!!!!! Program Announcement: 2ND INTERNATIONAL LAW AND TECHNOLOGY FORUM – (23-24 September 2004, at the Center for American and International Law in Plano, Texas). The Forum is designed for the ever-growing number of corporate counsel and outside lawyers in the U.S. and around the world whose practice requires expertise in evolving areas of technology law. A stellar faculty, including leading counsel from Google, Yahoo, Texas Instruments, IBM, Novell, Sun, Lucent, TDK, Acer, Taiwan Semiconductor and EDS, will share personal experience and practical advice for dealing with issues of technology funding and acquisition, outsourcing, government regulation of the Internet, antitrust, network security, records management and litigation in the digital age. The full program and registration information is online at http://www.cailaw.org/brochures/ILT%20Forum%20brochure.2004.pdf. For information about the Center's Institute for Law and Technology and the benefits of ILT membership, including tuition-free attendance at the Forum and related events, visit www.cailaw.org/ilt !!!!!
!!!!! Program Announcement: THE INTERNET AND THE LAW - A GLOBAL CONVERSATION – at the University of Ottawa on October 1-2, 2004. Bringing together leading academics from 16 countries, including Lawrence Lessig, David Post, Bernt Hugenholtz, Graham Greenleaf, and Ian Walden, the conference will explore comparative approaches to intellectual property law, e-commerce, Internet regulation, and developmental issues. The conference will begin in Ottawa on the evening of September 30, 2004 with the iCommons Canada launch party at which time the newly-ported Canadian version of the popular Creative Commons licence will be introduced to the public. The guest of honour at the celebration is Professor Lawrence Lessig of Stanford Law School, founder of Creative Commons. http://web5.uottawa.ca/techlaw/symposium.php?idnt=99&v=22 !!!!!
COMPANIES TAKE TOO LONG TO PATCH SOFTWARE FLAWS, EXEC SAYS (Computerworld, 29 July 2004) -- Companies are taking too long to patch critical internal vulnerabilities and are still struggling to protect systems against external attacks. That's according to Qualys Inc. CTO Gerhard Eschelbeck addressing the Black Hat conference in Las Vegas. He said the typical patching time or “half life” for critical internal vulnerabilities is 62 days, about 22 days more than the 40 he suggested companies should be aiming for. Eschelbeck also said that the time it took companies to patch against critical external vulnerabilities had improved in the last year from an average of 30 days to today's figure of 21 days, about the level of decrease experts predicted. That still means that many companies are doing worse than this. Exploits for vulnerabilities are also being more rapidly deployed, canceling out some of this gain. http://www.computerworld.com/printthis/2004/0,4814,94903,00.html [Editor: Companies whose patch practices are well below these norms may face liabilities for failure to conform to emerging, customary security practice?]
INCREASING THE STAKES FOR ELECTRONIC DOCUMENT RETENTION (Steptoe & Johnson’s E-Commerce Law Week, 31 July 2004) -- The growing importance of corporate electronic document retention policies has been apparent for some time. But the costs of failures to implement such policies have become much clearer as a result of two recent federal court decisions involving destruction of emails. On July 21, 2004, the District Court for the District of Columbia in United States v. Philip Morris issued a Memorandum Opinion and accompanying order imposing $2.75 million in sanctions against Philip Morris for destroying emails sought by the US government in its case against the cigarette maker. One day earlier, the District Court for the Southern District of New York in Zubulake v. UBS Warburg allowed adverse inferences against UBS Warburg for deleting emails it should have produced. http://www.steptoe.com/index.cfm?fuseaction=DspNewsDetails&id=3422&site_id=182
STUDY: LINUX MAY INFRINGE ON 283 PATENTS (Computerworld, 2 August 2004) -- A total of 283 registered software patents, including 27 held by Microsoft Corp., could be used as the basis of patent lawsuits against the Linux kernel, according to a study of U.S. software patents released today. The study was funded by Open Source Risk Management LLC (OSRM), a company that provides insurance against lawsuits related to the use of open-source products. It was conducted by patent attorney Dan Ravicher, executive director of the Public Patent Foundation and senior counsel to the Free Software Foundation. “There is a nontrivial risk of patents being asserted against Linux,” said Ravicher, who added that his findings shouldn't come as a great surprise given the broad scope of the Linux project. “The conclusion we came to is not that Linux is doomed and that this is horrible,” he said. “It's very similar to the result you would get if you investigated any other software program that's as successful as Linux.” Though a patent lawsuit relating to some piece of open-source software is “inevitable,” it is unlikely that Microsoft will be the company to launch such a suit, said Jeffrey Norman, a software lawyer at Kirkland & Ellis LLP in Chicago. “I don't know if it's going to be Microsoft,” he said. “There are some PR issues for