The FBI, Apple, and the Importance of Jurisdiction

Jurisdiction is important when dealing with the law.  Courts as a rule do not have the power to decide every issue brought before them.  A small claims court can’t decide a million-dollar contract dispute.  An Alaskan state court can’t evict a tenant living in Manhattan.  A federal court typically does not have jurisdiction over purely state law criminal prosecutions.  Jurisdiction, in other words, is extremely meaningful.  And jurisdiction just might play an important role in deciding the present dispute between the FBI and Apple about the San Bernardino shooter’s iPhone.

The scenario reads like a thorny law school exam fact pattern.  The FBI holds a seized iPhone used by one of the terrorists who killed 14 of his co-workers in San Bernardino in December 2015.  The phone belongs to his employer, which has given its consent to a search of the phone and its data.  The data on the phone is encrypted, and cannot be read by the FBI.  The phone is password-protected, and if the FBI makes more than 10 incorrect password guesses, there is a very strong danger that the current encryption key will be destroyed and the phone’s data will, for all practical purposes, become unrecoverable. 

Apple owns the phone’s operating system.  It is uniquely positioned to help the FBI by revising the phone’s software to disable the 10-or-dead feature.  The FBI has requested Apple’s help; Apple has refused, and the FBI has secured a court order directing Apple to assist the FBI.  Apple, in an open letter to its customers, indicated it will challenge the order, citing its concerns about building what it says is a currently-nonexistent “backdoor” into its iOS operating system that could compromise security for its millions of users worldwide. 

In its application to the court, the FBI argued that the proposed software would only be usable for this one iPhone, because it would be keyed to the specific hardware id associated with that iPhone.  Apple quite clearly disagrees: “But that’s simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks — from restaurants and banks to stores and homes. No reasonable person would find that acceptable.”

Apple’s concern for the privacy of its users appears to be reasonable.  If it is forced to develop software designed to defeat the 10-or-dead feature on this one iPhone, that software could work on any iPhone, provided that iPhone’s unique id is substituted for that of the phone used by the San Bernardino shooter – a relatively trivial change.  A flood of court orders compelling Apple to use the same software for other locked iPhones could follow.   

The dispute shines a spotlight on important privacy issues that affect all of us.  Tech companies and the government have been arguing for years about encryption.  The tug-of-war between the need to keep user information private and the government’s need to investigate crimes has been the subject of ongoing debate.  The recent revelations about the extent of warrantless government surveillance has shone a spotlight on what many believe are abuses by the government of citizen privacy, and has resulted in stronger encryption regimes for consumer communications devices and systems.

In the Apple case, the order sought by the FBI (read the FBI's application here) was signed the very same day the FBI asked for it, which suggests that the court simply accepted the FBI’s argument without giving it too much scrutiny.  (The order was sought ex-parte, without Apple’s participation.)  The FBI relies on the All Writs Act, a law dating from our nation’s infancy, to support its request.  The act is sort of a catch-all for federal courts, providing that “The Supreme Court and all courts established by Act of Congress may issue all writs necessary or appropriate in aid of their respective jurisdictions and agreeable to the usages and principles of law.”  The government argued, and the district court agreed, that the act empowered the court to issue its order directing Apple to help the government defeat the 10-or-dead feature on the San Bernardino iPhone so that the government may attempt to crack the phone’s password. 

Apple has not yet filed its opposition to the court’s order.  There are a number of arguments it can be expected to raise; some of them were highlighted in its customer letter: “If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge.”

One potential argument not mentioned by Apple is that the court’s grant of the FBI’s request is an impermissible application of the All Writs Act because the order was not “necessary or appropriate in the aid of” the court’s jurisdiction.  This argument formed the basis of the dissent to one of the key cases the FBI relies upon,  United States v New York Telephone Co., 434 US159 (1977). 

In New York Telephone, the Supreme Court in a 5-4 decision held that the district court had the power to issue an order under the All Writs Act directing New York Telephone to lease certain phone lines to the FBI to permit it to secretly install a pen register to record phone numbers dialed by a suspected gambling operation in New York City.  In his dissent, Justice  Stevens argued that this was an improper extension of the act’s scope because the order requested by the FBI in that case was not one that would “be in the aid of [the court’s] duties and [the court’s] jurisdiction.”  434 US at 189.  “The fact that a party may be better able to effectuate its rights or duties if a writ is issued never has been, and under the language of the statute cannot be, a sufficient basis for issuance of the writ.” Id. (my emphasis).    

