That’s my Slaw post for today.   It reads as follows:

I was reading my usual RSS feeds this morning, partly to see if I could find some inspiration for my Slaw post for today, and found the following post on Techdirt. I couldn’t agree more – and since this is one of those “like he said” posts that I can’t really improve on – I’ve simply reproduced it below. I know the author, Mike Masnick, won’t mind so long as I don’t take credit for writing it.

The Rule Of Law Over The Rule Of Reason

from the stop-the-insanity dept

While not directly a tech/business related story, Jonny sent in this rather disturbing story of a grandmother arrested in Indiana for buying two whole boxes of cold medicine in less than a week. As you’re probably aware, most states have greatly limited the ability to buy cold medicine that contains pseudoephedrine, the ingredient that makes most cold medicines effective — but also a key ingredient used in making meth. So, rather than deal with the growing meth problem head on, many politicians sought to annoy pretty much anyone with a serious cold by making it quite difficult to get any drug that actually contains useful medicine.

Apparently, the Indiana law forbids buying more than 3.0 grams of the stuff in a single week, and the two boxes of cold medicine exceeded that amount. The end result? Police show up at the woman’s house and arrest her — and then keep defending the arrest, citing meth abuse, even as everyone admits that this woman was not making meth:

         “I feel for her, but if she could go to one of the area hospitals and see a baby born to a meth-addicted mother …”

It’s difficult to see what that has to do with anything considering that everyone knows this woman had no intention of making meth. The whole thing is ridiculous, but is symptomatic of a problem that we’re seeing all too often, where the focus is on enforcing poorly thought out laws, to ridiculous consequences, with no attempt to ever look at the negative consequences and seeing if the original law made any sense in the first place.

We’ve discussed this in the past with regards to other laws as well. In business, if you plan a new initiative, you have metrics and you check to see if you accomplish them, and you monitor negative effects of what you do as well. So why don’t politicians ever do this? When they pass a law to ban spam, increase copyright duration or take away privacy for some reason or another, why are politicians never asked to put in place benchmarks to see if the laws actually do what they promise? Why aren’t there any plans for a change or a removal of the law if it turns out to do more harm than good? Certainly, by this point in time, there’s a better process to creating regulations than simply saying what they’re intended to do without ever bothering to check to see if those goals are achieved?

A London courtroom heard the start of opening arguments yesterday in a class action trial that is scheduled to last 10 weeks.  Colleagues of mine at Harrison Pensa are acting for the class – arguing that when GWL bought London Life in 1997, they improperly used policyholder money to finance the purchase. Potential damages are hundreds of millions of dollars.

Coverage of yesterday’s proceedings is in the Toronto Star and the Financial Post.  Also see a Toronto Star article from a few days ago.

For the London Free Press – September 28, 2009

Read this on Canoe

PRIVACY: The Personal Health Information Protection Act spells out three basic ways that such information can be released

The term “Circle of Care” is often used to describe the ability of health-care professionals to share patient information among those treating that patient.

But the term doesn’t actually appear in the Personal Health Information Protection Act (PHIPA),

A recent publication by Privacy Commissioner Ann Cavoukian and seven health organizations tries to reduce confusion over the term. This article is a summary; the full text is at www.ipc.on.ca/ images/Resources/circle-care.pdf.

Consent to disclose personal health information under the PHIPA is addressed in three basic ways:

First, information may be collected, used or disclosed without consent where permitted or required by PHIPA. For example, disclosure will be permitted for the purposes of the Health Protection and Promotion Act.

Second, information may be collected, used or disclosed with the express consent of the individual or his/her substitute decision-maker. Such consent must be informed, relate to the information collected, used or disclosed, and not obtained by deception or coercion.

Third, information may be collected, used or disclosed with the implied consent of the individual. This is crucial for efficient care.

A health information custodian can assume implied consent to collect, use or disclose personal health information only when all of these conditions are met:

- The information must fall within a category about which custodians are entitled to rely on assumed implied consent.

- The information must have been received from the individual, his or her substitute decision-maker or another custodian.

- The custodian must have received the information to provide or help provide health care to the individual.

- The information must be collected, used or disclosed by the custodian to provide or help provide health care to the individual.

- The information may only be disclosed to another health information custodian.