Microsoft.” Because of their open nature, projects like the Linux kernel are more vulnerable than proprietary software to patent claims, Norman said. “It's much easier if you have a software patent to go through an open-source product and verify that your patent is there,” he said. But a larger problem is that in the relatively young craft of software development it's easy to come up with techniques that, while novel, should probably not be patentable, said Norman, who cited Amazon.com Inc.'s patent for one-click purchasing as an example of such a technique. “The novelty is not novelty with a capital N. You're not inventing the internal combustion engine,” he said. Norman was skeptical about the effectiveness of such a study, given the vastness of the code in the Linux kernel and the large number of software patents that have been issued. “I don't think that you could identify all of the patents that were possibly relevant to the Linux kernel,” he said. “The only way you could do it was if you were a kernel developer.” Ravicher's organization, the Public Patent Foundation, which claims that half of the patents issued by the U.S. Patent Office contain no innovation, is lobbying for reform of patent laws. Ravicher said that efforts like Grokline.net, an OSRM-sponsored effort to catalog the roots of the Unix operating system, could also protect open-source software from patent suits. http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,94986,00.html
-- and --
IBM: NO PATENT ATTACKS ON LINUX (IBM on Wednesday promised not to use its formidable collection of technology patents against Linux and challenged other companies to do the same, working to dispel one cloud that hangs over the open-source programming movement. The tech giant's announcement could relieve some who fear the legal threat of the computing industry's largest patent arsenal. But it doesn't address the more tangible danger that Microsoft, an avowed Linux enemy, could attack. Microsoft declined to comment for this story. But in April, the company's top lawyer said the software giant is willing “to work creatively” and to license its technology. However, patent licenses requiring royalty payments are prohibited for software governed by one major open-source license, the General Public License (GPL). http://news.com.com/IBM+pledges+no+patent+attacks+against+Linux/2100-7344_3-5296787.html?tag=nl
IN COMPETITIVE MOVE, I.B.M. PUTS CODE IN PUBLIC DOMAIN (New York Times, 3 August 2004) – IBM plans to announce today that it is contributing more than half a million lines of its software code, valued at $85 million, to an open source software group. The move is one of the largest transfers ever of proprietary code to free software, and I.B.M. is making the code contribution to try to help make it easier and more appealing for software developers to write applications in the Java programming language. The I.B.M. step is a competitive tactic, to be sure. The company is one of the leading supporters of the Java technology, which was originally developed by Sun Microsystems. The more Java applications that are written, the more potential uses there are for I.B.M.'s software platform that runs and manages those applications, known as WebSphere. I.B.M.'s WebSphere competes with Microsoft's software platform for handling applications, called .Net. And Microsoft has its own programming language, C#, which competes with Java. Other companies also offer Java-based software environments, but Microsoft sees WebSphere as its main rival. At a meeting with financial analysts last Thursday, Bill Gates, Microsoft's chairman, singled out WebSphere as the leading challenger to .Net. “Over the next few years, one of those will emerge as a better piece of software,” Mr. Gates said. I.B.M. is handing over the code for Cloudscape, a database written in Java, to an open source group, the Apache Software Foundation. Within the open source group, the database will be called Derby. The Apache organization is best known as the steward of the Apache Web server, which is the software that powers most Web sites, though it also oversees many open-source Java projects. In the open source model of development, the code is distributed free and programmers are free to modify and debug it, within certain rules. Apache will hold the licensing and intellectual property rights to the Cloudscape code. By transferring its technology into the public domain, Janet Perna, general manager for data management software at I.B.M., said, “We hope to spur the further development of the Java community.” The I.B.M. move, according to industry analysts, is further evidence of its support for open source software. The company has been a contributor of people, code and marketing dollars to 150 open source projects. Its biggest commitment has been to Linux, an open source operating system that is an alternative to the operating systems of two of I.B.M.'s leading rivals, Microsoft and Sun Microsystems. http://www.nytimes.com/2004/08/03/technology/03java.html?ex=1249185600&en=d8a20a8423b0b3e3&ei=5090&partner=rssuserland [Editor: current SCO/Linux lawsuits involve questions about IBM’s similar contribution of code (then, AIX code) to the open source community. Hopefully, IBM then and now has accurately assessed its rights effectively to make this contribution.]
