JOLT Digest

By Susanna Lichter

New Cyberweapon Duqu Possibly Spawned from Stuxnet Worm

Computer security analysts warn that Stuxnet, the sophisticated worm that wreaked havoc on Iran’s nuclear program, could be a precursor to more cyber attacks on industrial control systems, according to The Washington Post. There is definite evidence that Duqu, a dangerous new weapon that appears to borrow some of the Stuxnet original source code, was used in an attack last month. The New York Times reports that authorities are divided as to whether Duqu was created by reverse-engineering Stuxnet or if it was wholly made from scratch; however, the Hungarian lab that discovered Duqu says the two cyberweapons are “nearly identical.” The news raises fears that attackers could use these cyber devices to hack into the world’s infrastructure and manipulate water treatment facilities, power plants, and other critical systems.

FBI Announces Timline for Implementing Controversial Facial Recognition Tools

Next.gov reports the Federal Bureau of Investigation will begin implementing the use of facial recognition services as early as January, according to bureau officials. The new tools are designed to find matches from among the 10 million mug shots housed in the FBI database when uploaded with a picture of a suspected criminal. The Electronic Frontier Foundation has expressed concern that the new features will create false positives and infringe on people’s privacy rights.

Hacker Collective Anonymous Warns of Forthcoming Attack on Fox News

CNET reports that Hacker activist group Anonymous released a video unveiling plans to infiltrate the Fox News website early next month. The collective, which has aligned itself with the Occupy Wall Street movement, says the attack is a retaliation of Fox News’ biased coverage of the OWS protests. In another video issued last week, Anonymous demanded the release of one of its members who was kidnapped by the Mexican drug cartel Los Zetas while attending a protest in Veracruz, Mexico. The Houston Chronicle reports that Anonymous has threatened to publish the identities and addresses of Los Zetas’ associates if its demands are not met by November 5^th. Anonymous also made headlines multiple times last week, taking responsibility for operations targeted at police websites and child pornography servers. The collective hacked into a Boston law enforcement site’s server, altering the website’s homepage and leaking police names and passwords. They also took 40 child pornography sites offline.

By Andrew Segna

Google Acquires Motorola Mobility for $12.5 Billion

Google announced on August 15, 2011 that it will acquire Motorola Mobility for $12.5 billion in cash. Ars Technica reports that this purchase was motivated in part by Google’s desire to acquire Motorola’s patents and to protect its Android mobile platform, as this deal will give Google control of more than 17,000 patents in the mobile arena and 7,000 patent applications. This acquisition comes in light of Google accusing Microsoft, Apple, Oracle, and other companies of attacking Google and Android by acquiring Novell and Nortel patents.

Missouri Federal Court Reject LegalZoom’s Motion for Summary Judgment on Whether LegalZoom Violates Unauthorized Practice Law

As reported on Eric Goldman’s Technology and Marketing Law Blog, the District Court for the Western District of Missouri rejected LegalZoom’s motion for summary judgment against accusations that the website dealt in the unauthorized practice of law. LegalZoom offers both blank legal forms and a service in which customers answer a series of questions, which provides LegalZoom’s software with the information necessary to create a completed legal document for the customer. The court did not have an issue with the blank forms. However, the court found that there was a question of whether LegalZoom, through the questionnaire, did more than just allow a customer to pick various wordings of a document.

Activists Protest Bay Area Rapid Transit’s Decision to Cut Mobile Phone Access in Subway Stations

According to the Guardian, a protest occurred in the Civic Center subway station in San Francisco on the night of August 15, 2011 over the decision by Bay Area Rapid Transit (BART) to cut mobile phone access on August 5 in anticipation of a protest against police shootings that threatened to disrupt rush hour commute. Anonymous, the online activist group, broke into BART websites and organized the August 15 protest. BART did not cut off mobile access on August 15 but did temporarily shut down the Civic Center station and three other stations.

Minecraft Developer Vows to Oppose Trademark Infringement Suit

Markus “Notch” Persson, the creator of the popular PC game Minecraft, asserted that he would oppose video game publisher Besthesda Softworks’ claim of trademark infringement, as reported by Ars Technica. Besthesda claims that the title of Persson’s new game, Scrolls, infringes its trademark on its own video games series, The Elder Scrolls. Persson initially responded to the allegations, which he called “bogus,” by challenging Bethesda to a match of the video game Quake III to determine who was right.

By Andrew Crocker

Activist Arrested for Allegedly Hacking JSTOR

On July 19, police arrested Aaron Swartz, a 24-year-old programmer and Internet activist, in Cambridge, Massachusetts for allegedly committing wire and computer fraud when he downloaded approximately 4.8 million scholarly articles and other files from the JSTOR database, reports the New York Times.  As alleged in the indictment, beginning in September 2010, Swartz used MIT’s network to run an automated script to download the material from JSTOR, and eventually physically jacked into a network closet on the MIT campus after MIT blocked his remote access.  Swartz is known for his work on Really Simple Syndication (“RSS”) and the social news website reddit. He also founded the organization Demand Progress, which advocates for progressive Internet and government transparency policies.  Wired reports that although the indictment alleges Swartz intended to distribute JSTOR’s copyrighted material, he may have been conducting research, having previously worked on a study that analyzed the funding sources for a several hundred thousand law review articles.  According to Ars Technica, Swartz’s arrest has provoked protest by at least one fellow proponent of open access to scholarly works, who responded by posting nearly 19,000 scientific articles on Pirate Bay.

Ninth Circuit Reverses Conviction for Online Threat Against Obama

In a split opinion, the Ninth Circuit Court of Appeals has reversed the conviction of a California man who posted an online comment in October 2008 that appeared to call for then-Senator Barack Obama’s assassination, reports Wired.  Walter Bagdasarian was convicted under a federal law that makes it a felony to threaten to kill a major presidential candidate, but Judge Reinhardt, writing for the majority, found that Bagdasarian’s post did not rise to the level of a “true threat,” because there was insufficient evidence that “a reasonable person who read the postings within or without the relevant context would have understood either to mean that Bagdasarian threatened to injure or kill the Presidential candidate.”  In addition to failing this objective test for a true threat, the postings would also not support a subjective test for Bagdasarian’s intent to threaten Obama, and according to the court, either failure would be sufficient grounds for overturning the conviction.  Furthermore, although the post could be read as “an imperative intended to encourage others to take violent action,” the relevant statute does not criminalize exhortations to others, so Bagdasarian could not be convicted on this basis.  However, Eugene Volokh suggests that given the uncertainty in constitutional precedent on true threats and protected speech, this case is likely not settled and will either be reheard by the Ninth Circuit en banc or by the Supreme Court.

Controversial Data Retention Bill Clears House Committee

H.R. 1981, a bill that would require Internet providers to retain users’ IP addresses and other personal information for one year, has cleared the House Judiciary Committee by a vote of 19-10.  The bill, which CNET reports has received support from the Justice Department, is intended to make it easier for law enforcement officials to investigate crimes committed over the Internet.  According to the National Journal, critics of the bill have pointed to what they see as its politically opportunistic name, the Protecting Children From Internet Pornographers Act of 2011, as an attempt to hide its broad scope and lack of privacy protections.   In addition to lawmakers from both parties, civil liberties organizations, such as the Center for Democracy & Technology, have criticized the bill, arguing that its data retention provisions are invasive, confusing in scope, and burdensome to small Internet providers.

By Michael Hoven

TSA to Revamp Full-Body Scanners Despite Legal Victory

The Transportation Security Administration (TSA) announced that it would upgrade the software on controversial full-body scanners in order to better protect the privacy of travelers, says Wired. Instead of creating a nude image of the traveler, the new Automated Target Recognition software will produce a “generic outline of a person,” according to the TSA. The announcement came shortly after the Court of Appeals for the District of Columbia Circuit held that the use of full-body scanners at security checkpoints in airports did not constitute an unreasonable search barred by the Fourth Amendment, as the Wall Street Journal Law Blog reported. The court held that the government’s interests in security and anti-terrorism outweighed individuals’ privacy concerns, but the TSA rule implementing the scanners had improperly been enacted without going through a notice-and-comment period.

