Federal Bill Seeks to set National Standards for Data Breach Notification

Via the Cyberspace Law Committee of the State Bar of California: “A United States Senate bill was introduced on June 22, 2012 to provide a national standard for notifying individuals of a security breach relating to their personally identifiable information. The Data Security and Breach Notification Act of 2012 (S.3333) was introduced by five Republican senators to override the patchwork of existing state regulation concerning security breach notification. Because the Act is much less stringent than the notification statutes currently in effect in a number of states, including California, it is likely that there will be opposition from, among others, online privacy advocates.”

Text of the Senate Bill

ArsTechnica: Judge Estimates 30,000 Secret Surveillance Orders Approved Each Year

ArsTechnica: Judge Estimates 30,000 Secret Surveillance Orders Approved Each Year

Interesting Cyberlaw and Other Academic Papers: Spring 2012

Do Not Track as Contract by Joshua Fairfield, Washington & Lee University, School of Law, Vanderbilt Journal of Entertainment and Technology Law, Vol. 14, No. 3, p. 101, 2012, arguing that as a matter of contract law, browser do-not-track options are enforceable against corporations.

The Anonymous Internet by Bryan H. Choi, Yale Law School, Information Society Project, Maryland Law Review (forthcoming).

From Lord Coke to Internet Privacy: The Past, Present, and Future of the Law of Electronic Contracting by Juliet M. Moringiello, Widener University School of Law, and William L. Reynolds II, University of Maryland Francis King Carey School of Law, Maryland Law Review (forthcoming).

Forcing Forgetfulness: Data Privacy, Free Speech, and the ‘Right to Be Forgotten’ by Robert Kirk Walker, UC Hastings College of Law.

Unwrapping Shrinkwraps, Clickwraps, and Browsewraps: How the Law Went Wrong from Horse Traders to the Law of the Horse by Cheryl B. Preston, Brigham Young University – J. Reuben Clark Law School, and Eli McCann, 26 BYU J. PUB. L. 1 (2011).

Tackling Twitter and Facebook Fakes: ID Theft in Social Media by Alexander Tsoutsanis, DLA Piper and Leiden Law School, World Communications Regulation Report, 2012/4 p. 1-3.

Reclaiming Copyright From the Outside In: What the Downfall Hitler Meme Means for Transformative Works, Fair Use, and Parody by Aaron Schwabach, Thomas Jefferson School of Law, Buffalo Intellectual Property Law Journal, 2012.

Copyright Conspiracy: How the New Copyright Alert System May Violate the Sherman Act by Sean M. Flaim, Catholic University of America, Columbus School of Law, NYU Journal of Intellectual Property and Entertainment Law (forthcoming).

Oversharing: Facebook Discovery and the Unbearable Sameness of Internet Law by Bruce E. Boyden, Marquette University Law School, Arkansas Law Review, Vol. 64, 2012.

A Due Process Right to Record the Police by Glenn Harlan Reynolds, University of Tennessee College of Law, and John A. Steakley, Washington University Law Review, Vol. 89, No. XXX, 2012.

The New Federal Crowdfunding Exemption: Promise Unfulfilled by C. Steven Bradford, University of Nebraska College of Law, Securities Regulation Law Journal, Vol. 40, No. 3, Fall 2012, arguing that the recent crowdfunding bill signed by President Obama into law is flawed because the regulatory cost of selling securities through crowdfunding might still be too high.

Aftermath of the Facebook IPO: Now that a bit of time has passed since the IPO and passions regarding the offering have cooled somewhat, interesting post-mortems on the offering are beginning to appear:

Felix Salmon: Facebook’s SecondMarket Muppets

Aswath Damodaran, Professor of Finance at the Stern School of Business, New York University: Facebook: Sowing the Wind, Reaping the Whirlwind In Professor Damodaran’s view, “[m]uch of the chatter about whether Facebook was a good buy or not was framed in terms of pricing, with the optimists arguing that it was a bargain because you were paying less per user than you were at other social media companies and the pessimists arguing that it was expensive because it was trading at a much higher multiple of earnings or revenues than Google or Apple. Any attempt at full-fledged valuation, where you confronted the uncertainty and attempted to make estimates, was viewed as an exercise in speculation and guesswork. I also think that this is why the conspiracy theories, where Morgan Stanley fed inside information about future growth to institutional investors prior to the IPO and where the poor retail investors were the last ones to know, are misplaced. I am convinced that the growth rate and the prospects of the company were never key drivers in how this stock was priced and that if there is a story here, it is one of ineptitude and arrogance, rather than malice.”