ACLU SUES TO BLOCK MICHIGAN'S USE OF MATRIX DATABASE (SiliconValley.com, 3 August 2004) -- The American Civil Liberties Union and a former Michigan governor are suing to halt the Michigan State Police's participation in a multistate crime and terrorism database, saying the agency is illegally sharing information about individuals. The lawsuit against the federally funded Multistate Anti-Terrorism Information Exchange -- ``Matrix” for short -- was filed late Monday in Wayne County Circuit Court on behalf of the ACLU and three individuals, including former Republican Gov. William Milliken. The suit cites Michigan's Interstate Law Enforcement Intelligence Organizations Act, which Milliken signed in 1980. The Legislature passed the law after learning that Michigan police, during the 1960s and 1970s, developed and maintained files on hundreds of residents who had committed no crimes but were involved in civil rights and anti-war movements of the time. ``I signed this act into law in order to protect the privacy of individual citizens and, at the same time, provide law enforcement agencies with the tools they need,” said Milliken, who served from 1969 to 1983. ``Nearly 25 years later, the technology has changed, but the privacy rights of Michigan citizens remain the same.” http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9310994.htm
DVD-COPYING SOFTWARE COMPANY FOLDS (CNN, 4 August 2004) -- Against long odds and a movie industry with far deeper pockets, Robert Moore fought what he cast as a David-and-Goliath struggle over his company's software that let users copy DVDs or computer games. Hollywood and makers of computer games finally finished off 321 Studios Inc. on Tuesday, when Moore's once self-described “magnificent venture” quietly folded under the mounting weight of piracy-related lawsuits and unfriendly court orders. Still, an online civil liberties group argues, the fact that 321 sold a million copies of its DVD-cloning software suggests broad appeal for its arguments -- even to Congress -- that consumers should have the right to innocently make backup copies of their DVDs and computer games. http://edition.cnn.com/2004/TECH/biztech/08/04/copying.dvds.ap/index.html
FCC APPROVES LIMITED VIDEO WEB SHARING (L.A. Times, 4 august 2004) -- The Federal Communications Commission, over the objections of some Hollywood heavyweights, today approved a new generation of digital recorders from TiVo that allows consumers to record and send programs via the Internet to a limited number of other users. The commissioners voted to approve the application from TiVo and several other companies — including Microsoft and Sony — for new technologies and devices that would allow customers to send up to nine copies to other people, but prevent the unlimited distribution of copyrighted programs over the Internet, according to Reuters news service. TiVo's technology had been opposed by major entertainment industry groups, which feared that the technology would undermine demand for broadcast television and DVD sales. http://www.latimes.com/business/la-080404tivo_lat,1,1550977.story?coll=la-home-headlines
FEDS BACK WIRETAP RULES FOR INTERNET (CNET, 4 August 2004) -- Broadband providers and Internet phone services must comply with requirements designed for the traditional phone network, the Federal Communications Commission said in a preliminary decision Wednesday. The 5-0 vote by the FCC is a major step toward regulations designed to help police and spy agencies eavesdrop on all forms of high-speed Internet access, including cable modems, wireless, satellite and broadband over power lines. The vote comes five months after the FBI, the Drug Enforcement Administration and the Justice Department formally asked for guaranteed wiretapping access to broadband networks. If the FCC had done nothing, wiretaps would be possible but could be more difficult and time-consuming for police to carry out. http://news.com.com/Feds+back+wiretap+rules+for+Internet/2100-7352_3-5296417.html?tag=nefd.top
-- and --
FCC EXEMPTS HIGHER ED FROM CALEA (Chronicle of Higher Education, 13 August 2004, sub. req'd) -- The Federal Communications Commission (FCC) has issued a preliminary ruling that exempts colleges and universities from costly projects to reengineer computer networks to comply with the Communications Assistance for Law Enforcement Act (CALEA). CALEA requires telecom companies to build their networks in such a way that federal officials can eavesdrop on phone conversations and e-mail exchanges with proper authority, and some have called for the FCC to rule that CALEA should also cover computer networks that carry Voice over Internet Protocol (VoIP) telephone service. The FCC will not make a final decision on CALEA until late this fall, but in the meantime it has issued a ruling that identifies certain entities that would be exempt from CALEA for the purposes of VoIP phone service. Aside from higher education, exempted entities include libraries, hotels, and coffee shops. http://chronicle.com/prm/daily/2004/08/2004081301n.htm
STATES WARN FILE-SHARING NETWORKS (Washington Post, 5 August 2004) -- More than 40 state attorneys general are set to warn major peer-to-peer file-sharing networks that they may face enforcement actions if they do not take steps to stem illegal activity on the networks, such as the trading of child pornography and stolen movies and music. In a letter to the heads of Kazaa, Grokster, BearShare, Blubster, eDonkey2000, LimeWire and Streamcast Networks, the attorneys general write that peer-to-peer (P2P) software “has too many times been hijacked by those who use it for illegal purposes to which the vast majority of our consumers do not wish to be exposed.” The letter, which could be sent as early as today and was obtained yesterday by The Washington Post, is the first time state law enforcement officials have thrown their combined weight against the P2P networks, which allow free sharing of digital files -- movies, music, software, photos and so forth -- among millions of computer users. The letter does not threaten immediate or specific action against the networks, but it does say, “We will, as appropriate, continue to initiate such actions in the future to stop deceptive and illegal practices by users of the Internet, including users of P2P software” if the networks do not take “concrete and meaningful steps” to prevent illegal use of their networks. http://www.washingtonpost.com/wp-dyn/articles/A41012-2004Aug4.html?nav%3Drss_technology
