Thursday, April 21, 2005
"to disclose any information obtained in the business of preparing federal or state income tax returns or assisting taxpayers in preparing those returns, including any instance in which this information is obtained through an electronic medium."
Check out David's article here.
Monday, April 11, 2005
Ah -- The Windy City in the summertime...
Maybe take in a game or two*? Have a listen, have a taste of the original, learn something, mingle with the dolphins, or see what's happening at the zoo**?
OH -- And we also plan to have a great set of programs and conferences for CLC members and friends -- Schedules come out in early May. On tap already -- a program on practice tips and issues from the outsourcing industries, featuring counsel from the U.S. as well as from India.
* Yes, I know the Cubbies won't play until Monday the 8th, when many of us are likely to be back home after the meeting. Still, who's to say that we might not stay?
** Orangutans are skeptical of changes in their cages.
Sunday, April 03, 2005
The Saturday Morning Panel
Elizabeth Bowles, Chair of the Working Group on Spam and Unsolicited Electronic Marketing, led the CLE program on Saturday morning concerning Spam technologies and how they can lead to under-appreciated legal implications.
Program materials are available here (ABA membership required). A copy of the program slides can be found here. A copy of the Complaint filed in the Ambrogi suit mentioned during the presentation can be found here.
Joining Elizabeth were:
- Michael F. Fleming, Attorney, (a/k/a your humble reporter), Larkin Hoffman Daly & Lindgren Ltd., Minneapolis, MN
- Henry L. (Hank) Judy, Of Counsel, Kirkpatrick & Lockhart Nicholson Graham, LLP, Washington, D.C.,
- John R. Levine, Principal, Taughannock Networks, Trumansburg, NY
- Colleen B. Robbins, Staff Attorney, Federal Trade Commission, Marketing Practices, Washington, D.C.,
- Michael Spooner, Senior Market Analyst, Vircom, Montreal, Quebec, Canada
Finally, Hank and Michael made the jump from the technologies to the practice of law -- what presumptions of fact should we drop, what strategies can we implement? Hank primarily concentrated on the single biggest problem that e-mail inherently has (that it's always had, but which is made worse with the growth in the use of spam filtering technology) -- Did it get there in the first place? If so, when? What evidence might we have to show that it did? Michael went through a contract-based strategy that might be used where parties to a communication have strong need for proving receipt or the like (see the materials!) -- and then made clear that all of this strategy presumes that the parties have, one way or the other, been willing to cooperate with each other outside of the e-mail system alone. None of the contract strategy means a thing in a transaction that is purely e-mail based.
Saturday, April 02, 2005
Elizabeth, Elaine and John
The Global Jurisdiction and e-Commerce Subcommittee met on Friday April 1st. It discussed five main topics: five related to possible programs at the annual or other meetings, and one work project.
- At the Winter Working Meeting, the subcommittee had developed ideas on the fate of online consumer contracts faced with foreign law. Brad Joslove of Paris had presented a Hot Topics item today as a foretaste of the program. The subcommittee maintained its sponsorship of this proposal, in conjunction with the Consumer Protection working group. Brad had developed materials that would be the basis of what would be made available at the CLE session. There was some discussion of what other countries' laws should be represented at such a session. The UK and Canada were proposed - leaving open whether adding others would be confusing or helpful, notably Latin American jurisdictions.
- Also at the WWM, there had been discussion of a program developed out of Roland Trope's Checkpoints in Cyberspace book, which had now been published. This aimed at international business transactions and the risks that doing business electronically either created or aggravated in such matters. A co-sponsorship with the International Law Section was probably desirable on the point.
- The other Hot Topic today was Roland Trope and Michael Power's presentation on directors' duties of data governance: privacy, information security, and related issues. Judging from the reception of the presentation, there was considerable interest in pursuing the topic at greater depth. Michael and Roland were publishing a book with the ABA on the topic, expected to be available by the annual meeting. This was thought not to overlap with the prior topic, since this one was more domestically focused (though international considerations were not irrelevant) and not aimed at transactions.
- Irwin Schwartz suggested some work on protection of copyright online, based on some of his experience in dealing with hackers and unauthorized publishers of proprietary web content. This involved a number of other subcommittee and possibly committees or even sections, but seemed likely to involve more issues than just the file-sharing that was attracting headlines. It was not clear whether the international aspects of the topic were sufficient to justify primary carriage by this subcommittee, but there was some recognition that a topic should be developed and members of this subcommittee would be invited to help out.
