law enforcement officials and child welfare experts say the only thing unusual about Polk County is that its sheriff, Grady Judd, happens to pursue child-porn enthusiasts with more fervor and resources than most. Child porn has grown so pervasive on the Internet, they say, that police agencies all over the country, using the latest file-tracking technology, could easily spend every day finding and arresting offenders. “Today, it’s truly like shooting fish in a barrel,” said Judd, who has directed four child pornography roundups since 2006, resulting in at least 176 arrests in Polk County, a patchwork of orange groves, phosphate mines, modest towns and a half-million people between Tampa and Orlando. The biggest city is Lakeland, population 90,000. Mike Phillips, chief of the computer crimes section at the Florida Department of Law Enforcement, said Polk’s sheer number of child pornography arrests in recent years is almost unheard of nationally for a single agency. http://www.washingtonpost.com/wp-dyn/content/article/2009/10/05/AR2009100502221.html SOON, BLOGGERS MUST GIVE FULL DISCLOSURE (New York Times, 6 Oct 2009) - For nearly three decades, the Federal Trade Commission’s rules regarding the relationships between advertisers and product reviewers and endorsers were deemed adequate. Then came the age of blogging and social media. On Monday, the F.T.C. said it would revise rules about endorsements and testimonials in advertising that had been in place since 1980. The new regulations are aimed at the rapidly shifting new-media world and how advertisers are using bloggers and social media sites like Facebook and Twitter to pitch their wares. The F.T.C. said that beginning on Dec. 1, bloggers who review products must disclose any connection with advertisers, including, in most cases, the receipt of free products and whether or not they were paid in any way by advertisers, as occurs frequently. The new rules also take aim at celebrities, who will now need to disclose any ties to companies, should they promote products on a talk show or on Twitter. A second major change, which was not aimed specifically at bloggers or social media, was to eliminate the ability of advertisers to gush about results that differ from what is typical — for instance, from a weight loss supplement. For bloggers who review products, this means that the days of an unimpeded flow of giveaways may be over. More broadly, the move suggests that the government is intent on bringing to bear on the Internet the same sorts of regulations that have governed other forms of media, like television or print. “It crushes the idea that the Internet is separate from the kinds of concerns that have been attached to previous media,” said Clay Shirky, a professor at New York University. Jonathan Zittrain, a professor at Harvard Law School and co-founder of the Berkman Center for Internet and Society, said, “the rules are looking ahead to a quite possible future when there is a market to buy ‘authentic’ public endorsements.” Some marketing groups fought the changes. “If a product is provided to bloggers, the F.T.C. will consider that, in most cases, to be a material connection even if the advertiser has no control over the content of the blogs,” said Linda Goldstein, a partner at Manatt Phelps & Phillips, a law firm that represents three marketing groups, the Electronic Retailing Association, the Promotion Marketing Association and the Word of Mouth Marketing Association. “In terms of the real world blogging community, that’s a seismic shift.” FTC guide here: [Interesting spin on this by Eric Goldman, in the context of 47 USC 230: ]http://blog.ericgoldman.org/archives/2009/10/do_the_ftcs_new.htm] AT&T TO ALLOW EXPANDED INTERNET CALLING SERVICES ON APPLE’S IPHONE (SiliconValley.com, 6 Oct 2009) - AT&T said Tuesday that it will begin allowing iPhone owners to use Internet calling services such as Skype on its wireless network. The move represents a big reversal for the carrier, which had previously barred iPhones from using such services on its network. It comes as AT&T and other carriers are under scrutiny from the Federal Communications Commission for the control they exert over what types of devices and applications are allowed on their networks. As a result of the policy change, iPhone owners will soon be able to use programs such as Skype to make Voice over Internet Protocol (VoIP) phone calls using AT&T’s 3G data network. Such programs route calls largely over the Internet rather than through the traditional phone systems. Because they use a data connection rather than a voice connection, calls placed over such programs won’t eat into a customer’s limited number of voice minutes. Previously, iPhone owners could use such programs only to make calls over Wi-Fi hot spots, such as those in homes or at Internet cafes. Although AT&T barred the iPhone from making VoIP calls on its network, it did allow certain phones running the Windows Mobile operating system to make such calls, Balmoris said. In its August letter to the FCC, AT&T said it was worried that allowing iPhone users to place voice calls over its data network would decrease the amount of money it makes from those users. Allowing such services might mean AT&T and Apple would have to raise the price of the iPhone, the company warned. http://www.siliconvalley.com/news/ci_13499179 POST-BREACH FEAR OF IDENTITY THEFT SATISFIES STANDING REQUIREMENTS, BUT FAILS TO SUPPORT NEGLIGENCE AND OTHER CLAIMS (Steptoe & Johnson’s E-Commerce Law Week, 8 Oct 2009) - A federal court in Connecticut has ruled in McLoughlin v. People’s United Bank, Inc., that fear of identity theft following a data breach qualifies as injury-in-fact for Article III standing, but that such fear alone cannot support claims of unfair trade practices, negligence, or breach of fiduciary duty. Courts have split over whether fear of identity theft alone satisfies standing requirements. But courts have been fairly consistent in holding that fear of future harm alone is insufficient to establish damages and therefore to state a tort claim or any other sort of claim commonly raised by plaintiffs in data breach cases. http://www.steptoe.com/publications-6375.html Ruling here: http://www.steptoe.com/assets/attachments/3911.pdf - and - AUTUMN BRINGS AMENDMENTS TO DATA BREACH NOTIFICATION LAWS (Steptoe & Johnson’s E-Commerce Law Week, 8 Oct 2009) - Four states have amended their existing data breach notification laws. Montana and Texas have extended their notification requirement to the public sector. Maine has limited the amount of time businesses can delay notification after law enforcement gives a green light. And North Carolina now requires businesses to notify the state attorney general of breaches and to provide free security freezes to data breach victims. The amendments are all now in effect. Alabama, Kentucky, Mississippi, New Mexico, and South Dakota remain the only states without any breach notification requirement on the books. http://www.steptoe.com/publications-6375.html - and - GERMANY BROACHES THE BREACH QUESTION IN THE EU (Steptoe & Johnson’s E-Commerce Law Week, 15 Oct 2009) - With amendments to the German Federal Data Protection Law (Bundesdatenschutzgesetz) that took effect last month, Germany has become an early adopter of data breach notification obligations in the European Union. Data breach notification laws are widespread in the United States (now in force in 45 states, plus the District of Columbia, Puerto Rico, and the U.S. Virgin Islands ), but the EU has lagged in this area of regulation. That will almost certainly change, because proposed revisions to the EU electronic communications framework are expected to require all EU member states to introduce data breach notification legislation. However, those revisions stalled this summer due to conflicting views of the European Parliament and Council over other aspects of an overall electronic communications reform package, and it is likely to be at least a year before EU-wide data breach obligations take effect. In the meantime, Germany has taken the lead (although EU neighbor Norway has had such legislation on the books for some time). One upshot of these developments is that companies that suffer a breach involving the data of U.S. as well as EU residents will face an even broader patchwork of differing notification obligations. http://www.steptoe.com/publications-6391.html COMPANIES SAY NO TO FRIENDING OR TWEETING (Nat’l Law Journal, 8 Oct 2009) - Lawyers are calling it social networking burnout. Back-to-back studies, the most recent issued Tuesday, show a big chunk of corporate America is banning communication wonders like Twitter and Facebook from the workplace. According to the latest survey of more than 1,400 U.S. companies, more than half (54 percent) said they prohibit employees from visiting sites such as Twitter, Facebook and MySpace while on the clock. The survey, by Robert Half Technology, a provider of information technology staffing services, was based on telephone interviews with U.S. companies of 100 or more employees. Another recent survey delivered even graver news for the social media world. According to an August survey by ScanSafe, a Web security provider, 76 percent of companies are now choosing to block employees’ use of social networking—up 20 percent from February—which is now a more popular category of sites to block than those involving shopping, weapons, sports or alcohol. Law firms have also joined in the trend. Indianapolis-based Barnes & Thornburg has blocked all access to Facebook. Twitter is still available, however. Gunster Yoakley & Stewart of West Palm Beach, Fla., blocks Facebook and Twitter for all its support staff, including secretaries and legal assistants, but lets lawyers use the social media tools. London’s Allen & Overy tried to ban Facebook in 2007, but then lifted the ban after associate backlash. http://www.law.com/jsp/article.jsp?id=1202434373430&rss=newswire E-DISCOVERY ISSUES WITH DIGITAL VOICEMAIL (Law.com, 9 Oct 2009) - Modern companies are presented with many options for generating, receiving, storing, retrieving and disposing of electronic business communications. Perhaps nowhere is the progression of technology more evident than in the context of voicemail. Where voicemail messages were once stored on analog tapes, many organizations now utilize digital technology, and some opt for “unified” technology in which a company’s telephone and computer systems are integrated. Not surprisingly, such advances raise a number of e-discovery issues. Businesses considering implementation of new voicemail technology should evaluate the effect, if any, that implementation will have on the company’s obligations to preserve, search for and disclose relevant voicemail messages. The purpose of this article is to provide an overview of various digital voicemail arrangements, from very basic to fully unified, and to identify and discuss related e-discovery issues and practical considerations. http://www.law.com/jsp/article.jsp?id=1202434402099&rss=newswire&hbxlogin=1 [Editor: Good, useful survey of technology and legal issues.] SIDEKICK OUTAGE CASTS CLOUD OVER MICROSOFT (CNET, 10 Oct 2009) - The massive data failure at Microsoft’s Danger subsidiary threatens to put a dark cloud over the company’s broader “software plus services” strategy. A key tenet of that approach is that businesses and consumers can trust Microsoft to reliably store valuable data on their servers. A week ago, though, Microsoft’s Danger unit experienced a huge outage that left many T-Mobile Sidekick users without access to their calendar, address book, and other key data. That’s because the Sidekick keeps nearly all its data in the cloud as opposed to keeping the primary copy on the devices themselves. Things got even worse on Saturday, as Microsoft said in a statement that data not recovered thus far may be permanently lost. It’s not immediately clear how many people lost their data. The outage earlier in the week affected a broad swath of Sidekick users, though many had data return during the week. While outages in the cloud computing world are common (one need only look at recent issues with Twitter or Gmail), data losses are another story. And this one stands as one of the more stunning ones in recent memory. The Danger outage comes just a month before Microsoft is expected to launch its operating system in the cloud--Windows Azure. That announcement is expected at November’s Professional Developer Conference. One of the characteristics of Azure is that programs written for it can be run only via Microsoft’s data centers and not on a company’s own servers. http://news.cnet.com/8301-13860_3-10372525-56.html [Editor: Now Microsoft says it’s going to be able to recover most lost sidekick data. This doesn’t change the fundamental point.] FBI USES FACIAL-RECOGNITION TECHNOLOGY ON DMV PHOTOS (USA Today, 13 Oct 2009) - In its search for fugitives, the FBI has begun using facial-recognition technology on millions of motorists, comparing driver’s license photos with pictures of convicts in a high-tech analysis of chin widths and nose sizes. The project in North Carolina has already helped nab at least one suspect. Agents are eager to look for more criminals and possibly to expand the effort nationwide. But privacy advocates worry that the method allows authorities to track people who have done nothing wrong. “Everybody’s participating, essentially, in a virtual lineup by getting a driver’s license,” said Christopher Calabrese, an attorney who focuses on privacy issues at the American Civil Liberties Union. Earlier this year, investigators learned that a double-homicide suspect named Rodolfo Corrales had moved to North Carolina. The FBI took a 1991 booking photo from California and compared it with 30 million photos stored by the motor vehicle agency in Raleigh. In seconds, the search returned dozens of drivers who resembled Corrales, and an FBI analyst reviewed a gallery of images before zeroing in on a man who called himself Jose Solis. A week later, after corroborating Corrales’ identity, agents arrested him in High Point, southwest of Greensboro, where they believe he had built a new life under the assumed name. Corrales is scheduled for a preliminary hearing in Los Angeles later this month. “Running facial recognition is not very labor-intensive at all,” analyst Michael Garcia said. “If I can probe a hundred fugitives and get one or two, that’s a home run.” Calabrese said Americans should be concerned about how their driver’s licenses are being used. Licenses “started as a permission to drive,” he said. “Now you need them to open a bank account. You need them to be identified everywhere. And suddenly they’re becoming the de facto law enforcement database.” State and federal laws allow driver’s license agencies to release records for law enforcement, and local agencies have access to North Carolina’s database, too. But the FBI is not authorized to collect and store the photos. That means the facial-recognition analysis must be done at the North Carolina Division of Motor Vehicles. http://www.usatoday.com/tech/news/2009-10-13-fbi-dmv-facial-recognition_N.htm?csp=34 GOV’T UNVEILS NEW SHORT URLS (NationalJournal.com, 13 Oct 2009) - The General Services Administration on Tuesday announced a new application that allows government employees to shorten their Web addresses. Go.USA.gov lets officials create short .gov URLs out of any .gov, .mil, or .si.edu URLs. As of 5:30 p.m., Go.USA.gov has shortened 249 URLs that have been clicked 14,299 times. In related Web news, the White House unveiled a new Spanish site and Twitter feed. http://techdailydose.nationaljournal.com/2009/10/govt-unveils-new-short-urls.php - and - WHITE HOUSE CONFRONTS BARRIERS TO GOV 2.0 (Information Week, 14 Oct 2009) - Regulations and technical limitations pose challenges in the federal government’s move to “Government 2.0,” the trend of Web-enabling government data and processes, Andrew McLaughlin, deputy CTO for Internet policy, said in a speech today in Washington, D.C. Several issues come into play as the government increasingly uses popular Web sites such as YouTube, Facebook and Flickr to share information and interact with the public. Advertising on commercial sites is one of them. The U.S. government doesn’t run ads on Web sites because it doesn’t want to be seen as endorsing commercial products, but sites like Flickr and YouTube want to run ads on sites the government uses to host photos and videos. As of now, some sites offer ad-free pages as a public service, but it’s unclear how long they will continue to do so. “Do they offer their sites for free to the government forever?” McLaughlin asked rhetorically. “That’s not a good business model.” The terms-of-use policies of some sites present other concerns for the federal government. Many sites use language that binds their use to the laws of certain states, but the federal government isn’t bound by any one state law, McLaughlin noted. Often such language has to be tweaked for federal use. A third challenge is Section 508, the regulation that requires any technology used by the government to be accessible by the disabled. New technologies often make compliance with Section 508 difficult, McLaughlin said. For example, if a Web site is using Ajax and automatically adds new information to a page, it’s difficult for page readers for the blind or Braille readers to interpret and convey that information. There’s a similar problem with archiving. The government is required to save much information as a matter of public record, but it doesn’t have a good way of digitally archiving things like Facebook comments. For now, the costly work-around is to manually print and store paper copies. In addition, the White House continues to work on a new policy around its use of Web cookies, though it’s unclear when that will come out. McLaughlin noted the government is still assessing the best way to deal with public concerns about what it will do with the Web usage data that cookies collect. http://www.informationweek.com/news/government/info-management/showArticle.jhtml?articleID=220600838&cid=RSSfeed_IWK_News WEB CONTENT POSTED ABROAD NOT SIMULTANEOUSLY PUBLISHED IN AMERICA (BNA’s Internet Law News, 15 Oct 2009) – BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the District of Delaware has ruled that posting content to a foreign website, although instantly accessible in the United States, does not amount to simultaneous publication in the United States such that registration is required to pursue an infringement action under the federal Copyright Act. In a case of first impression, the court ruled that the mere act of posting content to the internet does not mean that the content is simultaneously published in every country where it is accessible. Case name is Moberg v. 33T LLC. LIBRARIES AND READERS WADE INTO DIGITAL LENDING (New York Times, 15 Oct 2009) - Kate Lambert recalls using her library card just once or twice throughout her childhood. Now, she uses it several times a month. The lure? Electronic books she can download to her laptop. Beginning earlier this year, Ms. Lambert, a 19-year-old community college student in New Port Richey, Fla., borrowed volumes in the “Hitchhiker’s Guide to the Galaxy” series, “The Lovely Bones” by Alice Sebold and a vampire novel by Laurell K. Hamilton, without ever visiting an actual branch. Eager to attract digitally savvy patrons and capitalize on the growing popularity of electronic readers, public libraries across the country are expanding collections of books that reside on servers rather than shelves. The idea is to capture borrowers who might not otherwise use the library, as well as to give existing customers the opportunity to try new formats. About 5,400 public libraries now offer e-books, as well as digitally downloadable audio books. The collections are still tiny compared with print troves. The New York Public Library, for example, has about 18,300 e-book titles, compared with 860,500 in circulating print titles, and purchases of digital books represent less than 1 percent of the library’s overall acquisition budget. Most digital books in libraries are treated like printed ones: only one borrower can check out an e-book at a time, and for popular titles, patrons must wait in line just as they do for physical books. After two to three weeks, the e-book automatically expires from a reader’s account. Simon & Schuster, whose authors include Stephen King and Bob Woodward, has also refrained from distributing its e-books to public libraries. “We have not found a business model that works for us and our authors,” said Adam Rothberg, a spokesman. http://www.nytimes.com/2009/10/15/books/15libraries.html?scp=1&sq=kate%20lambert&st=cse LAW.GOV PROPOSES OPEN-SOURCE STASH OF ALL PRIMARY US LEGAL MATERIALS (ABA Journal, 15 Oct 2009) - An ambitious project to create an open-source authenticated repository of all primary legal materials in the United States is being proposed by Law.Gov. Detailed by Law.Gov, the project is presently in a planning stage. A growing group of individuals and organizations including a number of well-known law schools and law professors expect to meet to discuss how it might be pursued and potentially develop a proposal for doing so. “By primary legal materials,” Law.Gov explains, “we mean all materials that have the force of law and are part of the law-making process, including: briefs and opinions from the judiciary; reports, hearings, and laws from the legislative branch; and regulations, audits, grants, and other materials from the executive branch. Creating the system from open source software building blocks will allow states and municipalities to make their materials available as well.” http://www.abajournal.com/mobile/law.gov_mulls_open_source_repository_for_all_primary_us_legal_materials RESOURCES PRIVACY IN ELECTRONIC COMMUNICATIONS: THE REGULATION OF VOIP IN THE EU AND THE UNITED STATES (SSRN Paper, 1 Sept 2009; by Rebecca Wong and Daniel Garrie) - The growth of internet telephony or Voice over Internet Protocol (VoIP) services has led to questions by policymakers and legislators over the regulation of VoIP. In this article, the authors consider the extent to which VoIP services are protected from an EU/US perspective and the concerns arising from the current legislative framework, mainly from privacy perspective. The second part considers VoIP services in general. The third part examines the European framework and in particular, the current categorisation of VoIP services, before considering the privacy perspective, taking into account the Directive on Privacy and Electronic Communications 2002/58 and the general Data Protection Directive 95/46. The fourth part will consider the US framework in protecting the privacy of communications, asserting that the federal courts and legislatures should act to explicitly protect VoIP oral internet communications. The final part will conclude by discussing the principal areas that still need to be addressed. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1466153 BOOK REVIEW BOOK REVIEW: ‘7 STEPS FOR LEGAL HOLDS’ (Law.com, 14 Oct 2009) - I have not applied a legal hold in a corporate or large law firm setting, but John J. Isaza and John J. Jablonski told me how to go about it—and why—in “7 Steps for Legal Holds of ESI and Other Documents.” The book explains how to implement a legal hold in seven easy steps and provides the legal and business drivers behind the holds that can be used to create more efficient business processes for an organization of any size. When I first picked up the book, I thought: “What’s the big deal?” Isaza and Jablonski made it clear. Federal and state courts are focusing on the legal duty to preserve potential evidence in litigation or government investigations, especially evidence stored in electronic form. Increasingly, cases are settling during the discovery phase because of the conspicuous absence or abundant presence of relevant electronic evidence. If evidence is absent, there is the chance your organization may face costly sanctions; if evidence is abundant, your organization may face a costly production that will require an expensive preproduction review of documents for privilege. Isaza and Jablonski are honest and cut to the chase in plain English. They readily admit that the legal hold, although a relatively new legal term, incorporates a legal duty to preserve evidence, which is not new. In fact, the legal hold reflects a time-honored public policy that is embedded into law: it is wrong to destroy evidence. They also bring the legal hold down to earth and instantiate it with fundamental concepts that operate on our daily lives, e.g., when implementing a legal hold, “timing is everything.” Although the book is a monograph, it is bound in a tabbed format that makes for an easy reference book to review material at any of the seven steps to the legal hold. It includes appendices loaded with examples of how misunderstandings of ESI lead to large spoliation sanctions, sample legal hold notices, policies and procedures. One index combines both case names and keywords. Isaza and Jablonski don’t have the last word on legal holds, but they certainly have the right ones, in seven, digestible steps, to get your organization started in fashioning a legal hold policy and procedure to respond to an event that triggers the duty to preserve evidence. In the end, you will want to get out there and put a legal hold on something. http://www.law.com/jsp/article.jsp?id=1202434570370&rss=newswire DIFFERENT INTERNETBAR.org PEACETONES WEBSITE - PeaceTones is an InternetBar project created to build peace, and create opportunities for all members of the global community. The selected project participants are artists from developing economies, remote areas, and conflict zones. After selection InternetBar works with students and participants to digitalize their art. This can mean photographing paintings, recording music, capturing local nature sounds, folk tales, etc. Once digitalized the art is then organized into the form of albums which are then sold online. The proceeds are sent back to the participants in their respective countries in intervals, creating revenues for project participants and their communities. During this process participants learn about technology, the internet, rights, and their intellectual property rights in a global market. If you would like more information, the “PeaceTones Overview” link will take you to a page with an in detail explanation