The following paragraph from the dissent could have been written to cover this very situation: 

Nowhere in the Court's decision or in the decisions of the lower courts is there the slightest indication of why a writ is necessary or appropriate in this case to aid the District Court's jurisdiction. According to the Court, the writ is necessary because the Company's refusal "threatened obstruction of an investigation . . . ."  Concededly, citizen cooperation is always a desired element in any government investigation, and lack of cooperation may thwart such an investigation, even though it is legitimate and judicially sanctioned.  But unless the Court is of the opinion that the District Court's interest in its jurisdiction was coextensive with the Government's interest in a successful investigation, there is simply no basis for concluding that the inability of the Government to achieve the purposes for which it obtained the pen register order in any way detracted from or threatened the District Court's jurisdiction. Plainly, the District Court's jurisdiction does not ride on the Government's shoulders until successful completion of an electronic surveillance.

Id. at 190 (my emphasis). 

Admittedly, this was the losing side’s argument in the New York Telephone case.  But it has the attractiveness of being rooted in the actual language of the All Writs Act.  Given recent revelations about the extent to which the government has abused the privacy rights of its citizens, Justice Stevens’s prescient concern in the New York Telephone dissent is apt today:  “Nevertheless, the order is deeply troubling as a portent of the powers that future courts may find lurking in the arcane language of Rule 41 [covering Search and Seizure] and the All Writs Act.”

Jones Day Settles Linking Suit with Blockshopper

In what the ABA Journal characterizes as a "Fig Leaf" settlement, Jones Day and Blockshopper have settled the lawsuit that Jones Day brought when Blockshopper had the temerity to link to the bios of two Jones Day attorneys when it reported on (public) real estate transactions involving the two lawyers.

I blogged about this case back in the fall.

In the settlement, Blockshopper agrees that while it will not use any "Embedded Links" to the Jones Day website in the future, it may use "Deep Links" to the site. Blockshopper must also make some sort of statement indicating that the reference individual is employed by Jones Day, and that more information about the person can be obtained at http://www.jonesday.com/, adding the appropriate internal reference to the web address.

So what would formerly have read as follows:

Embedded (bad): Steve Brogan, Jones Day's managing partner, recruited me when I was a law student at Notre Dame.

Now must read thus:

Deep (good): Steve Brogan, who is employed by Jones Day as its managing partner, recruited me when I was a law student at Notre Dame. More information about Steve Brogan can be obtained at http://www.jonesday.com/sjbrogan/.

Hugh Whiting signed the settlement on behalf of Jones Day.

I have to admit that I hadn't heard of the term "fig leaf" settlement; I looked it up, but all I could find were other blogs and newsletters that referenced the Jones Day/Blockshopper case. Wikipedia, in addition to teaching me about a turn-of-the-last-century bodybuilder named Eugen Sandow who used to pose nude save for the protective covering of a fig leaf, provided some information that I think pretty much covers (pun intended) the settlement:

"The expression fig leaf has a perjorative metaphorical sense meaning a cover for any thing or behaviour that might be considered shameful, with the implication that the cover is only a token gesture and the truth is obvious to all who choose to see it."

LegalTech Panel: Adopting Web 2.0 Capabilities Into Your Web Presence

This was a lively panel consisting of the following:

Maia Benson – Director of Search Enging Marketing, Lexis/Nexis

Roland Goss – Jorden Burt law firm. Reinsurance and arbitration blog.

Brian Green – Edwards Angell Palmer & Dodge LLP; An insurance/reinsurance law blog.

Rees Morrison - LawDepartmentManagementblog.com blog

David Gottlieb – Baker Sanders, etc. in Newark. No-fault and CPLR blogs

Roy Mura – Insurance coverage and fraud blog

This was essentially a panel on starting and maintaining a blog. It was well-run, spirited, and informative – even for existing bloggers. Moderator Maia Benson kept the five-person panel on-topic, asking key questions, allowing a reasonable amount of discussion, and moving things along to the next point.

Starting from the beginning, the panel discussed their reasons for blogging and why they selected their particular blogging platform. There are a number of different blogging platforms – Blogger, Wordpress, and MoveableType are several popular ones. For a survey article discussing popular blog platforms, check here.

The panelists each agreed that their blogs consumed more time than they initially thought they would. The general consensus among individual bloggers was that their blogs consumed more than an hour a day on average. Two of the blogs were law firm projects, with teams of attorneys assigned to creating content and editing posts.

The next point was what the panelists considered the value of their blogs to be.

Roland Goss pointed out that the question of value was more properly stated as “value to whom?” His view was that blog value in the firm context can sometimes be a hard sell. Blogs have a connotation to some people as being a loose form of communications. While it is difficult to measure client generations as a result of a blog, his point was that institutional clients are looking for their law firms to provide them value. If you are trying to reach that audience, your blog should target their perceived needs. If you do a good job of identifing your audience, you’ll hit the mark.

