en vpolley@knowconnect.com Copyright 2010 2010-07-16T21:19:00-07:00 http://knowconnect.com/mirln/article/mirln_27_june_17_july_2010_v1310/ http://knowconnect.com/mirln/article/mirln_27_june_17_july_2010_v1310/#When:21:19:00Z • Cybersecurity Insurance: Many Companies Continue to Ignore the Issue • Twitter Settles with FTC Over ‘Happiness’ Breach • Court’s Ruling Gives Shot In The Arm To Companies With Network Breaches • Steps to ‘Internet-Proof’ Your Cease and Desist Letter • For $1.99, a (Legal) Song to Add to YouTube Videos • Honorable Technology • Being Wrong About My Laptop-Only Office • National ID Management Plan Draft Short on Details • Another Large Firm Unveils an iPhone App • Lawyer Uses Web to Sort Through Jury Pool • Court Affirms An ISP Is Not Joe Friday Just For Patrolling Its Own Turf • Federal Rules On Campus File Sharing Kick In Today • Cyberwar: It Is Time for Countries to Start Talking About Arms Control on the Internet o War In the Fifth Domain: Are the Mouse and Keyboard the New Weapons of Conflict? • How Social Media Has Prepared Us for Collaborative Business • Mediation In Thomas-Rasset Case Fails, RIAA Hit With Bill • Microsoft Opens Source Code to Russian Secret Service o NSA Cyber-security Program Details Revealed • National Archives Announces Launch of New “Our Archives” Wiki • 2010 ABA Legal Technology Survey • Opinion: 3 Reasons to Kill the Internet Kill Switch Idea • Social Media Use in the Workplace on the Rise • Florida Law Firms Protest Bar’s Online Ad Rules • HHS Issues Security Guidance on Risk Analysis • Bluetooth at Heart of Gas Station Credit-Card Scam in Southeast • Council of Europe Adopts Simplified Rules For VAT Invoicing • Jewish Law and Copyright • eBay Venue Selection Clause Upheld in Texas • High Court Privacy Ruling Finds Way Into Sunshine Law Case • Blackboard’s Bid to Galvanize E-Texts • No More Vacation: How Technology Is Stealing Our Lives NEWS | PODCASTS | RESOURCES | BOOK REVIEW | FUN | LOOKING BACK | NOTES Cybersecurity Insurance: Many Companies Continue to Ignore the Issue (Pittsburgh Post-Gazette, 22 June 2010) - After a year of high-tech breaches at some of the nation’s biggest companies, a provision in a Senate bill calls on the White House to encourage a market for cybersecurity insurance to protect businesses from debilitating costs brought on by hacking and compromised information. The bill, introduced by Sens. Jay Rockefeller, D-W.V., and Olympia Snowe, R-Maine, says the president or his appointee must report to Congress on “the feasibility of creating a market for cybersecurity risk management” one year after the bill’s passing. But a crashed server policy is not as easy to write as a crashed car policy. Many businesses are deterred by an application process described as appropriately exhaustive but forever imprecise. The process is complicated by the tricky nature of monetizing data. Web experts always have held that “information wants to be free.” But how much is it worth when it’s stolen? Companies lost an average of $234,000 per breach in 2009, a recent report by the Computer Security Institute in New York found. But a report released last Tuesday by the Carnegie Mellon CyLab found that 65 percent of its Fortune 1,000 respondents were not reviewing their companies’ cybersecurity policies. Jody Westby, a researcher who worked on the CyLab report that indicated board negligence, said the insurance provision in the cybersecurity bill was a mandate by an ill-informed Congress. “This is interventionist, regulatory, heavy-handed action by Congress,” said Ms. Westby from an technology best practices conference in Burkina Faso, West Africa. “This isn’t anything that Congress is going to fix,” she said. “It’s something boards in America need to fix.” http://www.post-gazette.com/pg/10173/1067262-96.stm Twitter Settles with FTC Over ‘Happiness’ Breach (Wired, 24 June 2010) - Twitter has agreed to implement a new security program and submit to a security audit from a third party as part of a settlement agreement with the Federal Trade Commission over breaches the micro-blogging service experienced in 2009 that put its customers’ privacy at risk. One of the breaches allowed hackers to take over high-profile Twitter accounts, including then-President-Elect Barack Obama’s and the official feed for Fox News, and view personal information of the account holders as well as send out fake messages through the accounts. Twitter will not have to pay a fine in the settlement, but the company is prohibited from “misleading consumers about the extent to which it maintains and protects the security, privacy and confidentiality of nonpublic consumer information, including the measures it takes to prevent authorized access to information and honor the privacy choices made by consumers.” Twitter was breached in January 2009 after a teenage hacker obtained access to the administrative account of one of its employees. The employee had used a weak password — “happiness” — which the intruder easily discovered by using an automated password-guessing tool to crack it. The hacker, who goes by the handle GMZ, told Threat Level at the time that cracking the password was easy because Twitter allowed an unlimited number of rapid-fire log-in attempts to be conducted on accounts. Twitter said at the time that 33 high-profile accounts were compromised, but in a statement about the settlement published on its blog on Thursday, it said 45 accounts were affected. Twitter co-founder Biz Stone told Threat Level after the January 2009 breach that the company was addressing the security issues that allowed the breach by doing “a full security review on all access points to Twitter. More immediately, we’re strengthening the security surrounding sign-in. We’re also further restricting access to the support tools for added security.” The FTC chastised Twitter for its lax security. “When a company promises consumers that their personal information is secure, it must live up to that promise,” David Vladeck, director of the FTC’s Bureau of Consumer Protection, said in a statement about the settlement. http://www.wired.com/threatlevel/2010/06/twitter-settles-with-ftc/ Court’s Ruling Gives Shot In The Arm To Companies With Network Breaches (Steptoe & Johnson’s E-Commerce Law Week, 26 June 2010) - A recent decision by a federal court in Illinois in Devine v. Kapasi provides more ammunition for companies seeking a viable cause of action against those who obtain unauthorized access to their networks. The court ruled that a “facility through which an electronic communication service is provided” can legitimately file suit under the Stored Communications Act (SCA) (18 U.S.C. § 2701, et seq.) when it is breached, even if that facility does not provide such services to the public. In other words, the court made clear that a private server also falls under the umbrella of the SCA prohibition on unauthorized access. The ruling also underscores how the SCA can serve as a complement to, or substitute for, the Computer Fraud and Abuse Act (CFAA). Indeed, as the Plaintiffs saw first-hand in this case, most private sector plaintiffs making a CFAA claim suffer the disadvantage of having to prove a statutory threshold of damage “aggregating at least $5,000 in value.” A cause of action under the SCA has no such threshold. http://www.steptoe.com/publications-6981.html Steps to ‘Internet-Proof’ Your Cease and Desist Letter (Eric Goldman’s blog, 28 June 2010) - I posted a ways back at Avvo’s blog about how the internet increasingly affects litigation by shining the light on abusive lawsuits or those that overreach. I didn’t mention something related that has become fairly common, and that’s the mockery of cease and desist letters by the internet. It seems like not a week goes by without someone sending an ill-advised cease and desist letter that the internet enjoys a good laugh over. Last week’s example was brought to you by the National Pork Board and its lawyers, who decided that ThinkGeek’s “Canned Unicorn Meat” (released on April 1) infringed on NPB’s “The Other White Meat” family of trademarks. (ThinkGeek: “Officially Our Best-Ever Cease and Desist.”) D.C. Toedt has a post titled “Cease-and-desist letters: Five ways to keep your client and yourself from looking foolish“ that provides some helpful steps you can take to avoid NPB’s plight: 1. Think about whether sending the letter is such a good idea. 2. Consider what the other side might do for a counter-attack. 3. Skip the histrionics – just the facts, ma’am. 4. Never threaten to sue – when the time comes, just do it. 5. Don’t set a compliance deadline, nor demand a written response. That’s pretty sage advice that people often seem to ignore. Cease and desist letters should also be relatively short and to the point. You obviously want to be right on the facts and the law, but rare is the opponent who will be cowed into submission by extensive citations coupled with wonderful lawyerly prose. If it does not achieve compliance, it ends up being a way to sink a bunch of lawyer time into a letter that does not result in much. Often, a cease and desist letter to a lawyer becomes what a confirmation hearing is to a senator: an opportunity to drone on. (Cease and desist letters often serve other purposes, such as putting the other side on notice, revoking an implied license, etc.) On the other hand, a well-written response could sway the other side. Since the party who is sending the cease and desist will almost always see the response, a thoughtful response is an opportunity to demonstrate why the demands in the letter are out in left field. Increasingly, lawsuits play out in the public arena, so it’s also worth looping in the PR/messaging folks at the early stages (i.e., before you send the letter). If the recipient posts your letter and mockery ensues, you probably skipped one of the steps outlined in the post, but in any event, it would be helpful to have something articulating your rationale and position already out there or ready to go. Of course, when all else fails, you could always try to assert a copyright in your letter (to prevent its reproduction), but that’s just inviting further ridicule. http://blog.ericgoldman.org/archives/2010/06/steps_you_can_t.htm For $1.99, a (Legal) Song to Add to YouTube Videos (NYT, 28 June 2010) - You’ve shot the video and edited it down. It’s ready for YouTube. But what about the soundtrack? Publishing a video with copyrighted music requires a license for the song. And securing that can be a cumbersome task — track down the record label, make a deal — especially for amateurs just looking to post a video of the family vacation. But on Tuesday, the music licensing company Rumblefish is introducing a service that allows users to buy a license to a copyrighted song for $1.99. For that price, the user gets the full version of the song and can edit it as well. The new service, Friendly Music, can be used only for noncommercial purposes — like posting family or wedding videos online. Any commercial purpose, like including it in a video intended to sell a product, requires a different license. Friendly Music will offer access to more than 35,000 songs, though none of them come from the four major labels. The company says that it hopes to have deals with what it is calling name artists in the coming months. http://www.nytimes.com/2010/06/28/business/media/28rumblefish.html?scp=1&sq=rumblefish&st=cse Honorable Technology (InsideHigherEd, 28 June 2010) -”It’s not honors English. It’s honorable English,” said Mr. McCann of La Jolla High School in 1979. Three thousand miles away and 30 years later, this principle is still true. So true that Mr. McCann’s wisdom has become something of a motto for Macaulay Honors College. Beyond just honors classes or programs, the concept of honorable behavior is one that is essential for all students—but too often relegated to a page in the student handbook or a mandated paragraph on a syllabus forbidding plagiarism. What is missing from such notifications is a comprehensive, ethical, and honorable approach to teaching and learning, especially when technology is involved and is as crucial to a program as it is to ours. This is something we learned the hard way. All Macaulay students are provided with laptops and digital cameras as part of their honors scholarships. But we don’t just give out tech gifts and run. Our core belief is that, like scholars and explorers throughout history, students should make use of the latest, most innovative, productive tools of their age and understand that tools by themselves are not value-free. Although a student’s laptop is not a tool on the order of magnitude of an atomic bomb, the principle is the same: With power, greater or lesser, comes responsibility. So we work with students from the moment they are handed their laptops to train them and to challenge them to understand the power they hold. http://www.insidehighered.com/views/2010/06/28/tomasch Being Wrong About My Laptop-Only Office (InsideHigherEd, 28 June 2010) - I’m in the middle of Being Wrong: Adventures in the Margin of Error, by Kathryn Schulz, so everything I write this week is going to be strongly influenced by this amazing book. The big message of Being Wrong, so far, is that we should embrace error. Embrace our own and other people’s errors, as it is only through being wrong that we learn anything. Schultz laments that we all too often fail to utter the simple words, “I was wrong”—almost always attaching a caveat or explanation. She thinks we’d all be better off, both as people and as a people, if we figured out how turn our inability to get it right into a virtue as opposed to a vice. Think you are good at admitting your errors? Fine. Tell us specifically the last time you were wrong about something? Or tell us the kind of thing you are often wrong about? It’s actually pretty hard. So in the spirit of “Being Wrong,” I want to share with you my idea for how I want to arrange my new office. This week I’m changing my physical location for a new gig at my college (more on that later), and I have this idea about how I want my new office to be set-up. Having read Snoop: What Your Stuff Says About You, by Sam Gosling, I know all too well how one’s office setup sends a message about the image of ourselves we wish to project. http://www.insidehighered.com/blogs/technology_and_learning/being_wrong_about_my_laptop_only_office [Editor: embracing error is key in knowledge management; the hospital where my mother died advertised a staff learning program with a poster “Never Waste a Great Mistake!” (which I took in the right way). More on KM here.] [PPS: I’m editing MIRLN in a laptop-only office right now – the backyard garden.] National ID Management Plan Draft Short on Details (NextGov, 28 June 2010) - A draft of a national plan to manage identities on the Internet that the Obama administration released on June 25 advocates using standard credentials to prove individuals’ identities online, including making sure devices and software are legitimate, but some cyber experts say the policy still leaves open security and privacy issues. As promised, White House cybersecurity coordinator Howard Schmidt announced the release of the National Strategy for Trusted Identities in Cyberspace, which will act as a “a blueprint to reduce cybersecurity vulnerabilities and improve online privacy protections through the use of trusted digital identities.” The proposed strategy, which the Homeland Security Department posted online for public comment, would allow individuals to choose voluntarily to obtain a “secure, interoperable and privacy-enhancing credential,” such as a smart identity card, from a variety of public and private services. The credential would authenticate the user while conducting different types of online transactions, Schmidt said. The plan does not advocate a national identification card, he noted, but rather “an ecosystem of interoperable identity service providers” that provide individuals with a choice of credentials that can be used to securely access electronic health records, conduct online banking, purchase items over the Internet, or send an e-mail, for example. Users will have more control of the private information used to authenticate themselves online, Schmidt said, and generally will not have to reveal more than is necessary to do so. But the plan leaves unanswered some critical questions, federal information technology experts said. “The concern is the process associated [with] who is validating who,” which is not clearly defined in the plan, said Karen Evans, former administrator for e-government and information technology at the Office of Management and Budget during the George W. Bush administration. Evans said the same issue arose when the [public key infrastructure] emerged as a way to create, manage, distribute, revoke digital certificates, and when the Bush administration began implementing Homeland Security Presidential Directive 12, which established a common identification standard for federal employees and contractors to access government buildings and computers. Evans also is member of the Commission on Cybersecurity for the 44th Presidency, which the Center for Strategic and International Studies created in October 2007 to advise incoming presidents on cybersecurity issues. Processes for validating identities must be clearly defined and effectively address privacy concerns, she said, referencing a lawsuit employees of the California Institute of Technology’s Jet Propulsion Laboratory filed against NASA. They claimed background investigations required for HSPD-12 violated their constitutional right to privacy. The case is currently before the Supreme Court. Evans agreed with public comments posted in response to the strategy that warned against centralization and reinventing the wheel. One person argued, “A single centralized identity is inherently less secure than a dozen identities, because it creates a single point of failure,” and another advocated enforcing “existing open source initiatives that already are known to work, including the e-mail encryption standard [Pretty Good Privacy] and OpenID,” the standard for authenticating users online. http://www.nextgov.com/nextgov/ng_20100628_8259.php?oref=topnews Another Large Firm Unveils an iPhone App (Robert Ambrogi, 29 June 2010) - Following on the heels of Morrison & Foerster and its launch of an iPhone app in March, the Boston-based AmLaw 200 firm Goulston & Storrs this week came out with an iPhone app of its own. While the MoFo app had the clever name, MoFo2Go, the G&S app is rather blandly dubbed, Goulston & Storrs News Application. Compared to the MoFo app, the G&S app is also rather bland in its execution. While the MoFo app lets one view attorneys’ bios, explore the firm’s offices, follow firm news, and even play a pretty neat game, the G&S app is nothing more than a news feed, with tabs for advisories, press releases and publications put out by the firm. At least the price is right: free. http://www.lawsitesblog.com/2010/06/another-large-firm-unveils-an-iphone-app.html Lawyer Uses Web to Sort Through Jury Pool (ABA Journal, 1 July 2010) - Paralegals carrying laptops equipped with 3G and wireless cellphone lines accompany Los Angeles County plaintiffs lawyer Paul Kiesel to court when it’s time to pick a jury. Providing that they can pick up a signal, the workers do real-time social media searches while the clerk reads the names of jury panel members. In Los Angeles County, how jury panel members’ names are released is left to the judge’s discretion. On big cases, Kiesel says, the court might release names the evening before selection begins. But more commonly, counsel finds out who is on the panel as the members walk in. “Last month I had 50 jurors, and as the court clerk read out the names, I had two people in the courtroom and a third person back at the office, with all three of them doing research,” says Kiesel, a partner with Kiesel, Boucher & Larson. Junior lawyers also assisted, and Kiesel estimates the social media research for that case cost less than $5,000. or the most part, state courts allow lawyers to bring laptops into court rooms, but Googling the jury panel isn’t what they have in mind, says Paula Hannaford-Agor. She directs the Center for Jury Studies at the National Center for State Courts. “It’s hard to make a broad generalization, but it’s fair to say the bench is more protective of juror privacy,” she says, adding that online snooping “tends to creep jurors out when they’re aware of it.” Kiesel says no judge has banned him from using the Internet in jury selection. That sort of mandate, he adds, would violate the First Amendment. Hannaford-Agor allows that the searches would be hard to police. “This is a really fluid area right now, and no one in the legal community is adequately keeping up with the technology or some of the implications,” she says. “So if you call me again in six months, I might have a different answer.” http://www.abajournal.com/magazine/article/tech_check/ Court Affirms An ISP Is Not Joe Friday Just For Patrolling Its Own Turf (Steptoe & Johnson’s E-Commerce Law Week, 1 July 2010) - The Fourth Circuit recently concluded in U.S. v. Richardson that an Internet service provider’s screening of users’ communications for images of child pornography did not make it an agent of the government, and thus did not implicate the Fourth Amendment. Even though federal law requires ISPs to report any “apparent” child pornography that they come across, the court reasoned, this reporting obligation does not require or even encourage ISPs to go looking for such material. The decision leaves open the question of what other actions by the government to encourage reporting, or to influence the manner in which screening is done, might cross the line and turn ISPs into government agents. These questions are relevant not just to reporting of child pornography, but to other areas in which the government might urge, or even require, communications providers to screen packets that cross their networks, such as in an effort to detect malware or copyrighted material. http://www.steptoe.com/publications-6981.html Federal Rules On Campus File Sharing Kick In Today (CNET, 1 July 2010) - Frat parties and free music have been among the perks of attending college in the United States during the past decade. But now the days of using fat campus bandwidth to download movies and music via file-sharing networks appear to be coming to an end. Thursday is the deadline for colleges and universities that receive Title IV federal aid to have implemented antipiracy procedures on their campuses as part of the Higher Education Opportunity Act (HEOA) of 2008. HEOA, which was backed by the movie and music industries, addresses a lot of different facets of higher education, but tucked in there are provisions that require schools to adhere to guidelines on illegal file sharing. They include: • Providing students a description of copyright law and campus policies with regards to violations of copyright law. • Combatting copyright violations on campus networks using technology-based deterrents. • Offering alternatives to illegal downloading. In the past year, schools across the country have tried to comply by implementing new procedures and technologies. http://news.cnet.com/8301-31001_3-20009386-261.html?tag=newsEditorsPicksArea.0 Cyberwar: It Is Time for Countries to Start Talking About Arms Control on the Internet (The Economist Cover Story, 1 July 2010) - Throughout history new technologies have revolutionised warfare, sometimes abruptly, sometimes only gradually: think of the chariot, gunpowder, aircraft, radar and nuclear fission. So it has been with information technology. Computers and the internet have transformed economies and given Western armies great advantages, such as the ability to send remotely piloted aircraft across the world to gather intelligence and attack targets. But the spread of digital technology comes at a cost: it exposes armies and societies to digital attack. The threat is complex, multifaceted and potentially very dangerous. Modern societies are ever more reliant on computer systems linked to the internet, giving enemies more avenues of attack. If power stations, refineries, banks and air-traffic-control systems were brought down, people would lose their lives. Yet there are few, if any, rules in cyberspace of the kind that govern behaviour, even warfare, in other domains. As with nuclear- and conventional-arms control, big countries should start talking about how to reduce the threat from cyberwar, the aim being to restrict attacks before it is too late. Cyberspace has become the fifth domain of warfare, after land, sea, air and space (see article). Some scenarios imagine the almost instantaneous failure of the systems that keep the modern world turning. As computer networks collapse, factories and chemical plants explode, satellites spin out of control and the financial and power grids fail. That seems alarmist to many experts. Yet most agree that infiltrating networks is pretty easy for those who have the will, means and the time to spare. Governments know this because they are such enthusiastic hackers themselves. Spies frequently break into computer systems to steal information by the warehouse load, whether it is from Google or defence contractors. Penetrating networks to damage them is not much harder. And, if you take enough care, nobody can prove you did it. http://www.economist.com/node/16481504 - and - War In the Fifth Domain: Are the Mouse and Keyboard the New Weapons of Conflict? (The Economist, 1 July 2010) – At the height of the cold war, in June 1982, an American early-warning satellite detected a large blast in Siberia. A missile being fired? A nuclear test? It was, it seems, an explosion on a Soviet gas pipeline. The cause was a malfunction in the computer-control system that Soviet spies had stolen from a firm in Canada. They did not know that the CIA had tampered with the software so that it would “go haywire, after a decent interval, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to pipeline joints and welds,” according to the memoirs of Thomas Reed, a former air force secretary. The result, he said, “was the most monumental non-nuclear explosion and fire ever seen from space.” This was one of the earliest demonstrations of the power of a “logic bomb”. Three decades later, with more and more vital computer systems linked up to the internet, could enemies use logic bombs to, say, turn off the electricity from the other side of the world? Could terrorists or hackers cause financial chaos by tampering with Wall Street’s computerised trading systems? And given that computer chips and software are produced globally, could a foreign power infect high-tech military equipment with computer bugs? “It scares me to death,” says one senior military source. “The destructive potential is so great.” After land, sea, air and space, warfare has entered the fifth domain: cyberspace. President Barack Obama has declared America’s digital infrastructure to be a “strategic national asset” and appointed Howard Schmidt, the former head of security at Microsoft, as his cyber-security tsar. In May the Pentagon set up its new Cyber Command (Cybercom) headed by General Keith Alexander, director of the National Security Agency (NSA). His mandate is to conduct “full-spectrum” operations—to defend American military networks and attack other countries’ systems. Precisely how, and by what rules, is secret. http://www.economist.com/node/16478792 How Social Media Has Prepared Us for Collaborative Business (Mashable, 6 July 2010) - While Facebook and Twitter are often cited as distractions for employees, the networks’ immediacy, collaboration and community offer great hope for business. Today, a massive technological shift is underway — led for the first time by employees — to bring these benefits to the workplace. And this change has happened only very recently. Facebook has surpassed 400 million active users in just six years and Twitter counted 105 million registered users in just four. These networks have trained a generation for a new style of collaboration through profiles, status updates, groups, feeds, lists and filters. As such, they have changed our expectations of how we should be able to connect with others and collaborate in real-time. But when we come to work, we throw all of this out the window. The concept of immediacy doesn’t exist here, and arguably, this is where it matters most. Many businesses are stuck in the past, using antiquated technologies that were put in place before the web even existed. For new graduates entering the workplace, it’s counterintuitive to have to revert to these slow forms of collaboration. As a result, we are more productive with our personal networks than we are with our colleagues and customers. Why shouldn’t we expect real-time collaboration at work? Business happens in real-time. Market shifts happen in real-time. Data changes in real-time. Why shouldn’t collaboration and learning in business happen in real-time, too? That question is the inspiration for new social tools entering the workplace that have the same look and feel as Facebook or Twitter. These social tools offer a new way to collaborate with people at work that is private, secure and relevant to business. Because we all use the public networks, there’s no learning curve. Instead of following friends or celebrities, you follow people on your team, the activity in your top customer accounts, your new marketing campaigns, and your critical business documents. You’re able to gain the insights you need from a real-time feed, all within a completely secure environment. And because these new social tools are based on the web, you can access them from anywhere, whether you’re on your laptop, iPad or iPhone. Imagine Facebook and Twitter-style collaboration in the workplace: Social Media in Your Personal Life Social Tools in Your Work Life Post photos from the BBQ last Saturday and it will show up in the feeds of your friends and family. Post the new sales presentation you’ve updated, and it will show up in the feeds of your colleagues. Collaborate with friends to plan a camping trip for next month. Collaborate with colleagues to prepare for the big customer meeting next week. You follow @tylerflorence or @gdelaurentiis on Twitter for cooking tips. You follow experts in your company for tips on how to best close deals or find industry expertise. You follow @Starbucks on Twitter for the latest deals and customer service. You follow important customer accounts to be sure issues and open items are resolved. You post questions to your Facebook wall or Twitter feed to get recommendations and insight from friends and industry experts. You post questions to your company network to receive advice and relevant documents from your colleagues across all departments. http://mashable.com/2010/07/06/social-media-collaborative-business/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Mashable+%28Mashable%29&utm_content=Google+Reader Mediation In Thomas-Rasset Case Fails, RIAA Hit With Bill (ArsTechnica, 7 July 2010) - Minnesota’s top federal judge, Michael Davis, certainly seems like a man who just wants the (in)famous Jammie Thomas-Rasset peer-to-peer file-sharing case on his docket to just go away. And the recording industry, which has prosecuted Thomas-Rasset through one name change, two trials, and three years, appears to be under the distinct impression that it’s getting picked on. Thomas-Rasset was the first P2P user in the US to take her copyright infringement case all the way to a federal trial, where she was found liable for $222,000 in damages. After the trial ended, Judge Davis tossed the verdict and granted Thomas-Rasset a new trial on the grounds that one of his jury instructions was flawed. That second trial again found Thomas-Rasset liable, and jurors upped the damages to a shocking $1.92 million for the 24 songs at issue in the case. This time, Davis ruled the amount “monstrous” and slashed it to $54,000. The RIAA could take that amount or it could choose a third trial, limited to the issue of damages. It chose a third trial. But instead of letting the case play out, Davis in June 2010 ordered the parties to meet with a Minneapolis arbiter to hash out their differences. When Davis ordered both sides into mediation again last month, lawyers on both sides must have practiced their eye-rolling skills. What was the point? But Davis also noted something specific and unusual in his June 18 order: the arbiter would be paid $400 per hour, and “the fees incurred for the settlement proceedings shall be paid by Plaintiff.” That is, by the recording labels. http://arstechnica.com/tech-policy/news/2010/07/riaa-to-federal-judge-remember-we-are-the-victims.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss Microsoft Opens Source Code to Russian Secret Service (ZDnet, 8 July 2010) - Russian publication Vedomosti reported on Wednesday that Microsoft had also given the Russian Federal Security Service (FSB) access to Microsoft Windows Server 2008 R2, Microsoft Office 2010 and Microsoft SQL Server source code, with hopes of improving Microsoft sales to the Russian state. The agreement will allow state bodies to study the source code and develop cryptography for the Microsoft products through the Science-Technical Centre ‘Atlas’, a government body controlled by the Ministry of Communications and Press, according to Vedomosti. Microsoft Russia president Nikolai Pryanishnikov told Vedomosti that employees of Atlas and the FSB will be able to share conclusions about Microsoft products. The agreement is an extension to a deal Microsoft struck with the Russian government in 2002 to share source code for Windows XP, Windows 2000 and Windows Server 2000, said Vedomosti. A senior security source with links to the UK government told ZDNet UK on Wednesday that the 2002 deal was part of Microsoft’s Government Security Program. NATO also signed up, said the source. Having a number of different governments with access to Microsoft code meant it was possible that a government could find holes in the code and use it to exploit another nation-state’s systems, said the source. Cambridge University security expert Richard Clayton told ZDNet UK on Thursday that opening up source code leads to a complex security situation. While a view of the code could enable a government to find security holes that the state could use to launch attacks against other nation states, it is possible to find holes in software without having access to the source code, said Clayton. http://www.zdnet.co.uk/news/security/2010/07/08/microsoft-opens-source-code-to-russian-secret-service-40089481/ - and - NSA Cyber-security Program Details Revealed (eWeek, 9 July 2010) - In response to a report in the Wall Street Journal, the National Security Agency revealed some information about its plans for “Perfect Citizen,” which it described as a research and engineering effort around vulnerability assessment and capabilities development. The National Security Agency revealed some information about the nature of its “Perfect Citizen” cyber-security program after a report about the agency’s plans surfaced in the media. While the agency is unwilling to confirm or deny some details of the Wall Street Journal article, the agency described Perfect Citizen as a “vulnerabilities-assessment and capabilities-development” effort, and stressed that there is no monitoring activity involved. “Specifically, it does not involve the monitoring of communications or the placement of sensors on utility company systems,” NSA spokesperson Judith Emmel said in a statement. “This contract provides a set of technical solutions that help the National Security Agency better understand the threats to national security networks, which is a critical part of NSA’s mission of defending the nation.” Defense contractor Raytheon was reported by the Journal to have received the contract for the project. According to the Journal, Perfect Citizen would involve placing sensors across a variety of computer networks belonging to government agencies and private sector companies involved in critical infrastructure in order to protect against cyber-attacks. The focus would be large, typically older systems designed without Internet connectivity or security in mind, the Journal reported. http://www.eweek.com/c/a/Security/NSA-Cyber-Security-Program-Details-Revealed-275248/ National Archives Announces Launch of New “Our Archives” Wiki (BeSpacific, 9 July 2010) - The National Archives announces the launch today of its first public wiki called “Our Archives” on Wikispaces located at: http://www.ourarchives.wikispaces.net. “Our Archives” provides a collaborative space for members of the public, researchers, and staff to share knowledge about National Archives records, resources and research. The wiki is an opportunity for researchers, historians, archivists, and citizen archivists to work together to create pages on specific records or topics as well as to share information and resources to connect with other researchers.” http://www.bespacific.com/mt/archives/024676.html 2010 ABA Legal Technology Survey (e-Discovery Insights, 9 July 2010) - Nothing like a Friday afternoon to examine six volumes of law & technology statistics from the ABA. I was somewhat amused when I accessed their page and discovered that they’d received an endorsement - from yours truly. Somebody apparently liked something I said about last year’s survey and quoted me. The ABA provided me with some excerpts, so I reviewed them and picked out a few that I thought would be of interest. http://www.ediscoverycalifornia.com/insights/2010/07/2010-aba-legal-technology-survey.html Opinion: 3 Reasons to Kill the Internet Kill Switch Idea (Bruce Schneier, 9 July 2010) - Last month, Sen. Joe Lieberman, I-Conn., introduced a bill that might—we’re not really sure—give the president the authority to shut down all or portions of the Internet in the event of an emergency. It’s not a new idea. Sens. Jay Rockefeller, D-W.Va., and Olympia Snowe, R-Maine, proposed the same thing last year, and some argue that the president can already do something like this. If this or a similar bill ever passes, the details will change considerably and repeatedly. So let’s talk about the idea of an Internet kill switch in general. It’s a bad one. Security is always a trade-off: costs versus benefits. So the first question to ask is: What are the benefits? There is only one possible use of this sort of capability, and that is in the face of a warfare-caliber enemy attack. It’s the primary reason lawmakers are considering giving the president a kill switch. They know that shutting off the Internet, or even isolating the U.S. from the rest of the world, would cause damage, but they envision a scenario where not doing so would cause even more. That reasoning is based on several flawed assumptions. http://www.aolnews.com/opinion/article/opinion-3-reasons-to-kill-the-internet-kill-switch-idea/19547140 [Editor: As usual, I find Schneier’s reasoning sound and useful.] Social Media Use in the Workplace on the Rise (Mashable, 12 July 2010) - A new study from Trend Micro shows that more workers around the globe are using social networks while in the office and on the clock. The survey took a look at the habits of 1,600 Internet users from the U.S., UK, Germany and Japan and found that over the past two years alone, social web use in the workplace has risen from 19% to 24%. In Germany specifically, social media use at work saw a 10% increase. It’s still unclear whether this gradual but significant rise is being used to drive our businesses ahead, or if we’re instead wasting our companies’ time and money — a distinction that’s especially important to managers concerned with network security and productivity issues. For workers on laptops, these numbers are even higher — 8% globally and 14% in Germany. All told, almost a third of laptop users around the world will use social websites while at work. A company’s size also seems to make a difference whether or not employees will use social sites while at work. Especially in the U.S. and Japan, workers at larger companies are more likely to stay off social networks — perhaps due to firewalling or other forms of restricted access. In the UK and Germany, however, employees at big companies are slightly more likely to browse the social web while at the office. http://mashable.com/2010/07/12/social-media-at-work/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Mashable+%28Mashable%29&utm_content=Google+Reader Florida Law Firms Protest Bar’s Online Ad Rules (Law.com, 12 July 2010) - While the American Civil Liberties Union and other nonprofit legal groups have been declared exempt from a strict proposal for regulating lawyer websites, Florida’s largest law firms are starting to band together to protest the regulations, largely on First Amendment grounds. Facing protests, lawsuits and threats of more lawsuits from lawyers, The Florida Bar has postponed rules that were to take effect July 1. The Florida Supreme Court is allowing lawyers to file comments about the proposal by 
Aug. 16. The new rules would have barred online testimonials, summaries of case results and “deceptive, misleading, manipulative” or confusing audio or visual content. The Bar, facing protests that the rules were overly vague and unfair, offered a compromise amendment that would allow existing sites to be viewed if visitors clicked a disclaimer box. Florida already is acknowledged to have some of the toughest rules in the nation for lawyer advertising. Many lawyers consider the latest version of online regulations a violation of their First Amendment right to free speech. Additionally, some lawyers complain that a disclaimer box could scare away or discourage viewers, including potential new clients. The Washington consumer advocacy group Public Citizen has sued The Bar over the proposed rules. In a May 13 letter to the Bar, the ACLU of Florida stated it had no intention of requiring the public to click and view a disclaimer. Practically threatening a lawsuit, the civil liberties group asked the Bar to advise by June 1 whether it would be required to comply with the new web rules. The ACLU’s site seeks to educate the public through news releases about its successes, encourage participation in civil liberties issues and allow people to seek legal assistance from the ACLU. All actions would have been barred by the new rules. “Because of the importance of the public education component of the ACLU, we do not intend to create a portion of the Web site to be accessible only after viewing a disclaimer page,” said Florida ACLU legal director Randall Marshall. “We believe that the postings on our Web site are fully protected by the First Amendment and that the application of this revised rule to the ACLU would constitute a violation of our constitutional rights.” Bar ethics counsel Elizabeth Tarbert wrote the ACLU on June 28 stating the new rules do not apply to the ACLU. “The ACLU Web site is not considered commercial speech as the Web site exists for the purpose of furthering the ACLU’s political agenda and is not an advertisement for clients for pecuniary gain,” Tarbert noted. http://www.law.com/jsp/article.jsp?id=1202463422851&rss=newswire HHS Issues Security Guidance on Risk Analysis (Strasburger, 12 July 2010) -As discussed in a prior edition of Health Industry Online, the enactment of the American Recovery and Reinvestment Act of 20091 (ARRA), and more specifically, Title XIII of the ARRA, known as the Health Information Technology for Economic and Clinical Health Act (HITECH Act) has caused many health care providers and business associates to revisit their existing policies and procedures relating to compliance with HIPAA and its privacy and security regulations.2 To assist organizations in complying with HIPAA security standards, the HITECH Act requires the U.S. Department of Health and Human Services (HHS) to issue annual guidance on the “most effective and appropriate technical safeguards” for use in carrying out the provisions of the HIPAA security regulations (Security Rule).3 Accordingly, HHS will release a series of guidance materials to assist organizations in identifying and implementing administrative, physical and technical safeguards to protect the confidentiality, integrity and availability of electronic protected health information (e-PHI), which will be updated annually. The first annual guidance on the Security Rule, entitled “HIPAA Security Standards: Guidance on Risk Analysis” (Draft Guidance) was recently issued by the HHS Office for Civil Rights (OCR). The Draft Guidance addresses the Security Rule’s risk analysis provision, which requires an organization to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of e-PHI held by the covered entity.4 The Draft Guidance describes risk analysis as the first step in Security Rule compliance, as the outcome of the analysis process is “a critical factor in assessing whether an implementation specification or equivalent measure is reasonable and appropriate.” While the Draft Guidance does not mandate a “one-size-fits-all” method for conducting risk analysis, it does set out the following elements that should be incorporated into any organization’s assessment of current security measures and potential risks to e-PHI * * * http://www.strasburger.com/p4p/publications/HHS-Issues-Security-Guidance-on-Risk-Analysis.htm#page=1 Bluetooth at Heart of Gas Station Credit-Card Scam in Southeast (Computerworld, 13 July 2010) - Thieves are stealing credit-card numbers through skimmers they secretly installed inside pumps at gas stations throughout the Southeast, using Bluetooth wireless to transmit stolen card numbers, according to law enforcement officials. “We’ve sent detectives out to every gas station within a mile of Interstate 75,” says Lt. Steve Maynard, spokesman for the Alachua County Sheriff’s Office, which last Thursday was first notified about a suspicious skimming device discovered by a maintenance worker at a Shell Station located in the vicinity of Gainesville, Fla. So far, three card-skimming devices hidden in gas pumps at three stations have been discovered by investigators, and the U.S. Secret Service has been notified. The Sheriff’s Office, along with other local police departments, are trying to inspect as many gas stations in the area as possible, especially focusing on those along I-75. But law enforcement is encouraging gas station operators to look for signs of the skimmers at their pumps and contact them if they think they’ve found something. The Secret Service has indicated there’s a crime wave throughout the Southeast involving the gas-station pump card skimmers, and it may be traced back to a single gang that may be working out of Miami, Maynard says. Nearby St. Johns County in Florida has also been hit by the gas-pump card skimmers. Maynard says criminals wanting to hide the credit-card skimmers in gas pumps must have a key to the pump, but in some cases, a single key will serve to get into many gas pumps. It’s not known whether the gas-pump skimming operation involves insiders. Law enforcement is encouraging gas-station operators to train video surveillance they may use on the pumps. http://www.computerworld.com/s/article/9179136/Bluetooth_at_heart_of_gas_station_credit_card_scam_in_Southeast_?taxonomyId=85 Council of Europe Adopts Simplified Rules For VAT Invoicing (COE, 13 July 2010) - The Council today adopted a directive aimed at simplifying VAT invoicing requirements, in particular as regards electronic invoicing (10858/10 + 11339/10 ADD 1). The new directive sets out to ensure the acceptance by tax authorities of e-invoices under the same conditions as for paper invoices, and to remove legal obstacles to the transmission and storage of e-invoices. It also comprises measures to help tax authorities ensure that tax is paid so as to better tackle VAT fraud. These include establishing deadlines for the issuance of invoices, thus enabling speedier exchange of information on intra-EU supplies of goods and services. Current EU provisions on VAT invoicing have led to a less-than-harmonised set of rules, on account of the many options that remain available to the member states. The aims of current provisions have therefore not been fully met. Furthermore, compliance with regulatory requirements has hindered the take-up of technologies that are necessary for the development of e-invoicing. The Commission estimates potential annual cost savings for businesses at up to EUR 18 billion if obstacles to e-invoicing in VAT rules were to be removed. http://www.consilium.europa.eu/uedocs/cms_Data/docs/pressdata/en/ecofin/115789.pdf Jewish Law and Copyright (Media Law Prof Blog, 15 July 2010) - Neil W. Netanel, University of California, Los Angeles School of Law, and David Nimmer, Irell & Manella, have published Is Copyright Property? The Debate in Jewish Law , in 12 Theoretical Inquiries in Law (2011). Here is the abstract: “Is copyright a property right? That question raises a host of thorny theoretical issues regarding the foundational underpinnings of both copyright and property. The notion that if copyright is “property,” it will or should resemble a perpetual, absolute, pre-political property right, has repeatedly infused judicial proceedings, legislative enactments, and public debate in both common law and civil law countries as well. 

