Monday, April 09, 2007

Lawyers go to school to learn how to keep two opposite and irreconcilable arguments in their heads at the same time...

http://www.insidehighered.com/news/2007/04/09/heckenkamp

April 9

Defining Privacy — and Its Limits

A student in a public university dormitory room had a “reasonable expectation of privacy” for his personal computer and its hard drive, a federal appeals court ruled on Thursday. The decision also found that despite that right to privacy, an administrator in the case under review had the right to conduct a remote search of the computer — without a warrant — because of the circumstances involved.

The decision — by the U.S. Court of Appeals for the Ninth Circuit — is among the highest level court rulings to date on a set of legal questions pitting privacy vs. security that are increasingly present in academe. While experts cautioned that the decision involved a specific set of facts, several also said it provided guidance for students on their privacy rights and for administrators at public colleges and universities on setting computer policies that give them the flexibility they feel they need to prevent security breaches.

The ruling dates back to an incident in 1999, and the actions of administrators at the University of Wisconsin at Madison, when they were notified by Qualcomm Corporation, a San Diego company that produces wireless computing devices, that someone on Madison’s network was hacking into the company’s network. Ultimately, a then-student at Madison whose computer was found to be used in the hacking entered into an agreement with prosecutors in which he agreed to admit guilt, received a sentence of time served on federal charges arising from the hacking, and was released after eight months in prison. But Jerome T. Heckenkamp, the then-student, also won the right to appeal the case in the hope of clearing his name, and his appeal focused on information gathered by Madison officials.

Jeffrey Savoy, a computer security official at Wisconsin, was the person who received Qualcomm’s complaint. When he confirmed that someone on the Madison network was hacking the company, he also found that this same person appeared to have gained unauthorized access to portions of the university’s network as well. Of particular concern to Savoy was that this hacker had gained access to the server used by the university to house 60,000 e-mail accounts and to deliver about 250,000 e-mail messages each day.

Savoy was able to link the intrusions to a computer from a specific dormitory room and eventually was able to identify the room and the computer accounts being used as belonging to Heckenkamp. The decision by the appeals court then details the dual tracks taken by Qualcomm and Madison. The company decided to seek a warrant for a search of Heckenkamp’s room, but Savoy continued to monitor the situation in the meantime. He found that Heckenkamp had lost a job in the university’s computer help desk two years before and so had extensive knowledge of the university networks — enough to do real damage.

As the investigation continued, Savoy saw that the computer in question was being used, and that the hacker might well have been able to see that his actions were being detected. So Savoy, with university police officers, went to Heckenkamp’s room, entered it when the door was ajar and nobody was there, and disconnected the cord attaching it to the network.

Using Heckenkamp’s password, [probably from a keylogger, passwords are stored encrypted on most systems. Bob] which he had provided to a police officer, Savoy also conducted some tests on the computer to be certain that he had been successful in blocking its access to the university network. When Heckencamp was indicted in California, evidence in the case was a mix of materials obtained with a warrant the day after Savoy was in the room, but also information Savoy had obtained remotely.

In its analysis of the case, the appeals court said there can be “no doubt” that Heckenkamp’s expectation of privacy on his computer was “legitimate and objectively reasonable.” Further, the court said that this privacy expectation did not go away when Heckenkamp attached his computer to the university’s network. In language that would be relevant to many colleges, the court said that “the mere fact of accessing a network does not in itself extinguish privacy expectations.”

While that part of the decision establishes the norm for a public university student’s computers to be assumed private (thus requiring a warrant for searches), the court went on to say that Savoy’s actions were protected because of the way the university had established and communicated its policies, and because of his intent.

The relevant part of the university policy, quoted by the judges, says the following: “[A]ll computer and electronic files should be free from access by any but the authorized users of those files. Exceptions to this basic principle shall be kept to a minimum and made only where essential to ... protect the integrity of the university and the rights and property of the state.”

It was legitimate for the university to act as it did, the judges found, because it was acting out of concern about its own e-mail network, not to help with the law enforcement investigation set off by Qualcomm, and it acted in ways that were consistent with the university’s policies that Heckenkamp had agreed to follow. Savoy “needed to act immediately to protect the system,” the court found. In this situation, Savoy acted with legitimate “special needs” that justified not waiting for a warrant, the court found. The ruling was about the remote search of the computer, not the in-room search.

Benjamin Coleman, a San Diego lawyer who represented Heckenkamp in the case, said that he was disappointed that the evidence was not thrown out, and said that an appeal to the U.S. Supreme Court is possible. But Coleman said that the ruling gave students a key victory because it rejected that there was no basis for Heckenkamp to presume the privacy of his computer. Even though the court defined some narrow limits to that right, Coleman said, “this is the first decision at this level that says college students have an expectation to privacy on their computers, so this is very good for students’ privacy rights.”

... On the basis of this case one could say, ‘just because something is technologically possible, i.e. remote inspection of a hard drive, does not necessarily make it legal.’”

The case also provides a clear lesson for colleges, Mitrano said: “Write good policy.”



This will tell us if the NFL's legal team is aware of the backlash...

http://wendy.seltzer.org/blog/archives/2007/04/05/nfl_second_down_and_goal.html

April 05, 2007

NFL: Second Down and Goal?

Today, 12 business days after I re-sent my DMCA counter-notification, YouTube sent notice that they had restored my Super Bowl excerpt. Catch it while you can, because I'm not holding my breath that it will stay online this time either.

The chronology so far:

By my count, that's 17 days up, 38 days down, not counting "technical problems" that prevented access to the video on some days when it was not sidelined by a notification.

