Recent Presentations and Articles

More articles on IP and privacy issues will be posted here soon, but in the meantime, here are several recent articles that have published in other media:

  • Participated in a panel discussion on Shutting Down Rogue Websites:  International and Domestic Solutions, before the ABA Section of Intellectual Property Law’s 29th Annual IP Conference, on April 3, 2014.  An article previewing the session was published by our law student reporter, Anna Oakes, who live-tweeted during the presentation (in accordance with the law student reporter program).  I re-tweeted relevant posts about our session that she and other law student reporters tweeted (see @PaTmLawyer).   An article and presentation slides were published in connection with this session, but they are only available to meeting attendees.
  • Interviewed by Smart Business Magazine, How to protect data security and customers’ trust, published on March 31, 2014.  This article briefly describes ways that companies can begin to plan ahead for potential breaches so that their response(s) to breaches can be carefully considered and (hopefully) well-executed.

In addition, on May 9, I will be presenting during the DRI’s Intellectual Property Litigation Seminar on the ability to recover attorney fees in copyright and trademark cases.  The article and presentation slides developed on this topic will be available to meeting attendees.

Following these presentations, more blog posts will begin to appear again.  What can I say?  It’s been a busy spring.

Stay tuned – more soon.

Today is Data Privacy Day!

January 28 is “Data Privacy Day.”  In honor of the day, below are several links relating to efforts to protect the privacy of personal data and some tools for small businesses:

Council of Europe’s explanation of the purpose Data Privacy Day (now in its eighth year): http://www.coe.int/t/dghl/standardsetting/dataprotection/data_protection_day_en.asp
* Note that the Council of Europe published its “Handbook on European data protection law” (prepared in cooperation with the European Union Agency for Fundamental Rights (FRA) and the European Court of Human Rights) on January 28, which is available here: http://www.coe.int/t/dghl/standardsetting/DataProtection/TPD_documents/Handbook.pdf.    

European Union’s Data Protection Day initiatives, including promoting the reform of EU Data Protection laws:  http://europa.eu/rapid/press-release_MEMO-14-60_en.htm(see embedded video).

Federal Communications Commission’s Cyber Security Planner:  http://transition.fcc.gov/cyber/cyberplanner.pdf, which the FCC describes as a “a tool for small businesses to create customized cyber security planning guides.”  (More information about this tool can be found here:  http://www.fcc.gov/cyberforsmallbiz).

Federal Trade Commission’s Data Security (for Businesses):  http://business.ftc.gov/privacy-and-security/data-security.  

Microsoft’s Data Privacy Day resources:  http://www.microsoft.com/en-us/twc/privacy/data-privacy-day.aspx

Stay Safe Online’s Data Privacy Day Site:  http://www.staysafeonline.org/data-privacy-day/landing/— and specifically their library: http://www.staysafeonline.org/data-privacy-day/privacy-library.

Online Trust Alliance’s Data Privacy Day Site:  http://otalliance.org/news/DataPrivacyDay.html— includes for example, its 2014 Data Protection & Breach Readiness Guide.

New “Personal Information Privacy” Legislation Introduced

On January 8, 2014, Sen. Patrick Leahy (D-Vt) re-introduced a personal privacy protection bill intended “to prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.”  Personal Data Privacy and Security Act of 2014, S. 1897 at preamble (introduced Jan. 8, 2014).  Sen. Leahy introduced prior versions of this bill in 2005, and in each of the four Congresses since.  Press Release, “Leahy Reintroduces Data Privacy Legislation,” Jan. 8, 2014.

Sen. Leahy’s published summary of the bill provides a detailed list of the key components.  There are two principal titles in this bill:  1) Enhancing Punishment for Identity Theft and Other Violations of Data Privacy and Security; and 2) Privacy and Security of Personally Identifiable Information (“PII”).  (There is a third title, relating to compliance with a statutory Pay-As-You-Go Act, but the text is a short paragraph and just relates to budget compliance.)  See Leahy’s Section-By-Section Analysis of the Bill.