Like their common law and civil law counterparts, Jewish law jurists have engaged in protracted debate about whether copyright is a property right. Recent decades have seen numerous rabbinic court decisions, responses (rulings in disputes or advisory opinions coupled with a lengthy exegesis on Jewish law in answer to questions posed), scholarly articles, and blog entries on such issues as whether it is permissible, without license from the author or publisher, to republish a book after the rabbinic printing privilege has expired; to copy and distribute software or sound recordings; to perform music in wedding halls; to make copies for classroom use; and to download songs from the Internet. And like in secular law, but for somewhat different reasons, the characterization of copyright as “property” has significant doctrinal consequences for resolution of these controversies in Jewish law. There are numerous, and at times profound, differences in the terminology, form of argument, doctrinal specifics, and overarching legal framework of Jewish law and secular law in this area and others. Nonetheless, the arguments within the Jewish law debate have some intriguing parallels with those of secular law copyright. In fact, one finds the direct, if largely unstated, influence of secular copyright just below the surface in the debate about whether copyright is property in Jewish law.” http://lawprofessors.typepad.com/media_law_prof_blog/2010/07/jewish-law-and-copyright.html eBay Venue Selection Clause Upheld in Texas (Eric Goldman, 15 July 2010) - In Comb v. PayPal, 218 F. Supp. 2d 1165 (N.D. Cal. 2002), PayPal defended a putative class action by invoking the arbitration clause in its user agreement. Judge Fogel tossed the arbitration clause on unconscionability grounds, noting (among other defects) the cost/benefit problem facing plaintiffs: their case values individually were much smaller than the arbitration costs, and arbitration blocked class adjudication. This ruling was quite influential. Since then, online user agreements--and especially mandatory venue selection clauses--have become vulnerable to unconscionability challenges and other collateral challenges on their enforceability. At this point, a vendor’s attempt to destroy class consolidation through a mandatory arbitration clause is virtually per se unconscionable. The Comb case involved PayPal’s venue selection clause, but eBay’s user agreement had a basically identical clause. With this clear warning sign, eBay revised its venue selection clause. eBay now uses a bifurcated approach. The baseline is mandatory venue in a Santa Clara County, California court. However, if the dispute amount is less than $10,000, the plaintiff can select arbitration that does not involve in-person hearings. I personally think eBay’s approach is pretty savvy, and I have modeled some clients’ venue selection clauses on it. It responds to the Comb v. PayPal concerns about the arbitration costs for small disputes by creating a “fast lane” for small disputes, while still keeping the important disputes in eBay’s home court. This recent ruling shows the strength of eBay’s current approach. Richards is the victim of a busted eBay Motors transaction, apparently incurring an $18,000 loss. eBay apparently takes the position that the transaction took place off-website and therefore outside the scope of eBay’s Vehicle Protection Program. Richards sued eBay and the car seller in his home court. eBay responded with its mandatory venue selection clause. Apparently, the trial court rejected eBay’s motion, but the appellate court easily reverses the trial court and orders the trial judge to enforce eBay’s clause. http://blog.ericgoldman.org/archives/2010/07/ebay_venue_sele.htm High Court Privacy Ruling Finds Way Into Sunshine Law Case (Law.com, 15 July 2010) - Last month’s U.S. Supreme Court decision on the privacy of petition signers in state ballot initiatives is already being invoked in the broader context of defending state sunshine and open meeting laws. The state of Texas cited the decision Doe v. Reed (pdf) earlier this week in the latest chapter of a long-running dispute over the state open meeting act, which some local Texas officials are challenging as unconstitutional. The local officials say the law’s criminal provisions put them in constant fear of punishment when they communicate with each other, in effect violating their own freedom of speech. “Openness in government is a First Amendment virtue, not a First Amendment violation,” Texas countered in a brief filed in the U.S. District Court for the Western District of Texas in the case of City of Alpine v. Abbott. “The fundamental purpose of the First Amendment is to enable and empower people to engage in free, robust discourse about their government, its officials, and the policies they adopt on their behalf.” In Doe v. Reed, handed down on June 24, the U.S. Supreme Court ruled that the names of signers who wanted to place on the Washington state ballot a referendum opposing same-sex marriage could be disclosed under state law. Some of the petition signers said they feared harassment from gay rights advocates if their names were made public and put up on the Internet. The Court did not rule out the possibility that such fears could trump disclosure in a future case, but it did include language supportive of the need for government transparency. The Court said the state had an interest in “promoting transparency and accountability in the electoral process, which the State argues is ‘essential to the proper functioning of a democracy.’” Concurrences by other justices also spoke of the virtues of openness, with Justice Antonin Scalia, for example, stating that “the exercise of lawmaking power in the United States has traditionally been public.” Scalia also said those engaging in legislative acts—including ballot initiatives—should have the “civic courage” to stand up for their views. Texas Solicitor General James Ho quoted from the decision and also from this term’s Citizens United v. Federal Election Commission in arguing that the local Texas officials have no valid claim against the state open meetings law. “Requiring officials to conduct public business in public furthers, rather than frustrates, fundamental First Amendment values,” wrote Ho, who worked to expand government openness when he was on the staff of Sen. John Cornyn (R-Texas.) “It is far from clear … that public officials, engaged in public business, enjoy any First Amendment right to secrecy against their own constituents.” http://www.law.com/jsp/article.jsp?id=1202463556085&rss=newswire Blackboard’s Bid to Galvanize E-Texts (InsideHigherEd, 15 July 2010) - In a series of moves that could give a boost to an e-textbook industry that has been treading water for years, Blackboard announced Wednesday that it is partnering with a major publisher and two major e-textbook vendors to make it easy for professors and students to assign and access e-textbooks and other digital materials directly through its popular learning-management system. The company, which controlled about 60 percent of the learning-management market as of last year, said it is partnering with McGraw-Hill, a top academic publisher, as well as Follett Higher Education Group and Barnes & Noble, two major distributors that operate a combined 1,500 college bookstores in the United States and Canada. The McGraw-Hill partnership will allow instructors to search the McGraw-Hill catalog for relevant course materials, then assign them to their students, without ever leaving Blackboard. Students can then purchase and access the assigned materials, also through the Blackboard portal, via the Follett and Barnes & Noble online bookstores. The company would not comment on whether it is negotiating similar deals with publishers other than McGraw-Hill. But the other big-time e-textbook providers have been making moves of their own. Earlier this week, CourseSmart, a consortium of five major publishers (including McGraw-Hill), unveiled its new “Faculty Instant Access” program, which lets instructors access e-textbooks and other online content directly through any learning-management system (including Blackboard). CourseSmart will be rolling out the program to a handful of “selected universities” in coming weeks. http://www.insidehighered.com/news/2010/07/15/blackboard No More Vacation: How Technology Is Stealing Our Lives (Salon.com, 15 July 2010) - Friday before the 4th of July, my friend Sara and I walked to the local pool, talking about work stress, anxiety, difficulty relaxing. We were both struck by how lately, after 15 years of full-time work, we were so unreasonably tired. Why now, we wondered, when we have more experience and self-assurance, when we are amply compensated for our labor at comparatively cushy white-collar jobs, do we feel more spent than when we were strapped entry-level drones, running our tails off to please insatiable bosses? Why has our recent exhaustion felt so bone-deep and dire? Childless, we marveled at how our mothers managed kids and jobs, while we were so wrecked. As we entered the locker room, we were briskly reminded of the strict New York City public pool rules: no street clothes on the pool deck, no food or drink, no cellphones. Stowing our stuff in the cubbie above us, both of our hands paused in midair as I checked my phone and Sara eyed her BlackBerry nervously. As we headed out to the concrete and chlorine oasis, Sara said with an unconvincingly nonchalant laugh, “I hope nobody’s looking for me.” It was late afternoon before a holiday weekend, I assured her. But I quietly worried that an associate I’d been playing phone tag with might leave a message. If I didn’t return it till later that night, would she surmise that I wasn’t working? This, I realized after one lap in the bracing blue water, is why we are so tired. There’s been a lot written about how the beeping and flashing gadgets with which we now surround ourselves keep us from sleeping, keep us from concentrating, keep us, ironically, from working. The thing that I have noticed of late is how often they seem to keep us from living. Perhaps I’m feeling a loss of leisure so keenly these days because of my romanticized (but real) memories of summer days from not so long ago. Not just the ones in which I was a kid on a three-month vacation, but in which I was the daughter of parents who came home from their jobs at night and were at home, who cooked dinner, or maybe drove us to a movie or watched television or read a book without so much as a glance at a Palm Pilot or an e-mail in box. It’s not that my academic parents didn’t work overtime: They often read, graded papers and caught up on administrative work late into the night. But that extra work was done on what was once generously regarded as “their time.” They found ways to fit it in around hours or days during which their colleagues or superiors had no idea where they were, in which they were unreachable and there was no notion that they should be otherwise. Those rusty memories are decades old, but even as recently as 12 summers ago, while I tried to keep my head above water at my first job, my legendary and demanding boss would, at some magic moment on a Friday afternoon, disappear to her country house, where she could be reached primarily by an unreliable fax machine. She was gone for the weekend. Now, it often seems, there is no “gone for the weekend.” There is certainly no “gone for the night.” Sometimes there’s not even a gone on vacation. http://www.salon.com/life/feature/story/index.html?story=/mwt/feature/2010/07/15/tech_exhaustion [Editor: Ain’t it the truth!] NOTED PODCASTS Making it Big in Software (IT Conversations, 10 June 2010) – 48 minute interview; Sam Lightstone, author of the book, Making it Big in Software, discusses the process of moving up from initial education through eventual job success. He talks about the importance of the mentoring process for apprentice software engineers, as well as how crucial innovation is to success. http://itc.conversationsnetwork.org/shows/detail4529.html [Editor: very useful perspective on mentoring new employees, and learning business management lessons; I was struck how broadly applicable the lessons are, and am encouraging my daughter, who’s in the fashion business, also to listen.] MIRLN 2010-07-16T21:19:00-07:00 http://knowconnect.com/mirln/article/mirln_6_26_june_2010_v1309/ http://knowconnect.com/mirln/article/mirln_6_26_june_2010_v1309/#When:18:23:00Z • E-Discovery Nightmare Arises on BP’s Horizon • NATO Warns of Strike Against Cyber Attackers • After Google Hack, Warnings Pop Up In SEC Filings o Senior Leaders Becoming Disconnected From Security • The E-Book Sector • Knowledge Management In Mergers and Acquisitions • BP Damage Control Leaks Online o Using Social Networking as Legal Tool • EDS Settles Lawsuit over Botched CRM Project for $460 Million • Irish Data Protection Commissioner Introduces Draft Code of Practice on Breach Notification o UK’s ICO Will Not Compel Companies to Report Data Losses • Judge Limits DHS Laptop Border Searches • Tackling Social Media Problems at Work o Survey: Social Networking Policies Still Scarce • Law.gov: Putting Primary Law in the Public Domain • Do You Own Your Software or Just ‘License’ It? • Corporations, LLCs, and Electronic Communication • FTC’s Provocative Discussion Paper on Saving Print Media • The Enemy Within • Mass. Court to be Test Pad for Blogs, Tweets • Supreme Court OKs Search of Policeman’s Text Messages • Utah Attorney General Mark Shurtleff Uses Twitter To Announce Execution • Google And Twitter Tell Appeals Court That ‘Hot News’ Doctrine Is Obsolete • Calif. Justices Say Junk E-Mail Messages Don’t Violate Anti-Spam Law • ACLU: FBI Used ‘Dragnet’-Style Warrantless Cell Tracking • Obama Administration Aims to Protect Identities in Cyberspace • Next Supreme Court Nominee’s Emails Now Searchable Gmail Style • Tech Champion, Watchdog Heads To Google • YouTube Gets Decisive Win in Viacom/FAPL Case • With All It Considers, NPR Music Is Growing • Study: Open-Source Making Significant Traction in the Enterprise NEWS | LOOKING BACK | NOTES E-Discovery Nightmare Arises on BP’s Horizon (Law.com, 5 June 2010) - The legal strategies for BP and other companies involved in the Deepwater Horizon disaster have yet to be revealed. But one thing is certain. Their in-house legal departments are in the midst of an expensive and Herculean [one calls it Augean] task—discovery. “All of these organizations are well aware of the need to preserve and collect key information,” said Jim Wagner, CEO of DiscoverReady, a discovery management service. “But few organizations have ever confronted the scale of discovery that they are likely to have to undertake.” The companies are under document hold demands, subpoenas, and other requests from federal agencies, including the Justice Department, which announced this week that it has begun civil and criminal investigations into the massive oil spill in the Gulf of Mexico. They’re also subject to court orders in pending litigation. So the companies’ legal teams are likely sifting through and collecting massive amounts of data in both electronic and paper form, information that may go back decades. There may be physical evidence to collect, which may be have been destroyed. Meanwhile, the companies’ lawyers are also likely dealing with cross-border privacy issues that make the discovery process even more complex. “Welcome to discovery 101 in 2010,” said Laura Kibbe, who helped build Pfizer’s e-discovery system in 2005 as senior counsel. In the 1990s, she was also an in-house attorney at Texaco, where she dealt with the legal aftermath of oil spills. She’s now senior vice president of document review services at Epiq Systems. “Even under the best of circumstances, discovery is a labor-intensive, time-consuming process,” Kibbe said. “And it never goes as fast as government investigators or corporate counsel would like.” Figuring out what data is out there, and who has it, is the first step. That entails conducting interviews with employees and working with IT professionals to see what data can be retrieved and from where. Producing these documents under intense public scrutiny adds one more layer of complexity, legal experts said. The companies will have to be transparent and communicate regularly with government agencies about their processes. That will be key to the companies’ legal defense, and their public image. “Any mistakes they make will be magnified 100 times,” said Craig Carpenter, general counsel of Recommind, an e-discovery software provider. Some documents are easier to get than others. Much of the recent information the government wants about how companies immediately responded to the disaster will be electronic, Kibbe said. But government investigators may also want decades-old paper documents about construction and equipment, such as the now-sunken oil rig. Finding those paper documents will be hard if the people involved are no longer employed at the companies. “Everybody who knows anything about those products is gone,” Kibbe said. There’s also the challenge of getting employees to retain information after document hold notices have been issued. It could be tricky for in-house lawyers if the companies face criminal charges. So-called “bad actors” could delete information that might get them in trouble, said Wendy Curtis, chair of Orrick Herrington & Sutcliff’s e-discovery Working Group. “They need to be cognizant of that level of risk and put steps in place to prevent people from doing that,” she said. To make the task even more arduous, some of the information companies that London-based BP will need could be located overseas in the European Union, where stricter privacy laws make it harder to send information to the U.S. http://www.law.com/jsp/article.jsp?id=1202459271024&rss=newswire NATO Warns of Strike Against Cyber Attackers (The Times, 6 June 2010) - NATO is considering the use of military force against enemies who launch cyber attacks on its member states. The move follows a series of Russian-linked hacking against Nato members and warnings from intelligence services of the growing threat from China. A team of Nato experts led by Madeleine Albright, the former US secretary of state, has warned that the next attack on a Nato country “may well come down a fibre-optic cable”. A report by Albright’s group said that a cyber attack on the critical infrastructure of a Nato country could equate to an armed attack, justifying retaliation. “A large-scale attack on Nato’s command and control systems or energy grids could possibly lead to collective defence measures under article 5,” the experts said. Article 5 is the cornerstone of the 1949 Nato charter, laying down that “an armed attack” against one or more Nato countries “shall be considered an attack against them all”. NATO is now considering how severe the attack would have to be to justify retaliation, what military force could be used and what targets would be attacked. The organisation’s lawyers say that because the effect of a cyber attack can be similar to an armed assault, there is no need to redraft existing treaties. http://www.timesonline.co.uk/tol/news/world/article7144856.ece After Google Hack, Warnings Pop Up In SEC Filings (Business Week, 8 June 2010) - Five months after Google was hit by hackers looking to steal its secrets, technology companies are increasingly warning their shareholders that they may be materially affected by hacking attempts designed to take valuable intellectual property. In the past few months Google, Intel, Symantec and Northrop Grumman—all companies thought to have been targets of a widespread spying operation—have added new warnings to their U.S. Securities and Exchange Commission filings informing investors of the risks of computer attacks. Google doesn’t talk about the specific attack against its systems, but it now warns shareholders that this type of event is a material risk. “[O]utside parties may attempt to fraudulently induce employees, users, or customers to disclose sensitive information in order to gain access to our data or our users’ or customers’ data,” Google wrote in a section added to its annual financial report in February, a month after it disclosed the hacking incident. In February, Intel disclosed in an SEC filing that it had been targeted by a similar attack in January, and warned investors that the theft of its trade secrets could hurt its bottom line. http://www.businessweek.com/idg/2010-06-08/after-google-hack-warnings-pop-up-in-sec-filings.html - and - Senior Leaders Becoming Disconnected From Security (SC Magazine, 21 June 2010) – The boards and senior executives at many organizations are not adequately involved in enterprise privacy and security decisions, according to a report released by researchers at Carnegie Mellon University’s CyLab. In the survey of 66 board members and senior executives at Fortune 100 companies, released last week, none of the respondents said that improving computer and data security is a top board priority, even though 56 percent said improving risk management is, according to the report. The finding suggests that there is a gap in understanding the relationship between IT risks and enterprise risk management, Jody Westby, a CyLab adjunct distinguished fellow and CEO of security risk advisory company Global Cyber Risk, told SCMagazineUS.com on Monday. “Boards are paying attention to risk, but they don’t understand information technology risk, and they need to learn how to exercise governance over the privacy and security of their digital assets,” Westby said. The second annual “Governance of Enterprise Security” report also found that board participation on a number of IT security governance activities is worse than it has been in the past. For example, 61 percent of respondents said they have not reviewed or approved annual privacy and security risk management budgets – up from 40 percent who said the same in 2008, the last time the survey was conducted. Respondents also are reviewing fewer security and privacy reports. http://www.scmagazineus.com/survey-cisos-worried-about-insiders-data-breaches/article/172950/ CMU study/report here: http://www.govinfosecurity.com/external/boards-report.pdf The E-Book Sector (InsideHigherEd, 8 June 2010) - E-textbooks might be the most-talked about and least-used learning tools in traditional higher education. Campus libraries and e-reader manufacturers are betting on electronic learning materials to overtake traditional textbooks in the foreseeable future, but very few students at traditional institutions are currently using e-textbooks, according to recent surveys. Not so in the world of for-profit online education. Online for-profits such as American Public University System and the University of Phoenix have for years strategically steered students toward e-textbooks in an attempt to shave costs and ensure a more reliable delivery method that, in the context of online education, might seem to make more sense. At Kaplan University’s School of Legal Studies, digital texts account for around 80 percent of assigned reading. At Capella University, e-textbooks are an available and accepted option in nearly all 1,250 courses. In for-profit higher education, more than any other sector, the traditional book is becoming obsolete. Phoenix actually mandates that instructors assign digital materials “whenever feasible”—a strategic turn the company started to take back in 2003, but which has come to fruition more recently, with so many more materials now available in digital format. At this point, roughly 90 percent of Phoenix’s course content is delivered via e-books or other electronic means—the only exceptions coming in courses such as art history, where copyright issues surrounding digital renderings of images such as paintings remain a hurdle for e-book publishers, says David Bickford, the vice president of academic affairs at Phoenix. The American Public University System—which is a private, for-profit university, despite its name—has also been consciously promoting the use of e-textbooks, resulting in widespread adoption of the new format among students. Of the company’s 400 fully online courses, about 300 assign e-textbooks as the default delivery method (with exceptions for overseas military personnel, who make up a significant proportion of the institution’s enrollment and tend to have irregular Web access). While the institution allows stateside students the option of buying print books, more than 90 percent of students opt for the e-textbook, says Fred Stielow, dean of libraries. Those are staggering adoption rates compared to those at nonprofit online programs and on traditional campuses. Among the respondents to a 2009 Campus Computing Project survey of 182 online programs at nonprofit universities, only 9 percent said e-textbooks were “widely used” at their institutions, while nearly half said electronic versions were “rarely used.” Even fewer brick-and-mortar institutions are deploying e-books in lieu of hard copies, with fewer than 5 percent citing e-book deployment as a key IT priority in the short term, according to another Campus Computing Project survey. And according to data from the Student Monitor, e-textbooks accounted for only 2 percent of all textbook sales last fall. http://www.insidehighered.com/news/2010/06/08/ebooks [related post from InsideHigherEd here: ]http://www.insidehighered.com/blogs/technology_and_learning/can_symtext_disrupt_the_textbook_market] Knowledge Management In Mergers and Acquisitions (Nick Milton, 8 June 2010) - Knowledge management delivers maximum value when applied to high value knowledge, to support high value decisions, and in areas where that knowledge is otherwise at risk of being lost. A typical high value area is Mergers and Acquisitions. These are high cost, complex operations, where crucial decisions need to be made very well, and yet happen relatively rarely, so it is easy for tacit knowledge to be lost. People caught up in the high pressure activity can easily forget the detail of how the decisions were made, and fail to pass the knowledge on to future mergers and acquisitions teams. This combination of high value decisions made relatively infrequently, so that human memory alone cannot be relied on as a knowledge store, means that there is great value on documenting the learning for use in future mergers, acquisitions and divestments. http://www.nickmilton.com/2010/06/knowledge-management-in-mergers-and.html [Editor: good-news/bad-news … good: this works; bad: the company here is BP] BP Damage Control Leaks Online (ABC, 8 June 2010 ) - Be careful where you click, especially if you’re looking for news on the BP oil spill. BP, the very company responsible for the oil spill that is already the worst in U.S. history, has purchased several phrases on search engines such as Google and Yahoo so that the first result that shows up directs information seekers to the company’s official website. A simple Google search of “oil spill” turns up several thousand news results, but the first link, highlighted at the very top of the page, is from BP. “Learn more about how BP is helping,” the link’s tagline reads. A spokesman for the company confirmed to ABC News that it had, in fact, bought these search terms to make information on the spill more accessible to the public. “We have bought search terms on search engines like Google to make it easier for people to find out more about our efforts in the Gulf and make it easier for people to find key links to information on filing claims, reporting oil on the beach and signing up to volunteer,” BP spokesman Toby Odone told ABC News. http://abcnews.go.com/m/screen?id=10835618&pid=4380645 [Hilarious Jon Stewart 7-minute clip: ]http://www.thedailyshow.com/watch/thu-june-10-2010/the-spilling-fields---bp-ad-campaign] - and - Using Social Networking as Legal Tool (WJS, 15 June 2010) - Soon after the Deepwater Horizon drilling rig sank in April, Parker Waichman Alonso LLP turned to the Web in pursuit of law clients. The New York-based plaintiffs’ firm set up websites with names like bigspills.com, oilspillclaims.com and oil-rig-explosions.com, and it filled them with news related to the disaster and invitations for visitors to provide their names and contact information. More than 1,000 people have now completed the forms on the websites, and Parker Waichman, which has 23 lawyers, has filed about a dozen suits related to the oil disaster. Law firms, particularly those that represent plaintiffs, are increasingly devoting resources to developing a presence online, where consumers—and potential clients—congregate. And some of those firms are also creating news sites, such as newsinferno.com andconsumerwarningnetwork.com, with content created by employees. The plaintiffs’ sites disclose that they are affiliated with law firms, but many have the look and feel of community forums or news boards. And they have recently begun to supplant some more traditional marketing methods, such as yellow-page ads and radio and television spots. Like many plaintiffs firms, Parker Waichman also buys search ads and uses Facebook to publicize its sites. It also has 20 technology specialists who handle such tasks as writing copy for its roughly 300 websites. “We are on Twitter, Facebook, MySpace, all the social-networking sites,” said Jerrold Parker, a partner, noting that the firm now spends more than $1 million a year on digital marketing, about a third of its average annual marketing budget. The firm bought Google search ads for a few days after the BP PLC oil disaster to attract users to the law firm. It also added content to boost the sites’ rankings in the search results for terms like “oil spill lawsuit.” http://online.wsj.com/article/SB10001424052748704324304575306581598351428.html EDS Settles Lawsuit over Botched CRM Project for $460 Million (Computerworld, 9 June 2010) - EDS has agreed to pay a staggering $460 million to settle a long-standing lawsuit brought against it by U.K.-based British Sky Broadcasting Group PLC over a botched Customer Relationship Management project. In a statement released yesterday, Sky said that the two companies had “full and finally” settled the litigation and all claims including those related to damages, litigation costs and interest. Yesterday’s settlement amount includes an interim payment of £270 million that EDS, which is now owned by Hewlett-Packard Co., paid Sky in February. That payment came after a British court in January ruled that EDS had misrepresented facts about its CRM implementation abilities and about how long it would take to complete the job when pitching for the CRM project back in 2000. A spokeswoman for HP today downplayed the settlement and said it had to do with a dispute that originated well before HP acquired EDS. “This matter is now closed, having been settled fully and finally on mutually agreed terms,” she said by e-mail. “We will not be commenting further publicly on this legacy issue.” The size of the EDS settlement amount is more than four times the amount of the original $109 million CRM development contract that EDS signed with Sky Broadcasting in late 2000. Under the contract, EDS was supposed to have helped Sky implement a CRM system to support the broadcaster’s call centers. http://www.computerworld.com/s/article/9177843/EDS_settles_lawsuit_over_botched_CRM_project_for_460M?source=CTWNLE_nlt_dailyam_2010-06-09 Irish Data Protection Commissioner Introduces Draft Code of Practice on Breach Notification (SC Magazine, 10 June 2010) - The theft or loss of personal data relating to more than 100 individuals now has to be reported to the Data Protection Commissioner under a draft code of practice in Ireland. According to the Irish Times, a draft code has been published in response to the recent recommendations of the Data Protection Review group established by Minister for Justice Dermot Ahern. Data Protection Commissioner Billy Hawkes said he had sought to publish the draft as quickly as possible after the review group report ‘to respond to public concern in relation to organisations losing personal data under their control while at the same time not imposing an undue burden on those organisations’. However there is an exception to this law where the data can be considered inaccessible due to proper security. Members of the public have been invited to make observations or submissions on the draft code before Friday 18th June. Brian Honan, founder and head of Ireland’s computer security incident response team and who contributed to the working group, said that he was pleased to see this proposed. He said: “As someone who has been campaigning for mandatory data breach disclosure laws in Ireland for a number of years I am pleased to see the proposed Data Security Breach Code of Practice. I have long argued that organisations need to realise that the data they hold on staff and customers is not theirs but rather has been entrusted to them by those individuals. http://www.scmagazineuk.com/irish-data-protection-commissioner-introduces-draft-code-of-practice-on-breach-notification/article/172079/ - but - UK’s ICO Will Not Compel Companies to Report Data Losses (V3, 10 June 2010) - The Information Commissioner’s Office (ICO) has no plans to force companies to report data losses, despite the Irish data protection watchdog lobbying its government for such measures. Organisations in the UK are not obliged to tell the ICO about any data losses, although the information watchdog has stressed that expects erring firms to do so, and considers it best practice. The Irish Data Protection Commissioner believes that any organisation that loses data on more than 100 individuals should have to report the incident, but a statement by the ICO has confirmed that it has no intention of calling for a similar system. “Under the Data Protection Act organisations have an obligation to ensure that personal information is held securely. We encourage organisations to advise us as soon as they are aware of a data breach which puts their customers at risk,” the ICO said. http://www.v3.co.uk/v3/news/2264584/ico-tight-lipped-demand-changes Judge Limits DHS Laptop Border Searches (Wired, 10 June 2010) - A federal judge has ruled that border agents cannot seize a traveler’s laptop, keep it locked up for months, and examine it for contraband files without a warrant half a year later. U.S. District Judge Jeffrey White in the Northern District of California rejected the Obama administration’s argument that no warrant was necessary to look through the electronic files of an American citizen who was returning home from a trip to South Korea. “The court concludes that June search required a warrant,” White ruled on June 2, referring to a search of Andrew Hanson’s computer that took place a year ago. Hanson arrived San Francisco International Airport in January 2009. The Justice Department invoked a novel argument--which White dubbed “unpersuasive”--claiming that while Hanson was able to enter the country, his laptop remained in a kind of legal limbo where the Bill of Rights did not apply. (The Fourth Amendment generally requires a warrant for searches.) “Until merchandise has cleared customs, it may not enter the United States,” assistant U.S. attorney Owen Martikan argued. “The laptop never cleared customs and was maintained in government custody until it was searched...” Eric Chase, an attorney representing Hanson, acknowledged that an immediate search conducted at the border without a warrant is permissible. But police perusal of a hard drive six months later definitely is not, he said when asking the court to toss out the results of the June 2009 search. http://news.cnet.com/8301-13578_3-20007315-38.html Tackling Social Media Problems at Work (Law.com, 10 June 2010) - Online social media is changing the way people communicate. It’s also blurring the line between work and play as more employees log on to networking sites like Facebook and Twitter, while they’re both on and off the clock. These days, employers are finding it increasingly difficult to limit or stop employees from using social media at work because a growing number of companies use the same sites to promote their products and services. And that’s creating some unique legal challenges in areas from privacy to employment, said outside and in-house counsel at a panel discussion Tuesday titled “The Virtual Water Cooler,” held at the 22nd Annual General Counsel Conference in New York. So they gave their fellow in-house counsel some suggestions from their own experience about how to make sure employees aren’t wasting company time or revealing trade secrets online—without violating their legal rights or limiting their freedom of expression. In-house lawyers for both The Coca-Cola Company and Sprint Nextel said their companies don’t limit what employees can do online and they don’t monitor employees individually. Coke, for example, just keeps track of which sites are used most frequently companywide. It relies on managers to inform the legal department when an employee is suspected of violating a code of conduct online. Sprint also gives its employees a lot of latitude when it comes to social media, said in-house counsel Kirk Salzmann. In fact, it has an internal program called the “Social Media Ninja,” which encourages employees to become regular promoters of the company on social media sites. “Sprint is becoming a little more sophisticated,” he said. But there are still many legal risks associated with the use of social media, particularly when it comes to hiring, they said. The panelists discouraged companies from systematically using Facebook to weed through potential job candidates. The company could be accused of age, race, or religious discrimination later on. “We pretty much decided not to do it because of that kind of risk,” Johnson said. Elise Bloom, a partner at Proskauer Rose, said that if companies want to do it, they should have one group of people cull the sites for information, and then turn over only relevant information to the people doing the hiring. “There’s not going to be a perfect solution,” she said. http://www.law.com/jsp/article.jsp?id=1202462419508&rss=newswire - and - Survey: Social Networking Policies Still Scarce (Network World, 23 June 2010) - Most organizations do not have a social networking policy, despite giving employees unfettered access to the popular web sites, according to a survey conducted by Symantec earlier this month. The survey was an attempt to gauge employee use of social media after a 2010 Symantec report on enterprise security found that enterprises view social media as a threat to security, said Kevin Haley, director of Symantec Security Response. Approximately 50 percent of the 336 respondents to the survey said they access Facebook or YouTube at least once a day, with 16 percent indicating they access the sites between three and five times daily. More than half access the sites for business reasons, according to the research. Another 46 percent said the sites were accessed for personal reasons. “To me the most interesting thing about this is this high level of concern CISOs and CIOs have about social networking, and yet so few of them have really implemented policy or procedures or any kind of blocking,” said Haley. Among organizations who responded, 42 percent said their organization does not block employee access to social media sites, and has no policy in place around social media use. Only 5 percent indicated a complete blocking of the sites at work, a solution that is not really feasible in today’s business environment, said Haley. http://www.networkworld.com/news/2010/062310-survey-social-networking-policies-still.html Law.gov: Putting Primary Law in the Public Domain (Ambrogi’s blog, 11 June 2010) - Over the past six months, a series of workshops and symposia have explored the so-called Law.gov campaign, an effort to put all U.S. primary legal materials in the public domain. Next week, the series wraps up with a June 15 workshop sponsored by the Center for American Progress (which will be streamed live online) and then two days of events at Harvard’s Berkman Center June 17 and June 18. On this week’s Lawyer2Lawyer podcast, we discuss Law.gov with two people who have been integrally involved in the campaign and who are both pioneers in bringing primary legal materials to the public: Carl Malamud, founder of Public.Resource.Org, and Thomas R. Bruce, director and co-founder of the Legal Information Institute at Cornell University Law School. Listen to the show here or download the MP3. http://www.lawsitesblog.com/2010/06/law-gov-putting-primary-law-in-the-public-domain.html Do You Own Your Software or Just ‘License’ It? (Law.com, 11 June 2010) - Is the software installed on your computer something you own—or did you simply buy a “license” to use it? That’s the issue at the heart of Vernor v. Autodesk Inc., a case argued Monday before the 9th U.S. Circuit Court of Appeals that represents a broad challenge to the software industry’s fundamental business model. The dispute originated when plaintiff Craig Vernor, who earns a living selling used items on eBay, acquired several copies of AutoCAD, the 3-D modeling software that is Autodesk’s main product, at an office sale held by an architecture firm. New copies of AutoCAD software typically sell for about $4,000. When Vernor listed those copies for sale on eBay, Autodesk sent the online auction company a takedown notice accusing him of copyright infringement. Vernor responded with a counter-notice to eBay emphasizing that he was reselling legitimate, not pirated, software. Ultimately, after receiving more complaints from Vernor, eBay suspended his account for a month. (Vernor ultimately sold two copies of the secondhand AutoCAD software for about $400 apiece.) Vernor’s next move was to file a pro se declaratory judgment lawsuit in federal district court in Seattle. In his suit, Vernor sought a ruling that his resales of legitimate copies of AutoCAD did not infringe Autodesk’s copyright. Vernor soon got Greg Beck, a litigator at consumer nonprofit Public Citizen, to represent him. In 2008, federal district court judge Richard Jones ruled in Vernor’s favor on summary judgment, and Autodesk appealed that decision. If the 9th Circuit affirms the district court ruling in Vernor’s favor, many standard software licenses—some form of which cover nearly all consumer software—could become legally meaningless. Fearful of just that result, a major software industry group, the Software and Information Industry Association, has filed an amicus brief in support of Autodesk’s position. Autodesk general counsel Pascal di Fronzo referred an interview request to Jerry Falk, the Howard Rice partner representing the company in the appeal. Falk explains that if Vernor’s view on software resale is upheld by courts, the business model around which many software makers are built would have to change drastically. That, he says, is because a software vendor generally makes its software available under a “license,” while retaining the right to transfer copies, even after the initial sale. In other words, Autodesk’s position is that its customers are buying a license, and that the actual “ownership” of the copy stays with Autodesk. Falk adds that Autodesk makes copies of its software available to students and educators at much lower prices than what it charges those who use the software commercially. If those copies could be resold without restriction in a secondary market, Falk says, the company wouldn’t be able to offer such discounts. “It’s not at all clear who would benefit” he says. “There’s a substantial body of economic analysis that says all prices would go up, because software companies would end up charging more.” http://www.law.com/jsp/article.jsp?id=1202462605257&rss=newswire Corporations, LLCs, and Electronic Communication (Law.com, 14 June 2010) - A natural person may do whatever is not forbidden by law, but a corporation may do only what is authorized by law and its charter. To what extent may corporations, the rules for which were developed generally in the 17th century, and limited liability companies, authorized in the 20th century, avail themselves of modern communication methods made available through technological advances? When the governing body, or the “owners,” or both, of an artificial entity consist of multiple individuals, and decisions must be made collectively, consensus must be reached among the several directors, shareholders, members, or managers. Traditional corporate law required the directors to meet face to face, on due notice, and to vote on a proposal after discussion and debate. The face-to-face requirement was similar for shareholders’ meetings, except that unlike a director, a shareholder was permitted to give a proxy to someone else, whether or not a shareholder, to attend the meeting and cast the proxy giver’s vote. By the mid-20th century, when corporations had become a vehicle through which not only large enterprises, but also individuals and small “partnerships” did business, legislatures (New Jersey did so in 1960s) modified the requirement for face-to-face corporate meetings. Both directors and shareholders were authorized to “act” by unanimous written consent. Shareholders were also authorized to act by non-unanimous written consent on notice to all others. Directors’ “meetings” were authorized to be held by means of conference telephone so long as everyone could hear each other. About 20 years ago (coincidentally when legislatures across the nation authorized the formation of LLCs), the use of computers, the internet, and e-mail began to envelop the world with dazzling speed that revolutionized communication. As virtually every large and small business, professional practice, and government function came to utilize (some might say become enslaved by) the computer, clients began to ask their lawyers if business or nonprofit corporations or LLCs could make use of the speed and convenience of electronic communication. Statutes are attempting to keep pace with the developments in technology. In 1988, the New Jersey Business Corporation Act was amended at N.J.S. 14A:5-8 to permit the list of shareholders entitled to vote at a shareholders’ meeting to be displayed on “any equipment which permits the visual display of the information required by this section.” The Committee on Corporate Laws of the ABA Section of Business Law has proposed an amendment to Section 7.5 of the Model Business Corporation Act that would authorize shareholders to participate in any meeting by means of remote communication subject to guidelines and procedures developed by the board of directors. The corporation must implement reasonable measures to verify that the remote participants are shareholders who have the opportunity to communicate and read or hear the proceedings. Recognizing that all features of a face-to-face (whether across the table or seated in an auditorium) meeting cannot be duplicated, the official comment to the proposed amendment states: “While this provision is aimed at approximating as much as possible shareholder participation in person or by proxy, including interacting with management during the meeting, it does not require that all can so participate and interact.” More relevant to New Jersey lawyers and New Jersey corporations is that in January, former Gov. Corzine signed A2879 (L.2009, ch. 176) into law. It amends N.J.S. 14A:1-8 to allow required or permitted notices be given by electronic transmission in addition to the traditional methods of mail and personal delivery. The new statute also adds a new section to the BCA, N.J.S. 14A:1-8.1, which prescribes the circumstances and requirements pursuant to which notices may be given electronically. http://www.law.com/jsp/article.jsp?id=1202462654560&rss=newswire FTC’s Provocative Discussion Paper on Saving Print Media (CMLP, 14 June 2010) - The Federal Trade Commission—which last year created guidelines to impose ethical standards on bloggers—is now taking on the ambitious task of saving the print media in the Internet era. In preparation for the final in a series of hearings on the future of the news media, the Commission has released a staff report that makes some pretty bold proposals, including legal changes and even government subsidies for traditional media. The final hearing will be held June 15 at the National Press Club in Washington, D.C. The report carefully notes on the first page that “[t]his draft does not represent final conclusions or recommendations by the Commission or FTC staff; it is solely for purposes of discussion.” The Commission issued a subsequent press release to clarify this. The proposals in the report were raised by panelists testifying at the FTC hearings, not generated by the FTC itself. Among the proposals in the report: • amend the Copyright Act to specifically recognize the “hot news” doctrine, which a few courts have used to protect exclusive news reports and information for a brief period of time after publication; • amend the Copyright Act to limit or clearly define the fair use doctrine with respect to news aggregators; • create a government- or privately-run copyright licensing system for the news industry; • create antitrust exemptions to allow news organizations to create a system for news aggregators and others to pay for the use of online content, and to erect pay walls for online content; • establish a “journalism” division of the AmeriCorps youth public service program; • increase government funding for the Corporation for Public Broadcasting; • establish a national fund for local news, using funds from FCC fees on cell phone users, television and radio broadcast licensees, or Internet service providers, or from taxes on consumer electronics or advertising; • provide a tax credit to news organizations for every journalist they employ http://www.citmedialaw.org/blog/2010/ftcs-provocative-discussion-paper-saving-print-media?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+CitizenMediaLawProject+%28Citizen+Media+Law+Project%29&utm_content=Google+Reader The Enemy Within (The Atlantic, June 2010) - When the Conficker computer “worm” was unleashed on the world in November 2008, cyber-security experts didn’t know what to make of it. It infiltrated millions of computers around the globe. It constantly checks in with its unknown creators. It uses an encryption code so sophisticated that only a very few people could have deployed it. For the first time ever, the cyber-security elites of the world have joined forces in a high-tech game of cops and robbers, trying to find Conficker’s creators and defeat them. The cops are failing. And now the worm lies there, waiting … http://www.theatlantic.com/magazine/archive/2010/06/the-enemy-within/8098/ [Editor: Terrific story, illustrating our increasing vulnerabilities and criminals’ increasing sophistication.] Mass. Court to be Test Pad for Blogs, Tweets (Robert Ambrogi, 17 June 2010) - A courtroom in Quincy, Mass., will become a test kitchen for using new media to cover legal proceedings, thanks to a $250,000 Knight News Challenge grant announced today. The grant will go to Order in the Court 2.0, a project spearheaded by John Davidow, executive editor of new media at WBUR in Boston. The project will turn a courtroom in Quincy District Court into a laboratory to help establish best practices for digital coverage that can serve as a model for courts elsewhere. The courtroom will have a designated area for live blogging and the ability to stream court proceedings live to the public. The chief judge of the court has agreed to the project and the project has the support of the Judiciary Media Committee of the Massachusetts Supreme Judicial Court. http://www.lawsitesblog.com/2010/06/mass-court-to-be-test-pad-for-blogs-tweets.html Supreme Court OKs Search of Policeman’s Text Messages (Law.com, 17 June 2010) - The Supreme Court on Thursday upheld the search of a police officer’s personal, sometimes sexually explicit, messages on a government-owned pager, saying it did not violate his constitutional rights. The Court was unanimous in reversing a federal appeals court ruling that sided with the Ontario, Calif., SWAT team officer. Justice Anthony Kennedy wrote for the Court that the officer, Sgt. Jeff Quon, could not assume “that his messages were in all circumstances immune from scrutiny.” But Kennedy said the Court purposely avoided a broader ruling about employees’ expectations of privacy when using equipment provided by their employers because of rapid and unpredictable changes in technology. Many employers tell workers there is no guarantee of privacy in anything sent over their company- or government-provided computers, cell phones or pagers. Ontario has a similar policy, but a police official also informally told officers that no one would audit their text messages if the officers personally paid for charges above a monthly allowance. The 9th U.S. Circuit Court of Appeals in San Francisco said the informal policy was enough to give the officers a “reasonable expectation of privacy” in their text messages and establish that their constitutional rights had been violated. Kennedy said that it is true that many employers accept or tolerate personal communications on company time and equipment. But he suggested that employees who want to avoid the potential embarrassment of having those communications revealed might “want to purchase and pay for their own” cell phones and other devices. http://www.law.com/jsp/article.jsp?id=1202462775992&rss=newswire Quon decision (17June 2010) - http://www.law.cornell.edu/supct/html/08-1332.ZS.html [Editor: any other result would have been surprising; employers retain logical rights of control and inspection over equipment they own, and remain largely free to (re)set employee privacy expectations.] Utah Attorney General Mark Shurtleff Uses Twitter To Announce Execution (TechCrunch, 18 June 2010) - A sign of the times, although many may find it distasteful, or much worse: Utah Attorney General Mark Shurtleff used a mobile Twitter client to send out a tweet announcing the impending execution by firing squad of convicted murderer Ronnie Lee Gardner. As the BBC notes, quite a modern way to announce a very old-fashioned death. In total, the AG sent out 3 tweets about the event from his iPhone only a couple of hours ago, the most recent one an all-too-familiar (on Twitter) self-promoting one: 1) A solemn day. Barring a stay by Sup Ct, & with my final nod, Utah will use most extreme power & execute a killer. Mourn his victims. Justice 2) I just gave the go ahead to Corrections Director to proceed with Gardner’s execution. May God grant him the mercy he denied his victims. 3) We will be streaming live my press conference as soon as I’m told Gardner is dead. Watch it at http://www.attorneygeneral.Utah.gov/live.html http://techcrunch.com/2010/06/18/mark-shurtleff-twitter/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=Google+Reader Google And Twitter Tell Appeals Court That ‘Hot News’ Doctrine Is Obsolete (TechDirt, 22 June 2010) - It looks like Google and Twitter have decided to weigh in on the closely watched lawsuit between TheFlyOnTheWall.com and Barclays, which has helped bring back the hot news doctrine, which creates an monopoly right on news reporting. This is quite worrisome for a whole variety of reasons, and as the appeals court considers the case, Google and Twitter have filed an amicus brief worrying about the implications of allowing the hot news doctrine to stand: “News reporting always has been a complex ecosystem, where what is ‘news’ is often driven by certain influential news organizations, with others republishing or broadcasting those facts—all to the benefit of the public,” the companies said in the filing. Google and Twitter argued that upholding the district court’s decision would give those who obtained the news first strong incentives to block others from obtaining the same information.” http://techdirt.com/articles/20100622/0144239913.shtml Calif. Justices Say Junk E-Mail Messages Don’t Violate Anti-Spam Law (Law.com 22 June 2010) - Those e-mail messages offering good credit rates from several seemingly independent sources? They might be annoying, but they’re not illegal. That’s what the California Supreme Court said in a ruling released Monday (pdf). “We find,” Justice Ming Chin wrote for a unanimous court, “that a single e-mail with an accurate and traceable domain name neither contains nor is accompanied by ‘misrepresented … header information’ ... merely because its domain name ... is ‘random,’ ‘varied,’ ‘garbled’ and ‘nonsensical’ when viewed in conjunction with domain names used in other e-mails. “An e-mail with an accurate and traceable domain name,” he continued, “makes no affirmative representation or statement of fact that is false.” The suit was filed by Craig Kleffman, who accused Vonage Holdings Corp. of violating the state’s anti-spam act by sending him 11 e-mail messages with headers that made each seem as if it came from a different source. The e-mail messages—headed by such names as urgrtquikz.com and struggletailssite.com—offered broadband telephone services. But the high court held that even if the messages were intended to bypass computers’ spam filters, they were not misrepresentations. http://www.law.com/jsp/article.jsp?id=1202462896750&rss=newswire ACLU: FBI Used ‘Dragnet’-Style Warrantless Cell Tracking (CNET, 22 June 2010) - To nab a pair of men accused of robbing banks in Connecticut, court documents show the FBI turned to a novel investigative technique last year: warrantless monitoring of the locations of about 180 different cell phones, court documents show. The FBI obtained a secret order--it has not been made public--commanding nine different telephone companies to provide federal police “with all cell site tracking data and cell site locator information for all incoming and outgoing calls to and from the target numbers.” But because the U.S. Justice Department did not obtain a warrant by proving to a judge that there was probable cause to suspect criminal activity, there’s now a risk that the evidence from the location surveillance may be tossed out of court as illegally obtained. (Here’s a list (PDF) of the phone numbers tracked.) An attorney for Luis Soto, one of two brothers accused of stealing about $90,000 from Webster Bank and New Alliance Bank, asked a Connecticut judge on May 18 to suppress the location information, saying “the government obtained information that could be used to track the movements and locate the whereabouts at specific times of up to 180 people.” On Friday, the ACLU and the Electronic Frontier Foundation submitted a friend-of-the-court brief (PDF) agreeing with the defense. It says: “Because cell site location information implicates an expectation of privacy that society is prepared to recognize as reasonable, the Fourth Amendment requires that the government obtain a warrant based on probable cause prior to collecting this information.” The Obama administration has argued that no search warrants are needed; it says what’s needed is only a 2703(d) order, which requires law enforcement to show that the records are “relevant and material to an ongoing criminal investigation.” Because that standard is easier to meet than that of a search warrant, it’s less privacy-protective. In the Connecticut bank robbery case, the Justice Department has not yet directly replied to Soto’s motion. But earlier papers that prosecutors filed say that “the government selected the numbers in its cell site order by looking at the telephone numbers calling and being called by the known phone numbers at or around the time of each robbery.” “For each call the records provide a cell tower number,” the government’s brief says. “The cell tower number can then be looked up in other certified records, which gives a latitude and longitude for the tower location. Then any publicly available mapping tool (the government has used Google Maps) can be used to find the location of the tower.” In that case, the Obama administration has argued that warrantless tracking is permitted because Americans enjoy no “reasonable expectation of privacy” in their--or at least their cell phones’--whereabouts. U.S. Department of Justice lawyers say that “a customer’s Fourth Amendment rights are not violated when the phone company reveals to the government its own records” that show where a mobile device placed and received calls. http://news.cnet.com/8301-31921_3-20008444-281.html?part=rss&amp%3Bsubj=news&amp%3Btag=2547-1_3-0-20&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+CnetNewscomMobile+%28CNET+News.com+Front+Door%29&utm_content=My+Yahoo Obama Administration Aims to Protect Identities in Cyberspace (Nat’l Journal, 22 June 2010) - Information technology geeks, start your engines. The Obama administration on Friday plans to release the latest draft of its strategy for identification and authentication in cyberspace, Howard Schmidt, White House cybersecurity coordinator, said today. The National Strategy for Trusted Identities in Cyberspace, which is expected to recommend changes to privacy laws and set policies for verifying identities during online transactions, will be open for public comment with an aim toward getting Obama’s final approval in the fall, Schmidt said at a cybersecurity conference organized by Symantec. The goal is to strengthen protections against identity theft and online fraud, but to do so in a way that is not disruptive for businesses and consumers, Schmidt said. “We should not have to dramatically change the way we do business,” he added. Schmidt said the administration wants to work with the private sector to develop what he termed an “identity ecosystem.” http://techdailydose.nationaljournal.com/2010/06/obama-administration-aims-to-p.php Next Supreme Court Nominee’s Emails Now Searchable Gmail Style (ReadWriteWeb, 23 June 2010) - Historical records are hard to look through casually. One solution is being explored in the case of Supreme Court Justice nominee Elena Kagan’s archive of emails sent while working for the Clinton administration. That body of data is now presented in a web-based interface that looks a lot like Gmail and is open to full-text search, thanks to the watchdog Sunlight Foundation. Elena’s Inbox is a thought-provoking project that could inspire future efforts to facilitate citizen evaluation of public records, and Sunlight has open-sourced the code used to build it. As it stands, the microsite is a fun and interesting peek inside the Clinton administration’s day to day operations. It’s hard to imagine any previous political nominee facing this degree of public transparency. Kagan was a legal eagle for Clinton, holding two different positions over five years. In that time, she sent just under five thousand emails. Some of the emails are amusing, others enlightening, others still are both. This is a fun interface for looking through these texts, but the limitations are quickly evident as well. Full text search works well when it’s your own email you’re searching through, but when you don’t know what language someone else uses to discuss certain topics, full text search feels inadequate. If a site like this incorporated collaborative user tagging of emails into topical buckets, that would make it all the more interesting. It would also be in character for the Sunlight Foundation. http://www.readwriteweb.com/archives/elena_kagan_emails.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+readwriteweb+%28ReadWriteWeb%29&utm_content=Google+Reader Tech Champion, Watchdog Heads To Google (CNET, 23 June 2010) - Fred von Lohmann, likely the technology’s sector most recognized legal advocate, has called it quits as senior staff attorney for the Electronic Frontier Foundation. One of Grokster’s lead attorneys in the landmark MGM v. Grokster case, von Lohmann confirmed he is leaving EFF to take a job as Google’s senior copyright counsel. In an e-mail Wednesday, von Lohmann declined to comment further. If you’re a fan of unimpeded innovation, the free distribution of content over the Web, and Internet users’ right to privacy then you should take your hat off to von Lohmann. The way his supporters see it, von Lohmann has toiled to prevent tech start-ups accused of copyright violations from being stomped into jelly by mammoth entertainment conglomerates. Jonathan Zittrain, a Harvard law professor and co-director of Harvard’s Berkman Center for Internet & Society, said von Lohmann reminds him of the fictional Dr. Seuss character, The Lorax, a defender of the environment. It’s like “‘I am the Lorax and I speak for the trees,’” Zittrain said. “To me Fred is somebody who has been in the trenches as a litigator and that means you must take views and stick with them to do battle. Yet, I don’t know him as ideologically inflexible. “It’s rare to see somebody in the trenches that long and adopt and stick by structured positions but who has some flexibility to say ‘What is the right answer here?’” Zittrain continued. “That’s why those that may have had interests implicated by EFF policies and positions may have had reason to fear him but not consider him a foe.” http://news.cnet.com/8301-31001_3-20008586-261.html YouTube Gets Decisive Win in Viacom/FAPL Case (Eric Goldman, 23 June 2010) - The Viacom v. YouTube case has been noteworthy for numerous reasons. It involves the cherished Internet brands YouTube and Google, it’s been going on forever (see my initial blog post on Viacom’s complaint from March 2007), and it’s generated lots of water cooler talk (see the salacious details from the parties’ summary judgment motions). Now, the case is also noteworthy because it hands YouTube a clean and decisive win on the DMCA 512(c) safe harbor. The ruling basically says that the current industry standard practices of notice-and-takedown for user-caused copyright infringement satisfies the safe harbor. Although this seems like an uncontroversial result when stated like that, the reality is that copyright owners have repeatedly angled to get a better deal than Congress gave them in 512. This case will squelch many of those copyright owner requests to force service providers to go beyond current industry-standard practices. Of course, we have to see how the opinion fares on appeal. The opinion stays above the fray and avoids most of the messy facts from the parties’ voyeuristic filings earlier this year. On the decisive question of what constitutes YouTube’s actual knowledge or red flags awareness of infringement, the court immediately turns to the legislative history. Fortunately for YouTube, the legislative history is replete with defense-favorable statements. Thus, the court summarizes the legislative history by saying its “tenor” requires that service providers have “knowledge of specific and identifiable infringements of particular individual items. Mere knowledge of prevalence of such activity in general is not enough.” Subsequently, the court reinforces that “General knowledge that infringement is ‘ubiquitous’ does not impose a duty on the service provider to monitor or search its service for infringements.” The court supports these conclusions by noting the difficulty service providers have monitoring/policing large databases of UGC and the fact that the notice-and-takedown system worked well in Viacom’s case when it actually submitted notices. The court also favorably cites the ccBill, UMG v. Veoh, Corbis v. Amazon and Tiffany v. eBay cases. By doing so, the court subtly does two things. First, it imports 9th Circuit 512 jurisprudence into a 2nd Circuit-bound court, and second, it imports the 2nd Circuit’s recent secondary trademark liability analysis into a copyright case. Both moves also favored YouTube. The latter is particularly interesting because it seems to accept a notice-and-takedown regime for trademark--not the statutory requirement, but nevertheless the logical implication of Tiffany v. eBay. Perhaps we are seeing some convergence in secondary copyright and secondary trademark infringement cases, despite their different statutory foundations. http://blog.ericgoldman.org/archives/2010/06/youtube_gets_de.htm With All It Considers, NPR Music Is Growing (NYT, 24 June 2010) - Music has long been part of NPR’s identity, but perhaps never more than in recent years, as its NPR Music Web site has become an increasingly popular outlet for artists and music fans. The site, at http://www.npr.org/music, features many artists who don’t get heavy airplay on commercial radio, from the soprano Renée Fleming to the jazz musician Fred Hersch. But big-name pop acts get attention too. This month the Web site streamed 45 shows from the Bonnaroo festival, including the sets by the Dave Matthews Band and Tori Amos. More than 40 can still be found on the Web site. And on Wednesday NPR Music went mobile, introducing an iPhone application that provides a platform for the more than 300 pieces of new content — from videos to blog posts, podcasts to live concerts — that are added to the site each month. Music coverage is nothing new to public radio. But Kinsey Wilson, NPR’s general manager of digital media, said that since the music site went live in 2007, its staff has “provided a hub where things can originate,” rather than have music coverage spread across its news and culture desks. Mr. Wilson said that he had been skeptical about including so many genres under one roof — jazz, hip-hop, rock, world and classical — but that he had been proven wrong. The number of people coming to the site continues to increase, to about 1.7 million unique users in May. And the site has plans to expand its coverage of other genres too, especially Latin music. http://www.nytimes.com/2010/06/24/arts/television/24npr.html?scp=1&sq=NPR%20music&st=cse Study: Open-Source Making Significant Traction in the Enterprise (ReadWriteWeb, 24 June 2010) - Open source software is at an inflection point in the enterprise. According to a survey by Accenture, more than two-thirds of organizations anticipate increases in investments this year. Almost 40% said that they expect to migrate mission-critical software to open-source within the next 12 months. The survey is in line with a market that is validating the use of open-source in the enterprise. This is illustrated by Red Hat’s most recent financial results. In the past year, Red Hat’s revenues are up 20%. All parts of its business are showing growth with particular strength in middleware. The company signed the largest deal in its history during the last quarter. According to Datamation, Red Hat renewed all of its top 25 deals during the quarter at over 120 percent of their original value. Accenture surveyed 300 blue-chip organizations in both the public and private sector. Half of the respondents are fully committed to open source. The survey further validates Red Hat results in its findings that 88% of all companies that use open-source will increase their investments in 2010. Some of the other findings in the survey: • In both the United States and the United Kingdom, respondents cited quality and improved reliability as the key benefits to open-source. A total of 70% cited improved reliability and 69% said they are finding better security and bug fixing. • Cost is a huge driver. Of the respondents, 71 percent sad they believed they could save in software maintenance costs. They also cited savings in total cost of ownership and development costs. • Companies still don’t want to share their own open-source. Less than a third say they do. This may be one of the biggest concerns as open-source goes in-house and not shared with the community. It’s this sharing that gives open-source its strength. • The public sector is lagging in the adoption of open-source. http://www.readwriteweb.com/enterprise/2010/06/study-open-source-making-signi.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+readwriteweb+%28ReadWriteWeb%29&utm_content=Google+Reader LOOKING BACK - MIRLN TEN YEARS AGO ALL STATES SHOULD HAVE ONLINE VOTING BY 2004 (Newsbytes, 6 November 2000) - A report from Gartner says that all 50 states should offer Internet voting by the time of the 2004 presidential election. However, Gartner’s Christopher Baum says obsolescence may be behind the move online rather than technological innovation. He looked at the buying cycle for mechanical voting machines and found that 35 percent of states and counties were still using voting machines in 1996 that employ a technology invented in the 1890s. The question for governments, Baum says, is whether they should buy expensive voting machines or move voting online. Bill Kimberling, deputy director of the Federal Election Commission’s Office of Election Administration, says a significant majority of states are using direct electronic systems for voting. He says that online voting in 2004 is “wishful thinking” because of security and voter verification issues. MIRLN 2010-06-25T18:23:00-07:00 http://knowconnect.com/mirln/article/mirln_16_may_5_june_2010_v1308/ http://knowconnect.com/mirln/article/mirln_16_may_5_june_2010_v1308/#When:21:07:00Z (supplemented by related Tweets: http://twitter.com/vpolley #mirln) • Court Rules the Residential Address, Home Telephone Number and Personal Email of ODE Licensees Are Not Public Record • Real Legal Issues With Virtual Currencies • “Internet Privacy is A Fallacy,” Court Says • JustMed, Inc. v. Byce: A Tech Upset • Google Data Admission Angers European Officials • Federal Judiciary Launches Enhanced Website • Duke to Shut Usenet Server, Home to the First Electronic Newsgroups • Indiana Supreme Court Turns to Twitter • Digital Books, Their Readers, and Privacy • EFF: Forget Cookies, Your Browser Has Fingerprints • ‘Hot News’ and the ‘Duty to Police’ It • Obama Technology Adviser Reprimanded For Ethics Violation • Cloud Service Users Face Confusing Legal Landscape • Connecticut Supreme Court Finds Call Records on Cell Phone Protected by Fourth Amendment • Computer Network Attacks In U. S. Law and Doctrine • Microsoft to Give Governments Heads Up on Security Vulnerabilities • Reducing the ESI Burden of Privilege Logs • How Social Media is Changing Government Agencies • Seventh Circuit Vacates Contempt for E-Mail Barrage • CFAA Can Protect Trade Secrets • State Department Moves from Telegrams to Wikis • Harvard’s Paper Cuts -School Library Works to Maintain Stature in the Shift to Digital • UK Law Firm Inks $852 Million Outsourcing Deal • The 15 Funniest Tweets From The Fake BP Twitter Account o Oilaholic: Oil Spill Goes Real-Time • DHS Official: Cybersecurity Is Industry Responsibility • Pentagon: Let Us Secure Your Network or Face the ‘Wild Wild West’ Internet Alone • Business Continuity, Not Data Breaches, Among Top Concerns for Tech Firms • FTC Postpones ‘Red Flags’ Identity Theft Rule • End Zone to War Zone: Pentagon Wants NFL Tech for Battlefield Replays NEWS | PODCASTS | RESOURCES | FUN | LOOKING BACK | NOTES Court Rules the Residential Address, Home Telephone Number and Personal Email of ODE Licensees Are Not Public Record (Dinsmore & Shohl, 11 May 2010) - The Franklin County Court of Common Pleas recently issued a decision on the Ohio Education Association’s (OEA) request for a permanent injunction preventing the Ohio Department of Education (ODE) from releasing or publishing certain information concerning individuals licensed by ODE. Therein, the court held that the residential address, home telephone number, and personal email address of ODE’s licensees are not “records” and are thus not required to be disclosed under the Public Records Act (“PRA”). http://www.dinslaw.com/ohio_education_law_monthly_may_2010/#page=1 Real Legal Issues With Virtual Currencies (Network World, 12 May 2010) - Attorney J. Dax Hansen is a partner at Perkins Coie LLP in Seattle. With contributions from his colleagues Andrew H. Grant and Kirk Soderquist, he has written an interesting legal perspective on the growing use of synthetic or virtual currencies in massively multiplayer online role-playing games (MMPORG) and virtual worlds such as Second Life. The remainder of this column and the following are entirely their work with minor edits… “Points,” “coins,” “bucks” and other forms of virtual currency are becoming standard offerings for online game sites, social media sites, retailers and other businesses. Virtual currency systems generate revenue, provide low cost alternatives to credit cards for micropayments, offer prepaid solutions appealing to youth and other users without credit cards, and help companies build attractive loyalty programs. Although virtual currency systems are often used to sell digital content, they continue to become more complex - approximating real world currency as they allow purchase of physical goods and services from multiple merchants, offer cash redemption options, and facilitate peer-to-peer payments. Even though the currency may be virtual, these systems pose real legal issues - both for issuers of the virtual currency and potentially for other network service providers and partners. Issuing virtual currency could subject an issuer to various state and federal regulatory regimes with wide ranging operational, financial and liability implications. These implications include restrictions on an issuer’s ability to expire the virtual currency or impose inactivity fees, requirements to give cash back for unused virtual currency, obligations to remit unused virtual currency balances to states, potential regulation as a financial institution, requirements to structure systems to avoid illegal lotteries, and privacy and data security issues. This pair of articles highlights several key legal considerations and offers practical tips for companies that operate - or are considering developing - virtual currency systems. http://www.networkworld.com/newsletters/sec/2010/051010sec2.html?source=NWWNLE_nlt_security_2010-05-14 “Internet Privacy is A Fallacy,” Court Says (Steptoe & Johnson’s E-Commerce Law Week, 13 May 2010) - A New York court gave this dismal assessment of the state of online privacy in dismissing criminal charges against an employer who used a keystroke monitor to record the personal emails of an employee. The court essentially flipped the usual approach to employer monitoring cases on its head, reasoning that employees have no expectation of privacy in their workplace communications unless they take affirmative steps to carve out a zone of privacy. Moreover, the court’s strong dismissal of any notion of privacy in email—though contrary to the holding of the vast majority of decisions that have touched on the issue—may be cited in future cases not only by employers, but also by the government and by hackers when their access to computers or communications is challenged in court. http://www.steptoe.com/publications-6846.html JustMed, Inc. v. Byce: A Tech Upset (Sonnenschein, 12 May 2010) - For early stage technology companies the definitions of independent contractor and employee for determining copyright ownership may have changed. In a case that could alter the landscape as to who is considered an employee when it comes to “work for hire” and copyright ownership in the world of technology based start-ups, the United States Court of Appeals for the Ninth Circuit relaxed the rules on who is considered an employee versus an independent contractor for the purposes of considering where work is considered a “work for hire.” In JustMed, Inc. v. Byce, 2010 U.S. App. LEXIS 6976 (9th Cir. Apr. 5, 2010), the Ninth Circuit was asked to decide whether JustMed, Inc., a small technology start-up company, or Michael Byce, a software developer working remotely, owned the source code that Byce engineered while working for JustMed. The Court’s analysis distinguished between technology start-up businesses, which are well known for the informal manner in which they are formed and operate—a handful of people working in a garage and programming their computers—and more established companies, where formalities regarding employment tend to be more rigorously observed. The Court found that Byce qualified as an “employee” of JustMed, and his work belonged to them, despite the fact that he: • worked from home in Idaho, • worked on his own computer, and • worked without much direction from Oregon-based JustMed. Ordinarily, those factors would favor finding Byce to be an independent contractor. In addition: • Byce and JustMed had no written employment agreement, • Byce never filled out an I-9 employment form, • Byce filed his first W-4 tax withholding form in 2005 - a year after beginning full-time work on the source code in 2004, • JustMed did not issue a W-2 for Byce, • JustMed did not withhold taxes, pay workers’ compensation, or pay unemployment insurance for Byce, and • JustMed did not provide any employment benefits for Byce, or report his employment to the state. Byce was nevertheless deemed an employee because: • he was not hired for a specific term, • he was not hired to work on a discrete project, • he worked with JustMed on projects other that the source code, • he updated the company’s Web site, • he demonstrated the company’s product at trade shows, • he was listed in the company’s brochure, • he was issued a business card, under the title of either “Director of Research and Development” or “Director of Engineering,” and • he asked for a cash salary (after initially being paid in company stock), even though he never deposited his paychecks. http://www.sonnenschein.com/pubs/pub_detail.aspx?id=56344&type=E-Alerts#page=1 Google Data Admission Angers European Officials (NYT, 15 May 2010) - European privacy regulators and advocates reacted angrily Saturday to the disclosure by Google, the world’s largest search engine, that it had systematically collected private data since 2006 while compiling its Street View photo archive. After being pressed by European officials about the kind of data the company compiled in creating the archive — and what it did with that information — Google acknowledged on Friday that it had collected snippets of private data around the world. In a blog post on its Web site, the company said information had been recorded as it was sent over unencrypted residential wireless networks as Google’s Street View cars with mounted recording equipment passed by. The data collection, which Google said was inadvertent and the result of a programming error, took place in all the countries where Street View has been catalogued, including the United States and parts of Europe. Google apologized and said it had not used the information, which it plans to delete in conjunction with regulators. But in Germany, Google’s collection of the data — which the company said could include the Web sites viewed by individuals or the content of their e-mail — is a violation of privacy law, said Ilse Aigner, the German minister for food, agriculture and consumer protection. In a statement Saturday, her ministry demanded a full accounting. http://www.nytimes.com/2010/05/16/technology/16google.html?partner=rss&emc=rss Federal Judiciary Launches Enhanced Website (US Courts, 15 May 2010) - The Federal Judiciary’s website, http://www.uscourts.gov, today unveils a host of enhancements. The site has been redesigned to make it more attractive, accessible, and useful to its diverse audience of users. The improvements further the website’s mission of increasing public interest, awareness, and understanding of the federal court system and its functions, and to serve as a source for disseminating Federal Judiciary information to the public. Among the enhancements: • Email Delivery Service: Interested users can subscribe to uscourts.gov email updates. When Judiciary news releases, Newsroom updates, notifications of new publications, emergency notifications and significant content updates are made, a notification is sent directly to the subscribers’ email addresses. Each subscriber can choose to receive alerts on topics of particular interest or alerts for all updates. Subscriptions are free, and can be canceled or updated at any time. • Multimedia – video, podcasts, photos, YouTube Channel: Videos have been available on uscourts.gov for several years, with a focus on civic education and highlighting news. Recently, the focus was expanded to feature two informational video series – Bankruptcy Basics and Working for the Federal Judiciary. Photo slide shows have been added, to include and illustrate such topics as naturalization ceremonies, educational outreach programs, and Judiciary news. • The website will feature expanded use of multimedia, including a link to the Judiciary’s YouTube Channel, http://www.YouTube.com/uscourts, which is a joint initiative of the Administrative Office of the U.S. Courts and the Federal Judicial Center. • Widgets: A widget is a portable chunk of computer programming code that can be embedded in a Web page to add dynamic content. For example, an organization could take a widget from uscourts.gov and install it in their website homepage to receive continuous Federal Judiciary news updates directly. • Read-aloud service: Web text is read aloud for users who find it difficult to read online, a useful tool for those who have difficulty reading or are mildly visually impaired. This free program also allows users to download portable files from uscourts.gov and listen to it later. http://www.uscourts.gov/News/NewsView/10-05-15/Federal_Judiciary_Launches_Enhanced_Website.aspx Duke to Shut Usenet Server, Home to the First Electronic Newsgroups (Duke Today, 17 May 2010) - This week marks the end of an era for one of the earliest pieces of Internet history, which got its start at Duke more than 30 years ago. On May 20, Duke will shut down its Usenet server, which provides access to a worldwide electronic discussion network of newsgroups started in 1979 by two Duke graduate students, Tom Truscott and Jim Ellis. Working with a graduate student at UNC-Chapel Hill, they came up with a simple program to exchange messages and files between computers at Duke and UNC using telephone modems. The “Users Network,” Usenet for short, grew into an international electronic discussion forum with more than 120,000 newsgroups dedicated to various topics, from local dining to computer programming languages. Each group had a distinctive name such as soc.history or sci.math. Usenet also played an integral role in the growth of the popularity of the Internet, said Dietolf Ramm, professor emeritus of computer science. At the time, a connection to the Internet was not only expensive but required a research contract with the federal Advanced Research Projects Agency. “ARPA had funded a few schools to begin the early stages of Internet, but most schools didn’t have that,” said Ramm, who worked with the students who developed Usenet. “Usenet was a pioneering effort because it allowed anybody to connect and participate in communications.” Many social aspects of online communication – from emoticons and slang acronyms such as LOL to flame wars – originated or were popularized on Usenet. Duke users can still access Usenet archives – the largest collection of posted online messages – through Google Groups. http://www.dukenews.duke.edu/2010/05/usenet.html Indiana Supreme Court Turns to Twitter (Indiana Business Journal, 18 May 2010) - 
Expanding what it describes as its communication plan, the Indiana Supreme Court is using the social media platform of Twitter to get word out about new rulings, transfer grants and denials, and other court-related events.
 In a statement, the Supreme Court notes that court-watchers may be surprised about the use of the 140-character social media platform instead of 140-page legal documents detailing court business. But times are changing.

 “Social media is changing the way people receive information,” Chief Justice Randall T. Shepard said in a news release. “Using new media will allow us to ensure that the press and the public can follow the work of the Judicial Branch.”

 The Indiana Courts Twitter page can be found online at http://twitter.com/incourts, and online users also can sign up for RSS feeds for other court-related services such as the Indiana Court Times, the Indiana Judicial Center legislative blog, notice of Supreme Court oral arguments, the Judicial Technology Automation Committee’s blog called Bites & Bytes, and the court’s YouTube channel. http://www.ibj.com/indiana-supreme-court-turns-to-twitter-/PARAMS/article/20011 Digital Books, Their Readers, and Privacy (Media Law Prof Blog, 18 May 2010) - Jennifer Lynch, Samuelson Law, Technology & Public Policy Clinic, and Nicole Ozer, ACLU of Northern California, have published “Protecting Reader Privacy in Digital Books,” presented at the Association for the Advancement of Artificial Intelligence Privacy 2010 Symposium. Here is the abstract. What you choose to read says a lot about who you are, what you value, and what you believe. That’s why you should be able to learn about anything from politics to health without worrying that someone is looking over your shoulder. However, as books move into digital form, new reader privacy issues are emerging. In stark contrast to libraries that retain as little information about readers as possible, digital book services are capturing detailed information about readers: who they are, what books they browse and read, and even how long a given page is viewed, and the notes written in the “margins.” Without strong privacy protections, all of this browsing and reading history can be collected, analyzed, and may end up in the hands of the government or third parties without a reader’s knowledge or consent. 

