Criminal Law Library Blog

Mary Alice Baish, Director of Government Relations and Emily Feldman, Advocacy Communications Assistant (both of the American Association of Law Libraries, AALL), have been doing a tremendous job serving as advocates for high quality and highly accessible legal information on the web in a format that can be authenticated.

The following is an e-mail from Emily which mentions the work of the White House open government working group and includes a request for suggestions regarding specific types of information and datasets you would like to see agencies publish. Although Emily's e-mail is directed primarily to law librarians I am posting it here because of the value of this initiative to the entire legal community.

FROM: Emily Feldman
March 10, 2010

The White House’s open government working group has held several meetings with stakeholders, including AALL, to develop criteria to measure agency open government plans, which must be published by April 7. At a meeting last Friday, I was pleased to learn that the working group adopted Mary Alice’s suggestion that Executive Branch agencies be evaluated based in part on whether they commit in their plans to publish new information (e.g., reports and publications) on their Web sites, in addition to new high-value datasets in XML on Data.gov.

We’re looking for specific types of information and datasets that you’d like to see agencies publish. The working group is also very interested in any cross-agency datasets you’d like to see added to Data.gov (e.g., crime data from DOJ/DHS, health data from EPA/HHS).

Some of the suggestions we’ve received so far include:

· All historic content that agencies have digitized (presuming that agencies followed the Paperwork Reduction Act and didn’t make exclusive deals)

· All the legislative histories that have been digitized by the Department of Justice Library

· Dataset on "charges of discrimination" filed from the EEOC

Are there other information holdings or datasets that you’d like to see added? Please email me the title and name of the publishing agency by COB next Wednesday, March 17.

Thanks,

Emily

Emily Feldman
Advocacy Communications Assistant
American Association of Law Libraries
25 Massachusetts Avenue, NW, Suite 500
Washington, D.C. 20001

202-942-4233

Fax: 202-737-0480
efeldman@aall.org

http://www.aallnet.org/aallwash

103nd Annual Meeting & Conference / Denver, CO. / July 10-13, 2010

The 2010 CyberSecurity Watch Survey, sponsored by Deloitte and conducted in collaboration with CSO Magazine, the U.S. Secret Service, and the CERT Coordination Center at Carnegie Mellon, indicates that threats posed by cyber crime have increased faster than potential victims -- or cyber security professionals -- can cope with, placing targeted organizations at significant risk.

While we cannot provide you a copy of the actual Survey, the Deloitte whitepaper, Cyber Crime: A Clear and Present Danger reports on several of the survey findings and includes Deloitte's interpretation of key results. Quoting from the Introduction to the white papter: "By its very nature, interpretation goes beyond simple reporting of results...and may prompt disagreement and even controversy"

With that, we invite you to download the white paper from the link below, read it, and draw your own conclusions

Cyber Crime: A Clear and Present Danger

David Badertscher

The webcast of Eben Moglen's speech 'Freedom in The Cloud' is proving
to be one of most popular ever, and has received over 20,000 hits
representing about a 1000 views since Feb 14. In the talk Eben
challenges the tech community to provide the public with the means to
recapture its privacy from social media/cloud juggernaut through the
development of personal social media servers operating in a robust
distributed network.

Note that free DVDs of this talk are available to libraries,
educators, and other interested in running screenings - email
dvd@isoc-ny.org and ask for DVD1710.

http://www.isoc-ny.org/?p=1338

From: ISOC-NY Announcements February 23, 2010

SigInt Technologies, LLC seeks a Senior Level Digital Library Programmer
Analyst to support a US Government Agency.

Salary range: $125,000.00 - $135,000.00

We are growing our hardcopy-centric collection to include a substantial
amount of digital content. You will have the opportunity to chart the course
as we incorporate a variety of electronic data sources into the collection
and make them available to our users. You will have the freedom to select
the tools you deem best and implement them as you see fit. You'll work
directly with library management to collect requirements and propose and
implement solutions. You will lead and direct other developers who will
assist with the implementation.

A masters degree in Library Science, Computer Science, or comparable is
required. Knowledge of Koha, MARC records, Linux, and a scripting language
such as Perl or Python is also required. Experience with PHP, Java/J2EE,
Tomcat, MySQL, STILAS, VuFind, and SOLR is preferred, but not required.

SigInt Technologies provides an outstanding compensation package, including
a Roth or Traditional 401K plan with 100% matching, full medical benefits, a
technology allowance, paid professional memberships and conferences, and a
very flexible work environment. The salary range is $125,000 - $135,000 and
depends on your level of experience. Ten holidays as well as three weeks of
vacation are included. A yearly allowance of $5,000 is provided for
technology, professional memberships, and conferences. Your contribution of
$16,250 (IRS limit) to your 401K plan will be matched by SigInt Technologies
for a total annual retirement contribution of $32,500.