Also by Professor Damodaran, his pre-IPO thoughts on the valuation of Facebook:

Facebook and ‘Field of Dreams’: Hoodies, Hubris and Hoopla

The IPO of the decade? My valuation of Facebook

Facebook: Playing the “IPO pop” game?

06/6/2012: 

Berkman Center’s Cybersecurity Wiki

Berkman Center’s Cybersecurity Wiki

06/5/2012: 

Image by Laura Billings, “Virus” January 14, 2008 via Flickr, Creative Commons Attribution-NonCommercial 2.0 Generic (CC BY-NC 2.0)

Link Round-Up: Recent Revelations Regarding the STUXNET and FLAME Cyberattacks:

New York Times: Obama Ordered Wave of Cyberattacks Against Iran

Washington Post: STUXNET was Work of U.S. and Israeli Experts, Officials Say

The Atlantic Wire: A Complete Guide to FLAME, the Malicious Computer Virus Ravaging Iran

Securelist.com (Kaspersky Labs): The FLAME: Questions and Answers

MIT Technology Review: How Obama was Dangerously Naive About STUXNET and Cyberwarfare

David Sanger of the New York Times: Mutually Assured Cyberdestruction?

Developments in the Emerging Online “Right to be Forgotten”

Last month, the European Commission proposed a broad reform of the EU’s data protection rules, including the proposed creation of a new “right to be forgotten” that would allow people to demand that organizations that hold their data delete that data, provided there is no legitimate grounds to retain the information. At the European Commission website: the proposal and a host of related materials.

Europe proposes a ‘right to be forgotten’ at ArsTechnica‘s Law & Disorder.

Additional reaction: Data protection changes place disproportionate burdens on business, expert says by law firm Pinsent Masons.

The Right to be Forgotten by Jeffrey Rosen writing as part of the Stanford Law Review Online symposium issue: The Privacy Paradox.

Is The ‘Right To Be Forgotten’ The ‘Biggest Threat To Free Speech On The Internet’? at NPR

World Bank Report: China 2030 – Building a Modern High-Income Society

World Bank Report: China 2030 – Building a Modern High-Income Society

02/27/2012: 
Tags:    

You see, an economy built to last is one where we encourage the talent and ingenuity of every person in this country … . [W]e should support … . every risk-taker and entrepreneur who aspires to become the next Steve Jobs. After all, innovation is what America has always been about. Most new jobs are created in start-ups and small businesses. So let’s pass an agenda that helps them succeed. Tear down regulations that prevent aspiring entrepreneurs from getting the financing to grow.

President Barack Obama, State of the Union Address, January 24, 2012.

BUT, while a bill which would allow relatively small amounts of money to be raised through crowdfunding, including through sites such as Kickstarter, was passed by the House of Representatives by a 413-11 vote in November 2011, the narrower Senate version of the bill is languishing in the Senate Banking Committee.

Scott Edward Walker at Forbes: “Crowdfunding Bill Stuck in the Senate”

Background on the House Entrepreneur Access to Capital Act“The Entrepreneur Access to Capital Act and What It Could Mean for Startups” posted by the law firm of Sheppard Mullin at the Venture Law Blog.

Text of House Bill (passed): H.R. 2930: Entrepreneur Access to Capital Act.

Text of Senate Bill (in committee): S. 1791: Democratizing Access to Capital Act of 2011.

Senator Scott Brown, sponsor of the Democratizing Access to Capital Act, testifying in front of the Senate Banking Committee in support of the bill.

See alsoSenator John Thune, sponsor of the Senate’s Access to Capital for Job Creators Act, calls on the Senate Banking Committee to move forward on his bill which would eliminate the prohibition on general solicitation and general advertising from Regulation D, Rule 506 offerings, provided all purchasers are accredited investors.

Megaupload: A Lot Less Guilty Than You Think?

Megaupload: A Lot Less Guilty Than You Think?

