Data security - Myths busted

     Last year, I wrote about a security myth that frequently changing passwords is good for security (see blog post).

     The Trusted Identity Group at the National Institute of Standards and Technology released on March 31, 2017 a revised version of its Special Publication 800-63B, Authentication & Lifecycle Management. Although the NIST Guidance is only intended for Federal agencies, its influence is felt throughout the IT sector. Among its recommendations, this document addresses two security myths concerning passwords and updates current best practices.

     First, the Publication states that passwords "SHOULD NOT ... be changed arbitrarily (e.g., periodically) and SHOULD only require a change if the subscriber requests a change or there is evidence of compromise of the authenticator" (section 5.1.1.2).

     Second, the Publication states that other a minimum length requirement "no other complexity requirements for memorized secrets SHOULD be imposed" (section 5.1.1.1) and "composition rules (e.g., mixtures of different character types)" SHOULD NOT be imposed on passwords (section 5.1.1.2).

     The Publication defines:

The terms “SHOULD” and “SHOULD NOT” indicate that among several possibilities one is recommended as particularly suitable, without mentioning or excluding others, or that a certain course of action is preferred but not necessarily required, or that (in the negative form) a certain possibility or course of action is discouraged but not prohibited.

- Henry Park

Privacy - Google to stop scanning Gmail messages for ads

     Earlier today, Google announced that it will stop scanning messages received by users of its free Gmail services for purposes of ad personalization (see blog post).

     According to Google, this change was brought about because there was some confusion by users of its G Suite services, which are paid services, as to whether their messages were being scanned.  The answer was and still remains -- no, users of its G Suite services never had their messages scanned for ad personalization.

- Henry Park

Copyright - US Copyright Office Review Board Decisions

     At the beginning of June, the U.S. Copyright Office launched a database of copyrightability decisions by the Copyright Office Review Board. The database contains decisions from April 2016 through the present, and new decisions will be added.

 
     If a copyright application is refused registration, the applicant has two administrative appeals (see 37 CFR 202.5). The first appeal or reconsideration request is within the Copyright Office's Registration Program. The second appeal or reconsideration request is to the Review Board, which consists of three members: the Register of Copyrights and the Copyright Office’s general counsel, or their respective designees, and a third appointee named by the Register.

     If the Review Board affirms the earlier deciisons, then an applicant still has one last appeal. The applicant can file a court action alleging a violation of the Administrative Procedure Act (APA).  Under this claim, the applicant is alleging that the Copyright Office's decision was "arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law". This is a tough hurdle to clear.

- Henry Park

Pokemon Go - sponsorship opportunities

     I was in New York City last week, and I saw this PokeStop in Pokemon Go.

     I knew that McDonald's had struck a deal with Niantic to sponsor PokeStops in Japan, but I hadn't realized that Starbucks had done a similar deal.
 
- Henry Park

Trademark - This seems familiar...

     I saw this wandering around in Iceland.



     It seems to be a riff on someone else's trademark (see link for the other trademark).

- Henry Park

Trademark - Free Speech triumphs

     Last year, I blogged about how in Switzerland there were seven trademark registrations that included the word FU*K. And, that in the U.S., there was an appeal to the U.S. Supreme Court to the law that prohibited the registration of a trademark that may disparage any person.

     The Supreme Court just ruled (see decision). 

We now hold that this provision violates the Free Speech Clause of the First Amendment. It offends a bedrock First Amendment principle: Speech may not be banned on the ground that it expresses ideas that offend.

     This decision should have an immediate impact on the Washington Redskins American football team's trademark dispute (see link 1, link 2).  Additionally, this decision may affect adversely the other prohibitions in the Lanham Act (see 15 U.S.C. 1052(a)).

- Henry Park

Not monkey business - Chimpanzees are not persons

     In March 2018, I wrote a blog post about a New York attorney who was arguing that chimpanzees should be treated as a legal persons for purposes of habeas corpus.

     A few days ago, on June 8th, the New York state appellate court, the Supreme Court, Appellate Division, First Judicial Department ruled against the petitioner attorney (see Matter of Nonhuman Rights Project, Inc. v. Lavery, 2017 NY Slip Op 04574).

    In its ruling, the appellate court stated:

The gravamen of petitioner's argument that chimpanzees are entitled to habeas relief is that the human-like characteristics of chimpanzees render them "persons" for purposes of CPLR article 70. This position is without legal support or legal precedent.

     The court found that:

petitioner does not cite any sources indicating that the United States or New York Constitutions were intended to protect nonhuman animals' rights to liberty, or that the Legislature intended the term "person" in CPLR article 70 to expand the availability of habeas protection beyond humans. No precedent exists, under New York law, or English common law, for a finding that a chimpanzee could be considered a "person" and entitled to habeas relief. In fact, habeas relief has never been found applicable to any animal.

      The court dispatched the argument that other jurisdictions have recognized non-human entities to be 'persons' stating:

Petitioner's additional argument that "person" need not mean "human," as evidenced by a river in New Zealand designated as a legal person owning its own riverbed pursuant to a public agreement with indigenous peoples of New Zealand and pre-independence Indian court decisions recognizing various sacred entities as legal persons is not relevant to the definition of "person" here in the United States and certainly is of no guidance to the entitlement of habeas relief by nonhumans in New York.

     The court found an additional problem with the requested relief:

Even assuming, however, that habeas relief is potentially available to chimpanzees, the common-law writ of habeas corpus does not lie on behalf of the two chimpanzees at issue in these proceedings.... Since petitioner does not challenge the legality of the chimpanzees' detention, but merely seeks their transfer to a different facility, habeas relief was properly denied by the motion court.

     The court then went on to acknowledge the petitioner's goals, but referred them to the legislative  process stating:

While petitioner's avowed mission is certainly laudable, the according of any fundamental legal rights to animals, including entitlement to habeas relief, is an issue better suited to the legislative process.

- Henry Park

Marketing fail

     I send out a monthly e-newsletter. I always am afraid that I will make a mistake in the newsletter, not notice the error, and then send out the newsletter. Fortunately, I have yet to make any serious errors.

     I received the following marketing email (see screenshot).  Can anyone spot the marketing fail?



     One of my fears is that I will send out the newsletter with a similar issue.

- Henry Park