In the case of the Jorden Burt firm, when Goss was considering developing a blog, he noted that there did not appear to be a one-stop place for information on reinsurance arbitration. So he built one. In the course of running the blog, analytical tools helped him see that readers were gravitating to law review articles on insurance and reinsurance, so he made that more prominent and easy to find. It helps for people to know that you have timely and deep knowledge in your area.

The next question focused on audience; who is your audience? What value are you trying to give?

Rees Morrison, in a bit of a tangent, made a strong argument on several points: make your header clear; keep your posts “short and sweet;” identify your sources; and back-reference your content. While not strictly responsive to the question, they were good points and are worth keeping in mind.

Brian Green pointed out one dilemma that his firm’s blog faced: whether to write about news developments that affected the client’s industry. He noted that the audience was reading those news posts, so the coverage shifted slightly to include the news. (I will note that Brian and I each work for the same firm, but I have no involvement in the operation of the blog.)

David Gottlieb’s audience consists of attorneys he sees in court. He finds that their feedback is helpful. In addition to legal posts, he includes more personal, perhaps somewhat off-topic posts such as family pictures and workplace commentary – one of his more popular posts was a seating chart showing where the “regulars” tended to sit in one of the courtrooms he frequents. This point echoes one raised in Tuesday’s Twitter panel – to develop a relationship with your readers don’t make your posts completely business. Inject some personality into your blog. (This obviously makes more sense with individually-authored blogs than group or firm efforts, though there is no reason why a firm blog could not include the occasional personal note as well.)

Roy Mura said that he believes that he as several categories of readers, ranging from individual clients to “everyone.”

The next question asked what kinds of feedback or anecdotes the panelists were hearing as a result of the their blogs.

David Gottlieb said that almost everyone who practices in his area reads it, including judges, clerks, and other attorneys. He noted, as a result, that this meant that he had some control over what that audience saw. He warned against using the blog as an advertisement. The goal is to provide value.

Roy Mura could count one discrete matter resulting from his blog.

Roland Goss pointed out that blogs aren’t only about getting new clients. He believes that his firm’s blog provides a lot of value as a cross-selling tool, a good way to show existing clients in other areas what else you can do. The blog is also a good way to increase the knowledge base of your attorney writers – a point that applies both to team-written blogs and single-author efforts.

Rees Morrison pointed out that an active blog is a good resource for creating articles. It becomes easy to put together an article on a particular topic by combinging and editing related blog posts.
The topic then turned to metrics – how the bloggers used various tools to learn more about their audience. Rees Morrison jumped up and ran through a nice set of screens that identified some of the tools he uses to help him with his blogs. These include:

SiteMeter – details re: every visit, can drill down to individual visitor

TypePad – gives some stats for its blogs. Also gives you what search led to view.

Feedburner – tells you how many RSS subscribers you have, how many came directly, how many from searches, how many from another site.

Technorati – how many other blogs are referring to you – find out who is writing about you.

Google Analytics – combines some other data, gives you great info.

Bloglines – helps manage subscribers.

Blogpulse – as a percent of ALL blog posts, what did I account for.

Google Groups – more analytical tools.

Roy Mura said that he uses Feedblitz for subscriptions – a vehicle by which readers can subscribe and get an email summary to new posts. Monday night to Tuesday morning is when most people seem to read.

Maia Benson recommended putting a phone number on your blog because it’s tracked. If someone calls you because of the blog, you’ll know it.

One set of concerns – and an area of polite difference – related to whether blogs should accommodate comments.

Brian Green said that his blog does not allow comments because of concerns regarding attorney-client relationships and inadvertent disclosure of confidential information. In the event a dialog takes place, there is a concern that the give-and-take will lead to an inadvertent attorney-client relationship.

Roland Goss’s firm’s blog also does not accept comments, for same reasons. As a firm-authored blog, he pointed out that not having to deal with comments also helps reduce the time associated with managing the blog.

Roy Mura’s blog originally accepted comments without requiring each comment to be moderated. He said that he thought that comments would be an academic exercise, until a completely unacceptable comment was psoted. He now moderates comments, as do David Gottlieb and Rees Morrison.

This panel provided a great overview of issues related to starting and maintaining blogs. It was an extremely worthwhile presentation, and I’m afraid that this post does not do it justice.

The Register Confuses Utility and Design Patents

It surprises me how often even industry publications get IP wrong. A case in point: The Register, the well-respected, often irreverent, but definitely tech-savvy website issuing mainly out of the UK today published a piece poking fun at Apple for patenting (and the PTO for issuing) what appears to be a power adapter for what used to be known as an automobile cigarette lighter (now known in PC-speak as a 12-volt power port).

The Register noted that "the device is so substantially similar to a standar automotive 12-volt power plug . . . that the penetrating intelligence of the US Patent and Trademark Office would surely not grant a patent for it if that were, indeed, its sole purpose. After all, the USPTO defines a patent - or, more specifically, a utility patent, as 'a new, useful, and nonobvious process, machine, article of manufacture, or composition of matter, or any new and useful improvement thereof." The post then went on to speculate as to what other possible uses the "power connector" could be put to.

The problem? The patent number -- D585,375 -- clearly signifies that the patent is a design patent, not a utility patent.

I might be more forgiving if the mistake had been made by a general-interest publication, but The Register holds itself out as "Biting the Hand that Feeds IT" and should know better.

NSA Agents Reduced to Conducting E-Discovery on Citizens?

New allegations from Russell Tice, the former NSA analyst who earlier revealed the agency's role in warrantless eavesdropping on international phone calls, suggest that the NSA has also been compiling a vast database of information about the domestic communications of US citizens.  In two interviews with MSNBC's Keith Olbermann -- who is probably not the most objective person to be hosting the discussion -- Tice described in fairly rough terms a practice of data collection and analysis that sounds very much like some forms of electronic discovery.  Wired has a good summary of the assertions here.   

In particular, Tice describes a system of information gathering that is less direct eavesdropping than it is data mining: "This is garnered from algorithms that have been put together to try to just dream-up scenarios that might be information that is associated with how a terrorist could operate," Tice said. "And once that information gets to the NSA, and they start to put it through the filters there . . . and they start looking for word-recognition, if someone just talked about the daily news and mentioned something about the Middle East they could easily be brought to the forefront of having that little flag put by their name that says 'potential terrorist'."  The process he talks about is similar to earlier speculation as to how such surveillance would operate.   

If true, Tice's claims raise obvious Fourth Amendment issues.  They also paint the rather sad picture of some of our country's best intelligence analysts toiling away at tasks that are little different than those practiced by junior associates and contract attorneys in law firms and e-discovery companies from New York to New Dehli.  It would be adding insult to injury, of course, if Tice's allegations are true and the analysis is being directed at the analysts' fellow citizens.  

RIAA Fights Internet Broadcast of File-Sharing Hearing

As you may have heard, a Massachusetts federal district court judge recently granted the motion of the defendant in a file-sharing copyright infringement case brought by the RIAA to broadcast a pre-trial hearing over the Internet. Yesterday, that order was stayed so that the RIAA could appeal it to the First Circuit. The RIAA's mandamus petition is interesting reading. The main ground of the petition is essentially that the judge's order is against the rules, namely rule 83.3 of the local rules.

Really. Let's take a look at Rule 83.3.

-- (a) Recording and Broadcasting Prohibited. Except as specifically provided in these rules or by order of the court, no person shall take any photograph, make any recording, or make any broadcast by radio, television, or other means, in the course of or in connection with any proceedings in this court, on any floor of any building on which proceedings of this court are or, in the regular course of the business of the court, may be held. [Emphasis supplied]

Looks to me like the judge has some discretion there. But, the RIAA argues, allowing recording conflicts with the policies of the Judicial Conference of the United States. This appears to be a stronger argument -- the Judicial Conference has repeatedly come out against permitting the recording or broadcast of court proceedings. In a 2007 statement to Congress, Judge John Tenheim explained the bases for the opposition:

-- The Judicial Conference position is based on a thoughtful and reasoned concern regarding the impact cameras could have on trial proceedings. This legislation has the potential to undermine the fundamental right of citizens to a fair trial. It could jeopardize court security and the safety of trial participants, including judges, U.S. attorneys, trial counsel, U.S. marshals, court reporters, and courtroom deputies. The use of cameras in the trial courts could also raise privacy concerns and produce intimidating effects on litigants, witnesses, and jurors, many of whom have no direct connection to the proceeding. In addition, appearing on television could lead some trial participants to act more dramatically, to pontificate about their personal views, to promote commercial interests to a national audience, or to increase their courtroom actions so as to lengthen their appearance on camera. Finally, camera coverage could become a negotiating tactic in pretrial settlement discussions or cause parties to choose not to exercise their right to have a trial.

While few if any of those concerns apply in this case, there's no arguing that the Judicial Conference is not a fan of broadcasting contentious courtroom proceedings.

So is the RIAA simply defending the Judicial Conference against the actions of a wayward District Court judge? No; the RIAA is concerned that allowing the hearing to be broadcast will cause "irreparable harm." The nature of that harm?