- Hal Burman promoted the idea of a "recent developments" topic for a presentation. Some international features would include the new (July 2005) UNCITRAL convention on the use of electronic communications in international contracts. Recent case law could also be mentioned - even the AOL France case that Brad had spoken to, and Google's recent (mis)adventures with French trade mark law. This topic was developed further at the general leadership meeting of the Committee. No specific responsibilities were assigned at this meeting.
Hal also brought to the meeting the prospect that the Organization of American States would adopt a project to develop harmonized rules on consumer protection in e-commerce. Hal circulated a uniform provision on such jurisdiction adopted last year by the Uniform Law Conference of Canada, and an FTC proposal on money transactions. If the OAS does adopt such a project, there would be a role for a working group of this subcommittee in analysing documents and possibly making submissions on that work.
It was also noted that Hal's international policy working group would meet with the International Coordinating Committee of the Section on Saturday. Any last minute proposals for change to the UNCITRAL e-communication Convention would be welcome at that meeting.
[After the meeting there was an expression of interest in jurisdiction questions generally and an inquiry as to the follow-up, if any, to the jurisdiction work of Michael Geist's subcommittee reported on in 2004. This would be the subject of online and offline discussion to be reported to the subcommittee through the usual electronic channels.]
The Ecommerce Subcommittee met on Friday afternoon and considered two projects. The first, proposed by Cris Kunz and Philip Schmandt, is to prepare a "Model Electronic Data Agreement" with commentary. Picking up where the Model Trading Partner Agreement leaves off, the Model Electronic Data Agreement could potentially form the basis for standardizing the agreements between trading partners and their third party data processors. Currently, the number of vendors providing value-added data transmission and management services, and the disparity of contract forms, results in the expenditure of time and effort by trading partners attempting to harmonize the arrangements between their respective middlemen. If standardization could be achieved, it would streamline this process. An outline of key terms in existing data agreements was presented by Hank Judy, to stimulate discussion.
The second project discussed was safeselling.org. This would be an ABA sponsored free- access website devoted to providing information on the common questions of entrepreneurs launching an on-line venture. The site would cover such topics as domain names, payment methods, taxation, terms and conditions, privacy, and security, in an FAQ format directed primarily at non-lawyers. The paradigm for this project is safeshopping.org, a currently-operating ABA-sponsored website which provides tips to consumers regarding on-line shopping.
The Safeselling project is headed by Jon Rubens and co-sponsored by the ABA Small Business Committee. It is gaining momentum, with five sections of content already drafted. It is anticipated that, between now and the Annual Meeting in August, more content sections will be generated and circulated to the appropriate Subcommittees and Working Groups for their input.
The primary participants from the UCC Payments group: Marina Adams, Stephanie Heller, Paul Turner and Steve Veltri. Bob Ledig and Sarah Jane Hughes contribute from the Cyberspace Law Committee. If you would to discuss the project, or discuss other issues with the WG, please contact Sarah at sjhughes (a) indiana.edu.
- Corporate Risk Analysis: Corporate legal practitioners have long experienced difficulty in matching the risk language of the law to the practices of business. Either the language and concepts of the law are viewed as esoteric 'legal issues' instead of important business concerns, or the risks are expressed in seemingly non-quantifiable forms such as "likely." The project would be to create a framework for one or both of those problems--one that would assist the lawyer in talking contract risk with the client in a way the client will appreciate. This project might either lend itself to a CLE presentation down the road, or an article at the magazine level (Business Law Today).
- Form Software Developer Agreement: It has been sometime (if ever?) since the Committee has issued a plain vanilla software development form agreement -- one which would have both a license element as well as a professional services element. An annotated agreement, which incorporates up-to-date thinking on some of the issues, and explores the negotiating points, would be helpful to many, particularly if it takes into account the diversity of client bases that this Committee's lawyers represent. Done well, with the right amount of substance, this would lend itself well to a book treatment combined with a CD Rom -- or may ultimately be part of a series of forms that this subcommittee and others in the CLC are working on (such as the form Web developer agreement being worked on by another subcommittee).
- Electronic Discovery Monographs: Most of the literature on electronic discovery is written to the litigators -- we feel that there is a lack of material written specifically with the in-house corporate counsel in mind. Rather than dealing with the lawsuit that has already happened, the in-house lawyer is in a better position to practice preventative medicine. Plus, when a problem occurs, the in-house lawyer who is savvy to electronic discovery issues can often provide valuable strategy to the outside lawyer who is less familiar with the company. We envision a series of 3-4 monographs -- 20 pagers or thereabout -- each talking about a particular slice of the e-discovery world. For example, we envision a monograph dedicated to the concept of litigation holds -- the practices that a company must undertake should litigation become likely. Such a monograph should discuss both preparations that might be done well before the problems arise, the costs that will need to be addressed, and how to institute a panic button should it become necessary. Since this project should lead to 3-4 related but different monographs, it lends itself to having a group of 3-4 drafters, each of whom could take an equal role in producing their own monograph, and together they would edit and produce a series of works. This might be publishable as a small book, or could be a candidate for an electronic distribution such as an e-book?
- Information Technology Danger Points in Divestitures: While there is no lack of generalized checklists that M&A practitioners might use in their deals, many of those checklists miss some of the IT-specific tricky points and how to resolve them. For example, if a divested subsidiary is the holder of a patent that is being used by the parent, how should the problems be raised, analyzed, negotiated and resolved? This should not be an attempt to re-write those things that have already been written, but rather it should concentrate on those things that are specific to our member's daily practices, distilling some of those things that we have saved our corporate colleagues from tripping on. A magazine article treatment is probably the best initial treatment for this.
Friday, April 01, 2005
So what you say? That's been done for years, right?
Not so fast, pardner. Look here at the interactive version. The schedule is now organized so you can look up by date, by Committee, or just limited to CLE programs. As you page through the programs, you can find full descriptions and the like, as well as links to the PDF files with the written materials where appropriate.
Best of all -- the thing is now updated in (essentially) real time. The paper slips with the changes to the meetings? No longer needed (although they continue to be posted). You can always check in and see what's next, and if the meeting has been changed, you'll see it online. There's even a section for cancelled meetings, which is updated as news arrives during the meeting.
What's next? I suggest the guys get to work on MYABAMEETING.com -- No longer will I need to transpose the sessions I want to attend from a paper book over to my computer calendar -- I'd like it to help me put together an itinerary for my days at the meeting (pointing out conflicts and the like), and then once I've figured it out, I could upload it all to my computer's calendar and/or phone and/or whatever. And, of course, if any changes occur in my chosen meetings, the thing would buzz my phone to let me know.
(I can dream, can't I?)
In the meantime, outstanding work guys and gals at the Association! Thanks!
Check out the story on CNET and an interesting account about the creation of the Well on the Well itself.
Dear Feds, Send Money or the IT Infrastructure Could Get It
They say money makes the world go 'round . . . And now a group of experts are warning that without a serious cash infusion, the nation's information technology (IT) infrastructure world is at grave risk of being knocked off its axis by a terrorist or criminal attack. In a report entitled, "Cyber Security: A Crisis of Prioritization," the President’s Information Technology Advisory Committee (PITAC) -- an advisory body of IT leaders in academia and industry -- argues that the IT infrastructure of the US is "highly vulnerable to terrorist and criminal attacks." The report, made public on March 18, calls for a drastically increased federal role in supporting the development of new cybersecurity technologies. PITAC warns that short-term solutions to infrastructure vulnerability, like patching or retrofitting software, are inadequate and that only a massive deployment of money and manpower can successfully address the "large structural insecurities" of the nation's IT infrastructure. We've heard such dire warnings before, however, to little discernable effect. But perhaps the current spotlight on identity theft and data security breaches will lend some heft to the argument that the security of the nation's cyber infrastructure deserves at least as much attention as the data it carries.
Bank Regulators Beat Congress to the Punch on Security Breach Notifications
With all the Congressional activity on data security and identity theft these days, it's easy to forget that threats of new legislation are only half the story. In some industries, federal regulators are already setting guidelines for when companies should disclose security breaches. For example, the four federal financial industry regulators have issued "Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice" to instruct financial institutions on when they will be expected to report security breaches of "sensitive customer information" -- whether that information is stored electronically or in paper form. The federal regulators will view a financial institution's failure to comply with the guidance as an unsafe and unsound information security practice.
(Please forgive the lousy photography...)
Kathy Porter, Chris Kunz, Jason Epstein (A new daddy as of about 36 hours ago! Twice Over!), Kristie Prinz, and Andrew Serwin presented the results of their research (ABA membership required) on how electronic contracts have been (purportedly) modified by various Web site providers.
Mattias Hallendorff and Prof. Linda Rusch (both here from the Twin Cities, continuing the tradition of making sure that any law that actually makes a difference in Cyberspace actually comes out of Minnesota or passes through it...), are continuing the group's thoughts discussed in Palo Alto -- How can we actually create a working and functional system of Electronic Chattel Paper (ECP) that is contemplated under New Article 9 at Section 9-105?
Continuing a collaboration that initiated in Palo Alto with the technology experts at The Open Group, the WG has worked together with the technologists to try to work towards some recommendations. In particular, Mike Jerbic, Chair of The Open Group's Security Forum, has undertaken to work closely with the Working Group. His beat -- data security -- has particular relevance to ECP and its need for (relatively?) unassailable records.