Retaining and strengthening reader privacy in the digital age requires a thorough examination of the potential privacy and free speech implications of digital book services and of the laws and policies that are needed to properly protect readers. Part I of this article discusses the history of strong legal and policy protections for reader privacy. Part II discusses current developments in digital book services. Part III discusses emerging privacy and free speech issues related to digital book services. Part IV proposes some policy and legislative solutions. http://lawprofessors.typepad.com/media_law_prof_blog/2010/05/digital-books-their-readers-and-privacy.html SSRN link: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1588187 EFF: Forget Cookies, Your Browser Has Fingerprints (Computerworld, 18 May 2010) - Even without cookies, popular browsers such as Internet Explorer and Firefox give Web sites enough information to get a unique picture of their visitors about 94 percent of the time, according to research compiled over the past few months by the Electronic Frontier Foundation. The research puts a quantitative assessment on something that security gurus have known about for years, said Peter Eckersley, the EFF senior staff technologist who did the research. He found that configuration information—data on the type of browser, operating system, plugins, and even fonts installed can be compiled by Web sites to create a unique portrait of most visitors. This means that most Internet users are a lot less anonymous than they believe, Eckersley said. “Even if you turn off cookies and you use a proxy to hide your IP address, you could still be tracked,” he said. The data doesn’t actually identify the Web user, but it creates a unique browser “fingerprint,” that can be used to identify the user when he visits other Web sites. Using JavaScript, Web sites are able to probe PCs and learn a lot. No single piece of data is enough to identify the visitor on its own, but when it’s all strung together—browser version, language, operating system, time zone details—a clearer picture emerges. Some things—what combination of plugins and fonts are installed, for example—can be a dead giveaway. http://www.computerworld.com/s/article/9176904/EFF_Forget_cookies_your_browser_has_fingerprints?source=CTWNLE_nlt_dailyam_2010-05-18 ‘Hot News’ and the ‘Duty to Police’ It (Law.com, 18 May 2010) - The public interest in timely news has never been greater. News originators—traditional news organizations and news services that make costly investments in reporters, editors, and bureaus—have responded by going where more and more readers are: on the internet. Today, most original news content can be found, for free, on publishers’ websites or licensed sites. However, originators face challenges: They must compete for internet viewers and advertising dollars with an array of third-party news services, often called “news aggregators,” that do no original reporting but instead copy and distribute news content from originator sites without permission. To protect their interest in the content they gather at a cost, originators are now asserting their rights in court, often through suits alleging “hot-news” misappropriation. This doctrine, nearly a century old, was for many years considered something of a historical oddity, but it has gained new relevance as timely news information has become valuable to a variety of digital platforms. However, a recent decision of the U.S. District Court for the Southern District of New York suggests that, in a world where many aggregators are copying the news content of one originator, one lawsuit may not be sufficient—equitable principles may require originators to restrain misappropriation of their content by other parties as well. This article will review this suggested “duty to police” in Barclays Capital Inc. v. Theflyonthewall.com, No. 06 Civ. 4908, 2010 WL 1005160 (S.D.N.Y. March 18, 2010), and its potential negative consequences for news originators. http://www.law.com/jsp/article.jsp?id=1202458321278&rss=newswire# [Editor: quite interesting and useful] Obama Technology Adviser Reprimanded For Ethics Violation (Washington Post, 19 May 2010) - A White House technology adviser hired from Google was reprimanded for improperly contacting former colleagues in violation of Obama administration ethics rules, a spokesman said. U.S. Deputy Chief Technology Officer Andrew McLaughlin, Google’s former head of global public policy, exchanged e-mails with “his former employer on topics within the scope of his official duties,” which is prohibited by President Obama’s ethics policies, Rick Weiss, a spokesman for the Office of Science and Technology Policy, said Tuesday in an e-mail. McLaughlin’s decision to join the administration last year highlighted connections between Google and the White House. Google chief executive Eric Schmidt, who backed Obama’s campaign for president, is part of Obama’s council of advisers on science and technology. http://www.washingtonpost.com/wp-dyn/content/article/2010/05/18/AR2010051805957.html?wpisrc=nl_tech Cloud Service Users Face Confusing Legal Landscape (Network World, 18 May 2010) - Cloud computing has great benefits for businesses but legal uncertainties threaten to hamper adoption, said a group of lawyers speaking during a seminar in Seattle this week. “We will have to create a robust legal system and we will have to do it sooner rather than later and before we have the cloud computing equivalent of an offshore oil rig blowout,” said Barry J. Reingold, a partner at Perkins Coie in Washington, D.C. Lawyers speaking at the Law Seminars International event on Monday offered advice about the types of research companies should do before signing up for cloud services to make sure they can protect themselves from potential legal fallout. One of the most important issues facing companies that wish to store or process data in the cloud is determining which legal systems have jurisdiction over the data. “It’s a can of worms,” said Andy James, a lawyer with Osborne Clarke. http://www.networkworld.com/news/2010/051810-cloud-service-users-face-confusing.html?source=NWWNLE_nlt_daily_am_2010-05-19 Connecticut Supreme Court Finds Call Records on Cell Phone Protected by Fourth Amendment (Steptoe & Johnson’s E-Commerce Law Week, 18 May 2010) -The majority of courts have held that telephone call records are not protected by the Fourth Amendment because those records are shared with third parties—namely, the phone company. But the Connecticut Supreme Court recently distinguished those cases, finding in Connecticut v. Boyd that call records that are found on the cell phone itself are protected by the Fourth Amendment, and thus may be searched only with a warrant. This case would seem a likely candidate for U.S. Supreme Court review given its adverse impact on law enforcement. If it is not taken up by the High Court, it would likely be because the Connecticut Supreme Court ultimately upheld the trial court’s decision to admit the call logs on the ground that the seizure of the cell phone and the search of its contents were valid under the “automobile exception” to the Fourth Amendment’s warrant requirement. http://www.steptoe.com/publications-6868.html Computer Network Attacks In U. S. Law and Doctrine (Media Law Prof Blog, 19 May 2010) - Paul Walker, U. S. Navy Judge Advocate General’s Corps, has published Rethinking Computer Network ‘Attack’: Implications for Law and U.S. Doctrine, forthcoming in the Journal of National Security Law & Policy. Here is the abstract: “Because much of current legal scholarship uncritically accepts either popular, hacker-based notions of computer “attacks” or the definition of “computer network attack” used in United States military doctrine, a critical approach to what constitutes an “attack” under international humanitarian law is needed. First making the case that the definition of “attack” in Article 49 of Additional Protocol I is customary international law, the article examines a number of methodologies that can provide the appropriate determination that an “act of violence” involving computers, computer networks or information systems has occurred. Of the three methodologies examined, the consequence-based method is the most appropriate. This methodology is applied to two information-based capabilities, distributed denial-of-service (DDoS) actions and chip-level actions, to determine whether or not these types of actions are, in fact, “attacks” under IHL. The article concludes that DDoS actions-- despite widespread belief to the contrary-- do not rise to the level of an attack under IHL. Chip-level actions may constitute IHL attacks if the foreseeable consequences involve death, injury to personnel, or destruction of property, which is the case for some, but by no means all, chip-level (and malicious software) actions. In calling for a more rigorous adherence to well-defined legal standards and definitions in the area of information-based warfare, the article concludes with a call to revise the United States definition of “computer network attack” in order to more closely adhere to the definition of attack under IHL.” http://lawprofessors.typepad.com/media_law_prof_blog/2010/05/computer-network-attacks-in-u--s--law-and-doctrine.html SSRN link: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1586504 Microsoft to Give Governments Heads Up on Security Vulnerabilities (FCW, 19 May 2010) - Microsoft will share technical information on security vulnerabilities with some government organizations before it publicly releases security patches to help governments protect critical infrastructure. Government organizations that participate in both of two existing Microsoft programs designed to share security information with governments can get advance access to the vulnerability data through a new pilot program named the Defensive Information Sharing Program (DISP). Microsoft will start the pilot program this summer and begin the full program later this year, said Jerry Bryant, group manager, response communications for Microsoft, in an e-mail statement. Bryant said early access to that information would let the government organizations get an early start on risk assessment and mitigation. “This will allow members [of DISP] more time to prioritize creating and disseminating authoritative guidance for increasing network defensive posture actions,” Bryant said. DISP is one of two pilot programs that Stephen Adegbite, senior security program manager lead in the Microsoft Security Response Center, detailed in a blog post on May 17. Adegbite also described another program, the Critical Infrastructure Partner Program, to share with governments, insights on security policy such as approaches to help protect critical infrastructures. http://fcw.com/articles/2010/05/19/web-microsoft-patch.aspx Reducing the ESI Burden of Privilege Logs (Law.com, 20 May 2010) - Privilege logs were never a fun part of business litigation. There are few tasks more tedious than logging individual pieces of correspondence by date, author, recipients, subject matter, reason withheld, etc. In the era of electronically stored information, the creation of a document-by-document privilege log has gone beyond mere tedium to become one of the more costly elements of an ESI burden that, by itself, may be dissuading businesses from pursuing commercial litigation at all. Something has to be done, say many, or else the burden of ESI discovery will foreclose litigation as an option for resolving modestly sized disputes. The authors of a recent law review article, building upon the work of The Sedona Conference, think they have a solution. http://www.law.com/jsp/article.jsp?id=1202458475215&rss=newswire How Social Media is Changing Government Agencies (Mashable, 20 May 2010) - While many government agencies still tend to employ the “broadcast” model when using social media, some are engaging through hashtags, community building initiatives, and geo-location analysis. These efforts are helping to better inform the public and alert them to public safety emergencies in real-time. A good recent example of this is how the team of energy companies and government agencies responding to the oil spill in the Gulf of Mexico are putting these strategies to use. Here are ways other government agencies, from local law enforcement to the National Weather Service, are seizing on these tools to improve their services. At the most basic level, social media is about community building. Government agencies have adopted this mindset to varying degrees as a way to foster trust and dialogue with people. “It is truly a national town hall that has never been attempted during a disaster,” said Commander James Hoeft of the U.S. Navy, who oversees the cleanup effort’s social media team. The idea has been implemented in parts of the U.S. government to varying degrees. In 2008, Admiral Thad Allen of the U.S. Coast Guard sent out a service-wide message saying, “[To] modernize the Coast Guard we must learn how to effectively use social media tools to enhance our ability to perform as a more transparent, change-centric organization.” The Coast Guard has since deployed a series of Flickr, YouTube and Twitter accounts, both at the headquarters and regional levels, as a part of The Coast Guard Compass. Some are better than others, with many serving simply as multimedia RSS feeds. But there are stars, like the Twitter feed for the Portsmouth, VA-based District Five, which discusses their latest coastal rescue operations. http://mashable.com/2010/05/19/government-agencies-social-media/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Mashable+%28Mashable%29&utm_content=Google+Reader Seventh Circuit Vacates Contempt for E-Mail Barrage (Citizen Media Law Project, 21 May 2010) - The Seventh Circuit Court of Appeals has vacated the summary contempt citation and sentence imposed by U.S. District Judge Robert Gettleman after his court e-mail account was inundated with messages after infomercial pitchman Kevin Trudeau urged his supporters to e-mail the judge. FTC v. Trudeau, No. 10-1383, slip op. (7th Cir. May 20, 2010). The appeals court vacated Judge Gettleman’s summary citation of Trudeau for contempt, and the imposition of a 30-day sentence, concluding that such summary contempt proceedings were limited to interference with court proceedings that a judge personally observes, and occurs within the physical boundaries of the court room. The Court noted that the goal of such a summary procedure, in which the judge simply declares someone in contempt and imposes a penalty, is to quickly resolve the disruption and proceed with the court’s business. “The record in this case is devoid of any suggestion that Trudeau’s summary punishment was necessary to restore the court’s ability to resume its duties. “No trial was being disrupted by a failure to comply with a court order.” And, while we credit the judge’s determination that the e-mails “imped[ed] [the court’s] means of communication and caus[ed] the necessity of a threat assessment,” he made no finding that immediate and summary punishment for Trudeau was necessary to solve his communication problems. . .” FTC v. Trudeau, slip op. at 12. http://www.citmedialaw.org/blog/2010/seventh-circuit-vacates-contempt-e-mail-barrage?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+CitizenMediaLawProject+%28Citizen+Media+Law+Project%29&utm_content=Google+Reader CFAA Can Protect Trade Secrets (NY Law Journal, 24 May 2010) - Despite the increased recognition by Congress on the importance of the protection of intellectual property in recent years, it has not seriously considered enacting a federal law protecting trade secrets and has instead focused on amending existing laws including criminal laws that protect intellectual property. Companies and their general counsel ... even when faced with a nightmarish situation when, for example, a number of individuals leave to join a competitor and take with them vitally important trade secrets ... have a variety of imperfect options as to how to proceed. They can report the theft to the local U.S. Attorney for investigation of violations of federal criminal laws, including the Economic Espionage Act. However, there is no assurance that federal authorities will open an investigation and, even if they do so, there is no guarantee that they will prosecute. Indeed, since the Economic Espionage Act was enacted in 1996, the federal government has prosecuted only slightly more than 50 cases. Alternatively or concurrently they can bring a civil action under state or federal law. While a civil action may offer some possibility of redress, state courts may not be equipped to deal with a sophisticated and extremely large and time-consuming theft of trade secrets and, while federal courts may be better equipped to deal with the issues, companies are often foreclosed from bringing an action in federal court because of lack of jurisdiction. In an attempt to get around this issue, companies have sought to establish federal jurisdiction by asserting a violation of the federal Computer Fraud and Abuse Act. Courts, however, are increasingly reluctant to find that the CFAA is a replacement for a federal trade secrets act ... even where the theft involves electronic information ... and have dismissed CFAA claims on the ground that the employee accessed the information with authorization. It is important for general counsel to be aware of this limitation and should institute a trade secret protection program that not only better protects the companies’ trade secrets and confidential information but includes steps that will increase the possibility that a federal court will find jurisdiction under the CFAA in the unfortunate, but increasingly likely event that an employee does steal or attempt to steal a company’s trade secrets. Before turning to the specific steps that a company can take including the outlines of a trade secret protection program, it is first important to understand the limitations of the CFAA and specifically the split between the “narrow” and “broad” view that has arisen in the context of theft of trade secrets. http://www.law.com/jsp/article.jsp?id=1202458635753&rss=newswire State Department Moves from Telegrams to Wikis (ArsTechnica, 24 May 2010) - You might imagine the US State Department as a place awash in paperwork, a sprawling bureaucratic entity that encircles the globe and still passes information between its foreign missions with telegrams. And you would be right. But spurred by an overwhelming need to share and archive on-the-ground knowledge quickly, the State Department has also become a poster child for government use of wikis. Within 15 months of coming up with the idea, State rolled out a working MediaWiki install that it called “Diplopedia.” The site now has 10,000+ articles and receives more than 2,000 visits on an average day. This being a major government project, some changes had to be made—Linux was out, for instance, and “Don’t be a jerk” would “not work as a governance norm for a government agency.” A new paper (PDF), written by a former Diplopedia project lead and a Rice University professor, chronicles the genesis and growth of the wiki in fascinating detail. For instance, the paper makes clear that bringing a wiki into State wasn’t a matter of open source idealism as much as an attempt to solve a practical problem. “Foreign Service Officers (FSOs), who move around the globe, were expected to acquire a degree of expertise rapidly in each new job, but upon leaving the job, this knowledge could be lost,” write authors Chris Bronk and Tiffany Smith. “The organization did not have a strong system where prior job incumbents could be called upon to explain the intricacies of job process or subject matter… ‘How to?’ questions were among the most frequently asked, especially by junior staff.” http://arstechnica.com/tech-policy/news/2010/05/diplopedia-how-the-state-dept-embraced-wiki-diplomacy.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss Harvard’s Paper Cuts -School Library Works to Maintain Stature in the Shift to Digital (Boston Globe, 24 May 2010) - The thin, tattered book, an 1899 dissertation on Homer, written in French, is tucked into one of the more than 40 shelves devoted to the epic poet in the stacks of Widener Library. Collecting obscure works like this one has helped Harvard amass the world’s largest university library. The 16.5 million volumes university wide span a range of esoteric topics, from the manuscripts of Ukrainian political leaders to the field notes of famous horticulturists. Harvard owns so many books, serials, and other items that it now houses nearly half of the collection in a climate-controlled warehouse 25 miles away in Southborough. But the days of accumulating every important title and artifact under the scholarly sun are over for Harvard’s labyrinthine system of 73 libraries. Facing an unprecedented budget crunch, the university cancelled print copies of more than 1,000 journal titles last year in favor of online subscriptions. And Harvard is turning toward other universities to collaborate and share acquisitions, all while trying to maintain its libraries’ stature in an increasingly digital world. Students can now sit in their dorms and order books directly from their computers to be delivered within 24 hours to the library of their choice from the Harvard Depository, a high-density storage facility where a forklift is required to fetch books from 30-foot shelves. In some cases, students can avoid the library altogether; materials can be downloaded or the library will scan relevant book chapters and e-mail them. http://www.boston.com/news/education/higher/articles/2010/05/24/for_harvards_library_an_arduous_digital_shift/ UK Law Firm Inks $852 Million Outsourcing Deal (Law.com, 25 May 2010) - Legal process outsourcing (LPO) company Integreon has entered into what it describes in a press release as the largest legal outsourcing deal ever, worth $852 million over 10 years, with British law firm CMS Cameron McKenna. The work covered by the agreement—nonbillable support tasks such as accounting, human resources, marketing, training and information technology—does not affect lawyers directly. The deal is not the first of its kind for Los Angeles-based Integreon, but it is the largest, according to the company. Integreon, which maintains outsourcing centers in India as well as in the Philippines and South Africa, has previously handled support services for Clifford Chance and DLA Piper. One notable aspect of Integreon’s agreement with CMS Cameron is the openness about the price tag. Most firms that turn to LPOs for discovery and other legal work ask not to be identified, much less have the value of their contracts disclosed. Thus, while rough estimates of the potential multibillion-dollar market for legal outsourcing have been bandied about for several years, the true scale of the industry has so far been hard to capture. That may be changing. John Croft, Integreon’s president of global sales, says CMS Cameron’s Weston had no problem making the contract’s value public: “He wanted his clients and potential clients to see that he was proactively going about the way he provided legal services to them.” http://www.law.com/jsp/law/international/LawArticleIntl.jsp?id=1202458413154&Law_Firm_Inks__Million_Outsourcing_Deal The 15 Funniest Tweets From The Fake BP Twitter Account (Business Insider, 25 May 2010) - Last week, one creative Twitter user began posting Tweets under the name “BPGlobalPR“. According to the WSJ, the fake account now has double the followers of the real BP corporate Twitter. Whoops. That’s a major PR fail. (BP knows about the account and isn’t laughing.) We’ve picked out some of the funniest ones for your viewing pleasure. Maybe they’ll take your mind off of all that very real oil spewing into the Gulf. http://bit.ly/btrTql [Editor: not funny, really; but does illustrate the power of the medium – more useful is the following.] Oilaholic: Oil Spill Goes Real-Time (ReadWriteWeb, 4 June 2010) - A new mashup lets you track the BP oil spill news using Facebook, Twitter, Flickr and more, all from one interface. Called “Oilaholic,” the site serves as a one-stop shop for everything oil spill-related, including the latest tweets, the live video cam feed from uStream, the latest Facebook news and Flickr photos, the hottest headlines from Google News and elsewhere on the web, a real-time “leak meter” feed (which is incredibly disturbing), a live chatroom for venting your frustrations after you look at the leak meter, plus links to useful resources including government agencies, volunteer efforts, phone numbers to call and more. http://www.readwriteweb.com/archives/oilaholic_oil_spill_goes_real-time_with_twitter_facebook_flickr_and_ustream.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+readwriteweb+%28ReadWriteWeb%29&utm_content=Google+Reader DHS Official: Cybersecurity Is Industry Responsibility (Tech Daily Dose, 25 May 2010) - A top Department of Homeland Security official said Tuesday that contractors that fail to live up to security requirements in federal technology contracts should be held accountable, even if the vulnerabilities originated in products or capabilities provided by suppliers, Nextgov.com reported. In most business situations, “if we have a contractual arrangement and you fail [to meet the requirements], I have legal recourse,” said Richard Marshall, director of global cybersecurity management at DHS. “Why wouldn’t the same be true when the supply chain [is involved]? I’m buying a product from you, and you represent that it’s a product with the following characteristics. If you fail, I have a right to sue you.” Marshall spoke at the SecureAmericas conference in Arlington, Va., an event hosted by the cybersecurity provider International Information Systems Security Certification Consortium. He noted a number of examples where failures in the supply chain led to serious security implications, including a wave of hard drives infected with viruses that infiltrated the U.S. market from Asia in 2007 and a recent case in which thumb drives were shipped preinstalled with malicious software, eventually leading to the Defense Department imposing a temporary ban on the storage devices. “Buy from an authorized vendor and make sure that vendor has purchased from an authorized vendor,” Marshall advised. Federal technology and acquisition officials must write contracts that set specific expectations for how industry secures computer hardware and software, including assurances the products they purchase from suppliers and the development processes followed best practices. http://techdailydose.nationaljournal.com/2010/05/dhs-official-cybersecurity-is.php Pentagon: Let Us Secure Your Network or Face the ‘Wild Wild West’ Internet Alone (Wired, 27 May 2010) - Companies that operate critical infrastructures and do not voluntarily allow the federal government to install monitoring software on their networks to detect possible cyberattacks would face the “wild” internet on their own and place us all at risk, a top Pentagon official seemed to say Wednesday. Defense Deputy Secretary William Lynn III, speaking at the Strategic Command Cyber Symposium in Nebraska, said we need to think imaginatively about how to use the National Security Agency’s Einstein monitoring systems on critical private-sector networks — such as those in the financial, utility and communication industries — in order to protect us. “Operators of critical infrastructure could opt in to a government-sponsored security regime,” Lynn said. Otherwise, “individual users who do not want to enroll could stay in the wild wild west of the unprotected internet.” Failure to protect the power grids, transportation system, or financial sector, he said, “could lead to physical damage and economic disruption on a massive scale.” Privacy and civil liberties groups, however, have raised concerns about the Einstein systems with regard to what information they would collect and share with the government and what oversight, if any, would be put in place to ensure that federal privacy and wiretapping laws are not violated. The Einstein programs are intrusion-detection and response systems developed by the National Security Agency. The government is in the process of deploying Einstein 2 to federal networks to inspect traffic for malicious threats, but there has been talk of deploying it to private-sector networks as well. Intrusion-detection systems are already a standard tool in the defense arsenal of private-sector businesses, and the government has been unclear about how its system surpasses those already available to companies. http://www.wired.com/threatlevel/2010/05/einstein-on-private-networks/ Business Continuity, Not Data Breaches, Among Top Concerns for Tech Firms (Computerworld, 24 May 200) - Data security and breach prevention ranks low as a risk factor for most big technical companies, according to new research that identifies the most widespread concerns among the 100 largest U.S. public technology companies. The research, released by BDO, a professional services firm, examines the risk factors listed in the fiscal year 2009 10-K SEC filings of the companies; the factors were analyzed and ranked in order by frequency cited. Among security risks, natural disasters, wars, conflicts and terrorist attacks were cited by 55% of respondents as a risk concern and was 16th on the list, much higher than breaches of technology security, privacy and theft, which was mentioned by 44% of the companies, putting it at 23rd on the list. Aftab Jamil, leader of the Technology Practice at BDO, said he thought business continuity was driving worries about risks like natural disasters and conflicts. “I think it has to do not only with the general difficulty one might encounter as result, but also, at the end of the day, what they are concerned about is business continuity,” he said. “Can they get back on their feet relatively quickly? If you in the path of a hurricane or an oil spill, can you keep your business going?” Accounting, internal controls and Sarbanes-Oxley compliance is the 18th largest risk factor this year, according to the list. Jamil pointed to fears of market backlash or perception that could arise as a result of mistakes in complying with the regulations. “The core risk for companies is, should they have catastrophic failure on their part; be it fraud or error or misapplication of GAAP accounting rules, eventually if this leads to restatement of historical financials, there is not only the cost involved in handling that, but, more than that, there is market perception of what is going on,” said Jamil. “The taint that your reputation might suffer because of that is huge. It’s so easy to lose shareholder value because market reaction might be so negative to any issue that may arise.” However, despite its appearance in the top twenty, accounting, internal controls and Sarbanes-Oxley compliance fell in rank this year, likely reflecting the increased maturity of those regulations, said Jamil. While breaches of technology security, privacy and theft was only at 23rd on the list, it was a slight increase over last year, when 30% mentioned security breaches as a risk. (See Data Breach Disclosure Law, State by State.) Jamil said he was still surprised by its lower ranking. “Given all that is going with media attention being given to this issue, I thought it would inch up higher,” he said. “It would not surprise me if this particular risk factor becomes more prominent in future years. It’s not top-twenty, but it’s not far off from it either.” http://www.computerworld.com/s/article/9177262/Business_continuity_not_data_breaches_among_top_concerns_for_tech_firms?source=rss_news FTC Postpones ‘Red Flags’ Identity Theft Rule (National Law Journal, 1 June 2010) - Under pressure from Congress, the Federal Trade Commission has agreed to postpone enforcement of its “Red Flags” rule that requires lawyers, doctors and other professionals to develop written identity theft prevention programs. Both the American Bar Association and the American Medical Association have sued the agency, arguing that imposing the identity theft rule requirements on their members is arbitrary, capricious and has no legally supportable basis. The rule was developed under the Fair and Accurate Credit Transactions Act, in which Congress directed the FTC and other agencies to develop regulations requiring “creditors” and “financial institutions” to address the risk of identity theft. The FTC considers lawyers and other professionals to be creditors under the act, and required them to implement written identity theft prevention programs to detect the warning signs—or “red flags”—of identity theft in their day-to-day operations. Last August, the ABA, represented pro bono by Proskauer Rose, filed suit in U.S. District Court for the District of Columbia challenging the rule’s application to lawyers. In October, Judge Reggie Walton backed the ABA, saying the FTC had overreached and that applying the rule to lawyers was unreasonable. The FTC in February said it would appeal the decision. Last month, the American Medical Association sued the FTC in U.S. District Court, arguing the rule should not apply to physicians either. Sidley Austin‘s Frank Volpe is representing the AMA. On Friday the FTC announced that “as the request of several members of Congress,” it would delay enforcement of the rule until the end of the year. http://www.law.com/jsp/article.jsp?id=1202458982652&rss=newswire End Zone to War Zone: Pentagon Wants NFL Tech for Battlefield Replays (Wired, 3 June 2010) - The Pentagon’s cribbing a play from Monday Night Football, adopting the same instant replay technology used during games to improve analysis of war zone video feeds. Harris Corporation, the company behind instant replay for professional football and baseball games, has teamed up with the military on an analysis system that’s already been deployed to several bases, reports Live Science. The system, called Full-Motion Video Asset Management Engine (FAME) uses “metadata” tags to encode important details — time, date, camera location — into each video frame. In a football game, those tags would help broadcasters pick the best clip to re-air, then explain, a play. In a war-zone, they’d help analysts watch video in a richer, easier-to-grasp context. And additional tags could link a video clip to photographs, cell phone calls, databases or documents. The final result turns war-zone footage into play-by-play video feed, with analysts becoming veritable game announcers: “One can then view data in ways as rich as depicted with football games on TV, which not only show what is happening from multiple angles, but the identity of teams, the current score, the line of the field where a play started, where the ball needs to go for first down, which quarter and down it is, time remaining, how many yards there are to go, as well as pop-up windows and scrolling data giving details on players and scores from others games and audio commentary detailing plays.” http://www.wired.com/dangerroom/2010/06/end-zone-to-war-zone-pentagon-wants-nfl-tech-for-battlefield-replays/ **** NOTED PODCASTS **** Johanna Blakley: Lessons from Fashion’s Free Culture (TED Talks, April 2010 at USC) - Copyright law’s grip on film, music and software barely touches the fashion industry ... and fashion benefits in both innovation and sales, says Johanna Blakley. At TEDxUSC 2010, she talks about what all creative industries can learn from fashion’s free culture. http://www.ted.com/talks/johanna_blakley_lessons_from_fashion_s_free_culture.html A commentator remarks: “In this 15-minute TED talk, Johanna Blakley addresses a subject alien to most here — fashion — but in a way sure to grab our attention. The lesson is about how the fashion industry’s lack of copyright protection can teach other industries about what copyright means to innovation. And yes, she mentions open source software. There is one killer slide at 12:20 comparing the gross sales of low-IP-protection industries with those of films and books and music. If you want to know more, or if you prefer text, the Ready To Share project website should give you all the data you crave on the subject.” Tom Wujec: Build a Tower, Build a Team (TED, February 2010; 7 minute video) - Tom Wujec presents some surprisingly deep research into the “marshmallow problem”—a simple team-building exercise that involves dry spaghetti, one yard of tape and a marshmallow. Who can build the tallest tower with these ingredients? And why does a surprising group always beat the average? http://www.ted.com/talks/tom_wujec_build_a_tower.html [Editor: Resembles quite closely a knowledge management proof-of-concept exercise in KnowConnect’s service offering.] **** RESOURCES **** Protecting Anonymity and Association in Cyberspace (Media Law Prof Blog, 26 May 2010) - Minjeong Kim, Department of Journalism and Technical Communication, College of Liberal Arts, Colorado State University, has published The Right to Anonymous Association in Cyberspace: US Legal Protection for Anonymity in Name, in Face, and in Action, in volume 7 of SCRIPT-ed (2010). Here is the abstract: “
The Internet has become a communication medium of intense group interaction, and individuals with marginalised identities have used anonymity as a tool with which to participate in online interaction. In order to capture the full spectrum of the role that anonymity plays in cyberspace, I explore in this article the US constitutional right to anonymous association. I draw on the concepts of anonymity defined in the social science literature - identity protection, visual anonymity, and action anonymity - and analyse US case law regarding the right to anonymous association in both offline and online worlds. The examination suggests that (1) the right to anonymous association has been especially meaningful for those who are marginalised in society; (2) future courts - in light of established legal rules governing the right to anonymous association - must give careful consideration to the question as to who is seeking anonymity; (3) different concepts of anonymity have greater independence in cyberspace and, therefore, need to be distinguished by scholars and courts. Overall, the right to anonymous association in cyberspace can be understood as the positive right of individuals to control information about themselves in order to find and associate with others. The examined case law shows that strong support for such a right is embedded in the US legal tradition.” http://lawprofessors.typepad.com/media_law_prof_blog/2010/05/protecting-anonymity-and-association-in-cyberspace.html Are ‘Better’ Security Breach Notification Laws Possible? (Prof. Jane Winn, Berkeley Technology Law Journal, 2009) - Security breach notification laws (SBNLs) may have succeeded in bringing the issue of inadequate information security to the attention of American consumers, but do not appear to be having much impact on the way that American businesses store and use sensitive personal information.  This failure is not surprising in light of the extremely limited scope of American SBNLs, which generally do not reinforce an underlying right to privacy but instead only mandate disclosure of information that is confusing and difficult for consumers to make use of.  While receiving repeated notices of security breaches might someday galvanize American public opinion to support stronger information privacy laws, that would be a remote and uncertain benefit from legislation that appears in the short term to penalize responsible businesses while being disregarded by unsophisticated and irresponsible ones.  Although businesses in possession of sensitive personal information are exposed to something like strict liability for security breaches, the vendors of the information technology systems that are vulnerable to breaches remain exempt from liability.  SBNLs generally commit no public resources to ensuring compliance, reducing the risk that non-compliance will be detected to near zero for many businesses.  Under such circumstances, most businesses have no economic incentive to comply with a law when compliance would be very costly.  Even though litigation claiming damages following a security breach notification has not been successful to date, the risk of being exposed to such litigation as a result of compliance further increases incentives for non-compliance.  This paper reviews the development of new governance approaches to regulation, including “responsive regulation,” “smart regulation” and “better regulation” and then applies new governance criteria to SBNLs to show why they are unlikely to have much impact on the information security policies of many American businesses.  This paper reviews the practical problems that any business faces when trying to secure large quantities of sensitive personal information, and outlines what a “better regulation” approach to information security regulation targeting sensitive personal information might include. Article on SSRN: http://ssrn.com/abstract=1416222 Google Announces Free Download of 10 Terabytes of Patents and Trademarks (BeSpacific, 3 June 2010) - Google Public Policy Blog: “When we launched Google Patent Search in 2006, we wanted to make it easier for people to understand the world of inventions, whether they were browsing for curious patents or researching serious engineering. Recently, we’ve also worked on a number of public data search features, as well as experimental features like the Public Data Explorer...That’s why we’re proud to announce that the USPTO and Google are making this data available for free at http://www.google.com/googlebooks/uspto.html. This includes all granted patents and trademarks, and published applications—with both full text and images. And in the future we will be making more data available including file histories and related data.” http://www.bespacific.com/mt/archives/024401.html **** FUN **** Red Faces as Cambridge University Discovers it’s Not All Greek (The Times, 25 May 2010) - It is not as embarrassing as King Minos’s discovery that his wife had slept with a bull, nor as cringeworthy as Ares and Aphrodite being caught in an adulterous embrace in a golden net. However, Cambridge University was sheepish yesterday as it admitted that there was a spelling mistake in the inscription on the entrance to its new Classics department building. A set of glass doors at the entrance to the £1.3 million extension is inscribed with Aristotle’s quotation: “All men by nature desiring to know.” The typesetter made a small slip-up by entering the Roman letter “s” instead of the Ancient Greek letter sigma in the word “phusei” — meaning “by nature”. The university dispatched a sign-maker to scratch off the offending quotation yesterday as scholars highlighted the mistake. Mary Beard, Professor of Classics at Cambridge, noted the error in her blog on Timesonline, where she complained that the automated doors were so sluggish that they were causing queues of impatient classicists. “Even the gods have shown their disapproval in their own inimitable way,” she wrote. http://www.timesonline.co.uk/tol/life_and_style/education/article7135582.ece **** LOOKING BACK - MIRLN TEN YEARS AGO **** BLOCKBUSTER, ENRON TEAM UP ON DEMAND-VIDEO Video rental giant Blockbuster is partnering with energy trader Enron to market a video-on-demand service using Enron’s nationwide state-of-the-art fiber-optic network. The 20-year alliance will allow consumers with high-speed Internet access and a special TV set-top box to order movies over their TVs and PCs at their convenience. Although only a couple of million households currently have broadband Internet access, Blockbuster is hoping to quickly dominate the nascent market by capitalizing on its brand, its 65 million customers, and its entrenched relationships with movie studios. Meanwhile, Enron is angling to become a major player in broadband Internet access: “Enron is the leader of the pack and I think this could be the beginning of streaming of content over its network,” says a PaineWebber analyst. “Signing a company like Blockbuster is a reassuring signal of the validity of their strategy.” (Los Angeles Times 20 Jul 2000) http://www.latimes.com/business/20000720/t000067978.html **** NOTES **** MIRLN (Misc. IT Related Legal News) is a free product for members of the American Bar Association’s Cyberspace Law Committee, et al., and is produced by KnowConnect PLLC. Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (find the “Listserves” box; MIRLN comes through the CLCC-MEMS listserve). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley (mailto:vpolley@knowconnect.com?subject=MIRLN) with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line. Recent MIRLN issues are archived at http://www.knowconnect.com/mirln. Get supplemental information through Twitter: http://twitter.com/vpolley) SOURCES (inter alia): 1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu 2. InsideHigherEd - http://www.insidehighered.com/ 3. SANS Newsbites, sans@sans.org 4. NewsScan and Innovation, http://www.newsscan.com 5. BNA’s Internet Law News, http://ecommercecenter.bna.com 6. Crypto-Gram, http://www.schneier.com/crypto-gram.html 7. McGuire Wood’s Technology & Business Articles of Note 8. Steptoe & Johnson’s E-Commerce Law Week 9. Eric Goldman’s Technology and Marketing Law Blog, http://blog.ericgoldman.org/ 10. Law.com 11. Readers’ submissions, and the editor’s discoveries. This work is licensed under the Creative Commons Attribution-Share Alike 3.0 United States License. To view a copy of this license, visit or send a letter to Creative Commons, 543 Howard Street, 5th Floor, San Francisco, California, 94105, USA. PRIVACY NOTICE: E-mail addresses of individ MIRLN 2010-06-04T21:07:00-07:00 http://knowconnect.com/mirln/article/mirln_25_april_15_may_2010_v1307/ http://knowconnect.com/mirln/article/mirln_25_april_15_may_2010_v1307/#When:01:50:00Z • TJX Adds Again to Its Breach Cost, But It Doesn’t Really Matter • Ohio Mulls Potential Twitter Tweets About Completed Executions • Harvard Law Review Smacks Around FTC Blogging Rules • Irish Court: IP Addresses Not Personal Data • Actually, the Army Kind of Likes Your Blog • Can Plastic Jungle Create A Market Around Gift Cards? • The Last Words on E-Discovery? o Federal Pilot Program Curbs E-Discovery Fights • Health Worker Is First HIPAA Privacy Violator to Get Jail Time • A Real Trend? More Companies Holding Virtual Annual Meetings • Response to Misdirected E-Mail Violated Spirit of Ethics Opinion, Judge Rules • More States Report Wiretap Activity • Shoppers Who Can’t Have Secrets • Who Owns All the Data in the Workplace? • No Longer Singing the Blues • Second Life Users File Class Action Lawsuit Over Virtual Land • Fear and Loathing in Online Advertising • Professors and Social Media • Six Things You Need to Know About Facebook Connections o The Evolution Of Privacy On Facebook • University to Provide Online Reputation Management to Graduates • “Link Rot” and Legal Resources on the Web: A 2010 Analysis by the Chesapeake Project • Social Networking: The Employment Law Revolution That Wasn’t • Unauthorized Access Doesn’t Apply to E-Mail, Judge Rules • UC Davis Scraps Gmail Pilot: Privacy Levels ‘Unacceptable’ • Cablevision Won’t Cripple Its Network DVR • Lyrics Sites at Center of Fight Over Royalties • Law Firm Media Survey Reveals Pay, Policies • Lawyers’ Ethical Stumbles Increase Online • German Web Users Must Use Password to Secure WLAN • Risk Management and E-Discovery: Qualcomm Revisited NEWS | PODCASTS | RESOURCES | LOOKING BACK | NOTES TJX Adds Again to Its Breach Cost, But It Doesn’t Really Matter (StorefrontBacktalk, 21 April 2010) - With TJX having suffered well more than $47 million in out-of-pocket expenses from its infamous data breach (announced in 2006 but beginning as early as 2003), the $20 billion retailer is preparing to write still more checks. It has now set aside another $23.5 million for additional anticipated breach costs, according to its most recent 10-K statement filed to the SEC. That money is slated to deal with the chain’s “current estimation of total potential cash liabilities from pending litigation, proceedings, investigations and other claims, as well as legal, ongoing monitoring and other costs and expenses, arising from the Computer Intrusion,” the federal filing said. http://www.storefrontbacktalk.com/uncategorized/tjx-adds-again-to-its-breach-cost-but-it-doesnt-really-matter/ Ohio Mulls Potential Twitter Tweets About Completed Executions (ABA Journal, 23 April 2010) - The state of Ohio is considering using the social media site Twitter to provide almost instantaneous news of completed executions. However, a spokeswoman says there is some concern that sending tweets about an executed inmate’s time of death might be considered in poor taste, reports the Associated Press. When convicted murderer and rapist Darryl Durr was put to death at 10:36 a.m. Tuesday by lethal injection, the media received e-mails announcing his death a minute later. http://www.abajournal.com/mobile/article/ohio_mulls_potential_twitter_tweets_about_completed_executions/ [Editor: Poor taste? Really? I despair for civilization.] Harvard Law Review Smacks Around FTC Blogging Rules (Truth on the Market, 23 April 2010) - Recently, the Federal Trade Commission (FTC) revised their Endorsement and Testimonial Guides (Guides) to cover “consumer generated media” such as blogs and other internet media forms.1 In the interest of providing consumers with full disclosure, the Guides require bloggers to disclose any “material connection[s]” they have with producers of any products that they “endorse” on their blogs.2 A “material connection” includes not only monetary compensation, but also any free good received by the blogger — even if that good was provided unsolicited, with no conditions attached, for the purpose of allowing the blogger to review the product.3 Yet a constitutional analysis of unpaid blogger endorsements shows that such endorsements are not commercial speech — which receives reduced constitutional protection — but rather noncommercial speech entitled to full First Amendment protection. Not only do the Guides burden bloggers’ protected speech, they also create an unfair double standard by exempting legacy media4 from the Guides’ disclosure requirements. Therefore, the Guides should be ruled unconstitutional as applied to bloggers. http://www.truthonthemarket.com/2010/04/23/harvard-law-review-smacks-around-ftc-blogging-rules/ HLR article here: http://www.harvardlawreview.org/media/pdf/april123_recent_regulation.pdf Irish Court: IP Addresses Not Personal Data (Chronicle of Data Protection, 23 April 2010) - In an April 16, 2010 judgment, the High Court of Ireland decided that a settlement agreement entered into between Ireland’s largest ISP Eircom and EMI, Sony Music, Universal Music, and Warner Music did not violate Ireland’s data protection law. The settlement agreement was signed after the record labels sued Eircom in connection with Eircom’s failure to take action to discourage peer-to-peer copyright infringements on its network. In the settlement, Eircom agreed to implement a graduated response mechanism with its customers, pursuant to which Eircom would send warnings to customers who had been detected as participating in unauthorized file sharing. If the customers ignored Eircom’s warnings, Eircom would cut off the subscriber’s Internet access. This sanction would be applied on a purely contractual basis, based on the subscriber’s violation of Eircom’s terms of use. The subscribers’ identity would never be shared with the record companies or with the police. The detection of illegal file sharing would be conducted by a third party service provider, DetectNet, which would collect IP addresses and communicate them to Eircom. The Irish data protection authority believed that the settlement would violate Irish data protection laws. The court was asked to answer three questions: Whether the IP addresses collected by DetectNet are personal data before they are transferred to Eircom? Whether Eircom’s processing of personal data for implementation of the graduated response mechanism is legitimate? Whether the personal data processed by Eircom are “sensitive” because they relate to a criminal offense? http://www.hldataprotection.com//2010/04/articles/international-compliance-inclu/irish-court-ip-addresses-not-personal-data/ Actually, the Army Kind of Likes Your Blog (Danger Room, 28 April 2010) – You’d think all the criticism from left-wing websites like the Huffington Post, Daily Kos, and Salon would royally piss off the Army. But at least one Army report finds the sites’ posts to be consistently “balanced.” Every week, the defense contractor MPRI prepares for the brass a “Blogosphere and Social Media Report,” rounding up sites’ posts on military matters. It’s meant to be a single source for top officers to catch up on what’s being said online and in leading social media outlets. Items from about two dozen national security and political blogs are excerpted, and classified as “balanced,” “critical,” or “supportive.” The vast majority of the posts are considered “balanced” — even when they rip the Army a new one. A Huffington Post item headlined “U.S. Military Still Lying About Special Forces Night Raid In Afghanistan” - that’s “balanced.” Salon’s Glenn Greenwald pronouncement the “slaughter” of Iraqi civilians by U.S. troops is “not an aberration” is considered “balanced,” too. So is a post from the right-of-center This Ain’t Hell declaring, “Healthcare Bill Screws Veterans.” Only posts that directly blast a particular Army general — or the Army’s ability to perform in Afghanistan — seem to qualify as “critical.” Our pal Jason Sigger was dinged as critical twice during the week of April 3rd. In one post, he called Army Chief of Staff Gen. George Casey “something of an ignorant asshole.” Then, in a book review, he opined that “the US Army hasn’t effectively executed COIN [counterinsurgency] operations in Iraq and Afghanistan.” The reports also rank the top issues of the week in the national security blogopshere, and categorize blog posts into “strategic lines of effort.” (Most fall into “other.”) A few choice comments on blog posts are highlighted, as well. http://www.wired.com/dangerroom/2010/04/actually-the-army-kind-of-likes-your-blog/ Can Plastic Jungle Create A Market Around Gift Cards? (TechCrunch, 28 April 2010) - Plastic Jungle, a marketplace for gift cards, is hoping to shakeup the gift card market by allowing gift card owners to use certificates for a given store at another online retail establishment. Plastic Jungle lets you buy, sell and exchange gift cards online. Instead of receiving cash for your gift card, Plastic Jungle also lets you trade the value in for an Amazon gift card or give your money to charity. Users can receive cash for unwanted gift cards for up to 92% of the unused balance and buy gift cards at up to a 30% discount. Plastic Jungle, which just raised another $7.4 million in funding, will partner with online retailers to power a payment portal in the checkout process that will allow shoppers to use a credit from a different store to make an online payment. You enter the gift card like you would a credit card based on the unique serial number and pin code that every major gift card has. Similar to its exchange on the site, Plastic Jungle will offer you a 92% of the unused balance on the card. So if you want to use a $100 Gap gift card at Target.com, you’d receive $92 from Plastic Jungle to put towards your Target.com balance. Plastic Jungle will then transfer that $92 onto another Target.com card and re-sell the balance of the card on PlasticJungle.com. Plastic Jungle is working with both gift card processors and retailers in order to make the process be electronic and, therefore, instantaneous. And the startup will be implementing this check-out system with a major retailer that will go live with mid-summer (Plastic Jungle declined to name the retailer). And this will only be used and implemented in online transactions. It seems like a stretch to assume that retailers would be onboard with this. Gap or Target may enjoy when nobody uses the cards though because then they get to keep the cash without handing over any goods. Helping Plastic Jungle make a more liquid market out of gift cards might not be in their best interest. But Plastic Jungle CEO Garry Briggs maintains that with more than $30 billion wasted in unspent gift cards, the ability to transfer balances will jumpstart movement of these cards and inevitably result in more e-commerce transactions and more money for retailers. The startup also just launched a partnership with Facebook, to allows users to sell unused gift cards and receive Facebook Credits. http://techcrunch.com/2010/04/28/can-plastic-jungle-create-a-market-around-gift-cards/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Techcrunch+(TechCrunch) The Last Words on E-Discovery? (Law.com, 28 April 2010) - Two recent e-discovery decisions, the Jan. 15 decision by U.S. District Judge for the Southern District of New York Shira A. Scheindlin in Pension Committee of the University of Montreal Pension Plan v. Bank of America Securities and the Feb. 19 decision by U.S. District Judge for the Southern District of Texas Lee H. Rosenthal Rimkus Consulting Group Inc. v. Cammarata, focused on the issue of how to gauge the relevance of e-discovery lost by the producing party at the prejudice of that loss to the requesting party when the e-discovery is, by definition, lost and so unknown. I reviewed the facts in both matters and Pension Committee’s approach of creating presumptions of relevance and prejudice when the data is lost due to the gross negligence or willfulness of the producing party. This article will analyze Rimkus’ approach, discuss the strengths and weaknesses of both, and place them in the context of unfolding e-discovery jurisprudence. http://www.law.com/jsp/article.jsp?id=1202453274128&rss=newswire - and - Federal Pilot Program Curbs E-Discovery Fights (Law.com, 14 May 2010) - The results of the first phase of a closely watched federal court pilot program on electronic discovery show that having a set of fair-play rules at the outset of a case helps quell pretrial brawls between parties. The goal of the program, launched in May 2009 and spearheaded by James Holderman, chief judge of the Northern District of Illinois, was to find ways to reduce the massive costs and burdens of electronic discovery. Chairing the program is Magistrate Judge Jan Nolan, also of the Northern District of Illinois. The first-phase of the 7th Circuit’s pilot program indicated that when judges and attorneys had a set of specific principles to guide electronic discovery, it improved the process—or, at least, didn’t make it worse. “It was very encouraging,” said Holderman. The first phase of the program involved 13 district court judges overseeing 93 civil cases and 285 attorneys between October 2009 and March 2010. The program required the judges and attorneys to follow a set of principles, drafted by the program’s committee members, during electronic discovery. Those principles called for: • parties to recognize that cooperation with opposing counsel does not compromise zealous advocacy; • parties to resolve electronic discovery disputes early, without court intervention; • parties to make electronic discovery demands proportionate to the particulars of the case; • parties to meet before an initial status conference with the judge to discuss discovery; • when a dispute arose, each party to select a liaison attorney to deal with discovery and to attend hearings; • parties to refrain from making overly broad preservation requests; • parties to take reasonable steps to preserve electronically stored information; • judges and attorneys to know the civil procedure rules pertaining to electronically stored information. The participating judges and attorneys were sent a survey asking them to evaluate the program. All of the 13 judges and 133 of the attorneys responded. About 90 percent of the judges thought that the principles increased or greatly increased the attorneys’ familiarity with their clients’ technology relating to electronic discovery. All the judges agreed or strongly agreed that the use of discovery liaisons increased the efficiency of the discovery process. About 43 percent of the attorneys said that the principles increased or greatly increased the fairness of the discovery process. About 55 percent said the principles had no effect on the fairness, and fewer than 3 percent said it made the process less fair. About 61 percent said that the principles had no effect on their ability to resolve discovery disputes without court involvement. http://www.law.com/jsp/article.jsp?id=1202458167275&rss=newswire Health Worker Is First HIPAA Privacy Violator to Get Jail Time (SC Magazine, 28 April 2010) - A former UCLA Health System employee, apparently disgruntled over an impending firing, has been sentenced to four months in federal prison after pleading guilty in January to illegally snooping into patient records, mainly those belonging to celebrities. Huping Zhou, 47, of Los Angeles, who was sentenced Tuesday, now has the dubious distinction of being the first person to ever receive prison time for violating the privacy stipulations under Health Insurance Portability and Accountability Act (HIPAA), according to the U.S. Attorney’s Office for the Central District of California. Zhou, a licensed surgeon in China, was working as a researcher at the UCLA School of Medicine in 2003 when he began accessing medical records of his supervisor and co-workers after being notified that he soon would be fired for job performance issues, prosecutors said. Over the next three weeks, he extended his snooping to mostly celebrity records. In total, he accessed the patient records system 323 times. http://www.scmagazineus.com/health-worker-is-first-hipaa-privacy-violator-to-get-jail-time/article/168894/ A Real Trend? More Companies Holding Virtual Annual Meetings (CorporateCounsel.net, 29 April 2010) - Last year, as noted by Dominic Jones in his “IR Web Report,” there was a small spurt of companies holding annual meeting solely online, with Broadridge, Warner Music Group and Conexant Systems joining companies that have done it for a few years (e.g., Herman Miller, see this blog). Dominic notes that a number of new companies have announced plans to go “virtual-only” this proxy season, including Illumina, Artio Global Investors, Winland Electronics and PICO Holdings. Intel originally intended to join this group - but decided to stay with the hybrid “both physical and online” meeting structure it pioneered last year (see this first-hand report of last year’s meeting), with the help of Broadridge’s online voting platform. Dominic notes that several new companies will try this hybrid model this year - Best Buy, American Water Works and Charles Schwab - with Charles Schwab relying on its transfer agent Wells Fargo to provide the online voting platform rather than Broadridge. http://www.thecorporatecounsel.net/Blog/2010/04/sec-agrees-to-reduce-penalties.html Response to Misdirected E-Mail Violated Spirit of Ethics Opinion, Judge Rules (Law.com, 29 April 2010) - Lawyers who failed to immediately notify the court that they inadvertently received an e-mail from their opponents in a breach of contract case engaged in “unacceptable” and “egregious” conduct, a Manhattan judge has ruled. Acting Supreme Court Justice Bernard Fried said the conduct of the Kelley Drye & Warren lawyers who represent subsidiaries of Cox Enterprises Inc. in a contract dispute with Acme Television Holdings “certainly violates the spirit, if not the letter,” of the New York City Bar’s ethics committee’s opinion on handling accidentally received e-mails. “Clearly this e-mail should have been disregarded as requested, or at the very least plaintiffs’ counsel should have advised that it did not intend to do so,” Fried wrote in MMT Sales LLC v. Acme Television Holdings LLC, 602156-2009, filed earlier this month. Instead of immediately disclosing to the court that they had the e-mail, Fried said the lawyers waited until after the defendants moved for a protective order three months later. Eugene D’Ablemont of Kelley Drye, who received the e-mail, referred a call to William Heck, a partner at the firm who did not respond to a request for comment. D’Ablemont, 79, has been in the news as the subject of an age discrimination suit filed by the Equal Employment Opportunity Commission on his behalf against Kelley Drye. In July 2009, Lewis Paper of Dickstein Shapiro, representing Acme, accidentally sent D’Ablemont an e-mail that included correspondence between Acme and lawyers for Katz Communications. Within three days, Paper wrote to D’Ablemont saying he had “inadvertently and unintentionally included material that was obviously not intended to be sent to you” and that he would “appreciate it if you could discard that email” and substitute it with another. Paper told the court that D’Ablemont never responded to his July e-mail and refused his request only after Cox made a motion to use the e-mail in litigation. http://www.law.com/jsp/article.jsp?id=1202454488228&rss=newswire More States Report Wiretap Activity (U.S. Courts, 30 April 2010) - A total of 2,376 federal and state applications for orders authorizing the interception of wire, oral or electronic communications, known as wiretaps, was reported in 2009. The number of applications for orders by federal authorities was 663; the number of applications reported by state prosecuting officials was 1,713. No applications were denied. The Omnibus Crime Control and Safe Streets Act of 1968 requires the Administrative Office of the U.S. Courts to report to Congress the number and nature of federal and state applications for wiretap orders. The 2009 Wiretap Report covers intercepts concluded between January 1, 2009 and December 31, 2009 and is available online at http://www.uscourts.gov/library/wiretap.html. http://www.uscourts.gov/Press_Releases/2010/ReportWiretapActivity.cfm In the midst of that wiretapping bonanza, a more surprising figure is the number of cases in which law enforcement encountered encryption as a barrier: one. Shoppers Who Can’t Have Secrets (NYT, 30 April 2010) - Cameras that can follow you from the minute you enter a store to the moment you hit the checkout counter, recording every T-shirt you touch, every mannequin you ogle, every time you blow your nose or stop to tie your shoelaces. Web coupons embedded with bar codes that can identify, and alert retailers to, the search terms you used to find them and, in some cases, even your Facebook information and your name. Mobile marketers that can find you near a store clothing rack, and send ads to your cellphone based on your past preferences and behavior. To be sure, such retail innovations help companies identify their most profitable client segments, better predict the deals shoppers will pursue, fine-tune customer service down to a person and foster brand loyalty. (My colleagues Stephanie Rosenbloom and Stephanie Clifford have written in detail about the tracking prowess of store cameras and Web coupons.) But these and other surveillance techniques are also reminders that advances in data collection are far outpacing personal data protection. Enter the post-privacy society, where we have lost track of how many entities are tracking us. Not to mention what they are doing with our personal information, how they are storing it, whom they might be selling our dossiers to and, yes, how much money they are making from them. On the way out, consumer advocates say, is that quaint old notion of informed consent, in which a company clearly notifies you of its policies and gives you the choice of whether to opt in (rather than having you opt out once you discover your behavior is being tracked). http://www.nytimes.com/2010/05/02/business/02stream.html?scp=1&sq=Shoppers%20Who%20Can’t%20Have%20Secrets&st=cse Who Owns All the Data in the Workplace? (Law.com, 30 April 2010) - Ten years ago employees wondered if their employers could look through their purses merely because they brought them to work. Today employees ask whether their employers own all electronic data created, viewed, or stored on their work computers and BlackBerrys. In New York, private sector employees may have a reasonable expectation of privacy in their work computers, cellular phones, and other electronic devices. In 2001 the 2nd U.S. Circuit Court of Appeals confirmed in Levanthal v. Knapek[FOOTNOTE 1] that an employee may have a reasonable expectation of privacy in the content of her work computer, especially where her employer maintains an unclear technology usage policy. Since Leventhal, employers in the 2nd Circuit have crafted broad and detailed technology policies aimed at draining reasonable expectations of privacy out of employees’ work-related technology. These policies aim to bind employees to notices stating, more or less, that (1) all electronic data created, stored, received, or sent from the employer’s electronic device or system (e.g., computer server or third-party wireless service provider), regardless of the purpose for which it is created, is the employer’s property; (2) the employee cannot expect such data to remain private; and (3) the employer may monitor and obtain such data at its discretion and without further notice to the employee. Although employers expect that these policies will permit unfettered access to employees’ personal electronic data, courts are increasingly scrutinizing their enforceability. In Pure Power Boot Camp Inc. v. Warrior Fitness Boot Camp, LLC,[FOOTNOTE 2] the court was incredulous of the employer’s reliance upon its policy to defend its accessing of an employee’s personal Hotmail e-mail account. The court explained, “f [an employee] had left a key to his house on the front desk at [his workplace] one could not reasonably argue that he was giving consent to whoever found the key, to use it to enter his house and rummage through his belongings.”[FOOTNOTE 3] It now appears in the 2nd Circuit that employees do not check their privacy at the door to their workplace. http://www.law.com/jsp/article.jsp?id=1202457433819&rss=newswire [Editor: good summary piece.] No Longer Singing the Blues (ABA Journal, 1 May 2010) - When filmmaker Nina Paley learned she would have to pay more than $200,0000 to license the music that her film Sita Sings the Blues was made around, she questioned how she could ever pay for the rights when that cost exceeded her entire budget. Paley soon found an ally in QuestionCopyright.org, an advocacy group that is part of the small but growing alternative-to-copyright movement. The group’s mission is to change public opinion about traditional copyright law by showing how the existing system harms artists and audiences, says Karl Fogel, who serves as the group’s president. Fogel thinks culture ought to be free for distribution, copying and derivative uses. This model would not only allow artists to make more money with their work but encourage more art as well. Copyright skepticism isn’t altogether new, says American University law professor Michael Carroll, but it’s growing as digital technologies empower more people to be more creative and communicative. “One source of recent copyright skepticism among digital enthusiasts is their feeling that large-copyright owners are using the law to maintain yesterday’s business model rather than working with their fans and customers to embrace the creative potential of new technologies,” he adds. Paley’s Sita was the perfect platform for Fogel to prove his point. After Paley was able to negotiate the music rights for her film to $50,000 per 5,000 units sold, she and Fogel devised a distribution plan for the movie that incurred few, if any, royalty fees for the music: The movie can be downloaded for free. In exchange, Paley asks fans for donations. So far, Paley has raked in some $30,000 from fans—almost all in $10 increments. She’s also making money—an estimated $25,000 to date—selling an artist’s edition DVD of the film and Sita T-shirts through QuestionCopyright.org’s website. http://www.abajournal.com/magazine/article/no_longer_singing_the_blues/ [Editor: fund movie; HD version also available] Second Life Users File Class Action Lawsuit Over Virtual Land (Mashable, 3 May 2010) - A group of Second Life users is suing Second Life’s creator over a virtual land dispute. They say their contractual property ownership rights have been changed and that this alteration of the terms of service constitutes fraud and violates California consumer protection laws. Before you scoff too much at this seemingly ludicrous lawsuit, remember that virtual worlds aren’t just “funny money” and avatars. They’re serious business, both for the owners and investors who profit from them and for the users who pump hundreds and even thousands of dollars each into creating characters and interacting online. Second Life’s parent company, Linden Labs, was recently valued at $383 million. The virtual world’s economy was at an all-time high when Q1 transactional data was reported last month. And although the economy is virtual, remember these transactions have a basis in very real funds. The lawsuit gives rise to the question: Who owns virtual goods, the creators of the goods or the people who have paid virtual currency for them? The users are claiming that Linden Labs and Founder Philip Rosedale persuaded them to invest money and pay a sort of “property tax” with the promise of actual ownership of virtual land. Now, the users say, the terms of service have been changed without their prior knowledge or consent. They say the new terms “state that these land and property owners did not own what they had created, bought and paid for, and that these consumers had no choice but to click on a new terms of service agreement or they could not have access to their property.” Moreover, the group alleges that Linden Labs froze user accounts and deleted or converted non-virtual currency and virtual property without giving any explanation or avenues for recourse. http://mashable.com/2010/05/03/second-life-users-file-class-action-lawsuit-over-virtual-land/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Mashable+(Mashable)&utm_content=Google+Feedfetcher Fear and Loathing in Online Advertising (Ponemon Institute, 3 May 2010) - Have you ever seen an interactive advertisement while browsing around on the Web and, even though it was from a brand that you recognized promoting a product, service or event that you found interesting, you simply refused to click on the image because of a nagging sense of trepidation? What really lies beyond that alluring digital veil? Is the offer worth the risk? What of my digital privacy might I be giving up by responding to that message? Me too… and according to our latest study, those fears are not lost on industry. We talked to senior marketing executives – decision makers and check signers – with 90 organizations from a broad spectrum of industries that are actively engaged in online marketing. In total these firms account for more than $3 billion in annual revenue, and they believe wholeheartedly in the efficacy of the medium. According to our research, 63 percent of those we surveyed said behavioral advertising generated their greatest return on investment. Yet 98 percent told us that, because of consumers’ privacy fears, their companies are curtailing investments in online behavioral targeting. These companies are willing to sacrifice the revenue they believe they can generate through an online campaign rather than risk the potential hit to brand reputation for being as aggressive as they would like to be. Overall that curtailment has kept more than $600 million out of the behavioral targeting industry. Looking beyond the financial impact, the results of this study strongly suggest that, contrary to what some might say, self-regulation works. http://www.ponemon.org/blog/post/fear-and-loathing-in-online-advertising Professors and Social Media (InsideHigherEd, 4 May 2010) - Professors, particularly those in the senior ranks, might have a reputation for being leery of social media. But they are no Luddites when it comes to Web 2.0 tools such as Facebook and YouTube, according to a new survey scheduled to be released today. The data suggest that 80 percent of professors, with little variance by age, have at least one account with either Facebook, Twitter, YouTube, Skype, LinkedIn, MySpace, Flickr, Slideshare, or Google Wave. Nearly 60 percent kept accounts with more than one, and a quarter used at least four. A majority, 52 percent, said they used at least one of them as a teaching tool. Designed by the Babson Survey Research Group, with support from New Marketing Labs and the publishing giant Pearson, the survey netted responses from 939 professors from colleges in Pearson’s network of two- and four-year colleges. Most said they teach in undergraduate programs, and more than a third reported teaching online or blended courses. Demographically, the respondents did not skew strongly to a particular sex, discipline, professional rank, or age, says Jeff Seaman, co-director of the Babson group, a research organization that also does work with the Sloan Consortium. The negligible difference in social media use among professors of different ages came as a surprise, says Seaman. “It was universal across all classes of faculty members as far as how much they’re embracing this,” he says. “It was pretty much the same, no matter how we sliced it.” This finding mirrors a similar surprise from a huge online education survey the Babson group did with Sloan and the Association of Public and Land-Grant Universities last summer, which found that neither age nor tenure status had any bearing on whether a professor had developed or taught an online course. Faculty use of social media both in and out of the classroom has been the subject of some controversy. A professor at East Stroudsburg University was placed on administrative leave two months ago after some of her frustrated musings (“Does anyone know where to find a very discreet hitman? Yes, it’s been that kind of day”) were interpreted by some students as threats. Besides isolated cases of extreme indiscretion, there has long been debate over whether professors should accept “friend” requests: Some professors are glad to friend their students, while others prefer to maintain a professional distance. Professors have likewise been split over the use of certain social media as teaching tools. For example, some have called in-class Twitter forums gimmicky and distracting, while others evangelize it as a vehicle for unprecedented engagement with course content. http://www.insidehighered.com/news/2010/05/04/socialmedia Six Things You Need to Know About Facebook Connections (EFF, 4 May 2010) - “Connections.” It’s an innocent-sounding word. But it’s at the heart of some of the worst of Facebook’s recent changes. Facebook first announced Connections a few weeks ago, and EFF quickly wrote at length about the problems they created. Basically, Facebook has transformed substantial personal information — including your hometown, education, work history, interests, and activities — into “Connections.” This allows far more people than ever before to see this information, regardless of whether you want them to. Since then, our email inbox has been flooded with confused questions and reports about these changes. We’ve learned lots more about everyone’s concerns and experiences. Drawing from this, here are six things you need to know about Connections: 1. Facebook will not let you share any of this information without using Connections. You cannot opt-out of Connections. If you refuse to play ball, Facebook will remove all unlinked information from your profile. 2. Facebook will not respect your old privacy settings in this transition. For example, if you had previously sought to share your Interests with “Only Friends,” Facebook will now ignore this and share your Connections with “Everyone.” 3. Facebook has removed your ability to restrict its use of this information. The new privacy controls only affect your information’s “Visibility,” not whether it is “publicly available.” 
