Cyberlaw Central

Imagine you need to take a file with sensitive data on it with you on a trip, but the only method you have available is a small USB thumb drive. You get to your destination only to discover the drive fell out of your pocket somewhere along the way. What a disaster, the hardest for me would be having to explain to those affected by the data breach what happened to their data.

So, what’s the solution? Use Truecrypt to secure the drive. You can take a blank drive with no data on it, add the Truecrypt Traveller Disk software, and then create a “container” to hold the data which is encrypted. The idea is that the container should fill the rest of the drive. The Truecrypt software can very easily be set up to run from the USB drive on any Windows computer you attach it to (the only caveat is you have to be in administrator mode) and allow you to mount the drive. You only need to enter your password when mounting the drive - once attached, it works like any other drive, it selects the next available drive letter to use.

I think it works great, it’s a very elegant solution to the problem. The software is open source, and supports multiple encryption formats if you want to get arcane, but the defaults are plenty strong so long as you use a good long password with letters and numbers and symbols.

I attended only one day of the ABA Techshow here in Chicago on Friday, March 23rd.

I initially wrote this post on the train using my latest gadget acquisition, an EvDO Mobile Broadband Card I won at Techshow courtesy of Sprint.  I was one of the lucky winners of their giveaway, and wow, it’s nice.  The speeds are just a little slower than hard-wired broadband.  Chicago just recently got revA, which provides a significant speed increase, so this is the time to get it.

Then, life intervened - between work, the teething pains of a 7-month old, and the double-ear infection of a 2-year old, this summary has been long delayed.

I attended sessions on security with Ross Kodner and Debbie Foster, on email management with Ellen Freedman and Sheila Blackford, on remote access for lawyers by Lincoln Mead and Toby Brown, and on client satisfaction using technology presented by Jim Calloway and Nancy Roberts Linder.

I was pleased to catch back up briefly with Matt Homann, Tom Mighell, Nerino Petro, Rob Robinson, and a few others. I also briefly saw Adriana Linares, but didn’t have a chance to remind her who I was or how much I enjoy reading I Heart Tech. 

Some of the best takeaways, other than the EvDO card, were the following:

- Remote access has to be driven by policy, not just the geeky desire to be remotely connected all the time.  Careful consideration should be given to security, accountability, and recoverability.

- Technology doesn’t change the fundamental nature of client satisfaction, it can only help you do it.  You still need to communicate clearly and effectively what you will do, by when, and what it will cost.

- The instant answer is not always the best answer.  Even with the speed of modern communications, sometimes you need time to think through the problem.

- Always use an automated email response if you are going to be out of the office for one day or more. You will never know in advance when a client has an emergency and is counting on your otherwise normally speedy response times.

- By percentage, the average company spends less of its annual budget on security than it does on its coffee service.

It’s often been said that when Google, Inc. bought the YouTube service, it bought a lawsuit. There have been several, but the biggest one yet was filed on March 13, 2007. There are six counts, the first three are for infringements of the exclusive rights granted to copyright holders, and the remaining three are for various theories of indirect infringement.

The counts are:
Count I - (Direct Copyright Infringement – Public Performance)
Count II - (Direct Copyright Infringement – Public Display)
Count III - (Direct Copyright Infringement – Reproduction)
Count IV - (Inducement of Copyright Infringement)
Count V - (Contributory Copyright Infringement)
Count VI - (Vicarious Copyright Infringement)

This filing is obviously intended as more of a statement; the introduction reads like a brief, not a complaint. The meat of the complaint doesn’t start until Page 5, and even that’s just the jurisdictional statement.

Google/YouTube’s business strategy has been to comply with takedown notices given under the provisions granted under the DMCA, see my discussion of the 100,000 notices that Viacom issued in February here.

While the Defendants can prevail on Counts I, II and III under the Section 230 immunity granted to publishers under theories of direct liability, they could lose on Counts IV through VI, the indirect liability theories.

Paragraph 66 of Count IV alleges “…by their clear expression and other affirmative steps, Defendants are unlawfully fostering copyright infringement by YouTube users.” Loose lips sink ships, like what happened with Grokster. Discovery in the case will certainly be focused on this element, if there is a smoking gun/letter/email out there Viacom can afford to find it.

Count V alleges that Defendants are vicariously liable for the infringement of its users. In particular, it alleges they have actual or constructive knowledge of the infringments, which they then “enable, facilitate, and materially contribute” to. Essentially, Viacom is claiming that the infringement is so widespread, how could the defendants not know it was going on? To be fair, I believe this count is a stretch, as Google has been consistently taking clips down when notified of the infringement.

Count VI alleges that Defendants are vicariously liable because they have both the right and ability to stop the infringement by its users. Paragraph 84 is particularly interesting: “Upon information and belief, YouTube currently engages in practices to enforce content restrictions and protect the copyrighted works of its business partners, but withholds these same protections for the copyrights of persons, including Plaintiffs, who have not granted licenses to YouTube.” If true, it casts doubt on the oft repeated allegations that systems such as those alleged to exist here are impracticable.

We’ll see how this case pans out. I expect to see it fully litigated, not settled, but you never know.

I first wrote about Bitpass, a micropayment service, here, back in July of 2005.  I was sad to read that the service will shut down as of January 26th.

Matt Marshall at VentureBeat has a great article discussing the demise here.

The following is an article I wrote about the recent changes to the Federal Rules of Civil Procedure and its impact on record keeping responsibilities and issues.

—-

As of December 1, 2006, the Federal Courts have adopted new Federal Rules of Civil Procedure that explicitly acknowledge the fact that information that may be relevant to a lawsuit exists only in electronic form. As such, for the first time the rules set forth procedures that lawyers need to follow in all federal cases. Electronic discovery is no longer limited to the huge cases, it will be required to be discussed in all cases.

