MIRLN—- 17 June - 7 July 2018 (v21.09)

MIRLN—- 17 June - 7 July 2018 (v21.09)—- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)




Register now for the next cybersecurity ABA CLE webinar ” Bumps in the Night: Cybersecurity Legal Requirements, Government Enforcement, and Litigation “. This second in a 5-part series airs July 18, followed by other episodes in August, September, and October. Each 90-minute episode parses related parts of the best-selling (and winner of the 2018 ACLEA “Best Publication” award) ” ABA Cybersecurity Legal Handbook ”. For more information, visit ambar.org/cyberwakeup to register. Get 20% off if you subscribe to the full series (recordings of earlier ones are available), along with a free e-copy of the handbook.

ABA attendees at the Chicago annual meeting will also want to attend our showcase program (August 4 10:00-11:30 Central), featuring Raj De (former NSA GC), Suzanne Spaulding (former DHS Undersecretary), and others. Info here . top


Why destruction of information is so difficult and so essential: The case for defensible disposal (ABA’s Business Law Today, 15 June 2018) - IN BRIEF: (1) Information is growing unfettered for most businesses and impacting their ability to function; (2) Lawyers must find a way to get rid of information without creating greater business and legal issues for their clients; (3) Defensible disposition rids businesses of information that no longer has business or legal value without employees having to involve themselves in classification. * * * top

A student, a worried girlfriend, a shared password and an admissions lawsuit (InsideHigherEd, 18 June 2018) - Most admissions lawsuits are about applicants who are rejected. But Eric Abramovitz won 375,000 Canadian dollars (about $284,000) last week over an admissions offer he turned down. Actually, his then girlfriend turned it down, pretending to be Abramovitz. That set up the unusual court ruling. As outlined in the ruling issued by a Canadian judge last week, Abramovitz and Jennifer Lee met in 2013 and became a couple while both were studying music at McGill University. While they were involved, Abramovitz shared his laptop—and his passwords—with Lee. Abramovitz was a star student of clarinet, winning numerous prizes. He aspired to finish his bachelor’s degree at Colburn Conservatory of Music, in Los Angeles, where he hoped to study with Yehuda Gilad, who only accepts two students a year. In December 2013, Abramovitz applied and went to Los Angeles when he was invited to audition. On March 27, 2014, he was admitted—and his admission brought with it a full scholarship. On that fateful day, Lee checked Abramovitz’s email before he did. Using his email account, she turned down the offer and created a fake email account in Gilad’s name. Then she sent an email, pretending to be Gilad, rejecting Abramovitz. Lee could not be reached for comment. She did not contest Abramovitz’s suit. The court ruling says that she was apparently afraid he would move to Los Angeles, leaving her behind at McGill, in Montreal. Eventually, Abramovitz did leave for Los Angeles and enrolled in a certificate program at the University of Southern California in which Gilad also taught. That program charged about $25,000, which Abramovitz paid. (He couldn’t afford USC’s master’s degree program, which would have cost him about twice as much in tuition.) Abramovitz was “completely taken in,” the court decision says, and only went to USC after staying in Montreal—with Lee—to finish his bachelor’s degree. The scheme unraveled when Abramovitz met Gilad, who is not used to being turned down. As Abramovitz told National Post , when he auditioned for Gilad to enter the USC program, Gilad asked him, “Why did you reject me?” When Gilad showed him the email Lee had sent, Abramovitz was stunned. But he also had Lee’s passwords, and he found the fake emails. He also found she had done the same thing when he won admission to the Juilliard School—another institution that few admitted applicants turn down. The Canadian court judged that Lee was responsible for the tuition paid by Abramovitz to USC, the lost opportunities of the scholarship to the conservatory and for delaying the start of his career. The court ruling found that Lee’s conduct was “morally reprehensible.” top