of the entire process. http://www.peacetones.org/index.html [Editor: search iTunes for “Peacetones”; the music is rather wonderful.] LOOKING BACK - MIRLN TEN YEARS AGO RINGING IN THE NEW YEAR WITH GREENWICH NET TIME—January 1 marks the debut of a new time standard that supporters hope will become the online equivalent of the venerable Greenwich Mean Time. Greenwich Net Time will offer ISPs and Internet users a new way to time-stamp electronic documents. Companies involved in the deployment of GNT clocks include the London Internet Exchange (LINX), a nonprofit group of ISPs that share data centers in order to speed Internet traffic within the U.K.; Datum, which is supplying three atomic clocks that will deliver GNT from Greenwich’s zero meridian line; and Enron Communications, an energy and communications firm. LINX members who will support GNT include AT&T, BT Internet Services, France Telecom and Level 3. (Computer Reseller News 29 Dec 99) http://scout.wisc.edu/Projects/PastProjects/net-news/99-12/99-12-30/0001.html MIRLN 2009-10-16T20:54:00-07:00 http://www.knowconnect.com/mirln/article/mirln_6_26_september_2009_v1213h3/ http://www.knowconnect.com/mirln/article/mirln_6_26_september_2009_v1213h3/#When:00:48:00Z • Court Says Court Reporters do not Retain Copyright on Transcripts they Prepare o Twitter Confirms User Ownership of Tweets • Court Allows Suit against Bank for Lax Security o How to Measure Security? NIST Maps out the Emerging Field of IT Metrology • Web-Monitoring Software Gathers Data on Kid Chats • “Anonymized” Data Really Isn’t—And Here’s Why Not • New Jersey Courts Employ Social Media o A Legal Battle: Online Attitude vs. Rules of the Bar o Jurors Required to Sign Promises not to Google Details of Case o Substantial Growth in Online Social Networking by Lawyers over the Past Year o New Jersey Appellate Court Provides Guidance on How Company Email Policies Should Be Crafted o Employers Grappling with Social Network Use • The Sunlight Foundation Names Apps-For-America2 Winners o White House Takes a Big Step into the Cloud with Apps.Gov • HHS and FTC Issue Rulemakings on HITECH Breach Notification Provisions • Times Reporter Blogs His Own Kidnapping • US Court of Appeals for the Ninth Circuit Establishes Protocols for Searches of Electronically Stored Information • Court Rules Overstock Can’t Enforce ‘Browsewrap’ Agreement • Seyfarth Shaw Says Six Sigma Method has Cut Client Fees by up to 50% • Five Major Research Universities Endorse Open-Access Journals o Higher Ed. And TED o From Ivory Tower to Iron Bars: Scientists Risk Jail Time for Violating Export Laws o The Mobile Campus o A Library Address • Airplane Liquid Bombers • Sears Told to Destroy Data Gathered by Online Tracking Software • Govt Review: No Privacy Problems in Cyber Security • National Security Threats in Cyberspace - ABA Workshop Report • Google Confirms that Keyword Metatags Don’t Matter o EU Adviser: Google Ads Don’t Infringe Trademarks • Federal Courts now Offer Hearings Online as Mp3 Files • If The Army Can Put its Doctrine up on a WiKi, You’ve Got No Excuse • 3rd Circuit Says Corporations May Take Info Requests ‘Personally’ NEWS | DIFFERENT | COMMENTARY | LOOKING BACK | NOTES NEWS COURT SAYS COURT REPORTERS DO NOT RETAIN COPYRIGHT ON TRANSCRIPTS THEY PREPARE (TechDirt, 27 August 2009) - In a world where almost every new expression is automatically covered by copyright once set in fixed form, you get some really odd situations—highlighted by a recent ruling pointed out by Michael Scott. Apparently, in a lawsuit between bunch of plaintiffs and the city of Albuquerque, the city paid for a court reporter to record transcripts of some hearings. An attorney for the plaintiffs who wanted to use the transcripts did the smart thing and used New Mexico’s Inspection of Public Records Act to gain access to the transcripts. The problem? The city and the court reporter who recorded the transcripts would have charged a much higher fee for a copy of the transcripts, and felt that the lawyer’s use of the law to gain access was somehow unfair. The court then ordered the lawyer to pay the court reporter over $4,000 to make up the “difference.” The lawyer, however, appealed, and the appeals court has thrown out the lower court ruling, saying that forcing the lawyer to pay the higher fee would mean that the court reporter effectively was given a copyright to the transcripts: “In broad terms, [the court reporter’s] fee claim rests on the tacit premise that court reporters in some legal sense own the content of the transcripts they prepare, such that they are entitled to remuneration whenever a copy of a transcript is made (even if they played no role in making the copy). To accept this premise would effectively give court reporters a “copyright” in a mere transcription of others’ statements, contrary to black letter copyright law. See 2 William F. Patry, Patry on Copyright, Ch. 4 Noncopyrightable Material, § 4.88 (Updated Sept. 2008) (court reporters are not “authors of what they transcribe and therefore cannot be copyright owners of the transcript of court proceedings”).” http://techdirt.com/articles/20090827/0231116015.shtml - and - TWITTER CONFIRMS USER OWNERSHIP OF TWEETS (Information Week, 11 Sept 2009) - Twitter co-founder Biz Stone on Thursday said that the popular online messaging site had updated its Terms of Service to clarify what users can expect from the service, though the announcement appears to be more about reassuring users than delineating substantive rights. The move suggests a desire not to repeat the controversy that Facebook found itself in when, in February, the social network altered its Terms of Service and users read the language as a claim of ownership over all user-submitted content. “The revisions [of Twitter’s Terms of Service] more appropriately reflect the nature of Twitter and convey key issues such as ownership,” said Stone in a blog post. “For example, your tweets belong to you, not to Twitter.” This does not appear to be much of a change, however. Twitter’s Terms of Service from October 2007 state, “We claim no intellectual property rights over the material you provide to the Twitter service. Your profile and materials uploaded remain yours.” Such assurances may mollify twittering authors of note but they’re not particularly meaningful. “The vast majority of tweets are likely to be too short and lacking in creativity to qualify for copyright,” said Fred von Lohmann, senior staff attorney for the Electronic Frontier Foundation, in an e-mail. “So they are not ‘owned’ by anyone, much like your idle chatter while walking down the street isn’t ‘owned’ by anyone.” Lohmann however grants that there are exceptions, such as a carefully-crafted haiku that was tweeted. http://www.informationweek.com/news/internet/social_network/showArticle.jhtml?articleID=220000033&cid=RSSfeed_IWK_News COURT ALLOWS SUIT AGAINST BANK FOR LAX SECURITY (ComputerWorld, 2 Sept 2009) - A couple whose bank account was breached can sue their bank for its alleged failure to implement the latest security measures designed to prevent such compromises. In a ruling issued last month, Judge Rebecca Pallmeyer, of the District Court for the Northern District of Illinois, denied a request by Citizens Financial Bank to dismiss a negligence claim brought against it by Marsha and Michael Shames-Yeakel. The Crown Point, Ind. couple—customers of the bank—alleged that Citizens’ failure to implement up-to-date user authentication measures resulted in the theft of more than $26,000 from their home equity line of credit. The negligence claim was one of several claims brought against Citizens by the couple. Although, Pallmeyer dismissed several of the other claims, she allowed the negligence claim against Citizens to stand. She noted that the couple had shown that a “reasonable finder of fact could conclude that the bank breached its duty to protect Plaintiffs’ account against fraudulent access.” The ruling highlights an issue that security analysts have been talking about for a long time: the need by companies to show due diligence in protecting customer data against malicious and accidental compromise. Security analysts have warned that companies that can’t prove they took adequate measures to protect data could find themselves exposed to legal liability after a data breach. http://www.computerworld.com/s/article/9137451/Court_allows_suit_against_bank_for_lax_security?source=CTWNLE_nlt_dailyam_2009-09-03 - and - HOW TO MEASURE SECURITY? NIST MAPS OUT THE EMERGING FIELD OF IT METROLOGY (GCN, 10 Sept 2009) - Information technology security is a hot topic, but attention usually focuses on the lack of it. What is missing is an objective, quantifiable way to effectively measure it. “Security can be looked at in different ways by different people,” said Wayne Jansen, a computer scientist at the National Institute of Standards and Technology’s IT Laboratory. There is quality control for code developers, the process of deploying a system, and its maintenance by users. “These are all different aspects,” and they do not lend themselves to traditional methods of measurement used in physical science, he said. Jansen has examined the status of efforts to develop security metrics, identified challenges and suggested a course for future research in a recent NIST report, “Directions in Security Metrics Research.” There have been a number of efforts to establish metric systems for security, including the international Common Criteria, the Defense Department’s Trusted Computer System Evaluation Criteria, the European Communities’ Information Technology Security Evaluation Criteria, and the International Systems Security Engineering Association’s Systems Security Engineering Capability Maturity Model. http://gcn.com/Articles/2009/09/14/Update-1-Security-metrics-lacking-for-IT-systems.aspx?s=gcndaily_110909&Page=1 WEB-MONITORING SOFTWARE GATHERS DATA ON KID CHATS (AP, 4 Sept 2009) - Parents who install a leading brand of software to monitor their kids’ online activities may be unwittingly allowing the company to read their children’s chat messages — and sell the marketing data gathered. Software sold under the Sentry and FamilySafe brands can read private chats conducted through Yahoo, MSN, AOL and other services, and send back data on what kids are saying about such things as movies, music or video games. The information is then offered to businesses seeking ways to tailor their marketing messages to kids. “This scares me more than anything I have seen using monitoring technology,” said Parry Aftab, a child-safety advocate. “You don’t put children’s personal information at risk.” The company that sells the software insists it is not putting kids’ information at risk, since the program does not record children’s names or addresses. But the software knows how old they are because parents customize its features to be more or less permissive, depending on age. Five other makers of parental-control software contacted by The Associated Press, including McAfee Inc. and Symantec Corp., said they do not sell chat data to advertisers. http://tech.yahoo.com/news/ap/20090904/ap_on_hi_te/us_tec_internet_monitoring_kids_3 “ANONYMIZED” DATA REALLY ISN’T—AND HERE’S WHY NOT (ArsTechnica, 8 Sept 2009) - The Massachusetts Group Insurance Commission had a bright idea back in the mid-1990s—it decided to release “anonymized” data on state employees that showed every single hospital visit. The goal was to help researchers, and the state spent time removing all obvious identifiers such as name, address, and Social Security number. But a graduate student in computer science saw a chance to make a point about the limits of anonymization. Latanya Sweeney requested a copy of the data and went to work on her “reidentification” quest. It didn’t prove difficult. Law professor Paul Ohm describes Sweeney’s work: “At the time GIC released the data, William Weld, then Governor of Massachusetts, assured the public that GIC had protected patient privacy by deleting identifiers. In response, then-graduate student Sweeney started hunting for the Governor’s hospital records in the GIC data. She knew that Governor Weld resided in Cambridge, Massachusetts, a city of 54,000 residents and seven ZIP codes. For twenty dollars, she purchased the complete voter rolls from the city of Cambridge, a database containing, among other things, the name, address, ZIP code, birth date, and sex of every voter. By combining this data with the GIC records, Sweeney found Governor Weld with ease. Only six people in Cambridge shared his birth date, only three of them men, and of them, only he lived in his ZIP code. In a theatrical flourish, Dr. Sweeney sent the Governor’s health records (which included diagnoses and prescriptions) to his office.” Boom! But it was only an early mile marker in Sweeney’s career; in 2000, she showed that 87 percent of all Americans could be uniquely identified using only three bits of information: ZIP code, birthdate, and sex. http://arstechnica.com/tech-policy/news/2009/09/your-secrets-live-online-in-databases-of-ruin.ars [Editor: Paul Ohm has a coming article tentatively titled “The Probability of Privacy”; early drafts are provoking. See also ]https://www.eff.org/deeplinks/2009/09/what-information-personally-identifiable] NEW