February 13, 2010
Cyberspying Hits Chinese Government"[W]hile much of the rest of the world frets about Chinese cyberspying abroad, China is increasingly alarmed about the threat that the Internet poses to its security and political stability," writes Sharon LaFraniere and Jonathan Ansfield. In their New York Times article, China Alarmed by Security Threat From Internet, the authors detail how an unnamed foreign intelligence agency may have wormed into a Chinese military engineering institute datbase and extracted top-secret information on Chinese submarines. "May have" because the authors also report "the information could not be independently confirmed, and such leaks in the Chinese news media often serve the propaganda or lobbying goals of government officials." [JH]
Round-up of Practitioner Blogs: Medical Malpractice and Personal Injury
Philadelphia Birth Injury Lawyer Blog
Covers birth injury opinions, news and reports in Pennsylvania. Published by Eisenberg, Rothweiler, Winkler, Eisenberg & Jeck, PC.
Syracuse Medical Malpractice Lawyer Blog
Examines medical malpractice cases, reports and news in New York. Published by Bottar Leone, PLLC.
Boston Injury Lawyer Blog
Reports on injury law matters, opinions and cases in Massachusetts. Published by the Law Office Of Neil Burns.
Florida Injury Lawyers Blawg
Reviews injury law reports, opinions and news in Florida. Published by Brod, Goldfarb & Associates.
Georgia Injury Lawyer Blog
Provides insight on injury law reports, cases and matters in Georgia. Published by the Oinonen Law Group, LLC.
North Carolina Injury Attorney Blog
Provides opinion on injury law reports, cases and news in North Carolina. Published by the Davis Law Group, PA.
February 12, 2010
Google Wants to be Your ISP
Yes it does. No it doesn't. More on this below. Google has announced that it intends to build a 1 gigabit per second, fiber-to-the-home connection reaching between 50,000 and 500,000 individuals. The announcement and associated FAQ describe the proposed network as a proof-of-concept that such things are possible and consumer desirable. Here's what Google says:
- Next generation apps: We want to see what developers and users can do with ultra high-speeds, whether it's creating new bandwidth-intensive "killer apps" and services, or other uses we can't yet imagine.
- New deployment techniques: We'll test new ways to build fiber networks; to help inform, and support deployments elsewhere, we'll share key lessons learned with the world.
- Openness and choice: We'll operate an "open access" network, giving users the choice of multiple service providers. And consistent with our past advocacy, we'll manage our network in an open, non-discriminatory, and transparent way.
I'm not sure what Google's intentions really are other than what it states in it's post. I can hazard a few guesses, however. What drives the first two stated concepts is idealistic fluff. Nothing less could come from the "Don't Be Evil" company. We're doing it for the world. There's nothing wrong with that. The only telecom that has bought into the fiber to the home strategy is Verizon, and it's very successful for what it is. 50 Mbps downstream and 25Mbps upstream surely beat At&T with their top speed DSL at around 6 Mbps. Cable providers such as Comcast (or is it Xfinity now) can go beyond AT&T but in the case of Comcast, at least, there are issues of data caps and speed reductions lurking in the background. Other cable providers (Time Warner cable comes to mind) have been fooling around with data caps as well in test cities. The Internet is too congested So say the providers, We'll be reaching capacity any moment ago. We have to do this to preserve access to all customers and not the bandwidth hogs. We'll also have to block certain applications at times because they congest the network, such as P2P. Oh, and did you know that P2P transmissions are the source of some of the most egregious copyright violations on the web? Than you'll realize what a public service ISPs provide to the law abiding public.
All these good intentions sometimes have fallen afoul of the FCC under both Kevin Martin and Julius Genachowski. Martin had the audacity to fine Comcast for blocking P2P without letting its customers know what was going on. Comcast complied with the Commission but a challenge is pending in court. Genachowski has the audacity to actually tray and write the rules for network neutrality into something more than a footnote to a policy statement. A court result favoring Comcast would surely scuttle the authority for Genachowski'plan. Though Congress is in the hands of the Democrats, it may still be difficult to pass a bill to authorize the FCC to write explicit rules on network neutrality. On that basis, the regulatory process to implement network neutrality will be slow, if at all.
One more note on this is that companies such as Google, Microsoft, Yahoo, Netflix, and virtually any company that has a popular web site that uses tremendous amounts of bandwidth are in favor of network neutrality because their product could be limited by telecom efforts to charge them for better transport to customers. Let's see if we can make the web into cell phones, where where both sides pay for the same transmission. This is only possible because telecoms and the like control the networks and have common interests in the the way networks are managed. There are the stockholders to think of, after all. It takes a lot of capital to build a network. Enter Google.
Google has always had a disruptive presence in the markets they enter. Let's scan books and see what happens. For everyone claiming that Congress should be the one to set the rules for copyright and e-books, well, sure. But Congress moves too slow. Let's scan and see what happens. Let's distribute user created video on the web and see what happens. Certainly Viacom and other content providers took a dim view of users taking parts of their content. They have a legitimate beef, but it's too inconvenient for the content providers to sue the individuals as provided for in the DMCA. So let's sue Google. That case is still out, nowhere close to a jury. So far no one's blinking. So rather than be held hostage to the Internet backbone providers, Google is showing that it can build its own network if it has to, and it can be better and faster than what's out there.