Explaining what “publicly available” means, Facebook writes: 

”Such information may, for example, be accessed by everyone on the Internet (including people not logged into Facebook), be indexed by third party search engines, and be imported, exported, distributed, and redistributed by us and others without privacy limitations.” 
 4. Facebook will continue to store and use your Connections even after you delete them. Just because you can’t see them doesn’t mean they’re not there. Even after you “delete” profile information, Facebook will remember it. We’ve also received reports that Facebook continues to use deleted profile information to help people find you through Facebook’s search engine. 5. Facebook sometimes creates a Connection when you “Like” something. That “Like” button you see all over Facebook, and now all over the web? It too can sometimes add a Connection to your profile, without you even knowing it. Your posts may show up on a Connection page even if you do not opt in to the Connection. If you use the name of a Connection in a post on your wall, it may show up on the Connection page, without you even knowing it. (For example, if you use the word “FBI” in a post). http://www.eff.org/deeplinks/2010/05/things-you-need-know-about-facebook - and - The Evolution Of Privacy On Facebook (Business Insider, 7 May 2010) - Facebook is a great service. I have a profile, and so does nearly everyone I know under the age of 60. However, Facebook hasn’t always managed its users’ data well. In the beginning, it restricted the visibility of a user’s personal information to just their friends and their “network” (college or school). Over the past couple of years, the default privacy settings for a Facebook user’s personal information have become more and more permissive. They’ve also changed how your personal information is classified several times, sometimes in a manner that has been confusing for their users. This has largely been part of Facebook’s effort to correlate, publish, and monetize their social graph: a massive database of entities and links that covers everything from where you live to the movies you like and the people you trust. This blog post by Kurt Opsahl at the EFF gives a brief timeline of Facebook’s Terms of Service changes through April of 2010. It’s a great overview, but I was a little disappointed it wasn’t an actual timeline: hence my initial inspiration for this infographic. http://www.businessinsider.com/the-evolution-of-privacy-on-facebook-2010-5?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+typepad/alleyinsider/silicon_alley_insider+(Silicon+Alley+Insider) see also: http://gigaom.com/2010/05/12/facebook-needs-to-find-its-voice-on-privacy/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+OmMalik+%28GigaOM%29&utm_content=Google+Reader University to Provide Online Reputation Management to Graduates (Mashable, 5 May 2010) - Syracuse University has purchased six-month subscriptions to Brand-Yourself.com’s online reputation management platform for all 4,100 of its graduating seniors. The platform will help students monitor and shape their online presence during the job search process. According to a recent study by Cross-Tab Marketing services, 75% of HR departments worldwide are required to screen job candidates online. Seventy percent of recruiters and HR professionals in the U.S. clam they have rejected potential hires based on information surfaced online, and nearly half say that a strong online reputation influences their hiring decisions to a “great extent.” A similar study conducted by CareerBuilder last year found that 45% of HR professionals screen job candidates on social media sites. Given these numbers, the partnership seems like a smart move for Syracuse University’s Career Services department. “Our students need a way to put their best foot forward when they’re being researched by potential employers on Google, Facebook, Twitter and LinkedIn,” the director of the department, Mike Cahill, explained. “Brand-Yourself helps prepare our students for success in today’s digital environment.” http://mashable.com/2010/05/05/brand-yourself/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Mashable+(Mashable) “Link Rot” and Legal Resources on the Web: A 2010 Analysis by the Chesapeake Project (5 May 2010) - The Chesapeake Project Legal Information Archive has completed its third annual analysis of link rot among the original URLs for law- and policy-related materials published to the Web and archived though the Chesapeake Project. The Chesapeake Project was launched in 2007 by the Georgetown University Law Library and the State Law Libraries of Maryland and Virginia as a collaborative digital archive for the preservation of important Web-published legal materials, which often disappear as Web site content is rearranged or deleted over time. More about the Chesapeake Project. In the three years since the archive was launched, the Chesapeake Project law libraries have built a collection comprising more than 5,700 digital items and 2,300 titles, all of which were originally posted to the Web. For this study, the term “link rot” is used to describe a URL that no longer provides direct access to files matching the content originally harvested from the URL and currently preserved in the Chesapeake Project’s digital archive. In some instances, a 404 or “not found” message indicates link rot at a URL; in others, the URL may direct to a site hosted by the original publishing organization or entity, but the specific resource has been removed or relocated from the original or previous URL. All of the Web resources described in this report that have disappeared from their original locations on the Web remain accessible via permanent archive URLs here at legalinfoarchive.org, thanks to the Chesapeake Project’s efforts. he Chesapeake Project conducted its first link rot assessment at the project’s one-year mark in 2008 as part of its first-year evaluation. During the project’s first year, 1,266 born-digital online titles were harvested from the Web and preserved within the digital archive. A random sample of 579 titles was selected for the link rot study, ensuring results at a 95 percent confidence level and confidence interval of +/- 3. When this sample was first analyzed in March 2008, link rot was found to be present in 48 of 579 URLs. One year later, in 2009, the sample was analyzed a second time as part of the project’s second-year evaluation. The second analysis demonstrated that link rot was present in 83 out of the original sample of 579 URLs. Within 12 to 24 months of harvest, 14.3 percent of the archived titles had disappeared from their original URLs, compared to the March 2008 analysis, which had shown link rot among the sample URLs to be 8.3 percent. The present analysis of the sample showed that by March 2010, the prevalence of link rot had increased to 160 out of 579 URLs. Within two to three years of harvest, link rot among the sample URLs had increased to 27.9 percent, compared to 14.3 percent in 2009 and 8.3 percent in 2008. In other words, link rot increased from about one in every 12 archived titles in 2008, to one in every seven titles in 2009, and finally to about one in every 3.5 titles in 2010. http://legalinfoarchive.org/ Social Networking: The Employment Law Revolution That Wasn’t (ReadWriteWeb, 6 May 2010) - There’s been a lot of anxiety provoked (and money made) predicting a “parade of terribles” in the workplace as a result of social networking sites and employee blogs. While there is no doubt that these sites provide additional opportunities for employees to be distracted from getting their work done, I contend that not all that much has changed. Employees that are wasting their time on social networking sites today were gossiping at the water cooler in yesteryear, and the solution is the same: thoughtful policy implementation and vigilant managerial oversight. While there are clearly some updates to how we manage the workplace, in context I don’t think it is as revolutionary as many doomsayers would have us believe. The implications of social networking fall into three categories: pre-employment, during employment, and post-employment. Below is what I see as the key considerations. http://www.readwriteweb.com/archives/social_networking_the_employment_law_revolution_that_wasnt.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+readwriteweb+(ReadWriteWeb) Unauthorized Access Doesn’t Apply to E-Mail, Judge Rules (Law.com, 6 May 2010) - A Manhattan plastic surgeon who allegedly installed keystroke-tracking software on an office computer and then accessed an employee’s personal e-mail cannot be charged with unauthorized use of a computer, a criminal court judge has ruled. Citing the lowered privacy expectations for e-mails, Judge Marc J. Whiten granted the defendant’s motion to dismiss the misdemeanor charge. “Whereas some may view e-mails as tantamount to a postal letter which is afforded some level of privacy, this court finds, in general, e-mails are more akin to a postcard, as they are less secure and can easily be viewed by a passerby,” Whiten wrote in People v. Klapper, 09NY032282. “Moreover, e-mails are easily intercepted, [which] diminishes an individual’s expectation of privacy in e-mail communications.” http://www.law.com/jsp/article.jsp?id=1202457716230&rss=newswire [Editor: sophomoric analysis?] UC Davis Scraps Gmail Pilot: Privacy Levels ‘Unacceptable’ (ZDnet, 7 May 2010) - Google has been hit with a major blow in regards to privacy by a leading US university, which this week ended their pilot of the outsourced Google Apps email system. Peter Siegel, the University of California Davis chief information officer, sent a letter with support from senior staff to employees stating that the Gmail pilot to supply 30,000 students and staff would end before a full roll-out across its entire network, due to doubts in keeping the students’ email and content secure and private. According to InformationWeek which broke the story, some excerpts of this letter offer some revealing and interesting justifiable perspectives from the senior university figure: [Many faculties] “…expressed concerns that our campus’ commitment to protecting the privacy of their communications is not demonstrated by Google and that the appropriate safeguards are neither in place at this time nor planned for in the near future. [This move by the university] “…by and large, it’s not typical of what we’re seeing in the market. We’re seeing lots of schools move their students and faculty onto Gmail”. In regards to the concerns over passing on or examining the contents of emails without the students’ permission - which Gmail does to provide relevant advertisements: “Outsourcing e-mail may not be in compliance with the University of California Electronic Communications Policy. Though there are different interpretations of these sections, the mere emergence of significant disagreement on these points undermines confidence in whether adopting Google’s Gmail service would be consistent with the [aforementioned] policy”. http://www.zdnet.com/blog/igeneration/uc-davis-scraps-gmail-pilot-privacy-levels-unacceptable/4958 Cablevision Won’t Cripple Its Network DVR (ArsTechnica, 7 May 2010) - Cablevision had to fight all the way to the Supreme Court in order to make its remote storage DVR (RS-DVR) into a reality. Now that it has done so, the company shows little inclination to pacify rightsholders upset about the technology. The ability to fast-forward through commercials will remain a key piece of the service. RS-DVR technology moves the video recording technology from a box sitting beside your TV into the network. Cablevision runs major servers at its headends which stream their user interface down the cable line and onto people’s TV sets. Apart from some lag, the system works like a home DVR—but without the millions of individual boxes, the truck rolls for installation, the service calls when something goes wrong, and the like. For Cablevision, it saves money. One consequence of all the court battles concerning the RS-DVR is that Cablevision is required to create and then store an individual copy of every program recorded by every customer. In other words, the system cannot simply record one copy of The Simpsons and then string it out to everyone who requests it. This would amount to an authorized retransmission of TV content. Instead, Cablevision had to set up the system in such a way that it mirrors exactly the traditional DVR functionality; customers must individually choose what shows to record and the system must keep separate copies of those shows. On a conference call for investors yesterday, Cablevision executives admitted that this did raise costs slightly, but said it was still cheaper than rolling out boxes to every home. And if the company has to mimic traditional DVR technology to stay legal, it plans to maintain a key DVR advantage: the ability to fast-forward through commercials. When an analyst on the call asked whether Cablevision plans to disable this ability in order to placate the broadcasters, the response was unequivocal: “We do have that option, but we’re going to make it work as a consumer product like a physical DVR.” Still, the question reminds us of how much control we have surrendered over our devices. Services that move into the network, such as the RS-DVR, can have functionality altered at a moment’s notice. But running a home DVR doesn’t give much additional control, either; firmware updates for consumer electronics are now routine, and Sony has recently reminded us that advertised features may be removed at any time. http://arstechnica.com/tech-policy/news/2010/05/cablevision-wont-cripple-its-network-dvr.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss Lyrics Sites at Center of Fight Over Royalties (NYT, 9 May 2010) - What’s the line in that song? That’s what Milun Tesovic wanted to know back in 2000 as he searched online for the lyrics of his favorite tunes. But often, he got results that seemed dubious or could not find the song at all. So a year later, at age 16, he started his own site. That site, MetroLyrics.com, crept up on search engine results, and before he knew it, he said, checks from advertisers were arriving in the mail and the site “started looking a lot more like a serious business.” Now 24, Mr. Tesovic helps oversee the site and its handful of employees from an office outside Vancouver. It drew about 13.5 million unique users in March and generated close to $10 million in revenue in 2009. He is not the only one walking that particular stairway to heaven. Dozens of sites with a range of quality and graphics now showcase song lyrics, raising the prominence of the words and sometimes providing significant revenue for the sites’ owners. For songwriters and their publishers, though, the ubiquity of lyrics on Web sites presents both opportunities and problems — especially when it comes to getting some of the sites to pay royalties for use of the lyrics. For decades, printed song lyrics lived in relative obscurity, relegated to album sleeves and sheet music. And until now, they provided no significant source of revenue. But the digital age has provided a chance to re-evaluate the value of the words, said David Israelite, the chief executive of the National Music Publishers’ Association, which represents more than 2,500 publishers. That value, he said, “hasn’t been exploited very well.” Collecting royalties for the lyrics has not been easy, though. The sheer number of publishers makes it cumbersome for each site to reach deals with each of them. Only in the last couple of years have companies, including Gracenote and LyricFind, gathered the licenses themselves, which they then sell to sites. The creation of those third-party aggregators is a crucial first step toward finding significant revenue from the sites, said Peter Brodsky, an executive vice president at Sony/ATV, a major publisher. http://www.nytimes.com/2010/05/10/business/media/10lyrics.html Law Firm Media Survey Reveals Pay, Policies (Robert Ambrogi, 10 May 2010) - A just-published compensation survey of law firm media professionals offers an inside look not only at what these professionals earn, but also at their firms’ use of social media. The survey was conducted by the organization Law Firm Media Professionals in conjunction with Hellerman Baretz Communications. In terms of social media usage, the survey showed: 6. Forty-two percent said their firm has a blog. 7. Sixteen percent have more than four blogs. 8. Half said their firms have policies regarding social media but only a quarter conducted formal social-media training. 9. Forty percent of firms budget for social media. Asked to rank which social media sites they considered most important for law firms, they answered: 1. LinkedIn, 61%. 2. Martindale-Hubbell Connected, 53%. 3. Facebook, 49%. 4. Twitter, 47%. 5. Legal OnRamp, 19%. Asked why their firms use social media, 43 percent said the top reason was to raise the firm’s brand and visibility. Next, at 17 percent, was for attorney networking. Asked what keeps firms from using social media, 44 percent cited firm policy and risk management. http://www.lawsitesblog.com/2010/05/law-firm-media-survey-reveals-pay-policies.html Full study here: http://www.lfmp.org/News%20and%20Events_files/2010-HBC-LFMP-CompSurvey.pdf Lawyers’ Ethical Stumbles Increase Online (Law.com, 11 May 2010) - Steven Belcher was defending a wrongful-death case in 2006 when he had a bad idea. Belcher, then a temporary attorney at Paule, Camazine & Blumenthal in St. Louis, e-mailed a photograph of the overweight deceased, lying naked on an emergency room table, to a friend, along with his own lewd and disparaging commentary. The firm, which monitored work e-mails, turned him in to the state disciplinary counsel, and he was slapped with a 60-day suspension, stayed pending probation. Belcher, who is still licensed to practice law but has joined the Army, admits he made a “stupid” mistake. “I had my head up my butt,” he said. Because he was licensed to practice in Illinois and Virginia as well as Missouri, more than one bar counsel heard about his case. And they wondered whether there was more here than one lawyer’s bad decision. “It got our eyebrows up,” said James Grogan, chief counsel of the Illinois Attorney Registration and Disciplinary Commission and a past president of the National Organization of Bar Counsel. “We thought, ‘Wow, are we going to see more of these?’ Well, I think it’s clear we are starting to see more.” Grogan, also chief counsel of the Illinois Attorney Registration and Disciplinary Commission, said the sense among his disciplinary brethren is that “more investigations are being generated for lawyers misusing electronic communications and the internet.” Numbers are hard to come by; no one agency tracks the number of lawyers facing discipline for online behavior. But social networking by attorneys and all its potential dangers is being closely monitored in nearly every corner of the legal profession. Disgruntled clients, lawyers outing other lawyers, and bar counsel themselves are sparking investigations. Law firms host seminars and webinars on it. And bar counsel and bar associations bring it up at nearly every meeting. The American Bar Association’s Commission on Ethics 20/20 has on its agenda, among other 21st century issues, whether existing ethics rules adequately address social media use by lawyers. It’s not as if lawyers never misbehaved before. But now they’re making the same old mistakes—soliciting for sex, slamming judges, talking trash about clients—online, leaving a digital trail for bar counsel to follow. Legal ethics expert Michael Downey said lawyers’ tendency to be risk-averse seems to fade away on the internet. “They’re disclosing confidences, talking about pending matters, they take potshots ... like everyone else,” said Downey, immediate past chairman of the American Bar Association’s Ethics and Technology Committee and a member of the ABA Center for Professional Responsibility. Downey routinely lectures to law firms and bar associations on the ethical concerns lawyers face in the worlds of Twitter, Facebook, and blogs. “Someone just suggested yesterday that I do a program on this.” The following stories may explain why. http://www.law.com/jsp/article.jsp?id=1202457938246&rss=newswire German Web Users Must Use Password to Secure WLAN (AP, 12 May 2010) - Germany’s top criminal court says Internet users need to secure their private wireless connections by password to prevent unauthorized people from using their Web access to illegally download data. The court in Karlsruhe ruled Wednesday that Internet users can be fined up to euro100 ($126) if a third party takes advantage of their unprotected WLAN connection to illegally download music or other files. But the court stopped short of holding the users responsible for the illegal content the third party downloads themselves. http://news.yahoo.com/s/ap/20100512/ap_on_hi_te/eu_germany_wireless_passwords Risk Management and E-Discovery: Qualcomm Revisited (Law.com, 12 May 2010) - Almost three years ago, we wrote about the tension between a lawyer’s defense of his own professional conduct and his duties of loyalty and confidentiality to his client. The issue was presented in Qualcomm Inc. v. Broadcom Corp., a California patent infringement case involving cell phone technology. During trial, the court learned that Qualcomm and its counsel did not produce more than 200,000 pages of relevant electronic documents. As a result, Qualcomm was ordered to pay Broadcom’s hefty legal fees ($8.5 million), and the district court judge referred the matter to a magistrate for consideration of further sanctions. The magistrate found that Qualcomm intentionally withheld thousands of documents that had been requested during discovery and that certain of the withheld documents directly contradicted one of Qualcomm’s key arguments. In addition, the magistrate sanctioned Qualcomm’s attorneys based upon the premise that they failed to conduct a reasonable inquiry into the adequacy of Qualcomm’s document production. Those sanctions were vacated by the district court, and the matter was remanded to the magistrate to provide counsel the opportunity to defend themselves. On April 2, 2010, the magistrate ruled that the attorneys should not be sanctioned, as the record demonstrated that they took significant steps to comply with the original discovery obligations. While the attorneys were vindicated, the court’s decision provides important guidance on discovery practices, as well as how to maintain both objectivity and integrity in our relationships with clients. http://www.law.com/jsp/article.jsp?id=1202457994685&rss=newswire NOTED PODCASTS Management on Social Media: Good Employee Communication Tool or Liability (ABA Journal Podcast, 30 April 2010) - Using social media is as easy as sending an e-mail and is quickly becoming the preferred way for many to communicate. But is it the right platform for managers looking for ways to keep their employees informed and engaged? Or are they risking too much by exposing themselves and their companies to unnecessary liabilities? Listen to ABA Journal Podcast moderator Stephanie Francis Ward as she guides experts through a discussion of what employment lawyers are telling clients about Web 2.0 and whether that advice is out of date. Business of Law reporter Rachel Zahorsky (@LawScribbler) tweeted their conversation live using the Twitter hashtag #ABAJchat. http://www.abajournal.com/news/article/management_on_social_media_good_employee_communication_tool_or_liability/ RESOURCES Site Provide Citizens with Single Destination To Explore All the Information from Data.Gov (BeSpacific) - “Our long-term vision for ThisWeKnow is to model the entire data.gov catalog and make it available to the public using Semantic Web standards as a large-scale online database. ThisWeKnow will provide citizens with a single destination where they can search and browse all the information the government collects. It will also provide other application developers with a powerful standards-based API for accessing the data. Loading governmental databases into a single, flexible data store breaks down silos of information and facilitates inferences across multiple data stores. For example, inferences can be made by combining census demographic data from the Agency of Commerce, factory information from the Environmental Protection Agency, information about employment from the Department of Labor, and so on. We can’t even begin to imagine the discoveries that will become possible after all these data are loaded into an integrated repository.” http://www.bespacific.com/mt/archives/024133.html Timely Training without Travelling on Tuesdays! (ABA’s LTRC, 28 April 2010) - How can I better use the technology that I already have? What can I do to learn more about technology in less time? Training Tuesdays was designed to answer these questions. As part of ABA TechEZ, the ABA Legal Technology Resource Center is working with vendors and leading legal technology experts to deliver simple, high quality, practical training to ABA members on Training Tuesdays. Training Tuesdays presents expert technology training in bite sized portions; none longer than fifteen minutes. In the training library, Ben Schorr, author of The Lawyer’s Guide to Microsoft Outlook 2007, presents “Power Tricks with E-mail: Doing More with What You Have.” This eight minute video demonstrates some helpful and practical tricks to immediately get your inbox under control. Microsoft Office recently underwent some major changes with the upgrade to the 2007 version. ”Office 2007: Increase Your Productivity with the Quick Access Toolbar“ is designed to get you up and running with the latest version Microsoft Office 2007. Take five minutes to see how the customized toolbar can help you boost efficiency and productivity. Every Tuesday at two o’clock (CT) there will be a live presentation, demonstrating how to get the most out of the applications commonly used by legal professionals. Just check the ABA TechEZ training calendar to see upcoming events and register online; access to Training Tuesdays is one of the many benefits of ABA membership. Miss a training event or looking for another topic? No problem. All training events are archived and available in our training library for later viewing. Subscribe to the ABA TechEZ Library RSS feed to stay up to date on new additions to the on-demand library (What is RSS? See FYI: RSS). Visit the ABA TechEZ home page to see if discounts are available on the featured products. http://new.abanet.org/sitetation/Lists/Posts/Post.aspx?ID=637 How to Cite a Podcast in Legal Documents Addressed in 19th Edition of Bluebook (SMLS, 13 May 2010) - How do you cite a Podcast in a legal document? First, I checked my PAPER copy of The Bluebook and “Podcast” was nowhere. I thought maybe an Internet citation, or some type of audio citation, would be a respectable work-around but that a Podcast should require some different citation rules. After asking several law students and lawyers, who also did not know, I emailed Mary Prince (formally Miles) who was the coordinating editor for the 18th edition of Bluebook. Today, Ms. Prince confirmed, after consulting with the current Bluebook editors, that the 19th edition of Bluebook would address citing Podcasts and that the 19th edition was due out in a week! http://socialmedialawstudent.com/lead-article/citing-a-podcast-addressed-in-19th-edition-of-bluebook/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SocialMediaLawStudent+%28Social+Media+Law+Student%29&utm_content=Google+Reader WolframAlpha demo clip—Wolfram|Alpha’s long-term goal is to make all systematic knowledge immediately computable and accessible to everyone. We aim to collect and curate all objective data; implement every known model, method, and algorithm; and make it possible to compute whatever can be computed about anything. Our goal is to build on the achievements of science and other systematizations of MIRLN 2010-05-15T01:50:00-07:00 http://knowconnect.com/mirln/article/mirln_4_24_april_v1306/ http://knowconnect.com/mirln/article/mirln_4_24_april_v1306/#When:22:29:00Z • Some Papers Are Uploaded to Bangalore to Be Graded • FTC Reviewing COPPA Rules • New Prepaid Wireless Users Outnumber Postpaid For First Time • Companies Fall Short On Protecting Sensitive Data, Study Says • Yelp Makes Changes in Response to Small-Business Owners • FTC Busts Another Company For Inadequate Data Security • US Privacy Law In Theory and In Practice • Judge Sues Newspaper for $50M, Claims Breach of Promised Anonymity re Web Comments • Visual Artists Sue Google Over Images in Digitized Books • Official’s Ignorance Of Specific Sales Does Not Undermine Jurisdiction In Web Sale Case • Nikkei Restricts Links to Its New Web Site • Must Criminal Contempt Occur in Court? 7th Cir. Mulls Judge’s Reaction to E-Mail Flood • Memo to Gov Agencies: You May Now Tweet, Blog and Facebook • Justice Stevens Leaves Mark on Internet Law • A Checklist for Cloud Computing Deals • The Fourth Amendment and Computer Warrants • Electronic Systems Policy After ‘Stengart’ • Google Backs Yahoo In Privacy Fight With DOJ • Assigning Value to E-Discovery’s Unknown • Cyber-War Nominee Sees Gaps in Law • Federal Regulators Release Model Consumer Privacy Notice Online Form Builder • Recording Police and Defining ‘Plain Sight’ • E-Discovery Threatens to ‘Litigize’ Arbitration • Mississippi Passes Data Breach Notification Law o California Senate Again OKs Breach Notification Law Update o In Data Breaches, Keeping Number of Records Lost Secret Can Protect Stock Prices • PA School Snared 1,000s of Webcam Images • Plaintiff Sues Over Court Requiring LexisNexis for E-Filing • Gucci’s Fired In-House Lawyer Savages Company in Court Papers • World Bank Opens Up Its Data, Removes Pay Walls • Amazon Refuses North Carolina’s Demands for Customers’ Personal Data • ACTA Arrives (And It’s Gotten a Tiny Bit Better) • Google Street View Logs Wi-Fi Networks, MAC Addresses NEWS | PODCASTS | RESOURCES | DIFFERENT | FUN | LOOKING BACK | NOTES Some Papers Are Uploaded to Bangalore to Be Graded (Chronicle of Higher Ed, 4 April 2010) - Lori Whisenant knows that one way to improve the writing skills of undergraduates is to make them write more. But as each student in her course in business law and ethics at the University of Houston began to crank out—often awkwardly—nearly 5,000 words a semester, it became clear to her that what would really help them was consistent, detailed feedback. Her seven teaching assistants, some of whom did not have much experience, couldn’t deliver. Their workload was staggering: About 1,000 juniors and seniors enroll in the course each year. “Our graders were great,” she says, “but they were not experts in providing feedback.” That shortcoming led Ms. Whisenant, director of business law and ethics studies at Houston, to a novel solution last fall. She outsourced assignment grading to a company whose employees are mostly in Asia. Virtual-TA, a service of a company called EduMetry Inc., took over. The goal of the service is to relieve professors and teaching assistants of a traditional and sometimes tiresome task—and even, the company says, to do it better than TA’s can. http://chronicle.com/article/Outsourced-Grading-With/64954/ FTC Reviewing COPPA Rules (Tech Daily Dose, 5 April 2010) - The FTC is seeking comment on whether changes should be made to rules imposing certain requirements on Web sites directed at children, including a mandate that they obtain parental consent before collecting personal information from children under the age of 13. In a Federal Register notice Monday, the FTC said the Children’s Online Privacy Protection Act, which went into effect in 2000, requires the agency to review the rules required by the law every five years. While the agency declined to make changes in 2005 when it first reviewed the rules for Web sites aimed at children under 13, the FTC said it now “believes that changes to the online environment over the past five years, including but not limited to children’s increasing use of mobile technology to access the Internet, warrant reexamining the rule at this time.” In addition to parental consent, the current FTC rules imposed under COPPA also require Web sites aimed at children under 13 to secure the information they collect from children and bars them from requiring children to provide more information than is “reasonably necessary to participate” in activities provided on the site. In its request for comments, which are due by June 30, the FTC is asking for input on such issues as whether the definition of “Internet” should be expanded to include mobile communications, interactive television and gaming and other activities and whether the definition of “personal information” also should be expanded to include persistent IP addresses, mobile geolocation data or information used to help target ads at specific Internet users. Other issues, the FTC is seeking comment on include whether changes should be made to the requirements that information be kept secure and private; the requirement that allows parents to review or delete personal information about their children; and on the provision barring the linking of participation in activities on a children’s Web site to the collection of personal information. http://techdailydose.nationaljournal.com/2010/04/ftc-reviewing-coppa-rules.php New Prepaid Wireless Users Outnumber Postpaid For First Time (DSL Reports, 5 April 2010) - Telecompetitor directs our attention to a new study (pdf) stating that during the fourth quarter of last year, new prepaid wireless phone customers outnumbered new postpaid customers for the first time ever. According to the report, prepaid service—which often offers users less-expensive service with no contract, accounted for nearly two thirds (65%) of the 4.2 million net subscribers added by in the fourth quarter of 2009. While prepaid service grew at a 17% clip during the fourth quarter of 2009, postpaid service grew at just 3%. In other news of wireless industry change, a second report notes that global mobile data consumption exceeded voice traffic last year for the first time ever. http://www.dslreports.com/shownews/New-Prepaid-Wireless-Users-Outnumber-Postpaid-For-First-Time-107745 Companies Fall Short On Protecting Sensitive Data, Study Says (Dark Reading, 5 April 2010) - Enterprises are pushing hard to protect credit card data and customers’ personal information, but they might not be doing enough to protect their most valuable company secrets, according to a study published today. http://www.rsa.com/go/press/RSATheSecurityDivisionofEMCNewsRelease_4510.html The study, which was conducted by Forrester Research on behalf of Microsoft and RSA, suggests that compliance-driven security initiatives place too much emphasis on securing customer records and other “custodial information,” while shortchanging efforts to secure intellectual property and valuable company secrets. “Secrets” comprise more than two-thirds of companies’ information portfolios and more than 62 percent of the value of those portfolios, according to the study. But when it comes to investing time and resources, enterprises spend roughly the same amount of time and money on compliance-driven initiatives—protecting “custodial data,” Forrester says—as they do on protecting corporate secrets. “This strongly suggests that investments are overweighed toward compliance,” the study says. http://darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=224201369&subSection=Vulnerabilities+and+threats Yelp Makes Changes in Response to Small-Business Owners (NYT, 6 April 2010) - Small business owners have been loud and vocal in their criticism of Yelp and its reader reviews. On Tuesday, Yelp will make two significant changes to its pages to address those complaints. On Yelp, where users rank and review local businesses, readers will now be able to click on a link to see reviews that Yelp filtered out, and advertisers on Yelp will no longer be able to post their favorite review at the top of the page. “I hope that these changes will debunk some of the myths and conspiracy theories out there about Yelp and its advertising and whether those are linked,” said Jeremy Stoppelman, Yelp’s co-founder and chief executive. The changes come after several small businesses, including a California veterinary clinic and an Illinois bakery, filed a class action lawsuit accusing the site of extortion. The suit claims that Yelp will remove negative reviews and reinstate positive reviews for paying advertisers and says that “business listings on Yelp.com are in fact biased in favor of businesses that buy Yelp advertising.” Yelp has dismissed the complaints as conspiracy theories. However the lawsuit turns out, two things are clear from small business owners’ complaints about Yelp. Yelp’s sales managers use a hard sell when signing up advertisers, and business owners remain confused about how exactly Yelp’s ranking and filtering of reviews works. As I wrote about last year, many businesses are irked because they feel Yelp is not transparent about why certain reviews show up on their pages and others do not. Some of the confusion came from the fact that advertisers, who pay $300 to $1,000 a month, have been allowed to choose one review that shows up at the top of their profile page. Yelp’s spam filter also scans for suspicious reviews, like those that could have been written by a competitor or a business owner’s friend or relative. Yelp is making the new changes to address these two issues. People will be able to see which reviews have been removed from the site, so they can judge for themselves whether or not advertisers are getting a special advantage and whether the reviews are worthy. http://bits.blogs.nytimes.com/2010/04/06/yelp-makes-changes-to-appease-small-business-owners/?ref=technology FTC Busts Another Company For Inadequate Data Security (Steptoe & Johnson’s E-Commerce Law Week, 7 April 2010) - Dave & Buster’s, Inc., which operates restaurant and entertainment complexes nationwide, has agreed to settle charges by the Federal Trade Commission that it left consumers’ credit and debit card information vulnerable to hackers, and that this vulnerability resulted in hundreds of thousands of dollars in fraudulent charges. The FTC noted that this is its 27th enforcement action challenging companies’ data security practices. The Commission alleged that Dave & Buster’s failed to take “reasonable and appropriate” steps to secure “sensitive personal information” it had collected from customers in order to authorize their payment card purchases, and that this failure constituted an “unfair act or practice” in violation of the FTC Act. While the Commission in the past has focused on, inter alia, the failure to encrypt personal information, its complaint here focused on the lack of adequate access controls and filters on outbound data traffic. http://www.steptoe.com/publications-6770.html US Privacy Law In Theory and In Practice (Media Law Prof Blog, 7 April 2010) - Kenneth A. Bamberger, University of California, Berkeley, School of Law, and Deirdre K. Mulligan, School of Information, University of California, Berkeley, have published “Privacy on the Books and on the Ground,” in volume 63 of the Stanford Law Review (2010). Here is the abstract: “U.S. privacy law is under attack. Scholars and advocates criticize it as weak, incomplete, and confusing, and argue that it fails to empower individuals to control the use of their personal information. The most recent detailed inquiry into corporate treatment of privacy, conducted in 1994, frames these critiques, finding that firms neglected the issue in their data management practices because of the ambiguity in privacy mandates and lax enforcement. As Congress and the Obama Administration consider privacy reform, they encounter a drumbeat of arguments favoring the elimination of legal ambiguity by adoption of omnibus privacy statutes, the EU’s approach. These critiques present a largely accurate description of privacy law “on the books.” But the debate has strangely ignored privacy “on the ground” - since 1994, no one has conducted a sustained inquiry into how corporations actually manage privacy, and what motivates them. This omission is especially striking because the neglect of the 90s has been replaced by a massive dedication of corporate resources to privacy management, the inclusion of privacy officers at the c-suite level, and the employment of a 6,500-strong cadre of privacy professionals. This Article presents findings from the first study of corporate privacy management in fifteen years, involving qualitative interviews with Chief Privacy Officers identified by their peers as industry leaders. Spurred by these findings, we present a descriptive account of privacy “on the ground” that upends the terms of the prevailing policy debate. Our alternative account identifies elements neglected by the traditional story - the emergence of the Federal Trade Commission as a privacy regulator, the increasing influence of privacy advocates, market and media pressures for privacy-protection, and the rise of privacy professionals - and traces the ways in which these players supplemented a privacy debate largely focused on processes (such as notice and consent mechanisms) with a growing corporate emphasis on substance: preventing violations of consumers’ expectations of privacy. Two alterations to the legal landscape contribute to this definitional shift. First, the substantive definition tracks the emergence of the FTC as a roving regulator with broad yet ambiguous power to evaluate privacy practices in the marketplace through its consumer protection lens. The FTC’s mandate to protect consumers from “unfairness” and “deception” permits dynamic regulation that evolves with changing contexts, and forces corporate practices to develop accordingly. Second, state security breach notification laws raised the soft and hard costs of mismanaging personal information. Together these changes led companies to integrate substantive considerations of consumers’ privacy expectations into their workflows, rather than leaving privacy to the lawyers and their process-based “click through if you ‘consent’ to the privacy policy” approach.” http://lawprofessors.typepad.com/media_law_prof_blog/2010/04/us-privacy-law-in-theory-and-in-practice.html SSRN link: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1568385 Judge Sues Newspaper for $50M, Claims Breach of Promised Anonymity re Web Comments (ABA Journal, 7 April 2010) - Under fire over anonymous comments reportedly made from her private e-mail account about defendants and at least one lawyer in cases she is overseeing, an Ohio judge has blasted back by filing suit against the Cleveland newspaper that broke the story. Cuyahoga Court of Common Pleas Judge Shirley Strickland Safford says the Plain Dealer breached the terms of use for its website by disclosing her identity and her daughter’s identity in articles about anonymous comments reportedly made on the newspaper’s website from their joint e-mail account, according to WKYC Channel 3 and a press release (PDF) issued by her lawyer, Brian Spitz. The Cuyahoga County suit she filed today seeks $25 million in compensatory damages and $25 million in punitive damages for alleged breach of contract and invasion of privacy. In addition to the Plain Dealer, it names the newspaper’s parent company and other defendants responsible for administering the Cleveland.com site, contending that the newspaper, an editor and unknown reporters conspired with the entities that controlled confidential registration information to reveal it publicly. http://www.abajournal.com/weekly/article/judge_sues_newspaper_for_alleged_breach_of_anonymity_promise_re_web_comment Visual Artists Sue Google Over Images in Digitized Books (Law.com, 8 April 2010) - Eleven photography and graphic arts organizations, and individual illustrators and photographers have hit Google Inc. with a copyright infringement class action over the company’s ongoing project to digitize the world’s books. The American Society of Media Photographers Inc. v. Google Inc., filed on Wednesday in the Southern District of New York, claims the company’s Google Book Search project involves massive infringement of copyrighted images. The plaintiffs seek an injunction against the company and a declaratory judgment that the company infringed the plaintiffs’ and class members’ copyrights. The plaintiffs seek unspecified actual damages. They’re also asking the court to award statutory damages of at least $30,000 per infringed visual work or at least $150,000 per infringed visual work if the court finds that Google acted willfully. The plaintiffs are not trying to hamper Google’s business, said their lawyer, James McGuire, the managing partner of the New York office of London-based Mishcon de Reya. “The issue in the case is that Google has been misappropriating and misusing the property and rights of the class without authorization and compensation,” McGuire said. “It may be that we can work out an arrangement with Google, but we can only do so if it pays proper attention to the rights of the plaintiffs.” Four of the five photography groups and four individuals not named in the recently filed suit tried unsuccessfully to intervene in a pending Southern District of New York consolidated lawsuit brought by authors, The Authors Guild v. Google Inc. On Sept. 2, 2009, Judge Denny Chin issued an order concluding that it was “simply too late to permit new parties into the case.” In a Nov. 4, 2009, memorandum decision about the photography plaintiffs’ motion for reconsideration of their request to intervene, Chin wrote that it “makes more sense” for them to file their own lawsuit. http://www.law.com/jsp/article.jsp?id=1202447691262&rss=newswire Official’s Ignorance Of Specific Sales Does Not Undermine Jurisdiction In Web Sale Case (BNA’s Internet Law News, 8 April 2010) - BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the District of New Jersey held March 22 that a web company that offered its products to purchasers throughout the United States is subject to jurisdiction in a state where six orders were placed and ultimately shipped, regardless of corporate management’s subjective ignorance of those sales. Case name is Food Sciences Corporation v. Nagler. [Editor: Sadly, BNA’s ILN, produced so ably for 10 years by Michael Geist, has drawn to an end as of 16 April 2010. I’ve been hugely impressed by the quality of this service, and not a little mystified about the “how”; hats off to Michael.] Nikkei Restricts Links to Its New Web Site (NYT, 8 April 2010) - Japan’s largest business newspaper, the Nikkei, joined the trend of other news sites last week by requiring readers to pay to view its Web site. But, in a twist, it also imposed a policy severely restricting links to its articles — or even its home page. Links to Nikkei’s home page require a detailed written application. Among other things, applicants must spell out their reasons for linking to the site. In addition, regular readers of the site will also notice that the paper has disabled the ability to right-click — which usually brings up a menu including “copy link address.” The paper’s “link policy” ends on an ominous note: “We may seek damages for any violations of these rules.” The Nikkei says the rules are intended to make sure its pay wall is not breached and to prevent the linking of its content from “inappropriate” sites. “In some cases, links to individual stories could lead to stories being manipulated for a purpose other than journalism, for example to promote a certain stock,” the Nikkei said. “There is a danger this could inaccurately affect financial markets.” Instead of going all out on the Web like many American papers, Japan’s top papers have limited online fare, so that readers must buy print editions for full articles. On Daily Yomiuri Online, the Web site of another Japanese daily, many articles are short versions, or “stubs,” with no photographs. The same is true for Asahi.com, run by the Asahi Shimbun. The Yomiuri and Asahi are the world’s two largest newspapers — the Yomiuri has a circulation of slightly more than 10 million, while the Asahi has slightly more than 8 million readers. The New York Times, by comparison, has average daily sales of 928,000 papers. http://www.nytimes.com/2010/04/09/technology/09paper.html?scp=1&sq=japanese%20financial%20newspaper%20fee%20to%20view%20web&st=cse Must Criminal Contempt Occur in Court? 7th Cir. Mulls Judge’s Reaction to E-Mail Flood (ABA Journal, 8 April 2010) - As lawyers today debated before the 7th U.S. Circuit Court of Appeals whether a federal district judge should have sentenced an informercial pitchman to 30 days for flooding his in-box with e-mail, the three-judge panel honed in on whether criminal contempt can occur outside the physical boundaries of a courtroom. Partner Kimball Anderson of Winston & Strawn, representing Kevin Trudeau, argued that the finding by U.S. District Judge Robert Gettleman requires in-court misconduct, before a judge, that directly affects the administration of justice, reports the Chicago Sun-Times. However, Gary Feinerman, a Sidley Austin partner appointed to argue that Gettelman’s contempt order should be upheld, said the deluge of angry e-mail that Trudeau encouraged fans to send to Gettleman’s e-mail and BlackBerry created a sufficient basis for the judge’s finding against Trudeau. In this day and age, he contended, a computer should be considered part of the courtroom, so “the court, at that point, was under attack.” http://ow.ly/171aCX Memo to Gov Agencies: You May Now Tweet, Blog and Facebook (ReadWriteWeb, 8 April 2010) - Next time you hear about your city council looking to pass a law, make sure to check out their blog, Twitter and Facebook accounts. The Office of Management and Budget issued a memorandum yesterday that should make it easier for government agencies to both communicate with citizens and receive feedback by way of the Internet and social media. The memo, entitled “Social Media, Web-Based Interactive Technologies, and the Paperwork Reduction Act” addresses the bounds of the Paperwork Reduction Act, a law first passed in 1980, and again in 1995, that regulates the ways in which government agencies can collect information. Yesterday’s memo identifies a number of online activities, according to some rather specific criteria, that can now be considered outside the realm of the PRA - and therefore allowable without prior authorization by the OMB, something that could take several months. This Memorandum identifies a series of other activities that, consistent with the text and purposes of the PRA, OMB has determined may be excluded from its purview. Such activities include many uses of wikis, the posting of comments, the conduct of certain contests, and the rating and ranking of posts or comments by website users. This Memorandum applies whether agency interactions are occurring on a .gov website or on a third-party platform. The memo is in response to a January 21, 2009 memorandum by President Obama, which called for the establishment of “a system of transparency, public participation and collaboration.” http://bit.ly/cQprSK Justice Stevens Leaves Mark on Internet Law (CNET, 9 April 2010) - U.S. Supreme Court Justice John Paul Stevens, who announced his retirement on Friday, is arguably the most liberal member of the court. What’s less open to debate is that a pair of his opinions written over a decade ago outlined the legal environment that gave rise to today’s Internet. Amazon.com, Newegg.com, Overstock.com, and other major Internet retailers can trace much of their growth in the last decade to Stevens’ 1992 opinion that said, unambiguously, that they cannot be required to collect sales taxes on out-of-state sales. That gave them a competitive advantage over traditional rivals like Borders and Best Buy that did charge sales taxes--while irking state tax collectors immeasurably. news.cnet.com/8301-13578_3-20002145-38.html A Checklist for Cloud Computing Deals (Law.com, 9 April 2010) - Cloud computing has become a technology buzzword. Its definition is elusive, but a working definition could be: A service offered by vendors with large computer server networks to provide infrastructure such as processing capacity, storage for electronic data and records, software as a service or provision of services such as e-mail. The idea, as e-commerce and tech-savvy counsel may know, is to use a multilayered network of servers and computers to provide computing and hosting power when needed—sort of a front-end and back-office architecture with a backup system, without much of the in-house worries that go with investments in IT infrastructure. Cloud computing can help e-commerce ventures in a variety of ways, including by allowing expansion of services and support during business peaks, such as holidays, or other seasonal or special shopping times. For expansion to cloud computing where formal contracts, or regulatory, fiduciary or other obligations are involved, e-commerce counsel will be called on to ensure all arrangements are proper and beneficial. More on that below. http://www.law.com/jsp/article.jsp?id=1202447767770&rss=newswire The Fourth Amendment and Computer Warrants (Media Law Prof Blog, 12 April 2010) - Orin S. Kerr, George Washington University Law School, has published Ex Ante Regulation of Computer Search and Seizure. It is forthcoming in the Virginia Law Review. Here is the abstract: “In the last decade, magistrate judges around the United States have introduced a new practice of regulating the search and seizure of computers by imposing restrictions on computer warrants. These ex ante restrictions are imposed as conditions of obtaining a warrant: Magistrate judges refuse to sign warrant applications unless the government agrees to the magistrate’s limitation on how the warrant will be executed. These limitations vary from magistrate to magistrate, but they generally target four different stages of how computer warrants are executed: the on-site seizure of computers, the timing of the subsequent off-site search, the method of the off-site search, and the return of the seized computers when searches are complete. This Article contends that ex ante restrictions on the execution of computer warrants are constitutionally unauthorized and unwise. The Fourth Amendment does not permit judges to impose limits on the execution of warrants in the name of reasonableness. When such limits are imposed, they have no legal effect. The imposition of ex ante limits on computer warrants is also harmful: Ex ante assessments of reasonableness in ex parte proceedings are highly error-prone, and they end up prohibiting reasonable practices when paired with ex post review. Although ex ante restrictions may seem necessary in light of the present uncertainty of computer search and seizure law, such restrictions end up having the opposite effect. By transforming litigation of the lawfulness of a warrant’s execution into litigation focusing on compliance with restrictions rather than reasonableness, ex ante restrictions prevent the development of reasonableness standards to be imposed ex post that are needed to regulate the new computer search process. Magistrate judges should refuse to impose such restrictions and should let the law develop via judicial review ex post.” http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1571888 Electronic Systems Policy After ‘Stengart’ (Law.com 12 April 2010) - In its much anticipated decision in Stengart v. Loving Care, No. A-16-09, 2010 WL 1189458 (Mar. 30, 2010), the New Jersey Supreme Court addressed the extent to which an employee has an expectation of privacy and confidentiality in e-mails exchanged with his or her attorney via a password-protected, web-based e-mail account accessed on a company-owned computer. The court ruled that an employee does not waive the attorney-client privilege when using a personal e-mail account on a company computer to communicate with his or her attorney. In addition, the court held that company attorneys who fail to turn over an employee’s privileged communications found on the company’s computers to the employee’s attorney are subject to sanctions for violating Rule 4.4(b), which covers an attorney’s obligations with regard to inadvertently produced documents. The Stengart decision obviously has serious implications both for companies that seek to limit and monitor employees’ use of company computers and for attorneys who discover arguably privileged communications between an employee and the employee’s lawyer on a company’s computer systems. In the wake of the Stengart decision, New Jersey employers should re-examine their current electronic systems policies and e-discovery practices in collaboration with employment counsel, keeping in mind the following best practices. http://www.law.com/jsp/article.jsp?id=1202447854132&rss=newswire Google Backs Yahoo In Privacy Fight With DOJ (CNET, 13 April 2010) - Google and an alliance of privacy groups have come to Yahoo’s aid by helping the Web portal fend off a broad request from the U.S. Department of Justice for e-mail messages, CNET has learned. In a brief filed Tuesday afternoon, the coalition says a search warrant signed by a judge is necessary before the FBI or other police agencies can read the contents of Yahoo Mail messages--a position that puts those companies directly at odds with the Obama administration. Yahoo has been quietly fighting prosecutors’ requests in front of a federal judge in Colorado, with many documents filed under seal. Tuesday’s brief from Google and the other groups aims to buttress Yahoo’s position by saying users who store their e-mail in the cloud enjoy a reasonable expectation of privacy that is protected by the U.S. Constitution. The coalition also includes the Electronic Frontier Foundation, the Center for Democracy and Technology, the Progress and Freedom Foundation, the Computer and Communications Industry Association, and TRUSTe. For its part, the Justice Department has taken a legalistic approach: a 17-page brief it filed last month acknowledges that federal law requires search warrants for messages in “electronic storage” that are less than 181 days old. But, Assistant U.S. Attorney Pegeen Rhyne writes in a government brief, the Yahoo Mail messages don’t meet that definition. “Previously opened e-mail is not in ‘electronic storage,’” Rhyne wrote in a motion filed last month. “This court should therefore require Yahoo to comply with the order and produce the specified communications in the targeted accounts.” (The Justice Department’s position is that what’s known as a 2703(d) order--not as privacy-protective as the rules for search warrants--should let police read e-mail.) On December 3, 2009, U.S. Magistrate Judge Craig Shaffer ordered Yahoo to hand to prosecutors certain records including the contents of e-mail messages. Yahoo divulged some of the data but refused to turn over e-mail that had been previously viewed, accessed, or downloaded and was less than 181 days old. http://news.cnet.com/8301-13578_3-20002423-38.html EFF story about government retreat: http://www.eff.org/deeplinks/2010/04/government-backs-down-yahoo-email-privacy-case CNET on the retreat: http://news.cnet.com/8301-13578_3-20002722-38.html?tag=newsEditorsPicksArea.0 Assigning Value to E-Discovery’s Unknown (Law.com, 14 April 2010) - In the marvelous Dashiell Hammett novel and John Huston film, “The Maltese Falcon,” private detective Sam Spade, bad guys Kaspar Gutman and Joel Cairo and various others spend money and the lives of others in pursuit of the “black bird,” a statuette of a falcon which, according to Gutman, is encrusted from head to toe with jewels hidden from sight by a thin, black enamel coating. The bird had acquired the coating to mask its true value. As readers and moviegoers, we never learn whether the falcon actually existed, much less its true value. The courts, in two recent, prominent e-discovery decisions, were presented with the same problem Sam Spade initially had: how does one value the unknown? For Spade, the unknown was a jewel-encrusted statuette that may or may not exist. For U.S. District Judge for the Southern District of New York Shira A. Scheindlin, who authored the Jan. 15 decision in Pension Committee of the University of Montreal Pension Plan v. Bank of America Securities, and U.S. District Judge for the Southern District of Texas Lee H. Rosenthal, who authored the Feb. 19 opinion in Rimkus Consulting Group, Inc. v. Cammarata et al., the question was how to value discovery that may never have existed, i.e., data that should have been preserved to determine whether it needed to be produced as e-discovery but, due to the actions of the producing parties, was destroyed. This article looks at the approach taken by Scheindlin in Pension Committee. http://www.law.com/jsp/article.jsp?id=1202448001191&rss=newswire Cyber-War Nominee Sees Gaps in Law (NYT, 14 April 2010) - The Army intelligence officer nominated to lead the Pentagon’s new command devoted to warfare in cyberspace has warned Congress of a gap between the military’s technical capabilities and legal controls over digital combat. The officer, Lt. Gen. Keith B. Alexander, wrote to members of the Senate Armed Services Committee that computer network warfare is evolving so rapidly that there is a “mismatch between our technical capabilities to conduct operations and the governing laws and policies.” As he prepared for his confirmation hearing on Thursday as the first head of the Cyber Command, he pledged that the White House and Pentagon were “working hard to resolve the mismatch.” In a 32-page response to questions from senators, General Alexander sketched out the broad battlefield envisioned for the computer warfare command, listing the kind of targets that his new headquarters could be ordered to attack. The target list included traditional battlefield prizes – command-and-control systems at military headquarters, air defense networks and weapons systems that require computers to operate. But he acknowledged that it also included civilian institutions and municipal infrastructure that are essential to state sovereignty and stability, including power grids, banks and financial networks, transportation and telecommunications. General Alexander promised that the proposed Cyber Command would be sensitive to the ripple effects from this kind of warfare, and would honor the same laws of war that govern traditional combat in seeking to limit the impact on civilians. “It is difficult for me to conceive of an instance where it would be appropriate to attack a bank or a financial institution, unless perhaps it was being used solely to support enemy military operations,” he wrote. General Alexander did not note it in his response, but the Bush administration considered exactly that kind of network attack on Iraq’s banking system before the invasion of 2003, but rejected the idea, fearing unintended impact on global financial markets. http://www.nytimes.com/2010/04/15/world/15military.html Federal Regulators Release Model Consumer Privacy Notice Online Form Builder (FRB, 15 April 2010) - Eight federal regulators released an Online Form Builder today that financial institutions can download and use to develop and print customized versions of a model consumer privacy notice. The Online Form Builder, based on the model form regulation published in the Federal Register on December 1, 2009, under the Gramm-Leach-Bliley Act, is available with several options. Easy-to-follow instructions for the form builder will guide an institution to select the version of the model form that fits its practices, such as whether the institution provides an opt-out for consumers. To obtain a legal “safe harbor” and so satisfy the law’s disclosure requirements, institutions must follow the instructions in the model form regulation when using the Online Form Builder. The model privacy form was developed jointly by the Board of Governors of the Federal Reserve System, Commodity Futures Trading Commission, Federal Deposit Insurance Corporation, Federal Trade Commission, National Credit Union Administration, Office of the Comptroller of the Currency, Office of Thrift Supervision, and Securities and Exchange Commission. The Online Form Builder is available at * * * http://www.federalreserve.gov/newsevents/press/bcreg/20100415a.htm Recording Police and Defining ‘Plain Sight’ (CMLP, 15 April 2010) - As bicyclist Eli Damon tells the story, a police officer pulled him over on March 20 as he rode his bike in Hadley, Massachusetts. The officer cited him for failing to keep to the right side of the road, and while issuing a ticket for the offense he noticed a camera on Damon’s helmet. The officer “told me that by recording his voice without explicitly warning him of it,” Damon later said, “I was violating federal wiretapping law.” Because federal law permits the recording of in-person conversations with the consent of only one of the parties (see 18 U.S.C. 2511(2)(d)), it’s likely the officer had instead meant to cite state law. The Massachusetts wiretapping statute, MGL Ch. 272 § 99, requires all parties — meaning both Damon and the officer — to consent to the recording. Because the statute only addresses secret recordings, those made with a camera in plain sight fall outside the restrictions. A 2001 decision by the Massachusetts Supreme Judicial Court made clear that recording police openly does not violate the wiretapping law, and lower courts consistently have recognized that exception. Still, Massachusetts police are charging individuals under the statute despite their cameras being in what most would agree is plain view. Damon’s camera was secured to the side of his helmet. “I said that I was not being secretive since the camera [was] in plain view, right next to my face,” Damon said.” He demanded that I turn off the camera and hand it to him so he could hold it as evidence.” The officer, he said, “continued to talk to me about how serious a crime I had committed with the camera.” A court will likely dismiss the charge if Damon can prove he recorded the police in an open, non-secretive manner. It appears to be a relatively easy case to make given the camera’s location and the officer noticing it on his own — facts that don’t exactly smack of secrecy. Since the SJC’s ruling in Commonwealth v. Hyde, 750 N.E.2d 963 (Mass. 2001), lower courts have considered such factors in similar wiretapping cases. Simon Glik openly recorded officers with his cellphone in 2007 as they conducted a drug arrest in Boston. The charge was ultimately dismissed. The same for John Surmacz who was arrested after he openly recorded police breaking up a holiday party in Brighton in 2008. Police arrested filmmaker Emily Peyton in 2007 after she recorded officers in Greenfield detaining an anti-war protester. Once she established that the recording occurred openly, the state dropped the charge. This all stems from persuasive dicta in the Hyde opinion. http://www.citmedialaw.org/blog/2010/recording-police-and-defining-plain-sight?