Saturday, August 28, 2004

MIRLN -- Misc. IT Related Legal News [1-28 August; v7.11]

!!!!! Program Announcement: 2ND INTERNATIONAL LAW AND TECHNOLOGY FORUM – (23-24 September 2004, at the Center for American and International Law in Plano, Texas). The Forum is designed for the ever-growing number of corporate counsel and outside lawyers in the U.S. and around the world whose practice requires expertise in evolving areas of technology law. A stellar faculty, including leading counsel from Google, Yahoo, Texas Instruments, IBM, Novell, Sun, Lucent, TDK, Acer, Taiwan Semiconductor and EDS, will share personal experience and practical advice for dealing with issues of technology funding and acquisition, outsourcing, government regulation of the Internet, antitrust, network security, records management and litigation in the digital age. The full program and registration information is online at For information about the Center's Institute for Law and Technology and the benefits of ILT membership, including tuition-free attendance at the Forum and related events, visit !!!!!

!!!!! Program Announcement: THE INTERNET AND THE LAW - A GLOBAL CONVERSATION – at the University of Ottawa on October 1-2, 2004. Bringing together leading academics from 16 countries, including Lawrence Lessig, David Post, Bernt Hugenholtz, Graham Greenleaf, and Ian Walden, the conference will explore comparative approaches to intellectual property law, e-commerce, Internet regulation, and developmental issues. The conference will begin in Ottawa on the evening of September 30, 2004 with the iCommons Canada launch party at which time the newly-ported Canadian version of the popular Creative Commons licence will be introduced to the public. The guest of honour at the celebration is Professor Lawrence Lessig of Stanford Law School, founder of Creative Commons. !!!!!

COMPANIES TAKE TOO LONG TO PATCH SOFTWARE FLAWS, EXEC SAYS (Computerworld, 29 July 2004) -- Companies are taking too long to patch critical internal vulnerabilities and are still struggling to protect systems against external attacks. That's according to Qualys Inc. CTO Gerhard Eschelbeck addressing the Black Hat conference in Las Vegas. He said the typical patching time or “half life” for critical internal vulnerabilities is 62 days, about 22 days more than the 40 he suggested companies should be aiming for. Eschelbeck also said that the time it took companies to patch against critical external vulnerabilities had improved in the last year from an average of 30 days to today's figure of 21 days, about the level of decrease experts predicted. That still means that many companies are doing worse than this. Exploits for vulnerabilities are also being more rapidly deployed, canceling out some of this gain.,4814,94903,00.html [Editor: Companies whose patch practices are well below these norms may face liabilities for failure to conform to emerging, customary security practice?]

INCREASING THE STAKES FOR ELECTRONIC DOCUMENT RETENTION (Steptoe & Johnson’s E-Commerce Law Week, 31 July 2004) -- The growing importance of corporate electronic document retention policies has been apparent for some time. But the costs of failures to implement such policies have become much clearer as a result of two recent federal court decisions involving destruction of emails. On July 21, 2004, the District Court for the District of Columbia in United States v. Philip Morris issued a Memorandum Opinion and accompanying order imposing $2.75 million in sanctions against Philip Morris for destroying emails sought by the US government in its case against the cigarette maker. One day earlier, the District Court for the Southern District of New York in Zubulake v. UBS Warburg allowed adverse inferences against UBS Warburg for deleting emails it should have produced.

STUDY: LINUX MAY INFRINGE ON 283 PATENTS (Computerworld, 2 August 2004) -- A total of 283 registered software patents, including 27 held by Microsoft Corp., could be used as the basis of patent lawsuits against the Linux kernel, according to a study of U.S. software patents released today. The study was funded by Open Source Risk Management LLC (OSRM), a company that provides insurance against lawsuits related to the use of open-source products. It was conducted by patent attorney Dan Ravicher, executive director of the Public Patent Foundation and senior counsel to the Free Software Foundation. “There is a nontrivial risk of patents being asserted against Linux,” said Ravicher, who added that his findings shouldn't come as a great surprise given the broad scope of the Linux project. “The conclusion we came to is not that Linux is doomed and that this is horrible,” he said. “It's very similar to the result you would get if you investigated any other software program that's as successful as Linux.” Though a patent lawsuit relating to some piece of open-source software is “inevitable,” it is unlikely that Microsoft will be the company to launch such a suit, said Jeffrey Norman, a software lawyer at Kirkland & Ellis LLP in Chicago. “I don't know if it's going to be Microsoft,” he said. “There are some PR issues for Microsoft.” Because of their open nature, projects like the Linux kernel are more vulnerable than proprietary software to patent claims, Norman said. “It's much easier if you have a software patent to go through an open-source product and verify that your patent is there,” he said. But a larger problem is that in the relatively young craft of software development it's easy to come up with techniques that, while novel, should probably not be patentable, said Norman, who cited Inc.'s patent for one-click purchasing as an example of such a technique. “The novelty is not novelty with a capital N. You're not inventing the internal combustion engine,” he said. Norman was skeptical about the effectiveness of such a study, given the vastness of the code in the Linux kernel and the large number of software patents that have been issued. “I don't think that you could identify all of the patents that were possibly relevant to the Linux kernel,” he said. “The only way you could do it was if you were a kernel developer.” Ravicher's organization, the Public Patent Foundation, which claims that half of the patents issued by the U.S. Patent Office contain no innovation, is lobbying for reform of patent laws. Ravicher said that efforts like, an OSRM-sponsored effort to catalog the roots of the Unix operating system, could also protect open-source software from patent suits.,10801,94986,00.html

-- and --

IBM: NO PATENT ATTACKS ON LINUX (IBM on Wednesday promised not to use its formidable collection of technology patents against Linux and challenged other companies to do the same, working to dispel one cloud that hangs over the open-source programming movement. The tech giant's announcement could relieve some who fear the legal threat of the computing industry's largest patent arsenal. But it doesn't address the more tangible danger that Microsoft, an avowed Linux enemy, could attack. Microsoft declined to comment for this story. But in April, the company's top lawyer said the software giant is willing “to work creatively” and to license its technology. However, patent licenses requiring royalty payments are prohibited for software governed by one major open-source license, the General Public License (GPL).

IN COMPETITIVE MOVE, I.B.M. PUTS CODE IN PUBLIC DOMAIN (New York Times, 3 August 2004) – IBM plans to announce today that it is contributing more than half a million lines of its software code, valued at $85 million, to an open source software group. The move is one of the largest transfers ever of proprietary code to free software, and I.B.M. is making the code contribution to try to help make it easier and more appealing for software developers to write applications in the Java programming language. The I.B.M. step is a competitive tactic, to be sure. The company is one of the leading supporters of the Java technology, which was originally developed by Sun Microsystems. The more Java applications that are written, the more potential uses there are for I.B.M.'s software platform that runs and manages those applications, known as WebSphere. I.B.M.'s WebSphere competes with Microsoft's software platform for handling applications, called .Net. And Microsoft has its own programming language, C#, which competes with Java. Other companies also offer Java-based software environments, but Microsoft sees WebSphere as its main rival. At a meeting with financial analysts last Thursday, Bill Gates, Microsoft's chairman, singled out WebSphere as the leading challenger to .Net. “Over the next few years, one of those will emerge as a better piece of software,” Mr. Gates said. I.B.M. is handing over the code for Cloudscape, a database written in Java, to an open source group, the Apache Software Foundation. Within the open source group, the database will be called Derby. The Apache organization is best known as the steward of the Apache Web server, which is the software that powers most Web sites, though it also oversees many open-source Java projects. In the open source model of development, the code is distributed free and programmers are free to modify and debug it, within certain rules. Apache will hold the licensing and intellectual property rights to the Cloudscape code. By transferring its technology into the public domain, Janet Perna, general manager for data management software at I.B.M., said, “We hope to spur the further development of the Java community.” The I.B.M. move, according to industry analysts, is further evidence of its support for open source software. The company has been a contributor of people, code and marketing dollars to 150 open source projects. Its biggest commitment has been to Linux, an open source operating system that is an alternative to the operating systems of two of I.B.M.'s leading rivals, Microsoft and Sun Microsystems. [Editor: current SCO/Linux lawsuits involve questions about IBM’s similar contribution of code (then, AIX code) to the open source community. Hopefully, IBM then and now has accurately assessed its rights effectively to make this contribution.]

ACLU SUES TO BLOCK MICHIGAN'S USE OF MATRIX DATABASE (, 3 August 2004) -- The American Civil Liberties Union and a former Michigan governor are suing to halt the Michigan State Police's participation in a multistate crime and terrorism database, saying the agency is illegally sharing information about individuals. The lawsuit against the federally funded Multistate Anti-Terrorism Information Exchange -- ``Matrix” for short -- was filed late Monday in Wayne County Circuit Court on behalf of the ACLU and three individuals, including former Republican Gov. William Milliken. The suit cites Michigan's Interstate Law Enforcement Intelligence Organizations Act, which Milliken signed in 1980. The Legislature passed the law after learning that Michigan police, during the 1960s and 1970s, developed and maintained files on hundreds of residents who had committed no crimes but were involved in civil rights and anti-war movements of the time. ``I signed this act into law in order to protect the privacy of individual citizens and, at the same time, provide law enforcement agencies with the tools they need,” said Milliken, who served from 1969 to 1983. ``Nearly 25 years later, the technology has changed, but the privacy rights of Michigan citizens remain the same.”