The curious phrase in their third statement is "giving users the choice of multiple service providers." What is a service in that context? Is that AT&T and their DSL customers or is it someone with a Facebook, or Yahoo account. If so, that says Google plans to start building a backbone that runs along the principles of net neutrality whether it is legally mandated or not. Or putting in another way, some day we might not need AT&T if its version of the Internet impinges on Google's business practices. FYI, the companies are not fans of each other. Trade groups on both sides of the policy issues are mixed on the reaction. While no one has come out and said this is a bad idea, the telecoms can't be thrilled that they are getting competition, and from Google at that. Google doesn't think the way they do.
One point that comes up when Google gets involved in a new venture is to say that Google expects to own the world some day. Is that a good idea, or we should resist Google. It's valid to explore those thoughts, but that's for another post. In the mean time, I'm drooling over the thought of 1 Gbps Internet access. If Google is trying to take over the world, they make it so darn hard to resist. [MG]
There's Nothing Next in WestlawNext's Marketing and Sales Tactics
The recently announced plans to rollout WestlawNext to the legal academy -- librarians and faculty this Spring with a "possible introduction as early as the Fall 2010 semester" to law students caused quite a buzz on private and public sector law library listservs. In a nutshell, folks reached what I think is the obvious conclusion. It's a marketing tactic to push adoption by private and public sector institutional buyers.
WestlawNext's Monkey About to Run Wild. Well, of course it is. Why is anyone surprised, shocked or dismayed about this? This is standard operating procedure. West almost gives Westlaw away for free to law schools to get the Westlaw monkey on law students' back. So does LexisNexis but with less success because West's e-course management system, TWEN, essentially free, is generally preferred by law profs over LexisNexis' hacked version of Blackboard.
The announced law school rollout to law students contradicts what bloggers who traveled to Eagan recently for a demo heard. Greg Lambert, one of the attendees, writes
I have to say that I'm extremely disappointed in the people at ThomsonReuters that decided that giving this new product to law students was a good idea. In fact, it specifically flies in the face of what I and others who traveled to Eagan, Minnesota last month were told.
Well, that doesn't surprise me either. I, for one, would have performed one of those staged "bullshit" coughs had I been in the audience listening. And I'm not implying that the TR Legal presenters at the demo were outright lying. If West's billing staff and payments received staff don't know what each other are doing, why should we expect any West "right hand" know what any other West "left hand" is doing. Getting law schools students addicted to a very expensive legal search service has been the Step One marketing tactic by WEXIS for 30 years now. It works. Why change?
Preparing for WestlawNext Negotiations. When I first starting blogging about Colbalt, I suggested it should be released to a law librarians to crowdsource it before being unleashed upon us, apparently in the fourth quarter of this year. It still should. Instead, it appears that we will be negotiating WestlawNext upgrades with less hands-on experience than 1Ls. "WestlawNext for law school subscribers will be included as part of your current Westlaw subscription agreement. There will not be an incremental charge to access WestlawNext," writes Anne Ellis, Senior Director, TR's Librarian (read Marketing) Relations. For the rest of us, let the "incremental charge" negotiations begin. And they will commence just like they always have. Here's a sample from Lisa Solomon's experience:
a 11% premium for the power to search with the WestlawNext algorithm in the same databases I currently have access to on Westlaw, tough cookies. They’re going to change their offerings around enough to make it difficult for you to compare apples to apples. And, most importantly, they’re not going to let you eat just you want to eat: they want to stuff you until you explode, like some crazed Jewish grandmother on Shabbos. Oh (and to beat this food metaphor to death), they’re not going to let you eat just a few courses at the fancy new WestlawNext (the Bouley Restaurant of legal research), and pick up the rest of your meal next door at good ol’ Westlaw (Bouley Bakery/Market): if you don’t want to eat your whole meal at WestlawNext, it’s No soup for you!
Greg offers a suggestion that should but probably won't be followed because why should TR Legal change something that has worked so well in the past:
My gripe is that when something as big as this is released without someone from the company coming out and letting everyone know when it is officially going to be released, what databases are and are not currently included, who is and who is not going to have access, and how much the darn thing is going to cost you, then it sounds like I'm dealing with a used car sales team rather than ThomsonReuters.
Here's my suggestion to ThomsonReuters -- WestlawNext looks like a pretty good product, and it implements some good technology. Don't blow this thing up out of the gates by pushing out information piecemeal. Don't let your marketing team override the library relations and development team on who should and who should not get access. Don't send local sales reps out with pieces of information so that each of us is given a different story on how much this is going to cost and what is included.
Alas, Greg, we are and have always been dealing with used car sales tactics from West. With the first go at WestlawNext we won't even have an informal Edmunds.com to rely upon for "true market value." Visit Lisa Solomon's blog post to read the email exchanges with her rep on negotiating an upgrade to WestlawNext.
I, for one, do keep negotiations with reps confidential but will say this, the last time West wanted to reopen my Westlaw contract a few months ago, my stipulations in an email were, in a nutshell, the following:
- One year contract with optional second and third years at stipulated price increased.