JERSEY COURTS EMPLOY SOCIAL MEDIA (Robert Ambrogi, 8 Sept 2009) - Thanks to the blog Social Media Law Student for the heads-up about the announcement from the New Jersey judiciary that it is adopting an array of social-media tools to keep lawyers, litigants and the public better informed of court developments. The court system now has a Twitter feed and uses text messages to send out breaking news alerts. These cover unscheduled court closings and other high priority information. The courts also now have three RSS feeds—one for news releases, one for notices to the bar, and a third for Supreme and Appellate Court opinions. In addition, the court system has set up a Facebook page, where it will post press releases, court information and photos of court events, and a YouTube page, where it will post videos that offer lessons in using the courts. http://www.legaline.com/2009/09/new-jersey-courts-employ-social-media.html - and - A LEGAL BATTLE: ONLINE ATTITUDE VS. RULES OF THE BAR (New York Times, 13 Sept 2009) - Sean Conway was steamed at a Fort Lauderdale judge, so he did what millions of angry people do these days: he blogged about her, saying she was an “Evil, Unfair Witch.” But Mr. Conway is a lawyer. And unlike millions of other online hotheads, he found himself hauled up before the Florida bar, which in April issued a reprimand and a fine for his intemperate blog post. Mr. Conway is hardly the only lawyer to have taken to online social media like Facebook, Twitter and blogs, but as officers of the court they face special risks. Their freedom to gripe is limited by codes of conduct. “When you become an officer of the court, you lose the full ability to criticize the court,” said Michael Downey, who teaches legal ethics at the Washington University law school. And with thousands of blogs and so many lawyers online, legal ethics experts say that collisions between the freewheeling ways of the Internet and the tight boundaries of legal discourse are inevitable — whether they result in damaged careers or simply raise eyebrows. Mr. Conway initially consented to a reprimand from the bar last year, but the State Supreme Court, which reviews such cases, demanded briefs on First Amendment issues. The American Civil Liberties Union of Florida argued that Mr. Conway’s statements were protected speech that raised issues of legitimate public concern. Ultimately the court affirmed the disciplinary agreement and Mr. Conway paid $1,200. That penalty is light compared with the price paid by Kristine A. Peshek, a lawyer in Illinois who lost her job as an assistant public defender after 19 years of service over blog postings and who now faces disciplinary hearings as well. http://www.nytimes.com/2009/09/13/us/13lawyers.html?_r=1&hp - and - JURORS REQUIRED TO SIGN PROMISES NOT TO GOOGLE DETAILS OF CASE (TechDirt, 16 Sept 2009) - There have been plenty of stories concerning judges warning jurors not to research any additional items about a case online, but JJ points us to what is apparently a first (at least in California). A judge has ordered the jury to sign a document that they will not use the internet to research the case, and they can face perjury charges if they’re caught doing so. http://techdirt.com/articles/20090915/0412536196.shtml - and - NEW JERSEY APPELLATE COURT PROVIDES GUIDANCE ON HOW COMPANY EMAIL POLICIES SHOULD BE CRAFTED (Duane Morris, 21 Sept 2009) - In light of a recent New Jersey appellate court decision, employers may want to review and update company email policies to ensure that employees are properly made aware that employers have the right to access and review certain private emails that may be generated through a company-sponsored computer system. In Stengart v. Loving Care Agency, Inc.,1 the New Jersey Superior Court, Appellate Division, clarified how an employer should craft email policies to ensure that employees understand that, while they may consider certain emails to be private, the employer nonetheless retains the right to access the materials by virtue of the employee’s use of company technology. http://www.duanemorris.com/alerts/NJ_Employment_Email_Stengart_3408.html - and - SUBSTANTIAL GROWTH IN ONLINE SOCIAL NETWORKING BY LAWYERS OVER THE PAST YEAR (BeSpacific, 20 Sept 2009) - 2009 Networks for Counsel Study - A Global Study of the Legal Industry’s Adoption of Online Professional Networking, Preferences, Usage and Future Predictions - Sample Composition: “The survey was administered to 1,474 counsel – 764 private practice lawyers and 710 corporate counsel –in May and June of 2009; 33 countries were represented. Financial Services, Manufacturing and Healthcare were the top three industries represented.” Key Findings: “Networking remains critical to the legal industry, yet resource constraints make it more difficult than ever; Use of social networking sites has grown significantly over the past year, with three‐quarters of all counsel now reporting they are members of a social or professional network..” http://www.bespacific.com/mt/archives/022366.html#022366 Study here: http://www.leadernetworks.com/documents/Networks_for_Counsel_2009.pdf - and - EMPLOYERS GRAPPLING WITH SOCIAL NETWORK USE (CNET, 24 Sept 2009) - Social networking is on the rise, both on and off the job, leaving companies uncertain how to monitor their use by employees, reports new survey. More than 50 percent of companies questioned said they have no policy to address the use of social networking by employees outside the workplace, according to a survey released Wednesday by the Society of Corporate Compliance and Ethics and the Health Care Compliance Association. Typically, companies shy away from restricting an employee’s actions off the job. But businesses are concerned about employees who use social networking and reveal private details or post inappropriate pictures that could embarrass the company. Some organizations, such as the U.S. Marines, have already banned their recruits from using Facebook and Twitter. But the survey found that many businesses aren’t sure what to do to restrict or monitor such usage. Of the companies questioned in the survey, 34 percent said they have a general employee policy that addresses all online activity, including the use of social networking, both on and off the job. Only 10 percent said they have a policy specifically geared toward social networks. http://news.cnet.com/8301-10797_3-10360849-235.html [Editor: This is my area of concentration – see http://www.knowconnect.com/policies/ and the various articles and presentations available there.] THE SUNLIGHT FOUNDATION NAMES APPS FOR AMERICA2 WINNERS (press release, 9 Sept 2009) - The Sunlight Foundation awarded Datamasher.org with the grand prize of $10,000 for Sunlight’s Apps for America 2: The Data.gov Challenge. Datamasher.org is a Web application designed by Forum One Communications that lets anyone—no programming background required—choose different government data sets and mash them up to create visualizations and compare results on a state by state basis. Clay Johnson, director of Sunlight Labs, announced the winners and distributed over $25,000 in awards late yesterday at the Gov 2.0 Expo hosted by O’Reilly Media and TechWeb. Sunlight created the Apps for America 2: The Data.gov Challenge to solicit creative Web applications based on the information available at Data.gov, the new central depository for government data created by Federal Chief Information Officer Vivek Kundra. It was inspired by the Sunlight’s commitment to use new tools to make the work of the federal government more transparent. The $5,000 second prize went to GovPulse, which allows viewers to quickly search the Federal Register in a variety of ways, including by agency or date. Sunlight awarded the third place award of $2,500 to ThisWeKnow.org, which lets users type in their zip code and get back a wealth of information about their neighborhood drawn from different agencies. Additionally, QuakeSpotter.org won the bonus prize of $2,500 for best data visualization. QuakeSpotter.org, a cross-platform desktop application shows where earthquakes are happening and matches that to mentions of the earthquake on the popular social network, Twitter. http://sunlightfoundation.com/presscenter/releases/2009/09/09/sunlight-names-apps-america2-winners/ - and - WHITE HOUSE TAKES A BIG STEP INTO THE CLOUD WITH APPS.GOV (ArsTechnica, 21 Sept 2009) - “The Cloud” may not mean what you think it means, but the White House is hitching a ride on this fluffy bandwagon with Apps.gov. The site is essentially a White House-sanctioned App Store of social media services approved for government agencies, made possible largely because of some unique TOS amendments. Run by the US General Services Administration (GSA), Apps.gov arranges quite a few social media services under categories like Business, Productivity, Social Media, and Cloud IT, with the latter listing services like storage, Web hosting, and virtualization as “coming soon.” Almost every commercial and free service that you have (and have not) heard of is here, ranging from Facebook, Scribd, Vimeo, and Google Apps. The site also offers a market-speak crash course in the cloud’s advantages of reduced cost, less overhead, going green, and adopting modern technologies and trends more quickly. Agency representatives can learn about each service and, once logged in, submit a department request or purchase order. The entire process seems deceptively App Store-simple (at least the publicly accessible portion), especially since most of the red tape around adopting such services is summarized in the FAQs. In a way, the GSA is treating Apps.gov like high schools now treat Wikipedia: it’s OK to use as research springboard, but agencies should consult their respective higher powers before diving into the deep end. http://arstechnica.com/web/news/2009/09/white-house-takes-a-big-step-into-the-cloud-with-appsgov.ars?utm_source=microblogging&utm_medium=arstch&utm_term=Main%20Account&utm_campaign=microblogging HHS AND FTC ISSUE RULEMAKINGS ON HITECH BREACH NOTIFICATION PROVISIONS (Sidley Austin, 9 Sept 2009) - The U.S. Department of Health and Human Services (“HHS”) and Federal Trade Commission (“FTC”) recently issued separate rules implementing the groundbreaking breach notification provisions of the Health Information Technology for Economic and Clinical Health Act (“HITECH”). HHS’ breach notification interim final rule applies to entities that meet the definition of “covered entity” or “business associate” under the privacy and security regulations promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). FTC’s breach notification final rule applies to entities – other than covered entities or business associates – that offer or maintain personal health records (“PHR vendors”), certain entities offering products or services through PHR Web sites or providing services to PHR vendors, and third-party service providers of such entities. Although HHS and FTC each stated that they consulted closely to harmonize the two rules, the agencies’ regulations contain at least two major differences. Under the HHS interim final rule, a reportable breach occurs only if there is a significant risk of harm to the individual. In contrast, the FTC final rule presumes unauthorized acquisition when there is unauthorized access to data unless the entity that discovers the incident can rebut the presumption with “reliable evidence” showing there has not been, or could not reasonably have been, unauthorized acquisition of such data. Additionally, the HHS interim final rule applies to protected health information (“PHI”) in any form (paper or electronic) whereas the FTC rule applies only to electronic information. The HHS and FTC rules take effect 30 days after publication in the Federal Register (September 23, 2009, for the HHS interim final rule with request for comments, and September 24, 2009, for the FTC final rule). Significantly, however, HHS and FTC have stated that they will not enforce the notification requirements for breaches that are discovered within 180 days from the date of publication in the Federal Register (February 22, 2010). http://www.sidley.com/files/News/7a96572a-07f5-4b1f-a20c-82d59fc159ce/Presentation/NewsAttachment/546dc18d-8ed9-4bf0-a4dc-8601afae4653/Healthcare_Privacy_Update_09.09.09.pdf#page=1 See also: http://www.steptoe.com/publications-6321.html TIMES REPORTER BLOGS HIS OWN KIDNAPPING (Danger Room, 10 Sept 2009) - If you haven’t read it yet, go read New York Times At War blogger Stephen Farrell’s first-person account of his kidnapping by the Taliban — and the death of his Afghan colleague, Sultan Munadi. It’s heartbreaking stuff. But equally important, Farrell’s involuntary “embed” provides a glimpse of the insurgent organization in northern Afghanistan. With a keen eye for detail, Farrell notes everything from the Taliban’s operational security (abysmal), their equipment and financing (marginal) and their control of parts of Kunduz Province (near absolute). http://www.wired.com/dangerroom/2009/09/ny-times-reporter-blogs-his-own-kidnapping/ US COURT OF APPEALS FOR THE NINTH CIRCUIT ESTABLISHES PROTOCOLS FOR SEARCHES OF ELECTRONICALLY STORED INFORMATION (Mayer Brown, 10 Sept 2009) - The long-running BALCO steroid investigation that