DVD-COPYING SOFTWARE COMPANY FOLDS (CNN, 4 August 2004) -- Against long odds and a movie industry with far deeper pockets, Robert Moore fought what he cast as a David-and-Goliath struggle over his company's software that let users copy DVDs or computer games. Hollywood and makers of computer games finally finished off 321 Studios Inc. on Tuesday, when Moore's once self-described “magnificent venture” quietly folded under the mounting weight of piracy-related lawsuits and unfriendly court orders. Still, an online civil liberties group argues, the fact that 321 sold a million copies of its DVD-cloning software suggests broad appeal for its arguments -- even to Congress -- that consumers should have the right to innocently make backup copies of their DVDs and computer games.

FCC APPROVES LIMITED VIDEO WEB SHARING (L.A. Times, 4 august 2004) -- The Federal Communications Commission, over the objections of some Hollywood heavyweights, today approved a new generation of digital recorders from TiVo that allows consumers to record and send programs via the Internet to a limited number of other users. The commissioners voted to approve the application from TiVo and several other companies — including Microsoft and Sony — for new technologies and devices that would allow customers to send up to nine copies to other people, but prevent the unlimited distribution of copyrighted programs over the Internet, according to Reuters news service. TiVo's technology had been opposed by major entertainment industry groups, which feared that the technology would undermine demand for broadcast television and DVD sales.,1,1550977.story?coll=la-home-headlines

FEDS BACK WIRETAP RULES FOR INTERNET (CNET, 4 August 2004) -- Broadband providers and Internet phone services must comply with requirements designed for the traditional phone network, the Federal Communications Commission said in a preliminary decision Wednesday. The 5-0 vote by the FCC is a major step toward regulations designed to help police and spy agencies eavesdrop on all forms of high-speed Internet access, including cable modems, wireless, satellite and broadband over power lines. The vote comes five months after the FBI, the Drug Enforcement Administration and the Justice Department formally asked for guaranteed wiretapping access to broadband networks. If the FCC had done nothing, wiretaps would be possible but could be more difficult and time-consuming for police to carry out.

-- and --

FCC EXEMPTS HIGHER ED FROM CALEA (Chronicle of Higher Education, 13 August 2004, sub. req'd) -- The Federal Communications Commission (FCC) has issued a preliminary ruling that exempts colleges and universities from costly projects to reengineer computer networks to comply with the Communications Assistance for Law Enforcement Act (CALEA). CALEA requires telecom companies to build their networks in such a way that federal officials can eavesdrop on phone conversations and e-mail exchanges with proper authority, and some have called for the FCC to rule that CALEA should also cover computer networks that carry Voice over Internet Protocol (VoIP) telephone service. The FCC will not make a final decision on CALEA until late this fall, but in the meantime it has issued a ruling that identifies certain entities that would be exempt from CALEA for the purposes of VoIP phone service. Aside from higher education, exempted entities include libraries, hotels, and coffee shops.

STATES WARN FILE-SHARING NETWORKS (Washington Post, 5 August 2004) -- More than 40 state attorneys general are set to warn major peer-to-peer file-sharing networks that they may face enforcement actions if they do not take steps to stem illegal activity on the networks, such as the trading of child pornography and stolen movies and music. In a letter to the heads of Kazaa, Grokster, BearShare, Blubster, eDonkey2000, LimeWire and Streamcast Networks, the attorneys general write that peer-to-peer (P2P) software “has too many times been hijacked by those who use it for illegal purposes to which the vast majority of our consumers do not wish to be exposed.” The letter, which could be sent as early as today and was obtained yesterday by The Washington Post, is the first time state law enforcement officials have thrown their combined weight against the P2P networks, which allow free sharing of digital files -- movies, music, software, photos and so forth -- among millions of computer users. The letter does not threaten immediate or specific action against the networks, but it does say, “We will, as appropriate, continue to initiate such actions in the future to stop deceptive and illegal practices by users of the Internet, including users of P2P software” if the networks do not take “concrete and meaningful steps” to prevent illegal use of their networks.

FBI PUBLISHES COMPUTER CRIME AND SECURITY STATS (The Register, 5 August 2004) – Every year for the past nine years, the Computer Security Institute and the FBI undertake a computer crime and security survey among companies and institutions in the US. These surveys provide interesting insights into the level of computer crime being experienced by companies, as well as how they are responding to security breaches. Computer security has evolved from being purely the domain of IT resources to the point now where even the board of a company take an interest. This growing concern about security has come about as the internet has emerged to be a ubiquitous business tool. When the CSI and FBI started performing this survey in the mid-1990s, computer security concerns largely centred on technical issues such as encryption, access controls and intrusion detection systems. By 2004, the ninth annual survey indicates that companies are becoming more concerned with the economic, financial and risk management aspects of computer security in addition to the purely technical aspects. This indicates the greater importance that is being placed on security by senior management in organisations. Overall, the 2004 survey indicates that the frequency of successful attacks against corporate information systems is decreasing - and has been in steady decline since 2001. In fact, only 53 per cent of respondents indicated that they had experienced unauthorised use of their computational systems in the past year, which is the lowest level since 1999. Over the past year, there has been a dramatic drop in reports of system penetration, insider abuse and theft of intellectual property. Across respondents, there was also a fairly even split between reports of breaches coming from inside and outside of the organisation. This is a substantial change from last year's survey, when 80 per cent of respondents reported insider abuse of networks to be the most common form of attack or abuse and indicates that security implementations are having some level of success in stopping these attacks. For the first time, the survey asked respondents whether or not they conduct security audits of their information networks to look for vulnerabilities in a proactive manner. Whilst 82 per cent of respondents indicated that they do conduct such audits, that still leaves a sizeable 18 per cent of organisations that do not conduct this exercise - one of the most fundamental aspects of boosting the security of organisations. One further new area was examined in the 2004 computer crime and security survey - that of the impact of regulation, specifically Sarbanes-Oxley, on the information security activities of companies. Corporate governance has been on the lips of corporate executives for the past year, and high-profile court cases have begun to hand out strict jail terms for transgressors. But, surprisingly, only among executives from the financial services, utilities and telecommunication industries did the majority state that Sarbanes-Oxley had affected their information security activities.

FED UP HOSPITALS DEFY PATCHING RULES (NetworkWorld, 9 August 2004) -- Amid growing worries that Windows-based medical systems will endanger patients if Microsoft-issued security patches are not applied, hospitals are rebelling against restrictions from device manufacturers that have delayed or prevented such updates. Moreover, the U.S. Food and Drug Administration (FDA) is encouraging the aggrieved hospitals to file written complaints against the manufacturers, which could result in devices losing their government seal of approval. Device makers such as GE Medical Systems, Philips Medical Systems and Agfa say it typically takes months to test Microsoft patches because they could break the medical systems to which they're applied. In some instances, vendors won't authorize patch updates at all. Angry hospital IT executives who say they can't ignore the risks from computer worms and hackers getting into unpatched Windows-based devices are taking matters into their own hands by applying the patches themselves. “When Microsoft recommends we apply a critical patch, the vendors have come back and said 'We won't support you,'“ says Dave McClain, information systems security manager at Community Health Network in Indianapolis. So the hospital has gone ahead and applied critical Microsoft patches to vulnerable patient-care systems when vendors wouldn't, McClain says. The hospital views the failure to apply patches as a possible violation of the federal Health Insurance Portability and Accountability Act (HIPAA). “We have HIPAA regulatory issues, and you can't hold us back from compliance,” he says.

COURT RULES HYPERLINKS DO NOT CREATE SOURCE CONFUSION (BNA’s Internet Law News, 10 August 2004) -- A federal court in New York has ruled that the appearance on a website of links to another site “will not lead a web-user to conclude that the owner of the site he is visiting is associated with the owner of the linked site.” The case involved a trademark suit by an investment website against a frequent critic. Case name is Knight-McConnel v. Cummins.

OECD RELEASES FINAL VERSION OF E-SIGNATURE SURVEY (BNA’s Internet Law News, 10 August 2004) -- The OECD has released the final version of its survey of legal and policy frameworks for electronic authentication services and electronic signatures in member countries. Survey report at

HIZBOLLAH SAYS WEB SITES SHUT BY U.S., BRITISH HOSTS (Reuters, 12 August 2004) -- Two Hizbollah Internet sites have been shut down in recent days by hosts in the United States and Britain, which both accuse the Lebanese guerrilla group of “terrorist” activities, Hizbollah said on Thursday. “These are legal measures American and British firms are taking against our sites,” a Hizbollah official responsible for the group's Internet sites told Reuters. “Our hosts closed them down because of accusations related to terrorism.” He did not give the name of the hosts and it was not possible to independently verify who had closed down the sites. He said Hizbollah, which Washington blames for 1983 attacks against the U.S. marine barracks and embassy that killed scores of people, was looking for new hosts and hoped to have and back online within days. “These sorts of legal measures have been happening for a while now. Every so often our sites get closed. This time it was two sites at once,” he said.