FBI PUBLISHES COMPUTER CRIME AND SECURITY STATS (The Register, 5 August 2004) – Every year for the past nine years, the Computer Security Institute and the FBI undertake a computer crime and security survey among companies and institutions in the US. These surveys provide interesting insights into the level of computer crime being experienced by companies, as well as how they are responding to security breaches. Computer security has evolved from being purely the domain of IT resources to the point now where even the board of a company take an interest. This growing concern about security has come about as the internet has emerged to be a ubiquitous business tool. When the CSI and FBI started performing this survey in the mid-1990s, computer security concerns largely centred on technical issues such as encryption, access controls and intrusion detection systems. By 2004, the ninth annual survey indicates that companies are becoming more concerned with the economic, financial and risk management aspects of computer security in addition to the purely technical aspects. This indicates the greater importance that is being placed on security by senior management in organisations. Overall, the 2004 survey indicates that the frequency of successful attacks against corporate information systems is decreasing - and has been in steady decline since 2001. In fact, only 53 per cent of respondents indicated that they had experienced unauthorised use of their computational systems in the past year, which is the lowest level since 1999. Over the past year, there has been a dramatic drop in reports of system penetration, insider abuse and theft of intellectual property. Across respondents, there was also a fairly even split between reports of breaches coming from inside and outside of the organisation. This is a substantial change from last year's survey, when 80 per cent of respondents reported insider abuse of networks to be the most common form of attack or abuse and indicates that security implementations are having some level of success in stopping these attacks. For the first time, the survey asked respondents whether or not they conduct security audits of their information networks to look for vulnerabilities in a proactive manner. Whilst 82 per cent of respondents indicated that they do conduct such audits, that still leaves a sizeable 18 per cent of organisations that do not conduct this exercise - one of the most fundamental aspects of boosting the security of organisations. One further new area was examined in the 2004 computer crime and security survey - that of the impact of regulation, specifically Sarbanes-Oxley, on the information security activities of companies. Corporate governance has been on the lips of corporate executives for the past year, and high-profile court cases have begun to hand out strict jail terms for transgressors. But, surprisingly, only among executives from the financial services, utilities and telecommunication industries did the majority state that Sarbanes-Oxley had affected their information security activities. http://www.theregister.co.uk/2004/08/05/fbi_security_stats/print.html
FED UP HOSPITALS DEFY PATCHING RULES (NetworkWorld, 9 August 2004) -- Amid growing worries that Windows-based medical systems will endanger patients if Microsoft-issued security patches are not applied, hospitals are rebelling against restrictions from device manufacturers that have delayed or prevented such updates. Moreover, the U.S. Food and Drug Administration (FDA) is encouraging the aggrieved hospitals to file written complaints against the manufacturers, which could result in devices losing their government seal of approval. Device makers such as GE Medical Systems, Philips Medical Systems and Agfa say it typically takes months to test Microsoft patches because they could break the medical systems to which they're applied. In some instances, vendors won't authorize patch updates at all. Angry hospital IT executives who say they can't ignore the risks from computer worms and hackers getting into unpatched Windows-based devices are taking matters into their own hands by applying the patches themselves. “When Microsoft recommends we apply a critical patch, the vendors have come back and said 'We won't support you,'“ says Dave McClain, information systems security manager at Community Health Network in Indianapolis. So the hospital has gone ahead and applied critical Microsoft patches to vulnerable patient-care systems when vendors wouldn't, McClain says. The hospital views the failure to apply patches as a possible violation of the federal Health Insurance Portability and Accountability Act (HIPAA). “We have HIPAA regulatory issues, and you can't hold us back from compliance,” he says. http://www.nwfusion.com/news/2004/080904patchfights.html?ts
COURT RULES HYPERLINKS DO NOT CREATE SOURCE CONFUSION (BNA’s Internet Law News, 10 August 2004) -- A federal court in New York has ruled that the appearance on a website of links to another site “will not lead a web-user to conclude that the owner of the site he is visiting is associated with the owner of the linked site.” The case involved a trademark suit by an investment website against a frequent critic. Case name is Knight-McConnel v. Cummins.
OECD RELEASES FINAL VERSION OF E-SIGNATURE SURVEY (BNA’s Internet Law News, 10 August 2004) -- The OECD has released the final version of its survey of legal and policy frameworks for electronic authentication services and electronic signatures in member countries. Survey report at http://www.olis.oecd.org/olis/2003doc.nsf/LinkTo/dsti-iccp-reg(2003)9-final
