Year: 2015

Two Legal Cases to Define Open Source Regulation

March 18, 2015 Administrator Leave a comment IP

How 2 legal cases may decide the future of Open Source software (CIO, 6 March 2015) – The days of open source software free lunches are rapidly coming to an end, and that means enterprises that fail to stick to the terms of open source licenses can expect to be sued. That’s the stark warning from Mark Radcliffe, a licensing expert and partner at law firm DLA Piper. “We are entering a different era for open source, shifting from a special universe where people were cooperative and collaborative to a more hard-nosed commercial one,” he explains. “Now people are applying the same criteria for the enforcement of their open source software rights as for proprietary software, and looking at how they can use them strategically in their business.” Radcliffe says this shift is only just beginning, but for evidence he points to the case of Versata v. Ameriprise. In summary, Versata’s proprietary software product, Distribution Channel Management (DCM), used an open source XML parsing utility that was licensed under GPLv2 from a company called XimpleWare. (XimpleWare also offers its utility with a commercial license to companies that don’t want to be subject to an open source license, but Versata did not use that commercial license.) The problem came when Versata licensed its DCM software to financial services company Ameriprise, and subsequently sued Ameriprise for allowing a subcontractor to decompile Versata’s software—a move Versata contended was a breach of license. Ameriprise then countersued. Because Versata’s software included open source software licensed under the GPLv2 and was a derivative work, Ameriprise alleged, the whole of Versata’s DCM product came under the GPLv2 license, and therefore Ameriprise or its subcontractor could decompile and modify the software at will. It turns out that the text of the GPLv2 license, the required copyright notices and a copy of the source code—all of which should normally be included with GPLv2 software—had been stripped out of the open source portion of DCM somewhere along the line, Radcliffe says. It is not clear who did it or why, or whether it was done inadvertently. “The point is that Versata did not appear to have a process for managing open source software. They ignored it, and their contracts were not set up for it,” he says. Radcliffe recommends that companies have an internal process for managing open source software—not just from internal developers, but also from software that comes with acquisitions or from consultants.

 

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/nuttakit

Law Firms and Wall Street Team Up on Online Security

March 16, 2015 Administrator Leave a comment Security

Wall St. and law firms plan cooperative body to bolster online security (NYT, 23 Feb 2015) – The threat of ever-larger online attacks is bringing together Wall Street banks and the big law firms that do work for them in an alliance that could result in some sharing of basic information about digital security issues. For nearly a year, banks and law firms have discussed setting up a legal group that would be affiliated with the banking industry’s main forum for sharing information about threats from hackers, online criminals and even nation states – the Financial Services Information Sharing and Analysis Center . Several people briefed on those discussions said those talks would most likely lead to the establishment of such a group by the end of the year, a recognition that hackers are increasingly focusing on big law firms to glean information about their corporate clients. Law enforcement agencies have long been concerned about the vulnerability of United States law firms to online attacks because they are seen by hackers and nations bent on corporate espionage as a rich repository of company secrets, business strategies and intellectual property. But attacks on law firms often go unreported because the firms are private and not subject to the same kind of data-breach reporting requirements as public companies that handle sensitive consumer information. Over the last several months, Mandiant, the security firm that is a division of FireEye, has been advising a half-dozen law firms that were the subject of a breach, said a person briefed on the matter who spoke on the condition of anonymity. Mandiant, during a recent presentation at a legal conference, said many of the bigger hackings of law firms had ties to the Chinese government, which was seeking information on patent applications, trade secrets, military weapons systems and contract negotiations. The law firm group under consideration would be set up as an organization to share and analyze information and would permit firms to share anonymously information about hackings and threats on computer networks in much the same way that bank and brokerage firms share similar information with the financial services group. And while the two groups would not necessarily share information with each other, the law firms would have access to some of the resources of the financial center, which has existed since 1999 and is one of the better-funded industry threat-sharing organizations. [ Polley : I’m helping the ABA assess whether/how it might facilitate similar ISAC-like activities; we fear that most firms (other than the very largest) wouldn’t grok the value-proposition. Reactions?]