Continue reading

Redaction Failures Continue in Electronic Court Filings, Study Shows


Timothy B. Lee, a graduate student for Princeton’s Center for Information Technology Policy, recently published the results of a study he conducted into litigants’ failure to adequately redact sensitive documents before uploading them to the various Court PACER systems. (PACER stands for Public Access to Court Electronic Records, and is available for most federal courts (see full list of participating courts.) As a means of attempting to address this problem, Mr. Lee has developed software (which he has released into the public domain through his article) that would permit courts to pre-screen PDF filings before they are accepted for the electronic court filing (ECF) system to determine if redactions were ineffectively made (and then bounce the filings back to the litigant for correction). He has also suggested that courts modify the software to create a tool for ECF users to pre-screen their own PDFs to confirm that redactions were made effectively before uploading them to the court’s public records.

Court Rules Require Redaction in Electronic Filing 

A court’s local rules may provide for redaction of certain sensitive information such as “personal identifiers as Social Security numbers, dates of birth, financial account numbers and names of minor children . . . .” U.S. District Court for the Eastern District of Pennsylvania, Local Rules of Civil Procedure 5.1.3; see also U.S. Court of Appeals for the Third Circuit, Privacy Policy. Litigants themselves may have other reasons to redact certain information – such as a need to keep competitively sensitive information, trade secrets or other information protected by a Protective Order, Non-Disclosure Agreement or Confidentiality Agreement from disclosure to the public.

Litigants Do Not Always Redact Effectively

Mr. Lee concludes that litigants and their counsel do not always comply with court rules for redacting sensitive information from documents to be filed with the Court. His article explains his research methodology in detail, and it’s worth reading the entire thing to get proper context for his analysis.

His research raises some important points – specifically, even though counsel may make a genuine attempt to redact certain information before uploading PDFs to the court’s ECF system, they aren’t always doing it correctly. It is simply not sufficient to redact text by applying black shading to it within the word processing program and then saving the file to PDF format. He identifies several examples in which he found black shaded boxes covering text, which on their surface might appeared to be a redaction, but this method allows someone to copy and paste the so-called “redacted text” into a new document, so that the text that the author hoped to keep secret would actually be revealed.

Tips for Redacting Completely

Mr. Lee recommends using the National Security Agency’s 2005 primer on secure redaction as a guideline to redacting effectively a document before making it public. See “Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF,” NSA, 12/13/2005 (provided by the Federation of American Scientists; note that a 2006 version of the document is available directly from NSA). Mr. Lee describes the safest approach: “completely deleting sensitive information in the original word processing document, replacing with innocuous filler (such as strings of XXes) as needed, and then converting it to a PDF document . . . .”

However, frequently, court filings are made at the last minute, in a rush, and replacing the sensitive information in a document with innocuous text before creating a redacted version may not work for all litigants. Sometimes, you have one round of redactions and immediately before filing, the decision is made to either unredact certain text or to redact more. It may be faster instead to use commercially available redaction tools (such as Adobe’s redaction tools – currently available in Adobe X Pro or Adobe X Suite) to create and edit the redactions in the PDF document itself up and until the time of filing. Adobe’s article on Redacting Sensitive Information using its tools is also worth reading.

Some courts have published guidelines for creating effective redactions in documents to be submitted for electronic court filing and ultimately, for public review. See, e.g. (in alphabetical order, by state), Southern District of Alabama’s Best Practices: Redaction of Information; Northern District of Arizona’s Effective Personal-Identity and Metadata Redaction Techniques for Subsequent E-Filing; Northern District of Indiana’s Notice of Redaction Responsibility; District of Maine’s A Guide to Proper Redaction of Documents; Minnesota District Court’s ECF Tips at page 7; Montana District Court’s Out of Sight, But Not Gone . . . ; New Jersey District Court’s Effective Personal-Identity and Metadata Redaction Techniques for E-Filing; Northern District of California’s ECF Tip: Avoid Inadvertent Disclosure of Redacted Material by Using Proper Redaction Technique.