HIZBOLLAH SAYS WEB SITES SHUT BY U.S., BRITISH HOSTS (Reuters, 12 August 2004) -- Two Hizbollah Internet sites have been shut down in recent days by hosts in the United States and Britain, which both accuse the Lebanese guerrilla group of “terrorist” activities, Hizbollah said on Thursday. “These are legal measures American and British firms are taking against our sites,” a Hizbollah official responsible for the group's Internet sites told Reuters. “Our hosts closed them down because of accusations related to terrorism.” He did not give the name of the hosts and it was not possible to independently verify who had closed down the sites. He said Hizbollah, which Washington blames for 1983 attacks against the U.S. marine barracks and embassy that killed scores of people, was looking for new hosts and hoped to have www.hizbullah.org and www.hizbullah.tv back online within days. “These sorts of legal measures have been happening for a while now. Every so often our sites get closed. This time it was two sites at once,” he said. http://story.news.yahoo.com/news?tmpl=story&cid=582&e=3&u=/nm/20040812/wr_nm/lebanon_hizbollah_website_dc
-- and --
INTERNET VIRTUAL CLASSROOM FOR AL QAEDA SUPPORTER (Reuters, 12 August 2004) -- Al Qaeda has turned the Internet into a virtual classroom for its supporters around the world after U.S. troops drove Osama bin Laden's followers from training bases in Afghanistan, security experts say. The Internet played a key role in al Qaeda's planning and coordinating for the Sept. 11, 2001, attacks on U.S. landmarks. In the years since, the Web has taken on an even greater role in recruiting, spreading fear and propaganda, and executing attacks, according to the security experts. “The Internet is even more dangerous than it was in the past,” said Rita Katz, director of the SITE Institute, in a telephone interview from Washington. “Whatever you had in Afghanistan in the training camps, you have today on the Internet,” said Katz, whose nonprofit organization tracks militant Islamic sites and counts the U.S. government and major U.S. corporations among its clients. “Some of the manuals (posted on the Web) are the actual manuals from Afghanistan ... some written by Saif al-Adel, one of the most wanted military commanders of (Al Qaeda) who has not been captured. He's on the FBI (news - web sites) most-wanted list,” she said. A recent posting detailed how to use a mobile phone in a bomb attack, a method used to kill 191 people in march in coordinated blasts on Madrid commuter trains. http://story.news.yahoo.com/news?tmpl=story&cid=586&e=4&u=/nm/20040812/wl_nm/security_internet_alqaeda_dc
SITE PUTS CUSTOMERS' PHOTOS ON STAMPS (CNET, 12 August 2004) -- With PhotoStamps, people can convert digital photos, designs and images into valid U.S. postage. Stamps.com said this week it has recently received authorization from the U.S. Postal Service to market the service for a trial period. To place orders for customized postage stamps, customers can log on to the company's site, upload a photograph or image, select border colors and choose a value for the postage. Customers can buy a PhotoStamp with a value of 23 cents to $3.85, the online postage service provider said. The customized stamps, in sheets of 20, will be delivered via U.S. mail in a few business days. This isn't the first time customers have been allowed to design their own stamps. Two years ago, the postal service allowed printing of stamps from personal computers on special watermarked paper using software marketed by Stamps.com. http://news.com.com/Net+service+puts+customers%27+photos+on+stamps/2100-1038_3-5306906.html?tag=nefd.top
JUSTICE ISSUES GUIDELINES FOR HANDLING DIGITAL EVIDENCE (Government Coomputer News, 16 August 2004) -- The Justice Department’s National Institute of Justice has published the second in a series of guidelines for IT crime investigations. “Forensic Examination of Digital Evidence: A Guide for Law Enforcement” was created at the agency’s request by the National Institute of Standards and Technology. It outlines techniques for extracting digital data while preserving its integrity. Computers and other digital media are increasingly important sources of evidence in criminal investigations. The challenge for investigators in the courtroom “is the demonstration that the particular electronic media contained the incriminating evidence,” the guide says. Because digital data is easily altered and it is difficult to distinguish between original data and copies, extracting, securing and documenting digital evidence requires special attention. The guidelines lay out the following general principles for handling digital evidence:
• The process of collecting digital evidence should not alter it or raise questions about its integrity.
• Examination of digital evidence should be done by trained personnel.
• All actions in processing the evidence should be documented and preserved for review.
• Examination should be conducted on a copy of the original evidence. The original should be preserved intact.
The guidelines are not a mandate or official policy, but represent the consensus of a working group of computer forensics experts convened by NIST’s Office of Law Enforcement Standards. The procedures may need to be adjusted according to circumstances of each investigation and to comply with local laws and rules of evidence. http://www.gcn.com/vol1_no1/daily-updates/26961-1.html
IT'S JUST THE 'internet' NOW (Wired, 16 August 2004) -- Effective with this sentence, Wired News will no longer capitalize the “I” in internet. At the same time, Web becomes web and Net becomes net. Why? The simple answer is because there is no earthly reason to capitalize any of these words. Actually, there never was.
http://www.wired.com/news/culture/0,1284,64596,00.html?tw=wn_tophead_5 [Editor: Finally.]
-- and --
REPRISING A WAR WITH WORDS (WashingtonPost, 17 August 2004) -- Earlier this month, President Bush was almost done with a speech to a group of minority journalists when he dropped a rather startling proposal. “We actually misnamed the war on terror,” he said. “It ought to be the Struggle Against Ideological Extremists Who Do Not Believe in Free Societies Who Happen to Use Terror as a Weapon to Try to Shake the Conscience of the Free World.” Or, if you prefer to abbreviate, SAIEWDNBIFSWHTUTAAWTTTSTCOTFW. http://www.washingtonpost.com/wp-dyn/articles/A6375-2004Aug16.html [Editor: Sorry; I couldn’t resist.]