The job is at Fort Meade, Maryland. You must be able to work on-site at
least three days per week. A security clearance is required. Individuals
already possessing a security clearance are highly encouraged to apply.

--
John S. Roberts
SigInt Technologies, LLC
John -AT- SigIntTech -DOT- COM

Volume3 Number 1 January 2010

From the Desk of David Badertscher

As we begin the new year, it’s an opportune time to assess the cyber security landscape and prepare for what new challenges may lie ahead, as well as what current threats may continue.

What Are the Cyber Trends for 2010?

· Malware, worms, and Trojan horses: These will continue to spread by email, instant messaging, malicious websites, and infected non-malicious websites. Some websites will automatically download the malware without the user’s knowledge or intervention. This is known as a “drive-by download.” Other methods will require the users to click on a link or button.

· Botnets and zombies: These threats will continue to proliferate as the attack techniques evolve and become available to a broader audience, with less technical knowledge required to launch successful attacks. Botnets designed to steal data are improving their encryption capabilities and thus becoming more difficult to detect.

· Scareware – fake/rogue security software: There are millions of different versions of malware, with hundreds more being created and used every day. This type of scam can be particularly profitable for cyber criminals -- as many users believe the pop-up warnings telling them their system is infected and are lured into downloading and paying for the special software to “protect” their system.

· Attacks on client-side software - With users keeping their operating systems patched, client-side software vulnerabilities are now an increasingly popular means of attacking systems. Client-side software includes things like Internet browsers, media players, PDF readers, etc. This software will continue to have vulnerabilities and subsequently be targeted by various malwares.

· Ransom attacks occur when a user or company is hit by malware that encrypts their hard drives or they are hit with a Distributed Denial of Service Attack (DDOS) attack. The cyber criminals then notify the user or company that if they pay a small fee, the DDOS attack will stop or the hard drive will be unencrypted. This type of attack has existed for a number of years and is now it is gaining in popularity.

· Social Network Attacks: Social network attacks will be one of the major sources of attacks in 2010 because of the volume of users and the amount of personal information that is posted. Users’ inherent trust in their online friends is what makes these networks a prime target. For example, users may be prompted to follow a link on someone's page, which could bring users to a malicious website.

· Cloud Computing: Cloud computing is a growing trend due to its considerable cost savings opportunities for organizations. Cloud computing refers to a type of computing that relies on sharing computing resources rather than maintaining and supporting local servers. The growing use of cloud computing will make it a prime target for attack.

· Web Applications: There continues to be a large number of websites and online applications developed with inadequate security controls. These security gaps can lead to the compromise of the site and potentially to the site’s visitors.

· Budget cuts will be a problem for security personnel and a boon to cyber criminals. With less money to update software, hire personnel and implement security controls enterprises will be trying to do more with less. By not having up-to-date software, appropriate security controls or enough personnel to secure and monitor the networks, organizations will be more vulnerable.

What Can I Do?

The following are helpful tips to assist in minimizing risk:

· Properly configure and patch operating systems, browsers, and other software programs.

· Use and regularly update firewalls, anti-virus, and anti-spyware programs.

· Be cautious about all communications; think before you click. Use common sense when communicating with users you DO and DO NOT know.

· Do not open email or related attachments from un-trusted sources.

Additional Information:

IBM’s Top Security Trends for 2010: http://www.internetnews.com/security/article.php/3849636/

Symantec’s 'Unlucky 13' Security Trends for 2010:
http://www.internetnews.com/security/article.php/3849371

SANS Top Cyber Security Risks: http://www.sans.org/top-cyber-security-risks/

Bankinfosecurity.com article: http://www.bankinfosecurity.com/articles.php?art_id=1926

PC World: http://www.pcworld.com/article/182889/new_banking_trojan_horses_gain_polish.html

Panda Labs 2009 Annual Malware Report:
http://www.pandasecurity.com/img/enc/Annual_Report_Pandalabs_2009.pdf

The above comments are based on information tips provided by the Multi-State Information and Analysis Center (MS-ISAC). To learn more about MS-ISAC go to http://www.msisac.org/

OTHER NEWS AND VIEWS:

DARPA: Calling All Cyber Geneticists
Technology sought would develop cyber equivalent of DNA to identify cyberattackers

By Ben Bain
Jan 29, 2010
Federal Computer Week
"The Defense Advanced Research Projects Agency is looking for technologists who can think like scientists to develop and use the cyber equivalent of fingerprints or DNA to pinpoint the origins of a cyberattack...."
____________________

False sense of cybersecurity
Paul Bell
GCN Government Computer News
January 13, 2010.
Newly appointed National Cybersecurity Coordinator Howard Schmidt has a big job ahead of him. Getting individuals, businesses and government to take greater responsibility is one of three places he should start

Although addressed primarily to Internet Society members, the following message contains information which should be of interest to librarians, lawyers and other important stakeholders in the internet community who need to follow ongoing developments.