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+CitizenMediaLawProject+(Citizen+Media+Law+Project) E-Discovery Threatens to ‘Litigize’ Arbitration (Law.com, 16 April 2010) - Most international commercial arbitrations avoid U.S.-style discovery. Depositions are rare and document discovery generally is limited by comparison to domestic arbitration proceedings. Typically, parties produce documents they believe will support their claims or defenses. Document requests must be supported by a showing of need, together with a narrow description of the document and a statement that it is actually in the possession of the other party. In ruling on the scope of compelled document production, arbitrators are expected to balance the likely benefits of production against cost, delay, and the burden to the party who must produce. International Bar Association rules do not mention e-discovery or refer to electronically stored information, but a number of commentators have argued that the governing principles of the IBA rules ought to apply not only to paper documents but also to electronically stored information. Currently, an IBA arbitration subcommittee is addressing potential changes to the 1999 Rules, and those changes could include e-discovery. The International Centre for Dispute Resolution, the international arm of the American Arbitration Association, issued its “Guidelines for Information Exchanges in International Arbitration” in May 2008. The provision regarding electronic documents states: “Requests for documents maintained in electronic form should be narrowly focused and structured to make searching for them as economical as possible. The Tribunal may direct testing or other means of focusing and limiting any search.” This provision applies to all international arbitration proceedings administered by the International Centre for Dispute Resolution after May 31, 2008, unless the parties expressly agree to opt out of its application. The Chartered Institute of Arbitrators issued its “Protocol for E-Disclosure in Arbitration“ in October 2008. The protocol’s purpose is to focus early consideration upon disclosure of electronically stored information where appropriate and necessary; to alert the parties and arbitrators to these issues at an early stage, particularly as to the scope of production and conduct of disclosure; and to allow parties to adopt the protocol as part of a pre-dispute agreement or a pending proceeding. The protocol identifies tools and techniques for reducing the burdens of e-discovery, including limiting disclosure to specific categories of documents, specific date ranges, custodians, etc.; the use of agreed search terms; the use of agreed software tools; the use of data sampling; and formats and methods of e-discovery. http://www.law.com/jsp/article.jsp?id=1202448121439&rss=newswire Mississippi Passes Data Breach Notification Law (security Planet, 16 April 2010) - Mississippi this week became the 46th state to pass legislation requiring businesses and government agencies to immediately notify people when their personal information has been compromised by either an accidental or deliberate data breach. House Bill 583, which was signed into law this week by Gov. Haley Barbour, goes into effect on July 1 and requires “any person who conducts business” in the state to disclose any breach to all affected individuals without unreasonable delay. It further compels organizations to alert appropriate law enforcement agencies of the data breach and to initiate their own internal investigations to determine both the scope and nature of the incident. With Mississippi now on board, only Alabama, Kentucky, New Mexico and South Dakota have yet to adopt data breach notification statutes to protect consumers from what’s become an almost weekly occurrence. http://www.esecurityplanet.com/features/article.php/3876906/Mississippi-Passes-Data-Breach-Notification-Law.htm - and - California Senate Again OKs Breach Notification Law Update (SC Magazine, 16 April 2010) - The California Senate has approved a bill that would update the state’s pioneering data breach notification law, the lawmaker who introduced the legislation announced Friday. The bill from Democratic Sen. Joe Simitian is a reintroduction of the same measure that he proposed last year, but which was ultimately vetoed by Gov. Arnold Schwarzenegger. The current legislation, known as SB-1186, builds on the landmark 2003 breach notification bill, SB-1386, by requiring that breach notification letters also contain specifics around the data-loss incident, including the type of personal information exposed, a description of the incident, and advice on steps to take to protect oneself from identity theft. The law also would mandate that organizations that suffer a breach affecting 500 or more people must submit a copy of the alert letter to the state attorney general’s office. “This new measure makes modest but helpful changes to the law,” Simitian said in a statement. “It will also give law enforcement the ability to see the big picture, and a better understanding of the patterns and practices developing in connection with identity theft.” He added that he believes, based on conversations with the governor’s office, that Schwarzenegger will sign the bill this time. http://www.scmagazineus.com/california-senate-again-oks-breach-notification-law-update/article/168168/ - but - In Data Breaches, Keeping Number of Records Lost Secret Can Protect Stock Prices (Network World, 14 April 2010) - When companies publicly declare that they have suffered a data breach, it’s best not to reveal how many individual records were involved if they don’t want to take a hit in their stock prices, according to a study. The Heartland breach last year involving 130 million lost records set off a plunge that reduced its stock price by 90%, and it hadn’t fully recovered a year later, according to the Perimeter E-Security “U.S. Data Breach Study of 2009” report. Smaller breaches triggered stock-price drops of 12% on average that were made up for in about 60 days, the study says. But when companies don’t reveal how many records were compromised, there is no discernible impact on the stock price. “When it is a high-profile, largely publicized breach, it seems to impact the stock heavily,” the study says. “When a company does not disclose the total number of records lost, there appears to be no statistically meaningful impact to the stock.” http://www.networkworld.com/news/2010/041410-data-breaches-stock-prices.html PA School Snared 1,000s of Webcam Images (AP, 18 April 2010) - A suburban Philadelphia school district snapped secret webcam pictures of a high school student when he was partially undressed or sleeping in his bed, and captured instant messages he exchanged with friends, the student charged in court papers this week. The Lower Merion School District concedes its efforts to find missing school-issued laptops was misguided, and officials vowed anew Friday to release the findings of their internal investigation, “good and bad.” The LANrev software program took screen shots and webcam photos every 15 seconds when activated. The district thereby captured over 400 screen shots and webcam images of Harriton High School sophomore Blake Robbins, according to court filings this week in his lawsuit. Mark Haltzman, who filed the lawsuit on behalf of Robbins and his family, said evidence now shows the district used the tracking software for non-authorized reasons — for instance, when students failed to pay the required insurance or return the laptops at year’s end. At least once, a name mix-up led the district to activate the wrong student’s laptop, he charged. news.yahoo.com/s/ap/20100416/ap_on_hi_te/us_laptops_spying_on_students Plaintiff Sues Over Court Requiring LexisNexis for E-Filing (Law.com, 19 April 2010) - A requirement that civil litigants in a state district court in Montgomery County use LexisNexis for court filings violates the U.S. and Texas constitutions, a woman alleges in a class action filed in the U.S. District Court for the Southern District of Texas in Houston. Karen McPeters, the plaintiff for the proposed class action, filed McPeters v. Edwards, et al. on April 6. The original complaint names as defendants 9th District Court Judge Frederick Edwards, Montgomery County, District Clerk Barbara Adamick, and Reed Elsevier, an English-Dutch conglomerate doing business as LexisNexis. As alleged in the original complaint, an order Edwards signed on Feb. 10, 2003, requires McPeters, as a party in a civil suit in the 9th District Court, to exclusively use LexisNexis’ online electronic filing service to file pleadings and documents in her suit. San Antonio solo Robert L. Mays Jr., McPeters’ attorney, says the district clerk returns unfiled any documents not filed through LexisNexis. The requirement that litigants use LexisNexis exclusively for the court filings violates the Texas Constitution’s open courts provision, he maintains. http://www.law.com/jsp/article.jsp?id=1202448233917&rss=newswire Gucci’s Fired In-House Lawyer Savages Company in Court Papers (Law.com, 20 April 2010) - Jonathan Moss, the chief legal officer fired by Gucci America Inc. because he was not authorized to practice law, fired back at the company Friday in an affidavit filed amid Gucci’s court battle over trademarks. And now Gucci may be facing a wrongful termination suit, if Moss’ language is any indication of his intentions. Though not a party to the case, Moss spoke out as “a matter of professional responsibility.” He said, “Gucci alleges that it terminated my employment for cause because I ‘deceived’ it and because it ‘questioned my trustworthiness.’ These allegations are inconsistent with the facts and are untrue.” The affidavit states that Moss believes Gucci’s reasons for firing him are “inconsistent with the facts and the law.” He cited excellent performance evaluations and his accomplishments while in-house counsel at the company. Moss had voluntarily gone on inactive status with the California bar, where he was licensed. His inactive status came out during the trademark infringement suit brought by Gucci against competitor Guess Inc. in U.S. District Court in Manhattan. He has since converted back to active status. Gucci lawyers have argued that communications with Moss about the trademark litigation are confidential under attorney-client privilege. But Guess countered that they are not privileged because Moss was not authorized to practice law due to his inactive status. Gucci attorney Louis Ederer, a partner at Arnold & Porter in New York, filed a motion to protect the privilege (pdf), claiming that Moss is a member of a state bar, and that no one at Gucci knew his license wasn’t up-to-date when they talked with him. Ederer didn’t return calls for comment. But Gucci fired Moss anyway. Moss said he believed that his inactive status had no effect on his being able to be an in-house counsel, and that he never hid his inactive status from Gucci. The issue, he said, “just never came up.” http://www.law.com/jsp/article.jsp?id=1202448297760&rss=newswire World Bank Opens Up Its Data, Removes Pay Walls (GigaOM, 20 April 2010) - The World Bank, which tracks everything from mortality rates and education levels to CO2 emissions and livestock production in hundreds of countries around the globe, is opening up its data, including removing all of the pay walls around information that used to require a subscription fee. The agency has also launched a new web site where it’s making all of the information from dozens of its global databases and surveys available for browsing or download. The Bank said that it’s “challenging the global community to use the data to create new applications and solutions to help poor people in the developing world.” The data at the World Bank site includes more than 2,000 indicators related to economic well-being and global development, including some that the agency has been accumulating for 50 years. The data is available in Arabic, French and Spanish as well as English. The agency said that it plans to launch an Apps for Development competition in the next few months, which it hopes will lead to tools, applications and mashups that use World Bank data to help global development. “I believe it’s important to make the data and knowledge of the World Bank available to everyone,” World Bank Group President Robert Zoellick said in a statement. “Statistics tell the story of people in developing and emerging countries and can play an important part in helping to overcome poverty. They are now easily accessible on the Web for all users, and can be used to create new apps for development.” http://gigaom.com/2010/04/20/world-bank-opens-up-its-data-removes-pay-walls/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+OmMalik+(GigaOM) Amazon Refuses North Carolina’s Demands for Customers’ Personal Data (ReadWriteWeb, 20 April 2010) - North Carolina has asked online retailer Amazon.com to turn over the names and addresses of every customer who has made a purchase on the site since 2003 and what they bought. The N.C. Department of Revenue is making the request in an attempt to audit Amazon’s compliance with state sales and tax laws, according to a Reuters report. Amazon says revealing this data violates customer privacy and has filed a lawsuit to prevent having to turn over the records, which hold the transaction details on 50 million purchases over a 7-year time frame. http://www.readwriteweb.com/archives/amazon_refuses_north_carolinas_demands_for_customers_personal_data.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+readwriteweb+(ReadWriteWeb) ACTA Arrives (And It’s Gotten a Tiny Bit Better) (ArsTechnica, 21 April 2010) - We’ve been covering the Anti-Counterfeiting Trade Agreement (ACTA) for two years now, and in that entire 24 month period no official text of the agreement has been released. Remarkable, really, given the intense scrutiny, but there you have it. Today, that all changed as the countries behind ACTA finally released a consolidated draft text (PDF) of the agreement. Though billed as a “trade agreement” about “counterfeiting,” ACTA is much more than that: it’s an intellectual property treaty in disguise. Tucked inside the draft are provisions that will prevent people from bypassing digital locks on the items they buy, that will force ISPs to shoulder more of the burden in the fight against online piracy, and that bring US-style “notice-and-takedown” rules to the world. Well, not to the world, exactly. ACTA is more like a select club of countries: Australia, Canada, the European Union countries, Japan, Korea, Mexico, Morocco, New Zealand, Singapore, Switzerland and the United States of America. But the treaty it develops is really just the next rung on a ladder stretching back to 1886, and it will certainly be wielded like a weapon on the rest of the world in the future. The text is not final—that is due to happen later this year—so if you want to see changes made, the time to act is now. After a year of partial leaks and finally complete leaks, ACTA’s basic outlines are familiar. We’ll start our ACTA deep dive with an overview of the key provisions, especially as they relate to the Internet. Stick around afterwards to understand how and why we have ACTA at all, some likely effects of the treaty, and thoughts on the negotiating endgame. http://arstechnica.com/tech-policy/news/2010/04/acta-is-here.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss Consolidated draft here: http://trade.ec.europa.eu/doclib/html/146028.htm Google Street View Logs Wi-Fi Networks, MAC Addresses (Slashdot, 23 April 2010) - An anonymous reader points to this story at The Register that says: “Google is collecting more than just images when they drive around for the Street View service. ‘Google’s roving Street View spycam may blur your face, but it’s got your number. The Street View service is under fire in Germany for scanning private WLAN networks, and recording users’ unique MAC (Media Access Control) addresses, as the car trundles along.’ There’s a choice quote at the end: ‘Google CEO Eric Schmidt recently said Internet users shouldn’t worry about privacy unless they have something to hide.’” http://yro.slashdot.org/story/10/04/23/0522228/Google-Street-View-Logs-Wi-Fi-Networks-MAC-Addresses?from=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Slashdot/slashdot+(Slashdot) NOTED PODCASTS Pranav Mistry: The Thrilling Potential of SixthSense Technology (TED, Nov 2009) – “At TEDIndia, Pranav Mistry demos several tools that help the physical world interact with the world of data—including a deep look at his SixthSense device and a new, paradigm-shifting paper “laptop.” In an onstage Q&A, Mistry says he’ll open-source the software behind SixthSense, to open its possibilities to all.” [Editor: fascinating visual demonstration of very cool things; instead of augmented reality, this is more like augmented computing. Related to featured podcast in MIRLN 12.04.] http://www.ted.com/talks/pranav_mistry_the_thrilling_potential_of_sixthsense_technology.html RESOURCES NIST: Guide to Protecting the Confidentiality of Personally Identifiable Information (NIST Special Publication 800-122, April 2010) - The escalation of security breaches involving personally identifiable information (PII) has contributed to the loss of millions of records over the past few years. Breaches involving PII are hazardous to both individuals and organizations. Individual harms may include identity theft, embarrassment, or blackmail. Organizational harms may include a loss of public trust, legal liability, or remediation costs. To appropriately protect the confidentiality of PII, organizations should use a risk-based approach; as McGeorge Bundy once stated, “If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds.” This document provides guidelines for a risk-based approach to protecting the confidentiality of PII. The recommendations in this document are intended primarily for U.S. Federal government agencies and those who conduct business on behalf of the agencies, but other organizations may find portions of the publication useful. Each organization may be subject to a different combination of laws, regulations, and other mandates related to protecting PII, so an organization’s legal counsel and privacy officer should be consulted to determine the current obligations for PII protection. For example, the Office of Management and Budget (OMB) has issued several memoranda with requirements for how Federal agencies must handle and protect PII. To effectively protect PII, organizations should implement the following recommendations. http://csrc.nist.gov/publications/nistpubs/800-122/sp800-122.pdf U.S. Initiatives to Promote Global Internet Freedom: Issues, Policy, and Technology (Congressional Research Service, 5 April 2010) - Modern means of communications, led by the Internet, provide a relatively inexpensive, open, easy-entry means of sharing ideas, information, pictures, and text around the world. In a political and human rights context, in closed societies when the more established, formal news media is denied access to or does not report on specified news events, the Internet has become an alternative source of media, and sometimes a means to organize politically. The openness and the freedom of expression allowed through blogs, social networks, video sharing sites, and other tools of today’s communications technology has proven to be an unprecedented and often disruptive force in some closed societies. Governments that seek to maintain their authority and control the ideas and information their citizens receive are often caught in a dilemma: they feel that they need access to the Internet to participate in commerce in the global market and for economic growth and technological development, but fear that allowing open access to the Internet potentially weakens their control over their citizens. Legislation now under consideration in the 111th Congress would mandate that U.S. companies selling Internet technologies and services to repressive countries take actions to combat censorship and protect personally identifiable information. Some believe, however, that technology can offer a complementary and, in some cases, better and more easily implemented solution to some of those issues. They argue that hardware and Internet services, in and of themselves, are neutral elements of the Internet; it is how they are implemented by various countries that is repressive. Full CRS report here: http://www.fas.org/sgp/crs/misc/R41120.pdf Federal Cyber Security Outlook for 2010 (Clarus Research Group, April 2010) - How well prepared are IT professionals within U.S. government agencies to respond to foreign cyber threats? Will government initiatives, such as the Comprehensive National Cybersecurity Initiative and the creation of the U.S. National Cybersecurity Coordinator role, be effective in addressing the challenges facing U.S. critical IT infrastructure? What is the impact of compliance on security within the federal IT environment? Commissioned by Lumension, Clarus Research Group set about to answer these and other important questions facing federal IT in Lumension’s Federal Cyber Security Outlook for 2010: National IT Security Challenges Mounting study. Clarus Research Group interviewed over 200 federal IT decision-makers and influencers about endpoint operations, IT security and compliance issues. http://www.lumension.com/Media_Files/Documents/Marketing---Sales/Others/Federal-Cyber-Security-Outlook-for-2010.aspx DIFFERENT Forward-Looking Disclaimers: Mattel Has Real Style! (CorporateCounsel, 22 April 2010) - If there were awards given for entertainment value of disclaimers, I imagine this forward-looking information disclaimer for Mattel’s new interactive 2009 Annual Report (you’ll need to click on “Start”) would win hands-down this year (last year’s winner would be Southwest’s “rap” disclaimer). It’s innovative as two children read the disclaimer at the beginning of the video. After reading - and writing - so many staid disclaimers over the years, it’s cute as buttons. On the one hand, due to its high entertainment value, I bet a court would give this disclaimer more weight than written disclaimers because shareholders are much more likely to pay attention to it. But on the other, it’s also possible that a court may be turned off by children reading the disclaimer for fear that investors wouldn’t take it seriously. As noted in the memos posted in our “Forward-Looking Information” Practice Area, courts seem to prefer that the cautionary language be tailored to the forward-looking language in the document. But that just applies when the forward-looking information is in a written document. In this case, it’s a video and arguably it’s considered an “oral” statement - in which case, the requisite disclaimer is much more bare-bones and need not be tailored (just like Mattel has it). I’m not sure if a court would consider a video “oral.” Note that under Reg G, a webcast is considered “oral” - but other provisions of the securities laws could lead one to conclude that all multimedia are “writings” (see these FAQs I drafted long ago). All interesting stuff to ponder. http://www.thecorporatecounsel.net/Blog/2010/04/social-media-and-investor-relations.html Letter Arrives In Lansing 83 Years Later (Lansing State Journal, 14 April 2010) - A letter that arrived in Rick Kanaby’s mailbox Friday w MIRLN 2010-04-23T22:29:00-07:00 http://knowconnect.com/mirln/article/mirln_14_march_3_april_v1305/ http://knowconnect.com/mirln/article/mirln_14_march_3_april_v1305/#When:20:46:01Z • Thanks for the Headache • How College Students Use Wikipedia for Course-Related Research • Police Blotter: Bid For Breathalyzer Code Denied • 11th Circuit Eliminates 4th Amend. In E-mail • Social Networking Pitfalls for Judges, Attorneys • Wiring Up The Big Brother Machine… And Fighting It • DHS To Share Intelligence With Some CIOs • NCAA to Release Datasets • Verizon Wireless Enters Online Payment Space • Confusion Carries the Day in E-Discovery • Court’s Google Search Did Not Violate Evidence Rules, 2nd Circuit Says • Big Clients Keep Their Head Start • Get Your Head in the Cloud • Harvard Launches on iTunes U • Lawyer Warns of Blogging Burden, Even as Top Law Firms Embrace It • FAQ on Washington State’s PCI Law • ACTA Draft: No Internet for Copyright Scofflaws • FTC Investigates Widespread Data Breaches Over P2P Networks • Hollywood Wins Another Lawsuit Against a Search Engine • Blocking NLRA Protected Activities In the Workplace Via Email • Policy Makers, Businesses Debate Role of Washington in Cloud Computing • Top Execs Need to be Involved in Cybersecurity, Study Says • Privilege Trumps Company E-Mail Surveillance • 2nd Circuit Rejects Claim EBay Violated Tiffany’s Trademark NEWS | RESOURCES | DIFFERENT | LOOKING BACK | NOTES Thanks for the Headache (ABA Journal, 1 March 2010) - Usually they were just trying to help. But when someone—often a client—gives a lawyer privileged information that was stolen from the opposing party in a case, the main thing it does for the lawyer is create a great big ethics headache. Actually, it is fairly common for lawyers to come into possession of an adversary’s privileged information, but most of the time it happens inadvertently. Rule 4.4(b) of the ABA Model Rules of Professional Conduct directs a lawyer who “knows or reasonably should know that the document was inadvertently sent” to “promptly notify the sender.” (The Model Rules are the direct basis for lawyer ethics codes in every state except California.) The Model Rules clearly prohibit a lawyer from initiating the theft of an adversary’s privileged information. But sometimes clients, or others, take matters into their own hands. Technology makes the task even easier. Many people now have the means to access e-mail accounts or documents belonging to others, or to secretly record conversations. And then they deliver the materials to the lawyer, secure in the belief that they have helped the cause or at least enjoyed a small measure of revenge. Whatever the motivation, however, it leaves the lawyer in an ethics quandary. But in deciding on a course of action, a lawyer should address these [five] questions: http://ow.ly/16R6gw How College Students Use Wikipedia for Course-Related Research (First Monday, March 2010) - Findings are reported from student focus groups and a large–scale survey about how and why students (enrolled at six different U.S. colleges) use Wikipedia during the course–related research process. A majority of respondents frequently used Wikipedia for background information, but less often than they used other common resources, such as course readings and Google. Architecture, engineering, and science majors were more likely to use Wikipedia for course–related research than respondents in other majors. The findings suggest Wikipedia is used in combination with other information resources. Wikipedia meets the needs of college students because it offers a mixture of coverage, currency, convenience, and comprehensibility in a world where credibility is less of a given or an expectation from today’s students. http://www.uic.edu/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/2830/2476 Police Blotter: Bid For Breathalyzer Code Denied (CNET, 15 March 2010) - A Minnesota man convicted of drunk driving did not have the right to inspect the programming of a police breathalyzer, a state appeals court has ruled. The Minnesota Court of Appeals last week rejected Michael Garberg’s claim that he was entitled to obtain the source code to the Intoxilyzer 5000EN. Garberg failed to convince the court that obtaining the source code “may relate to his guilt or innocence,” wrote Judge Heidi Schellhas. As more and more defense attorneys--especially in Minnesota--have questioned the reliability and accuracy of CMI’s code, judges have wrestled with the circumstances under which the source code should be disclosed. CMI has resisted releasing the complete, unredacted original source code in electronic form. In April 2009, the Minnesota Supreme Court ruled that, at least in situations where the source code has been proven to be necessary to evaluate the Intoxilyzer’s results, DUI defendants should be able to have access to it. That ruling said that “an analysis of the source code may reveal deficiencies that could challenge the reliability of the Intoxilyzer.” http://news.cnet.com/8301-13578_3-20000421-38.html?tag=newsEditorsPicksArea.0 11th Circuit Eliminates 4th Amend. In E-mail (SlashDot, 16 March 2010) - “Last Thursday, the Eleventh Circuit handed down a Fourth Amendment case, Rehberg v. Paulk, that takes a very narrow view of how the Fourth Amendment applies to e-mail. The Eleventh Circuit held that constitutional protection in stored copies of e-mail held by third parties disappears as soon as any copy of the communication is delivered. Under this new decision, if the government wants get your e-mails, the Fourth Amendment lets the government go to your ISP, wait the seconds it normally takes for the e-mail to be delivered, and then run off copies of your messages.” http://yro.slashdot.org/story/10/03/16/1235227/11th-Circuit-Eliminates-4th-Amend-In-E-mail Social Networking Pitfalls for Judges, Attorneys (New York Law Journal, 17 March 2010) - Social networking online is a remote sensory experience engaging our minds at many levels, and it will take time for us to adapt to this unprecedented way of communicating with one another. Moreover, it imposes a unique burden on the judicial component of our system. Several recent cases illustrate the pitfalls for judges and lawyers who use social networking. Early in 2009, the Advisory Committee on Judicial Ethics issued opinion No. 08-176 prompted by an inquiry from a judge who received an invitation to join a social networking site. This site was aimed at professional networking that would allow sharing business-related information, contacts and, most notably, the ability to “interact with lawyers and litigants.” The committee recognized a host of potential benefits from membership, such as staying in touch with distant family members, former schoolmates and associates. There was nothing “inherently” wrong with joining, since it was comparable to the type of socializing judges already do in person. They keenly divorced the mode of communication from how it was used. The Rules of Judicial Conduct cautioned against the appearance of impropriety and emphasize the need for promoting public confidence in the integrity of the judiciary and maintaining its dignity. The first tocsin for a judge’s online profile is that it is “public” in nature, and the items posted there can raise issues depending on their content and affiliation. Secondly, the profile can serve as a public Rolodex, listing as “friends” attorneys, litigants, experts, or anyone who might participate in the legal system. And it could invite inquiries from the public or litigants about some matter before the court. Overall, it could potentially convey the wrong impression about the extent of the relationships of those “friends.” The committee’s well-thought-out opinion was not intended to be exhaustive. New issues crop up constantly, which is why they encouraged judges to stay on top of developments in social networking features, such as privacy settings. http://www.law.com/jsp/lawtechnologynews/PubArticleFriendlyLTN.jsp?id=1202446299127 Wiring Up The Big Brother Machine… And Fighting It (EFF, 17 March 2010) - Here’s a movie pitch: One lone telecommunications technician, going about his ordinary daily work in San Francisco, begins to realize things aren’t quite what they seem. There’s a “secret room” downstairs, and ordinary employees aren’t allowed to enter it. Coworkers — almost casually! — remark that a government spy agency is involved, that similar facilities are being built across the country, that some of them are stamped with the government’s ominous eye-and-pyramid “Total Information Awareness” logo. Soon, the plot thickens. Mundane technical procedures produce startling revelations. He stumbles on a document that suggests the room contains a supercomputer designed to data-mine phone calls and Internet traffic. And, indeed, he soon realizes that the room is sucking up copies of electronic communications from millions of random Americans. All this in the early 2000s, when “the political atmosphere in the country after 9/11 had a witchhunt feel to it, and even modest criticism of the administration was getting painted as disloyalty or worse.” What happens to our hero when he finally decides to go public? Even though I’d heard Mark Klein’s story before, I’d never considered just how frightening and surreal his experience must have been. His new memoir reads like something out of a kafka-esque sci-fi spy thriller — except that it all really happened right here in the USA, just a few years ago. For instance, when Klein shares his evidence with an eager reporter for the Los Angeles Times, at first he’s told the story will be ground-breaking and “a big front-page spread.” Yet, the story languishes for weeks. Indeed, as ABC’s Nightline revealed much later, both Negroponte and National Security Agency Director Michael Hayden pressured the LA Times to kill the story. And when Klein told his story to CBS’s 60 Minutes, they too eventually killed the story without explanation. http://www.eff.org/deeplinks/2010/03/wiring-big-brother-machine [See the “Looking Back” entry below] DHS To Share Intelligence With Some CIOs (Information Week, 18 March 2010) - Some public- and private-sector CIOs and chief security officers (CSOs) now have access to intelligence about security threats to critical infrastructure from state and local fusion centers through a new Department of Homeland Security (DHS) pilot program. Through the program, underway now, CIOs and CSOs from state and local governments as well as private-sector organizations that partner with the federal government will periodically be allowed to read classified e-mails from fusion centers regarding cyber threats, said Amy Kudwa, a DHS spokeswoman. Fusion centers coordinate counter-terrorist information and data collected by both government agencies and private companies. CIOs and CSOs taking part in the program may also participate in quarterly cybersecurity briefings and discussions via secure video teleconference and/or audio teleconference, and access classified communications channels in the event of a cybersecurity incident, she said. Greg Schaffer, the DHS assistant secretary for Cybersecurity and Communications, first publicly referenced the pilot in his remarks at the RSA Conference in San Francisco earlier this month. The DHS hasn’t decided whether or not the pilot will become an actual program and has set no deadline for making that decision, Kudwa said. The DHS collaborated with the Department of Justice in 2003 to set up fusion centers that coordinate counter-terrorist information and data collected by both government agencies and private companies. According to the DHS, it has invested more than $327 million to fund fusion centers, of which there are now more than 70, between fiscal 2004 and fiscal 2008. http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=224000053&cid=RSSfeed_IWK_News NCAA to Release Datasets (InsideHigherEd, 19 March 2010) - Data on college sports and athletes will be much more accessible than it has been, under an arrangement announced by the National Collegiate Athletic Association and the Inter-university Consortium for Political and Social Research at the University of Michigan. The new Web site will eventually feature longitudinal datasets of team-level graduation rates and Academic Progress Rates, an NCAA-developed score judging teams’ performances in the classroom. In addition, the site will present results from two ongoing NCAA projects, “the Study of College Outcomes and Recent Experiences” (SCORE) and “the Growth, Opportunities, Aspirations and Learning of Students“ (GOALS). Some of these figures are already available from the NCAA but are not readily accessible in an open-source, searchable format. NCAA officials say that “the data-sharing initiative will enhance research directly benefiting student-athletes, colleges and intercollegiate sports, and will broaden the dialogue between NCAA research staff and outside scholars.” http://www.insidehighered.com/news/2010/03/19/qt#222871 Verizon Wireless Enters Online Payment Space (GigaOM, 22 March 2010) - Verizon Wireless has signed an agreement with online payments company Danal that will enable customers to buy digital goods online and have them billed to their Verizon account using just their mobile phone numbers. This puts the nation’s largest wireless provider in similar company as Apple, Amazon and PayPal’s eBay when it comes to offering a payment platform, but with this strategy Verizon is swinging for the fences. Verizon is smart to create an online payment platform that it can offer its 91.2 million wireless subscribers, but getting people to use it will be a challenge. If Verizon can get people accustomed to putting in their phone numbers instead of credit cards while shopping online, then it could own a critical element in building an application and services platform that spans the wired and wireless world. Much like Apple has such a large stake in the mobile application and commerce space today because it has millions of credit cards in iTunes, Verizon could be expanding its own payments information for a similar goal. Verizon’s billing will work when consumers go to a participating web site and choose something to download. When buying the approved game, music or other content, users click on the BilltoMobile button during checkout and enter their mobile numbers and mobile billing zip codes. Then they get a text message on their mobile phones with a one-time code, and once they enter this code into the online checkout window, they’re done. It’s not clear if Verizon will charge folks for this text. No pre-registration or links to credit cards or bank accounts are required, which is good. Also worth nothing is that there is a $25 spending limit on purchases made via this platform, which means parents could let kids use it and control both the content the kids can download and how much they can spend. In fact, since teens have cell phones and not credit cards, such a service might really take off among the younger set. http://gigaom.com/2010/03/22/verizon-wireless-enters-online-payment-space/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+OmMalik+(GigaOM)&utm_content=Google+Reader Confusion Carries the Day in E-Discovery (Law.com, 22 March 2010) - Lawyers and vendors look for ways to create common standards in e-discovery. As the market for electronic discovery software and services continues to grow and mature, making sense of exactly what it is e-discovery vendors are selling is not always easy. “I’ve been hearing from providers for years, ‘look, you don’t understand e-discovery. We’ve got the ultimate solution—those other guys you’ve talked to don’t know what they’re doing,’” says George Socha, an attorney and e-discovery consultant in St. Paul, Minnesota. “Well, they all can’t be right. But there was and is no way to verify a lot of the claims vendors are making.” Lawyers trying to find out the cost to process electronic records for litigation often run into a confusing array of data and terminology that can obscure the issue. Everyday terms such as cull, image, document, and duplicate take on new meanings in e-discovery projects and legal processes like early case assessment, and production varies depending on the discovery query and the data set. And that’s not even considering the variation in local rules in different jurisdictions. The explosion of digital evidence has been extreme, so that e-discovery firms are wrestling with how to prove their capabilities in processing huge volumes of evidence. “Two or three years ago a big job might involve thirty, maybe fifty gigabytes of evidence,” says Jim McGann, vice president of marketing with Index Engines, a New Jersey-based e-discovery software maker. “Now we have to handle terabytes of data in just days, which is such an extreme increase that you can’t pretend the same old hardware and software will do the job.” E-discovery vendors regularly throw around impressive-sounding numbers about the speeds at which their software tools can index and search data, though these numbers often lack context. In practice, e-discovery processing depends on a number of factors, such as the computing platforms data resides on, the types of media it is stored on, and the types of attachments and associated information included in a data set. Unfortunately, there is no simple way to create a common language. The cost of discovery is unique to each project, depending on the number of custodians, the total volume of data, and the types of data included in the collection. Pricing models for e-discovery providers also run the gamut—pricing can be per page, per gigabyte, per hour, or per custodian. “It is impossible to pit one application against the next based on marketing claims alone,” says Craig Ball, an e-discovery consultant and special master in Austin, Texas. “Speed does matter, but the software isn’t often the bottleneck. Until there is one set of benchmarking data available for processing and certain hardware standards put in place for measurement of performance, companies can game the metrics like crazy, and it’s all mostly hokum.” http://www.law.com/jsp/lawtechnologynews/PubArticleLTN.jsp?id=1202446546213&Confusion_Carries_the_Day_in_EDiscovery Court’s Google Search Did Not Violate Evidence Rules, 2nd Circuit Says (New York Law Journal, 23 March 2010) - A judge whose chambers surfed the Internet to survey rain hats available to consumers while evaluating the evidence in a case before him did not violate federal rules, an appellate court has found. Southern District of New York Judge Denny Chin’s use of the Web was merely the electronic equivalent of what a judge in an earlier era would have done: gone to a local department store to confirm in person the “common-sense” belief that a variety of yellow rain hats, like that worn by a bank robber, can be purchased, the 2nd U.S. Circuit Court of Appeals ruled Monday in United States v. Bari, 09-1074-cr. As “broadband speeds increase and Internet search engines improve,” judicial use of computers is only likely to increase, the court said. “As the cost of confirming one’s intuition decreases, we would expect to see more judges doing just that,” the court held. “More generally, with so much information at our fingertips (almost literally), we all likely confirm hunches with a brief visit to our favorite search engine that in the not-so-distant past would have gone unconfirmed.” http://www.law.com/jsp/article.jsp?id=1202446649413&rss=newswire Big Clients Keep Their Head Start (NYT, 23 March 2010) - Wall Street hates a level playing field. What it loves is an edge, an inside track, that extra something — especially when it comes to information that moves markets. So it’s not surprising that big banks would go to court to keep ordinary investors from getting their hands on hot stock research. What is a bit surprising is that the court would actually side with the banks. It’s one of those maddening, ‘can’t a little guy catch a break?’ moments. Here’s what happened: A while ago, a group of banks sued a Web site called theflyonthewall.com to prevent the site from publishing news headlines about their stock upgrades and downgrades. Last week, Judge Denise Cote, of the United States District Court in New York, ruled in favor of the banks. The decision could have big implications for who gets Wall Street’s hottest tips, and when. The banks — Barclays, Bank of America and Morgan Stanley — argued that even publishing a headline about an upgrade or downgrade amounted to stealing intellectual property. As such, their paying customers — which means big-money investors — should get to see this sort of research before everyone else. The ruling came as a shock to many on Wall Street. Judge Cote issued an injunction against theflyonthewall.com that will essentially give Wall Street’s big clients a head start each trading day. The site must wait until 10 a.m. to publish news about research that was issued before the 9:30 a.m. opening bell — giving select investors 30 valuable minutes to act before the rest of the investing public. During the day, the site must delay its headlines by a full two hours. (To be clear, theflyonthewall.com published headlines about the research reports, never the entire reports.) http://www.nytimes.com/2010/03/23/business/23sorkin.html?ref=business [Editor: useful, thorough analysis by Citizen Media Law Project here: http://www.citmedialaw.org/blog/2010/barclays-v-theflyonthewallcom-hot-news-doctrine-alive-and-kicking-will-news-aggregators-be?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+CitizenMediaLawProject+(Citizen+Media+Law+Project)&utm_content=Google+Reader] Get Your Head in the Cloud (ABA Journal, 23 March 2010) - Interest in “cloud computing” is picking up steam among lawyers for several good reasons. Proponents say its advantages center on economy, simplicity and accessibility. Cloud computing—also known as software as a service, or SaaS—is, in essence, a sophisticated form of remote electronic data storage on the Internet. Unlike traditional methods that maintain data on a computer or server at a law office or other place of business, data stored “in the cloud” is kept on large servers located elsewhere and maintained by a vendor. That means the vendor—not the firm—purchases, maintains and updates hardware and software, and the firm generally pays a monthly fee to the vendor for its services. More over, data stored in the cloud can be accessed more easily than information maintained on a local network, as long as there is a handy Internet connection. But some of the advantages of cloud computing also are reasons for lawyers to be cautious about its use. In particular, the fact that client data and work product are stored somewhere outside the direct control of the law firm raises potential ethics concerns about whether the confidentiality and security of the information is adequately protected within the mandates of professional conduct rules for lawyers. Confidentiality issues center on where the data is being stored, how and to where it’s moved, and where it might be moving in the future, says Roland Trope, a partner at Trope and Schramm in New York City who is writing a book on cloud computing. http://www.abajournal.com/magazine/article/get_your_head_in_the_cloud [Editor: more, useful discussion follows – e.g., of Model Rule 1.6] Harvard Launches on iTunes U (Harvard Gazette, 23 March 2010) - Harvard University today launched its own content on iTunes U, a dedicated area within iTunes that allows students, faculty, alumni, and visitors to tap into the University’s wealth of public lectures and educational materials on video and audio. The University’s content features the sights and sounds of Harvard, including educational material such as Professor Michael Sandel’s renowned “Justice” course, which is an introduction to moral and political philosophy, and is one of the most popular courses at Harvard. Visitors also will be able to learn about the science of the brain’s “black box,” the secrets of aging, and other health-related topics from Harvard Medical School’s “labcasts,” and will have the opportunity to view public lectures by many of the University’s distinguished professors and guests. http://news.harvard.edu/gazette/story/2010/03/harvard-launches-on-itunes-u/ Lawyer Warns of Blogging Burden, Even as Top Law Firms Embrace It (ABA Journal, 23 March 2010) - A former law firm blogger has written a cautionary tale for those who would like to follow in his footsteps, even as new data shows nearly half of the large law firms are blogging. Ninety-six of the nation’s top 200 law firms have blogs, a 149 percent increase from August 2007 when only 39 of the top firms had blogs, according to Kevin O’Keefe’s Real Lawyers Have Blogs. These law firms account for 297 blogs, an increase of nearly 300 percent from August 2007, when the top 200 law firms published only 74 blogs, O’Keefe says. The swelling numbers were released at about the same time that a former Jones Day partner warns in an article that blogging demands “Herculean efforts.” Writing in Litigation (PDF), a magazine published by the ABA Section of Litigation, lawyer Mark Herrmann says he figured he had lots of ideas to write about when he launched the Drug and Device Law Blog in October 2006. But after about six weeks, he and a fellow blogger from Dechert had exhausted their initial ideas and themselves. “If you’re thinking of launching a legal blog, have your eyes open,” Herrmann writes. “Once you launch a blog, you will face the relentless, mind-numbing, never-ending task of finding worthwhile material to publish. That burden begins on the day of your first post and ends only the day you call it quits.” Herrmann advises would-be lawyer bloggers to find their niche and find a voice. “Be provocative; be funny; be distinctive,” he writes. “Perhaps most importantly, don’t be staid.” “A blog written by a committee of starched-shirt, bureaucratic lawyers might proclaim: ‘Our firm has the utmost respect for our learned adversaries, whose experience in complex, multi-jurisdictional litigation nearly matches our own.’ We’d write: ‘Those clowns couldn’t spell “FDA” if you spotted ‘em two letters.’ We might not have much institutional gravitas, but we sure as heck have readers.” http://www.abajournal.com/news/article/lawyer_warns_of_blogging_burden_even_as_top_law_firms_embrace_it FAQ on Washington State’s PCI Law (Information Law Group, 24 March 2010) - On March 22, 2010, Washington state became the third state to incorporate the Payment Card Industry Data Security Standard (“PCI”) into law (the other two are Nevada and Minnesota). The Washington House and Senate have passed HB 1149 by substantial margins, and it has now been signed into law by the governor. HB 1149 amends Washington’s breach notice law (and borrows some of its definitions). Similar to Minnesota’s Plastic Card Security Act, HB 1149 provides issuing banks a legal mechanism to collect the costs to reissue payment cards after a payment card security breach. This blogpost summarizes HB 1149 in “FAQ” format and looks at its potential impact. http://www.infolawgroup.com/2010/03/articles/payment-card-breach-laws/faq-on-washington-states-pci-law/ ACTA Draft: No Internet for Copyright Scofflaws (Wired, 24 March 2010) - The United States is nudging the international community to develop protocols to suspend the internet connections of customers caught downloading copyrighted works, according to a leaked draft of the Anti-Counterfeiting Trade Agreement. The United States is leading the 2-year-old, once-secret negotiations over the so-called ACTA accord. The Jan. 18 draft, about 56 pages and labeled “confidential,” just surfaced, and follows a string of earlier, less comprehensive leaks. The leak shows that the treaty, if adopted under the U.S. language, would for the first time on a global scale hold internet service providers responsible when customers download infringing material, unless those ISPs take action by “adopting and reasonably implementing a policy to address the unauthorized storage or transmission of materials protected by copyright or related rights.” The specific ISP policy suggested in a footnote “is providing for the termination in appropriate circumstances of subscriptions and accounts on the service provider’s system or network of repeat infringers.” This so-called “three strikes” or “graduated response” policy, is the holy grail of internet-copyright enforcement, staunchly backed by the Motion Picture Association of America and the Recording Industry Association of America. “This makes it clear that the U.S. has put on the table a mandatory ISP safe-harbor policy,” Michael Geist, an ACTA expert at the University of Ottawa, said in a telephone interview. The leak, courtesy of the French digital rights group La Quadrature du Net, marks the first time the entirety of the ever-changing draft proposal has come to light, and it confirms suspicions that the Obama administration is laundering a U.S. policy change through the treaty negotiations. Under the current U.S. law, the Digital Millennium Copyright Act, internet service providers are responsible for the infringing material hosted on their networks if they fail to remove the content at the rightsholder’s request. http://www.wired.com/threatlevel/2010/03/terminate-copyright-scofflaws/ FTC Investigates Widespread Data Breaches Over P2P Networks (Steptoe & Johnson’s E-Commerce Law Week, 25 March 2010) - The Federal Trade Commission has notified nearly 100 companies and other organizations that sensitive personal data about their customers and employees has been made publicly available over peer-to-peer (P2P) file-sharing networks. This discovery of widespread data breaches also led the FTC to launch a non-public investigation and send Civil Investigative Demand letters to several entities, requiring them to respond to extensive inquiries about their data collection, usage and security practices. This investigation underscores the need to enforce strict policies regarding the use of P2P file-sharing software. It also demonstrates once again the FTC’s prominent role as America’s most aggressive data security enforcer. http://www.steptoe.com/publications-6728.html Hollywood Wins Another Lawsuit Against a Search Engine (LA Times, 29 March 2010) - Chalk up another legal victory for the Motion Picture Assn. of America in its battle against websites that make it easier for people to find and download bootlegged Hollywood movies. Monday, a judge in London’s High Court of Justice ruled that Newzbin—a site that indexed files posted to Usenet newsgroups—had violated the studios’ copyrights by helping members who paid a monthly fee stitch together complete movie files from the hundreds of segments posted to Usenet binaries. In fact, the judge’s ruling went to an unusual extent in finding that the defendant not only encouraged users to infringe, but actually authorized the illegal activity and made bootlegs available to its members. And while the court stopped short of banning the technology used by Newzbin, it appears poised to require the company to filter its search results to exclude the studios’ movies. Like the Torrent search sites that the MPAA has sued, Newzbin claimed it was simply doing for Usenet what Google has done for the Web. But it struck some of the most telling blows against that argument itself, submitting evidence that Justice David Kitchin dismissed as fake. Newzbin doesn’t host anything; instead, it creates various indexes to the files stored on Usenet servers. These include indexes devoted to specific categories of material, such as music and movies, and subcategories, such as “cam,” “screener” and “Blu-ray.” For customers who pay a monthly fee (“premium members”), Newzbin’s software will create a downloadable bit of code that can be used to retrieve all the various pieces of a file available on Usenet. http://latimesblogs.latimes.com/technology/2010/03/hollywood-wins-another-lawsuit-against-an-online-search-engine.html [Editor: infringement-by-Usenet has been a troubling potential for nearly 2 decades! Corporations that maintain their own usenet servers long have worried about this.] Blocking NLRA Protected Activities In the Workplace Via Email (Media Law Prof Blog, 29 March 2010) - A newspaper company creates a workplace communications systems policy that prohibits use of its e-mail for non-job-related or outside solicitations and then disciplines an employee who sends several union-related e-mails to employees. The employer permits other personal uses of its e-mail system. In the last day of then Chairman Battista’s tenure at the National Labor Relations Board, a deeply divided Board ruled the employer has a right to regulate and restrict the use of its property. The dissent, authored by now Chairman Wilma Liebman, compared the majority’s perspective and the agency itself to ‘Rip Van Winkle’ because it overlooked the transforming effect of e-mail on the workplace. The United States Court of Appeals for the District of Columbia Circuit overturned the Board’s decision finding that the Register-Guard unlawfully disciplined a union steward for her e-mails when the newspaper discriminatorily enforced its no-solicitation rule. The article suggests how the NLRB should handle the Register-Guard case upon remand. The Board’s decision on employer e-mail policies affects the parameters of NLRA section 7 rights for all private sector employees, not just those represented by unions. This article assesses the legality of workplace communication systems policies that permit non-business uses of communications systems yet prohibit concerted activity and/or union-related communications. [88 Oregon Law Review 195 (2009); paper online at SSRN] http://lawprofessors.typepad.com/media_law_prof_blog/2010/03/blocking-nlra-protected-activities-in-the-workplace-via-email.html Policy Makers, Businesses Debate Role of Washington in Cloud Computing (Washington Post, 29 March 2010) - Behind Facebook, Gmail and the Bing search engine is a multibillion-dollar shift in technology that users don’t see and Washington doesn’t quite know how to handle. That trend is called cloud computing: the hosting of data on remote servers that can be tapped from any computer connected to the Web. And the policy implications of cloud computing was the subject of debate last night at a roundtable dinner discussion at the Aspen Institute, hosted by Microsoft. Microsoft has emerged as a proponent of some rules of the road for the largely Wild West that cloud computing companies such as Google, Yahoo and Amazon operate. Yes, that’s right – the company wants more rules. Microsoft has called on Congress to update the Electronic Communications Privacy Act to clearly apply to protections on the Web. And it wants stronger rules against cyber attacks by reforming the Computer Fraud and Abuse Act. Like so many parts of the Web, cloud computing doesn’t fit neatly under regulatory oversight of any one agency. Check out Verizon and AT&T’s call for Congress to rethink the way federal regulators oversee Internet service providers, applications, cloud computing and device makers. Former FCC Chairman Michael Powell wouldn’t offer an opinion on Verizon’s call to restructure Internet oversight. But he said during a visit to The Post Thursday that regulators at the Federal Communications Commission and other agencies are often trying to “fit square pegs into circles” as they apply old rules for phones and other technologies to the fast -moving high-tech and Web industries. http://voices.washingtonpost.com/posttech/2010/03/what.html Top Execs Need to be Involved in Cybersecurity, Study Says (ComputerWorld, 31 March 2010) - Organizations with top executives who aren’t involved in cybersecurity decisions face a serious problem—a major hit to their bottom lines, according to a report released Wednesday. “Many organizations see cybersecurity as solely an IT problem,” said Karen Hughes, director of homeland security standards programs at the American National Standards Institute (ANSI), one of the major sponsors of the new report. “We are directing a wake-up call to executives nationwide. The message is, this is a very serious issue, and it’s costing you a lot of money.” The report, called “The Financial Management of Cyber Risk,” recommends how C-level executives can implement cybersecurity risk management programs at their companies. Part of the goal is to get executives such as chief financial officers directly involved in cybersecurity efforts, said Larry Clinton, president of the Internet Security Alliance (ISA), the other major sponsor of the report. The report cites a cyberpolicy review released by President Barack Obama’s administration last May saying that U.S. businesses lost $1 trillion worth of intellectual property to cyberattacks between 2008 and 2009. That number doesn’t include losses due to theft of personal information and loss of customers, the report said. The total cost of a typical breach of 10,000 personal records held by an organization would be about $2 million, the report said. “We believe if we can educate American organizations about how much they’re actually losing, we can move to the next step, which is solving the problem,” Clinton said. Eighty to 90% of cybersecurity problems can be avoided by a combination of best practices, standards and security technology, but some organizations need to understand the financial problems associated with poor security practices before they will make changes, Clinton said. http://www.computerworld.com/s/article/9174548/Top_execs_need_to_be_involved_in_cybersecurity_study_says Privilege Trumps Company E-Mail Surveillance (Law.com, 1 April 2010) - The New Jersey Supreme Court on Tuesday gave workers in New Jersey an assurance of privacy in using workplace computers to talk with their lawyers, ruling a company’s e-mail-monitoring policy yields to the attorney-client privilege. Chief Justice Stuart Rabner, writing for the unanimous court in Stengart v. Loving Care Agency Inc., A-16-09, said a plaintiff in an employment discrimination suit against her employer had a reasonable expectation that e-mails to and from her attorney on her personal Yahoo account would be private, although transmitted via a company-owned laptop. While finding the employer’s policy ambiguous in its reach, Rabner said that “even a more clearly written company manual—that is, a policy that banned all personal computer use and provided unambiguous notice that an employer could retrieve and read an employee’s attorney-client communications, if accessed on a personal, password-protected e-mail account using the company’s computer system—would not be enforceable.” The court also found that the company’s lawyers at Sills Cummis & Gross in Newark violated Rule of Professional Conduct 4.4(b) by not immediately returning the e-mails without reading them, but did not do so in bad faith. The Appellate Division reversed the ruling on the privilege issue, saying, “we reject the employer’s claimed right to rummage through and retain the employee’s e-mails to her attorney” because “the policies undergirding the attorney-client privilege substantially outweigh the employer’s interest in enforcement of its unilaterally imposed regulation.” Rabner agreed. “The venerable privilege is enshrined in history and practice,” he wrote. “Our system strives to keep private the very type of conversations that took place here in order to foster probing and honest exchanges.” Rabner also cited Formal Opinion 413 of the American Bar Association’s Committee on Ethics and Professional Responsibility, which says “lawyers have a reasonable expectation of privacy when communicating by e-mail maintained by an [online service provider].” The court declined to endorse any policy that would allow companies to bar all use of personal, password-protected e-mail accounts on their computers. “We recognize that a zero-tolerance policy can be unworkable and unwelcome in today’s dynamic and mobile workforce and do not seek to encourage that approach in any way,” Rabner said. A company may monitor an employee’s use of a company-owned computer in order to protect its assets, reputation, and productivity, and could even discipline or fire an employee who was using his or her company computer to engage in lengthy conversations with an attorney, said Rabner. “But employers have no need to read the specific contents of personal, privileged, attorney-client communications in order to enforce corporate policy.” http://www.law.com/jsp/article.jsp?id=1202447264728&rss=newswire 2nd Circuit Rejects Claim EBay Violated Tiffany’s Trademark (New York Law Journal, 2 April 2010) - Rebuffed on its claim that the online auction site eBay had violated its trademark, Tiffany & Co. said Thursday it was considering taking its case to the U.S. Supreme Court. The 2nd U.S. Circuit Court of Appeals affirmed in Tiffany Inc. v. eBay Inc., 08-3947-cv, a lower court ruling finding that eBay could not be sued for trademark infringement for including on its Web site knockoffs of Tiffany’s luxury jewelry as long as eBay takes steps to remove them and is not willfully blind to their presence. Second Circuit Judge Robert Sack, writing for a unanimous three-judge panel in a closely-watched case, said that the record suggests that “private market forces give eBay and those operating similar businesses a strong incentive to minimize the counterfeit goods on its Web site.” Tiffany was not appeased by the circuit’s decision to remand to Southern District Judge Richard Sullivan for reconsideration a separate claim for false advertising. The litigation stemmed from widespread sales of counterfeit Tiffany goods through eBay, which earned over $4 million between 2000 and 2004 from completed transactions on Tiffany items it had listed. Tiffany sued in 2004, claiming that the sale of knockoffs constituted direct and contributory trademark infringement, trademark dilution and false advertising. Sullivan dismissed the case in July 2008, following a bench trial. He summarily rejected Tiffany’s claim of direct trademark infringement, calling the use of the Tiffany name in online ads to drive sales a “protected, nominative fair use of the marks.” He also credited eBay’s efforts to combat fraud, including spending up to $20 million annually to reimburse buyers who were duped into buying fakes, adding a “fraud engine” that ferreted out suspicious listings and suspending sellers from listing items. And, the lower court concluded, there was no contributory infringement either. http://www.law.com/jsp/article.jsp?id=1202447367856&rss=newswire RESOURCES “Communications and the Internet: Facebook, E-Mail, and Beyond.” (Prof. David Hricik) - Ethical issues arise with the use of communicating over the Internet, whether by e-mail, social networking sites, or linking and commenting through static web pages. This article addresses all these issues. SSRN: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1557033 Copyright for Librarians (Berkman Center, 24 March 2010) - Copyright for Librarians is a joint project of the Berkman Center for Internet & Society and Electronic Information for Libraries (eIFL), a consortium of libraries from 50 countries in Africa, Asia and Europe. The goal of the project is to provide librarians in developing and transitional countries information concerning copyright law. More specifically, it aspires to inform librarians concerning: • copyright law in general • the aspects of copyright law that most affect libraries • how librarians in the future could most effectively participate in the processes by which copyright law is interpreted and shaped. The course materials can be used in three different ways. First, they can provide the basis for a self-taught course. A librarian can read the modules in sequence or focus on the modules that address issues that interest him or her. Second, the course materials can be used in a traditional classroom-based course. In such a setting, the instructor will determine the pace at which the materials are read and will select topics for discussion. The instructor may find useful the Assignments we have included in the modules, but will likely pose additional questions as well. Third and finally, the materials can be used in a distance-learning course. An instructor will guide the inquiry, but the librarians taking the course will participate remotely through their computers. To assist the instructors in such settings, we have included a discussion tool, originally developed at the Berkman Center, known as the Rotisserie. A manual explaining to instructors how they might use the Rotisserie is available here. Instructions explaining to students how to sign up for and use the Rotisserie are available here. This system can be used to facilitate conversations among the students concerning the Assignments we have included in each module. Alternatively, an instructor could identify different questions for discussion. http://cyber.law.harvard.edu/copyrightforlibrarians/Main_Page DIFFERENT A Father-Daughter Bond, Page by Page (New York Times, 21 March 2010) – When Jim Brozina’s older daughter, Kathy, was in fourth grade, he was reading Beverly Cleary’s “Dear Mr. Henshaw” to her at bedtime, when she announced she’d had enough. “She said, ‘Dad, that’s it, I’ll take over from here,’ “ Mr. Brozina recalled. “I was, ‘Oh no.’ I didn’t want to stop. We really never got back to reading together after that.” Mr. Brozina, a single father and an elementary school librarian who reads aloud for a living, did not want the same thing to happen with his younger daughter, Kristen. So when she hit fourth grade, he proposed The Streak: to see if they could read together for 100 straight bedtimes without missing once. They were both big fans of L. Frank Baum’s Oz books, and on Nov. 11, 1997, started The Streak with “The Tin Woodman of Oz.” When The Streak reached 100, they celebrated with a pancake breakfast, and Kristen whispered, “I think we should try for 1,000 nights.” Mr. Brozina was delighted, but what he was thinking was, a thousand nights?! “I thought, we’ll never do it,” he recalled. “And then we got to 1,000, and we said, ‘How can we stop?’ “ For 3,218 nights (and some mornings, if Mr. Brozina was coming home too late to read), The Streak went on. http://www.nytimes.com/2010/03/21/fashion/21GenB.html?sq=brozina&st=cse&scp=1&pagewanted=all LOOKING BACK - MIRLN TEN YEARS AGO NSA DENIES BEING INFO VACUUM CLEANER The head of the National Security Agency (NSA), the secretive agency that has been accused by some civil liberties groups and some foreign countries of using a satellite communications system code-named “Echelon” to spy on huge numbers of private phone calls, e-mail messages, and faxes, says that all such accusations are unfounded. In an appearance before a House subcommittee NSA director Lt. Gen. Michael Hayden testified: “There is a rich body of oversight that ensures that we stay within the law. Can you imagine the capacity that would be required if we in any way approached the allegations we’re sweeping up everything in the universe? This ability to vacuum up—that’s badly misstated in the popular press. We don’t have that capability and we don’t want that capability. For both legal and operational reasons there is a requirement that we focus on the highest priority foreign intelligence targets that we have.” (Reuters/San Jose Mercury News 12 Apr 2000) http://www.sjmercury.com/svtech/news/breaking/internet/docs/420275l.htm MIRLN 2010-04-02T20:46:01-07:00 http://knowconnect.com/mirln/article/mirln_21_february_13_march_v1304/ http://knowconnect.com/mirln/article/mirln_21_february_13_march_v1304/#When:22:36:00Z (supplemented by related Tweets: http://twitter.com/vpolley) • Many HIPAA Changes Under The HITECH Act Now Effective • Heartland Posts 4Q Loss on Settlement Costs • Widespread Data Breaches Uncovered by FTC Probe • Student Files Petition To Preserve Evidence In Webcam Spying Case o Remotely Spying on Kids with School Laptops • Thousands of Authors Opt Out of Google Book Settlement • Rootkits Work Nicely on Smartphones, Thank You • Social Media Trends at Fortune 100 Companies • Judge Dismisses Defamation Lawsuit Brought Against Boing Boing By Co. Targeting Ads Based on Phone Numbers • ‘Pension Committee’ Clarifies E-Discovery Requirements • Google to Appeal Italian Court Ruling • Step 1 for Legal Holds: Trigger Events • Avatar Rape • New U.S. Military Policy Opens Up Social Media to the Troops • Social Networks Play a Major Part in How We Get News • German Court Overturns Law on Phone, E-Mail Data • Dancing Tot Prevails Over UMG in YouTube Fair Use Case o Viacom: “Fair Use Works For Us,” Unlikely To Sue Bloggers • Trial Judges Impose Penalties for Social Media in the Courtroom • Why We Tweaked Our Copyright Notice • RealNetworks Deal to Discontinue DVD-Copying Software Includes $4.5 Million for Studios’ Legal Tab • FDIC: Hackers Took More Than $120m in Three Months • U.S. Hopes Exports Will Help Open Closed Societies • Law Firms Slow to Awaken to Cybersecurity Threat • European Parliament Rips Global IP Accord • Bad Employee! 12% Knowingly Violate Company IT Policies • 20 Ways to Link Dispersed Legal Departments • HHS Publishes List of Entities Reporting Health Information Breaches • Why Social Media Policies Don’t Work • Instant Ads Set the Pace on the Web NEWS | PODCASTS | RESOURCES | LOOKING BACK | NOTES Many HIPAA Changes Under The HITECH Act Now Effective (McGuire Woods, 18 Feb 2010) - Having reached the one year anniversary of the HITECH Act, enacted as part of the American Recovery and Reinvestment Act of 2009, many changes to the HIPAA Privacy and Security Rules are now effective. Unfortunately, since the Department of Health and Human Services has not yet issued guidance with respect to most of these changes, Covered Entities and Business Associates must begin good faith compliance based solely on the language of the HITECH Act. Below are some highlights. http://www.mcguirewoods.com/news-resources/item.asp?item=4555 Heartland Posts 4Q Loss on Settlement Costs (Business Week, 18 Feb 2010) - Heartland Payment Systems Inc. on Thursday posted a fourth-quarter loss and missed Wall Street expectations as it booked charges to settle claims over a data breach. The company, which processes credits card payments, also declared a quarterly dividend of 1 cent per share payable March 15 to shareholders of record on March 5. For the three months ending Dec. 31, the company said it lost $9.6 million, or 26 cents per share. That compared to a profit of $8 million, or 21 cents per share, in the year-ago period. The results included charges of $23.7 million related to settlement offers over a data breach in late 2008. The money went to Visa credit and debit card issuers to cover losses incurred after hackers installed spying software on Heartland’s computer network. Excluding one-time charges, the company earned 16 cents per share for the quarter. On that basis, analysts polled by Thomson Reuters expected a profit of 20 cents per share. http://www.businessweek.com/ap/financialnews/D9DUOVM80.htm Widespread Data Breaches Uncovered by FTC Probe (FTC, 22 Feb 2010) - The Federal Trade Commission has notified almost 100 organizations that personal information, including sensitive data about customers and/or employees, has been shared from the organizations’ computer networks and is available on peer-to-peer (P2P) file-sharing networks to any users of those networks, who could use it to commit identity theft or fraud. The agency also has opened non-public investigations of other companies whose customer or employee information has been exposed on P2P networks. To help businesses manage the security risks presented by file-sharing software, the FTC is releasing new education materials that present the risks and recommend ways to manage them. http://ftc.gov/opa/2010/02/p2palert.shtm Student Files Petition To Preserve Evidence In Webcam Spying Case (SiliconValley.com, 22 Feb 2010) - A student who has accused his suburban Philadelphia school district in a lawsuit of spying on him and other students via their school-issued webcams will ask district officials not to remove any potential evidence from student computers, his lawyer said Monday. Lawyers for the Lower Merion School District are due in federal court on the issue Monday afternoon, on an emergency petition from student Blake Robbins of Penn Valley. Lower Merion officials confirmed last week they had activated the webcams to try to find 42 missing laptops, without the knowledge or permission of students and their families. Both the FBI and local authorities are investigating whether the district broke any wiretap, computer-use or other laws. The American Civil Liberties Union filed a brief in support of the student Monday, arguing that the photo amounts to an illegal search. http://www.siliconvalley.com/latest-headlines/ci_14449371 - and - Remotely Spying on Kids with School Laptops (Schneier, 24 Feb 2010) - It’s a really creepy story. A school issues laptops to students, and then remotely and surreptitiously turns on the camera. (Here’s the lawsuit.) This is an excellent technical investigation of what actually happened. This investigation into the remote spying allegedly being conducted against students at Lower Merion represents an attempt to find proof of spying and a look into the toolchain used to accomplish spying. Taking a look at the LMSD Staff List, Mike Perbix is listed as a Network Tech at LMSD. Mr. Perbix has a large online web forum footprint as well as a personal blog, and a lot of his posts, attributed to his role at Lower Merion, provide insight into the tools, methods, and capabilities deployed against students at LMSD. Of the three network techs employed at LMSD, Mr. Perbix appears to have been the mastermind behind a massive, highly effective digital panopticon. http://www.schneier.com/blog/archives/2010/02/remotely_spying.html [Editor: Schneier’s posting is comprehensive. If the stated facts are true, this is a ground-breaking invasion, and (if understood widely enough) a reasonable ground for US Congressional action.] Thousands of Authors Opt Out of Google Book Settlement (The Guardian, 23 Feb 2010) - Former children’s laureates Quentin Blake, Anne Fine and Jacqueline Wilson, bestselling authors Jeffrey Archer and Louis de Bernières and critical favourites Thomas Pynchon, Zadie Smith and Jeanette Winterson have all opted out of the controversial Google book settlement, court documents have revealed. Authors who did not wish their books to be part of Google’s revised settlement needed to opt out before 28 January, in advance of last week’s ruling from Judge Denny Chin over whether to allow Google to go ahead with its divisive plans to digitise millions of books. The judge ended up delaying his ruling, after receiving more than 500 written submissions, but court documents related to the case show that more than 6,500 authors, publishers and literary agents have opted out of the settlement. As well as the authors named above, these include the estates of Rudyard Kipling, TH White, James Herriot, Nevil Shute and Roald Dahl, Man Booker prizewinners Graham Swift and Keri Hulme, poets Pam Ayres, Christopher Middleton, Gillian Spraggs and Nick Laird, novelists Bret Easton Ellis, James Frey, Monica Ali, Michael Chabon, Philip Hensher and Patrick Gale, historian Simon Sebag Montefiore, biographer Victoria Glendinning and bestselling author of the Northern Lights trilogy Philip Pullman. Ursula K Le Guin, who gained significant author support for her petition calling for “the principle of copyright, which is directly threatened by the settlement, [to] be honoured and upheld in the United States”, also opted out. http://www.guardian.co.uk/books/2010/feb/23/authors-opt-out-google-book-settlement Rootkits Work Nicely on Smartphones, Thank You (Dark Reading, 23 Feb 2010) - Computer scientists at Rutgers University this week are demonstrating ways that rootkits can attack new generations of smart mobile phones. The researchers, who are presenting their findings at a mobile computing workshop in Maryland, are showing how a rootkit could cause a smartphone to eavesdrop on a meeting, track its owner’s travels, or rapidly drain its battery to render the phone useless—all without the user’s knowledge. Rootkit attacks on smartphones—or upcoming tablet computers—could be more devastating because smartphone owners tend to carry their phones with them all of the time, the researchers say. This creates opportunities for potential attackers to eavesdrop, extract personal information from phone directories, or just pinpoint a user’s whereabouts by querying the phone’s GPS receiver. Smartphones also have new ways for malware to enter the system, such as through a Bluetooth radio channel or via text message. http://www.darkreading.com/vulnerability_management/security/client/showArticle.jhtml?articleID=223100433 Social Media Trends at Fortune 100 Companies (Mashable, 23 Feb 2010) - PR firm Burson-Marsteller studied the 100 largest companies in the Fortune 500 list and found that 79% of then use Twitter, Facebook, YouTube or corporate blogs to communicate with customers and other stakeholders. The firm broke its findings down by region (North America, Europe, Asia-Pacific and Latin America) and network. Twitter is the most popular platform that the companies use; two-thirds of the Fortune 100 have at least one Twitter account. Actually, they have an average of 4.2 Twitter accounts. Fifty-four percent have at least one Facebook fan page, 50% have at least one YouTube channel, and 33% have at least one corporate blog. Twenty percent of the companies use all four social media platforms. Social networks like Twitter and Facebook are mostly West-oriented; Asia-Pacific companies don’t use them as much, instead preferring corporate blogs. When they do use Twitter or Facebook, it’s usually to engage consumers in Europe and North America. There are a bunch of other interesting stats in the study — including proof that consumers actually do like to engage with companies via social media, making all those channels worthwhile. We’ve embedded Burson-Marsteller’s presentation below. http://mashable.com/2010/02/23/fortune-100-social-media/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Mashable+(Mashable)&utm_content=Google+Reader Judge Dismisses Defamation Lawsuit Brought Against Boing Boing By Co. Targeting Ads Based on Phone Numbers (Online Media Daily, 23 Feb 2010) - In a victory for Web publisher Boing Boing, a judge in California has dismissed a defamation lawsuit brought by Magic Jack, a company that offers a USB dongle for Voice over Internet Protocol service. Marin County Superior Court Judge Verna Adams ruled that Magic Jack’s complaint—about a Boing Boing item that accused Magic Jack of being a “snoop” because it planned to serve ads based on phone numbers users called—was barred by California’s broad anti-SLAPP (strategic lawsuits against public participation) statute. That law provides for a quick dismissal of lawsuits that are aimed at squelching debate about matters of public interest. http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=123039 ‘Pension Committee’ Clarifies E-Discovery Requirements (Law.com, 23 Feb 2010) - In a bombshell opinion and order issued just weeks ago by U.S. Southern District of New York Judge Shira A. Scheindlin, litigants and lawyers have been admonished (again) about their discovery obligations, particularly, to preserve, collect and produce electronic documents, records and data in their possession, custody, or control. Scheindlin, one of the foremost experts on the law of electronic discovery, was the author of the Zubulake line of decisions that many say ushered in a new era of robust electronic discovery. Now, her new blockbuster is the Pension Committee decision,[FOOTNOTE 1] which carries the picturesque title, “‘Zubulake’ Revisited: Six Years Later.” Pension Committee promises to be a guide and oft-cited framework for complying with electronic discovery requirements. Since the new decision copiously analyzes a series of discovery failures that led to sanctions against numerous plaintiff-companies, it is a practical roadmap on how real people and real attorneys may be confronted by real challenges regarding compliance only to wind up making judgments that come back to haunt them. Pension Committee also is a kind of “how-to” manual setting forth key principles relating to issuing, monitoring, and enforcing litigation holds, discharging preservation and search techniques, and documenting appropriate behind-the-scenes conduct so that the responding party can withstand accusations of insufficient disclosure by the adversary. Then, too, there is advice regarding sanctions, what needs to be proved and by whom, the criteria of “relevance” and “prejudice,” the legal behavior standards of negligence, gross negligence and willfulness, available remedies and, even, the text of an actual spoliation instruction. http://www.law.com/jsp/article.jsp?id=1202444109380&rss=newswire Google to Appeal Italian Court Ruling (The Telegraph, 24 Feb 2010) - The trial centred on footage posted on Google Video that showed a Down’s syndrome teenager being bullied by four other boys at a school in Turin. The footage was uploaded to the site in September 2006, and remained online for two months before being removed following complaints from web users. Prosecutors in Milan brought the case after being contacted by a charity, Viva Down. The court argued that the boy’s privacy had been violated and that Google should have removed the footage quicker than it did. Three Google employees – David Drummond, Peter Fleischer and George Reyes, who has since left the company – were found guilty of failing to apply with the Italian privacy code, and were given six-month suspended sentences. But Google said the ruling was “ludicrous”, and pledged to appeal against a “chilling decision” that had potentially far-reaching implications for scores of websites. http://www.telegraph.co.uk/technology/google/7307442/Google-to-appeal-Italian-court-ruling.html Step 1 for Legal Holds: Trigger Events (Law.com, 24 Feb 2010) - This series of articles provides an overview of the steps necessary to implement a legally defensible, written litigation hold and are based on the “Seven Steps for Legal Holds of ESI and Other Documents” (ARMA International 2009). The seven steps for legal holds are designed to help organizations tackle the seemingly daunting task of implementing written litigation holds. Although this series was conceived months ago, written litigation holds are now more important than ever in light of U.S. District Court Judge Shira Scheindlin’s Opinion and Order in The Pension Committee v. Banc of America, Case No. 05-cv-9016 (SDNY Jan. 11, 2010, as amended Jan. 15, 2010). Her introduction is a fitting opening to the series: In an era where vast amounts of electronic information is available for review, discovery in certain cases has become increasingly complex and expensive. Courts cannot and do not expect that any party can meet a standard of perfection. Nonetheless, the courts have a right to expect that litigants and counsel will take the necessary steps to ensure that relevant records are preserved when litigation is reasonably anticipated, and that such records are collected, reviewed, and produced to the opposing party. As discussed six years ago in the Zubulake opinions, when this does not happen, the integrity of the judicial process is harmed and the courts are required to fashion a remedy. http://www.law.com/jsp/article.jsp?id=1202444383053&rss=newswire [Step 2 “Analyze the Trigger Event”: http://www.law.com/jsp/article.jsp?id=1202444485889&rss=newswire; Step 3 “Define the Scope”: http://www.law.com/jsp/article.jsp?id=1202444602884&rss=newswire; Step 4 “Implementation”: http://www.law.com/jsp/article.jsp?id=1202444715730&rss=newswire; Step 5 “Enforcement”: http://www.law.com/jsp/article.jsp?id=1202444943804&rss=newswire; Step 6 “Modification”: http://www.law.com/jsp/article.jsp?id=1202445338949&rss=newswire; Step 7 “Monitor and Remove”: ]http://www.law.com/jsp/article.jsp?id=1202445425984&rss=newswire] Avatar Rape (InsideHigherEd, 25 Feb 2010) - Avatar harassment and sexual assault remain controversial issues because institutions hosting virtual worlds are not accustomed to dealing with — or even discussing — digital forms of these distressing behaviors. Harassment and assault are frequent infractions in virtual environs, including those frequented by students and professors. London journalist Tim Guest, author of Second Lives: a Journey Through Virtual Worlds, estimated that “about 6.5 percent of logged-in residents” have filed one or more abuse reports in Second Life. By the end of 2006, he writes, Linden Lab, creator of Second Life, “was receiving close to 2,000 abuse reports a day.” Current statistics are unavailable. But you can monitor the types of offenses and where they occurred in Second Life by accessing its community incident report chronicling the 25 most recent infractions and resulting penalties. On Dec. 28, 2009, five of the 25 infractions concerned “indecency: broadly offensive content or conduct”; three, sexual harassment; and two, intolerance. Most penalties included warnings with four one-day suspensions and one three-day suspension. (In fairness, Linden Lab has tried to crack down on these community infractions, hosting guides such as this to inform users about abuse and how to file reports about repeat offenders.) Educational institutions with a presence in or that introduced students to virtual worlds might want to analyze the phenomenon of avatar rape, which presents a unique challenge to traditional jurisprudence. Rape is assumed to be both physical and geographical, as in a crime scene. Both dimensions are missing on the Web. Nevertheless, avatars are symbols of the self. As such, it behooves us to investigate: • How avatar rape happens in virtual worlds. • What concepts and theories apply when the act is neither physical nor geographical. • Why the discussion is even necessary. http://www.insidehighered.com/views/2010/02/25/bugeja New U.S. Military Policy Opens Up Social Media to the Troops (Mashable, 26 Feb 2010) - A new policy released today by the Pentagon has reversed multiple bans on social media websites and tools, effective immediately. This policy includes YouTube, Facebook, MySpace, Twitter, Google Apps, and other social tools. Certain branches of the military, such as the U.S. Marines, ban the use of social media because they are a “proven haven for malicious actors and content and are particularly high risk due to information exposure.” Today’s decision, handed down by the Office of Deputy Secretary of Defense William Lynn, will reverse that ban and others, such as the one the U.S. Army has had on YouTube since 2007. The new policy is far reaching, but as NYT’s At War Blog points out, it isn’t without caveats. The change only affects the military’s non-classified Internet network, known as NIPRNET. It also gives commanders at all levels leeway in temporarily banning specific social tools. In other words, you can expect some commanders to reinstate some of these bans for security reasons. http://mashable.com/2010/02/26/military-social-media/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Mashable+(Mashable)&utm_content=Google+Reader Social Networks Play a Major Part in How We Get News (Mashable, 1 March 2010) - The latest study from Pew Internet analyzes the news consumers in America and various different ways of finding news. Based on a sample of 2,259 adults, the study reveals that three fourths of the people (75%) who find news online get it either forwarded through email or posts on social networking sites, and half of them (52%) forward the news through those means. However, the study also shows that very few people nowadays (7%) are getting information from a single media platform. In fact, nearly half of Americans (46%) claim they get news from four to six media platforms on a typical day. And while TV is still the biggest source of news (78% of Americans say they get news from a local TV station), Internet sits on second place (61% of users get news online), ahead of radio and newspapers. Interestingly enough, relatively few people – only 17 percent – claim they read news in a national newspaper such as the New York Times or USA Today. http://mashable.com/2010/03/01/social-networks-source-news/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Mashable+(Mashable)&utm_content=Google+Reader German Court Overturns Law on Phone, E-Mail Data (AP, 2 March 2010) - Germany’s highest court on Tuesday overturned a law that let anti-terror authorities retain data on telephone calls and e-mails, saying it posed a “grave intrusion” to personal privacy rights and must be revised. The court ruling was the latest to sharply criticize a major initiative by Chancellor Angela Merkel’s government and one of the strongest steps yet defending citizen rights from post-Sept. 11 terror-fighting measures. The ruling comes amid a European-wide attempt to set limits on the digital sphere, that includes disputes with Google Inc. over photographing citizens for its Street View maps. The Karlsruhe-based Federal Constitutional Court ruled that the law violated Germans’ constitutional right to private correspondence and failed to balance privacy rights against the need to provide security. It did not, however, rule out data retention in principle. The law had ordered that all data — except content — from phone calls and e-mail exchanges be retained for six months for possible use by criminal authorities, who could probe who contacted whom, from where and for how long. http://news.yahoo.com/s/ap/20100302/ap_on_hi_te/eu_germany_data_retention Dancing Tot Prevails Over UMG in YouTube Fair Use Case (ArsTechnica, 2 March 2010) - The mother of a dancing toddler is dancing after winning a closely watched copyright case. US District Judge Jeremy Fogel granted partial summary judgment to Stephanie Lenz last week in her battle against Universal Music Group, putting a halt to Universal’s attempts to paint Lenz as having “bad faith” and “unclean hands” in her lawsuit. As a result, the doors have been opened for Lenz to collect attorneys’ fees in her case, though other damages aren’t likely to come Lenz’s way. Universal, the world’s largest music label, had sent a takedown notice to YouTube in 2007 over a video clip of Lenz’s child bouncing to Prince’s “Let’s Go Crazy.” Watching the (now re-uploaded) clip, it’s clear that the music is merely blasting in the background while the video was being recorded and, in some places, the song is barely even recognizable. The initial takedown appears to have been the typical DMCA notice that the labels fire off when they detect a video they believe is infringing, but Lenz pushed back with the help of the Electronic Frontier Foundation. The EFF and Lenz filed a lawsuit against Universal, arguing that the video was “self-evident noninfringing fair use” and the DMCA takedown was bogus. Universal shot back by saying that even if the clip constituted fair use, it was still infringing and therefore the takedown notice was made in good faith. That’s right: Universal said that it was possible for a clip of the music to be used legally (according to US Copyright Law) while also being infringing at the same time, simply because the song itself was copyrighted and owned by Universal. Universal lobbed numerous arguments at Lenz and the EFF over the next two-and-a-half years. Some of these included a strange argument that the DMCA notice in question was not technically a DMCA notice and therefore could not be litigated as one (Judge Fogel flatly rejected this claim), that it was unreasonable to expect Universal to consider fair use before sending takedown notices (also rejected), and that the EFF itself was more interested in “attention-grabbing press releases” that further its own “philosophical objections” than it was in filing legitimate lawsuits. On top of that, Universal made numerous affirmative defenses for its actions by telling the court that Lenz acted in bad faith when uploading the video to YouTube because usage of the site does not constitute “private viewing,” and that her First Amendment rights were not harmed enough to warrant monetary damages. The label also said Lenz had “unclean hands” for making supposedly false allegations in her lawsuit (though Lenz shot back that Universal should seek sanctions against her if it believes she engaged in misconduct). In his ruling last week, Judge Fogel analyzed the arguments over damages, but eventually granted Lenz’ motions for partial summary judgment. The decision will allow Lenz to recover attorneys’ fees from her initial case against the bogus takedown, but not necessarily other damages that may have been incurred while fighting Universal. (In order to win further damages, Lenz would have had to prove that Universal knowingly sent the notice in bad faith.) http://arstechnica.com/tech-policy/news/2010/03/dancing-tot-prevails-over-umg-in-youtube-fair-use-case.ars - and - Viacom: “Fair Use Works For Us,” Unlikely To Sue Bloggers (ArsTechnica, 11 March 2010) - Viacom is unlikely to sue bloggers for posting their own clips of The Daily Show or The Colbert Report, contrary to reports floating around on the Internet. The company clarified its position to Ars on Thursday, noting that it tries to be as permissive as possible when it comes to fair use and that individual bloggers have never been on the studio’s radar. The confusion began when the Hollywood Reporter ran a story on Wednesday titled “Viacom will sue bloggers who post unauthorized ‘Daily Show’ clips,” quoting Viacom spokesperson Tony Fox. “Yes, we intend to do so,” Fox was quoted saying. “My feeling is if (websites) are making money on our copyrighted content, then that is a problem.” http://arstechnica.com/tech-policy/news/2010/03/viacom-fair-use-works-for-us-unlikely-to-sue-over-clips.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss Trial Judges Impose Penalties for Social Media in the Courtroom (Citizen Media Law, 3 March 2010) - As state and federal courts continue to struggle with the use of social media in courtrooms and courthouses, recently state judges in Colorado and Ohio took action against courtroom observers who used social media technology in court. An Ohio judge imposed the more serious penalty against two trial attendees who separately pointed a Flip camera and a cell phone towards to the jury during trial testimony in a murder case. On February 16, Dwayne Davenport went on trial for the fatal shooting of Michael Grissett in East Cleveland on January 16, 2009. (Two other defendants in the case pleaded guilty, and are awaiting sentencing.) As reported by the Cleveland Plain Dealer, on the second day of trial jurors noticed that Andre Block (the defendant’s friend) and Dwight Davenport (the defendant’s cousin), who were seated in the back row of the courtroom observing the trial, were pointing the above-mentioned devices at the jury. After jurors complained to Common Pleas Judge Nancy Margaret Russo, she ordered Block and Dwight Davenport arrested for contempt of court and declared a mistrial in the case. At a hearing on the contempt citation held on February 25, Judge Russo told Block and Dwight Davenport that they were guilty of “intimidating and frightening my jury,” and that their actions had made the jurors fearful of jury service, forcing the mistrial. Block, who used a Flip phone to record about eight minutes of the proceedings, claimed that he was taking video of the defendant, his friend Dwayne Davenport, to remember him in case Davenport was sent to prison. Judge Russo sentenced Block to 60 days in prison. Another recent incident arose during the Colorado murder case against Willie Clark, accused of killing Denver Broncos cornerback Darrent Williams. Judge Christina Habas has imposed strict restrictions (pdf) on trial observers, including a prohibition on all communications from the courtroom, whether by blogging, text messaging, or other means, and a ban on cameras and cell phones from an entire section of the courthouse. Despite these restrictions, numerous signs in the courthouse summarizing the rules, security checkpoints at both the courthouse and courtroom doors, and an announcement of the cell phone ban at the start of proceedings, Robert Forto—who was covering the case for his blog—had his iPhone with him in the courtroom. His daughter called him, then his wife sent him a text message, and then his daughter left a voicemail. Forto texted his daughter, saying “I can’t talk right now.” A sheriff’s deputy saw Forto send the text message and removed Forto from the courtroom and took his cell phone. http://www.citmedialaw.org/blog/2010/trial-judges-impose-penalties-social-media-courtroom?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+CitizenMediaLawProject+(Citizen+Media+Law+Project)&utm_content=Google+Reader Why We Tweaked Our Copyright Notice (ArsTechnica, 3 March 2010) - A couple of weeks ago, we ran an article on the various overbroad copyright notices one finds in books and on TV sports. You know the sort of thing—”any other use of this telecast or any pictures, descriptions, or accounts of the game without the NFL’s consent is prohibited.” The piece focused on a pair of lawyers who had complained about such notices back in 2007, and we wanted to know what had happened with those complaints. The short answer: not much. Readers pointed out that our own footer contains a pretty strong copyright statement of its own: “The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast Digital.” But of course, you can reproduce and distribute and cache much of this information for a variety of reasons under US copyright law. We told readers that we would look into the issue, and Editor-in-Chief Ken Fisher agreed to ask our corporate lawyers about making a small change to the notice. The lawyers had no problem with the proposed change, and we pushed out the updated page code this weekend. The notice now says, “Except where permitted by law, the material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Condé Nast Digital.” It’s not a major change, and the notice doesn’t alter anyone’s rights under US law one way or the other. We do think it was important to make clear in such notices that there are limits to copyright law, however, and that the company’s claims to its material are not so absolute as such notices can make them sound. http://arstechnica.com/tech-policy/news/2010/03/why-we-tweaked-our-copyright-notice.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss RealNetworks Deal to Discontinue DVD-Copying Software Includes $4.5 Million for Studios’ Legal Tab (Law.com, 4 March 2010) - Good luck trying to burn a copy of your favorite DVD now. RealNetworks agreed to kill DVD-copying software that raised the hackles of movie studios in Hollywood. The company will also pay $4.5 million to cover the studios’ legal fees and costs for the copyright fight that ensued in the Northern District of California. The concessions came in a Monday settlement agreement and a consent judgment, approved by Judge Marilyn Hall Patel on Wednesday. RealNetworks threw in the towel after Patel repeatedly sided with the major movie studios and the DVD Copy Control Association. The judge granted a preliminary injunction against RealNetworks’ software, RealDVD, in August. Patel concluded that it violated the Digital Millennium Copyright Act by circumventing copy control locks on DVDs. She gave little credence to Real’s defense that DVD owners have a fair use right to copy their own movies. The studios were represented by Munger, Tolles & Olson, while Akin Gump Strauss Hauer & Feld represented the DVD CCA. Wilson Sonsini Goodrich & Rosati represented RealNetworks. http://www.law.com/jsp/article.jsp?id=1202445440154&rss=newswire FDIC: Hackers Took More Than $120m in Three Months (Computerworld, 8 March 2010) - Ongoing computer scams targeting small businesses cost U.S. companies $25 million in the third quarter of 2009, according to the U.S. Federal Deposit Insurance Corporation. Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and rose to over $120 million in the third quarter of 2009, according to estimates presented Friday at the RSA Conference in San Francisco, by David Nelson, an examination specialist with the FDIC. The FDIC receives a variety of confidential reports from financial institutions, which allow it to generate the estimates, Nelson said. Almost all of the incidents reported to the FDIC “related to malware on online banking customers’ PCs,” he said. Typically a victim is tricked into visiting a malicious Web site or downloading a Trojan horse program that gives hackers access to their banking passwords. Money is then transferred out of the account using the Automated Clearing House (ACH) system that banks use to process payments between institutions. http://www.computerworld.com/s/article/9167598/FDIC_Hackers_took_more_than_120M_in_three_months?source=rss_news U.S. Hopes Exports Will Help Open Closed Societies (NYT, 8 March 2010) - Seeking to exploit the Internet’s potential for prying open closed societies, the Obama administration will permit technology companies to export online services like instant messaging, chat and photo sharing to Iran, Cuba and Sudan, a senior administration official said Sunday. On Monday, he said, the Treasury Department will issue a general license for the export of free personal Internet services and software geared toward the populations in all three countries, allowing Microsoft, Yahoo and other providers to get around strict export restrictions. The companies had resisted offering such services for fear of violating existing sanctions. But there have been growing calls in Congress and elsewhere to lift the restrictions, particularly after the postelection protests in Iran illustrated the power of Internet-based services like Facebook and Twitter. The Treasury Department’s action follows a recommendation by the State Department in mid-December that the Office of Foreign Assets Control, which is run by the Treasury, authorize the downloading of “free mass-market software” in Iran by Microsoft, Google and other companies. The administration’s blanket waiver does not apply to encryption and other software that makes it harder for the authorities to track people’s Internet activity. That category of technology does not fall within the mass-market services that can be downloaded free from the Internet, he said. But the official said the Treasury would grant licenses to such providers on a case-by-case basis, and would generally look favorably on them. One such service, known as Haystack, is awaiting a waiver from the State Department, and is subsequently likely to obtain a Treasury license. http://www.nytimes.com/2010/03/08/world/08export.html?scp=1&sq=export%20internet%20services&st=cse Law Firms Slow to Awaken to Cybersecurity Threat (Law.com, 9 March 2010) - An oddly worded e-mail was the first sign of something amiss at Los Angeles firm Gipson Hoffman & Pancione. It didn’t read like the messages the firm’s attorneys usually sent each other—didn’t pass the “smell test.” His suspicions raised, the recipient, associate Gregory Fayer, picked up the phone and discovered that the colleague who supposedly sent the e-mail knew nothing of it. Other attorneys at the firm also received the bogus e-mail, which was eventually traced to China—where Gipson Hoffman is litigating a $2.2 billion copyright infringement suit against the government. Fayer was well aware that cyberattackers often use fake e-mail messages to break into computer networks. The firm couldn’t directly link the bogus messages to its lawsuit—the FBI is still investigating the matter—but found it hard to dismiss as mere coincidence. Notably, the episode followed closely on the heels of Google’s announcement that hackers had broken into the Gmail accounts of several Chinese human rights activists. Although the public acknowledgement of the attack was unusual, it was hardly the first time that a law firm has been targeted by a sophisticated network of overseas hackers looking to infiltrate computer systems in order to gather data or monitor attorney activity, according to attorneys and technology experts. Law firms have dealt quietly with cyberattacks for years, but lately those strikes appear to be on the rise, said Marc Zwillinger, a former partner at Sonnenschein Nath & Rosenthal who this month opened Zwillinger Genetski, a Washington law boutique specializing in internet security and data privacy. “The activity focusing on law firms has definitely picked up in the past year or two, compared to what it was,” said Zwillinger, who has advised law firms dealing with cybersecurity breaches. “We’ve been seeing a fair bit of activity where the attacker is looking to acquire information that has strategic value.” Law firms are attractive targets for cyberattackers because they maintain sensitive client information on their systems, according to attorneys and technology consultants. Firms don’t often realize that their computer systems have been infiltrated and rarely go public if they do face a security breach, Zwillinger and other internet security experts said. http://www.law.com/jsp/article.jsp?id=1202445899467&rss=newswire European Parliament Rips Global IP Accord (Wired, 10 March 2010) - The European Parliament delivered a political blow to Hollywood and the Obama administration, voting Wednesday 663 to 13 in opposition to a proposed and secret intellectual property agreement being negotiated by the European Union, United States and a handful of others. Wednesday’s developments concerning the Anti-Counterfeiting and Trade Agreement are substantial because the European Union’s 27 countries vastly outnumber the remaining countries negotiating the deal. They are Australia, Canada, Japan, South Korea, Mexico, Morocco, New Zealand, Singapore, Switzerland and the United States. Ambassador Ron Kirk, the top U.S. trade official, is spearheading the deal that began being crafted under the George W. Bush administration. Kirk’s office declined comment. To be sure, there is a dispute and heavy confusion concerning whether internet service providers under ACTA would be forced to punish customers deemed copyright scofflaws by reducing or eliminating service, according to a string of leaked documents. So parliament members also agreed Wednesday to oppose the measure if it contains so-called “three strikes” or “graduated response” policies — regardless of whether that’s now in the text. And because of the text’s secrecy, parliament on Wednesday also demanded (.pdf) that the private agreement still under negotiation be publicly released. Whether parliament’s action scuttles ACTA is another matter. Michael Geist, a law professor at the University of Ottawa, said in a telephone interview that Wednesday’s resolution also OKs more ACTA global negotiations on behalf of the European Union. Geist said he expects Europe to participate in the next round of ACTA negotiations to get underway April 12 in New Zealand. http://www.wired.com/threatlevel/2010/03/european-parliament-rips-global-ip-accord/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+wired27b+(Blog+-+27B+Stroke+6+(Threat+Level))#ixzz0hoPTuju7 Bad Employee! 12% Knowingly Violate Company IT Policies (ArsTechnica, 10 March 2010) - By now, it’s practically a mantra that the biggest problem with corporate IT security is the employees themselves. However, we usually assume that’s due to ignorant users or poorly enforced policies. Not so for a chunk of the US working population—according to a survey conducted by Harris Interactive, 12 percent admitted to knowingly violating IT policy in order to get work done. http://arstechnica.com/business/news/2010/03/bad-employee-12-knowingly-violate-company-it-policies.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss 20 Ways to Link Dispersed Legal Departments (Law.com, 10 March 2010; by Rees Morrison) - A legal department that speaks with a single voice, thinks with a single mind, and acts like a partnership will outperform one that is fragmented with uneven or inconsistent practices and policies. General counsel of dispersed legal departments, those with lawyers based in several locations around the world, have a particular problem of striving to nurture a sense that members work in a single, unified department. It is true that the larger the department, the more techniques of solidarity help, but even a small department, if its members are not in the same location, can benefit. In this article I discuss 20 techniques, by increasing order of difficulty or cost to bring about, that increase coherence and effectiveness in a spread-out legal department. http://www.law.com/jsp/article.jsp?id=1202445966228&rss=newswire HHS Publishes List of Entities Reporting Health Information Breaches (Steptoe & Johnson’s E-Commerce Law Week, 11 March 2010) - The Department of Health and Human Services has published on its website a list of the breaches of unsecured health information affecting 500 or more individuals that have been reported since the Health Information Technology for Economic and Clinical Health (HITECH) Act took effect in September 2009.  The Federal Trade Commission previously issued its own final rule regarding breaches of unsecured health information by entities not subject to the Health Insurance Portability and Accountability Act.  Breaches affecting more than 500 individuals also must be reported to the FTC, which will maintain a publicly available database of all reported breaches in order to “provide businesses with information about potential sources of data breaches,” keep the public informed, and aid policymakers in developing data breach regulations. http://www.steptoe.com/publications-6696.html Why Social Media Policies Don’t Work (GigaOM, 12 March 2010) - Maybe Thomson Reuters was feeling nostalgic about the flurry of negative attention that both the New York Times and the Washington Post got last year when they came out with policies on the use of social media tools such as Twitter and Facebook. For whatever reason, the wire service recently issued new guidelines for its staff, and they suffer from many of the same problems that both the NYT and WaPo policies did. All of these flaws boil down to one thing: A desire to control something that fundamentally can’t be controlled, and a fear of what happens when that control is lost. Without even bothering to enumerate the positive aspects of social-media use, the policy starts in with the warnings right away: “We want to encourage you to use social media approaches in your journalism but we also need to make sure that you are fully aware of the risks — especially those that threaten our hard-earned reputation for independence and freedom from bias or our brand.” The risks, of course, are everywhere — someone might say something embarrassing, or post a tweet that others could twist to disparage Reuters: “The advent of social media does not change your relationship with the company that employs you — do not use social media to embarrass or disparage Thomson Reuters. Our company’s brands are important; so, too, is your personal brand. Think carefully about how what you do reflects upon you as a professional and upon us as an employer of professionals.” http://gigaom.com/2010/03/12/reuters-and-why-social-media-policies-dont-work/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+OmMalik+(GigaOM)&utm_content=Google+Reader Instant Ads Set the Pace on the Web (NYT, 12 March 2010) - Advertisers have been able to direct online messages based on demographics, income and even location, but one element has been largely missing until recently: immediacy. Advertisers booked slots in advance, and could not make on-the-fly decisions about what ads to show based on what people were doing on the Web. Now, companies like Google, Yahoo and Microsoft let advertisers buy ads in the milliseconds between the time someone enters a site’s Web address and the moment the page appears. The technology, called real-time bidding, allows advertisers to examine site visitors one by one and bid to serve them ads almost instantly. For example, say a man just searched for golf clubs on eBay (which has been testing a system from a company called AppNexus for more than a year). EBay can essentially follow that person’s activities in real time, deciding when and where to show him near-personalized ads for golf clubs throughout the Web. If eBay finds out that he bought a driver at another site, it can update the ad immediately to start showing him tees, golf balls or a package vacation to St. Andrew’s, Scotland, often called the home of golf. If a woman was shopping, eBay could change the ad’s color or presentation. While companies have been plugging real-time bidding for a couple of years, industry heavyweights are now behind it. Google introduced its revised DoubleClick Ad Exchange, offering real-time bidding, in September. Yahoo is testing the process on its Right Media Exchange, and Microsoft on its AdECN exchange. A consumer would barely notice the shift, except that ads might seem more relevant to exactly what they are shopping for. It is another way in which marketers are massaging information — and something that has raised ire in Washington, where the Federal Trade Commission has been holding discussions on tailored advertising. “The fact that you can be auctioned off in 12 milliseconds or less just illustrates how privacy in this country has rapidly eroded,” said Jeffrey Chester, executive director of the consumer group Center for Digital Democracy. http://www.nytimes.com/2010/03/12/business/media/12adco.html?scp=1&sq=instant%20ads&st=Search NOTED PODCASTS This Law is My Law (Berkman Center, 25 Feb 2010) - This week we sit down with Carl Malamud, who with the group Public.Resource.org is pushing to put law in the public domain. We covered the issue of copyright on law a few months ago in Radio Berkman 129, where Steve Schultze introduced us to RECAP – a software that helps legal researchers bypass hefty fees for access to legal documents. There is now a movement afoot, not just to bypass the system that puts law behind a paywall, but to remove it altogether. If you think this is a small issue – note that Americans spend some $10 billion a year just to access legal documents, everything from local building codes to Supreme Court records. The Executive Branch alone pays $50 million to access district court records. Some cash-strapped law schools ration students’ access to per-page charging services for legal records. And journalists, non-profits, and average citizens interested in legal research are feeling just as nickeled-and-dimed by fees. http://cyber.law.harvard.edu/node/5958 [Editor: good 25-minute podcast about PACER/RECAP, Oregon’s copyright claims in its Code, and open access to the law. ONE STAR] RESOURCES Social Networking and Constituent Communications: Member Use of Twitter During a Two-Month Period in the 111th Congress (Congressional Research Service, February 2010) - Beginning with the widespread use of e-mail by Congress in the mid-1990’s, the development of new electronic technologies has altered the traditional patterns of communication between Members of Congress and constituents. Many Members now use e-mail, official websites, blogs, YouTube channels, and Facebook pages to communicate with their constituents--technologies that were either non-existent or not widely available 15 years ago. These technologies have arguably served to enhance the ability of Members of Congress to fulfill their representational duties by providing greater opportunities for communication between the Member and individual constituents, supporting the fundamental democratic role of spreading information about public policy and government operations. In addition, electronic technology has reduced the marginal cost of constituent communications; unlike postal letters, Members can reach large numbers of constituents for a relatively small fixed cost. Despite these advantages, electronic communications have raised some concerns. Existing law and chamber regulations on the use of communication media such as the franking privilege have proven difficult to adapt to the new electronic technologies. This report examines Member use of one specific new electronic communication medium: Twitter. After providing an overview and background of Twitter, the report analyzes patterns of Member use of Twitter during August and September 2009. http://assets.opencrs.com/rpts/R41066_20100203.pdf Data Security, Third-Party Privacy Claims, and Insurance Coverage Under CGL “Personal and Advertising Injury” Coverage (Jones Day, Feb 2010) - For a company faced with a data breach resulting in the possible disclosure of private information, an important question is how, if at all, commercial general liability insurance will respond to third-party claims alleging damages. If your company has specialty coverage for data security loss, cybertheft, or similar liabilities, then your right to coverage might be clear. If you do not have such special coverage available, however, then you might nevertheless have a prospect of recovering defense costs and indemnity under your CGL policy. http://www.jonesday.com/data_security/ [Editor: useful re-survey of the issues and arguments.] FCC Releases Internet Speed Test Tool (Reuters, 11 March 2010) - The U.S. Federal Communications Commission on Thursday launched a broadband test service to help consumers clock the speed of their Internet. Located at the site http://www.broadband.gov, the test is aimed at allowing consumers to compare their actual speeds with the speeds advertised by their providers. The FCC release follows an FCC meeting in September where officials said that actual speeds were estimated to lag by as much as 50 percent during busy hours. “The FCC’s new digital tools will arm users with real-time information about their broadband connection and the agency with useful data about service across the country,” FCC Chairman Julius Genachowski said in a statement. The FCC is also collecting information about where broadband is not available. Consumers can email the FCC at fccinfo@fcc.gov or call the FCC. http://www.washingtonpost.com/wp-dyn/content/article/2010/03/11/AR2010031104824.html LOOKING BACK - MIRLN TEN YEARS AGO First of a Kind Court Ruling Allows Online News Service to “Deep Link” (Financial Times 22 Aug 2000) - A Rotterdam court has ruled against PCM, publisher of most of the Netherlands’ national dailies, which had sought an injunction against Internet upstart Kranten.com, whose Web site consisted largely of news headlines with hyperlinks to the online newspaper sources. PCM had objected to the links going directly to the story pages, rather than to the newspaper’s home page, where advertising revenues are more lucrative. PCM, pointing to the ads that support the Kranten site, had argued that the hyperlink system was analogous to “knocking a hole in a side wall of a café” owned by someone else, and demanding that those who entered through the hole “buy a drink from a stall set up outside.” The court found that PCM could just as easily place ads next to the individual news items, however, and that external links only resulted in increased traffic. PCM is now considering setting up a similar service to retain more control over revenue and content. http://news.excite.com/news/r/000825/11/net-dutch-copyright-dc [link broken] MIRLN 2010-03-12T22:36:00-07:00 http://knowconnect.com/mirln/article/mirln_1_20_february_v1303/ http://knowconnect.com/mirln/article/mirln_1_20_february_v1303/#When:21:55:00Z • Stolen Twitter Accounts Can Fetch $1,000 • Will Your Big-Screen Super Bowl Party Violate Copyright Law? • UN Calls for Global Cyber Treaty • Wikileaks, Struggling to Make Ends Meet, Begs for Donations • A Breach Too Far • Twitter, Facebook Use Rising Among Gang Members • Firms Worry About Social Networks, But Don’t Block Access • Federal Court Officials Issue Guidance on Jury Use of Blackberries, iPhones, Twitter, LinkedIn Etc. • Brokers Must Think Twice Before Tweeting, Facebooking • Sacrebleu! French High Court Limits Employees’ Privacy Rights in the Workplace • Court’s Decision Would Severely Limit Employer Use of CFAA • TV ‘Anywhere’: AT&T Relents on 3G Slingbox • Google Asks Spy Agency for Help With Inquiry Into Cyberattacks • New Joint Degree Program In Law and Music Business • Ruling: FACTA Does Not Extend to E-Commerce Confirmations • Judges Cannot Be Facebook “Friends” With Attorneys Who Appear Before Them • More on Metadata and Other Electronic Document Issues • Preserving Born-Digital Legal Materials - Where to Start? • UK Court Finds That Simply Linking To Infringing Videos Is Not Infringing • Shell Hit By Massive Data Breach • Photographing Public Art: A Legal Waltz in Seattle • N.Y. City Bar Urges Limiting Personal Data in Civil Filings • Scariest Forum on the Internet? • EU Revises Model Contract Clauses for Data Transfers • More than 75,000 Computer Systems Hacked in One of Largest Cyber Attacks, Security Firm Says • Does Discarding Unallocated Space Deserve Contempt? PROGRAMS | NEWS | BOOK REVIEW | DIFFERENT RESOURCES | LOOKING BACK | NOTES UPCOMING PROGRAMS “Head in the Cloud, Feet in the Rules of Professional Conduct”: Managing the Ethical Risks to Lawyers from Web 2.0 Technologies, Portable Devices, and Cloud Computing, teleconference and live audio webcast (ABA, 3 March 2010) - The program’s full description and registration page is now live at: http://www.abanet.org/cle/programs/t10hcf1.html; faculty include Chris Kelly (candidate for CA Attorney General), Roland Trope, and Vince Polley. The Pace Global Consumer Law Forum and UNCITRAL Collaborate to Present a Colloquium on Global E-Commerce and Online Dispute Resolution—UNCITRAL and the Pace Law School Global Consumer Law Forum are collaborating to present the colloquium “A Fresh Look at Online Dispute Resolution and Global E-Commerce: Toward a Practical and Fair Redress System for the 21st Century Trader (Consumer and Merchant)” to be held at the UN Vienna International Centre on March 29th and 30th. The conference will be held during the same period as the Vis International Arbitration moot and is sponsored by UNCITRAL, Penn State Dickinson School of Law, and the Institute of International Commercial Law at Pace Law School. Leading experts (from government, private sector, academia, and the non-profit sector) will engage in a two-day intensive colloquium analyzing the current cross-border legal frameworks for e-commerce, existing mechanisms for online dispute resolution, and exploring the practicalities of establishing a future global ODR system for both B2B and B2C disputes. For program information, see http://www.pace.edu/page.cfm?doc_id=35508 NEWS Stolen Twitter Accounts Can Fetch $1,000 (ComputerWorld, 29 Jan 2010) - According to researchers at Kaspersky Lab, cybercriminals are trying to sell hacked Twitter user names and passwords on-line for hundreds of dollars. Since 2005, the bad guys have been developing new data-stealing malware that is now a growing problem on the Internet. Some of these programs look for banking passwords, others hunt for on-line gaming credentials. But the fastest-growing data stealers are generic spying programs that try to steal as much information as possible from their victims, said Kaspersky Researcher Dmitry Bestuzhev, speaking at a press event Friday. Bestuzhev has seen Gmail accounts for sale on Russian hacker forums, (asking price 2,500 rubles, or $82) RapidShare accounts going for $5 per month, as well as Skype, instant messaging and Facebook credentials being offered. Asking prices can vary greatly, depending on the name of the account and the number of followers, but attackers are looking for an initial, trusted, stepping stone from which to send malicious Twitter messages and, ideally, infect more machines. Bestuzhev said that one Twitter account, with just over 320 followers, was offered at $1,000 in an underground hacker forum. The user’s name was a simple three letter combination that Bestuzhev thought might make it more valuable to criminals. Compare that to an MSN account, which Bestuzhev has seen priced at €1 ($1.40). “The price for Twitter accounts is really high,” he said. http://www.computerworld.com/s/article/9150001/Stolen_Twitter_accounts_can_fetch_1_000?source=rss_news Will Your Big-Screen Super Bowl Party Violate Copyright Law? (ArsTechnica, 31 Jan 2010) - An offhand comment the other day by a friend caught my attention—”Did you know that you can’t watch the Super Bowl on a TV screen larger than 55 inches? Yeah, it’s right there in the law.” With the Colts and Saints set to do battle in Super Bowl XLIV, this seemed worth looking into as a public service. Could it be that some of those giant flat panel TV sets now finding their way into US living rooms are actually violating copyright law? Copyright law has a huge range of exemptions (like face-to-face classroom teaching), limitations (like fair use), and compulsory licensing schemes (like paying songwriters when you perform a cover version of a tune). Some are well known, but most are of interest only to specialists. US Code Title 17, Chapter 1, Section 110 is called “Limitations on exclusive rights: exemption of certain performances and displays,” and it lays out 12 of these exemptions to copyright restrictions. Are 55+ inch TVs mentioned specifically? They certainly are. TV broadcasts and movie showings can only be displayed so long as “no such audiovisual device has a diagonal screen size greater than 55 inches, and any audio portion of the performance or display is communicated by means of a total of not more than 6 loudspeakers.” So there it is in black and white—a ban on big TVs! Sort of. While my friend was right about what’s contained in the law, it’s important to put the words in context. In this case, the context is exemption number five, which deals with TVs. The exemption opens by saying that turning on a TV set in one’s house does not incur any sort of “public performance” liability under copyright law. So long as you’re using a set that can reasonably be described as “a single receiving apparatus of a kind commonly used in private homes,” you’re in the clear. It all sounds boring and academic, but the NFL famously made waves back in 2007 when it went after an Indianapolis church for hosting a Super Bowl party. Fall Creek Baptist Church planned to 1) charge admission to cover the food bill and 2) show the game on a giant projector system of more than 55 inches. Both were no-nos. In the wake of the NFL’s threat, churches around the country canceled get-togethers that year. Though it was in fact written into copyright law, the NFL’s action generated such bad press that several US Senators pressured the league to change its enforcement practices, law or no law. Sen. Arlen Specter (R-PA, now D-PA) even introduced S. 2591, a bill which singled out “professional football contests” and allowed nonprofit groups to show the games on any size screen. The bill went nowhere, but the NFL did call an audible. In late 2008, the league announced that it was changing its ways and would no longer go after churches simply for using a 55+ inch screen. http://arstechnica.com/tech-policy/news/2010/01/will-your-big-screen-super-bowl-party-violate-copyright-law.