MIRLN—- 4-24 June 2017 (v20.09)

MIRLN—- 4-24 June 2017 (v20.09)—- by Vince Polley and KnowConnect PLLC (supplemented by related Tweets: @vpolley #mirln)



Governments may be big backers of the blockchain (The Economist, 1 June 2017) - In the hills overlooking Tbilisi, Georgia’s capital, sits a nondescript building housing rows of humming computer servers. The data centre, operated by the BitFury Group, a technology company, was built to “mine” (cryptographically generate) bitcoin, the digital currency. But now it also uses the technology underlying bitcoin, called the “blockchain”, to help secure Georgian government records. Experts are eyeing the experiment for proof of whether blockchain technology could alter the infrastructure of government everywhere. While the blockchain originally sought a foothold in financial services, and digital currencies attracted early attention from investors, now interest in using the technology in the public sector is growing. Brian Forde, a blockchain expert at the Massachusetts Institute of Technology, argues that governments will drive its adoption-an ironic twist for something that began as a libertarian counter model to centralised authority. Backers say it can be used for land registries, identity-management systems, health-care records and even elections. Fans argue that, if properly implemented, distributed ledgers can bring improvements in transparency, efficiency and trust. Naysayers respond that wider adoption may reveal security flaws. It is certainly early days for the blockchain: some compare it to the internet in the early 1990s, so growing pains are sure to follow. And blockchains can always be only part of the solution: no technology can turn crooked leaders straight and keep them, for instance, from feeding in spurious data. Creating robust standards will also take time. And integrating databases across vast and complex bureaucracies will need huge investment. Yet governments do not seem fazed. According to a recent IBM survey of government leaders (conducted by the Economist Intelligence Unit, our sister company), nine in ten government organisations say they plan to invest in blockchain technology to help manage financial transactions, assets, contracts and regulatory compliance by next year. top

- and -

  The world’s largest CSDs are forming a new Blockchain consortium (Coindesk, 5 June 2017) - Some of the world’s biggest central securities depositories (CSDs) are uniting to build their own blockchain consortium. Informally called the CSD Working Group on DLT, and comprised of institutions tasked with holding vast amounts of the world’s financial instruments, the fledgling consortium is emerging from talks that have been ongoing since last year. While the formal membership of the group has yet to be revealed, CoinDesk has learned that early participants of the exploratory effort met last month in London and that the work is ongoing. Hosted by ‘Big Four’ consulting firm EY, the meeting was designed to give the companies, including the DTCC, Canada’s CDS, the Moscow Exchange Group and South Africa’s Strate, a better understanding of how blockchain technology might change their roles in the future. What started as informal conversations last October have since evolved into the more formal working group, with members including Russia’s National Securities Depository, Switzerland’s SIX Securities Services, the Nordic subsidiary of Nasdaq and Chile’s DCV. Last week, members of the group published the first results of its partnership: a document describing the product requirements for a proxy voting solution for general meetings, built using distributed ledger technology and ‘synchronized’ with Swift’s messaging standard. Using an unspecified technology, the proposal requires that the platform should accommodate up to 100,000 voting parties and conduct at least 50 transactions per second. While the official stated objective of the working group is to demonstrate the business value of the technology, Duvanov and Strate CEO Monica Singer revealed to CoinDesk that that is only part of the minimum viable product being tested. And, though not every member of the working group appears to have been involved in the London meeting, a second objective of the group is to show the value of collaboration in its own right. [ Polley : Spotted by MIRLN reader John Muller ] top

- and -

  Accenture, Microsoft team up on blockchain-based digital ID network (Reuters, 19 June 2017) - Accenture Plc and Microsoft Corp are teaming up to build a digital ID network using blockchain technology, as part of a United Nations-supported project to provide legal identification to 1.1 billion people worldwide with no official documents. The companies unveiled a prototype of the network on Monday at the UN headquarters in New York during the second summit of ID2020, a public-private consortium promoting the UN 2030 Sustainable Development Goal of providing legal identity for everyone on the planet. The project aims to help individuals such as refugees prove who they are in order to gain access to basic services such as education and healthcare. * * * The new platform will connect existing record-keeping systems of commercial and public entities through blockchain, allowing users to access to their personal information wherever they are. For example, refugees who have fled their country leaving behind birth or education paper certificates would still be able to provide proof of those credentials through the system. One of the main advantages of blockchain is that it allows systems of different organizations to communicate with each other, Yorke Rhodes, global business strategist at Microsoft, said in an interview. The prototype was built on top of an existing Accenture platform, which powers the biometric identity management system used by the UN High Commissioner for Refugees. top

Grad students as peer reviewers: the pros and cons (Chronicle of Higher Ed, 1 June 2017) - A good peer reviewer is hard to find. Does it make sense to expand the search to graduate students? At some journals, editors say, that idea is an absolute nonstarter. But at others, with the number of article submissions on the rise, editors are increasingly asking graduate students to act as referees. A discussion about the value of that practice cropped up Wednesday on the philosophy blog Daily Nous, where Jc Beall, a professor of philosophy at the University of Connecticut, posed the question and listed some pros and cons. On the one hand, he wrote, there’s a supply-and-demand argument for enlisting graduate students: There is “so much publishing that there’s no alternative but to enlist as many recruits as possible.” Beyond that, peer review offers the potential to “expose the grad students to cutting-edge ideas in the latest submitted drafts.” But Mr. Beall found more “strong reasons” to question the practice. Graduate students “already have too little time for their own work,” he wrote. “Why should they be given work that few want in the profession?” What’s more, they have not yet been fully accepted into the faculty, “but are being asked to serve anyhow.” Mr. Beall said the use of graduate students as peer reviewers “appears to be gaining the feel of normalcy.” Is it becoming more widespread? The Chronicle reached out to some editors to see how common the practice is. * * * top