- Being able to rebalance my entire WestPack plan once a year by adding/removing titles as long as it does not decrease what I pay to West for a WestPack plan.
- West provides their in-house usage data of what my account holders are searching by modules before we renegotiate.
West's response, dead silence. I mean no response whatsoever, not even a "thanks but not thanks" reply back. Since there were no negotiations, there's nothing confidential about this. And that was before WestlawNext. Upgrade negotiations will be very interesting... "Now is not the time to try to force firms into upgrading a product through manipulation and confusing tactics," writes Greg. "A damaged relationship with your clients is a very, very difficult thing to repair." [JH]
Friday Fun: "I know exactly what I am doing" vs. "Don't worry about it, I got it"
The $65,000 Break-Even Point"Schools with median starting salaries under $65,000, which generally land somewhere in the 70s in the U.S. News & World Report rankings, are not good values. They need to either lower their cost to students and/or improve job opportunities for their graduates, according to [Northwestern Law Dean David] Van Zandt in David Lat's ATL post. Lat notes that Vanderbilt law prof Herwig Schlunk argues that the break-even point is much higher in Mamas Don't Let Your Babies Grow Up To Be...Lawyers. Chicago law prof Brian Leiter observes "Don't insult the Deans and faculties of some 130 law schools by stating in public, as David Van Zandt (Northwestern) has now done, that it doesn't make "economic sense" for a student to go to any of their schools." Don't some really good legal secretaries make $65K? [JH]
ABA Releases 2010 Solo and Small Firm Legal Technology GuideThe ABA's 2010 Solo and Small Firm Legal Technology Guide: Critical Decisions Made Simple includes an overview of current legal tech products and services, advice on IT security, social media use and purchasing decisions, including case management applications, billing systems, and document management solutions. The book is priced at $89.95 ($54.95 for members of the ABA's Law Practice Management Section). [JH]
Privacy Legal Issues in the Public Sector
Adjunct Law Prof Blog editor Mitchell Rubinstein's Privacy Legal Issues in the Public Sector first appeared as a chapter in a book on Workplace Privacy and was part of New York University 58th Annual Conference on Labor in 2005. He has updated the work and it is now available on SSRN. From the abstract:
The article focuses on privacy issues in the public sector. It explains that the right of privacy involves boundary lines, how notions of privacy have changed over time-particularly after September 11th, focuses on the constitutional right of privacy, workplace searches and surveillance, Electronic Communications Privacy Act, surveillance and labor relations issues, Sunshine laws and public employee statutory rights, the right to union representation at investigatory interviews, gay marriages and concludes that many of the boundary lines concerning the right of privacy in the public as well as the private sector can be negotiated by employers and unions.
February 11, 2010
Time to Move Forward: On the First Anniversary of the Durham Statement on Open Access to Legal Scholarship
The Durham Statement on Open Access to Legal Scholarship is one year old today. It calls for all law schools to stop publishing their journals in print format and to rely instead on electronic publication coupled with a commitment to keep the electronic versions available in stable, open, digital formats because "it will benefit legal education and improve the dissemination of legal scholarly information." Part of the argument to do so is economic:
Particularly now, with growing financial pressures on law school budgets, ending print publication of law journals deserves serious consideration. Very few law journals receive enough in subscription income and royalties to cover their costs of operation. The Statement anticipates both that the costs for printing and mailing can be eliminated, and that law libraries can reduce their costs for subscribing to, processing, and preserving print journals. There are additional benefits in improving access to journals that are not now published in open access formats and in reducing paper consumption.
I doubt anyone disputes the economic realities of law review publication. Very, very few "make a profit" while academic law libraries once contained hundreds, if not thousands of linear feet of shelving storing bound volumes of most titles. See Twenty-Five Year Decline in Law Review Subscriptions ("I think most every academic law librarian has roamed the law review stacks at least once thinking what a waste it was to be storing runs of unread and uncited law review articles, thinking only a select few titles will ever be used.") Many academic law libraries now rely on HeinOnline for law reviews (and with the release of their new library, bar journals too.)
Soon after his Law Librarian Radio podcast on the Durham Statement, Richard Leiter announced that he is signing the Durham Statement but with reservation about the "end of print" declaration in the Statement. He writes
By declaring 'the end of print' as an end in itself, I am afraid that it gives too much encouragement to publishers and information creators to put the cart before the horse, and cease printing material before reliable online alternative formats are fully developed. This could lead to disaster in two ways. First, they may move too quickly and develop online tools using new, unproven technologies that may end up making access to the material more difficult than before without refinements and upgrades. And then there's the danger that all early adopters risk: adopting formats that don't survive in the marketplace and may be lost forever.
Leiter makes a good point about e-publishing generally but the Durham Statement is very narrowly focused on one type of publication, the university-supported law review. On law reviews, even current "proven" technologies being used need enhancement. The ubiquitous PDF does not accommodate researchers with sight disabilities unless properly tagged and most are not. Multiple format distribution is a stop-gap measure. As an aspirational goal. the Durham Statement states:
Repositories should rely upon open standards for the archiving of works, as well as on redundant formats, such as PDF copies. We also urge law schools and law libraries to agree to and use a standard set of metadata to catalog each article to ensure easy online public indexing of legal scholarship.