Mike gave an early version of a slide presentation, where he began the effort to get the two worlds talking together. He noted that the tech world has largely concentrated on a concept they term as "command" -- which is fundamentally at odds with the UCC's requirement of "control." Command presumes that if we tell the system to do something, it's actually going to go ahead and do it. Control is not going to be happy with just assuming -- it needs to know that the machine did what it was ordered to do, a concept that is surprisingly foreign to current technology systems. Today, most technology systems rely more on redundancy and other similar concepts of just throwing the kitchen sink at everything to make sure the 'command' gets followed, which makes good sense where bandwidth and storage are cheap. But, for 'control' in the ECP world, the thought is that it needs to be done only once, and that one shot needs to be on target.
There was a lively debate over how to move the lawyers, the bankers, and the technologists to getting off the ball -- or if they should be moved. Prof. Ken Kettering raised a general theme of how the statute is unwilling to take a stand on HOW to get control. While he noted that there may be any number of technology answers that seemingly meet the requirements of the statute, the thousand bishops who might be willing to swear to its leading to control will not necessarily lead to an unassailable legal conclusion of control. He thinks we are being somewhat over-optimistic that any one of our systems will make the jump from good tech to good law.
Others still feel that the issue is not one of black and white, but trying to decide where the financial markets are going to be comfortable with the final system's degree of greyness. There are clear pressures to move this idea forward coming from the finance industries -- and this might push us to the point where we need to do it anyway. The 'pro' group's opinion could be summarized by John Gregory's thought that we need to compare this to the systems we've used in the past, and how we ultimately need to reach some degree of 'comfort' in whether that paper signature means something. The electronic world needs to figure out when the industry will get comfortable -- either for an agency to rate a deal, or for a law firm to offer an opinion.
Dina Moskowitz, Assistant General Counsel at Standard & Poor's (who will be lecturing -- guess where? -- Minnesota this coming month!), noted that law firms offering these opinions will be expected to have SOME degree of ability to do technical due dilligence. The opinion cannot rely on the raw assurances of the vendors. However, there is not going to be an expectation that law firms will become System Analysts -- the use of a good technology framework of analysis, combined with a level of technology understanding, should probably be an adequate basis for a meaningful opinion of counsel.
And, it is that framework that the Working Group is working to create.
Brad Joslove spoke at the Committee Forum, detailing some of the recent case law in France as it relates to e-contracting, particularly in the consumer arena.
E. Michael Power and Roland Trope spoke about their upcoming new book on data security issues, with a focus on director and officer liability, Sailing in Dangerous Waters: A Director's Guide to Data Governance. The book grew out of a project that originated and was supported by the Cyberspace Law Committee's Privacy and Security Subcommittee, chaired by Marc Pearl and Ray Gustini. There are plenty of good reasons as to why our clients continue to be subject to danger while they stick their heads in the sand.
The group briefly discussed the coming program for Saturday morning (8 AM!!) concerning technology controls. The bulk of the hour was spent discussing future projects -- an initial consensus was to develop materials concerning Spyware and Phishing for a future program. There is pending federal legislation concerning Spyware in both houses, Senate Bill 687 and House of Rep Bill Bill 29. The thought is that this legislation, and general interest on the topic, as well as a smattering of pre-existing law that might apply, so the WG believes there will be plenty of material to work with.
If you, or your subcommittee, are working on a project or presentation that could yield a book, please see Vince or Candace Jones.
Candace, Vince and John
The Annual Meeting in Chicago, this coming August, will feature at least 3 main programs from CLCC and one hour-long forum. We have one of the main programs set already -- a very timely discussion of outsourcing concerns that will feature a star panel of lawyers including an attorney from India who will speak to the issues from his own perspective. There are other slots that are officially 'open' still -- but time is coming short on making final decisions, so those who are interested in getting a slot should get proposals to John Lunseth post haste.
Vince announced a couple of leadership issues. Mike McGuire has relinquished his role as the publication head, and the committee is soliciting volunteers for taking over the position (finishing the current term and presumably as well as picking up with the new 3 year cycle this coming August.) The committee thanks Mike for his hard work, so long as he continues to promise his efforts towards this blog going forward.
Finally, speaking of the new 3 year cycle coming up, Vince's term as The Boss is coming to a close as of August. The incoming chair of the Business Section appoints the Committee chair, and Vince was pleased to announce the appointment of Candace to take over the chair as of August. Applause. All of us should be sure to congratulate Candace on her new appointment -- and volunteer your respective behinds into assisting her with this huge task!
And with that -- We cut the Plenary short to allow enough time for the Committee Forum that followed.