Researchers use ridesharing cars to sniff out a secret spying tool (Wired, 2 June 2017) - Law enforcement’s use of the surveillance devices known as stingrays, fake cell towers that can intercept communications and track phones, remains as murky as it is controversial, hidden in non-disclosure agreements and cloak-and-dagger secrecy. But a group of Seattle researchers has found a new method to track those trackers: by recruiting ridesharing vehicles as surveillance devices of their own. For two months last year, researchers at the University of Washington paid drivers of an unidentified ridesharing service to keep custom-made sensors in the trunks of their cars, converting those vehicles into mobile cellular data collectors. They used the results to map out practically every cell tower in the cities of Seattle and Milwaukee-along with at least two anomalous transmitters they believe were likely stingrays, located at the Seattle office of the US Customs and Immigration Service, and the Seattle-Tacoma Airport. Beyond identifying those two potential surveillance operations, the researchers say their ridesharing data-collection technique could represent a relatively cheap new way to shed more light on the use of stingrays in urban settings around the world. “We wondered, how can we scale this up to cover an entire city?” says Peter Ney, one of the University of Washington researchers who will present study at the Privacy Enhancing Technology Symposium in July. He says they were inspired in part by the notion of “wardriving,” the old hacker trick of driving around with a laptop to sniff out insecure Wi-Fi networks. “Actually, cars are a really good mechanism to distribute our sensors around and cast a wide net.” top

Whose authorization matters-the third-party accounts of former employees (Lawfare, 5 June 2017) - Two district courts in Virginia have parsed out a distinction regarding email access to the third-party accounts of former employees: following the employee’s termination, who is allowed to access the account and whose permission is required? The answer depends on how personal the account was. [ Polley : quite interesting, with detailed case descriptions and compare-and-contrast analysis.] top

  A guide to the ethics of cloud computing for lawyers (Ride the Lightning, 6 June 2013) - It remains astonishing to us that so many lawyers fear the cloud. While we understand the desire to control your own data, as a rule, most clouds will protect law firm data better than the law firms would. By a lot! That is particularly true of solo, small and mid-sized law firms. One of the questions we hear most often is “What does my state say about the ethics of cloud computing?” Actually, we are surprised that a number of states have not spoken on that issue, especially given the prevalence of cloud computing and attorneys’ concerns about it. One good resource comes from the ABA’s Legal Technology Resource Center, which maintains a map showing you which states have spoken about the ethics of cloud computing, accompanied by a quick reference guide to those states that have spoken on the issue. Check out this page on Cloud Ethics Opinions if you are unsure about your state’s position on the ethics cloud computing. top

Coursera closes $64 million round of funding (InsideHigherEd, 8 June 2017) - Online education provider Coursera said Wednesday that it had raised another $64 million, bringing its total equity funding to more $210 million. The company said in a blog post that intends to use the funding to “accelerate our product innovation efforts, grow our high-quality and stackable degree portfolio, and build business and government partnerships in order to address the needs of a global work force.” In addition to expanding in the corporate education market, Coursera this spring signaled that it plans to partner with member universities to launch more fully online degree programs. top

The secret social media lives of teenagers (NYT, 7 June 2017) - Earlier this week, Harvard University revealed that it had rescinded admissions offers to at least 10 students who shared offensive images within what they thought was a private Facebook group chat. The students posted memes and images that mocked minority groups, child abuse, sexual assault and the Holocaust, among other things. Sharing videos, images and memes creates the opportunity for an instantaneous positive feedback loop that can perpetuate poor decision making. In an environment where teens spend around nine hours using some form of online media every day, it doesn’t take long for them to be influenced by an “all-about-the-likes” sense of values that can potentially lead to life-altering decisions. I’ve spent nearly two decades working with teens on organization and time-management in the heart of the Silicon Valley, and many teen girls tell me they have a real Instagram account (“rinsta”) for a wider audience and then keep a “finsta” (friends-only or “fake” Instagram) for their closest friends. Many teens use shortened versions of their names or aliases for finsta accounts, which they often see as an opportunity to share a less edited, less filtered version of their lives. They might spend a lot of time trying to capture the perfect Instagram photo for the “rinsta,” which reaches a wider general audience, while a finsta might reveal, as one high school sophomore girl declared, “my innermost thoughts.” Like the teens in the Harvard Facebook group chat, those using finsta accounts can have a false sense of confidence to say and do things they might not want a wider audience to see. And because so much of today’s teen social media use is rooted in a fear of getting caught, many teens have detoured their online activity to different ways of cloaked communication. Closed and secret Facebook groups are one way teens (and adults!) privatize communication to a select group - a closed group feels more private because it allows an administrator to approve new users and monitor content. Secret Facebook groups remain unsearchable, and members can only be added or invited by another member. Another trick is to use hidden apps like Calculator% and Calculator+ that look like regular calculators, but require users to enter their passcodes to reveal a back storage area containing private photos. Also popular with secretive teens are storage apps like Vaulty, which allows users to hide photos and videos, and also has a “mug shot” feature, which takes a photo of anyone who tries to access the app using an incorrect password. Vaulty’s most clever trick? Users can create two passwords for one vault, with each password tied to specific levels of access. So, a parent who insists that a teen hand over the password still might be getting limited access. Some teens just hide apps within folders on their phones. Parents wondering if their children are hiding something might look for a cleared search history and an unexplainable spike in data usage as potential red flags. * * * top