-- Here, where the district court's interpretation of the Local Rule may well open the doors to a flood of applications by broadcasters seeking to record and broadcast other proceedings throughout the District of Massachusetts, there is necessarily a "sufficient showing of irreparable harm" to merit the exercise of this Court's power of mandamus.

So the RIAA is also defending the rest of the Massachusetts Federal Judiciary from the increased burdens of having to deal with this "flood of applications" from others seeking permission to broadcast other trials. A very noble position, to be sure, but of course the RIAA is also worried on its own behalf:

-- Nor is there any doubt that Petitioners would suffer irreparable harm if the proposed broadcast of the proceedings in this case is allowed to proceed.

By way of proof, the RIAA then offers the following explanation:

-- The Judicial Conference has repeatedly expressed the view that presence of cameras in district court proceedings "can do irreparable harm to a citizen's right to a fair trial."

That, however, is by no means proof that irreparable harm would occur in this case. The RIAA's next argument is rather ironic, given the nature of the dispute:

-- Petitioners are concerned that, unlike a trial transcript, the broadcast of a court proceeding through the Internet will take on a life of its own in that forum. The broadcast will be readily susceptible to editing and manipulation by any reasonably tech-savvy individual. Even without any improper modification, statements may be taken out of context, spliced together with other statements, and broadcast rebroadcast [sic] as if it were an accurate transcript.

Of course, a written transcript is even more susceptible to manipulation than is a video or audio recording. It's laughably easy to select statements out of context from a written transcript and present them in a way that is unfavorable to one side or the other. If anything, a video record would make any such manipulation more evident, with cuts and splices to the record appearing as odd "jumps" or "skips" in the recording or in the appearance of the speaker.

The RIAA saves what to me is its strongest argument for last: that the Beekman Center, which would host the broadcast, is strongly opposed to the RIAA's suits against alleged file sharers and is closely allied with the defense team. This, however, is the issue that is easiest to fix -- allow a relatively neutral party, such as a "traditional" news organization, to host the feed.

The RIAA, of course, has a legitimate reason to complain where the manner in which users copy or distribute its members' recordings reaches beyond the often-murky boundaries of fair use. Its vehement opposition to having this hearing broadcast appears to masquerade a real concern about looking bad before an Internet audience with a stated concern about protecting the integrity of the judical system. That's a little ironic in view of the RIAA's recent decision to more or less abandon the courts and let ISPs regulate offending users.

Read Wired's take on this here and here.

Webinar -- Protecting Your Intellectual Property

On February 12, I am participating in a webinar titled "Protecting Your Intellectual Property." It's a "basics" type of presentation; if you read this blog and others like it, you probably know most of what we'll be talking about. However, please feel free to register or suggest it to friends or colleagues who would like a quick overview of the area.

Keeping Social Media Posts Professional

A few weeks ago I responded to a question on LinkedIn concerning the legal issues surrounding the re-use or quoting of posts from Internet bulletin boards and the like. Good thing I was careful about what I wrote, because my entire response was quoted in the Charlotte Web Development blog.

The takeaway here is that when you are using social media for business purposes, don't slack off on the quality of what you contribute.

3 Geeks "Must Read" Blog Posts

Thanks to the "3 Geeks and a Law Blog" blog for including an "Infringing Actions" post among its exclusive list of 173 "must read" blog posts of the past year (or so -- some dip back in to 2007).

Personal pride aside, this is a really good way to sample some blogs that you may not be following.

A Brief Guide to Obama's Change.gov Site

The incoming Obama administration's Change.gov website is taking advantage of a number of standard Internet tools, using them for the first time in such a high-profile way to give citizens a sense that they are participating in the structure of the new administration. I say "give citizens a sense" because it remains to be seen how the citizen feedback will be used and what impact us "ordinary folks" will have on the new administration's policies and procedures.

Here are the tools that strike me as particularly worth talking about:

1. Most of the site ("except where otherwise noted") is published under a Creative Commons Attribution 3.0 License, which permits users to share and adapt the material provided they attribute it to Change.gov. This is probably the highest-profile use of a Creative Commons license to date.

2. A periodically-active "Open for Questions" tool allows individuals to post questions that they would like the transition team to answer. Users can vote on submitted questions, in a Digg-like fashion, a feature that racked up more than 600,000 votes in OfQs first round. The team has promised to respond to some of the "most popular" questions.

The OfQ tool also allows users to "Flag as inappropriate" any question, presumably relying on people's common sense to flag profane or off-topic issues. It appears, however, that the tool was also used to bury questions that were merely "uncomfortable," in particular those that included the name "Blagojevich." It will be interesting to see whether the next iteration of OfQ modifies the "flag" feature.