Has that happened? To the best of my knowledge, the answer is "not yet." See, for example, the transcript of Leiter's Law Librarian Radio podcast. In other words, much work needs to be done and must be accomplished without falling into an early adopter trap. This is where law librarians as advocates for open access and as members of the documentation community have intersecting concerns.
It's early. It's only been one year. Hopefully the objective of the Durham Statement will be realized by following the suggestion made by ALA and ACRL. In their OSTP comments regarding public access policies for science and technology funding agencies across the federal government, ALA and ACRL called for across-the-board format standardization as being crucial to long-term public access. Instead of PDF files, authorized repositories should provide support for file conversion to a standard mark-up language (e.g., XML) because the PDF format "does not support robust searching, linking, text-mining, or reformatting over the long-term, nor does it provide full accessibility for the blind and reading impaired."
BTW, why the hell is LLJ and AALL Spectrum still being published in print? [JH]
The Window of Opportunity for UI Development is Open: Who Will Create the Better Mouse-Trap for Using Secondary Legal Resources Online?
It's not like user interface development is bleeding edge but some of our very expensive legal vendors continue to dump yesterday's designs into our laps. The digital suckiness of secondary legal resources is to, ah, quote myself, "the major disappointment in WestlawNext --there is nothing Next in WestlawNext's functionality for secondary legal materials. Yet the long-term future lies in providing a premium-worth-paying search experience for the editorial content provided in secondary sources by NextWestlawNext and, probably, Newer 'New Lexis.'" Along this line of thought, Richard Leiter adds in his highly recommended post, The 21st Century Law Library Conundrum: Free Law and Paying to Understand It, "as West and Lexis see their revenue decline from sales to primary materials, they will (and are) increasing their prices for access to their secondary materials to make up the difference."
Are we, as institutional buyers, going to pay even more for still out-dated delivery systems based on antiquated database designs that continue to treat interconnected topical secondary legal resources as if they are discrete, unrelated files like court opinions? This might work for chopping up legal encyclopedias into itty bitty content slices but it doesn't work for supplemented multi-volumne treatises using contemporary hardware and operating systems.
Time, I think, to give pause to the challenge Jason Wilson tosses out to the duopolists and future legal publishers:
Having seen and used WestlawNext, it is a modern system to be sure, but it is also several years old already. And the new Lexis system will undoubtedly be much of the same. These systems are going to satisfy the vast majority of legal researchers tethered to the old mouse and keyboard, but we are fast approaching the point on the horizon where multi-touch, like search, becomes a big part of the debate on researching efficiencies. I can’t wait for this debate because I think it will provide opportunities for start-ups to create better mouse-traps for secondary source material.
A Wake-Up Call for Authors. Hello, authors of secondary sources. Milking the WEXIS cash cow is coming to an end. Print sales are declining and that momentum will increase in the 2010s if inflated pricing does not stop. Online usage will decline if WEXIS doesn't get its act together and institutional buyers are not holding their collective breath for that to happen any time soon. A window of UI opportunity is open. At the moment, BNA, in this author's opinion, knows how to do the job right for secondary sources using a website-based model. If Aspen gets its collective act together and does not follow the IntelliConnect platform, this little sideline in Wolters Kluwer could turn into a bigger player.
Start-ups most definitely can compete with the duopolists for online secondary sources if they (1) offer a better as in contemporary user interface; (2) strive for something less than 30-plus percent profit margin objectives; and (3) develop a well-rounded catalog of secondary legal resource titles attractive to law firms. Forget the legal academy; it's law firms who drive this market. Whoever hires a good UI design firm like the Nielsen Norman Group can win the marketplace. [JH]
Do-It-Yourself Guide to Open Access Journals PublishingDeveloped by Co-Action Publishing and Lund University Libraries Head Office with support from the National Library of Sweden and Nordbib, The Online Guide to Open Access Journals Publishing "provides practical information and tools to support the efforts of scholars and other small teams producing independent Open Access journals." Hat tip to Digital Koans. [JH]
Cornell Law School's Gender-Based Violence Legal Resources DatabaseThe Avon Global Center for Women and Justice at Cornell Law School promotes the implementation of existing international human rights laws and national protections aimed at eradicating violence against women by providing free legal research support to judges around the world and by providing online access to these laws. The Center's Legal Resources Database "provides access to treaties and other international and regional documents, statutes and case law from around the world relating to gender-based violence." The Database includes descriptions of domestic legal frameworks, policies, programs, and other data relating to gender-based violence. Hat tip tp beSpacific. [JH]
February 10, 2010
Don't count out brick and mortar libraries just yet
Related to this story posted earlier on this blog, here's a post from Inside Higher Ed noting that several leading commentators think the brick and mortar library is here to stay:
[Two new studies] [t]aken together, . . . point to twin conclusions: The sooner professors and students embrace e-books, the sooner their libraries can start saving money -- but that might not happen for a while.
. . . .
“Some scholars insist that they need to be able browse books on the shelves so that they can serendipitously discover related works,” write Henry and Spiro in their paper. In addition to the Syracuse protests, they note an incident at Stanford University where a proposal to store volumes from its East Asian library remotely prompted a formal report from the library committee on “the importance of print collections and browsing.” That report suggested that it could take up to half a century — or two generations of faculty — before faculty in certain disciplines will abide the preeminence of digital over print.