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss UN Calls for Global Cyber Treaty (ZDNet, 1 Feb 2010) - The world needs a treaty to prevent cyber attacks becoming an all-out war, the head of the main UN communications and technology agency has warned. International Telecommunications Union secretary general Hamadoun Toure gave his warning on Saturday at a World Economic Forum debate where experts said nations must now consider when a cyber attack becomes a declaration of war. With attacks on Google from China a major talking point in Davos, Toure said the risk of a cyber conflict between two nations grows every year. He proposed a treaty in which countries would engage not to make the first cyber strike against another nation. “A cyber war would be worse than a tsunami — a catastrophe,” the UN official said, highlighting examples such as attacks on Estonia last year. He proposed an international accord, adding: “The framework would look like a peace treaty before a war.” Countries should guarantee to protect their citizens and their right to access to information, promise not to harbour cyber terrorists and “should commit themselves not to attack another”. John Negroponte, former director of US intelligence, said intelligence agencies in the major powers would be the first to “express reservations” about such an accord. Susan Collins, a US Republican senator who sits on several senate military and home affairs committees, said the prospect of a cyber attack sparking a war was now being considered in the United States. “If someone bombed the electric grid in our country and we saw the bombers coming in it would clearly be an act of war. “If that same country uses sophisticated computers to knock out our electricity grid, I definitely think we are getting closer to saying it is an act of war,” Collins said. http://www.zdnet.com.au/news/security/soa/UN-calls-for-global-cyber-treaty/0,130061744,339300673,00.htm?omnRef=1337&omnRef=1337 Wikileaks, Struggling to Make Ends Meet, Begs for Donations (ArsTechnica, 1 Feb 2010) - WikiLeaks—a wiki that made a name for itself by publishing anonymous, classified information—has been temporarily shut down due to its own budget crisis. The Sunshine Press, the nonprofit organization behind WikiLeaks, has decided to cease operations in order to “concentrate on raising the funds necessary” to keep the site going, and is begging for donations lest it be stuck offline forever. For those who aren’t familiar with the Sunshine Press, it was originally started by a group of Chinese dissidents and is made up of human rights activists, investigative journalists, and other concerned citizens around the globe. WikiLeaks regularly publishes information and documents from various governmental entities, corporations, religious organizations, and more, many of which cannot be published by the traditional media—the organization says the goal is to prevent whistle-blowers from being thrown in jail for exposing sensitive information, particularly in China. However, the site is not China-focused; WikiLeaks boasts that its database contains more than 1.2 million leaked documents from around the world. It has generated a fair amount of controversy in the past by publishing a secret Australian Internet blacklist and its decision to auction off a Hugo Chavez aid’s e-mail trove. The site even says it’s currently holding “hundreds of thousands of pages” regarding the US detainee system, the Iraq war, China, and corrupt banks, just waiting to be released. http://arstechnica.com/tech-policy/news/2010/02/wikileaks-struggling-to-make-ends-meet-begs-for-donations.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss [Editor: consider making a donation.] A Breach Too Far (ABA Journal, 1 Feb 2010) - Experts on cybersecurity warn that law firms need to fear the same kind of illegal intrusions into confidential information maintained on their computer systems that already are striking government entities and private corporations with increasing frequency. There is a good reason why law firms are an excellent target for cyberattacks, said Bradford A. Bleier, a unit chief in the Cyber Division of the FBI, who was one of the speakers addressing the issue in November at the 19th Annual Review of the Field of National Security Law. The two-day conference in Washington, D.C., was co-sponsored by the ABA Standing Committee on Law and National Security in conjunction with the law schools at the University of Virginia and Duke University. “Law firms are tremendous concentrations of really critical, private information,” Bleier said, and attacking their computer systems “is an optimal way to obtain commercial and personal information.” Other speakers at the conference said law firms face difficult ethics quandaries in conjunction with thefts of information from their computers. A key question, said Stewart A. Baker, a partner at Steptoe & Johnson in Washington, D.C., is what to tell clients when there has been a breach of confidential information. Baker recounted one incident in which the FBI informed a law firm’s managing partner that it had identified confidential information from the firm in messages being sent to a foreign country. Asked what he would tell his clients, the managing partner reportedly said, “I’m not even sure I’m going to tell my partners.” Under the ABA Model Rules of Professional Conduct, that would have been the wrong answer, said Thomas D. Morgan, a professor who teaches ethics at the George Washington University Law School in Washington, D.C. (The Model Rules have been adopted in full or in part by every state except California.) “The cover-up can be worse than the original offense,” said Morgan, who noted that Model Rule 1.4 (Communications) “means you have an explicit requirement to tell the client because it’s the client who ultimately will have to decide what to do about it.” But despite that mandate of Rule 1.4, there are circumstances that raise questions about when and to what extent it must be followed to the letter, said Stewart, a member of the advisory committee to the Law and National Security Committee. One question, for instance, is whether a law firm has an obligation to inform a client when it can’t be determined whether the client’s information was compromised in a cybersecurity breach. http://www.abajournal.com/mobile/article/a_breach_too_far Twitter, Facebook Use Rising Among Gang Members (SiliconValley.com, 2 Feb 2010) - When a gang member was released from jail soon after his arrest for selling methamphetamine, friends and associates assumed he had cut a deal with authorities and become a police informant. They sent a warning on Twitter that went like this: We have a snitch in our midst. Unbeknownst to them, that tweet and the traffic it generated were being closely followed by investigators, who had been tracking the San Francisco Bay Area gang for months. Officials sat back and watched as others joined the conversation and left behind incriminating information. Law enforcement officials say gangs are making greater use of Twitter and Facebook, where they sometimes post information that helps agents identify gang associates and learn more about their organizations. “You find out about people you never would have known about before,” said Dean Johnston with the California Bureau of Narcotics Enforcement, which helps police investigate gangs. “You build this little tree of people.” http://www.siliconvalley.com/latest-headlines/ci_14318645?nclick_check=1 Firms Worry About Social Networks, But Don’t Block Access (ArsTechnica, 2 Feb 2010) - Despite widespread paranoia that social networks are putting businesses at risk, companies continue to give employees open access to them. The latest Security Threat Report (PDF) from security research firm Sophos notes that spam and malware attacks via popular networks continued to rise at “alarming” rates over the last 12 months, posing a risk to both users and the companies they work for. Nearly three-quarters of businesses (72 percent) told Sophos that they’re concerned about employee behavior on social networks—and it’s not the HR-related behavior they’re concerned about. The majority of respondents said that reports of spam, phishing, and malware coming from the major social networks were way up, and they expressed concern about employees endangering business security. According to Sophos, there was a 70 percent increase in the proportion of businesses reporting spam and malware attacks in 2009. Given this level of worry over cybersecurity, one would assume that the businesses in question would lock down access to MySpace, Facebook, and Twitter. Not so, according to the report. Almost half of all firms said that they allow their staff unfettered access to Facebook—a 13 percent increase from a year ago. Sophos called this a “grim irony,” though the firm made it clear that it’s wiser to educate employees and apply “social security” methods instead of merely barring staff from using these sites. http://arstechnica.com/business/news/2010/02/firms-worry-about-social-networks-but-not-blocking-access.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss Federal Court Officials Issue Guidance on Jury Use of Blackberries, iPhones, Twitter, LinkedIn Etc. (BNA’s E-Commerce Tech Law, 2 Feb 2010) - According to the Administrative Office of the U.S. Courts, a committee on court administration matters has sent around to all federal trial courts proposed jury instructions that specifically address the influence of mobile communications devices and electronic social media on jury deliberations. The rise of the “connected juror” has bedeviled the judicial system, introducing a host of new opportunities for juror consideration of irrelevant and inadmissible evidence, as well as new opportunities for improper communications with deliberating jurors, as this recent article from the Baltimore sun notes. The proposed jury instructions state the general rule (“You must not conduct any independent research about this case ....”) and then, for the jurors who require additional guidance, move on to the new media specifics (“ In other words, you should not consult dictionaries or reference materials, search the internet, websites, blogs, or use any other electronic tools to obtain information about this case or to help you decide the case are an attempt to fill in what is apparently a deficiency in jurors’ understanding of the general rule that evidence obtained outside of the courtroom may not be considered.”) The proposed rules also mention by name Blackberries, iPhones, text messaging, Twitter, Facebook, My Space, LinkedIn, and YouTube. Prohibiting all of them, if used to learn about, or communicate about the case. http://pblog.bna.com/techlaw/2010/02/us-courts-officials-issue-guidance-on-jury-use-of-blackberries-iphones-twitter-linkedin-etc.html Brokers Must Think Twice Before Tweeting, Facebooking (ArsTechnica, 2 Feb 2010) - If you’re a registered broker or work for firm that sells any sort of investment products, you’ll want to think twice before blurting out anything that could be construed as investment advice on Facebook, Twitter, or any other social networking site. The Financial Industry Regulatory Authority (FINRA) has updated its guidelines for interpreting the rules that govern how brokers present advice to the public to cover online social networks; and, in some cases, the guidelines rely on social network monitoring and archiving technology that doesn’t even exist yet. The new guidelines have two broad effects on the way financial firms use social media. First, the new rules attempt to take the traditional distinction between marketing a brand and hawking specific investment products, and to enforce it in online venues that sport a constantly evolving slate of features and functionality, and where the lines between the personal and the professional—or, the personal and the promotional—aren’t always clear. Take Facebook, for example, where ostensibly personal accounts nonetheless indicate where an individual works. A broker might not only identify himself as an employee of a particular bank or brokerage in his Facebook profile, but he might also be a fan of his employer’s official Facebook page, and belong to various unofficial Facebook groups that use the company’s name and logo. Based on the new guidelines, it appears that the static parts of a Facebook page, like an employee’s personal profile, fall under the FINRA rules that govern firms’ marketing to the public, with the result that they need formal approval before being posted. The dynamic, conversational parts of a page—specifically, Facebook’s wall, a blog’s comments section, and other places where users interact with each other—could constitute a “public appearance” on behalf of the firm, which means posts don’t have to be approved beforehand, but “firms must supervise these interactive electronic communications under NASD Rule 3010 in a manner reasonably designed to ensure that they do not violate the content requirements of FINRA’s communications rules.” When it comes to sorting out which communications are business-related, or even which posts or tweets run afoul of the rules, the FINRA is taking a “we know it when we see it” approach that appears to grant some leeway for interpretation. Phrases like “whether a particular communication constitutes a ‘recommendation’ for purposes of Rule 2310 will depend on the facts and circumstances of the communication,” are typical throughout the document; reference to the specific “facts and circumstances” of a particular communication are common. The point seems to be to err on the side of caution, because it’s not always clear what will get you in trouble. http://arstechnica.com/tech-policy/news/2010/02/brokers-must-think-twice-before-tweeting-facebooking.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss Sacrebleu! French High Court Limits Employees’ Privacy Rights in the Workplace (Steptoe & Johnson’s E-Commerce Law Week, 4 Feb 2010) - The Cour de cassation Chambre sociale, the labor chamber of France’s highest court of appeals, upheld a lower court’s ruling that an employer is entitled to open employee files not marked “private,” even without the employee’s presence or consent. The court’s ruling expands the scope of allowable employer monitoring of employees’ communications in France, and is the latest in a line of cases narrowing the Cassation Court’s 2001 decision in Nikon France SA v. Frédéric O. Nikon established that employees have a right to privacy in personal messages transmitted using a workplace computer, even where an employer has banned non-business use of the computer. Since then, though, the Cassation Court has issued decisions that refined Nikon in favor of employers, including a 2008 ruling that employers had the right to monitor an employee’s Internet usage without the employee’s knowledge or presence, and a 2009 ruling that an employee file could not be considered “private” merely because it was identified by the employee’s initials. http://www.steptoe.com/publications-6612.html Court’s Decision Would Severely Limit Employer Use of CFAA (Steptoe & Johnson’s E-Commerce Law Week, 4 Feb 2010) - A federal district court in Illinois has weighed in on what constitutes “loss” under the Computer Fraud and Abuse Act (CFAA), ruling that civil claims cannot survive absent evidence of “impairment or unavailability of data or interruption of service.” This is an issue that has divided the courts; if the court’s reasoning is sustained on appeal by the Seventh Circuit and adopted by other federal courts of appeal, it would greatly limit the utility of the CFAA to employers. http://www.steptoe.com/publications-6612.html TV ‘Anywhere’: AT&T Relents on 3G Slingbox (Wired, 4 Feb 2010) - In a significant policy reversal, AT&T announced Thursday that it will allow Sling Media’s mobile apps to run on its 3G network. That means owners of various Sling Box devices can watch live, streaming TV, as well as DVR-recorded content and movies downloaded at home using an iPhone app without a Wi-Fi connection. Last May, AT&T claimed the Sling app would “create congestion” on its 3G network. It ran tests in December, and now concludes that “the optimized app can run on its 3G network” and said it has alerted both Apple and Sling to its decision. What changed? In part, the Sling app itself. AT&T’s announcement claims that while the Sling app had always been optimized for 3G, AT&T “worked with” Sling to make it even more efficient (i.e., degraded video and/or audio quality until the Sling app consumed an acceptable amount of bandwidth). SlingPlayer Mobile is one of the most expensive on iTunes — $30 — and it works only if you have Sling hardware at home that costs hundreds of dollars. But it integrates with any video system, including TiVo. Slingbox aficionados have been watching their home channel lineup and programming anywhere in the world on their laptops using downloadable software and, more recently, via a web interface. But there are no monthly fees and no new service to sign up for: You simply run SlingPlayer and watch as if you were home. You can operate your DVR to record programs, play movie rentals and call up video-on-demand, making it all available in your pocket. http://www.wired.com/epicenter/2010/02/att-will-allow-optimized-sling-app-for-iphone/ Google Asks Spy Agency for Help With Inquiry Into Cyberattacks (NYT, 4 Feb 2010) - Google has turned to the National Security Agency for technical assistance to learn more about the computer network attackers who breached the company’s cybersecurity defenses last year, a person with direct knowledge of the agreement said Thursday. The collaboration between Google, the world’s largest search engine company, and the federal agency in charge of global electronic surveillance raises both civil liberties issues and new questions about how much Google knew about the electronic thefts it experienced when it stated last month that it might end its business operations in China. The agreement was first reported on Wednesday evening by The Washington Post. By turning to the N.S.A., which has no formal legal authority to investigate domestic criminal acts, instead of the Department of Homeland Security, which does have such authority, Google is clearly seeking to avoid having its search engine, e-mail and other Web services regulated as part of the nation’s “critical infrastructure.” The United States government has become increasingly concerned about the computer risks confronting energy and water distribution systems and financial and communications networks. Systems designated as critical infrastructure are increasingly being held to tighter regulatory standards. The relationship that the N.S.A. has struck with Google is known as a cooperative research and development agreement, according to a person who has been briefed on the relationship. These were created as part of the Federal Technology Transfer Act of 1986 and are essentially a written agreement between a private company and a government agency to work together on a specific project. They were intended to help accelerate the commercialization of government-developed technology. http://www.nytimes.com/2010/02/05/science/05google.html New Joint Degree Program In Law and Music Business (University of Miami, 8 Feb 2010) - The University of Miami School of Law and the Frost School of Music have launched a new joint degree program in law and music business – the first of its kind in the country – that will enable students to earn a J.D. and a Masters of Music in Music Business and Entertainment Industries. This degree will give future entertainment attorneys a thorough understanding of the music industry. In this specialization, students not only learn the essentials of law, but also the common practices of the music business. Students can complete both degrees in less time while studying at a top law school and one of the best music schools in the country. And, as one of the four top music cities in the U.S. and as the music center for the Latin American Divisions of all major music companies, Miami offers exceptional internship and work opportunities. http://www.law.miami.edu/news.php?article=1455 [Editor: See “Bernstein” story under the Different section below; wonder what he’d have made of this.] Ruling: FACTA Does Not Extend to E-Commerce Confirmations (MultiChannelMerchant, 8 Feb 2010) - Online merchants have dodged another bullet when it comes to the Fair and Accurate Credit Transactions Act (FACTA). In the recent case Shlahtichman v. 1-800 Contacts, Inc., a judge in the Northern District of Illinois ruled in December that FACTA does not apply to electronic displays or e-mail confirmations of Internet transactions. Congress amended the Fair Credit Reporting Act in 2003 by enacting FACTA. Among other things, FACTA restricts the disclosure of consumers’ information on electronically printed receipts provided to cardholders at the point of sale or transaction. Due to confusion of whether FACTA required truncating the credit or debit card number to the last five digits and masking the card’s expiration date, hundreds of class action lawsuits were filed--despite the lack of any actual injuries, such as credit card fraud or identity theft. The epidemic of FACTA lawsuits became so rampant that in May 2008, Congress passed the Credit and Debit Card Receipt Clarification Act to protect merchants that had included expiration dates on receipts from civil FACTA liability. Undaunted, plaintiff’s class action lawyers turned to the Internet in hopes of finding more fertile ground for class action lawsuits. In Shlahtichman, the plaintiff alleged that, after using his credit card to purchase contact lenses over the Internet in June 2009, he received at his home a computer-generated receipt that displayed the expiration date of his credit card. (The Clarification Act only insulates merchants from expiration date liability for receipts printed prior to June 3, 2008). Although suffering no actual damages, the plaintiff sought, on behalf of himself and a class of similarly situated persons, $1,000 per receipt. In dismissing the complaint for failure to state a claim, Judge John Darrah determined that an e-mail order confirmation is not an electronically printed receipt because the “plain meaning of ‘print’ is to transfer information to paper.” The court rejected the plaintiff’s argument that print is more commonly understood as displaying on a computer screen as “unpersuasive.” http://multichannelmerchant.com/ecommerce/news/facta-ruling-ecommerce-confirmations-0208/ Judges Cannot Be Facebook “Friends” With Attorneys Who Appear Before Them (BNA’s Internet Law News, 11 Feb 2010)- BNA’s Electronic Commerce & Law Report reports that a majority of the Florida Supreme Court’s judicial ethics committee has concluded that online “friending” between judges and attorneys who appear before them is inappropriate. A judge who does so conveys or lets the named attorneys convey the impression that the lawyers are in a special position to influence the judge. More on Metadata and Other Electronic Document Issues (ALAS, 12 Feb 2010) - The Arizona Supreme Court recently ruled that metadata embedded in electronic documents is part of the public record and must be disclosed in response to a public records request. See Lake v. City of Phoenix, 218 P.3d 1004 (Ariz. 2009). The ruling involved an employment discrimination suit filed by a former Phoenix police officer. The officer made a public records request, seeking notes his supervisor kept in electronic form related to the officer’s job performance. After reviewing the hard-copy file, the officer suspected that certain notes had been back-dated. He then filed another public records request so that he could review the metadata embedded in the supervisor’s electronic notes. The trial court denied the officer’s request, and the appellate court affirmed, concluding that the public record does not encompass metadata. The Arizona Supreme Court reversed, holding that when a public record is maintained in electronic form, the electronic record, including any metadata, is subject to disclosure under the state’s public records law. The court disagreed with the City of Phoenix’s claim that production of metadata would be an administrative nightmare, finding that unduly burdensome or harassing requests can be addressed under existing law. In a separate development, the Arizona State Bar Commission on the Rules of Professional Conduct endorsed a law firm’s encrypted electronic client file storage system that allows clients to access their files directly. See Arizona Opinion 09-04. The committee had previously determined that electronic storage of client files is permissible, as long as adequate steps are taken to protect file confidentiality. See Arizona Opinion 05-04. The committee approved the firm’s security proposals, but warned that these measures might become inadequate as technology advances over time. http://www.alas.com/articles/enews/lpen10-01-l04.html [Spotted by MIRLN reader Phillip Schmandt of McGinnis, Lochridge.] Preserving Born-Digital Legal Materials - Where to Start? (LLRX.com, 14 Feb 2010) - It’s tempting to begin any discussion of digital preservation and law libraries with a mind-blowing statistic. Something to drive home the fact that the clearly-defined world of information we’ve known since the invention of movable type has evolved into an ephemeral world of bits and bytes, that it’s expanding at a rate that makes it nearly impossible to contain, and that now is the time to invest in digital preservation efforts. But, at this point, that’s an argument that you and I have already heard. As we begin the second decade of the 21st century, we know with certainty that the digital world is ubiquitous because we ourselves are part of it. Ours is a world where items posted on blogs are cited in landmark court decisions, a former governor and vice-presidential candidate posts her resignation speech and policy positions to Facebook, and a busy 21st-century president is attached at the thumb to his Blackberry. http://www.llrx.com/features/borndigital.htm [Editor: Interesting, 30,000 foot survey.] UK Court Finds That Simply Linking To Infringing Videos Is Not Infringing (TechDirt, 15 Feb 2010) - We’ve seen more than a few lawsuits over the years by the entertainment industry against various sites that merely link to infringing content. The entertainment industry likes to make the claim that this is inducing infringement, but if you’re just pointing to a bunch of YouTube videos, it’s difficult to see how that should be considered infringement at all. In one such case, over in the UK, a site called tv-links.co.uk, after years battling this in court, was found not to have infringed on the copyrights of movie studios. The case was brought by FACT, the “Federation Against Copyright Theft,” but had little evidence of any actual infringement being done by the site, who merely linked to videos found on YouTube, Veoh, DailyMotion and other sites. FACT originally claimed that the site “facilitated” copyright infringement on the internet, despite that not being a part of UK law. Eventually, the official charges were “Conspiracy to Defraud and breaches of the Copyright Designs and Patents Act,” which is quite similar to what OiNK’s admin was charged with. And just like how OiNK’s Alan Ellis was found not guilty, the court has sided with TV links, noting that it didn’t actually infringe on anyone’s copyrights directly. Of course, this still took years of having to fight it out in court and a ton of resources—some of which were frozen by a “financial restraining order” during the case itself. http://techdirt.com/articles/20100212/1549298157.shtml Shell Hit By Massive Data Breach (The Register, 15 Feb 2010) - Shell has been hit by a massive data breach - the contact database for 176,000 staff and contractors at the firm has been copied and forwarded to lobbyists and activists opposed to the company. John Donovan, an activist who received the database, said he had voluntarily destroyed the files. But he warned that other copies were available online. The email supposedly comes from 176 “concerned staff” to highlight Shell’s activities in Nigeria. The database is about six months old and could have been released by a recently laid off staff member, or there could really be a rogue campaign group within Shell. Richard Wiseman, chief ethics and compliance officer at Royal Dutch Shell, wrote to staff last week after the breach emerged. He said: “The Global Address List, containing contact information of everyone in Shell and some contractors, joint ventures and other third parties, has been downloaded without authorisation and distributed to some external parties. We do not know who did this. We are investigating and are raising this theft of information with the relevant data protection authorities.” The company played down the security implications of the loss - it is phone and email details rather than real-world addresses. http://www.theregister.co.uk/2010/02/15/shell_data_loss/ Photographing Public Art: A Legal Waltz in Seattle (Citizen Media Law Project, 17 Feb 2010) - To photographer Mike Hipple, the claim is baseless. The photo he took about 10 years ago of a woman standing near the “Dance Steps on Broadway” sculpture in Seattle’s Capitol Hill is an example of fair use. If it’s not, he reasons, the right of all photographers to take pictures in public will be in jeopardy. His photo was, after all, “taken on a public sidewalk, showing a woman interacting with a piece of public art, paid for by public funds. And it only depicts a small portion of the artwork at that,” Hipple wrote. “Now if this doesn’t qualify as fair use of the sculpture, I don’t know what does.” Hipple’s sentiment is shared by many Seattle residents who feel that public art, financed with their tax dollars, should be in the public domain. They paid for it, say residents, so they should be able to photograph it without fear of a lawsuit. Hipple is just a small-guy photographer being bullied by a greedy litigious copyright holder, they say. It’s an understandable sentiment, but not necessarily a solid legal defense. Hipple sold the photo (pictured above) to a stock photography company. Jack Mackie, who created “Dance Steps on Broadway,” demanded that the company remove the photo, claiming that it infringed his copyright by reproducing the sculpture. The company promptly removed the photo, but Mackie sued Hipple last February for selling it in the first place. The lawsuit has outraged scores of residents who find Mackie to be out of step with the public’s interest. Mackie installed the eight sets of inlaid bronze shoe prints, mapping out well-known dances such as the waltz and rumba, in 1982 when the city rebuilt the neighborhood’s sidewalks. Despite receiving public financing for the project, Mackie retained rights to the artwork. Those rights, according to § 106 of the U.S. Copyright Act, include the exclusive right to reproduce the work or to create derivative work from it. http://www.citmedialaw.org/blog/2010/photographing-public-art-legal-waltz-seattle?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+CitizenMediaLawProject+(Citizen+Media+Law+Project)&utm_content=Google+Reader N.Y. City Bar Urges Limiting Personal Data in Civil Filings (Law.com, 18 Feb 2010) - Citing the increasing availability of court documents on the internet, the New York City Bar is urging the courts to adopt a statewide rule that would sharply curtail the inclusion of “sensitive personal information” in civil court filings. Such documents presumptively have been “public records in New York ... accessible to anyone willing to make the trip to a courthouse,” according to a report released last week by the City Bar’s subcommittee on electronic records within the group’s Council on Judicial Administration. With the court system and private companies posting records online, and the difficulty of purging electronically filed information, “[t]he reality is that the notion of privacy of court records is a misnomer,” the report says. The City Bar’s proposal would require that civil court filers omit or redact nine categories of information, including Social Security, taxpayer identification, and driver’s license numbers. The rule also would prohibit the names of minor children, dates of birth, bank and financial account numbers, government-issued identification numbers, and “other identification numbers which uniquely identify an individual” from appearing on civil court filings. Due to the volume of filings in New York, which, according to the subcommittee’s report, “make it unrealistic to expect court personnel” to omit or redact the information, attorneys and other persons filing documents would be responsible for complying with the rule. http://www.law.com/jsp/article.jsp?id=1202443770342&rss=newswire Scariest Forum on the Internet? (InsideHigherEd, 18 Feb 2010) - Just two weeks after its Feb. 2 launch, The Chicago Manual of Style Online’s new discussion forum already features numerous discussions with titles like “ ‘Predecessor to’ or ‘predecessor of’ “? and “Worst online punctuation abuse?” But the most popular thread thus far is titled “I’m afraid to post here.” Its first message: “Could there be a more intimidating place to post?” Other commenters echoed that sentiment: “I do fear a grammatical error in posts here because even if everyone is polite enough to ignore it they will surely notice it,” fretted one. Nevertheless, numerous Chicago Manual acolytes have already managed to overcome their trepidation over airing thoughts in such august grammatical company. While they’ve no doubt been aided in this feat by the lure of $100 in free books (which the press has promised to award at random to one of those who post within 30 days of the forum’s launch), forum users also expressed delight over having “a place to ask questions and enjoy a sense of community with fellow writers and editors,” as one commenter put it. And that’s exactly the goal of the forum, according to the University of Chicago Press’s reference promotions manager, Ellen Gibson: “What we hope to build is a sense of community among our subscribers.” In that regard, the forum seems thus far to be a success: users can ask any and all style-related questions (“Is there a rule about using whether or if?”) and receive quick responses from others, often citing the Manual itself (“From CMOS 5.202: determine whether; determine if. The first phrasing is irreproachable style; the second is acceptable, though less formal”). The press hopes that this function will finally bridge the long-standing gap between the number of questions that Chicago users submit to its Q&A each month (hundreds, Gibson said) and the number that editors can answer (about 10 every month). But the forum isn’t limited to the nitty-gritty of copy editing; it also includes sections where users can post their questions on author relations (“How does one deal with the frustration of continually correcting the same differences in usage without losing one’s temper or alienating the writer?”), professional development (“Have you ever taken a class in copyediting?”) and the publishing industry (“How can publishers best utilize Facebook and Twitter for marketing purposes?”), as well as, of course, miscellaneous (“Best way to develop good grammar habits?”). http://www.insidehighered.com/news/2010/02/18/chicago EU Revises Model Contract Clauses for Data Transfers (Steptoe & Johnson’s E-Commerce Law Week, 18 Feb 2010) - The EU Data Protection Directive restricts transfers of personal data of EU residents to non-EU countries. A common approach for complying with this obligation is for the EU data transferor and the transferee abroad to adopt model contract clauses approved by the European Commission. The European Commission earlier this month adopted a decision approving a new set of model contract clauses for the transfer of personal data from a data controller to a foreign processor (controller-to-controller clauses were previously approved). The new clauses permit the foreign processor to re-transfer data to a sub-processor (the previous version did not permit this), and delete an arbitration provision from the previous version that had never been applied in practice. http://www.steptoe.com/publications-6631.html More than 75,000 Computer Systems Hacked in One of Largest Cyber Attacks, Security Firm Says (Washington Post, 18 Feb 2010) - More than 75,000 computer systems at nearly 2,500 companies in the United States and around the world have been hacked in what appears to be one of the largest and most sophisticated attacks by cyber criminals discovered to date, according to a northern Virginia security firm. The attack, which began in late 2008 and was discovered last month, targeted proprietary corporate data, e-mails, credit-card transaction data and login credentials at companies in the health and technology industries in 196 countries, according to Herndon-based NetWitness. News of the attack follows reports last month that the computer networks at Google and more than 30 other large financial, energy, defense, technology and media firms had been compromised. Google said the attack on its system originated in China. This latest attack does not appear to be linked to the Google intrusion, said Amit Yoran, NetWitness’s chief executive. But it is significant, he said, in its scale and in its apparent demonstration that the criminal groups’ sophistication in cyberattacks is approaching that of nation states such as China and Russia. The intrusion, first reported on the Wall Street Journal’s Web site, was detected Jan. 26 by NetWitness engineer Alex Cox. He discovered the intrusion, dubbed the Kneber bot, being run by a ring based in Eastern Europe operating through at least 20 command and control servers worldwide. The hackers lured unsuspecting employees at targeted firms to download infected software from sites controlled by the hackers, or baited them into opening e-mails containing the infected attachments, Yoran said. The malicious software, or “bots,” enabled the attackers to commandeer users’ computers, scrape them for log-in credentials and passwords—including to online banking and social networking sites—and then exploit that data to hack into the systems of other users, Yoran said. The number of penetrated systems grew exponentially, he said. Among the companies hit were Cardinal Health, located in Dublin, Ohio, and Merck, according to the Wall Street Journal. A spokesman for Cardinal said the firm removed the infected computers as soon as the breach was found. Also affected were educational institutions, energy firms, financial companies and Internet service providers. Ten government agencies were penetrated, none in the national security area, NetWitness said. http://www.washingtonpost.com/wp-dyn/content/article/2010/02/17/AR2010021705816.html?wprss=rss_technology Does Discarding Unallocated Space Deserve Contempt? (Law.com, 19 Feb 2010) - A defendant’s effort to keep sensitive personal and business data from falling into the wrong hands by taking steps to ensure the deletion of files landed him in contempt of Delaware’s Chancery Court, but the court’s conclusion that he violated a status quo agreement places a dubious value on the computer equivalent of a wastepaper basket. In TR Investors LLC v. Genger, No. 3994-VCS, Delaware Court of Chancery (Dec. 9, 2009), the court found defendant Arie Genger in contempt of court for “wiping” the “unallocated space” of the hard drive of his work computer and file server in the face of an order that prohibited him from “tampering with, destroying or in any way disposing of any Company-related documents, books or records.” The court reasoned that e-files that the defendant should have had were missing; such files would have been found in the wiped unallocated space, even if they were in deleted or only temporary form; the order in question prohibited such wiping; and the defendant conducted such wiping in order to destroy the missing files or copies. The consequences of the court’s decision are profound and far-reaching. The court’s reasoning, however, is in my view suspect both technically and legally, and thus bears close scrutiny. http://www.law.com/jsp/article.jsp?id=1202443834708&rss=newswire BOOK REVIEW In the World of Facebook (NY Review of Books, 25 Feb 2010) - Facebook, the most popular social networking Web site in the world, was founded in a Harvard dorm room in the winter of 2004. Like Microsoft, that other famous technology company started by a Harvard dropout, Facebook was not particularly original. A quarter-century earlier, Bill Gates, asked by IBM to provide the basic programming for its new personal computer, simply bought a program from another company and renamed it. Mark Zuckerberg, the primary founder of Facebook, who dropped out of college six months after starting the site, took most of his ideas from existing social networks such as Friendster and MySpace. But while Microsoft could as easily have originated at MIT or Caltech, it was no accident that Facebook came from Harvard. What is “social networking”? For all the vagueness of the term, which now seems to encompass everything we do with other people online, it is usually associated with three basic activities: the creation of a personal Web page, or “profile,” that will serve as a surrogate home for the self; a trip to a kind of virtual agora, where, along with amusedly studying passersby, you can take a stroll through the ghost town of acquaintanceships past, looking up every person who’s crossed your path and whose name you can remember; and finally, a chance to remove the digital barrier and reveal yourself to the unsuspecting subjects of your gaze by, as we have learned to put it with the Internet’s peculiar eagerness for deforming our language, “friending” them, i.e., requesting that you be connected online in some way. [Editor: Interesting, useful review on the evolution of FaceBook, and some possible futures for it.] http://www.nybooks.com/articles/23651 DIFFERENT Bernstein on the Mystery Behind the Music (New York Times, 15 Feb 2010) - Imagine this: you drop onto the sofa on a Sunday afternoon, switch on the TV and see a dapper young man with a baton standing before an orchestra and demonstrating the patterns conductors use to lead music in different meters — two, three, four and five beats to the bar. He directs his players in a few examples, bits of Beethoven’s Ninth and Schubert’s Eighth Symphonies, Prokofiev’s “Peter and the Wolf,” Waldteufel’s “Skater’s Waltz.” Then he ups the ante, showing how these simple gestures, with subtle modification, are used to coax a fluid, lyrical performance; a playful reading; or an urgently dramatic interpretation from an orchestra. For 48 minutes, this young conductor — Leonard Bernstein, caught on film in 1955 — brings you into the musician’s world, talking about how tempo, dynamics and phrasing express a conductor’s feelings and beliefs about a piece, and how that expressivity affects a listener’s perception of the music. And he offers you a glimpse of his preparation for a performance. Even with hundreds of cable channels to choose from today, the likelihood of running into a show like this is slim. But in the 1950s, when American television viewers had three major networks to choose from — CBS, NBC and ABC — classical music was a part of the standard programming mix. Bernstein’s conducting demonstration was one of seven appearances, now on DVD, that he made on “Omnibus,” a 90-minute program that offered segments on science and the arts, particularly music and theater. It ran from 1952 to 1961, and migrated across the networks, from CBS to ABC in 1956, and to NBC in 1957. http://www.nytimes.com/2010/02/16/arts/music/16bernstein.html?emc=eta1 [Editor: off-point, but a charming article. I knew Bernstein a bit back in college, and the part about him moving into “Village Explainer” mode made me smile; the long quote by Tom Wolfe made me laugh.] RESOURCES A Chronology of Legal Technology, 1842-1995 (Robert Ambrogi, 14 Feb 2010) - http://www.legaline.com/2010/02/chronology-of-legal-technology-1842.html FUN Angry Norwegians in scuba gear chase after Google Street View car (BoingBoing, 9 Feb 2010) - Click here to see the image above in the wild. News story, auto-translated to English in the Norwegian newspaper Aftenposten. More on Google Maps. http://www.boingboing.net/2010/02/09/angry-norwegians-in.html LOOKING BACK - MIRLN TEN YEARS AGO LEGAL WORK UP FOR BID (Wall Street Journal, 12 Apr 2000) - The same entrepreneur who came up with the concept of brokering “pollution credits” now has found a new marketplace to tackle—corporate law. He’s planning to soon launch what amounts to an eBay for the legal industry called eLawForum. Clients will post information on their legal needs and solicit bids from competing law firms, which will then have an incentive to offer lower prices to get the work. Preliminary trials of eLawForum have generated an enthusiastic response from participants, and several competing companies, such as iBidLaw.com, are getting ready to launch their own lawyer-brokering ventures. And while some large, established law firms insist their clients would never abandon them for some Web upstart, smaller firms see the online brokerages as a means of entrée to clients they could otherwise never hope to snare. “It is very hard to crack the New York market,” says C. Boyden Gray, partner in a Washington, DC, law firm. “I think this would actually help us (to compete).” http://interactive.wsj.com/articles/SB955495910135240236.htm A NEW CORPORATE TITLE: ‘CHIEF PRIVACY OFFICER’ A new executive position is showing up on the organization charts of companies such as American Express, Citigroup, Prudential, and AT&T: the Chief Privacy Officer, who has broad powers to protect the privacy of consumers who interact with corporate computer systems. George Washington University professor Lance Hoffman says that the new position “attracts people who have a knowledge of history and law. They know something about technology, and they can’t get techno-dazzled by explanations that don’t hold water. They appreciate what technology can do for good and for evil.” (AP/San Jose Mercury News 11 Jul 2000) http://www.sjmercury.com/svtech/news/breaking/merc/docs/032861.htm MIRLN 2010-02-19T21:55:00-07:00 http://knowconnect.com/mirln/article/mirln_10_30_january_2010_v1302/ http://knowconnect.com/mirln/article/mirln_10_30_january_2010_v1302/#When:21:22:00Z • Heartland, Visa Announce $60 Million Settlement o Heartland Breach Shows Why Compliance Is Not Enough o Data Losses to Incur Fines of Up to £500,000 o The 2009 Ponemon Institute 2009 Annual Study: Cost of a Data Breach • France Ponders Right-To-Forget Law • 10 Tips for Becoming a Smarter, Social Business Person • Swiss Court Declares Transfers of Banking Data to U.S. Authorities Illegal • Court Compares Parties’ Clickwrap Contents, Process In Rejecting Unconscionability Claim • Judge Heaps E-Discovery Costs on Plaintiff • French Court Strikes Down Another SOX Whistleblower Program • U.S. Law Firm That Sued China Reports Cyberattack o US Oil Industry Hit By Cyberattacks: Was China Involved? • Bar Exam Prep Via an iPhone App • California CIO: Open Source Officially Welcome Here • Authenticating Web Pages as Evidence • Learning To Love That Roommate from Hell • Blogs, YouTube Prompt Campaign Finance Ruling • You’ve Been Served • Legal Sites Plan Revamps as Rivals Undercut Price • Courts In Maryland, New Jersey, Florida Declare Mistrials After Juror Internet Research • Sign of the Times: Clorox Seeks Lawyer for Social Media Issues o Company Requires ‘Tweet’ as Part of Law Firms’ RFP Response o Social Networking: A Workplace Policy • Hitting Pause on Class Videos • E-Filing: Then and Now • No Access for the Axis: SourceForge Bows to Government Demands o Cloud Computing and US Export Control Rules • A Little ‘i’ to Teach About Online Privacy • Alaska Superior Court Judge Sides With State, Palin In E-Mail Lawsuit o Michigan State Court Rules that Government Officials’ Personal E-Mails Aren’t Subject to FOIA • S.E.C. Adds Climate Risk to Disclosure List • Connecticut AG the First to File HIPAA Suit NEWS | PODCASTS | RESOURCES | FUN | LOOKING BACK | NOTES Heartland, Visa Announce $60 Million Settlement (BankInfoSecurity, 8 Jan 2010) - Heartland Payment Systems announced today that it will pay Visa-branded credit and debit card issuers up to $60 million to cover losses incurred from the Heartland data breach. It is the largest known settlement amount ever paid to Visa as a result of a breach, eclipsing the TJX settlement of $40.9 million in November 2007. In a statement, Heartland and Visa say the $60 million payment will be subject to certain conditions, including a specified level of participation by Visa issuers. Visa says it will provide issuers details in the coming days. The data breach involved an estimated 130 million credit and debit cards, although not all of them were Visa branded. This settlement with Visa is far larger than Heartland’s $3.6 million settlement with American Express, which was announced in December. http://www.bankinfosecurity.com/articles.php?art_id=2054 - and - Heartland Breach Shows Why Compliance Is Not Enough (ComputerWorld, 6 Jan 2010) - Nearly a year after Heartland Payment Systems Inc. disclosed what turned out to be the biggest breach involving payment card data, the incident remains a potent example of how compliance with industry standards is no guarantee of security. Princeton, N.J.-based Heartland last Jan. 20 disclosed that intruders had broken into its systems and stolen data on what was later revealed to be a staggering 130 million credit and debit cards. That number easily eclipsed the 94 million cards that were compromised in the massive breach disclosed by TJX Companies Inc. in 2007. However, it wasn’t just the scope of the Heartland breach that made it remarkable, but also the company’s insistence that it was certified as fully compliant with the requirements of the Payment Card Industry Data Security Standard (PCI DSS) when it was compromised. http://www.computerworld.com/s/article/9143158/Update_Heartland_breach_shows_why_compliance_is_not_enough?taxonomyId=142 - and - Data Losses to Incur Fines of Up to £500,000 (BBC, 12 Jan 2010) - The Information Commissioner’s Office will be able to issue fines of up to £500,000 for serious data security breaches. The new rule is expected to come into force in the UK on 6 April 2010. It has been approved by Jack Straw MP, Secretary of State for Justice. The size of the fine will be determined after an investigation to assess the gravity of the breach. Other factors will include the size and finances of the organisation at fault. Individual cases will also be assessed on whether the breach was accidental or deliberate, and how much distress the leak of information caused. There have been several high profile data losses in recent years from large organisations including the Ministry of Defence and the DVLA (Driver and Vehicle Licensing Agency). In an official press statement, Information Commissioner, Christopher Graham said he hoped the penalty would encourage companies to comply more closely with the Data Protection Act. http://news.bbc.co.uk/2/hi/technology/8455123.stm - and - The 2009 Ponemon Institute 2009 Annual Study: Cost of a Data Breach (January 26, 2010) - Understanding Financial Impact, Customer Turnover, and Preventive Solutions examines the costs incurred by 45 organizations after experiencing a data breach. Results were not hypothetical responses; they represent the cost estimates of activities resulting from the actual data loss incidents. This is the fifth annual survey of this issues. Breaches included in the survey included ranged from approximately 5,000 records to more than 101,000 records from 15 different industry sectors.” http://www.encryptionreports.com/download/Ponemon_COB_2009_US.pdf [Extremely important annual study, this year with some new findings: e.g., companies that notify victims too quickly incur greater costs; using external consultants to help with breach-response lowers costs significantly; first-timers’ breach costs are higher than those who’ve gone thru earlier responses; pharma/medical companies lose more customers because of breaches] France Ponders Right-To-Forget Law (BBC, 8 January 2010) - From Britney Spears’s musings to the Tiger Woods scandal, information can take a life of its own once it hits the world wide web. B-list celebs and brand-names bustling for public attention can be particularly vulnerable to people with a gripe against them. The impact of all those online revelations has made France consider the length of time that personal information should remain available in the public arena. A proposed law in the country would give net users the option to have old data about themselves deleted. This right-to-forget would force online and mobile firms to dispose of e-mails and text messages after an agreed length of time or on the request of the individual concerned. http://news.bbc.co.uk/2/hi/programmes/click_online/8447742.stm 10 Tips for Becoming a Smarter, Social Business Person (GigaOm, 10 Jan 2010) - The web is filled with social networks: We have Twitter for meeting new people, Facebook for old college buddies, and Bebo for those of us who don’t want to hang out with the mainstream. Those social networks are rarely viewed as corporate services — they’re relaxing at the end of a long workday, not playgrounds for more business activity. But I would argue that social networks provide value to a business person on several levels, whether it be for those furiously working each day in a cubicle or for others closing big deals on the golf course. Social networks can help make you a smarter business person, and there’s a lot of corporate value to be found in them. (Did you know that Dell has made over $6 million from Twitter alone?) It’s time to exploit them for your business, and here’s how * * * http://gigaom.com/2010/01/10/10-tips-for-becoming-a-smarter-social-business-person/ Swiss Court Declares Transfers of Banking Data to U.S. Authorities Illegal (Hunton & Williams, 11 Jan 2010) - On January 8, 2010, the Swiss Federal Administrative Court (“Bundesverwaltungsgericht”) published a decision that declared the transfer of banking data to U.S. law enforcement authorities by the Swiss bank UBS to be illegal. In late 2009, UBS transferred the data of over 300 customers suspected of evading U.S. taxes to the U.S. Department of Justice and Internal Revenue Service following an order issued by the Swiss Financial Market Supervisory Authority (“Finma”) pursuant to an agreement Finma reached with the U.S. authorities. In its decision, dated January 5, the Court found that Finma overstepped its legal authority in ordering the data transfer. Although strictly speaking the Court’s decision was based on Swiss constitutional, administrative and banking secrecy law, rather than data protection law, the decision contains extensive discussion about the fact that the data transfer significantly impaired the customers’ privacy rights as guaranteed by the Swiss constitution and by human rights instruments to which Switzerland is a party. The Swiss government reportedly is considering whether to appeal the decision to the Swiss Supreme Court, and the decision could have important implications for demonstrating the legal difficulties of transferring personal data from Europe to U.S. law enforcement authorities. Lawyers acting for some of the defendants were also reportedly preparing to file criminal charges against UBS executives and Finma employees for transferring the data illegally. http://www.huntonprivacyblog.com/2010/01/articles/information-security/swiss-court-declares-transfers-of-banking-data-to-us-authorities-illegal/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+PrivacyInformationSecurityLawBlog+%28Privacy+%26+Information+Security+Law+Blog%29&utm_content=Google+Reader Court Compares Parties’ Clickwrap Contents, Process In Rejecting Unconscionability Claim (BNA’s Internet Law News, 14 Jan 2010) – BNA’s Electronic Commerce & Law Report reports that the U.S. District Court for the Southern District of Indiana held Dec. 22 that clickwrap terms of service, which an appliance company employee clicked to accept when signing up for an online advertising program, formed a binding agreement, rejecting a procedural unconscionability challenge. Case name is Appliance Zone LLC v. NexTag Inc. Judge Heaps E-Discovery Costs on Plaintiff (Law.com, 14 Jan 2010) - In an action that electronic discovery experts say may signal a sea change in how legal costs are apportioned after trial, a federal judge in Atlanta has ordered the losing company in a patent infringement action to pay more than $268,000 in costs to its opponents for the services of a computer consultant hired to fulfill broad discovery demands. In a Dec. 30 order, U.S. District Judge Thomas W. Thrash Jr. derided the patent infringement case that Cordele, Ga.-based software company CBT Flint Partners filed in 2007 against California company Cisco IronPort Systems (part of technology giant Cisco Systems) as well as the tactics of CBT’s counsel at Atlanta’s King & Spalding. Thrash stopped short of awarding legal fees in the case, however. Cisco IronPort had requested legal fees of more than $1.2 million and its co-defendant, Return Path, an international e-mail and internet technology vendor, had requested $590,000. Both prevailed in the litigation. In his order, Thrash called CBT’s patent infringement claims “objectively baseless” but found that, “although CBT and counsel exercised poor legal judgment in pursuing this action, there is not clear and convincing evidence that the pre-filing investigation was so pathetic as [to] justify an inference of bad faith.” http://www.law.com/jsp/article.jsp?id=1202437930333&rss=newswire&hbxlogin=1 French Court Strikes Down Another SOX Whistleblower Program (Steptoe & Johnson’s E-Commerce Law Week, 14 Jan 2010) - France’s highest court of appeals has ruled that multinational company Dassault Systèmes violated the law by instituting a whistleblower system that included uses not authorized by France’s data protection authority, the Commission Nationale de l’Informatique et des Libertés (CNIL), and by not notifying employees of their right to access, correct, and object to data collected about them. Dassault, which is listed on the New York Stock Exchange, had adopted its whistleblowing system to comply with the U.S. Sarbanes-Oxley Act (SOX), but extended the reporting requirements beyond financial issues without gaining CNIL’s explicit authorization. The court also found that the company’s requirement that employees obtain permission before using company information violated employees’ free speech rights. http://www.steptoe.com/publications-6567.html U.S. Law Firm That Sued China Reports Cyberattack (Law.com 15 Jan 2010) - A Los Angeles law firm that recently filed a $2.2 billion copyright infringement suit against the People’s Republic of China said that it has become the target of cyberattacks originating in China. “I was the first one to get one of these e-mails,” said Gregory Fayer, a lawyer at Gipson Hoffman & Pancione, which began receiving unsolicited e-mails on its firm computers on Monday. “Something about it didn’t seem right. It didn’t seem quite in the manner in which the person who was supposedly sending it to me would put something, and so I called up the other attorney and said: ‘Did you just send me an e-mail?’ That person said, ‘No.’ That’s how we discovered the first one.” Fayer, who is handling the suit, could not say whether the attacks on the firm were related to it but noted, “It is difficult to believe that the timing is merely coincidental.” The e-mails came the same week that Google Inc. declared that it would stop complying with Chinese censorship requirements for the Internet following reports that several of its computer systems had drawn cyberattacks believed to originate in China. Some of the attacks were aimed at Chinese human rights activists’ Gmail accounts. The firm has contacted the FBI and U.S. Rep. Anna Eshoo, D-Calif., a senior member of the House Permanent Select Committee on Intelligence, who on Tuesday urged companies to come forward about suspected cyberattacks in light of the Google revelation. Fayer said that he and his colleagues already were on “high alert” when the firm filed a $2.2 billion copyright infringement suit on Jan. 5 on behalf of a software firm in Santa Barbara, Calif., against the Chinese government, two Chinese software makers and seven major computer manufacturers that helped distribute Green Dam Youth Escort software. http://www.law.com/jsp/article.jsp?id=1202438338267&rss=newswire&hbxlogin=1 [Editor: GhostNet compromised other US law firms’ files—possibly comprehensively—in early 2009; clients apparently were not informed. The FBI finally issued a warning in early November: ]http://files.knowconnect.com/public/cyber_advisory.pdf] - and - US Oil Industry Hit By Cyberattacks: Was China Involved? (Christian Science Monitor, 25 Jan 2010) - At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage. The oil and gas industry breaches, the mere existence of which has been a closely guarded secret of oil companies and federal authorities, were focused on one of the crown jewels of the industry: valuable “bid data” detailing the quantity, value, and location of oil discoveries worldwide, sources familiar with the attacks say and documents obtained by the Monitor show. The companies – Marathon Oil, ExxonMobil, and ConocoPhillips – didn’t realize the full extent of the attacks, which occurred in 2008, until the FBI alerted them that year and in early 2009. Federal officials told the companies proprietary information had been flowing out, including to computers overseas, a source familiar with the attacks says and documents show. The data included e-mail passwords, messages, and other information tied to executives with access to proprietary exploration and discovery information, the source says. What these guys [corporate officials] don’t realize, because nobody tells them, is that a major foreign intelligence agency has taken control of major portions of their network,” says the source familiar with the attacks. “You can’t get rid of this attacker very easily. It doesn’t work like a normal virus. We’ve never seen anything this clever, this tenacious.” http://www.csmonitor.com/USA/2010/0125/US-oil-industry-hit-by-cyberattacks-Was-China-involved [I worked in this sector; we saw national governments trying to access oil field reservoir data back in the 1990s.] Bar Exam Prep Via an iPhone App (LawSites, 18 Jan 2010) - At $999, it is the most expensive app available for the iPhone. But this one may actually be worth it, as TechCrunch reports. Called BarMax CA, it is a full-fledged preparation course for the California bar exam, offered entirely on the iPhone, at a third to a quarter less than the price of a BarBri course. The app was the brainchild of Mike Ghaffary, a graduate of both Harvard Law School and Harvard Business School. He pulled together a team of Harvard law grads to create the app. What does the app offer? A lot, says TechCrunch: “The app is over 1 gigabyte in size, which is the largest application I’ve ever seen. It includes thousands of pages of materials as well as hundreds of hours of audio lectures. It’s all the information you could ever want for the two-month course. And again, it can be done all on your iPhone. That said, if you do want some more tangible paperwork for certain sections, BarMax will send you that electronically as well.” By the end of the year, the company plans to add bar-exam apps for New York and five other states. It may also offer a version for just the multi-state for $500. http://www.legaline.com/2010/01/bar-exam-prep-via-iphone-app.html California CIO: Open Source Officially Welcome Here (ArsTechnica, 20 Jan 2010) - The Chief Information Officer (CIO) of the state of California has issued an IT policy letter to formally affirm that open source software is acceptable for use by government agencies in California. As the state lies crushed beneath the burden of an unprecedented $20 billion deficit, government officials are looking for ways to cut spending and manage infrastructure more efficiently. Reducing vendor lock-in and giving more consideration to free and open source software could help the state improve its financial health. The same dynamic is also true at the national level. Last year, the national governments of Canada and the UK both began formulating open source IT strategies. The US Department of Defense, which has a history of open source advocacy, issued a memo last year highlighting the advantages of open source adoption. http://arstechnica.com/open-source/news/2010/01/california-cio-issues-it-policy-letter-about-open-source.