Can the Government Force You to Decrypt your Electronic Device or Hand over Your Password?

Hopefully, at some point, the Supreme Court will weigh in on the question, as lower court decisions conflict on the answer. The result might differ depending on the context (at the U.S. border as a result of a customs search or as a result of a police stop or search which took place within the U.S.), whether the government already knows the laptop contains incriminating evidence, and, perhaps, whether the government requests the password or seeks an order for the owner to decrypt the device (without revealing the password). In the latest case, a federal judge in Colorado, ordered a laptop owner to release the contents of her computer’s encrypted hard drive. The court’s order.

The Verge: ”Decrypting Laptop Doesn’t Count as Self-Incrimination, US Federal Judge Rules”

The Electronic Frontier Foundation: ”Disappointing Ruling in Compelled Laptop Decryption Case”

The EFF’s amicus brief in the case.

Orin Kerr at The Volokh Conspiracy”Encryption and the Fifth Amendment Right Against Self-Incrimination:”
“The Court ends up ordering the defendant to decrypt the hard drive, but only because the court made a factual finding that in this specific case, the government already knew the information that could be incriminating — and as a result, was a ‘foregone conclusion’ that dissipated the Fifth Amendment privilege. If I’m reading Fricosu correctly, the Court is not saying that there is no Fifth Amendment privilege against being forced to divulge a password. Rather, the Court is saying that the Fifth Amendment privilege can’t be asserted in a specific case where it is known based on the facts of the case that the computer belongs to the suspect and the suspect knows the password. Because the only incriminating message of being forced to decrypt the password — that the suspect has control over the computer — is already known, it is a ‘foregone conclusion’ and the Fifth Amendment privilege cannot block the government’s application.”

photo © 2012 j.r.mchale

Link Round-Up: U.S. v. Jones (GPS tracking and the Constitution)

The U.S. Supreme Court for the first time pondered the constitutionality of location tracking technology in the case of U.S. v. Jones. The Court decided yesterday that the government’s attachment of a GPS device to a vehicle (followed by the government’s use of that device to monitor the vehicle’s movements on a long term basis) constitute a search under the 4th Amendment. The emphasis in the majority opinion on the physical placing of the monitoring device on the vehicle and the existence of separate concurring opinions raise questions as to how far this decision really extends – important questions given the increasing prevalence of geolocation tracking.

The Supreme Court decision in U.S. v. Jones:
http://www.supremecourt.gov/opinions/11pdf/10-1259.pdf

”Supreme Court Holds Warrantless GPS Tracking Unconstitutional” at ArsTechnica’s Law & Disorder

”Fourth Amendment Lives? Supreme Court Says GPS Monitoring Is A Search That May Require Warrant” at TechDirt.com

“Reactions to Jones v. United States: The government fared much better than everyone realizes” by Tom Goldstein at SCOTUSblog.com.

”Why the Jones Supreme Court Ruling on GPS Tracking is Worse than it Sounds” by Rebecca J. Rosen at The Atlantic.

”U.S. Supreme Court Unanimously Rule that GPS Installation and Tracking of a Vehicle Constitutes a Search, But The Justices Disagree on Rationale – Are Lines Being Drawn on Privacy Rights and New Technology?” at Proskauer’s New Media & Technology Law Blog.

A series of posts at The Volokh Conspiracy by law professor, Orin Kerr, an expert on computer crime and related areas:

”The New Doctrine of What is A Fourth Amendment Search”

”What Jones Does Not Hold”

”What’s the Status of the Mosaic Theory After Jones?”

”Three Questions Raised By The Trespass Test in United States v. Jones”

”Why Did Justice Sotomayor Join Scalia’s Majority Opinion in Jones?”

That’s right, slowly but surely, Congress is sucking the tech industry into their world, making us play by their rules. We have to pay them off, literally with cash, or we get slaughtered … . Well, we’re now playing by big government rules. Congress can set up a fight pit with Hollywood in one corner and Silicon Valley in the other. Who cares what happens. The money will just roll right in. This is how criminal organizations run protection rackets. Congress is doing just that, only it’s completely legal.

Michael Arrington writing at Uncrunched on how “Big Government Sucks Tech Industry into Their Reality.”