But campus resistance to digital creep might not boil down to simple antiquarianism. Notwithstanding Apple’s new iPad, the e-reader market may be as unprepared to be embraced by academe as academe is to embrace e-books. “Although some e-book standards such as ePub are beginning to emerge, there is still significant flux and divergence from those standards,” Henry and Spiro write. “Standards are important in enabling consumers to read content from multiple publishers on their devices, to move content around to multiple devices, and to preserve books for the long-term.”
You can read the rest here.
WestlawNext Rollout Plans for Law Schools Announced
From TR Legal:
This month marks the official launch of WestlawNext. This new version of Westlaw has been in the making for several years and was developed in large part through research and collaboration with our customers. Many academic law librarians provided feedback as part of the development process, and their input was instrumental in shaping our product and launch strategies.
Our plan is to offer law schools a phased rollout of trial passwords, beginning with librarians and faculty this spring. In addition to preview events in a variety of cities throughout the United States, we also will offer customized in-school presentations for librarians and faculty. In the coming weeks and months, your Academic Account Manager will schedule these events and distribute trial passwords.
We're now finalizing plans for launching WestlawNext to law students, with possible introduction as early as the Fall 2010 semester.
WestlawNext for law school subscribers will be included as part of your current Westlaw subscription agreement. There will not be an incremental charge to access WestlawNext.
We are pleased to work with law school librarians and faculty to evaluate WestlawNext, and we look forward to your feedback. We'll be in touch soon; until then, please contact your Westlaw representative with any questions you may have.
Senior Director, Librarian Relations
Last Call for LLB's "Do you support LAW.GOV?" PollWe'll be closing down our utterly unscientific poll at the end of the week and report on results soon thereafter. If you haven't and want to take the poll, here's the link. [JH]
ABA Concerned With US News Ranking Law Firms
The National Law Journal web site features an article that details the American Bar Association's reaction to U.S. News and World Report's decision to rank law firms. The ABA doesn't like it. No sir, they don't like it at all. The House of Delegates approved a resolution at the current mid-year meeting to "examine efforts to publish a national, state, territorial and local ranking of law firms and law schools." Now that the magazine has decided to rank law firms, the ABA is just noticing law school rankings? And that law schools have chaffed over the magazine's power to slot them in tiers? I'm reminded of the scene in Blazing Saddles where Mel Brooks as Governor William J. Le Petomane and his cabinet are informed that the town of Rock Ridge is in danger. As the governor urges action he says, "We've gotta protect our phoney baloney jobs, gentlemen!" It's not that the ABA shouldn't have concerns about the methodology U.S. News would employ for ranking firms. It's that law school deans have blasted the law school methodology for years and no one from the ABA ever expressed anything but a passing interest. I supposed it matters who is being scrutinized (should that be spelled with a "w") before all the harrumphing begins.
Note that the American Lawyer and other pop legal news magazines have ranked firms annually in by billing, size and other statistical factors. This apparently never posed a problem, if for no other reason that these magazines are read mostly by legal professionals. Now that a general audience magazine with apparent expertise in rankings is getting in the game there may be problems. The most significant of these to the ABA is not controlling the context or the outcome of the rankings. I think the ABA will find itself facing the same problems as the schools. If academics refuse to answer the survey questions, U.S. News simply uses the best available information or estimates to rank schools. The magazine can do the same thing with firms. As firm rankings take hold, would it be possible that firms will manipulate statistics to game it's place in the rankings? That's how law schools react. See the LLB post New Study Examines How Law Schools "Adapt" to U.S News Rankings for more details on specific practices.
The NLJ article quotes Brian Leiter as saying "Unfortunately, a mere investigation won't do much. Everyone with any knowledge of education or statistics or survey methods who has examined the U.S. News rankings has come to the same conclusion: They are irresponsible, misleading and provide consumer misinformation. This has had little or no impact on the irresponsible practices of U.S. News." I don't disagree with him at all. But I do see a problem in the ABA response when it seems driven only by how rankings affect its membership. It's as if the only ABA contact with law schools is that seven year visit. After that, everyone is on their own. My prediction: firms in the top tier will like their position and will promote it in advertising and recruitment of clients. The rest will complain that the rankings are unfair. Have we ever heard this before? The NLJ article is here. [MG]
From Yawning to Shuddering Over LexisNexis for Microsoft Office
In case you missed it because of all the Cobalt buzz, LexisNexis for Microsoft Office was also featured at Legal Tech New York. I wrote a yawn-worthy post and rejected an offer to preview it in-house -- just not my cup of tea. Greg Lambert took the offer and recently published his review on 3 Geeks and a Law Blog. According to Greg, "Lexis’ idea is to build their research database information into MS Office so that lawyers are spending less time toggling between their document tools (MS Office) and their research tools (LexisNexis)." As reported earlier, LexisNexis for Microsoft Office is expected to launch this Spring. I'm still yawning. Another productivity app just doesn't get me excited anymore.