While we will not discuss the specifics of the rules here, as the details are of interest mainly to other lawyers and people who are involved in a federal lawsuit, this article focuses on the impact of these rules on record keeping responsibilities and issues.

So what kinds of electronic evidence are we discussing here? It should be stressed that the new Rules define “electronically stored information” very broadly. Instead of focusing just on documents, such as word processing documents and emails, the definition now can include information stored on voice mail, PDA’s, cell phones (with or without cameras), thumb drives, laptops, and backup tapes. Even automobiles, with their onboard computers that can store information about a vehicle crash, are potentially covered by the new rules.

The new rules do not prohibit the routine deletion of electronic evidence as part of a regular record keeping policy or program. However, once a person has knowledge of a lawsuit (or even a potential claim), the preservation requirements kick in. Parties then have a duty to quickly preserve electronic evidence before it can be destroyed. There can be severe consequences for failing to preserve electronic evidence once there is notice of a lawsuit, or there is reasonable anticipation of one. As such, careful companies should prepare for this eventuality by knowing their systems, and knowing their people.

Know your systems – Companies should know what pieces are in their IT infrastructure, and how they work and interact. If an automated backup system that overwrites data is not stopped in a timely fashion, then critical data could be overwritten. If nobody except the IT support staff knows it’s running, then who knows to stop it in time? Some questions to consider are: Where are the machines located? What kinds of backups are run? Where are backups stored? How long are they kept? Is mail stored on the servers, or just on individual machines? How is voice mail stored? Is voice mail backed up? Knowing answers to these types of questions in advance can help to reduce the time needed to get up to speed once there is litigation, and helps avoid the inadvertent destruction of data.

Know your people – The duty to preserve evidence attaches not just to a company, but to all of its employees. Some questions to consider are: Who is the most knowledgeable person about this particular system? Who uses that program? Who has access to this data? Who can overwrite it? Who can delete it? These questions can help you determine who is the most knowledgeable about the systems, and help determine who needs to be told to preserve evidence.

We hope that these questions will help to allow people to be proactive, rather than reactive. It would be a shame for a company to feel pressured to settle a case it could otherwise win rather than face the prospect of producing electronically stored information.

• Today was my first day back at work after two weeks off.  My excuse? Parental leave after the birth of my third son.  Mother and baby are doing fine.  So are his older brothers.
• I was pleased to see that Blawg Review #70 was posted on Monday by Dave! Gulbransen.  I had the pleasure of meeting Dave! last fall at the BlawgThink conference.  He’s been on my blogroll ever since.  What a great job he did here, be sure to check it out. 
• The most interesting case I kept up with over the last few weeks is the 9th Circuit’s decision in United States v. Hill, a 4th amendment search and seizure case involving computers.  Orin Kerr posted a great summary of the decision at his personal blog.

Here are some quick news and notes:

Christopher Lydon’s outstanding public radio show called Open Source is available as a podcast. This morning on my commute I listened to the February 7th show about Craigslist and its implications for generating community on the Internet. Here is a link to the show which you can download and listen on any MP3 player or personal computer.

What struck me was the community generated around sites like Craigslist, there is some discussion on the show of its societal impact. One of the guests, Tom Sander, had this to say:

There are two potential benefits of a site like Craigslist. One is that it actually enables new connections to form, whether it’s a backgammon partner, or a friend with benefits, or a missed connection that becomes a connection. But I think the other value is that … if people have 20 different micro transactions, one who returns their ipod, and a nanny that they hire that seems trustworthy, and a person to meet for sushi on Tuesday night, that all those things together start to change their nature about other people in their community…

Many other Internet technologies are isolating, allowing people to get more done without having to socialize with real people. Craigslist is different - it builds a sense of community and lets people interact. At the end of the show, David Cleaves, a Mandolin player in Lowell, MA played beautifully. The show had placed an ad in the local Craigslist looking for a musician, and found one willing to come in to the studio. Now *that’s* community.

Ryan Singel at Wired News has a great article on the battle (has it really been ten years? My, how time flies) ten years ago over the Communications Decency Act. The article is entitled “They Saved the Internet’s Soul.” I highly recommend it, it’s only two pages long.

This case went all the way to the Supreme Court while I was in law school, and wow, it was an exciting time to be interested in technology and the law. Reading through the Court’s opinion, it was clear that the Court actually understood the technology and its implications and was very careful in this case of first impression to get it right. Even ten years later, the decision is a good primer on how the Internet works.

On Monday, a Verizon executive named John Thorne spoke before a conference celebrating the 10th anniversary of the Telecommunications Act of 1996. His message? That Google is freeloading on the companies that built the Internet backbone, companies like Verizon that own the fiber, without paying their fair share. For a deeper summary of what he said, here is a link to an article at the Washington Post.

I’ve heard similar grumblings like this for some time coming from those who build and maintain the Internet’s infrastructure, basically amounting to little more than “They’re making money hand over fist using our pipes, and we want some of that money too.” It’s childish.

Nevermind that users pay for access, and that Google is also paying for its bandwidth. Nevermind that the Internet was founded on the principle that the pipes are shared, with users on both ends paying for their access. Nevermind that many of these pipes were subsidized with government money. Nevermind that Verizon is trying to frame the argument in such a way that it actually seems harmed by its inability to suck money directly from Google’s pockets. All this with a straight face.

I haven’t seen anything yet in any of these arguments from the backbone providers that I find compelling. It always seems to boil down to base emotions like greed and avarice.