Dear Members, Friends, and Colleagues,

The end of 2009 is here - and what a year it has been. The Internet
Society continued to prosper in 2009, the results of our work reaching
wider and deeper than ever before. So it is a pleasure to extend my
sincere gratitude to all of you whose combined efforts, energy, and
dedication have made this such a great year.

We often use the term "Internet community" and, looking back at the
achievements of this year, it is clear that these are truly the result
of a strong, committed community pulling together around shared values
and principles.

It is impossible to list here all of the Internet Society's
achievements from such a busy and productive year, but I would like to
single out a few highlights.

Within the Enabling Access Initiative, we worked closely with Chapters
and other local and regional partners to significantly extend our
technical and policy capacity building programmes, especially in
Africa, Latin America, and the Caribbean. These efforts were aided
through a revitalized INET programme with specialized content
developed in partnership with local communities, and which reached out
successfully to hundreds of participants in each location. This work
advanced our profile and strengthened our message in many high-level
forums, such as the OECD, the World Bank, and the ITU. Access
continues to be one of the major themes in many of the Chapter and
other member projects supported by our grants programmes.

In our InterNetWorks Initiative, a number of new efforts contributed
to helping to advance the health of the Internet. ISOC continues to
project a strong voice for IPv6 deployment, so it has been pleasing to
see in 2009 that IPv6 is gathering momentum around the world. In an
exciting new development this year, ISOC launched a series of topical,
lively panel discussions during IETF meetings. The first on IPv6
deployment attracted much international attention. Together with the
subsequent panels on DNS security and bandwidth management issues,
these events have set the scene for what will be an important ongoing
activity, helping to advance the health of the Internet and promoting
the role of the IETF.

ISOC's Trust and Identity Initiative benefited from two important new
staff additions in 2009, increasing our involvement in many important
new initiatives and partnerships in both the Trust and Identity
spaces. One of the most significant is the Kantara Initiative
(formerly the Liberty Alliance), in which ISOC has developed a strong
voice and leadership role.

Throughout all of our work in 2009, we strived to promote better
understanding of the nature and importance of the Internet Model of
development and the relationships of the many organizations and
functions making up the Internet Ecosystem. These efforts have clearly
paid off and we were very pleased to see many of our messages
reflected in the words and actions of many others in regional,
national, and global discussions. In 2009, ISOC's key messages were
more frequently cited in media reports and reflected in statements by
policy makers around the world than ever before.

Additions to ISOC's staff in 2009 helped us make big strides in
producing better publications and communications resources, delivering
important information and services in more languages, and providing
much greater support for events where Chapters, Individual and
Organization Members, and others come together in support of our
common mission. The successful Sphere project continues to be an
excellent process for enabling the full potential of the Chapter
network. And we were very pleased to recently launch the first phase
of our new Association Management System as a much improved tool for
Chapter and member interaction.

This year was one of ISOC's most significant ever in terms of global
engagement. With highly visible roles in the EU, ITU, OECD, IGF, and
many other major policy and technical forums, it is clear that ISOC's
reputation as a trusted and authoritative voice on critical Internet
issues continues to grow stronger. We again were honoured to
coordinate the participation of other organizations, especially in the
Internet Technical Advisory Committee to the OECD and the Internet
Pavilion at the ITU's Telecom World 2009. At the latter event, ISOC
announced the Next Generation Leaders programme, a new activity
starting in 2010 to build on our past successes such as the Network
Training Workshops (NTW's), as well as our current work in Fellowships
to the IETF, and Ambassadorships to the IGF and other forums, adding
coursework and mentoring to help accelerate the careers of the young
practitioners who will lead the Internet into its next generation.

Finally, the Internet Society is finishing the year on a high note,
having just announced our support for the World Wide Web Consortium
(W3C), to help it evolve as a more agile, inclusive, and flexible
organization, as it creates and promotes open standards.

There is so much more I could mention here - it really has been an
extraordinary year. As 2009 draws to a close, it is important to
recognize and thank all those who contributed to such a successful
year. So, thank you to all the Individual and Organization Members,
the Chapters, and all our other supporters and partners for their
efforts and support as we worked together in pursuit of our common
goals. Thank you to our friends in the Internet Engineering Task Force
(IETF) and the Internet Architecture Board (IAB) without whose values
and work, the Internet, as we know it, would not exist. And, of
course, thank you to the ISOC staff, the ISOC Board of Trustees, the
Organization Member Advisory Council and the Public Interest Registry
(PIR), for their efforts and support. To all of you, your support is
vital to helping the Internet improve the lives of people everywhere.

Finally, I'd like to extend my very best wishes to you and your
families during the holiday season, as we couldn't do what we do
without their support. I look forward to working together with all of
you for a prosperous and successful 2010.