Handing Off Product Development to Microsoft. No official word on pricing but Greg speculates that LexisNexis for Microsoft Office may simply be an "add-in" with an installation charge. The product works with Office 2007 and will work with Office 2010 but not Office 2003. Anyone besides me concerned about tying a very expensive search service into an application that may not work with Office 20XX without some downtime or tying into an MS service that may not be sufficiently cloud computing secure for legal practitioners? Greg calls attention to and do note it well:
Lexis turned to the Microsoft development team to create a seamless method of connecting the MS Office Suite (Outlook, Work and even SharePoint) to Lexis. In case you missed the subtlety of that comment, Lexis is not programming the resource, Microsoft is.
I'm sure when MS re-engineers the post-2010 version of Office and/or SharePoint, the first item on its To-Do List will be "make sure it works with LexisNexis." Yawning now being replaced with shuddering.
Marketing LexisNexis for Microsoft Office. According to Greg, LexisNexis for Microsoft Office is being pitched as "‘Phase I’ of Lexis’ two phase project to rebuild their legal research product ‘from the ground up.’ The second phase will be the ‘New Lexis’ online research product that will be launched probably early in 2011." According to me, what else would you expect the Company to say in response to WestlawNext's coming out party in New York.
ETA for "New Lexis" 2011? So LexisNexis hands off development of this optional "add-in" to Microsoft, meaning I'll just "say no." More significantly, it now sounds like "New Lexis" won't be out for another year, meaning head-to-head competition in very expensive legal search from WEXIS will start in 2011. Just as well. TR Legal beat LexisNexis to the punch so (1) I can imagine LexisNexis would hold off launching "New Lexis" even if it wasn't experiencing some speculated development issues to get the full benefit of publicity next year and (2) this writer's small brained head would be spinning like a top if it had to grapple with two major roll-outs almost simultaneously. The folks in the Buckeye State will, of course, be spending much time comparing "New Lexis" features with the folks in the land of 10,000 invoices' WestlawNext this year. So will all legal information professionals eventually.
Do check out Greg's review of LexisNexis for Microsoft Office for much more detailed information. [JH]
Privacy and Data Security Risks in Cloud Computing
Legislatures and regulatory bodies are addressing the privacy and data security implications of cloud computing but have yet to promulgate actionable requriements according to the following highly recommended article. The article recently appeared in BNA's Computer Technology Law Report and is reprinted in full below with permission. In the article, Lisa J. Sotto, Bridget C. Treacy, and Melinda L. McLellan outline the current state of the law and highlight some of the risks associated with cloud computing. [JH]
Privacy and Data Security Risks in Cloud Computing
By Lisa J. Sotto, Bridget C. Treacy, and Melinda L. McLellan
In recent years, cloud computing has emerged as one of the fastest-growing segments of the information technology industry. The ability to leverage economies of scale, geographic distribution, open source software and automated systems to drive down costs makes cloud computing an attractive option for businesses. But many of the advantages of cloud computing are accompanied by collateral legal and reputational risks. This article outlines U.S. and European Union regulatory requirements applicable to data stored by cloud providers and highlights some of the risks associated with the use of cloud computing.
As nebulous as its name suggests, the term “cloud computing” has defied precise description by industry experts. Recently, the National Institute of Standards and Technology defined cloud computing as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources … that can be rapidly provisioned and released with minimal management effort or service provider interaction.”
Cloud computing as a product includes a variety of different types of services and infrastructure models, each with its own advantages and disadvantages. For example, companies may employ private clouds, community clouds, public clouds or hybrid clouds to meet their business needs. A key feature of non-private clouds, the pooling of resources using a common infrastructure serving many clients at once, implies both an increased risk of inadvertent or unauthorized access to data by others in the cloud and an inability to pinpoint with any specificity where data resides at a given moment. This ambiguity regarding jurisdictional issues provokes a host of vexing privacy law concerns. Considering the complex regulatory issues surrounding data protection across various jurisdictions, the inability to know where one's data is located, or if and when the data may be moved to another state or country, implies a good deal of potential legal risk.
U.S. Privacy and Data Security Law Issues
Storing data with a cloud provider may trigger numerous state and federal privacy and data security law requirements. Below is a summary of some key U.S. legal and regulatory considerations that may come into play in the cloud computing context.
Service Provider Restrictions
Certain U.S. regulatory frameworks require data owners to ensure that their third party service providers are capable of maintaining the privacy and security of personal information entrusted to them. Often this is accomplished through the use of contractual provisions mandating particular security measures. Two federal privacy laws that restrict the activities of service providers are the Health Insurance Portability and Accountability Act of 1996, Pub. L. 104-191, and the Gramm-Leach-Bliley Act, Pub. L. 106-102, 113 Stat. 1338, codified in relevant part at 15 U.S.C. §§6801-6809 and §§6821-6827. In addition, there are a number of state laws and regulations that impose security-based restrictions on service providers that have access to personal information. While these requirements do not restrict the geographic movement of a company's personal information (unlike the laws in the European Union), they do place restrictions on the use of service providers regardless of where they, or the data, are located.
HIPAA Restrictions on Health Data
Through its Privacy and Security Rules, HIPAA imposes significant restrictions on the disclosure of protected health information. With respect to disclosures to service providers, the regulations require covered entities to enter into business associate agreements containing statutorily-mandated language before PHI may be disclosed to a business associate. Accordingly, any HIPAA-covered entity would first have to negotiate and enter into a business associate agreement with a cloud provider before it could store records containing PHI in a cloud computing facility. In some cases, HIPAA's substantive requirements could conflict with the cloud provider's terms of service, and a covered entity would risk a HIPAA violation by using such a provider for data storage.
For entities subject to GLB, the use of a cloud provider would be subject to similar restrictions. GLB's Privacy and Safeguards Rules restrict financial institutions from disclosing consumers' nonpublic personal information to non-affiliated third parties. Any such disclosures that are permitted under GLB are subject to a host of restrictions under both the Privacy Rule and Safeguards Rule. Pursuant to the Privacy Rule, prior to disclosing consumer personal information to a service provider, a financial institution must enter into a contract with the service provider prohibiting the service provider from disclosing or using the information other than to carry out the purposes for which the information was disclosed. Under the Safeguards Rule, prior to allowing a service provider access to customer personal information, the financial institution must (1) take reasonable steps to ensure that the service provider is capable of maintaining appropriate safeguards (i.e, the entity must undertake appropriate due diligence with respect to the service provider's data security practices); and (2) require the service provider by contract to implement and maintain such safeguards.
State Information Security Laws
A number of states impose a general information security standard on businesses that maintain personal information. These states, which include Arkansas, California, Connecticut, Maryland, Nevada, Oregon, Rhode Island, Texas and Utah, have laws requiring companies to implement reasonable information security measures. For example, California requires businesses that disclose personal information to nonaffiliated third parties to include contractual obligations that those entities maintain reasonable security procedures. Accordingly, covered businesses subject to the California law must contractually require cloud providers to implement appropriate safeguards.
In 2008, Massachusetts issued regulations (effective March 1, 2010) requiring any person who holds personal information about Massachusetts residents to develop and implement a comprehensive written information security program to protect the data. The regulations impose stringent and comprehensive data security standards on all businesses with Massachusetts consumers or employees. Companies are required to oversee service providers by (1) taking reasonable steps in the selection process to retain providers that are “capable of maintaining appropriate security measures to protect … personal information consistent with [the] regulations and any applicable federal regulations” and (2) contractually requiring service providers to implement and maintain appropriate security measures for personal information. Companies subject to the Massachusetts regulations that are considering implementing a cloud-based solution must determine whether the cloud provider maintains appropriate security measures to protect the data to be stored and verify that the cloud provider's practices would not violate the company's own policies with regard to personal information.
State Breach Notification Laws
The use of cloud computing may raise concerns with respect to U.S. state breach notification requirements. Over 45 U.S. states and other jurisdictions have data security breach notification laws that require data owners to notify individuals whose computerized personal information has been subject to unauthorized access or acquisition. With cloud systems, a data owner may have little or no control over the security of company data being maintained in the cloud, and it would be virtually impossible from a logistical standpoint for a data owner to confirm security conditions at all the server locations that might be used to house the data. Furthermore, it is unclear how, or if, a data owner would be notified by the cloud provider that its data had been subject to unauthorized access or acquisition that could trigger a notification requirement.
Breach Provisions Under HITECH Act
The Health Information Technology for Economic and Clinical Health Act, Pub. L. 111-5, 123 Stat. 258-263, established new information security breach notification requirements that apply to a wide range of businesses that handle PHI and other health data. The regulations apply to all breaches discovered by covered entities and business associates, but include a harm threshold limiting the breach notification requirement to breaches that present a significant risk of harm. Third party service providers (including cloud providers) must notify covered entities to which they provide services of any breaches they discover so the covered entity can comply with the notification requirements. To the extent a HIPAA covered entity discloses PHI to a cloud provider, it risks exposure to federal data security breach notification requirements under the HITECH Act.
European Union Regulatory Issues
Data protection authorities in the European Union recently have paid particular attention to cloud computing, largely in response to inquiries from vendors and prospective users of cloud technology seeking to ensure compliance with EU data protection requirements. Some of the primary legal considerations related to cloud computing in the European Union are outlined below.
Data Controllers and Service Providers
In the European Union, an entity's status as either a “data controller” or a “data processor” is crucial given that the extent of the entity's data protection obligations is dependent on its role. Data controllers determine the purposes and means of the processing of personal data and are responsible for compliance with data protection law, whereas data processors process personal data on behalf of controllers.
With respect to cloud computing, characterization of an entity as a controller or a processor may depend on the type of cloud computing system that is used or on the technical setup of the system. This characterization will determine the liability of the respective parties for compliance with data protection obligations. Further, and perhaps more significantly, a controller remains responsible for discharging data protection obligations even where the data has been outsourced or transferred to a third party—including a cloud vendor—for processing. It is therefore important for a company to undertake a rigorous assessment of its responsibility for the personal data processed by the cloud provider and, if applicable, enter into a data processing agreement requiring the cloud provider to act only according to the company's instructions, to ensure adequate technical and organizational security and otherwise to comply with legal requirements.