Facebook knows what you’re doing during commercial breaks (Recode, 8 June 2017) - You know how sometimes you still watch live TV? And how if you’re watching live TV, sometimes a commercial comes on? Well, guess what happens then? If you’re reading this, you know. But now Facebook wants to spell it out for you: You ignore the commercials and you look at your phone. Here’s the graphic version of this story: Facebook says it tracked the behavior of 537 people who told the company they watched “the season premiere of a popular TV show” last fall. This bar chart measures Facebook usage over time. See the spikes? Those are commercial breaks: * * * And just to beat it into the ground, Facebook tracked usage for people who didn’t watch the show. No spikes, just steady liking and sharing. Yes, it’s a small survey, conducted by Facebook, about a single show last year. On the other hand, since it’s only measuring Facebook usage, it probably understates the case. If you factor in Twitter, texting, Clash of Clans and everything else you can do with your phone when a commercial comes on, those spikes would likely be much sharper. Those graphs come via a longer blog post/op-ed from Facebook today, which is theoretically about the state of video advertising, and which offers advice about how to make effective ads. It also includes some new video stats from the company. Among them: On average, Facebook users watch autoplay video for 16.7 seconds per clip; they watch autoplay video ads for 5.7 seconds. But Facebook’s big takeaway here is clear, and it’s the same takeaway Facebook has been offering for years: Advertisers should move their spending away from TV, because consumers have moved their attention away from TV. And if advertisers are going to move their dollars away from TV, Facebook is ready to take those dollars. top

Lawmakers want notice when Pentagon uses cyber weapons (NextGov, 8 June 2017) - Defense Department officials would be required to notify congressional overseers within 48 hours of launching any sensitive cyber operation under legislation introduced Thursday by top lawmakers on the House Armed Services Committee. The law would apply to both offensive and defensive cyber operations that leave DOD networks and produce effects outside locations where the U.S. is engaged in a hot war. The law would not apply to covert actions, which are typically conducted by intelligence agencies rather than the uniformed military. That means the Stuxnet attack against Iran’s nuclear capability, which is among the best-known offensive cyber operations and widely believed to have been launched, in part, by U.S. intelligence agencies, would not fall under the law’s requirements. The law would also require the Pentagon to notify the House and Senate Armed Services Committees about any reviews of cyber weapons to determine if they can be used under international law. top

How tech sleuths cracked the mysterious code that turns your printer into a spying tool (WaPo, 9 June 2017) - You wouldn’t have noticed it unless you knew where - and how - to look, but the top-secret National Security Agency document leaked to the Intercept and published Monday contained a clue that may have led authorities to its source. Spread throughout the pages were barely visible yellow dots, each less than a millimeter in diameter, repeated over and over in the same rectangular pattern. You could see them by zooming in on the pages and adjusting the color. Or, if you had the original printed papers, you could have inspected them with a magnifying glass and a blue LED light. They’re called tracking dots or microdots. Nearly every color printer on the market is equipped with a feature that covertly prints them. They encode any page that comes out of a printer with a serial number, date and time that can be interpreted using a simple cipher. Printer manufacturers are not required to tell customers the feature exists. Although the FBI has signaled otherwise, some experts have speculated that such dots may have helped investigators track down and arrest Reality Leigh Winner, the government contractor who was charged this week with leaking the NSA’s highly classified report. Printer manufacturers have used the dots in some form or another for decades, but they were only revealed to the public fairly recently, when privacy advocates and cybersecurity researchers took notice. PC World was among the first publications to bring them to light. In a 2004 article in the magazine, a senior researcher at Xerox named Peter Crean described the hidden markings in detail. The technology had been developed about 20 years before, he said, to allay government officials’ fears that copy machines could be used to counterfeit money or forge documents. Xerox created an in-house encoding system and agreed to share information about it with authorities. Other companies followed suit. * * * [ Polley : B&W printers?] top

  In Watergate, one set of facts. In Trump era, take your pick. (NYT, 11 June 2017) - Forget Deep Throat, the anonymous senior F.B.I. official whom history so fondly remembers for guiding Carl Bernstein and Bob Woodward through the corruption scandal and cover-up that began with a break-in at the Democratic National Committee and ended with President Richard M. Nixon’s resignation. We now have “the deep state,” the scheming coterie in the intelligence community supposedly seeking to take down the president to protect its own power, as the viral Web conspiracy goes. Watergate unfolded in a much simpler time in the media industry. There were three major news networks and PBS; a major paper or three in every city; and a political dynamic in which leaders duked it out by day and dined together at night. They did so on a solid foundation of agreed-upon facts and a sense of right and wrong that was shared if not always followed. The Trump-Russia scandal is breaking during a time of informational chaos, when rival versions of reality are fighting for narrative supremacy. The causes are legion: The advent of right-wing talk radio and Fox News; the influence of social sites like Facebook, Twitter, Reddit; and the mainstreaming of conspiracy sites like InfoWars, which had almost five million visitors in the last month. By allowing partisans to live in their separate informational and misinformational bubbles, and, in some cases, to allow real news to be rendered as false - and false news to be rendered as true - they have all contributed to the calcification of the national divide. Mainstream journalism, a shiny and ascendant conveyor of truth during Watergate, is in a battered state after decades of economic erosion, its own mistakes and the efforts of partisan wrecking crews to discredit its work, the most recent one led by the president himself. All of it gives the Trump White House something Nixon never had: a loyal media armada ready to attack inconvenient truths and the credibility of potentially damning witnesses and news reports while trumpeting the presidential counternarrative, at times with counterfactual versions of events. Review papers from the Nixon White House and you can see just how much Nixon and his team pined for a media environment resembling the one today. “Nixon was always complaining that he had no defenders,” John Dean, the former Nixon White House counsel, and current CNN contributor, told me Friday. As a memo from one adviser read in 1970: “The lens through which our message gets through is a distorted lens,” therefore “we ought to give consideration to ways and means if necessary to acquire either a government or other network through which we can tell our story.” When a separate memo presented a more detailed plan for a pro-administration news service, White House records show, another adviser, Roger E. Ailes, raised his hand to start it . The plan fizzled, but Mr. Ailes, who died last month, would start the Fox News Channel some 25 years later. top

Belonging online and in the library (InsideHigherEd, 12 June 2017) - Librarians have been thinking quite a bit about their library as a place in the last decade or so. They also try to make their digital spaces convenient for users to orient themselves and get to the information they seek (while also placating the marketing folks who decide what the institutional website should look like). Though we try to make the library where I work a hospitable place with a user-friendly website, I wonder what it looks like to students who are new to the place. When I was an undergraduate I made a nest in my university library. I actually liked writing papers and when I needed a break I’d browse some random part of the stacks: Hakluyt’s Voyages - that looks cool. Huh, An Elementary Welsh Grammar. Wonder if I could learn Welsh? I didn’t like it when a uniformed guard busted me for having food in my carrel, yet I never felt like I didn’t belong there. He was the one who seemed out of place. But I was a weird kid, and privileged, growing up with the unquestioned expectation that I would have a university library in my future and it would feel like home. Kate Bowles, who writes elegantly about higher education at Music for Deckchairs , recently posted essay on “kith,” the sense of place and belonging that goes along with kin, our family relationships. (I’d never actually thought about the meaning of the first half of “kith and kin.”) She quotes Susan Beal: “Kith is not only the place you know and love, but the place that knows and loves you back.” In the essay Bowles examines what that means in terms of “digital citizenship” from her perspective in Australia where actual citizenship has become a fraught subject, a category of exclusion, as perhaps it always has been though not necessarily recognized as such. I’m thinking about this as I start to plan a course that will use digital humanities tools to explore identity and the internet. I know from experience that what seems obvious and comfortable to me is a matter of familiarity. It’s hard work for many students who would rather not be doing it anyway, and thinking about what happens to their data when they use social media is deeply uncomfortable, as is discussing their multiple social media identities. Those are private except for their close friends and the numerous invisible data-mining companies that exploit those identities and relationships. * * * [ Polley : Resonated with me.] top

Legal analytics vs. legal research: What’s the difference? (ABA’s Law Tech Today, 12 June 2017) - For hundreds of years, litigators have served their clients by applying facts to law using legal reasoning. To identify relevant law-statutes, cases, rules-to apply to the facts of a case, lawyers conduct legal research. Performing accurate legal research remains a core skill of successful lawyering. But over the past few years a new tool has appeared in litigators’ toolkits: legal analytics. Legal analytics involves mining data contained in case documents and docket entries, and then aggregating that data to provide previously unknowable insights into the behavior of the individuals (judges and lawyers), organizations (parties, courts, law firms), and the subjects of lawsuits (such as patents) that populate the litigation ecosystem. Litigators use legal analytics to reveal trends and patterns in past litigation that inform legal strategy and anticipate outcomes in current cases. While every litigator learns how to conduct legal research in law school, performs legal research on the job (or reviews research conducted by associates or staff), and applies the fruits of legal research to the facts of their cases, many may not yet have encountered legal analytics. Data-driven insights from legal analytics do not replace legal research or reasoning, or lawyers themselves. They are a supplement, both prior to and during litigation. Think of legal analytics as Moneyball for lawyers. Just as a Moneyball approach to managing a baseball team supplements the hard-earned wisdom of managers, scouts, and team executives with data-driven insights, legal analytics supplements a lawyer’s legal wisdom. * * * top

  Modria, innovator of online dispute resolution, is acquired by Tyler Technologies (Bob Ambrogi, 12 June 2017) - Modria , a pioneering company in the field of online dispute resolution, has been acquired by Tyler Technologies , a company that develops software products for local governments. Modria will become part of Tyler’s Courts and Justice Division, where Modria’s technology will be used to help courts more efficiently handle large volumes of disputes. Modria was founded in 2011 by Colin Rule, who earlier designed and ran eBay’s ODR system, considered the most successful ODR system in the world, and Chittu Nagarajan, the woman who formerly ran the largest ODR system in Asia. Modria’s ODR platform has been used by a number of e-commerce sites as well as by innovative sites designed to provide alternatives to litigation, such as the Rechtwijzer site in the Netherlands, developed by HiiL and the Dutch Legal Aid Board to provide dispute resolution for divorce and separation, landlord-tenant and employment disputes. Modria’s platform has also been adopted by various tax assessors in the United States and Canada to resolve property tax appeals. Rule will remain with Tyler as vice president of online dispute resolution. Modria will be shutting down its e-commerce customers and focusing entirely on courts and ADR organizations, Rule told me. top

Schools tap secret spectrum to beam free internet to students (Wired, 12 June 2017) - In places like Albemarle County, where school officials estimate up to 20 percent of students lack home broadband, all the latest education-technology tools meant to narrow opportunity and achievement gaps can widen them instead. So, rather than wait for reluctant commercial internet providers to expand their reach, the district is trying an audacious solution. They’re building their own countywide broadband network. Still in its early stages, this ambitious project relies on a little-known public resource - a slice of electromagnetic spectrum the federal government long ago set aside for schools - called the Educational Broadband Service (EBS). Some internet-access advocates say EBS is underutilized at best, and wasted at worst, because loose regulatory oversight by the FCC has allowed most of the spectrum to fall into the hands of commercial internet companies. The resulting spectrum scarcity may be the most daunting of the legal, technical and monetary challenges faced by any district hoping to create its own broadband network. But a few pioneering districts have shown that it’s possible, and Albemarle County has joined a nascent trend of districts trying to build their own bridges across the digital divide. top

Homeland Dems seek answers about Trump officials and encrypted app (NextGov, 1 June 2017) - Top Democrats on the Homeland Security Committee are asking inspectors general at 24 federal agencies to investigate whether Trump administration officials are skirting federal records laws by using encrypted and vanishing messaging apps. The committee’s current and former ranking members, Sens. Claire McCaskill, D-Mo., and Tom Carper, D-Del., also want the IGs to investigate whether top agency officials are barring staffers from responding to information requests from congressional Democrats. That request follows a Politico report that Trump administration lawyers advised agencies to ignore Democratic requests. The senators collected the requests into a single, alphabetically arranged document that runs to 120 pages, beginning with the Agriculture Department IG and ending with Veterans Affairs. top

US internet company refused to participate in NSA surveillance, documents reveal (ZDnet, 14 June 2017) - A US company refused to comply with a top-secret order that compelled it to facilitate government surveillance, according to newly declassified documents. It’s thought to be only the second instance of an American company refusing to comply with a government surveillance order. The first was Yahoo in 2008 . It was threatened with hefty daily fines if it didn’t hand over customer data to the National Security Agency. While the company was not named in the 2014-dated document, released Wednesday, it’s thought that it may be an internet provider or a tech company—rather than a telecoms provider. The news comes from a collection of documents that were declassified and released as part of a Freedom of Information lawsuit filed by the Electronic Frontier Foundation and the American Civil Liberties Union. All of the documents relate to the government’s use of the so-called Section 702 statute , named after its place in the law books, a provision of the Foreign Intelligence Surveillance Act. The statute authorizes the collection of data on foreign persons overseas who use US tech and telecoms services. According to the document , the unnamed company’s refusal to participate in the surveillance program was tied to an apparent expansion of the foreign surveillance law, details of which were redacted by the government prior to its release, as it likely remains classified. While tech companies and internet providers are required to provide the government access to customer data when requested, they have the right to push back on the government’s demands by bringing a challenge before the Foreign Intelligence Surveillance Court, which oversees and authorizes the government’s surveillance activities. But despite the company’s efforts to argue that the surveillance order was unlawful, the company was later forced to comply by the court. [ Polley : Spotted by MIRLN reader Gordon Housworth ] top

  Pirate Bay may finally be sunk after EU copyright ruling (ArsTechnica, 14 June 2017) - Infamous BitTorrent tracker site The Pirate Bay can be found liable of copyright violations even if it doesn’t host any infringing content, Europe’s top court has ruled. “Making available and managing an online platform for sharing copyright-protected works, such as ‘The Pirate Bay,’ may constitute an infringement of copyright,” the Court of Justice of the European Union (CJEU) said in its judgment on Wednesday. “Even if the works in question are placed online by the users of the online sharing platform, the operators of that platform play an essential role in making those works available.” The ruling isn’t only good news for copyright lawyers, but it also paves the way for ISPs across Europe to choke access to The Pirate Bay, which started life in Sweden in 2003 and has undergone a number of high-profile legal battles-including prison time for its founders, after they were found guilty of being accessories to breaching copyright laws in 2009. The CJEU’s ruling appears to be suggesting that TPB operators offer functions that go beyond a search engine such as Google. Observers have already been wondering if the judgment will spill over into areas where sites might fall under the court’s definition, which states: “the making available and management of an online sharing platform must be considered to be an act of communication for the purposes of the directive.” top

  Reed Smith releases data breach notification app (Ride the Lightning, 15 June 2017) - On June 12 th , global law firm Reed Smith announced the release of a free app to help companies apply complex state laws to basic data breach facts. The app is call Breach RespondeRS. Nearly every state in the United States has a data security breach law, requiring notice when certain personal information is lost, stolen, or misused. But the many laws differ in small but crucial respects, making it difficult to get to a bottom line. According to Reed Smith, Breach RespondeRS is the first app of its kind prompting companies to answer basic fact questions and immediately get a response as to the likelihood that notification is required. The app’s release was accompanied by an animated video short showing how Breach RespondeRS can aid in both post-incident response as well as pre-incident assessment for identifying risks under different scenarios to help companies prepare accordingly. top