Warmest regards,

Lynn

Lynn St.Amour
President & CEO, Internet Society

Includes both useful resources and a request for information from the courts.

Nora Sydow reports that the National Center for State Courts (NCSC) has recently developed a Social Media and the Courts web module. Included in this module is a state links page that links to courts that are using Twitter, Facebook, YouTube, etc. In an effort to make this page as complete as possible, we are asking for your help.

(1) If your court is using a social media site, could you please send me the link(s) so we can include them in our state links page?

(2) If your court has established a social media policy, either for employee use of social media sites and/or a policy that governs the court’s own social media sites, could you please send me a copy of your policy?

Please send any information you can provide to:

Nora E. Sydow
Knowledge and Information Services Analyst
National Center for State Courts
300 Newport Avenue
Williamsburg, VA 23185
voice: 757.259.1509
fax: 757.564.2041
email: nsydow@ncsc.org

Visit the new NCSC website at www.ncsc.org.

January - February 2010 Issue:

The January/February 2010 issue of D-Lib Magazine (http://www.dlib.org/) is now available.

This issue contains eight articles, two conference reports, the 'In Brief' column, excerpts from recent press releases, and news of upcoming conferences and other items of interest in 'Clips and Pointers'. This month, D-Lib features The Swingle Plant Anatomy Reference Collection, a historical collection of plant anatomical microscope slides, courtesy of University of Miami Libraries.

The Articles are:

Digital Object Repository Server: A Component of the Digital Object Architecture by Sean Reilly and Robert Tupelo-Schneck, Corporation for National Research Initiatives
http://dx.doi.org/10.1045/january2010-reilly

Technologies Employed to Control Access to or Use of Digital Cultural Collections: Controlled Online Collections by Kristin R. Eschenfelder, University of Wisconsin-Madison and Grace Agnew, Rutgers University
http://dx.doi.org/10.1045/january2010-eschenfelder

The Use of Metadata for Educational Resources in Digital Repositories: Practices and Perspectives by Dimitrios A. Koutsomitropoulos, Andreas D. Alexopoulos, Georgia D. Solomou, and Theodore S. Papatheodorou, University of Patras
http://dx.doi.org/10.1045/january2010-koutsomitropoulos

RDA Vocabularies: Process, Outcome, Use by Diane Hillmann, Information Institute of Syracuse, Metadata Management Associates; Karen Coyle, kcoyle.net; Jon Phipps, JES & Co., Metadata Management Associates; Gordon Dunsire, University of Strathclyde
http://dx.doi.org/10.1045/january2010-hillmann

D-Lib Magazine: Its First 13 Years by Taemin Kim Park, Indiana University Libraries
http://dx.doi.org/10.1045/january2010-park

Tagging Full Text Searchable Articles: An Overview of Social Tagging Activity in Historic Australian Newspapers August 2008 - August 2009 by Rose Holley, Australian Newspapers Digitisation Program (ANDP), National Library of Australia
http://dx.doi.org/10.1045/january2010-holley

FERPA and Student Work: Considerations for Electronic Theses and Dissertations by Marisa Ramirez, California Polytechnic State University - San Luis Obispo and Gail McMillan, Virginia Tech
http://dx.doi.org/10.1045/january2010-ramirez

The Virtual Journals of the Joint Institute for Nuclear Astrophysics by Richard H. Cyburt, Sam M. Austin, Timothy C. Beers, Alfredo Estrade, Ryan M. Ferguson, Alexander Sakharuk, Hendrik Schatz, Karl Smith, and Scott Warren, Joint Institute for Nuclear Astrophysics (JINA)
http://dx.doi.org/10.1045/january2010-cyburt

The Conference and Workshop Reports are:

e-Science for Musicology Workshop Report by Richard Lewis, Goldsmiths College, University of London
http://dx.doi.org/10.1045/january2010-lewis

Cloud Computing, Big Data, and Open Access at EDUCAUSE 2009 by Carol Minton Morris, DuraSpace and Cornell University
http://dx.doi.org/10.1045/january2010-morris

D-Lib Magazine has mirror sites at the following locations:

UKOLN, University of Bath, Bath, England
http://mirrored.ukoln.ac.uk/lis-journals/dlib/

The Australian National University, Canberra, Australia
http://dlib.anu.edu.au/

State Library of Lower Saxony and the University Library of Goettingen, Goettingen, Germany
http://webdoc.sub.gwdg.de/edoc/aw/d-lib/

Academia Sinica, Taipei, Taiwan
http://dlib.ejournal.ascc.net/

BN - National Library of Portugal, Portugal
http://purl.pt/302/1

Volume 2 Number 12 December 2009.