CRYPTO RESEARCHERS ABUZZ OVER FLAWS (CNET, 17 August 2004) -- The excitement began Thursday with an announcement that French computer scientist Antoine Joux had uncovered a flaw in a popular algorithm called MD5, often used with digital signatures. Then four Chinese researchers released a paper that reported a way to circumvent MD5 and other algorithms. While their results are preliminary, these discoveries could eventually make it easier for intruders to insert undetectable back doors into computer code or to forge an electronic signature--unless a different, more secure algorithm is used. A third announcement, which was even more anticipated, took place Tuesday evening at the Crypto 2004 conference in Santa Barbara, Calif. The other papers also were presented at the conference. Eli Biham and Rafi Chen, researchers at the Technion institute in Israel, originally were scheduled to present a paper identifying ways to assail the security in the SHA-0 “Secure Hash Algorithm,” which was known to have imperfections. In a presentation Tuesday evening, however, Biham reported some early work toward identifying vulnerabilities in the SHA-1 algorithm, which is believed to be secure. http://news.com.com/Crypto+researchers+abuzz+over+flaws/2100-1002_3-5313655.html?tag=nefd.lede
OLYMPIC ATHLETES LARGELY BARRED FROM POSTING ONLINE DIARIES (SiliconValley.com, 19 August 2004) -- Athletes may be the center of attention at the Olympic Games, but don't expect to hear directly from them online -- or see snapshots or video they've taken. The International Olympic Committee is barring competitors, as well as coaches, support personnel and other officials, from writing firsthand accounts for news and other Web sites. An exception is if an athlete has a personal Web site that they did not set up specifically for the Games. The IOC's rationale for the restrictions is that athletes and their coaches should not serve as journalists -- and that the interests of broadcast rightsholders and accredited media come first. Participants in the games may respond to written questions from reporters or participate in online chat sessions -- akin to a face-to-face or telephone interview -- but they may not post journals or online diaries, blogs in Internet parlance, until the Games end Aug. 29. http://www.siliconvalley.com/mld/siliconvalley/news/editorial/9445119.htm
-- and --
ATHENS 2004 WEBSITE RESTRICTIONS SPARK LEGAL DEBATE (Globe & Mail.com, 20 August 2004) -- Olympic organizers in Athens seeking to control which websites can link to the official Games site have detailed a procedure that runs roughshod over the free-linking foundation of the Internet, legal observers say. According to the “hyperlink policy” listed on the Athens 2004 site, anyone wanting to post a link must first send a request that includes a description of their site, reason for linking and length of period it will be published. Howard Knopf, a Canadian trademark lawyer who is now director for the Center of Intellectual Property Law at Chicago's John Marshall Law School, said organizers have no legal authority to prevent people from simply linking to the website. “If they leave their website open, it's like a public park, people are free to walk in it, and a link is just the most efficient way to get there,” he said. The hyperlink policy, which also strictly regulates the text and graphic of a link, is another example of Olympic organizers aggressively protecting the Olympic trademark. “Of course, normally, you can link wherever you want. We're just asking people to respect the rules,” said Christina Fotinopoulou, Internet content manager for Athens 2004. http://www.theglobeandmail.com/servlet/story/RTGAM.20040820.gtrolym20/BNStory/
IBM GOES FOR SCO JUGULAR IN TEST OF GPL VALIDITY (DesktopLinux.com, 19 August 2004) -- IBM has turned the tables on SCO in a maneuver that could provide the first major legal test of the GNU General Public License (GPL), and which could leave SCO all but unable to continue selling and supporting products based on Linux and Unix. In a motion for partial summary judgment filed August 16 in a Utah court, IBM asserts that SCO lost its right to distribute GPL code, including 16 packages copyrighted to IBM, when it “renounced, disclaimed, and breached” the GPL. Should the IBM motion succeed, SCO's ability to do business in the computer industry would be drastically curtailed, given the large amount of software not only in Linux but also in Unix that is now licensed under the GPL. According to the IBM filing, “The GPL and LGPL provide that a person may rely on the GPL or LGPL as a license or grant of permission ... only if the person abides by the terms of the GPL or LGPL.” The IBM filing goes on to assert that SCO failed to abide by the terms of the GPL when it “repudiated and disclaimed” the GPL, claiming the GPL (IBM quoting SCO, here) “is unenforceable, void and/or voidable” and “violates the U.S. Constitution, together with copyright, antitrust and export control laws.” IBM further asserts that SCO breached the GPL “at least as early as May 2003 and thus... automatically lost any rights it might have had under the GPL and LGPL to copy and distribute the IBM Copyrighted Works.” Specifically, IBM asserts that SCO violated the GPL when it attempted to collect royalties or licensing fees for the use of Linux (see this article for a brief history of SCO's efforts to extract royalties from Linux users, including embedded Linux users). According to IBM, in a memorandum in support of its motion, the GPL expressly forbids a person distributing GPL code from adding “further restrictions” such as royalties or licensing fees, except for the “physical act of transferring a copy” -- reproduction fees, in other words. Despite its attacks on and violations of the GPL, SCO continued to distribute products such as its SCO Linux 4.0 that included IBM copyrighted software (among many other GPL- and LGPL-licensed packages), offering the products for public download from its Internet site as recently as August 4 of this year, according to IBM. The IBM memo sums up the case neatly in this sentence: “By its breaches of the GPL and LGPL, SCO has forfeited any protection against claims of copyright infringement that it may have enjoyed by virtue of the GPL or LGPL.” http://www.desktoplinux.com/news/NS6706934692.html