3. "Your Seat at the Table" promises to publish all materials submitted to the transition team by interested third parties (read "special-interest groups"), which in addition to opening up the lobbying process a bit has probably resulted in a drastic reduction in the volume of written material submitted to this transition team versus what was submitted to previous transition teams. Meetings between interest groups and the transition team are also noted. At the time of this blog entry, the list of submissions runs 22 screen-pages.

Users can both comment on submissions and submit their own documents to be considered in connection with each submission. The entries are searchable, which is helpful given that they appear to be organized chronologically.

4. "Join the Discussion" periodically posts short videos that describe issues, then encourages users to comment. A recent discussion topic was "How is the current economic crisis affecting you?" After comments are received (3,572 in this case) the topic is closed, and the transition team responds.

5. Health care has been identified as an issue of particular concern, because Change.gov gives individuals an opportunity to sign up to host local discussions on health care issues between December 15 and 30. The selected moderators will receive a "a special moderator kit that will give you everything you need to get the discussion going. And Senator Tom Daschle, the leader of the Transition's Health Policy Team, will even choose some discussions to attend in person."

The site also has the usual sort of pages: a blog, a pressroom, an agenda page, a page that encourages people to share their stories and hopes, and a lot more.

The Internet makes this the easiest time in history for individuals to connect with their leaders. It's great to see the new leadership team taking advantage of these tools. The risk, of course, is that peoples' already-high expectations will be heightened even further by this process, and there will be an unpleasant backlash when compromises have to be made for the sake of politics.

Drew "MySpace" Ruling Makes Bad Law

The Lori Drew "MySpace" suicide case is a perfect example of a hard case making bad law. There are no winners in this sad, sad situation. That said, the tragedy that befell the young suicide Megan Meier, which some believe to have been caused at least indirectly by Drew & company's machinations, and our desire to extract retribution, does not justify interpreting federal law in a way that would make criminals of the millions of people who have entered false information as part of a website registration.

It would not surprise me to see this verdict overturned, if not by the trial judge, then by the 9th Circuit on appeal.

For an excellent discussion of this case, the court's ruling, and its implications, see this Groklaw entry and the Electronic Frontier Foundation amicus brief cited therein.

Jones Day Winning and Losing in Trademark Dust-up

There has been so much written about the Jones Day trademark infringement lawsuit against BlockShopper that for me to add to the commentary would simply be piling on. According to the lawsuit, Blockshopper.com is in the business of "gathering and publishing details of private residential real estate transactions." (Presumably, what this really meant is transactions between individuals, since virtually all real estate transactions, even residential ones, are matters of public record.)

BlockShopper apparently included among its transaction listings purchases made by two Jones Day attorneys, and in those two listings linked back to the Jones Day website and included photo images of the two attorneys that the complaint says "are identical to the photographs which appear on the Jones Day web site." BlockShopper's use of the Jones Day marks in its posts, the links back to the Jones Day website, and the use of the two attorney photographs are alleged to "create the false impression that Jones Day is affiliated with and/or approves, sponsors or endorses" BlockShopper's business.

The blogosphere is predictably apoplectic over what is widely viewed as an ill-reasoned, over-aggressive attack by the large law firm against a relatively defenseless adversary. I have not seen any descriptions of the suit that take the position that it was a good idea; you can decide for yourself. Read the amended complaint; and see what SEOmozBlog, CL&P Blog, the Cleveland Plain Dealer, the Citizen Media Law Project, and TechDirt have to say.

[Update: Here's another good discussion from the Technology and Marketing Law Blog.]

Say what you will about the merits. If the case stands for anything, it serves as a reminder that when Big sues Little, Big should be prepared to fight both in and out of court. While Jones Day may have prevailed to date in Federal court, it's clearly taking a beating in the court of public opinion.

EU Reports on Real Crimes in Virtual Worlds

ENISA, the European Network and Information Security Agency, has just issued a Position Paper following a study of criminal activity involving on-line "virtual worlds" (MMOGs). Criminals have quickly realized that there is real-world value to virtual-world assets, and have employed various ways of extracting that value from unsuspecting gamers.

The paper notes that "criminals are increasingly exploiting cross-over points between virtual and real-world economies. It is the failure to recognise the importance of protecting the real-world value locked up i this grey-zone of the economy which is leading to the 'year of online world fraud.'" The paper divides the criminal exploits into three categories: (1) identity theft; (2) taking advantage of flaws in the virtual-world economies ("illegally" duplicating or creating virtual-world objects or wealth); and (3) in-game theft (stealing virtual assets from in-game characters).

The paper makes a number of recommendations, of course, many of which boil down to shining a light on the criminal activity and educating the public about the risks associated with participating in virtual worlds.