- The custodian receiving it must not be aware that the individual has expressly withheld or withdrawn consent for its collection, use or disclosure.

For example, implied consent would exist where a patient visits her family doctor and is referred to a specialist. Consent is implied for the doctor to disclose patient information to the specialist.

But assumed implied consent would not exist if the specialist tried to disclose the patient’s personal health information for use in research on the disease affecting the patient. That’s because the information would not be used to provide care to the patient.

That’s the title of my Slaw post for today.   It reads as follows.

Today’s CBA E-News contains a link to a report described as:

The CBA’s Ethics and Professional Responsibility Committee presents a new report interpreting the CBA’s Code of Professional Conduct in the context of the new media. Your presence in the e-world: Guidelines for Ethical Marketing Practices Using New Information Technologies covers everything from e-mail tag lines to blog etiquette to web-based lawyer referral services.

It is only a guideline – as provincial law society rules are what actually govern. For the most part, it encourages lawyers to use social media – but cautions that the usual rules apply.

For example. Avoid claims about competence, guaranteed results, or fees. Don’t mislead, and don’t do anything that is undignified or offensive. It also reminds of the differences between giving legal information, vs. giving legal advice.

One comment caught my eye as being impractical if taken literally:

A web site, blog, posting on a social networking site, and other e-communications should always identify the jurisdiction(s) where the lawyer is licenced to practice. The geographic location of the lawyer’s office and the province or territory licencing the lawyer’s practice should have a place of prominence that can readily be seen by site visitors.

Including one’s location in every Tweet, or in every comment one makes on other sites just won’t work. One would hope that in practice it would be sufficient if one’s location is in, for example, one’s Twitter profile. Or if we comment on another site and identify ourselves, that a link back to our blog, or giving our Twitter name would suffice.

Any lawyers who read this might find this upcoming CLE program interesting/useful.  It is described as:

In an increasingly paperless world, you no longer need to leave the office with a full briefcase. Are you sacrificing your clients’ confidentiality by your increased use of technology? Attend this program to learn the essentials of metadata, encryption, and security for your mobile practice and what steps you need to take to protect yourself and your clients in this new technology-driven world.

I’m not just saying this because I’m moderating the program.   We have some very capable speakers to help work our way through these important issues.

For the London Free Press – September 21, 2009

Read this on Canoe

ONLINE ACCOUNTABILITY: It does not shield against civil or criminal wrongdoing

At its inception, the Internet was thought to be an unregulated medium. Online anonymity ensured that Net users could publish anything they desired without fear of repercussions.

But over time, courts have replied with an growing list of legal precedents limiting the anonymity of individuals who engage in unlawful behaviour online.

The issue came to the forefront recently with a decision of the New York State Supreme Court, which ordered Google and its Blogger.com subsidiary to release the name of the blogger who posted defaming comments directed at model Liskula Cohen.

The blog, entitled Skanks of NYC, posted malicious comments about Cohen’s appearance and other aspects of her personal life. Cohen wanted to sue to seek personal damages for defamation, but the identity of the blogger was unknown. Cohen brought an action to obtain the identity of the anonymous blogger from Google.

The blogger attempted to argue that the statements were hyperbole, which in the United States, at least, is protected speech and not actionable. They also contended that Internet blogs serve as a “modern day forum” for conveying personal opinions and that in this context any writings cannot be viewed as “factual assertions.”

In ordering the release of the blogger’s identity, the court held that “protection of the right to communicate anonymously must be balanced against the need to assure that those persons who choose to abuse the opportunities presented by this medium can be made to answer for such transgressions.”

Though the ruling received considerable media attention, the decision was not novel. In Canada, there have been numerous instances where courts have required Internet service providers to release the identity of an individual if evidence can be produced that the accused has committed illegal or actionable behaviour.

For example, in the Ontario case of Irwin Toy v. Doe in 2000, the court recognized some protection of online anonymity, finding the release of identity “should not be automatic upon the issuance of the statement of claim.”

The court noted both safety and public policy grounds for protecting the privacy of Internet users. In this case, the plaintiff was able to show grounds for a defamation case and the request was granted.

In cases where child pornography or other serious crimes are alleged, the decision to release personal information is relatively straightforward. The right of the offender to privacy is outweighed by the societal interest in preventing this behaviour.