Litigants and counsel are urged to review these suggestions and make smarter choices in their redaction practices.

Take Into Account Court Rules Requiring Text-Searchable PDFs

Some courts also require PDF documents to be submitted in “text-readable” or “text-searchable” format. See, e.g. District of Oregon’s Local Rule 100 (includes a provision that all PDFs be submitted in text-searchable format: “Attachments, or other documents not generated by the filing party’s word processing system which are scanned and then converted into a PDF file in preparation for electronic filing, should be run through an application (like an optical character recognition program (OCR)) to convert the contents into a text searchable PDF file. Exhibits which are primarily graphical do not have to be converted to text searchable documents.”).

Other jurisdictions merely indicate that a text-searchable PDF is “preferable” to an image-only PDF, in part because it takes up less storage space in the court’s records system. See, e.g. (in alphabetical order, by state), Middle District of North Carolina’s ECF Administrative Policies and Procedures Manual at page 3 of 27(“Although there are two types of PDF documents, electronically converted PDF’s and scanned PDF’s, for documents capable of electronic conversion only electronically converted PDF’s may be filed with the court using the ECF System, unless otherwise authorized by local rule or order.”) (emphasis in original); Northern District of Ohio Electronic Filing (“Documents should not be scanned unless they require an original signature or where the original itself is in paper format. The Court prefers that documents be converted rather than scanned because converted documents provide text search capabilities and greatly reduce the file size.”); Eastern District of Pennsylvania’s CM/ECF User Guide at page 2 (“Use a scanner ONLY if you cannot electronically prepare your documents.”); Utah District Court’s CM/ECF User Guide at page 5 (“Documents converted to PDF from Word, WordPerfect, or other word processing software are preferable, as converted documents are more easily readable and are text searchable.”); Eastern District of Wisconsin’s Portable Document Format (PDF) Guidelines at page 2 (“The Court recommends that you avoid scanning documents which originate with you. The direct software extraction methods usually provide better results.”).

For similar reasons, Mr. Lee does not recommend redacting a hard-copy document using a black marker and then scanning the document to PDF. While he concedes that this method works to remove the sensitive information from being viewed, blocked or copied, it also prevents the ability of the Court, other litigants and the public from blocking and copying non-secret text within a court-filed public document. Indeed, this type of copying is commonly when the Court wishes to refer to an excerpt of a litigant’s brief in its Order, but also when you are responding to a filing and need to refer to a long argument that your opponent has made – it’s simply easier and is less likely to introduce errors if you can copy and paste the cited portion. As Mr. Lee explains, “Although this may succeed in removing the sensitive information, we don’t recommend this approach because it effectively converts the document into a raster-based image, destroying useful information in the process.”

Bottom Line

Pay attention when you redact documents for public filing, and take a minute to try to block and copy that text that you think you’ve redacted to see whether the underlying text can be viewed. The pressure is always on for filing documents with the court as soon as possible when you’re under a deadline, but spending those extra few minutes to double check that you haven’t given away secret information is the smarter thing to do in the long-run.

Senate Hearing Scheduled on Mobile Privacy


On April 25, 2011, the Senate Judiciary Committee announced that its Subcommittee on Privacy, Technology and the Law will hold a hearing on “Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy” on Tuesday, May 10, 2011 beginning at 10am. Chairman Al Franken will preside over the proceedings. Prior hearings of the various subcommittees of the Senate Judiciary Committee have been simulcast over the Internet, and it appears that this one will be treated similarly. The recorded webcast should also be available after the hearing, if you miss it in real time.

The witnesses have not yet been identified, but should be posted on the Senate’s hearing site when available.