-- and --

INTERNET VIRTUAL CLASSROOM FOR AL QAEDA SUPPORTER (Reuters, 12 August 2004) -- Al Qaeda has turned the Internet into a virtual classroom for its supporters around the world after U.S. troops drove Osama bin Laden's followers from training bases in Afghanistan, security experts say. The Internet played a key role in al Qaeda's planning and coordinating for the Sept. 11, 2001, attacks on U.S. landmarks. In the years since, the Web has taken on an even greater role in recruiting, spreading fear and propaganda, and executing attacks, according to the security experts. “The Internet is even more dangerous than it was in the past,” said Rita Katz, director of the SITE Institute, in a telephone interview from Washington. “Whatever you had in Afghanistan in the training camps, you have today on the Internet,” said Katz, whose nonprofit organization tracks militant Islamic sites and counts the U.S. government and major U.S. corporations among its clients. “Some of the manuals (posted on the Web) are the actual manuals from Afghanistan ... some written by Saif al-Adel, one of the most wanted military commanders of (Al Qaeda) who has not been captured. He's on the FBI (news - web sites) most-wanted list,” she said. A recent posting detailed how to use a mobile phone in a bomb attack, a method used to kill 191 people in march in coordinated blasts on Madrid commuter trains.

SITE PUTS CUSTOMERS' PHOTOS ON STAMPS (CNET, 12 August 2004) -- With PhotoStamps, people can convert digital photos, designs and images into valid U.S. postage. said this week it has recently received authorization from the U.S. Postal Service to market the service for a trial period. To place orders for customized postage stamps, customers can log on to the company's site, upload a photograph or image, select border colors and choose a value for the postage. Customers can buy a PhotoStamp with a value of 23 cents to $3.85, the online postage service provider said. The customized stamps, in sheets of 20, will be delivered via U.S. mail in a few business days. This isn't the first time customers have been allowed to design their own stamps. Two years ago, the postal service allowed printing of stamps from personal computers on special watermarked paper using software marketed by

JUSTICE ISSUES GUIDELINES FOR HANDLING DIGITAL EVIDENCE (Government Coomputer News, 16 August 2004) -- The Justice Department’s National Institute of Justice has published the second in a series of guidelines for IT crime investigations. “Forensic Examination of Digital Evidence: A Guide for Law Enforcement” was created at the agency’s request by the National Institute of Standards and Technology. It outlines techniques for extracting digital data while preserving its integrity. Computers and other digital media are increasingly important sources of evidence in criminal investigations. The challenge for investigators in the courtroom “is the demonstration that the particular electronic media contained the incriminating evidence,” the guide says. Because digital data is easily altered and it is difficult to distinguish between original data and copies, extracting, securing and documenting digital evidence requires special attention. The guidelines lay out the following general principles for handling digital evidence:
• The process of collecting digital evidence should not alter it or raise questions about its integrity.
• Examination of digital evidence should be done by trained personnel.
• All actions in processing the evidence should be documented and preserved for review.
• Examination should be conducted on a copy of the original evidence. The original should be preserved intact.
The guidelines are not a mandate or official policy, but represent the consensus of a working group of computer forensics experts convened by NIST’s Office of Law Enforcement Standards. The procedures may need to be adjusted according to circumstances of each investigation and to comply with local laws and rules of evidence.

IT'S JUST THE 'internet' NOW (Wired, 16 August 2004) -- Effective with this sentence, Wired News will no longer capitalize the “I” in internet. At the same time, Web becomes web and Net becomes net. Why? The simple answer is because there is no earthly reason to capitalize any of these words. Actually, there never was.,1284,64596,00.html?tw=wn_tophead_5 [Editor: Finally.]

-- and --

REPRISING A WAR WITH WORDS (WashingtonPost, 17 August 2004) -- Earlier this month, President Bush was almost done with a speech to a group of minority journalists when he dropped a rather startling proposal. “We actually misnamed the war on terror,” he said. “It ought to be the Struggle Against Ideological Extremists Who Do Not Believe in Free Societies Who Happen to Use Terror as a Weapon to Try to Shake the Conscience of the Free World.” Or, if you prefer to abbreviate, SAIEWDNBIFSWHTUTAAWTTTSTCOTFW. [Editor: Sorry; I couldn’t resist.]

CRYPTO RESEARCHERS ABUZZ OVER FLAWS (CNET, 17 August 2004) -- The excitement began Thursday with an announcement that French computer scientist Antoine Joux had uncovered a flaw in a popular algorithm called MD5, often used with digital signatures. Then four Chinese researchers released a paper that reported a way to circumvent MD5 and other algorithms. While their results are preliminary, these discoveries could eventually make it easier for intruders to insert undetectable back doors into computer code or to forge an electronic signature--unless a different, more secure algorithm is used. A third announcement, which was even more anticipated, took place Tuesday evening at the Crypto 2004 conference in Santa Barbara, Calif. The other papers also were presented at the conference. Eli Biham and Rafi Chen, researchers at the Technion institute in Israel, originally were scheduled to present a paper identifying ways to assail the security in the SHA-0 “Secure Hash Algorithm,” which was known to have imperfections. In a presentation Tuesday evening, however, Biham reported some early work toward identifying vulnerabilities in the SHA-1 algorithm, which is believed to be secure.

OLYMPIC ATHLETES LARGELY BARRED FROM POSTING ONLINE DIARIES (, 19 August 2004) -- Athletes may be the center of attention at the Olympic Games, but don't expect to hear directly from them online -- or see snapshots or video they've taken. The International Olympic Committee is barring competitors, as well as coaches, support personnel and other officials, from writing firsthand accounts for news and other Web sites. An exception is if an athlete has a personal Web site that they did not set up specifically for the Games. The IOC's rationale for the restrictions is that athletes and their coaches should not serve as journalists -- and that the interests of broadcast rightsholders and accredited media come first. Participants in the games may respond to written questions from reporters or participate in online chat sessions -- akin to a face-to-face or telephone interview -- but they may not post journals or online diaries, blogs in Internet parlance, until the Games end Aug. 29.

-- and --

ATHENS 2004 WEBSITE RESTRICTIONS SPARK LEGAL DEBATE (Globe &, 20 August 2004) -- Olympic organizers in Athens seeking to control which websites can link to the official Games site have detailed a procedure that runs roughshod over the free-linking foundation of the Internet, legal observers say. According to the “hyperlink policy” listed on the Athens 2004 site, anyone wanting to post a link must first send a request that includes a description of their site, reason for linking and length of period it will be published. Howard Knopf, a Canadian trademark lawyer who is now director for the Center of Intellectual Property Law at Chicago's John Marshall Law School, said organizers have no legal authority to prevent people from simply linking to the website. “If they leave their website open, it's like a public park, people are free to walk in it, and a link is just the most efficient way to get there,” he said. The hyperlink policy, which also strictly regulates the text and graphic of a link, is another example of Olympic organizers aggressively protecting the Olympic trademark. “Of course, normally, you can link wherever you want. We're just asking people to respect the rules,” said Christina Fotinopoulou, Internet content manager for Athens 2004.

IBM GOES FOR SCO JUGULAR IN TEST OF GPL VALIDITY (, 19 August 2004) -- IBM has turned the tables on SCO in a maneuver that could provide the first major legal test of the GNU General Public License (GPL), and which could leave SCO all but unable to continue selling and supporting products based on Linux and Unix. In a motion for partial summary judgment filed August 16 in a Utah court, IBM asserts that SCO lost its right to distribute GPL code, including 16 packages copyrighted to IBM, when it “renounced, disclaimed, and breached” the GPL. Should the IBM motion succeed, SCO's ability to do business in the computer industry would be drastically curtailed, given the large amount of software not only in Linux but also in Unix that is now licensed under the GPL. According to the IBM filing, “The GPL and LGPL provide that a person may rely on the GPL or LGPL as a license or grant of permission ... only if the person abides by the terms of the GPL or LGPL.” The IBM filing goes on to assert that SCO failed to abide by the terms of the GPL when it “repudiated and disclaimed” the GPL, claiming the GPL (IBM quoting SCO, here) “is unenforceable, void and/or voidable” and “violates the U.S. Constitution, together with copyright, antitrust and export control laws.” IBM further asserts that SCO breached the GPL “at least as early as May 2003 and thus... automatically lost any rights it might have had under the GPL and LGPL to copy and distribute the IBM Copyrighted Works.” Specifically, IBM asserts that SCO violated the GPL when it attempted to collect royalties or licensing fees for the use of Linux (see this article for a brief history of SCO's efforts to extract royalties from Linux users, including embedded Linux users). According to IBM, in a memorandum in support of its motion, the GPL expressly forbids a person distributing GPL code from adding “further restrictions” such as royalties or licensing fees, except for the “physical act of transferring a copy” -- reproduction fees, in other words. Despite its attacks on and violations of the GPL, SCO continued to distribute products such as its SCO Linux 4.0 that included IBM copyrighted software (among many other GPL- and LGPL-licensed packages), offering the products for public download from its Internet site as recently as August 4 of this year, according to IBM. The IBM memo sums up the case neatly in this sentence: “By its breaches of the GPL and LGPL, SCO has forfeited any protection against claims of copyright infringement that it may have enjoyed by virtue of the GPL or LGPL.”

LEGAL VICTORY FOR FILE SHARING (L.A. Times, 20 August 2004) -- Three years after it effectively shut down Napster for music piracy, a federal appeals court Thursday blessed a new generation of online file-sharing networks and scolded the entertainment industry for trying to stretch copyright law to thwart innovation. The decision by a three-judge panel of the 9th Circuit Court of Appeals was a defeat for major record labels and Hollywood studios, which fear that runaway online piracy of songs and movies could destroy their businesses. And it was a victory for developers of rapidly evolving technologies that are changing how people get their entertainment. The battle over file sharing is now likely to shift to Washington. Congress is considering a bill that would crack down on the companies making the software used by millions to copy music, movies and games over the Internet. What's more, if the entertainment industry appeals the decision, the U.S. Supreme Court could revisit its landmark Sony Betamax ruling, which protects from copyright lawsuits products that have substantial legitimate uses. The 9th Circuit panel relied on that 1984 ruling in unanimously affirming a lower-court decision issued last year that the companies behind the Grokster and Morpheus networks don't violate copyright law, even though many of the people who use the networks do.,1,7512636.story and Opinion at

SENATOR? TERRORIST? A WATCH LIST STOPS KENNEDY AT AIRPORT (New York Times, 20 August 2004) -- The meeting had all the hallmarks of an ordinary Congressional hearing. There was Senator Edward M. Kennedy, Democrat of Massachusetts, discussing the problems faced by ordinary citizens mistakenly placed on terrorist watch lists. Then, to the astonishment of the crowd attending a Senate Judiciary Committee hearing on Thursday, Mr. Kennedy offered himself up as Exhibit A. Between March 1 and April 6, airline agents tried to block Mr. Kennedy from boarding airplanes on five occasions because his name resembled an alias used by a suspected terrorist who had been barred from flying on airlines in the United States, his aides and government officials said. Instead of acknowledging the craggy-faced, silver-haired septuagenarian as the Congressional leader whose face has flashed across the nation's television sets for decades, the airline agents acted as if they had stumbled across a fanatic who might blow up an American airplane. Mr. Kennedy said they refused to give him his ticket.

MOVEON.ORG SUBSCRIBERS EXPOSED (CNET, 20 August 2004) -- Subscribers to's mailing lists may have found their interest in the anti-Bush political site a matter of public record. A Web page misconfiguration left dozens of the liberal political group's subscriber pages easily searchable through simple Google queries. Each page included a subscriber's name, e-mail address and the mailing lists to which he or she is subscribed. CNET confirmed that several related searches turned up more than two dozen individual subscriber pages. “This is extremely disturbing,” said one subscriber, when contacted through e-mail. The subscriber asked that his or her name not be used. “I'm not sure if I should be worried or not, but I am,” the person said. The subscriber Web pages linked member's names with interests in various topics, “Distortion of evidence” for one, and, for another, Errol Morris, the director of the documentary “The Fog of War,” which won the Oscar for its portrayal of the life of Vietnam era Secretary of Defense Robert McNamara. fixed the problem on its site after being contacted by a member. The search results on Google now redirect people to's front page. The organization is implementing further changes to protect the user information. The information leak is the latest version of “Google hacking,” using the search engine's advanced features to find data leaked by Web sites. Earlier this month, security researchers found a way to use the search engine to find lists of credit card numbers, along with card holder information, that had been posted online by traders of illicit financial information.

APPEALS COURT RULES AGAINST YAHOO IN FRENCH CASE (Reuters, 23 August 2004) -- A federal appeals court rejected on Monday an effort by Yahoo Inc. to have U.S. courts step into a battle over the sale of Nazi paraphernalia in France. Judges on the Ninth Circuit Court of Appeals in San Francisco reversed an earlier U.S. District Court decision favoring Yahoo. They held that the lower court did not have jurisdiction over two French groups that have worked to halt auctions of Nazi-related items on Yahoo's Internet site. In May 2000, a French court granted the groups' request and ordered Yahoo to prohibit access to Nazi-related items and to destroy related messages, images and literature on its auction site. Yahoo was also subject to fines for noncompliance. Yahoo's French subsidiary, at, now removes all Nazi material from its site in accordance with French law. The U.S. Yahoo Web site continues to auction Nazi items such as stamps and coins, and to host Nazi and anti-Semitic-themed discussion groups. In December 2000, Yahoo sued in the Northern District Court of California, asking the court to declare the French court's orders “not recognizable or enforceable in the United States.” It later said that the French court's orders were in violation of the First Amendment. The French groups, which never sought to enforce the order in the United States, countered that the district court lacked jurisdiction over them. U.S. District Judge Jeremy Fogel eventually granted summary judgment in favor of Yahoo, holding that there was an actual controversy causing a real and immediate threat to Yahoo and that the enforcement of the French orders in the United States would violate the First Amendment. The following day, the court declared the French court orders unenforceable in the United States. On Monday, however, a three-judge panel at the Ninth Circuit ruled 2-1 to reverse that decision, finding that the district court did not have the authority to hear the case involving the defendants. “Yahoo was hoping to get a precedent-setting case that you sue an American company at your peril,” said attorney Richard Jones, of Covington & Burling in San Francisco, who represented the French organizations.

MICROSOFT QUITS U.N. STANDARDS GROUP (New York Times, 24 August 2004) -- Microsoft on Monday withdrew from a United Nations software standards group for commerce, citing “business reasons.” Earlier this year, Microsoft's participation had created controversy within the group, which is attempting to define standards for creating a new generation of Internet services to automate buying and selling through networks of computers. Advocates of proprietary and open approaches to software technology standards had clashed within the organization, which is known as the United Nations Center for Trade Facilitation and Electronic Business, or U.N./Cefact. Microsoft, a maker of proprietary software, opposes the use of open-source software, which is freely shared. But Microsoft's withdrawal on Monday apparently was not directly related to the earlier controversy, according to several industry representatives. Rather, they said, it stemmed from a set of thorny issues over control of intellectual property that is being contributed to the standards-setting effort. Two people who participate in the standards group said that several U.S. and European companies were concerned about guidelines regarding intellectual property rights that are in effect within the group. The guidelines would force corporations that contribute technology to indemnify the United Nations against potential challenges involving intellectual-property claims. At a meeting of the U.N. group in May, the general counsel for SAP, the German business software company, announced that his company would suspend all participation in the organization until the intellectual-property issues had been settled. The dispute parallels issues raised in a lawsuit brought in the United States by the SCO Group, a software company, against IBM. SCO has accused IBM of illegally placing software owned by SCO into the Linux open-source operating system.

E-VOTE MACHINE CERTIFICATION CRITICIZED (AP, 23 August 2004) -- The three companies that certify the nation's voting technologies operate in secrecy, and refuse to discuss flaws in the ATM-like machines to be used by nearly one in three voters in November. Despite concerns over whether the so-called touchscreen machines can be trusted, the testing companies won't say publicly if they have encountered shoddy workmanship. They say they are committed to secrecy in their contracts with the voting machines' makers - even though tax money ultimately buys or leases the machines. “I find it grotesque that an organization charged with such a heavy responsibility feels no obligation to explain to anyone what it is doing,” Michael Shamos, a Carnegie Mellon computer scientist and electronic voting expert, told lawmakers in Washington, D.C. The system for “testing and certifying voting equipment in this country is not only broken, but is virtually nonexistent,” Shamos added. Although up to 50 million Americans are expected to vote on touchscreen machines on Nov. 2, federal regulators have virtually no oversight over testing of the technology. The certification process, in part because the voting machine companies pay for it, is described as obsolete by those charged with overseeing it. The testing firms - CIBER and Wyle Laboratories in Huntsville and SysTest Labs in Denver - are also inadequately equipped, some critics contend. Federal regulations specify that every voting system used must be validated by a tester. Yet it has taken more than a year to gain approval for some election software and hardware, leading some states to either do their own testing or order uncertified equipment.

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. Internet Law & Policy Forum,
6. BNA’s Internet Law News,
7. The Ifra Trend Report,
8. Crypto-Gram,
9. David Evan’s “Internet and Computer News”,
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.

Monday, August 02, 2004

MIRLN -- Misc. IT Related Legal News [5-31 July 2004; v7.10]

**************Introductory Note**********************

MIRLN (Misc. IT Related Legal News) is a free product of the American Bar Association’s Cyberspace Law Committee. Please feel free to distribute this message.

Members of the ABA Cyberspace Law Committee automatically receive MIRLN postings (about every third week); members can manage their subscriptions at (click on “Settings” beside Members-Only Listserve Discussion). Others who wish to be added to the MIRLN distribution list should send email to Vince Polley with the word “MIRLN” in the subject line, and similarly will be removed from the distribution list after sending email to Vince with the words “MIRLN REMOVAL” in the subject line.