LEGAL VICTORY FOR FILE SHARING (L.A. Times, 20 August 2004) -- Three years after it effectively shut down Napster for music piracy, a federal appeals court Thursday blessed a new generation of online file-sharing networks and scolded the entertainment industry for trying to stretch copyright law to thwart innovation. The decision by a three-judge panel of the 9th Circuit Court of Appeals was a defeat for major record labels and Hollywood studios, which fear that runaway online piracy of songs and movies could destroy their businesses. And it was a victory for developers of rapidly evolving technologies that are changing how people get their entertainment. The battle over file sharing is now likely to shift to Washington. Congress is considering a bill that would crack down on the companies making the software used by millions to copy music, movies and games over the Internet. What's more, if the entertainment industry appeals the decision, the U.S. Supreme Court could revisit its landmark Sony Betamax ruling, which protects from copyright lawsuits products that have substantial legitimate uses. The 9th Circuit panel relied on that 1984 ruling in unanimously affirming a lower-court decision issued last year that the companies behind the Grokster and Morpheus networks don't violate copyright law, even though many of the people who use the networks do. http://www.latimes.com/technology/la-fi-grokster20aug20,1,7512636.story and http://news.com.com/2100-1032_3-5316570.html Opinion at http://www.techlawjournal.com/courts2001/mgm_grokster/20040819.pdf
SENATOR? TERRORIST? A WATCH LIST STOPS KENNEDY AT AIRPORT (New York Times, 20 August 2004) -- The meeting had all the hallmarks of an ordinary Congressional hearing. There was Senator Edward M. Kennedy, Democrat of Massachusetts, discussing the problems faced by ordinary citizens mistakenly placed on terrorist watch lists. Then, to the astonishment of the crowd attending a Senate Judiciary Committee hearing on Thursday, Mr. Kennedy offered himself up as Exhibit A. Between March 1 and April 6, airline agents tried to block Mr. Kennedy from boarding airplanes on five occasions because his name resembled an alias used by a suspected terrorist who had been barred from flying on airlines in the United States, his aides and government officials said. Instead of acknowledging the craggy-faced, silver-haired septuagenarian as the Congressional leader whose face has flashed across the nation's television sets for decades, the airline agents acted as if they had stumbled across a fanatic who might blow up an American airplane. Mr. Kennedy said they refused to give him his ticket. http://www.nytimes.com/2004/08/20/national/20flight.html?ex=1250654400&en=f0c8707234bed6fb&ei=5090&partner=rssuserland
MOVEON.ORG SUBSCRIBERS EXPOSED (CNET, 20 August 2004) -- Subscribers to MoveOn.org's mailing lists may have found their interest in the anti-Bush political site a matter of public record. A Web page misconfiguration left dozens of the liberal political group's subscriber pages easily searchable through simple Google queries. Each page included a subscriber's name, e-mail address and the mailing lists to which he or she is subscribed. CNET News.com confirmed that several related searches turned up more than two dozen individual subscriber pages. “This is extremely disturbing,” said one subscriber, when contacted through e-mail. The subscriber asked that his or her name not be used. “I'm not sure if I should be worried or not, but I am,” the person said. The subscriber Web pages linked member's names with interests in various topics, “Distortion of evidence” for one, and, for another, Errol Morris, the director of the documentary “The Fog of War,” which won the Oscar for its portrayal of the life of Vietnam era Secretary of Defense Robert McNamara. MoveOn.org fixed the problem on its site after being contacted by a member. The search results on Google now redirect people to MoveOn.org's front page. The organization is implementing further changes to protect the user information. The information leak is the latest version of “Google hacking,” using the search engine's advanced features to find data leaked by Web sites. Earlier this month, security researchers found a way to use the search engine to find lists of credit card numbers, along with card holder information, that had been posted online by traders of illicit financial information. http://news.com.com/Moveon.org+subscribers+exposed/2100-1029_3-5318799.html?tag=nefd.top
APPEALS COURT RULES AGAINST YAHOO IN FRENCH CASE (Reuters, 23 August 2004) -- A federal appeals court rejected on Monday an effort by Yahoo Inc. to have U.S. courts step into a battle over the sale of Nazi paraphernalia in France. Judges on the Ninth Circuit Court of Appeals in San Francisco reversed an earlier U.S. District Court decision favoring Yahoo. They held that the lower court did not have jurisdiction over two French groups that have worked to halt auctions of Nazi-related items on Yahoo's Internet site. In May 2000, a French court granted the groups' request and ordered Yahoo to prohibit access to Nazi-related items and to destroy related messages, images and literature on its auction site. Yahoo was also subject to fines for noncompliance. Yahoo's French subsidiary, at www.yahoo.fr, now removes all Nazi material from its site in accordance with French law. The U.S. Yahoo Web site continues to auction Nazi items such as stamps and coins, and to host Nazi and anti-Semitic-themed discussion groups. In December 2000, Yahoo sued in the Northern District Court