Why your FOIA request might not get text messages (Ride the Lightning, 19 June 2018) - Hat tip to my friend Doug Austin at CloudNine for a marvelous post on his EDiscovery Daily Blog . As Doug asks, what percentage of Freedom of Information Act (FOIA) requests actually result in receiving all of the information requested? According to the 2018 Public Sector Text & Mobile Communications Survey from Smarsh, 70 percent of federal, state, county and city government organizations surveyed report allowing SMS/text for official business communication. But, almost half of those (46 percent) are not formally capturing and retaining these messages. There were 236 total respondents in the survey. The information below is directly from Doug’s post. And I fully agree with his conclusion at the end! “The vast majority of agencies allow organizational e-mail (97 percent) on mobile devices, but right behind it is SMS/text messaging, with 70 percent allowing it for official government business. Social channels Facebook and Twitter are the next most frequently cited, with 58 percent and 44 percent, respectively. Two-thirds of surveyed organizations allow employees to use their own BYOD devices for official business, for those devices, only 35 percent of respondents are retaining SMS/text messages (as opposed to 62 percent for Corporate Owned Personally Enabled (COPE) devices). The top four reasons SMS/Text records are NOT captured are: 1) Don’t currently have budget this year, 2) SMS/text isn’t required to be retained by law, 3) Waiting for Capstone/FOIA guidance, 4) Existing capture technologies are too complicated. The majority of respondents, 62 percent or nearly 2/3, lacked confidence that they could provide specifically requested mobile text messages promptly if responding to a public records or litigation request. Agencies with no retention solution in place have very little confidence in their ability to fulfill requests. 23 percent reported that if requested, it was unlikely they could produce SMS/text messages from their organizational leader at all. When you hear these stats, you might be surprised the numbers aren’t higher. Last year, Federal Freedom of Information Act (FOIA) litigation jumped 26 percent over the previous year. In 2018, that number is on track to increase again. While an average of 2.08 lawsuits were filed each day in 2017, 2018 has seen the average increase to 2.72 lawsuits per day. Last year, there were 823,222 Federal FOIA requests - 78 percent of those requests yielded censored files or no records at all. In other words, only 22 percent of FOIA requestors got everything they asked for. 22 percent! And, the Federal government spent $40.6 million in legal fees defending its withholding of files in 2017. Freedom of information isn’t free, apparently.” top

Verizon will stop selling real-time location data to third-party brokers (The Verge, 19 June 2018) - Verizon has pledged to stop selling data that can pinpoint the location of its mobile users to third-party intermediaries, according to The Associated Press . Verizon is the first carrier to end the controversial practice after Sen. Ron Wyden (D-OR) revealed that one of the companies that purchased the real-time location-tracking data from carriers wasn’t verifying if its users had legal permission to track cellphone users through its service. In a letter to carriers and the FCC, Sen. Wyden said that Securus Technologies - a company that mainly monitors phone calls to inmates in jails and prisons across the country and also sells real-time location data to law enforcement agencies who must upload legal documents such as a warrant stating they have the right to access the data - wasn’t actually verifying if those documents were legitimate. Securus did not “conduct any review of surveillance requests,” Wyden wrote in his letter to the FCC. A sheriff in Missouri was charged with illegally tracking people 11 times without court orders using Securus, according to The New York Times. While all four major carriers have now cut off access to Securus, only Verizon has said it will stop selling data to geolocation aggregators who can then turn around and sell that data to someone else. Verizon said 75 companies obtained data from the two companies it sells location data directly to: LocationSmart and Zumigo. Last month, KrebsOnSecurity reported that LocationSmart - which supplies Securus with the location-tracking data - was leaking the real-time location data of customers on every major US carrier through a free demo tool on its website, which was subsequently taken down. “Verizon did the responsible thing and promptly announced it was cutting these companies off,” Wyden said in a statement to the AP. [ see also , AT&T and Sprint to follow Verizon in ending its sale of user location data to third-party brokers (The Verge, 19 June 2018)] top

Are free societies at a disadvantage in national cybersecurity (Bruce Schneier, 19 June 2018) - Jack Goldsmith and Stuart Russell just published an interesting paper , making the case that free and democratic nations are at a structural disadvantage in nation-on-nation cyberattack and defense. From a blog post : It seeks to explain why the United States is struggling to deal with the “soft” cyber operations that have been so prevalent in recent years: cyberespionage and cybertheft, often followed by strategic publication; information operations and propaganda; and relatively low-level cyber disruptions such as denial-of-service and ransomware attacks. The main explanation is that constituent elements of U.S. society—a commitment to free speech, privacy and the rule of law; innovative technology firms; relatively unregulated markets; and deep digital sophistication—create asymmetric vulnerabilities that foreign adversaries, especially authoritarian ones, can exploit. These asymmetrical vulnerabilities might explain why the United States so often appears to be on the losing end of recent cyber operations and why U.S. attempts to develop and implement policies to enhance defense, resiliency, response or deterrence in the cyber realm have been ineffective. I have long thought this to be true. There are defensive cybersecurity measures that a totalitarian country can take that a free, open, democratic country cannot. And there are attacks against a free, open, democratic country that just don’t matter to a totalitarian country. That makes us more vulnerable. (I don’t mean to imply—and neither do Russell and Goldsmith—that this disadvantage implies that free societies are overall worse, but it is an asymmetry that we should be aware of.) I do worry that these disadvantages will someday become intolerable. Dan Geer often said that “the price of freedom is the probability of crime.” We are willing to pay this price because it isn’t that high. As technology makes individual and small-group actors more powerful , this price will get higher. Will there be a point in the future where free and open societies will no longer be able to survive? I honestly don’t know. EDITED TO ADD (6/21): Jack Goldsmith also wrote this . top

GDPR and browser fingerprinting: How it changes the game for the sneakiest web trackers (EFF, 19 June 2018) - Browser fingerprinting is on a collision course with privacy regulations. For almost a decade, EFF has been raising awareness about this tracking technique with projects like Panopticlick . Compared to more well-known tracking “cookies,” browser fingerprinting is trickier for users and browser extensions to combat: websites can do it without detection, and it’s very difficult to modify browsers so that they are less vulnerable to it. As cookies have become more visible and easier to block, companies have been increasingly tempted to turn to sneakier fingerprinting techniques. But companies also have to obey the law. And for residents of the European Union, the General Data Protection Regulation (GDPR), which entered into force on May 25th, is intended to cover exactly this kind of covert data collection. The EU has also begun the process of updating its ePrivacy Directive, best known for its mandate that websites must warn you about any cookies they are using. If you’ve ever seen a message asking you to approve a site’s cookie use, that’s likely based on this earlier Europe-wide law. This leads to a key question: Will the GDPR require companies to make fingerprinting as visible to users as the original ePrivacy Directive required them to make cookies? The answer, in short, is yes. Where the purpose of fingerprinting is tracking people, it will constitute “personal data processing” and will be covered by the GDPR. top

Should media publish government’s child-detention photos? (WaPo, 19 June 2018) - Based on the photographic evidence, living conditions inside government-run detention centers for immigrant children separated from their parents in south Texas look reasonably orderly and clean. But there’s a major catch: All of the photographs depicting life inside the facilities have been supplied by the government itself. There’s been no independent documentation; federal officials, citing the children’s privacy, have barred journalists from taking photographs or video when they’ve been permitted inside. This has left news organizations with a quandary: Do they publish the handouts supplied by U.S. Customs and Border Protection (CBP) - which has an incentive to make its facilities look as humane and comfortable as possible - or do they reject the photos as essentially propaganda? The New York Times, for one, has taken the latter course. On Monday, it said it would not publish CBP-supplied photos. “We thought it was a bad precedent to accept government handout photos when [photojournalists aren’t] allowed in,” Dean Baquet , the paper’s editor, said in an interview. “It would hurt any future case for access. And given the sensitivity of this story, I don’t think we can assure readers that we are seeing a full picture when the government makes the choice of what we see and show. Readers want to know what these places look like, from the view of journalists who are witnesses.” One of the government-supplied photos - a shot of children sprawled on thin mattresses under mylar blankets - was featured prominently by many news organizations on Tuesday. top

Bad news cut from Michigan State alumni magazine (InsideHigherEd, 21 June 2018) - After a review by Michigan State University interim president John Engler, an upcoming edition of the university’s alumni magazine will not include planned long-form essays exploring how the Larry Nassar sexual abuse case has tainted the university, multiple anonymous administration sources told the Detroit Free Press . It will also apparently not include a striking black-and-white cover image of a woman wearing teal lipstick—teal is the color that Nassar survivors and supporters wear to show solidarity. Sources told the Free Press that Engler saw the planned image, among others, and said, “Get that teal shit out of here.” While the magazine issue will address the crisis, sources said, it will showcase positive moves Engler has made since taking over, such as adding more counselors. Several people close to Engler who were not authorized to speak to the media said the effort is part of his push to “pivot toward positive news” in the wake of the scandal. top

SEC provides further guidance on when digital assets may be deemed securities (Nixon Peabody, 21 June 2018) - On June 14, 2018, William Hinman, Director of the Securities and Exchange Commission’s (SEC’s) Division of Corporation Finance, provided important but nonbinding guidance on when a digital asset may be deemed a security in his remarks at the Yahoo Finance All Markets Summit in San Francisco, California. Slowly, the SEC has continued to reveal its views on the approaches taken by some crypto and digital asset industry participants―such as the pioneers of the Simple Agreement for Future Tokens (or SAFT), who have attempted to structure digital asset sales in such a way that the digital asset is not a security. As noted by Director Hinman in his remarks, these are still the “early days” of crypto, but with this latest guidance, the SEC has provided more clarity around securities law-compliant digital asset sales. The following is a summary of certain key takeaways from Director Hinman’s remarks and related analysis. * * * top

MIT to conduct an environmental scan of open source publishing (MIT, 22 June 2018) - The MIT Press has announced the award of a grant from The Andrew W. Mellon Foundation to conduct a landscape analysis and code audit of all known open source (OS) authoring and publishing platforms. By conducting this environmental scan, the MIT Press will be providing a comprehensive and critical analysis of OS book production and hosting systems to the scholarly publishing community. As noted by Amy Brand, director of the MIT Press, “Open source book production and publishing platforms are a key strategic issue for not-for-profit scholarly publishers, and the wide-spread utilization of these systems would foster greater institutional and organizational self-determination. The MIT Press has long been a leader in digital publishing. We are very grateful for the generous support from The Mellon Foundation for this project.” The grant affords the MIT Press the unique opportunity to provide the university press community and other not-for-profit scholarly publishers with a comprehensive overview of the numerous OS publishing platforms that are currently in use or under development. These systems, which produce and host platforms for scholarly books and journals, have proliferated in the last decade. The forthcoming analysis will highlight the availability, affordances, and current limitations of these systems, and thereby encourage the adoption and continued development of OS publishing technologies. Open infrastructure could prove to be a durable alternative to complex and costly proprietary services. The results of the environmental scan and the accompanying code audit, expected later this year, will be made openly accessible. The final report will inform the MIT Press’s roadmap for the publishing platform PubPub currently being codeveloped with the MIT Media Lab. top

FirstNet launches, giving police and firefighters a dedicated wireless network and infinite possibilities (WaPo, 25 June 2018) - Though it’s not a renowned high-tech hub, Brazos County, Tex., has become the showroom for what technology can do for police officers, paramedics and firefighters nationwide, through the newly created FirstNet wireless network. When Brazos sheriff’s deputies entered a standoff with an armed man inside his home, they positioned four cars around the building and streamed live video through FirstNet back to their command center from their phones. When firefighters launched a swiftwater rescue recently, they were able to show it in real time through FirstNet to their supervisors. When a man tried to fraudulently register a stolen car, a patrol lieutenant was able to patch into the government center cameras through FirstNet and watch the crime in progress. “It’s given us some incredible communication,” said Brazos Sheriff Chris Kirk, “that we’ve been able to put to good use. It makes us much more efficient.” The idea for FirstNet was long in gestation, beginning with the terrorist attacks of Sept. 11, 2001, but has rapidly come to fruition in the year since AT&T won a contract to build it for the federal government. The idea was a dedicated wireless network exclusively for first responders, enabling them to communicate in emergencies on a secure system built to handle massive amounts of data. Former Boston police commissioner Ed Davis witnessed two major problems of emergency communication firsthand. On 9/11, police helicopters flying over the World Trade Center could see the danger of building collapse but could not reach firefighters inside the towers, who were using a different radio system. And after the Boston Marathon bombing, cellular networks were overwhelmed with traffic, and police could not communicate with each other, Davis said. FirstNet addresses both problems. The government agency was created after 9/11 to devise the interoperability of first responders, and then to enable video, data and text capabilities in addition to voice. In March 2017, FirstNet accepted AT&T’s $40 billion bid to build out the network. The governments of all 50 states and the District of Columbia opted in, and in March of this year, the core network went live. More than 1,000 agencies in 52 states and U.S. territories have signed up, including Boston police and fire and the Texas Department of Public Safety. top

Potential clients are confident in law firms’ cybersecurity. Should they be? (Legal Tech News, 25 June 2018) - Despite an increasingly malicious cyberthreat environment, most potential law firm clients are confident in the legal industry’s ability to protect client data, according to a survey of more than 1,000 small business owners and the U.S. general public conducted by data disposal company Shred-it and market research company Ipsos Public Affairs. Almost half of the respondents, 47 percent, said data protection considerations were “very important” when deciding which law firm to hire, while 36 percent said such considerations were at least “somewhat important.” But a majority, 61 percent, expressed little or no concern about providing sensitive information to lawyers, underscoring the widespread trust potential clients have in law firms ability to protect their data. * * * What’s more, overconfidence may already be harming law firms security preparations, according to ALM Intelligence’s “Challenges at the Intersection of Cybersecurity and Legal Services,” a survey of 194 law firms and legal departments. While the survey found that most law firms were confident they had adequate cybersecurity protections in place, their cybersecurity programs failed to meet client expectations. top

- and -

Legal Tracker LDO Index (ThomsonReuters, July 2018) - The volume of work for legal departments continues to grow, yet the overall legal department budget is not increasing at the same rate. Legal departments are dealing with how to do more with less. To address this challenge, departments are focusing on legal operations. With an operational focus, legal departments are looking at process improvements and technology to deliver on key department initiatives like controlling outside counsel costs and simplifying workflow and manual processes. Sixty-eight percent of organizations say the volume of legal work - defined by the number of legal matters - is increasing. Fifty-four percent of survey respondents report the percentage of work handled in-house is increasing, while 48% of survey respondents report increasing outside counsel spending. Seventy-one percent of organizations report that outside counsel hourly rates are increasing, while only 8% of organizations report decreases. With the increases in volume of work, 35% of legal departments report increasing the total legal department budget in the last 12 months, 25% report a budget decrease, and 40% report flat legal department budgets. When it comes to the budget for technology, 34% report increasing the budget, 52% are flat, and 13% report decreasing the technology budget. We asked legal departments to rank a variety of initiatives from no priority to high priority. The top five priorities among legal departments surveyed are: * * * [ Polley : Lots of interesting data here; spotted by MIRLN reader Gordon Housworth ] top

AT&T collaborates on NSA spying through a web of secretive buildings in the US (TechCrunch, 25 June 2018) - A new report from The Intercept sheds light on the NSA’s close relationship with communications provider AT&T. The Intercept identified eight facilities across the U.S. that function as hubs for efforts to collaborate with the intelligence agency. The site first identified one potential hub of this kind in 2017 in lower Manhattan. The report reveals that eight AT&T data facilities in the U.S. are regarded as high-value sites to the NSA for giving the agency direct “backbone” access to raw data that passes through, including emails, web browsing, social media and any other form of unencrypted online activity. The NSA uses the web of eight AT&T hubs for a surveillance operation code-named FAIRVIEW, a program previously reported by The New York Times . The program, first established in 1985, “involves tapping into international telecommunications cables, routers, and switches” and only coordinates directly with AT&T and not the other major U.S. mobile carriers. top