Recent MIRLN editions are archived at and in the public materials section of the Cyberspace Committee’s collaboration space at

**************End of Introductory Note***************

!*!*!*!*! ABA Annual Meeting, 6-10 August 2004 (Atlanta, Georgia). The Cyberspace Law Committee will be producing or so-sponsoring 4 CLE programs, and two mini-programs on subjects such as VoIP, Gift/Stored-Value Cards, Search Engines and Trademarks, and CAN-SPAM. Registration information is at !*!*!*!*! Follow the Committee’s activities in Atlanta at our blog --

U.N. AIMS TO BRING SPAM UNDER CONTROL WITHIN TWO YEARS (, 6 July 2004) -- The United Nations is aiming to bring a ``modern day epidemic” of junk e-mail under control within two years by standardizing legislation to make it easier to prosecute offenders, a leading expert said Tuesday. ``(We have) an epidemic on our hands that we need to learn how to control,” Robert Horton, the acting chief of the Australian communications authority, told reporters. ``International cooperation is the ultimate goal.” The International Telecommunications Union is hosting a meeting on spam in Geneva this week that brings together regulators from 60 countries as well as various international organizations, including the Council of Europe and the World Trade Organization. The U.N. agency said it would put forward examples of anti-spam legislation which countries can adopt to make cross-border cooperation easier. Many states currently have no anti-spamming laws in place, making it difficult to prosecute the international phenomenon. Top priority is ``pornographic material ... that may come to the attention of children,” said Horton, who is running the meeting. ``I think it’s time we did something formally about this. We will have to come to some sort of general understanding.” As much as 85 percent of all e-mail may be categorized as spam, the ITU said, compared to an estimated 35 percent just one year ago. The vast majority is generated by a few hundred people, but authorities are not able to prosecute many of them under current legislation. Spam and anti-spam protection cost computer users some $25 billion last year, according to the United Nations.

SOFTWARE PIRACY LOSSES DOUBLE (CNET, 7 July 2004) -- Software manufacturers lost $29 billion to piracy in 2003, more than double the previous year’s losses, according to an industry survey released Wednesday. About 36 percent of software installations worldwide are pirated copies, the study by trade group Business Software Alliance and market researcher IDC showed. In dollar terms, the losses were greatest in Western Europe, where piracy cut revenue by $9.6 billion in 2003, followed by Asia and North America. The Business Software Alliance blamed the rapid spread of piracy on so-called peer-to-peer networks, where Internet users illegally swap software and other files such as music for free or at discounted prices. “Peer-to-peer file-sharing services are becoming a huge problem for us,” said Jeffrey Hardee, the Business Software Alliance’s Asia-Pacific director. Vietnam and China had the world’s highest rates, with pirated versions accounting for 92 percent of all computer software installed in each country, followed by the Ukraine with 91 percent, Indonesia at 88 percent, and Zimbabwe and Russia with 87 percent each.

-- AND --

SOFTWARE PIRACY: HOW MUCH OF A PROBLEM? (International Herald Tribune, 19 July 2004) -- The pronouncements and position papers of trade groups are usually regarded as predictably self-serving and dull. But a study released two weeks ago by the Business Software Alliance, which estimated the yearly losses from software piracy at $29 billion worldwide, has managed to stir real passion. The piracy study has become an issue because of a copyright bill, introduced in the U.S. Senate last month, that is strongly supported by the business alliance. The bill is the latest legislative proposal to grapple with digital piracy of music, movies and software, especially the use of peer-to-peer file-sharing networks like Grokster, Morpheus and Kazaa. Opponents of the copyright bill see the trade group’s study as an overt political act intended to increase support for the proposed legislation by portraying software piracy as a rapidly growing problem that is far more costly than was previously thought. The trade group’s previous estimate of software piracy losses was $13 billion a year.

IRS EYES NET PHONE TAXES (CNET, 6 July 2004) -- A “temporary” tax created to pay for the Spanish-American War may result in higher fees for Internet telephone calls. In a notice published Friday, the IRS and Treasury Department said they are considering whether an existing 3 percent federal excise tax on phone calls should be reinterpreted “to reflect changes in technology” used in “telephonic or telephonic quality communications.” Although the notice does not mention Net phone services, industry advocates warned it could lead to new taxes on fast-growing voice-over-Internet Protocol (VoIP) technology, depending on how it’s interpreted. The IRS and the Treasury Department have suggested that an existing federal excise tax on phone calls should be interpreted to apply to Internet telephone calls. “They’re looking at VoIP and any other potential technologies that are flying under the radar,” said Glenn Richards, a partner at the law firm Shaw Pittman in Washington who represents VoIP companies. “Clearly they’re trying to extend their jurisdiction to apply the excise tax to as many ‘calls’ as they can. It’s got to be a revenue issue for them. If everyone starts migrating to new platforms, they’re facing a decrease in excise taxes.”

ITS OFFICIAL -- YOU DON’T HAVE TO READ YOUR BOSS’S EMAILS (Steptoe & Johnson’s Ecommerce Law Week, 3 July 2004) -- Yet another reason why a paperless society continues to remain just beyond reach: A federal court in Massachusetts has ruled that an employer can’t rely solely on a mass e-mail to tell employees about a change in company policy, at least not if it expects the policy change to stick. In Campbell v. General Dynamics Government Systems Corporation, the court held that giving employees e-mail notice is not sufficient to bind them to a key policy change, even if there is a record that the e-mail recipient opened the message. The court left open the possibility that a company could bind employees by sending an email notice of the change and then requiring employees to respond or to somehow indicate that they have received and read the email. In any event, the court’s ruling means that companies may need to re-evaluate how they communicate with their employees.

ANALYST: IPODS A NETWORK SECURITY RISK (CNET, 7 July 2004) -- Companies should consider banning portable storage devices such as Apple’s iPod from corporate networks, as they can be used to introduce malware or steal corporate data, according to an analyst. Small portable storage products can bypass perimeter defenses like firewalls and introduce malware such as Trojans or viruses onto company networks, research company Gartner said in a report issued this week. Analysts have warned for some time of the dangers of using portable devices, but the report points out these also now include “disk-based MP3 players, such as Apple’s iPod, and digital cameras with smart media cards, memory sticks, compact flash and other memory media.” Another potential danger is that the devices--which typically make use of USB and FireWire--could be used to steal large amounts of company data, as they are faster to download to than CDs. Additionally, the size of the portable devices means they can be easily misplaced or stolen. Gartner advises companies to forbid the use of uncontrolled, privately owned devices with corporate PCs and to adopt personal firewalls to limit activity on USB ports. “Businesses must ensure that the right procedures and technologies are adopted to securely manage the use of portable storage devices like USB ‘keychain’ drives,” the report states. “This will help to limit damage from malicious code, loss of proprietary information or intellectual property, and consequent lawsuits and loss of reputation.”

DON’T COUNT ON E-SIGN TO MAKE YOUR ELECTRONIC DOCUMENTS LEGAL (Steptoe & Johnson’s Ecommerce Law Week, 3 July 2004) -- Banks have widely implemented electronic record retention systems for contracts and other records pursuant to the E-Sign Act of 2000. But according to a new warning from the Office of the Comptroller of the Currency (OCC), the Act does not ensure the admissibility of these contracts and records in court. As a result, the documents ultimately may not be enforceable. According to an OCC advisory letter issued June 21, the Act’s general standards need further development and interpretation to ensure that electronic records can fulfill their intended purposes. In the meantime, banks should take steps to ensure that their electronic record retention systems have sufficient accuracy, accessibility, and integrity to accomplish the essential functions of specific records.

DEUTSCHE TELEKOM VENTURES INTO GLOBAL WI-FI ROAMING (InfoWorld, 8 July 2004) -- The more, the merrier. That’s the motto of a new roaming service that T-Systems International GmbH, a unit of Deutsche Telekom AG, is targeting at providers of wireless Internet services worldwide. T-Systems is currently linking together thousands of wireless LAN (WLAN) hotspots into one virtual network, allowing users to access any network regardless of their home provider, said T-Systems product manager Christian Wollner in a telephone interview. “The more operators we can connect, the easier it is to attract new ones, and the wider the coverage is for users,” he said. The roaming service is ideal for business travelers who seek high-speed wireless Net access, also known as Wi-Fi, without the hassle of having to sign up and pay separately every time they log on to a hotspot of another service provider, according to Wollner. The service, he said, is similar to the international roaming agreements between mobile phone companies, allowing customers to make calls on networks outside their own. For its part, T-Systems remains invisible to end users. “We are providing a wholesale roaming service,” Wollner said. “We don’t sell directly to corporations or consumers but rather to mobile phone operators, hotspot operators and other telecommunications service providers, which can market the service as they please.” The business model works like this: T-System buys access to hotspots from so-called wireless Internet service providers (WISPs) and resells this access to online companies, mobile operators and other WISPs seeking to extend their coverage. The German company clears traffic between its partners and handles internal billing.

DMCA HAMMER COMES DOWN ON TECH SERVICE VENDOR (LawGeek, 9 July 2004) -- A district court in Boston has used the DMCA to grant a preliminary injunction against a third party service vendor who tried to fix StorageTek tape library backup systems for legitimate purchasers of the system. How is this a DMCA violation? Well, it turns out that StorageTek allegedly uses some kind of algorithmic “key” to control access to its “Maintenance Code”, the module that allows the service tech to debug the storage system. The court found that third party service techs who used the key without StorageTek’s permission “circumvented” to gain access to the copyrighted code in violation of the DMCA, even though they had the explicit permission of the purchasers to fix their machines. What does this ruling mean? If it stands up on appeal, it means StorageTek has a monopoly on service for all of its machines. No independent vendor will be able to compete with them for service contracts because no independent vendor will be authorized to “access” the maintenance code necessary to debug the machine.