In the first takedown first DMCA takedown NFL sent YouTube in February, shortly after the Super Bowl, my video of the copyright warning was among 162 URLs listed. After YouTube re-posted my video, NFL's second DMCA notice singled out just one video, the one for which I had counter-notified on fair use grounds. If there was any excuse that the first claim was just a bot's overactive pattern-matching -- an excuse the NFL doesn't rely on in its response on the Wall Street Journal's Law Blog -- that excuse evaporated by the time I counter-notified.

Rather, NFL Spokesman Brian McCarthy argues,

We are entitled to disagree, in good faith, with her asserted defense, absent a court decision.
(3) We have valid grounds to disagree with the professor’s fair use argument. Had she simply used the clip in her classroom, before students, she might have had a stronger argument that the context was educational and entitled to fair use deference. But it was posted without any of this context, and in a manner available for anyone in the world to see, not just her students.

I think their fair use analysis is wrong as a matter of law, and therefore it was “knowingly materially misrepresenting” to claim that the clip infringed after getting notification of the clip’s content. I’m entitled to share this type of educational fair use with more than the students in my classroom. (I’m not trying to rely on the TEACH Act with its crabbed DRM requirements.) I post my syllabus and teaching slides online for anyone to see, and wanted to post this discussion similarly.

On the fair use factors, I think I’m in good shape: My use is for nonprofit educational purposes; the copyright in the telecast is thin; the portion of football that follows the copyright warning is a minute portion of the whole, with no significant action or commentary, useful to show people what it was the NFL claimed its copyright covered; and the effect on the market for or value of the work is non-existent.

Too bad the U.S.'s WTO non-compliant gambling law prevents us from wagering on what will happen next...

Posted by Wendy at April 05, 2007 08:24 AM |



There is more than one way to teach...

http://techdirt.com/articles/20070406/132716.shtml

High School Principal Sues Students For Phony MySpace Profiles

from the please,-make-fun-of-me dept

Not all MySpace-related lawsuits involve the same predictable factors like underage users and sexual assault. A high school principal in Pennsylvania has sued four students after they created parody MySpace profiles for him that listed interests such as smoking pot and watching pornography. He claims that the profile has damaged his future earnings potential and so he wants monetary compensation. It's not clear whether the students' actions qualify as first amendment-protected parody or whether they'd be seen as defamation of a private citizen. Either way, the most likely outcome here is more copycat attempts as he's just put a target on himself inviting other students to attack him. Instead of suing, it seems like a better course of action would have been to simply contact MySpace and request that the profiles be taken down. Now, for better or worse, he'll always be known as the principal that sued his students over fake MySpace profiles, to anyone who searches for his name. To his credit (or maybe his lawyer's) he's suing the students and not the site itself, which is the proper legal course. Then again, it's hard to imagine that he'll be able to get much in damages from a few high school students.



For your e-bookshelf...

http://www.bespacific.com/mt/archives/014496.html

April 06, 2007

March 2007 Freedom of Information Act Guide Now Available

USDOJ: "The Office of Information and Privacy has completed the latest revision of the Freedom of Information Act Guide, a comprehensive reference volume covering all aspects of the Freedom of Information Act (FOIA). The March 2007 edition of the FOIA Guide contains a newly updated and revised discussion of the procedural requirements of the FOIA, the contours of the FOIA's nine exemptions and three exclusions, as well as the considerations applicable to FOIA litigation. This latest edition of the FOIA Guide also contains an overview of Executive Order 13,392, entitled "Improving Agency Disclosure of Information." This Executive Order was signed by the President on December 14, 2005, and calls upon all agencies to improve their FOIA operations by ensuring that they are "both results-oriented and produce results."

  • "The March 2007 edition of the FOIA Guide is now available electronically on the Department of Justice's FOIA Web site at http://www.usdoj.gov/oip/foia_guide07.htm. This electronic version of the FOIA Guide can be easily searched by using key words. The FOIA Guide has also been sent to the Government Printing Office, which expects it to be ready for distribution in hard copy within the next few weeks."



Schools may go the way of record stores...

http://slashdot.org/article.pl?sid=07/04/08/1317213&from=rss

O'Reilly Opens Online Tech School

Posted by CmdrTaco on Sunday April 08, @09:56AM from the exams-are-today-and-you-didn't-study dept. Education

bl8n8r writes "The popular book author has started the O'Reilly School of Technology which offers online training and certification. "The O'Reilly School of Technology and the University of Illinois have partnered to offer Certificates of Professional Development in information technology and related skills." Among classes offered are Linux/Unix administration, Open Source coding, Java coding, C Programming and others."



Something my students can use...

http://slashdot.org/article.pl?sid=07/04/08/2212225&from=rss

Canadian University Students Taught To Protect IP

Posted by Zonk on Sunday April 08, @07:39PM from the they-have-a-few-rights-too dept. Education

innocent_white_lamb writes "Graduate students at Carleton University (Ottawa) are taking steps to protect their intellectual property, at the same time are insuring that they are being properly recognized for their work. This is in response to the increased commercialization of research done at universities, and high-profile cases of copyright infringement by professors at the University of Toronto and Indiana University. 'The initiative will include workshops and a handbook outlining what would constitute an infraction of students' intellectual property rights, Howlett said. Examples include a student not receiving authorship on written work, or having a professor take credit for their work. "This isn't an indictment of profs at all," said Howlett. "It's just to ensure that students' rights are protected in the case that it does happen."'"

No comments: