The following will be published in an upcoming "Database Report" column in Legal Information Alert:
Welcome to 2006. The NSA is collecting our phone records to protect us from terrorists and now it seems that Lexis (for one) is monitoring our research habits in order to protect them from inappropriate usage.
A few days ago I received a phone message from a person in Lexis's "Contract Compliance" office. Apparently, one of our faculty's passwords was flagged for "unusual" activity. I asked the faculty member about his usage of Lexis and he blinked at me a few times and said that he'd been doing nothing out of the ordinary and hadn't given his password to anyone. He said that he regularly reads the New York Times on Lexis (don't ask me why) and that he regularly scans certainly portions of the US Code online, too.
When I returned the called to the "compliance office," I was told that somehow this professor's account had been flagged as having "unusual activity." I told him what the faculty member had said, to which the Lexis officer replied, "OK, that seems to be consistent with why that password flagged." Apparently, simply reading the NYT on Lexis everyday is enough to flag the password as having "unusual" or suspicious activity. He noted that my report was consistent with the report he had received about the activity on the account. He said, though, that his report only went back about three months.
When we finally agreed that the unusual activity was not really unusual in this case, he said that he'd note it somehow so that it wouldn't get flagged again. What I can deduce from this and one subsequent conversation with the Lexis employee is that the office is new and that they are using an algorithm that searches through account activity looking for usage that doesn't fit "normal" patterns.
So far, Lexis hasn't been willing to talk to me about the office. The person who originally contacted me didn't feel comfortable telling me too much about who they are or what they do. However, I did discover that the office he was calling from was Accurint, a subsidiary of Lexis that sells personal information to collection agencies and lawyers and business information to businesses.
What does this mean? Probably nothing. And I suppose that I shouldn't really be surprised, either. After all, this is their business and they have a right to monitor customers usage looking to prevent abuse or misuse.
I just thought you'd like to know.....
Coming in from the Cold: A Safe Harbor from the CFAA and DMCA §1201 - Teaser The Assembly program is pleased to announce a new publication proposing a statutory safe harbor from the Computer Fraud and Abuse Act and section ...
5 months ago