“There is no grievance that is a fit object of redress by mob law.” — Abraham Lincoln
Once upon a time, folks tossed up web sites and pretty much anything went. Mob ruled. You acted badly, you got flamed. For those not familiar with the term, “flaming” refers to “the berating of a person in an Internet newsgroup, Web forum or e-mail list by others in the group.” Those were the simple days. While flaming still goes on, there are now laws and regulations that affect the operation of information systems. Life may seem as chaotic as ever, but as information security professionals we need to take time to listen and learn what is going on in the legal world. James Christensen painted “The Listener” and describes the listener as “Listening to his still, small, inner-voice, he remains centered without being overcome.We can all find peace in this busy world, but sometimes need to be reminded that we are in charge of our destiny and each of us has the ability to focus without being pushed and pulled as victims.” Good or bad, laws and regulations have a major impact on how we operate. We need to learn and understand the environment from where we must now operate.
Let me start off with a legal disclaimer, I am not a lawyer. I can only point you to sources of information which can help you be aware of legal issues. For a single source of information, take a look at “Information Security Law“ by Mark G. Milone. Stephen Northcutt, founder of the SANS GIAC certification program, highly recommended this publications in the SANS Musings area.
For those with very limited budgets, there are other sources that provide information about IT and law. The law firm Baker & McKenzie was maintaining an information security law resource. Unfortunately, the site has not been updated since March 2006. It is still a great source of information and links. The Internet Library of Law and Court Decisions is a site maintained by Martin Samson, a partner in the New York law firm of Davidoff Malito & Hutcher LLP. It is a very well organized site with analysis of over 430 court decision and links to additional resources within each state. Scott & Scott recently published a nice chart of state data breach notification laws. The site also has links to papers on “ The Business Impact of Data Breach” and “Obtaining a Patent on Open Source Software.” Cornell University’s Legal Information Institute maintains an interesting legal site that is great for looking up information on U.S. Codes. The Tech Law Journal provides regularly updated news and analysis. The Department of Justice maintains a site, which focuses on Computer Crime & Intellectual Property. The Law Library of Congress is a great source of information.
If your organization ever does work with other countries, the Library of Congress also maintains the Multinational Collections Database. There you can find information from international jurisdictions on particular legal topics. Computer Law Review International can help keep you informed on technology law in the European countries. Keeping informed on international law is somewhat like being a veterinarian. Now, some folks would think being a veterinarian would be easier than a human doctor. The problem is, you end having to study all kinds of animals. It can get quite complicated. On the flip side, the patients complain less and do not generally sue. I am kept quite busy trying to be aware of legal issues when it comes to US laws. Keeping an eye on international laws takes more time than I have. If you need to find information, there are many other sites on the Internet providing links to sites, like CataLaw and the Electronic Information System for International Law. Never forget about Google; one of the best ways to find information on particular legal issues in a particular country.
For more recent U.S. legal information, I find blogs provide a good source of information. There is a law professor blog network which describes itself as, “a network of web logs (blogs) designed from the ground-up to assist law professors in their scholarship and teaching.” The site consists of links to sites focused on a particular areas of law. Then those sites provide both resources, links, news, and information of interest. It is a great source of information. A few blogs that I subscribe to in my RSS reader are:
- Bag and Baggage – written by an intellectual property and technology lawyer.
- edd blog online – The site describes itself as, “An insiders look into the ever evolving landscape of legal discovery to include but not limited to computer forensics, electronic discovery, email archiving, online review and proactive management.”
- Ernie the Attorney – Ernest Svenson, an business litigator for Svenson Law Firm
- Google Public Policy blog – the name says it all.
- Groklaw – I’ll quote wikipedia, “Groklaw is a blog that was started May 16, 2003 by paralegal Pamela Jones (posting as PJ) at Radio UserLand . Groklaw’s name derives from Robert A. Heinlein’s neologism ‘ grok‘, roughly meaning “to understand completely”, which had previously entered geek slang. The blog has extensively covered the SCO-Linux lawsuits , being critical of SCO.”
- John Palfrey – from the Berkman Center at Harvard Law School.
- Law.com legal technology section- law.com describes the site as, ” connects legal professionals to more than 20 award-winning national and regional legal publications online, including The American Lawyer , The National Law Journal, New York Law Journal and Legal Times, and delivers top legal news electronically to a growing national and global audience of subscribers each day on The Newswire.”
- Privacy Law Blog – maintained by the Privacy and Data Security Practice Group.
- Realtime IT Compliance – done by Rebecca Herold, who is not a lawyer. She does a great job covering compliance issues dealing with laws.
- Silicon Valley Media Law Blog – done by Cathy Kirman of Wilson Sonsini Goodrich & Rosati.
- Stanford Center for Internet and Society – To quote the site, “In the heart of the Silicon Valley, legal doctrine is emerging that will determine the course of civil rights and technological innovation for decades to come. The Center for Internet and Society (CIS), housed at Stanford Law School and a part of the Law, Science and Technology Program , is at the apex of this evolving area of law.”
- The Shout – Jennifer Granick, from the Stanford Center for Internet and Society, personal blog. It basically is the same as the Stanford Center for Internet and Society.
- Walking With Elephants – to quote the site, “a perspective of the software industry by a guy with a shovel behind the elephants .”
- Wall Street Journal Law Blog – Peter Lattman is the lead writer. The blog focuses on law and business.
I enjoy legal blogs because I like listening to lawyers discuss issues. That might sound strange. I know when I took the SANS System Forensics, Investigation and Response course, the students in my class found the day dedicated to Computer Investigative Law for Forensic Analyst the roughest day. I found it the most interesting. Law and information technology have much in common. Artur Bergman over at O’Reilly Radar would agree. Artur wrote a very interesting posting, “Law is Code,” where he discusses a presentation that Dan Kaminsky gave at Foo Camp. Dan described how to turn noise into visualizations. To demonstrate this, Dan used the Project Gutenberg, kernel32.dll and the US Code to produce some interesting visualizations maps. Dan demonstrated that both law and code share, to quote Artur, “a highly structured set of instructions that allows a state machine to function, ideally without any ambiguity.”
Law is about precedents and interpretations. Each law generates a number of interpretations, while each interpretation depends on the specific facts of the case. Being aware of the pertinent information technology laws is only the start. Keeping up on rulings via news posting and listening to lawyers discuss issues will help us understand interpretations of the law. Like James Christensen’s listener, may we all figure out how to use the law to keep us centered while the noise of the IT world swirls around us.