led to the indictment of Major League Baseball (MLB) star Barry Bonds has resulted in a potentially landmark decision related to the manner in which government agents apply for and execute search warrants for electronically stored information (ESI). In United States v. Comprehensive Drug Testing, Inc., No. 15-10067 (9th Cir. Aug. 26, 2009), the en banc Ninth Circuit affirmed a lower court ruling ordering the government to return an overbroad set of electronic data seized under a search warrant. This decision will force the Department of Justice to adjust its procedures for using ESI search warrants—a common tool for gathering evidence—in the midst of the government’s recent efforts to step up enforcement of federal laws. http://www.mayerbrown.com/publications/article.asp?id=7498&nid=6 COURT RULES OVERSTOCK CAN’T ENFORCE ‘BROWSEWRAP’ AGREEMENT (OnlineMediaDaily, 14 Sept 2009) - A federal judge has ruled that Internet retailer Overstock can’t enforce the mandatory arbitration agreement set out in its online terms and conditions because there is no evidence that consumers read the policy. The ruling, issued last week by U.S. District Court Judge Sterling Johnson, Jr., grew out of a dispute about a restocking fee between customer Cynthia Hines and the online retailer. Hines sued Overstock for charging her a $30 fee after she returned a vacuum cleaner. Overstock countered that the case should not be in court because the site’s terms and conditions provided for mandatory arbitration. A link at the bottom of Overstock’s home page took visitors to a page that spelled out those terms. But Johnson found that the “browsewrap” agreement did not adequately notify Hines about the provision. Hines “lacked notice of the terms and conditions because the website did not prompt her to review the terms and conditions and because the link to the terms and conditions was not prominently displayed,” he wrote. “When courts think something is so important that a consumer might not have purchased if the details of the deal were more visible, they will impose a higher bar to ensure users are informed,” Jules Polonetsky, co-chair and director of the think tank Future of Privacy Forum, said in an email to Online Media Daily. Polonetsky adds that the Overstock ruling is “in sync with thinking at the FTC and on the Hill, where increasingly the view is that behavioral advertising matters enough to users that sites need to be truly up front about it.” http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=113404 See also http://newmedialaw.proskauer.com/2009/09/articles/contracts/arbitration-provision-unenforceable-where-online-retailers-link-to-browsewrap-terms-and-conditions-was-not-prominently-displayed/ SEYFARTH SHAW SAYS SIX SIGMA METHOD HAS CUT CLIENT FEES BY UP TO 50% (ABA Journal, 14 Sept 2009) - Seyfarth Shaw has embraced Six Sigma to such an extent that press releases announcing lawyer promotions or additions extol its virtues. The law firm even has a name for its Six Sigma approach: SeyfarthLean. Six Sigma emphasizes rigorous measuring and perfecting of processes, but also can squelch innovation, according to critics. Many companies that can’t afford to cut any more employees are embracing Six Sigma in an effort to improve the bottom line, Business Week reports. Seyfarth managing partner Stephen Poor is a believer, as is Robert Reynolds Jr., a lawyer joining the firm from Alston & Bird who labeled the firm’s Six Sigma accomplishments “extraordinary” in a press release. Poor called Six Sigma Poor “a very powerful tool” in a Business Week interview. Seyfarth says on its website that it is using Six Sigma to eliminate inefficiencies that can push legal bills higher, resulting in cost savings to clients ranging from 13 percent to 50 percent. In an e-mail interview with the ABA Journal, Poor didn’t name a specific client that has saved 50 percent on legal bills. Instead, he mentioned a “summary judgment project” at the law firm that eliminated inefficiencies and bottlenecks, “resulting in a 50 percent savings from the usual costs.” Poor told the ABA Journal that Seyfarth uses its tailor-made version of Six Sigma to set prices for legal work in a collaborative process with clients. As an example of Six Sigma in action, he points to the law firm’s efforts to work with 7-Eleven in its quest to ramp up store openings. Seyfarth helped by developing processes to “reduce cycle time” for store leases. Using Six Sigma, the law firm introduced “consistency, standardization, quality control [and] efficiency” into the process. http://www.abajournal.com/weekly/seyfarth_shaw_says_six_sigma_has_cut_client_fees_by_up_to_50_percent [Editor: Bah! This seems like simple process-control, such as practiced by most real businesses for 15 years. For example, BP did something similar in routinizing the creation of retail service stations in Asia in the middle 1990s. Knowledge Management processes yield even better results, but are nearly impossible to deploy in law firm cultures. The “news” here is that it’s taken law firms so long to take such baby-steps.] FIVE MAJOR RESEARCH UNIVERSITIES ENDORSE OPEN-ACCESS JOURNALS (Chronicle of Higher Ed, 14 Sept 2009) - In an effort to support alternatives to traditional scholarly publishing, five major research universities announced their joint commitment to open-access journals on Monday. The institutions—Cornell University, Dartmouth College, Harvard University, the Massachusetts Institute of Technology, and the University of California at Berkeley—signed a compact agreeing to the “timely establishment” of mechanisms for providing financial support for free open-access journals. While conventional journals require institutions to pay subscription fees to access articles, open-access publications make their material free to the public, thus aiding libraries forced to cut back during difficult financial times, officials at the universities believe. John M. Saylor, associate university librarian for scholarly resources and special collections at Cornell, says it is a much healthier research environment when the financial burden is taken off the reader and everyone has access to the same research. Mr. Saylor says, however, that the challenge now is to develop a system that pays for the operation of journals that give away the store. “We just don’t know if it’s going to be too expensive,” he said. http://chronicle.com/blogPost/5-Major-Research-Universities/8042/ - and - HIGHER ED. AND TED (InsideHigherEd, 16 Sept 2009) - TED talks pose all sorts of challenges and opportunities for those of us in higher education. The quality of the freely available content gives lie to the notion that the best lectures occur within the gates of academe. The format of the talks can teach us a thing or two about the optimal length, timing, pace and content of the lecture. And the conversations around the online lectures remind us that the degree to which learning is social. Perhaps the biggest lesson from http://www.ted.com/ for learning technology is the method in which TED makes its videos available to the world. Two characteristics of the TED media strategy stand out: 1. TED talks are released under the Creative Commons license. http://www.ted.com/index.php/help#talks5 The Creative Commons variant that TED chooses allows the videos to be freely shared and reposted. The license does not allow TED talks to be remixed. This strategy strikes a good balance between facilitating the diffusion of the content while protecting the integrity of the narrative. Institutions of higher education should follow this strategy for as much of the content produced on campus as possible, with Creative Commons permissions included in all (taped) speaker release forms. 2. TED talks are made available in multiple formats, including a streaming version, video to desktop (MP4) and video to ITunes (MP4). Embed code is always provided to allow the reposting of the talks. The multiple formats encourage the audience to download and consume the media on the device that is most convenient. I download TED talks to iTunes and copy them over to my iPod touch. Having TED talks on a mobile platform allows the viewing of these talks when I have a few free moments and in small chunks. http://www.insidehighered.com/blogs/technology_and_learning/higher_ed_and_ted [Editor: the TED talks are generally quite good: ]http://www.ted.com/] - and - FROM IVORY TOWER TO IRON BARS: SCIENTISTS RISK JAIL TIME FOR VIOLATING EXPORT LAWS (Danger Room, 17 Sept 2009) - John Reece Roth never thought he’d be going to prison for his research on plasma physics. But that’s precisely where the 72-year old University of Tennessee professor will likely spend the next four years. Roth was sentenced last month for sharing his research with foreign graduate students and taking a laptop with his research to China. Along with his university research, he was working on an unclassified contract from the U.S. Force looking at ways to reduce drag on drones using plasma actuators. The case has been closely watched by university professors working in areas that deal with controlled technical information, particularly satellite technology, which is classified as a munition. As I write in a recent article for Nature (apologies, behind a paywall): “Concerns over prosecution have even led some academics to self-censor when teaching, particularly in the area of satellites, which have been under the control of the state department since 1999. That shift, which was prompted by a satellite manufacturer illegally sharing technical data with China about the failure of a Long March rocket, had an immediate effect on university work in the area. “There are things I was once comfortable talking about in class, and I’m not comfortable with anymore,” says Thomas Zurbuchen, a professor of space science and aerospace engineering at the University of Michigan in Ann Arbor.” It’s a difficult subject: many people I interviewed felt Roth showed blatant disregard for the law — he was warned his work fell under the State Department’s munitions list — but they expressed deep frustration with the ambiguity of the laws. Clif Burns, a lawyer at Bryan Cave, who contributes to the equally amusing and educational Export Law Blog, believes the Roth case is an anomaly — at least so far. Burns also told me that part of Roth’s particular problem was that he was sharing research with graduate students from the two countries of most concern to the United States: China and Iran. http://www.wired.com/dangerroom/2009/09/from-ivory-tower-to-iron-bars-academics-risk-jail-time-for-violating-export-laws/ - and - THE MOBILE CAMPUS (InsideHigherEd, 21 Sept 2009) - Last fall, Abilene Christian University gave out free iPhones or iPod Touches to its first-year undergraduates as part of an attempt by the Texas college to transform its campus into a 200-acre Petri dish for studying the intersection of mobile technology and higher education. Now, the reviews from the first year of the experiment are in — and they are glowing. In the university’s 2008-2009 Mobile-Learning Report — a 24-page glossy prepared for the university’s board of trustees — Scott Perkins, a psychology professor and director of research for the mobile initiative, writes that “iPhones present a more attractive platform for learning” than current classroom tools, and “learning activities can be successfully transitioned to mobile-device platforms.” Furthermore, 89 percent of students and 87 percent of faculty polled called the program successful. The Abilene Christian project has been viewed by some as a gimmick, similar to Duke University’s widely publicized 2004 decision to give each member of its incoming class an iPod—a program it quickly changed to encompass only certain students, then changed again to a partially subsidized purchase opportunity. Although Rankin said he thinks the Duke experiment was a success, it left many stones unturned. “Duke gave out the devices like they were sowing seeds in a field,” Rankin said, “saying, ‘Let’s see who does something with them.’” Abilene Christian’s approach is more active: Give students the mobile devices, then have professors integrate the machines and their tools into the way courses are taught, and measure the changes. Chemistry instructor Cynthia Powell, for example, created a special section of 25 iPhone users to whom she delivered laboratory preparation and safety lectures via podcast, rather than giving them in the classroom. Then she tracked the performance of that section relative to her 109 other students in the five categories she uses to determine grades. While the higher scores of the mobile group were not outside the substantial margin of error, Perkins said the mere fact that there was no decrease in score was evidence that such instruction “can transition to a mobile platform with no loss in student mastery of content.” http://www.insidehighered.com/news/2009/09/21/iphones - and - A LIBRARY ADDRESS (InsideHigherEd, 24 Sept 2009) - One of the best things about my job in learning technology is that I get to work in a library. How many of you have your physical offices inside your campus library? The future, I believe, will be the intermingling and merging of the academic library and academic technology disciplines. Even if academic technology and academic library services remain organizationally independent, our daily work and strategic goals will become increasingly intertwined. EDUCAUSE has a great page of resources on IT-Library Mergers—and I’d appreciate any pointers folks have around best practices in collaboration. 