In civil actions or lesser criminal matters, courts appear inclined to afford some degree of anonymity to the user unless a prima facie case can be argued for disclosure. In doing so, courts appear to recognize anonymity as an important right if not abused.

Individuals may find it both helpful and rewarding to post messages and seek advice about a variety of personal topics without fear of having their identity connected with their writings.

The anonymity offered by the Internet does not, however, serve as a shield against accountability for civil or criminal wrongdoing.

The Google print project to digitize the world’s books has been controversial.  I think this is one of those things that will impact us in ways most of us fail to grasp today.  

Take, for example, public domain out of copyright books – of which there are apparently more than 2 million.  It stands to reason that there is a long tail demand for those books that in total could be significant – but for any given book the demand is too small to print and distribute in the traditional manner.

One could of course read virtual copies courtesy of Google – but it may take a long time before we are collectively comfortable with that, rather than holding the book in our hands.

Enter the Espresso Book Machine.   Choose your book, and the machine prints, binds and spits it out in a few short minutes – for under $10.00

That’s the title of my Slaw post for today.  It reads as follows:

Steve Rubel has a post today entitled Stats: the Internet in charts.

Before you click on the link, take a guess at how long it would take you to read the entire internet if you printed it off, or how much area that paper would cover.

Or how much video gets uploaded to YouTube compared to new content aired on the 3 major US TV networks.

For the London Free Press – September 14, 2009

Read this on Canoe

Financial gain, notoriety and mischief are main motivators for unscrupulous ‘Net users, report says.

Symantec, maker of Norton Antivirus, recently released its mid-year update of 2009 Security Trends.

Security threats range for simple annoying spam to malware intended to cause damage to systems, to phishing attempts to obtain information leading to identity theft.

The following summarizes their top five security threats as well as some newly recognized threats.

- There has been an influx of new malware variants. In other words, attackers continue to develop new types of threats and deliver them in various ways. This leads to an increasingly large number of distinct threats.

Symantec says it blocks an average of more than 245 million attempted attacks each month, the vast majority of which are new threats. Detection methods required to repel these attacks continue to evolve. Different detection methods are often combined for better results.

- The global economic crisis has been the impetus for new security threats. Some prey on the latest trends and vulnerabilities, including an increase in things such as fake “work at home” schemes, and variations targeting employment ads. Other scams try to take advantage of homeowners under foreclosure or seeking mortgage refinancing.

- The popularity of social networking sites such as Facebook have made them a constant target for security attacks and scams. This threat has continued as scams attack through the use of compromised accounts, games and surveys which have the potential to collect lucrative information about users.

- Spam levels continue to rise, and will eventually comprise 75% to 80% of all e-mail. Spam volumes remain high despite ongoing successful efforts to shut down spam sites.

- Advanced web threats and malicious activity remain an increasing problem. Many such attacks occur against users of legitimate websites who are falsely redirected to malicious content. Forms of infection have been through “drive-by” downloads and attacks on social networking sites. Further attacks have occurred through plug-in applications and cross-site scripting.

Some of the more recent threats combined new threats with those used in previous years. An example is the use of characteristics of the CodeRed and Nimda threats in the Conficker worm, one of the “most complex and widely spread” threats in recent years.

Conficker was serious enough that last February, the Conficker Working Group, a panel of industry leaders and academics, was formed to help come up with a co-ordinated, global response.

Though many attacks are motivated by financial gain, others are motivated by the quest for notoriety and/or mischief.

The bottom line for both commercial and personal users of the Internet is that it is crucial to have protection in place to lessen the risks of spam, viruses, and malware in general.

That includes making sure firewalls are properly configured, and having regularly updated anti-virus software.

And be skeptical about any e-mail that doesn’t look right, or seems too good to be true.

There has been a lot written about how what is found online about a person can affect their job prospects.  Employers often check out a prospective employee’s online reputation.  And people are reminded that what they post online, such as on Facebook, will be looked at by potential employers. 

Baseline put together a brief slide show to summarize a CareerBuilder survey that questioned employers on how online information affected their hiring decisions.  The results are interesting.

Some highlights:

1/2 used social networking sites to research candidates

34% found content that made them pass on a candidate, such as inappropriate photos or information, content about drinking or drugs, or bad-mouthing former employers, co-workers or clients.

On the positive side, 18 % found content that caused them to hire someone.