Automatic Software Updates and Patching

From the Desk of David Badertscher

Security vulnerabilities are flaws in the software that could allow someone to potentially compromise your system. Each year, the volume of software security vulnerabilities discovered increases, and the hacking tools available to exploit these vulnerabilities become more readily available and easier to use. Vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office are prime targets of attacks on computers connected to the Internet. Recent statistics reported show that 48% of the cyber attacks identified in the second quarter of 2009 were targeted against vulnerabilities in Adobe Acrobat/Adobe Reader1 and in October 2009 Microsoft released patches for a record number of security holes. No entity is immune to vulnerabilities, so we must ensure we understand the risks and take appropriate mitigation steps.

Why do I need to update my software?

One of the basic tenets of computer security is to update your operating system and other software installed on your computer. Software updates fix problems in the software, add functionality, and most importantly, fix vulnerabilities that impact the security of the software and subsequently your computer. These vulnerabilities can lead to your computer—and information that resides on it—being compromised. Exploitation of vulnerabilities may occur by opening documents, viewing an email which contains malicious code or visiting a web site hosting malicious content. Seventy percent of the top 100 web sites hosted malicious content or contained a link designed to redirect users to malicious sites.2

What is a software patch (fix) and when should I install software patches?

Patches are often called "fixes." A patch is software that is used to correct a problem to an application (software program) or an operating system. Computer companies are continuously addressing security holes (i.e. vulnerabilities) in computer software which could be used to infect your computer with a virus, spyware or worse. When vulnerabilities are discovered, the software vendor typically issues a fix (i.e. patch) to correct the problem. This fix should be applied as soon as possible since the average time for someone to try to exploit this security hole can be as little as a few minutes. Most major software companies will periodically release patches, usually downloadable from the Internet, that correct very specific problems in their software programs.

My computer includes hundreds of software programs-- which ones do I need to update and how often?

One of the challenges facing the average computer user is to know which software needs to be updated and how often. Software programs that communicate or interact with the Internet are especially susceptible to attacks and should be kept at a vendor-supported version and current on all patches.

Many software programs include a feature called “auto update.” This feature allows the computer to check for updates at periodic intervals. The software will automatically check for updates and save them to your computer. Some updates will instruct you to “reboot” your computer before the software update can be applied.

At a minimum, you should enable the auto update feature on the following products:

Anti-virus and Anti-spam signatures: anti-virus and anti-spam software requires regular updates to virus and spam signatures to remain effective. New viruses and other types of malware appear every day and the anti-virus/anti-spam vendors release new signatures on a daily basis to stay on top of the new threats. Windows Office software: Word, Excel, Outlook, etc. – (see below for updating Windows software) Internet Browsers: e.g., Internet Explorer (Microsoft), Firefox (Mozilla), Safari (Apple) and Chrome (Google). Make sure you update any software you use for browsing the Internet. Adobe products: e.g., Adobe Reader, Adobe Acrobat, Flash, Shockwave Media Players: e.g., Windows Media Player (Microsoft), QuickTime (Apple), Real Player (Real Networks) and Flash Player (Adobe)

Java (Sun Microsystems): Java is software that is installed on most computers to allow users to play online games, conduct online chats, and view images in 3D, among other functions. It is also used for Intranet applications and other e-business solutions. Other software programs that communicate or interact with the Internet, like e-mail, web servers, and remote desktop software are especially susceptible to attacks and should be kept current on patches and version levels.

It is very important to promptly download and patch your operating system and programs whenever security updates or “service packs” become available. These patches are created to protect systems against potential attacks. Be aware that attacks sometimes occur before updates are released.

How do I update my Microsoft Windows programs?

Windows Update is a Microsoft service that provides updates for the Windows operating system and other Microsoft software. Installing Windows updates, such as “service packs” and other patches, is necessary to keep your Windows system secure. To activate Windows Update, go to Settings/Control Panel/Automatic Updates. When you turn on Automatic Updates, Windows routinely checks the Windows Update web site for high-priority updates that can help protect your computer from the latest viruses and other security threats. These updates can include security updates, critical updates, and “service packs.” Depending on the setting you choose, Windows automatically downloads and installs any high-priority updates that your computer needs, or notifies you as these updates become available. Be sure to set the auto updates to daily, as patches can be released at any time.

Note: Many organizations have formal processes to patch systems that will automatically update all appropriate software. In these situations, no end user action is required.

******************************

Source: 1. F-Secure
Source: 2. SC Magazine

The above comments are based on information tips provided by the Multi-State Information and Analysis Center (MS-ISAC). To learn more about MS-ISAC go to http://www.msisac.org/
__________________________________________

OTHER NEWS AND VIEWS

Continue reading "CLLB: Information Security Newsletter " »

David Badertscher*

Some jurors have always had an urge to visit a crime scene or research a case they're considering while on jury duty, but now the Internet is making it much easier to play detective.

"As simple as it might have been to research facts on their own in the past, now jurors don't have to have a brother-in-law who's a doctor or a next-door neighbor who's a dentist. Everyone has access to the world of doctors and dentists," says Laura A. Miller, the chair of the criminal litigation section of the American Bar Association and a partner at Nixon Peabody.

Courts across the country are wrestling with the problem.

According to an article by Douglas L. Keene and Rita R Handrich in the November 2009 issue of The Jury Expert: The Art of Science and Litigation Advocacy, trials have been disrupted due to the internet from as far back as 2001. The sense of “feeling connected” through the internet has lead to various issues relating to legal issues, including using social media during trials.

The internet and social media has affected trials. Jurors use the internet and social media as research tools, even during jury duty. Jurors also communicate about cases online. Some say the reason for this type of behavior is because people are more self‐centered and do not consider the impact of their behavior on others. However, the real issues involve juror curiosity and naivete about their behavior.

In order to resolve these issues, the focus of the legal system has been to revise jury instructions so that jurors are explicitly told to not do internet research. According to data gathered in response to a New York Times article, the public sentiment falls into three categories. The first group says, “take away their phones,” the second says, that the legal system should figure out a way to how to deal with this new issue (taking away juror cell phones would be ineffective), and the third (smallest) group says that jurors should use these tools as a method to dig deeper into courtroom issues.

The Jury Expert article referenced above, Online and Wired for Justice: Why Jurors Turn to the Internet, also includes several recommendations and strategies for addressing the issues of jurors and internet. As the article points out, "...It isn't just jurors!" The disruptive internet-related activities of judges, attorneys, witnesses, parties and jurors must also be concerned as part of the overall problem. This and many other articles on the topic agree that increasing use of internet based technology by jurors and others in a court setting can be a broad based problem and that all concerned, especially jurors, need to be educated on the importance of not engaging in "Google mistrials".
_______________________
* I am grateful to Michael Chernicoff for his assistance in preparing this article.

GungaWeb is an online tool that assists analysis of New York criminal cases with respect to sentencing, lesser included offenses, plea bargaining restrictions, charging and offense elements.

Detailed sentencing reports for all Penal Law offenses plus DWI and,now for 2009, Aggravated Unlicensed Operation of a Motor Vehicle (VTL511). Dynamic detailed and summary reports of lesser included and greater inclusory offenses. Commentary on pertinent legislative
amendments included.

Current subscribers include over 100 New York judges and law clerks.

Updated on a continuous basis (Judicial Diversion analysis [CPL Article 216] now included in 2009 version) with archived annual versions from 2000 on available on-line. Annual subscriptions $198 per person.

This computer assisted legal research (CALR) application is designed to complement and supplement systems such as LEXIS and Westlaw. While those systems emphasize the search, retrieval and dissemination of information stored in their databases, GungaWeb emphasizes the analysis of New York criminal cases as noted above. Although GungaWeb has been designed primarily with New York users in mind, those outside New York who need to devote a significant amount of their time analyzing New York criminal cases as discussed in the first paragraph might also want to consider GungaWeb.

Created by a New York attorney with over 27 years experience, former member of the ommittee on Criminal Jury Instructions, and member of the Subcommittee on Simplification of the New York State Commission on Sentencing Reform.

Further details at www.gungaweb.com (click on "Features" to explore)."

Also click here to see GungaWeb News

Since the beginning of the last century when physicists determined that light could be considered as consisting of particles (photons) as well as waves, there have been efforts, with varying degrees of success, to use light to further the development of technology and communications. One of the latest attempts as reported by Judge Herbert Dixon Jr. in a recent e-mail involves fascinating research by Intel to develop a new optical interconnect using Light Peak optical technology to link mobile devices to displays and storage up to 100 meters away. The technology uses light to provide communication between data systems and devices associated with PCs at speeds up to 10 gigabits per second..

Judge Dixon reports that: Current cable technology uses electricity to transfer data which limits the speed and length of the transmission. Using Light Peak as the platform (containing a controller chip and an optical module), electricity is converted to light, increasing transmission length. Light Peak also retains the quality of high-definition video displays from transmissions over several meters. It can transfer full length Blu-Ray movies in less than 30 seconds, and runs multiple protocols simultaneously over a single cable..

Click here for added discussion about this technology.

White Paper by Nelson Reust and Danielle Reust

The authors write: " Migration to Windows 7 is a future reality for most. With XP approaching its end of life, and many organizations choosing to skip Vista as an interim step, the new Windows 7 release holds the promise of new features and benefits that include added security, improved manageability and enhanced ease of use. Regardless of the starting point, a migration to Windows 7 is a path that holds as many questions and challenges as it does potential rewards. Planning now can ensure a smooth transition in 2010."

Click here to see the complete paper.

Not everyone is entirely happy with Windows 7. See review below:

Windows 7 review: 'New' OS is just Vista with small changes

Microsoft's Windows 7 has been touted as a new, better-running operating system. But despite the addition of a few handy features, the GCN Lab finds that it looks just like the Vista OS, has a lot of the same annoying quirks as Vista and delivers no difference in performance from Vista.

As we becme increasingly dependant on information transmitted and stored in digital formats, ssues related to cybercrime are rapidly becoming central to all areas of the law. This is not stated as a criticism but rather as a fact that must be addressed by whatever means possible, including programs such as the one described below::

The White House announces a Cyberspace Policy review, proclaims a national security concern and appoints a czar; the FTC is about to issue "Red Flag" ID-theft compliance plan mandates; the Computer Hacking and Intellectual Property (CHIPS) units at DOJ and various U.S. Attorney's Offices are gearing up; and "hacking" and HIPAA prosecutions are on the rise. Get the picture?

Whether you provide compliance/governance advice to corporations, counsel corporations about data breach crisis-response, or defend individuals, getting up to speed on where we are and where we are going is critical. An experienced panel of prosecutors, defense lawyers and cyber-experts will discuss these and other issues.

Moderator:
Ronald H. Levine, Esq., Partner and White Collar Practice Chair at Post & Schell, PC

Panelists:
Michael L. Levy, Esq,. United States Attorney, Eastern District of Pennsylvania
Ronald E. Plesco, Jr., President & CEO, National Cyber Forensic Training Alliance (NCFTA)
Meredith S. Auten, Esq., Partner, Morgan, Lewis & Bockius LLP
Kenneth R. Sharpe, Esq., Deputy Attorney General, New Jersey Attorney General's Office

When: 6:00-8:00 p.m. (Beverages and light fare from 6:00-7:00 p.m.)
Thursday, October 15, 2009

Where: Post and Schell, P.C.
Four Penn Center
1600 JFK Boulevard, 13th Floor
Philadelphia, PA

This program is sponsored by the ABA Criminal Justice Section White Collar Crime Committee Mid-Atlantic Region and Young Lawyers Subcommittees.

*Complimentary CLE (MCLE Credits have been applied for in Del., NJ, PA and VA)

RSVP to Robert Snoddy at snoddyr@staff.abanet.org or 202/662-1516

--------------------------------------------------------------------------------

Your e-mail address will only be used within the ABA and its entities. We do not sell or rent e-mail addresses to anyone outside the ABA.

Update your profile | Unsubscribe | Privacy Policy

American Bar Association | 321 N Clark | Chicago, IL 60654 | 1-800-285-2221

September 2009
Volume 2, Issue 9

Cyber Ethics

From the Desk of David Badertscher

What is Cyber Ethics?

Cyber ethics refers to the code of responsible behavior on the Internet. Just as we are taught to act responsibly in everyday life, with lessons such as “Don’t take what doesn’t belong to you,” and “Do not harm others,” -- we must act responsibly in the cyber world as well.

What are Responsible Behaviors on the Internet?

Responsible behavior on the Internet in many ways aligns with acceptable behavior in everyday life, but the consequences can be significantly different. For example, verbal gossiping is generally limited to the immediate audience (those within earshot) and may well be forgotten the next day. However, gossiping on the Internet can reach a far wider audience. The “words” are not forgotten the next day, but may live on the Internet for days, months or years and cause tremendous harm.

Some people try to hide behind a false sense of anonymity on the Internet, believing that it does not matter if they behave badly online because no one knows who they are or how to identify them. That is not always true. Computers, browsers, and Internet service providers may keep logs of their activities which can be used to identify illegal or inappropriate behavior.

The basic rule is do not do something in cyber space that you would consider wrong or illegal in everyday life.

When determining responsible behaviors, consider the following:

Do not use rude or offensive language.
Don’t be a bully on the Internet. Do not call people names, lie about them, send embarrassing pictures of them, or do anything else to try to hurt them.
Do not copy information from the Internet and claim it as yours. That is called plagiarism.
Adhere to copyright restrictions when downloading material including software, games, movies, or music from the Internet.
Do not break into someone else’s computer.
Do not use someone else’s password.
Do not attempt to infect or in any way try to make someone else’s computer unusable.

We were taught the rules of “right and wrong” growing up. We just need to apply the same rules to cyber space!

For more information on Cyber Ethics visit:

- U.S Department of Justice: www.usdoj.gov/criminal/cybercrime/cyberethics.htm- MS-ISAC: www.msisac.org/awareness/news/2007-01.cfm

- Symantec: www.symantec.com/norton/library/familyresource/article.jsp?aid=pr_cyberethics
- Cyber-Ethics Champions Code: www.playitcybersafe.com/resources/EthicsCode.pdf

- StaySafeOnLine: www.staysafeonline.info/content/cyber-ethics-materials
************************************************************************

OCTOBER IS NATIONAL CYBER SECURITY AWARENESS MONTH

“CYBER SECURITY IS OUR SHARED RESPONSIBILITY”
www.staysafeonline.org/ncsam

www.nascio.org/newsroom/pressrelease.cfm?id=44

www.msisac.org/awareness/oct09/2009awareness.cfm

*****************************************************
LIVE NATIONAL WEBCAST
A Strategy for Promoting Cyber Security Awareness - October 8 – 2:00pm-3:00pm EDT
www.msisac.org/webcast/2009-10/index.cfm

The above comments are based on information tips provided by the Multi-State Information and Analysis Center (MS-ISAC). To learn more about MS-ISAC go to http://www.msisac.org/

************************************************************************
MORE NEWS AND REFERENCES:

Information Security News, Tips and Trends from Janus Associates*

European cyber-gangs target small U.S. firms, group says
The Washington Post 08/25/2009

Organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States , setting off a multimillion-dollar online crime wave that has begun to worry the nation's largest financial institutions. A task force representing the financial industry sent out an alert Friday outlining the problem and urging its members to implement many of the precautions now used to detect consumer bank and credit card fraud.

"In the past six months, financial institutions, security companies, the media and law enforcement agencies are all reporting a significant increase in funds transfer fraud involving the exploitation of valid banking credentials belonging to small and medium sized businesses," the confidential alert says.
.
Businesses do not enjoy the same legal protections as consumers when banking online. Consumers typically have up to 60 days from the receipt of a monthly statement to dispute any unauthorized charges. In contrast, companies that bank online are regulated under the Uniform Commercial Code, which holds that commercial banking customers have roughly two business days to spot and dispute unauthorized activity if they want to hold out any hope of recovering unauthorized transfers from their accounts. Read More

7 easy ways to protect PC based information from theft

The proliferation of Personal Storage Devices (thumb drives, iPods, USB external hard disks, etc.) and simple remote access has created unprecedented levels of convenience and at the same time a substantially increased risk of data loss. Pocket sized external USB storage devices can put hundreds of Gigabytes of data storage at your fingertips which is easily enough space to house an industrial-strength database or thousands of documents, spreadsheets, photos and other sensitive information. With the right software installed, these devices can be configured to automatically transfer data off any machine into which they’re plugged. This can be a convenience for the owner of the data, or for the Bad Guy an easy way to potentially access and steal your data. Exploiting this type of threat is very inexpensive and does not take expertise.

Securing your environment is very easy and involves a multi-tiered Best Practices approach including:

Creating and enforcing sound policies and procedures thatlock down the system BIOS on all computers processing, storing or transmitting data.

Creating a logon requirement that uses password and / or biometric authentication every time the PC is turned on.

Requiring the use of strong passwords that contain a minimum 7 character combination of both alpha and numeric symbols.

Never sharing or writing down your passwords.

Automated forced changing of passwords every 60 days.

Locking the PC after 10 minutes of inactivity to prevent unauthorized access to the machine and its data when the user steps away.

Turning off the PC when it is unattended for long periods of time. This one is an often overlooked critical step. A turned off PC means that someone who gains unauthorized access to the network has no access to the hard drive of that specific machine. If the PC is infected and part of a Bot network shutting it down will prevent its use as a zombie for mass spamming or D.o.S. attacks. Think about it; how many people do you know who leave their pc’s at work or home on 24/7? If it’s on it can be accessed remotely.

Securing your PC and data isn’t rocket science. It’s simply a matter of common sense and best practices. Cases in point; would you leave your house unlocked when you go to work for the day or leave your keys in the car and walk away? Of course not. So why would you leave your PC unlocked when you aren’t there? Easily implemented precautions that cost you nothing beyond a few minutes of your time can help minimize the risks associated with data loss and identity theft.
________________________________
* JANUS Associates provides a full range of information security and business information solutions including risk analysis, penetration testing, Payment Card Industry and regulatory compliance assessments including HIPAA, disaster recovery and business continuity planning and testing, eDiscovery, data forensics and data breach crisis management.

In business since 1988, JANUS has the longest tenure of any independent IT security firm in the nation and has been in the forefront of providing quality IT centric services.

JANUS is an independent, woman-owned vendor neutral company with deep skills and strong credentials in the government, commercial and Not-For-Profit sector.

By Brett Burney
Principal
Burney Consultants LLC

We are proud to reprint the following article "The Emerging Field of Electronic Discovery Project Management" which first appeared as a TechnoLawyer TechnoFeature exclusive on September 1. It is being reprinted here with the written permission of both the author Brett Burney, a world recognized authority on issues related to bridging the chasm between the legal and technical frontiers of electronic discovery, and Technolawyer. Whether acknowledged or not we are living in an age of electronic discovery and must learn to cope with its challenges,which requires authorative, updated information such as that provided in Mr. Burney's article. The complete article is presented as a pdf file provided by TechnoLawyer which can be read by clicking on the link following some introductroy material from the article we have provided below for your convenience.

INTRODUCTION