5 of the best things about having an office inside the college library: * * * http://www.insidehighered.com/blogs/technology_and_learning/a_library_address AIRPLANE LIQUID BOMBERS (CryptoGram, 15 Sept 2009) - Perfectly legal (obtained with a FISA warrant) NSA intercepts used to convict liquid bombers. http://www.schneier.com/blog/archives/2009/09/nsa_intercepts.html The BBC has a video demonstration of a 16-ounce bottle of liquid blowing a hole in the side of a plane. I know no more details than what’s in the video. http://news.bbc.co.uk/2/hi/uk_news/7536167.stm [Editor: very, very impressive detonation. I’m convinced.] SEARS TOLD TO DESTROY DATA GATHERED BY ONLINE TRACKING SOFTWARE (The Register, 16 Sept 2009) - US retailer Sears has been ordered to destroy all the customer data it collected from a piece of online tracking software that consumer regulator the Federal Trade Commission (FTC) said was unfairly used. The FTC said that while customers had been warned that, once downloaded, software would track their browsing, it had in fact tracked browsing on third party websites, secure browsing including banking and transactions and even some non-internet computer activity. “The FTC charged… that the software also monitored consumers’ online secure sessions – including sessions on third parties’ Web sites – and collected consumers’ personal information transmitted in those sessions, such as the contents of shopping carts, online bank statements, drug prescription records, video rental records, library borrowing histories, and the sender, recipient, subject, and size for web-based e-mails,” said an FTC statement. Sears has been ordered to make notification of any future tracking clearer, and to delete all the information gathered through the use of the software. “Only in a lengthy user license agreement, available to consumers at the end of a multi-step registration process, did Sears disclose the full extent of the information the software tracked,” said an FTC statement. “The [FTC] complaint charged that Sears’s failure to adequately disclose the scope of the tracking software’s data collection was deceptive and violates the FTC Act.” Sears, which owns KMart, has settled the case with the FTC, the regulator said. Sears paid some visitors to sears.com and kmart.com $10 to participate in a scheme to monitor their browsing via “research software”. The full extent of the monitoring was only made clear in a long user agreement visible after the downloading of the software. Sears has agreed to tell users more clearly and prominently what activity will be recorded, and to do so before any software is downloaded. The case resulted from an administrative complaint from the FTC itself. http://www.theregister.co.uk/2009/09/16/sears_to_destroy_tracking_software_data/ FTC’s Order here: http://www.ftc.gov/os/caselist/0823099/090604searsdo.pdf GOVT REVIEW: NO PRIVACY PROBLEMS IN CYBER SECURITY (Washington Post, 18 Sept 2009) - The Justice Department has concluded that a beefed-up surveillance program that monitors federal employees’ Internet traffic does not violate their rights or those of private citizens who communicate with them. But the review of the Einstein 2 program was limited and leaves important questions unanswered, said the vice president of an Internet freedom watchdog group. Einstein 2 is a second-generation automated program designed to detect cyber attacks on government computer networks. The review, completed last month and released Friday, said the system addresses potential privacy concerns by warning employees when they log in that their communications may be monitored. Such warnings “eliminate federal employees’ legitimate expectations of privacy” on government computers, acting Assistant Attorney General David J. Barron wrote. http://www.washingtonpost.com/wp-dyn/content/article/2009/09/18/AR2009091802905.html NATIONAL SECURITY THREATS IN CYBERSPACE - A WORKSHOP REPORT (ABA’s Standing Committee on Law & National Security, 21 Sept 2009) - The last few years have seen a remarkable surge in the degree of concern publicly expressed by government officials regarding “national security threats” in cyberspace. The Bush Administration began development of a Comprehensive National Cybersecurity Initiative (CNCI) in January 2008. The Obama Administration has followed with a Cyberspace Policy Review and a promise to appoint a “Cyber Czar” to coordinate a federal government response. Funding for initiatives to protect the cyber domain is likely to increase significantly. The ferment of ideas is substantial, even by Washington “crisis” standards. Some question whether a threat exists at all while others deem the threat existential. Novel issues of policy and law surface on an almost daily basis as technological innovation runs headlong forward, leaving policy‐makers and concerned legislators trailing in its wake. As the United States continues the development of its cybersecurity policy, the time is ripe for reflection and an examination of first principles. To that end the American Bar Association Standing Committee on Law and National Security, the McCormick Foundation, and the National Strategy Forum sponsored a two‐day workshop in Annapolis, Maryland on June 4‐5, 2009. The workshop brought together more than two dozen experts with diverse backgrounds: physicists; telecommunications executives; Silicon Valley entrepreneurs; Federal law enforcement, military, homeland security, and intelligence officials; Congressional staffers; and civil liberties advocates. For those two days they engaged in an open‐ended discussion of cyber policy as it relates to national security. The discussion was under Chatham House Rules – their comments were for the public record, but they were not for attribution. Full report here: http://www.abanet.org/natsecurity/threats_%20in_cyberspace.pdf [Compare, good article on the exaggerated fears of cyberwar: ]http://bostonreview.net/BR34.4/morozov.php] GOOGLE CONFIRMS THAT KEYWORD METATAGS DON’T MATTER (Eric Goldman’s blog, 22 Sept 2009) - Few Internet technologies have horked [sic] cyberlaw as much as keyword metatags. Back in the 1990s, some search engines indexed keyword metatags, which encouraged some websites to stuff their keyword metatags as a way of gaming the rankings. Judges took a dim view of this practice, largely because the surreptitious nature of keyword metatags seemed inherently sinister, regardless of their efficacy. In the interim, search engines wizened up. Some search engines stopped indexing keyword metatags, and others greatly diminished the credit they assigned to keyword metatags. As a result, for the better part of this century, keyword metatags have had either zero or de minimis effect on search engine placement. However, the anti-keyword metatag legal doctrines developed in the 1990s have persisted, even as the technology changed. Although occasionally judges have gotten it right (see, e.g., Standard Process v. Banks). most courts still treat the presence of a third party trademark in keyword metatags as essentially a per se trademark infringement--even if the keyword metatags didn’t (and couldn’t) change the search results ordering or any consumer’s behavior. For a quick sense of the ridiculous state of keyword metatag jurisprudence, take a look at my recent blog posts on the topic. The current state of nature has put keyword metatag defendants in a bind. On the one hand, the law treats the inclusion of third party trademarks as per se trademark infringement. On the other hand, everyone in the industry knows they are irrelevant but search engines have been less than forthcoming about the components of their search engine algorithms, leaving scanty citable material to support that proposition. And judges, deciding between the weight of a dozen years of anti-keyword metatag legal precedence and not-from-the-horse’s-mouth assessments of keyword metatag efficacy, not surprisingly continue to stick with the outdated legal precedent. This makes Google’s announcement yesterday so exciting. Google’s star techie Matt Cutts says in plain language that Google’s core search algorithm ignores keyword metatags. This isn’t news in the sense that we’ve known this about Google for years, but I believe this is Google’s first public confirmation of keyword metatag’s irrelevancy. Matt’s short video clip goes so far to tell trademark owners to quit suing over keyword metatags. Amen! http://blog.ericgoldman.org/archives/2009/09/google_confirms.htm - and - EU ADVISER: GOOGLE ADS DON’T INFRINGE TRADEMARKS (SiliconValley.com, 22 Sept 2009) - A European Union court adviser said Tuesday that Google does not violate luxury goods makers’ trademarks when it sells brand names as search keywords that trigger its lucrative advertisements. The adviser’s legal opinion will now be studied by judges at the European Court of Justice, which has been asked to tell a French appeals court how to apply EU trademark law in a dispute between Google and several French luxury goods companies over the Internet search engine’s ad system. Although Maduro’s recommendation is nonbinding, legal adviser opinions are followed by the court in about 80 percent of cases. Google has been repeatedly sued for trademark violations in courts around the world, and it generally prevails or settles cases without changing its practices. In the United States and most other countries, Google typically accepts trademarks used as those keyword triggers, but it places limits on what can appear in ads themselves. But in many European countries, including France, Italy and the Netherlands, Google does restrict the use of trademarks as keywords. It will typically strike ads, however, only after receiving a complaint from the trademark owner and conducting a review. The EU court adviser said neither Google nor advertisers are at fault for initially placing or accepting an ad using a brand keyword. Google isn’t to blame either for displaying the keyword ads because Maduro said a keyword linking to a site isn’t likely to lead customers into mistaking a brand name item for a counterfeit. But users are likely to make decisions when they see the content of the ad or visit the advertised sites — and the adviser warns that Google may be held liable for the ad content. That could potentially lead to Google facing legal action in national courts if brand owners could prove that such an ad damaged sales of genuine goods. http://www.siliconvalley.com/news/ci_13393205?nclick_check=1 FEDERAL COURTS NOW OFFER HEARINGS ONLINE AS MP3 FILES (ArsTechnica, 23 Sept 2009) – US federal courts are in the midst of a fascinating pilot program that could eventually bring MP3 digital audio recordings of court proceedings in a Montana federal building to an investigative journalist working in Boca Raton. The courts already run the PACER system, which offers Public Access to Court Electronic Records. Theses are generally PDF copies of all documents (except those under seal) filed in federal courts across the country. As a tool, it’s an amazing time and money saver for lawyers, journalists, and the public, despite the 8¢ per page charge for most documents which has proved controversial. These documents include the complaints that launch lawsuits and the procedural motions along the way, but what actually happens when lawyers get in front of the judge? If you want to know, you generally have to get yourself down to a particular courtroom in a particular courthouse in a particular state at a particular time. Quite a primitive system, especially when one considers that many such proceedings are already recorded digitally and made available (on audio CD) to anyone who treks down to a courthouse and hands over $26. The pilot program, run by the Administrative Office of the federal courts, began in late 2007 and has been extended through the end of 2009. It allows judges, at their sole discretion, to upload these audio files into the PACER system, where they can be downloaded for… 16 cents each. The files generally go up within 24 hours, so lawyers and journalists who truly need to follow a case as it happens still need to get themselves down to court. But for everyone else, these trial recordings are a fantastically convenient, cheap way to follow legal proceedings across the country. Nine courts are currently testing the technology, including US District Courts in Nebraska and the Eastern District of Pennsylvania. While the availability of such recordings sounds like an incredible step forward, problems have arisen. Criminal hearings are not covered by the pilot program at the moment, due to worries that it could expose sensitive witnesses, and judges have to make sure that private information such as Social Security numbers, dates of birth, and the names of children are not said aloud in court. Also, all-day court proceedings simply generate files that are too large; the Administrative Office has decided to break such recordings into morning and afternoon sessions. http://arstechnica.com/tech-policy/news/2009/09/federal-courts-now-offer-hearings-online-as-mp3-files.