As for what it calls "Corporate Virtual Worlds," however, the paper notes that there is very little research on the security of those worlds. It recommends that "enterprise-critical data should not be processed within a virtual world that is not entirely under the company's control and that no client or server beyond a protected local area network, administered by trusted parties, should be used." That's a caution worth considering if your company is considering setting up shop in Second Life or a similar public on-line world.

Here is the press release summarizing the paper. Thanks to The Register for the post on this one.

Tough Massachusetts Data Regs Delayed

Massachusetts has elected to delay implementation of its tough new data breach regulations from January 1 to May 1, 2009.

The regulations, among the most stringent in the nation, would require any entity holding personal information on Massachusetts residents -- whether located within our outside of Massachusetts -- to, among other things, encrypt records and files containing personal information that will be transmitted over a public network or wirelessly; introduce secure user authentication protocols and other security measures; put in place an information security program, including firewall protection; monitor unauthorized use of their systems; and create an inventory of their systems that maintain defined personal information on Massachusetts residents.

While it is hard to argue with the goals of the regulations, they are an example of the difficulties faced by small and large businesses alike when trying to deal with sometimes conflicting local attempts to legislate computer security.

Credit Crunch-Opportunities for IP Counsel to Add Value

IP Finance has a list of five ways that the credit crunch may affect IP-related development and transactions. All of them have implications for IP counsel; ways that attorneys can help clients get their IP houses in order, so to speak.

The one that caught my eye is the first on the list: companies may turn to open source or outsourcing to help reduce software development costs.

Both routes are not without risk, of course. If the developers (whether in-house or outsourced) are using open source tools or code to create new software, the company needs to know how that choice could affect the marketability of the resulting product. Outsourcing the development requires careful planning and a strong agreement so that the client can keep control over development costs and timing. Two opportunities for IP counsel to help in ways that truly add value.

A Place for Wikipedia and On-line Tools in Court?

There have been several recent blog posts about how judges are being instructed not to use Wikipedia as an authoritative source for important information to be used in their decisions.

To which I can only respond, "Well, duh."

Wikipedia and other unverified sources of information do have their places in court. When used for background information, or where the exigencies of the situation do not allow for a more refined exposition of the facts, Wikipedia can be helpful to the court and useful to the outcome. But when you get to the final stages of a lawsuit or a criminal case, where a judge or jury is going to render an ultimate (pending appeal) decision on the merits, then it's time to migrate to traditional, or at least verifiable, sources of information.

I recently defended against a motion for a temporary restraining order in Federal Court where one of the key facts in my favor required me to translate a foreign-language document that I had received only hours before the hearing. Unfortunately, time did not permit me to locate and retain a professional translator who could generate a certified translation of the document. That would have been my preferred method if there had been time. Instead, I used the Google Translate tool, entering the text of the original document and using the tool to generate an English translation.

I was not about to represent to the Court that this document was a definitive, authorized translation, however. So in my declaration I laid out in careful, step-by-step detail exactly how I had produced the translation, so that both my opponent and the Court could reproduce my steps.

The Court accepted my translation for purposes of the motion. Opposing counsel, on the other hand, criticized me severely for using what he considered to be an inaccurate translation of the foreign document. I was comfortable with my position, nevertheless -- I had made no ultimate representation to the Court that the Google translation was the final word, so to speak, on the matter, and because the ruling (which generally favored my clients) was preliminary, the Court had not closed the door on the issue.

The takeaway point is that there is a place for web-based information sources to be used in court disputes. But they need to be used intelligently, and beware the attorney who believes what is on the computer monitor simply because it is on the monitor.

Woman Hires (Virtual) Private Eye in Second Life

Following on a recent post about a Japanese woman who was arrested for allegedly "killing" her ex-boyfriend's avatar in a "Second Life"-type game comes this just-as-odd report from the UK.

A woman has filed for a divorce from her husband after she caught her husband's avatar chatting affectionately with a female avatar in Second Life. The couple had an interesting Second Life history; before they were married in real life, each played the role-playing game, and their avatars (hers was "DJ Laura Skye," his was "Dave Barmy") became partners in the game. That was, until the woman caught the David Barmy having in-game sex with a prostitute avatar. DJ Laura Skye immediately broke up with Dave Barmy, even as the couple stayed together in real life.

Evidently hoping for the best, the woman decided to test the fidelity of her boyfriend's avatar. She retained a virtual private eye named Marke Macdonald to set up a "honeytrap" designed to provide the David Barmy avatar an opportunity to stray again. However, Barmy passed the test with flying colors, speaking warmly of only of DJ Laura Skye all night. As a result, the virtual couple reunited in Second Life, and, incidently, their "meatspace" counterparts married in Cornwall.