GEOLOCATION TECH SLICES, DICES THE WEB (, 9 July 2004) -- Type ``dentist” into Google from New York, and you’ll get ads for dentists in the city. Try watching a Cubs baseball game from a computer in Chicago, and you’ll be stymied. Pre-existing local TV rights block the webcast. The same technology is also being used by a British casino to keep out the Dutch and by online movie distributors to limit viewing to where it’s permitted by license, namely the United States. The World Wide Web experience is becoming less and less worldwide: What you see and what you are allowed to do these days can depend greatly on where and even who you are. As so-called geolocation technology improves, Web sites are increasingly blocking groups of visitors and carving the Web into smaller chunks -- in some cases, down to a ZIP code or employer. To privacy advocates like Jason Catlett, that technology can detect users’ whereabouts isn’t the most disturbing aspect of this trend. Rather, it’s the fear that Web sites will try to mislead visitors. A company, for instance, might show different prices when competitors visit; a political candidate might highlight crime-fighting in one area, jobs in another. ``The technical possibilities do allow a company to be two-faced or even 20-faced based on who they think is visiting,” Catlett said. Alan Davidson, associate director for the Washington-based Center for Democracy and Technology, worries that governments will try to employ the technology to enforce their laws within artificial borders they erect. Such concerns, not entirely new, have grown with the technology’s reliability, he said. A French court considered geolocation when it directed Yahoo Inc. in 2000 to prevent French Internet users from seeing Nazi paraphernalia on its auction pages. America Online Inc. sees geolocation as one way to comply with the French Nazi ban as well as a Pennsylvania child porn law.

MOVIE AND SOFTWARE FILE SHARING OVERTAKES MUSIC (, 12 July 2004) -- Music no longer accounts for the majority of traffic on internet file-sharing networks, according to a new study. It suggests file traders now swap more video and software content. The report was published by the Organization for Economic Cooperation and Development (OECD) based in Paris, France, on Monday. It indicates that music accounted for 49% of all data swapped globally through file sharing networks in 2003, a steep drop from 62% in 2002. Audio files are still swapped more frequently than anything else. But video and software files are usually much larger - on average video files are about 20 times bigger. The OECD’s figures also indicate that trading in video and software is more popular in Europe than the US. In Germany, for example, 35% of swapped files are video, compared to 24% in the US. The report does not distinguish between illegal sharing of in copyrighted songs, films and software and trading in content that is free to copy. However, the movie industry is clearly concerned about the trend.

CODE NAME: TROUBLE (ABA Journal, 9 July 2004) -- Computer programmers, according to a recent survey, consider using existing computer code to create new software programs an acceptable practice. That may come as a surprise to those code developers’ employers, since code borrowing could create a copyright nightmare., a British online and print publication, surveyed the habits of more than 3,000 computer programmers. One statistic that jumped out of survey results published in June was that 75 percent of all coders use blocks of computer code they have appropriated from other software. The survey did not dig deep enough to find out whether these blocks of code were from copyrighted sources or public domain code. Code copying is a hot topic these days. In fact, code borrowing is at the heart of the biggest lawsuit in the tech industry. Software company SCO filed suit against IBM for $3 billion last year for allegedly putting some of SCO’s copyrighted source code into an operating system known as Linux. Linux is a tech darling because it is created as a group effort and distributed for free under what is called the General Public License. And it has recently gained attention for its use in computer servers and its possible role as a free platform for use by governments across the globe. Though SCO is fighting the Linux crowd, the company says there is nothing inherently wrong with open source projects. “SCO still participates in open source efforts. Some open source projects are rigid in their analysis and the code is properly vetted,” says Chris Sontag, SCO’s senior vice president and general manager.

FRANCE LENDS SUPPORT TO NEW OPEN-SOURCE LICENSE (InfoWorld, 9 July 2004) -- Researchers at three French government-funded research organizations this week revealed something they hope will increase the spread of free, open source software in the country: a new license they say is compatible with the Free Software Foundation Inc.’s GNU General Public License (GPL). Plenty of free software licenses exist already, but they are mostly written in English, from the point of view of the U.S. legal system, which can pose a problem in countries where the legal system is based on different assumptions. The new license, known as CeCILL, is intended to make free software more compatible with French law in two areas where it differs significantly from U.S. law: copyright and product liability. Under French law, consumer product manufacturers cannot decline all responsibility for their products -- yet the would-be developers of many open source projects, without corporate backing, cannot afford to expose themselves to unlimited financial risk. CeCILL offers a way around this: by declaring that software offered under the license is intended for knowledgeable users, it allows software developers to limit their responsibility under French law, said GĂ©rard Giraudon, head of development and industrial partnerships at INRIA. Nevertheless, they must take some responsibility, which is reassuring for software’s users, he said. Copyright is another area that differs under French and U.S. law. In France, software copyright is governed by laws relating to artistic and literary creations, not commercial intellectual property. However, unlike most works of art, where the copyright belongs to the author, copyright in a piece of software belongs to the company paying for the work. Some aspects of CeCILL were necessary to take this into account, Giraudon said. Like some other open-soucre licenses, CeCILL is designed so that CeCILL-protected works “contaminate” other software in which they are incorporated, so that that work too must be released under the CeCILL license, Giraudon said. In that respect, it is much like the GPL, he said. In addition, CeCILL includes a term that explicitly says that any work released under CeCILL may also be incorporated into works released under the GPL, and subsequently released under the GPL, he said. CeCILL is the first in a family of licenses, he added. Others variations planned will have different characteristics, making them more like French versions of the LGPL (Lesser GPL) or BSD open source licenses, which allow the use or inclusion of open source code with commercial works under certain conditions.

-- and --

INDIAN PRESIDENT CALLS FOR OPEN SOURCE IN DEFENSE (CNET, 7 July 2004) -- In another public-sector boost to open-source software, Indian President A.P.J. Abdul Kalam called for his country’s military to use such nonproprietary technology to ward off cybersecurity threats. “Software maintenance and software upgrade is an important issue for defense,” Kalam said at a meeting of Indian Navy’s Weapons and Electronic System Engineering Establishment in New Delhi last week. Without naming any proprietary software products, the president asked defense engineers to develop and implement on open platforms. “Even though the required software for the equipment could be developed by the private industry, it is essential that the technical know-how and the architecture is fully available with these services for ensuring provision of lifetime support for the software which may or may not be forthcoming from the trade.” Kalam, a former head of India’s defense research and development organization and architect of the guided missile program, has been a supporter of open-source software. Under the Indian constitution, the president is also the supreme commander of the armed forces--army, navy and air force. Linux, an open-source operating system, has been winning support from government leaders and local authorities in some countries. Recently the city of Bergen, Norway, decided to replace Windows and Unix with Linux operating systems, citing costs and reliability as reasons. Another European city, Munich, has decided to continue using Linux at the end of a yearlong trial.

OUTSOURCING’S EXPLOSIVE SUCCESS IS TRANSFORMING INDIA (EcommerceTimes, 11 July 2004) -- The Forrester report projected that the greatest outsourcing growth during the next 18 months will come from companies already doing it. The firm also said that by 2008, more than half of Fortune 1000 companies will be sending work abroad, up from about one-third now. India’s outsourcing industry hopes to seize new work by anticipating customer needs rather than just taking orders.

PLAN TO COLLECT FLIER DATA CANCELED COLOR-CODED SYSTEM SEEN AS PRIVACY THREAT (USA Today, 16 July 2004) -- A controversial government plan to collect personal information from airline passengers and rank travelers according to terrorist risk level is being dismantled because of concerns over privacy and effectiveness, Homeland Security Secretary Tom Ridge said Wednesday. Ridge said security leaders have all but scrapped plans for the Computer Assisted Passenger Prescreening System, known as CAPPS II. The program was never officially begun, even though the government has spent more than $100 million on its planning. Once touted as a key tool for keeping U.S. skies safe from terrorists, the system has been under relentless criticism from privacy advocates and some members of Congress who called it an unwarranted intrusion into passengers’ privacy. Asked Wednesday whether the program could be considered dead, Ridge jokingly gestured as if he were driving a stake through its heart and said, “Yes.” He cited the privacy concerns, particularly those arising from recently proposed regulations that would have required airlines to hand over information about passengers as part of a test of the program. Critics in Congress also complained that terrorists using fake identities could easily evade the system. Under CAPPS II, each passenger would have been required to give an airline or travel agent his or her full name, date of birth, address and telephone number. The government would verify a passenger’s identity through a database of terrorist watch lists, as well as public records and mail marketing lists.

COURT RULES EMAIL SERVICE NOT SUFFICIENT IN DOMAIN SUIT (BBA’s Internet Law News, 15 July 2004) -- A federal court in Connecticut has denied an attempt by Pfizer to serve the defendants in a suit against two websites - and - by email. The court said it was not convinced email was the only method of serving the defendants. Case name is Pfizer v. Domains By Proxy. Decision at

CHIP IMPLANTED IN MEXICO JUDICIAL WORKERS (AP, 14 July 2004) -- Security has reached the subcutaneous level for Mexico’s attorney general and at least 160 people in his office — they have been implanted with microchips that get them access to secure areas of their headquarters. It’s a pioneering application of a technology that is widely used in animals but not in humans. Mexico’s top federal prosecutors and investigators began receiving chip implants in their arms in November in order to get access to restricted areas inside the attorney general’s headquarters, said Antonio Aceves, general director of Solusat, the company that distributes the microchips in Mexico. Attorney General Rafael Macedo de la Concha and 160 of his employees were implanted at a cost to taxpayers of $150 for each rice grain-sized chip. More are scheduled to get “tagged” in coming months, and key members of the Mexican military, the police and the office of President Vicente Fox (news - web sites) might follow suit, Aceves said. Fox’s office did not immediately return a call seeking comment. A spokeswoman for Macedo de la Concha’s office said she could not comment on Aceves’ statements, citing security concerns. But Macedo himself mentioned the chip program to reporters Monday, saying he had received an implant in his arm. He said the chips were required to enter a new federal anti-crime information center. “It’s only for access, for security,” he said. The chips also could provide more certainty about who accessed sensitive data at any given time. In the past, the biggest security problem for Mexican law enforcement has been corruption by officials themselves. Aceves said his company eventually hopes to provide Mexican officials with implantable devices that can track their physical location at any given time, but that technology is still under development.

60 E-MAILS SENT INTO FORUM STATE CONFERRED JURISDICTION (BNA’s Computer Law Alert, subscription required, 16 July 2004) -- In an action alleging false advertising, defamation, commercial disparagement, intentional interference with existing and prospective business relationships, and antitrust violations brought by a Massachusetts musical instrument maker against a Texas competitor, personal jurisdiction could be exercised in Massachusetts based on the Texas firm’s sending of 60 e-mails to persons with Massachusetts mailing addresses, the federal district court in Boston has ruled. The requirements of both due process and the Massachusetts long-arm statute were met. Because the e-mails were the subject of the suit, the requirement that the contacts with the forum be causally connected to the cause of action easily was met. The purposeful availment element was satisfied because the Texas firm was aware that the e-mails would be sent to Massachusetts. The firm sent the e-mails to persons on a list that it maintained and controlled, and it acted with the intent to purposefully avail itself of the benefits and protections of Massachusetts law. Case is First Act, Inc. v. Brook Mays Music Co.

-- and --

11TH CIRCUIT RULES ON COPYRIGHT JURISDICTION (BNA’s Internet Law News, 16 July 2004) -- The 11th Circuit Court of Appeals has ruled that it can assert jurisdiction over a copyright infringement case based on several connections with the U.S. While the disputed work was created in France, the court found that the importation of copies of the work to the U.S. was sufficient to convey jurisdiction. Case name is Palmer v. Braun. Decision at

AMSTERDAM INSTITUTE FOR INFORMATION LAW PUBLISHES SPAM REPORT (Hunton & Williams Privacy & Ecommerce Alert, 16 July 2004) -- The Institute for Information Law (IViR), which is part of the Faculty of Law of the University of Amsterdam, has released the results of a comprehensive study carried out between September 2003 and March 2004. This research project analyzes the legal framework regulating unsolicited commercial e-mail (spam) in the European Union. In particular, it presents and assesses recent legislative initiatives against spam in EU Member States further to the adoption of Directive 2002/58 on privacy and electronic communications of July 12, 2002. The study can be downloaded from: Further information on IViR is available at: (For subscription information, email Anne Ruwet at:

EUROPEAN COMMISSION SUGGESTS UK’S DATA PROTECTION ACT IS DEFICIENT (, 15 July 2004) -- The European Commission has called upon the UK Government to justify its approach to data protection law – because it fears that it does not comply with the European Data Protection Directive. The concerns are believed to focus on a court’s definition of what constitutes “personal data” in Michael Durant’s landmark case against the UK’s Financial Services Authority and subsequent guidance on the case from the UK’s Information Commissioner. But “personal data” is not the only problem. Jonathan Todd, European Commission Spokesman on the Internal Market, told OUT-LAW yesterday: “I can confirm that the Commission has sent a letter of formal notice to the UK Government about the conformity of several aspects of the 1998 Data Protection Law with the EU data protection Directive of 1995.” The detail of the letter – which is said to run to 20 pages – has not been made public by the European Commission: it is for the UK Government to decide whether or not to make it public. However, OUT-LAW understands that the failure of the UK Government to guarantee the right of access to personal data is likely to be a strong feature of the letter. Other concerns appear to include insufficient controls on international transfers of data and a lack of investigative powers given to the Commissioner.

ACTRESS TRIES TO SLAP GAWKERS (Wired, 16 July 2004) -- Gawker Media’s sex-centric blog Fleshbot is considering permanently removing a hyperlink to a website selling a video in which actress Cameron Diaz is seen topless. The possible move comes after the star’s attorneys sent the leading blogging outfit a cease and desist letter last week. Last November, Los Angeles Superior Court Judge Alan Haber granted Diaz’s request for an injunction against John Rutter Productions, the company that made and is selling the Diaz video. But Gawker Media only got involved last week when Fleshbot, following on widely posted links in the blogosphere, first posted a link to the video, an S&M film made in 1992 starring a then-unknown Diaz. “Whether or not Fleshbot or any of the Gawker sites link to (the video’s) site, it’s still there,” said Fleshbot editor John d’Addario. “We didn’t host the video, we’re not selling the video, and we didn’t link to the video itself. There are a lot of blogs out there ... putting it on their sites. It’s not hard to find.”,1284,64248,00.html

BIG COMPANIES EMPLOYING SNOOPERS FOR STAFF EMAIL (, 19 July 2004) -- Large companies are now so concerned about the contents of the electronic communications leaving their offices that they’re employing staff to read employees’ outgoing emails. According to research from Forrester Consulting, 44 per cent of large corporations in the US now pay someone to monitor and snoop on what’s in the company’s outgoing mail, with 48 per cent actually regularly auditing email content. The Proofpoint-sponsored study found the motivation for the mail paranoia was mostly due to fears that employees were leaking confidential memos and other sensitive information, such as intellectual property or trade secrets, with 76 per cent of IT decision makers concerned about the former and 71 per cent concerned about the latter.

STUDY: MASTERCARD, OTHERS UNWITTINGLY HELP ‘PHISHERS’ (InfoWorld, 19 July 2004) -- Leading financial institutions have adopted a more aggressive attitude toward online identity theft cons known as “phishing scams” in recent months. But companies, including MasterCard International Inc., may be unwittingly helping phishers trick online shoppers, says a new report from a U.K. Web developer. A test of leading financial services Web sites, including sites run by MasterCard, NatWest and Reuters Group PLC revealed that many sites have loosely protected features that scam artists can use to mask their own malicious Web sites, hijacking the name and Web address of established institutions, said Sam Greenhalgh, who is 19 and operates the Web site Greenhalgh is responsible for discovering a vulnerability in Microsoft Corp.’s Internet Explorer Web browser known as the “%01” vulnerability. That security hole, since closed by Microsoft, was widely used in phishing scams to disguise the location of phishing Web sites, which online scam artists use to harvest sensitive personal and financial information from their victims. He published a report at on his latest findings. The security lapses at major financial sites are not caused by flawed Microsoft products, Greenhalgh said. Indeed, the trick works with most popular Web browsers. Instead, poorly designed and insecure features on leading Web sites that contain “cross-site scripting” vulnerabilities are to blame, he said. Greenhalgh uses the example of an “ATM Locator” feature on MasterCard’s Web site. The ATM Locator was designed to help MasterCard holders locate cash machines that accept MasterCard. Users input a location, including a country and street address, and the Web site provides the location of cash machines in the area. However, because of a cross-site scripting vulnerability in the feature, Greenhalgh was able to inject his own HTML (Hypertext Markup Language) into the fields used by the ATM Locator, causing the site to display his content, including a mock form that could be used to harvest information. [Editor: Shouldn’t site operators implement “best-practice” security in such websites? Otherwise, shouldn’t they be held responsible for losses?]

JUDGE: FEDS, NOT STATES, SHOULD GOVERN VOIP (CNET, 20 July 2004) -- State utility commissions can have very little control over Net phone companies, a New York federal judge wrote in an order that hands another victory to Vonage and similar upstarts. State utility commissions will be able to work with Vonage to rectify customer complaints but won’t be able to regulate or tax the company, according to U.S. District Judge Douglas Eaton. Eaton’s order, released within the past few days, strikes at the heart of a debate between federal regulators, which want to exercise a hands-off approach to voice over Internet Protocol (VoIP) to let the young industry grow, and states, which rely on tax revenues to pay for public programs. The Federal Communications Commission, which in the process of drafting Net phone rules, will have the upper hand in how to approach VoIP in New York, Eaton wrote. “On balance, the Public Service Commission has not demonstrated state public interests, which require the immediate exercise of state common-carrier regulations,” the judge wrote. But the New York state PSC can collect complaints from Net phone customers, refer the complaints to Net phone providers and even offer nonbinding arbitration as a way to settle any disputes, Eaton said. Eaton is the second judge to dismiss attempts to force Net phone providers to follow state telephone rules and tax regimes.

DUKE U. WILL GIVE IPOD MUSIC PLAYERS TO ALL NEW FRESHMEN IN A ‘SEE WHAT HAPPENS’ PROJECT (Chronicle of Higher Education, 20 July 2004) -- This fall’s crop of freshmen at Duke University will get a snazzy digital toy along with their campus maps, dormitory-room keys, and orientation booklets: a brand-new iPod, paid for by the university. Duke announced on Monday that it would distribute iPods to all of its 1,650 freshmen. An additional 150 will be given to faculty members or lent to upperclassmen for use in courses. The university will spend approximately $500,000 on the project, officials say, for hardware and staff support. That money will come from a fund for incorporating information technology into instruction. The goal of the giveaway is education, not entertainment, Duke officials say. Students might use their iPods, for instance, to listen to assigned songs or audio clips in music or foreign-language courses. And students in some courses will be given microphones so they can record lectures or field interviews with the devices. Lynne M. O’Brien, director of the Duke Center for Instructional Technology, said that she has spoken with an instructor in Spanish who plans to use the iPods to record and distribute assignments. A professor of environmental studies is interested in using iPods to record interviews in the field.

-- and --

VERIZON’S NET PHONE SERVICE TAKES WING (CNET, 22 July 2004) -- Verizon Communications on Thursday began offering VoiceWing, its long-awaited broadband phone service expected to challenge AT&T, Vonage and other top providers of Internet phone calls. The unlimited local and long-distance service, available nationwide, costs about the industry average: $35 for the first six months, then goes up to $40 a month, the carrier said. If a Verizon DSL subscriber signs up, VoiceWing costs $30 a month for the first six months, then $35 a month, according to Verizon. For Verizon, Net phone plans will serve as an enticement to attract new broadband customers or keep old ones, executives said Thursday. The company has also been slashing the prices of its broadband plans recently. Verizon’s move had been expected and was perhaps hastened by cable companies, which recently embraced the same voice over Internet Protocol (VoIP) technology that Verizon is using. Also, some analysts believe that Verizon’s launch was also spurred by AT&T, which recently completed its own nationwide VoIP rollout weeks earlier than anticipated.

JUDGE FINES PHILIP MORRIS FOR DELETION OF E-MAIL (, 20 July 2004) -- A federal judge fined tobacco giant Philip Morris USA and its parent company, Altria Group Inc., $2.7 million Wednesday for deleting e-mails that may be relevant in the government’s lawsuit against the cigarette industry. ``A monetary sanction is appropriate,” U.S. District Judge Gladys Kessler said in her ruling. ``It is particularly appropriate here because we have no way of knowing what, if any, value those destroyed e-mails had to plaintiff’s case.” In a statement, Philip Morris called the loss of e-mails ``inadvertent” and said it was ``studying its legal options.” Shortly after the government filed its civil racketeering case against the tobacco industry in 1999, the court ordered the parties to preserve all documents and records containing information that might be relevant to the case. However, Philip Morris officials deleted e-mails that were over 60 days old on a monthly basis for at least two years after that order was issued. Court records show Philip Morris notified the court it was out of compliance with the court order in June 2002, a few months after becoming aware of the problem.

CANADA: WORRYING ABOUT THE LONG ARM OF THE PATRIOT ACT (Steptoe & Johnson’s E-Commerce Law Week, 17 July 2004) -- Could privacy groups’ campaign against the USA PATRIOT Act (Patriot Act) become a campaign against outsourcing to US companies? The Department of Justice recently released a report singing the praises of the Patriot Act for helping the FBI crack down on terror suspects and child porn rings. But some of our neighbors to the north now want to know: Just how long is the arm of the law under the Patriot Act? The British Columbia Office of Information and Privacy Commissioner has requested comment on whether US authorities can use section 215 of the Patriot Act to obtain personal information outsourced for data processing to Canadian affiliates of US companies. The Privacy Commissioner also wants to know what the Patriot Act’s implications are for BC public bodies -- government entities required under the BC Freedom of Information and Protection Act (FOIPP) to protect personal information in its custody or control. For now, at least, the BC government seems to be alone in harboring these concerns, but the issue could feed on Canadian dislike of Bush Administration policies in the war on terror.

CT RULES ON eBAY LIABILITY FOR DEFAMATORY USER POSTINGS (BNA’s Internet Law News, 23 July 2004) -- A California appellate court has ruled that a release provision in eBay’s user agreement relieved the company of liability for the allegedly defamatory comments made by one of its users against another user. The court added, however, that the law would not protect eBay for distributing information that it knew or had reason to believe was false thus leading to a likely appeal to the California Supreme Court. Case name is Grace v. eBay. Coverage at Decision at

REPORT FAULTS CYBER-SECURITY (WashingtonPost, 23 July 2004) -- The Department of Homeland Security’s efforts to battle computer-network and Internet attacks by hackers and other cyber-criminals suffer from a lack of coordination, poor communication and a failure to set priorities, according to an internal report released yesterday. The report, by the department’s inspector general, said the shortcomings of the National Cyber Security Division leave the country vulnerable to more than mere inconvenience to businesses and consumers. The division “must address these issues to reduce the risk that the critical infrastructure may fail due to cyber attacks,” the report said. “The resulting widespread disruption of essential services after a cyber attack could delay the notification of emergency services, damage our economy and put public safety at risk.” Among the report’s recommendations is that the division develop a process for overseeing efforts of federal, state and local governments to better protect their systems. The report cited progress in some areas since the division was formed in June 2003 as part of the federal reorganization that created the DHS. It praised the creation of a cyber-security coordination center called US-CERT, and an alert system that includes a Web site and automated notification to tech-security professionals of security threats making their way through cyberspace. But the report comes at a time of heightened frustration among technology company executives and members of Congress that cyber-security is not getting enough attention and is poorly understood by some senior department officials. The issue is not just the possibility of a broad cyber-terrorist attack, those people say, but the daily attacks that are costing U.S. businesses and computer users hundreds of millions of dollars a year and countless hours of lost productivity.

MOVEON MOVES UP IN THE WORLD (Wired, 26 July 2004) -- It’s the stuff of political legend. In 1998, appalled by Congress’ drawn-out, taxpayer-funded preoccupation with protein stains on a Gap dress, Joan Blades and Wes Boyd wanted to send a message to Congress to censure the president already and move on. They sensed that other people might feel the same way, so they built a website and sent e-mail to about 100 friends asking them to sign an online petition to send to Congress. Within a week 100,000 people responded. Eventually, the number grew to half a million. Thus a national movement was born. “That was the key moment for them,” said Joe Trippi, former campaign manager for one-time presidential candidate Howard Dean, whose online campaign techniques were inspired by MoveOn’s success. “But they’ve had many moments since.” From that petition six years ago, has become a powerhouse, grass-roots organization that has helped re-energize politics in the United States and force Washington lawmakers to pay attention to voices outside the capital beltway. Today, with no office and no formal organization other than a website and a handful of staff members spread around the country, MoveOn has amassed more than 2 million members and raised millions of dollars for candidates. In addition to igniting the populist-fueled Dean campaign, MoveOn has helped elect congressional representatives who are in alignment with members’ values and who pass legislation on Capitol Hill. They’ve committed to raising $50 million this season to support more candidates. And that’s just the beginning. Last week, the organization filed a complaint with the Federal Trade Commission accusing Fox News of false advertising under its “fair and balanced” slogan. They’ve sponsored a TV ad to get Secretary of Defense Donald Rumsfeld fired. And now they’re addressing electronic voting machines, asking the government to require a voter-verified paper trail for digital voting machines. But MoveOn founders Blades and Boyd never intended to get involved in politics or take on Bill O’Reilly and George Bush. Blades, an attorney mediator, and Boyd, a computer programmer, met more than 20 years ago while playing soccer. The husband-and-wife team became known for flying toasters when, as founders of Berkeley Systems, they helped develop the After Dark screensavers, which included the Magritte-esque winged toasters that flew across thousands of computer screens in the early ‘90s.,1283,64340,00.html?tw=wn_tophead_2

FRENCH INTERNET PROVIDERS JOIN PIRACY CRACKDOWN (, 28 July 2004) -- French Internet service providers agreed Wednesday to cooperate in a crackdown against Web surfers who illegally download music online. In a government-backed charter also signed by record labels and musicians’ groups, France’s leading Internet companies agreed to pull the plug on pirates and step up cooperation with copyright prosecutions. The agreement was signed by representatives of Internet service providers Free, Noos, Club-Internet, Wanadoo and Tiscali France. Christine Levet, Club-Internet CEO and head of France’s Association of Internet Service Providers, stressed that companies like her own ``will cut subscriptions only upon the decision of a judge.” Nevertheless, the charter also calls on music copyright holders to launch and publicize ``targeted civil and criminal” court action against pirates by the end of the year. By agreeing to help in the crackdown on pirates, French Internet companies hope they can head off the need for tough legislation such as the 1998 Digital Millennium Copyright Act in the United States -- which holds service providers financially liable if they don’t immediately remove copyright material posted by their users when requested to do so.

DONATING YOUR SOCIAL SECURITY NUMBER TO SCIENCE (Steptoe & Johnson’s E-commerce Law Week, 24 July 2004) -- The Appellate Court of Illinois in Chicago has issued a decision that no privacy violation occurred when mobile phone service providers disclosed customer information -- including names, addresses, wireless telephone numbers, and Social Security numbers -- to a private research firm studying the possible link between wireless phones and cancer. Under Illinois law, the court found, this information is not considered private. Consumers may find this result unnerving, but companies may have reason to be cautiously optimistic. A court ruling that a Social Security number is not private has the potential to reduce the risk of wide ranging liability for companies under common law.

1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School,
2. Edupage,
3. SANS Newsbites,
4. NewsScan and Innovation,
5. Internet Law & Policy Forum,
6. BNA’s Internet Law News,
7. The Ifra Trend Report,
8. Crypto-Gram,
9. David Evan’s “Internet and Computer News”,
10. Readers’ submissions, and the editor’s discoveries.

PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.