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss - and - IF THE ARMY CAN PUT ITS DOCTRINE UP ON A WIKI, YOU’VE GOT NO EXCUSE (Nancy Dixon, 23 Sept 2009) - A few weeks ago I had the privilege of watching an astounding event - a room full of Soldiers typing Army doctrine onto a wiki so that Soldiers in the field could make changes as they were discovering new and better tactics in the midst of fighting a war. There were a couple of amazing things about this event. One was that it was happening at all, because to the Army, doctrine is close to sacred. It is written by doctrine specialists and then verified and authenticated at many levels within the hierarchy. So opening doctrine up to Soldiers is a very big deal. The second amazing thing was how quickly it happened – just three weeks after the General said, “Make it happen.” the first eight manuals went up. A hierarchical organization, of one million plus employees, just shouldn’t be able to move that fast! But let me begin at the beginning of the story… http://www.nancydixonblog.com/2009/09/if-the-army-can-put-its-doctrine-up-on-a-wiki-youve-got-no-excuse.html 3RD CIRCUIT SAYS CORPORATIONS MAY TAKE INFO REQUESTS ‘PERSONALLY’ (Law.com, 24 Sept 2009) - Lawyers for AT&T have won a court battle with the Federal Communications Commission that turned on a question largely of semantics—whether corporations are entitled to assert claims of “personal” privacy. In an appeal before the 3rd U.S. Circuit Court of Appeals, the FCC argued that when Congress crafted the exemptions clauses of the Freedom of Information Act, it intended the phrase “personal privacy” to extend only to human beings. But AT&T begged to differ, arguing that the FOIA specifically defines the term “person” to include corporations, and therefore that “Congress’s choice of the adjectival form of that word—‘personal’—should be understood to refer to that definition.” By contrast, AT&T argued, “where Congress intends to refer to natural persons and to exclude corporations—both in the FOIA itself and in the closely related Privacy Act of 1974—it uses the term ‘individual.’” Now the 3rd Circuit has ruled that AT&T’s lawyer, Colin S. Stretch of Kellogg Huber Hansen Todd Evans & Figel in Washington, D.C., had the better argument, and that the FCC was therefore wrong to block AT&T from invoking the personal privacy protections in FOIA Exemption 7(C). http://www.law.com/jsp/article.jsp?id=1202434019429&rss=newswire&hbxlogin=1 DIFFERENT HORRIFICALLY BAD SOFTWARE DEMO BECOMES PERFORMANCE ART (ArsTechnica, 23 Sept 2009) - For software developers, live product demonstrations are a way of life, and that means that “live product demos gone horribly awry” are also a fact of life. But what if the world’s most disastrous software demo was faked, foisted on a set of unsuspecting computer science students as a piece of performance art? That thought is what led University of California-San Diego student Tristan Newcomb to produce a half-hour of surreptitious theater that he calls “The Last Lecture.” Students stare at the stage in disbelief, amusement, and horror as a software developer comes to class with his two assistants and proceeds to demonstrate a new videogame in spectacular fashion—software crashes, lag problems, puppet videos, and falling computers all coincide with the presenter’s personal breakdown in which he questions his life’s work and worries ceaselessly about his death (a death in which no Kermit the Frog will welcome him to the afterlife). Only after 30 minutes of increasingly bizarre personal confessions and technical glitches is the gag revealed; credits suddenly begin to scroll up the gigantic demonstration screen at the front of the classroom. The audience slowly realizes that it has been watching not a software demonstration, but a half-hour prerecorded video fronted by three actors. http://arstechnica.com/web/news/2009/09/horrifically-bad-software-demos-become-performance-art.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss This “Last Lecture” is here: http://www.lumalin.com/lumalin_films/last_lecture.php [Editor: at least he’s not using a Macintosh. The first 5 minutes are painful, but the guy falling off the cliff at 15m10s is priceless; what a wonderful waste of time.] COMMENTARY FROM MAC PORTABLE TO MACBOOK PRO: 20 YEARS OF APPLE LAPTOPS (ArsTechnica, 21 Sept 2009) - 20 years ago, Apple introduced its first portable Mac—we hesitate to say laptop because of its size—the Macintosh Portable. Ars looks back at some of the best Mac laptops to come out of Cupertino over the past two decades—and a couple of clunkers. http://arstechnica.com/apple/news/2009/09/from-portable-to-pro-best-mac-laptops-of-the-past-20-years.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss [Editor: looking at these is a trip down memory lane (with some nightmares) – I’ve owned most of the machines pictures (plus a half-dozen PCs).] LOOKING BACK - MIRLN TEN YEARS AGO READING THE FINE PRINT: YAHOO INADVERTENTLY THREATENS CONTENT COPYRIGHT—The fine print in the terms of service agreement Yahoo posted to GeoCities (a web page hosting service) members last week seemed to indicate that Yahoo held the copyright for all their site content. Angry members emailed Yahoo. The company issued a clarifying statement saying it never intended to usurp content copyright. Other web page hosting services have similar clauses in their terms of service agreements. Yahoo purchased GeoCities in January of this year. http://www.sjmercury.com/svtech/news/breaking/merc/docs/083171.htm MIRLN 2009-09-26T00:48:00-07:00 http://www.knowconnect.com/mirln/article/mirln_16_august_5_september_2009_v1212/ http://www.knowconnect.com/mirln/article/mirln_16_august_5_september_2009_v1212/#When:22:39:00Z • Internet Materials in Opinions: Citations and Hyperlinking • Judge Strikes Down La. Restrictions on Lawyer Internet Ads • Firefox Plug-In Frees Court Records, Threatens Judiciary Profits • Second Life’s Economy Nearly Doubles • U.C. Professors Seek Changes to Google Books Deal • FCC Launches a Blog, Joins Twitter Stream • FTC Finalizes Rules on Health Care Breach Disclosure • E-Discovery Fears May Explain Why Recession Didn’t Spur Litigation • Teaching the Quarantined • Massachusetts Modifies its New Information Security Rules for Businesses and Extends the Compliance Deadline Again • 45% of Employers Now Screen Social Media Profiles • D.C. Appeals Court Adopts Five-Step Inquiry for Unmasking Anonymous Internet Speakers • Forcing Employee to Provide Access to Password-Protected Website Violates SCA • Judge: Defunct Airport Fast Pass Company Can’t Sell Customer Data • Federal Agencies Pursue Cybersecurity Common Ground o DHS and Information Technology Sector Coordinating Council Release Information Technology Sector Baseline Risk • Cyber-Attack Strategy: Part of Russian Attack on Georgian Pipelines, Report Finds • Court Rules U.S. Seized 2003 Tests Improperly • Dozens of Judges are Getting LinkedIn, Blogger Notes • Tighter Oversight on Border Laptop Searches o Protect Your Laptop Data from Everyone, Even Yourself • For Intelligence Officers, a Wiki Way to Connect Dots • Augmented Reality Comes to the iPhone • The Government Domain: Tracking Congress 2.0 • Harvard’s Dash for Open Access • Online Terms Presented with Three Blue Hyperlinks are Conspicuous, Conscionable • Fox Adds On-Air Tweets to `Fringe’ Reruns NEWS | PODCASTS | LOOKING BACK | NOTES NEWS INTERNET MATERIALS IN OPINIONS: CITATIONS AND HYPERLINKING (U.S. Courts, July 2009) - The Judicial Conference has issued a series of “suggested practices” to assist courts in the use of Internet materials in opinions. The recommendations follow a pilot project conducted by circuit librarians who captured and preserved webpages cited in opinions over a six-month period. The Internet often seems to pervade everyday life, giving us answers, matches, recommendations, definitions, and citations. But the information on the Internet can be as ephemeral as yesterday’s blog entry. Websites can change or disappear altogether. “Judges are citing to and using Internet-based information in their opinions with increasing frequency,” Judicial Conference Secretary Jim Duff wrote recently to chief judges. “Unlike printed authority, Internet information is often not maintained at a permanent location, and a cited webpage can be changed or deleted at any time. Obviously, this has significant implications for the reliability of citations in court opinions.” The Judicial Conference Committee on Court Administration and Case Management (CACM) began the pilot project, conducted by circuit libraries, and received and endorsed the recommendations of an ad hoc working group of circuit librarians. In approving those recommendations in March 2009, the Judicial Conference agreed that all Internet materials cited in final opinions be considered for preservation, while each judge should retain the discretion to decide whether the specific cited resource should be captured and preserved. The Conference directed the Administrative Office to work with the CACM Committee to develop guidelines “to assist judges in making the determination of which citations to preserve.” The guidelines suggest that, if a webpage is cited, chambers staff preserve the citation by downloading a copy of the site’s page and filing it as an attachment to the judicial opinion in the Judiciary’s Case Management/Electronic Case Files System. The attachment, like the opinion, would be retrievable on a non-fee basis through the Public Access to Court Electronic Records system. When considering whether to cite Internet sources, judges are reminded that some litigants, particularly pro se litigants, may not have access to a computer. http://www.uscourts.gov/ttb/2009-07/article09.cfm?WT.cg_n=TTB&WT.cg_s=July09_article09_newsroom [Editor: There are two interesting studies/projects that speak to link rot and the need for preservation. One is the Chesapeake Project: http://www.legalinfoarchive.org/. The other was a study done by a librarian in Washington: Ching, Tina. “The Next Generation of Legal Citations: A Survey of Internet Citations in the Opinions of the Washington Supreme Court and Washington Appellate Courts, 1999-2005″ http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1305277. The ABA’s Catherine Sanders Reach participated in a related program discussion earlier this month—]http://www.abanet.org/tech/ltrc/presentations/authentication.pdf] JUDGE STRIKES DOWN LA. RESTRICTIONS ON LAWYER INTERNET ADS (ABA Journal, 4 August 2009) - A federal judge has upheld most of the new restrictions on advertising by Louisiana lawyers, but struck down two rules regulating Internet advertising. U.S. District Judge Martin Feldman said Louisana’s Internet restrictions don’t account for differences between ads online and those in traditional media such as television, the Associated Press reports. “The Internet presents unique issues related to advertising, which the state simply failed to consider in formulating this rule,” Feldman wrote in his opinion. As a result, the Internet ad restrictions violate the First Amendment, he ruled. Feldman upheld most other restrictions, saying the state can regulate ads that promise results, portray a judge or jury, or use client testimonials, according to AP. The Wolfe Law Group had challenged the Internet rules, claiming they would restrict the firm’s right to comment on Twitter, Facebook, online bulletin boards and blogs. The firm also argued the rules would subject each of the firm’s online posts to a cost-prohibitive evaluation and $175 fee. The law firm had provided an example: It spent $160 on 12 different Google pay-per-click ads over a three-month period; the cost of the ad review would have been about $2,100. Name partner Scott Wolfe Jr. said in a press release that Feldman’s ruling is important to lawyers who advertise online. “The court not only noted that states must have a reason to regulate Internet speech, but it also recognized that the Internet media is different from broadcast media, and is entitled to unique protection,” he said. http://www.abajournal.com/news/judge_strikes_down_la._restrictions_on_lawyer_internet_ads FIREFOX PLUG-IN FREES COURT RECORDS, THREATENS JUDICIARY PROFITS (Wired, 14 August 2009) - Access to the nation’s federal law proceedings just got a public interest hack, thanks to programmers from Princeton, Harvard and the Internet Archive, who released a Firefox plug-in designed to make millions of pages of legal documents free. Free as in beer and free as in speech. The Problem: Federal courts use an archaic, document-tracking system known as PACER as their official repository for complaints, court motions, case scheduling and decisions. The system design resembles a DMV computer system, circa 1988 — and lacks even the most basic functionality, such as notifications when a case gets a new filing. But what’s worse is that PACER charges 8 cents per page (capped at $2.40 per doc) and even charges for searches — an embarrassing limitation on public access to information, especially when the documents are copyright-free. The Solution: RECAP, a Firefox-only plugin, that rides along as one usually uses PACER — but it automatically checks if the