How social networks set the limits of what we can say online (Wired, 26 June 2018) - Content moderation is hard. This should be obvious, but it’s easily forgotten. It is resource intensive and relentless; it requires making difficult and often untenable distinctions; it is wholly unclear what the standards should be, especially on a global scale; and one failure can incur enough public outrage to overshadow a million quiet successes. We as a society are partly to blame for having put platforms in this situation. We sometimes decry the intrusions of moderators, and sometimes decry their absence. Even so, we have handed to private companies the power to set and enforce the boundaries of appropriate public speech. That is an enormous cultural power to be held by so few, and it is largely wielded behind closed doors, making it difficult for outsiders to inspect or challenge. Platforms frequently, and conspicuously, fail to live up to our expectations. In fact, given the enormity of the undertaking, most platforms’ own definition of success includes failing users on a regular basis. The social media companies that have profited most have done so by selling back to us the promises of the web and participatory culture. But those promises have begun to sour. While we cannot hold platforms responsible for the fact that some people want to post pornography, or mislead, or be hateful to others, we are now painfully aware of the ways in which platforms invite, facilitate, amplify, and exacerbate those tendencies. For more than a decade, social media platforms have portrayed themselves as mere conduits, obscuring and disavowing their active role in content moderation. But the platforms are now in a new position of responsibility-not only to individual users, but to the public more broadly. As their impact on public life has become more obvious and more complicated, these companies are grappling with how best to be stewards of public culture, a responsibility that was not evident to them-or us-at the start. For all of these reasons, we need to rethink how content moderation is done and what we expect of it. And this begins by reforming Section 230 of the Communications Decency Act-a law that gave Silicon Valley an enormous gift, but asked for nothing in return. * * * top

Instagram now lets you 4-way group video chat as you browse (TechCrunch, 26 June 2018) - latest assault on Snapchat, FaceTime and Houseparty launches today. TechCrunch scooped back in March that Instagram would launch video calling, and the feature was officially announced at F8 in May. Now it’s actually rolling out to everyone on iOS and Android, allowing up to four friends to group video call together through Instagram Direct. With the feed, Stories, messaging, Live, IGTV and now video calling, Instagram is hoping to become a one-stop-shop for its 1 billion users’ social needs. This massive expansion in functionality over the past two years is paying off, SimilarWeb told TechCrunch in an email, which estimates that the average U.S. user has gone from spending 29 minutes per day on the app in September 2017 to 55 minutes today. More time spent means more potential ad views and revenue for the Facebook subsidiary that a Bloomberg analyst just valued at $100 billion after it was bought for less than $1 billion in 2012. top

8 states impose new rules on Equifax after data breach (NYT, 27 June 2018) - Equifax agreed to a number of data security rules under a consent order with eight state financial regulators that was announced on Wednesday, the latest regulatory response to the breach that allowed hackers to steal sensitive personal information on more than 147 million people. The order describes specific steps the credit bureau must take, including conducting security audits at least once a year, developing written data protection policies and guides, more closely monitoring its outside technology vendors, and improving its software patch management controls. Equifax has said that the attackers gained access to its systems last year through a known software flaw that was inadvertently left unfixed for months. If Equifax falls short on any of its new promises, regulators in the states - Alabama, California, Georgia, Maine, Massachusetts, New York, North Carolina and Texas - will be able to take punitive action. Equifax said that “a good number” of the measures it agreed to in the order had already been completed. Equifax has spent nearly $243 million so far on the fallout from the data breach, including its spending on legal costs, new security tools and credit monitoring services it offered for free after the break-in was revealed in September. The company’s chief executive and several other top officials were forced out in the aftermath. Government regulators and law enforcement officials are still looking into Equifax’s data safeguards. The company remains under investigation by the Federal Trade Commission, the Consumer Finance Protection Bureau and the Securities and Exchange Commission, among others. top

Homeland Security subpoenas Twitter for data breach finder’s account (ZDnet, 2 July 2018) - Homeland Security has served Twitter with a subpoena, demanding the account information of a data breach finder, credited with finding several large caches of exposed and leaking data. The New Zealand national, whose name isn’t known but goes by the handle Flash Gordon , revealed the subpoena in a tweet last month . The pseudonymous data breach finder regularly tweets about leaked data found on exposed and unprotected servers. Last year, he found a trove of almost a million patients’ data leaking from a medical telemarketing firm. A recent find included an exposed cache of law enforcement data by ALERRT, a Texas State University-based organization, which trains police and civilians against active shooters. The database, secured in March but reported last week, revealed that several police departments were under-resourced and unable to respond to active shooter situations. Homeland Security’s export control agency, Immigration and Customs Enforcement (ICE), served the subpoena to Twitter on April 24, demanding information about the data breach finder’s account. Twitter informed him of the subpoena, per its policy on disclosing legal processes to its users. A legal effort to challenge the subpoena by a June 20 deadline was unsuccessful. Attorneys from the Electronic Frontier Foundation provided Flash Gordon legal assistance. ICE demanded Twitter turn over his screen name, address, phone number—and any other identifying information about the account, including credit cards on the account. The subpoena also demanded the account’s IP address history, member lists, and any complaints filed against the Twitter account. The subpoena did not demand the account’s private messages or any other content, which typically requires a court order or a search warrant. It’s not known why the subpoena was issued. Twitter spokesperson Emily Horne said the company does not comment on individual accounts for privacy and security reasons. top

Carpenter v. United States: Big data is different (GW Law Review, 2 July 2018) - A central truism of U.S. privacy law is that if you share information, you do not have an expectation of privacy in it. This reasoning runs through both Fourth Amendment jurisprudence and privacy tort cases, and has repeatedly been identified as a central failing of American privacy law in the digital age. On June 22, in Carpenter v. United States , the Supreme Court did away with this default. While repeatedly claiming to be fact-bound and incremental, Chief Justice Roberts’s opinion has paradigm-shifting implications not only for Fourth Amendment law, but also for private-sector privacy law. In short, the Court in Carpenter has declared that Big Data is different. Just how different remains to be seen. The question addressed in Carpenter- whether obtaining historic location information from cellular phone service providers constitutes a search under the Fourth Amendment-arose at the confluence of two lines of cases. One addresses location tracking in public spaces, and the other addresses records that have been shared with third parties. Until recently, neither doctrinal thicket looked particularly good for Timothy Carpenter, or for privacy. But the Carpenter decision does not come out of thin air. Starting with the Court’s recent GPS-tracking decision in United States v. Jones- and what has been referred to as the Jones “shadow majority”-the Supreme Court has recently appeared to take a different approach to Big Data. Carpenter cements this change. * * * [ see also Gorsuch’s dissent in ‘Carpenter’ case has implications for the future of privacy (The Hill, 26 June 2018), and When does a Carpenter search start-and when does it stop? (Orin Kerr on Lawfare, 6 July 2018)] top

It’s time for a chemistry lesson. Put on your virtual reality goggles. (NYT, 3 July 2018) - There was a time when biochemists had a lot in common with sculptors. Scientists who had devoted their lives to studying a molecule would building a model, using metal and a forest of rods to hold up the structure of thousands of atoms. ” Slow work, but at the end you really know the molecule ,” said Michael Levitt, who shared the Nobel Prize in Chemistry in 2013. These days simulations on screens have replaced such models, sacrificing some of their tactile value while gaining the ability to show movement. But what if you could enter a virtual reality environment where the molecules lie before you, obeying all the laws of molecular physics as calculated by supercomputers, and move them around in three dimensions? In a new paper in the journal Science Advances , researchers report that they have constructed just such an environment, and that users who manipulate the proteins in VR can perform simple tasks nearly ten times faster in virtual reality than on a screen. The researchers asked users to perform three separate manipulations of molecules and timed how long each took. They had to thread a molecule of methane through a simulated carbon nanotube; unwind a helical molecule and wind it up in the opposite direction; and tie a knot in a simulated protein. They also did the same tasks on computers using a touchscreen or a mouse. Each task resembles research that is current in biology and chemistry. In tallying the time each task took, the researchers found that in VR, threading the nanotube and tying the knot went much quicker. The knot task, in particular, was completed nearly ten times as rapidly. By using 2D screen-based simulations of molecules, said Dr. Glowacki, “we might actually be doing things a lot slower than we could be.” Scientists who use VR to get familiar with molecules may be able to gain intuition about their movements more quickly. [ Polley : pretty interesting animation videos on the website version of the story.]


Tech Competence (Robert Ambrogi) - In 2012, something happened that I called a sea change in the legal profession: The American Bar Association formally approved a change to the Model Rules of Professional Conduct to make clear that lawyers have a duty to be competent not only in the law and its practice, but also in technology. * * * On this page, I track the states that have formally adopted the revised comment to Rule 1.1. The total so far is 31. [ Polley : nice interactive map of the states.] top

Grimmelmann on Whether Robot Transmissions Are Speech For First Amendment Purposes (MLPB, 20 June 2018) - James Grimmelmann, Cornell Law School, is publishing Speech in, Speech Out in Robotica: Speech Rights and Artificial Intelligence (Ronald K. L. Collins and David M. Skover, eds., Cambridge University Press 2018). Here is the abstract: This invited short response was published as part of Ronald K.L. Collins and David M. Skover’s book Robotica: Speech Rights and Artificial Intelligence (Cambridge University Press 2018). Collins and Skover make a two-step argument about “whether and why First Amendment coverage given to traditional forms of speech should be extended to the data processed and transmitted by robots.” First, they assert (based on reader-response literary criticism) that free speech theory can be “intentionless”: what matters is a listener’s experience of meaning rather than a speaker’s intentions. Second, they conclude that therefore utility will become the new First Amendment norm. The premise is right, but the conclusion does not follow. Sometimes robotic transmissions are speech and sometimes they aren’t, so the proper question is not “whether and why?” but “when?” Collins and Skover are right that listeners’ experiences can substitute for speakers’ intentions, and in a technological age this will often be a more principled basis for grounding speech claims. But robotic “speech” can be useful for reasons that are not closely linked to listeners’ experiences, and in these cases their proposed “norm of utility” is not really a free speech norm. top

Lola v. Skadden and the Automation of the Legal Profession (Yale Journal of Law & Technology) - Technological innovation has accelerated at an exponential pace in the last few decades, ushering in an era of unprecedented advancements in algorithms and artificial intelligence technologies. Traditionally, the legal field has protected itself from technological disruptions by maintaining a professional monopoly over legal work and limiting the “practice of law” to only those who are licensed. This article analyzes the long-term impact of the Second Circuit’s opinion in Lola v. Skadden, Arps, Slate, Meagher & Flom LLP , 620 F. App’x 37 (2d Cir. 2015), on the legal field’s existing monopoly over the “practice of law.” In Lola , the Second Circuit underscored that “tasks that could otherwise be performed entirely by a machine” could not be said to fall under the “practice of law.” By distinguishing between mechanistic tasks and legal tasks, the Second Circuit repudiated the legal field’s oft-cited appeals to tradition insisting that tasks fall under the “practice of law” because they have always fallen under the practice of law. The broader implications of this decision are threefold: (1) as machines evolve, they will encroach on and limit the tasks considered to be the “practice of law”; (2) mechanistic tasks removed from the “practice of law” may no longer be regulated by professional rules governing the legal field; and (3) to survive the rise of technology in the legal field, lawyers will need to adapt to a new “practice of law” in which they will act as innovators, purveyors of judgment and wisdom, and guardians of fairness, impartiality, and accountability within the law. The article proceeds by first discussing the procedural history and decision in Lola v. Skadden . It then explains the technological advances that will impact the legal field and the tools used by the legal field to perpetuate its self-regulating monopoly. The article then turns to the socioeconomic implications of technological disruption within the legal field and concludes with a discussion on how lawyers may prepare themselves for, and thrive within, an inevitably automated future. top


(note: link-rot has affected about 50% of these original URLs)

Patent Office agrees to review infamous JPEG patent (TechDirt, 12 March 2008) - Last month, we noted that there was some effort being made to get the Patent Office to do a re-exam of a patent that attorney Ray Niro had been using to go after any site that had a JPEG image. While the patent itself had been re-examed before, one claim had been left intact, which Niro has said covers anyone using JPEG compression. It appears that the effort to get the USPTO to look into the patent once again has succeeded, though it’s a long and rather involved process that won’t come to fruition for quite a long time. The request includes a long list of prior art on that one particular claim, which the Patent Office admits it did not look at earlier and that raise substantial questions about the patentability of the remaining claim in the patent. This is rather good news. top

Administration shutting down economic indicators site (TechDirt, 14 Feb 2008) - While there was some decent news suggesting the economy might not be falling into a recession, there are still plenty of knowledgeable folks who think some sort of recession is likely. Last week, in New York, plenty of folks I spoke to seemed to believe we were already in one. Of course, to actually call a recession, the general consensus is that there would need to be two consecutive quarters of negative economic growth. So how would you measure that growth? Well, apparently the White House would prefer to make it as difficult as possible. Reader Jon writes in to note the rather inconvenient timing of the Administration suddenly deciding to shut down its own website that aggregated economic indicators. The site, EconomicIndicators.gov had even won awards from Forbes as a great resource. top