of California, asking the court to declare the French court's orders “not recognizable or enforceable in the United States.” It later said that the French court's orders were in violation of the First Amendment. The French groups, which never sought to enforce the order in the United States, countered that the district court lacked jurisdiction over them. U.S. District Judge Jeremy Fogel eventually granted summary judgment in favor of Yahoo, holding that there was an actual controversy causing a real and immediate threat to Yahoo and that the enforcement of the French orders in the United States would violate the First Amendment. The following day, the court declared the French court orders unenforceable in the United States. On Monday, however, a three-judge panel at the Ninth Circuit ruled 2-1 to reverse that decision, finding that the district court did not have the authority to hear the case involving the defendants. “Yahoo was hoping to get a precedent-setting case that you sue an American company at your peril,” said attorney Richard Jones, of Covington & Burling in San Francisco, who represented the French organizations. http://story.news.yahoo.com/news?tmpl=story&cid=582&e=3&u=/nm/20040824/wr_nm/tech_yahoo_nazi_dc
MICROSOFT QUITS U.N. STANDARDS GROUP (New York Times, 24 August 2004) -- Microsoft on Monday withdrew from a United Nations software standards group for commerce, citing “business reasons.” Earlier this year, Microsoft's participation had created controversy within the group, which is attempting to define standards for creating a new generation of Internet services to automate buying and selling through networks of computers. Advocates of proprietary and open approaches to software technology standards had clashed within the organization, which is known as the United Nations Center for Trade Facilitation and Electronic Business, or U.N./Cefact. Microsoft, a maker of proprietary software, opposes the use of open-source software, which is freely shared. But Microsoft's withdrawal on Monday apparently was not directly related to the earlier controversy, according to several industry representatives. Rather, they said, it stemmed from a set of thorny issues over control of intellectual property that is being contributed to the standards-setting effort. Two people who participate in the standards group said that several U.S. and European companies were concerned about guidelines regarding intellectual property rights that are in effect within the group. The guidelines would force corporations that contribute technology to indemnify the United Nations against potential challenges involving intellectual-property claims. At a meeting of the U.N. group in May, the general counsel for SAP, the German business software company, announced that his company would suspend all participation in the organization until the intellectual-property issues had been settled. The dispute parallels issues raised in a lawsuit brought in the United States by the SCO Group, a software company, against IBM. SCO has accused IBM of illegally placing software owned by SCO into the Linux open-source operating system.http://news.com.com/Microsoft+quits+U.N.+standards+group/2100-1013_3-5321782.html?tag=nefd.top
E-VOTE MACHINE CERTIFICATION CRITICIZED (AP, 23 August 2004) -- The three companies that certify the nation's voting technologies operate in secrecy, and refuse to discuss flaws in the ATM-like machines to be used by nearly one in three voters in November. Despite concerns over whether the so-called touchscreen machines can be trusted, the testing companies won't say publicly if they have encountered shoddy workmanship. They say they are committed to secrecy in their contracts with the voting machines' makers - even though tax money ultimately buys or leases the machines. “I find it grotesque that an organization charged with such a heavy responsibility feels no obligation to explain to anyone what it is doing,” Michael Shamos, a Carnegie Mellon computer scientist and electronic voting expert, told lawmakers in Washington, D.C. The system for “testing and certifying voting equipment in this country is not only broken, but is virtually nonexistent,” Shamos added. Although up to 50 million Americans are expected to vote on touchscreen machines on Nov. 2, federal regulators have virtually no oversight over testing of the technology. The certification process, in part because the voting machine companies pay for it, is described as obsolete by those charged with overseeing it. The testing firms - CIBER and Wyle Laboratories in Huntsville and SysTest Labs in Denver - are also inadequately equipped, some critics contend. Federal regulations specify that every voting system used must be validated by a tester. Yet it has taken more than a year to gain approval for some election software and hardware, leading some states to either do their own testing or order uncertified equipment. http://hosted.ap.org/dynamic/stories/E/E_VOTING_LABS?SITE=FLTAM&SECTION=HOME&TEMPLATE=DEFAULT
1. The Filter, a publication of the Berkman Center for Internet & Society at Harvard Law School, http://cyber.law.harvard.edu.
2. Edupage, http://www.educause.edu/pub/edupage/edupage.html.
3. SANS Newsbites, email@example.com.
4. NewsScan and Innovation, http://www.newsscan.com.
5. Internet Law & Policy Forum, http://www.ilpf.org.
6. BNA’s Internet Law News, http://ecommercecenter.bna.com.
7. The Ifra Trend Report, http://www.ifra.com/website/ifra.nsf/html/ITR-HTML.
8. Crypto-Gram, http://www.schneier.com/crypto-gram.html.
9. David Evan’s “Internet and Computer News”, http://www.abanet.org/scripts/listcommands.jsp?parm=subscribe/at-internet
10. Readers’ submissions, and the editor’s discoveries.
PRIVACY NOTICE: E-mail addresses of individuals who subscribe to this periodic e-newsletter by sending email to Vince Polley with “MIRLN” in the subject line are kept by Vince Polley; this listing will not be provided to any other persons.