 

Provided by MIRLN

Photo courtesy of Creative Commons: https://www.flickr.com/photos/albertocarrasco

UK Courts to Develop Internet-Based Dispute Resolution System

February 27, 2015 Administrator Leave a comment Court

Online court proposed to resolve claims of up to £25,000 (The Guardian, 15 Feb 2015) – The UK justice system should receive a radical overhaul for the digital age with the creation of an online court to expand access to justice and resolve claims of up to £25,000, the official body that oversees civil courts has recommended. In a transformative proposal for largely lawyer-free, virtual courtrooms, the civil justice council is calling for an internet-based dispute resolution system to be available within two years. Backed by Lord Dyson, the master of the rolls, who is head of the civil judiciary in England and Wales, the report says existing services – such as eBay’s disagreement negotiation procedure and Cybersettle’s blind-bidding operations – provide prototypes worth studying. The online dispute resolution (ODR) model proposed in the report envisages a three-tier process: evaluation through interactive services and information, negotiation with online “facilitators” and finally, if agreement has not been reached, resolution by a trained judge relying on electronic submissions. Only the judge need be legally qualified. If necessary, telephone hearings could be built into the last stage. Rulings by the online judge would be as enforceable as any courtroom judgment. The report’s principal author, Prof Richard Susskind, who is president of the Society for Computers and Law, said the UK was falling behind other countries that have begun to incorporate online elements into their judicial systems. His recommendations include “automated negotiation” where differences may be resolved “without the intervention of human experts” by relying on blind bidding processes.

 

Provided by MIRLN.

Image courtesy of OTA Photos (Creative Commons) http://bit.ly/1zm0SNx

http://www.tradingacademy.com

U.S. Senators Question FBI Decoy Cellphone Towers

January 22, 2015 Administrator Leave a comment Privacy

Senators question FBI’s legal reasoning behind cell-tower spoofing (Washington Post, 2 Jan 2015) – Two U.S. senators are questioning whether the FBI has granted itself too much leeway on when it can use decoy cellphone towers to scoop up data on the identities and locations of cellphone users. The lawmakers say the agency now says it doesn’t need a search warrant when gathering data about people milling around in public spaces. Sen. Patrick Leahy (D-Vt.) and Chuck Grassley (R-Iowa), the chairman and ranking member on the Senate Judiciary Committee respectively, have written a letter to Attorney General Eric Holder and Department of Homeland Security Jeh Johnson about the use of the surveillance technology called an IMSI catcher, though also referred to by the trade name “Stingray.”

 

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/KROMKRATHOG

Tech Companies Wrestle With DOJ Over Data Request Transparency

January 6, 2015 Administrator Leave a comment Privacy

Tech firms tussle with DOJ over the right to say ‘zero’ (WaPo, 16 Dec 2014) – A growing number of technology companies seeking to promote transparency have been testing the limits of new government guidelines on how they can disclose national security orders for their customers’ data. Over the past year or so, about a dozen online and communications firms have reported that they have never received such a request, effectively breaching the spirit if not the letter of government guidance issued in January intended to make it more difficult for would-be terrorists or spies to identify services that could be used to evade detection. Their decisions have frustrated U.S. officials, even as they privately acknowledge there is little they have been able to do about it. In October, Twitter sued the government , charging that its First Amendment rights were squelched when the Justice Department blocked it from publishing a transparency report that sought to disclose the specific number of orders it had received and the fact that the number was limited. The firm also alleged that preventing a company from reporting “zero” national security requests is an unconstitutional restraint on speech. The guidelines take the form of an agreement reached with five major tech companies that allowed for reporting of government national security requests in broad ranges, such as 0-999. There is no “zero” option. Some firms began issuing warrant canaries shortly after the first disclosures by former intelligence contractor Edward Snowden, who revealed a National Security Agency program to gather data about millions of Americans’ phone calls (though not the content) from phone companies. Wickr, a San Francisco-based company that provides an encrypted text message service to more than 4 million users, planted a warrant canary in its transparency report in the summer of 2013, becoming the first company, it said, to do so. The report said, “If the canary flies the coop, the tone of this report will change as well because things will have shifted.”

 

Provided by MIRLN.

Image courtesy of FreeDigitalPhotos.net/jscreationzs