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss Authenticating Web Pages as Evidence (Law.com, 21 Jan 2010) - Plaintiff sues your client, claiming that his injuries have significantly affected his lifestyle. He is unable to work, travel or bowl. Not surprisingly, his spouse alleges loss of consortium. On the eve of trial, you discover pictures and other details on a social networking website about plaintiff’s recent trip to the International Bowling Museum & Hall of Fame, including a picture of plaintiff proudly holding a fluorescent orange bowling ball and a four-foot tall gilded trophy dated four days earlier. As you approach the witness with printouts of the web pages, you are stopped in your tracks: “Objection, lack of foundation.” It is now routine for litigators to conduct internet research to work up a case. Indeed, for many litigators, one of the first things they do is see what is available about the opposing party, searching Google, social networking sites like Twitter, MySpace and Facebook, and the party’s personal websites. During the life of any case, there will likely be valuable information obtained from the internet that will be used at deposition or trial. Commonly, the proponent of online evidence will present a screen shot of the web page, which was either downloaded as a .pdf or printed directly from the website. The process is like taking a photograph of the image as it appears on the monitor. In general, this captures not only the look, but also the download date and the URL. If proper steps are not taken to admit the evidence, the value of this information may be lost. [Editor: article continues usefully.] http://www.law.com/jsp/article.jsp?id=1202439301020&rss=newswire Learning To Love That Roommate from Hell (Steptoe & Johnson’s E-Commerce Law Week, 21 Jan 2010) - Back when it was decided, the Ninth Circuit’s en banc decision in Fair Housing Council of San Fernando Valley v. Roommates.com, LLC struck fear in the hearts of website operators who depend on user-generated content because it seemed to open a gaping hole in the immunity shield provided by section 230 of the Communications Decency Act (47 U.S.C. § 230(c)(1)) (CDA). As we’ve previously reported, the Ninth Circuit held that Roommates.com forfeited its CDA immunity when it “encourag[ed] illegal content” by offering users limited content options via drop-down menus as a precondition for using the service. But since then, most courts have interpreted Roommates.com narrowly, thus assuaging some of the concern that the section 230 aegis would be reduced to tatters. The Fourth Circuit recently continued that trend in Nemet Chevrolet Ltd., et al., v Consumeraffairs.com, Incorporated, rejecting claims that a website acted as an “information content provider”—and thereby lost its immunity—by soliciting, revising, and categorizing consumer complaints in order to “attract attention by consumer class action lawyers.” http://www.steptoe.com/publications-6580.html Blogs, YouTube Prompt Campaign Finance Ruling (CNET, 21 Jan 2010) - The U.S. Supreme Court’s sweeping ruling on Thursday that invalidated large chunks of campaign finance law arose in part from an unlikely source: the emergence of Facebook, YouTube, and blogs, and the decline of traditional media outlets. A 5-4 majority concluded that technological changes have chipped away at the justification for a law that allows individuals to create a blog with opinions about a political candidate--but threatens the ACLU, the National Rifle Association, a labor union, or a corporation with felony charges if they do the same. The now-invalidated law “would seem to ban a blog post expressly advocating the election or defeat of a candidate if that blog were created with corporate funds,” Justice Anthony Kennedy wrote in the majority opinion (PDF). “The First Amendment does not permit Congress to make these categorical distinctions based on the corporate identity of the speaker and the content of the political speech.” Eugene Volokh, a law professor at UCLA, called it the “first appearance” of the word “blog” in a Supreme Court opinion. And Google’s video-sharing site is singled out in the conclusion, with Kennedy writing that “skits on YouTube.com” that cast politicians in an unflattering light could give rise to “felony” charges if a corporation dared to post them. Kennedy added: “Rapid changes in technology--and the creative dynamic inherent in the concept of free expression--counsel against upholding a law that restricts political speech in certain media or by certain speakers. Today, 30-second television ads may be the most effective way to convey a political message. Soon, however, it may be that Internet sources, such as blogs and social-networking Web sites, will provide citizens with significant information about political candidates and issues.” http://news.cnet.com/8301-13578_3-10439023-38.html You’ve Been Served (Tech Bankruptcy blog, 22 Jan 2010) - BBC News reported a couple of months ago about a British court allowing service of a court order using Twitter. Twitter is, for those who do not yet know, an on-line network allowing users to post short messages that are then broadcast to a list of subscribers. In the particular case, a political blogger named Donal Blarney sought an order enjoining another user of the Twitter service. Because the target of the court injunction had not yet actually been identified, the court allowed the injunction to be served via a posting on Twitter. The posting gave notice of the court order and, because twitter postings are very limited in length, contained a link to the order itself. Apparently, according to a story in The Register, the tactic succeeded. The malefactor did in fact receive the notice of the order and agreed to comply with the order. Would similar tactics work in the U.S. Bankruptcy Court? Perhaps in limited circumstances. Fed. R. Civ. P. 5(b)(2)(D) and Fed. R. Bankr. P. 7005 allow service by “electronic means” when the recipient has previously consented in writing. Service is effective on transmission. This rule was designed to allow service by e-mail through the ECF system, but there really is no reason why other means could not be used as well. The catch is, of course, getting that advance written consent. http://tech-bankruptcy.blogspot.com/2010/01/youve-been-served.html Legal Sites Plan Revamps as Rivals Undercut Price (New York Times, 24 Jan 2010) - Westlaw and LexisNexis, the dominant services in the market for computerized legal research, will undergo sweeping changes in a bid to make it easier and faster for lawyers to find the documents they need. Lawyers and researchers paying to go online to find court cases and other legal documents should find better-looking interfaces, more relevant search results and new tools for document-sharing and other collaboration. The changes to the research services are a reaction by Westlaw and LexisNexis to lower-priced — sometimes free — rivals and arrive at a time when law firms are working to cut overhead. The two companies also want to cater to a younger generation of lawyers accustomed to slick Web services and the search interfaces presented by companies like Google and Microsoft. Westlaw will introduce its changes on Feb. 1; LexisNexis has yet to specify a date. Because of advances in computing power and computer science, lawyers can now search all the databases in a given jurisdiction, rather than having to hand-select the pools of information they believe might be relevant to a given case. Most important, according to Mr. Dahn, the WestlawNext service has a revamped search system that allows lawyers to type in general requests, as they might on Google, rather than their typical narrow searches. The search system also relies on algorithms to find documents related to a case that the lawyers may not have thought they needed. http://www.nytimes.com/2010/01/25/technology/25westlaw.html?ref=business Courts In Maryland, New Jersey, Florida Declare Mistrials After Juror Internet Research (Citizen Media Law Project, 25 Jan 2010) - Appeals courts in Maryland and New Jersey appear to be the first to reverse jury verdicts because of social media use by jurors during trial. http://www.citmedialaw.org/blog/2010/courts-maryland-new-jersey-florida-declare-mistrials-after-juror-internet-research?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+CitizenMediaLawProject+(Citizen+Media+Law+Project) Sign of the Times: Clorox Seeks Lawyer for Social Media Issues (ABA Journal, 25 Jan 2010) - Clorox is hiring an in-house lawyer to focus on legal issues surrounding social media. The company’s ad for a social media legal expert is “rather surprising,” but it’s a sign of the times, Advertising Age reports. Many companies already use social media to promote their products, and Clorox is no exception, Advertising Age says. The company has Facebook fan pages for Clorox and Brita, uses Twitter to solicit product ideas, and solicits reader feedback on its new blog Understanding Bleach. A job description posted at JDHunter.com says the new hire at Clorox will be expected to provide legal counsel on managing and securing advertising content “especially as it relates to social media and other Web 2.0 executions, TV and radio.” Among other things, the new lawyer will be expected to draft celebrity talent contracts that apply across multimedia platforms, advise on music and video licensing across platforms, and advise on the application of privacy laws to the collection of consumers’ information. Advertising Age interviewed Jack Greiner, an attorney with Cincinnati’s Graydon Head & Ritchey who listed social media as a specialty on LinkedIn. He said the in-house lawyer may want to tackle the issue of how Clorox employees talk about the company and its products on social media by writing a policy establishing the ground rules. The new lawyer would also be wise to counsel against unwise moves that could be used by competitors to gain attention, he said. As an example, he cites the infringement suit filed by The North Face against a clothing upstart called The South Butt. In the end, he said, The North Face became the butt of South Butt’s joke. http://www.abajournal.com/mobile/article/sign_of_the_times_clorox_seeks_lawyer_for_social_media_issues [Editor: I gave a presentation on this on 12 January; key lesson: be careful of issuing policies that over-restrict use of social media, and of lawyers’ natural, too-conservative tendencies. PowerPoint presentation here: ]http://www.knowconnect.com/policies/cat/e_policy_presentations] - and - Company Requires ‘Tweet’ as Part of Law Firms’ RFP Response (Law.com, 21 Jan 2010) - In a post yesterday, Larry Bodine’s LawMarketing Blog gave us an update on an interesting RFP issued last year by a company called FMC Technologies. The beauty contest is now down to the final cut. Not only did FMC post the RFP on Legal OnRamp, an online social network for in-house lawyers, it also required interested law firms to “state in a Tweet on Twitter (140 character limit) why FMC should hire the law firm.” Keep in mind that this all occurred in May 2009, when Twitter was even more of a mystery to law firms than it is today. Fifty law firms downloaded the two-page RFP, but as Corporate Counsel reporter Amy Miller wrote last June, BigLaw was generally reluctant to participate. Bodine reports that the following eight firms tweeted and made the final cut: • Beirne, Maynard & Parsons • The Law Offices of Tom Fulkerson • Littler Mendelson • Seyfarth Shaw • Summit Law Group • Sutherland Asbill & Brennan • Valorem Law Group • Womble Carlyle Sandridge & Rice FMC’s general counsel, Jeffrey Carr, is on the board of the Association of Corporate Counsel, and has strong views on the existing model for legal service delivery. He views it as unsustainable and states that it is “antiquated, inefficient and ineffective and it fails to deliver value to the client by avoiding—indeed by punishing—those that leverage prior work product, streamline processes and focus on profitability by cost reduction as opposed to top line revenue growth.” Carr says he employed this type of digital/social RFP because he was seeking tech-savvy firms that offered alternative fees and online billing. http://legalblogwatch.typepad.com/legal_blog_watch/2010/01/twitter-required-company-requires-tweet-as-part-of-law-firms-rfp-response.html?utm_source=twitterfeed&utm_medium=twitter - and - Social Networking: A Workplace Policy (Law.com, 22 Jan 2010) - The first part of this article addressed issues surrounding the effect of the internet on hiring and firing in the 21st Century. This article discusses the laws that impact social networking in the workplace and provides guidance on developing a social networking and blogging policy. Many states have enacted off-duty conduct statutes, which prohibit an employer from disciplining an employee for engaging in lawful conduct while away from the employer’s premises. These states include, most notably, California, Colorado and New York. However, these statutes also provide exceptions that allow employers to limit otherwise lawful, off-duty conduct where it creates a material conflict of interest for the employer or is reasonably related to the employee’s job. For example, the New York statute allows an employer to discharge an employee for off-duty conduct that creates a material conflict of interest related to trade secrets, proprietary information, or some other business interest. http://www.law.com/jsp/article.jsp?id=1202439369681&rss=newswire [Editor: much more here.] Hitting Pause on Class Videos (InsideHigherEd, 26 Jan 2010) - In the latest clash of copyright law and instructional technology, the University of California at Los Angeles has stopping allowing faculty members to post copyrighted videos on their course Web sites after coming under fire from an educational media trade group. The policy, enacted earlier this month, has been planned since last fall, when the Association for Information and Media Equipment — a group that protects the copyrights of education media companies — charged the university with violating copyright laws by posting the videos to the password-protected course Web pages without the proper permissions. Copyright law does include exemptions for professors who wish to use audiovisual media “in the course of face-to-face teaching activities of a nonprofit educational institution, in a classroom or similar place devoted to instruction” — so long as the professor is not showing media that he or she knows has been made illegally. The university said streaming the video on a password-protected Web site, where only students who are registered members of the class can access it, satisfies these criteria. But the trade group is arguing that a password-protected space on the Web is not a classroom. “The face-to-face teaching exemption allows a video to be played in class, not streamed to the classroom from a remote location,” Dohra said in an e-mail. “As to the fair use claim, when videos are streamed to students outside the classroom, password protection may limit access to some degree. However, requiring a password doesn’t make an infringement fair use.” http://www.insidehighered.com/news/2010/01/26/copyright E-Filing: Then and Now (New York Law Journal, 26 Jan 2010) - Over the past decade, we have witnessed a technological revolution that has fundamentally changed our lives. We now routinely check the internet for news updates and shop online, not to mention social networking and tweets. Even in the staid and traditional world of justice, we are affected by this revolution. A little over 10 years ago the New York state Legislature enacted Chapter 367 of the Laws of 1999, which created a pilot program to test electronic filing (“e-filing”) in certain civil cases. When the New York State Courts Electronic Filing System was introduced in 1999, only one case was e-filed all year. Ten years later, e-filing by New York’s legal community has increased exponentially. Since 2002, the number of attorneys registered to e-file their cases has grown from 300 to over 13,000 currently registered. As of the end of 2009, over 200,000 cases and over 500,000 documents have been e-filed with the system. After 10 years of acceptance and growth, electronic filing in the state courts significantly advanced with the enactment of Chapter 416 of the Laws of 2009, effective Sept. 1, 2009. With this new legislation, electronic filing now has a permanent place in New York’s legal system. The legislation makes three important changes to New York’s e-filing program. http://www.law.com/jsp/article.jsp?id=1202439497847&rss=newswire No Access for the Axis: SourceForge Bows to Government Demands (ReadWriteWeb, 26 Jan 2010) – SourceForge one of the primary distribution hubs of the open source software movement, has shut its doors to visitors from a number of countries, saying that it is working to be in compliance with existing U.S. laws. In a blog post yesterday, the site responded to rumors around the Twittersphere that various users from outside the U.S. were now unable to access the site. The open source movement has always been community based, working outside of standard boundaries and borders, and some see this as going against those basic tenets. Here is the reasoning for the move in SourceForge’s own words: Since 2003, the SourceForge.net Terms and Conditions of Use have prohibited certain persons from receiving services pursuant to U.S. laws, including, without limitations, the Denied Persons List and the Entity List, and other lists issued by the U.S. Department of Commerce, Bureau of Industry and Security. The specific list of sanctions that affect our users concern the transfer and export of certain technology to foreign persons and governments on the sanctions list. The site began using automatic IP blocking last week and users from a number of countries, including Cuba, Iran, North Korea, Sudan, and Syria, are now unable to access the site. While some are calling foul and declaring the premature death of the open source movement, we have to assume that the technologically savvy users accessing the site would know how to get around a simple IP-based filter. Whether using a tool like Tor or a proxy service like HotSpot Shield, it can’t be all that difficult to access the site. http://www.readwriteweb.com/archives/no_access_for_the_axis.php?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+readwriteweb+(ReadWriteWeb) - and - Cloud Computing and US Export Control Rules (Roland Trope, 26 Jan 2010) - Enterprises are giving increasing consideration to the promised benefits of renting storage, processing, and applications hosted beyond their premises on third party servers that can be accessed wirelessly (i.e., “cloud computing”). However, there are growing concerns that companies and professionals (e.g., lawyers, doctors, engineers, accountants) may not understand the inherent risks of entrusting sensitive data to the “cloud.” One risk is that enterprises responsible for export-controlled data (i.e., data subject to the “dual-use” controls of the Export Administration Regulations (EAR), or the defense article controls of the International Traffic in Arms Regulations (ITAR)) will belatedly learn that the data they released to the “cloud” has been transferred by the cloud service provider from servers located in the U.S. to servers located overseas without a license and thus in violation of the EAR and/or the ITAR. One cloud service provider, apparently worried about its own potential liability, obtained back in January 2009 an advisory opinion from the Bureau of Industry and Security on the applicability of the EAR to the service provider’s cross-border transfers of customers’ data. http://www.bis.doc.gov/policiesandregulations/advisoryopinions/jan13_2009_ao_on_cloud_grid_computing.pdf The opinion noted that providing computation capacity via the cloud would not be subject to the EAR, but that if the provider “ships or transmits software that is subject to the EAR, an ‘export’ would occur.” The opinion further noted that an export of data via the “cloud” would be for the benefit of the user, not the provider, and that therefore the user (or customer) would be responsible for compliance with the EAR (and, by implication, potentially liable for any noncompliance). Since the ITAR are more restrictive and are interpreted and enforced not by the BIS, but by the State Department’s Directorate of Defense Trade Controls, enterprises should not rely on the BIS opinion for guidance on their responsibilities for ITAR compliance when using “cloud” services. [Roland Trope is a partner in the New York offices of Trope and Schramm LLP, and can be contacted at rltrope@tropelaw.com] A Little ‘i’ to Teach About Online Privacy (New York Times, 27 Jan 2010) – A little blue symbol is carrying big implications. Trying to ward off regulators, the advertising industry has agreed on a standard icon — a little “i” — that it will add to most online ads that use demographics and behavioral data to tell consumers what is happening. Jules Polonetsky, the co-chairman and director of the Future of Privacy Forum, an advocacy group that helped create the symbol, compared it to the triangle made up of three arrows that tells consumers that something is recyclable. The idea was “to come up with a recycling symbol — people will look at it, and once they know what it is, they’ll get it, and always get it,” Mr. Polonetsky said. Most major companies running online ads are expected to begin adding the icon to their ads by midsummer, along with phrases like “Why did I get this ad?” When consumers click on the icon, a white “i” surrounded by a circle on a blue background, they will be taken to a page explaining how the advertiser uses their Web surfing history and demographic profile to send them certain ads. http://www.nytimes.com/2010/01/27/business/media/27adco.html?scp=1&sq=polonetsky&st=cse Alaska Superior Court Judge Sides With State, Palin In E-Mail Lawsuit (JuneauEmpire.com, 25 Jan 2010) - An Alaska judge has sided with former Gov. Sarah Palin in a lawsuit over e-mail, finding that state law doesn’t forbid the use of private e-mail accounts to conduct state business. http://juneauempire.com/stories/012510/sta_554316966.shtml?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+StatelineorgRss-Technology+(Stateline.org+RSS+-+Technology) - and - Michigan State Court Rules that Government Officials’ Personal E-Mails Aren’t Subject to FOIA (AnnArbor.com, 27 Jan 2010) - A sweeping decision released by the Michigan Court of Appeals today places new limits on the state’s Freedom of Information Act, concluding that personal e-mails exchanged between government officials are not subject to disclosure. The ruling stems from a case out of Livingston County Circuit Court involving the Howell Education Association, the Howell Board of Education and Howell Public Schools. The state appeals court ruled this week that e-mails exchanged between teachers union officials on a school district’s computer system are not subject to FOIA. The three-judge panel reversed a lower court ruling from 2007 that found e-mails stored on the school system’s server were public records. According to the new ruling, only records created to further a public institution’s official duties are subject to FOIA and that “personal communication,” even if related to school issues such as union contract negotiations, are exempt. http://www.annarbor.com/news/state-court-rules-that-government-officials-personal-e-mails-arent-subject-to-foia/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+StatelineorgRss-Technology+(Stateline.org+RSS+-+Technology) S.E.C. Adds Climate Risk to Disclosure List (New York Times, 28 Jan 2010) - The Securities and Exchange Commission said on Wednesday for the first time that public companies should warn investors of any serious risks that global warming might pose to their businesses. Although the agency has long required companies to reveal possible financial or legal impacts from a variety of environmental challenges, it has never specifically cited climate change as bringing potentially significant business risks or rewards. The S.E.C., on a party-line 3-2 vote, issued “interpretive guidance” to help companies decide when and whether to disclose matters related to climate change. The commission said that companies could be helped or hurt by climate-related lawsuits, business opportunities or legislation and should promptly disclose such potential impacts. Banks or insurance companies that invest in coastal property that could be affected by storms or rising seas, for example, should disclose such risks, the agency said. http://www.nytimes.com/2010/01/28/business/28sec.html?ref=business [Editor: Why is this in MIRLN? Climate-change risk is more speculative than security-breach risk; Y2K risks were disclosed in 1999, and the SEC may turn its sights now to security-breach risk.] Connecticut AG the First to File HIPAA Suit (Steptoe & Johnson’s E-Commerce Law Week, 28 Jan 2010) - Connecticut Attorney General (and senatorial candidate) Richard Blumenthal has become the first state attorney general to file a complaint for violation of the Health Insurance Portability and Accountability Act (HIPAA). State attorneys general were granted the authority to enforce HIPAA by the Health Information Technology for Economic and Clinical Health (HITECH) Act, which amended HIPAA as part of the American Recovery and Reinvestment Act of 2009. Blumenthal has sued Health Net of the Northeast, Inc., and affiliated and successor companies in federal court in Connecticut after a portable computer disk drive holding the protected health information and other personal information of 1.5 million customers disappeared from the company’s Connecticut office. Blumenthal has also alleged that Health Net violated Connecticut’s breach notification law by delaying notification of affected individuals for six months. Blumenthal is seeking injunctive relief and damages. http://www.steptoe.com/publications-6595.html NOTED PODCASTS BooksAhead.com (Mitch Ratcliffe, IT Conversations) - Calling from the 2010 CES in Las Vegasi, tech journalist Mitch Ratcliffe joins Phil and Scott to discuss the future of books, reading, and publishing. He talks about how his blog Booksahead.com is a platform to discuss authors and publishing, as well as news about the industry. He also reviews new mobile devices, including E-Book readers and tablet computers, as well as the Sophie Project, open source software for writing and reading. http://itc.conversationsnetwork.org/shows/detail4361.html [Interesting 45 minute discussion about an expansive, evolutionary future for e-books, with crowd-sourced annotations, social-network asynch recommendations and discussions, author-feedback systems, and perpetual cloud-libraries. ONE STAR.] Data Mining Spurs Innovation, Threatens Privacy (NPR, 18 Dec 2009; 22 minute audio segment) - By analyzing cell phone movements and online search queries, scientists can monitor traffic in real time and track disease outbreaks more efficiently, but at what cost to privacy? Computer scientists Tom Mitchell and Deborah Estrin discuss the pros and cons of crowd sourcing personal data. http://www.npr.org/templates/story/story.php?storyId=121615586 [Story driven by “Mining Our Reality”, from the 18 December 2009 issue of Science Magazine, and available here: ]http://www.scribd.com/doc/24279809/Mining-our-Reality-by-Tom-Mitchell-Carnegie-Mellon-University] RESOURCES Exclusive First Look: Fastcase iPhone App (Robert Ambrogi’s blog, 25 Jan 2010) - The legal research service Fastcase is preparing to launch an application that will let users research cases and statutes on their iPhones, all for free. The app is awaiting final approval from Apple before it will be available in the App Store. Fastcase granted me an exclusive first look at a pre-release version of the app. Here is what I found. http://www.legaline.com/2010/01/exclusive-first-look-fastcase-iphone.html Panopticlick (by EFF) - Is your browser configuration rare or unique? If so, web sites may be able to track you, even if you limit or disable cookies. Panopticlick tests your browser to see how unique it is based on the information it will share with sites it visits. Click below and you will be given a uniqueness score, letting you see how easily identifiable you might be as you surf the web. http://panopticlick.eff.org/ Google Reader Lets You Subscribe to Any Page on the Web (Mashable, 25 Jan 2010) - RSS technology makes it possible for anyone to keep up with fresh content without having to visit the site in question. Now the same holds for webpages without RSS thanks to a new Google Reader feature. Today Google has rolled out a subtle change to Google Reader that lets you create custom feeds to track pages that don’t already have them. So you can subscribe to updates for any webpage simply by typing the URL into the “Add a subscription” text box. Should you put the new feature to work, you’ll start to receive short snippets for any updates made to the pages, and Google asserts that it’s committed to improving the quality of these tiny blurbs over time. On the flip side, webpage owners can choose to opt out by adjusting a few lines of code. http://mashable.com/2010/01/25/google-reader-custom-feeds/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Mashable+(Mashable) FUN Michael Jackson’s Thriller Inmates, The Sequel: This Is It [VIDEO] (Mashable, 25 Jan 2010) - A new video of hundreds of prison inmates performing a dance routine inspired by the Michael Jackson documentary “This Is It” is something of a sequel to one of the most popular viral videos of all time. Two years ago, a video of 1,500 inmates in the Philippines’ Cebu Provincial Detention and Rehabilitation Center dancing a routine set to Michael Jackson’s “Thriller” was uploaded to YouTube. Since then, it’s reached more than 37 million views. Prison Chief Byron F. Garcia has actually released several videos since “Thriller.” The prison has even become a tourist spot, putting on a monthly performance, selling souvenir shirts and offering visitors chances to have their pictures taken with the dancing inmates. None of the previous videos have come close to the viral success of “Thriller,” though. But now that MJ has sadly passed on, we thought it appropriate to share this performance. It was actually made possible by MJ’s choreographer, Travis Payne. He and two dancers (Daniel Celebre and Dres Reid) taught the inmates all the steps. Go ahead and watch both the dance routine based on “This Is It” (set to “They Don’t Care About Us”) and the classic “Thriller” video below if you like dancing. Hey, we all do — that’s why videos like these are so insanely popular. http://mashable.com/2010/01/25/inmates-this-is-it-michael-jackson/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Mashable+(Mashable) LOOKING BACK - MIRLN TEN YEARS AGO CIA Says Cyber Threat from Russia and China is Developing (24 February 2000) The CIA says that there is evidence of “dedicated offensive cyber warfare programs” in China and Russia. Because they know they would lose in conventional warfare confrontation, the countries are focusing on honing their cyber attack capabilities. The US plans to do the same. http://www.computerworld.com/home/print.nsf/all/000224EF6A http://www.zdnet.com/zdnn/stories/news/0,4586,2445516,00.html MIRLN 2010-01-29T21:22:00-07:00 http://knowconnect.com/mirln/article/mirln_20_december_9_january_2010_v1301/ http://knowconnect.com/mirln/article/mirln_20_december_9_january_2010_v1301/#When:22:05:00Z • Surveillance Shocker: Sprint Received 8 MILLION Law Enforcement Requests for GPS Location Data in the Past Year • Lawyers Can Post Clients’ Files on Web • Heartland pays Amex $3.6M over 2008 data breach o Massachusetts’s Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift o Even Extortion of Breached Company Doesn’t Help Plaintiff Show Concrete Injury, Court Finds • Should a Case Go Webwide? • Ghostnet and the Unclassified Crisis • Copyright Claim Based on Taping Fashion Show • Background Checks For All With BeenVerified’s iPhone App • Drunk Drivers in Texas to Be Named on Twitter • No Private Right of Action to Enforce Connecticut Electronic Monitoring Statute • Long arm of law reaches into World of Warcraft • Court’s Ruling Holds One Shiny Gift and One Lump of Coal for Employers • Harnessing Free-Flowing Competitive Intelligence Through Social Media Sites • Whatever happened to Second Life? • FTC set to examine cloud computing • Calif. Federal Judge OKs Posting of Prop 8 Trial to YouTube • Ohio Court Gives Criminals Another Reason to Love Their Smart (and Not-So-Smart) Phones • Internet pirates find ‘bulletproof’ havens for illegal file sharing NEWS | PODCASTS | RESOURCES | FUN | LOOKING BACK | NOTES Surveillance Shocker: Sprint Received 8 MILLION Law Enforcement Requests for GPS Location Data in the Past Year (EFF, 1 Dec 2009) - This October, Chris Soghoian — computer security researcher, oft-times journalist, and current technical consultant for the FTC’s privacy protection office — attended a closed-door conference called “ISS World”. ISS World — the “ISS” is for “Intelligence Support Systems for Lawful Interception, Criminal Investigations and Intelligence Gathering” — is where law enforcement and intelligence agencies consult with telco representatives and surveillance equipment manufacturers about the state of electronic surveillance technology and practice. Armed with a tape recorder, Soghoian went to the conference looking for information about the scope of the government’s surveillance practices in the US. What Soghoian uncovered, as he reported on his blog this morning, is more shocking and frightening than anyone could have ever expected. At the ISS conference, Soghoian taped astonishing comments by Paul Taylor, Sprint/Nextel’s Manager of Electronic Surveillance. In complaining about the volume of requests that Sprint receives from law enforcement, Taylor noted a shocking number of requests that Sprint had received in the past year for precise GPS (Global Positioning System) location data revealing the location and movements of Sprint’s customers. That number? EIGHT MILLION. Sprint received over 8 million requests for its customers’ information in the past 13 months. That doesn’t count requests for basic identification and billing information, or wiretapping requests, or requests to monitor who is calling who, or even requests for less-precise location data based on which cell phone towers a cell phone was in contact with. That’s just GPS. And, that’s not including legal requests from civil litigants, or from foreign intelligence investigators. That’s just law enforcement. And, that’s not counting the few other major cell phone carriers like AT&T, Verizon and T-Mobile. That’s just Sprint. Here’s what Taylor had to say; the audio clip is here and we are also mirroring a zip file from Soghoian containing other related mp3 recordings and documents. https://www.eff.org/deeplinks/2009/12/surveillance-shocker-sprint-received-8-million-law Lawyers Can Post Clients’ Files on Web (Arizona Central, 17 Dec 2009) - Lawyers can make their clients’ files available to them on the World Wide Web but only if they take proper safety precautions, the Ethics Committee of the State Bar of Arizona concluded. In a formal written opinion, the panel gave the go-ahead to a lawyer to let clients view and retrieve their own files. Committee members said the plan, as sketched out for them in an inquiry from the attorney, did not run afoul of existing ethics rules about what lawyers must do to safeguard client information. But the committee cautioned that their approval was based on the kind of security the lawyer promised to set up, both in encrypting the files and taking other methods to preclude unauthorized hacking. And the panel also said that the attorney has to conduct periodic reviews to ensure that security precautions in place remain reasonable as technology progresses. This does not mean lawyers have to offer an absolute guarantee that a computer system will be invulnerable to unauthorized access, the committee said. Lawyers are just required to exercise sound professional judgment on what steps are necessary to secure against “foreseeable attempts at unauthorized access.” But the panel said what constitutes “sound professional judgment” is not necessarily based on a judgment that an attorney would reach about what is and is not secure. “It is also important that lawyers recognize their own competence limitations regarding computer security measures,” the opinion states. That requires them to take the necessary time and energy to become competent or to consult available experts in the field. http://www.azcentral.com/business/abg/articles/2009/12/17/20091217abg-fischer1217.html Heartland pays Amex $3.6M over 2008 data breach (Computerworld, 17 Dec 2009) - Heartland Payment Systems will pay American Express $3.6 million to settle charges relating to the 2008 hacking of its payment system network. This is the first settlement Heartland has reached with a card brand since disclosing the incident in January of this year. The U.S. Department of Justice has charged Albert Gonzalez and several other accomplices with the hack, saying that Heartland was one of several companies that the hackers managed to break into using SQL injection attacks. Other alleged victims include 7-Eleven and Hannaford Brothers. In total, the gang managed to steal more than 130 million credit card numbers from Heartland and about 4.2 million from Hannaford, prosecutors allege. Card-issuing banks such as American Express have had to pay the costs of re-issuing credit cards, following the breach, and many banks have sued Heartland to recover these costs. American Express operates its own credit card brand as well, and the settlement may also cover fines incurred there. Heartland has also had to pay out fines assessed by other brands such as Visa and MasterCard. Typically, these card brands levy fines against those responsible for data breaches. In May, Heartland CEO Bob Carr said that his company had set aside $12.6 million to handle charges related to the hack. More than half of that money was to handle fines levied by MasterCard, he said. http://www.computerworld.com/s/article/9142448/Heartland_pays_Amex_3.6M_over_2008_data_breach?source=CTWNLE_nlt_dailyam_2009-12-18 - but - Massachusetts’s Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift (InfoLawGroup, 23 Dec 2009) - While the proverbial jury is still out concerning retailers’ sales success this 2009 holiday season, Massachusetts’s highest court (the Supreme Judicial Court or “Supreme Court” as referenced herein) delivered retailers a significant holiday gift in the form of an opinion slamming the door on some financial institutions seeking to recover reissuance costs arising out a retailer’s payment card data breach. The Cumis Insurance Society, Inc. v. B.J. Wholesale Club, Inc. decision (“Supreme Court Decision”) analyzed and ruled upon most of the mainstream legal theories issuing banks have used to attempt to recover card reissuance costs, including breach of contract under a third party beneficiary theory, fraud, negligence, negligent misrepresentation and breach of unfair/deceptive practices laws (in this case M.G.L. Chapter . 93A, section 11). We have previously commented on multiple decisions involving retailer payment card breaches similar to the BJ Wholesale breach and PCI liability in general, including a 3rd Circuit federal appellate decision that allowed issuing banks to proceed forward with a third party beneficiary breach of contract theory. This blog post dives into and analyzes the Supreme Court Decision, and looks at it in context against similar decisions. Overall, in terms of issuing banks recovering for payment card breaches, the game does not appear to be litigation in the courts, but rather in the backroom contracts and recovery processes contained in the card brand operating regulations that most retailers agree to comply with. http://www.infolawgroup.com/2009/12/articles/pci-1/massachusettss-highest-court-delivers-bj-wholesalers-and-other-retailers-a-data-breach-liability-gift/ - and - Even Extortion of Breached Company Doesn’t Help Plaintiff Show Concrete Injury, Court Finds (Steptoe & Johnson’s E-Commerce Law Week, 31 Dec 2009) - A federal court in Missouri has ruled in Amburgy v. Express Scripts, Inc., that a mere fear of identity theft following a data breach, even after the breached company received an extortion letter threatening public release of the confidential information, is insufficient to establish Article III standing and to state a negligence claim. The plaintiff filed a putative class action suit against a pharmacy benefit management company that suffered a breach of customers’ personal information and then received a letter threatening the public release of the information if the company did not pay the persons responsible for the breach. The plaintiff himself was not named in the extortion letter. Nor did he even allege that his personal information had been breached. Nevertheless, the plaintiff claimed that he and fellow class members feared an “increased risk of future injury” following the extortion threat and had to spend money monitoring their credit. The court found that the plaintiff still had not demonstrated a sufficiently concrete injury to satisfy standing requirements or to state a negligence claim, and strongly suggested that this would doom the plaintiff’s contract claims. http://www.steptoe.com/publications-6550.html Should a Case Go Webwide? (ABA Journal, 21 Dec 2009) - Shortly after oral arguments before the Philadelphia-based 3rd U.S. Circuit Court of Appeals, a marketer for the defense attorney launched a website dedicated to the wrongful-conviction appeal that included everything from court filings to information about the lawyer. The site has received more than 3,400 visitors since April, showing how a case-specific website can help raise the profile of smaller firms, according to Richard Lavinthal, owner of PRforLaw, a Morrisville, Pa.-based legal media relations consulting firm. He developed the site for New York City solo attorney Timothy J. McInnis. But such webpages raise concern among some legal ethicists and marketers, who say the sites could violate rules of professional conduct. Some also argue the marketing tool is inappropriate for a lawyer. http://www.abajournal.com/magazine/article/should_a_case_go_webwide Ghostnet and the Unclassified Crisis (excerpt from coming book by Stewart Baker, 21 Dec 2009) – [Editor: description of the introduction and workings of the surveillance botnet called GhostNet; this excerpt fails to mention that at least one law firm was fully penetrated, resulting in the apparent compromise of all clients files.] http://www.skatingonstilts.com/skating-on-stilts/2009/12/excerpt-7-from-chapter-6-moores-outlaws.html [Editor: some of this was alluded to in MIRLN 12.05; the seminal researcher’s report on GhostNet is here: ]http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network] Copyright Claim Based on Taping Fashion Show (THR Esq, 22 Dec 2009) - A women’s clothing company is suing Canadian Broadcasting Company after a reporter for the television station snuck into a New York fashion show without an invitation and taped the event. According to the complaint filed by Nygard International in New York district court late last week, members of the media who attended the show signed an agreement limiting their right to record the event and distribute footage without written approval. A CBC employee identifying himself as David Common and a cameraman allegedly evaded security and made an unauthorized recording. When asked to leave, the cameraman is said to have refused to go. The event was held on private premises, so one of the grounds for this complaint is trespass. More intriguing, perhaps, Nygard is also claiming that CBC violated the company’s copyright. We’re reminded of professional sporting league’s restrictions on the kind of audio-video content that news outlets can transmit from inside a sporting event. Some leagues even attempt to limit descriptions of an event. However, these events derive significant revenue from big TV rights licensing deals and broadcasters who show up with their own cameras potentially interfere with these licensing arrangements. In this case, Nygard makes the case that it was potentially damaged “because distribution of images of Plaintiff’s fashions prior to the release of those products in the marketplace could give Plaintiff’s competitors an unfair advantage and cause Plaintiff to lose control over its intellectual property, goodwill, and public image.” Fascinating argument, and leaving aside the hot question over the IP protection on fashion designs, it could be interesting to see what a court has to say in this case. Will companies be more aggressive in making copyright claims to protect public image going forward? http://www.thresq.com/2009/12/copyright-fashion-show-television.html [Editor: goes to audience members’ iPhone recording of for-fee CLE events, etc.] Background Checks For All With BeenVerified’s iPhone App (TechCrunch, 22 Dec 2009) - Back in September, we wrote about a new iPhone app that would allow you to run a background check on a new lover. It’s mildly creepy, but also kind of interesting. Unfortunately, that app, DateCheck, also charged an arm and a leg to run the checks. A new one gives you some background checking ability for free. The aptly named Background Check App does exactly what it says: Using data from the site BeenVerified, it allows you to do background checks on people via name queries or their email addresses. And it even allows you to check your contacts on your iPhone with just one click. Just imagine the fun that will bring. But it’s not all free fun. Unfortunately, you only get three free queries a week. After that, you’re prompted to sign up for a BeenVerified account and pay to get unlimited access. Currently, that will cost you $8-a-month. Beyond looking up things such as age, address history, and relatives, Background Check App gives you access to criminal records, the properties associated with a person (and their values), and even scans the social networks to find data about the person there, such as pictures of them. http://www.techcrunch.com/2009/12/22/background-check-iphone-app/ Drunk Drivers in Texas to Be Named on Twitter (Mashable.com, 25 Dec 2009) - Drunk driving in Montgomery County, Texas, this holiday season? Expect to see your name in Tweets, as the local district attorney’s office has vowed to name and shame drunk drivers on Twitter. The tactic, hoping to dissuade drunk drivers using the threat of public humiliation, will see DWI (Driving While Intoxicated) arrests documented on the @MontgomeryTXDAO Twitter account, owned by Montgomery County District Attorney, Brett Ligon. The idea was conceived by County Vehicular Crimes Prosecutor Warren Diepraam, and it’s not entirely new: the information is a matter of public record and some newspapers print the names of people charged with such crimes as a deterrent. Moving the practice to Twitter, however, is somewhat controversial: shaming people who have yet to be found guilty is a concept that some law bloggers are rallying against. http://mashable.com/2009/12/25/drunk-drivers-twitter/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Mashable+%28Mashable%29 No Private Right of Action to Enforce Connecticut Electronic Monitoring Statute (Daniel Schwartz, 29 Dec 2009) - The Connecticut Supreme Court, in a decision that will be officially released on January 5, 2010, has held that employees cannot bring a private right of action against employers that violate the state’s electronic monitoring statute. In Gerardi v. City of Bridgeport, two city fire inspectors were disciplined for improper job performance through the use of GPS devices, allegedly without the employees’ consent. They claimed that the employer violated Conn. Gen. Stat. 31-48d, which prohibits an employer from electronically monitoring an employee’s activities without prior notice, and sought injunctive relief and monetary damages. The employees claimed that even though the statute didn’t contain a private right of action, one should be implied. The Court disagreed. http://ow.ly/QMLm Long arm of law reaches into World of Warcraft (Kokomo Perspective, 31 Dec 2009) - The virtual world of online gaming seems like the perfect place to hide. There is plenty of anonymity, and it’s almost impossible for someone to trace activity back to its source, right? Wrong. Two weeks ago, Howard County Sheriff’s Department deputy Matt Roberson tracked down a wanted fugitive through one of the most popular games on the Internet — World of Warcraft. And he got his man. “We received information that this guy was a regular player of an online game, which was referred to as ‘some warlock and witches’ game,” said Roberson. “None of that information was sound enough to pursue on its own, but putting everything we had together gave me enough evidence to send a subpoena to Blizzard Entertainment. I knew exactly what he was playing — World of Warcraft. I used to play it. It’s one of the largest online games in the world.” Indeed, World of Warcraft is among the most popular online pastimes today, boasting more than 14 million players in dozens of countries — including Canada. But this is the Internet, and Blizzard is in California. Roberson’s subpoena was nothing more than a politely worded request, considering the limits of his law enforcement jurisdiction and the ambiguity of the online world. Blizzard did more than cooperate. It gave Roberson everything he needed to track down Hightower, including his IP address, his account information and history, his billing address, and even his online screen name and preferred server. From there it was a simple matter to zero in on the suspect’s location. “I did a search off the IP address to locate him,” said Roberson. “I got a longitude and latitude. Then I went to Google Earth. It works wonders. It uses longitude and latitude. Boom! I had an address. I was not able to go streetside at the location, but I had him.” Roberson and Rogers contacted the U.S. Marshals, who immediately notified the Royal Canadian Mounted Police and the Canadian Border Services Agency. According to Rogers, Canadian authorities located Hightower in Ottawa, Ontario, and arranged to have him deported. The marshals picked up the suspect in Minneapolis, and Howard County has until Jan. 5 to bring him back here to face charges. http://kokomoperspective.com/news/local_news/article_15a0a546-f574-11de-ab22-001cc4c03286.html Court’s Ruling Holds One Shiny Gift and One Lump of Coal for Employers (Steptoe & Johnson’s E-Commerce Law Week, 31 Dec 2009) - A federal district court in Idaho has ruled in Alamar Ranch, LLC, v. County of Boise that an employee waived the attorney-client privilege by communicating with her lawyer over her employer’s email system, where the employer had a clear policy of monitoring employee communications. Other courts have found reasons not to find a waiver under similar circumstances, so this ruling provides support for employers whose monitoring practices come under fire. But the court also found that other people who communicated with the employee and the lawyer simultaneously did not waive their privilege despite the monitoring policy. This part of the ruling could support claims against an employer by non-employees whose communications with an employee were monitored by the employer. http://www.steptoe.com/publications-6550.html Harnessing Free-Flowing Competitive Intelligence Through Social Media Sites (ABA’s LPM, December 2009) - The Web is a great resource for law firm competitive intelligence (CI). For years, law firm CI analysts have been watching the Web sites of prospective clients and competing firms for any information that can create a competitive advantage for their own firm. This includes monitoring competitor firms’ attorney rosters and tracking trends within other firms based on the publications, press releases and other information posted on their sites. Clients’ and prospective clients’ Web sites are tracked to identify new products, potential litigation issues, and changes within the companies that might enable a firm to capture new work. But for the CI analyst, the disadvantage has been that a lot of the information posted on traditional Web sites is so heavily filtered that it’s ultimately of very little value. The development of Web 2.0 technologies has changed things, however, creating an opportunity to monitor information that doesn’t go through a filter before publication. Resources like social networking sites, “Ning” communities, wikis and blogs encourage the free flow of information, and individuals who were once hidden behind the company’s firewall are conducting all kinds of online conversations outside those walls. For law firm CI analysis, the advent of Web 2.0 has ushered in a whole new era and expanded the abilities to find valuable information that could give the firm a competitive advantage. http://www.abanet.org/lpm/magazine/articles/v35/is7/pg26.shtml [Editor: quite interesting.] Whatever happened to Second Life? (PC Pro, 4 Jan 2010) - It’s desolate, dirty, and sex is outcast to a separate island. Barry Collins returns to Second Life to find out what went wrong, and why it’s raking in more cash than ever before. Three years ago, I underwent one of the most eye-opening experiences of my life – and I barely even left the office. I spent a week virtually living and breathing inside Second Life: the massively multiplayer online world that contains everything from lottery games to libraries, penthouses to pubs, skyscrapers to surrogacy clinics. Oh, and an awful lot of virtual sex. At its peak, the Second Life economy had more money swilling about than several third-world countries. It had even produced its own millionaire, Anshe Chung, who made a very real fortune from buying and selling property that existed only on Second Life servers. Three years on, and the hype has been extinguished. Second Life has seen its status as the web wonderchild supplanted by Facebook and Twitter. The newspapers have forgotten about it, the Reuters correspondent has long since cleared his virtual desk, and you can walk confidently around tech trade shows without a ponytailed “Web 2.0 Consultant” offering to put your company on the Second Life map for the price of a company car. http://www.pcpro.co.uk/features/354457/whatever-happened-to-second-life FTC set to examine cloud computing (The Hill, 4 Jan 2010) - The Federal Trade Commission (FTC) is investigating the privacy and security implications of cloud computing, according to a recent filing with the Federal Communications Commission. The FTC, which shares jurisdiction over broadband issues, says it recognizes the potential cost-savings cloud computing can provide. “However, the storage of data on remote computers may also raise privacy and security concerns for consumers,” wrote David Vladeck, who helms the FTC’s Consumer Protection Bureau. http://thehill.com/blogs/hillicon-valley/technology/74209-ftc-examining-cloud-computing Calif. Federal Judge OKs Posting of Prop 8 Trial to YouTube (Law.com, 7 Jan 2010) - Chief Judge Vaughn Walker made it clear Wednesday that he will forge ahead with televising the federal challenge to Prop 8. But he also signaled he doesn’t want to be the next Lance Ito. The trial, which begins on Monday, will be filmed by court personnel, Walker ruled, but it will not be broadcast live. Instead, the recording will be posted on a YouTube page at some point after the close of the day’s proceedings. Walker declined an offer from In Session (formerly Court TV) to broadcast live, with its own crew. http://www.law.com/jsp/article.jsp?id=1202437693425&rss=newswire&hbxlogin=1 Ohio Court Gives Criminals Another Reason to Love Their Smart (and Not-So-Smart) Phones (Steptoe & Johnson’s E-Commerce Law Week, 8 Jan 2010) - The Supreme Court of Ohio ruled last month in State v. Smith that the warrantless search of a cell phone seized incident to a lawful arrest is prohibited by the Fourth Amendment. The court refused to extend to cell phones the normal doctrine allowing police to search an arrestee’s person and containers found on or near him without obtaining a search warrant, holding that a cell phone is not a “closed container” because it does not hold other “physical objects.” The court also found that cell phones’ “ability to store large amounts of private data gives their users a reasonable and justifiable expectation of a higher level of privacy in the information they contain,” and that police therefore must “obtain a warrant before intruding into the phone’s contents.” http://www.steptoe.com/publications-6558.html Internet pirates find ‘bulletproof’ havens for illegal file sharing (The Guardian, 5 Jan 2010) – Internet pirates are moving away from safe havens such as Sweden to new territories that include China and Ukraine, as they try to avoid prosecution for illegal file sharing, according to experts. For several years, piracy groups that run services allowing music, video and software to be illegally shared online have been using legal loopholes across a wide range of countries as a way of escaping prosecution for copyright infringement. In the last year there has been a significant shift, say piracy experts, as the groups have worked to stay beyond the reach of western law enforcement. The change is rooted in the evolution of “bulletproof hosting”, or website provision by companies that make a virtue of being impervious to legal threats and blocks. Not all bulletproof services are linked to illegal activities, but they are popular among criminal groups, spammers and file-sharing services. Not every controversial service has fled beyond traditional jurisdictions, however. Some problematic hosts still exist in the US, such as the infamous host McColo, which was based in San Jose, California, and remained in operation until last year. Pirate Bay, after its brief excursion to Ukraine, is now run out of a Dutch data centre called CyberBunker, which is based in an old nuclear facility of the 1950s, about 120 miles south-west of Amsterdam. Research published last year showed that most bulletproof hosts are located in China, where criminals are able to take advantage of low costs and legal loopholes to avoid prosecution. http://www.guardian.co.uk/technology/2010/jan/05/internet-piracy-bulletproof NOTED PODCASTS The Rewilding: A Metaphor (IT Conversations; by Karl Schroeder; 24 July 2009) - Long ago, when we started using technology, we lacked the collective cognizance to define the limits we wanted to exercise control within, so we tried controlling everything. The notion of technological advancement was about the degree of control exercised over nature. However, the modern trend indicates an inversion of that philosophy. According to sci-fi author Karl Schroeder, the world is now reaching a point where we are learning when to let go, and that, he says, is working well. http://itc.conversationsnetwork.org/shows/detail4274.html and http://itc.conversationsnetwork.org/audio/download/ITC.oscon-Schroeder-2009.07.24.mp3 [Editor: 15 minute podcast, relevant to Web 2.0 debates about employer loss of control and threats from too much sharing (e.g., at 8m45s and the discussion about “organizational rewilding”. Talks about knowing when to control, and knowing when to leave alone. ONE STAR.] RESOURCES An E-Book Buyer’s Guide to Privacy (EFF, 21 Dec 2009) - As we count down to end of 2009, the emerging star of this year’s holiday shopping season is shaping up to be the electronic book reader (or e-reader). From Amazon’s Kindle to Barnes and Noble’s forthcoming Nook, e-readers are starting to transform how we buy and read books in the same way mp3s changed how we buy and listen to music. Unfortunately, e-reader technology also presents significant new threats to reader privacy. E-readers possess the ability to report back substantial information about their users’ reading habits and locations to the corporations that sell them. And yet none of the major e-reader manufacturers have explained to consumers in clear unequivocal language what data is being collected about them and why. As a first step towards addressing these problems, EFF has created a first draft of our Buyer’s Guide to E-Book Privacy. We’ve examined the privacy policies for the major e-readers on the market to determine what information they reserve the right to collect and share. http://www.eff.org/deeplinks/2009/12/e-book-privacy Privacy: An Overview of Federal Statutes Governing Wiretapping and Electronic Eavesdropping (Congressional Research Service, 5 Dec 2009) - This report provides an overview of federal law governing wiretapping and electronic eavesdropping. It also appends citations to state law in the area and contains a bibliography of legal commentary as well as the text of the Electronic Communications Privacy Act (ECPA) and the Foreign Intelligence Surveillance Act (FISA). It is a federal crime to wiretap or to use a machine to capture the communications of others without court approval, unless one of the parties has given their prior consent. It is likewise a federal crime to use or disclose any information acquired by illegal wiretapping or electronic eavesdropping. Violations can result in imprisonment for not more than five years; fines up to $250,000 (up to $500,000 for organizations); in civil liability for damages, attorneys’ fees and possibly punitive damages; in disciplinary action against any attorneys involved; and in suppression of any derivative evidence. Congress has created separate but comparable protective schemes for electronic communications (e.g., e-mail) and against the surreptitious use of telephone call monitoring practices such as pen registers and trap and trace devices. Each of these protective schemes comes with a procedural mechanism to afford limited law enforcement access to private communications and communications records under conditions consistent with the dictates of the Fourth Amendment. The government has been given narrowly confined authority to engage in electronic surveillance, conduct physical searches, install and use pen registers and trap and trace devices for law enforcement purposes under the Electronic Communications Privacy Act and for purposes of foreign intelligence gathering under the Foreign Intelligence Surveillance Act. Two FISA provisions, born in the USA PATRIOT Act and dealing with roving wiretaps (section 206) and business records (section 215), are scheduled to expire on December 31, 2009. This report includes a brief summary of the expired Protect America Act, P.L. 110-55 and of the Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008, P.L. 110-261 (H.R. 6304). It is available in an abridged form without footnotes, quotations, or appendices as CRS Report 98-327, Privacy: An Abbreviated Outline of Federal Statutes Governing Wiretapping and Electronic Eavesdropping, by Gina Stevens and Charles Doyle. http://assets.opencrs.com/rpts/98-326_20091203.pdf The Growing Wave of Data Breach Litigation (Risk Management, December 2009) - Data breaches-the theft, loss or unintended exposure of personally identifiable information-have compromised hundreds of millions of personal records in recent years. In 2009, the trend continued with two of the largest breaches in history. In January, as many as 100 million credit card records were exposed when it was discovered that hackers broke into the network of credit card processor Heartland Payment Systems. And in October, the personal information of more than 70 million U.S. military veterans was compromised when an improperly erased hard drive was sent out for repair. These breaches, and others like them, only scratch the surface of the problem. A study by Gartner Inc. found that financial fraud affected 7.5% of all Americans in 2008, and data breaches spawned 19% of that fraud. The Identity Theft Resource Center (ITRC) reported that data breaches in 2008 increased by 47% over the previous year. And by November, the ITRC had reported more than 400 breaches affecting 220 million records in 2009-an amount of records nearly equal to the previous four years combined. Given the scope of the problem, it should be no surprise that data breaches have led to expensive litigation, including attempted class actions. So far, however, these actions have met with little legal success (as distinguished by sizable costs and settlements). But considering the scope of the risk, it would be wise for companies to be familiar with the important decisions in this area. http://www.rmmagazine.com/MGTemplate.cfm?Section=RMMagazine&NavMenuID=128&template=/Magazine/DisplayMagazines.cfm&IssueID=341&AID=4015&Volume=56&ShowArticle=1 FUN The Ten Best Viral Videos of the Decade (Salon.com, 26 Dec 2009) - Long ago — the 90s — the word “viral” applied strictly to illness, and we had only an inkling of how awesome it is to dance at weddings, defy gravity and laugh at the funny things cats and toddlers do. This decade changed that. Though we never want to hear words such as “Miss South Carolina,” “inspirational comedian“ or “Numa Numa“ again, and while we sometimes wonder if those hours spent engrossed in “Planet Unicorn“ were hours squandered, we fully cop to a deep, abiding love for viral video. And what’s not to love? It’s a few moments of the crazy, the joyous and the jaw-dropping plopped into our daily grind, minutes made all the sweeter for their “You have GOT to see this” power to bring people together. These are the ones that made us click Replay again and again. http://www.salon.com/mwt/feature/2009/12/26/decade_viral_video [Editor: my favorite is under Honorable Mentions – “Where the Hell is Matt”] LOOKING BACK - MIRLN TEN YEARS AGO LEGAL BRIEF: LAWYERS CLAIM CREDIT FOR AVERTING Y2K DISASTER—The gentle calendar change on 1 January 2000 having dashed the expectation that the legal community would cash in on a flood of liability lawsuits related to the Y2K computer problem, some lawyers are taking a little credit for saving the world from disaster. Ronald N. Weikers, an attorney who coauthored the book, “Litigating Year 2000 Cases,” says: ““Nobody is going to believe that lawyers are heroes in this case, but we had something to do with it. It’s clear to me and a lot of attorneys that by raising red flags in advance we helped avoid bigger problems down the road.” But Weikers hasn’t given up all hope for a little new business, and tells people who are smug about surviving January 1st that “they shouldn’t rest so assured. They should wait a few months. There’s going to be a flurry of activity.” (Washington Post 10 Jan 2000) http://www.washingtonpost.com/wp-dyn/business/A23690-2000Jan9.html Related blog posting from 8 Jan 2010: http://www.TheCorporateCounsel.net/Blog/2010/01/y2k-tcc-the-november-doc.html MIRLN 2010-01-08T22:05:00-07:00