document you want is already in its own database. The plug-in’s tagline, ‘Turning PACER around,’ alludes to the fact that its name comes from spelling PACER backwards. RECAP’s database is being seeded with millions of bankruptcy and Federal District Court documents, which have been donated, bought or gotten for free by open-government advocate Carl Malamud and fellow travelers such as Justia. And if the document you request isn’t already in the public archive, then RECAP adds the ones you purchase to the public repository. The plug-in was released by Princeton’s Center for Information Technology Policy, coded by Harlan Yu and Tim Lee, under the direction of noted computer science professor Ed Felten. http://www.wired.com/threatlevel/2009/08/firefox-plug-in-frees-court-records-threatens-judiciary-profits/ SECOND LIFE’S ECONOMY NEARLY DOUBLES (NPR, 14 August 2009) - I don’t know how I missed this key, crucial and totally critical piece of news: The economy in Second Life has grown by 94 percent over the past 12 months, with activity that equates to $144 million in the second quarter. Granted, the real people and their groovy avatars in the 3D virtual reality world are trading in Linden dollars, except when they’re not, like the woman who made a million U.S. dollars selling virtual real estate. Beam me up, I guess. Oh, wait—wrong world. http://www.npr.org/blogs/money/2009/08/second_lifes_virtual_economy_g.html?sc=nl&cc=pmb-20090814 U.C. PROFESSORS SEEK CHANGES TO GOOGLE BOOKS DEAL (New York Times, 17 August 2009) - A group of prominent faculty representatives from the University of California, one of Google’s earliest and closest allies in its plan to digitize books from major libraries, is the latest to raise concerns about important aspects of a high-profile class-action settlement between Google and groups representing authors and publishers. The professors include members of the university’s Academic Council (the executive committee of the much larger Academic Senate) as well as the chair of the Academic Senate’s Committee on Libraries and Scholarly Communication. Their views suggest something of a break between representatives of the university’s faculty and its administration, which has endorsed the settlement. But the group also suggests that the Authors Guild, which sued Google for copyright infringement over its scanning project and played a central role in negotiating the settlement, did not appropriately represent the interests of academic authors, many of whom want their works to be widely accessible. “We are concerned that the Authors Guild negotiators likely prioritized maximizing profits over maximizing public access to knowledge, while academic authors would have reversed those priorities,” the group wrote. “We note that the scholarly books written by academic authors constitute a much more substantial part of the Book Search corpus than the Authors Guild members’ books.” However, the group does not oppose the settlement, but rather suggests a number of changes to address its concerns. http://bits.blogs.nytimes.com/2009/08/17/uc-professors-seek-changes-to-google-books-deal/ FCC LAUNCHES A BLOG, JOINS TWITTER STREAM (GigaOm, 18 August 2009) - The Federal Communications Commission is looking to overhaul itself, hiring more technically astute people and entrepreneurs. It’s also trying to become an agency for the people, and as part of that attitude change, has launched a blog: Blogband. In a press release (and the first blog post) FCC Chairman Julius Genachowski wrote: “To foster public dialogue about the National Broadband Plan, we’re tapping the power of the Internet to launch a new FCC blog…Blogband will keep people up-to-date about the work the FCC is doing and the progress we’re making. But we want it to be a two-way conversation. The feedback, ideas, and discussions generated on this blog be critical in developing the best possible National Broadband Plan.” http://gigaom.com/2009/08/18/fcc-blog-twitter-fccdotgov/ FTC FINALIZES RULES ON HEALTH CARE BREACH DISCLOSURE (DarkReading, 18 August 2009) - The Federal Trade Commission yesterday issued a final rule that will require Web-based businesses to notify consumers when the security of their electronic health information has been breached. The new rule was put into place by Congress as part of the American Recovery and Reinvestment Act of 2009. The rule applies to both vendors of personal health records “ which provide online repositories that people can use to keep track of their health information “ and entities that offer third-party applications for personal health records. Many organizations that offer these types of services are not subject to the privacy and security requirements of the Health Insurance Portability and Accountability Act (HIPAA), the FTC explained. Under the Recovery Act, the Department of Health and Human Services has been assigned to conduct a study and report by February 2010 on potential privacy, security, and breach-notification requirements for vendors of personal health records and related entities that are not subject to HIPAA. In the meantime, the Recovery Act requires the FTC to issue a rule requiring these entities to notify consumers if the security of their health information is breached. The Commission announced a proposed rule in April 2009, collected public comments until June 1, and issued the final rule yesterday. The Final Rule requires vendors of personal health records and related entities to notify consumers following a breach involving unsecured information. In addition, if a service provider to one of these entities has a breach, it must notify the entity, which in turn must notify consumers. http://www.darkreading.com/security/government/showArticle.jhtml?articleID=219400484 E-DISCOVERY FEARS MAY EXPLAIN WHY RECESSION DIDN’T SPUR LITIGATION (ABA Journal, 18 August 2009) - Litigation usually increases during recessions, but this one appears to be different. Several surveys show that litigation is flat or declining, the National Law Journal reports. One of the major reasons, the story says, is that general counsel don’t want to spend money on litigation, partly because they fear the increasing cost of electronic discovery. “Right now, general counsel are trying to operate in zero-risk mode, and this is something we have not seen in many, many years,” said Michael Rynowecer, president of the BTI Consulting Group, in an interview with the publication. A survey of general counsel at Fortune 1000 companies by BTI found that legal departments spent an average of 1 percent less on litigation during the first half of this year. Elizabeth Scully, a partner at Baker Hostetler experienced in e-discovery, told the NLJ that the discovery process is much more expensive than just a few years ago. “It makes logical sense that the cost associated with e-discovery may be one of the things changing the numbers.” The article cited this evidence of a declining appetite for litigation. http://www.abajournal.com/news/e-discovery_fears_may_explain_why_recession_didnt_spur_litigation Law.com story here: http://www.law.com/jsp/ihc/PubArticleIHC.jsp?id=1202433112312&hbxlogin=1 TEACHING THE QUARANTINED (InsideHigherEd, 19 August 2009) - H1N1 flu may have two surprising symptoms: innovation and empathy. At least that’s the hope of University of Michigan officials, who are encouraging faculty to make broader use of technology to help sick students keep up with class work. As faculty create syllabuses for the coming semester, Michigan officials want them to consider the possibility of an outbreak infecting large numbers of students in the coming months. That means finding ways to work with students who may be absent for days by putting greater emphasis on distance learning tools like listservs, e-mail and Web-based teaching platforms. To that end, the university’s Center for Research on Learning and Teaching has laid out a series of guidelines to help faculty prepare for what could be a challenging year of illness. “[The guidelines] may or may not be helpful, but what we’re trying to do is encourage them to think about it in advance of the school year so it doesn’t take them by surprise,” said Constance Cook, vice provost for academic affairs and executive director of the learning and teaching center. “Then we rely on their good judgment to make accommodations that make sense for them.” The guidelines reflect growing concerns that the fall semester will be a season of H1N1, commonly called swine flu, on college campuses. Michigan is also working to address the somewhat counter-intuitive medical advice being provided by the Centers for Disease Control, which suggests those with the flu stay home an extra day, even if they feel well enough to work. To avoid spreading the flu, the CDC has advised people with influenza-like illness stay isolated until at least 24 hours after they are free of fever without the aid of fever-reducing medications. As such, there may be students who feel able to do work but who really shouldn’t be in class. http://www.insidehighered.com/news/2009/08/19/flu Guidelines here: http://www.crlt.umich.edu/flu/index.php MASSACHUSETTS MODIFIES ITS NEW INFORMATION SECURITY RULES FOR BUSINESSES AND EXTENDS THE COMPLIANCE DEADLINE AGAIN (Duane Morris, 19 August 2009) - The Massachusetts Office of Consumer Affairs and Business Regulation issued a press release on August 17, 2009, extending the deadline for compliance with the state’s new information security regulations from January 1, 2010, to March 1, 2010, and updating the regulations to implement a more risk-based approach. The regulations had required all businesses, regardless of size, that own, license, store or maintain personal information about a resident of Massachusetts to encrypt that information when stored on portable devices or transmitted wirelessly or on public networks, and adopt a comprehensive, written information security program. New language in the regulations now recognizes that the size of a business and the amount of personal information it handles is a factor in the data security plan the business creates. Hence, the regulations were modified so that the safeguards are appropriate to the size, scope and type of business handling the information; the amount of resources available to the business; the amount of stored data; and the need for security and confidentiality of both consumer and employee information. http://www.duanemorris.com/alerts/alert3378.html 45% OF EMPLOYERS NOW SCREEN SOCIAL MEDIA PROFILES (Mashable, 19 August 2009) - We all know that employers are getting savvy to social networking sites and the information we share online. But what you may not know is that a recently conducted survey shows that nearly 1 in 2 companies are doing their online due diligence for prospective job candidates. This according to research firm Harris Interactive, who was commissioned by CareerBuilder.com and surveyed 2,667 HR professionals, finding that 45% of them use social networking sites to research job candidates, with an additional 11% planning to implement social media screening in the very near future. According to the study, “thirty-five percent of employers reported they have found content on social networking sites that caused them not to hire the candidate.” http://mashable.com/2009/08/19/social-media-screening/ D.C. APPEALS COURT ADOPTS FIVE-STEP INQUIRY FOR UNMASKING ANONYMOUS INTERNET SPEAKERS (BNA’s Internet Law News, 20 August 2009) - BNA’s Electronic Commerce & Law Report reports that the District of Columbia Court of Appeals held that a defamation plaintiff seeking to identify an anonymous defendant must first submit sufficient evidence to establish a genuine issue of material fact for all claim elements within its control. The court ultimately adopted a five-part test it said was similar to the summary judgment standard set forth in Doe v. Cahill. Case name is Solers Inc. v. Doe. FORCING EMPLOYEE TO PROVIDE ACCESS TO PASSWORD-PROTECTED WEBSITE VIOLATES SCA (Steptoe & Johnson’s E-Commerce Law Week, 20 August 2009) - A recent jury verdict suggests that an employer that gains access to an employee’s social networking site by pressuring the employee to provide it with credentials for access may thereby violate the Stored Communications Act. In Pietrylo v. Hillstone Restaurant Group, several former employees of Houston’s restaurants in New Jersey alleged that Houston’s owner, the Hillstone Restaurant Group, accessed without authorization the employees’ private and password-protected MySpace group website—used to make comments and jokes about Houston’s management, customers, and customer service standards. The employees were subsequently fired, and they then brought a wrongful termination suit claiming violations of their right to privacy, the Stored Communications Act (SCA) and a similar New Jersey statute, and other laws. Last July, a federal court in New Jersey denied defendants’ motion for summary judgment on the claims for violations of the SCA, the parallel state statute, and two invasion of privacy claims, finding that “testimony regarding whether [] consent was voluntary demonstrate[d] a material issue of disputed fact.” Notably, however, the court also concluded that if “consent was only given under duress, then the Defendants were no