FBI Arrests Sixteen in Connection with “Anonymous,” “LulzSec” Hackers Collectives

An FBI crackdown spanned ten states and led to the arrest of fourteen suspected members of “Anonymous” and two others accused of crimes in connection with “LulzSec,” reports All Things Digital. Anonymous is the name of a loosely affiliated organization of hackers who have claimed responsibility for the distributed denial of service attacks against PayPal and others who Anonymous believed were withdrawing support for Wikileaks. LulzSec has used similar methods to attack Sony and Senate.gov, among others, and may be a spinoff group of Anonymous, as VentureBeat has reported. The fourteen suspected members of Anonymous were indicted by a federal grand jury in San Jose, CA on charges of conspiracy and intentional damage to a protected computer, according to All Things Digital, and the other two face similar charges. Gizmodo reports that Anonymous and LulzSec have since released a joint statement promising to continue their attacks on corporations and government.

Court Rules Facebook Posts Sufficient for Disciplining College Student

The Minnesota Court of Appeals (via Leagle) rejected a student’s argument that the University of Minnesota could not discipline her for statements made on Facebook because such statements were off campus, reports Eric Goldman at the Technology and Marketing Law Blog. In a series of posts, the mortuary sciences student discussed taking out aggression on a cadaver being dissected in class and threatened to stab an unidentified person, which she later admitted referred to an ex-boyfriend. The court held that the university was allowed to take disciplinary action (namely a failing grade and academic probation) because the student’s posts were threatening and disruptive to the university. At The Volokh Conspiracy, Eugene Volokh criticized the court’s reasoning for its potential to restrict student speech.

Direct Infringement Claims Against Cyberlocker Site Dismissed

Hotfile, a “cyberlocker site,” was held not to be a direct copyright infringer by the Southern District of Florida, Ars Technica reports, but the claims of secondary liability for copyright infringement can proceed. Cyberlocker sites are a recent target of MPAA’s anti-piracy efforts. Hotfile users can upload and share files, and affiliate accounts allow for payment based on the popularity of files that are shared. The Motion Picture Association of America (MPAA) alleges that the majority of files uploaded to Hotfile are pirated. Direct infringement claims failed because users, not Hotfile, uploaded the files, failing the “volitional act” requirement. However, Hotfile still faces secondary infringement claims on a theory of inducement (among other things), which Techdirt says is the MPAA’s best case.

by Marina Shvarts

Cameras Coming to Federal District Courts

The Wall Street Journal Law Blog reports that on July 18, 14 federal district courts around the country will launch a pilot program utilizing cameras in court. The project, however, is taking small steps, subject to several restrictions. Cameras will only be allowed in civil proceedings with the consent of both parties. There will be no live broadcasts, and the trial judge will have non-reviewable discretion over which cases will be recorded and when the cameras must be shut off. The recordings will be publicly available on uscourts.gov. Uscourts.gov has a list of participating courts.

Administration Divided over Whether Recent Cyber Threats Constitute a ‘Cyber War’

According to NPR, the Obama administration’s disagreement over how to characterize the recent string of cyber attacks could complicate setting out a response strategy. Compromised information at Google, RSA and Lockheed Martin exemplifies, according to cybersecurity experts, “the most sophisticated hacking efforts ever perpetrated against private computer networks,” reports NPR. According to the pentagon, there is reason “worry about cyberweapons being used to cause actual physical damage.” The pentagon is characterizing the recent threats as a cyberwar. Howard Schmidt, the White House coordinator for cybersecurity, disagrees, stating that “to label every cyber-intrusion, every theft of intellectual property, as cyberwar is just a total mischaracterization of what’s going on in the world today.” Before the Pentagon releases a new cyber strategy, disagreements over how much to emphasize cyberwar scenarios will have to be resolved.

Professor Receives Tenure Based in Part on Wikipedia Contributions

According to the Wikimedia Foundation Community Blog, Michel Aaiji’s substantial contributions to Wikipedia were in part responsible for his award of tenure. Aaiji explained the various peer review features on Wikipedia, noting that articles posted there could be as rigorous as those published in more traditional sources. As other professors follow the lead, the status of Wikipedia contributions will have to be reevaluated.