- and -

Cooley is updating its packet of startup tips and financing documents (TechCrunch, 20 June 2017) - Cooley is putting out a new package of seed investment documents for public viewing on its ” GO” microsite, the firm said today. It’s a way for entrepreneurs and early-stage investors and business owners to access what the firm considers to be best practices for early-stage investment and to streamline the process for committing capital at the seed stage. The firm said its new release was prompted by the increase in convertible notes for early-stage financing. Because the investment structure is so popular, and relatively uncomplicated, it’s quickly becoming a default structure for early-stage financing. The documents that Cooley is making public are the same ones it uses in the hundreds of transactions the firm has completed for startups. The new documents also will be available on GitHub, where Cooley’s documents have received several comments from the community. The company said that the new documents will act as a “fork” of the original GitHub repository under open source licenses and on the Cooley GO website. Other documents that support signing agreements for seed-stage deals also are available on the Cooley site. Any new business owner who wants can access and amend the Series Seed “Notes” and equity financing documents directly through Cooley GO’s document generators. top

  European Parliament committee recommends end-to-end encryption for all electronic communications (Tom’s Hardware, 16 June 2017) - The European Parliament’s (EP’s) Committee on Civil Liberties, Justice, and Home Affairs released a draft proposal for a new Regulation on Privacy and Electronic Communications. The draft recommends a regulation that will enforce end-to-end encryption on all communications to protect European Union citizens’ fundamental privacy rights. The committee also recommended a ban on backdoors. * * * top

A GOP voter-targeting firm was doing massive data analysis on Reddit (The Verge, 19 June 2017) - A conservative analytics firm apparently scraped a huge trove of Reddit data as part of its voter-targeting efforts. As reported by Gizmodo , GOP-contracted company Deep Root Analytics accidentally put a folder titled “reddit” on a publicly accessible web server along with other internal records, which cyber risk analyst Chris Vickery discovered last week. It contains 170GB of data from several subreddits, but no indication of how Deep Root might be using the information. The subreddits in question range from innocuous to controversial. One was the banned subreddit r/fatpeoplehate, which Gizmodo speculates was picked for its connection to Trump fans - a FiveThirtyEight analysis of r/The_Donald members found that outside explicitly political subreddits, these users overlapped most strongly with r/fatpeoplehate members. But Deep Root also collected information from mountain-biking and Spanish-speaking subreddits, which have no such connection. Deep Root leaked profiles of nearly 200 million potential voters as well, and it’s possible that it was trying to match names to Reddit profiles - which would give them a deep look at the preferences of specific voters. Gizmodo notes that the Obama campaign matched voter records with Facebook profiles, but it’s unclear that someone could do the same with Reddit, where few people operate under their real names. The company could also simply be looking for correlations in Reddit users’ interests, which could help predict which messages will resonate with specific categories of voters. All we can say for sure from this leak is that political analysts are watching Reddit - which, given its prominence during the election, isn’t a surprise. top

NSA opens GitHub account, lists 32 projects developed by the agency (Hacker News, 20 June 2017) - The National Security Agency (NSA) - the United States intelligence agency which is known for its secrecy and working in the dark - has finally joined GitHub and launched an official GitHub page. The NSA employs genius-level coders and brightest mathematicians, who continually work to break codes, gather intelligence on everyone, and develop hacking tools like EternalBlu e that was leaked by the Shadow Brokers in April and abused by the WannaCry ransomware last month to wreak havoc worldwide. The intelligence agency mostly works in secret, but after Edward Snowden leaks in 2013, the NSA has started (slowly) opening itself to the world. It joined Twitter in the same year after Snowden leaks and now opened a Github account. GitHub is an online service designed for sharing code amongst programmers and open source community, and so far, the NSA is sharing 32 different projects as part of the NSA Technology Transfer Program ( TTP ), while some of these are ‘coming soon.’ ” The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace,” the agency wrote on the program’s page . top

  Know the odds: The cost of a data breach in 2017 (Security Intelligence, 20 June 2017) - We’ve all heard that when it comes to experiencing a data breach, the question is not if it will happen, but when . You may be wondering about the actual odds of it happening to your organization. Think about it this way: The chances of being struck by lightning this year are 1 in 960,000. When it comes to experiencing a data breach, according to the Ponemon Institute’s ” 2017 Cost of Data Breach Study: Global Overview ,” the odds are as high as 1 in 4. Therefore, organizations must understand the probability of being attacked, how it affects them and, even more importantly, which factors can reduce or increase the impact and cost of a data breach. Sponsored by IBM Security and independently conducted by the Ponemon Institute, the 12th annual “Cost of Data Breach Study” is out. The findings revealed that the average total cost of a data breach is $3.62 million in 2017, a decrease of 10 percent over last year. Additionally, the global average cost per record for this year’s report is $141, which represents a decrease of 11.4 percent over last year. Despite the reduction in cost, the average size of a data breach increased by 1.8 percent to 24,089 records. The influencers that impact the cost of a data breach are driven by the country and the IT initiatives underway. The good news is that organizations can take measures to minimize cost and impact. The 2017 “Cost of Data Breach Study” found that having access to an internal or outsourced incident response team has been the top cost-reducing factor for three years running. An incident response team typically accelerates the time frame in which security events can be contained, which is a significant factor in reducing the overall cost of a breach. top

  The Supreme Court establishes a First Amendment framework for social media (Benton Foundation, 21 June 2017) - On June 19, 2017, the Supreme Court of the United States used an unlikely vehicle to expand the scope of First Amendment protection for Internet users. In Peckingham v. North Carolina , speaking for five members of the Court, Justice Anthony Kennedy started with the general principle that the Court has always recognized the “fundamental principle of the First Amendment ... that all persons have access to places where they can speak and listen, and then, after reflection, speak and listen once more.” Then, using soaring language that will surely be widely quoted in future cases, he said: While in the past there may have been difficulty in identifying the most important places (in a spatial sense) for the exchange of views, today the answer is clear. It is cyberspace—the “vast democratic forums of the Internet” in general, and social media in particular. The case arose as a challenge to a North Carolina statute that prohibits registered sex offenders from accessing social media sites. In 2002, Lester Peckingham, who was 21 years years-old at the time, pleaded guilty to taking indecent liberties with a 13 year-old girl. He received a suspended jail sentence and completed a term of probation. Eight years later, Peckingham was convicted of violating the social media statute after a police officer saw Peckingham’s Facebook post joyfully announcing dismissal of a speeding ticket. The Court unanimously found North Carolina’s law to be unconstitutional. This is the second important Supreme Court opinion addressing the role of the Internet in American life. The first, Reno v. ACLU , was issued in 1997, during the Internet’s dial-up era. Its depiction of the Internet as a medium deserving the same high degree of First Amendment protection as traditional print media played an essential role in the legal framework for the Internet’s evolution over the last two decades. Justice Kennedy’s Peckingham decision consciously builds upon Reno ‘s recognition of the Internet as offering “relatively unlimited low-cost capacity for communication of all kinds,” specifically citing how people use Facebook (“users can debate religion and politics with close friends ... or share vacation photos”), LinkedIn (“users can look for work [or] advertise for employees”) and Twitter (“users can petition their elected representatives and otherwise engage with them in a direct manner”) as examples. Justice Kennedy stressed the importance of insuring that the law leave ample room for the further evolution of the Internet’s platform for free expression. top

  Remember when you called someone and heard a song? (Motherboard, 21 June 2017) - Liam Paris, a 21-year-old who lives in Brooklyn, NY, was in eighth grade when he bought “Can’t Tell Me Nothing” by Kanye West as his first ringback tone-the song that played when someone called him. If you were youngish in the early 2000s, you probably remember this phenomenon-calling a friend’s cell phone, and instead of hearing the standard ring, you heard a pop song. Called ringback tones, this digital music fad allowed cell phone owners to subject callers to their own musical preference. Ringback tones were incredibly trendy in the early and mid-2000’s, but have since tapered off nearly to oblivion. Though almost nobody is buying ringbacks anymore, plenty of people still have them from back in the day. The first ringtones debuted in the 1960s on landline phones (remember those?), and became a big money-maker for wireless carriers and the music industry. Ringback tones piggy-backed on this idea several decades later, and would also come to be a cash cow. A patent for contemporary ringback tone technology was filed in the US in 2001 , though earlier ringback technology had been used previously in the US and abroad. Verizon Wireless became the first US national carrier to offer ringback tones in 2004, when ringtones were a multi-billion dollar -a-year industry. Ringback tone sales grew quickly in the early 2000’s, holding strong until 2008, when sales plummeted dramatically as cell phone users began taking advantage of other new products, according to a statement emailed to Motherboard. By 2014, ringback sales got so low that AT&T, the nation’s second largest wireless provider, stopped selling ringback tones. Verizon, the largest wireless provider in the US, did not respond to request for comment for this story, but still sells ringback tones for $1.99. top

FBI agent shares cybersecurity tips for big law (Bloomberg, 22 June 2017) - Corporate clients are now checking to ensure their law firms are taking steps to secure valuable information. In April, the Association of Corporate Counsel issued its first-ever guidance on what data security measures in-house counsel should expect from their firms, Bloomberg BNA reported . Aristedes Mahairas, special agent-in-charge in the cyber division of the New York City’s FBI field office, has spoken with many Big Law firms about their security vulnerabilities and believes the reported cases are just the tip of the iceberg. “A lot of this takes place without a lot of public scrutiny, but there’s no doubt that someone out there is compromised and in pretty bad shape,” he told Big law Business during a recent interview at the FBI’s downtown Manhattan office. “They should be concerned because there’s nothing saying a law firm can’t be sued either for breach of fiduciary duty.” Though law firms haven’t dominated cybersecurity headlines, recent data breaches against Mossack Fonseca, Cravath, and Weil Gotshal have sent a clear signal that lawyers - and the client data they possess - are real targets. Mahairas, who earned his J.D. from New York Law School, began working at the FBI in 1996 as an undercover field officer in New York City. After stints in Bulgaria and Greece and on the Joint Terrorism Task Force, he was appointed special agent in charge of the Special Operations/Cyber Division of the New York Field Office in 2015. The following interview has been edited for length and clarity. * * * top

Avvo, LegalZoom, Rocket Lawyer declared off-limits (Law.com, 2 June 2017) - A joint opinion by three New Jersey Supreme Court committees has blacklisted three web-based services that match litigants with attorneys because of concerns over illicit fee-sharing and referral fees. Avvo facilitates improper fee-splitting, while LegalZoom and Rocket Lawyer operate legal service plans that aren’t registered with the judiciary, according to the June 21 opinion, issued by the Advisory Committee on Professional Ethics, the Committee on Attorney Advertising and the Committee on the Unauthorized Practice of Law. The opinion decrees that “New Jersey lawyers may not participate in the Avvo legal service programs because the programs improperly require the lawyer to share a legal fee with a nonlawyer in violation of Rule of Professional Conduct 5.4(a), and pay an impermissible referral fee in violation of Rule of Professional Conduct 7.2(c) and 7.3(d).” It adds: “The Committees further find that LegalZoom and Rocket Lawyer appear to operate legal service plans through their websites but New Jersey lawyers may not participate in these plans because they are not registered with the Administrative Office of the Courts in accordance with Rule of Professional Conduct 7.3(e)(4)(vii).” top


Surveillance Intermediaries ( Alan Z. Rozenshtein in the Stanford Law Review, forthcoming 2018) - Abstract: Apple’s 2016 fight against a court order commanding it to help the FBI unlock the iPhone of one of the San Bernardino terrorists exemplifies how central the question of regulating government surveillance has become in American politics and law. But scholarly attempts to answer this question have suffered from a serious omission: scholars have ignored how government surveillance is checked by “surveillance intermediaries,” the companies like Apple, Google, and Facebook that dominate digital communications and data storage, and on whose cooperation government surveillance relies. This Article fills this gap in the scholarly literature, providing the first comprehensive analysis of how surveillance intermediaries constrain the surveillance executive. In so doing, it enhances our conceptual understanding of, and thus our ability to improve, the institutional design of government surveillance. Surveillance intermediaries have the financial and ideological incentives to resist government requests for user data. Their techniques of resistance are: proceduralism and litigiousness that reject voluntary cooperation in favor of minimal compliance and aggressive litigation; technological unilateralism that designs products and services to make surveillance harder; and policy mobilization that rallies legislative and public opinion to limit surveillance. Surveillance intermediaries also enhance the “surveillance separation of powers”; they make the surveillance executive more subject to inter-branch constraints from Congress and the courts, and to intra-branch constraints from foreign-relations and economics agencies as well as the surveillance executive’s own surveillance-limiting components. The normative implications of this descriptive account are important and cross-cutting. Surveillance intermediaries can both improve and worsen the “surveillance frontier”: the set of tradeoffs - between public safety, privacy, and economic growth - from which we choose surveillance policy. And while intermediaries enhance surveillance self-government when they mobilize public opinion and strengthen the surveillance separation of powers, they undermine it when their unilateral technological changes prevent the government from exercising its lawful surveillance authorities. top



(note: link-rot has affected about 50% of these original URLs)

Michigan man dodges prison in theft of Wi-Fi (CNET, 22 May 2007)—A Michigan man who used a coffee shop’s unsecured Wi-Fi to check his e-mail from his car could have faced up to five years in prison, according to local TV station WOOD. But it seems few in the village of Sparta, Mich., were aware that using an unsecured Wi-Fi connection without the owner’s permission—a practice known as piggybacking—was a felony. Each day around lunch time, Sam Peterson would drive to the Union Street Cafe, park his car and—without actually entering the coffee shop—check his e-mail and surf the Net. His ritual raised the suspicions of Police Chief Andrew Milanowski, who approached him and asked what he was doing. Peterson, probably not realizing that his actions constituted a crime, freely admitted what he was doing. “I knew that the Union Street had Wi-Fi. I just went down and checked my e-mail and didn’t see a problem with that,” Peterson told a WOOD reporter. Milanowski didn’t immediately cite or arrest Peterson, mostly because he wasn’t certain a crime had been committed. “I had a feeling a law was being broken,” the chief said. Milanowski did some research and found Michigan’s “Fraudulent access to computers, computer systems, and computer networks” law, a felony punishable by five years in prison and a $10,000 fine. Milanowski, who eventually swore out a warrant for Peterson, doesn’t believe Milanowski knew he was breaking the law. “In my opinion, probably not. Most people probably don’t.” Indeed, neither did Donna May, the owner of the Union Street Cafe. “I didn’t know it was really illegal, either,” she told the TV station. “If he would have come in (to the coffee shop), it would have been fine.” But apparently prosecutors were more than aware of the 1979 law, which was revised in 2000 to include protections for Wi-Fi networks. “This is the first time that we’ve actually charged it,” Kent County Assistant Prosecutor Lynn Hopkins said, adding that “we’d been hoping to dodge this bullet for a while.” top

Whole Foods CEO panned Wild Oats on web (Reuters, 12 July 2007) - The chief executive of Whole Foods Market Inc. posted messages on a Yahoo! chat forum under an alias for years, talking up his own company while predicting a bleak future for Wild Oats Markets Inc., the rival it has since sought to acquire. Company CEO John Mackey posted messages on a Yahoo! financial forum under the user name “rahodeb,” according to a court document filed by the U.S. Federal Trade Commission and postings on Yahoo! Mackey’s messages painted a bright future for Whole Foods, the largest U.S. natural and organic grocer, and downplayed the threat posed by competitors. “The writing is on the wall. The end game is now underway for (Wild Oats) .... Whole Foods is systematically destroying their viability as a business - market by market, city by city,” Mackey wrote in a March 28, 2006 posting. It was cited by the FTC as part of a lawsuit aimed at blocking Whole Foods’ planned $565 million (278 million pounds) acquisition of Wild Oats on grounds the deal would hobble competition and increase prices to consumers. “Bankruptcy remains a distinct possibility (for Wild Oats) IMO if the business isn’t sold within the next few years,” rahodeb said in another March 29, 2006 posting on Yahoo! Whole Foods confirmed Mackey had made the “rahodeb” postings between 1999 and 2006. It said references to those comments were among millions of documents the company provided to the FTC as part of the agency’s antitrust lawsuit. In a statement, the company said Mackey posted comments under an alias “to avoid having his comments associated with the company and to avoid others placing too much emphasis on his remarks.” top