International Data Transfers
The restrictions placed on the international transfer of personal data by EU Member States raise particularly troublesome jurisdictional issues in the context of cloud computing. Transfers of personal data outside of the European Economic Area that originate within the EEA are prohibited unless the receiving country provides for an “adequate” level of protection. Currently, the European Commission considers only a handful of countries to provide an adequate level of data protection, and the United States is not one of them. The transfer o f personal data to a country that is not considered “adequate” may be authorized if the data recipient has implemented a legal mechanism providing for an adequate level of protection (such as adherence to the U.S. Safe Harbor Program) or if the data controller can rely on an exception to the prohibition. Such mechanisms are challenging to implement in a cloud context and may require the approval of an EU data protection authority. To seek to address these concerns, some cloud vendors offer segregated EU clouds that keep EU personal data from being transferred outside the European Union.
Legal Bases for Processing Data in a Cloud
Under EU data protection law, organizations that “process” personal data must have a legal basis for doing so; and uploading data into the cloud is considered “processing” in the European Union. Although a variety of possible legal bases exist, in the cloud context, a business most likely would rely on consent of the data subjects, contract fulfillment, or the “balance of interests” test. But obtaining consent inevitably would be burdensome and, in any case, raises significant legal issues in Europe. For example, to be valid under EU law, consent must be freely given, specific and informed. Given the nature of employment relationships, however, under European data protection law, consent is not considered to have been “freely given” in the employment context. To mitigate the uncertainty this creates, an organization could obtain individual employees' consent at the same time as it informs the relevant works council of proposed processing. This process, however, could be so unpalatable as to outweigh the benefits of implementing a cloud-based computing solution.
Information Security Safeguards
EU data protection law requires data controllers to implement appropriate technical and organizational measures to protect personal data against
(1) accidental or unlawful destruction or loss;
(2) unauthorized alteration, disclosure or access (in particular where the processing involves the transmission of data over a network); and
(3) all other unlawful forms of processing.
When applying this broad requirement to cloud computing there are a number of points companies should consider, including the fact that use of a cloud vendor increases the potential for unauthorized disclosure or access. Accordingly, authentication and access safeguards must be robust and provide for an appropriate level of security. Due to the increased level of public access to the cloud, the risk of an information security breach is correspondingly higher, thus the cloud provider should be required by contract to inform data controllers of any data breach incidents.
Rights of Data Subjects
Subject to certain limitations, individuals have a fundamental right under European Union data protection law to access, block, rectify or delete their personal data. Due to the technical set-up of a cloud computing infrastructure, it may be difficult to guarantee that requests for access, blocking, rectification, or deletion are effectively and properly managed. A service provider agreement would have to address this issue specifically.
In the European Union, works councils must be informed of issues affecting working conditions and employee rights, including matters related to employee privacy and data security. In some countries, a formal agreement must be entered into between the employer and the works council. Depending on the jurisdiction, works councils may be resistant to the introduction of new technologies (such as cloud computing) that could have an impact on employee privacy, and this resistance might manifest itself in the form of efforts by works councils to block the implementation of a cloud computing solution.
Given the rapidly-evolving legal landscape in this area, providing guidance to companies venturing into the cloud is a complex matter. Legislatures and regulatory bodies around the world are grappling with the privacy and data security implications of cloud computing, but they have yet to promulgate any actionable requirements or recommendations.
In addition, a host of non-privacy law questions (related to e-discovery obligations, for example), not to mention non-legal concerns such as the difficulties associated with migrating to a cloud provider's architecture and the possibility of service gaps caused by outages, must be explored prior to committing to the use of cloud technology. Companies seeking to implement cloud computing solutions should do so with caution and closely monitor global developments in this area.
About the Authors. Lisa J. Sotto is a partner in the New York office of Hunton & Williams LLP where she heads the Privacy and Information Management Practice. Bridget C. Treacy is Global Sourcing and Privacy partner in Hunton & Williams' London office. Melinda L. McLellan is a New York-based associate on the Privacy and Information Management team.
Reproduced with permission from Computer Technology Law Report, 11 CTLR 75 (Feb. 5, 2010). Copyright 2010 by The Bureau of National Affairs, Inc. (800-372-1033) <http://www.bna.com>
Cornell LII's Legal Citation Finder BookmarkletCornell's LII Citer is a new tool for helping researchers link to law online when the text is not already hyperlinked. Do note the citation types the tool currently supports. Hat tip to RIPS Law Librarian. [JH]
New Book: Brick-and-Mortar Libraries and Their Staff Not Quite as Antiquated a Notion as Some Would Have Us Think
Marilyn Johnson's feel good book, This Book Is Overdue!: How Librarians and Cybrarians Can Save Us All (Harper, Feb. 2, 2010), "taps into the radical changes that libraries are going through" by describing how America’s public libraries have been reinventing themselves in the Internet Age according to the lead-in to the Star-Ledger's interview with the author. From the product description:
Those who predicted the death of libraries forgot to consider that in the automated maze of contemporary life, none of us—neither the experts nor the hopelessly baffled—can get along without human help. And not just any help—we need librarians, who won't charge us by the question or roll their eyes, no matter what we ask. Who are they? What do they know? And how quickly can they save us from being buried by the digital age?
Hat tip to The Resource Shelf. [JH]