A happy ending? Sadly, no; the woman then found the David Barmy character sweet-talking another female character in the Second Life game, and filed for a divorce -- in real life.

Yet another example of virtual world events having real world consequences. I find the use of the virtual P.I. to be particularly interesting.

Thanks to Michael Geist's BNA Internet Law and News feed for the heads-up on this one.

Classmates.com Class Action Lawsuit

I receive several emails each month from Classmates.com, advising me that someone has visited my profile, signed my guestbook, or even was just thinking of me (which somehow is the most poignant of all). The first time this happened, I was instantly time-warped back to my high school years, and eagerly clicked on the proffered link, breathless to learn whether Somebody Really Liked Me.

But what's this? When I clicked the link I learned that I have to pay to upgrade my account to find out who from my past has been passing me these digital notes. This of course drags me instantly back to the present, where my need for an upgraded Classmates.com account that I have to pay for ranks right up there with my need to buy an electric zither.

Well, my fellow Classmates.com user Anthony Wallace didn't share my fiscal sensibilities -- nothing wrong with that, of course -- but now he alleges that, after he'd paid for his upgraded account in response to one of those enticing emails, NOBODY HAD SIGNED HIS GUESTBOOK! This could mean one of two things: either Mr. Wallace was the hapless victim of the cruel continuation of a high school-era prank, or Classmates.com had unfairly enticed him in to parting with his hard-earned cash for an account upgrade.

Mr. Wallace, as a representative of a putative class of similarly-afflicted potential plaintiffs, has sued Classmates.com and related entities for misrepresentation and other torts.

More here from Wired; a copy of the complaint can be found here.

Domain Name Tasting Down, ICANN Reports

According to a report from Marty Schwimmer at The Trademark Blog, an ICANN-related email has announced that domain tasting was down 84% in July.

July was the first month in which new ICANN rules went into effect charging domain name owners 20 cents per domain name purchased, whether or not the owners decide to keep the name. Up until July, the charge was refunded for domain names that were "returned" within five days of purchase, which led to the practice known as "tasting" -- buying up a bunch of domain names, testing them for Internet traffic, keeping the ones that were likely to result in ad revenue, and returning the rest.

Tasting is frustrating for those who have a genuine interest in actually using a tasted domain name; if the name is constantly being tasted, it becomes difficult to purchase.

I discussed this in more detail back in February in an article that was published in the New York Law Journal and a few other places, and noted that when a similar charge was levied by the Public Interest Registry, which manages domain names for the .org domain, tasting declined by something on the order of 90%.

In short, ICANN put a serious dent in the problem by adding a small but significant cost component to an activity that was formerly free.

Junior -- Actually, Sophomore -- Black Hatter Arrested

A recent report from up Schenectady way highlights the danger that "black hat" hackers face when they advise their targets of system security problems. It also shows the difficult position that victims are put in when those hackers happen to be minor students.

According to a notice posted on the website of the Shenendehowa Central School district in Clifton Park, New York, the principal of the local high school received an email from an anonymous "student" advising him that the sender had accessed a file on the school district's computer system that included detailed personal information about present and former district employees. The district IS department was alerted, and they "discovered that two high school students had accessed the file from an internal computer using their student password. Due to a configuration error, this file was not completely secured from student password access after being moved to a new server."

In other words, the database was left unsecured and all the student had to do to access it was log in to the system as a student and go poking around.

Of course, in the fine tradition of egg-faced officials everywhere, it is the student who discovered the problem and not the IT person who caused it who will pay for the error. The student was identified (he did log on as a student, albeit according to the school district he used another student's login -- probably not a good idea if you're trying to look innocent, that), arrested, and charged with three felonies. (The second student was not charged; perhaps he was merely kibitzing.)

This has caused a minor uproar in the tech community, which generally considers that the student was more or less doing his civic duty and deserves a ribbon, not a record. Perhaps. But consider the other side of the coin -- sensitive information about present and former employees was available to anyone logged in to the system, and was viewed by at least one person -- the student -- who did not have a right to see it. That's all that it takes to confirm a security breach.

The district from that point forward had a legal obligation to notify the affected employees that the security of their personal information had been compromised (according to news reports, it did provide the notice). It also has an obligation, under New York state law, to notify the state's Office of Cyber Security, Attorney General, and Consumer Protection Board. A good summary of New York state laws and regulations relating to information security can be found here.

The point to be taken from this incident is that when personal information is compromised, the consequences must by law extend beyond simply the affected entity. Should the student be facing three felony charges for what he did? Perhaps not. Should the authorities have been notified? Absolutely.